Since refined PMO configures based on converged cfg component, apply
PMO configurations, remove related legacy codes.
Change-Id: I2cdf18c1000d8cc923c80c00bf530b2b0c60563e
CRs-Fixed: 2322185
Remove the legacy definitions that are related to the WEP
cfg.
Move them to mlme component
Change-Id: Ibcec8adf15123d12ad7c2eb6ed770b44a093673a
CRs-Fixed: 2324046
in wma_ibss_peer_info_event_handler, the driver has a upper
bound check on num_peers and not a lower bound check.
the num_peers should be a positive value.
Since there is no check to see if num_peers is set to 0,
this check can underflow and result in multiple OOB writes
once the loop has incremented more than 32 times.
Fix is to check whether num_peers is a positive value,
and return if not found true.
Change-Id: I599151cc6720ed931142ad6a519add6957fea467
CRs-Fixed: 2324139
When peer creation fails in wma_create_peer, vdev delete is sent
to the fw and then eWNI_SME_ADD_STA_SELF_RSP is sent to sme.
Here three error cases needs to be handled:
1. The vdev deletion has happened, but the cdp_detach_peer is
not done. So the data path peer remains. Also the vdev_active
flag that was set after vdev creation was not unset.
2. The eWNI_SME_ADD_STA_SELF_RSP msg handler
csr_process_add_sta_session_rsp invokes csr_roam_session_opened
which signals HDD that vdev is created successfully and hdd
calls hdd_vdev_ready and vdev related parameter set commands are
sent to FW for the deleted vdev.
3. Vdev delete is not sent for objmgr peer creation failure in
case of VDEV_TYPE_STA and release vdev object ref count.
Add cdp_vdev_detach() calls during error case and set the
vdev_active flag to false. Handle releasing vdev object ref
count in all needed error case flows.
Propagate the error in wma_vdev_attach() through
csr_roam_session_opened() to HDD and abort the vdev create.
Change-Id: Iec97122d011098fae7ae2a59864fbe8ca8a0980e
CRs-Fixed: 2322212
While handling the WMI_VDEV_START_RESP_EVENTID WMI FW event a reachable
QDF_BUG() can occur, because the message coming from out is not
reliable.
Change-Id: I9a142152a5d65e8fa25590eac1bc63279a1de4ba
CRs-Fixed: 2321490
When wma_create_peer is called, driver checks for
cds_is_target_ready and the macro CDS_DRIVER_STATE_FW_READY is
unset during the wlan_hdd_pld_uevent. This results in race
condition where the wma_peer_create fails due to
cds_is_target_ready() failure and wma_vdev_delete is sent from
wma_vdev_attach. In wmi_stopinprogress is set when firmware is
down. But this is set only after a small delay and the vdev
commands reach the fw, which results in a race condition.
Remove the cds_is_target_ready() call from wma_create_peer.
Place the call to wma_wmi_stop() to set the wmi_stopinprogress
flag immediately after the wlan_hdd_pld_uevent is received.
Change-Id: Iea53931771afd93ffaeabf704bbaffcf2460284f
CRs-Fixed: 2320538
Currently PHY mode is not getting updated and it is being set as
0, which is resulting in an invalid channel setting to FW
for LOWI.
To address this issue update the PHY mode correctly.
Change-Id: I1f650268e2ba1814a435994d558b4b68030eb8c1
CRs-Fixed: 2318551
Restrict the band of PCL to the connected band if
intra band roaming is enabled
Change-Id: I78e9a29d7f8eb226e899e944e4d2980629c52a01
CRs-Fixed: 2302607
In wma_extscan_find_unique_scan_ids() the TLV structures
for param_buf are pulled from the WMI message.
wma_extscan_find_unique_scan_ids parses the data (param_buf)
which is obtained from the firmware.
This parsing logic of rssi_list does not consider the
size of the list and thus results in an OOB access.
Fix is loop for the num_rssi_list and not the num of entries
Change-Id: Icf79b59a17b66ac858222b79589641787022572d
CRs-Fixed: 2316805
Add CFG items of RTT and PMF as generic items based
on converged cfg component.
Change-Id: Ic95d1e7b052259149704d9faf65ebe5f51536fdf
CRs-Fixed: 2313281
wma_mgmt_nbuf_unmap_cb uses wma handle to check if wmi service
capability for mgmt is supported. If wma handle is freed before
call back is invoked it returns with out doing unmap of nbuf.
Instead of wma handle use psoc object handle which has the
information about wmi service capability support.
