Do not enable AMSDU Rx by advertising advertises AMSDUSUPPPORTED=0
in ADD_BA response if the connection is on 2.4Ghz.
Change-Id: I1c61ce9f3824a600fbd5123680b7d00ae7659438
CRs-Fixed: 2519746
Currently the driver is not included the VHT capability
on 2.4ghz band if gEnableVhtFor24GHzBand ini is enabled.
As a result the driver is not advertising the VHT support
on 2.4ghz band in wiphy per band info even gEnableVhtFor24GHzBand
ini is enabled.
To resolve this, add VHT capability in the wiphy for 2.4ghz
Change-Id: If36b0ad9bf546e54542485637a99c1ee82b1850e
CRs-Fixed: 2495337
Vdev start failure handling in SAP and STA and not handled
properly and thus VDEV SM doesn't move to INIT state and
lead to asserts.
Change-Id: I5ea09f9c6e84a2e1c7f9254319aaa1a11e2f97e8
CRs-Fixed: 2526179
On HST, service bit wmi_service_hw_db2dbm_support is set, need
send target hirssi_upper_bound as RSSI format instead of SNR.
Change-Id: Ie9029e9c26f84456722ca2864a28c7ba3a2be52d
CRs-Fixed: 2485833
Printing the tx queue stats on to the console in
the timer context causes a watchdog bark due to
excessive logging.
Reduce the log level for the stats dumping
from timer context.
CRs-Fixed: 2522067
Change-Id: Ic8162fabf552f6e5103427298229385d68dbbfbb
Pointer hdd_ctx returned from the call to function cds_get_context may be
NULL and will be dereferenced. Move the recording of timing of runtime
PM operations to after validation of hdd_ctx.
Change-Id: I5da02c3fdb695be25bf0b59f4fe33e599e751d03
CRs-Fixed: 2524971
Currently the driver does not check if the state
is key exchange in progress and suspends wlan
before set-key happens which further results in
FW also in wake up state.
This would result in delayed EAP exchange, and also
in power loss.
Scenario:-
1. Turn on STA and try to connect to enterprise network
2. Turn off display.
Here the display turn off would trigger APPS suspend
while the STA is trying to connect, and authenticate
and since there is no check in driver to prevent
suspend in set key in progress state, it would result
in a FW assert, as the expectation of FW is to allow
suspend only after set key has been done.
Fix is to prevent WLAN-suspend in case of connection
in progress, and allow suspend only in connected
and authenticated state.
Change-Id: Ic173116f7ba424005d938a43c75831a6a4dc874c
CRs-Fixed: 2512866
If the firmware gets compromised, the values sent to
the driver could result in buffer overflows.
Validate HTT MSG "msg_word" to avoid buffer overflows.
Change-Id: I6073029f61a358da32bcc0dcfc339d9bb7ee8218
CRs-Fixed: 2213659
Initialize mic work for QDF_FTM_MODE in
hdd_open_adapter to avoid touching uninitialized
lock in hdd_mic_flush_work as part of hdd_stop_adapter.
Change-Id: I280de93b2408acba4da363ecd292f811f6301d31
CRs-Fixed: 2523654
To pass WFA 11N 4.2.25 case, it's needed to enable legacy mode
SIFS burst. So add INI to make SIFS burst mode configurable.
Change-Id: I740fe33a7ae0d9b558aa3b3aeee434f482ed24cb
CRs-Fixed: 2486171
Devide wma_add_bss_sta_mode into 4 functions for 4 cases:
1. wma_pre_assoc_req, called before sta assoc, config vdev
params.
2. wma_send_peer_assoc_req, called after sta associated, send
peer assoc cmd to F/W.
3. LFR3 add bss
4. LFR2 add bss and vdev start
Lim will call these functions directly instead of post msg to
wma.
Replace lim_set_link_state with wma_add_bss_peer_sta to create
peer for LFR2 roaming.
Clean up all link state usless code now.
Change-Id: I6ad19bb92e7b0334704ac9c930277e9c35abbee2
CRs-Fixed: 2510119
Currently, the connection_in_progress flag in hdd_ctx is not reset
as part of SSR this can lead to scan reject after SSR.
Change-Id: Icc7889eb3140f02dd100d05e812d5573ebcae63c
CRs-Fixed: 2516937
Switch legacy vdev up to vdev mgr/target if vdev up
Remove wakelock since it is handled in target if.
Clean up legacy vdev up API.
Change-Id: I125b202e9a18ee3bf279fe4df7bc17b9ec7bf999
CRs-Fixed: 2516586
In Genoa SDIO ADMA implementation Host sends packets to FW in
multiples of SDIO Block size.
If the packet/bundle is not block aligned Host adds padding at the
end of Packet/Bundle.
If the TX packet plus padding exceeds one FW TX Buffer, Padding data
will occupy the next FW TX buffer. Same applies for bundle TX packet.
For above scenario, HTC_FLAGS_PADDING_CHECK of HTC header Flags is used
to notify the FW that - Padding data follows the currentHTC packet
Since the padding data will take one extra FW Tx Buffer, host need to
handle the extra Tx credit being used by the padding data/buffer
CRs-Fixed: 2516619
Change-Id: Ie2d2292fabb30e1a13eebe4d11b57f452e42afa8
ANI_AKM_TYPE_SAE is defined only when WLAN_FEATURE_SAE defined.
But it is used without any checking in function lim_check_wpa_rsn_ie().
If WLAN_FEATURE_SAE is disabled, build error will occur.
It is easy to fix it to add '#ifdef WLAN_FEATURE_SAE' in function
lim_check_wpa_rsn_ie(). But coding rule, '#ifdef WLAN_FEATURE_SAE' isn't
allowed to occur in function. So, move '(*akm_type == ANI_AKM_TYPE_SAE)'
to function lim_check_sae_pmf_cap().
Change-Id: Id62bc69d770dbd4e470d8fa379b4cb3f7447d9dc
CRs-Fixed: 2508071
With vdev operations moved to target if from the wma, the vdev
request hold framework is not used.
