propagation from qcacld-2.0 to qcacld-3.0
AP+AP case, one is started, another one start fails and its channel
list buffer is NULL. When radar signal found, it will change channel
with second sap's context, then crashed since channel list is NULL.
Change-Id: I73f2c1c2fa0667e7517e2a6867d79175c47d4582
CRs-Fixed: 1091122
Add null check while accessing pdev and hif pointers from cds_get_context
API in OL layer.
CRs-Fixed: 1096535
Change-Id: I2e3e7e04f1dcc9248fe173b7cdfc8d8704d0d1d9
CNSS2 platform driver is the only driver which will support PCIe
bus based discrete WLAN chipsets.
Change-Id: If2d3aded36d383e2e4b0dc4ec9e6ab9e1023f2a9
CRs-fixed: 1082183
MCL driver interactions with mgmt txrx component in init deinit
of driver. Also, changes to make legacy path to go through mgmt
txrx component for both tx and rx mgmt. frames.
Change-Id: Icf368358fef3b9204bed5195a2502b0ea5f052d8
CRs-Fixed: 1103247
Enable UMAC converged southbound interface by default by removing
CONFIG_WLAN_CONVERGED_INTERFACE in Kbuild and WLAN_CONVERGED_INTERFACE
based API definitions in wma_main.c.
Change-Id: I3b849192b667e8c2f9fb628355c80b3d817f741a
CRs-Fixed: 1103247
Rename HDD VDEV object delete API to hdd_release_and_destroy_vdev
to indicate its true behaviour.
Change-Id: Id8baa4523b3684bea2cb9657225f82a50b1980f5
CRs-Fixed: 1108535
Rename HDD PDEV object delete API to hdd_release_and_destroy_pdev
to indicate its true behaviour.
Change-Id: Idefcd72b2ab038ca5c9b30e42893c261647069a6
CRs-Fixed: 1108530
Rename HDD PSOC object delete API to hdd_release_and_destroy_psoc
to indicate its true behaviour.
Change-Id: I750f1575c49044230309efbc44b5502ae3ab9ac2
CRs-Fixed: 1108508
Currently host sends vdev delete as part of vdev stop
timeout handling which can change internal states in
firmware. So trigger crash immediately once timeout
is detected.
Change-Id: Iab2aa4324f7cff493c2cf5d0e1a059970d455b23
CRs-Fixed: 1097007
LFR module in firmware copies WEP keys from old AP to new AP during
roaming. Host driver should not install 0 length keys during roam
sync indication processing.
Change-Id: I002be0ab330a7161ca2554d9d423e8e1b2170e55
CRs-Fixed: 1096918
In function __hdd_softap_hard_start_xmit, station id is
not validated with max station count, this might lead to
a buffer overflow situation for array aStaInfo in SapCtx.
Validate station id with max sta count.
CRs-Fixed: 1093122
Change-Id: If9f59c5a7b76845bb7783a96453e595b5afa4f30
When HDD IPA RT debugging is not enabled, rt_debug_fill_timer is not
initialized. However, we still check the timer status to destroy the
timer while deinit RT debug.
Change-Id: Ic541301843e4d72ad2bc6181728cf18c97d6191a
CRs-fixed: 1095787
qcacld-2.0 to qcacld-3.0 propagation
When pended HDD IPA events are resumed after driver unloading, a crash
happens, since resources are already freed up.
Fix by not pending events while driver unloading is in progress.
Change-Id: Id744aa6e683850ce25c875ab6b5ffabdca733e5d
CRs-Fixed: 987180
qcacld-2.0 to qcacld-3.0 propagation
This fixes a race condition between IPA Rx handler and wlan unloading
Change-Id: I8997d532a92b2708bc48f09badb89fabe1544c87
CRs-fixed: 1059550
hdd_wlan_get_ibss_peer_info() and hdd_wlan_get_ibss_peer_info_all()
initialize their completion variables after scheduling work, leading to
a race condition that can cause the completion variable to be set before
it is initialized. Reorder the operations so work is scheduled after
initializing the completion variables.
Change-Id: Ic773574f3620438b473cd5bcebee78ad87a37942
CRs-Fixed: 1074692
Use a flag fw_create_pending flag to compensate for the extra
peer reference count only once for the first peer map event. It
will avoid duplicate compensation of ref count and untimely peer
delete.
CRs-Fixed: 1092503
Change-Id: I8b32290ad1bc4a834a3edb68e25b212eee2951c1
In function sme_set_tspec_uapsd_mask_per_session update
uapsd_per_ac_bit_mask as per the values received from
ADD TS response. Otherwise, ini change if 0 will always
override ADD TS response values.
Change-Id: Ie834f651bb097c084c81c6ebc9c8637f96d7a075
CRs-Fixed: 1096829
Free msg->bodyptr in wma_mc_process_msg function for
WMA_SET_RSSI_MONITOR_REQ to avoid memory leak.
