Currently rx_arp_resp_count stats is not updated for ARP packet
during rx in htt_rx_amsdu_rx_in_order_pop_ll as packet type is
not marked as QDF_NBUF_CB_PACKET_TYPE_ARP.
Also, track_arp_ip member of adapter is updated during NUD SET
but track_arp_ip of hdd_ctx is used inside hdd_hard_start_xmit
and hdd_rx_packet_cbk to compare arp src ip.
Update the packet type to QDF_NBUF_CB_PACKET_TYPE_ARP for ipv4 ARP
packet during htt_rx_amsdu_rx_in_order_pop_ll.
Use track_arp_ip member of adapter to compare arp src ip.
Change-Id: I58a678caa8ce4b54b583f76cfcbbb4f46443f448
CRs-Fixed: 2405335
To align with the Linux coding standard as enforced by the checkpatch
script, remove the extern keyword from htt prototypes.
Change-Id: I8a935de8d3cb5ea65ee81d5ba770f6e51608cba9
CRs-Fixed: 2411810
Macro HTT_TX_DESC_PADDR() is unused. Furthermore, it references
tx_descs fields which do not exist. Since it couldn't possibly be
used in its current form, remove the macro.
Change-Id: I62b2d7bc3291ba6c2dc486196076827cfc22d8ec
CRs-Fixed: 2375421
The existing accessor macro NBUF_MAP_ID is obsoleted due to
restructuring of qdf_nbuf_cb.
Use new macro QDF_NBUF_CB_RX_MAP_IDX to access map_index.
Change-Id: I23650781cdd770f25b72a0a5fe55acc12d71cb64
CRs-Fixed: 2370724
Here rx_ring.refill_debt can become negative if filled count
returned from htt_rx_ring_fill_n() exceeds the rx_ring.refill_debt.
This is possible because inside htt_rx_ring_fill_n() we always refill
num = qdf_atomic_read(&pdev->rx_ring.refill_debt). Here we do not take
care of already served debt.
Taken care of above by subtracting debt_served from refill debt.
Change-Id: I0c154c978b711da2d8497c50f730619767787188
CRs-Fixed: 2365566
If FW supports new htt format include only payload length in
the header length.
Change-Id: Ia668d73dcae3eb4adc1a4cfb0498b34d8c38f522
CRs-Fixed: 2361564
Change Icdcfcdd10400aa2fad64441aa863087cc1c3766e use %llx to print
qdf_dma_addr_t. While qdf_dma_addr_t defined as 'unsigned long',
if without definition from kernel header.
Typecast DMA address to 'unsigned long long', before using %llx to
print DMA address directly.
Change-Id: Ic9527b494ac1aa2d47567a7dab5f0786913f4921
CRs-Fixed: 2355624
Compiler threw error as -Werror=int-to-pointer-cast when casting
DMA address to void pointer.
Use %llx to print DMA address directly.
Change-Id: Icdcfcdd10400aa2fad64441aa863087cc1c3766e
CRs-Fixed: 2350605
1. Remove error prints for qdf_mem_malloc APIs.
2. Remove unnecessary __func__ from data path prints.
Change-Id: I6c4b110f626d84da055821c5f210a3d000b6ff15
CRs-Fixed: 2317315
Some target which support sending mgmt frame based on htt would DMA
write this PMF tx frame buffer, it may cause smmu check permission
fault, set a flag to do special DMA map.
Change-Id: I3686be211374d2c316726fa3248dedce87c3faed
CRs-Fixed: 2332329
Unlock the rx_ring.rx_hash_lock spin-lock when returning due to
failure to do smmu map_unmap.
Change-Id: I1b905c0ad529c80f78807c030920121ee0909825
CRs-Fixed: 2299785
In low memory condition, RX ring may become empty when all
SKB buffers attached to the ring get consumed and kernel is
unable to allocate SKB buffer during replenish.
Create a pre-allocated pool of skbs during driver load time
and request the buffer from this pool in low memory case.
