SAE authentication is offloaded to hostapd and hostapd sends
authentication status to driver after the authentication
completion. But hostapd sends external authentication (e.g., SAE)
status after sending out the final auth frame(e.g., confirm
response in SAE). Driver may receive association request from
station before getting external auth status. Defer the
initialization of PE/SME entries corresponding to that station
till status is received from hostapd. Once status is received
from hostapd, PE entries can be initialized and send
assoc indication to SME.
Change-Id: Ice95519f2bf25d483cc164182b3f3be87f59884a
CRs-Fixed: 2396373
Split processing of assoc request frame and initialization of
PE/SME data structrures. This is needed to defer the initialization
of PE/SME entries on any external status. SAE authentication status
from hostapd is one such external status.
Change-Id: I9d7ced050441920505f0e12ab6b3ea9c672fe822
CRs-Fixed: 2396372
Connection with SAE AKM is allowed with
1. SAE authentication
2. Open authentication with valid PMKID
If the association request is with an SAE AKM and
open authentication, validate the PMKID and send
association response accordingly.
Change-Id: I0fb966af97b6df63bac2e1af2e1fe6ef6b289888
CRs-Fixed: 2396370
hostapd/wpa_supplicant sends PMKID in EXTERNAL_AUTH command.
Extract and cache the same.
Change-Id: If490c3fb7e0119910e73dffc8701434752aabd6c
CRs-Fixed: 2396367
An ancestor of the current driver used mailboxes for communication
between SME and LIM, and serialization/deserialization routines were
used to encode and decode the mailbox messages. This mechanism is no
longer in use, but there are remnants still present.
One such remnant is in lim_send_sme_deauth_ntf(). The logic for
creating the Deauth Indication uses a combination of direct structure
writes and serialized buffer writes. Bring this logic up to date by
removing all serialized buffer writes and exclusively use direct
structure writes.
Change-Id: I2d300e9a1f3b859b98455eb838f2bc9da93731dd
CRs-Fixed: 2402464
An ancestor of the current driver used mailboxes for communication
between SME and LIM, and serialization/deserialization routines were
used to encode and decode the mailbox messages. This mechanism is no
longer in use, but there are remnants still present.
One such remnant is the use of lim_get_session_info(). This API is
designed to extract the Session ID and the Transaction ID from a
serialized message. However this API is actually being used on
non-serialized messages, and as a result of struct padding by the
compiler it would never return a correct Transaction ID. Since we
should now never be sending serialized messages, remove the use of
lim_get_session_info() and instead directly access the elements in the
underlying structs.
Change-Id: Iadb548c36396226b14b904d3bd952c5b4260ff3b
CRs-Fixed: 2402359
Hostapd sends SAE authentication status with the NL command
NL80211_CMD_EXTERNAL_AUTH. Extract status and peer mac address
from the command data and set mlmState in preauth node accordingly.
Change-Id: If507a2f56c031ae1885a11d5f7cbe31a18aa8821
CRs-Fixed: 2396366
Add preauth node and mark state as eLIM_MLM_WT_SAE_AUTH_STATE
(waiting for SAE authentication) when SAE auth frame is received
from peer. State can be moved to authenticated when hostapd sends
SAE authentication status as success.
Change-Id: I7e1c326d54465d2bae86a9b0de5152196a9ce359
CRs-Fixed: 2396382
hostapd handles SAE authentication frames sent by a station.
Set the flag RXMGMT_FLAG_EXTERNAL_AUTH and forward them
to hostapd.
Change-Id: Ic1d6a560430307b899700f98d90a7dacfe741071
CRs-Fixed: 2396360
Process SAE authentication frames in SAP mode as well.
These frames will be forwarded to userspace for offloaded
SAE authentication.
Change-Id: Id385cd9394160f2fae1bee7e996fd879e0109235
CRs-Fixed: 2396359
hostapd/wpa_supplicant sends authentication frames through mgmt_tx
interface but may not fill sequence control. Fill the same.
Change-Id: I568b72590ce4280eaf9540dc07b38f87f10f019d
CRs-Fixed: 2396358
There are several instances of incorrectly using EOK with QDF_STATUS.
