In wlan_hdd_add_tx_ptrn, there is a potential memory
leakage once request_id==MAX_ID.
Change-Id: If9bf6f7ad53fc8ff9bfb00110c35f64bb4a94498
CRs-Fixed: 1002063
propagation from qcacld-3.0 to qcacld-2.0.
__iw_softap_set_ini_cfg assumes a given user supplied buffer is null
terminated, which can lead to a buffer overrun. Ensure the buffer is
null terminated by copying it to a new, oversized buffer whose last byte
is zero.
Change-Id: If94e753026f79a368cd6b9cb7c745ade4ae29452
CRs-Fixed: 2128900
During BSS frame update, frame_len is calculated as size of ieee80211_mgmt
and ielen. Since ieee80211_mgmt is a generic frame structure and different
frame structures are defined under union this may exceed the actual frame
len.
Fix by calculatiing offset of variable(ies) and ies length.
Change-Id: Ied8e4e604e41de1ac5ccc047ef5cc3cdb05a9445
CRs-Fixed: 2080488
prima to qcacld-2.0 propagation
Currently roam disable is allowed using SETROAMMODE even if roaming
is in progress. This can cause mess in state machine as driver falls
back to LFR-1.0 and can result in crash. Add pending_roam_disable to
mark pending of roam disable when roaming is in progress and allow
preauth/reassoc to go if preauth/reassoc in progress.
With this fix, driver takes following actions.
1. If pending_roam_disable is pending after preauth failure,
driver does not proceed for further preauth and disables roaming.
2. If pending_roam_disable is pending after reassoc completion,
driver updates CSR with new AP information and disables roaming.
Change-Id: I9cfcbd21db046d399c2cdc78b1678d3773aea2cd
CRs-Fixed: 2045775
prima to qcacld-2.0 propagation
Currently dot11mode is not updated properly for roamable AP. This can
result in incorrect data rates. Update dot11mode to fix this.
Change-Id: I644f685fc2c0e041b308017ed3206d56c9c57fe9
CRs-Fixed: 2047070
prima to qcacld-2.0 propagation
Currently broadcast action frames are dropped in
__hdd_indicate_mgmt_frame(), host tries to get pAdapter using
destination mac address and returns from function as pAdpater is NULL.
Add changes to use existing pAdapter when destination address
of received packet is broadcast.
Change-Id: I9a149116b9a3ec9b4abef4808849876069f2e13c
CRs-Fixed: 2045740
In file included from regtable.c:32:
ar9888def.h:28:9: error: '_AR9888DEF_H_' is used as a header guard here,
followed by #define of a different macro [-Werror,-Wheader-guard]
ar9888def.h:29:9: note: 'AR9888__AR9888DEF_H_' is defined here; did you mean '_AR9888DEF_H_'?
Fix the header file include guard properly.
Change-Id: Ic05a829eadbf974598370c494a5cff10201ec600
CRs-Fixed: 1091052
In function wma_get_buf_extscan_change_monitor_cmd() and
wma_get_buf_iextscan_hotlist_cmd(), numAp is of type uint32_t
but it is assigned to variable numap of type int.
Fix this by making 'numap' also of same type 'uint32_t'.
Change-Id: I02502f05d2305f62cbde47db2893770673d19fc3
CRs-Fixed: 1096384
Currently when cac ends, it will trigger eSAP_START_BSS_EVENT
with peer local id 0. If there is no peer with local id 0, sap
starts fails.
Actually valid peer local id should be found based on self mac
address of the sap.
Change-Id: I3779cb181390650844475b1a2f18768cb5784cf2
CRs-Fixed: 1096534
Currently, kernel invoke the regdomain notifier to host driver
using registered callback. If kernel call this callback after
cfg80211 aka system suspend, Then because of race condition host
might send the PDEV SET REGDOMAIN/PARAM to fwr after WOW ENABLE
cmd which is not correct cmd sequence.
Change-Id: Ie3cd94d86345c9b6de0c5597d23e0b0dc6751937
CRs-Fixed: 1075079
NULL check for pktNode in hdd_flush_ibss_tx_queues is needless,
because it can't be NULL, and it is dereferenced before.
Fix is to remove needless NULL check for pktNode.
