In function tdls_ct_idle_handler, idx is assigned from
tdls_info->index which can be 0 254. But tdls_conn_info
is static array in tdls_soc_priv_obj of size
WLAN_TDLS_STA_MAX_NUM (8). So check idx is less than
WLAN_TDLS_STA_MAX_NUM or not to avoid OOB memory access.
Change-Id: I8387cb0a44a79f0f83b25c12de2aa9fbc39ab2f3
CRs-Fixed: 2474432
As part of start_ap or connect_start to teardown active tdls peers
hdd_notify_teardown_tdls_links is called with argument vdev. But
TDLS might not be enabled on that vdev. With recent changes,
osif_priv object is initialized as part of tdls_vdev_init.
For the new interface if TDLS is not initialized then osif_priv
object will not be found and TDLS peers are not removed.
Change-Id: Idcf690bba2766664700a4851d390ee620f2fe73a
CRs-Fixed: 2460108
If tdls feature is disabled, as currently tdls_osif_init_cb is called
before checking flags, tdls_osif_deinit_cb will be missed which causes
memory leak.
Do tdls_osif_init_cb after checking tdls_feature_flags.
Change-Id: I008c69a9b39f5321d1ca79f5193539f5abd32a02
CRs-Fixed: 2459853
For implicit and external control the tdls connection is
established based on the tx and rx pkt count. But currently,
pkt count with connected AP also tracked.
Do not track packets for connected AP as TDLS is not possible
with connected AP.
Change-Id: I29d6f4e7858de1ec453d64b6fce548f5132c57d4
CRs-Fixed: 2457524
TDLS is disabled if second connection comes up.
If that second connection fails then enable
the TDLS again.
Change-Id: Id5df1df81c94bcf3a0616bbfb4b33f3e4d81dcbe
CRs-Fixed: 2445831
Presently osif tdls memory is freed as part of the osif_priv
when the vdev is logically destroyed. There is case seen
wherein the tdls is holding vdev reference and in the other
thread the interface down is received and the osif_priv is
freed resulting in the tdls osif priv also, if the other thread
tries to dereference the tdls os priv it will result
null pointer exception.
Move the tdls osif priv memory creation/deletion to the tdls component.
Change-Id: I3782f6304bee5a6eaab4d9122a569ba56fd29947
CRs-Fixed: 2436379
Correct INI description for "gTDLSRSSIDelta", and configuration type
for below items:
- CFG_VALID_CHANNEL_LIST
- CFG_COUNTRY_CODE
Change-Id: If7ae2845c06b39ba9ce5af96c21bbe3900edbdf4
CRs-Fixed: 2448134
wlan_vdev_get_bsspeer() return bss peer without taking the ref count
of the peer and thus if peer is deleted after wlan_vdev_get_bsspeer()
returns a valid peer, the caller will have stale entry of the peer.
Stale entry of peer can lead to Assert.
Use wlan_objmgr_vdev_try_get_bsspeer API in TDLS to get the BSS peer
which increment the refcount if peer is valid. With this the peer
won't be deleted till the caller release the ref count of the peer.
Change-Id: I9dc26771a0e8dadf75898c94bff5d4b8fb8a88d5
CRs-Fixed: 2445795
Do not allow tdls peer update command if tdls peer is not
found in lim. If peer assoc command is given to FW
without peer create, FW will assert.
Remove tdls peers in tdls component in case of roaming as
peers are deleted in lim as part of roaming.
Change-Id: Ie227da682e4d30c9b583881f7e2eaafe91826476
CRs-Fixed: 2441951
It doesn't update rssi of tdls peers. So add logic to update it when
get all tdls peers.
Change-Id: I81d4536b5cb2443b088ee4a5d425d548eac152d6
CRs-Fixed: 2435903
Both FW and host support TDLS low rssi teardown, so remove the host
logic. In addition, host trigger low rssi teardown wrongly since
doesn't update rssi of tdls peer on time.
Change-Id: I93d7957e01ba805b73558a5ced7a1dc8cc2681c1
CRs-Fixed: 2437166
As part of every scan, TDLS component is notified.
TDLS component takes decision to allow the scan or not.
But after rejecting the scan for max no of times.
TDLS peer link status is set to idle which is not expected.
Overwriting this link status can lead to not finding the
peers to cleanup while 2nd interface is added.
