Add support for SRD channels in ETSI regulatory domain
1) Add SRD channels only if DSRC feature is disabled.
2) Add user configuration to enable/disable these channels
in master mode PCL/ACS. Default is disabled.
3) Allow these channels in ACS/PCL only if the INI is set.
Change-Id: Ibd79dc95e9911ce3a0fd101f4716d9bbb8b75466
CRs-Fixed: 2264786
There are multiple issues with wmi_unified_nat_keepalive_enable():
1) WMA global functions should have a wma_ prefix.
2) The function prototype indicates it should return int status, and
the one caller, wma_add_sta_req_sta_mode(), is expecting that, but
it actually returns QDF_STATUS.
3) The function is a very thin wrapper that calls the unified WMI API
wmi_unified_nat_keepalive_en_cmd() and hence adds no real value.
Rather than address these issues, just remove the function and update
wma_add_sta_req_sta_mode() to directly call the unified WMI API
wmi_unified_nat_keepalive_en_cmd().
Change-Id: I13a4140ba6343240bde51704af2921c001f66a21
CRs-Fixed: 2271552
In function wma_extscan_change_results_event_handler(), numResults
in dest_chglist is assigning as total_entries in the event, but the
memory allocated to dest_chglist is based on the numap variable,
which may cause out of buffer read in extscan indication callback
function wlan_hdd_cfg80211_extscan_signif_wifi_change_results_ind().
Also tSirWifiSignificantChange array parsing in both the functions
is not efficient which may lead to accessing unallocated memory.
To address out of buffer read, assign numap to numResults in
dest_chglist and to address accessing of unallocated memory,
parse tSirWifiSignificantChange array with efficient logic.
Change-Id: Ia0c287147e80e17de84fe6b1cb83c8e3c29a1fa0
CRs-Fixed: 2253396
Add CDP API to set RX MIC key in datapath.
Required to perform RX demic of fragmented packets.
Change-Id: I3c05da62ff20f8551cdc5780ce2f7b8d23c73a37
CRs-Fixed: 2217884
Fix checkpatch issue introduced by change "qcacld-3.0:
separate HE caps per band", use new mac_handle_t instead
of tHalHandle in sme_update_tgt_he_cap param and fix
indent issue.
Change-Id: I91e11fd38ac72266b4afcf42d71340975127f559
CRs-Fixed: 2268400
If wmi_ready is not set, we can infer that WMI_READY_EVENTID has not
been fully processed yet. Completion of WMI_READY_EVENTID is necessary
for any follow-on messages to be processed properly, since it builds
infrastructure on host. Therefore, serialize the follow-on message with
WMI_READY_EVENT if wmi_ready is not set yet.
CRs-Fixed: 2267180
Change-Id: I2e5df318f8e40a9487502a49539252c9fde9892b
While processing the WMA_ROAM_OFFLOAD_SYNCH_IND event, The
driver takes nearly 150 to 200 msec time to just write fatal,
error and info messages to the kmsg log buffer. Also to get
tx power supplicant runs another thread while roaming. These
cause more latency(300ms) to send WMA_ROAM_OFFLOAD_SYNCH_CNF
message to fw. To decrease roam latency, the driver should
write the only necessary error message to kmsg buffer.
The fix is to change irrelevant fatal, error and info message
type to debug add a check in __wlan_hdd_cfg80211_get_txpower
to reject the request to get Tx power while roaming in progress
otherwise driver will process this and will increase the roaming
latency.
Change-Id: I6c31637f21991b5b29c1e2dd2c2935ae7d4fc3d0
CRs-Fixed: 2251824
Currently if disconnet is triggered from the supplicant, RSO Stop
is sent with reason REASON_ROAM_STOP_ALL and this sends roam_scan_mode
as 0 to the FW.
However, if disconnect is triggered from the LIM/FW, the RSO Stop
is sent with reason REASON_DISCONNECTED and leads to roam_scan_mode
being sent as 4 which does not disable RSO in the FW.
In STA+STA scenario where vdev0 receives a disconnect from LIM,
RSO is not stopped for vdev0, however driver goes ahead to enable
RSO for vdev1, which leads to FW assert.
