Kernel needs the below to create NAN interface from driver,
1. Register APIs to the NAN ops. Define dummy APIs as the APIs
are not supported for the current driver design.
2. Define NAN supported bands and 2GHZ is mandatory.
3. Set the iftype NL80211_IFTYPE_NAN in the supported
interface_modes.
Change-Id: I22db31840da2ba0e44b79077a8790b55f1151684
CRs-Fixed: 2592022
Testing HSP roaming by issue DRIVER FASTREASSOC
00:24:01:38:b1:a1 6 to trigger manually roaming,
host gave wrong channel number instead of channel freq in
WMI_ROAM_INVOKE_CMDID.
Change-Id: I50157f2aa3447ee7b57a4ddefabd41db0876a50c
CRs-Fixed: 2592946
The max number of VDEV that the FW can support is 4. Due to memory
limitation, the host cannot send more than 4 vdev create to the firmware.
But for certain scenarios such as NAN, where there is a need to create two
extra interfaces apart from wlan0, wlan1 and p2p0 (e.g. aware_dataN
interfaces), there needs to be 5 vdevs created in the host.
To support 5 vdevs in host and in the same time only send 4 vdev
create to the firmware, allow an extra 5th interface to be created.
But do not allow all the 5 vdevs to be "up" simultaneously
(existing check in objmgr).
Change-Id: I5b677ae21043f7ee54194541576aa5125719d9b6
CRs-Fixed: 2472869
DSRC feature is enabled by SDIO card profile. But when debug SDIO
interface feautre, there are many DSRC module compile issue.
Change-Id: I4429f2a6e68b67140a72ad9634031f459ccda397
CRs-Fixed: 2590115
Reject moniotr mode request if the BW given in the
start monitor command does not match with the
FW capability.
Change-Id: Ic1e2f4bcb811ec56526ae179407db197af591c9c
CRs-Fixed: 2590873
When SAP is on 5G and STA connects to 6Ghz AP, the "force
SCC" logic will move SAP to STA home channel if SAP is 6Ghz capable.
If SAP is not 6Ghz capable, SAP will be moved to 2G (DBS) to
avoid MCC(5G+6G) for DBS HW and SAP will stay on 5G for non-DBS HW.
SAP is 6Ghz capable only when all of below statements are true:
a. SAP config includes WPA3 security - SAE,OWE,SuiteB.
b. SAP is configured by ACS range which includes any 6G channel or
configured by 6G Fixed channel.
c. SAP has no legacy clients (client doesn't support 6G band).
legacy client (non 6ghz capable): association request frame has no
6G band global operating Class.
Change-Id: I7e9723fd1b679326a3df61932850589e6e503f3d
CRs-Fixed: 2593569
When host sends assoc response to supplicant, it
allocates a buffer of fixed size and copies a variable
length of assoc response IEs to this fixed sized buffer.
There is a possibility of OOB write to the allocated buffer
if the assoc response IEs length is greater than the
allocated buffer size.
To avoid above issue validate the assoc response IEs length
with the allocated buffer size before data copy to the buffer.
Change-ID: Ib12385e9ff04e5172ae8b505faf959e426fda439
CRs-Fixed: 2583124
Create the debugfs interface to show the ini configs.
Usage: cat /sys/kernel/debug/wlan/ini_config
Change-Id: I2c6aeeaae6d79739bb8ab82740e8be678c18fd89
CRs-Fixed: 2572142
Currently txrx_ops.tx.tx is given vdev handle
as its argument, which is directly accessed
by the caller. This can cause a race-condition
in access of the respective handle if it has
been deleted in parallel.
Hence as a part of cdp convergence, pass only
the vdev_id, which will be used to get the
respective handle and hence avoiding unwanted
access of the handle if it has been deleted.
Change-Id: Ie158a2ba805f52658cd6fb12c969fc0d677c1815
CRs-Fixed: 2541631
Currently cdp ops are given pdev/vdev/peer
handle as its arguments which is directly
accessed in those APIs. This can cause a
race-condition in access of the respective
handles if it has been deleted in parallel.
