A race condition has been observed between outgoing TX traffic and
peer deletion when DUT has concurrent SAP(DBS) and STA sessions in 5G
and 2G respectively and the peer connected to SAP moves away triggering
peer deletion at DUT. Due to peer being deleted, the vdev corresponding
to the peer is void which results in a crash in ol_tx_data function
while trying to send Tx data.
Fix crash by checking for a null vdev in ol_tx_data.
CRs-Fixed: 1012681
Change-Id: Id0aab4b1f03ed24dfb55e09fa1a115edfdfcce84
qcacld-2.0 to qcacld-3.0 propagation.
Do not allocate single large chunk of memory for rx hash
to avoid memory allocation failure. This change uses array
of pointers to reduce single large chunck of allocation.
Change-Id: I2aa7239be924b63c87f1044a74176a101d952108
CRs-Fixed: 954302
Add histogram for MSDUs per HTT RX indication
message and update drop counters in RX path.
Change-Id: Ia861f6cd3d6a91f01a07f9bc4e2bc3afcf62c8f2
CRs-Fixed: 999861
If lro_disable is called after cds_close, which is the case
for module unloads, then many of the pointers used in dereg
sequence are NULL (CE_state, hif, txrx_pdev). There is a case,
when interfaces are removed, when these pointers are there.
Check pointers before using them in dereg code.
Update hif_map_service_to_pipe so that it will return E_INVAL if
the service is not in the table. Add logs for cases where either
leg information is not updated on return.
Acked-by: Orhan K AKYILDIZ <oka@qca.qualcomm.com>
Change-Id: I5b88a297134dcc1d7a6a68dd2a9879dfd1553a7e
CRs-Fixed: 1014428
The structure is taking too much of a space and pre-alloc was
failing for a single allocation for ol_txrx_pdev. Shrunk the
structure from 112 KB to 12 KB.
This update has a corresponding update in qcacmn.
Change-Id: I358e74b47165fa08cb5d37f095b44bff3f83fdfc
Acked-by: Orhan K AKYILDIZ <oka@qca.qualcomm.com>
CRs-fixed: 1012346
During a recent merge, a frame type was being set to a similar
looking value (ol_tx_spec_no_free instead of ol_tx_frm_no_free) and
this is causing crashes on tx-completion.
Also capitalize the constants.
This is a stability CR.
Change-Id: Ic86dafc5baa80ae634c5267794f3add0e06d076f
Acked-by: Orhan K AKYILDIZ <oka@qca.qualcomm.com>
CRs-fixed: 1010581
qdf_wait_single_event expects msecs as the timeout value.
However, two references in dp, second of which is this instance,
passes the value in ticks. This causes the value to be converted
to msecs a second time by the function and hence an incorrect
timeout value.
The other instance is in the qcacmn project.
Change-Id: I11c36ecf54b04cf1e3671a86594822b39b8ccaaf
Acked-by: Orhan K AKYILDIZ <oka@qca.qualcomm.com>
CRs-fixed: 1012345
Make special handling for monitor mode operation. Take care to handle
amsdu packets in which case firmware marks the last_frag in msdu_info
field. These MSDUs of AMSDU are stiched using frags_list of skb and
handed over to network stack.
Also take care to extract and update the radiotap header to head of
the packet.
Change-Id: I4ed9696175e63884b5db682a2a4c4df504a7fb20
CRs-Fixed: 963060
The firmware would like host to initially populate all 2K entries,
so that fw shadow ring will always have 1K entries to fetch after
the initial population of 512 entries to each mac.
Change-Id: I5f19a1e2693f54f9d7938b723d0d57487f842daf
CRs-Fixed: 1006872
Use QDF macro to check if we are in epping mode.
Remove bit masks of epping configuration.
Change-Id: I454ef259dfcc4b7c7860a5adfda605837f4a89cc
CRs-Fixed: 1003792
During IBSS session tear down, we are hitting a lockup. The issue is
seen as the pdev->peer_ref_mutex is being taken up twice in
ol_txrx_remove_peers_for_vdev and ol_txrx_peer_unref_delete. The later
function gets invoked by the former and hence we are stuck while trying
to acquire the spinlock, the second time.
