When multiple measurement requests are received in a single beacon
report request, multiple iterative scans are triggered for each
request for the frequency list provided in the request. This results
in free of rrm context global frequency list by the second
request rrm scan in the iter measurement timer start failure path
and was accessed by the scan done callback of the 1st measurement
request.
Add null check for rrm context frequency list and also if the
timer is already running, send measurement done indication for
that request.
Change-Id: I149ba47872095228595cd52535fb76c422eefba7
CRs-Fixed: 2648618
In GO+STA MCC scenario, after GO and ref P2P client wps 8
ways EAP frame exchange, the GO will send EAP Failure to peer
to finish WPS and send disassoc frame to peer. The EAP Failure
frame is sent by data path, but the disassoc will go through
control path. In certain condition, the GO data path queue may
be in paused specially in MCC case, which may cause the disassoc
frame sent before EAP Failure frame. And that will finally result
to P2P connection failure.
To fix by checking EAP Failure tx pending before sending disassoc
to peer in GO case.
Change-Id: I1f4b19372066da7db4b2dda050ea7a2f4f737b17
CRs-Fixed: 2637298
Currently for monitor mode there is no bandwidth vote and
as a result voting level is none. So request high bus bandwidth
vote level for monitor mode.
Change-Id: I3efb755c80dadc07b5f672c18d9bae862eac378f
CRs-Fixed: 2643405
Remove max_tx_power from wlan_mlme_power struct
and ini_tx_power from lim_max_tx_pwr_attr struct
and all their instances.
Change-Id: I982a15b71b64d368b623128e04f09a8f3bf4f5ec
CRs-Fixed: 2645922
As a part of requirement, new hang reason codes were added to the
upstream.
Add the corresponding internal hang reason code mapping for the
upstreamed enum.
Change-Id: I55b44f9f51d5f9e7dd0be7461f1f0040ecdda4c3
CRs-Fixed: 2650294
As a part of requirement, there are new hang reasong codes added to the
qdf_hang_reason. Use those reason codes to trigger recovery at the
respective scenarios.
Change-Id: I4718012673ca206cb2f1112471f2b0d70caa6452
CRs-Fixed: 2630952
The QDF framework for triggering self recovery is undergoing changes to
include support for multiple psoc driver. As the MCL host is still
multiple psoc agnostic, create dummy wrappers over the
cds_trigger_recovery so as to maintain compatibility with modified
qdf_trigger_self_recovery
Change-Id: I42163879c3e786a2b9ab2f9f5785be5531754e77
CRs-Fixed: 2617709
During set channel request for monitor mode vdev start is triggered.
The vdev operation is completed only when vdev up is send to FW.
Wlan driver does not wait for completion of the vdev up operation
and after posting set channel request context is returned to supplicant.
Supplicant sends vdev stop operation for montior mode which results in
vdev up command sending to FW after vdev stop.
Fix, is to wait for completion of vdev up operation, then return the
context to supplicant.
change-ID: I33d7f9f85848b74d1206cff145e27ca2d96580a0
CRs-Fixed: 2627239
HE 6GHz band capabilities are copied from wrong byte offset hence
incorrect capabilities are configured to FW.
Fix the 6GHz band capability offset and size values while
configuring it to FW.
Change-Id: I0cc97610e32f3e5fbd64c6ed72d3591ae5127471
CRs-Fixed: 2645844
Currenly only hdd initializes channel avoidance from platform.
Policy manager should also initialize channel avoidance from platform.
Change-Id: Iefcaae5ff4789d7d334ab2cab693f5dedfd2ca46
CRs-Fixed: 2645512
Introduce an INI "ap_tx_pwr_scoring" to indicate firmware about ap tx
power weightage so that firmware can use ap tx power weightage to
calculate candidate AP's score.
Change-Id: I8831c571162f044f4ae204ef0edfc59942f36837
CRs-Fixed: 2647115
Add pointer assoc_req and assoc_rsp NULL check before sending
connection status in hdd_connect_result().
Change-Id: Ia0ba2140e82abdaf3dde74035fec57f897d9e8a5
CRs-Fixed: 2642567
Add pointer mlme_obj NULL check before use in wma_vdev_start_resp_handler,
if NULL, return error directly.
Change-Id: If5826f6542786c136ad5f807adca578f36ab4919
CRs-Fixed: 2642567
Add pointer crypto_key NULL check before use in
__wlan_hdd_cfg80211_set_default_key.
Change-Id: Ia15d2f0ac206c627c493b712fb1616a81e34d878
CRs-Fixed: 2642567
Currently, For some targets driver does not support all
AKM suits but kernel supports all akm suits which causes
compatibility issue.
Fix is to update wiphy->iftype_akm_suites and
wiphy->num_iftype_alm_suites based on the akm suits supported
by driver.