Hence as a part of cdp convergence, pass only
the pdev_id or vdev_id or peer mac address,
which will be used to get the respective handles,
and hence avoiding the unwanted access of the
handles if it has been deleted.
- txrx_data_tx_cb_set
- txrx_mgmt_tx_cb_set
- txrx_mgmt_send_ext
- txrx_pdev_attach_target
- txrx_pdev_detach
- txrx_vdev_attach
- txrx_vdev_register
- txrx_vdev_detach
- txrx_peer_create
- txrx_peer_delete
- txrx_peer_delete_sync
- txrx_fw_stats_get
- txrx_get_vdev_from_vdev_id
- txrx_pdev_set_ctrl_pdev
- txrx_pdev_attach
- txrx_get_vdev_mac_addr
- txrx_pdev_post_attach
- txrx_pdev_pre_detach
- txrx_get_ctrl_pdev_from_vdev
- txrx_get_mon_vdev_from_pdev
Change-Id: Ib8b0b1edd63e7c3f8813b11ca26b50ec121fe255
CRs-Fixed: 2541459
Fix potential race condition issue when the sap_context
of adapter is null and it is accessed in work queue -
__policy_mgr_check_sta_ap_concurrent_ch_intf.
To acquire/release the "sap_context" by get/put API.
Change-Id: I91dacc6d45c377840f7d30f2f9ff902f53ccd8e8
CRs-Fixed: 2592524
Currently, There is no support to disable ring buffer. Each Ring
buffers is using 2MB and overall 10MB is consumed by 5 ring buffers.
Fix is to add ini support to enable/disable ring buffer.
Boolean ini CFG_ENABLE_RING_BUFFER is added. Default value of
gEnableRingBuffer is 1 which indicates that ring buffers are enabled
by default.
CRs-Fixed: 2592476
Change-Id: I30f95668de6df96e5c388e92e202f8c236132dc2
This change addresses 2 issues:
1. Currently the ini for SAR version specify the SAR
version. If value of the ini is 1 it specifies the SAR
version 1 and if value of ini is 2 it specifies SAR
version 2 and driver converts SAR version 1 (SARV1)
command to SAR version 2 (SARV2) command based on FW
capability.
2. If the value of the ini is SARV1 and FW expects
SARV2 command, currently driver is sending SARV1
command to FW which results in undefined behavior
at FW.
Since the use of this ini is to convert the SARV1 command
to SARV2 command, change this ini from int type to bool
type to just specify if the conversion is enabled or not
to avoid any kind of confusion.
If the ini is SARV1 and FW expects SARV2 command, reject
the user space command to set SAR power limits.
Change-Id: Ie8e3790bd8737fcb251a0481e2e6001a26295773
CRs-Fixed: 2581034
Presently, during Subsystem Restart(SSR) the object references
are not released cleanly, invoke stop adapter during the SSR
to have common functionality between the netdevice going down
and SSR.
Change-Id: I2980379022f62ef27dea92868c8033c087544d50
CRs-Fixed: 2587443
Use frequency as parameter for channel overlap handling
APIs - csr_check_concurrent_channel_overlap,
csr_calc_chb_for_sap_phymode, csr_get_ch_from_ht_profile,
csr_handle_conc_chnl_overlap_for_sap_go.
Change-Id: Ie3c9d466f21d7313998328432c063b1f6c7e5d0f
CRs-Fixed: 2577706
Currently, bus bandwidth is initialized and deinitialized in
different memory domains which may cause leaks due to async bandwidth
init and deinit.
Fix is to initialize and de-initialize bus bandwidth in active domain.
Change-Id: I67cf9ecdd47c8f3ca6e9b272ca379f0cac9a6c7b
CRs-Fixed: 2568881
Don't set unload flags earlier before unregister_driver when driver
unloading to avoid runtime resume failure. And set this flags earlier
before wait_for_ops in the pld_pcie_remove to give chance SSR will be
skipped if unloading is in progress.