Change-Id: I5c4a1e738c10b7ed693a73ecb4e4955b39b531b3
CRs-Fixed: 1064927
prima to qcacld-2.0 propagation
Currently status code is mapped same as reason code which results
in wrong status code mapping. Fix this by adding appropriate status
code.
Change-Id: I75a66601c33b4e93fcac674415f38d5a8184c8f3
CRs-Fixed: 1062308
The SDIO device structure is initalized for basic fields in the
SDIO bus layer. However, the dma_mask shall be updated in function
driver. Not doing this will result in network layers assuming
incomplete functionality. See harmonize_features() of the net core.
The currect code initializes this to a driver local pointer, which
may lead to undesired memory access errors elsewhere.
Fix this by assigning the dma_mask of the parent device.
CRs-Fixed: 1061437
Change-Id: I4cdd6a8e4ae8fc5e2f23cb31a22f4abcdc736fd4
prima to qcacld-2.0 propagation
Currently, if get_station is called during roaming, host does
not send the correct rssi.Because of this, supplicant reports
very low rssi to upper layer and handover happens to cellular.
To mitigate this issue, send the cached rssi when get_station
is queried during roaming.
Change-Id: Icceb5839503ccd99e7aef535ee438d072d3a8823
CRs-Fixed: 1055388
prima to qcacld-2.0 propagation
In limProcessMessages(), few SME messages updates 'psessionEntry'
using SME session id. Host driver should not use SME session id in PE.
Fix to update 'psessionEntry' using peFindSessionByBssid().
Change-Id: Icebf4604d5a3a825afc6b1d3540bd228488ce267
CRs-Fixed: 1020643
prima to qcacld-2.0 propagation
Connect request will be dishonored if apps power collapses immediately
after updating the sched scan results to supplicant.
To mitigate this issue, take a wakelock for 1 second before updating
the sched scan results to supplicant.
Change-Id: Ib0b8b6c6b149f0bf66d1cf9a60bd876f4a003245
CRs-Fixed: 924837
Currently hdd_open_adapter for second interface, initialises
wdev->iftype to NL80211_IFTYPE_P2P_DEVICE. This is incorrect
since the driver does not support a interface of type
NL80211_IFTYPE_P2P_DEVICE, as is evident from interface_modes
advertised during wiphy initialization and registration.
NL80211_IFTYPE_P2P_DEVICE should only be used if a dedicated
P2P management interface is supported, which isn't the case here.
Correct this by initialising iftype to NL80211_IFTYPE_STATION.
CRs-Fixed: 1058675
Change-Id: Iff71377df7fb1b87c34d907c8b290b9320b462be
prima to qcacld-2.0 propagation
In current implementation, REGULATORY_DISABLE_BEACON_HINTS is set but
overwritten with the REGULATORY_COUNTRY_IE_IGNORE, beacuse of which
passive scan flags and beaconing flags are lifted by cfg80211 due to
regulatory beacon hints.
This fix this, set both flags and avoid overwrite.
Change-Id: I8bc4f0c0275b9035414bdcdafa692bf1102a77cf
CRs-Fixed: 1054854
The issue is when host re-enables QPower after resume, it is setting
WMI_STA_PS_ENABLE_QPOWER to 1 (which is for QPower = 2) always and never
WMI_STA_PS_ENABLE_QPOWER to 2 (which is for QPower = 5).
This means one suspend/resume is enough to disable QPower = 5 and
change to QPower = 2.
Fix this by removing the hardcoded value of 1 and use qpower_config instead.
Change-Id: I553c1691d5d7e98c2db8c9e56e2ba68ae27af506
CRs-Fixed: 1040737
Currently session id is not initialized for auth retry timer
during roaming which can result in error in limDeactivateAndChangeTimer
during preauth. Fix this by initializing session id for auth retry timer.
Change-Id: Ia7093802c9240c967378de54695a258d80c395de
CRs-Fixed: 1043384
Driver prints qpower disabled even if command for qpower enabled
is sent to firmware.
To avoid confusion print qpower enable/disable depending on the cmd
sent to firmware.
Change-Id: Ifb135d4ad1691d0e5024aa2ef31880be271cac9e
CRs-Fixed: 1044603
When scan is in progress and driver unload begins, excessive
logs appears while processing rx mgmt frame which lead to
watch dog bite.
As a part of this fix, reduce the logs level to info level
to avoid watch dog bite.
