1) In csr_start, CSR module's scan callback function is currently
registered after scan is enabled. This can result in a potential
memory leak of the per-session CSR scan profile's child buffers
when the following events take place in sequence:
(1) CSR scan is enabled
(2) Upper layer invokes CSR module for scan requests
(per-session CSR scan profile's child buffers are
allocated here)
(3) Scan finished, but no CSR callback is registered to
handle it so the previously allocated child buffers
are leaked
(4) CSR scan callback function is registered later, but
it's already too late
Move the CSR scan enabling code to a place after CSR scan
callback is registered to fix the potential memory leakage.
2) CSR scan should be stopped before sessions are closed, and
session init code should not re-enable CSR scan again during
session clean up stage. Or there will be another chance for
the same issue as in 1) to happen again.
3) CSR scan callback function should be deregistered before
a session is closed and cleaned up.
4) Per-session CSR scan profile pointer should be checked
during session clean up and its buffer and child buffers
should be freed to avoid any potential memory leak.
Change-Id: I99101170a58f63b239db620dea01d210e83d9367
CRs-Fixed: 2228321
Video/audio wireless application needs to tune parameters
per AC based. Config the number of TX sw retry per AC via
driver INI configuration file. It helps to improve the
video/audio performance in noisy environment.
Change-Id: Icffb5174b265b6453021b0d0a8ad3e12b695847a
CRs-Fixed: 2212954
Video/audio wireless application needs to tune parameters
per AC based. Configure A-MPDU subframe parameter per
AC via driver ini configuration file.
Change-Id: Id63be7aacf6465edee08f7a2f4c8a119f9bd6346
CRs-Fixed: 2212932
Currently there is no provision to decide delay between two roam
scans in firmware. With these new ini's, driver wants to expose
control to decide delay between roam scans:
Add ini "min_delay_btw_scans" to set minimum duration allowed between
two consecutive roam scans. Fw should not allow roam scan if duration
between two consecutive roam scan is less than min_delay_btw_scan.
Add ini "roam_trigger_reason_bitmask" to set default value of
bit-mask containing roam_trigger_reasons for which
min_delay_btw_scans constraints should be apply.
Change-Id: I2af9d5dc8e6919eeb90251d3d744e3f07705e776
CRs-Fixed: 2221779
Register CSR scan requester when csr_start(), but didn't unregister it
when csr_stop(). It might run out scan requester buffer.
Change-Id: I95472027c927ae0c0bc1869338cffad6bbacf0ff
CRs-Fixed: 2222492
Add new ini item "enable_ftopen" to enable/disable FT open
feature. There is no ini currently to disable only FT open.
Change-Id: I18280d9de77857b15698eb233ba4ec71089beb06
CRs-Fixed: 2214766
Add new ini item "ho_delay_for_rx" to set delay Hand-off
period. For LFR 3.0 roaming scenario, once roam candidate
is found, firmware waits for minimum this much duration
to receive pending rx frames from current BSS before
switching to new channel for handoff to new AP.
Change-Id: Ided9a81e9402259f5df6b42926b3fa336b6bb4d0
CRs-Fixed: 2221748
Add WLM setting to "csr_get_config_param"
to avoid the setting lost when set back by
csr_change_default_config_param.
Change-Id: I539a4a87f55365c701a7149784e92c60fb6c5383
CRs-Fixed: 2223340
The driver contains considerable debris from the obsolete WOWL
messaging, so clean it up.
Change-Id: I432f7fc1567b0aa31a7be758c05f2213340baed0
CRs-Fixed: 2223859
In sme_qos_del_ts_req, there is a chance that driver can access
del ts req pMsg even after free. In umac_send_mb_message_to_mac
driver frees pMsg if there is some failure. But driver still
tries to access pMsg in sme_qos_del_ts_req even if umac_send_mb_
message_to_mac returns failure.
Access pMsg only if umac_send_mb_message_to_mac returns success
to avoid this use after free issue.
Change-Id: I3638a38746b9cd917e01a7ff6f38430344e6e78d
CRs-Fixed: 2214718
If connection is in progress and new connection req is
received from supplicant, hdd tries to disconnect the
current session and post force disassoc command and wait
for it to get completed. If the current ongoing connect
operation fails and this force disassoc is processed as
sme session is in disconnected state it is silently
dropped and thus there is no event sent to the HDD
to stop the wait for disconnect and HDD wait for 5
sec before returning connect failure.
Fix this by Calling disconnect handler if, disconnect
with force dissoc is called in disconnected state
Change-Id: I3a78308b54fb048fba5a6aed3d8e8b193c371647
CRs-Fixed: 2223313
Fix integer underflow in csr_update_fils_params_rso as this may
cause buffer overflow.
Change-Id: I25b31f5c0f207be09ac30d5f95911d3866d12d66
CRs-Fixed: 2204872
Max len of CSR_DOT11F_IE_RSN is 114 which is les than the
DOT11F_IE_RSN_MAX_LEN (130) which may result in array overflow
while parsing cckm ie.
TO address this replace CSR_DOT11F_IE_RSN_MAX_LEN to with
DOT11F_IE_RSN_MAX_LEN and remove CSR_DOT11F_IE_RSN_MAX_LEN
as it is not getting used anywhere else.