Change-Id: I084db32b436148932a2a90e3e1dcb1122f4303b5
CRs-Fixed: 2589413
When 5G band is disabled by set band, need SAP switch channel
to 2G. When 5G band is enabled again, need SAP switch back to
original 5G channel. When sta connecting, SAP can't switch
channel.
Merge logic of SAP channel switch for band change and for force
scc with sta, both are implemented in:
policy_mgr_check_concurrent_intf_and_restart_sap now.
After sta associate succeed or fail,
policy_mgr_check_concurrent_intf_and_restart_sap is called again
to check and try SAP CSA for band capability change.
Change-Id: I8574209aac3cabb748a8ec05050244f480e1a0e9
CRs-Fixed: 2589021
Firmware needs maximum amsdu size for through-put optimization.
Send host configured amsdu size to firmware when vdev is created.
Change-Id: Ib292c6d9ddc828d5d0a02cf8f6d9a577c8a5c01a
CRs-Fixed: 2573857
Currently, enable_snr_monitoring doesn't be initialized properly, in
some acs scenario, hostapd will dump survey(NL80211_CMD_GET_SURVEY),
driver return error due to uninitialized enable_snr_monitoring, this
will result in acs won't be started and sap fail to start.
Fix is to remove enable_snr_monitoring from hdd_config struct,
calling ucfg_scan_is_snr_monitor_enabled() everywhere that
enable_snr_monitoring is being used.
Change-Id: I8784867683b21d9441e980a1215b2db712db381a
CRs-Fixed: 2585661
Below are the scenarios where host fails to clear roam in
progress flag:
Case 1: While processing disconnection request
Host should clear roam in progress flag irrespective of
connection state of STA.
case 2: While processing a try-disconnect request
Currently, Host waits for WLAN_WAIT_TIME_STOP_ROAM (4 sec) to
process disconnection, if firmware has already started roaming.
In case if Host doesn't receive roam completion indication from
fw, Host set connection state to not connected and fails to clear
roaming in progress flag. This results host refuses all further
connection request with reason connection in progress.
Fix is to clear roaming_in_progress flag in both cases.
Change-Id: I45d9771bcd546d8914321e3be1a6d0ce6566cdac
CRs-Fixed: 2588803
When SSR sap restart, vdev objmgr object will recreate new, if put set
vdev crypto pararams in wlan_hdd_cfg80211_start_bss(), it will not be
invoked by SSR sap restart procedure, so there is no crypto pararams in
vdev and lead to association failure when compare crypto pararams.
Move back set vdev crypto pararams to wlansap_start_bss so sap start
and restart will both invoke it.
Change-Id: I56656ffacbe153fbe73fb6e474048e055cb6a153
CRs-Fixed: 2584138
1. Update pAddBssParams->ch_width to 160Mhz ch width value
based on VHT operation IE's ch width, channel segment 0
and channel segment 1 fields.
2. Report link rate information to OS for 160Mhz based on
rate flag TX_RATE_VHT160.
The change will fix the incorrect bandwdith reported by
IW commmand (iw wlan0 link) when STA is connected to AP
in VHT160 mode.
Change-Id: I698b12da825619e8e8f28f0cf4ea1ccf2e7072e6
CRs-Fixed: 2585986
Update tx rate flags to include 160Mhz bandwidth in
wma_set_bss_rate_flags_he.
Add HE 160 mcs to rate mapping for nss 1 and nss 2.
This change will fix incorrect bandwidth report via
IW command: iw wlan0 link.
Change-Id: Idd1adc4f2783b86a2a837999ea87bb38c813f213
CRs-Fixed: 2585078
Currently use of comamnd QCA_NL80211_VENDOR_SUBCMD_OEM_DATA
is to pass data blobs from Application to FW but there is
no mechanism to send the data blobs from FW to Application.
To meet the above requirement update the usage of existing
OEM DATA command to use it as a vendor event as well to
send data blob from host to Application.