Change-Id: I41dbc6c7a05ea2887e3a63272b02012035bb7fec
CRs-Fixed: 1036923
If a PMF Sta is already connected to one interface and try
to switch to other interface without sending deauth/disassoc,
sta entry is not deleted from previous vdev and one more entry
is created on current vdev. Due to this htt is not able to get
valid peer for EAPOL packets and EAPOL packets are dropped leading
to connection failure.
To fix this, Add check to delete PMF Sta from one vdev when
assoc request is received on another vdev.
Change-Id: Ida2e20fe08af3c6ed426822a71db1fd6854a0bea
CRs-Fixed: 1033224
If there is a mismatch in channel number present in BD and
Beacon/probe response, corresponding BSSID entry is not added in
scan cache. This can result in reconnection failure. If the entry
is not present then add this entry even in case of mismatch.
Change-Id: Id8c45ff88731288144fe39f5da56748f403dfdb7
CRs-Fixed: 1036988
In pe_reset_protection_callback psession's beaconParams struct is
reset to 0 and thus short preamble support being part of this
structure is set to 0. Due to this beacons always have barker
preamble set to 1 even if no non short preamble enabled STA is
connected.
To avoid this do not reset the short preamble support and beacon
interval in psession's beaconParams structure.
Change-Id: I631fb202fba6bc129d03ff21cff2adef328abff2
CRs-Fixed: 1032578
AP mode will disconnect to STA when receive disassociate with invalid
reason code, and STA mode will disconnect to AP when receive deauth
with invalid reason code, but won't process disassociate with invalid
reason code in STA mode. Update code so STA will disconnect from AP
when it receives a disassociate with an invalid reason code.
Change-Id: Icebc46062b1ea4b7f5affa171f760123dbb9fcb7
CRs-Fixed: 1015244
In hdd_wlan_re_init(), SSR timer is deleted and isLogpInProgress is set to FALSE
but between these two there are NL socket related calls which can sleep
under low memory conditions (or etc) because of which timer is deleted but
isLogpInProgress is not reset to FALSE. This can potentially fail the
south-bound requests for a brief amount of time.
Hence it is always better to delete the SSR timer only after
isLogpInProgress is reset to FALSE.
Change-Id: I699438ff3e0c2f7b81e0bbf81be6f514841e194b
CRs-Fixed: 1017011
wlan_hdd_cfg80211_update_bss API returns eHAL_STATUS in case of
nil scan result whereas the return type of API is integer.
Correct return value of API for nil scan result.
Change-Id: Id5185b9f4983f24a4a731ba241464a4ed87d413d
CRs-Fixed: 1014532
prima to qcacld-2.0 propagation
cfg80211 abort scan implementation is available only from
kernel 4.5 onwards. Hence guard the abort scan driver
implementation with linux version and backport availability
checks in order to prevent any compilation issues with old
kernel versions.
Change-Id: I5956f9daa06225535ae4f10aed4ebe310f7acc7a
CRs-Fixed: 1010982
During roaming the connected AP's operating channel is used instead of
preauth channel to fetch the band, based on which the data rate is set.
Due to this incorect data rate is set.
To address this, use the preauth channel during roaming to fetch the band
and set the data rate accordingly.
CRs-Fixed: 1017943
Change-Id: Ia3bf13c1a93a156eba8461bcdcf3490b9f49c2a2
prima to qcacld-2.0 propagation
There is no support for cfg80211 abort scan API
so implement the cfg80211 abort scan API.
Change-Id: I4632c1b4770e6b2f301d67f37005585aef401ab6
CRs-Fixed: 930870
When wlan_hdd_change_iface_to_sta_mode returns VOS_STATUS_E_FAILURE,
this error code is returned directly to kernel, which can't be recognized
by linux kernel and wpa_supplicant.
Change-Id: I444829d050d28562aa4c8afa1a43470f79943707
CRs-Fixed: 995507
Currently TXQ of DEFAULT_MGMT packet is using TID
HTT_TX_EXT_TID_MGMT when we inserted into Scheduler, so use
same TID when we flush it.
Change-Id: I1631b7706d1f8bf0352ceecb8836d82743526e44
CRs-Fixed: 1000968
prima to qcacld-2.0 propagation
Remove frequently seen unnecessary error logs in kmesg from
driver.
Change-Id: I708c11fc40fc3e7ca7fb71bf83f994f08463108d
CRs-Fixed: 971507
In __iw_get_channel_list, driver populates valid
channel list from nv table.
