Merge "wlan: Fix pointer dereference KW issues in connect path" into wlan-driver.lnx.1.0
diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h
index 2e3f2a8..059dfe4 100644
--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h
+++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h
@@ -1651,6 +1651,15 @@
void hdd_select_cbmode( hdd_adapter_t *pAdapter,v_U8_t operationChannel);
/*
+ * wlan_hdd_restore_channels() Restore the channels which were cached
+ * and disabled in __wlan_hdd_disable_channels api.
+ * @hdd_ctx: Pointer to the HDD context
+ *
+ * @Return: 0 on success, Error code on failure
+ */
+int wlan_hdd_restore_channels(hdd_context_t *pHddCtx);
+
+/*
* hdd_update_indoor_channel() - enable/disable indoor channel
* @hdd_ctx: hdd context
* @disable: whether to enable / disable indoor channel
diff --git a/CORE/HDD/inc/wlan_hdd_main.h b/CORE/HDD/inc/wlan_hdd_main.h
index fdb877f..b6db4a1 100644
--- a/CORE/HDD/inc/wlan_hdd_main.h
+++ b/CORE/HDD/inc/wlan_hdd_main.h
@@ -1558,6 +1558,17 @@
/** Adapter stucture definition */
+struct hdd_cache_channel_info {
+ int channel_num;
+ int reg_status;
+ int wiphy_status;
+};
+
+struct hdd_cache_channels {
+ int num_channels;
+ struct hdd_cache_channel_info *channel_info;
+};
+
struct hdd_context_s
{
/** Global VOS context */
@@ -1844,6 +1855,9 @@
v_BOOL_t roaming_ini_original;
uint32_t track_arp_ip;
+
+ struct hdd_cache_channels *orginal_channels;
+ struct mutex cache_channel_lock;
};
typedef enum {
@@ -2328,4 +2342,13 @@
}
#endif
+/*
+ * hdd_parse_disable_chn_cmd() - Parse the channel list received
+ * in command.
+ * @adapter: pointer to hdd adapter
+ *
+ * @return: 0 on success, Error code on failure
+ */
+int hdd_parse_disable_chan_cmd(hdd_adapter_t *adapter, tANI_U8 *ptr);
+
#endif // end #if !defined( WLAN_HDD_MAIN_H )
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 55df656..1de0739 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -10625,6 +10625,165 @@
wlan_hdd_disconnect(sta_adapter, eCSR_DISCONNECT_REASON_DEAUTH);
}
+int wlan_hdd_restore_channels(hdd_context_t *hdd_ctx)
+{
+ struct hdd_cache_channels *cache_chann;
+ struct wiphy *wiphy;
+ int freq, status, rfChannel;
+ int i, band_num, channel_num;
+ struct ieee80211_channel *wiphy_channel;
+
+ ENTER();
+
+ if (!hdd_ctx) {
+ hddLog(VOS_TRACE_LEVEL_FATAL, "HDD Context is NULL");
+ return -EINVAL;
+ }
+
+ wiphy = hdd_ctx->wiphy;
+
+ mutex_lock(&hdd_ctx->cache_channel_lock);
+
+ cache_chann = hdd_ctx->orginal_channels;
+
+ if (!cache_chann || !cache_chann->num_channels) {
+ hddLog(VOS_TRACE_LEVEL_INFO,
+ "%s channel list is NULL or num channels are zero",
+ __func__);
+ mutex_unlock(&hdd_ctx->cache_channel_lock);
+ return -EINVAL;
+ }
+
+ for (i = 0; i < cache_chann->num_channels; i++) {
+ status = hdd_wlan_get_freq(
+ cache_chann->channel_info[i].channel_num,
+ &freq);
+
+ for (band_num = 0; band_num < IEEE80211_NUM_BANDS; band_num++) {
+ for (channel_num = 0; channel_num <
+ wiphy->bands[band_num]->n_channels;
+ channel_num++) {
+ wiphy_channel = &(wiphy->bands[band_num]->
+ channels[channel_num]);
+ if (wiphy_channel->center_freq == freq) {
+ rfChannel = wiphy_channel->hw_value;
+ /*
+ *Restore the orginal states
+ *of the channels
+ */
+ vos_nv_set_channel_state(
+ rfChannel,
+ cache_chann->
+ channel_info[i].reg_status);
+ wiphy_channel->flags =
+ cache_chann->
+ channel_info[i].wiphy_status;
+ break;
+ }
+ }
+ if (channel_num < wiphy->bands[band_num]->n_channels)
+ break;
+ }
+ }
+
+ mutex_unlock(&hdd_ctx->cache_channel_lock);
+
+ status = sme_update_channel_list((tpAniSirGlobal)hdd_ctx->hHal);
+ if (status)
+ hddLog(VOS_TRACE_LEVEL_ERROR, "Can't Restore channel list");
+ EXIT();
+
+ return 0;
+}
+
+/*
+ * wlan_hdd_disable_channels() - Cache the the channels
+ * and current state of the channels from the channel list
+ * received in the command and disable the channels on the
+ * wiphy and NV table.
