Currently in hdd_extscan_start_fill_bucket_channel_spec() the
QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC attribute is parsed without
specifying a policy. This means that no policy is enforced.
Subsequently the values of the nested attributes are retrieved, but
again without any length limits enforced. This could result in a
buffer overread.
To prevent this issue:
* Parse using the existing policy wlan_hdd_extscan_config_policy
* Update the policy to add missing attributes
Change-Id: I3b20cb28d1beccd2e804b022b531413ad1edb533
CRs-Fixed: 2054958
Host is always updating channel width as 20MHz while updating the
rx nss value in Operating Mode IE.
Channel width should be updated from session entry.
CRs-Fixed: 2048435
Change-Id: Ib78f52d3ad1be875450a76c20a9332933f50277f
Driver is accepting get tx power request from the application in
disconnected state and requesting FW for class A stats.
Since it is in disconnected state driver fails to parse the peer
stats.
CRs-Fixed: 2052864
Change-Id: Ie49528f0822b45bb103bc578f35b992797ebb1c5
WMA is ignoring stats request if there is already pending stats request
for the same sta id. When WMA ignores stats requests it should send a
response back to HDD so that it doesn't timeout waiting for response.
CRs-Fixed: 2052962
Change-Id: I781816c42fac12a0ace4e64558fc09418f32ddd7
Host is not stopping the TDLS timers when PDR is triggered.
These timers are expiring during wlan shut down and leading to
crash.
Fix is to stop TDLS timers while resetting adapters.
CRs-Fixed: 2050795
Change-Id: I944081342ff2de2548ff839a7b852d64282c0323
FW indicates the bt coex events using event
'WMI_TDLS_CONNECTION_TRACKER_NOTIFICATION' and with reason as
'WMI_TDLS_ENTER_BT_BUSY_MODE' and 'WMI_TDLS_EXIT_BT_BUSY_MODE'.
WMA is handling this event and sending it to PE, But PE is not
handling it.
This change is to handle WMI_TDLS_CONNECTION_TRACKER_NOTIFICATION
in PE.
CRs-Fixed: 2051707
Change-Id: I844d1883bcb769799170fd7cf7114940d1bb8cd4
All the vdev and peer related commands are forbidden, when the
roaming happens in the system.
Firmware roaming module does vdev_stop, once the roaming is
successfully completed. Part of vdev stop, firmware will delete
all TDLS peers. So after roaming is completed, as part of
roam_sync_complete, host should not send peer_delete. If host
sends peer_delete then FW will not be able to send
peer_delete_resp_event as peer is already deleted
during roaming.
Make changes to reject all vdev and management commands
to firmware, when roaming is in progress in the system.
Change-Id: I17b36d0ce484efeda9dc537684792c7a90d2eae8
CRs-Fixed: 2049039
Currently, driver is not updating the ESE version IE presence to PE
session if power constraint IE is present in beacon/probe. This causes
driver not adding ESE version IE in assoc request though AP is
advertising ESE version IE in its beacon/probe.
Update ESE version IE presence to PE session irrespective of whether
Power constraint IE is present or not.
Change-Id: Idb4ab5ef03449df49ee74848c8824bca9318f08a
CRs-Fixed: 2042660
Remove self assing variable rx_pkt->pkt_meta.tsf_delta
from wma_process_rmf_frame which is already initialized
in wma_mgmt_rx_process from structure wmi_mgmt_rx_hdr.
Change-Id: Ie8a777fccc2fb282018fc9e3548631def00878a4
CRs-Fixed: 2043356
Staid with 0 value is considered invalid for TDLS peer.
But Staid with 0 should not be invalid.
The fix is to allow staid with 0 value as valid for
TDLS peer, and assign 0xFF as invalid staid for TDLS
peer.
Change-Id: Ia175c7f1621e7ac0bb826c60fad4ce98dbd41d44
CRs-Fixed: 2041406
In the hdd_ipa_forward, we are not populating pm_tx_cb->ipa_tx_desc
field. So, during hdd_ipa_cleanup, call ipa_free_skb only when
ipa_tx_desc is not NULL.
Change-Id: Ib15cd3eb0c7b10a205993db27960fa2e7775b335
CRs-Fixed: 2046901
Observing compilation errors when FEATURE_WLAN_LFR_METRICS
flag is enabled.
Add changes to fix the compilation errors
Change-Id: I9272cf26e590879f327629e21c76b991d077ad5c
CRs-Fixed: 2053760
Disable vendor VHT IE support if 11ac is disabled in 2.4G by
user configuration
Change-Id: I8920fae5352fa1a4c7356918bce3b27e2c4a3345
CRs-Fixed: 2052059
P2P connection is failed because host driver is updating
stale BSS entry of P2P go to NL.
Remove BSS entry from scan cache irrespective of reason
code.
Change-Id: I99eb1fd953037bbbd9c1af1147d3656f6ca246c3
CRs-Fixed: 1110752
Fix compilation error of "sessionId may be used uninitialized in
this function" by initializing sessionId to CSR_SESSION_ID_INVALID.
