Broadcast mac address check is performed on an empty buffer pointer
before it is filled. Use the input frame pointer instead.
CRs-Fixed: 2191063
Change-Id: Ie02dcf05da70d52a0f3532b8d5647a7e8e0bcfe8
Restrict the force SCC logic for STA+SAP only, driver shouldn't
use the force scc logic for STA+P2P GO.
Change-Id: I3e62256bc1d8fd35667e6413219077ddc30f0732
CRs-Fixed: 2243537
Fix compilation issue seen in ol layer functions
due to mismatch between callback pointer type and
callback function signature.
Change-Id: I46bdf88c0d3e367e15e2a54229b237e2c9416319
CRs-Fixed: 2245498
Remove force SAP ACS support from driver as it is no longer needed
after hostapd based ACS is enabled permanently from framework.
Change-Id: Ib3b8bac0dcf45562596d89d0aa49e16a03f85499
CRs-Fixed: 2234858
In a noisy enviornment setkey confirmation in SME queue
is not getting processed due to multiple beacons/probes
getting processed in PE queue which is of higher priority
than SME queue.
Instead of posting a message to SME queue, setkey confirmation
will run to completion using sme callback mechanism.
Change-Id: Ibe536dad13731e7086c5e0a9ed2a19c11f6e9193
CRs-Fixed: 2233210
For admission control feature, it is possible that priority of skb
to be overridden by HDD layer because certain AC is in the ACM
state. So need to enable ATH_TX_PRI_OVERRIDE by default.
This change will only take effect for QCA6290.
CRs-Fixed: 2237916
Change-Id: I9fcf75948c1b0eee8b12d5d54ab3dd251fb36409
Current code in __hdd_hard_start_xmit function there is a possibility
of one variable uninitialized. Improve the code by initializing the
variable.
Change-Id: Ia2dbed83b35801087b93bbb336d13df95a78a8aa
CRs-Fixed: 2029588
There is a chance that cumulative peer_id_ref_cnt of different
peers can exceed peer ref cnt. This can result in use after free
issue during peer unref delete in ol_txrx_peer_remove_obj_map_
entries. Add QDF_BUG to catch such case and avoid access of peer
after delete.
Change-Id: I5a3cecc6a20747fce2fbf36a5ae733c42a3bc88b
CRs-Fixed: 2206589
Check user configuration for HE Tx beamformee and beamformer
while updating the caps into global or session configuration.
Change-Id: Ie355a6f208499dd389117c02b8510094c8fd08fd
CRs-Fixed: 2241779
In lim_oper_chan_change_confirm_tx_complete_cnf, need free frame buf
alloced in lim_p2p_oper_chan_change_confirm_action_frame, or buffer is
leaked.
Change-Id: Ic479427282742fb4fbbe28ab1acdf91e0a511340
CRs-Fixed: 2238603
HE Tx beamforming config parameter setting fails due to incorrect
value range. Correct the HE Tx beamforming config parameter values
Change-Id: Idb0ada45417467122bd7473cca07d15cf54fd3cc
CRs-Fixed: 2244247
In hdd_get_class_a_statistics_cb api, context is actually
cookie and it can be NULL if this is the first request. on
class A stats request, when hdd_get_class_a_statistics_cb is
invoked with context as NULL, the NULL check in callback
will not update the latest stats result and will return.
Change-Id: I8c33a0e82d9915a4b3d76e695ceab7ecd9301b89
CRs-Fixed: 2244767
User sends driver a list of roaming scan channels to set through IOCTL
SETROAMSCANCHANNELS. The parameters include the number of elements in
the array, followed by channel array and then a NULL character. But
when driver loops through the channel array it doesn't have a NULL
check. An erroneous number of elements passed by user may cause buffer
overread.
Add a NULL check on channels passed in IOCTL SETROAMSCANCHANNELS.
Change-Id: I7342aa5cf8e5267b7ed06a4e35b1ed882fb97893
CRs-Fixed: 2227039
Fix tTxrateinfoflags as per linux coding guidelines, this will later
help move the struct to qcacmn.
Change-Id: I1911d25594aaecc7c166cf36b79111b61e6de457
CRs-Fixed: 2244834
While processing vendor command QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO,
respective handler wlan_hdd_cfg80211_get_wifi_info() is not allocating
memory for QCA_WLAN_VENDOR_ATTR_WIFI_INFO_RADIO_INDEX in event buffer
and trying to populate radio_index with nla_put_u32(). Buffer-overflow
is avoided with buffer length check in nla api but error is returned.
Return of error for valid user input is incorrect.
To fix this, add size of radio index in event buffer size calculation.
Change-Id: I39973814ae9b10466b9d5e3492a42b745a7f2a5e
CRs-Fixed: 2230298
Flow control resize implementaion as part of
Genoa enhancements to reduce total desc requirement
from 3600 to 2000.
