Adaptive 11r feature that enables the AP to support FT-AKM
without configuring the FT-AKM in the network. The AP will
advertise non-FT akm with a vendor specific IE having Adaptive
11r bit set to 1 in the IE data. The AP also advertises the
MDE in beacon/probe response.
The STA should check the adaptive 11r capability if the AP
advertises MDE in beacon/probe and adaptive 11r capability in
vendor specific IE. If adaptive 11r capability is found,
STA should advertise the FT equivalent of the non-FT AKM.
Introdue a compile time flag WLAN_ADAPTIVE_11R_ENABLED to
enable/disable adaptive 11r support.
If the AP is adaptive 11r capable, set the is_adaptive_11r_ap
flag in bss descrtiptor. This flag will be sent in join request
and populated to pe_session. Also mark the CSR session as
adaptive 11r session based on this flag.
Add changes to check for the adaptive 11r service capability
advertised by firmware. If the host driver connects to adaptive
11r AP, enable RSO only if the firmware advertises adaptive
11r capability, else RSO should be disabled.
If the connection is adaptive 11r connection and if the adaptive
11r ini is enabled, set the adaptive_11r flag in
wmi_roam_11r_offload_tlv_param sent over the wmi command
WMI_ROAM_SCAN_MODE to the firmware. This will enable firmware to
filter the adaptive 11r AP from roam scan results.
Change-Id: If27a2393e3f4bb68942f5ebcec0135f57627f16b
CRs-Fixed: 2437988
Use updated cp stats component to get peer rssi and tx rate,
rx rate for big data logging as legacy infrastructure is
deprecated.
Additionally add support for RX multicast broadcast packets from FW.
Change-Id: Idcab4a022a4e7e34bd15878f95ad8248ca3aa9dd
CRs-fixed: 2428582
Currently in the case of concurrent sessions running,
the driver updates the active dwell time for the scan
request to the default value, overwriting the already
filled active dwell time which the DUT got from the
AP as part of RRM request, which results in violation
of protocol.
Fix is to not update the concurrency params if the scan
request is of type RRM.
Change-Id: I09ebfbee0d282391be17aed7eaf56e3c53c2a5e2
CRs-Fixed: 2438535
With current design, firmware sends the kck, kek and replay
counters as part of wmi_key_material tlv over the
WMI_ROAM_SYNCH_EVENTID event. But the maximum supported kck key
length in wmi_key_material was 16 bytes. But for FT Suite-B
(akm 00:0f:ac:13), the kck_bits is 24 bytes long and cannot be
sent over wmi_key_material. So firmware sends kck, kek and
replay counter values over the new tlv wmi_key_material_ext.
Host driver copies the kck key with fixed 16 byte length to the
upper layers. Introduce kck_length parameter in csr_roam_info
and roam_offload_synch_ind structures and copy kck based on this
length.
Also fix maximum number of AKM suites supported to 5, as some
certification test cases advertise 5 akms.
Change-Id: Iab050e3e3f7efead8070a02094998d15f7ffcbd0
CRs-Fixed: 2400770
On failure in processing beacon report request in
sme_rrm_process_beacon_report_req_ind, xmit ind is
not sent to PE. This will result in all subsequent
beacon report requests to fail as current request
in PE is not freed. Beacon report request is received
with country code US-O and operating class 12. In this
scenario, third byte in country code is overwritten to
global_op_class which causes no channel to be populated
for scan as there is no operating class 12 in global op
class.
Fix is to send xmit ind to PE on failure in processing
beacon report req in SME for cleanup and not overwrite
the third byte in country code if value exceeds global
op value.
Change-Id: Ie07dbb1f45803cf93b45df2173f0ad064a194cb3
CRs-Fixed: 2439827
Add gTxAggSwRetry for tx aggregation case, and
Add gTxNonAggSwRetry for non tx aggregation case.
Change-Id: I92265fb4e279eaf63c45f0134f997df02bca8737
CRs-Fixed: 2436305
Currently, the function csr_save_tx_power_to_cfg does not
update the max_tx_power_24/5 length before it copies the
max_tx_power_24/5 data. Then the channel and tx power info
is not complete.