CRs-Fixed: 2055208
Change-Id: Id2da1f3ee028d85b1e0c1dfc4f65af5a54dd4479
Changes done to head pointer in ol_rx_add_mpdu_to_list() is not
returned back to caller as arguments are sent as pass by value
Change-Id: Ie8c98af2ea4e03b0678df243aa0c832165494168
CRs-Fixed: 2046362
Few APs create interoperability issues when STA goes to power-save mode
right after initial connection.
In order to resolve these issues, defer the power-save for few seconds
when connected to those APs.
Change-Id: I3f6b642fb4e481dcb8e14f6da141f4cfa9d6b167
CRs-Fixed: 2046014
In ol_rx_fwd_check, do not remove nbuf Rx packet in case intra-bss
forwarded traffic. Regular Tx completion will take care to free the nbuf
and its tracking.
In ol_rx_defrag_decap_recombine(), it is callers responsibilty to free the
source nbuf if concatinate succeeds.
Change-Id: Iaf83524924e312bf819483de38603241f45170a5
CRs-Fixed: 2047377
If SAP operating in DFS channel and CAC was done, isCacEndNotified
flag was set to true. If ssr triggers, SAP will restart and does cac
wait, and isCacEndNotified flag remains set which will prevent sending
vdev up to firmware to start beacon after cac done.
Change-Id: I02b9c1dbcd1f37df1de134ce54233c2061bf7cec
CRs-Fixed: 2049957
Make sure to first reset dfs_cac_block_tx (if operating channel is not
dfs) as soon as start bss event received. It is observed that in some
cases further processing of start bss event in hdd_hostapd_sap_event_cb
is failed and dfs_cac_block_tx flag remain set, because of this all the
tx packets from network layer are blocked. SAP continue to beacon but
peer stations failed to connect as SAP is blocked to transmit dhcp or
other data packets from network stack.
Change-Id: I045e38d6b826d2de64520fe9063e6123bc6650e6
CRs-Fixed: 2026958
Supplicant uses connect command to send roam request and
also starts auth timer. On failing to receive assoc success
from driver, supplicant will send disconnect indication to
the driver after auth timeout which is 10 sec.
So, currently supplicant does not allow to stay with current AP
if roam invoke fails.
On roam invoke failure, indicate this failure to supplicant
and send death to current AP for driver and firmware cleanup,
So that we can avoid 10sec auth-timer delay.
Change-Id: Ie010a55b9b7a6563c817b17815d004f7b8bfa2fa
CRs-Fixed: 2044156
Make sure to update cac duration correctly if any of the
bonded channel is weather channel.
Change-Id: If96654427abd32757a592a1e89113c185127f221
CRs-Fixed: 2034640
Make sure to free cfg resource in allocated during
cfg_init when case of pe_open failure happen.
Change-Id: I651585dabec344253fb3015d974f9f4685d24304
CRs-Fixed: 2027588
In “Change-Id: I3638b576b76c26181cb180d8b37e195ba3b0ecad”
replaced dynamic allocation of p_mac to used memory from
.bss segment, So do not free p_mac.
Change-Id: I2aab77871b8b96de65d7732a001934586df635d0
CRs-Fixed: 2026241
Size of global context handler p_mac is too big to allocate memory
and more possibility of failing memory allocation of this big size.
So use mac global context from .bss segment by using global static
variable.
Change-Id: I3638b576b76c26181cb180d8b37e195ba3b0ecad
CRs-Fixed: 2011049
qcacld-2.0 to qcacld-3.0 propagation
When the DUT connects to an AP whose BI is short, for
example 25ms. Per the fw scan schedule mechanism, the
TBTT scan has high priority. Then the scan issued by
host will be timeout.
To mitigate this issue, enable the burst scan feature
by setting the burst scan duration.
Change-Id: Id28e9d1ec242c205481fb3b7242134b0dae78834
CRs-Fixed: 1109279
Add INI params for 11AX HE OBSS_PD. Update code to set
these params on BSS start on station connection and SAP start.
Change-Id: I60ae2cae936558668dfb1059744a6e3891aaebd1
CRs-fixed: 2045431
Propagation from cld3.0-1.1 to cld3.0-2.0
Firmware sends a value of 0x127 or -1 to represent
an invalid SNR to the host. Handle it in the host
for both the values
Change-Id: I374c626566cd5b7d67aaca43167f9fe4bd4b85a2
CRs-Fixed: 1105132
gHwFilterMode was mistakenly defaulted to 0. Change the default value
for gHwFilterMode to 1, to match the previous non-arp-bcast-filter
semantics.
Change-Id: I2b22c253fae52ef500290dea63699633da82fd06
CRs-Fixed: 2044102
Add a 'gHwFilterMode' ini item to control the DTIM mode hardware
filter. This ini item supersedes 'g_enable_non_arp_bc_hw_filter.'
# disable feature (default)
gHwFilterMode=0
# drop all broadcast frames, except ARP
gHwFilterMode=1
# drop all multicast frames, except ICMPv6
gHwFilterMode=2
# drop all broadcast and multicast frames, except ARP and ICMPv6
gHwFilterMode=3
Change-Id: I6bc8ac7585ffd0a62ab1c57558a798df9b63f2ce
CRs-Fixed: 2040420
