wlan_mlo_parse_t2lm_info() does not check ie_len boundary before
accessing optional elements. This could lead to OOB access if presence
bit is set but its corresponding sub-field is not present in the frame.
Add the necessary boundary checks before accessing optional sub-fields
when its presence bit is set.
Change-Id: Icfc079c460e5ad3382507c11b60ef6541e9baf5e
CRs-Fixed: 3895196
FP16 is a special compression technique introduced for RGBA16 format from
UBWC 4.3 onwards. Hence, disable it to correctly configure UBWC 4.0.
Change-Id: I742a29bdddbb93dd9da4ef7b0ff05fc4b020a229
Signed-off-by: Kaushal Sanadhya <quic_ksanadhy@quicinc.com>
Keep compander on when headphones power off, but
disconnect comp port. it can fix the pop issue
when device switch to speaker,
and it won't cause any issue.
Change-Id: I6c166fb59609bc26044329300441978b81f61784
Signed-off-by: Yuhui Zhao <quic_yuhuzhao@quicinc.com>
when swr clk is 48Mhz, the swr base clk and clk scale
should be 19.2Mhz and DIV4.
when swr clk is 96Mhz, the swr base clk and clk scale
should be 19.2Mhz and DIV2.
Change-Id: I5beda01b024946cd7b54785ecfab91e3d0edc94f
Signed-off-by: Yuhui Zhao <quic_yuhuzhao@quicinc.com>
Deepsleep & hibernate entry/exit SSR API's are same as
regular SSR usecases. Clean up the unused deepsleep API's.
Change-Id: I82745f13b679c473184a31c561a12c56a54b08ca
Signed-off-by: Pavan Kumar M <quic_rpavan@quicinc.com>
Fix length check and add sub_copy and length
subie_len checks before accessing extn_elem to avoid any
OOB read.
Change-Id: I85ea636d5fe64e8508e91b06f0302d5f6258e583
CRs-Fixed: 3800831
Currently HAL_RX_GET_64 is used in monitor API to access TLV fields
In case of kiwi TLVs has 64-bit tlv fields. But in case of peach
tlv fields are changed to 32-bit which is results in wrong value
access.
To fix the issue use HAL_RX_GET and define common 32-bit HAL macros
to access TLV fields.
CRs-Fixed: 3694842
Change-Id: I9eee7e7e25147863f11f59655693dfea2b1832a0
Change 1. In the API hdd_get_roam_chan_from_fw
Changed the return type form static uint32_t to static int
Change 2. In the API set_first_connection_operating_channel
Changed the wrong return value -EINVAL to return set_value
Change 3. In the API set_second_connection_operating_channel
Changed operating_channel == 0 to !operating_channel and
return -EINVAL to return set_value
Change 4. In the API hdd_update_tgt_cfg
Removed the unused variable status = false
Change 5. In API sme_set_ht2040_mode
Changed the cb_mode condition from if(!session->cb_mode) to
session->cb_mode==PHY_SINGLE_CHANNEL_CENTERED
CRs-Fixed: 3891029
Change-Id: I697a915bf10ed2b331198a1621f75ffe7259628d
-Add check for new hw modes, while advertising emlsr capability
in mlo ie and assoc request.
-Add new config emlsr feature flag for ganges.
CRs-Fixed: 3636676
Change-Id: I13038efe4d5001d480ae24fe7da135474eb8a3f1
Fix possible race condition in data->type value in case of multithreaded
listener or app IOCTLs.
For example, below could cause inconsistent data->type value while
racing belows IOCTLs
Thread1 with QSEECOM_IOCTL_REGISTER_LISTENER_REQ
Thread2 with QSEECOM_IOCTL_UNREGISTER_LISTENER_REQ.
Change-Id: Id4f0ffcbff70bfbf13423f9f080fbaf51759ad82
Signed-off-by: Nishant Pandey <quic_nishpand@quicinc.com>
Signed-off-by: Divisha Bisht <quic_divibish@quicinc.com>
Driver re-generates the RSNXE with length 1, if the peer AP
supports only 1 octet of RSNXE. During this IE creation,
driver creates an empty RSNXE if none of the caps are set
by userspace in the first octet.
To fix this, do not re-generate the RSNXE if none of the caps
are set in first octet.
Change-Id: I6ca855cd907e49af62d9afe804b9f73eea97332e
CRs-Fixed: 3901178
