Stop bus bandwidth compute timer during SSR shutdown such that
bus bandwidth timer is stopped and bus bandwidth compute work is
flushed cleanly in all the cases.
Change-Id: Ie79ddd1ab13b852fb5d23029c51f05e921f72989
CRs-Fixed: 2307304
qcacld-2.0 to qcacld-3.0 propagation.
Some stations send association request with zero length of SuppChannels
IE then currently dot11f decodes it to an invalid value.
To fix this, set the minsize of SuppChannels IE to 2.
Change-Id: If44807d2f2b8a62e5a137ca3d17af2e2654f72f2
CRs-Fixed: 2303702
Presently the lpass information is sent during the wlan startup
at that point session for the station interface is not created.
Send the lpass scan interface notifcation for station when the
interface up/down is received.
Change-Id: I50a68acc62a76f9e65e1758cd3b21688c0dd3500
CRs-Fixed: 2048439
Remove hardcoded print message for ini parameters during
insmod and use hdd_cfg_get_global_config to print ini
parameters.
Change-Id: I3ac077818e99c461866211e220232fa6c0e3e00d
CRs-Fixed: 2278888
In one of the tests, when the driver switches to FTM mode, DP RX threads
are not initialized as the necessary configuration is not passed down
from CDS. However, cds_dp_close tries to de-initialize the threads and a
spinlock un-initialized error is seen.
Donot de-initialize the DP RX thread module if it is not initialized.
Change-Id: I14a1dcb678c9d953abd3262e86408d12f4eb2617
CRs-Fixed: 2301398
Hdd has two sets of bitmap flags which are using #define's. It so
happens that two of the flags use the same bit offset. To address this,
and ensure no such issues arise in the future, convert these into
auto-incrementing enumerations.
Change-Id: I8f0e9d0f3a0a493176227ccf16f25d0a4c5bdc73
CRs-Fixed: 2307446
Fix and add debug_ids iappropriately account for function holding the peer
reference. This will help to further narrow down the peer leak.
Also add signatures in ref_release functions to catch error path.
Change-Id: I7f091ca8270ba724e24550e80208739d63d57b22
CRs-Fixed: 2293477
Log the current country while executing ACS logic. Current country
helps in knowing the current channel list.
Change-Id: I05a0982d940da19f178f0432372eead0313e77be
CRs-Fixed: 2296561
Channel bonding mode can be disabled when connection happens. So reduce the
log level and rate for this log.
CRs-Fixed: 2298986
Change-Id: I47ab8111613292781bddca435f9800544b1e6d58
In the function wma_pdev_div_info_evt_handler, while handling
WMI_PDEV_DIV_RSSI_ANTID_EVENTID event, the corresponding event
handler wma_pdev_div_info_evt_handler is invoked. In the
function wma_pdev_div_info_evt_handler, event_buf argument comes
directly from firmware and event parameter is pulled from event
buf. The event->num_chains_valid is used as the maximum bound on
the array index of chain_rssi[] array which has a maximum limit
of CHAIN_MAX_NUM(8). When event->num_chains_valid has a value
greater than this maximum limit, OOB write could occur.
Add check to validate the event->num_chains_valid against
CHAIN_MAX_NUM(8) and return failure if it exceeds.
Change-Id: I40f1aa8a7b4bcffef3cab588c78c700e88e24673
CRs-Fixed: 2304662
Current driver reads WMI_SERVICE_LISTEN_INTERVAL_OFFLOAD_SUPPORT BIT
through WMI_SERVICE_EXT_IS_ENABLED macro which is deprecated.
Update it by reading wmi_service_listen_interval_offload_support through
wmi_service_enabled() API.
CRs-Fixed: 2305522
Change-Id: I1d6aedec31d035a3e9c2514ad6dc2b13b79dfff3
hdd_create_acs_timer() sets VENDOR_ACS_RESPONSE_PENDING, but
hdd_destroy_acs_timer() does not ensure this flag is cleared. This can
lead to a situation where the ACS timer is not initialized, but parts of
the code incorrectly assume that it is. Clear
VENDOR_ACS_RESPONSE_PENDING in hdd_destroy_acs_timer() to prevent
invalid access to the ACS timer.
Change-Id: I7c367b20e279fadc5ee329d94b7475711796b185
CRs-Fixed: 2305719
By default pktlog needs to be enabled during driver load.
To enable/disable pktlog use INI parameter.
This reverts Change-Id: Ie03a7e0a77bc5f525ad7ae74bb104a6d1bf21eb7
Change-Id: I8f74b4bcebfb8b4a35a29e321b2b6bd5e1920bf7
CRs-Fixed: 2296335
In WORLD mode, there can be urgency to discover the current country
since WORLD mode restricts the channel and TX power availability.Add
INI enable_11d_in_world_mode to automatically enable 11d in WORLD
mode. This INI supersedes the setting in 11d INI variable
Is11dSupportEnabled.