+ * @hdd_ctx: Pointer to hdd context
+ *
+ * @return: 0 on success, Error code on failure
+ */
+
+static int wlan_hdd_disable_channels(hdd_context_t *hdd_ctx)
+{
+ struct hdd_cache_channels *cache_chann;
+ struct wiphy *wiphy;
+ int freq, status, rfChannel;
+ int i, band_num, band_ch_num;
+ struct ieee80211_channel *wiphy_channel;
+
+ if (!hdd_ctx) {
+ hddLog(VOS_TRACE_LEVEL_FATAL, "HDD Context is NULL");
+ return -EINVAL;
+ }
+
+ wiphy = hdd_ctx->wiphy;
+
+ mutex_lock(&hdd_ctx->cache_channel_lock);
+ cache_chann = hdd_ctx->orginal_channels;
+
+ if (!cache_chann || !cache_chann->num_channels) {
+ hddLog(VOS_TRACE_LEVEL_INFO,
+ "%s channel list is NULL or num channels are zero",
+ __func__);
+ mutex_unlock(&hdd_ctx->cache_channel_lock);
+ return -EINVAL;
+ }
+
+ for (i = 0; i < cache_chann->num_channels; i++) {
+ status = hdd_wlan_get_freq(
+ cache_chann->channel_info[i].channel_num,
+ &freq);
+
+ for (band_num = 0; band_num < IEEE80211_NUM_BANDS;
+ band_num++) {
+ for (band_ch_num = 0; band_ch_num <
+ wiphy->bands[band_num]->n_channels;
+ band_ch_num++) {
+ wiphy_channel = &(wiphy->bands[band_num]->
+ channels[band_ch_num]);
+ if (wiphy_channel->center_freq == freq) {
+ rfChannel = wiphy_channel->hw_value;
+ /*
+ * Cache the current states of
+ * the channels
+ */
+ cache_chann->
+ channel_info[i].reg_status =
+ vos_nv_getChannelEnabledState(
+ rfChannel);
+
+ cache_chann->
+ channel_info[i].wiphy_status =
+ wiphy_channel->flags;
+ hddLog(VOS_TRACE_LEVEL_INFO,
+ "Disable channel %d reg_stat %d wiphy_stat 0x%x",
+ cache_chann->
+ channel_info[i].channel_num,
+ cache_chann->
+ channel_info[i].reg_status,
+ wiphy_channel->flags);
+
+ vos_nv_set_channel_state(
+ rfChannel,
+ NV_CHANNEL_DISABLE);
+ wiphy_channel->flags |=
+ IEEE80211_CHAN_DISABLED;
+ break;
+ }
+ }
+ if (band_ch_num < wiphy->bands[band_num]->n_channels)
+ break;
+ }
+ }
+
+ mutex_unlock(&hdd_ctx->cache_channel_lock);
+ sme_update_channel_list((tpAniSirGlobal)hdd_ctx->hHal);
+ return 0;
+}
+
#if (LINUX_VERSION_CODE < KERNEL_VERSION(3,4,0))
static int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter,
struct beacon_parameters *params)
@@ -10682,6 +10841,12 @@
hdd_check_and_disconnect_sta_on_invalid_channel(pHddCtx);
}
+ if (pHostapdAdapter->device_mode == WLAN_HDD_SOFTAP) {
+ /* Disable the channels received in command SET_DISABLE_CHANNEL_LIST*/
+ wlan_hdd_disable_channels(pHddCtx);
+ hdd_check_and_disconnect_sta_on_invalid_channel(pHddCtx);
+ }
+
pHostapdState = WLAN_HDD_GET_HOSTAP_STATE_PTR(pHostapdAdapter);
pConfig = &pHostapdAdapter->sessionCtx.ap.sapConfig;
@@ -10738,7 +10903,8 @@
{
hddLog(VOS_TRACE_LEVEL_ERROR,
"%s: Invalid Channel [%d]", __func__, pConfig->channel);
- return -EINVAL;
+ ret = -EINVAL;
+ goto error;
}
pConfig->user_config_channel = pConfig->channel;
}
@@ -10803,7 +10969,8 @@
if(pIe[1] < (2 + WPS_OUI_TYPE_SIZE))