Currently, the driver only populates 32 channels.
The driver should populate complete valid channel list.
Moreover, driver should not include DFS channels in channel list
if the device is not set to DFS_MASTER mode.
Fix these issues by returning all supported channels.
Change-Id: I4981941834f25b9d213c20715ca8237a4b885473
CRs-Fixed: 988849
Currently phymode is wrongly calculated as 11N for 11A mode.
Change made to ensure proper updation of phymode.
Change-Id: I0b2fcbd04ae450627de68a7a75e38419da56cc40
CRs-Fixed: 960419
In wda_cli_get_command and process_wma_set_command API, commands can be passed
without session id validation. This might lead to a condition in which a
session might be invalid/closed, but these API might still pass the commands
to lower layers. Thus, session id needs to validated at various places related
to these API.
Change-Id: I82706240e12ca1a4f86bb345d87ed7fac1377144
CRs-fixed: 964701
currently txq of MCAST_BCAST packet is using tid
HTT_TX_EXT_TID_NON_QOS_MCAST_BCAST when inserted into scheduler,
so use same tid when flush
Change-Id: I7b32e518e9e31a65ec96daeaabd3b9a79d3e1693
CRs-Fixed: 979681
Fix incorrect flag setting while sending peer assoc command.
This change set will add a check before setting 40MHZ support bit
and shortGI support bit in the peer flags. If the peer is not HT
capable, these flags should not be set.
Change-Id: I89d43bd86b97637b291dc871aaf7e2a3269df853
CRs-Fixed: 974242
In SAP DFS test, DUT can't goto suspend if SAP started
on DFS channel and later switched to non-dfs channel due to
Radar detected.
During SAP Starting, driver will acquire the wake lock
for dfs channel by hdd_hostapd_channel_prevent_suspend
in the eSAP_CHANNEL_CHANGE_EVENT event handler. But the SAP
is still in STOPPED state. We acquire the wake lock again
after SAP started in eSAP_START_BSS_EVENT event handler.
This causes driver to acquire wake lock twice for the
same dfs channel. And finally causes the device can't
suspend normally.
This change add check in eSAP_CHANNEL_CHANGE_EVENT
handler to only call hdd_hostapd_channel_prevent_suspend
when SAP is in started state to avoid lock/unlock mismatch.
Change-Id: Ief90697b7b6f19f6fcf0ab94f973a37e74ca3366
CRs-Fixed: 972657
Start dut as softap, two ref sta connect to dut, let dut enter into
suspend. Ping from sta1 to sta2, ping fail.
Currently in mdm HL platform, packet forward is handled in driver,
kernel stack doesn't forward packet. While the first ping packet that
wake up host is indicated directly to kernel without forward check.
Solution is that driver does forward check for the first packet as
normal rx path.
Change-Id: I19a5a55bdcdbd323e95bf6725f9c1ce7da6238de
CRs-Fixed: 965087
prima to qcacld-2.0 propagation.
Some non FCC countries are mapped to FCC. When these country
are set, host sends regdomain as FCC to firmware.
Now if channel 9 is set with secondary channel offset above primary
(HT40+ mode), the firmware returns failure as this combination is
not allowed in FCC.
Map non-FCC countries to proper reg id in countryInfoTable.
Change-Id: I85313c1ce97e55b70dae1b28c91b4e703f5c7851
CRs-Fixed: 957368
Currently the max value supported for ini gEGAPWaitTime is 5000.
Changing this value to 300000 (5 min).
CRs-Fixed: 971446
Change-Id: I93c57fbf2bb9ba2d8a9d02290e95b8fe3d996968
prima to qcacld-2.0 propagation
As a part of logging improvement, remove redundant logs,
change certain log levels in STA connect/disconnect
path to make logs more useful.
Change-Id: I0fe57d4425bd637ff24ed284dccd7ee88309f79d
CRs-Fixed: 842896
prima to qcacld-2.0 propagation
It could be possible that after SSR, pMac context is lost,
due to which the management frame callback will not be invoked
and none of the management frames will be processed,
resulting in scan and connection issues.
To address this, register management frame callback during wlan re init.
CRs-Fixed: 962187
Change-Id: I5429da9dbc33c7e2044d5a4daa1c8d3d7af241ee