Host driver sets broadcast keys followed by unicast keys for
FILS connection. This results in the data packet sent before
unicast set key and peer pn was reset. Sending broadcast keys
first will allow firmware to enable WAL_PEER_ALLOW_DATA and
data tx could start without unicast keys being set. Due
to this TX packet will go unencrypted and TX will fail without
ACK from peer AP, peer pn will be set to 2, after this unicast
key got set and this resets the peer pn to 1. And when next
frame TX was done, pn check failed and firmware assert occured.
Set the unicast keys to firmware first followed by the broadcast
keys for FILS case.
Change-Id: Ia498709ac524e95b831cc7ccdd17e6fc7ae0b130
CRs-Fixed: 2633632
Disable/enable some feature based on CONFIG_MOBILE_ROUTER,
which should be as same as hasting & rome
Change-Id: Ib0ba2d51e6dc869477226ae452e4439c255d1ee5
CRs-Fixed: 2646429
Currently, netif queue history is displayed for each adapter
by iterating over adapter list in the HDD context. But, this
iteration is not safe when unregistration of netdev going in
parallel in other thread. In case the adapter is removed, the
iteration will result in NULL pointer dereference.
Avoid iterating over adapter list, add call newly added API, which
is adapter based, to get netif queue history. When iteration over
adapter list is needed, call hdd_for_each_adapter_dev_held API.
Change-Id: I45fd8cd80cf21931ee352d612b10752ef0837c06
CRs-Fixed: 2639882
Fix print format in core/dp/txrx3.0/dp_fisa_rx.c
Both cds_ieee80211_common_i.h and net/ieee80211_radiotap.h define
IEEE80211_CHAN_*, so only one header is needed in wlan_hdd_tx_rx.c
Change-Id: Ie9c3a7ea04e9b71acf96f007515a7ae6c0def938
CRs-Fixed: 2644359
Currently there is no synchronized access for sta_info. Because of this
memory use after free is getting triggered.
To resolve this, use a reference count for sta_info to check whether it
is in use or not before freeing.
Change-Id: I696461a1f53f4cc4739963f3f97ada31d3fa15f3
CRs-Fixed: 2637074
In SAP on/off stress test, when hostapd call hdd_start_adapter
to create vdev, vdev2 will be created while vdev1 doesn't be
deleted physically even if vdev1 is already destroyed logically,
then hostapd issue acs operation, currently use mac address to
get vdev in sap_channel_sel, because vdev2 is using the same mac
address as vdev1 and vdev1 is still in vdev_list at this point,
so will find vdev1 firstly but will return failure due to vdev1 is
WLAN_OBJ_STATE_LOGICALLY_DELETED status, then will cause acs fail.
Fix is to use vdev_id to get vdev in sap_channel_sel.
Change-Id: I89ae3e847b725c2b64331536bc7c1de3fffce0bd
CRs-Fixed: 2640850
Handle vdev stop req failure and delete BSS peer and move the
VDEV SM to init state.
Change-Id: I48044d153a281aedfeeb90bc97c9772dea0ca284
CRs-Fixed: 2644218
policy_mgr_pdev_set_hw_mode returns failure if there is interface doing
CAC, which causes other interfaces start failure.
Check mode action are needed or not can help reduce interface starting
failure.
Change-Id: I165f9287d0a674d907712817a7363a77504c245f
CRs-Fixed: 2625868
Few NAN/NDP logs are redundant in the current logging infra.
Optimize the same and add few necessary logs.
Change-Id: Ie261db317af48955a16269539948ff1596c4bbcb
CRs-Fixed: 2644418
The max ini params for mws_coex_pcc_channel_avoid_delay and
mws_coex_scc_channel_avoid_delay are set to be at 0xFF. This max value
doesnot correspond with the actual max value needed by the firmware.
Change the max value to include upto 0xFFFFFFFF
Change-Id: If88d7866c584abf43a41b0c6b9f63b21a0a4a2f2
CRs-Fixed: 2632517
Check the supported bandwidth capability bits to set the
160MHz and 80p80MHz mcs map in HE capabilities that are
configured to FW.
