Enabling SU beamformee in vendor vht IE gives good throughput in long
range while bad throughput in short range due to excessive sounding
action frames sent by APs.
So to give control to the user, add INI "enable_subfee_vendor_vhtie"
to enabled/disable the SU beamformee in vendor vht IE. It is
dependend on INI "gTxBFEnable" and if "gTxBFEnable" is set to 0
this will not have any effect and SU beam forming will always be
disabled.
Change-Id: Id67ea86d3e0a48fec8913d6254733f753dfdae8b
CRs-Fixed: 2178940
In ol_txrx_peer_release_ref, it is possible that this function is
scheduled out when just unlock peer_ref_mutex, unmap event will
come to decrease ref_cnt and free peer object, when
ol_txrx_peer_release_ref is scheduled back and access peer info,
it will cause use-after-free.
Get peer info in the protection of peer_ref_mutex.
Change-Id: Ic442f53e0993a931c4411d9dbc85f04d6a85dc46
CRs-Fixed: 2180584
Add support to parase and include the ADDBA extesion
element in ADDBA request and response frames
Change-Id: Ifab94f77ff9d2757794d5530fee6596534a6d73b
CRs-Fixed: 2166790
In Roam invoke failure the SME send Assoc failure to HDD layer and
schedule a disconnect. Assoc failure indicate the disconnection
to supplicant and supplicant send a new connect command, which will
change some state in HDD, and post the command in SME. But during
same time the disconnect from roam invoke failure change the
state of HDD and supplicant to disconnected and SME continue
to connect.
The success is not send to supplicant and no EAPOL exchanges is
started by supplicant which is in disconnected state. This lead to
driver stuck in wait for key state and no SME commands are allowed.
To fix this do not send Assoc failure before initiating disconnect
as disconnect will anyway take care of the cleanup.
Change-Id: Ie6de1de41a9eeed71530f1b2516b01e7839dac82
CRs-Fixed: 2181528
Add new ini options for 11k offload paramters and changes to pass down the
11k offload parameters to the FW. The 11k offload command is sent after
roam start to the FW in connect path.
Also add 11k invoke command support to offload neighbor report request
iwpriv command to FW
Change-Id: If6d4bff91531e5460bbc8a851a6d777cf088eda0
CRs-Fixed: 2162029
acs_cfg is not initialized when sap starts
failed. And acs_cfg is accessed during
Random channel selection when sap interface
gets Radar event.
Fix by checking sap ctx state and acs_cfg
During dfs radar event.
Change-Id: I7e04e1a9e357ccd0b39b4edcc4c8a34b54e388ce
CRs-Fixed: 2174532
Currently, when sap starts, it will get the default
country code for the country IE if 80211d enabled.
Using api wlan_reg_read_current_country() instead of
wlan_reg_read_default_country() to get the current
country.
Change-Id: I67e63630c56b17d0d6890704bc1852e40185cf48
CRs-Fixed: 2170425
Currently there is no need to get nol when removing nol from candidate
channel list, because status of nol is set to CHANNEL_STATE_DISABLE in
regulatory.
Remove channels whose status are CHANNEL_STATE_DISABLE when trying to
remove nol from candidate channel list.
Change-Id: I90722116814e837fca456de1b2ef88d8519e9aff
CRs-Fixed: 2180752
When auth failure occures, hostapd will issue BSS stop
command, resulting in BSS peer deleted. After that, auth
frame may still get received, and SAP callback may still
access BSS peer object for remote peer creation, which
results in an assertion.
Add more check points to make sure SAP callback is
handling the peer object addition correctly based on
different status of SAP state machine.
Change-Id: Icdb7ae2db018f16cb60878bda8bab1e791667cba
CRs-Fixed: 2179494
In function wma_unified_radio_tx_power_level_stats_event_handler, radio_id
is received from the FW in the fixed_param strcutre and is used to access
the buffer wma_handle->link_stats_results which is allocated in
wma_unified_link_radio_stats_event_handler. The buffer is allocated for
link_stats_results->num_radio and if the radio_id received from the
FW is greater than link_stats_results->num_radio, an OOB write will
occur in wma_unified_radio_tx_power_level_stats_event_handler.
Add check to return failure if radio_id received from the FW is greater
than link_stats_results->num_radio.
Change-Id: I67a848e7ab137d46bb43e7336ff8135da257568c
CRs-Fixed: 2169104
When start sap+sap with acs on 5g band concurrently, the first sap
usually choose dfs channel, the second sap will be failed to start.
