Currently tkip mic countermeasure is not supported for Napier. Fix is to
indicate tkip mic error indication to protocol layer so that errors can
be propogated to supplicant.
Change-Id: I8ee94343e76040e360f0887a826c07f98545f71f
CRs-Fixed: 2151984
In function wlan_hdd_send_roam_auth_event, FILS kek is copied to
skb for the vendor command QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_PTK_KEK
for kek_len length. There is no validation for the max value of
kek_len and would lead to an buffer over-read if kek_len exceeds
SIR_KEK_KEY_LEN_FILS.
Add sanity check for kek_len for max limit SIR_KEK_KEY_LEN_FILS
before copying the kek to skb.
Change-Id: I4290909cd2df8686a32d25aa14711db2b899b2eb
CRs-Fixed: 2152985
Add support for periodic stats for data packets to be displayed in
wlan driver logs.
Change-Id: Iee6759ae75657ae93e94ea1bb1343f2ea489c087
CRs-Fixed: 2120047
Flush SAP pre-cac clean up work during SAP stop adapter such that
pre cac work does not run after SAP adapter is destroyed.
Change-Id: Ie3e659ab04a9d9bf3b7c114c2d0446f13746420c
CRs-Fixed: 2152520
The Tx system pipes are not needed for MCC when TX_FLOW_CONTROL_V2
is enabled, where per vdev descriptors are supported in firmware.
Change-Id: I42ca1211af5a301db5fbbbfdd1876bd9065ab77a
CRs-Fixed: 2150488
Set ARP stats command is sent to firmware after
SAP is stopped. As a result, invalid vdev id is
sent in the set ARP stats param resulting in
firmware crash.
Fix is to add check to validate vdev id before
sending set ARP stats command to firmware.
Change-Id: Ia7ab56b9d5aa6a0fd53d84ef1264feea395dd44c
CRs-Fixed: 2149289
Once duplicate sta entry is deleted, in lim_send_sme_disassoc_ntf,
driver loop through the SAP interfaces to find the new added sta
to send ADD STA req to firmware. Now while looping through SAP
interfaces even if STA is found on 1st interface, it checks next
interface, making the sta entry as NULL. Thus even if STA is present
on an interface sta remains NULL and ADD STA req is not sent to
firmware.
To fix this break as soon as STA entry is found in a session.
Change-Id: I6fbeda48c7a8f403bbdb8c0bd9b38b832d7e002f
CRs-Fixed: 2149764
Interface up runs in normal mode (wifi@1.0-service) and it gets
preempted by the con_mode change handler when Monitor mode is
invoked via user. Then again when the normal mode gets scheduled
after the completion of Monitor mode, it tries to access contents
freed during the con_mode change.
The __con_mode_handler is made to wait for the external
threads to complete before making the con mode switch
Change-Id: I245b6b6f855e119a11422677da161a43c1184069
CRs-fixed: 2147499
Currently driver updates beacon for ESE connections as well
as part of SIR_HAL_ROAM_INVOKE. Due to this, there is a
possibility that firmware may receive rejection of reassoc
request because of stale beacon and results in roaming failure.
Hence, do not update beacon for ESE connections so that firmware
can use latest beacon to avoid roaming failure.
Change-Id: Id10cec040c36e559eacf82388f3d702afc17ce5a
CRs-Fixed: 2150713
Currently driver updates KRK/BTK only during RSO start.
Supplicant can update these KRK/BTK during timeout. But
driver currently does not update KRK/BTK dynamically.
This can lead to MIC failure in firmware and cause
roaming failure. Update KRK/BTK as and when they are
received using RSO update to fix this issue.
Change-Id: Ib3ee656e63920d0162dea56eef7f052c585bb5a4
CRs-Fixed: 2149232
cds_sched_open is called as part of cds_open, but cds_sched_close is
called outside of cds_close. This leads to situations where the CDS
scheduler is started but not properly closed. Move the call to
cds_sched_close into cds_close, such that the CDS scheduler lifecycle is
tied directly to the CDS core lifecycle, to prevent CDS from closing
without closing the CDS scheduler.
Change-Id: I440ec279e6b750a7b41ec05000fc66b6cebdb8d8
CRs-Fixed: 2151049
Function wlan_hdd_cfg80211_update_bss_db will return pointer of
struct cfg80211_bss.
Caller should invoke cfg80211_put_bss to free resource in pointer.
In some case those resource not be free.
Change-Id: I7fa55a09fcc3515361e9568cf87966e4533085e4
CRs-Fixed: 2146717
Call object manager peer create API when NDP peer is create.
For peer delete, object manager API is called by deregister
sta API.
