Add support for roaming in case the driver
detects a nud failure. The STA then would roam
to another BSSID, else if the roaming gets failed
the STA would remain connected to the same BSSID
as connected before.
Change-Id: Idbc99b0ce2f9cacd97564dd8cf9892120958eda2
CRs-Fixed: 2461675
Link BLM exposed APIs to the following:-
1. csr_get_scan_result:- Link this API with filter bssids in
the reject ap list maintained by the blacklist mgr.
2. lim_assoc_rej_add_to_rssi_based_reject_list:- Link this API
with the the blacklist mgr add bssid to reject list to add the
OCE and BTM related assoc rejects.
3. Userspace avoid list parsing logic for the userspace to set
the BSSID as avoided.
Change-Id: Id51ffb80cea3f845fefe14db25d0f7acda6ea0f3
CRs-Fixed: 2461281
The linux coding style forbids use of typedef unless clearly
some rules are met. The tSirBssDescription doesn't match any of
those criteria, so replace it with underlying structure
bss_description.
Change-Id: I36ad517325117cf04d499c7c472ca6ef5921a85d
CRs-Fixed: 2459769
The Linux Coding Style doesn't allow mixed-case names so rename
bssIdx in struct pe_session to be in compliance.
Change-Id: Idf2df6cb4ca30e4fdae74b8fb39445bb878003c5
CRs-Fixed: 2459768
The Linux Coding Style doesn't allow mixed-case names so rename
eSirBssType in struct pe_session to be in compliance.
Change-Id: Iafe6649a130c77064180c67fb1385d2d7a763370
CRs-Fixed: 2459767
In hdd_vdev_destroy, if policy_mgr_check_and_stop_opportunistic_timer
decides to move to single mac mode and while sending the HW mode change
the target goes down, this leads to timeout of the HW mode change req in
WMA layer which is 2 sec and in serialization its 4 sec, but
policy_mgr_check_and_stop_opportunistic_timer timeout in 1 sec and proceed
to sme_close_session and wait for it to complete.
sme_close_session queue WLAN_SER_CMD_DEL_STA_SESSION to serialization but
it remains in pending queue, behind HW mode change req.
Now due to SSR the wait event for sme_close_session is set and thus
hdd_vdev_destroy logically deletes the vdev.
Now on WMA timeout the HW mode change try to remove the request from
serialization which it fails to remove as it fails to get ref for vdev
with vdev being logically deleted.
Thus WLAN_SER_CMD_DEL_STA_SESSION is not processed and is flushed in
hdd_wlan_shutdown.
Thus as SSR WLAN_SER_CMD_DEL_STA_SESSION is flushed from serialization
queue, the wma_vdev_detach() is not called for that vdev and thus the
peer attached to the vdev are not deleted and wma vdev ref is also not
released, this lead vdev/peer ref leak.
To fix this update the wait timeout in
policy_mgr_check_and_stop_opportunistic_timer with proper value higher
than the serialization timeout for the HW mode change request. ALso
set the wait event in policy_mgr_pdev_set_hw_mode_cb in failure cases
as well to avoid timeout in case of hw mode change failures.
Also release pending peer and vdef refs in wma_wmi_service_close.
Change-Id: I5ddf8263b0dbf889be506332a67f5e18c1bfb111
CRs-Fixed: 2458034
When FILS authentication is performed, the key confirmation is
performed as part of the FILS exchange using association frames.
Hence, no additional 4-way handshake is necessary. But still the
host driver sets the WMI_PEER_NEED_PTK_4_WAY flag as part of
peer_assoc command. So firmware expects setting key command after
4-Way handshake is completed. But host sends the set key command
before M4 in this case, which results in firmware assert.
Don't set WMI_PEER_NEED_PTK_4_WAY for FILS connection.
Change-Id: I13451bd7592d5836c16cd648235f691b11aafb15
CRs-Fixed: 2458097
Host need to fill netbuf with qtime instead of tsf. So
host need to add tsf64 enable/disable related functions
and definitions to sync with FW.