Change-Id: I1a0120399118ef7e9168dbcb7b5009a88e000d5c
CRs-Fixed: 2435694
Currently, in function tdls_process_rx_frame. If vdev is
NULL then rx_mgmt memory is not freed.
Free the rx_mgmt memory before returning from function
tdls_process_rx_frame.
Change-Id: I5be27a7fa8a9417f578e406f3f9e8c7394439fa8
CRs-Fixed: 2436241
Currently, the vdev connection status is checked by getting
the bss peer of that vdev, and if the bss peer is in associated
state then vdev connected status is sent as true. It can happen
vdev is present and bss peer is deleted after getting the bss peer
from vdev pointer. Then bss peer can not be dereferenced to get the
its status.
Instead remove all the duplicate api's tdls_is_vdev_connected,
pmo_core_is_vdev_connected, and wlan_vdev_is_connected with
wlan_vdev_is_up. wlan_vdev_is_up gives success status
if associated.
Change-Id: I863c3c0689f329870bd08c813813c16956135209
CRs-Fixed: 2424996
Per the Linux Kernel coding style, as enforced by the kernel
checkpatch script, pointers should not be explicitly compared to
NULL. Therefore within tdls replace any such comparisons with logical
operations performed on the pointer itself.
Change-Id: I836dec2b71e0c11f11b18402c7b127bb4ccbba48
CRs-Fixed: 2418394
In function tdls_delete_all_tdls_peers, bss peer can be NULL
if the bss peer is removed from vdev object. Hence, add NULL
check before getting its reference.
Change-Id: I9b2b03bc6db899c1c06de95ec5ee680d4b600aa7
CRs-Fixed: 2419567
To address kernel control flow integrity (CFI) issues related to type
mismatch, correct the input argument type for sme_ser_cmd_callback().
Change-Id: I3f0b5df70163eca9282d2b1c2a48203448e4f0a6
CRs-Fixed: 2402977
After STA or P2P cli disconnection, TDLS component is notfied
of the disconnection to check if the TDLS can be enabled in FW
and host. But while sending tdls set state command to FW,
the disconnected vdev_id is given to FW. This can result in
FW assert while processing the next tdls commands.
Change-Id: Ib79547ce9d192b1d8bba3767655b3dada36e5e95
CRs-Fixed: 2412170
In functions ucfg_tdls_update_rx_pkt_cnt and
ucfg_tdls_update_tx_pkt_cnt, driver tries
to get the vdev ref, even if it is NULL.
This can result in assert.
Change-Id: I62b3a9b088324e06518e82203092a2ac9098ac13
CRs-Fixed: 2412095
If the curr_peer link status is tearing or connected,
activate peer cmd is rejected and the return status is sent
to supplcant as success even.
But return failure status to supplicant if the link is tearing.
Change-Id: Ia976fee03c77191a7e617a3e21e8c5ddf98759d0
CRs-Fixed: 2411146
Chk frame member of the tdls_mgmt_req is declared locally inside of
the local function wlan_cfg80211_tdls_mgmt and address is copied
in the mgmt request, and posted to scheduler thread.
But, the validity of the chk frame variable is lost once returned
from the wlan_cfg80211_tdls_mgmt function. And the chk_frame
is used when processing the tdls_mgmt_req in scheduler thread.
And the stale data of chk_frame can be used.
Hence, make the chk_frame as a variable instead pointer inside
tdls_action_frame_request request.
Change-Id: Ib2a8a81e8f6db5550b1d0abee31d9f7ea5dacd9b
CRs-Fixed: 2402124
As part of the original TDLS componentization legacy typedefs were
replicated to create the TDLS public structs. Due to the way in which
these data structures were initially used there was an implicit
requirement that their memory layout be exactly identical, and some of
the public structs had comments of the form "same as <foo>" to show
this relationship. Over time the use of the legacy typedefs has been
phased out in favor of the public structs, but some of the public
structs still have "same as" comments which reference legacy typedefs
which no longer exist. To avoid confusion remove those comments.
Change-Id: I46b498155907eea3ddf3f2a00f8138a1aac95b72
CRs-Fixed: 2404154
The transaction_id in struct tdls_send_mgmt_rsp is unused, so remove
it. Also remove the comment that implies this struct has the same
structure as tSirSmeRsp since it does not.