Address all infractions in WMA.
Change-Id: I1bc97c2ed8d4d9600dcbc07f57fccfe42d75d27e
CRs-Fixed: 2403943
When userspace disconnect is received, wlan_hdd_disconnect()
checks if roaming is in progress and waits for 4 secs if roaming
is in progress. The roaming_in_progress flag is set after
CSR receives SIR_ROAMING_START and is unset after CSR receives
SIR_ROAM_SYNCH_NAPI_OFF. Since SIR_ROAM_SYNCH_COMPLETE is
received after SIR_ROAM_SYNCH_NAPI_OFF and all the roaming state
machine activities like filling connection info, bss description
happens after SIR_ROAM_SYNCH_COMPLETE is received. So there
exists a race window between SIR_ROAM_SYNCH_NAPI_OFF and
SIR_ROAM_SYNCH_COMPLETE when the wlan_hdd_disconnect() could
proceed to free the session->pCurRoamProfile and
csr_roam_prepare_bss_config() tries to acces this when
SIR_ROAM_SYNCH_COMPLETE or SIR_ROAM_SYNCH_PROPOGATE is received.
This could result in null pointer dereference of pCurRoamProfile.
Call hdd_set_roaming_in_progress(false) in
hdd_sme_roam_callback() when SIR_ROAM_SYNCH_COMPLETE is received
Change-Id: Ic350d55e857ad950a0e630b07d75a5b1b572a75c
CRs-Fixed: 2399474
An ancestor of the current driver used mailboxes for communication
between SME and LIM, and serialization/deserialization routines were
used to encode and decode the mailbox messages. This mechanism is no
longer in use, but there are remnants still present.
One remnant is the eWNI_SME_SEND_DISASSOC_FRAME message processing
which is still serialized by SME and deserialized by LIM even though
the message is no longer sent via a mailbox. Bring this message
handling up to date by exclusively using the underlying struct
sme_send_disassoc_frm_req.
As part of the change remove the trans_id field from the struct since
it is not actually used by LIM.
Change-Id: I067c9f7461fddd7a25090e691836d7d9276c4e89
CRs-Fixed: 2402289
Add new ini "roaming_scan_policy" to config roaming scan
behavior (DBS/non-DBS) in fw side.
This ini is corresponding scan_ctrl_flags_ext in
wmi_start_scan_cmd_fixed_param when host sends
WMI_ROAM_SCAN_MODE to fw.
Change-Id: Id95c3b9bb40d4f32ab3ff14a30f72c6150ac1884
CRs-Fixed: 2398531
Register peer unmap sync callback in pdev during wma_tx_attach
to be accessed in ol_txrx.
Change-Id: I16909ae51e3ca55714c8d1f9f07d7a02f651c190
CRs-Fixed: 2398856
To address kernel control flow integrity (CFI) issues related to type
mismatch, correct the return type of ol_txrx_pdev_attach_target().
Change-Id: Icb170ad1e57513519f3d9b122ab4feed6a4efcb8
CRs-Fixed: 2402963
To address kernel control flow integrity (CFI) issues related to type
mismatch, correct the return type of wdi_event_sub().
Change-Id: Id51c6523ddd5d6f5835f7aa08a3a7b2940d2c50b
CRs-Fixed: 2402961
To address kernel control flow integrity (CFI) issues related to type
mismatch, correct the return type of wdi_event_unsub().
Change-Id: I45d090cb4011ca659e30b2f7be6c2b7d32bbba4b
CRs-Fixed: 2402957
As part of DSC integration, use vdev op start/stop for appropriate
cfg80211 operation callback handlers.
Change-Id: Id2a13469267547b878e234cb3c0b16e74abe00d5
CRs-Fixed: 2402143
As part of DSC integration, use vdev op start/stop for appropriate
vendor commands.
Change-Id: I5d296e7e97158bcc11db04361e0211d1a44b7fcd
CRs-Fixed: 2402142
An ancestor of the current driver used mailboxes for communication
between SME and LIM, and serialization/deserialization routines were
used to encode and decode the mailbox messages. This mechanism is no
longer in use, but there are remnants still present.