Thus remove the unused functions and structures
Change-Id: I6e609735ad0bdc8b929cfffa6f13915f0ad6823d
CRs-Fixed: 2523104
In function hdd_softap_set_channel_change, vdev is passed to
function wlan_vdev_mlme_get_opmode without taking reference.
This can lead to NULL pointer access.
Change-Id: Ibbc58a1e7a4be0e0e34982b99541a63cd77e0480
CRs-Fixed: 2518560
Local peer_id is being cleaned up across DP, HDD and PS/WMA.
So, any references to local peer_id/sta_id will be replaced
by peer mac address and all interactions between the layers
will be based on peer mac address.
This change invloves updating the vdev_id for the network buffer list
in hdd_rx_pkt_thread_enqueue_cbk for later use in
dp_rx_thread_process_nbufq.
Change-Id: Ibaf5c10a7fe77772d2eea2a10398e0116fdd0344
CRs-Fixed: 2522201
Local peer_id is being cleaned up across DP, HDD and PS/WMA.
So, any references to local peer_id/sta_id will be replaced
by peer mac address and all interactions between the layers
will be based on peer mac address.
This change invloves removal of local_peer_id usage from
DP API dp_rx_thread_process_nbufq.
Change-Id: Ibfed421df3ace139808d16365ec5d54e9b013dfe
CRs-Fixed: 2512693
Cache the PMF capability of peer in peer_mlme_priv_obj while
adding bss for both station and AP modes. Process the mgmt frames
received from the peer as rmf frames only if the peer is of PMF
capable.
Move mlme_peer_object creation and deletion out of the define
CRYPTO_SET_KEY_CONVERGED to make it generic.
Remove the check where WEP bit is validated and modified based on
PMF capability of the peer. This is already taken care while
setting WEP bit in lim.
Change-Id: I0c93bb25db6a866e4c1793c9ba4c60773c0f019d
CRs-Fixed: 2520249
The qcn and ese arrays are dynamically recreated on every call of the
functions sme_add_qcn_ie and csr_append_assoc_ies.
Change the initializers to static const to avoid dynamic recreation.
Change-Id: Ib3ae9a1b753c4dcfb6d8fd440050977253f3e720
CRs-Fixed: 2522716
Vdev start req timeout is moved to target if.
Req msg type can be got from vdev mlme instead of wma rsp queue
in vdev start rsp handler.
Set bss params into vdev mlme priv when start vdev with add bss.
then can get bss params from vdev mlme priv when handle start
vdev add bss rsp.
Free hidden ssid vdev req after vdev restart return, don't need
it when handle rsp.
Change-Id: I956fc5a9164d5961513dfa922aee27af28483807
CRs-Fixed: 2516587
Use vdev_start_response to replace tpSwitchChannelParams
parameter in channel switch response handler.
Lim channel switch resp handler will be called directly, don't
use post msg.
Use vdev id to replace tpHalHiddenSsidVdevRestart in hidden
ssid response handler.
Change-Id: Ida0bfed3fea1cc0ff28ed15832765d446296f3be
CRs-Fixed: 2516582
While filling the QCN IE the IE length filled is 11 while actual
length is 8 and thus this lead to improper IE length in scan
additional ie while copying the default_scan_ies.
So fix the QCN IE length and add check for improper IE length check
while copying IE in scan additional ie.
Change-Id: I372af8c206d8f7ce0e93bc9c0fb14e222c6eb87e
CRs-Fixed: 2522208
As a part of vdev convergence, legacy vdev code for vdev delete/stop/
down is removed. WMA timer for vdev manager operations are deleted,
now target_if takes care of it.
Structure del_bss_params is no more used to store bss delete request
params, hence struct del_bss_params is cleaned up from legacy code.
Change-Id: I487d2683908b705176ff8064dd3ce7cd49a3ce47
CRs-Fixed: 2517880
Add a wait for PM freeze when wifi is turning on to make sure file system
and QMI are still accessible before attempting to download the FW and
trigger a QMI handshake with FW.
Change-Id: Ia2f3dc28abb9cab4b5dd8038ea02ac016eb74bbb
CRs-Fixed: 2521009
Time stamp for profiling system level power issues is currently using
qdf_get_system_timestamp(), which measures in milliseconds. To get more
fine granular data, use qdf_get_log_timestamp_usecs() to measure in
microseconds instead.
Change-Id: I920d0ec7c90ab602cbdc0d1efdb6061d6a72c122
CRs-Fixed: 2520939
Use QCS40X instead of QCS405 in config files. Kernel defconfig files for
QCS405 and QCS403 has been separated recently, and the arch has been
changed between these two chips. But all QCS related features and changes
in cld should all be included, so use CONFIG_ARCH_QCS40X to replace
CONFIG_ARCH_QCS405.
Change-Id: I6f0837bb3d3f1530aea5b2d4912741beb8c313bd
CRs-Fixed: 2519267
Return -EAGAIN from idle shutdown callback API if system suspend is
ongoing such that cnss driver does not turn off suspend the PCIe link
and psoc idle shutdown can be re-tried later.
Change-Id: If859abb70c18d03c2e73a8c589a4e138b98cb996
CRs-Fixed: 2518448
Add support to advertise the VHT MCS 10&11 support using vendor
specific IE to enable the MCS 10 and 11 support in VHT mode.
Change-Id: I2d197dcce20ab4aec617ca8a7f4a54b438fae635
CRs-Fixed: 2465662
In hdd_dis_connect_handler, roam_info is checked
for NULL in if(roam_info && roam_info->disconnect_ies),
but roam_info may be null pointer and is explicitly
dereferenced later. Add null pointer check before
it is dereferenced again.
Change-Id: I51f731323f01ddc657c57d20d8c63317400c92ab
CRs-Fixed: 2518450
FW sends regdb and bdf regdb version as a part of service ready event.
Extract the versions and populate it to HDD layer.
Change-Id: I2c9a40832361381c66a482d93ef5721fa7d6ffe4
CRs-Fixed: 2486984
In legacy code WLAN_LEGACY_WMA_ID reference was released after
sending vdev delete command to firmware. Now with converged vdev
manager, if wmi service "wmi_service_sync_delete_cmds" is not enabled
then vdev delete response is sent to upper layer through target_if.
