On receiving nbuf list in hdd_rx_packet_cbk, is_eapol and
is_dhcp flags are set to false only initially. In the
loop over all skbs, if any one of these flags is set to
true, these flags are not reset for each skb leading to
incorrect stat values and possible OOB access to rx_delivered
and rx_refused array.
Fix is to set is_eapol and is_dhcp flag to false in the
beginning of the nbuf loop.
Change-Id: Iacc7620f26fb0f71dee931c78993a75232e767b0
CRs-Fixed: 2669412
When the driver unload is triggered, the device could be in the
runtime suspend state, so the 1st thing driver does to do runtime
resume, During this runtime resume the bus bw timer could be started
which in some race conditions is not getting stopped.
Stop the bus bandwidth timer after the wlan chip is runtime resume.
Change-Id: Ie29f9b4d44cea5c5624020aa3b6b3f08489860d3
CRs-Fixed: 2672120
For each peer connected to SAP, there is a corresponding entry maintained
in HDD called station_info. Currently, this data is being stored as a
hash table. There are two primary complications in using a hash table
in this scenario:
- The max peers supported are 32. This is a very small number to
use a hash table for. The minute time complexity gains for a
fetch/insert operation do not justify the implementation
complexity.
- The hash table is being implemented with the use of kernel ht
APIs. These do not provide the granularity to achieve proper
synchronization as is needed in driver.
To address the above points, move the storage of sta_info from hash
table to linked list. This will provide simpler implementation and also
give access to using proper synchronization methods.
Change-Id: I7d3a8a2937048f29a867453a91dfc1864932619e
CRs-Fixed: 2668300
This is to fix the error of missing vdev NULL check.
Instead of dereferencing vdev to get the vdev_id, can directly
use adapter's vdev_id, so that can avoid unnecessary vdev NULL
check and lesser operation.
Change-Id: I7d84046c405a82cd6967a8d79142acd5618e18db
CRs-Fixed: 2669233
Fix KW issue: therm_data.levelconf array elements are used uninitialized
Initialize therm_data in wma_update_thermal_mitigation_to_fw to zero
Change-Id: I40c4f57d70036956d0d618ad560ea9ea0f7dc07d
CRs-Fixed: 2669375
The mac address as pointer which is allocated by
wlan_hdd_get_intf_addr() may be null, and there is risk
about null pointer dereference without sanity check.
The fix is to add necessary null pointer check.
Change-Id: Ie0c3f841174e78b0d0b35e321ef7ca6b4cfdbe9a
CRs-Fixed: 2673727
Dfs radar processing function dfs_process_radar_ind is called
in interrupt context. Add new API policy_mgr_get_can_skip_radar_event
to be called in interrupt context to get radar skip flag.
The policy_mgr_get_dfs_master_dynamic_enabled will acquire mutex and can't
be called in interrupt context.
Change-Id: I1a3ce8536465d6f6da86b0cf7312e6430ea8ec89
CRs-Fixed: 2672701
When roam invoke from user space fails, internal disconnection
is triggered from csr. This queues disassociate command to lim
and then RSO command is also posted to lim. When disassociate
get processed, vdev down is sent, pe session is deleted and
roam offload flag at wma is cleared. When RSO stop is received
at wma, the roam offload flag is cleared and wma returns
failure without sending RSO command. So in STA+STA scenario,
after disconnection on 1st sta, roaming will be enabled on
2nd sta, but since RSO stop was not sent on 1st sta, firmware
will assert as btm offload is not disabled at the 1st STA.
Disable roaming first, followed by vdev stop/vdev down to
firmware.
Change-Id: I3f2f873cf50536b6f31bc0113ff737d6d95a520d
CRs-Fixed: 2672573
Presently whenever the control path is allocating the skb it is
passing the filename rather than than the function name required
by the qdf nbuf framework which is not much useful since when the
absolute path of the filename is considered and that can be truncated
leaving with only linenumber to understand the issue.
Pass the function name so it would help in root-causing the issue.
