In few instances memory allocated dynamically, but
its not freed after usage.
free the allocated space after usage.
CRs-Fixed: 2041467
Change-Id: Iae551cd3acbb6bc2618f05cfdc33e4f742d63192
Fix crash due to race condition between MC thread and shutdown
sequence worker thread by moving IPA SSR deinit after MC thread
shutdown.
Change-Id: Id9ee6de5b176e302f865ab959aca29fb708dd6bc
CRs-fixed: 2071804
It is better to follow 2 stage sequence for NAN as well like
1) open adapter 2) start adapter (sme_open_session). Since that
is not possible making hdd_init_nan_data_mode happens at the end
when all adapters registered.
Change-Id: Ib67a8f8e9ee5546a77d90d04f0a69a2a5a739e4d
CRs-Fixed: 2049177
Gcc 6 introduces some stricter checking for indentation,
causing warnings of misleading-indentation, which are
treated as build errors when drivers are compiled.
Fix all the identation warnings under qcacld-3.0.
Change-Id: Ie197761cfe4334ab14d593adebc56375372ba37c
CRs-Fixed: 2058158
Add below changes to support SSR within SSR,
1.Add new driver state, CDS_DRIVER_STATE_BAD, which will be set
on re-init failure and reset on re-init success and if this
state is set, don't allow any north-bound calls.
2.Don't de-register wiphy/netdev on re-init failure.
3.BUG_ON if re-init or probe fails successively for two times.
4.During driver unload, don't wait for SSR to be completed.
Change-Id: Id05a3e4b592664c9b56c7dd83b965b973f1d5ca5
CRs-Fixed: 2037628
Supplicant reports ACS failed, if driver indicates invalid ht_sec_ch.
Do not assign ht_sec_ch with sec_ch_offset, because they are not the
same thing.
Change-Id: I8fb2a42973b67bb045d385b1fd90ee32917450ea
CRs-Fixed: 2067092
Program num tx chains for 11abg FW via pdev params. This will
help enhance power save in firmware.
Change-Id: I1f5815f2914f65928f8f3d72e53d409ecf6d1fe7
CRs-Fixed: 2056531
Restart SAP(P2P_GO) only if ini parameter, sap_restart_on_ch_avoid,
is set. By default its enabled.
Change-Id: I0aee79ba2d5e0cfa8a7b0c7b1901c61614944338
CRs-Fixed: 2023854
Presently, STOP Driver command is not handled in driver
as interface down will takes care to close the modules
if there are no more interfaces up. But when framework
issues this command, it's going to bad state as driver
returns failure.
To mitigate this issue return SUCCESS for STOP DRIVER command.
Change-Id: I47e6898109a35e3194c18645c932c5b2cf5a73c8
CRs-Fixed: 2006563
In some scenarios like, driver rmmod or on terminating hostapd or
on terminating dataservice process, driver receives directly STOP_AP
indication without DEl_STA indication from upper-layer, leading to
cleanup of stations connected to SAP won’t happen within driver.
To mitigate this issue call DEL_STA within driver on receiving
STOP_AP indication.
Change-Id: I7050f1788c1fa9a9ede190874a5d494f896abfff
CRs-Fixed: 2010222
Presently, on receiving new MC address list, Host is just updating
MC address list and sending same to FW, without clearing previously
configured MC address list. This may lead to MC address list not to
be cleanly configured in FW.
Before configuring new address, clear previously configured MC
address list.
Change-Id: Ia0c79099d248c3d992b9fa420d46c1464229b03a
CRs-Fixed: 2009368
The McastBcastFilter configuration item is not being used, and support
is being dropped from the driver. Remove the McastBcastFilter setting
feature from the driver.
Change-Id: I6fc0e48e31c01ba2df73c51b3fd9ec2a84571541
CRs-Fixed: 2045284
Currently there is no nl policy defined for vendor sub command
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX which may result in
buffer overread error.
To resolve this, add nl policy.
Change-Id: Ib5d3c34dbcec29a98766753efc4e9c4ecf748c2e
CRs-Fixed: 2054693
wlan_hdd_cfg80211_set_key_wapi() and sme_roam_set_key() prints
key information in default host logs.
Fix to remove debug logs which prints sensitive key information.
Change-Id: Ib71da962761f9b6b5fd8ba214676b649529bcaa7
CRs-Fixed: 2058305
In hdd state ctrl API buf used beyond its size.