The tsf64_time is new added to fw/host structure, so host
need to add parse functions to get tsf64_time from tx_desc.
Change-Id: Ieea0d8f905eb57629d279f8da0e811857b760b1f
CRs-Fixed: 2444456
This change I29209576622bc2495a7ce3064e82efca2e70d19a was to fix a
memory leak, but ibss creating peer pass a pointer on stack to
wma_set_stakey API, it makes a regression.
Fix it by passing all pointer from heap to wma_set_stakey API.
Change-Id: I178e4b6a15aa24faae78d9846427b3292d11a1a4
CRs-Fixed: 2455529
Currently, host sends 11k offload command to FW as part of RSO Start
and 11k offload disables to FW during RSO Stop. In case of STA+STA
concurrency, Host sends vdev_stop before 11k_deconfig for
currently enabled STA results to assert in FW.
In order to configure 11k for second STA without assertion, Driver
should de-config 11k for currently enabled STA before vdev stop/delete.
Fix is to configure 11k while start roaming and de-configure 11k
while stop roaming irrespective of the reason for roaming STOP.
Change-Id: I0915d8a0141194c331eb59ba0f2dfa9c8995628a
CRs-Fixed: 2449431
If calling lim_send_set_sta_key_req with sendRsp==false, it didn't free
the tpSetStaKeyParams memory allocated in this function. This scenario
is possible hit when station key update during roaming before new bss
adding.
Change-Id: I29209576622bc2495a7ce3064e82efca2e70d19a
CRs-Fixed: 2452108
VDEV UP command doesn't include right MBSSID information, it will
cause data stall issue and so on.
Fix is to provide right MBSSID information with VDEV UP command.
Change-Id: I0201722c14dee1b01b8dacc7e3095301fb02fd3a
CRs-Fixed: 2434405
In wma_start_extscan, it will always return error due to an
incorrect conditional statement.
Change-Id: Iddb81e34a59ff541d4a17e45b8eca13e704fb89d
CRs-Fixed: 2450704
In wma_stats_event_handler several fields lengths are added
together to check against param_buf->num_data (the overall
length of the buffer).
The problem is that num_pdev_stats, num_vdev_stats and
num_peer_stats represent the number of structures of each
type rather than the total number of bytes.
Therefore update the logic to compare the expected size of
the entire payload to the actual payload.
Change-Id: I94af679480e62a61d4b25a1f370b2f199985f874
CRs-Fixed: 2429010
Adaptive 11r feature that enables the AP to support FT-AKM
without configuring the FT-AKM in the network. The AP will
advertise non-FT akm with a vendor specific IE having Adaptive
11r bit set to 1 in the IE data. The AP also advertises the
MDE in beacon/probe response.
The STA should check the adaptive 11r capability if the AP
advertises MDE in beacon/probe and adaptive 11r capability in
vendor specific IE. If adaptive 11r capability is found,
STA should advertise the FT equivalent of the non-FT AKM.
Introdue a compile time flag WLAN_ADAPTIVE_11R_ENABLED to
enable/disable adaptive 11r support.
If the AP is adaptive 11r capable, set the is_adaptive_11r_ap
flag in bss descrtiptor. This flag will be sent in join request
and populated to pe_session. Also mark the CSR session as
adaptive 11r session based on this flag.
Add changes to check for the adaptive 11r service capability
advertised by firmware. If the host driver connects to adaptive
11r AP, enable RSO only if the firmware advertises adaptive
11r capability, else RSO should be disabled.
If the connection is adaptive 11r connection and if the adaptive
11r ini is enabled, set the adaptive_11r flag in
wmi_roam_11r_offload_tlv_param sent over the wmi command
WMI_ROAM_SCAN_MODE to the firmware. This will enable firmware to
filter the adaptive 11r AP from roam scan results.
Change-Id: If27a2393e3f4bb68942f5ebcec0135f57627f16b
CRs-Fixed: 2437988
If CRYPTO_SET_KEY_CONVERGED is enabled, the iface->key.key_cipher
is not set but is used to process multicast and broadcast
management frame.
