Add new regulatory domains APL15 and APL16. Also add
regulatory domains APl14_WORLD, APL15_WORLD and APL16_WORLD.
Also change reg-domain mappings for a host of countries. This
incorporates changes made 2016-10-31 to the regdomain.xls
regulatory database.
Change-Id: I12faa43bed83b7a046bba9b1921584ed5cef6f40
CRs-Fixed: 1090230
NSS value in ADD_BSS response indicates NSS of the connection, while session
NSS value indicates self NSS capability used by FW to dynamically switch to
higher NSS opportunistically. Hence do not overwrite session NSS with ADD BSS
response NSS as that would cause DUT to get stuck in 1x1 and not upgrade to 2x2
opportunistically.
Change-Id: Ie4849a1ccd645ef477a90afa09ef8172048e0a86
CRs-Fixed: 1090245
While trying to enable the -Wmissing-prototypes compiler switch the
following obsolete APIs were uncovered in csr_api_roam.c:
csr_roam_get_phy_mode_from_dot11_mode()
csr_get_htcb_state_from_vhtcb_state()
csr_is_command_waiting()
Since these are obsolete, remove them.
Change-Id: If9c5efb6043ccbe874d3f7f41c4ebc1c3dc9675f
CRs-Fixed: 1085761
This is a qcacld-2.0 to qcacld-3.0 propagation.
Currently when processing the "set passpoint list" vendor command the
"number of networks" parameter is not limit checked. This value is
subsequently used to calculate the size of a buffer. Add a limit check
to ensure that an appropriately sized buffer is always allocated.
Change-Id: Ibc2346b8a62898fc47e2d1efe457c57c08b0cada
CRs-Fixed: 1091940
This is a qcacld-2.0 to qcacld-3.0 propagation.
Currently when processing an EXTSCAN vendor command the "num buckets"
attribute is limit checked and if it exceeds a MAX value then a
warning message is issued. But beyond that the "num buckets" attribute
is not used. Instead when the buckets are actually parsed the number
of buckets is calculated dynamically based upon the number of
attributes present in the request. Unfortunately when the bucket
attributes are parsed there is no check to make sure the number of
buckets processed does not exceed the MAX value, and as a result a
buffer overflow can occur. Address this issue by aborting the bucket
parsing once the expected number of records have been parsed.
Change-Id: Ic260dd65dc99118afbb8042d102acb5b26d1e123
CRs-Fixed: 1087797
This is a qcacld-2.0 to qcacld-3.0 propagation.
Currently when processing an EPNO vendor command the "num networks"
attribute is limit checked and if it exceeds a MAX value then it is
reset to that MAX value. This value is then used to calculate the size
of the buffer allocated to hold the internal representation of the
request. However later when the network attributes are parsed there is
no check to make sure the number of networks processed does not exceed
the (possibly modified) "num networks" used to allocate memory, and as
a result a buffer overflow can occur. Address this issue by aborting
the network parsing once "num networks" records have been parsed.
Change-Id: I6e5f321d23471d082bb000ad0422ea9baa76577a
CRs-Fixed: 1087807
This is a qcacld-2.0 to qcacld-3.0 propagation.
Currently there is a single wlan_hdd_extscan_config_policy which
contains entries for both EXTSCAN and PNO attributes. However the
EXTSCAN and PNO attributes have separate and overlapping
assignments. Therefore one policy cannot be used by both types of
commands. In addition, when parsing nested PNO attributes the policy
is not used, and hence no checking is performed on the nested
data. This can result in a buffer overflow.
To address these issues introduce a new policy for PNO vendor
commands, and use that policy both when parsing the initial command
and when parsing the nested attributes. Furthermore add a zero length
SSID check to prevent underflow.
Change-Id: I92c8fc7ca1c44971502ea68b5486a2b3ae941cc5
CRs-Fixed: 1087209
In function wma_roam_scan_offload_mode, set qos_enabled to true if
qos_caps is a non zero value. Otherwise firmware will not be able
to get correct qos_caps value.
Change-Id: I3bdf43594f68cb0780f2947fff9db723644b5dac
CRs-Fixed: 1092258
Peer type in the link layer stats is being reported as wmi_peer_type
values. Map these values to wifi peer types before reporting link
layer stats to kernel.