{
hddLog( VOS_TRACE_LEVEL_ERROR, "**Wps Ie Length is too small***");
- return -EINVAL;
+ ret = -EINVAL;
+ goto error;
}
else if(memcmp(&pIe[2], WPS_OUI_TYPE, WPS_OUI_TYPE_SIZE) == 0)
{
@@ -10929,7 +11096,8 @@
if (pConfig->RSNWPAReqIELength > sizeof(pConfig->RSNWPAReqIE)) {
hddLog( VOS_TRACE_LEVEL_ERROR, "**RSNWPAReqIELength is too large***");
- return -EINVAL;
+ ret = -EINVAL;
+ goto error;
}
pConfig->SSIDinfo.ssidHidden = VOS_FALSE;
@@ -11057,7 +11225,8 @@
if ( 0 != wlan_hdd_cfg80211_update_apies(pHostapdAdapter))
{
hddLog(LOGE, FL("SAP Not able to set AP IEs"));
- return -EINVAL;
+ ret = -EINVAL;
+ goto error;
}
//Uapsd Enabled Bit
@@ -11098,7 +11267,8 @@
if (vos_max_concurrent_connections_reached()) {
hddLog(VOS_TRACE_LEVEL_INFO, FL("Reached max concurrent connections"));
- return -EINVAL;
+ ret = -EINVAL;
+ goto error;
}
pConfig->persona = pHostapdAdapter->device_mode;
@@ -11274,6 +11444,8 @@
return 0;
error:
+ if (pHostapdAdapter->device_mode == WLAN_HDD_SOFTAP)
+ wlan_hdd_restore_channels(pHddCtx);
/* Revert the indoor to passive marking if START BSS fails */
if (iniConfig->disable_indoor_channel) {
hdd_update_indoor_channel(pHddCtx, false);
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index faa0fe6..87d3d6d 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -462,6 +462,32 @@
ret = hdd_enable_disable_ca_event(pHddCtx, command, 16);
}
+ /*
+ * command should be a string having format
+ * SET_DISABLE_CHANNEL_LIST <num of channels>
+ * <channels separated by spaces>
+ */
+ else if (strncmp(command, "SET_DISABLE_CHANNEL_LIST", 24) == 0) {
+ tANI_U8 *ptr = command;
+
+ ret = hdd_drv_cmd_validate(command, 24);
+ if (ret)
+ goto exit;
+
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
+ " Received Command to disable Channels for in %s",
+ __func__);
+ ret = hdd_parse_disable_chan_cmd(pAdapter, ptr);
+ }
+
+ else {
+ MTRACE(vos_trace(VOS_MODULE_ID_HDD,
+ TRACE_CODE_HDD_UNSUPPORTED_IOCTL,
+ pAdapter->sessionId, 0));
+ hddLog(VOS_TRACE_LEVEL_WARN, FL("Unsupported GUI command %s"),
+ command);
+ }
+
exit:
if (command)
{
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index 4fbd761..fee2bc2 100644
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -3200,6 +3200,242 @@
}
#endif
+/**
+ * wlan_hdd_free_cache_channels() - Free the cache channels list
+ * @hdd_ctx: Pointer to HDD context
+ *
+ * Return: None
+ */
+
+static void wlan_hdd_free_cache_channels(hdd_context_t *hdd_ctx)
+{
+ mutex_lock(&hdd_ctx->cache_channel_lock);
+ hdd_ctx->orginal_channels->num_channels = 0;
+ vos_mem_free(hdd_ctx->orginal_channels->channel_info);
+ hdd_ctx->orginal_channels->channel_info = NULL;
+ vos_mem_free(hdd_ctx->orginal_channels);
+ hdd_ctx->orginal_channels = NULL;
+ mutex_unlock(&hdd_ctx->cache_channel_lock);
+}
+
+/**
+ * hdd_alloc_chan_cache() - Allocate the memory to cache the channel
