Remove panic after peer_delete timeout and fail corresponding peer
operation. Peer reference count can be taken by kworker thread which
may get pre-empted by other higher priority threads or stuck, leading
to delay in releasing reference. This delay cannot be completely
removed, hence rather than panic after timeout, enhance logging and
fail corresponding peer operation.
Change-Id: I42c379c0cf91d29d293c3c53c3a378421aef07f9
CRs-Fixed: 2181097
Add DBS check for all chain mask programming. Currently the check
is present only for band specific chain mask parameters.
Change-Id: I415a8e8f666961b90d1cd9130b3c33eecb62c1df
CRs-Fixed: 2184255
In __wlan_hdd_cfg80211_do_acs(), when gAP11ACOverride is 1,
it sets vht_enabled to 1, hw_mode to 11ac and acs_cfg->ch_width
to the value of ini gVhtChannelWidth. If acs_cfg->end_ch is less
than 14 and acs_cfg->ch_width is 80Mhz, set acs_cfg->ch_width to
40Mhz. As acs_cfg->end_ch is not assigned yet, it is 0 due to
which acs_cfg->ch_width gets assigned to 40Mhz.
Assign acs_cfg->end_ch before use when gAP11ACOverride is 1 in
__wlan_hdd_cfg80211_do_acs().
Change-Id: If8bcc7470c1693791dfc64ec0b6059c09747d739
CRs-Fixed: 2184017
Destroy the node when modules transition from opened to stopped.
Otherwise duplicate creation of node can lead to warning.
Change-Id: Ib1031cfa0572962454b293730fefd7a4b4cf8d09
CRs-Fixed: 2180344
Reverts Change-Id: I1e31ff122f9337c353d8be260b4802cc363790d6
Revert this change until the dependent kernel is change is
merged
Change-Id: Iad0b39f990a840c7901815932b8b5aa2c4c67c95
CRs-Fixed: 2186005
HT MCS index returned by wma_get_mcs_idx function is
between 0 and 7 for both nss equal to 1 and 2. This
results in incorrect HT MCS index for nss 2 case
populated in station stats on using iw station dump
command.
Fix is to set the correct HT MCS index based on nss.
Change-Id: Id4ac51b56bc44e90ea0e7570b387450af83ee8f5
CRs-Fixed: 2182050
Currently, firmware sends TSPEC as part of reassoc request during
roaming in ESE case. Driver also sends TSPEC again during roam synch
propagation in driver for ESE case which is redundant. So, do not
send TSPEC again in ESE case to avoid duplicate TSPEC.
Change-Id: Ib0a18bec7762ba56061d8564b870739b2eefd123
CRs-Fixed: 2181531
Currently variable "num_flows" and "len" is used directly, from
message, without any validation which causes buffer over-write.
To address this issue add check for the num_flows and len
Change-Id: Iddf2df0fd65f5b33b54f1a608cdd34e400c0e03c
CRs-Fixed: 2148489
Currently 11k offload params is sent directly as a message from CSR to WMA
leading to timing issues where 11k offload params are sent to the FW
before RSO start is sent.
Send the 11k offload params as part of the RSO request from CSR to WMA
and handle the request to send the 11k offload WMA command to FW.
Change-Id: Icff7146171cdf325f3a7e5a067652669ec0270ff
CRs-Fixed: 2183161
Adding an ini for wmi workqueue watchdog, the ini value will
give the timeout value for wmi watchdog timer.
Change-Id: I6338351c8d788478307892152305e10186ead6cb
In PD down uevent handling, if assoc resp timeout timer is active,
the timeout API is called from kernel thread and free up the
‘pLimJoinReq’. Now if assoc resp is received in MC thread it also
access ‘pLimJoinReq’ in parallel. This leads to use after free.
To fix this post a msg to MC thread to call the timeout APIs of the
connection timers.
Change-Id: I95e0bbb91c382298e35928d602c096ea5267dbe4
CRs-Fixed: 2184590
update the max frag entry,ht,vht, rf chains from from the converged
target psoc capabilities information and remove redundant wma_handle.
CRs-Fixed: 2178922
Change-Id: I6bfe734bac85905b0d6837bffb37d286cff2a4ff
Use the converged wmi service bitmap from the
target psoc info instead extracting the same from
the ready event.