Change-Id: I502312f25d2754984b86e1cc4e011800a5d4b58a
CRs-Fixed: 2573464
Whenever there is a process waiting on a response from firmware it has the
option of using either a qdf_event or a linux completion event.
The primary difference between these is that if there is an SSR all
qdf_events are immediately completed whereas Linux completion events are
only completed by the normal flow of code.
With new upcoming changes SSR processing will take the normal path for
releasing all of its resources, and the qdf_session_close_event is used for
synchronization.
If we define this as a qdf_event, it will be completed when the SSR begins,
defeating its purpose.
Therefore change this to be a Linux completion event.
Change-Id: Ia6fe504e2a2d01f12c3d3446fffc2fc397566966
CRs-Fixed: 2586190
pm_freezing check to abort system suspend during psoc idle
restart is not working and hence remove pm_freezing check.
Correct fix(change Ib89eca5014729f6a2103e14c6f46540d1406a5a0)
to reliably abort system suspend by calling qdf system awake
api during psoc idle restart is already present so pm_freezing
check is no longer needed.
Change-Id: Ifb56a2a9858378508ef9e583bdd15e63c26d9ba6
CRs-Fixed: 2587453
Currently, the hdd_update_connect_params_fils_info() function blindly
trusts the size and copies into the fils_info->r_rk buffer, putting it
at risk of buffer overflow. Add a check to make sure the buffer passed
in to be copied to fils_info->r_rk is of the proper length.
Change-Id: I9ad2405ca1acd83591bea2aa43406909ad1c58e4
CRs-Fixed: 2580776
For cdp_hl_fc_set_td_limit() API, use channel frequency instead of
channel number.
Change-Id: Ic053be33ac7c7cbd2543b0208a1184b3f20a4346
CRs-fixed: 2565734
When host sends ft assoc response to supplicant, it
allocates a buffer of fixed size and copies a variable
length of assoc response IEs to this fixed sized buffer.
There is a possibility of OOB write to the allocated buffer
if the assoc response IEs length is greater than the
allocated buffer size.
To avoid above issue validate the assoc response IEs length
with the allocated buffer size before data copy to the buffer.
Change-ID: Ife9c2071a8cc4a2918b9f349f4024478f94b2d78
CRs-Fixed: 2575144
Fix compile issues when some features are disabled, the features are:
BUILD_DEBUG_VERSION
CONFIG_CP_STATS
CONFIG_HOST_OPCLASS
CONFIG_FEATURE_ROAM_DEBUG
There are some other features depends on each other, so enabled features to
qcs40x.snoc.perf_defconfig, the features are:
CONFIG_WLAN_FEATURE_FILS
CONFIG_WMI_ROAM_SUPPORT
CONFIG_WMI_STA_SUPPORT
CONFIG_REG_CLIENT
CONFIG_WLAN_FEATURE_DP_BUS_BANDWIDTH
CONFIG_WMI_CONCURRENCY_SUPPORT
CONFIG_LL_DP_SUPPORT
Change-Id: I6fa1eacb79576a955e593dbb9ac52083742275e3
CRs-Fixed: 2354496
Firmware peer state needs to be set to AUTHORIZE only after
completing the 4 way handshake. In failure scenario,
host configured AUTHORIZE state before 4 way handshake and
it triggered assert in the firmware.
Peer state moved to connection in progress/CONN after successful
association and AUTH state after successful 4way handshake.
Change-Id: I5e3d94843443d0fc2612a918b5c14479f91914d8
CRs-Fixed: 2580929
With Vdev delete not using serialization, no need to disconnect
any STA with connection in progress.
The logic was added to remove the active connect command from
serialization queue so that vdev delete can complete before hdd
time out.
Now as vdev delete is not using the serialization remove this.
Change-Id: Id8c5ab31e54c8cf26999aff58c0773213f0cb13a
CRs-Fixed: 2585753
Update driver to check SAP client acceptance as per MAC ACL policy
to control association.
