Allow SAP to come up on DFS channel in STA+SAP concurrency mode
only when g_sta_sap_scc_on_dfs_chan enabled in ini file and also
disable chan_switch_hostapd_rate_enabled when force SCC is enabled.
CRs-Fixed: 2133958
Change-Id: Id1333a49d0538eb4ccfaf3c8498e9ca06671de02
There is a possibility of user to turn-off SAP while SSR is
in progress, leading framework to show SAP as turn-off though
SAP is still beaconning, after succsessful SSR.
Changes are done to make sure driver and framework are in sync.
Change-Id: Ic3cd1eebb23482e9cebf04683533face178698b4
CRs-Fixed: 2137646
Current open and close session APIs mainly defined in HDD, SME, and SAP
modules are not proper. They require some design changes to maintain the
consistency.
In order to achieve the goal of making symmetrical design for open
and close session logic, refactor existing API in HDD module.
CRs-Fixed: 2147971
Change-Id: Icdf8b0f99bc9fb828f7c68a32e5d25652baa8a17
Current open and close session APIs mainly defined in HDD, SME, and SAP
modules are not proper. They require some design changes to maintain the
consistency.
In order to achieve the goal of making symmetrical design for open and
close session logic, refactor existing API in SAP module.
CRs-Fixed: 2147969
Change-Id: Iccc5ddd2b14ec2b27e6746a211edd10ec06ad434
Current open and close session APIs mainly defined in HDD, SME, and SAP
modules are not proper. They require some design changes to maintain the
consistency.
In order to achieve the goal of making symmetrical design for open and
close session logic, refactor existing API in SME module which could
serve as stepping stone for SAP module and HDD module changes.
CRs-Fixed: 2147968
Change-Id: If39d191084a9f3f58b88f36d71cf42878a43b484
wlansap_open(), wlansap_close(), wlansap_start(), and wlansap_stop()
APIs are not doing what their names' suggest. Rename these APIs such
a way that they reflect the true meaning of it.
Introduce two new APIs to create and destroy the sap context.
CRs-Fixed: 2147974
Change-Id: Ie0475df480d1b19e796ddf3b639de3078a5a61a0
Check length of the data passed in the hw tx desc and
assert it is not zero-length.
This will make it then easy to debug it on host side.
Change-Id: I7d77ac5ee6f5a4992c4a91b9d5661d207732862f
CRs-Fixed: 2136638
Memory will leak when pe_handle_mgmt_frame receive data frame
and FEATURE_WLAN_ESE undefine.
Change-Id: I2b3165d7209931e8de5049cd69bf3a3bb48dafd6
CRs-Fixed: 2147025
Currently during lro enablement (hdd_lro_enable), we reset tcp delack by
sending a message to cnss-daemon (hdd_reset_tcp_delack). This function
is also resetting tcp_adv_win_scale param. This ignores the ini param
gTcpAdvWinScaleEnable.
If gTcpAdvWinScaleEnable is set to "0", the WLAN driver should not
manipulte tcp_adv_win_scale system parameter.
Remove tcp_adv_win_scale manipulation from hdd_reset_tcp_delack
function.
CRs-Fixed: 2034097
Change-Id: I98769273059a8b874845a98873d9d4fcab52ad79
Typically set hw mode & Nss update happens at the same time. Since the
order of these 2 actions may not be same always, make them independent
of each other.
Change-Id: I652ad08e16680991535e0f064c7b5996f4f58792
CRs-Fixed: 2145006
In csr_issue_11d_scan API, driver initializes the timer of "scan_11d_cmd"
with "scan_cmd" timer param instead of "scan_11d_cmd" timer. So when this
timer is stopped/started timer API throws an error as its uninitialized
timer for 11d scan command.
Fix is to pass correct parameter scan_11d_cmd->u.scanCmd.csr_scan_timer
in function csr_issue_11d_scan in order to initialize timer for 11d scan.
Change-Id: I848c70eae45890dfc7b3b327cf649e0eac41d982
CRs-Fixed: 2143243
The target_type is incorrect in the hdd_context.
Call hdd_wlan_update_target_info after calling bmi_download_firmware,
which will get target_info from the target.
Change-Id: I0fa9834f4adb1fccfbb0d450e2026188bc2be942
CRs-Fixed: 2146174
In sme_rrm_process_beacon_report_req_ind() function
Memory is not freed for error condition, and it
causes leak in the system
Release the memory for all error
conditions.
Change-Id: Ie4447a8f347e2feeb91155cd36872c6a69307db3
CRs-fixed: 2144032
Current driver is creating PMF timer for all non-pmf as well as
PMF PEERs which is un-necessary.
Create PMF timer for each PEER when PEER associates in 80211W-PMF
mode.
CRs-Fixed: 2145687
Change-Id: I698de22a075f3307253db811b7ae616ebe48c127
Enable support for concurrent STA interface to be open during startup
using the ini param gEnableConcurrentSTA
Change-Id: Iede1f8673fb682753e31ed8f376453692938e4ba
When define MEMORY_DEBUG macro for debugging memory issue,
even in normal case it still will report double free for ipa
i2w SKB.