Change-Id: I79cf0b2051b232635f37808155ddbd6438a40658
CRs-Fixed: 2404152
During TDLS componentization the legacy typedef tSirTdlsDelStaReq was
replicated, creating struct tdls_del_sta_req. Unfortunately this left
the driver with two different data structures which serve the same
purpose. Not only is this pointless, but due to the way in which these
structures are used there is an implicit requirement that they be
exactly identical. This approach is very fragile. To align with the
converged software architecture and to improve code maintainability
exclusively use the TDLS component struct.
Note that this struct must be promoted to be a public struct since it
is now accessed from outside the component.
Change-Id: I054ee24e07062a60c4e00b935cd1bc5b4a9aef95
CRs-Fixed: 2400769
During TDLS componentization the legacy typedef tSirTdlsAddStaReq was
replicated, creating struct tdls_add_sta_req. Unfortunately this left
the driver with two different data structures which serve the same
purpose. Not only is this pointless, but due to the way in which these
structures are used there is an implicit requirement that they be
exactly identical. This approach is very fragile. To align with the
converged software architecture and to improve code maintainability
exclusively use the TDLS component struct.
Note that this struct must be promoted to be a public struct since it
is now accessed from outside the component.
Change-Id: I37500ead43eed2295df24c70b96e0b6ff85738c6
CRs-Fixed: 2400768
During TDLS componentization the legacy typedef tSirTdlsSendMgmtReq
was replicated, creating struct tdls_send_mgmt_request. Unfortunately
this left the driver with two different data structures which serve
the same purpose. Not only is this pointless, but due to the way in
which these structures are used there is an implicit requirement that
they be exactly identical. This approach is very fragile. To align
with the converged software architecture and to improve code
maintainability exclusively use the TDLS component struct.
Note that this struct must be promoted to be a public struct since it
is now accessed from outside the component.
Change-Id: I7d304d3d211101c7227ea621f307f91ff68a5753
CRs-Fixed: 2400767
The CONVERGED_TDLS_ENABLE feature flag was originally introduced when
the TDLS feature was being componentized so that one could select
either the legacy implementation or the componentized implementation.
That componentization activity has concluded and the legacy
implementation no longer exists. To align with the current usage
switch to exclusively using the FEATURE_WLAN_TDLS feature flag since
that more accurately describes the code being protected.
Change-Id: I2cdb4c6ddba22c5b1d29e87403e5e1c87ce5cbfe
CRs-Fixed: 2395728
Currently the TDLS component code is unconditionally built which will
bloat images where TDLS is not required. Fix this by only building the
TDLS component when the TDLS feature is enabled.
Change-Id: I7496b8f07ed495b00e62fc3cf50a96e1829d9341
CRs-Fixed: 2399966
As part of the TDLS feature, structs sta_uapsd_trig_params and
sta_uapsd_params were replicated from qcacmn wmi_unified_param.h to
qcacld-3.0 wlan_tdls_public_structs.h, and conditional compilation
based upon CONVERGED_TDLS_ENABLE was used to determine which structs
are actually used by a build. Since these structs are not specific to
TDLS, remove the duplicates and exclusive use the structs from qcacmn
wmi_unified_param.h.
This is co-dependent upon Ida0f2b6f131ff2dce7217b881ffadecfd685f563
("qcacmn: Remove TDLS featurization from UAPSD trigger structs").
Change-Id: I37b2d80a4710aced158dcf2ea973d15801a7cecc
CRs-Fixed: 2395823
Enumeration TDLS_PEER_STATE_CONNCTED contains a spelling error, so
rename it to TDLS_PEER_STATE_CONNECTED.
Change-Id: Ifa0ff667a407cdad3e240aec6c188f20336a166a
CRs-Fixed: 2397350
Add the WMM config ini config
CFG_TL_DELAYED_TRGR_FRM_INT_NAME to MLME cfg.
Introduce the basic infra APIs related to these configs
from mlme.
Change-Id: Ifaf8072a78f21760e00973e625d7c8e41d8b51a6
CRs-Fixed: 2361533
Currently many modules use the scheduler_post_msg API which
doesn't allow the driver to know about the src, and destination
modules.
Fix is to call scheduler_post_message which has src, dest, and
the que id.
Change-Id: Ia5c43fe3ceeb7db9dde6241cbabac0ce48f88061
As part of connection tracker handler, If the link is connected
then current tx and rx stats are compared with configured threshold
values. If the current stats fall below the threshold then idle timer
is initialized and idle peer data is stored in tdls soc and given as
userdata to the timer handler. The userdata is overwritten if the another
tdls peer becomes idle and this can lead to wrong tdls peer teardown.
