As part of the wlan driver handlers for kernel ndo events, an inactivity
timer (effectively a watchdog timer) is started. This allows us to catch
instances where drvier operations take much longer than expected. In
cases where this inactivity timer expires, print the stack trace of the
inactive thread to expedite debugging efforts.
Change-Id: I4427207a5cd7d232486ce453555765f7e0f4fe17
CRs-Fixed: 2160837
WMI_xxx_EVENTID must re-define as wmi_xxx_event_id, otherwise module
init will fail when check event id.
Change-Id: Icf0562ddb9c6fd90b553ce06e502575d9e69b8d3
CRs-Fixed: 2159607
Get ARP stats command is sent to firmware with
inactive vdev id in stats param resulting in
firmware crash.
Fix is to add check to validate vdev id before
sending get ARP stats command to firmware.
Change-Id: I1483573f4f9649c307f8d47466d9c7e234e9a78e
CRs-Fixed: 2161031
In case of Monitor mode, headroom of skb, which originally
contains rx_desc data, is overwritten by radio tap header.
Host pulls skb data by radio tap header and the same skb is
passed on to packet log function which expects payload to
point to skb-> data and end up in wrong access.
Moreover, pktlog is meant to log rx_desc information which is
already overwritten by radio header and hence pkt logging is
of no use in this case.
CRs-Fixed: 2159130
Change-Id: Id19c0371a0ed31c70ada788fc2b396a8b1eac1f1
qcacld-2.0 to qcacld-3.0 propagation
While processing setHostOffload ioctl there is a possibility of
sending invalid data to lower layers as user sent data structure
is different from local buffer structure.
To mitigate this issue, initialize local buffer to zero and then
update local buffer member by member.
Change-Id: I657d2a8c7d37435b1ad28ef6de60ea80a235ead9
CRs-Fixed: 2152143
Log critical suspend/resume log using info log level such that
driver 3 stage suspend/resume state is known from available logs.
Change-Id: Id17133d406f2366058198b38445d7ff6afba3764
CRs-Fixed: 2160041
Current driver will create two apdaters in FTM mode, with device_mode
STA and P2P, where STA is incorrect and P2P is unnecessary.
And those types will cause memory leak in
qdf_mem_malloc()/sme_deregister_mgmt_frame(), when unloading driver.
Also, it is improper to fix the interface name to wlan0 for FTM mode,
as some platforms may use different naming rule.
Only create one adapter with FTM mode, with variable interface name.
CRs-Fixed: 2160513
Change-Id: If3bf4444e5535e6fe88c3ad2d87da217534984a0
Change "qcacmn: Rename enum tQDF_GLOBAL_CON_MODE" (qca-wifi-host-cmn
Change-Id I57933a62f6ce02b6594d97198be8132e61e8d1f6) renamed enum
tQDF_GLOBAL_CON_MODE to QDF_GLOBAL_MODE. Update all references to use
the new name.
Change-Id: I0e806e87a4c4828279dee83450b1fc20a236c9d3
CRs-Fixed: 2158636
Country code can be set by multiple sources. Print the source of country
code for debug purposes.
Change-Id: I54f8237de540d7a0d01671148109130a28516670
CRs-Fixed: 2149684
In function wma_is_vdev_valid, vdev_id received as argument is used
to access wma_handle->interfaces array directly without validation
of max value of vdev_id. If vdev_id is not less than max_bssid, then
an OOB read would occur in this function.
Also add free and break in wma_mc_process_msg while handling
SIR_HAL_CONFIG_GUARD_TIME message in WMA.
Change-Id: I5f4481c937d5c370b334f2a7f8a172d08140ab1d
CRs-Fixed: 2154304
Abort all outstanding scan requests on an SAP adapter synchronously
when the SAP adapter is to be stopped, so any scan callback
functions will not access the buffers for SAP adapter, ACS config,
etc. after they're freed.
Change-Id: Idc02b140c05a5de4dc652a547cd20b8d113447b6
CRs-Fixed: 2152962
During driver re-init, host might pass invalid(NULL) default scan
IEs to FW if host won't receive same IEs from supplicant as part
of vendor event QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION.
Validate driver has default scan IEs, before sending same to
firmware.
Change-Id: I333ceead0c375bfb9309466e420a6860199826dc
CRs-Fixed: 2155312
Currently the Scan Default IEs configured via the attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_SCAN_DEFAULT_IES are not validated. As a
result a buffer overread can occur when the Scan Default IEs are later
referenced. To address this issue validate the Scan Default IEs before
storing them.
Change-Id: Ifd8739c96a9990f01ff159eb59a7e904f7b8c592
CRs-Fixed: 2154346
The SAP configured in hidden ssid mode sends probe response
to BC probe requests in hidden ssid mode after force SCC.
