Current driver reads WMI_SERVICE_LISTEN_INTERVAL_OFFLOAD_SUPPORT BIT
through WMI_SERVICE_EXT_IS_ENABLED macro which is deprecated.
Update it by reading wmi_service_listen_interval_offload_support through
wmi_service_enabled() API.
CRs-Fixed: 2305522
Change-Id: I1d6aedec31d035a3e9c2514ad6dc2b13b79dfff3
hdd_create_acs_timer() sets VENDOR_ACS_RESPONSE_PENDING, but
hdd_destroy_acs_timer() does not ensure this flag is cleared. This can
lead to a situation where the ACS timer is not initialized, but parts of
the code incorrectly assume that it is. Clear
VENDOR_ACS_RESPONSE_PENDING in hdd_destroy_acs_timer() to prevent
invalid access to the ACS timer.
Change-Id: I7c367b20e279fadc5ee329d94b7475711796b185
CRs-Fixed: 2305719
By default pktlog needs to be enabled during driver load.
To enable/disable pktlog use INI parameter.
This reverts Change-Id: Ie03a7e0a77bc5f525ad7ae74bb104a6d1bf21eb7
Change-Id: I8f74b4bcebfb8b4a35a29e321b2b6bd5e1920bf7
CRs-Fixed: 2296335
In WORLD mode, there can be urgency to discover the current country
since WORLD mode restricts the channel and TX power availability.Add
INI enable_11d_in_world_mode to automatically enable 11d in WORLD
mode. This INI supersedes the setting in 11d INI variable
Is11dSupportEnabled.
CRs-Fixed: 2289349
Change-Id: I7b289cdb60be5e737f41f9de5a478f32a234e717
qcacld-2.0 to qcacld-3.0 propagation
If all the STA connected to AP support ecsa, wlan driver will call
lim_send_extended_chan_switch_action_frame to send action frame,
but this function missing limSetProtectedBit when 11w enable,
this violate spec, so generate a fix for this issue.
Change-Id: I80f111f21015c98ee0abdafe76ea42c3e79163ac
CRs-Fixed: 2275626
Max beacon size in WMA layer is pointed by "WMA_BCN_BUF_MAX_SIZE"
which is currently set to 2500 bytes and Max beacon size in
PE layer is pointed by "SIR_MAX_BEACON_SIZE" which is currently
set to 512 bytes.
when wma_store_bcn_tmpl() gets called, this API tries to copy
beacon template from LIM to WMA which can't exceed 512 bytes.
To fix the issue, use SIR_MAX_BEACON_SIZE instead of
WMA_BCN_BUF_MAX_SIZE
CRs-Fixed: 2299791
Change-Id: I97b4c19611ec74c0702901c380bd32e866d26c8b
1) This reverts commit
Iab0862eda2392bd516c8ba0b913441b8e0d4c493
2) Reverted changes have been taken care through
Idd7617782e71ee187eef7fcb3523c05b49f82094
CRs-Fixed: 2300054
Change-Id: Icc47ded9a585e356b7eae1ad53ffea6668510308
Driver checks if 40 Mhz is supported for the channel but doesn't
validate if the cbmode provided by AP is valid.
Invalid cb mode provided by AP can lead to failure.
Add check to validate cbmode and bandwidth from AP in htinfo IE.
Change-Id: I3d2da7a8e3045594baf201732dd80a82bd88e16c
CRs-Fixed: 2303267
__wlan_hdd_open_ll_stats_debugfs() fails to free the llstats buffer in
the event that wlan_hdd_ll_stats_get() fails. Add error handling for
this call which frees the newly allocated buffer.
Change-Id: Ic5cff77a758ff81da82dd1143d77da68d87b9291
CRs-Fixed: 2304715
If SAP receive unicast data from a non-assoc STA, SAP should send
deauth mgmt frame to this STA, add this part logic to serve data path.
Change-Id: I47346e751b89eda77f6d6450218e2b70fe6b4953
CRs-Fixed: 2298550
When SSR is in progress, in vdev_detach, currently wma_force_vdev_cleanup
clears the peers from CDP vdev peer list. From the CDP, wma_remove_peer
is called via callback with the peer mac_addr. wma_remove_peer inturn
sends peer delete to FW, does a CDP peer delete and an ObjMgr peer delete.
