When failure status is received in vdev start response from FW,
host will call wma_remove_peer to delete peer.
However, this operation is not done in the timeout handler of vdev
start request and it will lead to peer leak when vdev start response
failed to be received from FW.
Add peer deletion in vdev start request timeout handler accordingly.
Change-Id: I419369d09be1bd4b7e19e45b11256190fd2ec267
CRs-Fixed: 2288937
Currently for fragment packets received legacy rx buffer replenish
is done which does not take in to account number of msdu count but
depends on fill count. Variable fill count is not protected and the
value becomes incorrect if AP sends both the fragmented and normal
packets at the same time. This leads to rx buffer replenish failure
and eventually data stall. To fix this do rx inorder replenish for
fragmented packets similar to normal ones if rx full reorder offload
is enabled.
Change-Id: I144c10be7b45268300b040e07ecb909a1ca113cc
CRs-Fixed: 2289797
Add support to use the action OUI framework to identify vendor APs from
the ini and apply vendor AP specific WARs during CSR join request.
Change-Id: Icb6742bfeb9515c11d61034b795b95b92e833b64
CRs-Fixed: 2254532
Add ENABLE_DBS_CXN_AND_DISABLE_SIMULTANEOUS_SCAN option for the ini
gDualMacFeatureDisable. This is to enable DBS support for the
connection and disable simultaneous scan from upper layer. But DBS
scan remains enabled in FW.
Change-Id: Ic280de2cc63a3775c0d9dd61985ff89df58a4a89
CRs-Fixed: 2288294
Use SIR_MAX_SUPPORTED_BSS macro to decide max number of SME sessions
to avoid timer leak issue as SIR_MAX_SUPPORTED_BSS can be
configured through kbuild.
Change-Id: I86377d43ceb1b5cfcaa7c17a15a4fb300b79246b
CRs-Fixed: 2288864
wait for single event in umac_stop instead of wait for event
completion in which the events can be forcefully get reset
in the event of SSR.
Change-Id: I1925b820c7c292acbc019b058ff51297ad800b88
CRs-Fixed: 2289353
The mac_start() API currently specifies a void pointer for the "start
params" parameter. But both mac_start() and its caller must agree on
the type of this structure, so replace the void pointer with the
actual struct pointer. In the process rename that struct to comply
with the coding style and relocate it to be a part of the MAC Init
API.
Change-Id: I7fc62abbb17d214551ca6ff0cda8b76d218280e3
CRs-Fixed: 2290807
Reduce the number of logs during the SMMU mapping process in
cds_smmu_mem_map_setup by refactoring the logic to reduce the number of
branches.
Change-Id: I1a8b0ece31ab51eaf6f96232b284b61d77c83084
CRs-Fixed: 2291034
The Driver Synchronization Core (DSC) is a set of synchronization
primitives for use by the driver's orchestration layer. It provides APIs
for ensuring safe state transitions (including bring up and tear down)
of major driver objects: a single driver, associated psocs, and their
associated vdevs.
APIs are divided into two categories: mutual exclusion of conflicting
transitions, and operation tracking, blocking, and waiting capabilities.
For part 6, enable the DSC component.
Change-Id: I0ac37f479a4a38e346fb91ad041a4f51ccc6c879
CRs-Fixed: 2290260
Check PF_WAKE_UP_IDLE macro defined to determine the presence of
kernel scheduler APIs for wake up on an idle CPU.
If not, call dummy functions instead.
Change-Id: I34065aa244dc132e228c6e9f764c8eae90d81261
CRs-Fixed: 2168716
In monitor mode, current implementation
uses the preample type, vht_sig_a_1 and vht_sig_a_1
values associated with each mpdu, instead of reusing
the values from the first mpdu, to calculate data rates.
This is causing incorrect rates to be recorded in monitor mode logs
Reuse preample type, vht_sig_a_1 and vht_sig_a_1 of first
mpdu till the last mpdu is reached.
Change-Id: Ia6e5c1b3b0cc8d8b27f16cdfbd469fdba5c4a8f2
CRs-Fixed: 2276766
Separate out HL and LL Rx Data Path in different files
to compile out features cleanly
Change-Id: Ifc0e2d7e740142f0115d1fcd53db2936f7a30979
CRs-Fixed: 2287351
Separate out HL and LL Tx Data Path in different files
to compile out features cleanly.
