Currently if only one address is provided in wlan_mac.bin, it is updated
for interface wlan0. It will be copied to interface p2p0 if a specific
configuration is present. softap0 retains its mac address either generated
from serial number or given through Firmware ready event. This doesn't
guarentee a unique mac address to both these interfaces.
Regardless of configuration Both softap0 and p2p0 should have a unique
mac address with locally administered bit set.
Change-Id: I64299f5c2e2376c8dbdb26ea34ba0187d5d1f28d
CRs-Fixed: 2066086
During peer detach, driver starts a timer to track unmap events
when the sta peer gets deleted. During this duration SSR occurs
and BUG_ON or cds recovery is triggered. This should only happen
in non-recoverable situation, so this scenario should be avoided.
Allow driver to recover from the SSR by checking FW_DOWN bit.
Change-Id: Ieca407e5c9c30f3c4716b7d158a903add46b8bd6
CRs-Fixed: 2078395
Currently during IPA pipes connect host is passing size of each TX
completion ring size as 4 bytes instead of 8 bytes which is expected
by IPA driver. Reason is host passes size of each ring as size of
dma_addr_t which is 4 bytes for 32 bit host architecture where as
bus addresses are of 8 bytes on MAC and IPA. Fix this by passing the
size which is correct and expected by the IPA driver.
Change-Id: Ib081a3819d3a5e4f7ac61606d5ecb9aa5f3242c8
CRs-Fixed: 2037661
Propagation from qcacld-2.0 to qcacld-3.0.
There is a possibility to read uninitialized memory within api
__wlan_hdd_cfg80211_testmode.
To resolve this issue, initilaize buffer hb_params with zero.
Change-Id: Ia8061610a8c35aa7290177c0dcd2c5c36d9fcb35
CRs-Fixed: 2075796
The vendor command QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS
coming in netdev down state resulting in crash.
Add WIPHY_VENDOR_CMD_NEED_RUNNING flag to reject the vendor command
QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS if netdev is down.
CRs-Fixed: 1109145
Change-Id: I007341a51ccdd1b5cf5b6e2319c8b71d4f26f9ce
Currently sending qpower to FW in softap mode causes device to crash as
qpower config is not supported.
Enable QPOWER config in STA and P2P-CLI modes.
Change-Id: Idb8b3ac79e6c93533b752ac42d6ab57bb0c86579
CRs-Fixed: 2003839
In csr_validate_wep(), return value of csr_get_oui_index_from_cipher() is
used to fetch 'csr_wpa_oui' value. csr_get_oui_index_from_cipher() returns
0-14 but no.of rows of 'csr_wpa_oui' is 7.
Add changes to validate index value before accessing 'csr_wpa_oui' array.
Change-Id: I0cf16f4e8fb2c07a489991f20bc345e97b2450e0
CRs-Fixed: 2077599
Currently when driver send log flush command to firmware,
driver start timer of 10 sec.
Reducing this time to 3 sec as 10 is long timer.
Change-Id: I697fa6a4709fa0128595fb2b15493b1fa2b13b35
CRs-Fixed: 2037033
The Estimated Service Parameters element is
used by a AP to provide information to another STA which
can then use the information as input to an algorithm to
generate an estimate of throughput between the two STAs.
The ESP Information List field contains from 1 to 4 ESP
Information fields(each field 24 bits), each corresponding
to an access category for which estimated service parameters
information is provided.
Change-Id: I4d299ffbf0700574c0b207893dbbfc4fd3911849
CRs-Fixed: 2079816
Currently while registering wiphy, supported Beamformee STS Capability
and Number of Sounding Dimensions are not updated in the vhtcap field.
This results in hostapd failing to start if above two configurations
are enabled in the conf file.
Update missing vht capabilities in wiphy before registering.
Change-Id: I8db376fe1f14fd5b722e67a5889addf4c2fb7f28
CRs-Fixed: 2062520
In packet log header, element type_specific_data used uninitialised.
Initialise type_specific_data.