Change-Id: I7088a0ca54b374f2ef326ca344cedafe115d79d6
CRs-Fixed: 1095418
When WLAN_AP_DISCONNECT event is not processed during IPA resource
unloading inprogress, IPA offload disable is not invoked.
And WLAN_AP_CONNECT event comes later, since a new interface is setup,
the previous IPA offload enable status is not checked properly, and it
causes FW crash because IPA offload enabled twice.
Fix to maintain the IPA offload enabled flag per vdev, instead of per
interface.
Change-Id: I9ba7eceb5b1b69490e14f97871b30ea6a89c28f6
CRs-Fixed: 1091525
qcacld-2.0 to qcacld-3.0 propagation
Use SKB clone instead of using SKB copy for forward packets.
Addtional fix to release SKB to IPA when dropping Rx packets from IPA.
Change-Id: Ibfacf855b53148fd6b254e281f7163d03e3753ec
CRs-Fixed: 950379
This is a qcacld-2.0 to qcacld-3.0 propagation.
The wlan driver supports the following vendor command:
QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_SET_SIGNIFICANT_CHANGE
This command supplies a "number of APs" attribute as well as a list of
per-AP attributes. However there is no validation that the number of
APs provided won't overflow the destination buffer. In addition there
is no validation that the number of APs actually provided matches the
number of APs expected.
To address these issues:
* Verify that the expected number of APs doesn't exceed the maximum
allowed number of APs
* Verify that the actual number of APs supplied doesn't exceed the
expected number of APs
* Only process the actual number of supplied APs if it is less than
the expected number of APs.
Change-Id: I0513ffbc4a38f1d7ddbc0815d3618fc9a2ea4f77
CRs-Fixed: 1095009
This is a qcacld-2.0 to qcacld-3.0 propagation.
Currently when processing the QCA_NL80211_VENDOR_SUBCMD_ROAM vendor
command, for the following roam commands there are input validation
issues:
QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_SET_BSSID_PREFS
QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_SET_BLACKLIST_BSSID
Both of these commands have a "number of BSSIDs" attribute as well as a
list of BSSIDs. However there is no validation that the number of
BSSIDs provided won't overflow the destination buffer. In addition
there is no validation that the number of BSSIDs actually provided
matches the number of BSSIDs expected.
To address these issues, for the above mentioned commands:
* Verify that the expected number of BSSIDs doesn't exceed the maximum
allowed number of BSSIDs
* Verify that the actual number of BSSIDs supplied doesn't exceed the
expected number of BSSIDs
* Only process the actual number of supplied BSSIDs if it is less than
the expected number of BSSIDs.
Change-Id: Ifa6121ee1b1441ec415198897ef815b40cb5aff6
CRs-Fixed: 1092497
Driver logs prints QTIMER ticks and it's difficult to co-relate with
logcat timestamp.
Add logcat timestamp so that driver and logcat logs can be co-related.
Change-Id: If770d4a9b48301adc3deb8f4c1d16099dfa8dd8d
CRs-Fixed: 1095195
Currently host driver does not send interface index to supplicant
after successful roaming, this leads to disconnection in DBS mode.
Add changes to update respective interface index
by passing wdev to cfg80211_vendor_event_alloc().
Change-Id: Ic22fdd56a26a27d42a3ac7aaaf67bfba273a2697
CRs-Fixed: 1094297
Fix enum numbers as per the expectation from upper layers
which are same across different projects.
Also add few enums which are missing.
Change-Id: I59bce332667ae6503fee8f94bcff6a8cd27d1a54
CRs-Fixed: 1094088
As per the design pre-cac adapter will be assigned temporary mac address
till it finishes the CAC operation. Once the cac operation finishes
with success or failure, pre-cac adapter's mac address needs to be released.
In failure case, pre-cac adapter's mac address is getting released but
in success case, it is not released which results in to error code -22 at upper
layer.
CRs-Fixed: 1108497
Change-Id: I95da8b20392548fa3482cb92046f79b3536709b0
Maintain source of driver as well as 11d hint. Use the source of
hint to correctly disable 11d if required.
CRs-Fixed: 1093565
Change-Id: Id0ccc44389836b72466b501f5ce024f1be4b5926
Implementation of Host driver support to collect chip power stats
from firmware and display the stats in
"adb shell cat /sys/kernel/debug/wlan0/power_stats".
Change-Id: I19595ebf5a6870a0ee4d3cc2ff47d18eb24d213c
CRs-Fixed: 1045057
In function sme_ps_fill_uapsd_req_params perform a logical AND rather than OR
between current UASPD bitmask and values received in ADDTS response, otherwise
existing UAPSD bitmask (if all set) will always override ADDTS rsp values.
Change-Id: I17872f62b1f073963d3c04ad72415acd395f1ca5
CRs-Fixed: 1095306
Do not invalidate the HDD context if roaming is in progress.
