Register fw down legacy callback with QDF such that new UMAC
components can call QDF API to check if fw is down or not.
Change-Id: I8d68cb7625fd75aa90ba09adfe13955c5418b54f
CRs-Fixed: 2202605
Add linked list logic to hold all ppdu descriptor status in a list till
all TLVs have been processed
This design handles asynchronous arrival of tlvs from fw per ppdu
Change-Id: Ib8943d7c826c0b441f58f0eaba7ae0bdc0539d9a
Currently variable "tid" is from message, which is used
directly as array size which causes buffer over-write.
To address this issue add check for the array size.
Change-Id: I61ffaef69d97936774d89ee4e745ab509d77adb5
CRs-Fixed: 2200862
The parameters to function typedef tdls_register_tl_peer_callback()
currently includes ucastsig. This "unicast signature" parameter dates
back to a previous version of the driver that used signatures to
synchronize the data plane with the control plane. However the current
version of the driver does not use this mechanism, so there is a
desire to remove this parameter from the callback.
In addition both typedef tdls_register_tl_peer_callback() and typedef
tdls_deregister_tl_peer_callback() suffer from poor naming since the
"_tl_" in the names refers to a datapath component that was present in
an older version of the driver but which is no longer present.
Therefore introduce a new version of these typedefs with better naming
and which removes the ucastsig parameter.
Use temporary conditional compilation to allow support for both the
old and new interfaces until such time as all registrants have
converted to the new interfaces. This is part of the plan to
completely remove the obsolete unicast and broadcast signatures from
throughout the driver.
Change-Id: Id4ea23266b0f3e1480b645c5afce6c17585ccb46
CRs-Fixed: 2200931
Change object manager trace level to ERROR, move few
debug prints to obj_mgr_warn
Change-Id: Idc8943badb524c52694df18b035c9fc91c097e3a
CRs-Fixed: 2195292
Part of the scheduler component has been migrated to the new sched_*
logging wrappers, but part of it still remains to be ported. Finish
migrating all of the scheduler logging APIs.
Change-Id: I5065d849a1523d6c27d6c6a27b1ad4605036c3e6
CRs-Fixed: 2201038
In existing code M-copy feature was designed to provide
first 100bytes of payload of self BSS packets.
Add change to enable promiscusous mode and provide metadata and
100bytes of payload of all the packets received by the radio.
Change-Id: I5b1f168028a4fba3a24e9d2ccd0d68c246661d76
Calling panic can cause a compiler to assume any subsequent code is
unreachable. Because these panics may or may not be enabled by the
build configuration, this can cause developers some pain. Consider:
bool bit;
if (ptr)
bit = ptr->returns_bool();
else
panic();
// do stuff with @bit
return bit;
In this case, @bit is potentially uninitialized when we return!
However, the compiler can correctly assume this case is impossible when
PANIC_ON_BUG is enabled. Because developers typically enable this
feature, the "maybe uninitialized" warning will not be emitted, and the
issue remains uncaught until someone tries to make a build without
PANIC_ON_BUG.
A simple workaround, is to put the definition of QDF_DEBUG_PANIC in
another compilation unit, which prevents the compiler from assuming
subsequent code is unreachable. For CONFIG_SLUB_DEBUG, do this to
catch issues earlier. Otherwise, use the typical inlined approach.
Change-Id: I8901fd33781ccb8229fad16343a5b08d97cdcf68
CRs-Fixed: 2202527
Change default DSCP-TID mapping table so that all possible TID
values can be used in transmit datapath.
Also propagate a fix from legacy Tx classification code required
to compute the offset of L3 header pointer correctly
Change-Id: Ia6426817410e67018491c0f4a8122bfae7a1cfe2
CRs-Fixed: 2197640
Add compilation flag to compile out HTC credit History
feature cleanly from the cld-3.2 driver binary
Change-Id: I615f0e4d6de150924b99b3444cebf00571ddc088
CRs-Fixed: 2190546
On napier AX, HK2.0 ast search is tied to lmac_id.