CRs-Fixed: 2015997
Change-Id: Ifa2bdc4c10528c8e9781249058e1767d64bec60e
qcacld-2.0 to qcacld-3.0 propagation
In sir_convert_assoc_resp_frame2_struct(), 'pAssocRsp->ricPresent' is set to
true when 'num_RICDataDesc' is 0, this causes qdf_mem_malloc() to be called
with invalid length 0.
Add change to validate 'num_RICDataDesc' to avoid above issue.
Change-Id: If5e59477efa4df01ca216904645babf769b55c47
CRs-Fixed: 2078891
In unpack tlv, length of tag and length fields are not considered
while checking for min length for the tag, this result into failure
in unpacking the TLV.
Fix it by including length of tag and length fields while checking
for min length.
Change-Id: Icf06b935a883e41426f5fcd1668ad8461b58349f
CRs-Fixed: 2070452
Add support for rssi based assoc rejection from a bssid and
Try to connect to this bssid only after time interval indicated in
Assoc reject or when rssi has improved by margin indicated in Assoc
reject.
On connection send OCE rssi reject BSSID list to firmware so that
firmware will avoid connecting to these BSSID until RSSI improve or
delta interval has elapsed.
Change-Id: I792b2874ed25227bf5fd09d8051549da96db4364
CRs-Fixed: 2070452
Add support to handle rssi based assoc rejection from a bssid and
Try to connect to this bssid only after time interval indicated in
Assoc reject or when rssi has improved by margin indicated in Assoc
reject.
Change-Id: I6363bf5346ff8804611afbac3058819dc820092d
CRs-Fixed: 2070452
Trigger packet logs if deauth/Disconnect comes with reason code
other than eSIR_MAC_UNSPEC_FAILURE_REASON,
eSIR_MAC_DEAUTH_LEAVING_BSS_REASON,
eSIR_MAC_DISASSOC_LEAVING_BSS_REASON
Change-Id: I906abf4e4b7c7b9fb109fa1ead1afed15a9f5e81
CRs-Fixed: 2071173
In packet logs currently HB failure, HO failure and No scan results
are marked as Non Fatal and because of that, these failures are not captured
in packet logs.
Fix this by making these events as FATAL.
Change-Id: I6db2f3cd843b7f84081332f2385fbfb0a2992078
CRs-Fixed: 2061842
In certain cases HDD fails to receive callbacks for the scan requests
queued to SME. Kernel may free up these scan requests due to timeout.
During driver shutdown and exit if scan done is performed on these
stale scan requests, kernel crash may occur.
Set a timer of 60 seconds on queued scan requests, after expiry BUG_ON
for debugging purposes.
Change-Id: I6db155b17a8a5ae87208ec84eaab221a53623a63
CRs-Fixed: 2070594
If registration of callback 'hdd_send_action_cnf_cb' fails with PE due
to some error case, then PE is not going give the ack confirmation
for action frames which can lead to in p2p connection failure.
CRs-Fixed: 2075708
Change-Id: Ia7b670f186975f5139e37e79230de56bc8ab868b
During wlan disconnect before disabling tx queues, observed continuous
logs in ndo_start_xmit, because of invalid station ID, leading to WD bark.
Move log level to info from error, if driver fails to find valid station
ID while processing ndo_start_xmit.
CRs-Fixed: 2022473
Change-Id: I122219d22e2e19ddb3ca6aa60c38177f2a95ac43
sme_set_5g_band_pref is declared inside FEATURE_WLAN_ESE feature flag
by mistake which can cause a symbol undefined error if FEATURE_WLAN_ESE
is not declared.
Move sme_set_5g_band_pref outside of conditional block FEATURE_WLAN_ESE.
Change-Id: I80b045100b068d08873b136fdf676e99e36a57cd
CRs-Fixed: 2016629
Add support for 5Ghz network RSSI boost/penalty preference
based on ini values.
Change-Id: Ia3ae5dcc35b9a85fde5a609f8f27ff8b4bc35cec
CRs-fixed: 1085554
If during set link state, vdev stop fails, then the params pointer
is not removed from the vdev resp queue and set link state rsp is
called which will free this params pointer.
This leads to double free of the params memory when driver try to
remove the req params from vdev resp queue when cleanup vdev resp
queue is called.