+ * info for the channels received in command SET_DISABLE_CHANNEL_LIST
+ * @hdd_ctx: Pointer to HDD context
+ * @num_chan: Number of channels for which memory needs to
+ * be allocated
+ *
+ * Return: 0 on success and error code on failure
+ */
+
+int hdd_alloc_chan_cache(hdd_context_t *hdd_ctx, int num_chan)
+{
+ if (NULL == hdd_ctx->orginal_channels) {
+ hdd_ctx->orginal_channels =
+ vos_mem_malloc(sizeof(struct hdd_cache_channels));
+ if (NULL == hdd_ctx->orginal_channels) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "In %s, VOS_MALLOC_ERR", __func__);
+ return -EINVAL;
+ }
+ hdd_ctx->orginal_channels->num_channels = num_chan;
+ hdd_ctx->orginal_channels->channel_info =
+ vos_mem_malloc(num_chan *
+ sizeof(struct hdd_cache_channel_info));
+ if (NULL == hdd_ctx->orginal_channels->channel_info) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "In %s, VOS_MALLOC_ERR", __func__);
+ hdd_ctx->orginal_channels->num_channels = 0;
+ vos_mem_free(hdd_ctx->orginal_channels);
+ hdd_ctx->orginal_channels = NULL;
+ return -EINVAL;
+ }
+ } else {
+ /* Same command comes multiple times */
+ struct hdd_cache_channel_info *temp_chan_info;
+
+ if (hdd_ctx->orginal_channels->num_channels + num_chan >
+ MAX_CHANNEL) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: Invalid Number of channel received",
+ __func__);
+ return -EINVAL;
+ }
+
+ temp_chan_info = vos_mem_malloc((
+ hdd_ctx->orginal_channels->
+ num_channels + num_chan) *
+ sizeof(struct hdd_cache_channel_info));
+ if (NULL == temp_chan_info) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "In %s, VOS_MALLOC_ERR",
+ __func__);
+ return -EINVAL;
+ }
+
+ vos_mem_copy(temp_chan_info, hdd_ctx->orginal_channels->
+ channel_info, hdd_ctx->orginal_channels->
+ num_channels *
+ sizeof(struct hdd_cache_channel_info));
+
+ hdd_ctx->orginal_channels->num_channels += num_chan;
+ vos_mem_free(hdd_ctx->orginal_channels->channel_info);
+ hdd_ctx->orginal_channels->channel_info = temp_chan_info;
+ temp_chan_info = NULL;
+ }
+ return 0;
+
+}
+
+
+int hdd_parse_disable_chan_cmd(hdd_adapter_t *adapter, tANI_U8 *ptr)
+{
+ v_PVOID_t pvosGCtx = vos_get_global_context(VOS_MODULE_ID_HDD, NULL);
+ hdd_context_t *hdd_ctx = vos_get_context(VOS_MODULE_ID_HDD, pvosGCtx);
+ tANI_U8 *param;
+ int j, tempInt, index = 0, ret = 0;
+
+ if (NULL == pvosGCtx) {
+ hddLog(VOS_TRACE_LEVEL_FATAL,
+ "VOS Global Context is NULL");
+ return -EINVAL;
+ }
+
+ if (NULL == hdd_ctx) {
+ hddLog(VOS_TRACE_LEVEL_FATAL, "HDD Context is NULL");
+ return -EINVAL;
+ }
+
+ param = strchr(ptr, ' ');
+ /*no argument after the command*/
+ if (NULL == param)
+ return -EINVAL;
+
+ /*no space after the command*/
+ else if (SPACE_ASCII_VALUE != *param)
+ return -EINVAL;
+
+ param++;
+
+ /*removing empty spaces*/
+ while ((SPACE_ASCII_VALUE == *param) && ('\0' != *param))
