Remove oem data rsp passing over multiple layers.
This change set sends the OEM data response directly to
SME from WMA instead of going through LIM/MLM.
Change-Id: I3cff10ff7bdbcee39b39bd9ba03b5eff8444b017
CRs-Fixed: 1038872
Remove oem data request passing over multiple layers.
This change set sends the OEM data request directly from
SME to WMA instead of going through LIM/MLM.
Change-Id: I151fa771544e9f74b1b69b18d689176752760621
CRs-Fixed: 1038872
Remove handling of deprecated OEM related events since FW and
userspace application will use only TLV based messaging.
Support to handle following events are removed,
WMI_OEM_CAPABILITY_EVENTID
WMI_OEM_MEASUREMENT_REPORT_EVENTID
WMI_OEM_ERROR_REPORT_EVENTID
Change-Id: Ia194f559acde6689a50c56b52078b7dc967c6159
CRs-Fixed: 1038872
qcacld-2.0 to qcacld-3.0 propagation
Fix uninitialized stack use in csrRoamReadTSF by initializing
variable of struct type tCsrNeighborRoamBSSInfo to zero.
Git-commit: d39cf92e69222e03f89238313f5b8c100ecd4ecc
Change-Id: I4211b41b5e30d414e45691a5bab4048587cc8499
CRs-Fixed: 1018486
qcacld-2.0 to qcacld-3.0 propagation
Due to pre-emption there could be probability that tdls context
is accessed in wlan_hdd_tdls_check_power_save_prohibited after it's
released. This will result in kernel panic.
Protect tdls context with mutex lock before accessing
Change-Id: I33369320de5b0aadae661d7d27fbc5ba18e9e409
CRs-Fixed: 990645
qcacld-2.0 to qcacld-3.0 propagation
When STA process Neighbor report from AP, session_id is declared
as one byte variable and its overwritten with four bytes value
in csrRoamGetSessionIdFromBSSID. This is observed on enabling stack
protection in kernel config(CONFIG_CC_STACKPROTECTOR).
Fix is to declare session_id as four bytes variable.
Git-commit: 96646d1eb48c4f3bf45555b8f636f90cf925b8b8
Change-Id: I6b2fd40a5466fe5dd72d394abb682229a550e0b1
CRs-Fixed: 1025272
Propagation from qcacld-2.0 to qcacld-3.0
- Current length of bpf is not set during the reset filter. set offload
is allocated through malloc, so invalid values for current_length
are recieved during reset. Memset set_bpfload to zero after
allocation.
- update the bpf service to hdd correctly depending on the
wmi service bitmap recieved from the firmware.
Change-Id: Iaf4774865cf0698a2deebac5cea62c873146e838
CRs-Fixed: 985562
WLAN suspend/resume feature has tight dependency on APPS platform
suspend/resume support. On new targets APPS suspend/resume is not
supported until target is feature complete. In absence of APPS
suspend/resume support testing WLAN offload features become
difficult. Add unit test framework to test WLAN suspend/resume
features using private IOCTL command by simulating APPS
suspend/resume behaviour.
Trigger WLAN suspend:
iwpriv wlan0 wlan_suspend 0 0
To resume WLAN run a ping test from access point side and very 1st
ping request unicast packet should trigger wake up.
If FW is not waking up APPS then use below command to do a manual
wake up:
Trigger WLAN resume:
iwpriv wlan0 wlan_resume 0 0
This unit test framework is only for SNOC.
Change-Id: I177a0047f460aa2a305a9e4e46fbfaa94a81dced
CRs-Fixed: 1042205
In function wma_roam_scan_filter, memory is allocated to local variable
params. And in default case of the switch, we are returning from the function
without freeing the params memory, this cause memory leak.
To fix this, free params memory before return in switch case.
Change-Id: I0a8825b44f4bcd9b05f0e1f0e6cdd0d114af0a01
CRs-Fixed: 1048116
In function csr_update_lost_link1_cmd, memory is allocated to
local variable struct scan_filter, further we passing this
variable to csr_roam_prepare_filter_from_profile function and
allocating memory to the members of the scan_filter. At some
point in the function we are returning without freeing memory
allocated to scan_filter, which causes memory leak.
Make sure to free scan_filter’s memory before returning.
Change-Id: I448cf0d4bb16d4769b50c96495038684909e0739
CRs-Fixed: 1048116
In function convert_qos_mapset_frame, restrict dscp_exceptions array
access index to size of array
Change-Id: I31ed8edaee1a9b3715f66686a8a45d5f2ffd4532
CRs-Fixed: 1042968
Change-Id I35d802f564e41ee0b30386ee7b74d2b44eb80ecf
Revert this change to allow re-association to same AP which is
required for HS certification.
Change-Id: I75114b5e36b4ce6def602b9054481845ac09c56a
CRs-Fixed: 936342
Reduce some of error log levels to info level in suspend path to avoid
logging them to console.
Change-Id: I61096bdbf757cd21f959fa716f35f65cd27cc9cc
CRs-Fixed: 1048395
In function hdd_hostapd_sap_event_cb frame size exceeds 1024 bytes
due to changes to some structures in msm-4.4 kernel, so compilation
for 32-bit systems might fail
Thus, reduce structure allocations on heap instead of stack in
hdd_hostapd_sap_event_cb.
Change-Id: Ie710afbd6c066a3d770c6c9aac0cfd675ea57f53
CRs-fixed: 1046882
connection status is not updated at HDD because
eCSR_ROAM_CANCELLED is not handled at hdd callback.