But the peer delete to FW would not be sent as SSR is in progress and CDP
peer delete would not actually delete the peer from CDP as CDP will need
a peer unmap from the FW to actually delete the peer.
Proper implementation would be to delete the ObjMgr peers alone during SSR
in vdev_detach and let the cds_post_disable to take care of cleanup of
CDP Peers.
Change-Id: I6129b69eb26f3eaa68be40b62b822a4dfc6ff675
CRs-Fixed: 2302972
Phase 1, after ftm componentization, we could now support to remove
the ftm related components when FTM is disable from the build
configuration.
Size changes: after removing the ftm related binaries, we could save
15KB from module size.
Change-Id: Ib363f1d6204b07947a46f32673c4f8ad6fb3dbd3
CRs-fixed: 2258441
If mgmt encryption type is not updated, 11w feature will not be enabled
correctly for this association.
Mgmt encryption type is always updated through limJoinReqSerDes in the
cld2.0, which is removed in cld3.0. In cld3.0 if fast roaming is enabled,
mgmt encryption type will be updated through csr_construct_rsn_ie. If
fast roaming is not enabled, csr_construct_rsn_ie will not be called and
mgmt encryption type will not be updated.
Always called csr_construct_rsn_ie in csr_retrieve_rsn_ie to make sure
mgmt encryption type is updated.
Change-Id: I2d6541dd88a9d1770f4976b9caa32baa70a60ed3
CRs-Fixed: 2300847
The error handling in cds_open(), in the event that the call to
dispatcher_psoc_open() fails, is currently empty. Add appropriate error
handing for this case by referencing cds_open() and cds_close().
Change-Id: I2b0d328e365efd67099bb8e6b529720c7b1904c5
CRs-Fixed: 2303785
Add new iwpriv command to set BA aging timeout value to hardware.
e.g. "iwpriv wlan0 set_ba_timeout <ac> <duration>" which should set
given duration in msecs for given access class.
"iwpriv wlan0 get_ba_timeout" which should get duration
value for each access class and display.
CRs-Fixed: 2254891
Change-Id: I79f79191c47376e414dceeb73b736a0a9610e3ae
The error handling in cds_open(), in the event that the call to
mac_open() fails, is currently stubbed out. Add appropriate error
handling for this case by referencing cds_open() and cds_close().
Change-Id: I6103050d5f2323250c9254a5a3add01fd0d34de3
CRs-Fixed: 2302968
psoc ref count and mac_context memory is leaked in failure cases
of mac_open API.
Fix the psoc ref count and memory leaks in failure cases.
Change-Id: I39eaa7bef5e5c50b9b1a8833bec5e6da8cdf0d72
CRs-Fixed: 2302187
BSS description is dereferencing in hdd_association_completion_handler
without checking for NULL, which may cause NULL pointer dereference.
To address this, add check for BSS description before dereferencing.
Change-Id: I24f728fb6d66b4c07dfe39f3ac426f3d2153b917
CRs-Fixed: 2299797
SAP(Go) concurrency check is mainly used for two purposes:
1) When new GO/SAP session is coming up and needs to check if
this session's channel can co-exist with existing GO/SAP
sessions. For example, in case of single radio platform, MCC for
SAP/GO+SAP/GO is not supported, in such case this API should
prevent bringing the second connection.
2)There is already existing SAP+GO combination but due to upper
layer notifying LTE-COEX event or sending command to move one of
the connections to different channel. In such cases before moving
existing connection to new channel, check if new channel can
co-exist with the other existing connection. For example, one
SAP1 is on channel-6 and second SAP2 is on channel-36 and lets
say they are doing DBS, and lets say upper layer sends LTE-COEX
to move SAP1 from channel-6 to channel-149. In this case, SAP1
and SAP2 will end up doing MCC which may not be desirable result.
Add vdev_id check while checking for 2nd case. If connection with
given vdev_id exist then it is confirmed that it's a case of
channel switch rather than a new connection case.
