When CSA is received from the firmware, dot11_mode is copied
from received message . In response to the CSA message, the host
invokes wma_vdev_start with isRestart flag set to restart the
vdev with the new updated channel, and channel params.
The dot11_mode value is copied from the CSA which will not be a
problem unless the switching channel is on the same band or on
different band as long as its HT/VHT 2.4GHZ to HT/VHT 5GHZ bands
or vice-versa. When the channel switch occurs from a 11a to 11g
band or vice-versa, wrong dot11_mode is populated without being
updated for the new band. As the phy_mode is calculated from the
dot11_mode value, phy_mode check fails in wma_vdev_start in this
case. So the host doesn't send vdev_restart.
Populate the dot11_mode correctly and pass it to lower layers
upon updation. This will ensure correct phy_mode is calculated
and vdev_restart is sent.
Change-Id: Iaf8788d51b47190c04744b8981dd594236fbae57
CRs-Fixed: 2248980
Currently, in ol_txrx_is_peer_eligible_for_deletion(), invalid
dereferencing of peer_id_to_obj_map[0xFFFF] to get peer_ref while
processing VDEV stop response handler may occur.
Revert the changes introduced by
Change-Id: Icf252612081a41f94db6df4684348f2962b2da9d and
Change-Id: I743e2e2c83c3e07e5d5ec4fde7fc3b098766ca96
Change-Id: I7aa104f69a5665f0e08314fb0a273e077f562939
CRs-Fixed: 2261088
Before wow enable or pdev suspend host sets hardware filter bitmap
and enables the filter via a command. But after resuming it sends
bitmap as zero with filter disable. This is interpreted by Firmware
as disable the modes set in the bitmap, so none of the modes are
disabled. With this host will not receive bc/mc packets after
disabling the hw filter, which it is expecting.
Send the same bitmap after resume that was used before suspend.
Change-Id: Ic7425274c9197e907404c3ca9ba0d5269ee51690
CRs-Fixed: 2194964
Some times HTT response for suspend IPA pipes from FW host arrives
after vdev has been cleaned up at FW. After receiving FW HTT IPA
pipe suspend response HOST processes pending events. For event AP
DISCONNECT HOST sends IPA offload disable command to FW with vdev
id that has been deleted at FW. As a result FW asserts.
In this change before processing IPA WLAN pending events validate the
session. If session exists then only process the events.
Change-Id: I464a91c3a85e6002297d9ade2fbd45b45a2a4d51
CRs-Fixed: 2261111
In implementation of Android Packet Filter, functions, variables,
definitions are named after BPF, which stands for Berkely Packet
Filter. The term was more appropriate for Link Layer packet
filters implemented in the Linux kernel, known as Linux Socket
Filters.
The term BPF is obsolete now, so rename it with the
appropriate acronym, APF.
Change-Id: I9e02edbc580ffb2c559c8e864f54d255fc2d51a3
CRs-Fixed: 2191530
File wlan_hdd_cfg80211.c is bloated and adding support for
upcoming Android Packet Filter v3 is going to increase its
size even more.
Create a new source file for APF related HDD modules and a
header file for declaring the API's.
Change-Id: I2fb3d7e017f4befbad7aacab3575ae2b48e88a45
CRs-Fixed: 2189825
Currently the NL MSG handlers for WLAN_NL_MSG_OEM and
WLAN_NL_MSG_SPECTRAL_SCAN are not deregistered during hdd_wlan_exit which
can causes a page fault if NL issues cld80211_doit for these NL messages
when the WLAN is not up.
Add Deregister APIs for all the NL MSGs to call as part of
hdd_exit_netlink_services during hdd_wlan_exit.
Change-Id: I5811dcfc79eff4ea7281de5f7591e078c572e69c
CRs-Fixed: 2232902
PMO should not know about vdev data path handle, but
pmo_unpause_all_vdev() need it, so register a wma callback to retrieve
the vdev dp handle instead of keep a copy in pmo vdev private context.
Refine current code to retrieve vdev dp handle using a wma callback
Change-Id: I1f668fff633a5e5cdfc478e7f619e9600930b333
CRs-Fixed: 2227384
In __iw_set_packet_filter_params(), a user controlled length value,
priv_data.length, is used to allocated a buffer. This buffer is then
cast to a struct pointer of struct pkt_filter_cfg type without ensuring
the buffer is of proper length.
Add a sanity check on priv_data.length to ensure that the command being
issued has proper parameters.
Change-Id: Ia871e35ef938ca889fb6b1609a0c881d76f29e4b
CRs-Fixed: 2250775
1) Add timer callback function for resuming OS netdev queues once
they have been paused.
2) Add HDD function to register resume timer callback for High Latency
Data Path Flow Control.
