With the existing implementation of TAILQ_FOREACH_REVERSE
in ol_txrx_remove_peers_for_vdev() function, host traverses
the list, stores the peer in the var, releases the lock and
later temp var is getting deleted as part of peer unmap and
host end up in accessing the stale peer entry.
To avoid this, host should check the peer delete in progress
first before assigning it to the temp var.
Change-Id: I5b9a401ae062efc6d2fbe608b25424a27c9d9f94
CRs-Fixed: 2159446
Check hdd_ctx, adapter and sta_ctx against null before dereferencing
them in wlan_hdd_nan_datapath.c
Change-Id: Ie81a359be4f03f4f7e411b56d583c12fa3bb03c0
CRs-Fixed: 2162244
Add null pointer validation and fix possible buffer overflow issue
in sap module.
Change-Id: I314e07a31368dd3ca854b9aeab4a0bce0402a81b
CRs-Fixed: 2162246
Presently, OFDM packets are assigned preamble type of
LONG_PREAMBLE when the type should be SHORT_PREAMBLE.
Assign the preamble type correctly.
Change-Id: Ie16936ba54cb8e1dfa5e96ccc52f3fc6693a5d48
CRs-Fixed: 2159511
Currently in the scoring logic the host has the same
score of 125 for the QBSS/ESP load between 50% to 75%
and 75% to 100% which sometimes may result in improper
scoring for cases where AP1 has air time fraction
127 which convertes to 51% load and other AP2 has air
time fraction 13 which convertes to 95 % load.
But the score is same for both AP and the host selects
randomly any one of the AP instead of AP1
Fix is to change score for QBSS/ESP load to differentiate
between 50-75% and 75-100% load
Change-Id: I96d0d8a6a0a1854b2faca4435afa612336bc3caf
CRs-Fixed: 2161778
The transition to/from FTM happens after the memdump feature is
initialized. However, the memdump init/deinit functions bail out if the
driver is currently in FTM. This leads to situations were memdump is
initialized, but skips deinitialization when the driver is in FTM at the
time of unload. Since memdump is always initialized during driver probe
(the driver is never in FTM at that time), always deinitialize on driver
unload.
Change-Id: Ib3555a89f64912403d8858877086ab070ce24e35
CRs-Fixed: 2162241
For sns test in some scenarios when tx hits invalid station id it will
print massive log so that it will lead to WD bark issue.
Move log level to lower info high from info if tx hits invalid station
id, also align with cld3.1 code.
Change-Id: I965033fc8232c8ead15ef06d26aa0d1d2b468e8a
CRs-Fixed: 2159529
Add changes identify and forward GAS public action frames to
supplicant in lim_process_action_frame_no_session.
Change-Id: Id872e2b0b8b7a203b472e0bd152f25f63c873b4f
CRs-Fixed: 2161785
FILS indication IE minimum length should be 4 bytes (2 bytes for tag and
length) + (2 bytes for realm hash). However current mininum is set to
5 bytes.
Usually AP sends cache identifier also in the FILS indication IE, which
is optional and causes the ie length to be greater than min of 5.
If the AP does not send Cache Identifier and sends only realm hash,
the IE length would be 4, which causes the IE to be skipped in parsing
thereby failing FILS connection.
Fix min IE length to 4 bytes in the frame parser for FILS Indication IE
Change-Id: I07f2b724f5840f9ba8ec663e0b303d8fc86663da
CRs-Fixed: 2161241
Add the WiderBWChanSwitchAnn to ext_chan_switch_ann action frame
as optional IE. Currently WiderBWChanSwitchAnn is added only in
beacon frames.
Change-Id: I4f76479bdb2befa93fcb83238590007a555af210
CRs-Fixed: 2141529
During SAP SSR scan default ie data pointer is cleared and
set to null hence avoid unnecessary qdf_mem_cpy when source
pointer is null.
Change-Id: I75960c69804144abee5b1978b43002110b0d0be4
CRs-Fixed: 2161056
When stop AP command is received from hostapd, all the stations
are deauthenticated and then stop bss is called. But stop bss is
called with high priority as true and so gets queued on the top
of the list while del sta commands are queued at the tail as high
priority is set to false for those. This leads to desynchronization
as the commands are not serialized.
Set high priority as false for stop bss sme command to serialize all
the commands.
Change-Id: I9c80032c418e05d3b5591bb3cfd70f8285f27fe8
CRs-Fixed: 2161257
The eGAP status update event handler is exhibiting a too verbose
debug printing.
Supress the eGAP status update by increasing the debug level.
Change-Id: I85e290abfe03d488ab770a3a403871d984ee8df9
CRs-Fixed: 2161713
In api "__wlan_hdd_cfg80211_vendor_scan", the ssid length is u8,
when memcpy is done for ssid, the length is not validated and
nla_len(attr) is used directly in memcpy which can result in buffer
overwrite.
