| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206Y
Change-Id: I055629622a3433f796ace5e5615a9e194028d004
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Allocation of memory for assoc resp fails
when frame length is zero and error message
is displayed.
Fix is to allocate memory only when frame length
is greater than zero.
Change-Id: I6c3a457b7eb9d49fa67bee7570594dd81c2eb3d7
CRs-Fixed: 2060384
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206X
Change-Id: Ia57aba00a75ee9b63c0e3e4e7b7f8d50722244a8
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In random testing cases, the SAP close may be called even before the BSS
is started. In such cases the SAP callback may not have been registered
and such scenarios may lead to unnecessary assertion. Just returning an
errror should do.
Remove the assert but retain the error notification.
Change-Id: Ief9ea45d2d7f3d910766e73a9e0dca5e34c85905
CRs-Fixed: 2053618
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206W
Change-Id: I6d94d897190d124f706c91d2806a682b2d1ac9f3
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There is a possibility to read uninitialized memory within api
__wlan_hdd_cfg80211_testmode.
To resolve this issue, initilaize buffer hb_params with zero.
Change-Id: Ia8061610a8c35aa7290177c0dcd2c5c36d9fcb35
CRs-Fixed: 2061755
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206V
Change-Id: I79fdfb2ab96596c4e1d59d0006da8605aa4797f9
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There is a possibility of OOB memory access within api
wlan_hdd_qcmbr_command.
To resolve this issue add appropriate buffer length check before
using the buffer.
Change-Id: I3bc0bb74e07fbf4b5c1f2163c9fb0b80d8839d0d
CRs-Fixed: 2060990
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In SSR case, vos_shutdown will be invoked.
In which function, tx_desc pool(cacheable_pages/dma_pages) is freed
in WLANTL_Close, before it is accessed in HTCStop/ol_tx_download_done_base.
Correct the clean up sequence in vos_shutdown(), to align with vos_close().
Refer to CR for more detail.
CRs-Fixed: 2070894
Change-Id: I050b5422c7941d902435c8a2bd3b07c78f4ea087
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206U
Change-Id: I7f95025c355cd597c3a24e46731569deb53cc754
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
qcacld-3.0 to qcacld-2.0 propagation
Add check for buffer length in function sme_set_ft_ies.
Change-Id: I7adc56e23316c0ceb193a5bdf8c4c0b5f4fbd20a
CRs-Fixed: 2070583
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206T
Change-Id: I62f01728a5eda02bcdfef63e802bc78fa0064106
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove the code related to mmap functionality for pktlog
as it is no longer used/required.
Change-Id: I06767f108c0ff6462a9e20e7b50d08bf4ac9555f
CRs-Fixed: 2064767
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206S
Change-Id: I1316f4a35e1e273f0388fec44c2c160359dc8981
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Restrict the pktlog buffer size to a minimum of 1MB and maximum
of 16MB using pktlogconf tool or through sysctl command.
CRs-Fixed: 2064785
Change-Id: I2951de86de083b610bb114ff4b9ddcb51c4c3042
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Propagation from qcacld-3.0 to qcacld-2.0
There are currently three issues which can result in a buffer overread
when processing PNO vendor commands:
1) __wlan_hdd_cfg80211_set_passpoint_list() specifies the wrong policy
when invoking nla_parse().
2) hdd_extscan_passpoint_fill_network_list() does not specify a policy
when invoking nla_parse().
3) __wlan_hdd_cfg80211_set_epno_list() specifies a policy but not all
of the attributes that are parsed are present in the policy.
To prevent buffer overread:
1) Update __wlan_hdd_cfg80211_set_passpoint_list() and
hdd_extscan_passpoint_fill_network_list() to use the policy
wlan_hdd_pno_config_policy.
2) Update wlan_hdd_pno_config_policy to contain all the fixed-length
attributes needed by __wlan_hdd_cfg80211_set_passpoint_list(),
hdd_extscan_passpoint_fill_network_list(), and
__wlan_hdd_cfg80211_set_epno_list().
Change-Id: I4a20e77ce87967ae78323b83a2aa9085fed2647f
CRs-Fixed: 2058447
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206R
Change-Id: Ie1bdc1f15f1c337eee6868739f8a92a419fbddae
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Calling function VOS_BUG after vos_force_fw_dump is the reason of
the issue, because vos_force_fw_dump will send the firmware dump
operate to work queue, and VOS_BUG will trigger crsh immediately,
so host crash will be happened before firmware dump finish.
