In certain cases during the SSR/PDR after shutdown the interface
up of the driver can be invoked before complete recovery is completed.
This can lead to accessing the bus which is not clocked or other issues.
Block the interface up from the upper layer until the recovery is completed.
CRs-Fixed: 2096446
Change-Id: I6b6569a10520d58e005e56046288ccc10592f725
Roam sync indication checks for csr roam state to determine if user
disconnect is not in progress. But there can be a race condition
where the csr roam state is not updated by disconnect and while
roam sync check the state and proceed.
To fix this set the disconnect in progress flag in sme session
as soon as disconnect starts in HDD and use that to determine if user
disconnect is not in progress when roam sync is received.
Change-Id: Icf541b698eb194621d19b03f281ec3dfd552e373
CRs-Fixed: 2112912
Some vendor APs are not able to handle the SMPS frames causing the
APs to crash.
Add new vendor AP OUIs, compare the vendor AP OUIs with AP capabilities
and if there is a match and also check if the AP is 4x4 11ac then
associate in 1x1 to that AP.
Change-Id: I91b56d67a2d20b9e6eae8e7b6e14db4d2905ec29
CRs-Fixed: 2094490
Add support for handling vendor sub command
QCA_NL80211_VENDOR_SUBCMD_ACTIVE_TOS and parsing its attributes.
CRs-Fixed: 2069865
Change-Id: I38f761f20007a04063b0e0680793aedcabd02c6a
Set the limit off-channel command parameters and conc_system_pref
according to active tos indication from application.
CRs-Fixed: 2066088
Change-Id: I896999adb59aa468daf33364c708d95ef3062018
Driver is updating WMI_CHAN_FLAG_PASSIVE flag for DFS channels
while sending 'WMI_SCAN_CHAN_LIST_CMDID' command to firmware.
Driver should also update the WMI_CHAN_FLAG_DFS flag for
DFS channels. Otherwise functionality like skipping DFS channels
as part of scan request may not work.
CRs-Fixed: 2103636
Change-Id: Ia146eaad93deab778d5ce7a8647f5c0ba7068ead
At IPA UC detach after free IPA TX resource TX comp
ring and TX CE index pointers reset them to NULL.
Change-Id: If6a1b2857d14f5fff2f47e541156ce2c27fb33a3
CRs-Fixed: 2111959
Currently during PDR after client disassociation IPA client
disconnect event is not send because of recovery in progress
condition. After reload IPA pipes are not enabled as IPA context
number of connected stations are non zero which leads to data stall
of backhaul traffic. In this change remove recovery in progress check
which is not necessary in this case.
Change-Id: Id465f78fc224e2c08fb3977266e7032666a22692
CRs-Fixed: 2105106
Currently there is a race condition during enable of IPA WDI pipes
after IPA_RM_RESOURCE_GRANTED notification from IPA RM and at the
same time client disconnect happens. Because of this race condition
subsequent enable IPA pipes at the time of client connection IPA
driver returns error as the pipes are not disabled before. In this
change after requesting IPA resource check for IPA pipes state and
if pipes are not enabled then enable the pipes.
Change-Id: Idd0d4089efa5b81d5301a278fb0dd836db0ecb48
CRs-Fixed: 2082118
IPA's exception path buffer is not freed if adapter is invalid.
Free exception path buffer if adapter is invalid.
Change-Id: Iacaea4d96a6233764da3cf4b302d7ed9affe6d95
CRs-Fixed: 2092131
The IPA SKB's stuck in exception path are flushed after
adapter is deleted can lead to null pointer dereference of
adapter as IPA skb's have reference to this adapter in
their CB struct.
Flush ipa_pm work during the stop adapter and ensure the queue
is emptied and no outstanding buffer from IPA exception path.
CRs-Fixed: 2092131
Change-Id: I24f0c166cee1b5e0fed1c0c49a53c1a2117c900c
Recovery is triggered if rx hash table look up fails due to invalid
physical address. Since netbuf is not found in this case and null
netbuf is de-referenced after recovery is completed and this leads
to null pointer exception.
Exit gracefully if netbuf pop fails from rx hash table.
Change-Id: I66b3d1cf9aa05da235212923a551e58d86153e55
CRs-Fixed: 2094521
When system is under low memory condition and skb allocation fails,
RX ring msdu is not attached in ring replenish logic and Ring refill retry
timer refills the ring debt at the interval of 50 ms.
If refill retry fails to allocate the memory, refill debt is not updated and
this is resulting in retry logic failure.
Update refill debt when retry allocation fails to allocate
rx ring msdu.
Change-Id: I4d2230e4984e26b44db663e7e7f20c73ae90b0f0
Country codes IQ and GI are not recognized by driver.
Add driver support to recognize country code IQ and GI.
Change-Id: I76997d4426718a57fee23c9774153f1adc597c44
CRs-Fixed: 2104094
Do memzero of htt_frag_desc inside HELIUMPLUS flag as
htt_frag_desc is defined only for HELIUMPLUS.
Change-Id: Ie738881c5330956b24376f145f03dd977bf88f7b
CRs-Fixed: 2096935
Presently, htt_frag_desc is not getting zeroed out explicitly.
So fw can take the invalid/garbage data in the frag information
and treat it as a valid address which may lead to crash.
Memzero htt_frag_desc before use.
Change-Id: I9dadcb883a65c43f96e810a12b4fb491c3a2e734
CRs-Fixed: 2088448
When no channel is selected from ACS and fallback channel
is invalid, a default channel is selected but the channel
width remains invalid due to which ASSERT is happening.