Hence WLAN_LEGACY_WMA_ID reference for vdev is released before sending
vdev delete command and then wma_txrx_node for the vdev is cleaned up.
Change-Id: I717a7911a5139dc5145e7702e831f6f026c8f3aa
CRs-Fixed: 2518231
There is possible excessive log in hdd_rx_packet_cbk when
receiving arp pkt. so lower log level from info to debug.
Change-Id: If7fbe1f86e98ca22172f9b21205b7215c435988b
CRs-Fixed: 2511832
cds_cfg is assigned the return value from function
cds_get_ini_config. cds_cfg may be null pointer. Add
null pointer check before cds_cfg is
dereferenced.
Change-Id: I184c0a589fa660c5c49cd951986ad918cbc42bcd
CRs-Fixed: 2518433
Add timing profiling log for runtime PM operations such that we can
know how much time each operation is taking.
Change-Id: Iad2aca8e8bb2f0dadc14d24e3a5c2b03938df9df
CRs-Fixed: 2518935
As a part of 802.11ax amendment, 6GHz band operation is added.
Since the 6 GHz channel numbers are overlapping with existing 2.4GHz
and 5GHz channel numbers, use frequency to identify unique channel
operation instead of channel number. Channel frequency is unique across
bands.
As a part of above requirement, in the existing WMI interface handlers
and related functions, wherever missing, add frequency attributes to
identify unique channel operation.
Change-Id: I3853d6e64e63eb219282afac4f56ccf398b0a04f
CRs-Fixed: 2517897
The TSF deviation is more than 100ns when the capture interval is 100sec.
Lower the interval to 1sec to keep the drift within limit of 100us.
Change-Id: I2a6f7bf2d06d5d67854cbab6b582009f2cec39bf
CRs-Fixed: 2515981
Check napi_gro_recevie result before do napi_gro_flush when bus
bandwidth is idle (<18 Mbps), only if napi_gro_recevie result is
not GRO_DROP and GRO_NORMAL then do napi_gro_flush for each RX packet.
Change-Id: I8cd75fb680ad4cb13f8d8677136f51c5a0548b6d
CRs-Fixed: 2515794
This reverts change-id Ie40db69a24dc1e0b86f140ca1aad91bd3b10e95e.
The reverted changes was causing regression, that optional
firmware not loadable even it exists.
Change-Id: I02a45e9be635e4ce0787f0a24480e42129c59874
CRs-Fixed: 2516015
Return number of msdus poped as return value for
htt_rx_frag_pop_hl to process fragmentation indication
correctly.
Change-Id: I104c04757aa8bfac5d6516b1455e1e0506b460a4
CRs-Fixed: 2419759
Currently the sap ctx's channel list is not freed
as part of undo acs, and hence can lead to mem leak
when the do acs and SSR is triggered in parallel.
Scenario:-
1. Turn on SAP
2. Do SSR in parallel
3. Unload WLAN
Fix is to clear the channel list as part of undo
acs.
Change-Id: Ie8dcace1d32aeec2621e785d793290d70c194f62
CRs-Fixed: 2511752
a. when T-put < 18Mbps, do GRO/GRO flush for each RX packet.
b. when T-put can kept stable (18Mbps ~ 60 Mbps) last >= 1 second ,
skip GRO flush logic.
Change-Id: Ic8075f10f72b479c6941d7ac12a71fd90f945094
CRs-Fixed: 2509672
Before sending vdev delete command to target_if layer, attach vdev
delete params to wma_txrx_node's del_staself_req member in wma layer.
This helps while responding to vdev delete command in case wmi service
"wmi_service_sync_delete_cmds" is disabled.
VDEV delete command response is sent to upper layer even vdev_mlme
object is not found.
Change-Id: Idfd8b036ff1ea676dd3ad8be703512ff84f299b7
CRs-Fixed: 2510460
Configuration for Issue:-
DUT configuration:-
1. Configure DUT's country as US where channel 165 does
not support channel bandwidth of 40 mhz.
AP Configuration:-
1 Configure the AP in a country where channel 165
supports channel bandwidth 40MHZ.
Scenario of the issue:-
1.Connect to a diff AP on some channel x with same SSID,
and then roam to this AP.
Observation:-
The DUT would connect in 40 mhz to this AP instead of 20Mhz,
which violates the DUT's country reg rules.
Expectation:-
The DUT should re-connect only in 20Mhz on channel 165, or
only in max BW supported by reg in that country.
Issue:-
The DUT does not consider the max bandwidth allowed for the channel
in the country configured, and allow the re-association only
in the respective bandwidth.
Fix:-
Send the max BW supported by the channels in the current
reg domain to the FW so that it considers the max BW of the
channel and AP capability and then roam in the respective BW
only.
Change-Id: I1730d6c65d3dd305dcf2ebe340c3d5ad950761d7
CRs-Fixed: 2504900
Reduce the log level from err or info to debug so that logs
are not printed on console.
Change-Id: I0d33c2a8f5b4bb4974656ac0d1eb6713a74cb5f4
CRs-Fixed: 2516281
MPTA helper and Coex configuration features are not included
after latest system compilation updating. Modify configure
file qcs40x.snoc.perf_defconfig to include them.
Change-Id: I8ecad6c84bd4ca2d8e1b69f0cea14b61b2545ca3
CRs-Fixed: 2511723
As part of RSO update config, roam scan mode is set to 4 before
the WMI_ROAM_SCAN_RSSI_THRESHOLD command is sent to the firmware.
And after WMI_ROAM_SCAN_RSSI_THRESHOLD is sent, the roam scan
mode value is again set back to 7(value 7 enables RSSI scan and
periodic scan). There is a very small window between these two
commands where BMISS event is received and firmware forwards it
to the host which causes a disconnection.
Fix is to disable sending roam scan mode to 4 before sending the
WMI_ROAM_SCAN_RSSI_THRESHOLD command.
