In order to process QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING
vendor command, driver sends remove beacon filter cmd to fw to
allow fw to send all beacons of connected AP to driver.
But in some cases fw may wakeup host in wow mode.
To avoid these cases, with this change beacon reporting feature
will use WMI_VDEV_PARAM_NTH_BEACON_TO_HOST
command to FW instead of WMI_RMV_BCN_FILTER_CMDID
With WMI_VDEV_PARAM_NTH_BEACON_TO_HOST, in case of active reporting,
fw should send all beacons of connected AP to HOST
and also no wakeup of driver should happen in wow mode.
Change-Id: I9d0e255a6d4accb523bf4613146574239e7e0d09
CRs-Fixed: 2471627
Command timeouts for VDEV stop and PEER assoc/delete is 2 sec, which
doesn't consider delays in scheduling.
To consider scheduling delays set these values to 4 sec and change
the serialization and HDD timeouts accordingly.
Change-Id: Ifc8ca857727a7e73bbae586c0728816024f1c687
CRs-Fixed: 2472122
Propagation from qcacld2.0 to qcacld3.0.
The WMI CMD and EVENT of "get antenna isolation" are already defined,
but not used before in qcacld3.0.
Now, The host driver uses vendor command to get this information
instead of iwpriv command in qcacld-2.0.
The attribution of this feature is already defined in file
"qca_vendor.h". The name is "QCA_WLAN_VENDOR_ATTR_ANTENNA_ISOLATION".
So host driver will use vendor command
"QCA_NL80211_VENDOR_SUBCMD_GET_HW_CAPABILITY" to get the information
from lower layer.
Change-Id: I915768f622ddc9a70a95ce4fe952f19917a8f901
CRs-Fixed: 2447360
pScanFilter->BSSIDs.numOfBSSIDs is allocated as part
of function csr_neighbor_roam_prepare_scan_profile_filter
and this memory is not freed in error cases.
Hence free the allocated memory of pScanFilter->BSSIDs.numOfBSSIDs
in error cases before returning from function
csr_neighbor_roam_prepare_scan_profile_filter.
Change-Id: I411dba7ead796f84994e633a387730de6ee4d579
CRs-Fixed: 2464822
Set BSSID state as disconnected when roaming is successful
so that blacklist manager can clear the AP info if the
nud failure did not come for blacklist reset time value.
Change-Id: Ie602c02d7a43b46daa7f1b1f85cd98628da91280
CRs-Fixed: 2467319
eCsrAuthType is the enum of AKMs to be used during connection.
So the name eCsrAuthType is misleading as akm and auth algo are
different.
Also the Linux Coding Style doesn't allow mixed-case names and
so-called Hungarian notation, so rename the enum eCsrAuthType to
be compliant.
Change-Id: I35e18d1f84babd0ef2928ae9d7258028d4c9b3c5
CRs-Fixed: 2463813
The Linux Coding Style doesn't allow mixed-case names and
so-called Hungarian notation, so rename the pMsgBuf to be
compliant.
Change-Id: Ia28e9e8ce69c7fbb6853278ccdb12e722ec24e06
CRs-Fixed: 2463442
The Linux Coding Style doesn't allow mixed-case names and
so-called camelcase notation, so rename the statusCode to be
compliant with the coding style.
Change-Id: I98e0af710401a9718bdc1402617253eb970c5861
CRs-Fixed: 2463825
The Linux Coding Style doesn't allow mixed-case names and
so-called Hungarian notation, so rename the identifier pBssDesc
to be compliant.
Change-Id: I0980de75bbaaeb1eee9321621da1f3ff90e09188
CRs-Fixed: 2463446
Validate the CSR session before accessing it as the session can be
NULL for invalid session id.
Change-Id: I090d75a44bb9e78cbf7f10ac08ccad9f664e6e06
CRs-Fixed: 2462598
Currently in these APIs, driver has a potential mem leak if
the code deviates from the success path:-
1. sme_ap_disable_intra_bss_fwd, param pSapDisableIntraFwd
was not freed in case of mutex acquire gets fail.
2. sme_set_wisa_params, param cds_msg_wisa_params was not freed
in case of mutex cquire fail, and in case of msg failed to
post to scheduler.
3. sme_update_sta_inactivity_timeout, param inactivity_time was
not freed in any case, and has to be freed after use.
4. wma_del_tdls_sta, param peerStateParams needs to be freed
in every failure case, in which the driver sends a del rsp in
error case.