This ast search feature is added to support DBDC repeater usecase.
Assign lmac id 3 to search by default on all macs until more
formal per pdev changes are made. This enables 2g.
Change-Id: Ia06d9243bddd3f4943426d6b0de3f452a252d819
CRs-fixed: 2198431
GET_WMI_HDL_FROM_PDEV() returns wmi_hdl to the caller of the
func. In some Green AP functions, wmi_hdl is passed directly
to WMI functions without any NULL check that could lead to
NULL pointer dereference.
Add NULL check for wmi_hdl before use in Green AP functions.
Change-Id: Id6222ce30d66b660008c1a4ad1b5020235d5b351
CRs-Fixed: 2196071
It is possible that call p2p_scan_abort fail while cleanup roc queue,
because vdev already been destroyed when unloading driver. In this case,
even the scan complete event will be discarded, so ROC context include
ROC timer has no chance to free.
Free ROC context include ROC timer in p2p_scan_abort failure path and
set cancel_roc_done event to avoid unneeded waiting while unloading.
CRs-Fixed: 2187778
Change-Id: I43751dca0c480e811c15de35ee28bc9426ac3764
Existing code is allocating array of 500 bytes and providing it
to snprintf to store formatted array. This might lead to stack
overflow.
Add change to allocate memory from heap instead, in all such instance.
Change-Id: Ifaecebd60346d8a04c5facf3d1d446b420eb8c54
Add new attributes to vendor subcmd
QCA_NL80211_VENDOR_SUBCMD_NUD_STATS_SET.
This carry the requisite information to
start / stop the connectivity stats collection.
CRs-Fixed: 2168412
Change-Id: Ie8a60754780433f40ed4d103b737c5e8d4e59c28
Add APIs to get TCP syn/syn-ack/ack packets,
TCP src/dst port, DNS domain name/query/response,
ICMPv4 req/res, and ICMPv4 src/tgt ip information.
Change-Id: I1e4e92997a33e64fe2e4ae28a05b54b6ba5e8cff
CRs-Fixed: 2168412
Extend wmi interface command to support other
connectivity check stats(ICMPv4 and tcp).
Change-Id: I881aaeab6e3e1f36b7153630b87a07019660d896
CRs-Fixed: 2168412
Remove redundant DBS HW mode request from
pm_next_action_two_connection_dbs_2x2_table. For 2x2 DBS HW even for first
connection if it is on 2.4G, DBS will get requested. Hence no need to
request again for second connection on the other band.
Change-Id: I17db8de5ed7a60f556cc8eeed59bbbfe0d63e795
CRs-Fixed: 2199420
Change the signature of QDF FW down callback API to return bool
instead of void. Return type true indicates fw is down and return
type false indicates fw is not down.
Change-Id: I2be6f14e5fbdb7b24ccd604244e1314a8f127291
CRs-Fixed: 2196217
Add vendor command that provides the current
information of WLAN hardware MAC and its
associated WLAN netdev interfaces.
Change-Id: I70ffbdf44ddc45fe606d0ad6e69f1b284cffc6fe
CRs-Fixed: 2194757
Define os_if_spectral_netlink_deinit to close the Spectral socket and
de-register the os_if callbacks
Change-Id: I3d054c2a2d630d4d959861d3620592010d04c09a
CRs-Fixed: 2186113
Currently, there is no check of:
1) Firmware event parameters in dbglog_parse_debug_logs(), which can
result in integer underflow.
2) Number of dbg log args against the total length, which can result in
buffer over-read.
To fix this, compare size of firmware event parameters and number of
dbg log args with total buffer length.
Change-Id: I7fbc684ec9e80cfc66220755a1ad6b9394194735
CRs-Fixed: 2197246
In testbed sta mode the RSNE enc type and auth type may not match the
AP's enc type and auth type and thus the scan filter is unable to match
and find the AP.