CRs-Fixed: 2289349
Change-Id: I7b289cdb60be5e737f41f9de5a478f32a234e717
qcacld-2.0 to qcacld-3.0 propagation
If all the STA connected to AP support ecsa, wlan driver will call
lim_send_extended_chan_switch_action_frame to send action frame,
but this function missing limSetProtectedBit when 11w enable,
this violate spec, so generate a fix for this issue.
Change-Id: I80f111f21015c98ee0abdafe76ea42c3e79163ac
CRs-Fixed: 2275626
Max beacon size in WMA layer is pointed by "WMA_BCN_BUF_MAX_SIZE"
which is currently set to 2500 bytes and Max beacon size in
PE layer is pointed by "SIR_MAX_BEACON_SIZE" which is currently
set to 512 bytes.
when wma_store_bcn_tmpl() gets called, this API tries to copy
beacon template from LIM to WMA which can't exceed 512 bytes.
To fix the issue, use SIR_MAX_BEACON_SIZE instead of
WMA_BCN_BUF_MAX_SIZE
CRs-Fixed: 2299791
Change-Id: I97b4c19611ec74c0702901c380bd32e866d26c8b
1) This reverts commit
Iab0862eda2392bd516c8ba0b913441b8e0d4c493
2) Reverted changes have been taken care through
Idd7617782e71ee187eef7fcb3523c05b49f82094
CRs-Fixed: 2300054
Change-Id: Icc47ded9a585e356b7eae1ad53ffea6668510308
Driver checks if 40 Mhz is supported for the channel but doesn't
validate if the cbmode provided by AP is valid.
Invalid cb mode provided by AP can lead to failure.
Add check to validate cbmode and bandwidth from AP in htinfo IE.
Change-Id: I3d2da7a8e3045594baf201732dd80a82bd88e16c
CRs-Fixed: 2303267
__wlan_hdd_open_ll_stats_debugfs() fails to free the llstats buffer in
the event that wlan_hdd_ll_stats_get() fails. Add error handling for
this call which frees the newly allocated buffer.
Change-Id: Ic5cff77a758ff81da82dd1143d77da68d87b9291
CRs-Fixed: 2304715
If SAP receive unicast data from a non-assoc STA, SAP should send
deauth mgmt frame to this STA, add this part logic to serve data path.
Change-Id: I47346e751b89eda77f6d6450218e2b70fe6b4953
CRs-Fixed: 2298550
When SSR is in progress, in vdev_detach, currently wma_force_vdev_cleanup
clears the peers from CDP vdev peer list. From the CDP, wma_remove_peer
is called via callback with the peer mac_addr. wma_remove_peer inturn
sends peer delete to FW, does a CDP peer delete and an ObjMgr peer delete.
But the peer delete to FW would not be sent as SSR is in progress and CDP
peer delete would not actually delete the peer from CDP as CDP will need
a peer unmap from the FW to actually delete the peer.
Proper implementation would be to delete the ObjMgr peers alone during SSR
in vdev_detach and let the cds_post_disable to take care of cleanup of
CDP Peers.
Change-Id: I6129b69eb26f3eaa68be40b62b822a4dfc6ff675
CRs-Fixed: 2302972
Phase 1, after ftm componentization, we could now support to remove
the ftm related components when FTM is disable from the build
configuration.
Size changes: after removing the ftm related binaries, we could save
15KB from module size.
Change-Id: Ib363f1d6204b07947a46f32673c4f8ad6fb3dbd3
CRs-fixed: 2258441
If mgmt encryption type is not updated, 11w feature will not be enabled
correctly for this association.
Mgmt encryption type is always updated through limJoinReqSerDes in the
cld2.0, which is removed in cld3.0. In cld3.0 if fast roaming is enabled,
mgmt encryption type will be updated through csr_construct_rsn_ie. If
fast roaming is not enabled, csr_construct_rsn_ie will not be called and
mgmt encryption type will not be updated.
Always called csr_construct_rsn_ie in csr_retrieve_rsn_ie to make sure
mgmt encryption type is updated.
Change-Id: I2d6541dd88a9d1770f4976b9caa32baa70a60ed3
CRs-Fixed: 2300847
The error handling in cds_open(), in the event that the call to
dispatcher_psoc_open() fails, is currently empty. Add appropriate error
handing for this case by referencing cds_open() and cds_close().
Change-Id: I2b0d328e365efd67099bb8e6b529720c7b1904c5
CRs-Fixed: 2303785
Add new iwpriv command to set BA aging timeout value to hardware.
e.g. "iwpriv wlan0 set_ba_timeout <ac> <duration>" which should set
given duration in msecs for given access class.
"iwpriv wlan0 get_ba_timeout" which should get duration
value for each access class and display.
