| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add P2P LO attributes
Change-Id: I59eb1cba443b17be6ce01bcb47aeeb6914b7c51a
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Define a series of wmi roam params
Change-Id: Ib2e982e56bbe28c5b8fdc7c66298b317b57b3b0d
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add WMI_COEX_CONFIG_SINK_WLAN_TDM
Change-Id: I9d4ff13f827cf837d8cb36ae98036d1ac49b3d5e
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add WMI_PDEV_PARAM_ABG_MODE_TX_CHAIN_NUM. The Location of
WMI_CTS_CBW is different from the one of firmware.
Change-Id: I65cd4250fb399df8ad6f0de6c4608f6f78d91422
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add WOW_REASON_THERMAL_CHANGE
Change-Id: I44efc377393e4ced90b60097b3604d6b1a8b9dda
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Define WMI_RSRC_CFG_FLAG_TX_PPDU_STATS_ENABLE
Change-Id: I0476ebee7d77a6db64a5aecc15dcc105743c0b0d
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211S
Change-Id: I5137eeb87603d60a1fc7e6fd34efc3fa547440c8
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add wow 11D scan event
Change-Id: I0193907d0e0f8f2bbd69cd3f59fe63fdbfa2691b
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add wmi async/sync scan bitpos and cxn bitpos
Change-Id: I9d58fc0ebd22319ddcdd7299594a6f7fcffd7c8b
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
New room for add new services
Change-Id: Ifc883ce71d45d85fc8d1fff5711fa84ea0140704
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Define WMI_VDEV_PARAM_SMPS_INTOLERANT
Change-Id: I5028cfb1400be03574db60d1ba27ba7ed25ef774
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Define min_candidate_rssi
Change-Id: Ib9553c76732d0584c00f2f9770a41e94ad8a001c
CRs-fixed: 865207
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211R
Change-Id: I964d44b3434d08e1ca6773e0d5db28738f8e35cb
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add sanity check for vdev id in wma_roam_event_callback() to prevent
out of bound access of memory in wma_roam_better_ap_handler().
Change-Id: Ifbcf5023afe8fac3bf1ad59d351a3777d699b0cb
CRs-Fixed: 2127900
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add sanity check for vdev id in wma_scan_event_callback() to
prevent out of bound access of memory.
Change-Id: If9aef3be0ae4f1ae70bc2187321f89cc2dab0749
CRs-Fixed: 2127896
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211Q
Change-Id: Ib0d085d8699df81ebd484240902ad3b9fe4ffda5
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In the function wma_roam_synch_event_handler, vdev_id is received from
the fw and is used to access member of the array wma->interfaces without
validating the max of the vdev_id received from the fw
Add check to make sure vdev_id is less than max_bssid before using it
Change-Id: I3b940e183ab66680891cb7351af4537b50afce1d
CRs-Fixed: 2147083
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211P
Change-Id: I32b2654c5718fed613ceb8b619e4da0d8cf27bd4
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add sanity check to ensure num_failure_info from FW does not cause
integer overflow while calculating alloc_len, as alloc_len is in
turn used to malloc which can lead to less than required memory
allocated in case of integer overflow of alloc_len
Change-Id: Iea93e879196e9cd43856a7dcc9204d2304f76c78
CRs-Fixed: 2143134
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211O
Change-Id: I17f772424f8d8153f734dac1bdd4729d8409d645
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In tlshim_mgmt_rx_process, previous length check is added for
hdr->buf_len and data_len, normally hdr->buf_len should be not
larger than data_len.
when tlshim_mgmt_rx_process is called from __wmi_control_rx,
data_len passed is having complete wmi buffer length;
If called from tlshim_mgmt_roam_event_ind, data_len(last_beacon_len)
is only for TLV size, in this case, length check will fail which
break roaming for WMI_ROAM_REASON_SUITABLE_AP.
Ignore length check when processing WMI_ROAM_REASON_SUITABLE_AP.
regression commit id:
I7f06d81fd18960d0d6c57cdb4594680178022087
Change-Id: Ic386d5c5dd39ccad3bab806957a36361e0d0b1ec
CRs-Fixed: 2144606
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211N
Change-Id: I82fabb7eab62868f5475b6a126db664010a3047c
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In function ProcSetReqInternal, valueLen is obtained from the
message buffer pParam. This valueLen is used as argument to the
function GetStrValue where the contents of the buffer pParam is
copied to pMac->cfg.gSBuffer for valueLen number of bytes. However
the array pMac->cfg.gSBuffer is a static array of size CFG_MAX_STR_LEN.
If the value of valueLen exceeds CFG_MAX_STR_LEN, a buffer overwrite
will occur in GetStrValue.
Add Sanity check to make sure valueLen does not exceed CFG_MAX_STR_LEN.
Change-Id: Id16d4c4b8d2414c00a0fae8f8292f011d0763b84
CRs-Fixed: 2143847
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211M
Change-Id: I196fa1763b9c276bd5fc84563663caeec9f1d3bc
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
qcacld-3.0 to qcacld-2.0 propagation
Move bssDescription to the end of tSirSmeJoinReq since bssDescription
has ieFields at its end which would be corrupted if we dont keep it
at the end of bssDescription. This results in not detecting the IE's
properly after assoc response processing, not setting wpa_rsn flag
in PEER_ASSOC_CMD to fw. The subsequent LFR3 roam if happens in fw
fails because of this.
Keep bssDescription at the end of tSirSmeJoinReq struct and other
structs where bssDescription is used.
