Add new vendor cmd : QCA_NL80211_VENDOR_SUBCMD_BEACON_REPORTING.
This subcommand is used to implement asynchronous beacon
reporting feature. Userspace can request driver/firmware to
report details of each beacon received whose bssid is same as
currently connected BSS's mac address. The driver will encapsulate
the details of these beacons as an asynchronous event within this
command id until userspace requests to stop sending beacons.
Change-Id: I9a32fe5431767b077983c7db90a2f825709f368c
CRs-Fixed: 2431351
CSA on DFS channels requires CAC period after RESTART response, peers
can leave during CAC period due to HB failure. But peers remain
connected in SAP and are not deleted.
Now if vdev down is called during CAC wait period, the peer delete
all is not called, and vdev delete is sent without sending peer
delete to firmare leading to assert.
This change adds the logic to internally disconnect all peers before
channel switch if CAC is required on new channel, i.e new channel is
DFS and pre-CAC is not done and ignore cac is not set.
Change-Id: I923fd11d1b9d4a2c606b19ff94baaf44397d3e20
CRs-Fixed: 2449104
Add support to pass scan priority to override the def scan priority
for cfg initiated scan.
Change-Id: I454c2667d1814d96fbb611e6ecbb90d4154ec9b5
CRs-Fixed: 2449730
While processing vendor command WIFI_TEST_CONFIG_TWT_SETUP,
in respective command handler __wlan_hdd_cfg80211_set_wifi_test_config()
there is no maximum range check of INTVL_EXP and INTVL_MANTISSA attrs
which can lead to potential integer overflow.
Also there is no check whether mandatory attrs like DURATION,
INTVL_MANTISSA etc., are present. If these mandatory attrs are
not present then driver is initializing them to zeros
which can lead to divide by zero error when calculating wake interval.
To address this, return error when mandatory attributes are not
present and add maximum range check.
Change-Id: If3ac71e1263906fdd502c77103e1fff91f65e816
CRs-Fixed: 2435728
In hdd_deregister_cb, wlan_hdd_cfg80211_stats_ext_callback should
be deregistered instead of registered.
Change-Id: Ib7051aeb4579e2573b1b1845601aee07f596bcbc
CRs-Fixed: 2449023
Currently the driver flushes all the scan results during
ACS request, and then scans the specific channels as
mentioned in the request, which leads to a scan again
for the STA interface as no scan results are available.
Fix is to have a timestamp, and get only the latest scan
results, instead of the scan database flush.
Change-Id: Icc343fcca77fb7074071ca1d467947ef70fd1930
CRs-Fixed: 2446490
Scenario of the issue is :-
1. Keep sta+sap_scc_dfs_ch as 0 to disable the dfs concurrency
2. Start a SAP on any 5ghz channel(NON-DFS).
3. Start a STA on a DFS channel.
Expectation: The SAP should not do MCC, SCC as the above
mentioned ini is 0, also MCC is not prefereed in a HW
solution where DFS is preferred, hence the SAP should go
to 2.4ghz and DBS should be the expectation.
Observation: The SAP does not do a DBS operation, and falls to
MCC here.
Reason: When the SAP gets a PCL in the path of SAP restart,
the PCL feels that a new SAP is going to come up, and hence
gives the best channel (first element of PCL ) as its own,
which leads to restart being rejected, as the SAP cannot start
on a channel which is the same as existing.
The final channel then selected is the STA channel, leading to
DFS SCC which is also not allowed. Hence the SAP is now stuck
in MCC(STA+SAP , one on DFS, and the other on NON-DFS channel).
Fix: The fix is to get an alternate channel for SAP restart, other
than the channel on which the SAP is already up, to lead to DBS,
if the STA channel is not suitable for SCC operaion.
Change-Id: Iab3ad22b2f970ca26ce3e6bc7a9b5ee34bc7e7ba
CRs-Fixed: 2443718
Currently the driver does not sends the assoc req and assoc
response frame exchanged with the AP if the connection attempt
fails with the peer.
The connection failure can be because of n number of reasons,
OCE assoc reject be one of them.
The supplicant requires these IEs to reject the connection
attempt with the AP with which the connect attempt failed
for t number of seconds, which is mentioned by the AP.
Fix is to send the assoc req, and assoc response IEs to
the driver.
Change-Id: I9c1f7063105912a8005f9e8399640d028b15eec7
CRs-Fixed: 2445709
Commit I0f79731a750c9d759bcd5593f11a740572e9d4ad added wow disable
check to disable wow(apps low power) mode features for all modes.
Move wow disable check after hdd validate context to make code more
readable. There is no issue with current code as well because DSC
vdev op protection already protects cfg80211 suspend/resume OPs
from SSR and driver unload.
Change-Id: I3a39a445e7431735e8ac64fc12b9e7ba71d8816c
CRs-Fixed: 2447777
Currently HE capable for TDLS peer is set from STA connection
session which sets the TDLS peer HE capability incorrectly.
Set the HE capable setting for TDLS peer from the peer STA
context that has correct value.
Change-Id: I232d32fb45ea5bbe7c2925922de3804e28f888cc
CRs-Fixed: 2441422
When sending keepalive packets if there is failure in mapping
request id to pattern id in function -
hdd_map_req_id_to_pattern_id(), error code EINVAL is returned.
This error code is misleading and not sufficient to inform the
userspace that all available buffers are utilized and it should
stop sending keepalive packets.
Return proper error code if all available buffers are utilized
and no buffers are available to address any new request to send
keepalive packets.
Change-Id: Ie54299a0a7ff43a7044316d641d19ce12ac047c8
CRs-Fixed: 2445981
Currently Roam Scan time is misspelled as Raom in roam_stats debugfs,
fix with proper spell.
Change-Id: I7d5d889da1e168990f44ce609273812a7ba4ec3e
CRs-Fixed: 2445715
If gEnableSapSuspend is disabled then in both SAP and GO mode
cfg80211 suspend should be rejected. Fix a boolean logic typo
in GO mode such that GO mode behaves same as SAP mode.