In wma_set_channel, req.ssidhidden is not set by the host
which in turn sets the param->flags last bit to 0, and
the firmware receives these flags and sends the probe
responses.In the wma_vdev_start api, the host sets the flags
based upon the req.ssidhidden received from wma_set_channel
only in vdev start case , and not in vdev restart case.
Fix is to set the value of req.ssidhidden in wma_set_channel
and to set the hidden ssid flag in both vdev start and vdev
restart case.
Change-Id: I988d8d64b06128a37824c7d31d4407247ba46dce
CRs-Fixed: 2142430
Scan IEs are allocated at adapter runtime. Thus, scan IEs should be
freed during adapter stop.
Change-Id: Idd1ee68bc57ecd3dfea77a3d882b57aae21a478f
CRs-Fixed: 2159407
Scan command is entertained, when the firmware is down, and
it causes crash in the system.
Reject the scan command, when firmware is down.
Change-Id: Ib3501e14846dea9ea99f6fa13695108d4ae58bf0
CRs-Fixed: 2159449
Currently, the host sends a roam scan mode of
WMI_ROAM_SCAN_MODE_ROAMOFFLOAD to the firmware when roam
synch fails in the host. But the firmware expects a
WMI_ROAM_SCAN_MODE_NONE in the roam synch wait state
to respond with a HO_FAIL which will evetually lead
to a disconnection and clean up.
Change-Id: I39c768881c312ecbedf6e4a1742e3eaabcea1f4d
CRs-Fixed: 2159244
1\ Register the lim_process_rx_scan_handler with api
ucfg_scan_register_requester;
2\ Redefine function lim_send_preauth_scan_offload
to use api ucfg_scan_start;
Change-Id: I43a0b28c3abcce907575717dc3a4bfb190a32ec2
CRs-Fixed: 2144630
1\ The command content is wrongly reset and cause
the corresponding command could not find from the
active queue.
2\ It should release the command in time before issue
the next command.
Change-Id: I094a6ce0e34f4698222d85a785cb6424852e25f8
CRs-Fixed: 2144630
Firmware cannot handle scan IE more than a certain size owing to memory
restrictions. Check the scan IE length before passing params to firmware.
Change-Id: I73321a9d4932f4cbb876de904dacecf15c9083ff
CRs-Fixed: 2159363
In the file wma_unified_radio_tx_power_level_stats_event_handler ,
the driver allocates memory to rs_results->tx_time_per_power_level ,
also in api wma_unified_link_radio_stats_event_handler ,
rs_results->channels , without checking a previous allocated
memory for the same . Also the driver makes the pointers
rs_results->tx_time_per_power_level and rs_results->channels
as null without a prior check , which results in a memory leak.
Fix is to add a check for rs_results->channels and
rs_results->tx_time_per_power_level for NULL , and free
the already allocated memory for the same.
Change-Id: I02af53454270239bf68446a727b735c8ef10d434
CRs-Fixed: 2150714
Add a consistent set of logs for wlan module transition changes to aid
in debugging efforts.
Change-Id: Id7f039c03f25ba46194a101b64e08f8ae3042c50
CRs-Fixed: 2159403
Enable CONFIG_BYPASS_QMI and disable ADRASTEA_SHADOW_REGISTERS when
there's no QMI support in kernel, as shadow registers are configured
by WLAN FW and the configurations are passed through QMI framework.
CRs-Fixed: 2159269
Change-Id: Iaf5b82e37f3983fc18edbcf093b3ebf74d576f71
Host driver drops incoming HDD IPA events during unloading prcess,
when IPA pipe unloading timeout occurs, and IPA offload state could
be mismatch between host driver and FW.
Fix by setting unloading complete before IPA pipe disable and putting
events into pending event queue for unloading timeout case as well.
Change-Id: If44caa07f328bf3ac2d2fc02aafb796176114678
CRs-Fixed: 2152490
qcacld-2.0 to qcacld-3.0 propagation
The return value validation is missing for dot11fUnpackIeRSN, thus
"dot11f_ie_rsn.pmkid_count" could be larger than 4. When it is larger
than 4 there will be a buffer over-read in vos_mem_compare. Add status
check of dot11fUnpackIeRSN in lim_process_fils_auth_frame2.
Change-Id: If563ddb13bbfcad5660d136c35c39846010594e1
CRs-Fixed: 2147955
Linux convention is to embed a list node in a structure that is meant to
be a member of a list. However, hdd_adapter_list_node_t is created to
contain both the list node and the list item itself. Remove
hdd_adapter_list_node_t and embed the list node directly into
hdd_adapter instead.
Change-Id: I62888a0212d88aa212fee34b886e3d8a4875e0c7
CRs-Fixed: 2159309
sme_stop and mac_stop are accessing share data structures which
create a race condition when it is called from rmmod context.
Change context of sme_stop and mac_stop from rmmod thread to
mc thread.
Change-Id: Ie30f99d6b0c2f7c6cf20371dd66323d156360474
CRs-Fixed: 2148771
