Use CONFIG_CNSS_OUT_OF_TREE to control if CNSS family drivers are
built from in-kernel-tree source or out-of-kernel-tree source since
the exposed header files will be in different paths. This is also
for backward compatibility.
Change-Id: I698492f175ea140e6854c372f366a63f36de24c9
CRs-fixed: 3022556
API "fw_diag_data_event_handler" is the handler of an event
WMI_DIAG_DATA_CONTAINER_EVENTID comes from FW. Arguments of
this handler function come from FW.
If num_data may be less than size of(struct wlan_diag_data),
possible OOB while extracting event data.
Fix is to add a sanity check for num_data to avoid the OOB
read.
Change-Id: Ia2eb62dbaa154936bdb4ea34065657d441f12810
CRs-Fixed: 3001178
Use non-inline OS-abstraction APIs to avoid direct
usage of kernel API's.
Use non-inline OS-abstraction APIs instead of OS APIs.
Change-Id: Ie4acfedc63a0e0e8ecbe358db711148db92bd8b6
Introduce proper logging APIs for diag module and also rate limit error
logs when skb allocation fails in low memory conditions to avoid excessive
logging side effects
Change-Id: Ia41ff7cfd526180825df61a43f1f59163947f257
CRs-Fixed: 2836681
The nla_data coming from user space is a variable length data,
but the driver is checking nla_len() against a fixed length struct only.
It is possible that the nla_len() check against fixed length struct
may pass and if the nla_data does not have the payload and it may
result in possible out-of-bound read (slot->payload).
Hence the fix is to, check if nla_len() is atleast more than
the fixed length struct and also account for payload length.
Change-Id: I2e68d55c0411cff55908c1704031e3c070f3316e
CRs-Fixed: 2825763
Currently, FW diag logs, management frames and stats responses are
processed in worker context. Because of this, there is a possible
out of memory scenario when there are huge number of diag events
waiting in work queue.
To address this, process diag events in a separate worker thread and
set the limit for the number of diag events that can be queued in
work queue.
Change-Id: Ie6e5b905a3b591cf724cd6b024bec0612f9e2e0c
CRs-Fixed: 2818013
Add the WMI command WMI_DBGLOG_MOD_WOW_LOG_LEVEL to enable
debug logs while in wow mode.
Change-Id: Ia1902d989964a5e35f590a075a2de64a9f66d5b7
CRs-Fixed: 2810326
Fix compile issues when some features are disabled, the features are:
BUILD_DEBUG_VERSION
CONFIG_CP_STATS
CONFIG_HOST_OPCLASS
CONFIG_FEATURE_ROAM_DEBUG
There are some other features depends on each other, so enabled features to
qcs40x.snoc.perf_defconfig, the features are:
CONFIG_WLAN_FEATURE_FILS
CONFIG_WMI_ROAM_SUPPORT
CONFIG_WMI_STA_SUPPORT
CONFIG_REG_CLIENT
CONFIG_WLAN_FEATURE_DP_BUS_BANDWIDTH
CONFIG_WMI_CONCURRENCY_SUPPORT
CONFIG_LL_DP_SUPPORT
Change-Id: I6fa1eacb79576a955e593dbb9ac52083742275e3
CRs-Fixed: 2584839
Diag event processing is stuck due to skb allocation failure.
SKb allocation is done using flag GFP_KERNEL which results
in the kworker thread to sleep and results in wmi workqueue
timer to expire.
Fix is to use GFP_ATOMIC flag for skb allocation for
diag data.
Change-Id: Ifa715df89ae06b17d4dc1506ea4f3c4e2af31f33
CRs-Fixed: 2559679
Replace printk with qdf_nofl_info in qdf folder.
So if we wish to change from printing on console
to other location, based on a logging daemon, we
can do that by only changing at the implementation
of QDF print API's
Change-Id: I6db67cee416ebbe0f2c51b2d4dbf2b3a335e972a
CRs-Fixed: 2442689
Currently driver is using vmalloc to allocate the memory
inside dbglog_block_read api and this buffer is copied to
userspace buffer which may lead to use of uninitialized
buffer.
To avoid above issue use vzalloc to allocated the buffer
which initializes the memory to zero.
Change-Id: Iebc530b000c908231ef8718e79054801d294dd8f
CRs-Fixed: 2470385
Per the Linux Kernel coding style, as enforced by the kernel
checkpatch script, pointers should not be explicitly compared to
NULL. Therefore within utils replace any such comparisons with logical
operations performed on the pointer itself.