CRs-Fixed: 2254891
Change-Id: I79f79191c47376e414dceeb73b736a0a9610e3ae
The error handling in cds_open(), in the event that the call to
mac_open() fails, is currently stubbed out. Add appropriate error
handling for this case by referencing cds_open() and cds_close().
Change-Id: I6103050d5f2323250c9254a5a3add01fd0d34de3
CRs-Fixed: 2302968
psoc ref count and mac_context memory is leaked in failure cases
of mac_open API.
Fix the psoc ref count and memory leaks in failure cases.
Change-Id: I39eaa7bef5e5c50b9b1a8833bec5e6da8cdf0d72
CRs-Fixed: 2302187
BSS description is dereferencing in hdd_association_completion_handler
without checking for NULL, which may cause NULL pointer dereference.
To address this, add check for BSS description before dereferencing.
Change-Id: I24f728fb6d66b4c07dfe39f3ac426f3d2153b917
CRs-Fixed: 2299797
SAP(Go) concurrency check is mainly used for two purposes:
1) When new GO/SAP session is coming up and needs to check if
this session's channel can co-exist with existing GO/SAP
sessions. For example, in case of single radio platform, MCC for
SAP/GO+SAP/GO is not supported, in such case this API should
prevent bringing the second connection.
2)There is already existing SAP+GO combination but due to upper
layer notifying LTE-COEX event or sending command to move one of
the connections to different channel. In such cases before moving
existing connection to new channel, check if new channel can
co-exist with the other existing connection. For example, one
SAP1 is on channel-6 and second SAP2 is on channel-36 and lets
say they are doing DBS, and lets say upper layer sends LTE-COEX
to move SAP1 from channel-6 to channel-149. In this case, SAP1
and SAP2 will end up doing MCC which may not be desirable result.
Add vdev_id check while checking for 2nd case. If connection with
given vdev_id exist then it is confirmed that it's a case of
channel switch rather than a new connection case.
Change-Id: I2535b38af353be2abd9c2ff636c06f3c5869969d
CRs-Fixed: 2300451
There are two lim_set_protected_bit() implementation with/without
WLAN_FEATURE_11W defined.
So no need to wrap this function with macro WLAN_FEATURE_11W.
Change-Id: I719f623d17ed0db655d33bda04b51937f1c1c5f4
CRs-Fixed: 2298804
The bus bandwidth compute timer is a periodic timer which computes bus
bandwidth usage of associated adapters over a period of time. When the
last adapter disassociates, this timer is stopped. However, the timer
starts a work that is not stopped or flushed at this time. When the
device is under load from external subsystems, this work can get pushed
out past what is safe. When the bus bandwidth timer is stopped, also
stop and flush the bus bandwidth work to ensure safe memory access.
Change-Id: I32c15b42c9756341d1ecf534c05f87738fd24edb
CRs-Fixed: 2300697
Presently, recovery inprogress flag is set only when PLD_RECOVERY
is received but in cases of rejuvenate only PLD_FW_DOWN is received.
Set for the recovery in progress for all the firmware down events
so the unneccessary bug_on's will be avoided.
Change-Id: I654e9e5b02925ac21857369f87af6ca40d8dc815
CRs-Fixed: 2285278
Currently, driver calls hdd_alloc_station_adapter to initialize the
completion variables for a particular adapter only if mode of interface
is STA or P2P. In case when driver changes its STA + SAP mode to
STA + STA mode by calling hdd_open_concurrent_interface, driver is not
able to initialize init_completion variable for new STA interface. So
while processing fw commands (for new STA interface) which uses
completion variables, driver leads to the use of uninitialized
variables issue.
Create new function cmn_init_completion to initialize completion
variables for all interfaces while opening the HDD adapter.
Change-Id: Iae8ec1a86dd4084c9f5b39ec0d90e16182212df9
CRs-Fixed: 2288919
There is race condition for a small window. The scenario
as below.
1 SAP is starting, and dfs cac begins but without finished.
2 SSR happens, wlan begins to call hdd_reset_all_adapters.
In hdd_reset_all_adapters, sap_ctx->sessionId is reset to invalid.
3 In hdd_hostapd_sap_event_cb, adapter sessionId is set to
sap_ctx->sessionId, after this step, adapter sessionId is changed
from valid sessionId to 0xff.
In hdd_reset_all_adapters->hdd_vdev_destroy, vdev is released
but session can't be clean up as invalid sessionId. adapter->event_flags
can't be clear which cause hdd_vdev_destroy can be called multi times.
Change as below.
1 cancel cac timer at the beginning of hdd_reset_all_adapters and
before wlansap_set_invalid_session.
2 before send eSAP_START_BSS_EVENT, check if sap_ctx->sessionId
is valid.