Change-Id: Icbdeb155be0fb5d056dd876faa2bd73f78cd9db7
CRs-Fixed: 2317785
As a part of the cfg80211_get_station command, the driver sends TX stats
(tx rate, MCS index, NSS and flags). Currently there is no support to
send the similar RX stats.
Add support to send RX stats to the framework.
Change-Id: Ic66596d118ad1395706db7638da1b4fdef7dc2d5
CRs-Fixed: 2303306
In wma_unified_radio_tx_mem_free() function, results buffer array may be
dereferenced with large index value, that may result OOB memory access.
Fix the same by correcting incrementing pointer to results buffer.
Change-Id: I57a26dba9db32758c7d7fd51b99d3364a8020a9d
CRs-Fixed: 2308644
This change Removes legacy APIs to modify vdev state machine and
add use new API to get vdev state.
Change-Id: I48aa3744dafc6d13a43a14e48de821c7dadf3a37
CRs-Fixed: 2314730
Since refined mlme sta configures based on converged cfg component,
apply mlme sta configurations, remove related legacy codes.
Change-Id: Ia5989a29378bf33e3c9550a0ae26338aeb966592
CRs-Fixed: 2312079
In slub debug enabled build processing is slowed down and hence
increase the FW response timeout values by factor of 2 times.
Change-Id: I979269a9b4f6bc03f97452b3d7f7416fd418f336
CRs-Fixed: 2315934
From control path while removing peer, dp peer handle is
acquired using mac address with ref count incremented which
is not needed. Ref count should be incremented only when
there is possibility of parallel execution of peer unmap
event. Fix this by getting peer handle with out taking the
ref count.
Change-Id: I76bf4eebc8e7ddadc388a957bea05813a4b24741
CRs-Fixed: 2314110
Add support to store vdev object in WMA interface (wma_txrx_node)
and acquire and release its reference count during wma_vdev_attach()
and wma_vdev_detach() respectively.
Change-Id: I5449d4051b08dc328a5d97446a4de3d7b51155eb
CRs-Fixed: 2310990
Logging macros already print function name by default,
there is no need to print the function name again as part of the log.
Hence, remove the function name or
wherever required use '"%s...", __func__'
Change-Id: Ib6dc6cc03ef148146b1c626271d5ac3b7345c4bb
CRs-Fixed: 2312593
As part of wlan_mgmt_txrx_pdev_close only nbuf is freed
in case of cleanup path due to SSR or drive unload and
dma unmap is not done. In this change register a callback
to mgmt_txrx component tx ops which does dma unmap of nbuf
as part of pdev close.
Change-Id: Ia0fa6684f66a3b732e5c599f2df4ea7f33ebc4f8
CRs-Fixed: 2308372
When first WMI_RADIO_LINK_STATS_EVENTID is received radio stats buffer
is allocated based on num_radio param. There is an option for pending
following events. So update wma_unified_link_radio_stats_event_handler
to check if following events are valid wrt num_radio values to avoid
buffer overwrites.
Change-Id: If4675bada5492c3bae98c655b45cac6dc76b6431
CRs-fixed: 2309399
When the host sends a wmi command with invalid vdev id, firmware
crashes. So to avoid this check the vdev_active flag for the
vdev before sending the wmi command.
This changeset validates the vdev_active check for the following
commands:
WMI_VDEV_CREATE_CMDID
WMI_VDEV_DELETE_CMDID
WMI_VDEV_START_REQUEST_CMDID
WMI_VDEV_RESTART_REQUEST_CMDID
WMI_VDEV_UP_CMDID
WMI_VDEV_STOP_CMDID
WMI_VDEV_DOWN_CMDID
WMI_VDEV_SET_PARAM_CMDID
WMI_VDEV_WMM_ADDTS_CMDID
WMI_VDEV_WMM_DELTS_CMDID
This change also removes the flag is_vdev_valid which seems to
duplicate the vdev_active flag.
Change-Id: If9d4a2b24f8141c26a73f3a012fa99d38b3221bc
CRs Fixed: 2312360
During vdev_attach, wma_vdev_update_pause_bitmap() is called to
clear the pause bitmap to zero to ensure the queues are unpaused.
This function is called immediately after cdp_vdev_attach before
the vdev created is assigned to interfaces[vdev_id].handle.
This causes the function wma_vdev_update_pause_bitmap to exit
everytime with error.
Call wma_vdev_update_pause_bitmap after vdev assigned to iface.
