It is possible that call p2p_scan_abort fail while cleanup roc queue,
because vdev already been destroyed when unloading driver. In this case,
even the scan complete event will be discarded, so ROC context include
ROC timer has no chance to free.
Free ROC context include ROC timer in p2p_scan_abort failure path and
set cancel_roc_done event to avoid unneeded waiting while unloading.
CRs-Fixed: 2187778
Change-Id: I43751dca0c480e811c15de35ee28bc9426ac3764
Existing code is allocating array of 500 bytes and providing it
to snprintf to store formatted array. This might lead to stack
overflow.
Add change to allocate memory from heap instead, in all such instance.
Change-Id: Ifaecebd60346d8a04c5facf3d1d446b420eb8c54
Add new attributes to vendor subcmd
QCA_NL80211_VENDOR_SUBCMD_NUD_STATS_SET.
This carry the requisite information to
start / stop the connectivity stats collection.
CRs-Fixed: 2168412
Change-Id: Ie8a60754780433f40ed4d103b737c5e8d4e59c28
Add APIs to get TCP syn/syn-ack/ack packets,
TCP src/dst port, DNS domain name/query/response,
ICMPv4 req/res, and ICMPv4 src/tgt ip information.
Change-Id: I1e4e92997a33e64fe2e4ae28a05b54b6ba5e8cff
CRs-Fixed: 2168412
Extend wmi interface command to support other
connectivity check stats(ICMPv4 and tcp).
Change-Id: I881aaeab6e3e1f36b7153630b87a07019660d896
CRs-Fixed: 2168412
Remove redundant DBS HW mode request from
pm_next_action_two_connection_dbs_2x2_table. For 2x2 DBS HW even for first
connection if it is on 2.4G, DBS will get requested. Hence no need to
request again for second connection on the other band.
Change-Id: I17db8de5ed7a60f556cc8eeed59bbbfe0d63e795
CRs-Fixed: 2199420
Change the signature of QDF FW down callback API to return bool
instead of void. Return type true indicates fw is down and return
type false indicates fw is not down.
Change-Id: I2be6f14e5fbdb7b24ccd604244e1314a8f127291
CRs-Fixed: 2196217
Add vendor command that provides the current
information of WLAN hardware MAC and its
associated WLAN netdev interfaces.
Change-Id: I70ffbdf44ddc45fe606d0ad6e69f1b284cffc6fe
CRs-Fixed: 2194757
Define os_if_spectral_netlink_deinit to close the Spectral socket and
de-register the os_if callbacks
Change-Id: I3d054c2a2d630d4d959861d3620592010d04c09a
CRs-Fixed: 2186113
Currently, there is no check of:
1) Firmware event parameters in dbglog_parse_debug_logs(), which can
result in integer underflow.
2) Number of dbg log args against the total length, which can result in
buffer over-read.
To fix this, compare size of firmware event parameters and number of
dbg log args with total buffer length.
Change-Id: I7fbc684ec9e80cfc66220755a1ad6b9394194735
CRs-Fixed: 2197246
In testbed sta mode the RSNE enc type and auth type may not match the
AP's enc type and auth type and thus the scan filter is unable to match
and find the AP.
Introduce auth and enc type as "ANY" in scan filter. With the auth
and enc type set as ANY, all the AP's matching the BSSID and SSID
will be filtered and the negotiated auth and enc type will be
dependent on AP's auth and enc type.
Change-Id: I82f07f68d9ec6c6f2104122a05d06a698c61a50a
CRs-Fixed: 2197222
With IE length sanity check, that involved by Change-Id I9a091486,
11ax AP cant be found due to the addition of +1 byte in HE-operation
IE in latest spec of 11ax (D2.2).
Remove all 11ax extended capability IE length checks for now due to
11ax being under development.
Change-Id: I45d676325c72c8e0020ca52d094fb1652f8fcaf2
CRs-Fixed: 2197252
There are scenario where indoor channel operations
(like active / passive scan/connect/roam etc)
are not desired / permitted specially in sap case.
Hence add support of disabling indoor channel
on sap start and revert it on sap stop.
Change-Id: Id6e01534532e3076a3e662e6a4f71e8be924165a
CRs-fixed: 2161319
Add vendor wifi test config command attribute to send
addba request with user configuration and to set the
no ack policy.
Change-Id: I2afd62478961a774d16becba49889e855ecf7415
CRs-Fixed: 2196977
1) for raw mode, drop frames with invalid size
2) for non-raw mode, fixed issue that
frag list data_len's not properly calculated
The length issues will introduce kernel issues
during skb_linearize() at upper OS network stack layer.
Symptoms:
1)
WARNING: at net/core/skbuff.c:1782
PC is at skb_copy_bits+0x1b8/0x230
2)
kernel BU at net/core/skbuff.c:1615!
PC is at __pskb_pull_tail+0x70/0x2e4
CRs-fixed: 2188754
Change-Id: I848ec976cd922708ffd02d8272ea5a6f3bce2a00
Fix a memory leak in the cnss layer, where the packet
used to send the disable command never gets freed.
CRs-Fixed: 2185830
Change-Id: I8118baf2397bf6440177d3fe92d34a537c29df8b
In existing code scan queue cleanup is done during radio detach,
leading to access of freed vdev netdev.
Extend cfg80211 scan cleanup API to support netdev level cleanup.
Change-Id: Ice6b6d262788e71c6d229ed7de6ab0e17f270b6c
CRs-Fixed: 2185302
In scm_handle_bcn_probe, scm_add_update_entry is called before
inform_beacon(wlan_cfg80211_inform_bss_frame).
Once scan entry is added to db, there is race condition that other
threads may remove it from db before wlan_cfg80211_inform_bss_frame
is called. Thus freed memory will be accessed in
wlan_cfg80211_inform_bss_frame.