Change-Id: I2535b38af353be2abd9c2ff636c06f3c5869969d
CRs-Fixed: 2300451
There are two lim_set_protected_bit() implementation with/without
WLAN_FEATURE_11W defined.
So no need to wrap this function with macro WLAN_FEATURE_11W.
Change-Id: I719f623d17ed0db655d33bda04b51937f1c1c5f4
CRs-Fixed: 2298804
The bus bandwidth compute timer is a periodic timer which computes bus
bandwidth usage of associated adapters over a period of time. When the
last adapter disassociates, this timer is stopped. However, the timer
starts a work that is not stopped or flushed at this time. When the
device is under load from external subsystems, this work can get pushed
out past what is safe. When the bus bandwidth timer is stopped, also
stop and flush the bus bandwidth work to ensure safe memory access.
Change-Id: I32c15b42c9756341d1ecf534c05f87738fd24edb
CRs-Fixed: 2300697
Presently, recovery inprogress flag is set only when PLD_RECOVERY
is received but in cases of rejuvenate only PLD_FW_DOWN is received.
Set for the recovery in progress for all the firmware down events
so the unneccessary bug_on's will be avoided.
Change-Id: I654e9e5b02925ac21857369f87af6ca40d8dc815
CRs-Fixed: 2285278
Currently, driver calls hdd_alloc_station_adapter to initialize the
completion variables for a particular adapter only if mode of interface
is STA or P2P. In case when driver changes its STA + SAP mode to
STA + STA mode by calling hdd_open_concurrent_interface, driver is not
able to initialize init_completion variable for new STA interface. So
while processing fw commands (for new STA interface) which uses
completion variables, driver leads to the use of uninitialized
variables issue.
Create new function cmn_init_completion to initialize completion
variables for all interfaces while opening the HDD adapter.
Change-Id: Iae8ec1a86dd4084c9f5b39ec0d90e16182212df9
CRs-Fixed: 2288919
There is race condition for a small window. The scenario
as below.
1 SAP is starting, and dfs cac begins but without finished.
2 SSR happens, wlan begins to call hdd_reset_all_adapters.
In hdd_reset_all_adapters, sap_ctx->sessionId is reset to invalid.
3 In hdd_hostapd_sap_event_cb, adapter sessionId is set to
sap_ctx->sessionId, after this step, adapter sessionId is changed
from valid sessionId to 0xff.
In hdd_reset_all_adapters->hdd_vdev_destroy, vdev is released
but session can't be clean up as invalid sessionId. adapter->event_flags
can't be clear which cause hdd_vdev_destroy can be called multi times.
Change as below.
1 cancel cac timer at the beginning of hdd_reset_all_adapters and
before wlansap_set_invalid_session.
2 before send eSAP_START_BSS_EVENT, check if sap_ctx->sessionId
is valid.
Change-Id: Ifaad62cd008f7769b059f36530455d4e734522e4
CRs-Fixed: 2293072
Under get_supported_features vendor command driver is advertising
NAN capability by checking only the Firmware support. If NAN is
disabled through INI it should not advertize this support.
Add an INI parameter check before advertizing NAN capability.
Change-Id: Ib48044a04500d6619b97d5ca1c3431ee64d7e096
CRs-Fixed: 2288204
In function hdd_wlan_de_init, the hdd_context is fetched via
cds_get_context. This context is then NULL checked. In the failure case
of this check, the hdd_context is still dereferenced which shall lead to
null pointer dereference.
Add proper jump statement to take care of the proper order of init and
deinit
Change-Id: Ied0ac42371315d0286cdcc71e6e0e10ed2ff5fa1
CRs-Fixed: 2299794
While handling IPA event in case if, __wlan_ipa_wlan_evt() queue
WLAN_AP_DISCONNECT cmd for later processing in work-queue context and
in the meanwhile sme close session deletes vdev then, as part of work
queue context driver process WLAN_AP_DISCONNECT and sends
WMA_IPA_OFFLOAD_ENABLE_DISABLE cmd to firmware for the VDEV which is
already deleted by sme_close_session. This result asserts in firmware.
