Currently Kbuild unconditionally sets -DHAL_SELF_STA_PER_BSS=1. There
is only one place where this macro is referenced, and it actually
requires that the macro be set for the driver to work. Since this
logic isn't really conditional, remove the conditional compilation.
Change-Id: I09a03339df086146b81b3012fb281e166fccd5da
CRs-Fixed: 2221852
Macro WLANTL_DEBUG is currently used to define some SAP debug
counters, but these counters are unused, so remove this obsolete code.
Change-Id: Ie7d976efcb5fb335b3f60a5af48a70dd214b3bd0
CRs-Fixed: 2220915
Currently a set of ANI_COMPILER_TYPE macros are checked against, but
other than that they serve no purpose. As part of ongoing Kbuild
cleanup remove these obsolete macros.
Change-Id: Ia112d7d5ae8d12eae46144b53addc8ad54393bba
CRs-Fixed: 2220285
The routine wma_extscan_change_results_event_handler sends the ext scan
results to upper layers. This contains the bssid info, rssi values of
different APs that are scanner. If the num_rssi_samples is negative or
greater than UINT32_MAX,then an OOB write could happen.
Add check to ensure rssi_num is not negative or exceeds UINT32_MAX.
Also make sure the numap value is not negative.
Change-Id: If82c4fd1193c45d38bd4495c187a406deb25acad
CRs-Fixed: 2205957
After SSR, FW clear its txrx connectivity stats.
In host, as adapter is intact, host connectivity
stats counts are still available. Now if the set
stats command is used again, then host increments
its counts start from its last saved value, i.e.,
count before SSR, and FW increments its count from 0.
This sends a mismatch of packet counts b/w
host and FW to framework that creates ambiquity.
To address the issue, reset the host counts so that after SSR
both FW and host start increment their counts from 0.
Change-Id: I11f849d6f00abe11f3bb8947cc81e47a3bc004fa
CRs-Fixed: 2202890
Currently pdev pointer is freed prematurely in ol_txrx_pdev_pre_detach
but the same pointer is used when ol_txrx_pdev_detach is called. This
may lead to invalid pointer dereference issue.
To fix this issue, free pdev pointer in ol_txrx_pdev_detach after
ol_txrx_pdev_pre_detach is called.
Change-Id: I089d70842b90b568ee8a38c6ed56f5418df7303d
CRs-Fixed: 2207417
In lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message, length passed
to unpack WPA IE is length of WPA IE + 2 bytes extra
(rsn_ie->rsnIEdata[1] + 2) - 4. So in case of only WPA IE is present
in assoc request, the WPA IE parser will try to validate the buffer
beyond the WPA IE and might fail as the extra 2 bytes of buffer might
contains some garbage value.
Pass appropriate length to unpack WPA IE.
Change-Id: Ifad6fabf701a82abd4234569d108b4172adf2bcb
CRs-Fixed: 2217455
qcacld-2.0 to qcacld-3.0 propagation
Use qdf_do_div() for 64 bit division, because '/' can't be used for
64 bit division on arm32 platform.
Change-Id: I19a1db8adbc1fe7acaee0ec824f670b67284f628
CRs-Fixed: 2155143
Fix integer underflow in csr_update_fils_params_rso as this may
cause buffer overflow.
Change-Id: I25b31f5c0f207be09ac30d5f95911d3866d12d66
CRs-Fixed: 2204872
Several packets are sent to firmware in htt_htc_attach_all(), back to
back. However, if one of the latter packets fails to send for some
reason, the previous packets are not flushed. This leads to a number of
leaks under error conditions.
If a packet fails to send in htt_htc_attach_all(), flush the endpoint
before returning failure to the upper layers.
Change-Id: If9b33a645f7bcc77442e18566525ae57b544f1a0
CRs-Fixed: 2219137
The definition of module_param_call() was changed in 4.15 and
in order to have module params that work on the kernel both
before and after that change switch to using module_param_cb()
since its definition has not changed.
Change-Id: I4af7c802ae62041636eda3047805630a16490e75
CRs-Fixed: 2193703
Max len of CSR_DOT11F_IE_RSN is 114 which is les than the
DOT11F_IE_RSN_MAX_LEN (130) which may result in array overflow
while parsing cckm ie.
TO address this replace CSR_DOT11F_IE_RSN_MAX_LEN to with
DOT11F_IE_RSN_MAX_LEN and remove CSR_DOT11F_IE_RSN_MAX_LEN
as it is not getting used anywhere else.
Change-Id: I58f93f37bd17653db2840720ab106c01f10d535e
CRs-Fixed: 2209355
Enhance logging levels for some auto channel selection messages useful for
debugging.
