HDD currently reset various txrx handles during the deinit of an access
point (AP) interface, but fails to do so for station interfaces. This
can lead to a user-after-free while changing the interface mode from
station to something else. Reset the txrx handles during deinit for
station interfaces.
Change-Id: I189089fabefb9c430da493c0c99473179d02b5cd
CRs-Fixed: 2283532
The host will update the rx nss after it gets the
rx nss info from the operating mode notification
IE. Currently, it does not check the num rf chains
of the dut. It causes the difference between
software and hardware.
Change-Id: I5d6852f8e2928cc99fc88ccface3bc4abe97f273
CRs-Fixed: 2280003
Before checking for other kinds of resources leaks, check to ensure all
objmgr peers have been properly freed.
Change-Id: Ifb1016be456c26e140f324fc3c858bd4a5fa6a27
CRs-Fixed: 2285186
During peer removal, call cdp_peer_teardown to
make sure all the peer AST entries are removed.
This also marks the peer->delete_in_progress flag.
Change-Id: Ibe4a0244cadc2b8073e4e71a925a615447d00933
CRs-Fixed: 2287663
In the function csr_queue_sme_command, we memset the memory for
the roam command to 0 in case of failure and release the memory
to the global command pool. But in csr_roam_issue_connect,
csr_release_command_roam is called again in case of failure,
and this can lead to memset of memory to 0 that is released to
global command pool.
Remove the redundant csr_release_command_roam in the function
csr_roam_issue_connect and the call to csr_reinit_preauth_cmd in
csr_roam_enqueue_preauth.
Change-Id: Ifab3551dd3b2dbb2d135b5488f7b09f422648abb
CRs-Fixed: 2280904
print format "pS" in module will call module_address_lookup in
kernel, which will disable preempt. This could result in some
performance issues, like block rt task vsync_retire_work and
then cause janks.
Change-Id: I524b03315df7b1f6464912d2c9ce74b8dc33ea1a
CRs-Fixed: 2267779
1.Scan entry uses MGMT_SUBTYPE_BEACON to specify
the frame type. Correct lim_handle_sap_beacon
to use MGMT_SUBTYPE_BEACON to check frame type.
2.lim_allocate_and_get_bcn return corrected
pkt and pkt info.
Change-Id: I607be66a376f5121d100db52a55faf32c088a94a
CRs-Fixed: 2282274
Currently defined default value for gActionOUISwitchTo11nMode leads
to vendor APs which don't require the WAR also to be identified
for forcing 11n connection.
Fix the default value to limit the WAR to only the required vendor
AP.
Change-Id: Icecd5a3a92a35eb4d0a7eb4ae156aed7dcfbfb86
CRs-Fixed: 2276057
The beacon ie of AP to connect in sme cmd may be freed and set to
NULL in csr_roam if csr_roam_issue_join failed,
scan_result->Result.pvIes may be different in start and end of
csr_roaming_state_config_cnf_processor.
Fixed by using a local bool val to mark whether beacon ie is new
malloced and need free.
Change-Id: I04ec952273a28a3b8a215dd6812bba213ff5309a
CRs-Fixed: 2284311
We are transitioning the usage of LL stats response event
to request manager framework.
Change-Id: Ice8b3d53beb47b345ed569f2b4bf790e9f5ce506
CRs-Fixed: 2274933
Propagation from prima to qcacld-3.0
Implement GET_DISABLE_CHANNEL_LIST driver command to get disable
channel list programed by SET_DISABLE_CHANNEL_LIST driver command.
Change-Id: Ib741e1cd23cef105314325aaec86feb50f36a181
CRs-Fixed: 2206336
If driver is removing while STA is in connected state, disconnect
is not happening because hdd context validation will not be success
while driver unload is in progress.
To address this issue, remove validation of hdd context in
wlan_hdd_disconnect to allow disconnection while driver unload
is in progress.
Change-Id: Ia10aa9237a30490f3085458ab38ce27c4eeebaf0
CRs-Fixed: 2284198
Initialise spinlock: tx_mutex in pdev_attach instead of
pdev_post_attach as it may be accessed
in ol_tx_flow_ct_unpause_os_q() just after FW download.
Change-Id: I9de2eacd573420d23bc3a71a52dfb27bc1cfdab5
CRs-Fixed: 2285503
Add per module logging macros without function/line info
to avoid adding function/line info where it is not required.
Change-Id: Id808fef623b82cec38fc31071ef384f3ff0c92da
CRs-Fixed: 2278874
Propagation from prima to qcacld-3.0
Add support to disable channel list received with command
"SET_DISABLE_CHANNEL_LIST".
As part of this command, number of channels and list
of that many channels should be given. When SAP comes up, disable
the channels received in the command. If any of the interface
is up on any of the channel from the list, first disconnect
the interface and start the interface on the new channel.
Change-Id: I3c7810bfde78878a3e60570a13bf2741e1da599b
CRs-Fixed: 2205305
Currently in avoid frequency vendor command, data validation
is not being done, since this data comes from userspace driver
should not be using this data pointer without validation.
To address this issue add validation for data pointer and data
length received in driver.
Change-Id: I7b56e2ddcbcb5e98dd93d152033db48063e772d3
CRs-Fixed: 2252793
The command eSmeCommandDelStaSession issues vdev delete to
firmware. As this command eSmeCommandDelStaSession is not
serialized, this may issue delete vdev before the peers for the
vdev are deleted, resulting in fw assert. Serialization should
be brought in for this command, so that first eSmeCommandRoam
command will do vdev_stop-->remove_peer-->vdev_down and then
eSmeCommandDelStaSession will be processed which will send vdev
delete.