For vos_force_fw_dump, it will trigger subsystem_restart_dev after
dump firmware finished, so delete VOS_BUG after vos_force_fw_dump.
Change-Id: I0d779e90ce0f50dc033f0efc30f3e724a4b797de
CRs-fixed: 2067704
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206Q
Change-Id: I9aaef2c996180b0d7fdb33738a598830cfc309c5
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Propagation from qcacld-3.0 to qcacld-2.0
Currently in oem_cmd_handler() the CLD80211_ATTR_DATA is processed as
an OEM message without first verifying that the payload has a
sufficient length. This can lead to overreading the buffer. Add length
checks to make sure the payload is large enough to hold the message it
is supposed to encapsulate.
Change-Id: Ifaa7d1cce5bd427bfeca14cab5a44c4cb72ce59f
CRs-Fixed: 2058471
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206P
Change-Id: I435a77575ff8374471ecc1f1af931ebc63af2d23
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, Host enables sif burst for pdev after vdev creation.
If hardware receive any bad packet after vdev creation then if
host issue sif burst command, it leads to hardware reset and
target is getting asserted.
As a part of fix, Host Enables sif burst prior to vdev creation.
Change-Id: I3f820001e44b5d943ef856c6175de9eee2c5edad
CRs-Fixed: 2056923
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206O
Change-Id: I2e3e877429ce9abd294e74deebd048d5c7acc85a
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
qcacld-3.0 to qcacld-2.0 propogation
__wlan_hdd_cfg80211_txpower_scale_decr_db() calls nla_parse without
specifying a policy. Specify an nla policy with the expected attribute
information when calling nla_parse in
__wlan_hdd_cfg80211_txpower_scale_decr_db().
Change-Id: I219190726ccb19cb8849177888bca859da1c76db
CRs-Fixed: 2059715
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixing copyright markings that are wrongly updated in
commit : 50d1da1875ed700f0423f6b60f190e6a8407b0fb
New dot11f files are generated.The wrong copyright and extra
spaces are removed.Also there are minor changes in dot11f.c
due to the recommened tool version used.
dot11f.frms is corrected to include the commented out OUI
fields.
CRs-Fixed: 2064227
Change-Id: I4467cc06418c45649f47666c4961952be55cd1b1
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206N
Change-Id: I2c94a6ad7af7f69c773bec928d1bd9269270b122
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently to get clock boottime, vos_get_monotonic_boottime_ns
api is getting used which does not include the suspend time.
To include the system suspend time also in clock boottime, use
ktime_get_boot_ns api.
Change-Id: Ibcc628c315201fa3ced7e1ad96753772d91707b2
CRs-Fixed: 2067770
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206M
Change-Id: Ife849721fc1ebd337a2a4d732346967f04fd85d7
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently there is no nl policy defined for vendor sub command
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX which may result in
buffer overread error.
To resolve this, add nl policy.
Change-Id: Ib5d3c34dbcec29a98766753efc4e9c4ecf748c2e
CRs-Fixed: 2059701
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206L
Change-Id: I5e9b164887bb3fc4be4681da9a9bd3de8c48ceac
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In get oui ie command API, ie pointer read out
of boundary.
Return NULL if ie length is less than oui size.
CRs-Fixed: 2061971
Change-Id: I13375d3bfa472eda25d8d6191431dd1f79bf5842
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206K
Change-Id: I5c8732fde28e3510dee92c11967e850552dfd49b
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Once bus request is used up, WMI traffic would be blocked and
some undetermined senario would be hit.
A dymanic list is used in this change. It will increase once
no more bus request in the free queue if module parameter
dynamic_busreq is set.
Change-Id: Iaf56747a9c4bdf2191227b6667f5b4b1200c3c1f
CRs-Fixed: 2065303
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Correct the wrong netdev state print in hdd_cfg80211_scan_done_callback.
CRs-fixed: 2067873
Change-Id: I53d3fc4500c3f95055c17121da7264610f499644
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
propagation from qcacld-3.0 to qcacld-2.0
In cnss_diag_cmd_handler(), add length check for the command attribute.
This prevents possibility of a buffer overread or underrun.
Also add audit comment to express the intent why policy table
is not used in this API.