To fix call inform_beacon(wlan_cfg80211_inform_bss_frame) before
adding the entry to scan DB and after updating required fields
from duplicate older entry.
Change-Id: Ib6dd967da9625ce944bffda5037b689ffd70903a
CRs-Fixed: 2197238
1. Populate number of capabilities after extracting service ready ext param
2. Deinit ring during pdev destroy only if ring is configured
3. Do not allocate module param if no capability is shared for
the pdev by target
Change-Id: Ie92b7fc882ba8b7755fea150c724459264a0ea79
CRs-Fixed: 2192671
qdf_spinlock_create(&peer->peer_lock) is called after
wlan_objmgr_psoc_peer_attach and wlan_objmgr_vdev_peer_attach in
wlan_objmgr_peer_obj_create.
In mgmt rx handler, peer is accessed and peer_lock is acquired
before peer_lock initialized in race condition case, spinlock
bad magic issue will happen
Initialize the peer spin lock before peer attaching to avoid the
race condition
Fix same things for vdev and pdev objects
Change-Id: I4cc9d281f8c9efa9de246747641804d985b4653c
CRs-Fixed: 2198193
Fix possible REO descriptor leak while draining REO
command ring by invoking command status handlers with
special error code.
Change-Id: I2fe5f60489b57a4b0a287e67e5610112f7292677
Initializing preferred_hw_mode to WMI_HOST_HW_MODE_MAX and removing
preferred_mode check. This is needed for Napier where preferred_hw_mode
of 0 is a valid configuation which represents single radio mode.
Change-Id: I8998745427427021f219667e03f767c66527d579
CRs-Fixed: 2192227
In order to migrate existing qdf_str_* APIs to qdf_str.h from
qdf_mem.h, qdf_mem.h included qdf_str.h. Now that consumers are
including qdf_str.h directly, remove this include.
Change-Id: I6b0ee3a4a2ad17db922b8e19087c1d730ad9b419
CRs-Fixed: 2196132
Add function for extract_nfcal_power_ev_param and
register wmi_pdev_nfcal_power_all_channels_event_id event
to support noise floor in HK.
Change-Id: I6eef823b507be94c65df026664244eec7fc07e24
CRs-Fixed: 2157972
get_pdev_wmi_handle() can return a NULL pointer in some cases.
Perform a NULL check before using the returned pointer.
target_psoc_get_service_ext_param() can return NULL pointer in
some cases. Perform a NULL check before using the pointer.
The power debug command can take a maximum of WMI_MAX_POWER_DBG_ARGS
arguments. Check for the limit before indexing the array to avoid
illegal access of memory or overflow the array.
Change-Id: I264475e9f86c7a7e78b17b7a1fa025718a7c5af6
CRs-Fixed: 2196063
The qdf_str APIs have recently been moved from qdf_mem. Reference the
new qdf_str.h header file where appropriate.
Change-Id: If97c9c37a7d720a7b93e50ec228da67a8e980c2e
CRs-Fixed: 2196129
The debug print in function send_beacon_tmpl_send_cmd_tlv
is too verbose and doesn't exhibit anything meaningful.
Remove it to make sure meaningful logs will not get
overwritten during SnS tests.
Change-Id: I4564ac83715f0003ad53aa73f0fb859cc5cbec1c
CRs-Fixed: 2197209
CCE disable param set based on return value
which has to be checked for 1, instead of
any return value non zero
Change-Id: Ia48e5d0f50a49944dbf7ca048aab1220d8989beb
CRs-Fixed: 2132295
Return value on dp_peer_add_ast where not correct
resulting in unnecessary flooding of print.
Correct the return values for the AST APIs
Change-Id: I03983995e96314cae91db95fe02edda4564baa46
CRs-Fixed: 2183715
qcacld-2.0 to qcacmn propagation
Adds qdf time api to get time of the day in millisec
Also send host timestamp to firmware, so that firmware can print the
logs timestamp in sync with host via the wmi interface,with
api wmi_send_time_stamp_sync_cmd_tlv()
Change-Id: Id6acfc5227fdca2fbf8d266998fdfc4046adc5f4
CRs-Fixed: 2193978
If a RX packet takes below procedure, there is a double unmap:
replenish -> rx_frag -> reo_reinject -> rx_process
Fix it by mapping it again before reinjection.
CRs-Fixed: 2181134
Change-Id: I69ca74e4aad57c854f301e492fe55012ee7290a3
At some point WLAN_MACADDR_LEN was added to the driver, despite
QDF_MAC_ADDR_SIZE already serving the same purpose. There are cases
where these two macros are implicitly assumed to be the same value.
This is a classic single-source-of-truth violation, and only serves to
confuse developers. Deprecate WLAN_MACADDR_LEN and use
QDF_MAC_ADDR_SIZE instead.
Change-Id: I4e941d5e17d161a5810e693c89b95ae08f83c6b0
CRs-Fixed: 2179728
A recent commit changed the return type for qdf_str_len() to size_t from
int32_t. Update call sites for qdf_str_len() to store the return value
as size_t to match.
Change-Id: Ib8bfad2c1fc7de1f6fc601d1be69e734d3a49dcf
CRs-Fixed: 2196858
Add protection for vdev & peer while traversing during collecting
control frame stats.
Change-Id: I1e8e4e5f6f94b35644e03ddafc03b0d885d27972
CRs-Fixed: 2189230
A set of files for string abstractions has recently been added to QDF.
Move any existing qdf_str_* APIs from qdf_mem to qdf_str.
Change-Id: I6e1e5d1edcdfae2af83a6497ebd872fba981cdec
CRs-Fixed: 2196098