Change-Id: I49ab2a378f32eb4dedaa57183ad78cc022419cfa
CRs-Fixed: 2446133
wlan_vdev_get_bsspeer() return bss peer without taking the ref count
of the peer and thus if peer is deleted after wlan_vdev_get_bsspeer()
returns a valid peer, the caller will have stale entry of the peer.
Stale entry of peer can lead to Assert.
Use wlan_objmgr_vdev_try_get_bsspeer API in hdd to get the BSS peer
which increment the refcount if peer is valid. With this the peer
won't be deleted till the caller release the ref count of the peer.
Change-Id: I9adf79810c7ec02af377f485eee596dd14289b50
CRs-Fixed: 2445716
No channel is included for RRM scan on receiving beacon
report request with operating class 0 as there is no
channel list in the global operating class table.
Fix is to include all the valid channels for RRM scan when
operating class in beacon report request is 0.
Change-Id: I49aedbeabf14cdd709c6965a1f5af05cc7a68a76
CRs-Fixed: 2444737
Disable OCE in STA vdev if any sta gets associated to SAP/GO.
This will improve the scan results in STA interface.
Without this fix firmware will do probe request deferral for 15ms
out of 28 ms , so 15ms is gone and rest is not sufficient dwell
time to get all AP probe responses.
Change-Id: Ie6f79c86025c53360c792c740a963ed8a1d9b936
CRs-Fixed: 2443190
WoW feature may need to be disabled for certain targets
hence add an INI item gDisableWow to disable wow feature
for all modes.
Change-Id: I0f79731a750c9d759bcd5593f11a740572e9d4ad
CRs-Fixed: 2446226
In wma_stats_event_handler several fields lengths are added
together to check against param_buf->num_data (the overall
length of the buffer).
The problem is that num_pdev_stats, num_vdev_stats and
num_peer_stats represent the number of structures of each
type rather than the total number of bytes.
Therefore update the logic to compare the expected size of
the entire payload to the actual payload.
Change-Id: I94af679480e62a61d4b25a1f370b2f199985f874
CRs-Fixed: 2429010
The FTIE subelem lengths are validated before copying
the R0-KH and R1-KH subelement. So remove the sub-element
length sanity check, which is causing parse failure.
Change-Id: I2fd2423e3d33e557e93a82ca250cb8bee1013c1a
CRs-Fixed: 2445863
pLimJoinReq will be NULL for the pe session, created when
STA does a successful FT-Preauth with target AP, using LFR
2.0 based roaming.
Any subsequent roaming using this new pe session will cause NULL
pointer dereference.
Hence checking validity of session->pLimJoinReq before accessing.
Change-Id: I47480a4d22c02ce1cc804430f60e8adf7959164e
CRs-Fixed: 2433647
Adaptive 11r feature that enables the AP to support FT-AKM
without configuring the FT-AKM in the network. The AP will
advertise non-FT akm with a vendor specific IE having Adaptive
11r bit set to 1 in the IE data. The AP also advertises the
MDE in beacon/probe response.
The STA should check the adaptive 11r capability if the AP
advertises MDE in beacon/probe and adaptive 11r capability in
vendor specific IE. If adaptive 11r capability is found,
STA can advertise the FT equivalent of the non-FT AKM and
connect with 11r protocol.
Before sending probe request to the AP, the host driver
intersects the csr_roam_profile akm with the akms advertised
by the AP in the function csr_construct_rsn_ie(). Based on
the intersection, RSN IE is constructed and this RSN IE will
be sent over the association request frame. Add changes to
fill FT-PSK akm selector if AP advertises PSK akm(00:0f:ac,4).
If the AP advertises 802.1X akm, fill FT-802.1x akm(00:0f:ac,3).
If the session is adaptive 11r connection, then copy the
adaptive_11r flag to pe_session while sending join request.
Populate the adaptive 11r vendor specific IE into association
request frame.
Change-Id: Iae6ea37787e96fd7cffca32fc4d9a33eb5772f26
CRs-Fixed: 2441337
Adaptive 11r feature that enables the AP to support FT-AKM
without configuring the FT-AKM in the network. The AP will
advertise non-FT akm with a vendor specific IE having Adaptive
11r bit set to 1 in the IE data. The AP also advertises the
MDE in beacon/probe response.
The STA should check the adaptive 11r capability if the AP
advertises MDE in beacon/probe and adaptive 11r capability in
vendor specific IE. If adaptive 11r capability is found,
STA should advertise the FT equivalent of the non-FT AKM.
Introdue a compile time flag WLAN_ADAPTIVE_11R_ENABLED to
enable/disable adaptive 11r support.
If the AP is adaptive 11r capable, set the is_adaptive_11r_ap
flag in bss descrtiptor. This flag will be sent in join request
and populated to pe_session. Also mark the CSR session as
adaptive 11r session based on this flag.
Add changes to check for the adaptive 11r service capability
advertised by firmware. If the host driver connects to adaptive
11r AP, enable RSO only if the firmware advertises adaptive
11r capability, else RSO should be disabled.
If the connection is adaptive 11r connection and if the adaptive
11r ini is enabled, set the adaptive_11r flag in
wmi_roam_11r_offload_tlv_param sent over the wmi command
WMI_ROAM_SCAN_MODE to the firmware. This will enable firmware to
filter the adaptive 11r AP from roam scan results.
Change-Id: If27a2393e3f4bb68942f5ebcec0135f57627f16b
CRs-Fixed: 2437988
Currently in connect_info debugfs file, only tx rate info is presented.
Add rx_bit_rate to present rx rate info.
Change-Id: I24ceb287880a60896b49b69d40646b549fd9a3d1
CRs-Fixed: 2440285
Before CFG/INI convergence to the new cfg module, hdd maintained
the infrastructure to parse ini items from WCNSS_qcom_cfg.ini and
push the value to hdd_config members. With all the cfg/ini moved
to the new converged CFG component, this infra is not required.
