Currently lim_create_fils_auth_data calls lim_create_fils_wrapper_data
to calculate length of the created wrapped data and stores it in an
unsigned variable wrapped_data_len. But return type of
lim_create_fils_wrapper_data is int so it could return negative value.
Less-than-zero comparison present in lim_create_fils_auth_data of an
unsigned value is never true, as unsigned value can never be less than 0.
Results lim_create_fils_auth_data returns improper 'fils auth data' which
used to be send in auth req.
To make 'less-than-zero comparison' effective in lim_create_fils_auth_data
change type of wrapped_data_len from unsigned int to signed int.
Change-Id: I66d872b76b2039179e3f3dd0ccbb6c135174e354
CRs-Fixed: 2233113
Add /* fallthrough */ comment in sme_qos_add_ts_success_fnp
as per linux checkpatch script in case of reason
SME_QOS_REASON_REQ_SUCCESS of flow request.
Change-Id: I6285ccdc74e5c19fb9bbb8a1b9e0dec5e54edc6e
CRs-Fixed: 2233179
In case of STA + SAP, when STA connect to a new AP, the SAP
initiate channel switch to the new channel of the STA. During
this transition period DUT will be in MCC scenario and thus
firmware changes the TBTT of SAP to get 50% channel time.
Due to this peer STA connected to DUT-SAP may miss all 5
beacons containing CSA info and when it comes out of hw-dtim
mode after 5 beacon misses the DUT SAP has already moved to
new channel and thus as SAP is not on the old channel the peer
STA will receive Heart beat failure.
To avoid this Heart beat failure on peer STA, increases the
default value of channel switch count (g_sap_chanswitch_beacon_cnt)
to 10 to increase the probability of receiving beacons with
CSA info.
Change-Id: I2e5182c299f2a100c9919ffc123aa6b1290324f9
CRs-Fixed: 2227704
Fix NPD in function lim_create_fils_wrapper_data, by moving the check
against NULL pointer before the access.
Change-Id: I00c6c4df0ff94ffdfe77a8a563b1747c29906b2f
CRs-Fixed: 2232734
cdp_get_pn_info() would output wild pointers and cause NULL
pointer reference in wma_is_ccmp_pn_replay_attack().
Add pointer check in wma_is_ccmp_pn_replay_attack().
CRs-Fixed: 2232554
Change-Id: Ic2e5487468aaced91d6567005bbe66a7c065f088
Log reason code while flushing logging events to precisely know
the reason of failure.
Change-Id: Ibe26563780f165e85490c54c2b4f83d959a3587f
CRs-Fixed: 2235138
Change data packets printing to one line
Add msdu-id to TX packets
Increase data packets size to include the complete IP packets
Indication/print when the throttling occurs
Change-Id: I4831c517b41f81003b8d28448a3093d911ac978c
CRs-Fixed: 2157768
The return value check logic is wrong in __iw_get_softap_linkspeed.
Which cause get linkspeed always failed.
Change-Id: If37732867f91e2b95996614ab863953d5ed5af93
CRs-Fixed: 2232332
Add Unified WDI API support for ol_txrx_ipa_set_perf_level and fix
client parameter for ipa_wdi_set_perf_profile.
Change-Id: Ieaaf7cf5231f74cd6ba358c02032ae173d9618f0
CRs-Fixed: 2211504
Move chanmode_to_chanwidth API to qcacmn since it will be used by ndp
schedule update event.
Change-Id: I13d00c0b818eb0da434c8a5372b2ab7b6693f22a
CRs-Fixed: 2216803
In shielding room, bring up one 2.4G SAP with HT40+ on channel 6,
but hostapd_cli command will report HT40-. Root cause is it uses
sec_ch_offset when calculate ACS result params, it's wrong.
Fix is to use secondary_ch when calculate ACS result params.
Change-Id: I41a5d0e4be0d2e3046d0004c25f11f2905a3b911
CRs-Fixed: 2221588
Add GRO support and make it configurable through INI(GROEnable).
GRO and LRO are mutually exclusive. Only one of them can be enabled.
And disable GRO during following conditions
1) Low TPUT scenario
2) Concurrency cases
3) For Rx packets when Peer is not connected
Change-Id: I15535827a03953231670d4138235c4876b16e045
CRs-Fixed: 2098772
INI item "gBmpsModListenInterval" is not used and hence remove
it from source code.
Change-Id: I32cae84a200541e9028667f16736ce5394bae4b7
CRs-Fixed: 2232887
In function dot11f_unpack functions length of buffer passed is
decremented as pointer advances in the buffer. Add a check for
integer underflow before decrementing the length.
