In SSR or driver unloading case, directly exit may cause obj
leak. Free the objects in those cases, regardless of
sme_close_session status
Change-Id: Iaf0500aca23917f84c37848cd3abade66b7d7456
CRs-Fixed: 2187579
In sap_update_rssi_bsscount, bss count for channels is
incremented based on offset only and does not consider
if channel on which scan result is received and the
offset channel belong to same band. This could result
in incorrect increment of bss count for some channels
when channels from both bands are present.
Fix is to increment bss count based on channel offset
only if both channels belong to same band and also
choose channel with lower bss count among the channels
having least weight.
Change-Id: Icee978fc40047782c79fe36cba29e3feed3c90aa
CRs-Fixed: 2191324
If Deauth/Disassoc timer is currently running when lim_cleanup
happens due to SSR, the memory allocated for Disassoc/Deauth Req in
mac context is not freed leading to memory leak.
Free Deauth/Disassoc Requests stored in mac context in lim_cleanup
Also check for existing Deauth/Disassoc Request pointers stored in
mac context and free it before assigning it to point to the
current request.
Change-Id: Id7e221bd9d5061ecaa9b73a4fe1dc0f465f68aa9
CRs-Fixed: 2191131
In function wma_vdev_stop_resp_handler, resp_event->vdev_id is
received from the FW and is used to access the interfaces array in
wma_handle. This could lead to OOB read/write if the vdev_id
received from the FW is greater than or equal to max_bssid.
Add check to return failure if resp_event->vdev_id is greater than
or equal to max_bssid in wma_vdev_stop_resp_handler
Change-Id: I1af5312e6c45db3b9ba03fbf45de3d3c2a7fab20
CRs-Fixed: 2185477
Is firmware down check is added explicity in some api's and insome
northbound interfaces it is not added resulting in waiting for
firmware response even when the firmware is down.
Move firmware down check to validate context umbrella where
other driver states are validated.
Change-Id: I42a520f8a573825fde55a40dd03bb942f8a34b9c
CRs-Fixed: 2188938
Currently in case of static driver, wififtmd which writes into the
bootwlan and wifi-service which writes into the state_ctrl_param
executes in parallel. The handler of boot_wlan and state_ctrl_param
in driver intialize this wlan_start_comp variable and wait for its
completion. If one handler is already waiting on this event and other
handler reinitalize the event then it leads to the instability.
To mitigate this issue
1) set the driver loaded state to true and then complete the
wlan_start_comp event.
2) create the state_ctrl_param fs only once the boot_wlan handler
wait is completed for probe.
CRs-Fixed: 2158126
Change-Id: Ia51811a0dd2c5b52f7eee781c4d4620174de3649
In lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message, length passed
to unpack RSN IE is total length of WPA and RSN IE. So if only WPA IE
is present in assoc request, the RSN IE parser will try to validate the
buffer beyond the RSN IE and might fail as the buffer belongs to WPA IE.
Pass appropriate length to unpack RSN IE.
Change-Id: Ie679e67061e7ac622e8e76b285a32135a60ca6e8
CRs-Fixed: 2189926
As part of csa or opmode IE handling program phymode param after
ch_width since firmware expects channel width to be programmed
before phymode.
Change-Id: I46e3a5e1ce94fa53e27f821e70c29e209e591865
CRs-Fixed: 2186030
If command type is FTM_IOCTL_UNIFIED_UTF_RSP set copy_to_user
flag to return proper data to userspace.
Change-Id: I5f4a1e147f3d1dc162001ceb69fa6823b3158787
CRs-Fixed: 2191046
HDD IOCTL __iw_setnone_getint is not releasing SME config memory
in error case properly and hence leading to memory leak. Fix this
SME config memory leak by properly freeing it before returning from
__iw_setnone_getint.
Change-Id: Ie50259a639edb2cfa63cd3bbe7cac8bb8ebb7654
CRs-Fixed: 2191041
Upon receiving a ROAM_START from the firmware,
cancel the current scans which is similar to
initial connection which will avoid unnecessary
frames to the host during the connection process.
