It is reported by Static Analyze tool as buffer overflow when call
into function ol_txrx_bad_peer_txctl_update_threshold, because
WLAN_WMA_IEEE80211_MAX_LEVEL is defined as 5 but TXRX_IEEE11_MAX
defined as 4, so level 4 will pass as max index value which is buffer
overflow.
Add TXRX_IEEE11_AX so TXRX_IEEE11_MAX aligns with
WLAN_WMA_IEEE80211_MAX_LEVEL.
Change-Id: I49fe348f1071648d86e456c6df63738ec507dd6c
CRs-Fixed: 2058227
qcacld-2.0 to qcacld-3.0 propagation
Add ini option to enable/disable action frame based channel switch.
Change-Id: I340464a18ef0b5cf09f481a23b01edcf04904e34
CRs-Fixed: 2082563
Allocation of memory for assoc resp fails
when frame length is zero and error message
is displayed.
Fix is to allocate memory only when frame length
is greater than zero.
Change-Id: I6c3a457b7eb9d49fa67bee7570594dd81c2eb3d7
CRs-Fixed: 2060384
Buffer overflow in ConvertQosMapsetFrame function
when num_dscp_exceptions value is less than 16.
Fix is to return from function if num_dscp_exceptions
is less than 16.
Change-Id: I2fcce60b7fe5e988348cee786e9a4d493d9512fe
CRs-Fixed: 2086305
The target_delta and bus_delta combined with target_tx_credit
to fulfil the credit function of host.
A global lock is needed to ensure reenterable.
Change-Id: I71c006ccfe05b442706283490cd7bba4cc8a6f5f
CRs-Fixed: 964530
Constant value 4294967295 is recognized as an signed integer
in ISO C90. Change the definition of the constant value to
4294967295UL to fix compilation error where need a unsigned
value as a input parameter.
Change-Id: I02f67b6351c53b5e3331ce668059c4c61953a8d3
CRs-Fixed: 2023140
When doing HDD context check in ipa_init, the CDS is not yet
loaded. So remove the CDS loading check in ipa_init.
Change-Id: I45843c406f280cfbf932bc489f9051c2300b77ba
CRs-Fixed: 2070428
In MCC case when vdev pause queue is full, driver fails to tx and pkts
are dropped. ipa tx_desc only replenishes to ipa driver. This leads to
holes in hdd_ipa_tx_desc free list and list will be drained out causing
unexpected packet drops.
Fix is to replenish tx_desc to wlan driver maintained free list as well
using ipa registered skb free callback.
Change-Id: I1ae8570816efd822d5ced2c6383a03c56b12ec89
CRs-Fixed: 2073444
csr_roam_roaming_offload_timer_action() is used only when
WLAN_FEATURE_ROAM_OFFLOAD is enabled. But it is defined out of
WLAN_FEATURE_ROAM_OFFLOAD. So there is a compilation error that
csr_roam_roaming_offload_timer_action() is defined but not used when
WLAN_FEATURE_ROAM_OFFLOAD is disabled. Add fix to resolve this issue.
Change-Id: I31036a91df3d2799d53fb64f73dbae847bee97bf
CRs-Fixed: 2023165
Since wifi chip do not supprot LFR3.0 on SDX20, disable LFR3.0
feature in Kbuild, and fix a compilation error.
CRs-Fixed: 2009403
Change-Id: I16eb3bd68d5564801be9cbcf9db1386cb0e3953b
Add interface information when sending P2P listen offload stop
event to upper layer so that the event can be processed on the
correct interface.
Change-Id: I7aac52552e9277aff838d9bfef01201af48773c9
CRs-fixed: 2088732
eWNI_SME_HO_FAIL_IND is defined under WLAN_FEATURE_ROAM_OFFLOAD, but
it is used out of WLAN_FEATURE_ROAM_OFFLOAD, it will cause compilation
error. Add fix to resolve this issue.
Change-Id: I7dda8806ecadc4dd8c8c1d7f14cc7bc21bdc2bf7
CRs-Fixed: 2023694
If TDLS disabled at the build level, it triggers
build failures in some of the projects, which does
not support TDLS feature.
Restructure the TDLS function to avoid build
failures, when TDLS is not enabled.
Change-Id: I3b63546f22d0187fb42d400fd7e15ff7a3d64653
CRs-Fixed: 2056022
Check if wpa index for the OUI retrieval is
going beyond the limit of the array and return
Change-Id: I040246d7a7c2ca387282dc4d86ffdbdf34007323
CRs-Fixed: 2085702
Move the log messages to appropriate log levels so that
the console does not get a huge spam of unnecessary logs
Change-Id: I8e140039a3a483953606558e102db23ab8b0096a
CRs-Fixed: 2043741
On receiving auth resp with algo not supported status
code, open system auth is sent to firmware. There is
a possibility that AP does not receive ack sent by DUT
and retries auth frame. The retry frame could be received
at host after open sys auth req is sent to firmware
resulting in auth failure.
