The parameters to function hdd_roam_register_tdlssta() currently
includes ucastSig. This "signature" parameter dates back to a previous
version of the driver that used signatures to synchronize the data
plane with the control plane. However the current version of the
driver does not use this parameter, so remove it as part of the plan
to completely remove these signatures from throughout the driver.
Change-Id: Iee51d79e58501e3e8312c6c7a21b98c1ae6bf268
CRs-Fixed: 2200886
The parameters to function hdd_softap_register_sta() currently include
ucastSig and bcastSig. These "signature" parameters date back to a
previous version of the driver that used these signatures to
synchronize the data plane with the control plane. However the current
version of the driver does not use these parameters, so remove them as
part of the plan to completely remove these signatures from throughout
the driver.
Change-Id: I1f1f1fb1ef553d36ba0f4902ab29b2b4852ae5ca
CRs-Fixed: 2200356
Add support for HW mode info vendor command which sends
mac id, band, interface id and frequency information for
each MAC provided by driver to userspace.
Change-Id: If1112d29b8781cf5ba0480c84feeb772142f2c0e
CRs-Fixed: 2160531
In IPA offload case, if wlan driver is loaded before IPA uC is ready,
error is returned in hdd_ipa_init, which leads to whole driver load
failure. This is not the case since IPA driver provides wlan driver
a notify callback where IPA will invoke this callback when IPA uC
is ready.
Fix is to not return error if IPA uC is not ready during wlan loading
phase.
Change-Id: I98382abbb3bb3b1176f3be41228ac260c1017c24
CRs-Fixed: 2198998
There is a chance that SSID may be NULL in IE's received by driver
and driver publishes the same in association request which is not
expected. Always consider SSID from supplicant which is valid in
all scenarios to fix this.
Specific scenario:
OWE SSID is hidden in OWE transition mode. When supplicant detects
connection to OWE transition mode, it issues connect with required
SSID to driver. But that ssid does not present in driver scan cache
as it is hidden. Instead of this ssid, driver scan cache has NULL
entry. Driver uses this NULL entry in association request which is
not expected.
Change-Id: I7ceb712db87d6c7f73c7483f74d402b1ab3e30db
CRs-Fixed: 2197532
In wlan_hdd_add_age_ie the mgmt->u.probe_resp.variable is type casted
to qcom_ie_age, before incrementing the mgmt->u.probe_resp.variable
to get the qcom_ie_age pointer. This leads to memory corruption.
Fixed by typecasting the pointer once the qcom_ie_age pointer is
derived by incrementing the offset of qcom_ie_age from
mgmt->u.probe_resp.variable.
Change-Id: Iafcdb5c17f0d9c234687ddcc6f8b9100b21cc957
CRs-Fixed: 2201303
1) When wma_self_peer_remove() API returns failure, driver triggers
recovery without checking if driver unload is in progress which may
cause driver to go in bad state.
2) when wma_self_peer_remove() API returns success, driver releases the
memory accidently as part of I14895b0d3a19b3aaea2299311cc021ea14408f1e
Fix 1st condition by checking if driver unload is in progress. If driver
in unloading then just release the memory and return failure. If driver
is not unloading then just trigger SSR recovery, so FW can recover
silently.
Fix 2nd condition by checking the return status and release the memory
up on failure status code.
CRs-Fixed: 2197657
Change-Id: Ia08dbdac66d8641d22f6a82c29ab1a5b99309214
The memory leak is detected in API csr_process_del_sta_session_command()
for the memory allocation of del_sta_self_req.
SME sends this message from WMA for further processing.
When WMA_DEL_STA_SELF_REQ is processed, wma_self_peer_remove() will be
called for p2p device. If wma_self_peer_remove() API is failed due to
some reason then memory needs to be freed up which is allocated through
csr_process_del_sta_session_command() API which is missing.
For any failure case, release the message memory allocated by SME either
by releasing directly in WMA when response is not required or by sending
failure response which in turn releases the memory when response is
required.
CRs-Fixed: 2192935
Change-Id: I14895b0d3a19b3aaea2299311cc021ea14408f1e
In testbed sta mode the RSNE enc type and auth type may not match the
AP's enc type and auth type and thus the scan filter is unable to match
and find the AP.
Introduce auth and enc type as "ANY" in scan filter. With the auth
and enc type set as ANY, all the AP's matching the BSSID and SSID
will be filtered and the negotiated auth and enc type will be
dependent on AP's auth and enc type.
Change-Id: Ia7d573b393f7883f4c92188133734795be1781aa
CRs-Fixed: 2197223
Duplicate API's are present in HDD and common code to inform the
beacon to kernel. This change removes the duplicate API from HDD
and use common API to inform beacon.
Change-Id: I1916ebd6d3c153f47533cde6a1e2e78ebaae55dc
CRs-Fixed: 2199760
Recent changes in Power Management and Offload (PMO) have removed the
need for a configurable maximum number of WoW filters. Remove the
following relevant fields:
* maxWoWFilters
* CFG_MAX_WOW_FILTERS_MAX
* WMA_STA_WOW_DEFAULT_PTRN_MAX
* max_wow_filters
* ol_ini_info
Change-Id: I99cc74731d6373258dc65473a8342bda0ab2786b
CRs-Fixed: 2199452
There are scenario where indoor channel operations
(like active / passive scan/connect/roam etc)
are not desired / permitted specially in sap case.
Hence add support of disabling indoor channel
on sap start and revert it on sap stop.