So cleanup the legacy ini infrastructure in HDD.
Change-Id: Ia028edd10682a0ac8ed6a663c20ba5f67b962f1d
CRs-Fixed: 2445314
If CRYPTO_SET_KEY_CONVERGED is enabled, the iface->key.key_cipher
is not set but is used to process multicast and broadcast
management frame.
Set iface->key.key_cipher with proper value when
CRYPTO_SET_KEY_CONVERGED is enabled.
Change-Id: I67d8bfe2210f4aad499830c4339de10c620d604d
CRs-Fixed: 2444420
Driver uses cipher stored in vdev to get the MIC length, which
may get updated if multiple peer(TDLS peer in STA case) get
connected to the vdev. Thus depending on latest peer cipher type
the MIC length will be calculated for all peers.
Add changes to store cipher info in peer and use it to calculate
MIC length for the frame if CRYPTO_SET_KEY_CONVERGED is defined.
Change-Id: I852e4b519f55d8020237989314f8506aa275f379
CRs-Fixed: 2444416
In wma_roam_synch_event_handler, if vdev_id is out of bounds,
code is redirected to cleanup, where iface is dereferenced to
set the value of roam_synch_in_progress.
This will result in a NULL pointer dereference because iface
hasn't yet been set.
Since this function does not have logic to set
iface->roam_synch_in_progress to true then it does not need
"cleanup" logic to undo that. So, remove the cleanup logic.
Change-Id: I8ffa0b9186c3595444cb188bbf00624b519e3894
CRs-Fixed: 2427334
Currently SAR feature version is decided based on
feature flag WLAN_FEATURE_SARV1_TO_SARV2, if this
flag is enabled SAR version 2 is used.
Add an ini support to specify the SAR version.
Change-Id: Ib3ac8a3e7320d3e7f303ae14828d2b0428ca2993
CRs-fixed:
Use updated cp stats component to get peer rssi and tx rate,
rx rate for big data logging as legacy infrastructure is
deprecated.
Additionally add support for RX multicast broadcast packets from FW.
Change-Id: Idcab4a022a4e7e34bd15878f95ad8248ca3aa9dd
CRs-fixed: 2428582
There is chance that some active thread is running and
skip stop modules. In that case driver should not
deregister policy mgr callback.
Call hdd_deregister_policy_manager_callback after
active thread check when stop modules.
Change-Id: I5fe3e438e87da0b333ae9b20994e58228fa67918
CRs-Fixed: 2443271
When run cmd: wpa_cli driver SETROAMINTRABAND 1 to runtime
configure intro BSS roaming capability, PCL isn't updated to F/W
and intro BSS roaming doesn't work until next connection or
disconnection, it is not our expectation.
Change-Id: I9e8f7de4d87ca00e8ddcb63cc30d784e0c786a9e
CRs-Fixed: 2444463
Introduces a new build flag 'DYNAMIC_SINGLE_CHIP':
If DYNAMIC_SINGLE_CHIP is defined, which means there
are multiple possible drivers, but only requires one
instance of driver at a time. In such case, leave
MULTI_IF_NAME undefined, no matter what the module
name is, only prepend DYNAMIC_SINGLE_CHIP to names
of firmware/mac/ini files.
Take path of driverdump and ini file for example:
If both MULTI_IF_NAME and DYNAMIC_SINGLE_CHIP are not
defined, the paths are:
driverdump: '/proc/debugdriver/driverdump'
ini: '/<fw_root>/wlan/qca_cld/WCNSS_qcom_cfg.ini'
If DYNAMIC_SINGLE_CHIP is defined as 'qca6174':
driverdump: '/proc/debugdriver/driverdump'
ini: '/<fw_root>/wlan/qca_cld/qca6174/WCNSS_qcom_cfg.ini'
If MULTI_IF_NAME is defined as 'qca6174' and
DYNAMIC_SINGLE_CHIP is not defined:
driverdump: '/proc/debugdriverqca6174/driverdump'
ini: '/<fw_root>/wlan/qca_cld/qca6174/WCNSS_qcom_cfg.ini'
On LA platform, DYNAMIC_SINGLE_CHIP is controlled by
TARGET_WLAN_CHIP and TARGET_MULTI_WLAN:
If more than one WLAN devices are enabled in TARGET_WLAN_CHIP,
and TARGET_MULTI_WLAN is not set to 'true',
DYNAMIC_SINGLE_CHIP will be set to the device name, to
avoid name conflicts of firmware/mac/ini files;
meanwhile, MODNAME is set to 'wlan', then paths for
debugging are not changed.
Otherwise, MULTI_IF_NAME will be defined if requires
multiple instances of driver.
Change-Id: I22ed34d80d3540451bf8b891243c6cdac5a73d7e
CRs-Fixed: 2402432
Do not allow tdls peer update command if tdls peer is not
found in lim. If peer assoc command is given to FW
without peer create, FW will assert.
Remove tdls peers in tdls component in case of roaming as
peers are deleted in lim as part of roaming.
Change-Id: Ie227da682e4d30c9b583881f7e2eaafe91826476
CRs-Fixed: 2441951
This commit reverts 830c969fc9.
The changes are taken care at the upper layer to not invoke
the driver unload during the system reboot.
Hence reverting the change which added the reboot notification
to driver
Change-Id: I9582fd4b7db158756a2f558a65a79c3f733e97a0
CRs-Fixed: 2443790
Currently as response of GETBSSINFO command driver is sending
actual bitrate information in connected and disconnected case.
According to new requirement send max supported bitrate of AP
as response of GETBSSINFO command in case of connected station.
Change-Id: I15624bf0c50af37847b8e1c0fe8bc9a880d3d021
CRs-fixed: 2434270
Structure he_ops_network_endian doesn't match 11ax
spec definition for he operation element format.
Driver will parse the wrong value from hostapd data.
Fix is to refine structure he_ops_network_endian
according to 11ax spec, basically sync with structure
tDot11fIEhe_op definition.