Post the command eSmeCommandDelStaSession to the serialization
module and WMA_DEL_STA_SELF_REQ will be posted from the sme
eSmeCommandDelStaSession handler.
Change-Id: I60fcbf622b961162c647db3638b5e019c5231971
CRs-Fixed: 2270982
Currently struct nan_datapath_peer_ind contains the following:
uint8_t session_id;
This is problematic since "session_id" is a legacy concept and should
not be used in the converged project. Fortunately this field does not
actually serve any purpose. But in order to cleanly remove it a 3-step
approach is required.
Step 1 (qcacld Change If6cf48ccbfe87b23b275720df51c6cc26af9fa5e):
Remove the logic from the converged NAN code which currently reads
this field and logs the value.
Step 2 (this change):
Remove the logic from the legacy NAN code which sets this field.
Step 3 (qcacld Change Ibeb8007c96ae1a902bfd7dd99a42ba4a291a1dc6):
Remove the session_id field from struct nan_datapath_peer_ind.
Change-Id: I2819556d48a9dd901158aaa04d6bda9c36f33012
CRs-Fixed: 2284400
If 11w is enabled, mmie should be included in broadcast
multicast rmf, length check need consider it to avoid buffer
overflow
CRs-Fixed: 2270117
Change-Id: I6c2ebe18fb5b6e4246ba6d28c1dbc55175279e30
Currently, all resource leaks are skipped during the SSR reinit stage.
However, recently added vdev and pdev leak checks apply equally as well
to SSR reinit. During SSR do as many resource leak checks as possible,
while retaining the entire set for normal use cases.
Change-Id: I33248a9fb0fbacddf9ea8682ff984290712c29d3
CRs-Fixed: 2284384
When wlan driver unloading is in progress, IPA_OPCODE_TX/RX_SUSPEND
will not be processed and resource_unloading may be left as true.
Moroever since driver will be unloaded, IPA_OPCODE_TX/RX_SUSPEND
interaction between Host and FW will not be necessary.
Fix is to disable IPA pipes directly when handling disconnection
if wlan driver unloading is in progress.
Change-Id: Ia4af1ab04052b1a9bab44105760de50ad6263dbb
CRs-Fixed: 2279044
This is an older implmenetation of handling blacklist and whitelist
OUI's. Hostapd doesn't send this information in start_ap now. There
is a possible out of bound memory access happening while parsing an
IE with this code. Remove the code to avoid security risk.
Remove redundant code handling blacklist and whitelist OUI IE's.
Change-Id: Ib16d26d6766bcffb53de34dca77073a3e986eee2
CRs-Fixed: 2239897
Max 3 BSS sessions and 10 peers are required in Genoa.
To support this, reduce SIR_MAX_SUPPORTED_BSS to 3 and
SIR_SAP_MAX_NUM_PEERS to 10.
Change-Id: Ic773b5b38193d446288321c2dfd740f6de57704e
CRs-Fixed: 2283825
The function wma_roam_synch_frame_event_handler, memory is
allocated for iface->roam_synch_frame_ind.bcn_probe_rsp,
iface->roam_synch_frame_ind.bcn_reassoc_req,
iface->roam_synch_frame_ind.bcn_reassoc_rsp when the wmi event
WMI_ROAM_SYNCH_FRAME_EVENT is received. This event is followed
by a WMI_ROAM_SYNCH_EVENT from the firmware where the host
copies the bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp to
the structure roam_synch_ind_ptr and frees the allocated memory.
In this flow memory leak can happen in following cases:
1. Firmware sends multiple cascade of WMI_ROAM_SYNCH_FRAME_EVENT
the host allocates bcn_reassoc_req, bcn_reassoc_rsp and
bcn_probe_rsp with out freeing the previous instance.
2. Firmware sends WMI_ROAM_SYNCH_FRAME_EVENT with either
bcn_reassoc_req or bcn_reassoc_req or bcn_probe_rsp NULL or all
the three are NULL.
3. Firmware sends WMI_ROAM_SYNCH_FRAME_EVENT having
bcn_reassoc_req bcn_reassoc_req and bcn_probe_rsp. Then it sends
the WMI_ROAM_SYNCH_EVENT with non zero bcn_reassoc_req_len or
bcn_reassoc_rsp_len or bcn_probe_rsp length.
4. Host doesn't free the allocated memory in
wma_roam_synch_frame_event_handler during failure cases.
Check if received iface->roam_synch_frame_ind has non NULL
bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp and free the
same before allocating new memory. Also free the allocated
bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp in failure
return cases.
Change-Id: I2b76769d09fd61929f7837cb8661d778cd2f881a
CRs-Fixed: 2282413
Do not enable HL Flow Control config flags in Kbuild.
Instead depend on defconfig settings to enable/disable HL Flow
control flags.
Change-Id: I734c4cd26d056ce28ce064e8d353075ad22e39ee
CRs-Fixed: 2284686
Map all enter/exit log macros to enter/exit QDF TRACE macro
to provide option to compile out enter/exit logs if required.
Change-Id: I0c6cd633705e820fcfeb47e3f81a3522c9ef1974
CRs-Fixed: 2274850
Change the btm_offload_config INI default to disable the sending of
solicited BTM query frame from the host.
Change-Id: Ie1d1eeff268e445ed19c62413712ab2178c7ba54
CRs-Fixed: 2279249
Add support to send below two MWS-COEX configurations to FW
1. Enable/disable MWS-COEX 4G (LTE) Quick FTDM
2. Set MWS-COEX 5G-NR power limit
Change-Id: I14656ced91c9dec2be85590e6f6c1e7497505a28
CRs-Fixed: 2265352