Change-Id: Ifaad62cd008f7769b059f36530455d4e734522e4
CRs-Fixed: 2293072
Under get_supported_features vendor command driver is advertising
NAN capability by checking only the Firmware support. If NAN is
disabled through INI it should not advertize this support.
Add an INI parameter check before advertizing NAN capability.
Change-Id: Ib48044a04500d6619b97d5ca1c3431ee64d7e096
CRs-Fixed: 2288204
In function hdd_wlan_de_init, the hdd_context is fetched via
cds_get_context. This context is then NULL checked. In the failure case
of this check, the hdd_context is still dereferenced which shall lead to
null pointer dereference.
Add proper jump statement to take care of the proper order of init and
deinit
Change-Id: Ied0ac42371315d0286cdcc71e6e0e10ed2ff5fa1
CRs-Fixed: 2299794
While handling IPA event in case if, __wlan_ipa_wlan_evt() queue
WLAN_AP_DISCONNECT cmd for later processing in work-queue context and
in the meanwhile sme close session deletes vdev then, as part of work
queue context driver process WLAN_AP_DISCONNECT and sends
WMA_IPA_OFFLOAD_ENABLE_DISABLE cmd to firmware for the VDEV which is
already deleted by sme_close_session. This result asserts in firmware.
This reverts commit Ief9318bb476b480fd52f4155a0788a34c1e2ed53
Change-Id: I6128fb489fc40cc7ed01cbdf9c419a6a6b20c6d4
CRs-Fixed: 2295672
As part of any change interface TDLS links are toredown and tdls
state set to disabled in FW. The assumption here is before adding
new interface disable TDLS mode as TDLS is not supported in
concurrency. Due to recent changes in framework,
Driver may receive the change interface to P2P Device mode
after STA connection then teardown is not expected as
STA + P2P Device modes does not comes under concurrent operation.
Check for current and new interface types before disabling TDLS.
Change-Id: I26cfab077b3f83c64687479fba5c7a7c01491a52
CRs-Fixed: 2301650
WPA2 Security Improvements test plan case 4.2.2
Scenario F: RSN version Field is truncated to 1
octet. That means the test bed will send assoc
request with RSN ie total size 3.
Current driver unpack_core will return
DOT11F_INCOMPLETE_IE and doesn't extract the
incomplete RSN ie data.
lim_check_wpa_rsn_ie will have no chance to
run dot11f_unpack_ie_rsn to reject the assoc
request frame because the assoc_req->rsnPresent
is 0.
Change RSN Opaque Min Len to 2 (data min len 0),
so that the unpack_core can extract the RSN ie
even though it is "INCOMPLETE", and then
the later lim_check_wpa_rsn_ie can reject such
assoc request.
Change-Id: Icba37840ea6eb1cc1c2c225efd9ec58757606eea
CRs-Fixed: 2297852
If STA interface is added after softap is started on DFS channel,
then SAP is stopped and re-started on non-dfs channel which is selected
using driver internal acs. But, internal acs is now obsolete. Therefore,
select non-dfs channel from preffered channel list and use SAP CSA
instead of restart.
Change-Id: I95e50c3ffbce35cf30cc9a06f0f14c9e60eb3e3f
CRs-Fixed: 2301895
Add support for DP RX Threads as a part of the FR. Multiple RX threads
can be enabled from the ini. The code is added in a new DP module
outside of the cmn project.
Change-Id: Ief6ee955f13c5e527986307371b8e45677cb9700
CRs-Fixed: 2256446
If SAP configured with RSN security IE, peer should
include compatible RSN parameters.
Reject the Assoc request if peer include invalid RSN
IE.
Change-Id: I10083d7feb669fe5d1c2650ae3c3092e5b28169e
CRs-Fixed: 2294876
The MAC context first_scan_done flag is a remnant from a prior version
of the driver which is initialized but then never read or written.
Since it is obsolete, remove it.
Change-Id: I81b371cb768bd2d042d3f3bf0991d2b27b953b3c
CRs-Fixed: 2298274
Currently the driver doesn't have a check to bring
up a SAP on STA SCC channel if its a SRD channel
and does force SCC on it, even if SRD master mode
is not supported.
Fix is to check the SRD ini before SAP bringup
on the STA channel
Change-Id: I17f7df9ed973ecc6669f0d36a8c390c71624019b
CRs-Fixed: 2302737
During the vdev attach if the self peer creation fails from the protocol
stack the correct vdev delete is sent to the firmware but the success error
is propogated back to the HDD and the wmi vdev set commands are sent
to the firmware with invalid vdev id.
Change-Id: Ida3964e5a629f53e41ffc50b53216762727fd33d
CRs-Fixed: 2299941
As part of Iab0862eda2392bd516c8ba0b913441b8e0d4c493 , timestamp of
last received frames was introduced to block excessive mgmt frames
being sent as part of Denial of service.
