1. Update pAddBssParams->ch_width to 160Mhz ch width value
based on VHT operation IE's ch width, channel segment 0
and channel segment 1 fields.
2. Report link rate information to OS for 160Mhz based on
rate flag TX_RATE_VHT160.
The change will fix the incorrect bandwdith reported by
IW commmand (iw wlan0 link) when STA is connected to AP
in VHT160 mode.
Change-Id: I698b12da825619e8e8f28f0cf4ea1ccf2e7072e6
CRs-Fixed: 2585986
Update tx rate flags to include 160Mhz bandwidth in
wma_set_bss_rate_flags_he.
Add HE 160 mcs to rate mapping for nss 1 and nss 2.
This change will fix incorrect bandwidth report via
IW command: iw wlan0 link.
Change-Id: Idd1adc4f2783b86a2a837999ea87bb38c813f213
CRs-Fixed: 2585078
Currently use of comamnd QCA_NL80211_VENDOR_SUBCMD_OEM_DATA
is to pass data blobs from Application to FW but there is
no mechanism to send the data blobs from FW to Application.
To meet the above requirement update the usage of existing
OEM DATA command to use it as a vendor event as well to
send data blob from host to Application.
Change-Id: I502312f25d2754984b86e1cc4e011800a5d4b58a
CRs-Fixed: 2573464
Whenever there is a process waiting on a response from firmware it has the
option of using either a qdf_event or a linux completion event.
The primary difference between these is that if there is an SSR all
qdf_events are immediately completed whereas Linux completion events are
only completed by the normal flow of code.
With new upcoming changes SSR processing will take the normal path for
releasing all of its resources, and the qdf_session_close_event is used for
synchronization.
If we define this as a qdf_event, it will be completed when the SSR begins,
defeating its purpose.
Therefore change this to be a Linux completion event.
Change-Id: Ia6fe504e2a2d01f12c3d3446fffc2fc397566966
CRs-Fixed: 2586190
pm_freezing check to abort system suspend during psoc idle
restart is not working and hence remove pm_freezing check.
Correct fix(change Ib89eca5014729f6a2103e14c6f46540d1406a5a0)
to reliably abort system suspend by calling qdf system awake
api during psoc idle restart is already present so pm_freezing
check is no longer needed.
Change-Id: Ifb56a2a9858378508ef9e583bdd15e63c26d9ba6
CRs-Fixed: 2587453
Currently, the hdd_update_connect_params_fils_info() function blindly
trusts the size and copies into the fils_info->r_rk buffer, putting it
at risk of buffer overflow. Add a check to make sure the buffer passed
in to be copied to fils_info->r_rk is of the proper length.
Change-Id: I9ad2405ca1acd83591bea2aa43406909ad1c58e4
CRs-Fixed: 2580776
For cdp_hl_fc_set_td_limit() API, use channel frequency instead of
channel number.
Change-Id: Ic053be33ac7c7cbd2543b0208a1184b3f20a4346
CRs-fixed: 2565734
When host sends ft assoc response to supplicant, it
allocates a buffer of fixed size and copies a variable
length of assoc response IEs to this fixed sized buffer.
There is a possibility of OOB write to the allocated buffer
if the assoc response IEs length is greater than the
allocated buffer size.
To avoid above issue validate the assoc response IEs length
with the allocated buffer size before data copy to the buffer.
Change-ID: Ife9c2071a8cc4a2918b9f349f4024478f94b2d78
CRs-Fixed: 2575144
Fix compile issues when some features are disabled, the features are:
BUILD_DEBUG_VERSION
CONFIG_CP_STATS
CONFIG_HOST_OPCLASS
CONFIG_FEATURE_ROAM_DEBUG
There are some other features depends on each other, so enabled features to
qcs40x.snoc.perf_defconfig, the features are:
CONFIG_WLAN_FEATURE_FILS
CONFIG_WMI_ROAM_SUPPORT
CONFIG_WMI_STA_SUPPORT
CONFIG_REG_CLIENT
CONFIG_WLAN_FEATURE_DP_BUS_BANDWIDTH
CONFIG_WMI_CONCURRENCY_SUPPORT
CONFIG_LL_DP_SUPPORT
Change-Id: I6fa1eacb79576a955e593dbb9ac52083742275e3
CRs-Fixed: 2354496
Firmware peer state needs to be set to AUTHORIZE only after
completing the 4 way handshake. In failure scenario,
host configured AUTHORIZE state before 4 way handshake and
it triggered assert in the firmware.