Fix is to add ipa i2w SKB to internal tracking table.
Change-Id: I27b0afc79e8c39c99a73ec9a65a348ebf85960b6
CRs-Fixed: 2145344
User defined wowl patterns are not freed in all
of the driver unload paths, and it causes
leaks in the system.
Free user defined wowl patterns in all the driver
unload paths.
Change-Id: I7b980a6392badb3d28f2c665a96108beb71f02d5
CRs-Fixed: 2144562
WLAN driver's vendor scan request handler function declares ie_len
as uint8_t whereas kernel's cfg80211_scan_request ie_len is declared
as size_t. This type mismatch for ie_len leads to WLAN driver allocating
less memory on heap because of implicit integer overflow when kernel's
ie_len(declared as size_t) is bigger than hex 0xFF and when scan request
data is copied it overflows the allocated heap memory.
In WLAN driver's vendor scan request handler declare ie_len and len also
of type size_t such that always correct size heap memory is allocated and
there is no heap overflow during memory copy.
Change-Id: I240113d34c561c7155303b0b8b253c0cbaf7724b
CRs-Fixed: 2145573
Replace target name sdxhedgehog with sdx20 to maintain
consistency with other components on the same platform.
Change-Id: I257c082c9427f5fb7d699d11924b6bdc1b59f661
CRs-Fixed: 2023531
Kernel print warning message: Division by zero in kernel
When gBusBandwidthComputeInterval > 1000,
thresh_time_limit will be set to 0.
Change-Id: Ibb1f87815e194cd74886d3731f6d6a0fee6a6732
CRs-Fixed: 2070938
As part of Ib22dfa375217a48448c5a7872a9a2ed154dd862f, reviewer has
provided comments to make __hdd_stop and __hdd_hostapd_stop symmetrical
to avoid any logical issue.
Along with above point, fix hdd_init_ap_mode to check event_flags
instead of sap context to find out if session is already opened and
initialized.
Change-Id: I49788157a95940dfd5ec396baf40db7e3df21359
CRs-Fixed: 2136351
wlan_serialization_remove_all_cmd_from_queue() is getting called
two times which causes reference count to be decreased two times.
1) 1st time from sme_stop() -> purge_sme_cmd_list()
-> wlan_serialization_remove_all_cmd_from_queue()
2) 2nd time from wlan_serialization_vdev_obj_destroy_notification()
-> serialization_purge_cmd_list()
-> wlan_serialization_remove_all_cmd_from_queue()
1st path has been there for quite a long time as per the old serialization
design but with new serialization design, it won't be required.
Change-Id: Ia8bd91c665340e7f7628ad73af64fa0044b45dde
CRs-Fixed: 2134851
In wlan_hdd_cfg80211_set_fils_config, incoming fils configs
are copied into local buffers. Buffer allocations happen with
internal length definitions, while lengths are checked against
definitions from WMI API's. This may cause a buffer overwrite
for fils erp realm buffer.
Use the same definitions for length checks that are used for
allocations.
Change-Id: Ie26bb1fdec9b12b429cb74dd290c155deb6c32f8
CRs-Fixed: 2137834
There is an interface idle work that stops the driver module in cases of
adapter inactivity. This work grabs the iface_change_lock, which is also
grabbed before synchronously cancelling the interface idle work. This can
cause a deadlock situation where cancelling the work never finishes,
because the caller holds the lock the work needs in order to complete.
Hoist the calls to cancel the work out of locked regions to avoid the
potential deadlock situation.
Change-Id: Ie421e69e2026ad1de626daba1f72d002d9751013
CRs-Fixed: 2120671
Currently, the interface idle (aka interface change) timeout uses a
qdf_mc_timer. This dependency on the MC thread means the MC thread
cannot be shutdown as part of the interface idle timeout work. This
wastes resources, and leads to the init/deinit paths to be out of sync
with respect to starting and stopping the MC thread. To address these
issues, use a delayed work to schedule the interface idle work instead
of a qdf_mc_timer.
Change-Id: I7570081112fa236a15d823e2a3857d252567f041
CRs-Fixed: 2112696
In hdd_stop_sap_due_to_invalid_channel, sap_adapter is derived using
container_of operation on work structure. It is dereferenced to print
the sessiond id immediately followed by a NULL check.
Move debug print after the NULL check.
Change-Id: Ib22aaeba6d312621e66496fcd646319331305cd2
CRs-Fixed: 2137807
In function wma_unified_debug_print_event_handler, datalen is
received from the FW and is used to mem copy data buffer from
FW into the local array dbgbuf. Since dbgbuf is a local array
of size 500 bytes, if datalen is greater than 500, buffer
overwrite occurs during memcpy.
Add sanity check to limit datalen to 500 bytes if value received
is greater than 500 bytes.
Change-Id: Id63b5106bc7a3d3836d17ae47d019bc8a71c928e
CRs-Fixed: 2134801
