In wma_process_pdev_hw_mode_trans_ind() vdev_mac_entry is used to copy the
pdev_id and vdev_id values from a for loop.
vdev_mac_entry is never checked before if it is allocated and can lead to
null pointer dereference.
Change-Id: I44ea6f5262bf39116af33a4d833a2c77d7963626
CRs-Fixed: 2359250
The PERE_IP_HDR_ALIGNMENT_WAR feature does not apply to hardware
supported by this driver, and the code would not build correctly
if the feature was enabled, so completely remove the feature.
Change-Id: I4697e798dc57ab7e51c88d40e4d0f9a26a98de6d
CRs-Fixed: 2363232
The following functions are unused, so remove them:
- wma_is_sap_active()
- wma_is_p2p_go_active()
- wma_is_p2p_cli_active()
- wma_is_sta_active()
Change-Id: I801176fb2b4df9308744fcde27dc789e88e1e550
CRs-Fixed: 2361895
Although the implementation has been removed, the prototype for
wma_update_vdev_tbl() is still present, so remove it as well.
Change-Id: Ifcf10e97d0bc24bdf88c69f936e998b228ec945b
CRs-Fixed: 2361930
WMA has a prototype for wmi_unified_pdev_set_param(), but there is no
implementation, so remove it.
Change-Id: Id39afc1a1966bca9b8b947bb0b2c89f5d1b21801
CRs-Fixed: 2361995
Almost all of the p2p Listen Offload logic has been componentized,
therefore remove the following unused functions from WMA:
- wma_p2p_lo_start()
- wma_p2p_lo_stop()
- wma_p2p_lo_event_handler()
Change-Id: I750870ccbe84e817954a3ee1a50e2e8daa5ab661
CRs-Fixed: 2361886
The functionality previously handled by wma_p2p_noa_event_handler() is
now done in WMI. Since wma_p2p_noa_event_handler() is no longer used,
remove it.
Change-Id: Id8095a79fee6be83c886a1635a1ce0b1a2e4087b
CRs-Fixed: 2361871
WMA defines struct sP2pPsParams which is unused. Since this is
obsolete, remove it.
Change-Id: I4d42f42ac9b3cd432dbebd405f7779ca6c94e937
CRs-Fixed: 2362014
WMA defines struct sTdlsLinkEstablishParams which is unused. Since
this is obsolete, remove it.
Change-Id: I2a28564ccb5ad85d65a62a5e9f0ac6c500a80c2d
CRs-Fixed: 2362013
When switch channel failed, need handle it gracefully,
pass failure to PE and disconnect current session.
Change-Id: If489e519a1784dabf630d5bde34ef8de56abf5e1
CRs-Fixed: 2360726
Add the following WLAN_REG ini configs and FE_BEAMFORM
cfg items to MLME cfg:
1. WNI_CFG_11D_ENABLED
2. WNI_CFG_11H_ENABLED
3. WNI_CFG_TX_BF_CAP
4. WNI_CFG_AS_CAP
5. WNI_CFG_DISABLE_LDPC_WITH_TXBF_AP
Introduce the basic infra APIs related to these configs
from mlme.
In csr_roam_open_session, lim_populate_vht_mcs_set,
lim_sta_send_add_bss, populate_dot11f_tdls_ht_vht_cap,
populate_dot11f_vht_caps and sme_update_nss, local structure
is updated instead of mlme global structure for vht caps and
thus the mlme vht caps contains only the default values.
Fix this by updating mlme vht caps in mlme_update_vht_cap.
Change-Id: I1a948d7a44ad2bcc7f711c46b278971d7e4026e7
CRs-Fixed: 2354562
qcacld-2.0 to qcacld-3.0 Propagation.
the wma_send_time_stamp_sync_cmd will not be processed by fw,
so remove this wma_send_time_stamp_sync_cmd.
CRs-Fixed: 2280656
Change-Id: I3aee6e2da4783772ad9acf3fc20c3669829f9397
In monitor mode there is no disconnect, so vdev stop and down is
not handled. Make sure to stop and down the vdev before vdev delete.
Change-Id: I25f5a0e01deda8f2e16e102113b10f32e89b3e38
CRs-Fixed: 2357047
Since refined second part of LFR INIs, apply these changes in
SME/MAC/WMA layer.
Change-Id: I7994a9038d5bd094ce23bcd525ef8f5282974bfc
CRs-Fixed: 2346790
Initialize gp_cds_context->cfg_ctx before any error case happened and
goto err_wma_close. Otherwise, in wma_wmi_service_close, it's trying to
free uninitialized gp_cds_context->cfg_ctx.
Change-Id: I822ecf77676b9d638c414afb544fdb41d7b1d146
CRs-Fixed: 2355042
Currently WOW_REASON_PACKET_FILTER_MATCH is not taken count into wakeup
stats, we can add this wakeup reason to unicast/multicast stats like
Pattern Bitmap Match.