Change-Id: I1b86cd030ff8e40296cd99b3a6ceb1168b96ba78
CRs-Fixed: 1091553
Add support to disable/configure the auto BMPS timer using INI
configuration.
The default value for the auto BMPS timer was set to 20 sec and
when the connection is established from cmd line, DUT enters into
power save once the timeout happens which can lead to issue in
DHCP completion. Framework disables the power save during DHCP and
enables it when DHCP is done, hence disable the auto BMPS timer by
default and provide the INI configuration to configure it.
Change-Id: I9732f915dd0fb552dd4943b70a6026a7a2bc80a0
CRs-Fixed: 1092305
SessionId validation check is not present in the
sme_sta_in_middle_of_roaming.
Remove duplicate sme_sta_in_middle_of_roaming API to
get roaming status instead use sme_neighbor_middle_of_roaming
API.
Change-Id: Ia8d02f93630297239454bfac37e902eccb92d761
CRs-Fixed: 1091051
Once P2P GO has started, supplicant will update the beacon/probe
response template to include the p2p group information. Host driver
is currenlty igonoring this since the 4-way handshake is not completed.
Due to this the beacon/probe response from the P2P GO is not including
the p2p group information sub-element.
Change-Id: Id645f7fdccbb59e6bf6c77dd73bdbb1c6bf47dcb
CRs-Fixed: 1087513
The 64-bit division in 32-bit architecture call 64-bit-by-64-bit
division routines "__aeabi_uldivmod", which is not defined for
the 32-bit architecture. Typecast the variables to proper data
type before division operation to avoid the "undefined symbol:
__aeabi_uldivmod" linking error during wlan driver load on
32-bit target.
CRs-Fixed: 1091920
Change-Id: I0cb7f78a098d90349870d4acb87230ba7fb492fc
Use correct variable name in argument while calling cnss_set_fw_debug_mode
cnss platform driver API to avoid compilation error for PCI based target.
Change-Id: I34d30cfd3113d379460124d423d0befa22a6bbd4
CRs-Fixed: 1091285
qcacld-2.0 to qcacld-3.0 propagation
The length of bss descriptor is calculated using offset of IE
field but when lim tries to get the ielength it doesnt use the
offset which results in incorrect IE length.
To fix use offset to get the ie length from bss descriptor
Change-Id: I7abbde83aea1e0a1cfcd7bdb1a184158f75f2455
CRs-Fixed: 1082001
In function csr_roam_offload_scan while copying ASSOC IEs, also populate
ASSOC IE length, else firmware wont get any ASSOC IE and REASSOC request
will not be consistent with ASSOC request.
Change-Id: I99af48b2f491d0bc7491a88b455e3636ea8e4eff
CRs-Fixed: 1090869
Propagate from qcacld-2.0 to qcacld-3.0
In rrmProcessBeaconReportReq(), the return value is not the same
enum type with the routine definition. In dfs_process_radarevent(),
2 variables type are not same in a comparison. Add fix to correct
it.
Change-Id: Ibc5fbf70e2632a22971f33b769b31737a40123e7
CRs-Fixed: 979671
Propagate from qcacld-2.0 to qcacld-3.0
If a channel is already in NOL list and DFS period has been expired, the
radar timestamp will not be updated when a radar event received. Update
radar timestamp in sap_mark_dfs_channels() to resolve this issue.
Change-Id: Ie9132f84bf5f35146e518b2a8a71998ddb2de901
CRs-Fixed: 1000945
Propagate from qcacld-2.0 to qcacld-3.0
Currently there are some places where value is assigned incorrectly.
Add fix to correct it.
CRs-Fixed: 1063255
Change-Id: I1d48b464ad67d112af6f3ffeea340a56633556f9
qcacld-2.0 to qcacld-3.0 propagation
When EGAP is enabled, configure EGAP parameters to firmware, and do
nothing for GAP.
When EGAP is disabled, need refine GAP in below situation.
AP+STA concurrency mode
When starts STA in case of AP existence, GREEN_AP_PS_STOP_EVENT
will be triggered, at this time need to set green_ap->ps_enable
as 0 and send firmware WMI_PDEV_GREEN_AP_PS_ENABLE_CMDID with
value 0.