Change-Id: I99e4def6678b68e192f421d03ca7768b341dfbab
CRs-Fixed: 2437214
Connection is initiated with AP1, roaming to AP2 and then
roaming back to AP1.In this scenario, after assoc is done
to AP1 firmware has the pmk for AP1. Now firmware roams to
AP2 and sends roam sync indication with status as connected
and 1x is now offloaded to supplicant. Now even before 1x is
complete driver enables RSO for AP2 , due to this firmware
receives same PMK as that of AP1. Firmware flushes AP1 entry
because AP2 also has same PMK. After 1x , supplicant issues
new PMK which is sent to firmware and firmware updates this
for AP2 . Now when firmware tries to roam to AP1 and it dosent
have pmk for AP1 and it results in full EAP HS.
Change-Id: Id1a0b227cf7be12efa23f63c0abac6d3419469d5
CRs-Fixed: 2432114
For SHA384 based 11r AKMs below:
FT-FILS-SHA384, FT-SUITEB-SHA384, the FT MIC length is 24. But
the host driver has MIC length hardcoded as 16, so only first
16 bytes of MIC is copied into MIC field and the rest 8 bytes are
copied into R1KH-ID. This results in R1KH-ID and R0KH-ID parse
failure. Due to this, the host driver sends R0KH-ID as 0 to the
firmware in the R0KH-ID. So the next roaming fails in the
firmware.
For SHA384 based AKMs, add changes to reparse the association/
reassociation response FT element. Introduce new FTIE structure
with MIC defined as array of 24 bytes. With this, the R0KH-ID
and R1KH-ID will be populated correctly in to the assoc response
structure and ultimately RSO command will carry the right R0KH-ID
to firmware.
Change-Id: I5aa50145fcd3ba91b1c92d4817b7f0e4fc216e3f
CRs-Fixed: 2430828
Currently when an RRM scan is issued for beacon report request from the
connected AP, we use the current scan country code to get the op class
table for the country.
However, the AP can specify which table to use in the country IE's 3rd
byte of the country field which is not parsed and stored in the scan
country code.
For RRM Scan for beacon report request, use the 3rd byte to get the table
number from the connected AP's beacon and if no table number is present,
then use the op class table based on the country code.
Change-Id: I0911ac908d1c71676f7c1450ab260eaa732ddcb9
CRs-Fixed: 2435942
After DUT STA connected, search connected ssid from scan cache,
get each channel and put into roam scan channel map. To make sure
current home channel is always included and don't set full
channel as channel map, add home channel into roam scan channel
map directly.
Change-Id: Ifb25562259a9b7f35849b39d8e0d238e754d4f96
CRs-Fixed: 2436200
Add new ini to configure various roam trigger parameters:
1. "minimum_btm_candidate_score"
Consider the AP as roam candidate only if its score is greater
than minimum_btm_candidate_score. This value will be sent over
the WMI_BTM_OFFLOAD_CONFIG command.
2. "roam_scan_inactivity_time"
Device inactivity monitoring time in milliseconds for which
the device is considered to be inactive with data packets
count is less than configured roam_inactive_count.
3. "roam_inactive_data_packet_count"
Maximum allowed data packets count during
roam_scan_inactivity_time.
4. "roam_scan_period_after_inactivity"
Roam scan period in ms after device was in inactive state.
5. "btm_roam_score_delta"
Roam scan delta value for btm triggered roam scan. This value
will be sent to firmware over the WMI_ROAM_AP_PROFILE wmi
command.
6. "idle_roam_score_delta"
Roam scan delta value for Idle roam scan trigger reason. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_delta_param_list tlv.
7. "disconnect_roam_trigger_min_rssi"
Candidate minimum rssi value for disconnect roam trigger. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
8. "beacon_miss_roam_min_rssi"
Candidate minimum rssi value for BTM triggered roam. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
9. "bss_load_trigger_5g_rssi_threshold"
If connected AP is in 5GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_5g_rssi_threshold.
10. "bss_load_trigger_2g_rssi_threshold"
If connected AP is in 2GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_2g_rssi_threshold.
Change-Id: Ib026251a8ec403f4376a16a91ff1b5d969336816
CRs-Fixed: 2434922
Roam channel map is got by searching current ssid in scan db,
if hidden ssid, probe resp has ssid, but beacon usually has
NULL ssid.
