| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Fix the size of buffer allocated for sending memory dump response
over netlink interface.
Change-Id: I220805ed23ea775fe43403923ebe415489a6fbc8
CRs-Fixed: 880127
|
| |
|
|
|
|
|
|
|
| |
Too many data path log on diag daemon log path
Too many log will effect to data path performance
Only error and fatal log enabled for data path logging
Change-Id: I2a529cec4cea84e0e7333f4b61631fb76e72e26e
CRs-fixed: 884097
|
| |
|
|
|
|
|
|
|
| |
Fix Sec AP startup failure after channel change due to DFS Leak
channel detection and update. Report Channel change event to
hostapd and updated ACS config for new selected channel
Change-Id: I0af792ddc5b1518aaec48d8db762f59195ebfd55
CRs-fixed: 883918
|
| |
|
|
|
|
|
|
|
|
|
| |
In AP_AP case, if Pri AP chooses DFS ch then Sec AP is made to
follow Pri AP config due to MCC DFS ch restriction. So during ACS
procedure Pri AP ACS config is copied to Sec AP ACS config and
there is overwrite of ch list pointer without freeing it first.
Fix mem leak cause by this case.
Change-Id: I5319acaefba7083fa89091e5c3e70078b3a20357
CRs-fixed: 881613
|
| |
|
|
|
|
|
|
|
|
|
| |
As per the current implementation only selected vendor IE's sent from
user space are added as part of additional IE's.
Change made include all the vendor IE's sent from userspace apart
from those populated in driver.
Change-Id: I802222d5903fa11e1880254e2685c3d79e4b2790
CRs-Fixed: 882188
|
| |
|
|
|
|
|
| |
Release 4.0.10.151
Change-Id: I85e6a38ee515043e535fd1ea869046819ea7c5e3
CRs-Fixed: 688141
|
| |
|
|
|
|
|
|
|
|
|
| |
prima to qcacld-2.0 propagation
Add INI param to ignore ERP info in the non 11b AP beacon.
With this param set the 11b protection will be enabled only if
driver receive an 11b beacon.
CRs-Fixed: 853250
Change-Id: I1c7e0e40c609569b322dda3c30fd4a203a2bd987
|
| |
|
|
|
|
|
|
| |
ERROR/FATAL level log should be printed to kmsg by default for better
debug capability.
Change-Id: Iaa8950292556095a6ea90b247b1168e13672750f
CRs-fixed: 882494
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: I2fd466bcbd648a8257682eb51e1d355b5127ead4
CRs-Fixed: 883386
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: Id976862026e69cb77e625fc710cb383c4927190e
CRs-Fixed: 865506
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: Ided39e1b788447093334789018a8571c7be51f11
CRs-Fixed: 865548
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: Id1bf57ac345bc5bbd48fb19e60e54b6c2779d0cd
CRs-Fixed: 865551
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: Id52e85bd6b271dea4324f4e17d6f2aba0a9ecdbf
CRs-Fixed: 865510
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: Ib73f73cdead8e5e68e4f9941ff7969ad0d4ec9c5
CRs-Fixed: 865514
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: I5d86afbc3e0af55d9f0fc6109d5b7011806854de
CRs-Fixed: 865517
|
| |
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len
Change-Id: I2521ee9d90e0e61fe02f69c566cd4c0a0276c1df
CRs-Fixed: 865533
|
| |
|
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len.
Change-Id: I1ce46ee763dbd38a7e6a362d423a8038467ac503
CRs-Fixed: 865527
|
| |
|
|
|
|
|
|
|
|
| |
If (len + 1) is greater than priv_data.total_len then copy_to_user
results in writing more data than the buffer can hold.
Fix this by writing mininum of (len + 1) and priv_data.total_len.