Move that logic to control path to remove dependency on data-path.
CRs-Fixed: 2280235
Change-Id: Idd7617782e71ee187eef7fcb3523c05b49f82094
Disable this feature for MOBILE_ROUTER product, since some MOBILE_ROUTER
platform will attach two wlan cards with separate wlan driver,
during second driver loading process, it will report a warning of
"cannot create duplicate filename" as node with same name has been
created after first driver was loaded.
Change-Id: I9e06439b3a6dacdf4eb5ae87898338ab1eeb8b16
CRs-Fixed: 2295391
In cds_trigger_recovery(), we avoid recovery if the wlan driver is
unloading. While this is ideal for production devices, we would like to
panic in debug builds for offline analysis. Move the check to see if the
wlan driver is unloading to immediately after the check to see if we
should panic or not.
Change-Id: I07cc624295416ca555eb4d847f709cf30e6672bb
CRs-Fixed: 2299903
Drop Probe request frames before posting on Scan Queue if the queue
is already having too many beacon/probe frames to process.
Change-Id: Iaad3d3ea0b50edf7ae7a9c5437ac5c210fe6a97f
CRs-Fixed: 2298581
The MAC context fMiracastSessionPresent flag is only referenced by
macro IS_MIRACAST_SESSION_PRESENT(), and this macro is unused. Since
the fMiracastSessionPresent flag is obsolete, remove it and the macro.
Change-Id: I5ad6e5b56bd0476e7894c431b56b9ad5730923d4
CRs-Fixed: 2300050
Make the following updates to the extscan stop BSSID hotlist logic:
1) Exclusively use the Unified WMI data structures.
2) Update the HDD<=>SME interface to enforce the contract that SME
must not make any assumptions about the buffers provided by HDD.
Change-Id: I01e29a96fded829c734532b021aeea1960bba641
CRs-Fixed: 2294273
Recently change "qcacld-3.0: Use mac_handle_t in wlan_hdd_ioctl"
updated the nomenclature used in HDD. During the implementation of
this change a NULL check of mac_handle in hdd_set_dwell_time() had a
"!" removed, incorrectly changing the logic. Restore the correct logic
for NULL-checking mac_handle.
Change-Id: I2bb8393d5adb3156795b3b722d839812419e4995
CRs-Fixed: 2299812
QDF_DEBUG_PANIC() is stubbed out for PERF builds, leading to a warning
in cds_trigger_recovery() because @call_info is unused. Extract the
trigger recovery handling into its own function with proper types
instead of void*, and make cds_trigger_recovery_work() a thin wrapper
over this to do the type conversion. This will address the unused
variable warning, and provide stronger type checks via the compiler.
Change-Id: Idf712bdf30d2c6c338219a0327221fe6a0b0b27a
CRs-Fixed: 2299813
Add support for wildcard OUI 0xFFFFFF in action OUI framework.
When the OUI FFFFFF is defined for some action OUI ini and bit 0
of info_presence bit is set to 0 then the check for vendor OUI
in vendor specific IEs and the vendor IE data checks are skipped
and other checks like MAC, Capabilities are done during connection.
Change-Id: I6e996c5d79f4f7bd91e11134b1b8ba69a1ff0253
CRs-Fixed: 2293167
While ACS delayed worker scheduled and is running the function
wlan_hdd_cfg80211_start_acs(), ACS_PENDING has already been cleared by
wlan_hdd_cfg80211_start_pending_acs() before it, so the later coming
stop sap event can't cancel the running delayed worker and free the
sap context which need access by delayed worker.
Fix by clear ACS_PENDING after wlan_hdd_cfg80211_start_acs(), and move
cancel ACS delayed worker before cancel any scan, it can cancel ACS
scan invoke by delayed worker and avoid race condition.
CRs-Fixed: 2289364
Change-Id: Ibd771fc199a0778ac1d8f1f04ba22b49014437de
The MAC context ftm_msg_processor_callback is a remnant from the
legacy FTM support. Since this callback is no longer used, remove it.
Change-Id: Ibd375bcd91900654315681f7f9b56bf100090942
CRs-Fixed: 2298895
Add the basic infra for MLME CFG items and the APIs to be used from
other components.
Change-Id: I39654de8f7266089d574b85437a19e8d21f91249
CRs-Fixed: 2293825
During ssid restart currently driver send vdev stop and then
restart. There is no need to send vdev stop in this scenario and
direct vdev start is enough to set hidden ssid.
Thus remove vdev stop during hidden ssid restart.