Fix is to send open system auth frame after timer of
15msec expires.
Change-Id: I6bc7097ec7568fc65a379c7c31c96d5874f1e216
CRs-Fixed: 2075272
When FW support SDIO_REDUCE_TX_COMPL_FW_ACK feature, WLAN host can
enable tx_free_at_download feature to increase efficiency further.
CRs-Fixed: 2078825
Change-Id: I542e51254ca5c0a6c51f7479e0cc1cdb12a077fa
Currently flush power save command logic is sending power save
enable for all VDEVs. FW does not support power save for SAP
VDEV hence add check to make sure to flush power save command
only for INFRA STA VDEV.
Change-Id: I8f162535f8a4c3b66b6ed136c3c0d599c7dc0dba
CRs-Fixed: 2084683
qcacld-2.0 to qcacld-3.0 propagation
Currently for SDIO implementation, tx comp indication is
suppressed and tx_desc is freed when htt download is done.
This leads to invalid tx_desc being referenced when pktlog
indication handler wants to collect TX-ed tx_desc information.
Fix consists of two parts:
1. When pktlog is enabled in ini, enable tx comp indication
handler just like PCIe and USB. tx_desc is still valid when
pktlog indication comes.
2. Check vdev pointer embedded in tx_desc structure. vdev
pointer is set when tx_desc is allocated and set to NULL when
tx_desc is freed. This guards against invalid tx_desc_id
from firmware.
Note that performance drops should be expected when
pktlog is enabled on HL platforms.
Change-Id: Iba9b8323b4a6e2ae17e36768bda3511f52236a2c
CRs-Fixed: 2034996
Currently, a wakelock is acquired before vdev start is sent to firmware
and released after a vdev stop response is received. In some cases, this
can cause a race condition where the device will power collapse before
the association process is complete. Instead, release the wakelock after
either vdev up or vdev down is sent to firmware, ensuring the entire
association process is protected.
Change-Id: Iab1a241f1c5810d9f71bfd86e1e8036847ebf602
CRs-Fixed: 2082928
Change the log level from ERROR to INFO
for hdd_rx_packet_cbk log to prevent
packet information from flooding on the
kmsg.
Change-Id: I27bfcc708740f50c4b15d72b89176af2ce27f6fa
CRs-Fixed: 2082577
Currently there is no support to configure SMPS parameter
from host, add support to configure SMPS parameters using ini.
Change-Id: I6f8273ffed39a0b95c31f1647e86406b870165f2
CRs-Fixed: 2080571
Run through the entire peer_id_to_obj_map array and if any peer_id's
peer entry points to a particular peer, change it to NULL. Calling
this routine before deleting the peer ensures that subsequent peer_unmap
events will not access a peer object that is deleted.
CRs-Fixed: 2027846
Change-Id: I05089bece20ea070694f243feb06d222f8e50ac6
CFG80211_REMOVE_IEEE80211_BACKPORT is added to indicate
backport of Change-Id: 57fbcce37be7c1d2622b56587c10ade00e96afa3
from upstream 4.7 kernel to 4.4.
Hence add this flag CFG80211_REMOVE_IEEE80211_BACKPORT to
support this compilation. Also introduce HDD_NUM_NL80211_BANDS.
Change-Id: I60a15a1273f939a0a288d08d03ccb5bf1bdcc429
CRs-Fixed: 2087917
logical not is only applied to the left hand side of this
bitwise operator [-Werror,-Wlogical-not-parentheses]
(!(ies->RSN.RSN_Cap[0] >> 7) & 0x1)))
^ ~
csr_api_roam.c:14617:6: note: add parentheses after the '!' to
evaluate the bitwise operator first
(!(ies->RSN.RSN_Cap[0] >> 7) & 0x1)))
^
( )
csr_api_roam.c:14617:6: note: add parentheses around left hand
side expression to silence this warning
(!(ies->RSN.RSN_Cap[0] >> 7) & 0x1)))
^
( )
Change-Id: I489eba6a6265778346bb3b20832f92774a2d5e0e
CRs-Fixed: 2087302
Returning a negative value from the API results in the failure
on unsupported platform.
CRs-Fixed: 2082239
Change-Id: I75b14b81eaa00d53784a6deb90b99666e28b164d
MBO ies sent in tail buffer of beacon params
structure are not sent in beacon template to
firmware.
Fix is to add MBO ies in beacon template sent to fw
Change-Id: I3987bd431f9a21218650499afa16eac2b59e6486
CRs-Fixed: 2087752
When HTT attached, driver allocates DMA buffer to record each RX ring
entry, with element size - target_paddr_t, which is bus size, and may be
different from kernel's physical address size.
While in htt_rx_detach, size of qdf_dma_addr_t used for buffer free.
In case kernel built as 64-bit, and bus size as default 32-bit,
it will crash when free.
Use same element size to avoid it.
CRs-Fixed: 2087592
Change-Id: Iabe95f92ea82b736213a8b81453163229b2a3a3b