Set iface->key.key_cipher with proper value when
CRYPTO_SET_KEY_CONVERGED is enabled.
Change-Id: I67d8bfe2210f4aad499830c4339de10c620d604d
CRs-Fixed: 2444420
Driver uses cipher stored in vdev to get the MIC length, which
may get updated if multiple peer(TDLS peer in STA case) get
connected to the vdev. Thus depending on latest peer cipher type
the MIC length will be calculated for all peers.
Add changes to store cipher info in peer and use it to calculate
MIC length for the frame if CRYPTO_SET_KEY_CONVERGED is defined.
Change-Id: I852e4b519f55d8020237989314f8506aa275f379
CRs-Fixed: 2444416
In wma_roam_synch_event_handler, if vdev_id is out of bounds,
code is redirected to cleanup, where iface is dereferenced to
set the value of roam_synch_in_progress.
This will result in a NULL pointer dereference because iface
hasn't yet been set.
Since this function does not have logic to set
iface->roam_synch_in_progress to true then it does not need
"cleanup" logic to undo that. So, remove the cleanup logic.
Change-Id: I8ffa0b9186c3595444cb188bbf00624b519e3894
CRs-Fixed: 2427334
When AP sends deauthentication/disassociation frame, host will
handle the deauth/disassoc frame. If the ini
"enable_disconnect_roam_offload" is enabled, firmware will
trigger a roam scan immediately after deauth/disassoc is
received and roam to a new AP. If roam failure happens after
this roam scan, firmware will send WMI_ROAM_EVENTID with reason
WMI_ROAM_REASON_DEAUTH.
Register a WMA callback to call the PE disconnect handler
function. This will call lim_tear_down_link_with_ap() to
handle the deauth state machine changes and posts message to
sme to inform the link lost info.
Change-Id: I404b019595b96c0710d09cb9218e3a1d28924fc7
CRs-Fixed: 2443219
When the ready event is received from the firmware, hdd callback
is called to create the pdev and update the capabilties. If
there is any error the error is not propogated back to hdd
which can result in the accessing the invalid memory.
Propagate the status correctly from hdd to wma to resolve this issue.
This will result in the probe failure until the resources are available
or reference leaks are fixed.
Change-Id: I97ec062893216e25e285d95d6bfb5cf3e91a4005
CRs-Fixed: 2426612
Generate PMK-R0 and PMK-R1NAME for FT-FILS connection and send it
over assoc request frame.
According to 802.11-2016 standard:
PMK-R0 is derived as:
R0-Key-Data = KDF-Hash-Length(XXKey, "FT-R0", SSIDlength ||
SSID || MDID || R0KHlength ||
R0KH-ID || S0KH-ID)
PMK-R0 = L(R0-Key-Data, 0, Q)
PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt))
PMK-R1 is derived as:
PMK-R1 = KDF-Hash-Length(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID)
PMK-R1Name is derived as:
PMKR1Name = Truncate-128(SHA-256(“FT-R1N” || PMKR0Name ||
R1KH-ID || S1KH-ID))
Call qdf_get_hash() function to generate a sha-256 or sha-384
hash. Use qdf_get_hash() with hmac(sha-256) or hmac(sha-384)
to generate hmac_hash.
Set PMKID count as 1 in RSN IE and copy the PMKR1-name
generated to the PMKID list. This PMKR1 should be the only
entry in PMKID list in assoc request frame sent by the driver
during FT-FILS initial mobility domain FILS connection.
Change-Id: Ic634aebbe42a58b92f871cf3258c62f7541d161a
CRs-Fixed: 2414719
With current design, firmware sends the kck, kek and replay
counters as part of wmi_key_material tlv over the
WMI_ROAM_SYNCH_EVENTID event. But the maximum supported kck key
length in wmi_key_material was 16 bytes. But for FT Suite-B
(akm 00:0f:ac:13), the kck_bits is 24 bytes long and cannot be
sent over wmi_key_material. So firmware sends kck, kek and
replay counter values over the new tlv wmi_key_material_ext.
