There are a number of code hygiene issues with cds_pre_enable().
Cleanup some trivial items such as using appropriate logging wrappers,
removing excessive QDF_ASSERTs, using standard naming conventions, etc.
Change-Id: I1a236c4aae9a48195b73943bf83c9498d44501ea
CRs-Fixed: 2249436
Remove cds_set_load_in_progress so that the
hdd_wlan_stop_modules can do PLD power off
for FTM mode.
Add con_mode_flag checking for HDD context access
protection.
Change-Id: Ie48443579fcb692fcc806cb9b6bf5782d7764c9f
CRs-Fixed: 2246876
There might be a race condition between wlansap_stop_bss and
wlansap_start_bss. The tx_flow_control_timer might be created again
after released by hdd_stop_adapter which might cause the memory leak
issue.
Add mutex lock to protect the wlansap_start_bss in the function of
wlan_hdd_cfg80211_start_bss to fix incorrect state of fsm.
Change-Id: Icae4508450f6e1cc13210d49edaf03a8fbd39fe4
CRs-Fixed: 2239832
While calling sme_pdev_set_pcl() API, driver is passing the argument
by value. The size of the argument is 280 bytes which is not good
design.
Pass the argument by reference instead of passing it by value to make
design simple.
CRs-Fixed: 2233212
Change-Id: I92849fb125fe864c1c7c7977bce392a7bcfe4121
Currently SMMU mem map table allocation size is very high and may
lead to allocation failure if system memory is fragmented or in low
memory cases. Do not allocate SMMU mem table buffer instead update
for each rx nbuff.
Change-Id: Ib48199387abc942980cef1ef57a00e44c729e95f
CRs-Fixed: 2238629
session_entry pointer has been dereferenced without checking against
NULL.
Add NULL check before dereferencing it.
CRs-Fixed: 2232738
Change-Id: I899a5da2affd70acf274bdceca11e9d47c7659b5
Initialize variable sap_ap_event to avoid use of uninitialized value
of sap_ap_event.sapHddEventCode when calling sap_ctx->pfnSapEventCallback.
Change-Id: Idcf18b6c95ffcef59f0db764d0071fcb4909ea2e
CRs-Fixed: 2232749
wlan_sys_probe has been superseded by the scheduler thread watchdog.
Since it is no longer needed, remove wlan_sys_probe.
Change-Id: I31e7cf0021774d074a6c94eb6a636e1f87452923
CRs-Fixed: 2249435
When WMI attaching fails in wma_open, the memory allocated
during invokation of target_if_open should be freed to
avoid a memory leak.
Change-Id: I64e5bbc9714199a1598df55e00586786a30aad35
CRs-fixed: 2237068
Address the following issues in wlan_hdd_wext.c:
CHECK:'recieved' may be misspelled - perhaps 'received'?
CHECK: parenthesis alignment in iw_get_policy_manager_ut_ops
CRs-Fixed: 2245341
Change-Id: I25c1e4310739e934d49dc7b4fc3890e5ab16e5e0
In the function hdd_hostapd_sap_event_cb, stainfo is obtained
from hdd_get_stainfo(). This stainfo is dereferenced later to
retrive dhcp_phase later. If the stainfo returned from the
function hdd_get_stainfo is NULL, then a possible NULL pointer
dereference could occur.
Add check to validate stainfo is not NULL.
Change-Id: Ia428142b6ae2545528c5998dcde63845ca592b56
CRs-Fixed: 2233870
Remove the redundant tx flow control register in sap event cb, which has
been registered already when adapter started.
Change-Id: Ia48249ed6b6de0a1af642d920f9589c600015ed3
CRs-Fixed: 2239832
This reverts change If06be4c9627eb345fb52609351417b155d336a4e for the
following reasons:
1) hdd_debug_domain_set() should never be called outside of module
start/stop
2) It effectively reverts I2fade59d1e4a27620cecadb91f69866e79c85612
Change-Id: Id132c516dd2600110912539df37eb1932730fef1
CRs-Fixed: 2248600
In hdd_we_set_11d_state(), @sme_config is accessed immediately after
being freed. Avoid accessing freed memory.