Change-Id: I173eca9a2d73df24e44560508c6514479f7d4e5e
CRs-Fixed: 2437831
When AP sends deauthentication/disassociation frame, host will
handle the deauth/disassoc frame. If the ini
"enable_disconnect_roam_offload" is enabled, firmware will
trigger a roam scan immediately after deauth/disassoc is
received and roam to a new AP. If roam failure happens after
this roam scan, firmware will send WMI_ROAM_EVENTID with reason
WMI_ROAM_REASON_DEAUTH.
Register a WMA callback to call the PE disconnect handler
function. This will call lim_tear_down_link_with_ap() to
handle the deauth state machine changes and posts message to
sme to inform the link lost info.
Change-Id: I404b019595b96c0710d09cb9218e3a1d28924fc7
CRs-Fixed: 2443219
1. Move the VDEV SM to UP state in lim_process_mlm_reassoc_cnf in
success cases similar to lim_handle_sme_join_result.
2. Handle LFR2 fail case in lim_process_mlm_reassoc_cnf
1) Vdev start failure
2) Reassoc timeout
3) Reassoc reject
Change-Id: Id34715faa9428fc11f5330a353258542c8ce29e3
CRs-Fixed: 2442470
Add stop_th and start_th for QCA_LL_TX_FLOW_CONTROL_V2 disabled
platform, which is pdev based tx_desc pool. Change pdev tx_desc pool
size from 1056 to 900, default stop_th is 15% start_th is 25%, this
setting is exactly same as QCA_LL_TX_FLOW_CONTROL_V2. Pause netif tx
queues for all vdevs when stop_th reached instead of dropping frames.
Reduce pdev pool size could significantly reduce firmware wmm drop. Both
of host and firmware frame dropps lead to bad TCP throughput.
Change-Id: I77daf8c9fdef624f8ec479885b7705deb1fef142
CRs-Fixed: 2436772
Currently in the case of concurrent sessions running,
the driver updates the active dwell time for the scan
request to the default value, overwriting the already
filled active dwell time which the DUT got from the
AP as part of RRM request, which results in violation
of protocol.
Fix is to not update the concurrency params if the scan
request is of type RRM.
Change-Id: I09ebfbee0d282391be17aed7eaf56e3c53c2a5e2
CRs-Fixed: 2438535
Modify get tx success ack count api to support it for
lithium datapath by passing pdev reference.
Change-Id: Ibf4396bba941fd4f7e1dc55ca24534fecf54e01e
CRs-Fixed: 2438716
Currently there is no way to find out PD Restart indication,
so platform driver has added an API to differentiate PD Restart
from SSR. Using this API in shutdown notify handler, sending
message to IPA to do required cleanup.
Change-Id: I9d07c6fc573b6db1c7d0c1b7c99f325e22fe81cd
CRs-Fixed: 2436036
When the ready event is received from the firmware, hdd callback
is called to create the pdev and update the capabilties. If
there is any error the error is not propogated back to hdd
which can result in the accessing the invalid memory.
Propagate the status correctly from hdd to wma to resolve this issue.
This will result in the probe failure until the resources are available
or reference leaks are fixed.
Change-Id: I97ec062893216e25e285d95d6bfb5cf3e91a4005
CRs-Fixed: 2426612
Generate PMK-R0 and PMK-R1NAME for FT-FILS connection and send it
over assoc request frame.
According to 802.11-2016 standard:
PMK-R0 is derived as:
R0-Key-Data = KDF-Hash-Length(XXKey, "FT-R0", SSIDlength ||
SSID || MDID || R0KHlength ||
R0KH-ID || S0KH-ID)
PMK-R0 = L(R0-Key-Data, 0, Q)
PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt))
PMK-R1 is derived as:
PMK-R1 = KDF-Hash-Length(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID)
PMK-R1Name is derived as:
PMKR1Name = Truncate-128(SHA-256(“FT-R1N” || PMKR0Name ||
R1KH-ID || S1KH-ID))
Call qdf_get_hash() function to generate a sha-256 or sha-384
hash. Use qdf_get_hash() with hmac(sha-256) or hmac(sha-384)
to generate hmac_hash.
Set PMKID count as 1 in RSN IE and copy the PMKR1-name
generated to the PMKID list. This PMKR1 should be the only
entry in PMKID list in assoc request frame sent by the driver
during FT-FILS initial mobility domain FILS connection.
Change-Id: Ic634aebbe42a58b92f871cf3258c62f7541d161a
CRs-Fixed: 2414719
With current design, firmware sends the kck, kek and replay
counters as part of wmi_key_material tlv over the
WMI_ROAM_SYNCH_EVENTID event. But the maximum supported kck key
length in wmi_key_material was 16 bytes. But for FT Suite-B
(akm 00:0f:ac:13), the kck_bits is 24 bytes long and cannot be
sent over wmi_key_material. So firmware sends kck, kek and
replay counter values over the new tlv wmi_key_material_ext.
Host driver copies the kck key with fixed 16 byte length to the
upper layers. Introduce kck_length parameter in csr_roam_info
and roam_offload_synch_ind structures and copy kck based on this
length.
Also fix maximum number of AKM suites supported to 5, as some
certification test cases advertise 5 akms.
Change-Id: Iab050e3e3f7efead8070a02094998d15f7ffcbd0
CRs-Fixed: 2400770
On failure in processing beacon report request in
sme_rrm_process_beacon_report_req_ind, xmit ind is
not sent to PE. This will result in all subsequent
beacon report requests to fail as current request
in PE is not freed. Beacon report request is received
with country code US-O and operating class 12. In this
scenario, third byte in country code is overwritten to
global_op_class which causes no channel to be populated
for scan as there is no operating class 12 in global op
class.
Fix is to send xmit ind to PE on failure in processing
beacon report req in SME for cleanup and not overwrite
the third byte in country code if value exceeds global
op value.