Peer state moved to connection in progress/CONN after successful
association and AUTH state after successful 4way handshake.
Change-Id: I5e3d94843443d0fc2612a918b5c14479f91914d8
CRs-Fixed: 2580929
With Vdev delete not using serialization, no need to disconnect
any STA with connection in progress.
The logic was added to remove the active connect command from
serialization queue so that vdev delete can complete before hdd
time out.
Now as vdev delete is not using the serialization remove this.
Change-Id: Id8c5ab31e54c8cf26999aff58c0773213f0cb13a
CRs-Fixed: 2585753
Update driver to check SAP client acceptance as per MAC ACL policy
to control association.
Change-Id: Id6888b87393e79e2f86a7d5b1132c4a897179a23
CRs-fixed: 2583874
Add credit tracking for HL Data Path in DPTRACE.
Also update proto_bitmap to dynamically enable/disable
credit tracking.
Change-Id: Idd9216b634586f3a81c2194ea4bd2122a472154a
CRs-Fixed: 2574053
Currently, default MGMT retry limit is 4 which means 4
transmissions are supported for any management frame.
In noisy environment, Chances to get connection failure
are higher with 4 retransmissions.
Fix is to add INI support mgmt_retry_max to make
CFG_MGMT_RETRY_MAX configurable. Default value for
CFG_MGMT_RETRY_MAX is 15 to reduce the chances of connection
failure in noisy environment.
Change-Id: Id50cb68813fba517a8a1580a3d6662c73b0a381e
CRs-Fixed: 2575385
When NUD FAILED event is sent by kernel, driver checks if this event
needs to be honored or not. If there is any active traffic, driver
will not honor NUD FAILED event and won't issue disconnect.
Currently, when NUD FAILED event is not honored, driver NUD state is
updated to NUD_NONE. This won't allow the further NUD FAILED event
processing in driver if received without NUD PROBE/NUD INCOMPLETE.
Reset the driver NUD state machine when NUD FAILED event
is not honored and restart NUD tracking.
Change-Id: I46826fdf60fc2f3543567c09ddc8574f119efd38
CRs-Fixed: 2583096
While processing BEACON_REPORTING_ACTIVE_REPORTING vendor command
on a particular STA (say its vdevid == 0), If scan started on any
interfaces (for example, on same STA (with vdev id == 0) or P2P
(with vdev id == 1) or on second STA (with vdev id == 1) of
STA + STA), Host should send a pause indication to upper layer only
for the vdev id(s) (here vdev id == 0) on which host processing
BEACON_REPORTING vendor command comes from user space.
Add sanity check to make sure that HOST should send pause
indication to upper layer only for vdev of STA for which host
processing BEACON_REPORTING vendor command at the moment.
Change-Id: I5ed5dc42e4dded2a803349d75234b84d3aa7f314
CRs-Fixed: 2582389
Supplicant delivers the HANG event via HIDL for STA
and via a legacy socket interface for SAP standalone case.
As per current supplicant implementation, wdev_id only matters
when the HANG event gets processed via HIDL.
Currently, for STA interface, host sends wdev as NULL to
cfg80211_vendor_event_alloc, this allows userspace to
process nl_cmd for QCA_NL80211_VENDOR_SUBCMD_HANG_REASON_INDEX
event with the 1st interface which is p2p in supplicant instead
of WLAN interface.
Set wdev with the proper value for STA interface to avoid processing
nl_cmd with P2P interface by userspace.
Change-Id: If3c1b2e11daf682a6ef535014738f4b2a2b5d009
CRs-Fixed: 2580359
Currently the driver caches the command which comes
for PS enable/disable and if the user disables the
command the API sme_ps_enable_disable cannot go
forward to enable/disable the command because
of the check for last user command cache to be disabled
or not.