Added support for eCSR_ROAM_CANCELLED so that HDD updates
connection status to upper layers.
Change-Id: I4c185bb3a370a0562de6431fde8952c68789de53
CRs-Fixed: 1043090
Avoid converting invalid frequency i.e zero frequency to channel using
ieee80211_frequency_to_channel() function.
Change-Id: I4a32591e313183348180a1d30a950b4b174a27cc
CRs-Fixed: 1047642
In function wma_send_peer_assoc, logging error when wmi_unified_peer_assoc_send
failed. But error type used in this log is wrong, use "status" instead of "ret".
Change-Id: I8dbdd68e16d665e5a7749e10c7006da9f96a6fd7
CRs-Fixed: 1042968
In function wma_get_mcs_idx variable "match_rate" is not initialized.
Initialize "match_rate" to avoid dereferencing uninitialized variable.
Change-Id: Id4c7e1913628007087c58149e4b7033320d4cc79
CRs-Fixed: 1042968
In function wma_add_bss_sta_mode, variable "peer" is not initialized.
Possibly we may pass this variable to wma_remove_peer function as is
and that can be dereferenced inside wma_remove_peer function.
So initialize peer with NULL to avoid dereferencing uninitialized variable.
Change-Id: Ibc484759b5e92052a3500137464e47287ccad939
CRs-Fixed: 1042968
Remove extra variable "flag_bss_present" used to indicate if scan
result present based on pointer "bss_desc". Instead use "bss_desc"
itself.
Change-Id: I3fe5474d41219b44cbe38fa88c51013526c081c9
CRs-Fixed: 1042968
Add input validation code in function __lim_process_sme_join_req
to make sure "mac_ctx" and "msg_buf" are not null.
This input validation will prevent any possible null pointer dereference
issues.
Change-Id: Ib12ffbe1d6fdcd841fd10158b59d648d0b94aa47
CRs-Fixed: 1042968
New flavor of OS is sending bssid along with STA connect command. When
connect command comes with bssids then don't allow Preferred channel
list algorithm as it won't be of any use and skipping the algorithm will
improve initial scan time.
Add log to inform whether BSSID hint is given by upper layer.
Change-Id: I9c1f41a0e00f9b2afc19629558b93a2482da6581
CRs-Fixed: 1047052
Few errors are reported which causes format string vulnerability.
Fix those errors by providing appropriate string format.
Change-Id: Idbb0b5734d30fd28c191cfdee991cce0b6d77dac
CRs-Fixed: 1041911
Propagation from qcacld-2.0 to qcacld-3.0.
Avoid NULL pointer dereference when ASSERT is disabled by adding
extra handling in epping_tx_complete_multiple.
Change-Id: I06696bb2588620244fafde431c4cd56bcb8a4301
CRs-fixed: 1038668
Propagation from qcacld-2.0 to qcacld-3.0.
Move QDF_NBUF_UPDATE_TX_PKT_COUNT in ol_tx_completion_handler to make
sure that netbuf is not accessed after it is freed.
Change-Id: Ifba9de788b11ce8cb323827d10f8005029609231
CRs-fixed: 1040612
The function __lim_process_sme_join_req dereferences the
sme_join_req pointer without checking even if msg_buf
is NULL. The function also returns if qdf_mem_malloc
fails for sme_join_req or mlm_join_req without giving any
join response.
Fix is to use lim_get_session_info function that checks
if msg_buf is NULL, and then assign the corersponding
value. The function __lim_process_sme_join_req also send
the join response with the failure reason.
Change-Id: I712f814b90ecd4c0322355dd9022441019ecd7a4
CRs-Fixed: 1034734
The context pointer return from the cds_get_context api
for QDF_MODULE_ID_HIF can be NULL.
Add NULL check to avoid hif_ctx pointer dereferencing
CRs-Fixed: 1041960
Change-Id: Ibdcf8809a998ec42cecd5df1cf6884fa81bb9dcb
Add support for passing multicast traffic over nan data interface.
Integration from qcacld-2.0 to qcacld-3.0.
CRs-Fixed: 1046519
Change-Id: Iaf012c08e6b5a7a6327b84b12c06ab27963a704c
Configure multicast filters for the nan data interface.
Request to configure multicast filters is not honored for the
NAN data interface in the current implementation.
Integration from qcacld-2.0 to qcacld-3.0.
CRs-Fixed: 1046519
Change-Id: I48a4a30fd9f6369fe398254184d0016a35c0a6b3
Change "qcacld-3.0: change dfs_radar_found to atomic variable"
(Change-Id If95e2ce5a0c837f36a92673312ea4d2fc7b96abe) some of the
operations on atomic variable dfs_radar_found are incorrect. If the
operation require to test and set atomic variable then using two
different atomic operation to test and then set value does not make
whole operation atomic.
Must use single operation to test and set atomic variable.
Change-Id: I93e322ed26c51bf75432738cc24be525224f47a4
CRs-Fixed: 1043085
Currently the HDD code uses a variety of logging APIs. In
qcacld-3.0 HDD should converge on a unified set of logging APIs.
Update wlan_hdd_ext_scan.c to use the unified set of APIs.
Change-Id: I2777678a6d85d0d7c87b37144219cf18dc5c7d3d
CRs-Fixed: 937650
Enable the Dense environment roaming feature by default.
This feature would detect a dense environment dynamically
and modify the roaming thresholds to provide a smooth and
soft handoff behaviour for the user.
Change-Id: I2d234db947cb248214a9abcddd353c3dfe28ac1a
CRs-Fixed: 1044182