When stops STA in case of AP existence, abandon using of
GREEN_AP_PS_IDLE_STATE, because once in GREEN_AP_PS_IDLE_STATE,
more than one GREEN_AP_PS_START_EVENT are needed to achieve
the GREEN_AP_PS_ON_STATE. Use GREEN_AP_PS_OFF_STATE instead.
AP mode
Remove hdd_wlan_green_ap_start_bss/hdd_wlan_green_ap_stop_bss
in eSAP_START_BSS_EVENT/eSAP_STOP_BSS_EVENT, becasue SME
session id is invalid in the context of eSAP_STOP_BSS_EVENT.
Add hdd_wlan_green_ap_start_bss/hdd_wlan_green_ap_stop_bss in
__wlan_hdd_cfg80211_start_ap/__wlan_hdd_cfg80211_stop_ap instead.
AP+AP mode
In hdd_wlan_green_ap_stop_bss, only trigger
GREEN_AP_PS_STOP_EVENT when the last AP stops.
Change-Id: Ifbf09b870b919d2bd155887bf17a494be07f97b4
CRs-Fixed: 1069300
Using a buffer after passing it to wmi_unified_cmd_send() induces a
race condition that may result in a use-after-freed situation. Fix
several potential use-after-freed situations when calling
wmi_unified_cmd_send() by ensuring all access to a buffer is done
before the call to wmi_unified_cmd_send().
Change-Id: I287487d865f3ef5386e8f8649a8bba42df5b56ac
CRs-Fixed: 1090473
qcacld-2.0 to qcacld-3.0 propagation
Remove the unwanted timer and its related code.
Change-Id: I469bf11a506a2901eae2865a69b75a058e276e75
CRs-Fixed: 658580
While initializing the CSR Scan timer, user data assignment is done with
incorrect pointer context of tSmeCmd.
Initialize userdata with right pointer context of tSmeCmd.
Change-Id: I2bdfc3c91e6cd8cc9d517640755aab26a2d818c9
CRs-Fixed: 1089908
Function lim_update_default_scan_ies() is no longer being used. Remove
this obsolete function.
Change-Id: Ic2e544232cc450fc9d8f706573b4e29144348170
CRs-Fixed: 1085760
lim_process_tdls.c defines the following "populate" functions:
populate_dot11f_link_iden()
populate_dot11f_tdls_ext_capability()
populate_dot11f_tdls_offchannel_params()
Currently these are defined to be global functions. Since these
functions are only used internally within lim_process_tdls.c and since
they don't follow the naming convention for LIM public functions, make
them static. In addition relocate them in the file so that the
existing forward reference prototypes are not needed.
Change-Id: I24452973cae7fed83efc26341eb66765fa19f7a5
CRs-Fixed: 1085760
While trying to enable the -Wmissing-prototypes switch it was
discovered that function lim_log_vht_cap() currently does not expose
its prototype in a header file. Add an appropriate prototype.
Change-Id: I493480bddd6302257123eea4bf1e7d1af5487c0d
CRs-Fixed: 1085760
Currently in lim_process_tdls.c there is a local prototype for
function lim_get_htcb_state(). Having a local prototype prevents the
compiler from verifying that the prototype matches the actual
implementation. Update the file to remove the local prototype and to
instead import the header file that defines the lim_get_htcb_state()
prototype. In addition remove the local prototype for
lim_populate_vht_mcs_set() since the appropriate header file is
already being included.
Change-Id: Ie9931f972a3126fdc08c54f497aa46ef91d746cd
CRs-Fixed: 1085760
Use QDF_BUG to create a crash dump when peer attach operation detects
that the peer already exists even after waiting for 500 ms. It will
detect failure to complete peer delete operation in firmware and
missing peer unmap events.
Crash dump is enabled only when compiled with PANIC_ON_BUG, otherwise
it will print a warning.
CRs-Fixed: 1075798
Change-Id: I0131f4f706bc76feb86894975ff9f3c30f873b9b
Scan request sent on the invalid vdev id which
triggered assert at firmware.
-Reset sessionid to invalid number in sme open
session failure scenarios.
-WMA differs vdev delete, if vdev stop
command is pending. Current code process differed
vdev delete only for P2P GO.
-Extend it for other modes so that vdev delete gets
processed later point of time.