Change-Id: Id6888b87393e79e2f86a7d5b1132c4a897179a23
CRs-fixed: 2583874
Add credit tracking for HL Data Path in DPTRACE.
Also update proto_bitmap to dynamically enable/disable
credit tracking.
Change-Id: Idd9216b634586f3a81c2194ea4bd2122a472154a
CRs-Fixed: 2574053
Currently, default MGMT retry limit is 4 which means 4
transmissions are supported for any management frame.
In noisy environment, Chances to get connection failure
are higher with 4 retransmissions.
Fix is to add INI support mgmt_retry_max to make
CFG_MGMT_RETRY_MAX configurable. Default value for
CFG_MGMT_RETRY_MAX is 15 to reduce the chances of connection
failure in noisy environment.
Change-Id: Id50cb68813fba517a8a1580a3d6662c73b0a381e
CRs-Fixed: 2575385
When NUD FAILED event is sent by kernel, driver checks if this event
needs to be honored or not. If there is any active traffic, driver
will not honor NUD FAILED event and won't issue disconnect.
Currently, when NUD FAILED event is not honored, driver NUD state is
updated to NUD_NONE. This won't allow the further NUD FAILED event
processing in driver if received without NUD PROBE/NUD INCOMPLETE.
Reset the driver NUD state machine when NUD FAILED event
is not honored and restart NUD tracking.
Change-Id: I46826fdf60fc2f3543567c09ddc8574f119efd38
CRs-Fixed: 2583096
While processing BEACON_REPORTING_ACTIVE_REPORTING vendor command
on a particular STA (say its vdevid == 0), If scan started on any
interfaces (for example, on same STA (with vdev id == 0) or P2P
(with vdev id == 1) or on second STA (with vdev id == 1) of
STA + STA), Host should send a pause indication to upper layer only
for the vdev id(s) (here vdev id == 0) on which host processing
BEACON_REPORTING vendor command comes from user space.
Add sanity check to make sure that HOST should send pause
indication to upper layer only for vdev of STA for which host
processing BEACON_REPORTING vendor command at the moment.
Change-Id: I5ed5dc42e4dded2a803349d75234b84d3aa7f314
CRs-Fixed: 2582389
Supplicant delivers the HANG event via HIDL for STA
and via a legacy socket interface for SAP standalone case.
As per current supplicant implementation, wdev_id only matters
when the HANG event gets processed via HIDL.
Currently, for STA interface, host sends wdev as NULL to
cfg80211_vendor_event_alloc, this allows userspace to
process nl_cmd for QCA_NL80211_VENDOR_SUBCMD_HANG_REASON_INDEX
event with the 1st interface which is p2p in supplicant instead
of WLAN interface.
Set wdev with the proper value for STA interface to avoid processing
nl_cmd with P2P interface by userspace.
Change-Id: If3c1b2e11daf682a6ef535014738f4b2a2b5d009
CRs-Fixed: 2580359
Currently the driver caches the command which comes
for PS enable/disable and if the user disables the
command the API sme_ps_enable_disable cannot go
forward to enable/disable the command because
of the check for last user command cache to be disabled
or not.
Fix is to cache the command after the disable has
been sent to FW to avoid the scenario where the command
is not sent by host as the check to send the command failed.
Change-Id: Ibff459fa03aceaf6963735d22d30c54a488751f4
CRs-Fixed: 2582410
Currently the acs in progress is not set to 0 when
acs policy is 1 and the control returns the best channel
in do acs itself, hence it can lead to many unexpected
behaviour if set to 1 and acs is complete.
For example one case sceanrio is that the driver
returned from do acs without clearing the acs
in progress flag, and then stop adapter comes to
the driver for the same interface, the driver
would check that if acs in progress is tru then
it would wait for 3 seconds for it to complete.
Now since there is no complete to be there as
ACS had already been completed, there would be
an unnecessary delay for 3 seconds to shutdown
SAP which would cause latency.
Fix is to set the acs in progress as 0 when the overide
happens.
