The function sme_reset_passpoint_list, posts the wma message
WMA_RESET_PASSPOINT_LIST_REQ. This message is freed at the
sme_reset_passpoint_list in case of failure. But for the success
case, the req_msg is not freed at wma_mc_process_msg. This
results in mem_leak in case of success case.
Free the req_msg at wma_mc_process_msg after returning from the
call wma_reset_passpoint_network_list.
Change-Id: Ib4b427a8acc2d531ac9d6e8f92a30205163ec0ba
CRs-Fixed: 2259237
Currently sme_close() passes a tHalHandle to rrm_close(), but a
tpAniSirGlobal is expected. This currently compiles OK because
tHalHandle is defined to be a void pointer, but this will be changed
in the future so correct the call to pass the correct parameter.
Change-Id: I51e19f9699ba8fe6db2318a59284b0fcc9185a6d
CRs-Fixed: 2262688
As CDS is not usable by WIN, add callbacks that are registered
in QDF and correct the module dependencies.
Also rearrange the header file inclusion, due to in cmn project,
the qdf_self_recovery_callback() is moved from qdf_event.h to
qdf_platform.h.
Change-Id: I6d03a1a8df01df4c67a933a11d86147384b656fd
CRs-fixed: 2263625
IPA SMMU mapping for RX buffers is needed only when IPA offload
and IPA pipes are enabled. Currently in STA only case where IPA
is not enabled SMMU map/unmap is done for RX buffers. So enable
SMMU mapping only when IPA pipes are enabled.
Change-Id: I88db2cc8606bdf4586644a7ffccd0415f85c8241
CRs-Fixed: 2213795
Reason code is extracted from frame data without validating
the frame len which could result in out of bound access.
Fix is to validate frame len before extracting reason
code from frame data.
Change-Id: I00795a806abcae903dd0daa019aeab990aedc3a7
CRs-Fixed: 2253984
Change "qcacld-3.0: Add ARP debug stats" (Change-Id
Idce70799bd3698dc8a8ecd8cfc8ef7d9bf1f5764) removed the only use of
wlan_hdd_latency_opt(), so remove this now obsolete function.
Change-Id: I27a3157072847e313fe8379abd2de4ec76cfef57
CRs-Fixed: 2263616
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_he to use the new naming.
Change-Id: Id0ee15548a2bb78258afd9381bad6b4834e0e47c
CRs-Fixed: 2262588
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_tsf to use the new naming.
Change-Id: I180e9a6347e5bccea41f9c14612d888711aa6485
CRs-Fixed: 2262587
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_debugfs to use the new naming.
Change-Id: I762d1f9520c94beafc912f9b6e3720531af0eeea
CRs-Fixed: 2262586
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_lpass to use the new naming.
Change-Id: Id5ffe841fa4d81a07756c7e9f9d9873d2ba921cb
CRs-Fixed: 2262585
cds_rand_get_bytes() fail may cause random kernel stack info to
use as challenge text which is an information leak. To avoid this
use send auth failure with status code REFUSED_TEMPORARILY
(try again later) when random number generation fail.
Change-Id: If1238343e0c911c7e1ead8b5de62c0315a701017
CRs-Fixed: 2248569
Add the compilation flags for TWT feature to Kbuild.
Based on the compilation flag, include the source
files for compilation and also include the header
files path.
Change-Id: I45991b3c9e49e2aa0ff51a2650fde69ea447bf15
CRs-Fixed: 2238302
Process the TWT enable complete event sent by the
firmware after enabling TWT.
Set the appropriate state for TWT so that it can
be used later to check if TWT is enabled or not
in the target.
Change-Id: I924387d6afc2bf80efec0fce36ea907c6932dcda
CRs-Fixed: 2238302
Read the target service capabilities for TWT requestor
and TWT responder and update them in the driver.
Change-Id: I78879eb8ff4bf47eabd81cd8d07459b810fb7d7e
CRs-Fixed: 2238302
Send the WMI_TWT_ENABLE_CMDID command to the target if the target
supports any one mode out of requestor, responder or broadcast mode.
Change-Id: I7ab21fff89e7c88bf951b333d7a923857f2123d6
CRs-Fixed: 2238302
Introduce new WNI items for TWT as follows:
WNI_CFG_TWT_REQUESTOR
WNI_CFG_TWT_RESPONDER
WNI_CFG_BCAST_TWT
Based on the INI configuration and target support, enable
or disable the TWT services in the WNI CFG database.