Change-Id: I7ad19f6846bce1d0f99b7712f1036c81ea363815
CRs-Fixed: 2247652
When receive dfs event, if no available channel, stop all AP,
but send eSAP_STOP_BSS_DUE_TO_NO_CHNL to same AP for 2 times
wrongly during SAP+SAP concurrency, init and schedule same work
queue sap_stop_bss_work 2 times at nearly same time, deadlock
happens
Change-Id: I86cf0ed578e81b3bc1941e057e91c9d952893e07
CRs-Fixed: 2230873
hdd_stop_adapter frees beacon resouce but doesn't clear SOFTAP_INIT_DONE
flag. If SSR happens in this time, NULL pointer dereference will occur.
Clear flag in hdd_stop_adapter and check NULL pointer when use beacon.
Change-Id: I14be81a4e5fb498948f7ceec9138e9b1c797af1e
CRs-Fixed: 2232511
It will reject channel switch command for STA+SAP concurrency case
since not force set channel switch.
Change-Id: Id032d5f931aa78cf24fda7e1fc1cc1d8ec58008f
CRs-Fixed: 2246121
If any userspace request is posted using request manager,
memory is allocated for that request using hdd_request_alloc
api. Now when the response of this request comes in the
registered callback, if this response is NULL then callback
returns without doing hdd_request_complete and eventually
request gets timed out and memory is released through
request_put. If the con_mode is changed before this time out
occures, con_mode_handler will try to stop_modules and will
result in mem leak detection as the memory for the request
is not released yet.
To address this issue in con_mode_handler, wait for all the
user space requests to complete before trying to stop modules.
Change-Id: If524580e420d107a1fe6d17b75d4c13e4feb96e1
CRs-Fixed: 2244739
Do not unmap the skb_buf if the owner is the ipa module when doing the
ol_txrx_vdev_flush.
For WDI 1.0 MCC TX, the IPA driver will push skb to wlan for transmission.
The skb_buffer has been mapped in the IPA driver before sending to wlan.
So no need to do unmap the skb_buf again in the wlan driver.
Change-Id: I2c1f8e916aca12f3efa73e3540e3d27c434617a1
CRs-Fixed: 2244442
while parsing the QCA_WLAN_VENDOR_ATTR_SCAN_IE there can be possible
overflow overwriting the next ie pointers.
Hence validate the ie length received before memcpy.
Change-Id: Ic503331e6ee35bad5b3b6518cb140914cda2a447
CRs-Fixed: 2231992
Previously change "qcacld-3.0: Use enum QDF_GLOBAL_MODE", Change-Id
I0e806e87a4c4828279dee83450b1fc20a236c9d3, replaced all instances of
tQDF_GLOBAL_CON_MODE to QDF_GLOBAL_MODE in the qcacld-3.0
project. However since tQDF_GLOBAL_CON_MODE was originally defined in
a common project, and not all references to it could be immediately
removed, a legacy definition was left with the expectation that it
would be removed when all references to it had been updated.
Unfortunately a new instance of using tQDF_GLOBAL_CON_MODE has been
subsequently added to the project, so replace it with QDF_GLOBAL_MODE.
Change-Id: Ib8584f1327631d2280666822fa45118c210a3c39
CRs-Fixed: 2245248
Previously change "qcacld-3.0: Use enum QDF_OPMODE", Change-Id
Ic6f663dac11a100f168b2626c7c0fbcaccbfca4f, replaced all instances of
tQDF_ADAPTER_MODE to QDF_OPMODE in the qcacld-3.0 project. However
since tQDF_ADAPTER_MODE was originally defined in a common project,
and not all references to it could be immediately removed, a legacy
definition was left with the expectation that it would be removed when
all references to it had been updated. Unfortunately new instances of
using tQDF_ADAPTER_MODE have been subsequently added to the project,
so replace them with QDF_OPMODE.
Change-Id: I71cead84151cc0411f7cc5cc13a87a281e7502c0
CRs-Fixed: 2245247
Remove support for enabling/disabling SIFS burst mode,
SAP DFS channel SIFS burst and SIFS burst duration through
ini parameter as well as through IOCTL
Change-Id: I3d43afa3c0c85eef470a29b9e7ad812079666278
CRs-Fixed: 2238175
DISA head files include lots of not used public head files, and cause
compilation issue when disable PMO feature flag.
