| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
Propagation from qcacld-3.0 to qcacld-2.0
We are transitioning to the new request manager framework. Change
wlan_hdd_set_powersave() and iw_power_offload_callback_fn() to
this framework.
Change-Id: Ia454f5ef59f1e687627ce7275a31f877ce49b4b1
CRs-Fixed: 2207587
|
| | | |_|_|_|_|_|/ / / / / / / /
| |/| | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
It fail to change bandwidth from 40 to 20Mhz in obss case, because
the ch_width_orig is wrongly updated as eHT_CHANNEL_WIDTH_20MHZ(0)
in calling wlan_hdd_cfg80211_start_bss(), then failed to pass check
in __wlan_hdd_cfg80211_set_ap_channel_width() since the target mode
and currnet are the same.
Add extra variable to record ch_witdh from user space, in avoid
of coverting the value by kernel definition to the value by driver
itself definition in standalone ch_width_orig variable.
Change-Id: I3d18dd4e1dbcd7fda863c66e595219b790071ff7
CRs-Fixed: 2171294
|
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | |_|_|_|_|_|_|_|_|_|/ / / /
| |/| | | | | | | | | | | | | |
|
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
Currently, the extra buffer is not freed in the two
copy_to_user() error cases in GETIBSSPEERINFOALL
handling.
Change-Id: I3dbe0b4f923944573f1c866c0c55399e4219a22b
CRs-Fixed: 2216337
|
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / / / / / /
| |/| | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
into wlan-cld2.driver.lnx.1.0
|
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
The abnormal NULL check form cannot be detected by kw. Data used
before NULL check and local address returned by function should
be fixed.
Change the NULL check form. Fix the use before NULL check and
data used before initialization. Fix the LOCRET issue.
Change-Id: Ic1756f0e45de0f407ec9e4193fbbaec885f05f67
CRs-Fixed: 2209931
|
| | |\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | |_|/ / / / / / / / / / /
| | |/| | | | | | | | | | | |
| | | | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | |/ / / / / / / / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
To support sta+ap bridge mode, enable 4address scheme for apq8009
Change-Id: I826578af6788b5fcd38af2ddabc14e0be8773513
CRs-Fixed: 2212614
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
bd_data->length is from firmware message and shouldn't be trusted.
Possible integer overflow may happen. Add check for bd_data->length
before storing bd_data.
Change-Id: Ib4b874dd57e1ff3908360bb207f4185b7050aafc
CRs-Fixed: 2207983
|
| | |\ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | | |_|_|_|_|_|_|_|/ / / /
| | |/| | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Change the scansystimensec to v_U64_t to match
the ktime_get_boot_ns API requirement.
Change-Id: I4e3ea16282b2bfd304c6fb959219664cd16525f7
CRs-Fixed: 2213504
|
| | |\ \ \ \ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / / / / /
| |/| | | | | | | | | | | |
| | | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | |/ / / / / / / / / / /
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Interference AP may be failed to be detected when passive scan
is configured for the OBSS scan of the second AP.
Do active scan for the OBSS scan of the second AP to increase
probability of successful OBSS scan.
Change-Id: Id4f70b5943906b7caf9066ecd582f33eee0cc51c
CRs-Fixed: 2206913
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Propagation from cld3.0 to cld2.0.
In the function wma_passpoint_match_event_handler, fixed param event data
from firmware is filled in the destination buffer and indication is sent
to upper layers. The buffer allocation is done for the size
(wmi_passpoint_event_hdr*) + event->ie_length + event->anqp_length. The
maximum firmware event message size is WMI_SVC_MSG_MAX_SIZE. If either,
ie_length and anqp_length combined is greater than WMI_SVC_MSG_MAX_SIZE or
either of the two exceeds WMI_SVC_MSG_MAC_SIZE, an OOB write will occur in
wma_passpoint_match_event_handler.
Add check to ensure either of the values ie_length or anqp_lenth or
(ie_length + anqp_length) doesnt exceed the WMI_SVC_MAX_SIZE. Return
failure if it exceeds.