Change-Id: I9033a5bc83bbc95ff00be3f46dc6eda65eab9e71
CRs-Fixed: 2287346
When the scan is rejected, driver saves the scan reject reason and the
rejected time by converting the jiffies to msec. In case when
HZ is 100 while converting jiffies to msec, jiffies_to_msecs() return
wrapped value of jiffies(in msec). This result value of the current jiffies
(return value of jiffies_to_msecs API) becomes greater than scan reject
time (pHddCtx->last_scan_reject_timestamp) and __wlan_hdd_cfg80211_scan
trigger SSR in case of scan rejection.
Fix is to Use jiffiy directly instead of using jiffies_to_msecs()
while updating scan reject time(pHddCtx->last_scan_reject_timestamp).
Change-Id: Ib86830456fdc48143bf282779216ab94aed11923
CRs-Fixed: 2289992
Currently in driver we are advertising LRO Support as part of
hdd_init_station_mode() with dev->features |= NETIF_F_LRO.
This is not tied up with INI param "LROEnable", to advertise LRO
to kernel. Add INI check for "LROEnable" before advertising LRO.
Change-Id: I6a3940b65e72ae12015d0303c573456d44e1ac9c
CRs-Fixed: 2269590
Per protocol definition, the ssid length in OWE bss’s IE is zero
when in OWE transition mode. And the api wlan_hdd_get_sta_stats
thinks it is invalid ssidlen and returns directly. It causes the
uplayer can not get stats info.
Change-Id: I20eb7aa79ce25a4b66d9be093510eb414d4fca42
CRs-Fixed: 2285542
With the latest android upgrade after the sap is turned off
change interface will switch netdev back to original mode and
starting the adapter in this state will create resources even
when the upper layer is not using the netdev.
Do not start the adapter from the change interface.
Change-Id: I763879ecc84dca4115bca0e4e805b8b4b6108bb8
CRs-Fixed: 2270730
The PLD probe event handler does both probe and reinit. However, the
probe and reinit logics are quite different. Split this shared logic
into two handler functions, one for probe and one for reinit. Update the
PLD probe event handler to invoke the correct handler function based on
the reinit flag received as part of the event.
Change-Id: Id48d18aee0d449b6849297848c2bab96c6e008ae
CRs-Fixed: 2290221
The HDD bus bandwidth infrastructure init/deinit sequence is currently
very sporadic. Startup and re-init initialize it at different point, and
failed to de-initialize it in the case of failure. Likewise, exit and
shutdown de-initialize it at different points. Update the HDD bus
bandwidth init/deinit sequence so that it is uniform and symmetrical in
all situations.
Change-Id: I5312bd340d885aafb8d4e809672eb02afc199781
CRs-Fixed: 2290237
wlan_hdd_cfg80211_sched_scan_stop() currently does not validate the
given adapter or the hdd context. Validate both before performing a
scheduled scan stop operation on said adapter.
Change-Id: I4e0370ad059fbb0371a38300f33dfae7a9f8106d
CRs-Fixed: 2289411
Currently driver allocates buffer of size 10KB which is
getting filled completely in some cases when size of
ll_stats is more than 10KB. Because of this driver
ignores some of the stats and user space does not
get the complete stats.
To address this issue increase the size of the buffer
to 12 KB.
Change-Id: I8c5500545a3c69ecb5ba3b1bb3e7f3338a61714f
CRs-Fixed: 2279495
Use new cfg API for P2P and TDLS WNI configures, and cleanup related
legacy codes. Remove two not use P2P INI configures.
Change-Id: Ie37fd5e598ececba561581952a23601595607b2e
CRs-Fixed: 2286387
When the Nss is set to 2,MCS0-11 is used as default HE MCS config
for 2x2 mode which may not be same as 1x1 HE MCS config.
Use the 1x1 MCS config for Nss setting to 2 to keep the MCS
config same for both streams.
Change-Id: I76157357667696979976983e81f014182dfe769e
CRs-Fixed: 2284467
If any WMA request is queued in wma hold req/vdev resp queue after fw
has crashed and sent the corresponding uevent to HOST, request will
timeout and if at the same time, SSR is also going on, it may lead to
various issues and crashes.
Check whether target is ready or not before queuing any request
in wma hold req/vdev resp queue.