Two such remnants are in lim_send_sme_disassoc_ntf(). The logic for
creating both the Disassoc Response and the Disassoc Indication use a
combination of direct structure writes and serialized buffer writes.
Bring this logic up to date by removing all serialized buffer writes
and exclusively use direct structure writes.
Change-Id: I73be566a1512fdc9b8dc28c9ddf818b7c4aa26ed
CRs-Fixed: 2402223
An ancestor of the current driver used mailboxes for communication
between SME and LIM, and serialization/deserialization routines were
used to encode and decode the mailbox messages. This mechanism is no
longer in use, but there are remnants still present.
One such remnant is csr_ser_des_unpack_diassoc_rsp(). This function
currently deserializes a message that is already in the correct
format. Since this is pointless, remove the functionality.
Change-Id: I2d212f0f7a40fd12d9932974dfd3f5cde7fc4eb7
CRs-Fixed: 2402222
Currently all logging for CP_STATS is disabled so CP stats
logs are not getting printed.
Enable all the logs for CP_STATS Module.
Change-Id: If465c813d98410129f80427ed7072de063f1f3c8
CRs-fixed: 2402649
In the case the interface timer gets expired and stop modules is called
in that context and modem graceful shutdown occurs at the same time,
there arises a situation in which there is a mismatch in the FW and
driver state. This results in the rx ring buffers being freed by the
host while FW still tries to access those buffers.
To avoid this assert situation, block the modem shutdown while the host
is performing stop modules. During stop modules, host will send pdev
suspend which will suspend all activity from FW. This can then clear the
path for the modem graceful shutdown.
Change-Id: I8ecae86bb90be7e97eb274946270eb57ca107332
CRs-Fixed: 2392815
In several functions of HDD, reference of vdev is acquired and released
with hdd_objmgr_get_vdev() and hdd_objmgr_put_vdev() respectively.
Both hdd_objmgr_get_vdev() and hdd_objmgr_put_vdev() use adapter input
argument to get the access to vdev pointer: adapter->vdev.
When acquiring vdev reference "adapter->vdev" can be valid but when
releasing vdev reference "adapter->vdev" can be NULL, leading to
reference leak. This can happen only when hdd_vdev_destroy() invoked
from another thread concurrently.
To address this issue, use the input argument vdev pointer to release
the reference in hdd_objmgr_put_vdev().
Change-Id: I89166a471b6c82a95ae0c70ae025608f2f19e5ca
CRs-Fixed: 2399777
Value of ts_acm_is_off gets updated by 0 irrespective of the value
passed by ini file results driver unable to send eSmeCommandAddTs
cmd.
Fix is to use value of ts_acm_is_off as per value in ini in
CSR_IS_ADDTS_WHEN_ACMOFF_SUPPORTED().
Change-Id: Ic5f34f4c4499f92471ce501a78c39a255d6537c9
CRs-Fixed: 2401454
Currently there is no support from driver to send STA authorized
event to supplicant.
Use QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES vendor command to
send STA authorized event to supplicant.
Change-Id: I46416949f04dd28a1713cbebf1f7d0e84b5efda2
CRs-Fixed: 2172816
Hostapd handles SAE authentication and sends the
authentication frames via NL80211_CMD_FRAME interface.
Enable mgmt_tx API for SAP mode as well to
facilitate the same.
Change-Id: Ie858881333b0f12e03f9a4f7b54fe5476b1d9173
CRs-Fixed: 2396335
Revert set ol_rx_thread to SCHED_RR, SCHED_RR could lead to
hdd_ctx->bus_bw_work delayed for long time, and throughput level is not
updated while running traffic, finally hdd_rx_packet_cbk drop packets(rx
path slow).
Change-Id: Idc48c4ff4f38e25124121f814492ea116555cd32
CRs-Fixed: 2398511
Epping mode is currently borken in qcacld-3.2 codebase.
Fix epping mode for QCN7605 for USB and PCIe interface.
Change-Id: I12a11989d86f255e7ec61c98e328fbb755fc39ae
CRs-Fixed: 2400179