Host driver copies the kck key with fixed 16 byte length to the
upper layers. Introduce kck_length parameter in csr_roam_info
and roam_offload_synch_ind structures and copy kck based on this
length.
Also fix maximum number of AKM suites supported to 5, as some
certification test cases advertise 5 akms.
Change-Id: Iab050e3e3f7efead8070a02094998d15f7ffcbd0
CRs-Fixed: 2400770
Peer is created but not setup in LFR3 roaming case,
then peer->rx_tid[tid].array is not initialized with a valid
value before using,which cause null point dereference in
dp_rx_defrag_cleanup() when cleaning up peer.
Change-Id: Ia8fd7773041511f3865d8ba26f4844d9b33bcec0
CRs-Fixed: 2436112
Add gTxAggSwRetry for tx aggregation case, and
Add gTxNonAggSwRetry for non tx aggregation case.
Change-Id: I92265fb4e279eaf63c45f0134f997df02bca8737
CRs-Fixed: 2436305
Add new ini to configure various roam trigger parameters:
1. "minimum_btm_candidate_score"
Consider the AP as roam candidate only if its score is greater
than minimum_btm_candidate_score. This value will be sent over
the WMI_BTM_OFFLOAD_CONFIG command.
2. "roam_scan_inactivity_time"
Device inactivity monitoring time in milliseconds for which
the device is considered to be inactive with data packets
count is less than configured roam_inactive_count.
3. "roam_inactive_data_packet_count"
Maximum allowed data packets count during
roam_scan_inactivity_time.
4. "roam_scan_period_after_inactivity"
Roam scan period in ms after device was in inactive state.
5. "btm_roam_score_delta"
Roam scan delta value for btm triggered roam scan. This value
will be sent to firmware over the WMI_ROAM_AP_PROFILE wmi
command.
6. "idle_roam_score_delta"
Roam scan delta value for Idle roam scan trigger reason. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_delta_param_list tlv.
7. "disconnect_roam_trigger_min_rssi"
Candidate minimum rssi value for disconnect roam trigger. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
8. "beacon_miss_roam_min_rssi"
Candidate minimum rssi value for BTM triggered roam. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
9. "bss_load_trigger_5g_rssi_threshold"
If connected AP is in 5GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_5g_rssi_threshold.
10. "bss_load_trigger_2g_rssi_threshold"
If connected AP is in 2GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_2g_rssi_threshold.
Change-Id: Ib026251a8ec403f4376a16a91ff1b5d969336816
CRs-Fixed: 2434922
TDLS peer state is reset to OL_TXRX_PEER_STATE_CONN when enable tdls
link and register tdls peer, then it will drop data packets to the
peer on high latency platform. So, set peer state to
OL_TXRX_PEER_STATE_AUTH once connected to tdls peer.
Change-Id: I0d02f1efa3c79c0bf41649d98a13ce8b0bf7378d
CRs-Fixed: 2423394
Add support for new wmi command WMI_ROAM_DEAUTH_CONFIG_CMDID
to send disconnect roam trigger parameters and the
new wmi command WMI_ROAM_IDLE_CONFIG_CMDID is used to send the
idle roam trigger parameters. Fill the parameters from csr to
roam request and send it as part of RSO start command to
firmware.
Fill the corresponding parameters in
csr_update_roam_scan_offload_request(). This will be sent to wmi
and the params will be copied to the wmi command buffer.
Change-Id: I3d863a3ec8c5608d47e600c760d7b3406703a953
CRs-Fixed: 2431490
Change I421b670b86a7e1cecbe5a2686efefbbb6c455267 ("qcacmn: Refine
struct add_ts_param") is updating struct add_ts_param, so update the
legacy project to align with those changes. Note that these are
interdependent changes.