Change-Id: I58f93f37bd17653db2840720ab106c01f10d535e
CRs-Fixed: 2209355
On receiving del station command, SAP is not updating the del
station reason code properly in station info.
Update the correct reason code in station info whenever a
del station or deauth station event comes.
Change-Id: I2004dc21f18682dbc7dee488e7b55bfccd0d242a
CRs-Fixed: 2178538
Deprecate enum wmi_dwelltime_adaptive_mode and use enum
scan_dwelltime_adaptive_mode defined in scan component.
Change-Id: I9c33b852172d9208fb8440c6dc71a12aefd717da
CRs-Fixed: 2213150
Connected AP scan entry is aged out if beacon
is not recieved within scan age out time.
Update mlme information of the connected AP/BSSID
scan entry so that scan age out hanlder will not
age it out even though the last beacon recieved
time is greater than the configured scan age out value.
Change-Id: I14c68c28459080623ca62c0bad9052e38d7fb348
CRs-Fixed: 2202010
struct csr_scanstruct contains fields currentCountryBssid and
currentCountryRSSI which are obsolete, so remove them.
Change-Id: I47f40cc687b0e905d3c2db4ad67fa32f70d5181e
CRs-Fixed: 2212972
Message eWNI_SME_CHANGE_COUNTRY_CODE is no longer being sent, so
remove it along with the handler for it.
Change-Id: I8fe5e1e8c0c18ab51d496dddd9604c3a4cb2b236
CRs-Fixed: 2212920
Currently 11k offload command is sent to FW as part of RSO Start and
not explicit 11k offload disable command is sent to the FW. In case of
STA+STA concurrency cases, while 11k offload is enabled for the 2nd
STA after STA 1 is disconnected, the FW asserts because it has 11k
offload enabled for STA 1 and has not deconfigured it yet.
Send 11k offload disable command as part of RSO Stop during disconnect
to the FW so that it deconfigures 11k for the currently enabled STA
and re-configures for the second STA without assertion.
Change-Id: I8a1bcb8906c809f451f7ab3df3e4c671cef062fd
CRs-Fixed: 2208649
IPA module has been moved to CLD component under the converged
driver model. Remove legacy WMA interface IPA command and use
the new defined API.
Change-Id: Icd9a207f43f8df4dc563d0078d402470683cfd7d
CRs-Fixed: 2177925
Add diag event and its structure to log various connection statistics
after the connection has been made.
Change-Id: I3572cd9230d89e2d4154fd43579c258a2e2bdb58
CRs-Fixed: 2208503
Several logs are using QDF_TRACE with QDF_MODULE_ID_HDD directly.
Migrate these calls to the hdd_* logging wrappers instead.
Change-Id: I191014f0fd1ae55db71393655d96407ffa5953cb
CRs-Fixed: 2209514
Move Channel convert and frame indication logic from lim_p2p.c
to lim_utils.c and remove unused timer
pMac->lim.limTimers.gLimP2pSingleShotNoaInsertTimer.
Change-Id: I71de90d5fb88462e52148a434d43ea80c41cfe36
CRs-Fixed: 2191282
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tCsrRoamProfile typedef does
not meet any of those criteria, so replace references to it with a
reference to the underlying struct.
Change-Id: Ie78bc34c5c39a56058d0daa0240047ec67392ab3
CRs-Fixed: 2207843
When enable DFS scan via wpa_cli, the related flag in mac context
also need to be updated so that DFS channels will be included in
configurations sent to FW accordingly when DFS scan is enabled.
Change-Id: I6033637364ddbc7e916627e5ab6a94aee825db98
CRs-Fixed: 2201307
During Rome LFR2 roaming, after pre-auth with new AP finished,
current AP is disassociated. In disassoc rsp handler:
csr_roam_roaming_state_disassoc_rsp_processor,
csr_roam_copy_profile is called after csr_dequeue_command.
In csr_dequeue_command, cmd from active list is removed, cmd from
pending cmd list is moved to active list and executed, if the cmd
is disassoc from wpa supplicant, pSession->pCurRoamProfile is
freed, use after free happens in csr_roam_copy_profile
call stack when issue happens:
csr_roam_roaming_state_disassoc_rsp_processor
->csr_dequeue_command
->wlan_serialization_dequeue_cmd
->wlan_serialization_move_pending_to_active
->wlan_serialization_activate_cmd
->sme_ser_handle_active_cmd
->csr_roam_process_command
->csr_roam_process_disassoc_deauth
-> csr_free_roam_profile
->csr_roam_copy_profile
Fixed by calling csr_dequeue_command after csr_roam_copy_profile
Change-Id: I903795e830c153b94a7dc0476a0e8ea5ecf6be2f
CRs-Fixed: 2205645
In a prior version of the driver DPU signatures were used to
synchronize the Data Plane with the Control Plane. The DPU signatures
were provided to HDD by SME via fields in struct csr_roam_info, and
then HDD provided the fields to the Data Plane. But that mechanism is
no longer used and HDD does not read these fields so remove them along
with the logic that is currently used to fill them.
Change-Id: Ib056c20683e6b4f0d969fcff227476d53e040cc0
CRs-Fixed: 2200995