Change-Id: I21f473ca0b99ebb8488f2cca3c0774817ea97c3a
CRs-Fixed: 2212696
|
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / / / /
| |/| | | | | | | | | | |
| | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
The full wlan link stats is reported to host by two fw event,
LINK_STATS will come first and then TX_POWER_LEVEL_STATS. After
host receive event TX_POWER_LEVEL_STATS the host will report
wlan link stats to up layer. But LINK_STATS event handler freed the
info memory, so some info of link stats will be lost when
TX_POWER_LEVEL_STATS event handler report link stats to uplayer.
Change-Id: I747e8847c5cd26107852a769258b7503eb87660e
|
| | |\ \ \ \ \ \ \ \ \ \ \ \ |
|
| | | | |/ / / / / / / / / /
| | |/| | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Prima to qcacld-2.0 Propagation
Currently last connection info is not getting cached, so when
GETBSSINFO command comes information is extracted from current
conn_info which does not contain all the information required
as this information is cleared after disconnection.
To address this issue cache the connection info before
clearing it.
Change-Id: I3ec13264f97e7a4d0dc4699b463074062d087e82
CRs-Fixed: 2206502
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Sometimes the host fails to wake up the target. It also
observed that all the read to pci config space returns
invalid values. Since the SSR is not supported on such
non-QC platforms, driver unload will fail.
Avoid setting logpinprogress for such failures.
Change-Id: I5f0e85cdf196386aa3d977690395cef21d064a00
CRs-Fixed: 2165440
|
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / / / /
| |/| | | | | | | | | | |
| | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | | |_|_|_|_|_|/ / / /
| | |/| | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
propagation from qcacld-3.0 to qcacld-2.0
Currently, there is no check of:
1) Firmware event parameters in dbglog_parse_debug_logs(), which can
result in integer underflow.
2) Number of dbg log args against the total length, which can result in
buffer over-read.
To fix this, compare size of firmware event parameters and number of
dbg log args with total buffer length.
Change-Id: I3f6ce2dddda9e583e8abe388a422591f59c0751d
CRs-Fixed: 2205372
|
| | |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | | |_|_|/ / / / / / /
| | |/| | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Fix the error return dismatch due to the error return of
cnss_wlan_query_oob_status() on msm-4.9 is -EINVAL now.
Change-Id: I87f76cb5282e73cff968f8b4261509bb9301ab92
CRs-Fixed: 2208256
|
| | |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | |/ / / / / / / / / /
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Fix the compile warning that the variable is not
initialized on msm-4.9.
Change-Id: If9f465685d414c2d86314f3ed4685b65d5d312d0
CRs-Fixed: 2208290
|
| | |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | |/ / / / / / / / / /
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
propagation from qcacld-3.0 to qcacld-2.0
Add support for indicating the new unified roam event
"cfg80211_roamed" which takes a structure to give roam information
to cfg80211.
Change-Id: I71769666e2112e0f443cb36d7db03cb7bdbaf1f2
CRs-Fixed: 2084891
|
| | | |_|_|_|_|_|/ / / /
| |/| | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
VHT80 operation is not supported in WAPI mode.
Fix is to remove VHT IE from directed probe
request and assoc request frames in wapi mode.
Change-Id: I11afe710cd2de3031ac800f5a2cf312ae367198d
CRs-Fixed: 2180241
|
| | |\ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / /
| |/| | | | | | | | |
| | | | | | | | | | | |
wlan_hdd_execute_remain_on_channel" into wlan-cld2.driver.lnx.1.0
|
| | | | |_|/ / / / / /
| | |/| | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
In function wlan_hdd_execute_remain_on_channel after calling
sme_remain_on_channel Buffer pointed by "pRemainChanCtx" may be freed
in other thread "wlan_hdd_remain_on_channel_callback". UAF will happen
on when accessing "pRemainChanCtx->rem_on_chan_request".
Access pRemainChanCtx only when it is not NULL.
Change-Id: I32696ca9d88bc55f7c9841c7d602f363c35ed49f
CRs-Fixed: 2189054
|
| | |/ / / / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Compile error for mistaking "max_ctx" as "mac_ctx".
Change-Id: I3e607358f0005203aa5ebc3e2b0560ed95764134
Depends-on: 2224583
CRs-Fixed: 2203857
|
| | |\ \ \ \ \ \ \ \ |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Revert the changes of Validating NLA attr in
wlan_hdd_cfg80211_ocb_set_config API to fix the
dsrc_config fail issue.