+ param++;
+
+ /*no argument followed by spaces*/
+ if ('\0' == *param)
+ return -EINVAL;
+
+ /*getting the first argument ie the number of channels*/
+ if (sscanf(param, "%d ", &tempInt) != 1) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: Cannot get number of channels from input",
+ __func__);
+ return -EINVAL;
+ }
+
+ if (tempInt < 0 || tempInt > MAX_CHANNEL) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: Invalid Number of channel received", __func__);
+ return -EINVAL;
+ }
+
+ hddLog(VOS_TRACE_LEVEL_INFO_HIGH,
+ "%s: Number of channel to disable are: %d",
+ __func__, tempInt);
+
+ if (!tempInt) {
+ if (!wlan_hdd_restore_channels(hdd_ctx)) {
+ /*
+ * Free the cache channels only when the command is
+ * received with num channels as 0
+ */
+ wlan_hdd_free_cache_channels(hdd_ctx);
+ }
+ return 0;
+ }
+
+ mutex_lock(&hdd_ctx->cache_channel_lock);
+ if (hdd_alloc_chan_cache(hdd_ctx, tempInt)) {
+ ret = -ENOMEM;
+ goto parse_done;
+ }
+ index = hdd_ctx->orginal_channels->num_channels - tempInt;
+
+ for (j = index; j < hdd_ctx->orginal_channels->num_channels; j++) {
+ /*
+ * param pointing to the beginning of first space
+ * after number of channels
+ */
+ param = strpbrk(param, " ");
+ /*no channel list after the number of channels argument*/
+ if (NULL == param) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s, Invalid No of channel provided in the list",
+ __func__);
+ ret = -EINVAL;
+ goto parse_done;
+ }
+
+ param++;
+
+ /*removing empty space*/
+ while ((SPACE_ASCII_VALUE == *param) && ('\0' != *param))
+ param++;
+
+ if ('\0' == *param) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s, No channel is provided in the list",
+ __func__);
+ ret = -EINVAL;
+ goto parse_done;
+
+ }
+
+ if (sscanf(param, "%d ", &tempInt) != 1) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: Cannot read channel number",
+ __func__);
+ ret = -EINVAL;
+ goto parse_done;
+
+ }
+
+ if (!IS_CHANNEL_VALID(tempInt)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: Invalid channel number received",
+ __func__);
+ ret = -EINVAL;
+ goto parse_done;
+
+ }
+
+ hddLog(VOS_TRACE_LEVEL_INFO, "%s: channel[%d] = %d", __func__,
+ j, tempInt);
+ hdd_ctx->orginal_channels->channel_info[j].channel_num =
+ tempInt;
+ }
+
+ /*extra arguments check*/
+ param = strchr(param, ' ');
+ if (NULL != param) {
+ while ((SPACE_ASCII_VALUE == *param) && ('\0' != *param))
+ param++;
+
+ if ('\0' != *param) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: Invalid argument received", __func__);
+ ret = -EINVAL;
+ goto parse_done;
+ }
+ }
+
+parse_done:
+ mutex_unlock(&hdd_ctx->cache_channel_lock);
+ EXIT();
+
+ return ret;
+}
+
static int hdd_driver_command(hdd_adapter_t *pAdapter,
hdd_priv_data_t *ppriv_data)
{
@@ -6258,6 +6494,25 @@
ret = hdd_enable_disable_ca_event(pHddCtx, command, 16);
}
+ /*