Change-Id: I2c22308d711e71e67d132a0bd121aed66497998b
CRs-Fixed: 2508762
Currently Host issue a disconnect and cleanup for current AP,
even if the offloaded roaming feature has started, but has not
completed for some reason. This results in connection loss with
the current AP.
Fix is to call abort event SIR_ROAMING_ABORT in case of roaming
offload timeout in order to maintain the connection with the
current AP.
Change-Id: I4168f8aeb7a759896a5d93e1918ce6542e61b37e
CRs-Fixed: 2508449
Currently, HOST sets discon_in_progress flag after posting
ROAM_SCAN_OFFLOAD_STOP command to WMA for a session. In case of
disconnection in HOST while roaming in FW if ROAM SYNC IND from fw comes
to host after posting ROAM_SCAN_OFFLOAD_STOP command to WMA, host start
processing SYNC IND and FW start processing ROAM_SCAN_OFFLOAD_STOP
which will cause to cleanup/disconnect with new AP to which it has just
roamed. After this cleanup fw will send HO_FAIL.
Now host as part of roam sync indication sends PEER_REORDER_QUEUE_SETUP
for the deleted peer which results in firmware assert.
Fix is to set discon_in_progress flag to true before posting
ROAM_SCAN_OFFLOAD_STOP command to WMA in order to ignore ROAM SYNC IND
and return status as failure to fw.
Change-Id: Id5c787d5489a6c0722b090951db388484f94f2e9
CRs-Fixed: 2505851
When driver receives the command to disable the channels
it maintains a list of the channels which are disabled.
During SAP stop, driver restores the disabled channels
but it is not freeing the cache list. Now when again the
command is issued to disable the channels, driver is not
processing this command as it still has the channels in its
cached list which were disabled during previous command.
This results into failure of current command and all the
subsequent commands to disable the channels until the
cache list is not cleared with set_disable_channel_list
command with empty channel list.
To address above issue, clear the cache channel list
as soon as driver restores the channels on stop bss.
Change-Id: I6b8c7ba250ef38b892ab83621add45fbfc09a2cd
CRs-fixed: 2496642
In HL data path, when HTT credits are used outside the HL scheduler,
credits are getting deducted form target_tx credit only.
When CONFIG_FEATURE_HL_GROUP_CREDIT_FLOW_CONTROL is enabled, credits
should be deducted from TXQ group also.
Change-Id: Ice4160043fc1d812686f8ce7ee310110299d2276
CRs-Fixed: 2485819
Copy the sap channel list that is obtained after filtering
the channel list from all the checks like SRD, DFS
to maintain the sync between the ACS module, and the sap
channel select logic.
Change-Id: I78a835f700ab34fa81b9b748e6ad28ca3b726650
CRs-Fixed: 2513628
WMA interface PMF capability is vdev configuration hence do not
update the capability in WMA interface based on peer capability.
Change-Id: I08b39b9bc631321aa77aa1ab3bcbf1841bb3dda1
CRs-Fixed: 2504060
Vdev_id and ENABLE_ROAM_TRIGGERS_ALL are passed to
hdd_send_roam_triggers_to_sme in reverse order. Pass them in
correct the order.
Change-Id: I79d2a843ee9f237620d31dbf91e3c57750e66e88
CRs-Fixed: 2514476
As part of vdev target if convergence the new vdev command
resp time are defined in target if layer.
So use the vdev timer values from target if.
Change-Id: Ib74f91331e4cb470233e678ded9159e17045467e
CRs-fixed: 2513794
As per current implementation, hdd_mic_flush_work makes a call
to qdf_flush_work irrespective of whether the work is initialized
or not.
Since flush_work() without INIT_WORK() is erroneous, ignore the call
to flush_work if work is not initialized.
Change-Id: Ib96439e1416188e643935a4ddaa13671d221c1e2
CRs-Fixed: 2514424
Currently, as part of ndi_delete broadcast sta id is set
to invalid. But set this sta id to invalid as part of
ndi delete response from FW.
Change-Id: I4df843c4bce1c06b5c62cfd932b681e3320e5341
CRs-Fixed: 2513607
In case of DBS, two AP can operate on different band together.
Current logic of resetting CAC state in sap_clear_global_dfs_param
function assumes that if two APs are up state then it must be SCC
scenario and resulting in dropping of tx packets if stop follwed by
start operation is performed on AP on DFS channel.
This change reset CAC state as part of stop AP if another AP is
operating on 2.4GHz in case of DBS operation.
Change-Id: I3f71606bf610d45184a0fa81d2b9d9a6c11f72e8
CRs-Fixed: 2509808
QCA_ATTR_ROAM_CONTROL_SCAN_FREQ_LIST is a nested attribute which
carries frequencies as sub attributes. Validate the size of each
sub attribute to make sure it's of size uint32_t. Extract the
frequencies if all are of valid size. Return failure if an
invalid length attribute is found.
Change-Id: I1743c2dbef640b28b78504a548edbb70f4f29e49
CRs-Fixed: 2513822
If radar event is indicated in station vdev, it may be dropped by
station vdev since station does not support DFS master.
Select first sap vdev started in dfs channel to handle radar event.
Change-Id: I74229eb02c6ae6d81042df6b736d231db26253b5
CRs-Fixed: 2512836
Scan period is configured through the DRIVER command
SETROAMSCANPERIOD currently. Add provision to set the same through
the roam subcmd and the attr QCA_ATTR_ROAM_CONTROL_SCAN_PERIOD
Change-Id: I3dd56f56ac8bc4ba48a88f8df292e9d4d5545fed
CRs-Fixed: 2509656
Use "client mac address" in bootp protocol to get
station id to handle scenarion when
DHCP exchanges(discover/offer/request/ack) happens
with broadcast address as destination address.
Change-Id: Ie233b2ffed1533f0a45fded199bb09649e48b4dd
CRs-Fixed: 2506023
Userspace may query for current configured full roam scan period
through the vendor cmd QCA_WLAN_VENDOR_ROAMING_SUBCMD_CONTROL_GET
and the attribute QCA_ATTR_ROAM_CONTROL_FULL_SCAN_PERIOD.
