While disabling SAP session, policy_mgr_decr_session_set_pcl()
is getting called twice, one from mc_thread (hdd_hostapd_sap_
event_cb()) and other from hostapd (__wlan_hdd_cfg80211_stop
_ap()). This can corrupt the pm_conn_connection_info table.
This change removes policy_mgr_decr_session_set_pcl() getting
called from hdd_hostapd_sap_event_cb().
Change-Id: Ib16af839060cb2dd3cb9f9957fd6dbb40c3b79dc
CRs-Fixed: 2055025
Initiate self recovery when firmware failed to send the unmap
event within unmap timeout OL_TXRX_PEER_UNMAP_TIMEOUT value.
Change-Id: I053e34682cb610cb258c7dabdb3f84a4b59525f1
CRs-Fixed: 2023387
Currently, driver is rejecting the FASTREASSOC command if the channel
is not provided as part of it (or) channel is given as zero.
Update channel from BSS description of the given BSS and honour
the FASTREASSOC command even if the channel is given zero.
Change-Id: Ie67a75fb7ccf470b95454842b7f46baa9b09d54c
CRs-Fixed: 2046547
Currently in __wlan_hdd_cfg80211_set_scanning_mac_oui() the
QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI attribute is copied without
first performing a length check. Add a check to ensure the attribute
is of the expected length.
Change-Id: I12ee10ed5760af6e5069707ae14b26f275da1829
CRs-Fixed: 2054687
In __wlan_hdd_vendor_abort_scan(), nla_parse() is invoked without
specifying a policy. This can result in a buffer overread when
processing the QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE attribute. To avoid
this issue use the existing "scan_policy" when invoking nla_parse().
Change-Id: Ia3e5cb7535bf0f700399e4a49c9c5da362a3ccf6
CRs-Fixed: 2054775
Currently in __wlan_hdd_cfg80211_vendor_scan() there are several
attributes which are not properly validated, and this can lead to a
buffer overread. In order to avoid these issues:
1) Define an appropriate nla_policy and specify this policy when
invoking nla_parse().
2) Explicitly validate the size of the attributes nested in the
QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES attribute.
Change-Id: I1e0d9ecf87839031fbbca9616e4bae0b0c127404
CRs-Fixed: 2054773
Currently in __wlan_hdd_cfg80211_get_preferred_freq_list(),
nla_parse() is called to parse the command attributes without
specifying a policy. This prevents nla_parse() from doing basic
validation of the attributes, and in some circumstances could result
in a buffer overread. To avoid this issue define an appropriate policy
and use it in the invocation of nla_parse().
Change-Id: I5d90b77562adb1be0d8789f1ad320612402ba90b
CRs-Fixed: 2054742
Currently in hdd_fill_encrypt_decrypt_params() there are multiple
issues with the incoming cfg80211 vendor command handling:
1) A policy is not supplied when invoking nla_parse() which prevents
basic sanity of the incoming attribute stream.
2) The length of attribute QCA_WLAN_VENDOR_ATTR_ENCRYPTION_TEST_PN is
not properly validated.
3) The length of attribute QCA_WLAN_VENDOR_ATTR_ENCRYPTION_TEST_DATA
is not properly validated.
To address these issues:
1) Create an appropriate nla_policy and specify this policy when
invoking nla_parse().
2) Validate the length of QCA_WLAN_VENDOR_ATTR_ENCRYPTION_TEST_PN to
prevent potential buffer overflow.
3) Validate the length of QCA_WLAN_VENDOR_ATTR_ENCRYPTION_TEST_DATA to
prevent potential buffer overread.
Change-Id: Ibb86897f249010c94c4098b283aad7a7f95ab9a2
CRs-Fixed: 2054760
__wlan_hdd_cfg80211_txpower_scale() calls nla_parse without specifying
a policy. Specify an nla policy with the expected attribute information
when calling nla_parse in __wlan_hdd_cfg80211_txpower_scale().
Change-Id: I6ff8a986d5d3a7137351cf66e19ca1a952b9f5f1
CRs-Fixed: 2054748
Currently in __wlan_hdd_cfg80211_set_probable_oper_channel,
nla_parse() is called to parse the command attributes without
specifying a policy. This prevents nla_parse() from doing basic
validation of the attributes, and in some circumstances could result
in a buffer overread. In addition, the tb array is not sized
correctly. To avoid these issues properly size the tb array, and
define an appropriate policy and use it in the invocation of
nla_parse().
Change-Id: I1d4bc3d1f09f0767a3cbd5ed84dc214f167c3c4d
CRs-Fixed: 2054744
When commands to Firmware fail during probe due to Firmware being down, in
most cases QDF_BUGs are hit, not allowing re-probing to take place. A new
API is defined to check if the failure is due to Firmware being down or not.
If so, return error gracefully allowing re-probing to take place
Change-Id: Ib2f21a6f1ced1c16e9d2bdbda810b160ff63e2c6
CRs-fixed: 2027444
Set WMI_VDEV_PARAM_SMPS_INTOLERANT when a VDEV cannot be allowed to
send SMPS frame. This is needed as certain AP wont properly handle
SMPS frames.