Change-Id: I287f845a3e9f923d042463c34abaedadb905d3b2
CRs-Fixed: 2243947
These board information are stored in the board file while the
calibration process. WMI service ready event will now carry them for host.
Append these board version information to the firmware version string.
Change-Id: Ieb5bc480bd0c2e387fcf6990dd192741f0b7cd6b
CRs-fixed: 2218963
To keep non-wext function out of wext.[c|h], rearrange it to main.[c|h]
And in order to make the interface more generic, change the interface
to take the buffer and length directly.
Change-Id: I1f64cc235b9dee6c574f871b020b0b61c8b427c8
CRs-fixed: 2228717
Broadcast mac address check is performed on an empty buffer pointer
before it is filled. Use the input frame pointer instead.
CRs-Fixed: 2191063
Change-Id: Ie02dcf05da70d52a0f3532b8d5647a7e8e0bcfe8
Restrict the force SCC logic for STA+SAP only, driver shouldn't
use the force scc logic for STA+P2P GO.
Change-Id: I3e62256bc1d8fd35667e6413219077ddc30f0732
CRs-Fixed: 2243537
Fix compilation issue seen in ol layer functions
due to mismatch between callback pointer type and
callback function signature.
Change-Id: I46bdf88c0d3e367e15e2a54229b237e2c9416319
CRs-Fixed: 2245498
Remove force SAP ACS support from driver as it is no longer needed
after hostapd based ACS is enabled permanently from framework.
Change-Id: Ib3b8bac0dcf45562596d89d0aa49e16a03f85499
CRs-Fixed: 2234858
In a noisy enviornment setkey confirmation in SME queue
is not getting processed due to multiple beacons/probes
getting processed in PE queue which is of higher priority
than SME queue.
Instead of posting a message to SME queue, setkey confirmation
will run to completion using sme callback mechanism.
Change-Id: Ibe536dad13731e7086c5e0a9ed2a19c11f6e9193
CRs-Fixed: 2233210
Current code in __hdd_hard_start_xmit function there is a possibility
of one variable uninitialized. Improve the code by initializing the
variable.
Change-Id: Ia2dbed83b35801087b93bbb336d13df95a78a8aa
CRs-Fixed: 2029588
There is a chance that cumulative peer_id_ref_cnt of different
peers can exceed peer ref cnt. This can result in use after free
issue during peer unref delete in ol_txrx_peer_remove_obj_map_
entries. Add QDF_BUG to catch such case and avoid access of peer
after delete.
Change-Id: I5a3cecc6a20747fce2fbf36a5ae733c42a3bc88b
CRs-Fixed: 2206589
Check user configuration for HE Tx beamformee and beamformer
while updating the caps into global or session configuration.
Change-Id: Ie355a6f208499dd389117c02b8510094c8fd08fd
CRs-Fixed: 2241779
In lim_oper_chan_change_confirm_tx_complete_cnf, need free frame buf
alloced in lim_p2p_oper_chan_change_confirm_action_frame, or buffer is
leaked.
Change-Id: Ic479427282742fb4fbbe28ab1acdf91e0a511340
CRs-Fixed: 2238603
HE Tx beamforming config parameter setting fails due to incorrect
value range. Correct the HE Tx beamforming config parameter values
Change-Id: Idb0ada45417467122bd7473cca07d15cf54fd3cc
CRs-Fixed: 2244247
In hdd_get_class_a_statistics_cb api, context is actually
cookie and it can be NULL if this is the first request. on
class A stats request, when hdd_get_class_a_statistics_cb is
invoked with context as NULL, the NULL check in callback
will not update the latest stats result and will return.
Change-Id: I8c33a0e82d9915a4b3d76e695ceab7ecd9301b89
CRs-Fixed: 2244767
User sends driver a list of roaming scan channels to set through IOCTL
SETROAMSCANCHANNELS. The parameters include the number of elements in
the array, followed by channel array and then a NULL character. But
when driver loops through the channel array it doesn't have a NULL
check. An erroneous number of elements passed by user may cause buffer
overread.
Add a NULL check on channels passed in IOCTL SETROAMSCANCHANNELS.