Whenever default channel is selected, select default channel
width of 20 MHz as well.
Change-Id: I885e01d1324484b84e04675238d2e1f8cd10e30c
CRS-Fixed: 2112806
Add logic to mark first wakeup packet even if offload bit is not set in
the htt rx indication message sent by fw.
Change-Id: Ide50dcfcf88ecd0c71b32b0e746742dc49d08567
CRs-Fixed: 2110627
Add ini items for current and candidate rssi thresholds used in
mbo bss transition context.
Change-Id: I834c87aaaf776cdc293718fb994b4aae38af6a8b
CRs-Fixed: 2007107
During initialization, bug report lock is initialized after logger
thread is created and during deinitialization, bug report lock is
destroyed before logger thread exits. As logger thread uses this
lock there is a possibility of logger thread to access uninitialized
lock.
To mitigate this issue initialize/deinitialize lock after/before
creating logging thread.
Change-Id: I973c9b6c7eed38cbbc09258a54e587078ddb37e1
CRs-Fixed: 2094510
Device crashed while accessing the unintialized
memory as part of scan request processing.
Initialize the scan params structure to zero.
Change-Id: Iaf430c6edb485a009f8d932ce0c2d033b9ec6137
CRs-Fixed: 2116256
Moved unnecessary kernel message to debug logs where ever not
required in kernel logs
Change-Id: If7b69fbdc4afea4597d38a44f786ee221ee917b2
CRs-Fixed: 2042092
As part of start_ap new beacon memory is allocated and filled with
the parameters sent by the upper layer. If there is any failure
during the start the bss, the memory is not freed resulting in
the leak.
Free the allocated beacon memory if there is any failure in starting
the bss.
Change-Id: Idc263ffbb352e56d65d397b200facb23b7ab207c
CRs-fixed: 2033325
qcacld-2.0 to qcacld-3.0 propagation
Cleanup target dump code and add support to dump IRAM region
for different platforms. Update the Target Memory Region for
different platforms.
Change-Id: Ie29fb62e0f1bc279311f77400e8be490ccf987a4
CRs-Fixed: 2088394
In LFR3 roaming, session->nss is recomputed by starting with mac_ctx
configured value, then lim_fill_ft_session() trims it based on
AP's capability in the beacon. Then lim_ft_prepare_add_bss_req() modifies
it based on dot11mode if necessary.
CRs-Fixed: 2082240
Change-Id: If9841ea8d10cc1269ec118c9e7f75fa0444abe3e
Currently logs are printed from HDD during scan and connect for every
retry, which is causing MCThread to get stuck at printk and crash
Rate limit the hdd logs to print for every 5 retries to avoid filling
the log buffer. Also change some error logs to debug level.
Change-Id: I09ad38cd89bbd20081673142bf5a350c55b0f005
CRs-Fixed: 2090761
This is qcacld-2.0 to qcacld-3.0 propagation
In get_container_ies_len size type for len is uint8_t.
len copies values from pBufRemaining.
There can be chance for integer overflow.
To avoid that make size type for len as uint32_t.
Change-Id: I305321a6631719808ef213571974ae23b0e61bb3
CRs-Fixed: 2064580
With the latest logging guidelines info logs will be routed to
console there are lot of redundant logs causing the watchdog
bark during driver initialization.
Reduce the loglevel from info to debug so these will be logged via
Loggerapp.
CRs-Fixed: 2040730
Change-Id: I2f073e3ab2fe9c129867cadd54c9f27a6b0e65c8
In hdd_send_re_assoc_event api to get ieee80211_channel,
channel number is passed to ieee80211_get_channel kernel
API which expect frequency as an argument.
Pass frequency to ieee80211_get_channel API instead of
channel number.
CRs-fixed: 2053536
Change-Id: I216889d13252c56e817c4e09e77459cc38f8e9ec
Currently hdd_clear_fils_connection_info is called for all device
modes which is leading to crash in SAP mode due to illegal memory
access.
Add check to invoke hdd_clear_fils_connection_info only if the
device mode is STA.
Change-Id: Ia0e28c29d809865169c254b0d45013aad39e13d2
CRs-Fixed: 2106324
Currently, Host performs validation of NLA attribute
QCA_WLAN_VENDOR_ATTR_OCB_SET_CONFIG_CHANNEL_ARRAY twice
which leads to memory leak.
As a part of fix, Check for SET_CONFIG_CHANNEL_ARRAY
only once and free memory in error scenario.
Change-Id: I5c90c937682417b8181fda7d499908b9425d4c6a
CRs-Fixed: 2103954
When host receives roam sync indication from firmware
and if state in PE is not equal to eLIM_SME_LINK_EST_STATE
then roam is aborted. As part of eCSR_ROAM_FT_START,
ft_carrier_on flag is set to true but is not set to false
as part of roam abort handling in hdd_sme_roam_callback api.
This results in not sending subsequent connect result to nl.
Fix is to set ft_carrier_on to false on roam abort.
Change-Id: I43c65730fd439145c22dbf77b0deb47a1bf2ef45
CRs-Fixed: 2105072
Currently, Host configures the NS entries through vendor command
where host do not check the active offload is enable or disabled.
Hence it is not configuring according to active offload ini.
As part of fix, Cache the vendor command value and check whether
active offload is enabled or not before configuration to fwr.
Change-Id: Icb11e43198a75975418a2c9ed95d5f1df05ce0c5
CRs-fixed: 2105071