Send roam_scan_mode as 0 for RSO Stop command with REASON_DISCONNECTED
also.
Change-Id: Id2147653ecbd91e033f42382aa00a717d280f6e6
CRs-Fixed: 2266778
Currently fw_peer_count for HO failure is done in wma_roam_ho_fail_handler
which can lead to improper reset of the fw_peer_count if a HDD triggered
disassoc is in progress for the same peer leading to fw_peer_count going
to -1.
Reset the fw_peer_count for HO failure case in wma_delete_bss_ho_fail
API as this is called from the CSR/LIM for handling HO failure as
part of CSR disconnect.
Change-Id: I1526757b085086ca51eef9b9cca0ea757ed20b61
CRs-Fixed: 2266337
While processing get_station cfg operation, HDD is using Nss
value, which gets updated during association, to calculate data
rate. So, there is a possibility of driver to report invalid
MCS index to upper layer if association happens with Nss 2 and
when data transmission is happening at Nss 1 rate.
On receiving GET STATS response, calculate Nss value based upon
the current data rate received from firmware, and pass it to HDD,
so that HDD can use the same Nss value to report valid MCS index
to the upper layer.
Change-Id: I62f029d53149a4747f619027ce69ce65fb280b8d
CRs-Fixed: 2250993
In wma_is_ccmp_pn_replay_attack peer is used without taking the ref
count and thus this can lead to peer used after free.
Fix this by taking ref of peer before using the peer in
wma_is_ccmp_pn_replay_attack and release ref once access is done.
Change-Id: Iaa5936a1c7f6f8667a68fcb646eaec4cb3aa5469
CRs-Fixed: 2264434
Make sure to follow AP for NDI self peer creation so that self peer
creation and deletion can be symmetric.
Change-Id: Ie7f9c7b5500540c824a75758337967f8d4f6e692
CRs-Fixed: 2261713
Send dfs offload enable command to firmware if phyerror offload
service bit is enabled.
Change-Id: If84164ae6dec8585e5895ee526750df5b15c201f
CRs-Fixed: 2264638
Parse the association response frame to read the
peer TWT extended capabilities and fill them in
the WMI PEER ASSOC command and send it to the
firmware.
Change-Id: I07f21010abbdaa20e212abae127009dd11e6ab7d
CRs-Fixed: 2264690
Hardware capability logs in WMA are currently logged at info level. To
avoid spamming the console logs, reduce these logs to debug level.
Change-Id: I57c9a3712bde728695ef79aab495a429b8ef79e4
CRs-Fixed: 2265455
Currently the driver creates and deletes the objmgr peer
in HDD layer. According to the latest requirement, the CDP
peer create/delete needs the pointer of objmgr peer, which
thus has to created before CDP peer create, and deleted
after CDP peer delete, which is done in WMA layer.
Remove the objmgr peer create/delete from HDD, and move it
to the WMA layer.
Change-Id: I5bd62a83864e09a3728109e2deec2adf4bb899b5
CRs-Fixed: 2264892
Currently while going to suspend, dtim parameters are not
correctly getting configured. Some other parameters to config
like the inactivity timeout are completely skipped as well.
Cleanly port the setting of dtim and other parameters during
suspend and resume.
Change-Id: Ic41a8ace3f5650e53f2dcaa416bfe241b87aa88d
CRs-Fixed: 2248160
currently some HE capability is shared same value from
MIN value of 2G and 5G capability, separate them per band.
Change-Id: I37831b4044d4ca2deaf5015fb44227c824996136
CRs-Fixed: 2239070
Android Packet Filter 3.0 requires the framework to be able
to read and write into the APF work memory in the Firmware.
It also requires to be able to enable or disable the
interpreter.
Add support for the new read/write/enable/disable operations.
Change-Id: Ic72243b918f4a8385a92b803a1ca3c5305423b52
CRs-Fixed: 2184969
The function sme_reset_passpoint_list, posts the wma message
WMA_RESET_PASSPOINT_LIST_REQ. This message is freed at the
sme_reset_passpoint_list in case of failure. But for the success
case, the req_msg is not freed at wma_mc_process_msg. This
results in mem_leak in case of success case.
