When stop_ap command comes from userspace, __wlan_hdd_cfg80211_stop_ap
calls sap_fsm to change the states of SAP from started to disconnect.
In order to change SAP states, __wlan_hdd_cfg80211_stop_ap sends
WMI_VDEV_STOP_CMDID followed by WMI_VDEV_DOWN_CMDID and
WMI_VDEV_DELETE_CMDID to fw. After the successful change in state of
SAP machine, driver invokes an HDD callback, hdd_hostapd_sap_event_cb
for cleanup and subsequently invokes hdd_softap_stop_bss to reclaim all
resources. This API sends IPA_OFFLOAD_ENABLE_DISABLE cmd to fw for the
VDEV on which SAP started. Which results assert in firmware as host
sends HDD IPA event for the VDEV which is already deleted while changing
the state of SAP.
Fix is to send HDD_IPA_AP_DISCONNECT IPA events before stop BSS.
Change-Id: Ief9318bb476b480fd52f4155a0788a34c1e2ed53
CRs-Fixed: 2276125
There are multiple places where a tHalStopType parameter is passed but
unused. This is a historical artifact, so remove all instances of it.
Change-Id: Iebcbbac580495a376b7456b3a2901f33c2474f83
CRs-Fixed: 2283460
In the scenario of concurrent execution of __con_mode_handler and
triggering of SSR, there exists a possibility of driver sending power
off command while the target is not ready. In hdd_wlan_stop_modules, as
a part of __con_mode_handler context, pld_power_off was called after
the trigger of SSR, which caused assert in the platform driver.
To eliminate this, convert the static verfification of the driver state
at the start of the hdd_wlan_start_modules to dynamic. And also set the
target ready state to false in case SSR/FW_DOWN uevent is received.
These will ensure that the driver doesnot try to send the power off
command while the target is not ready.
Change-Id: Idf1056dc85107c535809bedf8b5534085033a1f5
CRs-Fixed: 2271096
Add support for action OUI extensions which can be used by station
to control mode of connection, connected AP's in-activity time and
Tx rate etc.,
Change-Id: Ie85e29c4b0ed7ac2815709d7a4e607c4ba46c6ca
CRs-Fixed: 2254502
In sme and lim, NULL check is available for h_hal. pmac is
casted resultant from h_hal and is retrieved using
PMAC_STRUCT macro, which is defined as ((tpAniSirGlobal)_hHal).
Null check is added for this p_mac also which is redundant.
Remove logically dead code to NULL check the p_mac.
Change-Id: I7a22de3691b83e8ae04391e43cde82541eaabc23
CRs-Fixed: 2276003
In the function cfg80211_rx_mgmt, data_len is calculated as
len - ieee80211_hdrlen(mgmt->frame_control). Len is not
validated before this calculation. So a possible integer
underflow will occur if len value is less than the value of
ieee80211_hdrlen(mgmt->frame_control).
Validate the value of len against
ieee80211_hdrlen(mgmt->frame_control) in the caller.
Change-Id: Iae776daf37b0c052bd4ce4da44ea728d121eae51
CRs-Fixed: 2263758
The current HDD session Id sanity check only checks for the magic
"invalid session Id" value. However, anything greater than or equal to
MAX_NUMBER_OF_ADAPTERS is an invalid session Id. Update the sanity check
to reject any session Id greater than or equal to
MAX_NUMBER_OF_ADAPTERS.
Change-Id: I7c5a3b82afde073e92fcd0dbf55002fa11a980b2
CRs-Fixed: 2283584
Currenly, as part of tdls add sta req gLimAddStaTdls is set to 1.
And as part of add sta response gLimAddStaTdls is checked if 1 to
map tdls add sta response.
This implementation needs to take care of all error cases of
add sta req failure to reset the gLimAddStaTdls value to 0.
Instead check for peer type in add sta rsp.
Change-Id: Ideaff239f743b95a9578806d2ec220e123d4d995
CRs-Fixed: 2281385
If driver receive stop adapter when STA is in connecting state, driver
queue a disconnect command without changing the connState of the STA.
Now even if the disconnect is in progress the connState indicate that
the connection is in progress. This may lead to sync issues between HDD
and SME.
Fix is to set the connState to disconnecting so that HDD indicate
proper state.
Change-Id: Ib9d607ad2ab05e5edc266e59516b4ae2b7668c78
CRs-Fixed: 2277633
Modify the keep alive time as 60 secs by default to cater to rouge AP
behavior in some cases
Change-Id: Id2bb1b61e5fcdc5994451c981bd1171c1860c7cf
CRs-Fixed: 2258825
Currently, errors are logged if a given offload feature is disabled
while suspending the wlan driver. Instead, simply return success for the
configuration of those features which are disabled, since nothing needs
to be done. This also has the side effect of avoiding meaningless error
logs for situations which are not error conditions.