Fill the full scan period in the same attribute and send as reply
Change-Id: I0ab8b3d7b469515244ce27accc852c6d93514b2d
CRs-Fixed: 2508804
Userspace may configure and enable roam control and query for
the status. Add provision to send the same as vendor cmd reply
Change-Id: I7b82f85fa560c974eedc5115276bd87a84f9d3a0
CRs-Fixed: 2508802
When wifi is off, unnecessary error logs are printed. To avoid these logs
from printing, move hif context assignment to right before its usage.
Change-Id: Ie2313f796674885a7a518693a09877df4e6cb817
CRs-Fixed: 2513187
Topic: 6ghz_chan_to_freq
Convert channel to freq in tpAddBssParams and wma_vdev_start_req
structure to avoid duplicate channel numbers in 6ghz, and 2.4ghz
operation.
Change-Id: I8f657a566d1555efa07bf9155b84c37431c57f86
Crs-Fixed: 2511312
Userspace disables the roam control config once it's done with
the controlled roaming. Driver should restore the params changed
by roam control config enable and proceed with roaming as per
its default behavior.
Restore the below params which are getting modified as per
the current implementation,
1. Roam trigger bitmap
2. Scoring
3. Scan period
4. Full scan period
Change-Id: I1be699825bdd798f20a3432ebccb922ade67f89b
CRs-Fixed: 2508780
Userspace can disable/enable scoring for roam candidate
selection through roam subcmd and the attribute
QCA_ATTR_ROAM_CAND_SEL_CRITERIA_SCORE_ENABLE.
Firmware supports the below configurations currently,
1. Default selection criteria where all selection criteria
are enabled and different weightages/scores are given to
different criteria.
This will be enabled when userspace doesn't specify any
candidate selection criteria.
2. Legacy candidate selection criteria where scoring
algorithm is disabled and only RSSI is considered for
roam candidate selection.
this will be enabled when userspace specify 100% weightage
for RSSI.
Rest of the combinations are not supported for now.
Update the RSO config whenever scoring is enabled/disabled
Change-Id: Ibb787ef5433eebbdd3633748135ba6e314c931b6
CRs-Fixed: 2508778
Userspace enables the roam control config and may query for it
later. In order to indicate the current status to userspace,
cache the same in struct sCsrNeighborRoamControlInfo
Change-Id: Ib535d6940df48305bda74a624604217d1f968861
CRs-Fixed: 2508777
Userspace can configure different roam triggers as defined
in qca_vendor_roam_triggers through the roam subcmd
QCA_WLAN_VENDOR_ROAMING_SUBCMD_CONTROL_SET and the
attribute QCA_ATTR_ROAM_CONTROL_TRIGGERS. Send the roam trigger
bitmap to firmware
Change-Id: I692110a2ae1ee5a35bb248b9138080a7dfb02cf6
CRs-Fixed: 2508776
Userspace can update the full scan period through the roam subcmd
QCA_WLAN_VENDOR_ROAMING_SUBCMD_CONTROL_SET and the attribute
QCA_ATTR_ROAM_CONTROL_FULL_SCAN_PERIOD. Send the same to firmware
as part of roam scan offload command
Change-Id: I7c1046763d693faa3340b655848d3306ef92e06c
CRs-Fixed: 2508775
Add bss req bss_id vdev_id is not set to vdev id and thus if vdev start
fails, wma_remove_peer_on_add_bss_failure try to delete
peer from vdev id 0 instead of proper vdev_id.
Fix is to set proper vdev id to add bss req bss_id.
Change-Id: I9bbe7daf03fe2872d7026872e8dd7818840f9345
CRs-Fixed: 2513007
Configure the preferred channel list received from vendor
roam subcmd command ROAMING_SUBCMD_CONTROL_SET as dynamic channel
list to firmware. Combine this channel list with the existing
occupied channel list and send to firmware. Flush this channel
list as part of csr_cleanup
Change-Id: Ibc45291f72844331096cb460257cab6f0b0095dc
CRs-Fixed: 2507159
In current SAE implementation, lim_process_sae_auth_frame() and
lim_process_sae_preauth_frame() all pass parameter session id 0
to lim_send_sme_mgmt_frame_ind(). In some test case, once vdev
id 0 is removed, hdd_indicate_mgmt_frame() can not get adapter
through vdev id 0, then SAE frame will not forward to supplicant.
Update SAE frame session id to make sure at least one adapter can
be found. Once adapter is available, __hdd_indicate_mgmt_frame()
can get the expected interface through destination mac address.
Change-Id: I3e8f430c4760448c6cc8dab9464979371de86118
CRs-Fixed: 2507342
When vdev create happens, objmgr creates vdev and stores
vdev_id into adapter, vdev_create message is posted to
scheduler thread and driver wait for the session_open_event
to be completed. Before this event completes if SSR
occures, session open event is forcefully set which leads
to the failure of vdev create. In current implementation
in case of force event set, driver returns without
destroying the vdev from objmgr which leads to vdev leak
in stop modules.
To resolve above issue, destroy vdev from objmgr in
case if vdev create fails.
Change-Id: Id0bbde0085d2b4d91b0590e3bb8a7798cd0ba0fa
CRs-fixed: 2505590
Force set peer's phymode to the phymode of current interface if first
one big then second one, then TDLS link can't select more better
phymode when DUT support VHT mode and connect to 11A mode AP.
Change-Id: Idc72e04dcdf7ead3b52effc2c06862bc9dddd732
CRs-Fixed: 2512622
If STA disconnect failed for any reason, cleanup IPA STA iface
if not already done.
Change-Id: I27ff33324bc4724e8470af9a0c434fa03e8aa5c3
CRs-Fixed: 2505563
Set hidden_ssid when restart sap on another channel, currently tested 2
methods to restart sap on another channel: 1, force-scc switch to station
channel; 2, iwpriv wlan1 setChanChange x. Both of them run into error
state: with hidden_ssid set in hostapd.conf: ignore_broadcast_ssid=1,
after channel switch, APUT reply broadcast probe request with it's SSID.