Change-Id: Iae6c2f2f0b3041a9397dd13092ea500a8b995fd2
CRs-Fixed: 2418251
The buffer allocated with length "ATH6KL_FWLOG_PAYLOAD_SIZE"
is not initialized, this may lead to information leak during
memcpy when len < ATH6KL_FWLOG_PAYLOAD_SIZE.
To resolve this issue, memset the buffer for length
(ATH6KL_FWLOG_PAYLOAD_SIZE - len) to 0
Change-Id: If4a49347d674ad2af0438b408a4a4b9308c61026
CRs-Fixed: 2255083
Currently the NL MSG handlers for WLAN_NL_MSG_CNSS_DIAG, ANI_NL_MSG_PUMAC
and ANI_NL_MSG_PTT are not deregistered during hdd_wlan_exit which can
causes a page fault if NL issues cld80211_doit for these NL messages
when the WLAN is not up.
Add Deregsiter APIs for all the NL MSGs to call as part of
hdd_exit_netlink_services during hdd_wlan_exit.
Change-Id: I231e2f32e708e9a14305f0a8f9f2f603aa42b031
CRs-Fixed: 2243993
Address the following issues in the utils folder:
CHECK: 'interupt' may be misspelled - perhaps 'interrupt'?
CHECK: 'ommitted' may be misspelled - perhaps 'omitted'?
CHECK: 'TRESHOLD' may be misspelled - perhaps 'THRESHOLD'?
Change-Id: Ic9c2fdf2566f3bdd8c37906e52ed65d4dc1d1563
CRs-Fixed: 2241587
There are instances of use of older A_UINT/A_INT.
Replace all such instances with the qdf u_int*_t/int*_t.
Change-Id: I7ce29b03f29a0d1a0cf87cfd3c846f4694da4c2a
CR's-Fixed: 2210869
Currently, there is no check of:
1) Firmware event parameters in dbglog_parse_debug_logs(), which can
result in integer underflow.
2) Number of dbg log args against the total length, which can result in
buffer over-read.
To fix this, compare size of firmware event parameters and number of
dbg log args with total buffer length.
Change-Id: I7fbc684ec9e80cfc66220755a1ad6b9394194735
CRs-Fixed: 2197246
A recent change added a wrapper to nla_parse. When CNSS_GENL is enabled,
this new wrapper API is not defined in cnss_diag_cmd_handler, causing a
compilation failure. Include the appropriate header file when CNSS_GENL
is enabled.
Change-Id: I2e929b48e306fb1426eb6e59011cd821922bb8dd
CRs-Fixed: 2112767
The Linux kernel version 4.12 introduced an API change to nla_parse().
Add conditional compilation to call nla_parse with the correct
parameters based on the version of the linux kernel being compiled
against.
Change-Id: Ie904d217a42a2396f8245251a9c90a15dac2c0c9
CRs-Fixed: 2093354
qcacld-2.0 to qcacld-3.0 propagation
Currently the crash can be injected by iwpriv command and FW
gets crashed.
Changes are done to add the gEnableCrashInject ini parameter
1) This ini param is disabled by default.
2) If this param is disabled the crash inject is ignored.
Change-Id: I082ca4101806033958b10869f151d6085ca7a2d6
CRs-Fixed: 2084606
Gcc 6 introduces some stricter checking for bool value
comparison, causing build errors when a certain code
block in CLD3.x driver is compiled.
Change-Id: I270e20dab8410f45e734c15d5365e30e314b55c8
CRs-Fixed: 2051383
WMI FW log debug FS is created irrespective of WLAN_DEBUGFS is defined
or not. Make sure to only create WMI log debugfs only if WLAN_DEBUGFS
is defined.
Change-Id: I8d7d5ef160ce2674b3f01dc7afa3ac4761538cab
CRs-Fixed: 2066664
In cnss_diag_cmd_handler(), add length check for the command attribute.
This prevents possibility of a buffer overread or underrun.
Also add audit comment to express the intent why policy table
is not used in this API.
Change-Id: I023bbf3789498f315fd1bff8db8ef8257abb2b04
CRs-Fixed: 2058580
Currently user space communication functions[cnss diag, PTT socket app]
in host driver uses netlink user sockets which is a security concern from
Linux Android SE policies.
Add support for to use netlink family cld80211 which uses generic
netlink sockets.
Change-Id: Ia833249c1f312415e38563d90214979cea3d9f0e
CRs-Fixed: 2015931
Change default log level for all firmware modules and
also per module with a specific log level.
Change-Id: I33275f2737e0e56daea4e2edd8debca8016f1ed0
CRs-Fixed: 2013439