Change-Id: I1d897d8db066e642e1cc6e77daff0f44172cefe8
CRs-Fixed: 2282040
For a full explanation of the problem and phased solution refer to
"qcacmn: Clean up the extscan unified WMI (phase 1)", Change-Id
I11800361b572331cfada00fb7d518c314df20b43, in the qca-wifi-host-cmn
project.
For phase 2 (this change):
Replace all references of the badly named identifiers with references
to the properly named substitutes. Note that this phase may touch
multiple repos and may involve a number of separate changes.
Change-Id: I4b14045b7294103f4fa03a7f964be33ed4ac6cc6
CRs-Fixed: 2282841
In the function lim_chk_n_process_wpa_rsn_ie, if wpa IE is
present, then dot11f_unpack_ie_wpa is called to copy the wpa IE
to destination buffer. assoc_req->wpa.length is passed as the
length to copy the IE. As this length includes 4 bytes of the
OUI fields also, this could result in OOB read.
Change the length passed to the dot11f_unpack_ie_wpa as
(assoc_req->wpa.length - 4), so that the additional 4 bytes of
the OUI fields are excluded.
Change-Id: If972b3a19d239bb955c7b4d4c7d94e25aa878f21
CRs-Fixed: 2267557
Fix using uninitialized variable status inside the function
populate_dot11f_twt_extended_caps
Change-Id: Ic80df2f6c5310414da4179f00867c0fe029b09c7
CRs-Fixed: 2277833
Fix using uninitialized values for req_val, bcast_val and resp_val
in the function hdd_send_twt_enable_cmd.
Change-Id: Ie671660b62f0624fbf86707f15fe122b81552a53
CRs-Fixed: 2277826
The task formerly done by wma_get_buf_extscan_change_monitor_cmd() is
now done in the common WMI project and this function is no longer
used, so remove it.
Change-Id: I4a42bda3c3b790bcd0c21abcda94a4f4aa49d8ff
CRs-Fixed: 2281906
The task formerly done by wma_get_buf_extscan_start_cmd() is now done
in the common WMI project and this function is no longer used, so
remove it.
Change-Id: I840c6a5f83c6cdc479e6746f36a29c2a7970c964
CRs-Fixed: 2281900
Multicast address filtering only makes sense if the interface is
connected and capable of receiving traffic. Avoid enabling/disabling
the multicast address filter list on an interface that is disconnected.
Change-Id: Id8aff136e920bb726b8c7dd539d477ff44f080d4
CRs-Fixed: 2282003
1) Use correct typecast in function wma_process_fw_event_mc_thread_ctx
2) Change log level to debug and refine logs in
wma_process_fw_event_handler
CRs-Fixed: 2281191
Change-Id: I4e67143d028867b193e42ec51f6f7562287eba82
When beacon is updated the host pass the gSchBeaconFrameBegin
param to WMA to copy the beacon to WMI and pass the value to
firmware. gSchBeaconFrameBegin is global so if we receive new
beacon update in LIM before the WMA process the old beacon
update the values in the global gSchBeaconFrameBegin are
updated as per new beacon. So if there is change in beacon
length the first WMA msg copy the wrong beacon data and send
this corrupt date to firmware.
To fix this instead of passing the global gSchBeaconFrameBegin
fill the beacon date in the beacon update req itself.
Change-Id: I6d196784470d9a2aeeaba76e12577f9f65012bac
CRs-Fixed: 2272448
The API wma_is_service_enable is a wrapper on the converged
wmi_service_enabled API for services and extended services. The checks
used in the API are not updated for the converged service enum.
Replace wma_is_service_enable with wmi_service_enabled as there is no
need to have a wrapper
Change-Id: I4fe3601f7e1a031290e139f9ef55f845965b7b2e
CRs-Fixed: 2276471
The WMI ready event from firmware currently uses an event queue, but is
being moved to a simple event instead. Update WMA to account for this
change.
See: I08b4f088874b7c63e20b129f14dbac01851496e5
Change-Id: I5242cc0e839b59db990fb918e8029b8f68385de6
CRs-Fixed: 2275468
To align with the coding standard rename tCsrLinkStatusCallback to not
use camelCase. As part of the process also rename other link status
identifiers.
Change-Id: I5df83512259f0f48d84a2bef77e333bb0a78eea4
CRs-Fixed: 2281797
Currently csr_get_channel_status() and csr_clear_channel_status() both
use void * for their p_mac parameter. Since this is not an opaque data
structure update the APIs the use the correct underlying data type.
Change-Id: I900e97cbdeced3bacc1f2da30f892a4d55648059
CRs-Fixed: 2281794