Introduce auth and enc type as "ANY" in scan filter. With the auth
and enc type set as ANY, all the AP's matching the BSSID and SSID
will be filtered and the negotiated auth and enc type will be
dependent on AP's auth and enc type.
Change-Id: I82f07f68d9ec6c6f2104122a05d06a698c61a50a
CRs-Fixed: 2197222
With IE length sanity check, that involved by Change-Id I9a091486,
11ax AP cant be found due to the addition of +1 byte in HE-operation
IE in latest spec of 11ax (D2.2).
Remove all 11ax extended capability IE length checks for now due to
11ax being under development.
Change-Id: I45d676325c72c8e0020ca52d094fb1652f8fcaf2
CRs-Fixed: 2197252
There are scenario where indoor channel operations
(like active / passive scan/connect/roam etc)
are not desired / permitted specially in sap case.
Hence add support of disabling indoor channel
on sap start and revert it on sap stop.
Change-Id: Id6e01534532e3076a3e662e6a4f71e8be924165a
CRs-fixed: 2161319
Add vendor wifi test config command attribute to send
addba request with user configuration and to set the
no ack policy.
Change-Id: I2afd62478961a774d16becba49889e855ecf7415
CRs-Fixed: 2196977
1) for raw mode, drop frames with invalid size
2) for non-raw mode, fixed issue that
frag list data_len's not properly calculated
The length issues will introduce kernel issues
during skb_linearize() at upper OS network stack layer.
Symptoms:
1)
WARNING: at net/core/skbuff.c:1782
PC is at skb_copy_bits+0x1b8/0x230
2)
kernel BU at net/core/skbuff.c:1615!
PC is at __pskb_pull_tail+0x70/0x2e4
CRs-fixed: 2188754
Change-Id: I848ec976cd922708ffd02d8272ea5a6f3bce2a00
Fix a memory leak in the cnss layer, where the packet
used to send the disable command never gets freed.
CRs-Fixed: 2185830
Change-Id: I8118baf2397bf6440177d3fe92d34a537c29df8b
In existing code scan queue cleanup is done during radio detach,
leading to access of freed vdev netdev.
Extend cfg80211 scan cleanup API to support netdev level cleanup.
Change-Id: Ice6b6d262788e71c6d229ed7de6ab0e17f270b6c
CRs-Fixed: 2185302
In scm_handle_bcn_probe, scm_add_update_entry is called before
inform_beacon(wlan_cfg80211_inform_bss_frame).
Once scan entry is added to db, there is race condition that other
threads may remove it from db before wlan_cfg80211_inform_bss_frame
is called. Thus freed memory will be accessed in
wlan_cfg80211_inform_bss_frame.
To fix call inform_beacon(wlan_cfg80211_inform_bss_frame) before
adding the entry to scan DB and after updating required fields
from duplicate older entry.
Change-Id: Ib6dd967da9625ce944bffda5037b689ffd70903a
CRs-Fixed: 2197238
1. Populate number of capabilities after extracting service ready ext param
2. Deinit ring during pdev destroy only if ring is configured
3. Do not allocate module param if no capability is shared for
the pdev by target
Change-Id: Ie92b7fc882ba8b7755fea150c724459264a0ea79
CRs-Fixed: 2192671
qdf_spinlock_create(&peer->peer_lock) is called after
wlan_objmgr_psoc_peer_attach and wlan_objmgr_vdev_peer_attach in
wlan_objmgr_peer_obj_create.
In mgmt rx handler, peer is accessed and peer_lock is acquired
before peer_lock initialized in race condition case, spinlock
bad magic issue will happen
Initialize the peer spin lock before peer attaching to avoid the
race condition
Fix same things for vdev and pdev objects
Change-Id: I4cc9d281f8c9efa9de246747641804d985b4653c
CRs-Fixed: 2198193