Change-Id: I1dd30bcb4fcaf312fa376cbfe3c1fb9c0d37750a
CRs-Fixed: 2049789
Replace the legacy csr api with regulatory component public api
to check if the 11d support is enabled by host.
Change-Id: I53c2378cf010693d4efa7ff8ff611e6062569adb
CRs-Fixed: 2048784
Fix replenishing logic by taking care of fragments as well
in monitor mode. Also drop the packets with mpdu_length_err
bit set in rx attention desc and don't send those packets to
upper layers.
Change-Id: Iaeeb0e40e4988ca5a2d4c5e7c98ed3f82dfca533
CRs-Fixed: 2037633
For Network Listen Offload and Preferred Network Offload, the fast scan
period is multiplied by scan_backoff_multiplier after max cycles have
occurred. Add a new configuration item, gScanBackoffMultiplier, to
configure scan_backoff_multiplier.
Change-Id: I832d3e058d1c6c0b441090039204d68502e2b96d
CRs-Fixed: 2035197
When FW assert happen, it won't do FW dump
if the bus type is SDIO.
Enable FW dump for SDIO target
Change-Id: I24655ca74003c915d9eda1106aad7cf87856947e
CRs-Fixed: 2010613
In __wlan_hdd_set_sar_power_limits() there are two places where
nla_parse() is called to parse a sequence of attributes. Currently in
both places a policy is not specified. This prevents nla_parse() from
doing basic validation of the attributes, and in some circumstances
could result in a buffer overread. To avoid this issue define an
appropriate policy and use it in both invocations of nla_parse().
Change-Id: Ie74907f65d788f9ecd7302e37440121e36ad0ec3
CRs-Fixed: 2054757
Currently in oem_cmd_handler() the CLD80211_ATTR_DATA is processed as
an OEM message without first verifying that the payload has a
sufficient length. This can lead to overreading the buffer. Add length
checks to make sure the payload is large enough to hold the message it
is supposed to encapsulate.
Change-Id: Ifaa7d1cce5bd427bfeca14cab5a44c4cb72ce59f
CRs-Fixed: 2054772
Currently, host driver sequence of events is as below
- roam sync indication from fw
- invoke csr_roam_synch_callback with SIR_ROAM_SYNCH_PROPAGATION,
which sets roam_synch_in_progress in csr session
- disable LFR3 roam in fw(send RSO stop)
- Assoc completion, Set key
- In csr_neighbor_roam_info_ctx_init, RSO start attempt fails
due to roam_synch_in_progress set
- invoke csr_roam_synch_callback with SIR_ROAM_SYNCH_COMPLETE,
which resets roam_synch_in_progress
Because of this, LFR3 is not re enabled(RSO Start is not sent)
after roam synch indication.
Re-enable fw LFR3 engine(Send RSO Start) after roam sync complete.
Change-Id: I231b6f7427cd938d9801af20dd4719482cfa7584
CRs-Fixed: 2047267
qcacld-2.0 to qcacld-3.0 propagation
Currently broadcast action frames are dropped in
__hdd_indicate_mgmt_frame(), host tries to get pAdapter using
destination mac address and returns from function as pAdpater is NULL.
Add changes to use existing pAdapter when destination address
of received packet is broadcast.
Change-Id: I9a149116b9a3ec9b4abef4808849876069f2e13c
CRs-Fixed: 2045740
Add a new target_psoc_info structure in the target if layer with the
following members
wmi_handle
target_type
target_version
target_revision
Also update the psoc data member tgt_if_handle to point to target_psoc_info
instead of pointing to WMI handle directly.
Change-Id: Iaa54b3106788f77a3b3453170735a3635cb76e70
CRs-Fixed: 2048277
The hif_napi_info structure has a dummy netdev included.
The dummy netdev is large. Avoiding unneeded allocation
save 30kb of memory. Dynamically allocating the
hif_napi_info structures also reduces the size of
the contiguous memory needed for the parent structure.
Change-Id: Ib2d0772cf793e25a10329169ddd8ef1dc1022e82
CRs-Fixed: 2020752
A recent datapath bus suspend/resume change modified the API for the
corresponding callbacks. Update callsites to use the new APIs.
Change-Id: I8efc62ecab311e5ded3a393c11a436ce9204e72d
CRs-Fixed: 2047509
When there is no interface is being used by the upper layer,interface
change timer kicks-in and closes all the modules. When there is a
sysfs read write request when the module is closed it tries to
access the contents of closed modules resulting in assert's or
crash.
To mitigate the issue validate the driver module status.
CRs-Fixed: 2052903
Change-Id: I2eec712ff823c7c2dc49f7d9d3c55d9166e3b0d9
If no AP is found in scan req for ACS, the get scan results return
error E_EMPTY. But th ACS need error E_NULL_VALUE to find a valid
channel if scan results are empty.
To fix this Return E_NULL_VALUE instead of E_EMPTY, if scan results
are empty.
Change-Id: Id50eb66e89881d4a763084037bd5576eb500bb68
CRs-Fixed: 2057618