Change-Id: Id1b239e53f30f00220e0cefb541fc641a898e712
CRs-Fixed: 2238302
Introduce the below configuration items for
Target Wake Time feature.
enable_twt: Enable/Disable the TWT feature using this configuration
item.
twt_congestion_timeout: This ini is used to configure the target wake
time congestion timeout value in the units of milliseconds.STA uses this
timer to continuously monitor channel congestion levels to decide
whether to start or stop TWT.
Change-Id: I225b63e4f21357d57d28a9aa7e9ae1cd8c4c694f
CRs-Fixed: 2238302
When Force SCC and STA+SAP SCC on LTE coex channel are enabled:
1. When STA on LTE coex channel, start SAP, select STA
channel.
2. When SAP on, connect STA on LTE coex channel, then switch
SAP channel to STA channel.
Change-Id: I3f3972df43318473342d42012be3a57b8baad965
CRs-Fixed: 2235704
If wma_remove_peer() fails to remove peer and send PEER_DELETE command
to fw, it will cause issues afterwards and asserts at random places
that would be misleading.
Assert in wma_remove_peer() if peer remove fails.
Change-Id: I97a4b72c359a4e2322c9c499d01f21a4d287e8fd
CRs-Fixed: 2252886
Add per-level logging wrappers to SME module,
which can be compiled in or out by the build
configuration.
Change-Id: I7ad6020ee496e211f4edf6ec552999af03ffe01f
CRs-Fixed: 2261929
cfg_get_vendor_ie_ptr_from_oui is invoked in
lim_process_assoc_req_frame function with ie
pointer pointing to frame buffer plus assoc
req ie offset and ie len equal to frame buffer
len. This could result in OOB access since
offset is not subtracted from frame len.
Fix is to subtract the offset from frame len
as argument to cfg_get_vendor_ie_ptr_from_oui.
Change-Id: Ic107867bcf4d7813c544309a2aff165f2dc7155d
CRs-Fixed: 2255369
The tSirRetStatus definitions are obsolete, so replace them with
QDF_STATUS definitions in the wma folder.
Change-Id: I3ba728e378697fb02f02322e7a467cd4f8a62c10
CRs-Fixed: 2262962
This is to fix a null pointer dereference in testmode handler.
In the case of driver is close state, userspace still sends testmode
command to the callback, where the hdd_ctx->pdev is already deallocated,
and reset to NULL that causes a null pointer reference.
The failure callstack as below.
012|QDF_DEBUG_PANIC()
013|wlan_objmgr_pdev_get_comp_private_obj(pdev=null)
014|wlan_cfg80211_ftm_testmode_cmd()
015|__wlan_hdd_cfg80211_testmode(inline)
Change-Id: I26cb132a3f5b2eb9cd83892a80bea25a8d511962
CRs-fixed: 2261847
In the API sme_get_link_speed, the driver allocates memory
to the req, needed to get link speed from firmware
but is not freed, thus a memory leak may happen.
Fix is to remove the req from this API as the driver already
has this info from caller API.
Change-Id: I091bd81b162cd7e6f548068866ecdd441302553a
CRs-Fixed: 2257373
Key id is extracted from data buffer without validating
len of data which could result in out of bound access.
Fix is to validate frame len before extracting key id
from data buffer.
Change-Id: I1f4d88b7ca6201f03a6bc8e6915f1479f571838f
CRs-Fixed: 2254141
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_ocb to use the new naming.
Change-Id: Iffbc2ff5419d7057e814f48750681ef24c1776ed
CRs-Fixed: 2262584
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_fips to use the new naming.
Change-Id: I2edf712ca9af24aefe4b34efa62de827703cd7f9
CRs-Fixed: 2262583
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_subnet_detect to use the new naming.
Change-Id: Idc648bd965dc29ed620bf8f85b04c7658e51253d
CRs-Fixed: 2262582
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_softap_tx_rx to use the new naming.
Change-Id: Ie8c515c96ebfd741b36a4b69d1e482093ead569d
CRs-Fixed: 2262581
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_object_manager to use the new naming.