This reverts commit Ief9318bb476b480fd52f4155a0788a34c1e2ed53
Change-Id: I6128fb489fc40cc7ed01cbdf9c419a6a6b20c6d4
CRs-Fixed: 2295672
As part of any change interface TDLS links are toredown and tdls
state set to disabled in FW. The assumption here is before adding
new interface disable TDLS mode as TDLS is not supported in
concurrency. Due to recent changes in framework,
Driver may receive the change interface to P2P Device mode
after STA connection then teardown is not expected as
STA + P2P Device modes does not comes under concurrent operation.
Check for current and new interface types before disabling TDLS.
Change-Id: I26cfab077b3f83c64687479fba5c7a7c01491a52
CRs-Fixed: 2301650
WPA2 Security Improvements test plan case 4.2.2
Scenario F: RSN version Field is truncated to 1
octet. That means the test bed will send assoc
request with RSN ie total size 3.
Current driver unpack_core will return
DOT11F_INCOMPLETE_IE and doesn't extract the
incomplete RSN ie data.
lim_check_wpa_rsn_ie will have no chance to
run dot11f_unpack_ie_rsn to reject the assoc
request frame because the assoc_req->rsnPresent
is 0.
Change RSN Opaque Min Len to 2 (data min len 0),
so that the unpack_core can extract the RSN ie
even though it is "INCOMPLETE", and then
the later lim_check_wpa_rsn_ie can reject such
assoc request.
Change-Id: Icba37840ea6eb1cc1c2c225efd9ec58757606eea
CRs-Fixed: 2297852
If STA interface is added after softap is started on DFS channel,
then SAP is stopped and re-started on non-dfs channel which is selected
using driver internal acs. But, internal acs is now obsolete. Therefore,
select non-dfs channel from preffered channel list and use SAP CSA
instead of restart.
Change-Id: I95e50c3ffbce35cf30cc9a06f0f14c9e60eb3e3f
CRs-Fixed: 2301895
Add support for DP RX Threads as a part of the FR. Multiple RX threads
can be enabled from the ini. The code is added in a new DP module
outside of the cmn project.
Change-Id: Ief6ee955f13c5e527986307371b8e45677cb9700
CRs-Fixed: 2256446
If SAP configured with RSN security IE, peer should
include compatible RSN parameters.
Reject the Assoc request if peer include invalid RSN
IE.
Change-Id: I10083d7feb669fe5d1c2650ae3c3092e5b28169e
CRs-Fixed: 2294876
The MAC context first_scan_done flag is a remnant from a prior version
of the driver which is initialized but then never read or written.
Since it is obsolete, remove it.
Change-Id: I81b371cb768bd2d042d3f3bf0991d2b27b953b3c
CRs-Fixed: 2298274
Currently the driver doesn't have a check to bring
up a SAP on STA SCC channel if its a SRD channel
and does force SCC on it, even if SRD master mode
is not supported.
Fix is to check the SRD ini before SAP bringup
on the STA channel
Change-Id: I17f7df9ed973ecc6669f0d36a8c390c71624019b
CRs-Fixed: 2302737
During the vdev attach if the self peer creation fails from the protocol
stack the correct vdev delete is sent to the firmware but the success error
is propogated back to the HDD and the wmi vdev set commands are sent
to the firmware with invalid vdev id.
Change-Id: Ida3964e5a629f53e41ffc50b53216762727fd33d
CRs-Fixed: 2299941
As part of Iab0862eda2392bd516c8ba0b913441b8e0d4c493 , timestamp of
last received frames was introduced to block excessive mgmt frames
being sent as part of Denial of service.
Move that logic to control path to remove dependency on data-path.
CRs-Fixed: 2280235
Change-Id: Idd7617782e71ee187eef7fcb3523c05b49f82094
Disable this feature for MOBILE_ROUTER product, since some MOBILE_ROUTER
platform will attach two wlan cards with separate wlan driver,
during second driver loading process, it will report a warning of
"cannot create duplicate filename" as node with same name has been
created after first driver was loaded.