Fix is to cache the command after the disable has
been sent to FW to avoid the scenario where the command
is not sent by host as the check to send the command failed.
Change-Id: Ibff459fa03aceaf6963735d22d30c54a488751f4
CRs-Fixed: 2582410
Currently the acs in progress is not set to 0 when
acs policy is 1 and the control returns the best channel
in do acs itself, hence it can lead to many unexpected
behaviour if set to 1 and acs is complete.
For example one case sceanrio is that the driver
returned from do acs without clearing the acs
in progress flag, and then stop adapter comes to
the driver for the same interface, the driver
would check that if acs in progress is tru then
it would wait for 3 seconds for it to complete.
Now since there is no complete to be there as
ACS had already been completed, there would be
an unnecessary delay for 3 seconds to shutdown
SAP which would cause latency.
Fix is to set the acs in progress as 0 when the overide
happens.
Change-Id: I03a80c4d4eeeb41f21e95e37bfbeb94e7ebee51e
CRs-Fixed: 2582703
Due to upgrade to kernel 5.4, struct pm_qos_request fields have changed,
causing compilation issues. Featurizing PM QoS so it is only enabled
for 4.19 kernel.
Change-Id: Ide2a3eb4b2bc970c6469efe8621bec55e50ecbd8
CRs-Fixed: 2580165
In SME layer, boundary check for dscp_to_up_map array is not present.
The dscpmapping is an array of 0x40 elements. Values in dscp_exceptions
are used to index dscpmapping. The indices are not validated to be less
than 0x40. The dscp_exceptions array is received from association
response frame. A malicious AP can send values up to 0xff, causing OOB
write of dscpmapping array.
Hence, max index check is added to avoid OOB write of dscpmapping array.
Change-Id: I73526849677e867673fc0bd0024ed2b003e4f89e
CRs-Fixed: 2569764
Fill HE capability and supported chan width in 6ghz
and remove VHT and HT support from the 6ghz channels
in wiphy structure.
Change-Id: Ibb1fbeca9bb7dc20b8545bc9f2b470cd7bef9fb2
CRs-Fixed: 2575744
Currently in the driver, the NSS reported to the userspace in case of
max rate reporting doesn't take into account if the hardware mode is DBS
or not. This causes the NSS to remain 2 even if the connection has
changed to 1x1.
Add a check if the current mode is DBS or not and update the NSS
accordingly.
Change-Id: I66ea830c7c6483c7ce957e1276b4ac5a535b17df
CRs-Fixed: 2579182
For SAP/P2P GO on 5G, when receive cmd to disable 5G band when
modem n79 band used, will move to 2G band via CSA.
1. If no active connection on 2G, select ch by safe list, or
channel 6.
2. If there is STA on 2G, force scc with it.
3. If there is SAP/GO on 2G, force scc with it.
4. Handle one race condition that if candidate is already
selected & FW has gone ahead with roaming or about to go ahead
when set_band comes, it will be complicated for FW to stop the
current roaming. Instead, host will check roam sync to make sure
the new AP is on 2G, or disconnect the AP.
5. If 2 SAP on 5G, move both to 2G and keep scc.
When Set band to enable 5G band again, restored all 5G SAP/Go..
Change-Id: I9b2b1ead3b4502022aeefc08359037457bb051f9
CRs-Fixed: 2580204
As per SS’s WIPS requirements, if Host receives beacon recv start
command while processing scan request, HOST should not process
beacon reporting start cmd.
Next start command should get allow only after completion of scan.
After scan completion, supplicant should send a fresh start command
to start BEACON_REPORTING again.
Change-Id: I8b64665b6d019cfab76eefba4f7b11fa7dd2782e
CRs-Fixed: 2578642
In FTM and monitor test modes cfg80211 suspend op is not allowed.
If OS tries to do frequent suspend in FTM or monitor mode it can
lead to excessive console logging and hence to avoid excessive
console logging and its side effects rate limit the console
logging for FTM and monitor test modes.
Change-Id: I8d51db21f861f038f0538865f4c0634efd983f8c
CRs-Fixed: 2580927
On some platforms with TQM, target don't know packet number of
successfully transmitted after more than one retransmission attempt,
and after TQM retry, host data path will be notified.