Use new scan structure in csr_init_occupied_channels_list
Change-Id: I9758cb30b83a7c0c3d221b7178ffb607f0911593
CRs-Fixed: 2432223
If csr_is_security_match() call csr_validate_any_default(), it passed
NULL pointers of some input parameters, check these pointers before
de-reference it.
Change-Id: I2cbd9f680c8a90919599db3af5b522ccb760892d
CRs-Fixed: 2423713
Add policy manager support to avoid simultaneous connections on
STA plus STA concurrent interfaces when
WMI_SERVICE_STA_PLUS_STA_SUPPORT is not set.
Change-Id: I73e65c56a98908128d56af2f4fba8ced5210fff1
CRs-Fixed: 2427828
Unicast probe requests are sent to AP even though
beacons or probe responses from AP contain MBO IE
with assoc disallowed bit set. In another scenario
where AP rejects association with retry delay of 60
secs, unicast probe requests are being sent to AP
as part of scan for ssid during connection within
the retry delay.
Fix is to reject connection when assoc disallowed
bit is set in MBO IE and also not trigger scan for
ssid when get_scan_results fails due to rssi reject.
Change-Id: I855cf397ff7e3869fb1eceeddc1db5d109790465
CRs-Fixed: 2433740
Add support for new wmi command WMI_ROAM_DEAUTH_CONFIG_CMDID
to send disconnect roam trigger parameters and the
new wmi command WMI_ROAM_IDLE_CONFIG_CMDID is used to send the
idle roam trigger parameters. Fill the parameters from csr to
roam request and send it as part of RSO start command to
firmware.
Fill the corresponding parameters in
csr_update_roam_scan_offload_request(). This will be sent to wmi
and the params will be copied to the wmi command buffer.
Change-Id: I3d863a3ec8c5608d47e600c760d7b3406703a953
CRs-Fixed: 2431490
Currently, lim_process_sme_disassoc_cnf,
lim_process_sme_disassoc_req, lim_process_sme_deauth_req and
sme_qos_request_reassoc does not do null validation for session
which can lead to null pointer derefrence.
Add null pointer check for session in lim_process_sme_disassoc_req,
lim_process_sme_deauth_req,lim_process_sme_disassoc_cnf and
sme_qos_request_reassoc before usage and send failure to sme.
Change-Id: I0efe4e98a8dd26767309ed1e6b668a6267a4b770
CRs-Fixed: 2423887
During LFR3 driver post the message to add the scan entry in
scheduler to scan module and continue with roaming and send roam
event to CFG layer. Also it set the new AP' scan entry in scan
module as associated, to avoid age out of the entry.
Now as the message posted to scan module will get schedule after
roaming is complete, if new AP's entry is not present in CFG scan
cache the roam indication to CFG may fail. Also if it's not present
in the driver cache the new AP's entry may AGE out and channel will
not be added in occupied list, used for roaming.
Thus update the scan entry in scan module and CFG in same context.
Change-Id: I2c5f165b43d48a0b0b54fdf08a0e53b31fac07aa
CRs-Fixed: 2435410
In SAP if a peer is disconnecting, so CSR roamstate is set to
eCSR_ROAMING_STATE_JOINING. Now if at the same time another peer
is trying to connect, eWNI_SME_UPPER_LAYER_ASSOC_CNF will be dropped
in eCSR_ROAMING_STATE_JOINING state.
Fix this by processing eWNI_SME_UPPER_LAYER_ASSOC_CNF in
eCSR_ROAMING_STATE_JOINING state.
Change-Id: I7d4347013eca494e537aaeb4468814238cb3fca6
CRs-Fixed: 2430840
Validate cfgLength to the upper bound before using it in copy
inside csr_get_cfg_max_tx_power()/lim_get_dot11d_transmit_power.
Change-Id: Ibcc1f145db9b902a29a0332553323d0a3ac6b2ff
CRs-Fixed: 2423707
If the FW doesn't send the ext service ready event, and
thus the host does not get the max chainmask that both
the macs can support, the host still updates the ini
with the minimum of the host, and FW config, which can
lead to functional issues in connection, and scan.