Copy pe session parameter: ssidHidden which stored user setting to next
channel vdev start.
Change-Id: I56580529e2b0db673c6b28c75094a7fd225cba77
CRs-Fixed: 2506214
Unused members of delete bss params structure are removed
and structure is re-framed.
Change-Id: Ib2e7c72e0636765341792a79aa12968a84ed4879
CRs-Fixed: 2512877
When wifi is off wlan module is closed and hence allow cfg80211
suspend/resume to pass and return success to kernel.
Change-Id: Ic7d43a690c75be1254afa97f872d5c8228f93fcc
CRs-Fixed: 2512492
Currently the function hdd_roam_deregister_tdlssta is not declared
as static when the macro FEATURE_WLAN_TDLS is not defined. This can
cause a multiple definition error.
Declare the function as static so as to avoid this build time error.
Change-Id: Id85f8bed57a7bdfbeac5722ea687066f7f74a50f
CRs-Fixed: 2511744
Currently roam channel list is directly accessed from
mac->roam.neighborRoamInfo[sessionId].cfgParams.channelInfo
in multiple APIs to set/clear.
This needs to be enhanced as as firmware supports two channel
lists(static and dynamic) for roam scan, userspace may configure
both the lists. Cleanup the APIs to accommodate both of the
channel lists. Rename the variable channelInfo of cfgParams to
specific_chan_info to suit the usage.
Change-Id: I67548bc040c2296b75b9429f5891a5251a2a88d6
CRs-Fixed: 2507157
Legacy code releases vdev start wakelock after vdev down
command sent to firmware to overcome race condition. Target_if
common code takes care for wakelocks.
Hence, do not release start wakelock in legacy code.
Change-Id: I550ffb17e2e29f3b0bad618dc9ef9463a94800aa
CRs-Fixed: 2512151
In function wlan_hdd_set_sap_csa_reason, sap_ctx pointer is
dereferenced without NULL check.
Add NULL check to avoid null pointer access.
Change-Id: I74bbfdcae6d5a06d5eaf0cd66e3ff9c3380c6bb0
CRs-Fixed: 2512034
Add configuration for gpio pin used to send strobe to wlan hw.
The host driver will latch the current time and toggle the gpio
to generate a strobe to wlan hw.
The tsf will be latched on detecting the strobe and it will be
made available in a register for sw access.
The wlan fw will read this tsf and report it to driver using tsf event.
Change-Id: I4365d97d22836ddbbd2bf9913d4f723e5a870369
CRs-Fixed: 2495152
For runtime PM if the bus is suspended driver need to consider
extra 6 sec time for bus resume.
Thus add 6 sec extra in WMI timeouts if runtime PM is supported.
Change-Id: I5515cc889a0315382bac11a33ea6f901b7af1c46
CRs-Fixed: 2507029
In case of HL, send tx completion bit in HTT tx descriptor
to receive tx completion from FW and disable DHCP indication
to FW properly.
Change-Id: Iff8e0c1f5d95c4f62af8b498552d92b57006969c
CRS-Fixed: 2506011
Replace lim functions parameter struct scheduler_msg
with struct bss_params.
Internal functions don't need param struct scheduler_msg,
wma can call lim API: lim_handle_mlm_add_bss_rsp directly
instead of post msg.
Refactor struct bss_params memory free method.
whether success or fail when handle lim add bss rsp,
struct bss_params memory need free, it is simple and
clear to free only in one place: end of
lim_handle_mlm_add_bss_rsp.
Change-Id: I2d5d647a6949b1e0bdfbbe9a4dfb390a362a75ee
CRs-Fixed: 2508876
This member renamed by another change recently, and change here
accordingly to avoid compilation issue.
Change-Id: I65903cdb5255deca4b4a83daceec178790e76501
CRs-Fixed: 2505462
Currently the host driver sets PMKSA op_flag for flush and
delete PMKSA entry as in both the cases PMK length is 0.
This is not correct because for delete PMKSA command only
the bssid and SSID will be sent to the firmware.
For the host driver to distinguish between del_pmksa and
flush pmksa, the is_flush_all flag should be used.
is_flush_all: true - Flush pmksa
is_flush_all: false - set/del pmksa based on the action flag.
Change-Id: I7eac65317a9c6904cfd08acce328a65df451269e
CRs-Fixed: 2503372
Cleanup ol_txrx_flush_cache_rx_queue to find peer
from peer_list instead of sta_id.
Change-Id: Ia737e732051f3cdad53b1a552eb273b8a05562aa
CRs-Fixed: 2508259
The mapping of sta_id to the adapter in hdd context stores the adapter
with respect to the corresponding sta_id. Currently, the mapping is not
used anywhere in the driver even though the adapters are stored in it.
As there is no usage for the mapping, remove it as a part of sta_id
cleanup effort.
Change-Id: I26590a69e61d82f723a83eb3f9f24c42afa6c5a2
CRs-Fixed: 2511767
The sap unsafe channel restart process include two subprocesses: CSA ie
update and channel switch, but CSA ie update request using
mac->sap.SapDfsInfo to save target channel switch parameters, which
would be overwritten by 2nd sap restart at same time. For example:
SAP1 on chan 1 and SAP2 on chan 36, then lte coex mark chan 1 and
chan 36 as unsafe channels, now SAP1 and SAP2 would switch to same
channel, but actually they can be on different channels doing DBS.
To fix it, one option is save the target channel switch parameters to
different session, but looks it may introduce a lot of code change,
because the logic is shared with DFS/concurrency. So the simple option
is making sap unsafe channel restart execute once at same time.
Change-Id: Ieaab3007fb6e79a9741f892e86771d2f52c03e3c
CRs-Fixed: 2504867
Refactor vdev stop and down code to target_if common code.
Remove legacy code for vdev stop and down.
Change-Id: I4ab0743d39a3b37816ab9f18e8850cadf1335c15
CRs-Fixed: 2506649
In function csr_check_concurrent_channel_overlap, local
variable intf_ch is defined as uint16_t, but its pointer
is casted to uint32_t * before invoking
policy_mgr_get_sap_mandatory_channel, which will do
32-bit memory write and causes a stack memory over-
writing.