Change-Id: Ie07dbb1f45803cf93b45df2173f0ad064a194cb3
CRs-Fixed: 2439827
Propagation from qcacld-2.0 to qcacld-3.0
For the sap role, .get_station would invoke
wlan_hdd_get_station_remote() or wlan_hdd_get_sap_stats(), depends on
"gSapGetPeerInfo" ini setting. And fix the logic of determine sap get
peer info enable or not by target capability.
CRs-Fixed: 2427627
Change-Id: I3162950a6a7202d55b64ff9c60a26971d3a31555
In some parse APIs the duplicate IE detection logic is not present
and thus duplicate IE will be processed again.
Fix by adding logic in missed API to parse IEs.
Change-Id: I0ad5decf41e72783c211fca2ca56d796b08a1003
CRs-Fixed: 2441001
Peer is created but not setup in LFR3 roaming case,
then peer->rx_tid[tid].array is not initialized with a valid
value before using,which cause null point dereference in
dp_rx_defrag_cleanup() when cleaning up peer.
Change-Id: Ia8fd7773041511f3865d8ba26f4844d9b33bcec0
CRs-Fixed: 2436112
Add gTxAggSwRetry for tx aggregation case, and
Add gTxNonAggSwRetry for non tx aggregation case.
Change-Id: I92265fb4e279eaf63c45f0134f997df02bca8737
CRs-Fixed: 2436305
Currently, the function csr_save_tx_power_to_cfg does not
update the max_tx_power_24/5 length before it copies the
max_tx_power_24/5 data. Then the channel and tx power info
is not complete.
Change-Id: I99e4def6678b68e192f421d03ca7768b341dfbab
CRs-Fixed: 2437214
Connection is initiated with AP1, roaming to AP2 and then
roaming back to AP1.In this scenario, after assoc is done
to AP1 firmware has the pmk for AP1. Now firmware roams to
AP2 and sends roam sync indication with status as connected
and 1x is now offloaded to supplicant. Now even before 1x is
complete driver enables RSO for AP2 , due to this firmware
receives same PMK as that of AP1. Firmware flushes AP1 entry
because AP2 also has same PMK. After 1x , supplicant issues
new PMK which is sent to firmware and firmware updates this
for AP2 . Now when firmware tries to roam to AP1 and it dosent
have pmk for AP1 and it results in full EAP HS.
Change-Id: Id1a0b227cf7be12efa23f63c0abac6d3419469d5
CRs-Fixed: 2432114
In case of no scan result, ACS logic should select one channel based on
any of the below condition (as per mentioned order):
1. First valid channel from PCL
2. First safe channel from safe_channels
3. ACS start channel
Change-Id: Ife1d7a0a963b7773b92c091ed7cc976fcda25347
CRs-Fixed: 2430935
For SHA384 based 11r AKMs below:
FT-FILS-SHA384, FT-SUITEB-SHA384, the FT MIC length is 24. But
the host driver has MIC length hardcoded as 16, so only first
16 bytes of MIC is copied into MIC field and the rest 8 bytes are
copied into R1KH-ID. This results in R1KH-ID and R0KH-ID parse
failure. Due to this, the host driver sends R0KH-ID as 0 to the
firmware in the R0KH-ID. So the next roaming fails in the
firmware.
For SHA384 based AKMs, add changes to reparse the association/
reassociation response FT element. Introduce new FTIE structure
with MIC defined as array of 24 bytes. With this, the R0KH-ID
and R1KH-ID will be populated correctly in to the assoc response
structure and ultimately RSO command will carry the right R0KH-ID
to firmware.
Change-Id: I5aa50145fcd3ba91b1c92d4817b7f0e4fc216e3f
CRs-Fixed: 2430828
In TSO case, if eit header is less than 64 bytes in length,
it will result in unauthorized access to memory that has not
been dma mapped.
For TSO path, adjust the pkt download length before the call
to ce_send_fast(), so that the excess delta is taken into
account and handled.
Change-Id: I049f40afb87c66ad5544da583db27d066fe12453
CRs-Fixed: 2439186
Set MCC quota is mainly for miracast p2p interface when
STA+CLI or STA+GO. Change the condition checking to consider
the other (SAP) existing but not start, to avoid set quota
failure.
Change-Id: I2acfd2bf86991d884c40657dfdd027a235df1270
CRs-Fixed: 2439269
Currently rxmpdu count and fcs count is not getting
populated in station info, add support to populate rx mpdu count
and fcs count in station info and send to user space with
get_station command.
Change-Id: I5ae3c4c1e5647ad0b4777440ce0a1226ba4f373e
CRs-fixed: 2438671
In hdd_apf_read_memory_cb, context buffer length is checked
against sum of packet offset and event length, packet offset
and event length are extracted from FW response and can lead
to integer overflow, which will allow to pass the length check
and eventually will lead to buffer overwrite when event data is
copied to context buffer.
To avoid this issue, validate the event length against the
available length in the context buffer, which can be obtained
by getting difference of packet offset from the context buffer
length.
Change-Id: I53798e56403f1c550f0a762645ccd67a1dc8500d
CRs-fixed: 2436502
Check for validity of vdev obtained from the CDP
cdp_get_vdev_from_vdev_id API.
Change-Id: Ie7fb99a0e08135bd3f2cc6b63070a4bd72df943a
CRs-Fixed: 2434583
Currently when an RRM scan is issued for beacon report request from the
connected AP, we use the current scan country code to get the op class
table for the country.
However, the AP can specify which table to use in the country IE's 3rd
byte of the country field which is not parsed and stored in the scan
country code.
For RRM Scan for beacon report request, use the 3rd byte to get the table
number from the connected AP's beacon and if no table number is present,
then use the op class table based on the country code.
Change-Id: I0911ac908d1c71676f7c1450ab260eaa732ddcb9
CRs-Fixed: 2435942
After DUT STA connected, search connected ssid from scan cache,
get each channel and put into roam scan channel map. To make sure
current home channel is always included and don't set full
channel as channel map, add home channel into roam scan channel
map directly.