Change-Id: Ida2976d814059738edf746d26ac288ed457c36bd
CRs-Fixed: 865521
|
| |
|
|
|
|
|
|
| |
Change to return -EPERM if WLAN unable to grant IPA CONS resource due
to loading or unloading in progress
Change-Id: Id42b7c1f3994a068c26b0f15bda01a0276a3fe0f
CRs-Fixed: 883424
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the existing design with RunTime feature disabled, When
the host driver receives the PNO matched event, it acquires a wakelock
for 30 sec and expects to receive non-wakeable event
WMI_NLO_SCAN_COMPLETE_EVENTID from the firmware.
With RunTime feature enabled, after receiving the PNO matched event
RunTime PM puts the host back in WoW suspend after 500ms (default).
Since WMI_NLO_SCAN_COMPLETE_EVENTID is not a wakeable event, this event
does not wakeup the host hence PNO scan not completed and PNO is broken.
Fix is to prevent the host to runtime suspend from PNO matched till
host receives PNO scan complete event. Upon receiving PNO scan complete
allow the runtime PM again
Change-Id: I9b82171db6f95fd0dfc1780638a2dee65c89dd9f
CRs-Fixed: 883286
|
| |
|
|
|
|
|
|
|
|
| |
Currently ic_curchan global variable is accesed in different context
resulting in NULL pointer dereference.
Change made to protect concurrent access to shared variable.
Change-Id: I1803dce8477368f834f560dd5aab538148cf6c77
CRs-Fixed: 857660
|
| |
|
|
|
|
|
|
|
|
|
| |
Set phymode to 11ac only when HT Caps and VHT Caps are present.
Earlier we were setting phymode in SME based on HT/VHT capability
independently. If a rogue AP sends only VHT Capability but not HT
capability, our phymode computation was incorrect.
Change-Id: Id3db66798a1a1e3ebc42da59a66cea04093e78aa
CRs-Fixed: 879830
|
| |
|
|
|
|
|
| |
Synchronize get firmware memory dump vendor command.
Change-Id: I2a4ca7595dff603f03d299911c0d27d10df259dc
CRs-Fixed: 880127
|
| |
|
|
|
|
|
| |
Release 4.0.10.150
Change-Id: I5cecfa0a9c00c11908bbedebdb21cab205cb2f9c
CRs-Fixed: 688141
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sme active list lock/mutex is acquired by MC thread and
sme scan active list lock is acquired by NL thread and each
thread is waiting for the other mutex which created
a deadlock in SME.This issue is observed when userspace
scanning is triggered while roaming is active.
To fix this failure modified code flow to acquire sme active
list lock before sme scan active list lock so that deadlock
can be avoided in multi threaded environment.
Change-Id: I5f66af797519adf3b3138cc2456bed95d5896b7d
CRs-Fixed: 881135
|
| |
|
|
|
|
|
| |
Release 4.0.10.149A
Change-Id: I540f587c25611bf4ffe6c95a58da58a39e551ce2
CRs-Fixed: 688141
|
| |
|
|
|
|
|
|
|
| |
As part of cleaning up pending action frame, if timeout happens
for tx cnf event then indicate tx failure status as FAIL and free
cfgState->buf to avoid memory leak.
Change-Id: I6caaa8efeab769cce8c4cdfcc868101e63fd8e76
CRs-Fixed: 880779
|
| |
|
|
|
|
|
| |
Release 4.0.10.149
Change-Id: I6cfdf0e1d8f956466d0a8e10504fefe0135c920e
CRs-Fixed: 688141
|
| |
|
|
|
|
|
|
|
|
| |
Send CCK chain mask before wiphy registration to WMA. During
wiphy registration, there is regulatory callback and the regdomain/CTL
info is sent during that time to firmware. Therefore send CCK chain mask
to WMA before that.
