In function add missing check for regulatory domain before assuming
channel 120-130 to be ETSI weather channel.
Change-Id: Ief9761b5ac06a511a4132f71c0a63c796741149d
CRs-Fixed: 2150264
__wlan_hdd_cfg80211_do_acs mallocs memory of
adapter->session.ap.sap_config.acs_cfg.ch_list
without checking and free original memory.
If hostapd is killed by -9, and interface wlan0 keep on.
wlan_hdd_cfg80211_stop_ap and wlan_hdd_undo_acs isn't called,
acs_cfg.ch_list memory isn't freed.
if hostapd is started again, __wlan_hdd_cfg80211_do_acs is called again,
malloc memory of acs_cfg.ch_list again, last malloced memory is leaked
Change-Id: Ia45615aa75841381b13a2f779cb5d355526d78a2
CRs-Fixed: 2150040
During starting of SAP, after extracting the pointer to the country IE,
country code is copied without proper IE length validation. A smaller
than accceptible IE length can cause out of bound memory access.
Validate length with with the minimum acceptible length before copying.
Change-Id: Ie2115bdbd22badd51ea40d028331ef1a74b02281
CRs-Fixed: 2150285
qcacld-2.0 to qcacld-3.0 propagation
There can be a possible race in updation of roam substate
between csrRoamWaitForKeyTimeOutHandler and upper layer
disconnect in csrRoamIssueDeauth. Race can be as follows.
Driver roam substate is eCSR_ROAM_SUBSTATE_WAIT_FOR_KEY by
the time csrRoamWaitForKeyTimeOutHandler is invoked. This
can allow check CSR_IS_WAIT_FOR_KEY to pass. If MC thread
gets preempted and if driver processes upper layer disconnect,
then driver changes roam substate to eCSR_ROAM_SUBSTATE_DEAUTH_REQ
in csrRoamIssueDeauth. When MC thread resumes processing of
csrRoamWaitForKeyTimeOutHandler, then driver changes roam
substate to eCSR_ROAM_SUBSTATE_NONE. This can result in
unhandling of eWNI_SME_DEAUTH_RSP as roam substate is not in
eCSR_ROAM_SUBSTATE_DEAUTH_REQ and can result in active command
timeout. Hence, update roam substate atomically in same context
if CSR_IS_WAIT_FOR_KEY passes in csrRoamWaitForKeyTimeOutHandler.
Change-Id: I05cfc8de54fe4196df941c2fd48db8bedc7df779
CRs-Fixed: 2155141
When the SSR and interface down happen in parallel,
the driver rejects the interface down since the
recovery is in progress. Kernel ignores the -EAGAIN
request from the driver and as part of NET_DOWN notification
in cfg80211_netdown_notifer the kernel invokes the
___cfg80211_scan_done to free the request but dosen't not send
scan_result indication, since it expects the scan_done work to
get scheduled and then broadcast the request to upperlayer.
Change-Id: Id698044ebe30cf555300e909a916d74be1f8b94f
CRs-Fixed: 2115392
Fix implicit conversion from enumeration type 'tSirRFBand'
to different enumeration type 'eCsrBand'
Currently 3 different types of enums exist to enumerate the
band type.Remove eCsrBand and tSirRfBand and
use tSirRFBand everywhere.
Change-Id: I1862c6d3a5daca7523870b7f0931ee4f20c7ce4f
CRs-Fixed: 2145080
Fix implicit conversion from enumeration type
'enum eSirMacStatusCodes' to different enumeration type
'tSirResultCodes' in function __lim_process_sme_assoc_cnf_new().
Change-Id: I1179014e3a190427f6bbfcbc62a3b82f0b187a0f
CRs-Fixed: 2145080
Regpair for country AR and CL are missing which results in a crash.
Add regpair for country AR and CL.
Change-Id: I219e92cc09d6237774f87f8d0a75d2ddea5d59ef
CRs-Fixed: 2154123
In function lim_parse_kde_elements, elem_len is obtained from the
assoc response IE buffer and is used to decrement rem_len in the
while loop. If the value of elem_len is greater than rem_len, an
integer underflow would happen to rem_len leading to buffer overread.
Also, if elem_len is greater than kde_list_len, a buffer overread
would occur when incrementing the temp_ie pointer.