Change-Id: I023bbf3789498f315fd1bff8db8ef8257abb2b04
CRs-Fixed: 2061899
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206J
Change-Id: Ib3b34994f5f9e1c1a54a6ac0a89f2ff0eb61bd6c
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Current FEATURE_BUS_BANDWIDTH will dynamicly add/remove pm qos based on
current traffic load. When driver unloading, pm qos might be not removed
properly which will cause a warning. So, remove pm qos when driver
unloading if pm qos already added.
CRs-fixed: 2065382
Change-Id: Icbd15f6a1d2f83e9e4c54f6d093562472f855177
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Prev_drop variable is declared in while loop. It will cause droplist
corruption in packet injection mode. Move prev_drop variable out of
while loop.
CRs-fixed: 2065523
Change-Id: Ib4aeaaada94d3b98ed9504a7318aa46f6d37902a
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206I
Change-Id: Id9a28baf39902dba6eb1368e348a869270a9d966
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
qcacld-3.0 to qcacld-2.0 propagation
With current code, as soon as change interface command comes to
convert interface type to AP, it removes p2p device adapter which
is not required. In new platform, various concurrencies are supported
which includes SAP+GO, SAP+STA+GO, and so on. To make these
concurrencies work properly, no longer remove the p2p device adapter
when SAP comes up.
Change-Id: Icb1729f25e0604e0c342a136d9b4cf332e50d7c8
CRs-Fixed: 2063956
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When PTP is enabled, WLAN FW will disable HTC credit report to
WLAN host to enhance performance. Thus, WLAN host need to disable
credit flow control to align this change accordingly.
Change-Id: I243a5fb9ce006e4c4cd46d7777a38431118fadf7
CRs-Fixed: 2061837
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This change reverts commit I0fd8db6104759121f984f9d5c090d8e3d5c8108f
and commit I11a6427d0c35cb6247e57950a7e35e92a778978e.
Additional eCSR_ROAM_LOSTLINK_DETECTED process in hdd_smeRoamCallback
is leading early disconnection indication to cfg80211, even before
VDEV clean up done (before vdev_stop & vdev_down). The early
disconnection indication will change the state machine of upper,
and allow wlan_hdd_cfg80211_connect to be invoked during VDEV clean up.
It finally causes the connection request stuck in active command list,
due to incorrect eCsrRoamState, and crash after timeout.
Refer to CR for more discussion in detail.
CRs-Fixed: 2064675
Change-Id: Ic286e60bdd9d0aac7ba16dab5c8f6b874c62024d
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206H
Change-Id: I3157aaead8922897534d7fa0f5a59d19b8036855
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently attributes are not validated in __wlan_hdd_cfg80211_do_acs,
this can lead to a buffer overread.
To resolve this issue, Define an nla_policy and validate the
attributes.
CRs-Fixed: 2058448
Change-Id: Ic1bd5abbef09407f925625b709f10cf9cb7c3d7f
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Local buffer is shared to send radiotap buffer. When packets are send
very quickly, previous packet buffer might be overwritten. To fix it,
add radiotap buffer in tx desc so that each packet has its own radiotap
buffer.
CRs-fixed: 2064779
Change-Id: I5a120e52f7ab5dcaf49343cdad8c03140ae84129
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206G
Change-Id: I6fadf023a725ca03d7842686b4a6f9695e41e97e
CRs-Fixed: 774533
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently there are multiple cfg80211 vendor commands where MAC
address attributes are defined in a nla_policy table with a type of
NLA_UNSPEC but without a minimum length. Add the proper minimum length
to avoid buffer overread.
Change-Id: I11ff2bd813dc4e6784a7cdee66a0c10ca0e69fcf
CRs-Fixed: 2061251
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently the QCA_WLAN_VENDOR_ATTR_NDP_IFACE_STR nla_policy specifies
a type of NLA_STRING, but the underlying implementation expects a
NUL-terminated string. Update the policy to correctly use a type of
NLA_NUL_STRING with the len updated to remove the allocation needed
for the terminating NUL.
Change-Id: Ic73241511ab73ae63fd7c1a8d6422da91931919c
CRs-Fixed: 2061688
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently QCA_WLAN_VENDOR_ATTR_CONFIG_FINE_TIME_MEASUREMENT is not
properly represented in the wlan_hdd_wifi_config_policy table, so add
a proper initializer.
Change-Id: I95ba66337c30cae67b23c9942b9360522ad60df0
CRs-Fixed: 2061241
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Release 4.0.11.206F
Change-Id: I04f5c2f94e3b3b5547c031bb75b9abbf47ce062a
CRs-Fixed: 774533
|