Change-Id: I9e06439b3a6dacdf4eb5ae87898338ab1eeb8b16
CRs-Fixed: 2295391
In cds_trigger_recovery(), we avoid recovery if the wlan driver is
unloading. While this is ideal for production devices, we would like to
panic in debug builds for offline analysis. Move the check to see if the
wlan driver is unloading to immediately after the check to see if we
should panic or not.
Change-Id: I07cc624295416ca555eb4d847f709cf30e6672bb
CRs-Fixed: 2299903
Drop Probe request frames before posting on Scan Queue if the queue
is already having too many beacon/probe frames to process.
Change-Id: Iaad3d3ea0b50edf7ae7a9c5437ac5c210fe6a97f
CRs-Fixed: 2298581
The MAC context fMiracastSessionPresent flag is only referenced by
macro IS_MIRACAST_SESSION_PRESENT(), and this macro is unused. Since
the fMiracastSessionPresent flag is obsolete, remove it and the macro.
Change-Id: I5ad6e5b56bd0476e7894c431b56b9ad5730923d4
CRs-Fixed: 2300050
Make the following updates to the extscan stop BSSID hotlist logic:
1) Exclusively use the Unified WMI data structures.
2) Update the HDD<=>SME interface to enforce the contract that SME
must not make any assumptions about the buffers provided by HDD.
Change-Id: I01e29a96fded829c734532b021aeea1960bba641
CRs-Fixed: 2294273
Recently change "qcacld-3.0: Use mac_handle_t in wlan_hdd_ioctl"
updated the nomenclature used in HDD. During the implementation of
this change a NULL check of mac_handle in hdd_set_dwell_time() had a
"!" removed, incorrectly changing the logic. Restore the correct logic
for NULL-checking mac_handle.
Change-Id: I2bb8393d5adb3156795b3b722d839812419e4995
CRs-Fixed: 2299812
QDF_DEBUG_PANIC() is stubbed out for PERF builds, leading to a warning
in cds_trigger_recovery() because @call_info is unused. Extract the
trigger recovery handling into its own function with proper types
instead of void*, and make cds_trigger_recovery_work() a thin wrapper
over this to do the type conversion. This will address the unused
variable warning, and provide stronger type checks via the compiler.
Change-Id: Idf712bdf30d2c6c338219a0327221fe6a0b0b27a
CRs-Fixed: 2299813
Add support for wildcard OUI 0xFFFFFF in action OUI framework.
When the OUI FFFFFF is defined for some action OUI ini and bit 0
of info_presence bit is set to 0 then the check for vendor OUI
in vendor specific IEs and the vendor IE data checks are skipped
and other checks like MAC, Capabilities are done during connection.
Change-Id: I6e996c5d79f4f7bd91e11134b1b8ba69a1ff0253
CRs-Fixed: 2293167
While ACS delayed worker scheduled and is running the function
wlan_hdd_cfg80211_start_acs(), ACS_PENDING has already been cleared by
wlan_hdd_cfg80211_start_pending_acs() before it, so the later coming
stop sap event can't cancel the running delayed worker and free the
sap context which need access by delayed worker.
Fix by clear ACS_PENDING after wlan_hdd_cfg80211_start_acs(), and move
cancel ACS delayed worker before cancel any scan, it can cancel ACS
scan invoke by delayed worker and avoid race condition.
CRs-Fixed: 2289364
Change-Id: Ibd771fc199a0778ac1d8f1f04ba22b49014437de
The MAC context ftm_msg_processor_callback is a remnant from the
legacy FTM support. Since this callback is no longer used, remove it.
Change-Id: Ibd375bcd91900654315681f7f9b56bf100090942
CRs-Fixed: 2298895
Add the basic infra for MLME CFG items and the APIs to be used from
other components.
Change-Id: I39654de8f7266089d574b85437a19e8d21f91249
CRs-Fixed: 2293825
During ssid restart currently driver send vdev stop and then
restart. There is no need to send vdev stop in this scenario and
direct vdev start is enough to set hidden ssid.
Thus remove vdev stop during hidden ssid restart.