Change-Id: Ifb25562259a9b7f35849b39d8e0d238e754d4f96
CRs-Fixed: 2436200
When SAP works in ACS mode, it needs to restart with a safe channel
if current channel is unsafe. Sometimes no channel is selected from
pcl channels. SAP can't just pick up one safe channel because the
channel may be DFS channel while SAP may disable DFS master capability.
SAP should select one valid channel for LTE COEX.
Change-Id: I303165f82b5c2a8d06447df4ba23fdcba5b1083c
CRs-Fixed: 2415007
With FT-FILS akm, initial mobility domain fils connection
requires FTIE in the assoc request frame. FTIE is copied from
auth response frame received from the AP and stored in fils_info.
Add frame parser changes to populate the FT-IE into the
association request frame.
Send this FTIE in the association request appended after MDIE.
Change-Id: I9087ff9f36b52f3ef08b03cba826bdc42834a9f8
CRs-Fixed: 2414678
FT-FILS initial mobility domain association requires FTIE in the
association request frame sent to the AP. FTIE has the R0-KH and
R1-KH ID that is needed to derive the FILS-FT key.
Host driver should save the FTIE received from the AP in the
authentication response frame and send it without any
modification to the AP in association request frame.
Change-ID: I047538e13b37e10c2cebad4959fc796af5d16df6
CRs-Fixed: 2414662
Expectation of user is fcc constraint should be applied when user input
is zero and should be cleared when input is negative value. But current
driver behavior is out of sync.
To address this, invert the user-input before invoking regulatory
component api ucfg_reg_set_fcc_constraint(). Also ensure reduced
tx power is effective in calculating maximum tx power while connecting
to access-point.
Change-Id: I73485685b70b805107a52080c64efde30e807dc3
CRs-Fixed: 2429993
Add new ini to configure various roam trigger parameters:
1. "minimum_btm_candidate_score"
Consider the AP as roam candidate only if its score is greater
than minimum_btm_candidate_score. This value will be sent over
the WMI_BTM_OFFLOAD_CONFIG command.
2. "roam_scan_inactivity_time"
Device inactivity monitoring time in milliseconds for which
the device is considered to be inactive with data packets
count is less than configured roam_inactive_count.
3. "roam_inactive_data_packet_count"
Maximum allowed data packets count during
roam_scan_inactivity_time.
4. "roam_scan_period_after_inactivity"
Roam scan period in ms after device was in inactive state.
5. "btm_roam_score_delta"
Roam scan delta value for btm triggered roam scan. This value
will be sent to firmware over the WMI_ROAM_AP_PROFILE wmi
command.
6. "idle_roam_score_delta"
Roam scan delta value for Idle roam scan trigger reason. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_delta_param_list tlv.
7. "disconnect_roam_trigger_min_rssi"
Candidate minimum rssi value for disconnect roam trigger. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
8. "beacon_miss_roam_min_rssi"
Candidate minimum rssi value for BTM triggered roam. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
9. "bss_load_trigger_5g_rssi_threshold"
If connected AP is in 5GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_5g_rssi_threshold.
10. "bss_load_trigger_2g_rssi_threshold"
If connected AP is in 2GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_2g_rssi_threshold.
Change-Id: Ib026251a8ec403f4376a16a91ff1b5d969336816
CRs-Fixed: 2434922
After SSR, SAR configuration is lost.
Since, SSR is hidden from userland, VENDOR_SUBCMD_SET_SAR_LIMITS
to configure SAR shall not come again from userspace after SSR.
To restore SAR configuration, save this in hdd context when the vendor
command comes and restore after re-init.
Change-Id: I083fb72a9fad35af1a84bcc9d8d59976485b9fa3
CRs-Fixed: 2427382
1. The original mgmt send path changed by converged p2p component, now
wma_tx_packet() will not invoke when sending station mode action
frames, it invokes p2p_mgmt_tx() instead. But for tx buffers of PMF
frames sending to some target require to do bi-direction dma map to
pass smmu sanity check, which is missed in p2p_mgmt_tx() path.
2. The offchan flag passed to wlan_hdd_mgmt_tx() is not always accurate.
There have been cases where the flag is set even though the operation is
taking place on the home channel, and blindly following the flag leads
to an unnecessary ROC.
Fix it by adding QDF_NBUF_CB_TX_DMA_BI_MAP to new p2p mgmt tx path and
bring back home channel check to override the offchan flag if
necessary.
Change-Id: I9589157e57e95d0c61a432f87a07630c4b77f757
CRs-Fixed: 2423341
Send idle roam trigger monitor command to firmware based on
the SET SUSPEND mode command received from the user space.
The set suspend mode value sent will be used by firmware as
one of the parameters in determining if the device is in
idle state. When set suspend mode is 1, device is not in
idle state else the device is considered idle if idle state
data packet count, idle rssi, inactivity time criteria are met.
Add changes to send the suspend mode value over the wmi
command WMI_IDLE_TRIGGER_MONITOR_CMDID.
Change-Id: Ia4531fdab140334dbb830e0d7486db07bbdfc7e8
CRs-Fixed: 2436221
Roam channel map is got by searching current ssid in scan db,
if hidden ssid, probe resp has ssid, but beacon usually has
NULL ssid.
Use new scan structure in csr_init_occupied_channels_list
Change-Id: I9758cb30b83a7c0c3d221b7178ffb607f0911593
CRs-Fixed: 2432223
If csr_is_security_match() call csr_validate_any_default(), it passed
NULL pointers of some input parameters, check these pointers before
de-reference it.
Change-Id: I2cbd9f680c8a90919599db3af5b522ccb760892d
CRs-Fixed: 2423713
Presently the wext handlers are not getting registered for the
ftm mode resulting in the error when the ftm specific commands
are issued.
Register the wext ioctls when the interface up is received on the
ftm mode.