Change-Id: I6fc9c5951ce1b0b37aab42f9a80cf711006f828a
CRs-Fixed: 881894
|
| |
|
|
|
|
|
|
|
| |
Addition of WMI_SOC_SET_DUAL_MAC_CONFIG_CMDID and
WMI_SOC_SET_DUAL_MAC_CONFIG_RESP_EVENTID for Dual
Band Simultaneous feature
Change-Id: I277ca22d09cc0972bd4cb32b07877bdea1bd1744
CRs-Fixed: 865207
|
| |
|
|
|
|
|
| |
add WMI VDEV_PARAM_RTSCTS_RATE
Change-Id: I2b67b80bed002dcae0ce981cc1b4be4cc7013baa
CRs-Fixed: 865207
|
| |
|
|
|
|
|
|
|
| |
This change is to fix a build error when IPA_UC_OFFLOAD is disabled,
due to hdd_ipa_setup_sys_pipe and hdd_ipa_teardown_sys_pipe is defined
in IPA_UC_OFFLOAD build flag.
Change-Id: If64e09c692c2f60a878dabc4a34751ad4110cfb9
CRs-Fixed: 879426
|
| |
|
|
|
|
|
| |
If unload in progress, abort suspend. causes null pointer ref otherwise
Change-Id: Ic9042b615bc1c78a25cf2d64ed1a57b88830d501
CRs-Fixed: 878755
|
| |
|
|
|
|
|
| |
Release 4.0.10.148
Change-Id: I5d5fee8b6dabcb14ccaf388fa16d3a1a26efc5fe
CRs-Fixed: 688141
|
| |
|
|
|
|
|
|
|
|
| |
qcacld-3.0 to qcacld-2.0 propagation.
zero the allocated memory irrespective of it is being allocated
from kernel or wcnss_prealloc pool.
Change-Id: Ic2fdf125fb9d459b3280b11818a846a26b60ff36
CRs-Fixed: 877772
|
| |
|
|
|
|
|
|
| |
Log last 1K physical addresses and corresponding virtual addresses of the
Rx buffers.
Change-Id: I2bb4502fdd92b362199b579ec3cceaa691d4691f
CRs-Fixed: 864569
|
| |
|
|
|
|
|
|
|
|
| |
Fix Static Analysis Issue. Check the array bounds of
whitelist SSID before copying it to the local buffer.
Increment the index only in case of a successful copy.
Log the buffer length in error scenario.
CRs-Fixed: 873262
Change-Id: I9a21b685bf600a7176902f8a6bd766b9c9e2f782
|
| |
|
|
|
|
|
| |
Release 4.0.10.147
Change-Id: Iccb607a28ccb3e254e6531315a71c53b97de8156
CRs-Fixed: 688141
|
| |
|
|
|
|
|
| |
This reverts the commit 592fd6f42edb98d16c2bc5f646e93dcb4a513b84.
CRs-Fixed: 864569
Change-Id: If923fc723d0a1ccca212cb7506ad110c64bb3095
|
| |
|
|
|
|
|
|
|
|
|
| |
We are using topology_physical_package_id macro from linux kernel to
dynamically determine the number of clusters on the APPS processor and
attaching tlshimRxthread to the highest core in a multi-cluster system
during high throughput scenario. This macro is not exported in kernels
earlier than 3.10. Hence adding adding adequate compilation protection.
Change-Id: I003e04303dcc4a8e738997cd15bc3ebe62f314c4
CRs-Fixed: 880469
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Crash happened due to race condition between the cleanup
after 2sec timeout for service ready event from FW and
host sending WMI_INIT_CMID to FW.
As Part of Cleanup, driver cleaned up the Endpoint Variables
and bus layer context, in other context WMI_INIT_CMID calling
bus layer to get the usage count for runtime PM resulted in crash.
Fix is to check for the valid service id in host to target
communication layer before accessing bus layer.
Change-Id: Iaf62846add622ec90b4a57bccf11c69dcc620118
CRs-Fixed: 872466
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In WoW mode, extscan events are embedded inside a WoW event.
The wow event is followed by the payload of the event which generated
the wow event. Payload is 4 bytes of length followed by event buffer.
The first 4 bytes of event buffer is common tlv header, which is a
combination of tag (higher 2 bytes) and length (lower 2 bytes).
The tag is used to identify the event which triggered wow event.
Once the event is identified, extract the event data and invoke the
appropriate event handlers.