Change-Id: I7096f7da0a475b0c63078f3c77fba240a41dfb00
CRs-Fixed: 2147063
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211L
Change-Id: I7daada2a8110c637773068031bbb3b7aeadcfca5
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently resp_event->vdev_id, recevied from the FW, is directly used
to refer to wma->interfaces without validating if the vdev_id is valid.
Add sanity check to make sure vdev_id is less than max_bssid before
using it.
Change-Id: I510466412ae4477a71d54020bfaeccac3430a109
CRs-Fixed: 2127889
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently the mpdu_data_len in Rx pkt meta is not checked for
upper bound in wma_form_rx_packet.
Add sanity check to drop the packet if mpdu_data_len is
greater than 2000 bytes. Also add upper bound check for
frame_len in lim_process_auth_frame function.
Change-Id: Id8d80f892c18d044896224c22b21f667ee30eb6b
CRs-Fixed: 2133040
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211K
Change-Id: Ifb56cfbb932e7749766d6243ed913853f57efcb2
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Check for the upper bounds for number of NOA descriptors
received in the P2P NOA event.
Change-Id: Id7ecf064f2c25f378f76d795902713da8520507f
CRs-Fixed: 2132226
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211J
Change-Id: I226758045706f9b5dd824573262910af1f6b1a02
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add mutex lock to block concurrent threads access power status
debugfs reading operation. This way can avoid the risk of
double free power stats memory buffer.
Change-Id: I3c074a03cd208648fd0ea83d30b9680e5ec9c27b
CRs-Fixed: 2111922
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211I
Change-Id: I068cf62d92766a13c9c013b151e2c106b29df503
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add device_mode check in hdd_ipa_send_pkt_to_tl,
WLAN_HDD_GET_AP_CTX_PTR only can be used in SAP/P2P_GO mode.
Change-Id: Ieb4ce8fb28251432c9f3e22eb945b32f47776380
CRs-Fixed: 2141328
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
add "gStaLocalEDCAForETSI" in INI config to enable
or disable local EDCA parameters for Sta
for AP with valid EDCA params, we should follw it.
while for AP with invalid EDCA param, we can set valid EDCA
params local, not follow AP's.
Change-Id: I4dcc40b3e0aa71afc3146f6e2c9a3d8710d313fc
CRs-Fixed: 2144636
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211H
Change-Id: I700ba960aac9e8a65d75cf3d8048b995a0bf4f0e
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix Out-of-bound access in sapInterferenceRssiCount, by checking
the limit of start address for channel info and end address for
channel info.
Change-Id: If21e09d0f11bd655a8e04139ccf55d3682734b17
CRs-Fixed: 2128512
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211G
Change-Id: I49bafdbc095389280ac7aac45ec5ebc8b2f64a4d
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Check multiple variables received from firmware used to calculate
buf_len to make sure that it does not exceed the max msg size, as
this buf_len is in turn used in malloc and can lead to less than
required memory allocated in case of integer overflow of buf_len
Change-Id: I2689873c2c5e63c83e5059563662c0c69dc659fc
CRs-Fixed: 2143080
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This issue is caused by the wrong band width setting after MCC to SCC at
different band switch.
Change-Id: If5484688424cff5d1762127ce2e0a7aa0d5086d4
CRs-Fixed: 2109735
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There are some macro FEATURE_WLAN_MCC_TO_SCC_SWITCH missing when used some
elements which defined in FEATURE_WLAN_MCC_TO_SCC_SWITCH, and will cause
some compilation errors if not enable this marco. Then add this macro for
these elements which used but missed this macro.
Change-Id: I1c581ed91003cb2033a19e0af2921d76e11f9e59
CRs-Fixed: 2109735
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The current qcacld-2.0 driver does not allow to start p2p client if ap
has already been started and the p2p client's work channel is different
with the ap's work channel. Then add this support for MCC to SCC.
Change-Id: I0140066869fc057374ac10f78bc4a22f310db1be
CRs-Fixed: 2109735
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The current qcacld-2.0 driver does not support the MCC to SCC
for ap and p2p client concurrency mode, and caused the ap's
work channel does not follow p2p client's work channel if the
p2p client started first. Then add this support for MCC to SCC.
Change-Id: I4690a52d64e31e893eea34e846d7da4e98e7f5d8
CRs-Fixed: 2109735
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The current qcacld-2.0 driver does not support the concurrency of
p2p GO and AP. Then add this conncurrency support for MCC to SCC.
Change-Id: I57040454761191defbccfba6291cf00e70188c83
CRs-Fixed: 2109735
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The current qcacld-2.0 driver does not support the MCC to SCC
at different band. Then add the band switch support for MCC to
SCC.
Change-Id: I22ab05b3abaf65c0df0343c3568e1b650acc24ef
CRs-Fixed: 2109735
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211F
Change-Id: Icee6d9901999ad52ed9800cbf24bb0a29ada73cc
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As logP bit is not getting reset in case of USB devices
SSR is not happening and the driver is reloaded because
of USB Reset.
Change-Id: Ia78fb5bcdf762c91ee43067df23b5efaa2046602
CRs-Fixed: 2135433
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211E
Change-Id: Ieb4b1218e464b8ae0ad28e67ea37383bcc067aea
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Once there are many eSmeCommandWmStatusChange in SME CMD pending
queue, smeProcessPendingQueue will be called recursively.
Refine the process logic and process the pending cmd one by one.
Change-Id: I133b024aa28c1d55319c83b26533816f52ea789b
CRs-Fixed: 2138619
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.211D
Change-Id: I55ded778b9e3b3ad45830cb1c11d980b2e723333
CRs-Fixed: 774533
|
