Below are the scenarios where host fails to clear roam in
progress flag:
Case 1: While processing disconnection request
Host should clear roam in progress flag irrespective of
connection state of STA.
case 2: While processing a try-disconnect request
Currently, Host waits for WLAN_WAIT_TIME_STOP_ROAM (4 sec) to
process disconnection, if firmware has already started roaming.
In case if Host doesn't receive roam completion indication from
fw, Host set connection state to not connected and fails to clear
roaming in progress flag. This results host refuses all further
connection request with reason connection in progress.
Fix is to clear roaming_in_progress flag in both cases.
Change-Id: I45d9771bcd546d8914321e3be1a6d0ce6566cdac
CRs-Fixed: 2588803
When SSR sap restart, vdev objmgr object will recreate new, if put set
vdev crypto pararams in wlan_hdd_cfg80211_start_bss(), it will not be
invoked by SSR sap restart procedure, so there is no crypto pararams in
vdev and lead to association failure when compare crypto pararams.
Move back set vdev crypto pararams to wlansap_start_bss so sap start
and restart will both invoke it.
Change-Id: I56656ffacbe153fbe73fb6e474048e055cb6a153
CRs-Fixed: 2584138
When radar is injected at +/-30MHz separation from center frequency
in VHT 80MHz mode incorrect pulse duration is reported in the radar
summary reports and lead to decreased radar probablity detection.
Fix the issue by capturing pulses with such characteristics and
modify them to fit within the valid phyerror pulse duration range.
Change-Id: Ic6314a372d6909448fbe4eb694c41736d1719712
CRs-Fixed: 2577632
Currently, ch_width of session is checked without validating
session which may lead to NULL pointer derefrence.
validate session_entry before accessing element of
pe_session
Change-Id: I1f785555fa77a0c588e9b5245ad513fe059974d0
CRs-Fixed: 2585928
1. Update pAddBssParams->ch_width to 160Mhz ch width value
based on VHT operation IE's ch width, channel segment 0
and channel segment 1 fields.
2. Report link rate information to OS for 160Mhz based on
rate flag TX_RATE_VHT160.
The change will fix the incorrect bandwdith reported by
IW commmand (iw wlan0 link) when STA is connected to AP
in VHT160 mode.
Change-Id: I698b12da825619e8e8f28f0cf4ea1ccf2e7072e6
CRs-Fixed: 2585986
Update tx rate flags to include 160Mhz bandwidth in
wma_set_bss_rate_flags_he.
Add HE 160 mcs to rate mapping for nss 1 and nss 2.
This change will fix incorrect bandwidth report via
IW command: iw wlan0 link.
Change-Id: Idd1adc4f2783b86a2a837999ea87bb38c813f213
CRs-Fixed: 2585078
Currently use of comamnd QCA_NL80211_VENDOR_SUBCMD_OEM_DATA
is to pass data blobs from Application to FW but there is
no mechanism to send the data blobs from FW to Application.
To meet the above requirement update the usage of existing
OEM DATA command to use it as a vendor event as well to
send data blob from host to Application.
Change-Id: I502312f25d2754984b86e1cc4e011800a5d4b58a
CRs-Fixed: 2573464
with a new change I9b2b1ead3b4502022aeefc08359037457bb051f9 added for
to switch from 2.4g from 5g when an indication is received, During the
driver re-initliazation also this function is getting invoked and trying
access freed memory resulting in null pointer deference.
Donot process the function wlansap_set_band_csa when the driver is
recovering.
Change-Id: Iab67d5b77ffc98166bf421ff30bcf641e37fef6a
CRs-Fixed: 2587706
Whenever there is a process waiting on a response from firmware it has the
option of using either a qdf_event or a linux completion event.
The primary difference between these is that if there is an SSR all
qdf_events are immediately completed whereas Linux completion events are
only completed by the normal flow of code.
With new upcoming changes SSR processing will take the normal path for
releasing all of its resources, and the qdf_session_close_event is used for
synchronization.
If we define this as a qdf_event, it will be completed when the SSR begins,
defeating its purpose.
Therefore change this to be a Linux completion event.
Change-Id: Ia6fe504e2a2d01f12c3d3446fffc2fc397566966
CRs-Fixed: 2586190
Currently, after FINAL_BMISS detection, FW does channel map
based partial scan followed by one full scan if no candidate
found in partial scan to ROAM to another available AP without
disconnection. This results in additional delay by HOST in
issuing disconnection after a heartbeat failure.
Add INI support (bmiss_skip_full_scan) to allow FW to decide
whether firmware does channel map based partial scan or partial
scan followed by full scan in case no candidate is found in
partial scan after final BMISS.
Change-Id: I48f9bb43bb7933e9ff173f618586ea5986530dcd
CRs-Fixed: 2578848
pm_freezing check to abort system suspend during psoc idle
restart is not working and hence remove pm_freezing check.
Correct fix(change Ib89eca5014729f6a2103e14c6f46540d1406a5a0)
to reliably abort system suspend by calling qdf system awake
api during psoc idle restart is already present so pm_freezing
check is no longer needed.
Change-Id: Ifb56a2a9858378508ef9e583bdd15e63c26d9ba6
CRs-Fixed: 2587453
Change max value of tx_bf_cap to 4294967295 from -1
which is misconfigured. 4294967295 corresponds to
0xFFFFFFFF which is max value for 32 bit unsigned
int since this CFG item is getting used as part of
4 byte dot11f HT capability population.
Change-Id: Ifd0fea080dd9eb1f6995af0df20c68e3f73b891a
CRs-Fixed: 2581060
Currently, the hdd_update_connect_params_fils_info() function blindly
trusts the size and copies into the fils_info->r_rk buffer, putting it
at risk of buffer overflow. Add a check to make sure the buffer passed
in to be copied to fils_info->r_rk is of the proper length.