Change-Id: I2068e358928fa7157625cf35b3de4ee552299fdb
CRs-Fixed: 1089287
WNI_CFG_VHT_SU_BEAMFORMEE_CAP is a global location for self capabilities
and is being overwritten with AP's capability, which is incorrect.
Because of this after roaming from an inferior capability AP to higher
capability AP, we are advertizing previous session's capability which is
wrong. Fix this by removing overwriting of WNI_CFG from function
lim_extract_ap_capability.
Change-Id: I5676598a008f3a118206e40c244faf38648e0b01
CRs-Fixed: 1088579
In function __wlan_hdd_cfg80211_extscan_get_valid_channel,
Valid channel list length is limited to 100. But if the channel list size
in NL request buffer is larger, it can cause a buffer overflow situation
while filling the channel list in the request buffer.
Change-Id: Ie6226934af3e40817ef4b44007915c36e501fd56
CRs-Fixed: 1083022
qcacld-2.0 to qcacld-3.0 propagation
While processing IPA event, uninitialized objects are used in debug prints.
Debug prints are updated to print valid values, by using proper variables.
Change-Id: Iedfb22a980554c326a3231b560212195f35ff745
CRs-Fixed: 1061660
qcacld-2.0 to qcacld-3.0 propagation
While retrieving FW memory dump, if memory is already allocated
then paddr, which holds physical address, is not updated.
This leads to pass invalid physical address while freeing FW
memory dump, if host fails to get FW memory dump.
Hence, assign paddr with physical address, if memory
is already allocated.
Change-Id: I3b3071ec3d5bc04177bfbe8447dadac47e81cb40
CRs-Fixed: 1061662
The mutex qdf_conc_list_lock is accessed, before it is
initialized and it triggers the system assert.
Initialize the mutex in cds open function to avoid
invalid mutex access.
Change-Id: Iec13a101ba2cc4a332d486b08f0c0562f648edfa
CRs-Fixed: 1089357
Add a logic to avoid processing duplicate rrm link measurement request.
Cache last processed frame with timestamp to validate new frame.
If retry bit set, compare sequence number and source address of
last processed frame. If both are matches and is within retry time
than ignore that frame, else process. Update last processed frame cache
every time new frame processed successfully
Change-Id: Ic2bff028c7bcd79d6b3dca186edb35464b1fd059
CRs-Fixed: 1088735
neighborRoamInfo is being accessed with index: sme session id, which is not
validated at multiple places in SME APIs. SME APIs are being called from HDD
where sme session id is initialized to 255 as invalid value. Avoid out of bound
access for neighborRoamInfo in SME APIs by checking against max session ID.
Change-Id: I312631a15373d75bcaae7278ff4f57778bf3fc9b
CRs-Fixed: 1088734
Scan flags WMI_SCAN_ADD_TPC_IE_IN_PROBE_REQ included in scan request will
trigger firmware probe request to include TPC IE, hence do not include TPC
IE in additional scan IEs sent from host.
Change-Id: I490d978d8a90b13f779c1e3a77a7bd16b9bd8b99
CRs-Fixed: 1088639
When sending WDI enable_disable message, there is ia possibility of
sending invalid session-id to firmware, which may lead to device
crash. Validate session-id before sending WDI enable_disable message.
Change-Id: Iee1a101d2187b66b0427b2137c80b598f82ad75b
CRs-Fixed: 1086832
When parsing multiple chain RSSI stats data from firmware, there is a
struct array TLV header that is not being accounted for. Properly
account for the struct array TLV header.
Change-Id: Ib41643ae9e859de6fd0d20a84c015e2b8f7205dc
CRs-Fixed: 1088660
Currently in different functions we are assigning memory to
pointers and using it without checking that pointers has valid
address or NULL.
Add NULL checks before pointer dereferences.
Change-Id: I43a04fc59e56261d37e657b815b214a59cdcf838
CRs-Fixed: 1095650
qcacld-2.0 to qcacld-3.0 propagation
Currently, TDLS can be enabled/disabled by different sources
without knowledge of each other which would lead to issue
if one of the resource enable and other would disable TDLS.
Fix is to ensure that TDLS will not be enabled/disabled
until all the resources agree upon it.
Change-Id: Id8ab5ddda88fa554f2837ded3540b3c7b3afb54d
CRs-Fixed: 948121