Change-Id: I4ed39d326855c2027ff0bc3cbe5c8981a2ae2aa1
CRs-Fixed: 2231755
When the SSR is triggered after the modules are closed, uevent
notifier is trying to get the pdev which is alredy destroyed.
Reject the uevent notification if the modules are already closed.
Change-Id: I8074838b18b1e36dd67afa90125f9fbe06d32c34
CRs-Fixed: 2219843
Currently, in __wlan_hdd_cfg80211_set_limit_offchan_param() function after
parsing the 'tos' value from incoming netlink buffer there is no check
against the max value of tos. This tos value is passsed as an argument
to hdd_set_limit_off_chan_for_tos() function where it is using as an array
index for 'limit_off_chan_tbl' variable which is limited to HDD_MAX_AC.
This may cause out of bound access.
Add check to ensure the parsed tos value is not greater than
or equals to its max value.
Change-Id: I661af1f9559d9bec627594d119423be97978ac2c
CRs-Fixed: 2222803
Currently, there is no break statement between switch cases in
function hdd_stop_present_mode(), here first case has to
fall through the next case instead of using break statement.
Add /* fallthrough */ comment between the cases.
Change-Id: I518628fb8ee084a0ea8de5c98c18a9a6c20b2637
CRs-Fixed: 2233177
In wma_fill_roam_synch_buffer, fils_info is received from the FW
as part of roam synch event and contains kek_len and pmk_len. These
lengths are used to copy the kek and pmk from the FW buffer to the
roam_synch_ind_ptr respectively.
If the kek_len exceeds the SIR_KEK_KEY_LEN_FILS or pmk_len exceeds
the SIR_PMK_LEN value, a buffer overwrite would occur during
memcpy.
Add sanity check to return error if kek_len exceeds SIR_KEK_KEY_LEN_FILS
or if pmk_len exceeds SIR_PMK_LEN.
Change-Id: I8035c54cb4cbd5b4065646377f7d1d2824f9c436
CRs-Fixed: 2226386
In function wma_get_arp_stats_handler avoid un-initialized
access to arp rsp_stats by initializing it to 0s.
Change-Id: I95c41f89740bff276ed5c6736b4ad9da3ef6ce87
CRs-Fixed: 2232401
In hdd_stop_adapter() there is a switch statement where the logic for
case QDF_SAP_MODE falls through to the next case. Add a fallthrough
comment to explicitly document that this is the desired behavior as
opposed to a missing break statement.
Change-Id: I2fc7b2eeb07eb91b57d5008e74267667a5995c6e
CRs-Fixed: 2233181
In hdd_sme_roam_callback() there is a switch statement where the logic
for case eCSR_ROAM_CANCELLED falls through to the next case. Add a
fallthrough comment to explicitly document that this is the desired
behavior as opposed to a missing break statement.
Change-Id: Ic5fd5c92d7ab421a60d56dfc7761578b554349c6
CRs-Fixed: 2233180
In wlan_hdd_update_phymode() when the curr_band is set to BAND_5G the
channelBondingMode5GHz is not correctly set. Fix the logic which
currently has duplicated test for BAND_2G to test for both BAND_2G and
BAND_5G.
Change-Id: I70ed07d12ae891374e511905213ef7fcc7a7f1f1
CRs-Fixed: 2232919
Currently in __iw_get_char_setnone() while processing the
WE_GET_STATES ioctl a call is made to PMAC_STRUCT() to convert a HAL
handle into a tpAniSirGlobal (aka pMac). This is a data hiding
violation since use of pMac should be constrained to the UMAC -- HDD
should not be utilizing this data structure. And it turns out that
after PMAC_STRUCT() is called the resulting pMac actually isn't used
other than testing for NULL. Furthermore this is dead code since the
HAL handle was already tested for NULL and hence the pMac could never
be NULL at the point it is tested. So fix this data hiding violation
by completely removing the code that populates and tests pMac.
Change-Id: I73fc7c388f4482e5c483a4982231f934cc80ef6c
CRs-Fixed: 2232897
In __iw_set_host_offload() there is a switch statement where the logic
for case WLAN_OFFLOAD_ARP_AND_BC_FILTER_ENABLE falls through to the
next case. Add a fallthrough comment to explicitly document that this
is the desired behavior as opposed to a missing break statement.
Change-Id: I9a7d84841d9d059e822ee15ee482111ca9d87caf
CRs-Fixed: 2233178