Change-Id: If7ff882a99650f9771b77dc28adf9ebcbf64a00c
CRs-Fixed: 2625166
Currently the hotspot fail happens if the roaming is in
progress because of the check in start bss.
Ignore it and just do disable roaming to the FW.
If the roaming was in progress, it would disable it,
or it would do a disconnect if the EAPOL was in progress.
This is done to enable the hotspot as connect would be
taken care by the supplicant automatically, but the hotspot
needs user intervention.
Change-Id: I0030f9affe60c064d490795be92ae035923738aa
CRs-Fixed: 2640136
Presently in the driver, the function __cfg80211_stop_sched_scan
clears rdev->sched_scan_req only when the sched_scan_stop returns
success. If it returns a failure, then its next invocation due to the
clean up of the second interface will have the dev pointer corresponding
to the first one leading to incorrect memory access.
To resolve this issue, return 0 for stop_sched_scan irrespective of the
return status.
Change-Id: I129e3e9c6d9f6a688d0aa97be120ba9731e8df37
CRs-Fixed: 2623160
When AP rejects assoc request based on poor rssi
host will put the AP in blacklist mgr list, only when
rssi value improves by threshold value,should the
STA try to connect to AP.
Change-Id: I78009b89ea07afdd5f3381973a9eb7ec1f73d1b5
CRs-Fixed: 2632015
If there is no STA/P2P CLI on same MAC of SAP/P2P GO,
SAP/P2P Go needn't switch channel to force scc.
Change-Id: I529a57f73f529e41b8c0097fccabbe3e0e516993
CRs-Fixed: 2643106
Check if any interface is up and if no interface is up
do not add monitor mode.
Change-Id: I2e1218a14881f597885334c0a195758ed35c5e5b
CRs-Fixed: 2644285
mibstats_lock is a global variable, current it init
per adapter, so it will fail when init at 2nd time.
Make sure it only create once.
Change-Id: Ia8a57d049fabe311d5b353b5aa612ffa225cbc61
CRs-Fixed: 2643396
In pe_disconnect_callback(), while processing deauth/disassoc
frame received after emergency deauth roaming failure, the
reason code is extracted before stripping the ccmp iv, mic trailer
from the unicast frame and mmie is not stripped in case of broadcast
deauth frame. This results in incorrect reason code passed to
userspace.
Strip the ccmp iv, mic trailer from unicast deauthentication/
disassociation frame and strip the mmie from the broadcast
deauthentication/disassociation frame.
Change-Id: I07d7b4515471150d74d796ed6da2f87a928e6e35
CRs-Fixed: 2634822
sap_ctx->csr_roamProfile.op_freq is already channel frequency.
Do not call wlan_reg_legacy_chan_to_freq for it.
Change-Id: I20ce4eb8852087175c0fae4a7a9dd5e3168e1f24
CRs-Fixed: 2643218
Enable IPA SMMU S1 translation feature flag for
Lahaina target.
asm/dma-iommu.h file is removed in latest 5.4 kernel,
resulting in include failure. Remove as it is unused
for version 5.4 and above.
Change-Id: Ie2147f2fc2debad4d700fae5414d1d3becb28f13
CRs-Fixed: 2638580
To specify interface index in vendor event for sub command
QCA_NL80211_VENDOR_SUBCMD_UPDATE_STA_INFO_INDEX, pass wdev pointer
to cfg80211_vendor_event_alloc().
Change-id: Ied973df111359bbab44e2c1de0888a67e1497034
CRs-Fixed: 2644349
Currently there is no check to not start unsolicited timer
if its callback is already in process. If once this timer
expires and callback is invoked, and if this timer again
tries to start before the callback completes there is no
check to prevent this timer from starting.
As the callback of the previous timer expiry is already in
progress, there is no need to start the unsolicited timer
again. To address this issue a check is added before starting
the unsolicited timer to validate if the callback is still
in progress.
CRs-Fixed: 2635740
Change-Id: Ib008562be22356c3a286fab49a61f99d6867c54e