Free the req_msg at wma_mc_process_msg after returning from the
call wma_reset_passpoint_network_list.
Change-Id: Ib4b427a8acc2d531ac9d6e8f92a30205163ec0ba
CRs-Fixed: 2259237
Add the compilation flags for TWT feature to Kbuild.
Based on the compilation flag, include the source
files for compilation and also include the header
files path.
Change-Id: I45991b3c9e49e2aa0ff51a2650fde69ea447bf15
CRs-Fixed: 2238302
Process the TWT enable complete event sent by the
firmware after enabling TWT.
Set the appropriate state for TWT so that it can
be used later to check if TWT is enabled or not
in the target.
Change-Id: I924387d6afc2bf80efec0fce36ea907c6932dcda
CRs-Fixed: 2238302
Read the target service capabilities for TWT requestor
and TWT responder and update them in the driver.
Change-Id: I78879eb8ff4bf47eabd81cd8d07459b810fb7d7e
CRs-Fixed: 2238302
Send the WMI_TWT_ENABLE_CMDID command to the target if the target
supports any one mode out of requestor, responder or broadcast mode.
Change-Id: I7ab21fff89e7c88bf951b333d7a923857f2123d6
CRs-Fixed: 2238302
Introduce new WNI items for TWT as follows:
WNI_CFG_TWT_REQUESTOR
WNI_CFG_TWT_RESPONDER
WNI_CFG_BCAST_TWT
Based on the INI configuration and target support, enable
or disable the TWT services in the WNI CFG database.
Change-Id: Id1b239e53f30f00220e0cefb541fc641a898e712
CRs-Fixed: 2238302
If wma_remove_peer() fails to remove peer and send PEER_DELETE command
to fw, it will cause issues afterwards and asserts at random places
that would be misleading.
Assert in wma_remove_peer() if peer remove fails.
Change-Id: I97a4b72c359a4e2322c9c499d01f21a4d287e8fd
CRs-Fixed: 2252886
The tSirRetStatus definitions are obsolete, so replace them with
QDF_STATUS definitions in the wma folder.
Change-Id: I3ba728e378697fb02f02322e7a467cd4f8a62c10
CRs-Fixed: 2262962
In implementation of Android Packet Filter, functions, variables,
definitions are named after BPF, which stands for Berkely Packet
Filter. The term was more appropriate for Link Layer packet
filters implemented in the Linux kernel, known as Linux Socket
Filters.
The term BPF is obsolete now, so rename it with the
appropriate acronym, APF.
Change-Id: I9e02edbc580ffb2c559c8e864f54d255fc2d51a3
CRs-Fixed: 2191530
PMO should not know about vdev data path handle, but
pmo_unpause_all_vdev() need it, so register a wma callback to retrieve
the vdev dp handle instead of keep a copy in pmo vdev private context.
Refine current code to retrieve vdev dp handle using a wma callback
Change-Id: I1f668fff633a5e5cdfc478e7f619e9600930b333
CRs-Fixed: 2227384
During a channel switch, host sends the beacon template to the FW.
Currently the CSA/ECSA Channel Switch count offset fields in the
WMI_BCN_TMPL_CMDID fixed params are not filled from the host.
Add changes to calculate the CSA/ECSA Switch count offset from
start of the beacon template data and fill it in the fixed
params field for WMI_BCN_TMPL_CMDID.
Change-Id: Icb568f59346972784c4aceef9b42c8543adaa889
CRs-Fixed: 2246600
In wma_is_pkt_drop_candidate the frame received time is updated
even when the frame was dropped and thus the received time of
the frame keeps on increasing. Thus the condition to check if
frame is allowed after WMA_MGMT_FRAME_DETECT_DOS_TIMER ms always
fails if driver continuously keep on getting the frames.
This can lead to dropping of valid deauth/disassoc frames in case
if RMF is enabled and some rouge peer keep on sending rogue
deauth/disassoc frames and thus even if peer send valid deauth
peer will not get disconnected.
To fix this update the rcvd time stamp only when the frame is
allowed, as this timestamp should be used to block the duplicate
frames for WMA_MGMT_FRAME_DETECT_DOS_TIMER ms.