Change-Id: I7342aa5cf8e5267b7ed06a4e35b1ed882fb97893
CRs-Fixed: 2227039
Fix tTxrateinfoflags as per linux coding guidelines, this will later
help move the struct to qcacmn.
Change-Id: I1911d25594aaecc7c166cf36b79111b61e6de457
CRs-Fixed: 2244834
While processing vendor command QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO,
respective handler wlan_hdd_cfg80211_get_wifi_info() is not allocating
memory for QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX in event buffer
and trying to populate radio_index with nla_put_u32(). Buffer-overflow
is avoided with buffer length check in nla api but error is returned.
Return of error for valid user input is incorrect.
To fix this, add size of radio index in event buffer size calculation.
Change-Id: I39973814ae9b10466b9d5e3492a42b745a7f2a5e
CRs-Fixed: 2230298
Flow control resize implementaion as part of
Genoa enhancements to reduce total desc requirement
from 3600 to 2000.
Change-Id: Iee5d3ff08dcea13c11632cd29e6edba0dc3e979f
CRs-Fixed: 2223553
hdd_wlan_start_modules() currently takes an adapter parameter in order
to do management frame event deregistration. Instead, do management
frame event deregistration during adapter stop for symmetry with the
event registration. This allows us to remove the adapter parameter
completely from hdd_wlan_start_modules().
Change-Id: Ifb4619c80a129b8ef4e84c597dd98004d5cd713d
CRs-Fixed: 2240850
Address the following issues in the core/wma folder:
CHECK: 'accomodate' may be misspelled - perhaps 'accommodate'?
CHECK: 'acess' may be misspelled - perhaps 'access'?
CHECK: 'catagory' may be misspelled - perhaps 'category'?
CHECK: 'chnage' may be misspelled - perhaps 'change'?
CHECK: 'defintions' may be misspelled - perhaps 'definitions'?
CHECK: 'Intialize' may be misspelled - perhaps 'Initialize'?
CHECK: 'Intial' may be misspelled - perhaps 'Initial'?
CHECK: 'proces' may be misspelled - perhaps 'process'?
CHECK: 'progess' may be misspelled - perhaps 'progress'?
CHECK: 'refrence' may be misspelled - perhaps 'reference'?
CHECK: 'Relevent' may be misspelled - perhaps 'Relevant'?
CHECK: 'reponse' may be misspelled - perhaps 'response'?
Change-Id: Idc314b5a3a6945211581e2135cfaf9d0d5f69457
CRs-Fixed: 2241946
Address the following issues in the core/sme folder:
CHECK 'accomodates' may be misspelled - perhaps 'accommodates'?
(actually accommodated)
CHECK 'acknowledgement' may be misspelled - perhaps 'acknowledgment'?
CHECK 'becasue' may be misspelled - perhaps 'because'?
CHECK 'becuase' may be misspelled - perhaps 'because'?
CHECK 'catagory' may be misspelled - perhaps 'category'?
CHECK 'explictly' may be misspelled - perhaps 'explicitly'?
CHECK 'failue' may be misspelled - perhaps 'failure'?
CHECK 'fucntion' may be misspelled - perhaps 'function'?
CHECK 'infomation' may be misspelled - perhaps 'information'?
CHECK 'inteface' may be misspelled - perhaps 'interface'?
CHECK 'managment' may be misspelled - perhaps 'management'?
CHECK 'messsage' may be misspelled - perhaps 'message'?
CHECK 'Notifed' may be misspelled - perhaps 'Notified'?
As well as the following spotted during code review:
'sucsess' -> 'success'
Change-Id: Ieaa299d4dbc08c07f10aaf9d967336ac7b11d88d
CRs-Fixed: 2241947
From the IOCTL command WE_POLICY_MANAGER_PCL_CMD, we get the cds
concurrency mode as argument and pass it to cds_get_pcl to get
the pcl channel list. This concurrency mode parameter is used as
the array index to retrive the enum cds_pcl_type. If this value
is greater than CDS_MAX_NUM_OF_MODE an OOB read will occur in
iw_hdd_set_var_ints_getnone.
Add check to validate the input cds mode argument against the macro
CDS_MAX_NUM_OF_MODE. Return error if it is violated.
Change-Id: Iaa79d9698e0074a31a9c3f2396bd06d436d1e349
CRs-Fixed: 2216048