Change-Id: Iee5d3ff08dcea13c11632cd29e6edba0dc3e979f
CRs-Fixed: 2223553
hdd_wlan_start_modules() currently takes an adapter parameter in order
to do management frame event deregistration. Instead, do management
frame event deregistration during adapter stop for symmetry with the
event registration. This allows us to remove the adapter parameter
completely from hdd_wlan_start_modules().
Change-Id: Ifb4619c80a129b8ef4e84c597dd98004d5cd713d
CRs-Fixed: 2240850
Address the following issues in the core/wma folder:
CHECK: 'accomodate' may be misspelled - perhaps 'accommodate'?
CHECK: 'acess' may be misspelled - perhaps 'access'?
CHECK: 'catagory' may be misspelled - perhaps 'category'?
CHECK: 'chnage' may be misspelled - perhaps 'change'?
CHECK: 'defintions' may be misspelled - perhaps 'definitions'?
CHECK: 'Intialize' may be misspelled - perhaps 'Initialize'?
CHECK: 'Intial' may be misspelled - perhaps 'Initial'?
CHECK: 'proces' may be misspelled - perhaps 'process'?
CHECK: 'progess' may be misspelled - perhaps 'progress'?
CHECK: 'refrence' may be misspelled - perhaps 'reference'?
CHECK: 'Relevent' may be misspelled - perhaps 'Relevant'?
CHECK: 'reponse' may be misspelled - perhaps 'response'?
Change-Id: Idc314b5a3a6945211581e2135cfaf9d0d5f69457
CRs-Fixed: 2241946
Address the following issues in the core/sme folder:
CHECK 'accomodates' may be misspelled - perhaps 'accommodates'?
(actually accommodated)
CHECK 'acknowledgement' may be misspelled - perhaps 'acknowledgment'?
CHECK 'becasue' may be misspelled - perhaps 'because'?
CHECK 'becuase' may be misspelled - perhaps 'because'?
CHECK 'catagory' may be misspelled - perhaps 'category'?
CHECK 'explictly' may be misspelled - perhaps 'explicitly'?
CHECK 'failue' may be misspelled - perhaps 'failure'?
CHECK 'fucntion' may be misspelled - perhaps 'function'?
CHECK 'infomation' may be misspelled - perhaps 'information'?
CHECK 'inteface' may be misspelled - perhaps 'interface'?
CHECK 'managment' may be misspelled - perhaps 'management'?
CHECK 'messsage' may be misspelled - perhaps 'message'?
CHECK 'Notifed' may be misspelled - perhaps 'Notified'?
As well as the following spotted during code review:
'sucsess' -> 'success'
Change-Id: Ieaa299d4dbc08c07f10aaf9d967336ac7b11d88d
CRs-Fixed: 2241947
From the IOCTL command WE_POLICY_MANAGER_PCL_CMD, we get the cds
concurrency mode as argument and pass it to cds_get_pcl to get
the pcl channel list. This concurrency mode parameter is used as
the array index to retrive the enum cds_pcl_type. If this value
is greater than CDS_MAX_NUM_OF_MODE an OOB read will occur in
iw_hdd_set_var_ints_getnone.
Add check to validate the input cds mode argument against the macro
CDS_MAX_NUM_OF_MODE. Return error if it is violated.
Change-Id: Iaa79d9698e0074a31a9c3f2396bd06d436d1e349
CRs-Fixed: 2216048
Address the following issues in the core/sap folder:
CHECK: 'availabe' may be misspelled - perhaps 'available'?
CHECK: 'defult' may be misspelled - perhaps 'default'?
CHECK: 'fucntion' may be misspelled - perhaps 'function'?
CHECK: 'Funtion' may be misspelled - perhaps 'Function'?
CHECK: 'intial' may be misspelled - perhaps 'initial'?
Change-Id: Id1e696f70d4d3c5ff650a353eb8402216909bc2c
CRs-Fixed: 2241944
When trying to add multiple softap interfaces, sanity checks in
wlan_hdd_allow_sap_add() are trying to access dev in adapter without
NULL check which can lead to NULL pointer exception.
To fix this, add NULL check for dev before access of its attributes.
Change-Id: I57577da1b60443a42e273f87e9f4feac123bc686
CRs-Fixed: 2232394
Fix overwrite when handling RSN element and WAPI AKM suite
list in wlan_hdd_cfg80211_set_ie.
Change-Id: I63528da4c2dfafa22f2c6fc73afe52727af02b64
CRs-Fixed: 2228031
Change "qcacld-3.0: Add support to send A-MSDU aggregation type
to firmware" combines the AMSDU/AMPDU configuration path in WMA
layer, which is causing some ampdu parameters be overwritten by
value of amsdu.
Avoid GEN_VDEV_PARAM_AMSDU handler to touch ampdu parameters.
CRs-Fixed: 2243571
Change-Id: I52119f2bbcb306f5fad704e912c4cbb179c6a369
Fix the HE mcs rates when the ack policy is set to no ack to
reduce the tx failures.
Change-Id: Iff923bcb6094d1a75ba1e14ff19897f9ca8c2e0a
CRs-Fixed: 2236565