Change-Id: If84c9847d53b5563eea13646f669a6e8b7fd166d
CRs-Fixed: 2137426
Clang generated the following warning in various places:
warning: address of array 'weight->pcl_list' will always evaluate
to 'true' [-Wpointer-bool-conversion]
if (weight->pcl_list) {
~~ ~~~^~~
Remove the unnecessary NULL check for address of array.
Change-Id: Ibc82b4d7135a0425748c0fb7f065435ccd28ad6f
CRs-Fixed: 2150410
Measurement pilot public action frame (Action Id = 7) is not
handled in the driver, if the AP is sending this action frame
it ends up waking up the APPS and burn battery.
Since anyway host is not handling this action frame, configure
the firmware to drop this action frame.
Change-Id: I15327f9af8cccaa7324e4e39f1e6336225740b75
CRs-Fixed: 2146506
The current tx & rx member of skb->cb structure has lot of common members
duplicated across CONFIG_WIN and CONFIG_MCL.
The common members are now moved out and new members are added as per the
requirement. Also the members are organized to avoid additional padding
and fit within the 48 byte boundary for both 32bit & 64 bit platforms.
Change-Id: I27abc95d51127513cf2e7e9657a4ee84324b2cc9
CRs-Fixed: 2142792
Send WOW timer pattern to firmware when suspend is requested and
INSTALL_KEY is not sent to firmware yet. This will allow firmware
to wake host in case Eapol frames are not received and do a graceful
disconnect.
Change-Id: Ibbcc0af85ee9ddcd7f6559c83c67274508193004
CRs-Fixed: 2127634
Do not process the reg notifier request if the regulatory
information is invalid
Change-Id: I13e288cd03e3fbdb192733a6675c7ec00e927250
CRs-Fixed: 2145505
During SSR we check if the driver is in bad state, to decide
whether we should send suspend to the fw. This causes a race
when SSR occurs during driver probe, since the driver state is
still marked as bad.
Clear the flag indicating the driver state as bad during the
start of probe.
CRs-Fixed: 2144058
Change-Id: I13087dc65dbffa6a784395606fac2c41f6ce7591
IOCTL cannot handle names more than 15 character long.
So rename enable_range_ext to range_ext.
Change-Id: I9134cc76357f1cd6e175581fa072a8cbb67c19e4
CRs-Fixed: 2146728
The reinit logic for SAP shouldn't initialize all the data
structures related to ACS to 0 after SSR.
Change-Id: Id637968b3e0edc0f3698836802012f5921c5c79e
CRs-Fixed: 2150314
WLAN driver changes this system paramerter (via cnss-daemon) when the RX
throughput requirement changes LOW->HIGH or HIGH->LOW. This depends on
the whether the number of RX packets received in last 100ms interval is
greater than 500 or not. The 100ms and 500 thresh params are
configurable via WLAN ini file WCNSS_qcom_cfg.ini.
Add ini support to enable/disable changing of this system parameter by
WLAN driver. Since tcp_adv_win_scale is a system parameter, some
customers may not want the WLAN driver to change it and may want to set
their own default values.
"gTcpAdvWinScaleEnable=0" when added to the ini file will prevent
the driver from making any changes to the system parameter
"/proc/sys/net/ipv4/tcp_adv_win_scale". The default value of the ini
file param gTcpAdvWinScaleEnable is "1".
CRs-Fixed: 2033338
Change-Id: I19288bba11841cf176118abaf08ccaabaf2f79b9
hdd_vdev_create currently uses the unconditional vdev ref grabbing API,
wlan_objmgr_vdev_get_ref. While this may be the single valid use case
for the API outside of objmgr core, it is better to avoid using the
uncondional API outside of objmgr core at all. This sets a good example
for future consumers of the vdev ref APIs, and makes it easier to spot
incorrect usages of the unconditional API. In hdd_vdev_create, use
wlan_objmgr_vdev_try_get_ref and abort the vdev create operation if a
reference cannot be obtained.
Change-Id: Iafdcec9752b7189f8c74b8838b2d9261676184f9
CRs-Fixed: 2150258
In function wma_extscan_cached_results_event_handler,
event->num_entries_in_page is received from the FW and is used in the
function wma_extscan_find_unique_scan_ids to calculate scan_ids_cnt
from src_rssi buffer. If the value of num_entries_in_page is greater
than the number of src_rssi buffers present, a buffer overread would
occur in the function wma_extscan_find_unique_scan_ids.
There is already a check in place to valudate num_entries_in_page in
the function wma_extscan_cached_results_event_handler however it is done
after the call of wma_extscan_find_unique_scan_ids.
Move the checks on num_entries_in_page before using it in the function
wma_extscan_cached_results_event_handler
Change-Id: Ib5e803589deb6ca074cb70326b9ce846d0754a73
CRs-Fixed: 2149720