Change-Id: If8c6a4fe04f3c931dc60dcffe28e45166eab9835
CRs-Fixed: 2306861
cds_trigger_recovery() already checks for various conditions before
actually triggering recovery. One of these checks ensures that recovery
is enabled, but some callers are checking to see if recovery is enabled
before calling cds_trigger_recovery() as well. Because of this, some
important checks are skipped, and crashes can occur when they should
not. Remove the redundant checks at the call sites for
cds_trigger_recovery() so that all of the recovery conditions are
properly handled, and the wlan driver avoids crashing when it should
not.
Change-Id: I8c26a002b66496a1eb06263f3f8b91ead739e3ac
CRs-Fixed: 2296008
Do not required to print function and line number
for data path statistics function which is invoked
by ioctl.
Change data path statistics to info print so
that it can be printed in dmesg as well.
Change-Id: I4b5ea4202255ace71dbb6f9a4bbff6f93e496425
CRs-Fixed: 2278885
Add a conditional compilation QCA6390_HEADERS_DEF flag to compile
htt_rx_restitch_mpdu_from_msdus.
Change-Id: I6b526f2dd5d56338e520ec138512b7cf2d849d0c
CRs-Fixed: 2275699
In monitor mode, current implementation
uses the preample type, vht_sig_a_1 and vht_sig_a_1
values associated with each mpdu, instead of reusing
the values from the first mpdu, to calculate data rates.
This is causing incorrect rates to be recorded in monitor mode logs
Reuse preample type, vht_sig_a_1 and vht_sig_a_1 of first
mpdu till the last mpdu is reached.
Change-Id: Ia6e5c1b3b0cc8d8b27f16cdfbd469fdba5c4a8f2
CRs-Fixed: 2276766
Separate out HL and LL Rx Data Path in different files
to compile out features cleanly
Change-Id: Ifc0e2d7e740142f0115d1fcd53db2936f7a30979
CRs-Fixed: 2287351
The kernel address is used as cookie to keep track
of stats request. This address can be disclosed to
target leading to a security vulnerability.
Implement a FW stats descriptor pool, and use a
descriptor ID to keep track of stats requests,
instead of the kernel address, to prevent
kernel address leak.
Change-Id: Ib49150da899c0b9314f614868a90867f4aa92d3d
CRs-Fixed: 2246110
1) Genoa FW by default enables HI_ACS_FLAGS_SDIO_REDUCE_TX_COMPL_SET.
When this flag is enabled, credits are reported through
HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND and not through
HTT_T2H_MSG_TYPE_TX_COMPL_IND.
However when TSF and PTP features are enabled we need to get TX
Completions from FW.
Since credits can also be updated through TX Completions
we need to disable updation of credits through TX Completion for Genoa.
2) Enable flag : cfg_ctx->tx_free_at_download to free ol tx descriptors at
download.
Change-Id: I176dc8391ded9fc57f8be2b465effd8ae84eda49
CRs-fixed: 2268757
Add support for HTT_T2H_MSG_TYPE_FLOW_POOL_RESIZE
command from firmware to resize flow pool and call appropriate
function to handle it.
Change-Id: I7d2ca6ed459383ec5c456b15a71290264d5d2408
CRs-Fixed: 2261265
IPA SMMU mapping for RX buffers is needed only when IPA offload
and IPA pipes are enabled. Currently in STA only case where IPA
is not enabled SMMU map/unmap is done for RX buffers. So enable
SMMU mapping only when IPA pipes are enabled.
Change-Id: I88db2cc8606bdf4586644a7ffccd0415f85c8241
CRs-Fixed: 2213795
Introducing integer overflow checks in htt_t2h_tx_ppdu_log_print()
contained use of %p which violates security guidelines.
Change %p to %pK.
Change-Id: I9e886e9b065ea6902aeedc3d9c25aac76a07d6de
CRs-Fixed: 2252217
Currently in htt_t2h_msg_handler_fast, msg_len, which is in number of
bytes, is directly compared with pdev->rx_mpdu_range_offset_words,
which is in number of words. Thus their comparison becomes invalid.