Change-Id: I9ad2405ca1acd83591bea2aa43406909ad1c58e4
CRs-Fixed: 2580776
For cdp_hl_fc_set_td_limit() API, use channel frequency instead of
channel number.
Change-Id: Ic053be33ac7c7cbd2543b0208a1184b3f20a4346
CRs-fixed: 2565734
Set seg1 frequency segment in case of 5ghz 160Mhz as
the primary centre channel frequency of 160Mhz band.
Change-Id: Id541419c084d8cdf2a22e84170dbe68d731f5ad0
CRs-Fixed: 2587220
When host sends ft assoc response to supplicant, it
allocates a buffer of fixed size and copies a variable
length of assoc response IEs to this fixed sized buffer.
There is a possibility of OOB write to the allocated buffer
if the assoc response IEs length is greater than the
allocated buffer size.
To avoid above issue validate the assoc response IEs length
with the allocated buffer size before data copy to the buffer.
Change-ID: Ife9c2071a8cc4a2918b9f349f4024478f94b2d78
CRs-Fixed: 2575144
Issue happen when:
thread1:
rmmod driver, wlan_hdd_pld_remove which will get psoc trans.
then try to get rntl_lock in hdd_unregister_wext;
thread2:
trigger iw del interface, cfgops in kernel will get get rtnl_lock,
in wlan_hdd_del_virtual_intf, vdev trans will be blocked by psoc
trans in thread1. as thread1 it is also waiting for rtnl_lock, so
both thread will be stuck.
Fix is:
In psoc trans, vdev trans and vdev ops is not allowed, which should
return directly.
Change-Id: I9cbd04bac438bb9483b4e89e73801fe71859e139
CRs-Fixed: 2583675
Fix compile issues when some features are disabled, the features are:
BUILD_DEBUG_VERSION
CONFIG_CP_STATS
CONFIG_HOST_OPCLASS
CONFIG_FEATURE_ROAM_DEBUG
There are some other features depends on each other, so enabled features to
qcs40x.snoc.perf_defconfig, the features are:
CONFIG_WLAN_FEATURE_FILS
CONFIG_WMI_ROAM_SUPPORT
CONFIG_WMI_STA_SUPPORT
CONFIG_REG_CLIENT
CONFIG_WLAN_FEATURE_DP_BUS_BANDWIDTH
CONFIG_WMI_CONCURRENCY_SUPPORT
CONFIG_LL_DP_SUPPORT
Change-Id: I6fa1eacb79576a955e593dbb9ac52083742275e3
CRs-Fixed: 2354496
In case of TSO, same skb results in multiple tx_desc after
segmentation. To avoid multiple free of skb "skb->users"
count is used. Currently, race condition is observed while
incrementing "skb->users" count in ol_tx_ll_fast and before
that, tx_completion is received for all the segments which
are sent before. In this case, "skb->users" count will be 1
so, skb is removed from the skb debug node which leads double
free of skb when tx completion is received for the last segment.
To fix this, increment the "skb->users" count before sending
first segment and decrement only iwhen the last segment.
Change-Id: I26000fcda8715b737cac803ec8e64c0fb640dfe4
CRs-Fixed: 2582617
Firmware peer state needs to be set to AUTHORIZE only after
completing the 4 way handshake. In failure scenario,
host configured AUTHORIZE state before 4 way handshake and
it triggered assert in the firmware.
Peer state moved to connection in progress/CONN after successful
association and AUTH state after successful 4way handshake.
Change-Id: I5e3d94843443d0fc2612a918b5c14479f91914d8
CRs-Fixed: 2580929
The host driver checks the peer PMF capability
before adding MBO IE. But for open authentication
AP, the peer will not advertise PMF capability.
So while connecting to open mode AP, the MBO IE
doesn't get added in the association request frames.
Check if the authentication algorithm is open.
If the authentication algorithm is open don't
check for peer pmf capability to add MBO IE.
Change-Id: Ieae85ce696a40234535388a548906dc9521b19a0
CRs-Fixed: 2584527
In 11D scan procedure if WMI_11D_NEW_COUNTRY_EVENTID event is
received, host processes 11d new country code event.
Host driver as a response sends WMI_SCAN_CHAN_LIST_CMDID
new channel list cmd to firmware.
As a result the ongoing scan procedure is aborted by firmware,
and if the scan was a first scan for connection, then it would
lead to connection latency as the supplicant then have to
scan again.
Fix is to check if any scan is in progress, then delay
WMI_SCAN_CHAN_LIST_CMDID channel list command to FW till
the current scan is complete.
Change-Id: I4e747bb747c32430b5d8024823aa0df4928a8c71
CRs-Fixed: 2569741
With Vdev delete not using serialization, no need to disconnect
any STA with connection in progress.
The logic was added to remove the active connect command from
serialization queue so that vdev delete can complete before hdd
time out.
Now as vdev delete is not using the serialization remove this.
Change-Id: Id8c5ab31e54c8cf26999aff58c0773213f0cb13a
CRs-Fixed: 2585753
Remove wlan_reg_freq_to_chan within function
csr_update_op_class_array and use channel frequencies
directly to retrieve opclass.
To utilize the new channel frequency function,
regional opclass table will be used unconditionally,
given no OTA packets' country IEs will be populated
here(and thus no need to carry global opclass).
Change-Id: Ida9831e7e74223455089770744222185ae3cb1d3
CRs-Fixed: 2576285
Update driver to check SAP client acceptance as per MAC ACL policy
to control association.
Change-Id: Id6888b87393e79e2f86a7d5b1132c4a897179a23
CRs-fixed: 2583874