Fix is to honour the setting only if the FW sends a non
zero positive chainmask for both macs.
Change-Id: I2a321923a2f995cca20cef3980acb1bf41ca0db0
CRs-Fixed: 2429584
Pointer 'req' is dereference before null check which can lead
to null pointer dereference.
Pointer 'body' is never null check after allocation of memory.
qdf_mem_malloc can return null and when pointer 'body' is
dereference, it can lead to null pointer dereference.
Change-Id: I62f26341079d4849c56f7d35d0b7c64df6b49f3b
CRs-Fixed: 2424010
The host driver handles update connect params sent from
userspace and updates the FILS auth type or FILS Erp info based
on the UPDATE_FILS_AUTH_TYPE(2) or UPDATE_FILS_ERP_INFO(1) bit
set in the changed flag.
Handle the association IE update sent from userspace also.
UPDATE_ASSOC_IE(bit 0) will be used to check if assoc IE needs
to be updated. This assoc IE should be sent to firmware. MBO IE
is updated as part of this IEs from the WNM action frame
received by the userspace when setting non preferred channel list
from the AP. If host driver fails to update these IEs to
firmware, MBO IE will not be sent in reassociation request frame
and MBO testcases will fail.
Parse the assoc IE into hdd_adapter->roam_profile. If
parse and validation is successful, copy the assoc IE into
csr_roam_session of the corresponding vdev. Send RSO update
command to firmware, with updated assoc IEs.
Also currently the driver registers update_connect_params
event only if FILS compile flag and UPDATE_CONNECT_PARAMS
flag is enabled. Exclude FILS flag check from this conditional
condition and check only for UPDATE_CONNECT_PARAMS.
Change-Id: I29fadebc9a7fc43937b805f0f041bb86ddf85cbd
CRs-Fixed: 2429665
Set device HE capabilities to testbed defaults when device is
configured as testbed device.
Change-Id: I5b1d9eb6f0b576f18a5e4d77131354639b0ae2f0
CRs-Fixed: 2428156
Remove the element ID macros defined in qcacld-3.0 and
replace it with the macros defined in qcacmn.
Change-Id: I01a38e3d6c4857eb48868a34e278366ad9d5d099
CRs-Fixed: 2427311
Scan on channels triggered as part of active mode RRM
beacon report request fails on receiving roaming
indication from firmware due to get_session_id_from_bssid
failure. So current req in RRM PE context will not be freed
and as a result all subsequent beacon report requests will
fail.
Fix is to free current req in RRM PE context on scan
req failure due to STA roaming to a different AP.
Change-Id: Ib911ddcc7538bb5f3711647bb83a1978d1a1af73
CRs-Fixed: 2419044
The Linux Coding Style frowns upon mixed-case names so rename
csrConfig in struct sme_config_params to be in compliance.
Change-Id: I451d728c79608041effed09adb199a357c97c0b5
CRs-Fixed: 2428992
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tCsrConfigParam typedef does
not meet any of those criteria, so replace it with a reference to the
underlying struct.
Further note the Linux Coding Style frowns upon mixed-case names so in
conjunction rename the underlying struct to be in compliance.
Change-Id: If6f07ced0a8f92ddf06bc40a042efd6584df147b
CRs-Fixed: 2428991
As a result of TDLS componentization the following SME TDLS typedefs
are no longer used, so remove them:
- tSmeTdlsPeerCapParams
- eSmeTdlsPeerState
- tSmeTdlsPeerStateParams
- sme_tdls_chan_switch_params
Change-Id: I6e857aedcbfe7c422425076aeac8c9b882be7513
CRs-Fixed: 2428990
When WLAN_CONV_CRYPTO_IE_SUPPORT enabled, pmkid should be
saved to crypto component by crypto API. Otherwsie RSN ie
construction will have no pmkid info to add to rsn ie buf.
Change-Id: I8643aca794dcb42323d3d051e7a15a0597167ed6
CRs-Fixed: 2402775
Currently, there is no information for roam reason
in csr
Fix,check 4 LSB of roam_synch_data for roam reason
and send roam_reason to hdd
Change-Id: I4306339eb69db3bfc05fac79b13e3693582ff05d
CRs-Fixed: 2425911
Currently the key information i.e the key, and the number of keys
are not getting cleared on wifi link disconnection from wifi
driver memory, which can lead to information disclosure.