Fix issue by releasing peer_ref_mutex lock before invoking
callback (wma_remove_peer) in ol_txrx_remove_peers_for_vdev function.
The dmesg signature of the lock-up is as follows
1100.230392: <2> [<ffffffc0002035a4>] el1_irq+0x64/0xd4
1100.235432: <2> [<ffffffbffc17e890>]
ol_txrx_peer_unref_delete+0xc4/0x33c [wlan]
1100.242461: <2> [<ffffffbffc17ecc8>] ol_txrx_peer_detach+0x1c0/0x1e0
[wlan]
1100.249020: <2> [<ffffffbffc160914>] wma_remove_peer+0x7c/0x18c
[wlan]
1100.255141: <2> [<ffffffbffc17dee4>]
ol_txrx_remove_peers_for_vdev+0x170/0x1b0 [wlan]
1100.262606: <2> [<ffffffbffc16311c>]
wma_vdev_stop_resp_handler+0x204/0x460 [wlan]
1100.269816: <2> [<ffffffbffc1886a8>] __wmi_control_rx+0x280/0x2c0
[wlan]
1100.276204: <2> [<ffffffbffc188a34>] wmi_process_fw_event+0x8/0x14
[wlan]
1100.282595: <2> [<ffffffbffc157054>] wma_mc_process_msg+0x80c/0x27fc
[wlan]
1100.289176: <2> [<ffffffbffc13f238>] $x+0x190/0x3f4 [wlan]
1100.294115: <2> [<ffffffc00023d7e8>] kthread+0xac/0xb8
CRs-Fixed: 1006847
Change-Id: Icedeb172bbd6736ab39343391ff0643ddd688444
Update htc_endpoint only for htt tx endpoint to avoid
double freeing of Tx Queue packets as it will be
freed in htt_htc_misc_pkt_pool_free.
Rename htc_endpoint to htc_htt_tx_endpoint to reflect
it's appropriate use.
Change-Id: I736ba08505acc829eb15be30538553dd945695f6
CRs-Fixed: 1006498
Forcefully free all TX descriptors during driver unload
which is not freed because of unmap event missing from
firmware to avoid memory leak.
Change-Id: I47ff7e6a8f2aa130c77ac68a92eee9373d152e87
CRs-Fixed: 1001994
During peer unmap handler, while the peer is being deleted, there is a
possible race condition if the OL Rx thread is processing RX packets
and accesses the peer structure after its contents have been nulled.
Remove race condition by -
* Flush all RX packets in ol_txrx_peer_detach function which happens
before peer unmap event is received from firmware
* Avoid use of peer data structures (for example peer->local_id)
outside of peer->info_lock in ol_rx_data_cb function. Use cached
local copies of peer data structures instead
Crash signature due to the race condition:
wlan: [0:E :CDF] TXRX: Deleting peer ffffffc012fd13c0
(02:a0:c6:81:f8:c0)
Unable to handle kernel paging request at virtual address 400000001
pgd = ffffffc0018b4000
[400000001] *pgd=0000000000000000, *pud=0000000000000000
Internal error: Oops: 96000005 [#1] PREEMPT SMP
Modules linked in: wlan(O) [last unloaded: wlan]
CPU: 1 PID: 29506 Comm: cds_ol_rx_threa Tainted: G W O
3.18.20-g5222edf-13780-g2219ed2 #1
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3 + PMI8996 CD (DT)
task: ffffffc09350d400 ti: ffffffc0556a4000 task.ti: ffffffc0556a4000
PC is at hdd_rx_packet_cbk+0x84/0x224 [wlan]
LR is at hdd_rx_packet_cbk+0x48/0x224 [wlan]
pc : [<ffffffbffdd55b5c>] lr : [<ffffffbffdd55b20>] pstate: 80000145
Change-Id: I4b32313024ec214f33dcdcfc401aadfa8af9d692
CRs-Fixed: 1002081
Enable HTT_DATA2_MSG_SVC and HTT_DATA3_MSG_SVC, using only
rx legs, CE 9 and 10, respectively. Add required CE entries
to the map that gets sent to the FW, and define the latter
service.