Change-Id: Ide6826f73ecd51bbafa875ed547efeff4a410397
CRs-Fixed: 2298636
Currently the driver doesn't handle the nss update
if a prior connection is already present in DBS
mode. Suppose if a STA is already connected in
5ghz and the SAP comes up in 2.4ghz, the beacon
template should be updated with NSS = 1
Fix is to check whether the current hw_mode is in
DBS or not, and change the nss in the beacon template
accordingly
Change-Id: I54ead1fd26d705a821160b5bc5d816df1d2ab8f4
CRs-Fixed: 2288307
Currently VDEV Force cleanup happens only if FW is in recovery state
and not if target_ready is set to false. However, since FW down flag
is set for recovery case also, even during SSR, the VDEV Force clean up
is not triggered.
Force cleanup vdev for FW down case also in wma_vdev_detach.
Change-Id: I3ba6dc92c1c5ea1090f9f5dc9062775de6db1954
CRs-Fixed: 2298278
Several HDD logs have been identified as being excessive. Reduce the
logging level of these logs to avoid spamming dmesg.
Change-Id: I49e0f91c5d66051f9e6ffd991d86505a11faa346
CRs-Fixed: 2298385
To speed up recovery trigger debugging, pass the caller's function name
and line number, such that the group needing to do the initial triage
can be easily identified via the panic message.
Change-Id: Ibac141a62a990adf7a781d7ef64544d92ff4e31b
CRs-Fixed: 2298194
Reduce log level for few prints to debug to avoid flooding
of prints to console.
Change-Id: I514585cc87d51ead15fb1f40d45f62023628d9bb
CRs-Fixed: 2295815
Do sap_ctx release for all DFS "Ignore" case.
Otherwise, the ref count may mismatch.
Change-Id: Ib3d7c416ec3942f4d0317825fa504bc2b5abd968
CRs-Fixed: 2297787
Remaining may be greater than its original value when
(remaining & 0x3)!=0, then OOB occurs when memcpy.To address
this, align the remaining after doing memcpy.
Change-Id: I3e39a791a76a272e82beb6561375e26ca84ec0f4
CRs-Fixed: 2259721
lim_process_ap_ecsa_timeout() contains a misleading indent. Reduce the
indentation of the affected code.
Change-Id: Ic18ebf88b0a754c8088005d22a9cec94313fa550
CRs-Fixed: 2297513
Currently, hdd_update_tgt_cfg() continues execution if allocation of the
pdev object fails. Unsurprisingly, this leads to numerous access issues.
Abort hdd_update_tgt_cfg() if allocation of the pdev fails.
Change-Id: I1c820994510a10949ef546cac06a8eb97ca0adf1
CRs-Fixed: 2297412
For SAP (2.4G) + SAP (5g dfs chan), the radar event
will be posted to all vdevs. 2.4 SAP will run into
failure in random chan selection.
Fix by ignoring radar event for Non dfs channel SAP.
Change-Id: I739f2a84f17941e501dfe52c9cd12afc6a42425f
CRs-Fixed: 2294077
The hosts sends the beacon template to firmware through the
command WMI_BCN_TMPL_CMDID. The firmware sends a TX complete
indication via the WMI_OFFLOAD_BCN_TX_STATUS_EVENT and upon
receiving this host decrements the CSA count.
The hosts waits until the csa count becomes zero and then sends
vdev restart to firmware. There are some issues with this
implementation when 10 beacons with CSA are taking more time
than 1 sec. This is because in STA+SAP case sometime the
WMI_OFFLOAD_BCN_TX_STATUS_EVENT is received after in 200-300ms.
If the host doesn't receive the channel change event, it gets
struck in the channel change.
To avoid this scenario, send the beacon template to the firmware
for every beacon interval without waiting for the beacon TX
complete indication from FW except for the first beacon template
updation. Introduced a new timer (ap_ecsa_timer) to update the
firmware with the beacon template.
Change-Id: I377768b87c96fd5064aa04d1ed5434a475e656ef
CRs-Fixed: 2294661
Revert I457c20f6ba908cac32cfc9b27fbaf980f1ec174d, which removes the
check to ensure recovery has been enabled via configuration before
starting the recovery process. This is a critical feature for internal
debugging. The check was moved into cds_trigger_recovery() to prevent
callers from bypassing this configuration and unconditionally asserting
the target firmware. Restore that check now.
Change-Id: Ieb347cfcd0eecd24f005d374c0fead07c34f3705
CRs-Fixed: 2296038
cds_trigger_recovery() already checks for various conditions before
actually triggering recovery. One of these checks ensures that recovery
is enabled, but some callers are checking to see if recovery is enabled
before calling cds_trigger_recovery() as well. Because of this, some
important checks are skipped, and crashes can occur when they should
not. Remove the redundant checks at the call sites for
cds_trigger_recovery() so that all of the recovery conditions are
properly handled, and the wlan driver avoids crashing when it should
not.