Change-Id: I801e1dcd5a75c694f138cb01f588e2c4ea16502a
CRs-Fixed: 2350437
When CONFIG_MOBILE_ROUTER is enabled there are build failures
due to improper featurization of mobile router, so fix the
featurization.
Change-Id: Ic9e1f608bc631409fbb5bcf84fc3f4520d69a7c9
CRs-Fixed: 2355786
Initialize the PN with value, which has been given by upper layer
and plumb it to DP
Change-Id: If6b14d2b9b92e4571a85cb20dc445608d5f56961
CRs-Fixed: 2350950
Per the Linux coding style "mixed-case names are frowned upon" and
"so-called Hungarian notation [...] is brain damaged." One identifier
used extensively throughout the driver that violates both of these
tenants is "pMac." In order to be compliant with the Linux coding
style there is a campaign to rename all instances of this identifier.
For this change rename all instances of "pMac" to "mac" in:
wma_api.h
wma_if.h
wma_internal.h
wma_types.h
wlan_qct_wma_legacy.c
wma_data.c
wma_dev_if.c
wma_main.c
wma_scan_roam.c
wma_utils.c
Change-Id: I6967ecb60bbd97d1b66ecd273a4490be65fe02f4
CRs-Fixed: 2356095
Do not unmap mgmt_tx nbuf for HL as the mgmt_tx nbuf is not mapped
in case of HL.
Change-Id: I1e7bf3af09dea357075d897974d3a59e0b439ae4
CRs-Fixed: 2349234
Current HTT_H2T messages from host driver does not have
consistency in message length set by host driver. Some
message types include HTC header length also within the
message length, while other types have message length
itself only.
Fix the same by sending same message format based on
firmware capability.
Change-Id: I885a21530a2d8f852387ae54cf7ee0751aad2516
CRs-Fixed: 2145560
Once Driver receives APF sub-command QCA_WLAN_SET_PACKET_FILTER,
it posts the message to SME and returns the context. In case
where vdev restarts before sending the APF command to WMI,
driver will drop it since Firmware cannot accept the command
while vdev is down. Upper layer will have no knowledge of this
failure since there is no acknowledgment mechanism for a
successful APF command sent to the Firmware. Once the vdev is up
again, upper layer will send next APF instructions and driver
will allow then to the Firmware. This is problematic since
Firmware cannot operate with the partial APF instructions since
the initial part was dropped.
Hold the vendor command context till the command is successfully
sent to the Firmware. Propagate the errors to the upper layer.
Change-Id: If3cd6fbc85f83c0d78e735e96c00011cd2fd9347
CRs-Fixed: 2350640
Currently when a VDEV response timer or Hold request timer expires,
the pointer to the request message is received as data from the
timer callback. The data is dereferenced to get the type and vdev_id
and the corresponding vdev request is found from the vdev resp queue
based on type and vdev_id.
In a scenario where the MC timer has expired and posted a message on
the SYS message queue for the scheduler thread to process and the
response from the FW for the VDEV request is received after the timer
is expired and posted, the response path handled in softirq context
frees the request memory. When the SYS message queue is processed by
the scheduler thread, the vdev resp timer API is called with a stale
pointer to data which has already been freed.
When the data is dereferenced to get the vdev_id and type, use-after-free
happens leading to assert. Since we have the address of the request
from the timer, instead of finding the request in vdev resp queue based
on vdev_id and type, the address based lookup needs to be done.
Lookup the vdev_resp_queue or the hold_req_queue for the request
using the address before dereferencing the request for vdev_id and
type.
Change-Id: I8f19cb81b28bd5500d6cb3aa3da73ebe7faa48b1
CRs-Fixed: 2344681
Add support to configure the FW to send the action frame in
HE trigger based PPDU.
Change-Id: Ie6df5b1cb40c7f1b18a9e86f90b4b8f44ba7bf6b
CRs-Fixed: 2311413
In mlme_get_wep_key, the key_length is got from the caller is
hardcoded to value 13. This should be updated based on the
length of the key and passed to the caller. But it is not
updated and value 13 is used to copy the key, resulting in
decrypt failure.
Also add debug logs to print wep key id and length.
Pass the key length by call by reference to update the key
length
Change-Id: Ie1e56a80db27894bf9f0426728f9fb74a014679e
CRs-Fixed: 2351182
LIM contains remnants of a HAL IND callback infrastructure including
lim_register_hal_ind_call_back() and lim_process_hal_ind_messages().
However nothing actually handles the WMA_REGISTER_PE_CALLBACK message
that is posted by lim_register_hal_ind_call_back(), so remove these
obsolete remnants of this infrastructure.