Adjust tx retries stats number from data path, and indicate to upper
layer when query by wlan_hdd_cfg80211_get_station() on these platforms,
other platforms keep tx retries from wmi vdev stats.
Change-Id: Ie4b9a9f3b9241a59452e3f21f68757f3638b1a19
CRs-Fixed: 2574368
For hdd_hostapd_channel_allow_suspend() and hdd_hostapd_
channel_prevent_suspend() APIs, use channel frequency
instead of channel number.
Change-Id: I05a3e60918f1b40d2cbfbdb78038540fc4a87184
CRs-fixed: 2565731
Cleanup peer id from the callers of cdp APIs from
where the peer ID was passed, and use mac address
instead to identify the STA.
Change-Id: Ie6dcae77e959439a71c11b1a2fa0daddcaa6e719
CRs-Fixed: 2529822
Add configuration CONFIG_WLAN_SYNC_TSF_TIMER and macro
WLAN_FEATURE_TSF_TIMER_SYNC to capture and get the tsf
from firmware.
Change-Id: I62298791cbafed84f1d23f1a2ecb5c2835dcd137
CRs-Fixed: 2564860
In case interface timer has expired and modules have been stopped
and there is an SSR the bus bandwidth work is not properly destroyed.
Destroy the work before checking for status of modules state since
the work will be re-initialized.
Change-Id: Ie3b8f7d6d0fe1261f9f3c412e933748fb7637ca7
CRs-Fixed: 2573341
During uplink traffic, affine RX thread to big cluster if
throughput is high and rx_packet counts above threshold.
Change-Id: I34034e79ee07c229966a279919acc11d1942b890
CRs-Fixed: 2557745
Currently, RSNE if given from userspace is overrided if the Ini
force_rsne_override is disabled as a security. But there
are sufficient checks already in kernel to validatethe RSNE
given by userspace. Hence this INI is no longer required.
Change-Id: Ifcc9298dcfa035d05e9ee4fb78a4fa2c9f249461
CRs-Fixed: 2573540
Currently GET_RING_DATA vendor command is dependent on NETDEV,
as vendor command is wiphy command which is not dependent on
NETDEV allow the flush logs command irrespective of NETDEV.
Change-Id: I8e0474ca94645685e7f1969ad668692a44f96c23
Currently control path handles of pdev/vdev/peer
are given as arguments to cdp ops, which are
directly accessed by dp layer. This can cause a
race-condition in access of the handle if it
has been deleted in parallel.
Hence as a part of cdp convergence, pass only
the psoc handle which can be accessed all over
to retrieve objmgr_pdev from psoc.
- rx_mic_error
- txrx_pdev_attach
- txrx_vdev_attach
- txrx_peer_create
Change-Id: Iaec8b913810f9035faa0010117cdff19bdded37f
CRs-Fixed: 2541431
Currently the monitor mode does not check the chan
validity and BW validity before starting the monitor
mode vdev which could result in invalid configuration
given to FW and thus further can lead to assert.
Eg. If the command comes for an invalid channel, or
suppose 160 MHZ and the device supports 80 MHZ only
then it can lead to assert.
Fix is to verify the channel and BW info and reject
the command if found invalid.
Change-Id: Iaf9f06f8d4b943bd1e8db5c22ea155a4fe3e61a8
CRs-Fixed: 2572152
Based on the ini gfine_time_meas_cap, send enable/disable value to the
firmware for STA INITIATOR/RESPONDER mode using VDEV set param.
Change-Id: Idd4142e13061cd1af992bda88d0a0b81edc42fef
CRs-Fixed: 2574050
Currently in the driver, the checks performed before NS and ARP offload
to determine whether they are necessary or not, resulted in prints to
the kernel logs.
Change the above logging level to debug.
Change-Id: Ib039ee51d2763ab2a1340d2a4b17a85c530f68fa
CRs-Fixed: 2578328
In case of STA + STA, If first STA (say STA1) is in connected state
and second STA (say STA2) has multiple candidate APs for connection,
STA2 tries connection with each APs one by one till either
successful a connection or no AP left to initiate connection.