To fix this remove vdev stop req from vdev resp queue if vdev stop
fails.
Change-Id: I1da763d2cc35c12c1b55a3c0057b893e9ef8d48f
CRs-Fixed: 2080189
qcacld-2.0 to qcacld-3.0 propagation
On some channel, AP's tranmission power is less than
regulatory tx power as per db.txt. While sending Assoc request,
driver should populate negotiated power (min power of AP's tx power and
regulatory power for operating channel) in Assoc request.
This doesn't happen currently, fix it to ensure that
driver follow negotiated power.
Change-Id: I7755894b72e4f0f7ffc371abbbda5c75b2851b13
CRs-Fixed: 2011396
Currently if the peer is not registered, we add packets to a cached_bufq
(within a peer). In case the peer is not registered for quite a long
time, or if the vdev->rx pointer is somehow not set (when the vdev is
associated), this will lead to large number of nbufs from the FW being
added to this list. Eventually, we will run out of memory trying to add
nbufs to this list.
Keep an upper threshold on the number of elements in the cached_bufq.
Drop elements once the threshold is reached.
Change-Id: I02db9347addd77976f1d84897eee20d1e6f9c4ec
CRs-Fixed: 2026991
qcacld-2.0 to qcacld-3.0 propagation
Currently, driver doesn't consider tx power which was negotiated
at the time of connection for max tx power for RRM Link Measurement
Request.
Fix this by not allowing tx power more than pSessionEntry->maxTxPower.
Change-Id: Idebe6d11e05da0b3b8186e2c84ff8ad4ac124fdc
CRs-Fixed: 2021835
When Driver does disconnect as part of heartbeat failure
or kickout event, trigger fatal event to capture pktlog.
Change-Id: I43a486afeccc4acd4be542357b803d492afde9c0
CRs-Fixed: 2030718
Currently, a hard-coded enhanced multicast filter configuration is being
sent to firmware. Instead, create a set of enable/disable APIs, and
configure enhanced multicast filter based on advertised firmware
capability.
Change-Id: I488b4a921612e1081266be8831be098d755375f9
CRs-Fixed: 2078615
In the suspend path, the code waits for all active/pending scans to be
cancelled before continuing the suspend. Instead, for better power
savings, abort all active/pending scans during suspend and immediately
continue the suspend process.
Change-Id: I16a5429c00034fe58fb4c70a8dacda666ac54227
CRs-Fixed: 2073229
Fix incorrect processing of encrypted auth frame by allocating
appropriate local buffer and using correct type for frame length.
Change-Id: I87d6f4c3c43dd332d5b1877ddf4b3b46a717468b
CRs-Fixed: 2081734
Currently, numap is int and is assigned with a uint32 value from
fw which might lead to integer overflow. Also, when multiplying
the uint32 value with sizeof dest_ap could lead to int overflow
if the value of numap is close to uint32's maximum limit.
Fix/Modify numap to uint32 to be in sync with value from fw cmd.
Also add check to trim down numap value to max (10) if value is
greater than max (10).
Change-Id: I060f585c8c951807cd32b5eec75c1bad2e84a75b
CRs-Fixed: 2082665
QCA_WIFI_3_0_EMU flag is introduced for IHelium emulation
platform, where wait/error timeouts are kept for larger values.
Remove this flag for production target.
Increase tx completion drain delay to 1sec from 500ms to avoid
unwanted suspend abort.
Change-Id: Ie0633b3a2bbc9e2237039311af7417952961aada
CRs-Fixed: 2047750
qcacld-2.0 to qcacld-3.0 propagation
Update EDCA parameter if the country is in European
Union based on new ETSI RED channel access parameters.
Change-Id: I08b1a0d7cd0ee1f6985cd0810c5c4c1108e582b4
CRs-Fixed: 2078985
Skip FW memory dump in SSR case for HL SDIO solution.
HL SDIO uses the diag read API to read by 4 bytes,
which is too slow to meet SSR time requirement.
Change-Id: Iacde90ab0ec84f29f3744bf4497ec8fd8517600a
CRs-Fixed: 2071329
Vendor features are used to indicate OCE support
from driver to user space which are set based on ini
params for STA and SAP.