Move the condition outside of the validation check
Change-Id: Idd56cbbc63ce56000f03fc47b6f1b78d53cb170f
CRs-Fixed: 1094301
qcacld-2.0 to qcacld-3.0 propagation
sta_connected flag check may fail when handle WLAN_STA_CONNECT event.
This will cause enable-ipa operation get skipped for the connect
operation. If a disconnect operation follows, it will invoke fw to
disable the ipa. Fw considers ipa to be disabled by default, so fw
will consider it be double-disable and trigger the crash.
Change-Id: Iaf4855eb1776e8c8c3b027d0ee2beb644063ef75
CRs-Fixed: 1079051
propagation from qcacld-2.0 to qcacld-3.0
When assoc fail, send protocol reason code instead of generic
reason code. Customer complain that it just reports generic
reason for WPA2 AP and cause UI mismatch.
Change-Id: I1b237e70d30f08c364d5aa56182676affdfee105
CRs-Fixed: 1010832
Revert “If26f49386b72864730679e05559b7bba80b5487a” changes
to advertise max value configured as per the WFA certification
requirement 5.2.63 STAUT acting as MU Beamformee.
Change-Id: Ib11f1f5cad89579277eba2e0b9f0cbc3ea26de5c
CRs-Fixed: 1093901
qcacld-2.0 to qcacld-3.0 propogation.
When there is an get_station request from the upper layer during roaming,
the driver returns a cached rssi value but it dosent set the "sinfo->filled"
(station_info_flags) bit flag for the NL80211_STA_INFO_SIGNAL. If this flag
is not set the kernel dosen't update the cached rssi value to upper layer.
To mitigate this issue, set the "sinfo->filled" when returning the
cached value to the upper layer during roaming.
CRs-Fixed: 1084502
Change-Id: If62f7482c8153131daa2d0ea83596e5cd4e3f104
qcacld-2.0 to qcacld-3.0 propagation
Add new resultCode, 'eSIR_SME_JOIN_DEAUTH_FROM_AP_DURING_ADD_STA',
to make sure driver does DEL_STA follwed by DEL_BSS, if driver
receives DEAUTH frame when it's waiting for ADD_STA_RSP.
Change-Id: I697a8bf4e4f4d8b1063ad660395cea33031f1647
CRs-Fixed: 599416
propagation from qcacld-2.0 to qcacld-3.0
DUT is SAP + STA SBSC mode, it takes very long time to recover after
SSR. There are two problems:
1. It clear STA session and create new after SSR, but just clear SAP
session. With sessionId in SAP context, it wrongly use new STA session
to close SAP when terminate hostapd. This is the reason why host wait
stop_bss_event for 10 seconds in cfg80211 stop ap. Set sessionId to
invalid if adapter is SAP mode.
2. In dual-wifi mode, it will start second WLAN if SSR and
WLAN_SVC_FW_CRASHED_IND late. Send this event more earlier.
Change-Id: I10a3f300ac5621463fcce4d0a5e18b2cf1cb8491
CRs-Fixed: 1054612
qcacld-2.0 to qcacld-3.0 propagation
The tCsrRoamProfile memory is not initialized to 0 properly. For the
supported_rates field, it contains a rates array with max size 12
and an integer field numRates which is the actual length of the rates
array. If numRates is not initialized properly and value is unexpected.
it may cause memory access violation error.
CRs-Fixed: 1084846
Change-Id: Ic5b1a13356e835a1186c53768a1d8ab416c9365c
qcacld-2.0 to qcacld-3.0 propagation
In MDM ap+ap case, sometimes kernel issues two skb but has same mem
address of skb head and driver tx desc id is stored in skb head, so the
first id will be overwrote by the second one. Will hit crash when handle
the tx_desc.
The solution is storing tx desc id in sk_buff to avoid the case that two
skb has same tx desc id.
Change-Id: I2186a06ad3ec929683292c4c052904a18427cc64
CRs-Fixed: 951208
qcacld-2.0 to qcacld-3.0 propagation.
Supplicant may send PNO command as disconnection was already informed
to supplicant while disconnection might still be in progress in PE
layer(DEL_STA/DEL_BSS).
Fix to send disconnect indication to upper layers after complete
cleanup.
Change-Id: I976044186eb8e79f709bda618b38815827a3e0c5
CRs-Fixed: 951162
While preparing roam_scan_offload_request in csr, populate QoS parameters
from current sme_session.
Change-Id: I8ec26b61babf15b622d2a96b304f068c15f78795
CRs-Fixed: 1092258
In function csr_issue_11d_scan, num channels is fetched from mac_ctx
before being used to access channel list. Check it against
WNI_CFG_VALID_CHANNEL_LIST_LEN before accessing channel list.
Change-Id: I4ef21ca03e1227801aaed2d5598aba7b91fdf8d3
CRs-Fixed: 1091486