Change-Id: I8c26a002b66496a1eb06263f3f8b91ead739e3ac
CRs-Fixed: 2296008
When channel 4 is unsafe channel in 2.4g LTE coex ACS case,
the weight for channel 4 will be calculated as 0 by function
sap_sort_chl_weight_ht40_24_g, it's wrong because weight_copy
doesn't be initialized in this case, so acs channel select
may choose wrong channel to start sap.
Fix is to add initialization for weight_copy when weight is
SAP_ACS_WEIGHT_MAX.
Change-Id: I4aa0fb133774d9980146a9ceae9b91154bd15bbc
CRs-Fixed: 2282371
Scheduled scan (a.k.a Preferred Network Offload, PNO) is intended to be
used only for station interfaces. However, it has been observed that
userspace will send scheduled scan requests for non-station interfaces.
Reject requests to start or stop a scheduled scan on non-station
interfaces.
Change-Id: If5abd242f134518ac4e3d942c1513c66b5c50ff3
CRs-Fixed: 2295101
In wma_vdev_resp_timer(), while handling WMA_DEL_STA_SELF_REQ if
wma_crash_on_fw_timeout() is true, then wma_vdev_resp_timer initiate
SSR and memset iface structure without freeing iface->del_staself_req.
This results mem leak in wma_vdev_resp_timer().
Free all the dynamic memory from iface structure in wma_vdev_deinit()
instead of handling them separately.
Change-Id: I7b16ddc9dfb70638c6f895bd97cd9c106bfad595
CRs-Fixed: 2293099
Clean up the WMA context structure which currently has the following
issues:
1) Fields are defined that are unused
2) Fields are defined that are missing documentation
3) Fields are defined with documentation inline rather than in the
documentation block
4) Documentation exists for fields that are no longer present
Change-Id: Ia9fb52c3967818c0a12ade7a15f0c353494f56de
CRs-Fixed: 2296105
pe session_id should not be used as vdev_id.
Add a vdevId field to tAggrAddTsParams struct
and fill smeSessionId as vdevId and pass this
down.
Change-Id: Id021dda35a32f7870277d405c85a0878d7baa3f3
CRs-fixed: 2272126
Do not required to print function and line number
for data path statistics function which is invoked
by ioctl.
Change data path statistics to info print so
that it can be printed in dmesg as well.
Change-Id: I4b5ea4202255ace71dbb6f9a4bbff6f93e496425
CRs-Fixed: 2278885
When peer creation fails in wma_set_link_state, wma sends the
WMA_SET_LINK_STATE_RSP msg to LIM and Lim frees the msg->bodyptr
But there is a situation occurs where after this wma_peer_create
fails, mc thread stop sys event also occurs where the mac_stop
is invoked which calls the pe_free_msg -> pe_free_nested_messages
In pe_free_nested_messages, if the msg type is
WMA_SET_LINK_STATE_RSP, we free the msg->bodyptr->callbackArg.
This callbackArg points to the PE session. Trying to free the
PE session results in memory corruption.
Just pass the session id as callback argument when the callback
is lim_post_join_set_link_state_callback.
Change-Id: I27f9127685ac7ef8d215b135f1625e8e2f225fc0
CRs-Fixed: 2287827
Peer assoc command expects a response from firmware so peer
assoc timer is started at wma once command sent to firmware.
In the failure scenario peer assoc command is dropped at wma due to
unavilable 11b rates but timer was not stopped. So at later point of
time timer got expired and it triggered timeout error handling.
Dont start the timer in failure scenario and send failure response to LIM
if the peer assoc command failed to send command to firmware.
Change-Id: Iaa644fbe7940502fc07b5110787c2dc5b58f4612
CRs-Fixed: 2292610
After bring up SAP(2G)+SAP(5G) DBS mode, initiate CSA on SAP2
from 5G to 2G (DBS mode to SCC mode) with cmd:
iwpriv wlan1 setChanChange X
assert will happen.
Fix: SAP+SAP on same band on Helium is not PORed case yet,
Do concurrency check for path: iwpriv wlan0 setChanChange X.
Change-Id: Iacd6f2b4c49f4bb52739f602e7ba1e8cd9be04bc
CRs-Fixed: 2289366
Kernel checkpatch is throwing style issues due to use of camel case
notation for SAP FSM states.
To fix this, rename states according to kernel coding guidelines.
Change-Id: Ia09cccb7c51a61436d067710a763bed7f2437820
CRs-Fixed: 2295580
In preassoc state, if the set link state has failed to create the
peer, then send back a failure status to the upper layers and
ensure that the set link state for failure is not called again
because this will eventually call vdev stop and lead to a vdev
stop response and then lead to a peer delete attempt which is
really not needed since the peer has not been created at all.