Change-Id: If17411e6d5fa29b401f4fb90e8f52197f9f8386e
CRs-Fixed: 2262577
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern name
for what was previously called the tHalHandle. Incorporate the new
name in struct hdd_context, as well as introduce new MAC handle
accessor functions. Future changes will transform the existing
tHalHandle references to mac_handle_t references throughout HDD.
Change-Id: Ic33c5f9332ccda6a7825a2a8521ebb0e66d1ab98
CRs-Fixed: 2261200
SDIO transfer between host and target can have multiple methods.
Legacy methods use the mailbox dma transfer method. Newer IP shall
use the adma transfer method.
Add build option for the transfer method.
Change-Id: Ibf2e20869d93f631db25008a95bdebf03875fcc0
CRs-Fixed: 2252432
Presently, while sending scan offload request to fw, fw is only notified
whether the channel list is static or dynamic. Fw is not notified whether
it is dynamic init, dynamic flush or dynamic update. Also, in HOST
driver it is not being used anywhere.
Remove the code to mark the channel list as dynamic update, dynamic flush
or dynamic init. Instead, assign the channel list simply as dynamic.
Change-Id: Iad834f07bb61963f0fbb6227ffcedfd1679d1a9e
CRs-Fixed: 2260715
The protocol stack has some lingering uses of the legacy status
enumeration tSirRetStatus. There is a plan to transition all of these
to QDF_STATUS. As the next step of this plan replace the tSirRetStatus
definition with macros that map to QDF_STATUS identifiers. This will
ensure that the transition does not have any side effects, and will
provide the mappings to be used to allow a global replace of
tSirRetStatus identifiers with QDF_STATUS identifiers.
Change-Id: Ied64393500d78b5059b68536fc5511918188962b
CRs-Fixed: 2261128
Copy the country code value to local variable and use
it to set the country code to avoid the out of bound
access to caller buffer.
Change-Id: I48662d4034f5dab496b23af4c1840581061bd2e5
CRs-Fixed: 2247610
In case of WLAN_EID_WAPI, Host assuming that the incoming ie buffer
is at least of length (4 + 2 + akmsuiteCount * sizeof(uint32_t))
long and is not checked anywhere before accessing. Results possible
OOB read issue could occur.
Fix is to add a check for incoming buffer IEs.
Change-Id: Ia60cf8c56478b47e5f2f654f0cf77fe6bd5706e4
CRs-Fixed: 2252250
Channel info for ACS is not getting initialized if channel is unsafe.
So, channel number, rssi, ACS weight, etc. is not getting initialized
and is 0 for all the unsafe channels. As a result, wrong weights are
getting calculated in ACS algo and wrong channel number is getting
printed in logs for all these channels.
Initialize channel info for ACS even if channel is unsafe.
Change-Id: Iec315ea818b5b51aef6879831b8be29ba4515983
CRs-Fixed: 2260798
When CSA is received from the firmware, dot11_mode is copied
from received message . In response to the CSA message, the host
invokes wma_vdev_start with isRestart flag set to restart the
vdev with the new updated channel, and channel params.
The dot11_mode value is copied from the CSA which will not be a
problem unless the switching channel is on the same band or on
different band as long as its HT/VHT 2.4GHZ to HT/VHT 5GHZ bands
or vice-versa. When the channel switch occurs from a 11a to 11g
band or vice-versa, wrong dot11_mode is populated without being
updated for the new band. As the phy_mode is calculated from the
dot11_mode value, phy_mode check fails in wma_vdev_start in this
case. So the host doesn't send vdev_restart.
Populate the dot11_mode correctly and pass it to lower layers
upon updation. This will ensure correct phy_mode is calculated
and vdev_restart is sent.
Change-Id: Iaf8788d51b47190c04744b8981dd594236fbae57
CRs-Fixed: 2248980
Currently, in ol_txrx_is_peer_eligible_for_deletion(), invalid
dereferencing of peer_id_to_obj_map[0xFFFF] to get peer_ref while
processing VDEV stop response handler may occur.
Revert the changes introduced by
Change-Id: Icf252612081a41f94db6df4684348f2962b2da9d and
Change-Id: I743e2e2c83c3e07e5d5ec4fde7fc3b098766ca96
Change-Id: I7aa104f69a5665f0e08314fb0a273e077f562939
CRs-Fixed: 2261088