+ * command should be a string having format
+ * SET_DISABLE_CHANNEL_LIST <num of channels>
+ * <channels separated by spaces>
+ */
+ else if (strncmp(command, "SET_DISABLE_CHANNEL_LIST", 24) == 0) {
+ tANI_U8 *ptr = command;
+ ret = hdd_drv_cmd_validate(command, 24);
+ if (ret)
+ goto exit;
+
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
+ " Received Command to disable Channels %s",
+ __func__);
+ ret = hdd_parse_disable_chan_cmd(pAdapter, ptr);
+ if (ret)
+ goto exit;
+ }
+
else {
MTRACE(vos_trace(VOS_MODULE_ID_HDD,
TRACE_CODE_HDD_UNSUPPORTED_IOCTL,
@@ -13407,6 +13662,7 @@
hdd_assoc_registerFwdEapolCB(pVosContext);
+ mutex_init(&pHddCtx->cache_channel_lock);
goto success;
err_open_cesium_nl_sock:
diff --git a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
index d7f8e92..12e2b94 100644
--- a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
+++ b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
@@ -2127,6 +2127,9 @@
}
}
+ if (pAdapter->device_mode == WLAN_HDD_SOFTAP)
+ wlan_hdd_restore_channels(pHddCtx);
+
/* Mark the indoor channel (passive) to enable */
if (pHddCtx->cfg_ini->disable_indoor_channel) {
hdd_update_indoor_channel(pHddCtx, false);
diff --git a/CORE/MAC/src/pe/lim/lim_mbb.c b/CORE/MAC/src/pe/lim/lim_mbb.c
index 9cd3501..3a96871 100644
--- a/CORE/MAC/src/pe/lim/lim_mbb.c
+++ b/CORE/MAC/src/pe/lim/lim_mbb.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -765,6 +765,7 @@
{
limLog(mac, LOGE,
FL("call to AllocateMemory failed for pReassocReq"));
+ vos_mem_free(reassoc_req);
goto end;
}
vos_mem_set((void *) pReassocReq, nSize, 0);
@@ -775,13 +776,13 @@
{
limLog(mac, LOGE,
FL("received SME_REASSOC_REQ with invalid data"));
+ vos_mem_free(reassoc_req);
goto end;
}
ft_session_entry = mac->ft.ftPEContext.pftSessionEntry;
ft_session_entry->pLimReAssocReq = pReassocReq;
- vos_mem_free(reassoc_req);
add_bss_params = mac->ft.ftPEContext.pAddBssReq;
@@ -789,6 +790,7 @@
if (NULL == mlm_reassoc_req) {
limLog(mac, LOGE,
FL("call to AllocateMemory failed for mlmReassocReq"));
+ vos_mem_free(reassoc_req);
goto end;
}
@@ -800,11 +802,13 @@
if (cfgGetCapabilityInfo(mac, &caps, ft_session_entry) != eSIR_SUCCESS) {
limLog(mac, LOGE, FL("could not retrieve Capabilities value"));
vos_mem_free(mlm_reassoc_req);
+ vos_mem_free(reassoc_req);
goto end;
}
lim_update_caps_info_for_bss(mac, &caps,
reassoc_req->bssDescription.capabilityInfo);
+ vos_mem_free(reassoc_req);
limLog(mac, LOG1, FL("Capabilities info Reassoc: 0x%X"), caps);
@@ -1275,7 +1279,6 @@
vos_mem_free(del_sta_params);
lim_msg->bodyptr = NULL;
}
-
/* Connected AP lim cleanup.*/
lim_cleanup_connected_ap(mac, sta_ds, session_entry);
@@ -1334,6 +1337,8 @@
void lim_cleanup_connected_ap(tpAniSirGlobal mac, tpDphHashNode sta_ds,
tpPESession session_entry)
{
+ if (!sta_ds || !session_entry)
+ return;
lim_cleanup_rx_path_mbb(mac, sta_ds, session_entry);