Change-Id: Ibb6061dc399c0f408e7469e91d8084c82786a561
CRs-Fixed: 2466435
Free Dynamic allocated memory in following scenarios:
1. In __lim_ext_scan_forward_bcn_probe_rsp()
Free dynamic allocated memory for result in failure case
2. In sme_oem_data_req()
Free dynamic allocated memory for oem_data_req in failure case.
3. In sme_notify_ht2040_mode()
Free dynamic allocated memory for pHtOpMode in default case.
4. In sme_send_rate_update_ind()
Free dynamic allocated memory for rate_upd if mutex acquire
fails.
5. In sme_txpower_limit()
Free dynamic allocated memory tx_power_limit rate_upd if mutex
acquire fails.
Change-Id: I5deccb5ac10f69ad00ea860f43c821ee7e90c71e
CRs-Fixed: 2465786
As a SAP, there are two paths to deauthenticate peer STA as:
1. Deauth issued from south bound interface (peer sending deauth etc)
2. Used issued deauth from upper layer (via hostapd_cli)
We have a race condition when deauth comes for the same peer from both
the ways resulting into process one after another.
This is happening since no check is being done at north bound interface
before issuing deauth request to SME.
Adding a check validate if deauth already in-progress for the mentioned
peer before issuing deauth req.
Change-Id: I2050cf5558dbdf6d656694c39e9f1e461e17bf01
CRs-Fixed: 2459967
Failed to set the RRM scan dwelltime below 40ms.
Modified RRM scan request API to accept active dwelltime
below 40ms and 110ms for passive scan.
Change-Id: I0a1030c6c719950c08db0bc164623556b187fe9d
CRs-Fixed: 2454281
Currently with the support of Blacklist manager
component, all the blacklist, avoid list, RSSI-REJECT
list is maintained by the BLM, hence the filter logic
of the blacklist APs in the scan component is not
required.
Cleanup the blacklist BSSID APIs, and related functionality.
Change-Id: I4c8283d2c5e4ca66c24a25d31a74026510bb452c
CRs-Fixed: 2464188
Add support for roaming in case the driver
detects a nud failure. The STA then would roam
to another BSSID, else if the roaming gets failed
the STA would remain connected to the same BSSID
as connected before.
Change-Id: Idbc99b0ce2f9cacd97564dd8cf9892120958eda2
CRs-Fixed: 2461675
Link BLM exposed APIs to the following:-
1. csr_get_scan_result:- Link this API with filter bssids in
the reject ap list maintained by the blacklist mgr.
2. lim_assoc_rej_add_to_rssi_based_reject_list:- Link this API
with the the blacklist mgr add bssid to reject list to add the
OCE and BTM related assoc rejects.
3. Userspace avoid list parsing logic for the userspace to set
the BSSID as avoided.
Change-Id: Id51ffb80cea3f845fefe14db25d0f7acda6ea0f3
CRs-Fixed: 2461281
In sme_handle_bcn_recv_start, 'mac_ctx->roam.roamSession' is not
validated for null before being passed to CSR_IS_SESSION_VALID where
dereference can occur.
Validate mac_ctx->roam.roamSession against null before passing it to
CSR_IS_SESSION_VALID.
Change-Id: I48638a320f29a906a6e8a35c000191265313b734
CRs-Fixed: 2462682
Function mlme_get_dynamic_oce_flags can return the NULL value.
Avoid and check for NULL pointer in the callers.
Change-Id: Idc83a9e5dea812a73fed24de3aa2c2c49436f7d1
CRs-Fixed: 2462716
In case of STA+STA to configure 11k for second STA without
assertion, the driver should de-config 11k for currently
enabled STA. Currently, driver de-configures 11k but not updates
corresponding vdev id results vdev id for which roam disable and
11k disable sent to fw could be different. This leads to assert
in fw.
Fix is to update corresponding vdev id also for which driver
de-configures 11k.
Change-Id: I841a0561124cf110096f5326f2d9ba191518d3f2
CRs-Fixed: 2460097
Few IOT APs advertise reduced NSS capabilities on ending
up in bad state. These APs can later recover to support
the actual NSS capabilities. In this scenario, when STA
initiates connection to these APs, which are in bad state,
reduced NSS capabilities is advertised. STA cannot later
upgrade NSS capabilities to the minimum of STA max NSS
capability and APs actual NSS capability, once AP recovers.
Fix is to advertise max NSS capability during connection
with these IOT APs based on vendor OUIs and downgrade if
AP still advertises reduced NSS capability in association
response.