Increase buf size to 3 to get rid of buffer over flow.
CRs-fixed: 2029584
Change-Id: Ie353d449f167bee05833841350d61dc0935786fc
qcacld-2.0 to qcacld-3.0 Propagation.
improper validation of
QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE
results in assigning an unchecked user-controller value.
This can lead to buffer overflow.
validate QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE.
CRs-Fixed: 2056253
Change-Id: I7c33b6d78054672e9effbe9100c29e5604c250c6
Currently in __hdd_cfg80211_get_station_cmd there are two
attributes which are not properly validated.
Define an appropriate nla_policy and specify this policy when
invoking nla_parse().
CRs-Fixed: 2054741
Change-Id: I36e12f001b05069c8e06adb1f264392232b13bfb
qcacld-2.0 to qcacld-3.0 Propagation.
In get oui ie command API, ie pointer read out
of boundary.
Return NULL if ie length is less than oui size.
CRs-Fixed: 2053002
Change-Id: I13375d3bfa472eda25d8d6191431dd1f79bf5842
Currently in case of HDD interface change timeout call back
disabling of IPA WDI pipes is not handled and only disconnect
is called. As a result disconnect fails because IPA driver
expects suspend and disable before disconnect. In this change
disable IPA pipes before doing disconnect.
Change-Id: I5ddf222730d57b39ba15bd5923c22d585eb52b08
CRs-Fixed: 2047110
When platform driver initiates wlan driver remove, driver state
is set to unloading but it is not cleared on successful driver
remove, leading unload bit to be set forever and thereby host
returns failure for all north bound requests, though driver is
loaded successfully after this scenario.
After wlan driver is removed, clear the driver unload bit, so
that on next successful driver load, host can process north
bound requests.
Change-Id: I600705b340a824bcaa524e2ed981ad35943fb5cd
CRs-Fixed: 1113037
Move the log messages to appropriate log levels so that
the console does not get a huge spam of unnecessary logs
Change-Id: Ie58b45078ad8b4732d7b84bfb77261396bd5862a
CRs-Fixed: 2043741
Currently there are multiple cfg80211 vendor commands where MAC
address attributes are defined in a nla_policy table with a type of
NLA_UNSPEC but without a minimum length. Add the proper minimum length
to avoid buffer overread.
Change-Id: I11ff2bd813dc4e6784a7cdee66a0c10ca0e69fcf
CRs-Fixed: 2062140
Presently the logging thread is not destroyed if the driver is unloaded
in the FTM mode leading to accessing to invalid memory location once
the wlan driver is unloaded.
Destroy the logging thread irrespective of the device mode during
the unload of the driver.
CRs-Fixed: 2040566
Change-Id: I1a97acffa5fb292ac9d355d6a95e6fc253fc833a
During initializing station mode, the array holding STA IDs are
not set to HDD_WLAN_INVALID_STA_ID(0xFF), leading STA IDs to hold
a valid data, though there no connections.
Set array holding STA IDs with HDD_WLAN_INVALID_STA_ID, to make
STA IDs holding invalid data.
Change-Id: I12167e83bebe0380520676c194f11cd4848330cf
CRs-Fixed: 2053816
Change number of dropped packet before kickout threshold to max
theoretical value of 65535.
Change-Id: I9b29e704460cfabdc346cda7ab4bc5f01ad5ea98
CRs-Fixed: 2029453
Currently the QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR nla_policy specifies
a type of NLA_STRING, but the underlying implementation expects a
NUL-terminated string. Update the policy to correctly use a type of
NLA_NUL_STRING with the len updated to remove the allocation needed
for the terminating NUL.
Change-Id: Ic73241511ab73ae63fd7c1a8d6422da91931919c
CRs-Fixed: 2062141
As part of the support for the FIPS certification feature add the
HDD infrastructure.
Change-Id: I76a545c42b10a662db04b5994de100c713a46c59
CRs-Fixed: 2065002
Fix static analyze issues which cause is may dereference NULL
pointer, adding NULL pointer check or using already checked pointer.
Change-Id: Ib3a1f5214da839cd2bec4ffee16e0809095fa513
CRs-Fixed: 2058073
Map the input target time to host time, and
time stamp netbuf with this host time.
Change-Id: I1fb298615267bb11c4f21cabe670fd4c3a12a759
CRs-Fixed: 2057693
To map target time to host time, implement a timer
to capture TSF and host time periodically.