Change-Id: I1b9039307d5477883a2fd23e972d20234908ee24
CRs-Fixed: 2031980
Fix array out-of-bounds access while populating the BSS rate set.
The issue was seen while populating the basic supported rate
and extended rate sets.
CRs-Fixed: 2081423
Change-Id: I8626399b7f9a04dc368daa582b6a09500a7ea015
propagation from qcacld-2.0 to qcacld-3.0.
While processing setpno ioctl, input arguments are not validated
and also while parsing arguments, there is a possibility of Host
accessing memory beyond memory allocated as there is no check
whether is Host is accessing valid memory or not.
Validate input arguments and make sure Host won't access invalid
memory, while processing setpno ioctl.
Change-Id: Ica9ea56283d55282cff3ccd349e4bc1c08b80e70
CRs-Fixed: 1097868
Rx hash deinit sets hash_table to NULL, at the same time
there can be active tasklet context accessing the rx hash list.
Prevent rx hashlist access after rx hash deinit and set the netbuf
to NULL once netbuff is popped out of the list.
Change-Id: I4e30dd69ece33c3cc768842274d5307c0bf29a37
CRs-Fixed: 2049121
sap_restart_on_ch_avoid ini parameter holds good for both SAP and GO.
So to make it generic, rename to ignore_restart_on_chan_avoid_event.
Change-Id: Ic68014a71b36e00c268da50528bf5e14fd87d007
CRs-Fixed: 2027436
Driver is disabling the tdls for 5s from the last p2p-listen request
received. This is leading to tdls connection failure even after p2p
find has been stopped.
So reducing the min and default timer values 500ms and 2s respectively.
CRs-Fixed: 2078933
Change-Id: Id1ab3945d029de8154aede403b354aec99f4cd79
The function is not present as inline in the non debug build, which will
cause a compilation error.
Fix issue by having an empty inline function in the header file.
Some counters need to be defined outside of DEBUG_RX_RING_BUFFER.
Change-Id: I755616aa55c2f38bca017137e91cc469de7fbdcf
CRs-Fixed: 2004927
Make sure sta is not null before dereferencing in
lim_send_assoc_rsp_mgmt_frame function.
Change-Id: Ifb7c4a3b1e02297906bfa1b7908c27929682cf28
CRs-Fixed: 2030304
qcacld-2.0 to qcacld-3.0 propagation
Add eCSA capability record of STAs which associated to SAP.
Change-Id: I1d7892bb1dc4e490a587e8372a4bdc7f419e8b36
CRs-Fixed: 1094958
Presently during the mac open the globalmac context is memset to
zero and the based on the driver_type pe sessions will be created.
During the switch from the FTM to mission mode, pe checks the
driver mode from the mac context and tries to access the invalid
lim sessions which are not created for FTM mode.
To mitigate the issue set the driver_type in the mac context during
mac_open
CRs-Fixed: 2017035
Change-Id: Iddefd2f74afb71197c3830a51f107d86736745f1
Current driver is assigning listening interval based on beacon interval
value which is incorrect.
Listen interval should be taken based on INI value.
CRs-Fixed: 2080042
Change-Id: I0ad52a8042589604d51fc632fe3ce31547a26628
Due to multiple beacon miss issues observed in firmware,
Host is changing final bmiss count to 20 from 10.
Hence firmware can receive beacon in noisy environment.
Change-Id: I87e4a6eaec016f36ca22a057e0d9812c0b8696ff
CRs-Fixed: 2082088
In the existing impementation, once wma_is_pkt_drop_candidate gets a
peer from ol_txrx_find_peer_by_addr, the peer can be deleted in the
SOFTIRQ path from the unmap handler. This would make the peer pointer
'stale' resulting in access to already freed memory.
- Use standard API OL_TXRX_PEER_UNREF_DELETE to decrement peer->ref_cnt
instead of directly referencing it.
- Add a new API - ol_txrx_find_peer_by_addr_inc_ref which does not
decrement the peer->ref_cnt until the usage of peer in the caller
function is finished. The existing API ol_txrx_find_peer_by_addr
can be replaced by the new API as and when the issues are seen.