CRs-Fixed: 2189466
Change-Id: I05c0f8a7c96c8e33f997b00c3d9a9d1714f283e0
Issue is under AP-AP MCC config, mcc event is not sent from wlan
to IPA driver. mcc mode is decided with the help of connection
table. But for AP mode, mcc mode is checked and updated before
connection table is updated by adding the SAP vdev entry.
Fix is to make ipa mcc mode check and notification when connection
table is updated. Since block is not allowed when conn table is
updated, a new work_struct mcc_work is introduced.
Change-Id: I935222e26bb3f6b31685f52b75084b034daccad2
CRs-Fixed: 2075876
Fix function return type for ndo_start_xmit.
Currently .ndo_start_xmit callback functions returns int, but
the correct return type should be netdev_tx_t.
Change-Id: I36d3cc886bfa0fd74a264f2791f09a251baab2ef
CRs-Fixed: 2202134
During unload/SSR, the ol_rx_thread is shutdown and then the
cpu hotplug notifier is unregistered. In other context
cpu hotplug notifier could be accessing the freed contents
of rxthread resulting in use after free.
To avoid this race condition, reject the cpu hot plug
notificaiton in case of a driver SSR in addition to
load/unload.
Change-Id: Iafadff92d5660b979c6cf20a70eef42d22a9e51a
CRs-Fixed: 2219011
Currently hdd_set_peer_rate() is implemented in wlan_hdd_wext.c with a
prototype defined in wlan_hdd_wext.h. But the only client is located
in wlan_hdd_hostapd.c, and since that is where the "master mode"
ioctls are handled, relocate hdd_set_peer_rate() to wlan_hdd_hostapd.c
and make it static.
Change-Id: I5ec9c43b29fafc75cb35f1ee465c86acbc6b3b2c
CRs-Fixed: 2219456
When wlan_hdd_validate_context returns ENODEV in the case
of FW down or when driver is in bad state, wificond will
reset and try to unload the driver while SSR/PDR may be
in progress.
Return -EGAIAN and not -ENODEV in the above case.
Change-Id: I9b2314c2d4367b5373d1202b682d2c629a5a3e9f
CRs-Fixed: 2217006
The routine wma_unified_debug_print_event_handler logs the data from debug
print event handler. The param event data from firmware is copied to a
destination buffer .If the maximum size of the data exceeds or equals
BIG_ENDIAN_MAX_DEBUG_BUF for big endian hosts then possible OOB write will
occur in wma_unified_debug_print_event_handler. For other hosts, OOB read
could occur if datalen exceeds maximum firmware message size
WMI_SVC_MAX_SIZE.
Add check to validate datalen doesnot exceed the maximum firmware msg size
WMI_SVC_MAX_SIZE. Return failure if it exceeds.
Add check to ensure datalen doesnot exceed or equal the maximum buffer
length value for big endian hosts BIG_ENDIAN_MAX_DEBUG_BUF.
Invoke strlcpy instead of memcpy to ensure the string is null terminated
before printed.
Change-Id: I45943ae76d8fcf7b53e1f064c462d01cd6d00dcf
CRs-Fixed: 2211133
Refactor the Green AP configuration so that it can be easily excluded
when the feature is not enabled, and to support transition to the
converged configuration model that is under development.
Change-Id: I275833f4c60c315937a6fba3f403eb54925e151c
CRs-Fixed: 2218656
Since camelCase is frowned upon in the Linux coding style, rename
field enableGreenAP in struct hdd_config.
Change-Id: Ie541289f79b2bfe9f2bf490bbcde7e0649e0395d
CRs-Fixed: 2218692
ol_txrx_stats_callback is not implemented as it is not required, fix
the calling function argument type to match the prototype.
Change-Id: I8a976737af8f226a1774950170f445c93ebf683b
CRs-Fixed: 2216859
PDR recovery is taking longer time because vdev
delete is waiting for peer delete completion.
Modified vdev delete handler to get the status
of firmware. If firmware state is detected as down
then vdev delete handler will not wait for peer delete
completion.
Change-Id: I1014df239a1abecaccbe5097769a10c625597e12
CRs-Fixed: 2207795
When world mode is set (ACS chan list is empty) and ACS request comes to
driver, is_acs_allowed variable is not reset. Due to this, in subsequent
ACS requests, is_acs_allowed variable would become 1, leading to ACS
failure in a loop. Fix that.
Change-Id: I97689571e147505ea2c21f271c103e3c8cc74b80
CRs-Fixed: 2215385