limDeleteDphHashEntry(mac, sta_ds->staAddr,
sta_ds->assocId, session_entry);
@@ -1437,7 +1442,6 @@
vos_mem_free(delbss_params);
lim_msg->bodyptr = NULL;
}
-
lim_cleanup_connected_ap(mac, sta_ds, session_entry);
ft_session_entry = peFindSessionByBssid(mac,
@@ -1564,6 +1568,10 @@
if(add_bss_params == 0)
goto end;
+ if (!sta_ds) {
+ limLog(mac, LOGE, FL("DPH Entry for STA missing"));
+ goto end;
+ }
limLog(mac, LOG1, FL("Add BSS RSP received. Status:%d"),
add_bss_params->status);
diff --git a/CORE/SAP/src/sapFsm.c b/CORE/SAP/src/sapFsm.c
index 8871079..fde794e 100644
--- a/CORE/SAP/src/sapFsm.c
+++ b/CORE/SAP/src/sapFsm.c
@@ -1261,6 +1261,7 @@
VOS_TRACE(VOS_MODULE_ID_SAP, VOS_TRACE_LEVEL_ERROR,
"In %s, NULL hHal in state %s, msg %d",
__func__, "eSAP_STARTING", msg);
+ return eHAL_STATUS_INVALID_PARAMETER;
}
vosStatus = sme_roam_csa_ie_request(hHal, sapContext->bssid,
sapContext->ecsa_info.new_channel,
diff --git a/CORE/SAP/src/sapModule.c b/CORE/SAP/src/sapModule.c
index e4a1e9a..20febb5 100644
--- a/CORE/SAP/src/sapModule.c
+++ b/CORE/SAP/src/sapModule.c
@@ -558,25 +558,20 @@
)
{
ptSapContext pSapCtx = NULL;
- VOS_STATUS status = VOS_STATUS_SUCCESS;
-
pSapCtx = VOS_GET_SAP_CB(pvosGCtx);
if ( NULL == pSapCtx )
{
VOS_TRACE( VOS_MODULE_ID_SAP, VOS_TRACE_LEVEL_INFO_HIGH,
"%s: Invalid SAP pointer from pvosGCtx", __func__);
- status = VOS_STATUS_E_INVAL;
+ return VOS_STATUS_E_INVAL;
}
- if (pSapCtx->sapsMachine == eSAP_STARTED) {
- *sessionId = pSapCtx->sessionId;
- status = VOS_STATUS_SUCCESS;
- }
- else
- status = VOS_STATUS_E_FAILURE;
+ if (pSapCtx->sapsMachine != eSAP_STARTED)
+ return VOS_STATUS_E_FAILURE;
- return status;
+ *sessionId = pSapCtx->sessionId;
+ return VOS_STATUS_SUCCESS;
}
/*==========================================================================
FUNCTION WLANSAP_StartBss
diff --git a/CORE/SYS/legacy/src/utils/src/parserApi.c b/CORE/SYS/legacy/src/utils/src/parserApi.c
index bf8458b..99833a4 100644
--- a/CORE/SYS/legacy/src/utils/src/parserApi.c
+++ b/CORE/SYS/legacy/src/utils/src/parserApi.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -5607,6 +5607,12 @@
{
tDot11fIERSN *pdot11f_rsn;
pdot11f_rsn = vos_mem_malloc(sizeof(tDot11fIERSN));
+ if (!pdot11f_rsn) {
+ dot11fLog(pmac, LOGE,
+ FL("Memory allocation failes for RSN IE"));
+ return;
+ }
+
vos_mem_set(pdot11f_rsn, sizeof(tDot11fIERSN), 0);
/* Assign RSN IE for Software AP Authentication offload security */
if (pmac->sap_auth_offload && pmac->sap_auth_offload_sec_type)
diff --git a/CORE/TL/src/wlan_qct_tl.c b/CORE/TL/src/wlan_qct_tl.c
index 6846f66..845a58d 100644
--- a/CORE/TL/src/wlan_qct_tl.c
+++ b/CORE/TL/src/wlan_qct_tl.c
@@ -14483,8 +14483,8 @@
WLANTL_CbType* pTLCb = NULL;
pTLCb = VOS_GET_TL_CB(pvosGCtx);
- pTLCb->pfnEapolFwd = pfnFwdEapol;
-
+ if (pTLCb)
+ pTLCb->pfnEapolFwd = pfnFwdEapol;