Sample usage:
{
peer = ol_txrx_find_peer_by_addr_inc_ref
/* This API gets the peer and increments its ref_cnt */
...
...
/* Once peer usage is done */
OL_TXRX_PEER_UNREF_DELETE(peer);
/*
* This API deletes the reference to the peer or the peer itself
* if the peer->ref_cnt is 0. This way we no longer depend on
* peer unmaps to delete the peer.
*/
}
Change-Id: I69fb67a4b4c9e26344d2ed1a72c383be7ac62414
CRs-Fixed: 2008583
Information in struct ch_params_s are the same for 11g and
11n ht20, so phymode is still needed to distinguish them.
Change-Id: I5ddfc011b4fd3b11c975f8b2df3a270e8141e622
CRs-Fixed: 2073580
Fix device name in the log. Current log is,
"hdd_open_adapter: xxxx: wlan%d interface created. iftype: 0."
Expected log is,
"hdd_open_adapter: xxxx: wlan0 interface created. iftype: 0."
CRS-Fixed: 2078530
Change-Id: Ida38e1e2f26d0a86382550409317ec36bd68f071
Currently both min and max rest time use the same ini param
gNeighborScanTimerPeriod.
Add a new ini param gRoamRestTimeMin for min rest time
during channel scan.
Change-Id: Ifbb0fcc736e81b292639c6f2ad3119b451bec4f2
CRs-Fixed: 2060095
If channel switch is in progress and if the HT IE received in
beacon has the BW change then do not send the bandwidth update
request to FW. After the channel switch response is received and
beacon has different BW bandwidth a new BW update request will
be sent to FW.
Change-Id: Id41bd0523f821d2b81e132318230492fda79f32a
CRs-Fixed: 2068906
Add a flag to wma_find_vdev_req api to remove the wma request
message with conditional check.
Change-Id: Ia1166659e593312a2ebf34df5eba02fb23fc335a
CRs-Fixed: 2077738
Disable SGI in 160MHz mode if short GI for 40MHz is disabled in
the INI connfiguration
Change-Id: I6a0c7c7734d4c926dc29103207afb45a3eb1da94
CRs-Fixed: 2073269
Send the failure response for delete self sta request to SME if
the delete bss request is not present or being processed.
Change-Id: I8af9c96ee2027faf256563f800159070146770c8
CRs-Fixed: 2076336
If vdev is deleted FW can assert if host sends any vdev set param command.
Add vdev validity sanity check and reject vdev param set request after
vdev is deleted.
Change-Id: I65c303ef2e2a941cb2629f3fbc0862acf6e306d3
CRs-Fixed: 2079273
Add a configuration item, gPreventLinkDown, to disable putting the bus
link to sleep during suspend/resume.
Change-Id: Id52c6319cafaef60e6f4e562010615361eb831cd
CRs-Fixed: 2066718
preferred_rx_streams to reflect the NSS value with which association to the
AP happened in STA mode.
Change-Id: Ia2ecfb7ba055c3644410b0ff908812f0f94ba4c7
CRs-Fixed: 2077040
qcacld-2.0 to qcacld-3.0 propagation
FW has limitation to support old WMI_REQUEST_STATS_CMDID and
WMI_UPDATE_STATS_EVENTID interface on AP vDev. FW suggest to use new
WMI_REQUEST_PEER_STATS_INFO_CMDID and WMI_PEER_STATS_INFO_EVENTID to
get tx/rx rate.
This checkin is about LIM/SME/SAP layer, provide SME APIs/callbacks
to HDD layer to get SAP's peer station tx/rx related information,
fill these information from wma layer get-peer-stat-info APIs and
peer station's association request frame. It also fixed function
csr_send_assoc_ind_to_upper_layer_cnf_msg when copy information
between different structures and using offset style.
Change-Id: Icb1aaa126663af7eaedd1c4db86ca25c40ce6ee9
CRs-Fixed: 2051628
In roaming scenario, to avoid ping pong with bad AP’s around, fw
blacklist certain Ap’s based on timestamps and penalize certain
AP’s of the same channel so they won’t be selected and back and
forth roaming could be avoided. This change adds the following
INI parametres to configure the parametres of this fw feature.