Change-Id: I42ff7b3e5b73d98d4f168c5ff54176e0ab73d534
CRs-Fixed: 880356
|
| |
|
|
|
|
|
| |
Change max value of gMaxOffloadPeers and gMaxOffloadReorderBuffs.
Change-Id: I1dcc49d288dfad5206becdb800a7b2cca8d349bf
CRs-Fixed: 879680
|
| |
|
|
|
|
|
|
|
|
|
| |
To remove a race condition between IPA sys pipe and WDI pipes during
WLAN driver load/unload process, changed the sequence of sys pipe tear
down and WDI pipe disable. The new sequence is, tear down sys pipe,
disable WDI Tx pipe, and WDI Rx pipe.
Also moved sys pipe setup after WDI pipe enabled.
Change-Id: I5229bd2c73c9ff8de9a4fb6f12f724437c6225a7
CRs-Fixed: 879426
|
| |
|
|
|
|
|
|
| |
Change to avoid potential out of bound issues when unsafe channel
count parameter is invalid in Channel Avoid callback.
Change-Id: I03c67db776c7ccfe9a13e5b66adf5fa8078987ff
CRs-Fixed: 880305
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In hdd_stop_adapter, issue disconnect is getting called only if
adapter state is connected. This causes race condition between
change_iface and connect req from user, since when hdd_stop_adapter
is called at that time adapter was still connecting and not connected.
This leads to sme close session without disconnecting current
(connecting) session. This would then messup whole lim state machine.
To fix this, in function hdd_stop_adapter code should check
if state is connecting or connected and then issue disconnect
before proceeding further.
Change-Id: I29f325d2784534c1ad5641a4cf08ddd316f9e8a0
CRs-Fixed: 873342
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the current implementation all received management frames
will be queued in PE and processed sequentially.
In PMF SAP mode, if we receive Re/Assoc request frame from
connected peer we will send Re/Assoc response with retry later
status and initiate SA query to connected peer and disconnect if
we didn't receive SA query response with in timeout.
In the issue scenario DOS attack with Assoc/Reassoc frames were
injected on behalf of connected station in PMF mode and due to
flooding of this request frames there is a delay in processing
the SA query response frame sent by peer resulting in disconnection.
Change made to drop queuing Assoc/Reassoc frames sent by connected
peer in the below scenario's.
1)Avoid queuing, if time delta between last and current
Assoc/Reassoc frame is less than 1 sec.
2)Avoid queuing, if SA query is in progress.
Change-Id: Icf31f8efb3bf24dd76a0a2162cab423d4cac12b4
CRs-Fixed: 879505
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
prima to qcacld-2.0 propagation
In wlan_hdd_tdls_check_bmps(), NULL check for pHddTdlsCtx will be
TRUE if TDLS support is not enabled. This leads redundant logs,
as this is called for every scan_done callback.
Call wlan_hdd_tdls_scan_done_callback() only when TDLS support is
enabled.
Change-Id: Ice6f8fb1dc64f0669c19a9b5f5ce3d23c8cdc11c
CRs-Fixed: 672099
|
| |
|
|
|
|
|
|
|
|
| |
prima to qcacld-2.0 propagation
In connected mode, in csrQueueScanRequest(), scan type is hardcoded
to ACTIVE, because of which PASSIVE scan never happen. So, removing
hardcoding SCAN-TYPE to ACTIVE
Change-Id: If31fc40e6379febc31c9fb143f3602915134afd8
CRs-Fixed: 639412
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
prima to qcacld-2.0 propagation
htCapabilty in PE session is set from dot11mode, even before dot11mode
is set.By default dot11mode is 0 (WNI_CFG_DOT11_MODE_ALL) and thus
htCapabilty is always set to 1, even if dot11mode does not indicate
HT or AP does not support HT.
To solve this fill the htCapabilty once dot11mode is updated properly.
CRs-Fixed: 860543
Change-Id: I9228a4e171dfee757b1be71eff440b91bcea63ba
|