Change-Id: I4f480e21369b585d78f240c5f4f062d010d889a8
CRs-Fixed: 2256679
Add support for getting cfg integer from PMO. Register callbacks
during pe_open/close so that PMO can query CFG int values for
calculating parameters like listen interval etc.
Change-Id: I52d165586576e547e175ba276e6b7225db5b27e0
CRs-Fixed: 2252661
Currently after dp peer delete peer info is logged which leads
to invalid pointer access. Do not log the peer info after it is
deleted.
Change-Id: If4c2d9af7e3f2b29e3e034eec08fa68fd329257b
CRs-Fixed: 2259026
Peer removal happens in MC thread context and the corrresponding
unmap events processed in soft IRQ context. But both the events
are not synchronized correctly and causes race condition
in the system.
Apply reference count for the peer to avoid this
problem.
Change-Id: If1ca656a4dc0325032069af926697784cdec9b2d
CRs-Fixed: 2183468
In the function wma_update_intf_hw_mode_params, vdev_id received
from caller wma_pdev_set_hw_mode_resp_evt_handler, is used as
the array index for wma->interfaces. If vdev_id exceeds
wma->max_bssid then a possible OOB write could occur.
Add check to validate vdev_id against wma->max_bssid. Print
error if it exceeds.
Change-Id: I3ddf5e1b24fbd2bd401ac879219300857d05e4b7
CRs-Fixed: 2243990
new INI gNumVdevs is added to allow number of VDEV support
for both Host and FW. Also Updated logic to calculate num_peers
and num_tids.
Change-Id: Ife5ff24e9594c8986913c06899ac5e41c83fc75c
CRs-Fixed: 2245506
The API wma_inc_wow_stats lacks a break in switch case
after WOW_REASON_OEM_RESPONSE_EVENT. Due to this
execution falls through to the next case statement or
default.
Fix is to add a break after WOW_REASON_OEM_RESPONSE_EVENT
Change-Id: I0b95fd55403b29d74a471f038e518c58c81cfcf7
CRs-Fixed: 2233189
In wma_unified_link_peer_stats_event_handler() we are checking
if buf_len is of proper value. At this point buf_len is may be
uninitialized, thus causing a compilation issue.
Initialize buf_len before use in the validation check.
Change-Id: Ia19de3c5c8bcd154670a44a9dafca31c6bf0b76b
CRs-Fixed: 2256229
In wma_unified_link_peer_stats_event_handler a check for excess WMI
buffer is done by comparing difference between WMI_SVC_MSG_MAX_SIZE and
buffer length with size of wmi_peer_stats_event_fixed_param. In case the
buffer length is a value larger than WMI_SVC_MSG_MAX_SIZE, and as buffer
length is an unsigned integer, it causes an integer overflow and results
in a very large value, thus invalidating the check.
Change the check to compare difference of WMI_SVC_MSG_MAX_SIZE and size
of wmi_peer_stats_event_fixed_param with the buffer length which
prevents chance of integer overflow.
Change-Id: Ic99d0cf6b34c7c45dde3c4feb50e102807564eff
CRs-Fixed: 2224451
In function wma_send_offload_11k_params, check to support 11k offload
in FW fails due to usage of older WMI_SERVICE_EXT_IS_ENABLED leading
to 11k offload params not sent to FW.
Add changes to use wmi_service_enabled instead of
WMI_SERVICE_EXT_IS_ENABLED in wma_send_offload_11k_params.
Change-Id: Ic71043f448d74066a234ae1cb9513a1580011abd
CRs-Fixed: 2255255
Enable PNO feature in FW feature config such that WiFi
kernel space driver can return proper PNO feature capability
to user space.
Change-Id: I1360050aab0224b109ee9b3912d1aa428f5a5ed7
CRs-Fixed: 2249491
Current ucfg API's that disables wow events accept a u32 bitmap
variable. A pointer to that variable is passed to core API where
it assumes it as a u32 array of 4 bytes. This will lead to out of
bound memory access.
Change wow enable/disable API's to accept wow event type as the
parameter.
Change-Id: I220aaddfea62ab96f121014d0d65a1406988c946
CRs-Fixed: 2233108