1) groam_disallow_duration - Amount of time LCA[Last Connected AP]
will be disallowed before it can be a
roaming candidate again.
2) grssi_channel_penalization - RSSI to be penalized if
candidate(s) are found in the same
channel as disallowed AP's.
3) groam_num_disallowed_aps - number of AP's the target should
maintain in its LCA list.
Change-Id: I41cb36caf1b42caeb2bf77846bd0279eb43d2018
CRs-Fixed: 2054188
Currently addts and delts commands are removed as part of
csr_roam_sync_callback. After successful roaming add_tspec of
old connection is not processed in SME (entry of addts command is NULL
in smeCmdActiveList). As there is no active add tspec in SME,
VO data is downgraded to BE.
To fix above issue, do not remove addts/delts commands from SME queue and
in PE layer do the error handling for addts to send resp for all
failure cases.
Change-Id: Ibc7364d188c3002dd8067738f6bcc8fee2af2126
CRs-Fixed: 2076713
There is a possibility of OOB memory access within api
wlan_hdd_qcmbr_command.
To resolve this issue add appropriate buffer length check before
using the buffer.
Change-Id: I3bc0bb74e07fbf4b5c1f2163c9fb0b80d8839d0d
CRs-Fixed: 2075278
qcacld-2.0 to qcacld-3.0 propagation
New MAC counters are added to count MPDUs received and transferred
on each antenna.
Change-Id: Ia7fbf7642922f006882619848459192dcfca3c40
CRs-Fixed: 2043156
qcacld-2.0 to qcacld-3.0 propagation
In dphInitStaState function, it will implicitly assume that, the last
member of structure tDphHashNode is *next* pointer, which is fragile and
risky.
Save the *next* pointer in local variant and restore after whole
structure zeroed.
This will need additional CPU ticks but eliminate the risk.
CRs-Fixed: 2055505
Change-Id: I6baf3eddea965eda4e7f7ca88fef54709964febc
warning: implicit conversion from enumeration type 'enum
nl80211_band' to different enumeration type 'enum ieee80211_band'
[-Wenum-conversion]
Replace NL80211_BAND_2GHZ with HDD_NL80211_BAND_2GHZ and
NL80211_BAND_5GHZ with HDD_NL80211_BAND_5GHZ.
Change-Id: I15a905a599b87fc1a876c5f1b7bd6d69b2ba0f15
CRs-Fixed: 2055487
warning: implicit conversion from enumeration type 'enum
nl80211_band' to different enumeration type 'enum ieee80211_band'
[-Wenum-conversion]
Change-Id: I084e015626611ae90be00b11a599ae82f9bf6f60
CRs-Fixed: 2055487
qcacld-3.0/core/mac/src/pe/lim/lim_process_mlm_req_messages.c:487:10:
warning: implicit conversion from enumeration type 'enum eSirRetStatus'
to different enumeration type 'tSirResultCodes'
(aka 'enum eSirResultCodes') [-Wenum-conversion]
qcacld-3.0/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c:459:37:
warning: implicit conversion from enumeration type 'tLimSmeStates'
(aka 'enum eLimSmeStates') to different enumeration type 'tLimMlmStates'
(aka 'enum eLimMlmStates') [-Wenum-conversion].
Change-Id: I649618105b220d69c8b79dcae0983ae6d75746c0
CRs-Fixed: 2055487
warning: implicit conversion from enumeration type 'tLimSmeStates
(aka 'enum eLimSmeStates') to different enumeration type 'tLimMlmStates'
(aka 'enum eLimMlmStates') [-Wenum-conversion].
Change-Id: I659776ce18feaf1e566d6c9ff5cbd6d348016d65
CRs-Fixed: 2055487
These short name redefinitions should just be used in source file for
convenience, should not exist in qca_vendor.h where interfaces are
defined there.
To avoid checkin two way dependencies, add ifndef/define in source file
and first checkin qcacmn head file which remove these redefinitions,
then remove these ifndef/define from source file in another change.
Change-Id: I5318de88b569085f26212e960b79048e8a2481a8
CRs-Fixed: 2076521