Add sanity check to make sure elem_len is not greater than
kde_list_len or rem_len.
Change-Id: If126bb0e14b57f3594679b91d54cc0f1ffaa6f66
CRs-Fixed: 2152946
Check if the FILS information is valid by checking for
non-zero length for all the parameters and then proceed
with the connection
Change-Id: I8e24afd7e1d9f4b2107e7f6efc0455b40aecd087
CRs-Fixed: 2132562
When dual band mode for SAP is enabled from UI, the packet
for 2G SAP will be dropped before dfs cac finishes.
Adjust channel check to avoid pkt drop in lim_handle80211_frames.
1 non-sbs mode, bypass 2g channel packet
2 sbs mode, bypass non dfs channel packet
Change-Id: Ib292fa3d6366fd7ea045480f61ce1890ac8c320a
CRs-Fixed: 2132883
Currenly for Scan for SSID failure case, roam_info is not passed to
hdd_association_completion_handler leading to driver not sending
FILS seq num info to the supplicant. This makes the supplicant to
trigger a full EAP connection instead of FILS in the next connect.
Pass roam_info from csr_scan_handle_search_for_ssid_failure to
hdd_association_completion_handler and populate and send FILS seq
number info to supplicant.
Change-Id: I4e0a4c3cb55a286b1c66424f6b3a61c020c522a0
CRs-Fixed: 2146342
Prevent CPU bottleneck caused by scheduling the user process running
on the same CPU with IPA worker thread.
Set PF_WAKE_UP_IDLE flag in the IPA Rx exception callback, to wake
user task to idle CPU.
Change-Id: Ifd5b917c46fff39febd7e98f4761c9e80000ea35
CRs-Fixed: 2131917
Save peer_ids[] array during cleanup and print it later, after
releasing peer_map_unmap_lock. It avoids usage of multiple QDF_TRACE()
calls inside critical region.
CRs-Fixed: 2027795
Change-Id: I77474f75d0889604e30ba637a04d39fddcaf754c
DPH hash table is allocated for each session of depth equal to
max possible peers. This memory chunk goes upto 33KB in size and
may fail. Instead allocate the memory from BSS segment so that
run-time allocation is not needed.
Change-Id: I56d6adb7934faef1940ab8515fed30646f536ab2
CRs-fixed: 2149563
Currently, pdevs are created during module start, but are destroyed
when the driver is unloaded. This leads to situations where multiple
pdevs are created, but only one is destroyed. Move the pdev destroy
logic up into module stop to ensure every allocated pdev is properly
destroyed.
Change-Id: I0d9160ae75549b965bbfb4167c28b986c3dc3f12
CRs-Fixed: 2154041
The dispatcher life-cycle functions have recently been split, resulting
in new dispatcher_enable and dispatcher_disable APIs. Call these APIs as
appropriate from HDD.
Change-Id: I807070e67811e9d5804a8ffa2d7f7db62efb0908
CRs-Fixed: 2153292
Rename pmo_ucfg_* API to ucfg_pmo_* to match existing
naming convention for component ucfg APIs.
Change-Id: I59491eff038709a883efb527168159a7e9e2ba2a
CRs-Fixed: 2145088
In function dot11f_get_packed_iersn, RSN_Cap is member of the structure
sDot11fIERSN and cannot be NULL.
Remove the NULL check for RSN_Cap in dot11f_get_packed_iersn
to fix Clang errors.
Change-Id: If334c66e6b84d9776b0f1f5c1e1969125d490f2f
CRs-Fixed: 2150438
Kbuild changes to add new scan files, as part of spliting the
filter and bss scoring logic.
Change-Id: Ic239035da1d9cf1478b79c695703b426855eb85f
CRs-Fixed: 2148890
In SMMU enabld builds when system goes in low memory DMA MAP APIs
fails which causes WMI VDEV delete command send failure and as a
side effect WALN driver leaks the OL TXRX VDEV memory.
To fix OLTXRX VDEV memory leak call TXRX vdev deatch API in case
WMI VDEV delete fails because of DMA MAP failure.
Change-Id: I3936a973a1398a2e22c9e4e1ca3cdb969309d61b
CRs-Fixed: 2154578