Change-Id: Ibd2ea16891a8752bfb4e473c4c1e74c8bb49e1d3
CRs-Fixed: 2353426
In the fix Id1838939813e6cd2d52cee8720a1f4e0ca34329b, the condition to
check the number of args for the command unitTestCmd is set to greater
than equal to, which causes border cases to fail.
Fix the condition to pass correct number of arguments.
Change-Id: I4c6297fb112b4c60a4cb87ffaf0d3999ba798cd9
CRs-Fixed: 2353745
Currently event->vdev_id, recevied from the FW, is directly used
to refer to wma->interfaces without validating if the vdev_id is valid.
Add sanity check to make sure vdev_id is less than max_bssid before
using it.
Change-Id: I9fd97e430532c597a6c4b4e42b5dfaddba628ffb
CRs-Fixed: 2119442
The functionality that handles tAniIbssRouteTable is no longer
present, so remove the associated function prototype and data
structures.
Change-Id: I80eebe7494bf60b46165e0bd1eea04ce0f23c44b
CRs-Fixed: 2352149
Remove the duplicate channel info in vdev_start_params and
it sub structure channel and use implementations
can use the channel sub structure directly.
Change-Id: Ib1c4e47639f6a4883b944200c3649dc54bb2c59a
CRs-Fixed: 2350648
In wma_remove_peer_on_add_bss_failure, wma is returned from
cds_get_context(). This is not validated for null before being
passed to wma_remove_peer where dereference can occur.
Validate wma against null before passing it to wma_remove_peer.
Change-Id: Ia0323d88a719b6f6bfae058ddf499650a5c078a7
CRs-Fixed: 2350512
In High Latency interfaces, do not wait for download complete when
management over wmi service is enabled.
Change-Id: I7e1e175fdf5b4c836c504a7a816be4f98d4451a0
CRs-Fixed: 2341451
Fill the cmn nss chains structure from the mlme
nss chain params structure and send to fw
Change-Id: I573b0df20be31af536107f0585e7fa825dc2b6b3
CRs-Fixed: 2349823
Define two different mlme priv obj structures
based upon the flag CONFIG_VDEV_SM, for the
support of dynamic nss, chains update.
Change-Id: I00f39eb82973da86233ddfc8bdcc94b6ca8a439a
CRs-Fixed: 2349200
Add prefix NSS_CHAINS to band info to remove duplicate band
info in driver, and minor code cleanup.
Change-Id: I3a8446af6b6c272cfcb19583540e2384f64e3a1a
CRs-Fixed: 2347624
Accept the command to change the dynamic params like nss
and chains only when the vdev is in connected state for
STA/P2P-CLI, and in start state in case of SAP/P2P-GO.
Change-Id: Id4d2e3c4ac6745e25c7005af0b3c95e3e1db4533
CRs-Fixed: 2347488
For fw to store the dynamic config, the host needs to send
the vdev params to fw before vdev start.
Send the vdev ini params to the fw before vdev start.
Change-Id: I83a93481bae8452eb47f9a14d1978e8d8dd02f03
CRs-Fixed: 2347498
In case PEER send BW as 80Mhz in OPmode IE in 2.4Ghz, driver doesn't check
the SAP session BW and allow this BW in PEER assoc command to firmware.
Fix this by limiting the PEER BW to less than or equal to SAP session
BW.
Change-Id: Icf9e53fec32d30e5620e51b8664b0e92ba2b26d6
CRs-Fixed: 2346537
If the wma_remove_peer fails, the caller can still proceed to
start vdev hold request timer for WMA_DELETE_STA_REQ. The Host
driver doesnot stop the timer and this results in page fault
when the timer is expired.
Check the return status of wma_remove_peer and send failure
to the caller of wma_remove_peer.
Change-Id: I63d0dfefb183cf1a88b1f7abb2686b2dfdc6bd79
CRs-Fixed: 2348248
Quiet timers and TX control API are no longer used and are dummy API
which is dropped in WMA layer. Thus remove this unused code.
Change-Id: I77617df14093806f19c0d587e953f63ae86f8ffe
CRs-Fixed: 2348271
Support Rate control and rate control update events
for pktlog by enabling the events in
WMI_PDEV_PKTLOG_ENABLE_CMDID message.
Change-Id: I9281fcd7c632ba19a84a6eb2c0dff49a172fd70d
CRs-Fixed: 2340635
As part of tdls peer assoc request, WMI_SERVICE_PEER_ASSOC_CONF is
checked and a timer of 6 sec is started. But, in case of any failure
for peer assoc in host, This is not stopped and waited for timer to
expire and sends the response with failure status.
Stop the peer assoc confirm timer and send the add sta response with
failure status in case of any failure in host.
Change-Id: If6ba6aa1297afaea1fd86bf406dcbb6e4e461d25
CRs-Fixed: 2345086