Rename htc_endpoint to htc_tx_endpoint in htt_pdev to
represent the role better.
Acked-by: Orhan K AKYILDIZ <oka@qca.qualcomm.com>
Change-Id: I81ae796bdb7e632aa24f15c63a2811791dd29d28
CRs-Fixed: 982728
qcacld-2.0 to qcacld-3.0 propagation
Provide support to configure duty cycle by adding ini item for
different level duty cycle.
CRs-Fixed: 990798
Change-Id: I95e4f4af669fd50c5b9fc10ffc61fa5d447b5bcf
Fix layering violation while handling management frames. Currently
LIM data structures are accessed before dropping Assoc, Disassoc and
Deauth packets to avoid DoS attacks. Since the LIM data structures
are accessed in different thread context, data present in them are
out of sync resulting in a crash.
Fix the layering violation by doing appropriate check in WMA instead
of doing the same in LIM
Change-Id: I8876a4d4b99948cd9ab3ccec403cf5e4050b1cff
CRs-Fixed: 977773
Fix IPA WDI 1.0 update for overwrite of previous commit and use
only QCA_WIFI_3_0 build flag for qcacld-3.0.
Change-Id: I3bff4a4e10102e97aeb57fb0f67d48933e0bae9b
CRs-fixed: 994144
Do following cleanup on fastpath code changes:
1) Remove reaping of Tx HIF buffers in Rx handling, instead handle
reaping in Tx fastpath itself.
2) In ce_per_engine_service_fast check for more Rx packets after
packet processing.
3) Make stub functions as static inline for non-fastpath enabled case.
Change-Id: If07c4344a424ce13b94128bf28931a24255b661a
CRs-Fixed: 987182
With dedicated CE for Rx HTT messages, skip processing in HTC layer.
Do special handling in HIF-CE and HTT layer, this optimization results
in 3-4% CPU utilization gain.
Change-Id: I400148a0e24ac62dd09e2a95d5f35d94d83fe2df
CRs-Fixed: 987182
Derive peer from sta id in ol_rx_data_cb to
make sure that peer is still valid before
using peer to avoid NULL pointer dereference
Change-Id: I8f9219d4c6ffbfb207385b08bc704cc0f86a1e1b
CRs-Fixed: 962949
Ensure that the per vdev rx callback is registered before
registering the peer. The peer registration function may
try to flush the rx frames so we need to ensure that the rx
callback is registered before it is called.
Change-Id: Ibd1d73d89105bbc3f9d29fa2c64e9f515d4b0da5
CRs-Fixed: 1000834
Core datapath structures should be opaque to non-datapath modules,
remove the references to them.
Change-Id: I3618253566a971c27f16b14923d1ff8028718918
CRs-Fixed: 994638
Changes to register a per vdev tx callback function.
Register a per-vdev transmit function during vdev registration.
The OS interface (HDD) adapter stores this transmit function and
invokes it to transmit data frames.
Change-Id: I1dfe6f58d1d26069dadc2d719fff242c29071bad
CRs-Fixed: 994638
Changes to register a per vdev rx callback function.
Register a per-vdev receive callback function using the vdev registration
API provided by the converged data path API. The changes include
- removing the older method of registering the receive callback
- modify the HDD callback to adhere to the rx callback function defined
by the converged data path API
- modify the invocation of the callback function in the data path
Change-Id: I2aef905132af4b3d7db22c7ec315d114607c9383
CRs-Fixed: 994638
Change the data path and external modules to use the new
converged common data path APIs.
Change-Id: Ifb48178efd012b6ad9ea6f6d5230d0a809922b1c
CRs-Fixed: 994638
These are pci specific power management features. These should
be consolidated instead of littering bus agnostic code.
Change-Id: I366f1d14ab04368d77a144bebaeb038c1469abed
CRs-Fixed: 986480