Change-Id: I0c9a4dd7cd4d58e0583cc44b5e33e88728eb70bb
CRs-Fixed: 2174921
In handling assoc request make sure to use VHT IE or vendor VHT IE
appropriately for suBFormee/suBFormer calculation.
Change-Id: I3934a0c7229a8a400d1aa54fe3bf0bc3513d4d70
CRs-Fixed: 2159206
Currently, driver allows multiple acs scan requests at a time. Due to this
race conditions can occur and causes "use after free" issue for variable
channelList. To avoid race condition, driver should allow only one acs scan
request at a time.
Add a new atomic variable to make sure that if one acs scan request
is in process, the driver should reject all further acs scan requests.
Change-Id: I7aa2f4df0dd4c6ca8ff791fe462d142fc7b3e691
CRs-Fixed: 2176354
Packetlog initialization is failing as txrx_get_pldev API is missing,
which returns paketlog object from the given pdev.
Add txrx_get_pldev API to get packet log object for the given pdev.
Change-Id: I2219a5c0964e76637ff8dbef92661b98cd22fb28
CRs-Fixed: 2189211
Currently in hdd_get_sta_connection_in_progress, conn_info.uIsAuthenticated
is used to check if the STA connection is in progress. However, this might
not reflect the actual state and might still lead to the deadlock scenario
fixed in I23ad1fc96882abeaae2d1b051659ea6d24b07428.
Add new API to check for SME state for key exchange in progress and
use it in hdd_get_sta_connection_in_progress.
Change-Id: I7d6199ed8c81a113c4e3f30538d74fb675e730ff
CRs-Fixed: 2189814
lim_preauth_scan_event_handler using sme session id to find pe session,
it may find pe session new create for roaming bss, it will cause
pre-auth roaming command can't dequeue.
Change-Id: I81be20318300ac0e312aa9bcff1a43a47e9a38f7
CRs-Fixed: 2189778
Fix the following race condition,
1. A connection request to driver which requires DBS
2. DBS gets granted, but connection fails, so opportunistic timer
starts off
3. New connection request gets queued in SME & opportunistic timer fires
and SMM HW mode request gets queued behind the connection request
4. Connection is succesful which needs DBS
5. SMM hw mode request gets sent to FW
Change-Id: I0456eba8165015b58b341df934fbfad5fb6eee86
CRs-Fixed: 2186292
It is decided to centralize the logic of programming LI based on
modulated/dynamic DTIM in FW to address the concerns with LFR3.0 in WoW
mode. In order to make it work, following steps need to be performed.
1) If listen interval offload bit is enabled in service ready extension
then,
a) Driver needs to send "gEnableModulatedDTIM", "gMaxLIModulatedDTIM"
and "gEnableDynamicDTIM" params' value to FW via VDEV PARAM up on
each successful association.
b) Driver should not program LI during suspend()/resume()
2) If listen interval offload bit is disabled in service ready extension
then don't trigger above changes.
Change-Id: I6f94c95bd83e5846d7290d5dc752b14da5951a76
CRs-Fixed: 2187597
Reduce the minimum value for the ini nr_offload_cache_timeout to
5 seconds.
This is done to give the user a shorter cache_timeout to trigger
neighbor report frames more frequently.
Change-Id: Ica5359b9e826dad382868de991dcbf204c10a096
CRs-Fixed: 2189034
Size allocate with sizeof(target_paddr_t) which is following DMA
device, but free with sizeof(qdf_nbuf_t) which is a pointer following
system. Maybe not same size on some platform.
Fix it by using same type when allocate/free.
Change-Id: Iadcb68b05ca5798f38c4341323b9fd1e32f5d693
CRs-Fixed: 2189671
Check the current vdev supported bandwidth values agianst peer
opemode update value and if the peer opmode value is greater than
current supported value then do not send the opmode update request
to FW.
Change-Id: I8f360d769b5aafb90061a6a9d18f1f8062e3534e
CRs-Fixed: 2174050
Update the HE STBC capabilty per latest spec and add support
to configure it using INI configuration and ioctl.
Change-Id: I4ecc7b600671c132c1f3968a10fb652a4311f484
CRs-Fixed: 2181114