Change-Id: Id6e01534532e3076a3e662e6a4f71e8be924165a
CRs-fixed: 2121103
In order to conserve firmware memory when various filtering features are
not in use, update the target configuration provided to firmware based
on the intersection of various filtering features and host
configuration.
Part 1
num_wow_filters = ARP/NS offload enabled ? 2 : 5
bpf_instruction_size - BPF enabled ? 0 (auto) : 0xffffffff
Part 2 (pending firmware support)
pkt_filter_num = Packet Filter enabled ? 12 : 0 (disabled)
Change-Id: Ic6624ff04598b53d8321e4864618b12b9702780f
CRs-Fixed: 2196997
Provide PMO-specific device capabilities to PMO. This allows PMO to do
intersections between configuration and device capabilities.
Change-Id: If0a199f9be466d16cef900a29b14b73a2a4e52d0
CRs-Fixed: 2197828
The packets in the vdev ll_pause queue hasn't been doing the qdf_nbuf_map,
or they might be mapped by other module like ipa. So do not unmap in the
ol_txrx_vdev_detach to avoid the mis-match operation.
Change-Id: I498c09152be95464bc6343f2a48d63e13d621a82
CRs-Fixed: 2198903
This reverts commit I87b635bf4644b54d47bee65307d7484c9e328885.
This should be used for uC loading debug purpose only.
If uC is not loaded yet when WLAN initialization, we are expecting
the registered uC ready callback is invoked after uC loaded later.
Change-Id: Ie6f6d116ff7a23a9b4900c60053a8e76948734d9
CRs-Fixed: 2196878
Currently, driver calls wma_group_num_bss_to_scan_id API from
wma_extscan_cached_results_event_handler to group bss to scan id
table. Without checking return status of wma_group_num_bss_to_scan_id,
HDD callback is called which can lead to NULL pointer de-reference issue
in wlan_hdd_cfg80211_extscan_cached_results_ind if malloc for
t_scan_id_grp->ap fails in wma_group_num_bss_to_scan_id.
Add check for return status of "wma_group_num_bss_to_scan_id" in
wma_extscan_cached_results_event_handler before invoking HDD callback
Change-Id: I457f39404436c54feb4b555f8101895d3c1ae5d7
CRs-Fixed: 2188297
Failure can be observed when waiting for peer deletion
before sending WMI command. Peer deletion in VDEV stop
timeout handler also need to be handled in the scheduler
queues.
Change the logic to wait for peer delete completion
before sending message to scheduler queue to delete VDEV.
Change-Id: I78d3070a73c85d212bc33c346b3e60edf3c016f8
CRs-Fixed: 2187430
Hostapd sends channel list as NULL in do_acs request
when country mode is set to world and hw mode is 11a.
This results in scan to be triggered on all 5g channels
and driver to choose 5g channel as best channel.
Fix is to return error to hostapd if channel list
received is NULL.
Change-Id: I17aacfdbeea9803023a66f54de7b596612ea97c3
CRs-Fixed: 2192858
In the present scenario the function wlan_cfg80211_cleanup_scan_queue
does the code scan queue cleanup during radio detach, leading to access of
freed vdev netdev.
Extend cfg80211 scan cleanup API to support netdev level cleanup. The
second parameter if NULL cleans up all the queues or only the queue of
the specific net dev given.
Change-Id: I2a6b350fe5102b2a5d772dd9a075003ccf3b684c
CRs-Fixed: 2197309
If multiple auth req comes, it added to the header of message queue
but in between mc thread could be processing some beacon frame. while
processing beacon, SAP gets assoc req and adds it to head of message
queue and will be processed first instead of auth req. After sending
of accoc rsp, mc thread will start to process queued auth req, which
is at the top of message queue which will result in deauthentication.
Reverts commit 360c5d590ec8 ("qcacld-3.0: Prioritize connection req
frames in pe queue")
Change-Id: Iaf511be1160e05cfcd9d60f18be4339587308089
CRs-Fixed: 2192836
The checkpatch script has identified instances of "Missing a blank
line after declarations" in HDD, so add them.
Change-Id: I289072b26e0c9c1f8392616438e304b018d9ecd2
CRs-Fixed: 2198555
Currently hdd_roam_deregister_sta() tests the STA to see if it is in
the eConnectionState_IbssDisconnected state, but then doesn't actually
do anything if it is true. Since this is obviously an obsolete test
where the action code has been previously removed, now remove the
actual test.
Change-Id: I6a0077088d87f91b8d8f220049de05a19232995b
CRs-Fixed: 2198554
WoW is always enabled on ROME and ADRASTEA platforms and wow
wake up pattern configuration is dynamic based on vdev type.
All wow wake up patterns are configured at the time of vdev
creation. HDD and SME has obsolete wow enter and exit logic
and hence nuke it.
Change-Id: I228ff5b77a7f9dac579448ada4ebee591d5a0c38
CRs-Fixed: 2198644
In wma_vdev_delete_handler() once vdev req is removed from the
vdev_resp_queue the vdev rsp timer is stopped and freed after
releasing the wake lock and vdev detach callback.
So before vdev rsp timer is stopped it may get expired and
post msg in MC thread. Now once this timer msg is processed it
access the already freed memory.
To fix it stop vdev rsp timer first before releasing the wake
lock and vdev detach callback.
Change-Id: Iface6d1faaa9f801d0da7a70d548eafbd082dc48
CRs-Fixed: 2196338
