Fast forward CLD3.0-2.0-dev branch to tip of CLD3-1.1-dev from 5.1.0.34A to 5.1.0.34D
Merge upto commit-id: 7c2d0a0afe
* remotes/origin/wlan-cld3.driver.lnx.1.1-dev:
Release 5.1.0.34D
qcacld-3.0: Avoid NULL pointer dereference in send_packetdump()
Release 5.1.0.34C
qcacld-3.0: Fix ext_caps IE in Probe Request sent due to HB Failure
Release 5.1.0.34B
qcacld-3.0: Fix buffer overflow in __lim_process_roam_scan_offload_req
CRs-Fixed: 688141 1083819 1081117 1082162
Change-Id: Iec230253d1a3c666187afdd087a387dea5c49bcf
In send_packetdump() the call to hdd_get_adapter_by_vdev() can return
a NULL pointer if an adapter with the given vdev is not found. Add
logic to validate the pointer before dereferencing it.
Change-Id: I7dce5ed4debc43ef2f14d429e5651732377fe3e0
CRs-Fixed: 1083819
Pass addition scan IE to probe request function when generating probe request
due to HB failure, otherwise Ext Cap IE values will not be consistent with
other probe requests.
Change-Id: I65ba2d5377f7c48d5344c5b4b9782e3c55f6635c
CRs-Fixed: 1081117
In validation code, change condition local_ie_len <= to always less than
QDF_ARRAY_SIZE(array) value, to avoid buffer overflow.
Change-Id: I9612ce6e922dd481747253b3b35d74060439c159
CRs-Fixed: 1082162
As per new requirement, when DBS is disabled from INI, driver needs
to enable Rx LDPC for all persona if it is supported by hardware and
enabled from INI.
CRs-Fixed: 1083379
Change-Id: I803ffd2c8035bd2604db7189f3d0734816c80d3f
(cherry picked from commit 284064f72ae7a421a6d870c5c29d496fea23353f)
1) If STA is on 2G channel and SAP is coming up on 5G DFS channel then
it should be allowed given that DBS is supported.
2) If STA is on 5G channel and SAP is coming up on 5G DFS channel then
it shoudln't be allowed as it will create DFS MCC scenario
3) If SAP is on 5G DFS and STA is coming up on 2G channel then it should
be allowed given that DBS is supported.
4) If SAP is on 5G or 2G channel and STA is coming up on either of the
bands then allow connections to go through.
Make necessary adjustment to apply all above 4 rules.
Change-Id: I0a4dfe57cad1d2a62ada1bd8c258f7f3f6ac5dc2
CRs-Fixed: 1083376
(cherry picked from commit c6b307e0bc8ea638f44bd8ef86d09737a930b3ba)
We dont need to combine channel states if the Channel width is not
80P80MHZ. Fix this so the logic is easier to understand.
CRs-Fixed: 1082221
Change-Id: Ie31d564f63278fe6549a2d54165920c28958c274
(cherry picked from commit a53a28f26e2add8309bb0c2ebacaa8f97f2506d3)
While defining setPktFilter ioctl arguments, Host is setting
IW_PRIV_SIZE_FIXED, which means setPktFilter ioctl accepts
exactly fixed(103) number of parameters. So, if user issues
the ioctl with number parameter other than 103, kernel returns
failure.
Remove IW_PRIV_SIZE_FIXED while defining arguments for setPktFilter
IOCTL, so that setPktFilter is processed.
Change-Id: I373609eb3c180af80218d6e955a1cf0d56f785a7
CRs-Fixed: 1081982
(cherry picked from commit 1105e872650391fbaad03efa325510482c413680)
Fix improper naming and exporting of dump_frag_desc() by:
1) adding ol_txrx prefix in the api
2) adding prototype of api to ol_tx.h and removing the local
prototype for the api from core/dp/txrx/ol_tx_desc.c
Change-Id: I29a06419164afba7c1c391d11aee10742d41b93c
CRs-Fixed: 1083068
(cherry picked from commit bcc6b34818654241a4886b35619fb5e901f6f10b)
Enable logging of DPTRACE logs at each layer of driver and at tx
completion for all tx as well as rx protocol packets.
Change-Id: Id568c19196702034989a0f55490bc62667b3b20e
CRs-Fixed: 1083002
(cherry picked from commit c91cad24c240283aa70b120836799014c820975f)
Add a spinlock to make sure that htt rx_hash history buffer will
not break under SMP conditions. Apply the lock on set and reset operations.
Add timestamp to each buffer entry (will store the time stamp of the last
operation on the entry).