Change-Id: I998a88a3d22354500f3d01d09c91f0367755a179
CRs-Fixed: 2659490
Bring up SAP(2.4G)+SAP(161 channel with 11a mode)+STA mode, when STA
is connected to ref-ap on channel 36, 11a mode SAP will also switch
channel to STA's connected channel due to force scc, it will set
channel width to CH_WIDTH_40MHZ for 11a mode SAP channel switch,
actually 11a mode SAP doesn't support CH_WIDTH_40MHZ, it's wrong and
issue is introduced by
'Change-Id: I709dd35575866b7ec9fddcfb94078f114a78d1a2'.
Fix is to set channel width with 20MHz for 11a mode in function
wlansap_update_csa_channel_params().
Change-Id: I90fea788ff30ef0897c1ba98ad5b4d3c8eec3695
CRs-Fixed: 2623617
Address the incorrect Linux Foundation copyright
format in the copyright header.
Change-Id: I8921be98f1d837018ec2dfdf785fb314fd407207
CRs-Fixed: 2668480
If DUT connected to a non-PMF MBO/OCE enabled network, STA should
not initiate roaming due to BTM trigger.
If HOST disables BTM in firmware then firmware forwards frame to
host and host forward it to supplicant. Supplicant ignores the BTM
frame rather than send connect request to the driver.
Fix is to disable BTM offload if a peer doesn't support PMF.
Change-Id: I6455258c61bd3c2be7ec6c629b44d1aa08978740
CRs-Fixed: 2664896
The roam sequence in LFR-3.0 is roam scan start notification
from firmware followed by roam start indication and then
roam synch,roam synch frame events. Roam start is sent
after candidate selection and host driver will disable
queues when roam start is received.
But for emergency roam trigger, firmware sends roam start
indication directly without notifying roam scan start to disable
data path queues immediately after deauth received from the AP.
So roam start is received before roam scan is started at firmware
and before candidate selection is done.
After roam start notification, host sends scan abort for all scan
on vdev by setting scan command request type to
WMI_SCN_STOP_VAP_ALL. This results in roam scan getting aborted at
firmare in emergency deauth roaming case and roaming fails.
Define new vdev id value based on which the scan module will
abort only host triggered scans setting the request type to
WMI_SCN_STOP_HOST_VAP_ALL in the scan request.
Change-Id: Ie8b005285973461f654329e1b2dc1a45205331f5
CRs-Fixed: 2644323
It is more proper to define gEnableMCCAdaptiveScheduler as bool. Then
enable_mcc_adaptive_sch in struct policy_mgr_cfg should be defined as
bool.
Change-Id: I97e2c708e413f86722192b80de39d336e219b3fa
CRs-Fixed: 2656591
Regarding to the go+sap scc on dfs channel, sap can follow with go
to the same dfs channel, but sap tx is hung.
Since the host set the dfs_cac_block_tx by mistake when ap started,
though the ap skip the cac because the scc go finished the cac
procedure, then dfs_cac_block_tx has no chance to be reset.
The fix is to take account of dfs cac state to determine the proper
dfs_cac_block_tx.
Change-Id: I7a35225711f587b83d2fc381108d7d3f15893867
CRs-Fixed: 2631457
Add sanity check for mlme_obj in wlan_mlme_update_oce_flags to avoid
illegal memory access when mlme_obj is not valid.
Change-Id: I7dfd72cc704d3f9c11241fb2217f0b2ab7eda3d3
CRs-Fixed: 2669262
On Genoa, when 2G SAP exist, when STA roam from 2G to 5G by LFR2,
hardware mode need switch from single MAC mode to dbs mode.
Since disconnect current AP happens before reassociate, in
hw mode response handler, found original AP disconnected
already on host side, then don't reassoc new AP, it's regression
of Change-Id: I794c6bf3f749bba9c339fd18b5202d50091b73a7.
Fix: In hw mode response handler, don't check connect state of
current AP when reassoc new AP.
If found disconnect pending during host roaming, don't reassoc.