Change-Id: I829ad0abb864f0a05047894bab9977d8529074dc
CRs-Fixed: 2433928
wma_motion_det_host_event_handler() get called when FW sent
WMI_MOTION_DET_HOST_EVENTID message.
After the initial processing, pmac->sme.md_host_evt_cb() is
called to send the relevant data back up to the upper layers
of WLAN.
Since this callback function is dynamically registered there
are cases where it might not be registered before this FW event
is received, resulting in a NULL pointer dereference.
Change-Id: I06b7907b39f4da0837196ccf377ecc2da325be8c
CRs-Fixed: 2428803
If both INI and FW capability is set,
enable capability flag in twt enable command.
Change-Id: I1c070256c4b672b09a1323665fc5a2f166f951fb
CRs-fixed: 2423752
Some cleanup missing from below change, remove the same to fix
compilation issue.
"Ia5b290e3367a894646f138cfeedcb9ab3012e9be"
Change-Id: I5aea8b2c5a00df6c1f8eef6a106918763816fdd0
CRs-Fixed: 2430444
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tSirWifiIfaceStat typedef does
not meet any of those criteria, so replace it (and the "tp" variant)
with a properly named struct.
Change-Id: I70f0e8c038d061cb201b52ce07097c68bcb93346
CRs-Fixed: 2428989
Driver uses cipher stored in vdev to get the MIC length, which
may get updated if multiple peer(TDLS peer in STA case) get
connected to the vdev. Thus depending on latest peer cipher type
the MIC length will be calculated for all peers.
To fix store cipher info in peer and use it to calculate MIC length
for the frame.
Change-Id: I8afbf9a3bb43c294dbacbbaa7fa0746600937d11
CRs-Fixed: 2428482
Remove unused members from wma_txrx_node,
t_wma_handle structures and related code.
Change-Id: Ia5b290e3367a894646f138cfeedcb9ab3012e9be
CRs-Fixed: 2412738
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tSirWifiRadioStat typedef does
not meet any of those criteria, so replace it (and the "tp" variant)
with a properly named struct.
In addition the Linux Coding Style frowns upon mixed-case names so
rename the members which are currently not compliant.
Also remove the obsolete tx_time_per_tpc array since it is unused.
Change-Id: I40aa287e01dc8d12ba803858cc54e79a6fccb8c9
CRs-Fixed: 2427174
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tSirWifiChannelStats typedef
does not meet any of those criteria, so replace it (and the "tp"
variant) with a properly named struct.
In addition the Linux Coding Style frowns upon mixed-case names so
rename the members which are currently not compliant.
Change-Id: I45562da6441fec1af35483d390057a2693e5d02a
CRs-Fixed: 2427173
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tSirWifiPeerStat typedef does
not meet any of those criteria, so replace it (and the "tp" variant)
with a properly named struct.
In addition the Linux Coding Style frowns upon mixed-case names so
rename the members which are currently not compliant.
Change-Id: I337e2329d544e0b6daf6650f826e736f2492ef30
CRs-Fixed: 2427168
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tSirWifiPeerInfo typedef does
not meet any of those criteria, so replace it (and the "tp" variant)
with a properly named struct.
In addition the Linux Coding Style frowns upon mixed-case names so
rename the members which are currently not compliant.
Change-Id: I1b4c872efc895e048184ea3e589dfd8ad3efab15
CRs-Fixed: 2427167
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tSirWifiRateStat typedef does
not meet any of those criteria, so replace it (and the "tp" variant)
with a properly named struct.
In addition the Linux Coding Style frowns upon mixed-case names so
rename the members which are currently not compliant.
Change-Id: Iff54772fda084fee932f6669ab937e136ab2cf66
CRs-Fixed: 2427166
Currently the key information i.e the key, and the number of keys
are not getting cleared on wifi link disconnection from wifi
driver memory, which can lead to information disclosure.
Clear the key information i.e the number of keys and
keys from wifi driver memory to avoid any potential information
disclore after wifi is turned off.
Change-Id: I45306e0d648c500f63f723b4e3ccb6098c055158
CRs-Fixed: 2415413