Root cause is when start the second sap, bss hasn't been started for
the first sap.
Extend delay for acs_pending_work from 500ms to 1500ms, the first sap
bss will be started when start pending acs.
CRs-Fixed: 2175463
Change-Id: I723d18d72728a1f7a7cd7591395c12d950c535e9
Current driver requires hardware mode to be changed to DBS explicitly
through private IOCTL commands before you can monitor 2.4G channel for
2x2 DBS platform.
Provide a fix which automatically switch the HW mode to DBS when
monitoring 2.4G channel 2x2 DBS platform and keep HW mode to SMM when
monitoring 5G channel.
CRs-Fixed: 2176055
Change-Id: Icc653d7b11c7e58b583e9cd23db6478f568bd172
When getting vdev by sta_id, peer could be deleted after retrieved,
so garbage vdev is returned.
To protect peer info, increase ref_cnt and delete peer when the ref
count is 0.
Change-Id: I850d38166d7c16d7f5e580baf3e0d17db22583f8
CRs-Fixed: 2171619
Currently, HDD acquires an additional reference for vdevs it creates. Do
the same for pdevs and psocs, so they are not destroyed out from under
HDD.
Change-Id: Ifa89f3853f76fe98880f082a6a138068bf92b6ec
CRs-Fixed: 2179683
Currently, SME sends a eWNI_SME_SET_BCN_FILTER_REQ message
to PE which in turn builds a beacon filter request using
lim_send_beacon_filter_info and sends down a message to
WMA using WMA_BEACON_FILTER_IND. But, this message does
not have a handler in WMA. So, cleanup all these messages.
The beacon filtering is currently happening through
hdd_add_beacon_filter.
Change-Id: Id235d6303ce7c740f907147afc7248d833772067
CRs-Fixed: 2177429
Currently, iwpriv wlan0 getChannelList does not show
the right channel list, because it gives wrong parameter
to the API wlan_reg_get_channel_state().
Change-Id: I03c8aa9583a827b94c8aa2fff0b94335f4a040de
CRs-Fixed: 2176844
Currently, "insmod qca_cld3_wlan.ko country_code=CN" will
be fail because start_modules_in_progress is true so api
hdd_update_country_code() returns error.
Change-Id: I4378438873ffa72c0fce415ade65b91b90e2c84a
CRs-Fixed: 2176836
Do not process radar event until receiving vdev start response, because
during channel switch, radar may be detected again in the old channel.
Change-Id: I1a524e38c25f91c684fd2c4962aeaf556d2445eb
CRs-Fixed: 2175891
If firmware is stuck while driver unloading, sme_close_session
will return failure, and cause later timer leak, in this case
continue to release vdev.
Change-Id: I137d8d29ec18af1b222eb0b967916fa20b998894
CRs-Fixed: 2176949
Currently WMI handler for WMI_PHYERR_EVENTID is used to handle DFS and
spectral scan phy errors; but Rome FW still uses WMI_PHYERR_EVENTID
and WMI_DFS_RADAR_EVENTID and does not have spectral scan phy errors.
Restore WMI_PHYERR_EVENTID and WMI_DFS_RADAR_EVENTID as Rome FW
requirement.
CRs-Fixed: 2149939
Change-Id: I7a5c4f723bedfdeb477ac36ac1290809ca06fb13
Use iwpriv command "setRadarDbg" to configure dfs log level because
MCL does not have tools to trigger dfs_control.
Change-Id: I2d7b30b026dfedbf03002463652fead83220fa2a
CRs-Fixed: 2178636
Trim the scan channel list for ACS based on the channel list provided
from user space as part of acs config.
Change-Id: Iaafa6f78098c59782478351e206ae360d50b89bc
CRs-Fixed: 2177457
There is a very rare race condition between
ol_txrx_peer_find_by_local_id_inc_ref(running in OL RX
thread context) and ol_txrx_peer_detach(running in MC
thread context) where MC thread 1st got chance and cleared
the peer->valid flag before OL RX thread can increment the
ref count and this led to OL RX thread got a peer without
any ref count which was freed later while OL RX thread was
still using it.
Change:
1 Set peer to NULL if peer valid check fails in
ol_txrx_peer_find_by_local_id_inc_ref
2 release peer ref cnt for error case in ol_rx_data_cb
Change-Id: Id21350933386464e5814babcb078d9719572af86
CRs-Fixed: 2176704