Change-Id: I26b5746e9ba4f57f46b3a5a486bd85ef150d0ee7
CRs-Fixed: 2289004
Change the BA buffer size attribute value to 16-bit to set
the 256 BA buffer size. Define the max supported BA buffer
size and advertise the max supported buffer size if the
user configures the value greater than supported.
Change-Id: I5efdee60517e02572386e9751706722987f44261
CRs-Fixed: 2284461
Add state machine changes to Addba request handling
in order to include IN_PROGRESS state until addba
response tx is not successfully completed. If response
tx is successful, move tid to ACTIVE state.
CRs-Fixed: 2254887
Change-Id: I09f9d8aa09bbb3fb98e0873657d1b8072371f0d8
No frame length check when extract 11w transaction id from SA
query request and response action frame, if frame length is
shorter than expected, buffer overflow will happen
Change-Id: Iddefa809023da244564cfd227ccfe8c2de5717c0
CRs-Fixed: 2263320
A number of HDD and IPA logs are generally unnecessary and have been
identified as contributing to log spam. Reduce these log messages to the
debug level.
Change-Id: I2f92bb4caec5adc65fdad0146298aa5f88b43def
CRs-Fixed: 2288430
Reduce error logs in __hdd_netdev_notifier_call which do not alway
indicate an error.
Change-Id: I7386cb26993877ed86802b60240cd04b85dd4e8b
CRs-Fixed: 2287681
Support of ini to control driver acs is removed, therefore remove
related code which is no longer used.
Change-Id: I3d279de67ee5f36b785e4516edd9f14484311f5c
CRs-Fixed: 2284253
SARv1 to SARv2 upgrade can have the following problem:
1) Userspace application was written to use SARv1 BDF entries
2) Product is configured with SAR V2 BDF entries
So introduce WLAN_FEATURE_SARV1_TO_SARV2 which has the logic:
If this feature is enabled, and if the firmware is configured with SAR
V2 support, and if the incoming request is to enable a SAR V1 BDF
entry, then the WMI command is generated to actually configure a SAR
V2 BDF entry.
CRs-Fixed: 2282071
Change-Id: I1f4c65d0315b56af6646ca1d5491eaa9c1f732a5
SAR version information is now being populated in struct wma_tgt_cfg.
Keep a copy of the information in the HDD context for local reference.
Change-Id: I7bc943fc71b651baeb56e4966d97efca2cccbf4e
CRs-Fixed: 2282071
HDD needs to know the SAR version running in firmware so add that
information to struct wma_tgt_cfg.
Change-Id: Idcb79921cb417a923ced8b6cfed2672bee03eaf1
CRs-Fixed: 2282071
HDD currently reset various txrx handles during the deinit of an access
point (AP) interface, but fails to do so for station interfaces. This
can lead to a user-after-free while changing the interface mode from
station to something else. Reset the txrx handles during deinit for
station interfaces.
Change-Id: I189089fabefb9c430da493c0c99473179d02b5cd
CRs-Fixed: 2283532
The host will update the rx nss after it gets the
rx nss info from the operating mode notification
IE. Currently, it does not check the num rf chains
of the dut. It causes the difference between
software and hardware.
Change-Id: I5d6852f8e2928cc99fc88ccface3bc4abe97f273
CRs-Fixed: 2280003
Before checking for other kinds of resources leaks, check to ensure all
objmgr peers have been properly freed.
Change-Id: Ifb1016be456c26e140f324fc3c858bd4a5fa6a27
CRs-Fixed: 2285186
During peer removal, call cdp_peer_teardown to
make sure all the peer AST entries are removed.
This also marks the peer->delete_in_progress flag.
Change-Id: Ibe4a0244cadc2b8073e4e71a925a615447d00933
CRs-Fixed: 2287663
In the function csr_queue_sme_command, we memset the memory for
the roam command to 0 in case of failure and release the memory
to the global command pool. But in csr_roam_issue_connect,
csr_release_command_roam is called again in case of failure,
and this can lead to memset of memory to 0 that is released to
global command pool.
Remove the redundant csr_release_command_roam in the function
csr_roam_issue_connect and the call to csr_reinit_preauth_cmd in
csr_roam_enqueue_preauth.
Change-Id: Ifab3551dd3b2dbb2d135b5488f7b09f422648abb
CRs-Fixed: 2280904
print format "pS" in module will call module_address_lookup in
kernel, which will disable preempt. This could result in some
performance issues, like block rt task vsync_retire_work and
then cause janks.