}
/**
diff --git a/CORE/TL/src/wlan_qct_tl_ba.c b/CORE/TL/src/wlan_qct_tl_ba.c
index 166e6d6..f65ed03 100644
--- a/CORE/TL/src/wlan_qct_tl_ba.c
+++ b/CORE/TL/src/wlan_qct_tl_ba.c
@@ -132,7 +132,7 @@
WDI_DS_RxMetaInfoType *pRxMetadata;
vos_pkt_t *pCurrent;
vos_pkt_t *pNext;
- v_S15_t seq;
+ v_S15_t seq = 0;
v_U32_t cIndex;
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
diff --git a/CORE/VOSS/inc/vos_nvitem.h b/CORE/VOSS/inc/vos_nvitem.h
index c180d1c..3880855 100644
--- a/CORE/VOSS/inc/vos_nvitem.h
+++ b/CORE/VOSS/inc/vos_nvitem.h
@@ -736,6 +736,17 @@
v_U32_t rfChannel
);
+/*
+ *vos_nv_set_Channel_state - API to set the channel state in NV table
+ *@rfChannel - input channel enum
+ *@channel_state - state of the channel to be set
+ * enabled
+ * disabled
+ * DFS
+ * Return - Void
+ */
+void vos_nv_set_channel_state(v_U32_t rfChannel, int channel_state);
+
VOS_STATUS vos_init_wiphy_from_nv_bin(void);
/**------------------------------------------------------------------------
diff --git a/CORE/VOSS/src/vos_api.c b/CORE/VOSS/src/vos_api.c
index 6dd7f8c..3662123 100644
--- a/CORE/VOSS/src/vos_api.c
+++ b/CORE/VOSS/src/vos_api.c
@@ -3898,7 +3898,7 @@
pAdapterNode = pNext;
}
if (pAdapter)
- pAdapter->hdd_stats.hddArpStats.tx_host_fw_sent++;
+ pAdapter->hdd_stats.hddArpStats.tx_host_fw_sent++;
}
/**
@@ -3938,9 +3938,8 @@
status = hdd_get_next_adapter (pHddCtx, pAdapterNode, &pNext);
pAdapterNode = pNext;
}
-
if (pAdapter)
- pAdapter->hdd_stats.hddArpStats.rx_host_drop_reorder++;
+ pAdapter->hdd_stats.hddArpStats.rx_host_drop_reorder++;
}
v_BOOL_t vos_check_monitor_state(void)
diff --git a/CORE/VOSS/src/vos_nvitem.c b/CORE/VOSS/src/vos_nvitem.c
index 1b6f1b8..cf7aef9 100644
--- a/CORE/VOSS/src/vos_nvitem.c
+++ b/CORE/VOSS/src/vos_nvitem.c
@@ -2634,6 +2634,39 @@
return VOS_STATUS_SUCCESS;
}
+/*
+ *vos_nv_set_Channel_state - API to set the channel state in NV table
+ *@rfChannel - input channel enum
+ *@channel_state - state of the channel to be set
+ * enabled
+ * disabled
+ * DFS
+ * Return - Void
+ */
+void vos_nv_set_channel_state(v_U32_t rfChannel, int channel_state)
+{
+ v_U32_t channelLoop;
+ eRfChannels channelEnum = INVALID_RF_CHANNEL;
+
+ for (channelLoop = 0; channelLoop <= RF_CHAN_165; channelLoop++) {
+ if (rfChannels[channelLoop].channelNum == rfChannel) {
+ channelEnum = (eRfChannels)channelLoop;
+ break;
+ }
+ }
+
+ if (INVALID_RF_CHANNEL == channelEnum) {
+ VOS_TRACE(VOS_MODULE_ID_VOSS, VOS_TRACE_LEVEL_ERROR,
+ "vos_nv_set_channel_state, invalid channel %d",
+ rfChannel);
+ return;
+ }
+
+ pnvEFSTable->
+ halnv.tables.regDomains[temp_reg_domain].channels[channelEnum].enabled =
+ channel_state;
+}
+
/**------------------------------------------------------------------------
\brief vos_nv_getChannelEnabledState -
\param rfChannel - input channel enum to know evabled state