Change-Id: I5037498a510820a86cba9e61149640a957b46086
CRs-Fixed: 2109727
|
| | |\| | | | | | | |
| | |/ / / / / / /
| |/| | | | | | |
| | | | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | |/ / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The proc_mkdir() fail in hdd_driver_memdump_procfs_init() on multiple
wifi modules case if the first wifi module load successfully. Because
the debug memdump directory which proc_mkdir() created have the same
name and cause proc_mkdir() fail. Then change to use different debug
memdump directory name for different multiple wifi modules.
Change-Id: I272ba5c543ba8d0f964ea66ba0e3eb747c1d306a
CRs-Fixed: 2109727
|
| | |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add support to check FEATURE_BUS_BANDWIDTH comditional compilation.
This will fix compilation error for PCIe device on non MSM platform.
Change-Id: I08846f0d76c9f25394b939c0f4994a29f301ba7e
CRs-Fixed: 2205408
|
| | |\ \ \ \ \ \ |
|
| | | |/ / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If hostapd happens to set new key during SSR, it will
get non-zero return. That results soft ap interface
cannot recover. To fix the problem, directly return
0 if SSR is in progress.
Change-Id: I93059664146b9362013fc17611a926a97a806a2e
CRs-Fixed: 2176244
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
into wlan-cld2.driver.lnx.1.0
|
| | | | |/ / / /
| | |/| | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Propagation from cld3.0 to cld2.0.
Currently variable "tid" is from message, which is used directly
as array size which causes buffer over-write.
To address this issue, add check for the array size.
Change-Id: Idb6bd8ceaa217620a60bc04f2e84a551113e6edb
CRs-Fixed: 2204463
|
| | |\ \ \ \ \ \
| | |/ / / / /
| |/| | | | |
| | | | | | | |
wlan-cld2.driver.lnx.1.0
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Propagation from cld3.0 to cld2.0.
In function lim_parse_kde_elements, while parsing the KDE list from
the assoc response frame, elem_len is obtained from the frame buffer.
elem_len is then used to find the matching OUI for KDE OUI type and
then to calculate data_len based on the offset for the GTK/IGTK data
types.
If the value in elem_len field in the frame is less than the Data
Offset (which includes the OUI and data type) or the GTK/IGTK offset
then a OOB read would occur.
Add checks to validate the elem_len with Data offset and then with
the GTK/IGTK offset based on the data type.
Change-Id: I8ae31c6d6c28e88ad9bda757b3f1ff2585f8a553
CRs-Fixed: 2203857
|
| | |\ \ \ \ \ \
| | |/ / / / /
| |/| | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
In SAP chnage channel process, the channel change param not include
beacon rate, so beacon rate use default value in new channel, this
will cause beacon rate not retained as the setting value.
In this change, add beacon rate in the channel change param.
Change-Id: I56364a091f6787749c45e206c85aaf77d9afb779
CRs-fixed: 2201292
|
| | | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
propagation from qcacld-3.0 to qcacld-2.0
During initializing ibss security settings there is a possibility
of integer underflow while extracting wpa ie because of ie length
check miss.
Add wpa ie length boundary check before extracting wpa ie.
Change-Id: I37d8ee5ea1e1ba12277128a1407783f5647251b6
CRs-Fixed: 2203077
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The flag do_not_roam is set as ture when do connecting with bssid
parameter from supplicant, it will forbid starting roam offload
scan when do connecting with bssid_hint since the do_not_roam is
NOT cleared.
The fix is to set do_roam_flag as false by default, if the bssid
parameter from supplicant is valid, then the flag will be marked
as true as before.
Change-Id: I09b41d20ed4441e8e163b836ff57cb79ef78d556
CRs-Fixed: 2202341
|
| | |\ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The thermal shutdown userspace program is able to send suspend and
resume commands to driver, and get temperature and configuration
parameters from driver. Interfaces are added to support these subcmds.
Change-Id: I2eda66174f84e37eef87a9e9c309a58f3b30b9c5
CRs-Fixed: 2080395
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add check for lim sme state to avoid invoking tear down link with ap
multiple times on receiving multiple peer sta kickout ind from fw or
multiple disassoc frames from peer.
This can lead to calling of csrRoamIssueWmStatusChange() multiple times.
Change-Id: Ie0034abc38331b9f42b2ed0b88a1f078e086fc9a
CRs-Fixed: 2112597
|