Change-Id: Ide6826f73ecd51bbafa875ed547efeff4a410397
CRs-Fixed: 2298636
Currently the driver doesn't handle the nss update
if a prior connection is already present in DBS
mode. Suppose if a STA is already connected in
5ghz and the SAP comes up in 2.4ghz, the beacon
template should be updated with NSS = 1
Fix is to check whether the current hw_mode is in
DBS or not, and change the nss in the beacon template
accordingly
Change-Id: I54ead1fd26d705a821160b5bc5d816df1d2ab8f4
CRs-Fixed: 2288307
Currently VDEV Force cleanup happens only if FW is in recovery state
and not if target_ready is set to false. However, since FW down flag
is set for recovery case also, even during SSR, the VDEV Force clean up
is not triggered.
Force cleanup vdev for FW down case also in wma_vdev_detach.
Change-Id: I3ba6dc92c1c5ea1090f9f5dc9062775de6db1954
CRs-Fixed: 2298278
Several HDD logs have been identified as being excessive. Reduce the
logging level of these logs to avoid spamming dmesg.
Change-Id: I49e0f91c5d66051f9e6ffd991d86505a11faa346
CRs-Fixed: 2298385
To speed up recovery trigger debugging, pass the caller's function name
and line number, such that the group needing to do the initial triage
can be easily identified via the panic message.
Change-Id: Ibac141a62a990adf7a781d7ef64544d92ff4e31b
CRs-Fixed: 2298194
Reduce log level for few prints to debug to avoid flooding
of prints to console.
Change-Id: I514585cc87d51ead15fb1f40d45f62023628d9bb
CRs-Fixed: 2295815
Do sap_ctx release for all DFS "Ignore" case.
Otherwise, the ref count may mismatch.
Change-Id: Ib3d7c416ec3942f4d0317825fa504bc2b5abd968
CRs-Fixed: 2297787
Remaining may be greater than its original value when
(remaining & 0x3)!=0, then OOB occurs when memcpy.To address
this, align the remaining after doing memcpy.
Change-Id: I3e39a791a76a272e82beb6561375e26ca84ec0f4
CRs-Fixed: 2259721
lim_process_ap_ecsa_timeout() contains a misleading indent. Reduce the
indentation of the affected code.
Change-Id: Ic18ebf88b0a754c8088005d22a9cec94313fa550
CRs-Fixed: 2297513
Currently, hdd_update_tgt_cfg() continues execution if allocation of the
pdev object fails. Unsurprisingly, this leads to numerous access issues.
Abort hdd_update_tgt_cfg() if allocation of the pdev fails.
Change-Id: I1c820994510a10949ef546cac06a8eb97ca0adf1
CRs-Fixed: 2297412
For SAP (2.4G) + SAP (5g dfs chan), the radar event
will be posted to all vdevs. 2.4 SAP will run into
failure in random chan selection.
Fix by ignoring radar event for Non dfs channel SAP.
Change-Id: I739f2a84f17941e501dfe52c9cd12afc6a42425f
CRs-Fixed: 2294077
The hosts sends the beacon template to firmware through the
command WMI_BCN_TMPL_CMDID. The firmware sends a TX complete
indication via the WMI_OFFLOAD_BCN_TX_STATUS_EVENT and upon
receiving this host decrements the CSA count.
The hosts waits until the csa count becomes zero and then sends
vdev restart to firmware. There are some issues with this
implementation when 10 beacons with CSA are taking more time
than 1 sec. This is because in STA+SAP case sometime the
WMI_OFFLOAD_BCN_TX_STATUS_EVENT is received after in 200-300ms.
If the host doesn't receive the channel change event, it gets
struck in the channel change.
To avoid this scenario, send the beacon template to the firmware
for every beacon interval without waiting for the beacon TX
complete indication from FW except for the first beacon template
updation. Introduced a new timer (ap_ecsa_timer) to update the
firmware with the beacon template.