Change-Id: I49ea13534b1a44fd9ffadd1e8fb44e9d782147c4
CRs-Fixed: 2453938
In csr_roam_joined_state_msg_processor, roam_info->tx_stbc is
assigned twice because of a typo.
Assign roam_info->rx_stbc as the value of
pUpperLayerAssocCnf->rx_stbc.
Change-Id: Ic90f6b486a50dcc3aca8cb7171a137a34319914d
CRs-Fixed: 2460716
A VHT beamformee shall indicate the maximum number of space-time
streams it can receive in a VHT NDP in the Beamformee STS
Capability subfield of the VHT Capabilities Information field of
the VHT Capabilities element. The SAP is advertising STS value
as 8 in both 2G and 5G band. This may cause IOT issues.
Fix the default value of beamformee STS capability value as
default value 3 for SAP.
Change-Id: I026eabeea941a33f1ffab6e498e6de90e182320e
CRs-Fixed: 2448390
The linux coding style forbids use of typedef unless clearly
some rules are met. The tSirBssDescription doesn't match any of
those criteria, so replace it with underlying structure
bss_description.
Change-Id: I36ad517325117cf04d499c7c472ca6ef5921a85d
CRs-Fixed: 2459769
The Linux Coding Style doesn't allow mixed-case names so rename
eSirBssType in struct pe_session to be in compliance.
Change-Id: Iafe6649a130c77064180c67fb1385d2d7a763370
CRs-Fixed: 2459767
The Linux Coding Style enumerates a few special cases where
typedefs are useful, but stresses "NEVER EVER use a typedef
unless you can clearly match one of those rules." The
tSirMacStatusCodes typedef does not meet any of those criteria,
so replace it properly named enum.
Change-Id: I4712acc4898a60ce78e7a6e71d2e91f5b1929c97
CRs-Fixed: 2459765
In hdd_vdev_destroy, if policy_mgr_check_and_stop_opportunistic_timer
decides to move to single mac mode and while sending the HW mode change
the target goes down, this leads to timeout of the HW mode change req in
WMA layer which is 2 sec and in serialization its 4 sec, but
policy_mgr_check_and_stop_opportunistic_timer timeout in 1 sec and proceed
to sme_close_session and wait for it to complete.
sme_close_session queue WLAN_SER_CMD_DEL_STA_SESSION to serialization but
it remains in pending queue, behind HW mode change req.
Now due to SSR the wait event for sme_close_session is set and thus
hdd_vdev_destroy logically deletes the vdev.
Now on WMA timeout the HW mode change try to remove the request from
serialization which it fails to remove as it fails to get ref for vdev
with vdev being logically deleted.
Thus WLAN_SER_CMD_DEL_STA_SESSION is not processed and is flushed in
hdd_wlan_shutdown.
Thus as SSR WLAN_SER_CMD_DEL_STA_SESSION is flushed from serialization
queue, the wma_vdev_detach() is not called for that vdev and thus the
peer attached to the vdev are not deleted and wma vdev ref is also not
released, this lead vdev/peer ref leak.
To fix this update the wait timeout in
policy_mgr_check_and_stop_opportunistic_timer with proper value higher
than the serialization timeout for the HW mode change request. ALso
set the wait event in policy_mgr_pdev_set_hw_mode_cb in failure cases
as well to avoid timeout in case of hw mode change failures.
Also release pending peer and vdef refs in wma_wmi_service_close.
Change-Id: I5ddf8263b0dbf889be506332a67f5e18c1bfb111
CRs-Fixed: 2458034
Userspace request driver to report details of each beacon
received whose bssid is same as currently connected BSS's
mac address. The driver encapsulates the details of these
beacons as an asynchronous event within vendor command:
QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING with operation
type QCA_WLAN_VENDOR_BEACON_REPORTING_OP_STOP until
userspace requests to stop sending beacons.
When driver gets stop indication from userspace, it does
the following things:
1. De-register all callback which is registered while handling
start indication
2. Add beacon filter and send it to fw
If driver is in WOW mode and WMI_ADD_BCN_FILTER_CMDID is
NOT configured, fw wakeup HOST and sends connected AP beacon.
Fw should not wakeup host if host is in wow mode. In order
to support this, configure WOW_BEACON_EVENT for STA and P2P.
Change-Id: Ie7c768fa957d02e1361e1ecb95435ba3f06034b0
CRs-Fixed: 2431360
In roaming scenario when there is no hw_mode change is required, roam
failure is sent to CSR which is causing move VDEV from INIT state to
EV_DOWN. In this case, wma_target_req buffer expected instead of
scheduler_msg. As the wrong buffer is passed, it is causing a
system instability.