In htt_t2h_msg_handler, in addition to similar issue as above, the
checks for message offset validations do not consider integer overflows
occurring.
In htt_t2h_msg_handler_fast, the check condition involving
pdev_rx_mpdu_range_offset_words were corrected to work with bytes,
and in htt_t2h_msg_handler checks for integer overflow were also
added.
Change-Id: I9ec7d30cc24d288ddcabd3bb30674a2ca21f2251
CRs-Fixed: 2248069
Currently, the message type HTT_T2H_MSG_TYPE_RX_ADDBA and
HTT_T2H_MSG_TYPE_RX_DELBA is not supported as firmware is
no more sending this message to host.
Clean up the unreachable code for HTT_T2H_MSG_TYPE_RX_ADDBA
and HTT_T2H_MSG_TYPE_RX_DELBA message type.
Change-Id: I7a32fb53fec00e0507ef32d29494968188c98bfd
CRs-Fixed: 2226328
Currently SMMU mem map table allocation size is very high and may
lead to allocation failure if system memory is fragmented or in low
memory cases. Do not allocate SMMU mem table buffer instead update
for each rx nbuff.
Change-Id: Ib48199387abc942980cef1ef57a00e44c729e95f
CRs-Fixed: 2238629
mpdu_bytes_array_len, mpdu_msdus_array_len, and msdu_bytes_array_len
are used to calculate the record size, as well as used as
buffer offset, without any verification. This can cause to multiple
overflows and underflow leading to OOB reads.
Add checks for each arithmetic operation with these variables.
Change-Id: Ib6ec6ac6932eb8c541bc2357d45d3feaf39fdb7d
CRs-Fixed: 2226125
Address the following issues in the core/dp folder:
CHECK: 'accomodate' may be misspelled - perhaps 'accommodate'?
CHECK: 'acess' may be misspelled - perhaps 'access'?
CHECK: 'bahavior' may be misspelled - perhaps 'behavior'?
CHECK: 'catagory' may be misspelled - perhaps 'category'?
CHECK: 'continous' may be misspelled - perhaps 'continuous'?
CHECK: 'controler' may be misspelled - perhaps 'controller'?
CHECK: 'curently' may be misspelled - perhaps 'currently'?
CHECK: 'defintion' may be misspelled - perhaps 'definition'?
CHECK: 'Defintions' may be misspelled - perhaps 'Definitions'?
CHECK: 'desriptor' may be misspelled - perhaps 'descriptor'?
CHECK: 'extention' may be misspelled - perhaps 'extension'?
CHECK: 'informations' may be misspelled - perhaps 'information'?
CHECK: 'lenght' may be misspelled - perhaps 'length'?
CHECK: 'managment' may be misspelled - perhaps 'management'?
CHECK: 'messsage' may be misspelled - perhaps 'message'?
CHECK: 'neccessary' may be misspelled - perhaps 'necessary'?
CHECK: 'recieved' may be misspelled - perhaps 'received'?
CHECK: 'Recieve' may be misspelled - perhaps 'Receive'?
Change-Id: Ib8c1b94b5bb3bb5798e41dbb4c1461be80fd1398
CRs-Fixed: 2241941
Currently, "channel_freq" is declared as uint16_t. But
htt_get_channel_freq returns "int" which is assigned to
"channel_freq". So, channel_freq != -1 is always true
regardless of the values of its operands.
Declare "channel_freq" as int and add the check if
channel_freq is positive.
Change-Id: I13ae35c1bee3cdf293227e320ede8d8cd2e968fe
CRs-Fixed: 2233556
Apparently netbufs_ring is initialized only when reordering is not fully
offloaded. When a message of type HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND
is sent, the driver does not check if reordering is offloaded.
Add a check, if reordering is offloaded, when a message of type
HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND is sent.
Change-Id: I303b52182d97aa8185c23ccd99c37a97fb75a3d2
CRs-Fixed: 2213216
