When a BSS is being started, the WLAN driver will abort all
scan requests, including the ACS scan initiated by the
secondary SAP, which will result in secondary SAP start
failure.
Use a different function to abort scans initiated by the
current session which is doing BSS starting so ACS scan
initiated by a second SAP will not be affected.
Change-Id: I442431e92e31cc8d3eb302ccca4249d0b4bedf82
CRs-Fixed: 2154230
csr_roaming_state_msg_processor() is declaring roam_info on stack
which is of size 736 bytes. Kernel stack has limited size and all
big data structures should be allocated from heap to avoid stack
overflow. Hence allocate roam_info struct from heap and free it
after callback has returned.
Change-Id: I282d9baa9f3e679bfd5b628f0baaadf4beec86af
CRs-Fixed: 2143439
The memdump feature allocates memory after the module has started,
leading to a false positive memory leak when the module is subsequently
stopped. Move memdump init to before the module is started in
hdd_wlan_startup, and memdump deinit to after the module is stopped in
hdd_wlan_exit.
Change-Id: I8df48e55e0f1e90fb4599469ce10f7741fb7a9a0
CRs-Fixed: 2157112
Currently, resource leak detection happens when the driver module is
unloaded. Instead move as much leak detection as possible to when the
driver transitions back into the closed state. This better supports
load-once-never-unload and built-in driver configurations.
Change-Id: I88be641948ffa4fff397a8eae40cf3b05c543673
CRs-Fixed: 2113606
If roaming is happening and then a set key response is
generated from WMA to PE, then there is a possibility
of not finding the PE session as the roaming happened
and new session is established. In such cases, return
failure from PE to SME so that the set key command is
released and the command queue is not stuck
Change-Id: Ieba8ea76a2a53322f2e392e6b0bf30360b1e8f8a
CRs-Fixed: 2150731
With current implementation, if sme_open_session sends down a command
to the Firmware and an SSR/PDR occurs, the thread is stuck on waiting
on an event. The thread also holds the rtnl lock and will keep
blocking any other thread from acquiring it till timeout occurs. This
can result in deadlock situation with IPA driver trying to execute
driver ops during the SSR/PDR notification callback.
Use the wait_for_event_completion API for waiting on event. With this
the event will be purged when driver receives FW_DOWN indication.
Change-Id: I2920fd36c0eb5bb5994e66e584d12a2a9d8f409a
CRs-Fixed: 2120226
Add a new CONFIG_QCA6290_11AX flag to track & enable all 11ax related
header changes.
Change-Id: I265364eafb05c34eea18235a15c5e317716f6ecf
CRs-Fixed: 2124274
Limit the max join attempts to two less than 1/3 of the total
command timeout value.
Change-Id: Ic52ec1cfa268a9e24e944f5d6e875e42d5a7b2be
CRs-Fixed: 2137346
qcacld-2.0 to qcacld-3.0 propagation
For HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND, the msdu_cnt is a signed
integer coming from firmware. If set the msdu_cnt to a negative value,
or be greater than the number of current elements in the queue, the loop
will execute lots of times in ol_rx_offload_deliver_ind_handler, the
htt_rx_netbuf_pop will cause the BUG_ON issue sooner or later if it is
low latency solution.
Change the msdu_cnt type from signed to unsigned and add the validity
msdu_cnt checking will fix this issue.
Change-Id: I436557a124074f59ab11fd937dfdc975b9caebe8
CRs-Fixed: 2149461
qcacld-2.0 to qcacld-3.0 propagation
Check for the validity of peer_id when received the htt message of
HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP from firmware
to ensure the buffer overflow does not happen.
Change-Id: Ib3f92f4de0b406a78bf34d348c07cb3981277513
CRs-Fixed: 2147119
qcacld-2.0 to qcacld-3.0 propagation
Check for the validity of tid when received the htt message of
HTT_T2H_MSG_TYPE_RX_FLUSH & HTT_T2H_MSG_TYPE_RX_PN_IND from firmware
to ensure the buffer overflow does not happen.
And correct the sequence number type from signed int to unsigned.
Change-Id: Ibff86e891c335bfe8c2f9db82410545036463ed3
CRs-Fixed: 2149399
qcacld-2.0 to qcacld-3.0 propagation
Check for the validity of num_msdus when received the htt message of
HTT_T2H_MSG_TYPE_TX_COMPL_IND or HTT_T2H_MSG_TYPE_TX_INSPECT_IND from
firmware to ensure the buffer overflow does not happen.
Change-Id: Ic6ce75f34c5e2705d174eda014350e6ef0391388
CRs-Fixed: 2146869
qcacld-2.0 to qcacld-3.0 propagation
Check for the validity of credits when received the htt message of
HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND or HTT_T2H_MSG_TYPE_TX_COMPL_IND
from firmware to ensure the integer overflow does not happen if these
messages invoked many times.
Change-Id: I01386b88f1b677153f3e51e055b7fbac073cd6b3
CRs-Fixed: 2147127