Call Trace:
dump_stack+0x46/0x59
print_address_description+0x66/0x22b
kasan_report+0x21f/0x245
policy_mgr_get_sap_mandatory_channel+0x1fd/0x258 [wlan]
csr_check_concurrent_channel_overlap+0xf84/0x10d2 [wlan]
sme_check_concurrent_channel_overlap+0xaa/0xf0 [wlan]
wlansap_check_cc_intf+0x102/0x124 [wlan]
wlan_hdd_get_channel_for_sap_restart+0x506/0x8f8 [wlan]
policy_mgr_check_sta_ap_concurrent_ch_intf+0x35e/0x425[wlan]
process_one_work+0x2cc/0x53b
worker_thread+0x357/0x490
Change the type of the 2nd parameter to uint16_t within
function policy_mgr_get_sap_mandatory_channel, so only
16-bit memory writing will take place.
Change-Id: If514a394e65d005a1fe025c0e753bf7440dd5dde
CRs-Fixed: 2508798
Direct buffer tx component initializes in target_if_init, which cause
platform assert since g_umac_glb_obj is NULL. So change the order to
avoid NULL pointer access.
Change-Id: I348775d08ccc478caef605c2ae8d1b6d65d77eb2
CRs-Fixed: 2497809
Avoid compiling ol_rx_reorder.c and ol_rx_reorder_timeout.c
for low latency and only compile for high latency
data path.
Change-Id: I1f3819fa093766abba87e5dc6dc44e6d2188740b
CRs-Fixed: 2506005
In "Change-Id: I2896f7704ffb809214c5b08756c4b8673307fd9e", parameter
type of hif_get_hal_handle changed from void to hif_opaque_softc,
which cause compilation failure in wma_init_dbr_params.
Change-Id: Idbb591bb1ea1507661882fe48b18eaaffcac164d
CRs-Fixed: 2504894
Support monitor mode enablement by changing driver mode, and also
remove the support that enable monitor mode with insmod parameter
"con_mode_monitor = 4", use "con_mode = 4" instead.
enable monitor mode steps for reference:
(1) change driver mode
a. svc wifi disable
b. echo 4 > /sys/module/wlan/parameters/con_mode
c. ifconfig wlan0 up
d. iwpriv wlan0 setMonChan 11 0
(2) insmod with kernal parameter way
a. insmod /vendor/lib/modules/qca_cld3_wlan.ko con_mode=4
b. ifconfig wlan0 up
c. iwpriv wlan0 setMonChan 11 0
Change-Id: Ie615533d060261d545b3b92bea9916099ccccadd
CRs-Fixed: 2494158
Presently in the driver, in function hdd_objmgr_create_and_store_vdev
the vdev object is created and stored. In case the creation of the vdev
fails due to some reason, the corresponding error condition tries to
free the osif_priv pointer. This osif_free pointer is actually already
freed as a part of vdev_obj_delete -> vdev_release_ref -> vdev_obj_free.
As this is already freed, a possible double free scenario can occur in
the original error handling scenario.
To avoid this scenario, do not free the osif_priv pointer in the error
handling as it is already taken care in the caller.
Change-Id: I7fc7be187ce1e303c81da885a75c600a7b6c4b3e
CRs-Fixed: 2507432
enum qca_wlan_vendor_roaming_subcmd contains different values of
subcmds to be used with QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD and
these are not attributes.
Values of the enum qca_wlan_vendor_roaming_subcmd have been
renamed according to usage and relevant documentation is added
in qca-vendor.h. Make corresponding changes in usage to avoid
compilation errors.
Use right max index(QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_MAX) while
parsing for PARAM_LIST_SSID. This caused compilation error as the
inappropriate max index(QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_MAX)
is used for parsing which has been deleted now.
Change-Id: Ifc063b801ba2729e8cff1581ef63e78e1d36a32d
CRs-Fixed: 2508196
Currently, the API cdp_fc_get_tx_resource takes as input the sta_id. As a
part of cleaning up the usage of sta_id, replace it by peer mac address.
Change-Id: I7b81a05d312da84aa16c82f0f6152710daf986c5
CRs-Fixed: 2507274
Cleanup ol_txrx_get_tx_resource to be peer mac address based
from local peer id based.
Change-Id: Id7ac4b5152c782d3475d9fad59f8f835102483cc
CRs-Fixed: 2508132
Some system suspend commands are getting sent to firmware while
runtime resume is in progress. Sync runtime pm resume when system
suspend occurs to avoid this.
Change-Id: I6e652104e984b81e29a5f328fcf3937502a8f47f
CRs-Fixed: 2509910
Currently the NUD tracking is done only for STA mode.
For all the adapters the NUD tracking work is not
created and hence should not be destroyed when the
adapter is cleaned up.
Destroy the NUD tracking work only for the STA adapter.
CRs-Fixed: 2505365
Change-Id: I677a07cb37e2d547e62b7ffebf6d014255a9d237
In the current wlanhost driver dump status, it doesn't
support to count the dropped packets seperately that
due to firmware don't have enough tx descriptors, so
add such function which can benefit KPI tune.
Change-Id: I1a72acbc4f1f861c2013a1ef1a95b73acccd6b53
CRs-Fixed: 2507410
Currently the driver selects channel 12, 13 as they are
free from BSS as their weights are minimum, which results
into IOT issues as legacy STAs do not support the same.
Fix is to avoid channel 12, 13 in SAP ACS process, and try
to start the SAP on channels from 1 - 11.
Change-Id: If735fade7d7b489b45a20f74c04bab5582343f79
CRs-Fixed: 2509791
Convert channel to freq in hdd_connection_info, so
remove unused 'channel' and rename 'freq' to 'chan_freq'.
Change-Id: I0d3fd39f9ac3c2303729b27b7c97385097c82104
CRs-Fixed: 2508791
1. Add g_enable_go_force_scc INI configuration
to enable force SCC on P2P GO interface.
This option only takes effect when
gWlanMccToSccSwitchMode INI enabled.