Change-Id: I50ae011012cd1d667e69d1d84f62c14fa253111a
CRs-Fixed: 2436937
Use WLAN_FEATURE_DP_BUS_BANDWIDTH to instead of MSM_PLATFORM for better
reading.
Change-Id: Iaed4f77b09b80ca8872a69c832491598db021232
CRs-Fixed: 2423299
Overwrite 2nd AP's channel with 1st AP only when:
1. Current operating mode is single mac
2. or 2nd AP is coming up on 5G band channel
Change-Id: I8260721a5f9b8547d93ed7c6775741e6a8cc2a44
CRs-Fixed: 2427083
Add policy manager support to avoid simultaneous connections on
STA plus STA concurrent interfaces when
WMI_SERVICE_STA_PLUS_STA_SUPPORT is not set.
Change-Id: I73e65c56a98908128d56af2f4fba8ced5210fff1
CRs-Fixed: 2427828
Unicast probe requests are sent to AP even though
beacons or probe responses from AP contain MBO IE
with assoc disallowed bit set. In another scenario
where AP rejects association with retry delay of 60
secs, unicast probe requests are being sent to AP
as part of scan for ssid during connection within
the retry delay.
Fix is to reject connection when assoc disallowed
bit is set in MBO IE and also not trigger scan for
ssid when get_scan_results fails due to rssi reject.
Change-Id: I855cf397ff7e3869fb1eceeddc1db5d109790465
CRs-Fixed: 2433740
TDLS peer state is reset to OL_TXRX_PEER_STATE_CONN when enable tdls
link and register tdls peer, then it will drop data packets to the
peer on high latency platform. So, set peer state to
OL_TXRX_PEER_STATE_AUTH once connected to tdls peer.
Change-Id: I0d02f1efa3c79c0bf41649d98a13ce8b0bf7378d
CRs-Fixed: 2423394
Currently, lim_process_assoc_cleanup does not do null validation
for sta_ds which can lead to null pointer derefrence.
Add null pointer check for sta_ds in lim_process_assoc_cleanup
Change-Id: I74ad0e11213c0bec1473984f312f18b5f1082082
CRs-Fixed: 2423883
Add support for new wmi command WMI_ROAM_DEAUTH_CONFIG_CMDID
to send disconnect roam trigger parameters and the
new wmi command WMI_ROAM_IDLE_CONFIG_CMDID is used to send the
idle roam trigger parameters. Fill the parameters from csr to
roam request and send it as part of RSO start command to
firmware.
Fill the corresponding parameters in
csr_update_roam_scan_offload_request(). This will be sent to wmi
and the params will be copied to the wmi command buffer.
Change-Id: I3d863a3ec8c5608d47e600c760d7b3406703a953
CRs-Fixed: 2431490
Currently, lim_process_sme_disassoc_cnf,
lim_process_sme_disassoc_req, lim_process_sme_deauth_req and
sme_qos_request_reassoc does not do null validation for session
which can lead to null pointer derefrence.
Add null pointer check for session in lim_process_sme_disassoc_req,
lim_process_sme_deauth_req,lim_process_sme_disassoc_cnf and
sme_qos_request_reassoc before usage and send failure to sme.
Change-Id: I0efe4e98a8dd26767309ed1e6b668a6267a4b770
CRs-Fixed: 2423887
The debugfs read operation for mws idrx is not printing the
correct subids.
Change the debugfs print to reflect the correct subids during
the coex idrx debugfs read operation.
CRs-Fixed: 2431347
Change-Id: I1a4bd623c17e41a69428c4611818f2b55153d505
Change I421b670b86a7e1cecbe5a2686efefbbb6c455267 ("qcacmn: Refine
struct add_ts_param") is updating struct add_ts_param, so update the
legacy project to align with those changes. Note that these are
interdependent changes.
Change-Id: I829ad0abb864f0a05047894bab9977d8529074dc
CRs-Fixed: 2433928
Currently we are using NUM_TX_QUEUES=5. These queues correspond to
different access categories. For flow control, we end up
pausing/unpausing some of the pausing depending up the thresholds.
Save netdev TX queue states during flow control callback so that the
same information can be retrieved when the flow control stats are
dumped.
CRs-Fixed: 2431624
Change-Id: Icad3ff7a60e6e367cf650a2f249de3c2b70aded8
SAP needs correct key to decrypt the third authentication frame which
is encrypted by station, otherwise wep shared connection fails.
Need get correct wep key from where it is saved.
Change-Id: I3b5152a7374f8e1604ffe2b3900811f808d0126c
CRs-Fixed: 2425738
Enable logging of cfg ini/non ini items.
Also, enable support for iwpriv wlan0 getConfig.
Change-Id: I938588bda4c1074a0531626d73e10e74afb4f9a6
CRs-Fixed: 2432426
Currently, hdd_set_power_save_offload_config does not do null validation
for power usage before string comparison which can lead to null pointer
derefrence.
Add null pointer check for power usage in
hdd_set_power_save_offload_config.
Change-Id: I91eba2f5eb27aebf7451be58a6744634aaebd184
CRs-Fixed: 2423777
HLP data extracted from FILS association response frame needs to
be sent to upper layer. When association success is posted to
sme, HLP data is copied from lim pe_fils_info structure to
sme_join_rsp->roam_fils_info. But the hlp data is parsed from
association response frame but its not copied to pe_fils_session
This resuts in hlp data not sent to hdd and upper layers.
Copy fils data from parsed association response frame into the
pe_fils_info for FILS connection.
Currently there is pointer to hlp_data in pe_session also. But
it is not used and memory allocation is also not done for this
hlp_data. Cleanup this unused hlp data in pe_session and only
use the hlp data from pe_fils_session structure.
Change-Id: I0ef6df6e55130e18a85e2ddf49f8293d8672ac0b
CRs-Fixed: 2424493
During LFR3 driver post the message to add the scan entry in
scheduler to scan module and continue with roaming and send roam
event to CFG layer. Also it set the new AP' scan entry in scan
module as associated, to avoid age out of the entry.