Change-Id: If1dcab4ac331351cf2dcfbaa6cb24d453e7fdf50
CRs-Fixed: 1077047
(cherry picked from commit be2d6e14afdc142564bb9d7fbcc446c060b0d0d4)
In function sap_random_channel_sel change final_lst array size from
WNI_CFG_VALID_CHANNEL_LIST_LEN (100) to QDF_MAX_NUM_CHAN (128) to
avoid possible buffer overflow, as sap_apply_rules function can return
rule_adjusted_cnt QDF_MAX_NUM_CHAN size.
Change-Id: I367dc54966fa57a7ef0195279953e31def06fd21
CRs-Fixed: 1082162
(cherry picked from commit bceffc9b2cfb622fbb44b5ec768fd7ebc6ecadb2)
In function __lim_process_roam_scan_offload_req add validation code
to avoid buffer overflow during memcopy.
Change-Id: I2ac02e276dd7e4df0a6dffe58181ff538b49ed74
CRs-Fixed: 1082162
(cherry picked from commit 9806f9cfe464fb7ebebbf1a1f27c2b0b39cb1ffd)
unlock chan_lock before return in wma_dfs_indicate_radar function
in failure case.
Change-Id: I389d6479d2cd048b636230b38f135471acd38d00
CRs-Fixed: 1082162
(cherry picked from commit 41e358802ddc6722e4f1bf37b8c68ceab5e5fee5)
In wma_mgmt_tx_bundle_completion_handler function fix validation code from
logical AND to OR, to fail validation if any of the two input variable are
invalid.
Change-Id: I835b4d4bfb966e313c9ab05fb9fd57b10925d506
CRs-Fixed: 1082162
(cherry picked from commit d1c9e067b250fe75257164e1db7e363db583d49b)
sap_signal_hdd_event function caller may pass NULL csr_romeinfo,
So validate csr_roaminfo to avoid null pointer dereference.
Change-Id: I17364d9c3eb7b84786a86c29bc03b99dc2c0149a
CRs-Fixed: 1082162
(cherry picked from commit 023028cc64383d062d10a3922dc06ba6c4cac54a)
In __lim_process_gid_management_action_frame function dph_lookup_hash_entry
may return NULL, So validate return type to avoid null pointer dereference.
Change-Id: I7d66f61bb26017ed4ffdd3435520b68623dda55a
CRs-Fixed: 1082162
(cherry picked from commit 86a1d429d9114f982dd837c4d2527f154261c459)
hdd_ocb_config_new() takes four "length" parameters, currently defined
to be of type 'int'. Since these are summed to calculate the size of a
dynamic memory allocation they must be non-negative so change them to
'uint32_t'.
Change-Id: Ie66bbb7c69aba92d9d846cb90628110b3bea8f74
CRs-Fixed: 1079596
(cherry picked from commit a3047fb23625dfae22520c106e8b90093590b3d4)
If the TX queue is unresponsive for more than a few seconds, the Linux
kernel raises a NETDEV watchdog event. Normally, this should never
happen and indicates a problem because Apps should be suspended and not
generating TX traffic. However, during Unit-Test suspend, Apps is not
suspended and these events can be safely ignored. Disable NETDEV
watchdog events in this case to dramatically reduce logging volume.
Change-Id: Ia0d28f64d921add065d8dce3b2d6115600f16975
CRs-Fixed: 1076495
This reverts Change-Id Ia14b84f1039dc4ffec6ad63550fed21e932f8012
It was observed that in some scenarios scan results are not showing up
in the UI in a timely manner. The speculation is that not all code was
converted that needs to be converted. So revert this change for now
with the expectation that a complete change will be forthcoming. This
means that until a revised change is supplied that the original issue
of scan result aging may again be present.
Change-Id: I38d975fd9927493e81f4008b429abcae90af4fa9
CRs-Fixed: 1083225
(cherry picked from commit f40cf74d38bf630930325c6e9b703746bee107cc)
If WLAN FW crashes while in suspend mode then resume fails.
Returning failure in this case confuses kernel power manager. Do
not return failure to resume if recovery is going on.
Also do not panic for the resume failures if recovery is going
on.
Change-Id: I380194cb53ca669edaf50544657b19b74de6dfd3
CRs-fixed: 1079299
(cherry picked from commit 3ff45a5b515810d36f36e2755a3653a55ab81a4a)
If WLAN FW crashes while in suspend mode then kernel tries to
resume the driver and WMA sends resume indication to WLAN FW and
waits for the response from WLAN FW. Since FW is already crashed,
there will not be any response from WLAN FW and wait logic waits
for the timeout before bailing out. This may cause delay in
completing the recovery and may cause other race conditions
becuase of that.