Change-Id: I377768b87c96fd5064aa04d1ed5434a475e656ef
CRs-Fixed: 2294661
Revert I457c20f6ba908cac32cfc9b27fbaf980f1ec174d, which removes the
check to ensure recovery has been enabled via configuration before
starting the recovery process. This is a critical feature for internal
debugging. The check was moved into cds_trigger_recovery() to prevent
callers from bypassing this configuration and unconditionally asserting
the target firmware. Restore that check now.
Change-Id: Ieb347cfcd0eecd24f005d374c0fead07c34f3705
CRs-Fixed: 2296038
cds_trigger_recovery() already checks for various conditions before
actually triggering recovery. One of these checks ensures that recovery
is enabled, but some callers are checking to see if recovery is enabled
before calling cds_trigger_recovery() as well. Because of this, some
important checks are skipped, and crashes can occur when they should
not. Remove the redundant checks at the call sites for
cds_trigger_recovery() so that all of the recovery conditions are
properly handled, and the wlan driver avoids crashing when it should
not.
Change-Id: I8c26a002b66496a1eb06263f3f8b91ead739e3ac
CRs-Fixed: 2296008
When channel 4 is unsafe channel in 2.4g LTE coex ACS case,
the weight for channel 4 will be calculated as 0 by function
sap_sort_chl_weight_ht40_24_g, it's wrong because weight_copy
doesn't be initialized in this case, so acs channel select
may choose wrong channel to start sap.
Fix is to add initialization for weight_copy when weight is
SAP_ACS_WEIGHT_MAX.
Change-Id: I4aa0fb133774d9980146a9ceae9b91154bd15bbc
CRs-Fixed: 2282371
Scheduled scan (a.k.a Preferred Network Offload, PNO) is intended to be
used only for station interfaces. However, it has been observed that
userspace will send scheduled scan requests for non-station interfaces.
Reject requests to start or stop a scheduled scan on non-station
interfaces.
Change-Id: If5abd242f134518ac4e3d942c1513c66b5c50ff3
CRs-Fixed: 2295101
In wma_vdev_resp_timer(), while handling WMA_DEL_STA_SELF_REQ if
wma_crash_on_fw_timeout() is true, then wma_vdev_resp_timer initiate
SSR and memset iface structure without freeing iface->del_staself_req.
This results mem leak in wma_vdev_resp_timer().
Free all the dynamic memory from iface structure in wma_vdev_deinit()
instead of handling them separately.
Change-Id: I7b16ddc9dfb70638c6f895bd97cd9c106bfad595
CRs-Fixed: 2293099
Clean up the WMA context structure which currently has the following
issues:
1) Fields are defined that are unused
2) Fields are defined that are missing documentation
3) Fields are defined with documentation inline rather than in the
documentation block
4) Documentation exists for fields that are no longer present
Change-Id: Ia9fb52c3967818c0a12ade7a15f0c353494f56de
CRs-Fixed: 2296105
pe session_id should not be used as vdev_id.
Add a vdevId field to tAggrAddTsParams struct
and fill smeSessionId as vdevId and pass this
down.
Change-Id: Id021dda35a32f7870277d405c85a0878d7baa3f3
CRs-fixed: 2272126
Do not required to print function and line number
for data path statistics function which is invoked
by ioctl.
Change data path statistics to info print so
that it can be printed in dmesg as well.
Change-Id: I4b5ea4202255ace71dbb6f9a4bbff6f93e496425
CRs-Fixed: 2278885
When peer creation fails in wma_set_link_state, wma sends the
WMA_SET_LINK_STATE_RSP msg to LIM and Lim frees the msg->bodyptr
But there is a situation occurs where after this wma_peer_create
fails, mc thread stop sys event also occurs where the mac_stop
is invoked which calls the pe_free_msg -> pe_free_nested_messages
In pe_free_nested_messages, if the msg type is
WMA_SET_LINK_STATE_RSP, we free the msg->bodyptr->callbackArg.
This callbackArg points to the PE session. Trying to free the
PE session results in memory corruption.
Just pass the session id as callback argument when the callback
is lim_post_join_set_link_state_callback.
Change-Id: I27f9127685ac7ef8d215b135f1625e8e2f225fc0
CRs-Fixed: 2287827