Change-Id: I06cab4654e626bc34c6bb3f8ea5f9b9beb81c82b
CRs-Fixed: 2635797
If FEATURE_BLACKLIST_MGR is enabled,
wlan_blm_get_rssi_blacklist_threshold()
would return CFG_BLACKLIST_RSSI_THRESHOLD value
else return value 0.
Change-Id: I0cf5a6561cc217412e3bc6e2a50b85985d1315d7
CRs-Fixed: 2648761
Currently QDF_MAX_NUM_CHAN/POLICY_MGR_MAX_CHANNEL_LIST aren't aligned with
NUM_CHANNELS, these unalignment may cause some potential OOB access.
So replace QDF_MAX_NUM_CHAN/POLICY_MGR_MAX_CHANNEL_LIST with NUM_CHANNELS
to keep unified.
Change-Id: Ib6c81a3979f2fd29ba1ec678f018a6704b599385
CRs-Fixed: 2644066
Handle send delba indication from DP. It will help DP to
do aggregation tid management.
Change-Id: I18455107ef8d042644efc8ce549a104612eec05c
CRs-Fixed: 2637485
During assoc of new peer on vdev 0 as vdev 1 has the same entry,
peer is removed from vdev 1 with trigger reason
eLIM_DUPLICATE_ENTRY. Once the peer deleted, it is added in
firmware and datapath on the new vdev 0.The add logic checks if
peer is non PMF, but here peer is PMF, then the peer is not
added to datapath and firmware. Assert will happen when deleting
it as entry is present in LIM but not in data path.
Fix: On deletion of peer on other vdev1, if peer is added in
lim on new vdev 0, add it in datapath and firmware even if it's
PMF peer.
Change-Id: I00241ae3886ae7541a68c4bc69b616dfe96948e5
CRs-Fixed: 2646623
Add host driver support for MCS 12/13, a Q-Q PHY feature.
The following changes are being introduced as a part of this
- Advertisement of the MCS 12/13 using the QCN IE
- Interaction between the Host and the FW regarding the target and
peer capabilities for the new features introduced.
- The new data structures and variables to populate and use the feature
capability
- Routines to add and parse the IE.
Change-Id: I2b91a271d30b1230ef7bb14ee08d0b9da2706db4
CRs-Fixed: 2610277
AMSDU support is advertised in addba for 2.4GHz HE connection and
for 5G connection.
Fix the band check to allow amsdu support for 6GHz connection.
Change-Id: Ia34c8b5c2944fb9fb9b8b906a602129cad07e2d1
CRs-Fixed: 2645853
After channel switch, driver should indicate new operation channel to
kernel, otherwise wireless_dev->chandef still uses old channel whose
status may become disable when radar is detected in the old channel.
In hdd_chan_change_notify use frequency instead of channel number.
Notify channel information to kernel after channel switch.
Change-Id: I6dbf3d61978e4c35fe41b438397e635d62378719
CRs-Fixed: 2639076
Currently vdev private data osif_priv gets allocation
separately and requires to be de-alloc separately.
This de-alloc needs to be taken care at different places
based on the vdev create failure or whenever vdev is freed.
As vdev private data is associated to the vdev and needs to
be freed if vdev is not there, it is good to allocate this
private data along with vdev so that there is no need
to maintain allocation and de-allocation of vdev priv data
separately.
As part of this change alloc the vdev priv data along with
the vdev allocation as a single memory and free of the vdev priv
data will be taken care as part of vdev free.
Change-Id: I8d4b94cae564c7f2498f7b8cc8aa84a2edd6420d
CRs-Fixed: 2634998
Consider SBS mode and 6GHZ, can't force scc only by band.
for example: 1 port on 5G, another on 6G, they may be on same
MAC, may be not. Just compare mac id from connection list
directly.
Change-Id: I5bfc9cd14b058a6a4f402c0e2d2f9ae7da8287fb
CRs-Fixed: 2646499
prev_bssid of cfg80211_connect_params can only be accessed when there
is prev_bssid field in struct cfg80211_connect_params.
Change-Id: I370bb76e180b9eae1b34f8fd33e9551f6e42bf65
CRs-Fixed: 2642334
Spectral scan and CFR components failed in pdev open since no valid
wmi handle in pdev. This change sets wmi handle to pdev before calling
dispatcher pdev open in hdd layer.
Change-Id: I9461220b309f78e33770e423e24c97841b064a0f
CRs-Fixed: 2637140
When suspend/resume timeout, it will trigger recovery,
current as it direcly trigger assert to fw, which will
take more time to dump ramdump, so DPM WD timer expired.
To avoid DPM WD timer expired, trigger ramdump in a
separate workqueue, so it will not block DPM WD timer.