Register for shutdown notification so that call back would be
called during recovery and resume event can be set to make sure
resume thread doesn't just wait for the FW response.
Change-Id: Icdd78479dd4072eabf29e7b0664d328553bfa1ad
CRs-fixed: 1079299
(cherry picked from commit 9e493ade1c08204fcfff51c66d135803d830fa60)
During remove() or shutdown(), driver waits for external thread
to complete but there is no mechanism available today to inform
lower layers that driver is about to go through remove() or
shutdown(). Add mechanism to provide the notification about
remove() or shutdown() so that lower layers can make use of it
and get out of waiting logic and complete the remove() or
shutdown() early without waiting for the timeout to happen.
Change-Id: I1eece21fb63e6d5e0454659795a4dad011483c75
CRs-fixed: 1079299
(cherry picked from commit 305516248006141ef331c8c1b7a4b56999fa496d)
channel width is not populated properly into the channel switch
parameters hence the phy_mode is configured wrongly to the FW.
Correct the channel width in the channel switch parameters and
update the CSA processing with new VHT operation IE definition.
Change-Id: I4f299dd721b602efb9e64797b1bdb34972e07797
CRs-Fixed: 1081503
(cherry picked from commit ebc53cabfb357847e434a4c822878fc4f1910be3)
An assert was observed with the following traceback:
qdf_mc_timer_stop+0x90/0x140 [wlan]
hdd_wmm_disable_inactivity_timer+0x54/0xd0 [wlan]
hdd_wmm_delts+0x168/0x240 [wlan]
iw_del_tspec+0x94/0xf0 [wlan]
In hdd_wmm_disable_inactivity_timer() there is sufficient guard logic
to only act upon a valid timer:
if (pQosContext->is_inactivity_timer_running == true) {
So it is apparent that this flag was set to true. However in this
specific use case the logs show that in the addTS path the timer was
not started and the flag was not explicitly set. So the only
explanation is that the flag was set via some other mechanism.
There are two places where a pQosContext is allocated and initialized.
In hdd_wmm_acquire_access() the implicit qos case is handled, and in
that function there is an explicit assignment:
pQosContext->is_inactivity_timer_running = false;
In hdd_wmm_addts() the explicit qos case is handled, and in that
function there is not an explicit assignment.
Note the memory is allocated by:
pQosContext = kmalloc(sizeof(*pQosContext), GFP_KERNEL);
And there is not an explicit clearing of the memory. Hence in the case
of an explicit addTS the is_inactivity_timer_running flag will have a
garbage value. So in the case at handle this garbage value must have
been equal to true.
Fix this by explicitly setting is_inactivity_timer_running in the
explicit qos case.
Change-Id: I94325ab6889780d77241d6e1b3ac0a138cf786b8
CRs-Fixed: 1083078
(cherry picked from commit 9e5e59ff7a51680d582711ef1182fc6aace1bfe1)
As of version 4.8 of the Linux kernel, the ablkcipher Api is removed.
Remove all obsolete crypto functions that reference this Api.
Change-Id: Ia82743d048834a67dfce23b91f660beb59b1e94d
CRs-Fixed: 1079951
(cherry picked from commit bf349575d765f53f207c7cb2ad6c66a198cf07de)
As of the Linux kernel 4.5, the abs() macro has changed so the results
are no longer promoted to long. Fix related issues.
Change-Id: Ic1e71327427df5fe2b47587f4dc164cbd50b86ee
CRs-Fixed: 1079308
(cherry picked from commit c980b6d8cf8f9a8beeebd702b2fc98e6b8ffc948)
As of the Linux kernel 4.7, the Api for cfg80211_scan_done() has
changed. Update references to the function and include a wrapper
to support compiling against older kernels.
Change-Id: I955d6c3767de86baeeb0760e42d12f46d0a00a5a
CRs-Fixed: 1078834
(cherry picked from commit 64288ebb9bcf45a398c7625bf79ad35dcc202eed)
nla_put_u64() was replaced by nla_put_u64_64bit() in the 4.7 Kernel.
Replace any references as needed, and provide a shim for compiling
against older versions of the Linux kernel.
Change-Id: Ia85a0d1d839a0c76a90dedd603ea667e029a1c6b
CRs-Fixed: 1078754
(cherry picked from commit b5578f0c34243338d9a421e921c9432f5c1d835f)
Net_device->trans_start was removed in the 4.7 kernel. Remove any
references to it, and replace direct assignments to it with a call to
netif_trans_update().
Change-Id: Ia512316c10afddcb1a8ed19222d933021f657a59
CRs-Fixed: 1078282
(cherry picked from commit e328cb49a4d712fe0fdf9b85c05513ef25b06458)