Currently, If STA2 initiate connection with first candidate, and if
it fails, STA2 enables roaming on other interfaces (here STA1)
irrespective of connection status. This results, after connection
failure of STA2 with first AP, STA1 gets permission to start roaming.
So there could be a possibility that STA1 started roaming on VDEV0
and STA2 started connection with next AP on VDEV1 which results in
two VDEV start/re-start at the same time in FW.
Fix is to allow roaming on other interfaces only after if association
is successful or all possible candidates APs are tried by current
interface.
Change-Id: I5b765d5a8ffc10ad2903d746537e41501890ca8b
CRs-Fixed: 2577368
Clear wlan_reg_freq_to_chan in is_dfs_unsafe_extra_band_chan,
refine unsafe_channel_list for hdd_context to store frequency.
Change-Id: I48a75e053228b202122633a32e750f446f839ea3
CRs-Fixed: 2574028
In function wlan_hdd_rx_rpm_mark_last_busy math division is performed
on unsingned 64bit integer. This leads to driver load failure on 32
bit machine targets. So avoid the math division for 64bit integer.
Change-Id: I967a0a64b421b47113821e1af5379cdd0125a34d
CRs-Fixed: 2576125
Add logic to queue and bundle packets before
giving it to scheduler to ensure predictive HTC
bundling for improvement in TX throughput.
Change-Id: Ib00135ca59b4c5f0f05edc93dca115bf17174a36
CRs-Fixed: 2561671
In the latest kernels asserts if there is any unitialized work
gets flushed, stop_bss work is presently getting flushed from
multiple places and it is initialized only when there is no
channel to start the sap.
Fix it by intializing the work when the adapter is created.
Change-Id: I232247c2389f865471c7c2175bb93e254b29fc29
CRs-Fixed: 2565974
When the chip is in power save mode, it fails to report valid
TSF in the WMI_VDEV_TSF_REPORT_EVENT_ID. Even the retry may fail.
Fix this by restarting the capture when the Tx/Rx resumes.
Change-Id: Ibd0aa9275583ba40e5f53a11910960351bb76e7d
Define debugfs node in driver to
export MIB counters to user app.
Define macro WLAN_FEATURE_MIB_STATS for this
feature that gets MIB statistics from fw.
Change-Id: Icae8826309094d17e8f6d4503f617a3a7116d3c9
CRs-Fixed: 2548241
There is a race condition while handling the below scenario,
1. NAN enable request is received from framework.
2. Policy mgr opportunistic timer expired and set hw mode
initiated to Single MAC mode in scheduler thread at
the same time
As the opportunistic timer handler doesn't have any info if
NAN enable initiated in DBS mode, it's configuring the hw
mode to Single Mac Mode just before NAN enable request is sent
to firmware. So the NAN enable request is sent to firmware in
Single Mac Mode which is not allowed by firmware.
NAN enable/disable is also similar to connection in progress
status in case of STA. So provide NAN enable/disable status
through hdd_is_connection_in_progress() to the opportunistic
timer handler. Opportunistic timer handler restarts the timer as
connection(NAN enable/disable) is in progress.
Also set hw_mode_change_in_progress before checking the
connection progress status. This is to avoid a possible race in
the below scenario,
1. NAN-enable sets the state but scheduler thread had read the
state just before that
2. NAN-enable read the hw_mode_change_in_progress just
before it gets set by scheduler thread.
Change-Id: I1a184c84520deb3f6ad1ec010a0fdefda96a5364
CRs-Fixed: 2566841
cfg80211_ap_stopped() not supported anymore for kernel 5.4.
changes added to protect call to cfg80211_ap_stopped under kernel
version compilation flag.This will allow the call to be invoked for
MSM kernels which have been patched, but not for any other kernels,
including the GKI kernels.
Change-Id: I05470469eb82da174e5b9c46f7d19fc77aaca85d
CRs-Fixed: 2558981
In the 5.4 Linux kernel, the ndo_select_queue function signature has
changed. Add support for it under the kernel version compilation flag.
Change-Id: I7298f27ada14c0d96c19f5168a20971ad760fd77
CRs-Fixed: 2558984