Change-Id: I34638bdebe02e17e1c9e117e58352bdaab867921
CRs-Fixed: 2393320
Currently, in tdls soc max tdls peers are initialized
in tdls_global_init that is done as part of tdls psoc open.
But, sometimes the Ini values used to initialize the tdls
max peers are not initialized before global init
because tdls_update_config has done for the Ini vallues.
This can lead to wrong value of max tdls peers in tdls
soc and later can result in TDLS connection deny.
Change-Id: I6bb51db571129490c225737c1913b8ddafadde8d
CRs-Fixed: 2392494
Refactor firmware, serialization and command timeouts so that
HDD timeout are greater than serialization is greater than firmware
timeout.
The timeouts are defined considering below worst case delay in
firmware.
WMI_VDEV_START_REQUEST_CMDID 6 sec
WMI_VDEV_RESTART_REQUEST_CMDID 6 sec
WMI_VDEV_STOP_CMDID 2 sec
WMI_PEER_DELETE_CMDID 2 sec
WMI_PEER_ASSOC_CMDID 2 sec
WMI_PDEV_SET_HW_MODE_CMDID 2 sec
WMI_PDEV_SET_MAC_CONFIG_CMDID 2 sec
Change-Id: I270e980ed1cf2aee55a1fa4e88ff8ddc845a203b
CRs-Fixed: 2384389
Regulatory component is getting updated to reduce the
code size based on different regulatory features. In this
process new regulatory files are getting added and some
of the files are getting removed.
To compile the newly added files update the required changes
in driver Kbuild file.
Some of the functins which are not supposed to be invoked from
outside the component directly, replace those function calls
with the appropriate wrapper functions.
Change-Id: I31a25268250b99f4f156c4f149966213746d999e
CRs-Fixed: 2373780
Fix implicit tdls connection issue. Correct usage of qdf_mem_set.
DUT could receive multicast frames after tdls connection tear down,
add check condition of frames with multicast dest address in
tdls_update_rx_pkt_cnt.
Change-Id: Ia1d7bbf2c129e9aebc98f7fcdea263b745c221ec
CRs-Fixed: 2375043
It alloc memory with structures in sir_api.h, and process/parse them
with structures in tdls component, which will cause memory corruption
potentially. So, this change refacor these functions and let them use
unified structures. Remove unused structures in sir_api.h
Here are these functions:
- lim_send_sme_tdls_add_sta_rsp
- lim_send_tdls_comp_mgmt_rsp
- lim_send_sme_tdls_del_sta_rsp
- lim_send_sme_mgmt_tx_completion
Remove below unused tdls structures:
- tSirTdlsDelAllPeerInd
- tSirTdlsDelStaInd
- tSirTdlsEventnotify
- tSirTdlsLinkEstablishReq
- tSirTdlsLinkEstablishReqRsp
- tSirTdlsAddStaRsp
- tSirTdlsDelStaRsp
- tSirMgmtTxCompletionInd
Change-Id: Ic595cadefcdbeb2df44f97563c4652db409213a2
CRs-Fixed: 2373706
The field op_class_for_pref_off_chan_is_set in struct
tdls_peer_mlme_info is unused, so remove it.
Change-Id: I5c2ed954215677a25245e108a35c33fc7c33c247
CRs-Fixed: 2375420
TDLS is not supported in concurrency. As part of second interface
creation, TDLS is disabled in both host and FW. But after the second
interface is deleted, TDLS is not enabled in FW and host even for
Standalone STA and P2P client cases.
Change-Id: I362c22a79e171f9779393b1b893b5bfd14ff562a
CRs-Fixed: 2367083
TDLS component related files moved from hostcmn to CLD, this change
adds initial functions, enables TDLS in Kbuild.
Change-Id: Ie5b93f4785c4a973a139dff9e58460fd7ee35e35
CRs-Fixed: 2361589
This is mirror change for 0f9f01950
Currently if the number of APs in the STA environment
are many, then the STA will receive many beacons, whose
beacon process path can take long time, in the kernel
work queue, hence the other processes have to wait
for them to complete, and may get timeout, if the
the time to process the beaocns is larger than their
process timeout.
Fix is to :-
1. Add rate limit to failure conditions of memory
not allocated
2. Make memory allocation in path of beacon process
atomic.
Change-Id: I488b446c23fd01c993f7dd9bd989867fda2331d8
CRs-Fixed: 2363307