Change-Id: I524b03315df7b1f6464912d2c9ce74b8dc33ea1a
CRs-Fixed: 2267779
1.Scan entry uses MGMT_SUBTYPE_BEACON to specify
the frame type. Correct lim_handle_sap_beacon
to use MGMT_SUBTYPE_BEACON to check frame type.
2.lim_allocate_and_get_bcn return corrected
pkt and pkt info.
Change-Id: I607be66a376f5121d100db52a55faf32c088a94a
CRs-Fixed: 2282274
Currently defined default value for gActionOUISwitchTo11nMode leads
to vendor APs which don't require the WAR also to be identified
for forcing 11n connection.
Fix the default value to limit the WAR to only the required vendor
AP.
Change-Id: Icecd5a3a92a35eb4d0a7eb4ae156aed7dcfbfb86
CRs-Fixed: 2276057
The beacon ie of AP to connect in sme cmd may be freed and set to
NULL in csr_roam if csr_roam_issue_join failed,
scan_result->Result.pvIes may be different in start and end of
csr_roaming_state_config_cnf_processor.
Fixed by using a local bool val to mark whether beacon ie is new
malloced and need free.
Change-Id: I04ec952273a28a3b8a215dd6812bba213ff5309a
CRs-Fixed: 2284311
We are transitioning the usage of LL stats response event
to request manager framework.
Change-Id: Ice8b3d53beb47b345ed569f2b4bf790e9f5ce506
CRs-Fixed: 2274933
Propagation from prima to qcacld-3.0
Implement GET_DISABLE_CHANNEL_LIST driver command to get disable
channel list programed by SET_DISABLE_CHANNEL_LIST driver command.
Change-Id: Ib741e1cd23cef105314325aaec86feb50f36a181
CRs-Fixed: 2206336
If driver is removing while STA is in connected state, disconnect
is not happening because hdd context validation will not be success
while driver unload is in progress.
To address this issue, remove validation of hdd context in
wlan_hdd_disconnect to allow disconnection while driver unload
is in progress.
Change-Id: Ia10aa9237a30490f3085458ab38ce27c4eeebaf0
CRs-Fixed: 2284198
Initialise spinlock: tx_mutex in pdev_attach instead of
pdev_post_attach as it may be accessed
in ol_tx_flow_ct_unpause_os_q() just after FW download.
Change-Id: I9de2eacd573420d23bc3a71a52dfb27bc1cfdab5
CRs-Fixed: 2285503
Add per module logging macros without function/line info
to avoid adding function/line info where it is not required.
Change-Id: Id808fef623b82cec38fc31071ef384f3ff0c92da
CRs-Fixed: 2278874
Propagation from prima to qcacld-3.0
Add support to disable channel list received with command
"SET_DISABLE_CHANNEL_LIST".
As part of this command, number of channels and list
of that many channels should be given. When SAP comes up, disable
the channels received in the command. If any of the interface
is up on any of the channel from the list, first disconnect
the interface and start the interface on the new channel.
Change-Id: I3c7810bfde78878a3e60570a13bf2741e1da599b
CRs-Fixed: 2205305
Currently in avoid frequency vendor command, data validation
is not being done, since this data comes from userspace driver
should not be using this data pointer without validation.
To address this issue add validation for data pointer and data
length received in driver.
Change-Id: I7b56e2ddcbcb5e98dd93d152033db48063e772d3
CRs-Fixed: 2252793
The command eSmeCommandDelStaSession issues vdev delete to
firmware. As this command eSmeCommandDelStaSession is not
serialized, this may issue delete vdev before the peers for the
vdev are deleted, resulting in fw assert. Serialization should
be brought in for this command, so that first eSmeCommandRoam
command will do vdev_stop-->remove_peer-->vdev_down and then
eSmeCommandDelStaSession will be processed which will send vdev
delete.
Post the command eSmeCommandDelStaSession to the serialization
module and WMA_DEL_STA_SELF_REQ will be posted from the sme
eSmeCommandDelStaSession handler.
Change-Id: I60fcbf622b961162c647db3638b5e019c5231971
CRs-Fixed: 2270982
Currently struct nan_datapath_peer_ind contains the following:
uint8_t session_id;
This is problematic since "session_id" is a legacy concept and should
not be used in the converged project. Fortunately this field does not
actually serve any purpose. But in order to cleanly remove it a 3-step
approach is required.