Change-Id: I265726000204bab51c429a2d00cdd599d8064170
CRs-Fixed: 2286684
When a station connected to one of the sap interface reassociates
to the other sap interface, the driver triggers internal
disconnect for that station with disassocTrigger =
eLIM_DUPLICATE_ENTRY. Once this station is deleted from firmware
we send add sta for the station lim_send_sme_disassoc_ntf on the
sap interface to which the station is to be connected. But the
first SAP interface doesn't send eWNI_SME_DISCONNECT_DONE_IND to
remove eSmeCommandWmStatusChange.
send eWNI_SME_DISCONNECT_DONE_IND from lim_send_sme_disassoc_ntf
in case eLIM_DUPLICATE_ENTRY.
Change-Id: Ibc3cc8121928fe83cc1d8cf3e98419bf5f7f7d1c
CRs-Fixed: 2286783
hdd_parse_disable_chan_cmd() misleadingly indents code after a for loop
without brackets in such a way that it is easy to assume the code is
inside the for loop, but it is not. Not only does this cause build
failure for some configurations, but is dangerously confusing for future
readers. Remove the misleading indentation in
hdd_parse_disable_chan_cmd().
Change-Id: I4af2bd4b05719354db730ef39a3b6ec18d6f842b
CRs-Fixed: 2290196
The scan_id_counter in the WMA context is initialized but never
incremented or read. Since it is not actually used, remove it.
Change-Id: Id159ba6ff36ae2a3977978f8799cf16aeee5300d
CRs-Fixed: 2294150
The driver_type field in the WMA context is written but never
read. Since it is not actually used, remove it.
Change-Id: I646fea6fc5f08bf090980de755055b58f6fec0cd
CRs-Fixed: 2294149
Change "qcacmn: Remove struct extended_caps" (Change-Id
I96fd072b7d6b58a9c237165fcba7ed8c8da0eae3) in the
qca-wifi-host-cmn project removed the only reference to
struct hw_mode_idx_to_mac_cap_idx. Since this struct is
now obsolete, remove it.
Change-Id: I1b57c09d18ec52574e34487122fe526b10b9f51f
CRs-Fixed: 2294148
If wait for key is set during close session, the request is dropped
in CSR and thus during SSR the BSS peer and SELF peer are not
deleted resulting in peer leakage.
Fix this by resetting wait for key before sending close session.
Change-Id: I139640ad5ad473372bce24413f7ace1cef32fbc3
CRs-Fixed: 2294417
Update driver to use NAN config params based converged CFG
component. Cleanup hdd config references to nan ini params.
Change-Id: I5af85d68ee53ad557e64523f7a1719e328536926
CRs-fixed: 2290360
The command e_sme_delete_sta_session command is serialized and
is not removed from the active command list in the response path
at csr_process_del_sta_session_rsp().
Remove the command e_sme_delete_sta_session from active command
list in csr_process_del_sta_session_rsp
Change-Id: Iff36460055bd73705575110d88c3eb75c8052afa
CRs-Fixed: 2292607
When PEER sends auth mgmt frame to DUT and if DUT doesn't ACK
back, PEER sends auth frame again and again till it gets ACK or
timeout occurs.
It has been observed that in busy environment, PEER ends up sending
same AUTH frame almost 100+ times within 20ms apart due to ACK lost.
in such scenario DUT gets busy processing AUTH frames from PE queue
and other low priority queues suffer from starvation.
to fix the situation, drop duplicate auth frames by checking retry
field and sequence number.
CRs-Fixed: 2290133
Change-Id: I1b545dab4d416facc24c3762b86cd1e73981de5c
Remove set_antenna_mode_cmpl variable from hdd_ctx structure
as it is not using anywhere.
Change-Id: Ifc3395f944b10da9537815a94c5484312190141a
CRs-Fixed: 2289642
Duplicate stats buffer in the callback so that all
allocations get freed by its owner, this will avoid
memory leak issue because of race condition between
umac and upper layer.
Change-Id: Id18d75eb9adc46a6147634eb5b1e0babe32c7c37
CRs-Fixed: 2292038
Add support for new 1x1 connect with 1 Tx/Rx Chain action OUI to be
parsed and sent to the FW. From host during connection, the behaviour
is same as existing connect 1x1 action OUI where nss is sent to 1 to
the FW, but the FW takes the decision to use only one Tx/Rx chain
based on the OUIs defined in the new action ID.
Change-Id: Ia464209043dc73bcc71577c43b28fbe13e780c23
CRs-Fixed: 2264326
When modem shutdown is triggered and HOST driver is in the
middle of a connection attempt, it doesn't check if the fw target
is ready. Instead the driver tries to join multiple AP with same
ssid and for each connection it tries to send peer add as part
of wma_set_link_state.
Add check to see if FW is down in wma_create_peer. Return
failure to LIM instead of sending add peer to firmware.
Change-Id: I4642c844bcc1d7f32888b0f89db5c11ee84c41fe
CRs-Fixed: 2267967