Change-Id: I1fc3af66212fc62211d03245cfddb96806a37c87
CRs-Fixed: 2312344
In the scheduler_post_message, src_id is now added to
know the source module of the msg. the present scheduler
doesn't know about the same which is scheduler_post_msg
Replace the scheduler_post_msg with scheduler_post_message
Change-Id: I73a0f11bd6ea4edb0d4c8871d9e217e16f756e58
CRs-Fixed: 2305991
In the scheduler_post_message, src_id is now added to
know the source module of the msg. the present scheduler
doesn't know about the same which is scheduler_post_msg
Replace the scheduler_post_msg with scheduler_post_message
Change-Id: Ia79d1e8ceda97f956eadcef50524b8307fcc247b
CRs-Fixed: 2305993
Remove the legacy ini config values defined in hdd_cfg.
Call the mlme cfg get api to retrieve chainmask config values.
Remove the tx_chainmask_cck from cds_config as mlme object is
not initialized during cds_open. Call mlme cfg api during
wma_open to populate the tx_chainmask_cck value.
Change-Id: If48aeb62cf35e2e604be2b72845b8e98c5c313dc
CRs-Fixed: 2310382
Divide and refactor mlme functions to integrate vdev state
machine for SAP restart and start fail.
Change-Id: I824df69e126d4647a156bc10570689f6b0822b06
CRs-Fixed: 2309284
Divide and refactor mlme functions to integrate vdev state
machine for SAP stop.
Change-Id: Id9841b1a87f2f3c1c2816dae8b2a183ac04791a9
CRs-Fixed: 2309264
Divide and refactor mlme functions to integrate vdev state
machine for SAP start.
Change-Id: Id4419261cb1ba88754eded9fd780cca60f1f5db7
CRs-Fixed: 2309240
The flag is_vdev_valid and vdev_active serve the same purpose,
they are used to prevent the race condition where wmi vdev level
command gets posted to FW after vdev is deleted. Both the flags
are set to true in wma_vdev_attach when the vdev is created and
set to false in wma_vdev_detach where the vdev delete command is
sent to fw.
So remove is_vdev_valid flag and replace it with the existing
vdev_active flag.
Change-Id: I5199bc7d473470fd9f16320d323f86257a24ae19
CRs Fixed: 2312321
Currently if target is not ready, vdev stop req use check
cds_is_target_ready() in wma_fill_vdev_req(), while peer related API
uses wmi_handle->wmi_stopinprogress.
As wmi_handle->wmi_stopinprogress is set after target ready flag, the
vdev stop req is dropped while peer delete is sent to firmware. This
leads to bss peer delete sent without vdev stop.
Remove cds_is_target_ready() in wma_fill_hold_req() and
wma_fill_vdev_req() so that only wmi_handle->wmi_stopinprogress is used
to detect firmware down.
Change-Id: I5a7fb886f8bbf9a10d25c6991a291bc4bd2bef48
CRs-Fixed: 2309680
Add debugfs entry to get last five roam scan stats info which includes
old bssid, new bssid, roaming candidates etc., for STA interface.
Change-Id: Ied66beb270d97b6e17a6116c1be0e82783094519
CRs-Fixed: 2203885
The driver always allow roaming command ROAM_SCAN_OFFLOAD_UPDATE_CFG
even through session roaming not "started" in CSR.
But WMA will always enable Roam_scan_mode to non-zero
to FW when handle the command ROAM_SCAN_OFFLOAD_UPDATE_CFG.
The inconsistency is the CSR still keep as roaming stopped
status but WMA enable the roaming on session.
In STA+STA case, there will cause two vdev roam mode enabled in Firmware
because the CSR roaming start state does not keep sync with FW.
Fix by enable FW roam only based on enable state from CSR
when handle the ROAM_SCAN_OFFLOAD_UPDATE_CFG in WMA.
Change-Id: I95a2bd1edd88cc241ae9821a6e0756c44663229a
CRs-Fixed: 2305594
Make the following updates to the extscan reset significant change
logic:
1) Exclusively use the Unified WMI data structures.
2) Update the HDD<=>SME interface to enforce the contract that SME
must not make any assumptions about the buffers provided by HDD.
Change-Id: I9b63924f4219f6d3567e3ee2b1a31e1a9ce3bc29
CRs-Fixed: 2309570
P2P Listen offload is not a requirement for Genoa, hence featurize
P2P listen offload code to save memory foot-print for Genoa.
Change-Id: If50c784bb4cd6daac513a0654364e78cd636c9d3
CRs-Fixed: 2304554