Step 1 (qcacld Change If6cf48ccbfe87b23b275720df51c6cc26af9fa5e):
Remove the logic from the converged NAN code which currently reads
this field and logs the value.
Step 2 (this change):
Remove the logic from the legacy NAN code which sets this field.
Step 3 (qcacld Change Ibeb8007c96ae1a902bfd7dd99a42ba4a291a1dc6):
Remove the session_id field from struct nan_datapath_peer_ind.
Change-Id: I2819556d48a9dd901158aaa04d6bda9c36f33012
CRs-Fixed: 2284400
If 11w is enabled, mmie should be included in broadcast
multicast rmf, length check need consider it to avoid buffer
overflow
CRs-Fixed: 2270117
Change-Id: I6c2ebe18fb5b6e4246ba6d28c1dbc55175279e30
Currently, all resource leaks are skipped during the SSR reinit stage.
However, recently added vdev and pdev leak checks apply equally as well
to SSR reinit. During SSR do as many resource leak checks as possible,
while retaining the entire set for normal use cases.
Change-Id: I33248a9fb0fbacddf9ea8682ff984290712c29d3
CRs-Fixed: 2284384
This is an older implmenetation of handling blacklist and whitelist
OUI's. Hostapd doesn't send this information in start_ap now. There
is a possible out of bound memory access happening while parsing an
IE with this code. Remove the code to avoid security risk.
Remove redundant code handling blacklist and whitelist OUI IE's.
Change-Id: Ib16d26d6766bcffb53de34dca77073a3e986eee2
CRs-Fixed: 2239897
Max 3 BSS sessions and 10 peers are required in Genoa.
To support this, reduce SIR_MAX_SUPPORTED_BSS to 3 and
SIR_SAP_MAX_NUM_PEERS to 10.
Change-Id: Ic773b5b38193d446288321c2dfd740f6de57704e
CRs-Fixed: 2283825
The function wma_roam_synch_frame_event_handler, memory is
allocated for iface->roam_synch_frame_ind.bcn_probe_rsp,
iface->roam_synch_frame_ind.bcn_reassoc_req,
iface->roam_synch_frame_ind.bcn_reassoc_rsp when the wmi event
WMI_ROAM_SYNCH_FRAME_EVENT is received. This event is followed
by a WMI_ROAM_SYNCH_EVENT from the firmware where the host
copies the bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp to
the structure roam_synch_ind_ptr and frees the allocated memory.
In this flow memory leak can happen in following cases:
1. Firmware sends multiple cascade of WMI_ROAM_SYNCH_FRAME_EVENT
the host allocates bcn_reassoc_req, bcn_reassoc_rsp and
bcn_probe_rsp with out freeing the previous instance.
2. Firmware sends WMI_ROAM_SYNCH_FRAME_EVENT with either
bcn_reassoc_req or bcn_reassoc_req or bcn_probe_rsp NULL or all
the three are NULL.
3. Firmware sends WMI_ROAM_SYNCH_FRAME_EVENT having
bcn_reassoc_req bcn_reassoc_req and bcn_probe_rsp. Then it sends
the WMI_ROAM_SYNCH_EVENT with non zero bcn_reassoc_req_len or
bcn_reassoc_rsp_len or bcn_probe_rsp length.
4. Host doesn't free the allocated memory in
wma_roam_synch_frame_event_handler during failure cases.
Check if received iface->roam_synch_frame_ind has non NULL
bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp and free the
same before allocating new memory. Also free the allocated
bcn_probe_rsp, bcn_reassoc_req, bcn_reassoc_rsp in failure
return cases.
Change-Id: I2b76769d09fd61929f7837cb8661d778cd2f881a
CRs-Fixed: 2282413
Map all enter/exit log macros to enter/exit QDF TRACE macro
to provide option to compile out enter/exit logs if required.
Change-Id: I0c6cd633705e820fcfeb47e3f81a3522c9ef1974
CRs-Fixed: 2274850
Change the btm_offload_config INI default to disable the sending of
solicited BTM query frame from the host.
Change-Id: Ie1d1eeff268e445ed19c62413712ab2178c7ba54
CRs-Fixed: 2279249
