If during set link state, vdev stop fails, then the params pointer
is not removed from the vdev resp queue and set link state rsp is
called which will free this params pointer.
This leads to double free of the params memory when driver try to
remove the req params from vdev resp queue when cleanup vdev resp
queue is called.
To fix this remove vdev stop req from vdev resp queue if vdev stop
fails.
Change-Id: I1da763d2cc35c12c1b55a3c0057b893e9ef8d48f
CRs-Fixed: 2080189
qcacld-2.0 to qcacld-3.0 propagation
On some channel, AP's tranmission power is less than
regulatory tx power as per db.txt. While sending Assoc request,
driver should populate negotiated power (min power of AP's tx power and
regulatory power for operating channel) in Assoc request.
This doesn't happen currently, fix it to ensure that
driver follow negotiated power.
Change-Id: I7755894b72e4f0f7ffc371abbbda5c75b2851b13
CRs-Fixed: 2011396
Currently if the peer is not registered, we add packets to a cached_bufq
(within a peer). In case the peer is not registered for quite a long
time, or if the vdev->rx pointer is somehow not set (when the vdev is
associated), this will lead to large number of nbufs from the FW being
added to this list. Eventually, we will run out of memory trying to add
nbufs to this list.
Keep an upper threshold on the number of elements in the cached_bufq.
Drop elements once the threshold is reached.
Change-Id: I02db9347addd77976f1d84897eee20d1e6f9c4ec
CRs-Fixed: 2026991
qcacld-2.0 to qcacld-3.0 propagation
Currently, driver doesn't consider tx power which was negotiated
at the time of connection for max tx power for RRM Link Measurement
Request.
Fix this by not allowing tx power more than pSessionEntry->maxTxPower.
Change-Id: Idebe6d11e05da0b3b8186e2c84ff8ad4ac124fdc
CRs-Fixed: 2021835
When Driver does disconnect as part of heartbeat failure
or kickout event, trigger fatal event to capture pktlog.
Change-Id: I43a486afeccc4acd4be542357b803d492afde9c0
CRs-Fixed: 2030718
Currently, a hard-coded enhanced multicast filter configuration is being
sent to firmware. Instead, create a set of enable/disable APIs, and
configure enhanced multicast filter based on advertised firmware
capability.
Change-Id: I488b4a921612e1081266be8831be098d755375f9
CRs-Fixed: 2078615
In the suspend path, the code waits for all active/pending scans to be
cancelled before continuing the suspend. Instead, for better power
savings, abort all active/pending scans during suspend and immediately
continue the suspend process.
Change-Id: I16a5429c00034fe58fb4c70a8dacda666ac54227
CRs-Fixed: 2073229
Fix incorrect processing of encrypted auth frame by allocating
appropriate local buffer and using correct type for frame length.
Change-Id: I87d6f4c3c43dd332d5b1877ddf4b3b46a717468b
CRs-Fixed: 2081734
Currently, numap is int and is assigned with a uint32 value from
fw which might lead to integer overflow. Also, when multiplying
the uint32 value with sizeof dest_ap could lead to int overflow
if the value of numap is close to uint32's maximum limit.
Fix/Modify numap to uint32 to be in sync with value from fw cmd.
Also add check to trim down numap value to max (10) if value is
greater than max (10).
Change-Id: I060f585c8c951807cd32b5eec75c1bad2e84a75b
CRs-Fixed: 2082665
QCA_WIFI_3_0_EMU flag is introduced for IHelium emulation
platform, where wait/error timeouts are kept for larger values.
Remove this flag for production target.
Increase tx completion drain delay to 1sec from 500ms to avoid
unwanted suspend abort.
Change-Id: Ie0633b3a2bbc9e2237039311af7417952961aada
CRs-Fixed: 2047750
qcacld-2.0 to qcacld-3.0 propagation
Update EDCA parameter if the country is in European
Union based on new ETSI RED channel access parameters.
Change-Id: I08b1a0d7cd0ee1f6985cd0810c5c4c1108e582b4
CRs-Fixed: 2078985
Skip FW memory dump in SSR case for HL SDIO solution.
HL SDIO uses the diag read API to read by 4 bytes,
which is too slow to meet SSR time requirement.
Change-Id: Iacde90ab0ec84f29f3744bf4497ec8fd8517600a
CRs-Fixed: 2071329
Vendor features are used to indicate OCE support
from driver to user space which are set based on ini
params for STA and SAP.
Change-Id: I1b9039307d5477883a2fd23e972d20234908ee24
CRs-Fixed: 2031980
Fix array out-of-bounds access while populating the BSS rate set.
The issue was seen while populating the basic supported rate
and extended rate sets.
CRs-Fixed: 2081423
Change-Id: I8626399b7f9a04dc368daa582b6a09500a7ea015
propagation from qcacld-2.0 to qcacld-3.0.
While processing setpno ioctl, input arguments are not validated
and also while parsing arguments, there is a possibility of Host
accessing memory beyond memory allocated as there is no check
whether is Host is accessing valid memory or not.
Validate input arguments and make sure Host won't access invalid
memory, while processing setpno ioctl.
Change-Id: Ica9ea56283d55282cff3ccd349e4bc1c08b80e70
CRs-Fixed: 1097868
Rx hash deinit sets hash_table to NULL, at the same time
there can be active tasklet context accessing the rx hash list.
Prevent rx hashlist access after rx hash deinit and set the netbuf
to NULL once netbuff is popped out of the list.
Change-Id: I4e30dd69ece33c3cc768842274d5307c0bf29a37
CRs-Fixed: 2049121
sap_restart_on_ch_avoid ini parameter holds good for both SAP and GO.
So to make it generic, rename to ignore_restart_on_chan_avoid_event.
Change-Id: Ic68014a71b36e00c268da50528bf5e14fd87d007
CRs-Fixed: 2027436
Driver is disabling the tdls for 5s from the last p2p-listen request
received. This is leading to tdls connection failure even after p2p
find has been stopped.
So reducing the min and default timer values 500ms and 2s respectively.
CRs-Fixed: 2078933
Change-Id: Id1ab3945d029de8154aede403b354aec99f4cd79
The function is not present as inline in the non debug build, which will
cause a compilation error.
Fix issue by having an empty inline function in the header file.
Some counters need to be defined outside of DEBUG_RX_RING_BUFFER.
Change-Id: I755616aa55c2f38bca017137e91cc469de7fbdcf
CRs-Fixed: 2004927
Make sure sta is not null before dereferencing in
lim_send_assoc_rsp_mgmt_frame function.
Change-Id: Ifb7c4a3b1e02297906bfa1b7908c27929682cf28
CRs-Fixed: 2030304