Clear the key information i.e the number of keys and
keys from wifi driver memory to avoid any potential information
disclore after wifi is turned off.
Change-Id: I45306e0d648c500f63f723b4e3ccb6098c055158
CRs-Fixed: 2415413
If LIM initiate disconnect for a peer (eSmeCommandWmStatusChange) and
at same time bss is stopped, disconnect may get processed after stop
bss and thus will return from LIM as AP has already stopped.
LIM will post eWNI_SME_DISCONNECT_DONE_IND to sme to remove
the eSmeCommandWmStatusChange command from serialization active queue.
But eWNI_SME_DISCONNECT_DONE_IND is not processed in CSR sub state
eCSR_ROAM_SUBSTATE_STOP_BSS_REQ the command is not removed.
Fix is to handle the eWNI_SME_DISCONNECT_DONE_IND in
eCSR_ROAM_SUBSTATE_STOP_BSS_REQ state.Also allow
hdd_cfg80211_del_station call during unload.
Change-Id: I79cd1f413f2f9f12e6da6702098b782b6c156d24
CRs-Fixed: 2425724
Add support to get the various Coex data from the debugfs.
This commit adds the support to get the various coex data:
* COEX STATE
* COEX DPWB STATE
* COEX TDM STATE
* COEX IDRX STATE
* COEX ANTENNA SHARING STATE
The specific state information can be read via the debugfs.
Example to read the COEX STATE logging:
sm6150:/ # cat /sys/kernel/debug/wlan/mws_coex_state
vdev_id = 0
coex_scheme_bitmap = 0
active_conflict_count = 0
potential_conflict_count = 0
chavd_group0_bitmap = 0
chavd_group1_bitmap = 0
chavd_group2_bitmap = 0
chavd_group3_bitmap = 0
Change-Id: I92272ad7edf44df22730ac0fa992d876840ba632
CRs-Fixed: 2413943
In csr_roam_issue_set_context_req_helper, reference of vdev is not
released after get.
Change-Id: I686cd6a8dfd7e7889ef8e9ac3a4c6eb6be217f6e
CRs-Fixed: 2424885
During LFR2 roaming, after the preauth with new AP
and disassociation with current AP are successful,
proper HW mode should be set based on the
existing concurrency scenario.
Change-Id: I312ed10bc844712b3dba36680457198a19f1e85c
CRs-Fixed: 2367224
Per the Linux Kernel coding style, as enforced by the kernel
checkpatch script, pointers should not be explicitly compared to
NULL. Therefore within sme replace any such comparisons with logical
operations performed on the pointer itself.
Change-Id: I26dc90bbae78329dd04768a21c63a9ea55c8fdb4
CRs-Fixed: 2418388
It doesn't handle event eWNI_SME_UPPER_LAYER_ASSOC_CNF if state isn't
eCSR_ROAMING_STATE_JOINED, which cause memory leak. So handle this
event and free the memory.
Change-Id: Ibfbf9ac5e2d74a2c81839976b4cc1fb7deae7e60
CRs-Fixed: 2414369
In 2x2 DBS mode once STA/SAP change channel from 2.4Ghz to 5Ghz,
policy_mgr_get_current_pref_hw_mode_ptr never return
PM_SINGLE_MAC_UPGRADE to start the opportunistic timer to switch to
single mac mode.
Fix is to check and start opportunistic timer once connection info are
updated. Also start opportunistic timer before
check for SAP to change channel as when SAP change channel it should
stop opportunistic timer and set required HW mode.
If single mac mode is required after channel switch it will start
opportunistic timer again in channel switch callback.
Change-Id: Id6bbc7ea51ba8147e517e7e7bf2b14931c95ea44
CRs-Fixed: 2419645
Currently in case of SAP, supported mode of station received
in assoc request is not getting cached.
Add support to cache the supported mode of station received
in assoc request request in sta_info.
Change-Id: I9820ae2d65fc529a1ab16424f6732fd273da3ae0
CRs-fixed: 2419957
