In lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message, length passed
to unpack RSN IE is total length of WPA and RSN IE. So if only WPA IE
is present in assoc request, the RSN IE parser will try to validate the
buffer beyond the RSN IE and might fail as the buffer belongs to WPA IE.
Pass appropriate length to unpack RSN IE.
Change-Id: Ie679e67061e7ac622e8e76b285a32135a60ca6e8
CRs-Fixed: 2189926
As part of csa or opmode IE handling program phymode param after
ch_width since firmware expects channel width to be programmed
before phymode.
Change-Id: I46e3a5e1ce94fa53e27f821e70c29e209e591865
CRs-Fixed: 2186030
If command type is FTM_IOCTL_UNIFIED_UTF_RSP set copy_to_user
flag to return proper data to userspace.
Change-Id: I5f4a1e147f3d1dc162001ceb69fa6823b3158787
CRs-Fixed: 2191046
HDD IOCTL __iw_setnone_getint is not releasing SME config memory
in error case properly and hence leading to memory leak. Fix this
SME config memory leak by properly freeing it before returning from
__iw_setnone_getint.
Change-Id: Ie50259a639edb2cfa63cd3bbe7cac8bb8ebb7654
CRs-Fixed: 2191041
Upon receiving a ROAM_START from the firmware,
cancel the current scans which is similar to
initial connection which will avoid unnecessary
frames to the host during the connection process.
Change-Id: I0c9a4dd7cd4d58e0583cc44b5e33e88728eb70bb
CRs-Fixed: 2174921
In handling assoc request make sure to use VHT IE or vendor VHT IE
appropriately for suBFormee/suBFormer calculation.
Change-Id: I3934a0c7229a8a400d1aa54fe3bf0bc3513d4d70
CRs-Fixed: 2159206
Currently, driver allows multiple acs scan requests at a time. Due to this
race conditions can occur and causes "use after free" issue for variable
channelList. To avoid race condition, driver should allow only one acs scan
request at a time.
Add a new atomic variable to make sure that if one acs scan request
is in process, the driver should reject all further acs scan requests.
Change-Id: I7aa2f4df0dd4c6ca8ff791fe462d142fc7b3e691
CRs-Fixed: 2176354
Packetlog initialization is failing as txrx_get_pldev API is missing,
which returns paketlog object from the given pdev.
Add txrx_get_pldev API to get packet log object for the given pdev.
Change-Id: I2219a5c0964e76637ff8dbef92661b98cd22fb28
CRs-Fixed: 2189211
Currently in hdd_get_sta_connection_in_progress, conn_info.uIsAuthenticated
is used to check if the STA connection is in progress. However, this might
not reflect the actual state and might still lead to the deadlock scenario
fixed in I23ad1fc96882abeaae2d1b051659ea6d24b07428.
Add new API to check for SME state for key exchange in progress and
use it in hdd_get_sta_connection_in_progress.
Change-Id: I7d6199ed8c81a113c4e3f30538d74fb675e730ff
CRs-Fixed: 2189814
lim_preauth_scan_event_handler using sme session id to find pe session,
it may find pe session new create for roaming bss, it will cause
pre-auth roaming command can't dequeue.
Change-Id: I81be20318300ac0e312aa9bcff1a43a47e9a38f7
CRs-Fixed: 2189778
Fix the following race condition,
1. A connection request to driver which requires DBS
2. DBS gets granted, but connection fails, so opportunistic timer
starts off
3. New connection request gets queued in SME & opportunistic timer fires
and SMM HW mode request gets queued behind the connection request
4. Connection is succesful which needs DBS
5. SMM hw mode request gets sent to FW
Change-Id: I0456eba8165015b58b341df934fbfad5fb6eee86
CRs-Fixed: 2186292
It is decided to centralize the logic of programming LI based on
modulated/dynamic DTIM in FW to address the concerns with LFR3.0 in WoW
mode. In order to make it work, following steps need to be performed.
1) If listen interval offload bit is enabled in service ready extension
then,
a) Driver needs to send "gEnableModulatedDTIM", "gMaxLIModulatedDTIM"
and "gEnableDynamicDTIM" params' value to FW via VDEV PARAM up on
each successful association.
b) Driver should not program LI during suspend()/resume()
2) If listen interval offload bit is disabled in service ready extension
then don't trigger above changes.
Change-Id: I6f94c95bd83e5846d7290d5dc752b14da5951a76
CRs-Fixed: 2187597
Reduce the minimum value for the ini nr_offload_cache_timeout to
5 seconds.
This is done to give the user a shorter cache_timeout to trigger
neighbor report frames more frequently.
Change-Id: Ica5359b9e826dad382868de991dcbf204c10a096
CRs-Fixed: 2189034
Size allocate with sizeof(target_paddr_t) which is following DMA
device, but free with sizeof(qdf_nbuf_t) which is a pointer following
system. Maybe not same size on some platform.
Fix it by using same type when allocate/free.
Change-Id: Iadcb68b05ca5798f38c4341323b9fd1e32f5d693
CRs-Fixed: 2189671
Check the current vdev supported bandwidth values agianst peer
opemode update value and if the peer opmode value is greater than
current supported value then do not send the opmode update request
to FW.
Change-Id: I8f360d769b5aafb90061a6a9d18f1f8062e3534e
CRs-Fixed: 2174050
Update the HE STBC capabilty per latest spec and add support
to configure it using INI configuration and ioctl.
Change-Id: I4ecc7b600671c132c1f3968a10fb652a4311f484
CRs-Fixed: 2181114
Stats events are sent by WLAN FW based on over the air frame reception
and may contain incorrect vdev id hence sanitize vdev id received from
FW in stats events before accessing interface array based on it.
Change-Id: I4ecc73fc27285c98c0ea8cebc27955213cd68399
CRs-Fixed: 2186953
Before VDEV_STOP is initiated by host, sometimes there are
outstanding mgmt tx pkts left in FW. need wait all tx
complete, or peer vdev ref count keep held. In P2P GO/SAP mode,
no wait since wma->interfaces[session_id].delay_before_vdev_stop
is 0, ini relative cfg isn't passed to wma at all.
Change-Id: I1c3d137bb08624e30cc220e0fa0e31e6d6fc8a9d
CRs-Fixed: 2184096
Change Id872e2b0b8b7a203b472e0bd152f25f63c873b4f introduced support
for GAS public action frames in lim_process_action_frame and included
GAS frames under the frame_len check for minimum length of Vendor
specific public action frames. This would fail for GAS frames which
do not include OUI and could be as small as 3 octets.
Do frame_len check only for vendor specific public action frames
and remove the checks for GAS public action frames
Change-Id: I8b20925a23e2ba26d0a8df32eb3e5b2d043888d2
CRs-Fixed: 2187538
Check new channel width and center frequency segments in CSA
wider BW IE before processing the channel switch and if CSA IE
has invalid data for any of these parameters then do not do the
channel switch with wider BW.
Also check for self capability for BW that is supported by device
before processing wider BW channel switch. If AP advertises the new
channel width with valid data that is greater than self capability
BW value then limit the channel switch BW to self capability.
Change-Id: I1d567e5cdc6347b56b513ea002b5a3978cb447e9
CRs-Fixed: 2182054
Change CFG_VHT_ENABLE_1x1_TX/RX_CHAINMASK_DEFAULT to 0 which
indicates to don't care setting.
Change-Id: Ic16a2eba471bdfb77ecc0329c67b36b65a3b3489
CRs-Fixed: 2184433