Fix is not to send reassoc failure for LFR2 when there is
no change in hw_mode required and go ahead with connect.
Change-Id: I7cc7b0ee1407e04c47177838fc069db5b90353d7
CRs-Fixed: 2451178
Currently, host sends 11k offload command to FW as part of RSO Start
and 11k offload disables to FW during RSO Stop. In case of STA+STA
concurrency, Host sends vdev_stop before 11k_deconfig for
currently enabled STA results to assert in FW.
In order to configure 11k for second STA without assertion, Driver
should de-config 11k for currently enabled STA before vdev stop/delete.
Fix is to configure 11k while start roaming and de-configure 11k
while stop roaming irrespective of the reason for roaming STOP.
Change-Id: I0915d8a0141194c331eb59ba0f2dfa9c8995628a
CRs-Fixed: 2449431
With feature flag for LFR2 disabled, there is compilation
failure in the wlan host driver.
Fix the compilation issues.
Change-Id: Ic21ccd0b313c6690c72a6546eba30c1ecb306cb0
CRs-Fixed: 2453298
Currently, there is no information for roam reason
in hdd.
Fix, Handle roam reason recived from csr, print roam
reason and add roam reason in roam auth event.
Change-Id: Ib9188cb443fa81307fe23d73cce09f7c23bc7a41
CRs-Fixed: 2425910
Cleanup sme_scan_flush_result and csr_scan_flush_result to
use ucfg_scan_flush_results API to flush scan results.
Change-Id: If4ee6c56662d8b214c3b15325a5aef83c449d7c0
CRs-Fixed: 2450775
If firmware starts off-channel scan, driver does not
receive beacons. In this case driver should send a
pause event to userspace.
Change-Id: I90ba5c586656486df110778b73b236e5877f8684
CRs-Fixed: 2431359
Once driver gets QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING vendor
command with an attribute for start, firmware sends all
beacons to host for the connected peer. Host extract required info
(SSID, BSSID, Channel number, Beacon Interval, Timestamp, System
timestamp) from incoming beacon for connected AP and sends it to
userspace. Userspace needs this data for WIPS.
Change-Id: I9d6dd068a076bda79881043946be3133ee87fe84
CRs-Fixed: 2431354
Add new vendor cmd : QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING.
This subcommand is used to implement asynchronous beacon
reporting feature. Userspace can request driver/firmware to
report details of each beacon received whose bssid is same as
currently connected BSS's mac address. The driver will encapsulate
the details of these beacons as an asynchronous event within this
command id until userspace requests to stop sending beacons.
Change-Id: I9a32fe5431767b077983c7db90a2f825709f368c
CRs-Fixed: 2431351
In hdd_deregister_cb, wlan_hdd_cfg80211_stats_ext_callback should
be deregistered instead of registered.
Change-Id: Ib7051aeb4579e2573b1b1845601aee07f596bcbc
CRs-Fixed: 2449023
Currently the driver flushes all the scan results during
ACS request, and then scans the specific channels as
mentioned in the request, which leads to a scan again
for the STA interface as no scan results are available.
Fix is to have a timestamp, and get only the latest scan
results, instead of the scan database flush.
Change-Id: Icc343fcca77fb7074071ca1d467947ef70fd1930
CRs-Fixed: 2446490
Currently the driver does not sends the assoc req and assoc
response frame exchanged with the AP if the connection attempt
fails with the peer.
The connection failure can be because of n number of reasons,
OCE assoc reject be one of them.
The supplicant requires these IEs to reject the connection
attempt with the AP with which the connect attempt failed
for t number of seconds, which is mentioned by the AP.
Fix is to send the assoc req, and assoc response IEs to
the driver.
Change-Id: I9c1f7063105912a8005f9e8399640d028b15eec7
CRs-Fixed: 2445709
No channel is included for RRM scan on receiving beacon
report request with operating class 0 as there is no
channel list in the global operating class table.
Fix is to include all the valid channels for RRM scan when
operating class in beacon report request is 0.
Change-Id: I49aedbeabf14cdd709c6965a1f5af05cc7a68a76
CRs-Fixed: 2444737
Disable OCE in STA vdev if any sta gets associated to SAP/GO.
This will improve the scan results in STA interface.
Without this fix firmware will do probe request deferral for 15ms
out of 28 ms , so 15ms is gone and rest is not sufficient dwell
time to get all AP probe responses.