Change-Id: I03a80c4d4eeeb41f21e95e37bfbeb94e7ebee51e
CRs-Fixed: 2582703
Due to upgrade to kernel 5.4, struct pm_qos_request fields have changed,
causing compilation issues. Featurizing PM QoS so it is only enabled
for 4.19 kernel.
Change-Id: Ide2a3eb4b2bc970c6469efe8621bec55e50ecbd8
CRs-Fixed: 2580165
In SME layer, boundary check for dscp_to_up_map array is not present.
The dscpmapping is an array of 0x40 elements. Values in dscp_exceptions
are used to index dscpmapping. The indices are not validated to be less
than 0x40. The dscp_exceptions array is received from association
response frame. A malicious AP can send values up to 0xff, causing OOB
write of dscpmapping array.
Hence, max index check is added to avoid OOB write of dscpmapping array.
Change-Id: I73526849677e867673fc0bd0024ed2b003e4f89e
CRs-Fixed: 2569764
Fill HE capability and supported chan width in 6ghz
and remove VHT and HT support from the 6ghz channels
in wiphy structure.
Change-Id: Ibb1fbeca9bb7dc20b8545bc9f2b470cd7bef9fb2
CRs-Fixed: 2575744
Currently in the driver, the NSS reported to the userspace in case of
max rate reporting doesn't take into account if the hardware mode is DBS
or not. This causes the NSS to remain 2 even if the connection has
changed to 1x1.
Add a check if the current mode is DBS or not and update the NSS
accordingly.
Change-Id: I66ea830c7c6483c7ce957e1276b4ac5a535b17df
CRs-Fixed: 2579182
For SAP/P2P GO on 5G, when receive cmd to disable 5G band when
modem n79 band used, will move to 2G band via CSA.
1. If no active connection on 2G, select ch by safe list, or
channel 6.
2. If there is STA on 2G, force scc with it.
3. If there is SAP/GO on 2G, force scc with it.
4. Handle one race condition that if candidate is already
selected & FW has gone ahead with roaming or about to go ahead
when set_band comes, it will be complicated for FW to stop the
current roaming. Instead, host will check roam sync to make sure
the new AP is on 2G, or disconnect the AP.
5. If 2 SAP on 5G, move both to 2G and keep scc.
When Set band to enable 5G band again, restored all 5G SAP/Go..
Change-Id: I9b2b1ead3b4502022aeefc08359037457bb051f9
CRs-Fixed: 2580204
As per SS’s WIPS requirements, if Host receives beacon recv start
command while processing scan request, HOST should not process
beacon reporting start cmd.
Next start command should get allow only after completion of scan.
After scan completion, supplicant should send a fresh start command
to start BEACON_REPORTING again.
Change-Id: I8b64665b6d019cfab76eefba4f7b11fa7dd2782e
CRs-Fixed: 2578642
In FTM and monitor test modes cfg80211 suspend op is not allowed.
If OS tries to do frequent suspend in FTM or monitor mode it can
lead to excessive console logging and hence to avoid excessive
console logging and its side effects rate limit the console
logging for FTM and monitor test modes.
Change-Id: I8d51db21f861f038f0538865f4c0634efd983f8c
CRs-Fixed: 2580927
On some platforms with TQM, target don't know packet number of
successfully transmitted after more than one retransmission attempt,
and after TQM retry, host data path will be notified.
Adjust tx retries stats number from data path, and indicate to upper
layer when query by wlan_hdd_cfg80211_get_station() on these platforms,
other platforms keep tx retries from wmi vdev stats.
Change-Id: Ie4b9a9f3b9241a59452e3f21f68757f3638b1a19
CRs-Fixed: 2574368
For hdd_hostapd_channel_allow_suspend() and hdd_hostapd_
channel_prevent_suspend() APIs, use channel frequency
instead of channel number.
Change-Id: I05a3e60918f1b40d2cbfbdb78038540fc4a87184
CRs-fixed: 2565731