2. Add API policy_mgr_is_go_allow_force_scc to get
the above configuration value for GO.
Driver will apply "MCC to SCC" logic to P2P GO
interface based on STA active status and the configurated
INI values.
Change-Id: I1d16368b5f2d88984b91ef0a3e882148c20dcd23
CRs-Fixed: 2509555
In AP+STA case, if g_sta_sap_scc_on_lte_coex_chan != 0,
SAP is allowed SCC with STA on unsafe channel. And
if g_sta_sap_scc_on_dfs_chan != 0, SAP is allowed
SCC with STA on DFS channel.
But when the STA disconnected, standalone SAP is not allowed
on unsafe channel or DFS channel. We need to move
the SAP to safe channel or non DFS channel.
The original API -
policy_mgr_is_sap_restart_required_after_sta_disconnect
only handle AP+STA case. Change it to cover 3VIF
concurrency case - AP+AP+STA.
Change-Id: Iec4e750d8b3fda0cc52ac698ecaa9a274f935706
CRs-Fixed: 2509545
Currently, cdp_peer_get_vdev_by_sta_id takes as input the sta_id. As a
part of cleaning up the usage of sta_id, replace it by peer mac address.
Change-Id: Ibb7f3489899ac3fda48ad5e54891cd2d7623c6c8
CRs-Fixed: 2507219
Rename API ol_txrx_get_vdev_by_sta_id to ol_txrx_get_vdev_by_peer_addr
and cleanup ol_txrx_get_vdev_by_peer_addr to be peer mac address based
from local peer id based.
Change-Id: Ie3b8a1d97b5196e7306e5641cb894f31b8abe154
CRs-Fixed: 2504565
Currently the driver calls the pre bss scan cb
which is used to calculate the weight to start
the SAP on best channel. This API depends upon
the SAP context pointer which is passed as a arg
to the scan module, which in turn returns the arg
as part of the scan cb. But it may happen that
the SAP was deleted before the scan cb was called.
In that case pre bss scan cb and weight calculation
does not matter to the driver as SAP in any case is
OFF. Here the sap context which was passed as an arg
to the ACS cb is used after free, and there is no way
currently to validate the pointer. But as part of scan
cb, the driver gets a vdev pointer, which would be in a
logically deleted state, if the stop adapter for SAP has
been done. Using this data, the driver can know the object
status, and then decide to continue with the weight calculation.
Fix is to try get vdev ref before the weight calculation algo
kicks in, and return if the reference cannot be taken to avoid
use after free for SAP-context.
Change-Id: Ib9c3bde4a36ee49efdadab3dc531991b8688f79e
CRs-Fixed: 2509249
When lte channel avoidance event triggered, multiple SAP will choose
safe channel from pcl/acs combination and switch to the safe channel
one by one.
Actually when force SCC mode is enabled, if one SAP is the same band
as other concurrent SAP whose channel is already safe, it doesn't
need to choose safe channel from pcl/acs again, just needs to
follow concurrent SAP channel. Add code to implement this policy.
Change-Id: Icc9b2a53bb56915daeab8d94eceaaa64a660cb65
CRs-Fixed: 2500183
There is only vdev start, stop, and set-key wakelocks for system suspend
as of now. Add vdev start, stop, and set-key wakelocks for runtime PM
also.
Change-Id: Ic071bcfb112ae8861a446298677d190484f0c01b
CRs-Fixed: 2507852
As a part of vdev manager conversion, vdev delete code is
refactored. Legacy code and naming is removed. In vdev manager
operations, STA_SESSION is addressed as VDEV.
Hence WLAN_SER_CMD_DEL_STA_SESSION macro is renamed to
WLAN_SER_CMD_VDEV_DELETE.
Change-Id: I34b0a34191bef1f279582178f25b9b20b33e709e
CRs-Fixed: 2508150
In wlan_hdd_extauth_copy_pmkid(), pmkid received from userspace
could be NULL. Currently there is no validation for the PMKID.
Add check to validate the received PMKID before copy.
Change-Id: I756458562bf20226a202a5ecdbbe9e79884169c7
CRs-Fixed: 2508935
SAP1 chan6, SAP2 chan6, LTE channel avoidance event marks
chan6 unsafe, driver will do channel switch for SAP1 and SAP2 to
safe chan 1.
In the middle of channel switch of SAP1, policy_mgr_allow_concurrency
disallows the channel switch request because new SAP1 channel 1
will cause MCC with existing SAP2 (channel 6) and firmware
doesn't support MCC for dual-beacon entities on same band.
This change removes all the SAP entry on the old channel
before do concurrency check for SAP channel change request.
Change-Id: Ic2c828a3fec4cbe2f11d4bedf471211bee442e9e
CRs-Fixed: 2491265
Currently the driver modifies the channel list
which came from hostapd in trim channel list API
in case of concurrency present.
This would in turn prevent SAP to change channel
to a safe channel whenever a LTE-COEX event comes
as the acs channel list would contain only one channel
that would be the SAP channel itself.
Fix is to retain the info of channels which came from
the hostapd, and use this info to restart he SAP.
Change-Id: I9d43930d78f1eaedb01139a9ddc319b610d21862
CRs-Fixed: 2501400
Currently the API hdd_is_current_high_throughput considers any
throughput level higher(or equal) than PLD_BUS_WIDTH_HIGH as high
throughput level. Based on this level, driver decides to take up RX
wakelock and log certain stats(TDLS). This can have an impact on power
even in HT20 modes.
Reduce the high throughput detection level to PLD_BUS_WIDTH_MEDIUM. So
throughput >= 60Mbps is considered high by the API.
Change-Id: I2225edc55568facf4b74a389b4a0a53845ea14ae
CRs-Fixed: 2495719
Currently DP RX threads are using the same wait_q for all operations.
The problem with this is that when there is traffic for only one
threads, we end up waking up other threads as well moementarily.
This wastes power and is in-efficient.
Use different wait queues for different threads.
CRs-Fixed: 2495719
Change-Id: I689659b7aa0ab93b7e2f009d2dc7fe741b66ee78