CRs-Fixed: 2178812
Change-Id: I00d61aa3cbb2a90459d4363e2ca04e297cc74187
As part of converged init deinit architecuture, all the target
capabilities are saved as part of target_psoc_info, use the same
to update.
CRs-Fixed: 2178726
Change-Id: Iad1d0224e0fdfe1140d1600e17f3e585142eaf63
If wma_send_msg with msg_type WMA_SET_LINK_STATE_RSP, tpLinkStateParams
params has a member callbackArg which is malloc from heap. If this
message is flushed when driver unload, because no msg.flush_callback is
supplied, the flush just free msg->bodyptr and callbackArg got leak.
Fix it by supply a flush_callback as wma_discard_fw_event, and minor
change to avoid NULL pointer access.
Change-Id: Ie979a1e83cbd7c87e5bbb08382ae2af3230a13db
CRs-Fixed: 2181458
If hdd_ipa_init failes, driver cleanup is done. But return value
of hdd_ipa_init is not saved and returned to caller. This will
lead to wrong behaviors if following actions depend on the
return value.
Fix is to save return value of hdd_ipa_init.
Change-Id: Iad10733c8fcb7049aa9573ccd1da51250aa7fddf
CRs-Fixed: 2181510
Currently type conversion issues are for variables compl_msg
and pool_numap_payload. This may cause potential buffer over-read.
To address this issue add check for structure size.
Change-Id: Id4804eeaf5e80a9045f1c057fa4cb9db15c1ab7d
CRs-Fixed: 2148306
When the country code is changed, it needs to call
the new cfg80211 api cfg80211_send_reg_change_event
to sync the user-space info.
Change-Id: I1e31ff122f9337c353d8be260b4802cc363790d6
CRs-Fixed: 2183992
Currently variable "num_mpdu_ranges" is from message, which is used
directly without any validation which causes buffer over-write.
To address this issue add check for the valid num_mpdu_ranges
Change-Id: I3f340b913f3063b24c14644ea723a99690e89dcf
CRs-Fixed: 2146934
Currently wake_info->vdev_id, recevied from the FW, is directly used
to refer to wma->interfaces without validating if the vdev_id is valid.
Add sanity check to make sure vdev_id is less than max_bssid before
using it.
Change-Id: I66be7d15f370d0204e25c3d0ea60c0c9f5912005
CRs-Fixed: 2121059
Remove dependency on WMA layer for green AP component by registering
green AP events through target_if layer.
Change-Id: Ic4ea8df1928db632b8e31f0a873b74c6aff4505d
CRs-Fixed: 2167028
Currently, driver does not release resources acquired when
starting OCB adapter. So there is memory leak when stopping
OCB adapter.
CRs-Fixed: 2182236
Change-Id: I693f5ed86f55b00980f16cca1bb0567429a20385
Wlan driver probe callback is called in
CNSS work thread(cnss_driver_event_work in
cnss_powerup).
In case the hdd_wlan_startup failed, and
doing cleanup in hdd_wlan_stop_modules,
the later will call and pending on pld_power_off
to wait for cnss completion. So, deadlock
happended.
Don't need to call power_down because we are in
(driver loading).
Fix by check driver loading state to skip
power_down.
Change-Id: Ib8605d91e01277ccdf4a67e09723c3ee34ceec0d
CRs-Fixed: 2183039
Logically, minimum value of gAutoChannelSelectWeight ini
should be 0 but as CFG_AUTO_CHANNEL_SELECT_WEIGHT_MIN is
defined as 0x1, when user assigns gAutoChannelSelectWeight
as 0 in ini file, it is not taking effect and default value
of 0xff gets assigned as 0 is out of bound of [min,max]
range.
Assign CFG_AUTO_CHANNEL_SELECT_WEIGHT_MIN as 0 instead of 1.
Change-Id: I025fd2af757ca1f169b6f1a155ee9f041398c6fa
CRs-Fixed: 2181422
HDD_IPA_CHECK_HW limits to Helium and IPAv3 only.
Fix is to extend support to all platforms as long as IPA_OFFLOAD
is defined.
Change-Id: I35ac2cee58e242060757465e3870327d3c06673e
CRs-Fixed: 2182459