Add a check to validate the max length of scan ssid against
SIR_MAC_MAX_SSID_LENGTH.
Change-Id: If4c25710973ee50094c5d52410269962f552ac3f
CRs-Fixed: 2153326
Set passive dwell time to 28msecs for active
scan when bt a2dp is enabled and hw is not dbs
capable and when sta is connected on 2G band.
Change-Id: I44f2e3d98f2d7ddc52e4902ba989131c256da4ef
CRs-Fixed: 2146311
Do not drop operating mode action frame if channel bonding is disabled.
Process NSS change if requested by frame.
Change-Id: Id342c5399a70be8ea1b3d6c9878983a75ca456ad
CRs-Fixed: 2157167
Implement a flag in hdd context to track the state of
pktlog events. Pktlog will be enabled/disabled after SSR/PDR,
depending upon the state of Pktlog events just before SSR/PDR
is triggered.
Change-Id: I18999d7fcf3677a86c21559d7d443ba1cd086528
CRs-Fixed: 2151296
Change default value of g_is_bssid_hint_priority to 0, as the driver
scoring logic will take care of the beat AP to select from the candidate
AP and the host can ignore the hint.
Change-Id: Ia372e3e0f580047eae33cc0b68b0a0d1460ebfc2
CRs-Fixed: 2160591
In cases where memory allocated at runtime is release during module
unload, it is tempting to label these memory leaks as false positives.
Add documentation to hdd_check_for_leaks explaining why these are real
memory leaks. This helps reduce confusion, and helps to dissuade
developers from "fixing" the runtime memory leak logic, instead of
fixing the memory leak.
Change-Id: I2f7574e7465630d2d9f96280ecf8180a51b41e0f
CRs-Fixed: 2161394
Since struct sps_iovc is obsolete in the latest kernel,
use a local macro instead of sizeof() . It should be
updated with the correct IPA size macro once it is
avaiable in the latest kernel.
CRs-Fixed: 2160658
Change-Id: Ifc2926d5182c96e07de6b4ddd50156764b7ad51e
In the api sap_get_channel_list, list is allocated memory to store the
channel list to be sent for scan request. This api is called by
sap_goto_channel_sel which initializes scan_request.ChannelInfo.ChannelList
to channel_list, without any prior NULL check of channel_list.
Also in scan callback wlansap_scan_callback, if the state machine structure
is in disconnected state , the host returns without freeing the memory
allocated to the channel list in sap_ctx .
Fix is to free the memory allocated to the channel list
and make the sap_ctx->channellist, sap_ctx->num_of_channel
as NULL and zero respectively in both the instances.
Change-Id: Ia54287d6e77e206c717bd3c205ebe57510ea801c
CRs-Fixed: 2159489
Change default value of pcl_weightage to 0, as pcl
weightage logic need some changes in algo to be used in LFR3.
Change-Id: I21559f7aaa8a19388cf399dee684c00c7905cfae
CRs-Fixed: 2160589
Add support for dual band in HE caps by:
1) Setting default value of HE dual_band support to 1.
2) Checking advertised FW MAC cap for support of both bands.
Change-Id: I978e4082364b832dc3f49f13a00ef9159f269f72
CRs-Fixed: 2160792
- Change the order of the deinit code of pktlog
- Change the order of the deinit code of runtime pm
Change-Id: I570b20b247b7892f9bba82f3d3a58aff9af09105
CRs-Fixed: 2160794
This ini will set the algo used in dwell time optimization
during host scan without connection.
Change-Id: Ie81636d32b6c42651aa9b5de52889970c17f6aca
CRs-Fixed: 2159656
Use string "wifi" instead of "wlan" in sysfs path for version string.
This is to avoid warning for same string name in the path.
Change-Id: Ifadabdb3e89d9a6564bbda58241f3ff38eeb4eb1
CRs-Fixed: 2153885
User-space needs sysfs interface for retrieving version
information for both firmware and driver. Add this new
sysfs interface.
Change-Id: I666aff1868f4d1d954773fae1ae85c1ebd0fdc87
CRs-Fixed: 2153885
In api csr_prepare_scan_filter,If bWPSAssociation is set or
bOSENAssociation is set, the security check while filtering
scan results need to be skipped.
Fix is to check for both bWPSAssociation and bOSENAssociation
to set the ignore security flag in converged scan filter
Change-Id: I1e850581ab1cd3b313e681bfd110280765fa6a2a
CRs-Fixed: 2161103
Fix is to get correct 64-bit htt rx in order address
when ENABLE_DEBUG_ADDRESS_MARKING is disabled.
Change-Id: I479ed4a2dd5cee3427f9a3714cda4ed50afa271a
CRs-Fixed: 2161207