Add debug log when error happens.
Change-Id: Id836ac84a4156e9db28f6892c8c9eb5210dfb6e0
CRs-Fixed: 2668869
When NDI is removed from framework, driver deletes all NDPs
as part of eWNI_SME_STOP_BSS_REQ. Driver posts WMA_DELETE_STA_RSP
to lim from wma just after sending PEER_DELETE request to
firmware for NDP and ignores the DEL_STA response from firmware.
If there are multiple peers, all peer delete requests are sent
back to back to firmware. NDI peer delete and NDI VDEV delete
request also follow these immediately. All these commands
can go back to back to firmware as driver doesn't wait for
any of these responses.
But firmware needs some time to send NDP end frame to
the NDP peer after receiving NDP peer delete. Firmware might hold
the NDP peer delete request till it successfully sends the frame
to the peer.
Driver must wait till the NDP peer delete response is received to
proceed further with NDI cleanup/NDI vdev delete.
So, send NDP_END_ALL to firmware to let the firmware
initiate cleanup for all NDP peers. Use ucfg_nan_disable_ndi to
do the same which takes care of waiting for response from firmware
indicating cleanup has started. Then wait for all NDP END
indications and unblock the wait upon receiving last NDP END
indication.
Change-Id: I250883b3e9759ad903c3ce17f8c2c0b74a81f496
CRs-Fixed: 2619757
Currently there is no ini to control the rrm support on
SAP.
Add a new ini to enable/disable rrm on SAP.
Change-Id: Idef8da807bc5f8e2b4a1d61997824006e78b0cf6
CRs-Fixed: 2658926
Currently NDP_END_ALL request is posted to serialization queue but
not removed even after getting response from firmware. The timer
expires after 4 seconds and the message is gets dequeued as part
of timer handler. Dequeue the request from queue after getting
NDP_HOST_UPDATE from firmware to avoid blocking the northbound
APIs for this 4 seconds.
Change-Id: Ie8045f2460f7ac27732d4070ed79e5a61aab0bd2
CRs-Fixed: 2662869
Enhanced the log printed in wma_sap_peer_send_phymode to add fw_phymode
Also, Used peer phymode as well to check for 11b mode.
Change-Id: Ib009cf0d7ffbd0512a41c9e6fe84e674685f63ec
CRs-Fixed: 2670345
Currently, peer can be accessed after deletion in hdd because
cdp_clear_peer called via tdls_process_del_peer_rsp
tries to remove peer from physical device after deletion of
peer in datapath.
Fix is to remove cdp_clear_peer from hdd as it is handled by
cdp_peer_delete.
Change-Id: Ibdeb9a2a8dcf3318d66a48b9e9c7ca4d5cd74cb3
CRs-Fixed: 2663555
During tdls peer delete, wmi command WMI_PEER_DELETE has been
send but later on from driver wmi command for peer update is
send without checking for peer reference before sending to fw.
Fix, to check for peer reference before posting the cmd to fw.
change-ID: I216d1ad726af3369c227ae566e22949cadb8300c
CRs-Fixed: 2667811
Currently, There is no check for new report to find if
previous beacon report request is in progress.
So whenever a new beacon report request comes,
it is processed without consideration of any ongoing
beacon request processing.
Fix is to add a check of request in progress and append
err code BCN_RPT_ERR_PREVIOUS_REQUEST_PROGRESS in
measurement report response. To find that curr report
request is in progress, add a check
mac_ctx->rrm.rrmPEContext.pCurrentReq[index]. For valid
mac_ctx->rrm.rrmPEContext.pCurrentReq[index] err vsie
will append.
Change-Id: I91127c5c9ccaa19f20c29c85524b89b873e02e17
CRs-Fixed: 2668127
rmf status is applicable only for action/deauth/disassoc frames,
so check rmf status only for those frames, this can reduce
overhead of checking rmf status for each and every management frame.
Change-Id: I4fccf921051d624d01e94ee6ef8d9a6b170c7675
CRs-Fixed: 2656967