The timer will be started when connection state of
sta/p2p_gc being changed from not associated to
associated; and stopped when from associated to
not associated.
Change-Id: I697080b95f01f173beddc038ab9ad89ee394354b
CRs-Fixed: 2057693
1. Failed to get TSF if issuing cap_tsf more
than 1 time continuously, due to the TSF
value will be reset by the following 'cap_tsf'
command, however, these 'cap_tsf' won't be
excuted actually, because 'get_tsf' was not
received after last successful 'cap_tsf'.
To fix it, do TSF reset only if 'cap_tsf'
will be actually excuted.
2. Add flag 'cap_tsf_flag' to make sure cap_tsf
being executed serially.
3. Add flag 'tsf_ready_flag' to indicate whether
TSF feature has been initialized successfully.
Add 'TSF_NOT_READY' in 'hdd_tsf_get_state' to
indicate this state.
Propagated from qcacld-2.0
Change-Id: Ib768e3d7f0b33a75e8bd838d4ed1c0b84e3aa13d
CRs-Fixed: 2057693
When operating in an 802.11b mode, CCK TX FIR Override forces a 2x2
radio configuration into 1x for Tx and 2x for Rx (ie 1x2) for
regulatory compliance reasons. Add gEnableCckTxFirOverride to allow
this firmware feature to be enabled/disabled via ini configuration.
Change-Id: I359fc908fa27113e2500a28c343cf90dea518212
CRs-Fixed: 2062111
Propagatin from qcacld-2.0 to qcacld-3.0
Length of the MAC address is not checked which may cause out of bound
read issue.
To resolve this add a check for MAC address length.
CRs-Fixed: 2063980
Change-Id: I58454b84c28b157cef35984d612a9bc6fdd9ec56
Add host support for detecting SOC power collapse failures in FW and
communicating the same to framework.
Change-Id: Icee39c896802c4d7136e0b8ef442a33feeb4799c
CRs-Fixed: 1112979
In some cases kernel incorrectly forwards the address change request
down to the driver even when interface is down. Driver tries to get
the session pointer from mac context and ends up crashing due to NULL
pointer dereference.
Ignore address change requests when interface is down.
CRs-Fixed: 2060889
Change-Id: I2b572c517b335856cdf2ae04433b4a48a9598572
Convert the boolean variables used for tracking okc_enable into
separate bit flags for OKC and PMK caching. Firmware will also
add support for bitwise enablement of OKC and PMK caching in 802.11i
configuration part of RSO command.
CRs-Fixed: 2004963
Change-Id: Ib2fcdc6318adb488eca5cf47b2b59541020e6009
An incorrect IE length can overflow the remaining length variable
and make IE parsing logic perform a buffer over-read.
Check on IE length to avoid buffer over-read.
Change-Id: I20ef6a0136c7a5b602ad15a2fb725f20807b81d0
CRs-Fixed: 2052804
WPA RSN IE is copied from source without a check on the given IE length.
A malicious IE length can cause buffer overflow.
Add maximum bound check on WPA RSN IE length.
Change-Id: Id159d307e8f9c1de720d4553a7c29f23cbd28571
CRs-Fixed: 2052791
qcacld-2.0 to qcacld-3.0 propagation
By setting the corresponding parameters: reorder timeout and window size
to FW, the host will deliver information about aggregation of the packets
on RX to upper layer.
Change-Id: I404d56d8d9ca3e90f8d1dee28abd80d784924901
CRs-fixed: 1078111
During .set_phy_params operation, retry value for short retry
is incorrectly fed to the long retry parameter.
Only feed retry value for long retry into the long retry parameter.
Change-Id: I3e8838b9b0c21d3cbaafa3a1785dd3f793b5b372
CRs-Fixed: 2062561
Add INI config option to enable orphaning of Tx packets.
Default is to disable orphaning.
Change-Id: Ib855d7ebf56fd3def1a2674091a188e8ecd729f2
CRs-Fixed: 2064079
Fix the return data type in __wlan_hdd_cfg80211_ll_stats_get from
unsigned long to int type.
Change-Id: Ia51056adbf09fe6a2cb0d33337b4d9107c4f146d
CRs-Fixed: 2051378
Change the return status type as the expected value could
be either a negative or Zero based on failure or success
respectively in the routine wlan_hdd_ll_stats_get()
Change-Id: Ieaff1928f081fe28060b2c40f7e546c51d03a7bc
CRs-Fixed: 2036663