Change-Id: I1a9349a05a37544329946270065037cd90172fc7
CRs-Fixed: 2645163
Host driver sets broadcast keys followed by unicast keys for
FILS connection. This results in the data packet sent before
unicast set key and peer pn was reset. Sending broadcast keys
first will allow firmware to enable WAL_PEER_ALLOW_DATA and
data tx could start without unicast keys being set. Due
to this TX packet will go unencrypted and TX will fail without
ACK from peer AP, peer pn will be set to 2, after this unicast
key got set and this resets the peer pn to 1. And when next
frame TX was done, pn check failed and firmware assert occured.
Set the unicast keys to firmware first followed by the broadcast
keys for FILS case.
Change-Id: Ia498709ac524e95b831cc7ccdd17e6fc7ae0b130
CRs-Fixed: 2633632
Currently, netif queue history is displayed for each adapter
by iterating over adapter list in the HDD context. But, this
iteration is not safe when unregistration of netdev going in
parallel in other thread. In case the adapter is removed, the
iteration will result in NULL pointer dereference.
Avoid iterating over adapter list, add call newly added API, which
is adapter based, to get netif queue history. When iteration over
adapter list is needed, call hdd_for_each_adapter_dev_held API.
Change-Id: I45fd8cd80cf21931ee352d612b10752ef0837c06
CRs-Fixed: 2639882
Fix print format in core/dp/txrx3.0/dp_fisa_rx.c
Both cds_ieee80211_common_i.h and net/ieee80211_radiotap.h define
IEEE80211_CHAN_*, so only one header is needed in wlan_hdd_tx_rx.c
Change-Id: Ie9c3a7ea04e9b71acf96f007515a7ae6c0def938
CRs-Fixed: 2644359
Currently there is no synchronized access for sta_info. Because of this
memory use after free is getting triggered.
To resolve this, use a reference count for sta_info to check whether it
is in use or not before freeing.
Change-Id: I696461a1f53f4cc4739963f3f97ada31d3fa15f3
CRs-Fixed: 2637074
In SAP on/off stress test, when hostapd call hdd_start_adapter
to create vdev, vdev2 will be created while vdev1 doesn't be
deleted physically even if vdev1 is already destroyed logically,
then hostapd issue acs operation, currently use mac address to
get vdev in sap_channel_sel, because vdev2 is using the same mac
address as vdev1 and vdev1 is still in vdev_list at this point,
so will find vdev1 firstly but will return failure due to vdev1 is
WLAN_OBJ_STATE_LOGICALLY_DELETED status, then will cause acs fail.
Fix is to use vdev_id to get vdev in sap_channel_sel.
Change-Id: I89ae3e847b725c2b64331536bc7c1de3fffce0bd
CRs-Fixed: 2640850
Handle vdev stop req failure and delete BSS peer and move the
VDEV SM to init state.
Change-Id: I48044d153a281aedfeeb90bc97c9772dea0ca284
CRs-Fixed: 2644218
Few NAN/NDP logs are redundant in the current logging infra.
Optimize the same and add few necessary logs.
Change-Id: Ie261db317af48955a16269539948ff1596c4bbcb
CRs-Fixed: 2644418
Check the supported bandwidth capability bits to set the
160MHz and 80p80MHz mcs map in HE capabilities that are
configured to FW.
Change-Id: If7ff882a99650f9771b77dc28adf9ebcbf64a00c
CRs-Fixed: 2625166
Currently the hotspot fail happens if the roaming is in
progress because of the check in start bss.
Ignore it and just do disable roaming to the FW.
If the roaming was in progress, it would disable it,
or it would do a disconnect if the EAPOL was in progress.
This is done to enable the hotspot as connect would be
taken care by the supplicant automatically, but the hotspot
needs user intervention.
Change-Id: I0030f9affe60c064d490795be92ae035923738aa
CRs-Fixed: 2640136
Presently in the driver, the function __cfg80211_stop_sched_scan
clears rdev->sched_scan_req only when the sched_scan_stop returns
success. If it returns a failure, then its next invocation due to the
clean up of the second interface will have the dev pointer corresponding
to the first one leading to incorrect memory access.
To resolve this issue, return 0 for stop_sched_scan irrespective of the
return status.
Change-Id: I129e3e9c6d9f6a688d0aa97be120ba9731e8df37
CRs-Fixed: 2623160
When AP rejects assoc request based on poor rssi
host will put the AP in blacklist mgr list, only when
rssi value improves by threshold value,should the
STA try to connect to AP.
Change-Id: I78009b89ea07afdd5f3381973a9eb7ec1f73d1b5
CRs-Fixed: 2632015
If there is no STA/P2P CLI on same MAC of SAP/P2P GO,
SAP/P2P Go needn't switch channel to force scc.
Change-Id: I529a57f73f529e41b8c0097fccabbe3e0e516993
CRs-Fixed: 2643106