Change-Id: Ie6f79c86025c53360c792c740a963ed8a1d9b936
CRs-Fixed: 2443190
Adaptive 11r feature that enables the AP to support FT-AKM
without configuring the FT-AKM in the network. The AP will
advertise non-FT akm with a vendor specific IE having Adaptive
11r bit set to 1 in the IE data. The AP also advertises the
MDE in beacon/probe response.
The STA should check the adaptive 11r capability if the AP
advertises MDE in beacon/probe and adaptive 11r capability in
vendor specific IE. If adaptive 11r capability is found,
STA can advertise the FT equivalent of the non-FT AKM and
connect with 11r protocol.
Before sending probe request to the AP, the host driver
intersects the csr_roam_profile akm with the akms advertised
by the AP in the function csr_construct_rsn_ie(). Based on
the intersection, RSN IE is constructed and this RSN IE will
be sent over the association request frame. Add changes to
fill FT-PSK akm selector if AP advertises PSK akm(00:0f:ac,4).
If the AP advertises 802.1X akm, fill FT-802.1x akm(00:0f:ac,3).
If the session is adaptive 11r connection, then copy the
adaptive_11r flag to pe_session while sending join request.
Populate the adaptive 11r vendor specific IE into association
request frame.
Change-Id: Iae6ea37787e96fd7cffca32fc4d9a33eb5772f26
CRs-Fixed: 2441337
Adaptive 11r feature that enables the AP to support FT-AKM
without configuring the FT-AKM in the network. The AP will
advertise non-FT akm with a vendor specific IE having Adaptive
11r bit set to 1 in the IE data. The AP also advertises the
MDE in beacon/probe response.
The STA should check the adaptive 11r capability if the AP
advertises MDE in beacon/probe and adaptive 11r capability in
vendor specific IE. If adaptive 11r capability is found,
STA should advertise the FT equivalent of the non-FT AKM.
Introdue a compile time flag WLAN_ADAPTIVE_11R_ENABLED to
enable/disable adaptive 11r support.
If the AP is adaptive 11r capable, set the is_adaptive_11r_ap
flag in bss descrtiptor. This flag will be sent in join request
and populated to pe_session. Also mark the CSR session as
adaptive 11r session based on this flag.
Add changes to check for the adaptive 11r service capability
advertised by firmware. If the host driver connects to adaptive
11r AP, enable RSO only if the firmware advertises adaptive
11r capability, else RSO should be disabled.
If the connection is adaptive 11r connection and if the adaptive
11r ini is enabled, set the adaptive_11r flag in
wmi_roam_11r_offload_tlv_param sent over the wmi command
WMI_ROAM_SCAN_MODE to the firmware. This will enable firmware to
filter the adaptive 11r AP from roam scan results.
Change-Id: If27a2393e3f4bb68942f5ebcec0135f57627f16b
CRs-Fixed: 2437988
Use updated cp stats component to get peer rssi and tx rate,
rx rate for big data logging as legacy infrastructure is
deprecated.
Additionally add support for RX multicast broadcast packets from FW.
Change-Id: Idcab4a022a4e7e34bd15878f95ad8248ca3aa9dd
CRs-fixed: 2428582
Currently in the case of concurrent sessions running,
the driver updates the active dwell time for the scan
request to the default value, overwriting the already
filled active dwell time which the DUT got from the
AP as part of RRM request, which results in violation
of protocol.
Fix is to not update the concurrency params if the scan
request is of type RRM.
Change-Id: I09ebfbee0d282391be17aed7eaf56e3c53c2a5e2
CRs-Fixed: 2438535
With current design, firmware sends the kck, kek and replay
counters as part of wmi_key_material tlv over the
WMI_ROAM_SYNCH_EVENTID event. But the maximum supported kck key
length in wmi_key_material was 16 bytes. But for FT Suite-B
(akm 00:0f:ac:13), the kck_bits is 24 bytes long and cannot be
sent over wmi_key_material. So firmware sends kck, kek and
replay counter values over the new tlv wmi_key_material_ext.
Host driver copies the kck key with fixed 16 byte length to the
upper layers. Introduce kck_length parameter in csr_roam_info
and roam_offload_synch_ind structures and copy kck based on this
length.
Also fix maximum number of AKM suites supported to 5, as some
certification test cases advertise 5 akms.
Change-Id: Iab050e3e3f7efead8070a02094998d15f7ffcbd0
CRs-Fixed: 2400770