Now as the message posted to scan module will get schedule after
roaming is complete, if new AP's entry is not present in CFG scan
cache the roam indication to CFG may fail. Also if it's not present
in the driver cache the new AP's entry may AGE out and channel will
not be added in occupied list, used for roaming.
Thus update the scan entry in scan module and CFG in same context.
Change-Id: I2c5f165b43d48a0b0b54fdf08a0e53b31fac07aa
CRs-Fixed: 2435410
Currently, while processing the beacon report req and response the
measurement duration units changed from MS to TU and TU to MS
respectively.
Avoid this conversion as both are close units.
Change-Id: I663b7c8969904a373461fb80c7d505c96e74b48f
CRs-Fixed: 2431912
In SAP if a peer is disconnecting, so CSR roamstate is set to
eCSR_ROAMING_STATE_JOINING. Now if at the same time another peer
is trying to connect, eWNI_SME_UPPER_LAYER_ASSOC_CNF will be dropped
in eCSR_ROAMING_STATE_JOINING state.
Fix this by processing eWNI_SME_UPPER_LAYER_ASSOC_CNF in
eCSR_ROAMING_STATE_JOINING state.
Change-Id: I7d4347013eca494e537aaeb4468814238cb3fca6
CRs-Fixed: 2430840
Memory optimize for QCS403 platform, 1x1 chip. Reduce CE1 htt data
dest ring buffer from 512 to 256, reduce CE2 wmi dest ring buffer from
128 to 64, reduce CE9 & CE10 desg ring buffer from 512 to 64, disable
CE11 pktlog. Note: this change only affect specific WLAN build config for
extremely saving memory, for debug purose, there is another build
selecting default WLAN config for reference HW.
Change-Id: I868e74b09cdb11df3dccaa3f9e051da55724983d
CRs-Fixed: 2432631
Add update_status callback to pld usb which will be called by
CNSS to update WLAN FW status(FW-DOWN, RECOVERY)
Change-Id: I159e09eac8bdb75525c64e7b42c3315141ec1f8d
CRs-Fixed: 2430265
Define PLD APIs for idle shutdown and restart such that platform
driver can serialize PSOC idle shutdown and restart with driver
load/unload and SSR shutdown/reinit.
Change-Id: I4e772343fbccb099b9af104ac978dcdb650a567a
CRs-Fixed: 2431405
Validate cfgLength to the upper bound before using it in copy
inside csr_get_cfg_max_tx_power()/lim_get_dot11d_transmit_power.
Change-Id: Ibcc1f145db9b902a29a0332553323d0a3ac6b2ff
CRs-Fixed: 2423707
wma_motion_det_host_event_handler() get called when FW sent
WMI_MOTION_DET_HOST_EVENTID message.
After the initial processing, pmac->sme.md_host_evt_cb() is
called to send the relevant data back up to the upper layers
of WLAN.
Since this callback function is dynamically registered there
are cases where it might not be registered before this FW event
is received, resulting in a NULL pointer dereference.
Change-Id: I06b7907b39f4da0837196ccf377ecc2da325be8c
CRs-Fixed: 2428803
The field bssid in cfg80211_update_owe_info is renamed to peer
in kernel. Change it accordingly in WLAN driver.
Change-Id: Idf6e051d875c2a9dbe10c49eab7aa02536e5bdc4
CRs-Fixed: 2433437
If the first DFS AP is in CAC progress and second
AP starts on DFS chan, move the second AP to CAC
wait state as well.
Otherwise, when CAC end, the second AP will always
stay in "WLAN_VDEV_S_START" state and can not
handle CAC end event.
Change-Id: I440ce3339dd2afb62bdb574f2f785d733a980933
CRs-Fixed: 2426714
Delayed work leak is observed when hdd_wlan_startup failed in
__hdd_soc_probe. It will call hdd_context_destroy for cleanup, but
the delayed work created in hdd_context_create is destroyed in
hdd_wlan_exit.
To fix this leak, move this from hdd_wlan_exit to hdd_context_destroy
Change-Id: I237de3695e8915dee9ba085c5d3679a3b438d323
CRs-Fixed: 2432748
With kernel version before 4.10, and no CFG8011_UPDATE_CONNECT_PARAM
defined, compiler throw failure -
wlan_hdd_cfg80211.c:21402:1:
error: ‘hdd_update_connect_params_fils_info’
defined but not used [-Werror=unused-function]
Change-Id: I0b15e5822b36d881d484c241064f533f26f77b6d
CRs-Fixed: 2429665
Disconnect STA/SAP when disable channel list is provided by user
which contains the current STA/SAP operating channel.
Also add an ini parameter to use as featurization flag for this feature.
Change-Id: Ibe6c18ee7f6ed007794853293a0bde4999611167
CRs-Fixed: 2280989
Currently for SAP mode, issue is only first valid sta is
requested to print REO stats where sta_info pointer does
not move along with the loop.
Fix is to print REO stats for both vdev peer and sta peers
in SAP mode.
Change-Id: I4864dbecace091fd086f184599e108ad3f2e3d37
CRs-Fixed: 2423173
Implement NON-QC platform TSF and TSF PLUS.
Implement gettime of PTP.
Implement TSF PLUS for SAP/GO
CRs-Fixed: 2399624
Change-Id: Id4f41a94256a8f035ae408c168c246569185c534
Scan queue isn't unregistered, lead to scheduler queue leakage,
after driver module start/stop several times, scheduler queues
are used out, can't register any more.
Change-Id: I98d81591aee25a5e18e560766fb077733eb1b671
CRs-Fixed: 2431696
If the FW doesn't send the ext service ready event, and
thus the host does not get the max chainmask that both
the macs can support, the host still updates the ini
with the minimum of the host, and FW config, which can
lead to functional issues in connection, and scan.
Fix is to honour the setting only if the FW sends a non
zero positive chainmask for both macs.
Change-Id: I2a321923a2f995cca20cef3980acb1bf41ca0db0
CRs-Fixed: 2429584