HL netdev flow control will re-use some of the
QCA_LL_LEGACY_TX_FLOW_CONTROL functionality, hence some parts of the
legacy flow control code have been conditionally enabled for
QCA_HL_NETDEV_FLOW_CONTROL as well.
Change-Id: I4d4a03ddd5be980ce27fd0771fa9d6dc26138357
CRs-fixed: 2236321
The following memory leak issues of blocked scan requests
need to be addressed:
1. Add list for blocked scan requests
There could be multiple scan requests are blocked before related
callback can be executed. Currently there is only one pointer
for such requests. A list is added accordingly.
2. Cleanup blocked scan request when ifdown
Scheduled work for blocked scan might not be able to be executed
before ifdown. When the work is cancelled, related scan request is
not freed and will caused memory leak.
Call the relate callback when blocked scan work is cancelled to
cleanup the pending scan request.
Change-Id: Ifb5fc1b14a043ad67e4ba1d305ce4133b471188c
CRs-Fixed: 2166111
Fix overrunning callee's array of size 19 by evaluating argument tid
not to pass the maximum number.
Change-Id: I993339f4b9aea51e9566d213c9828825c5f2bf66
CRs-Fixed: 2232744
For txrx_stats command, there are two parameters are designed as
mandatory: 1st is statistics category, 2nd is mac id.
Add default value 0 for those parameters.
CRs-Fixed: 2248034
Change-Id: Ifc667e22bd78a295c3323f2b2e063f2f6ba12e8e
In case the current selected txq group, does not have enough credits,
try to borrow credits from the other txq group.
Change-Id: I86fbe990853d90598f6e09b13f7061e4ba1a78ae
CRs-fixed: 2246206
1) When a group is created i.e. the first vdev is added to it,
assign all the credits to it.
2) When the second group is created, transfer some minimum credits
to it.
3) When a group is deleted, transfer its credits to the other group.
Change-Id: I0c5532033718b250ab0633b4da4e219c0315cac9
CRs-fixed: 2246206
1) Add function: ol_tx_update_grp_frm_count() to maintain count of frames
per group.
2) Call ol_tx_update_grp_frm_count() from ol_tx_enqueue(),
ol_tx_dequeue() and ol_tx_queue_free().
Change-Id: If1b07ea5bbdcbc6ad6d0c91e6b2060c4264b9472
CRs-fixed: 2246206
During wlan unloading, target failure is ignored, no recovery
will happen, refer function ol_target_failure
During wlan unloading, cds_cfg may be freed, can't get
cds_is_self_recovery_enabled state correctly
Change-Id: I321d4029f299ef2eb7a6316faaed90f62e091b4e
CRs-Fixed: 2224058
After CSA, channel is not getting updated in DS params and HT info
IE in BSS descriptor of corresponding session. As a result, channel
in cfg80211 is still old due to which freq getting displayed in UI
is still the older one.
Update channel in DS params and HT info IE in BSS descriptor after CSA.
Change-Id: I4a0f301ccd6155dc459fa1bfa4fbd0c59c04e0f8
CRs-Fixed: 2244619
The API sme_process_msg lacks a break in switch case
after eWNI_SME_SET_DUAL_MAC_CFG_RESP. Due to this
execution falls through to the next case statement or
default.
Fix is to add a break after eWNI_SME_SET_DUAL_MAC_CFG_RESP
Change-Id: I7466dfdc8c8cbe186f61f47371137dca958e1d08
CRs-Fixed: 2233190
In __wlan_hdd_cfg80211_scan(), while copying ie data from
cfg80211_scan_request to local destination buffer, there is no check of
ie_len against maximum possible length of SIR_MAC_MAX_ADD_IE_LENGTH (2048).
This can result in buffer over-flow.
To address this, validate ie_len in cfg80211_scan_request.
Change-Id: I5da837395869704666762fdf57293d9561d3ad83
CRs-Fixed: 2247604
Add per-level logging wrappers to PE module,
which can be compiled in or out by the build
configuration.
Change-Id: Ie8ded666d1bd268a4bbc57091af32aeb5b285eb1
CRs-Fixed: 2260214
There are several logs in PMO that log debugging related information
at the INFO level. Reduce the logging level of these debug logs to
avoid spamming the console.
Change-Id: Ib1bb9279d5d8104104b58bd2c83869f72c0bde4a
CRs-Fixed: 2260190
As per WAPI spec, the akmsuite if of length 4 x akm suite count. This
was changed as part of I63528da4c2dfafa22f2c6fc73afe52727af02b64 and
causes WAPI connection failure due to mismatch in scan results.
Fix the correct length while copying akmsuite from supplicant IEs in
wlan_hdd_cfg80211_set_ie.
Change-Id: Ib0d60e82a3fbaef1a9405200dd03eb7882007fcb
CRs-Fixed: 2258136
Currently driver allows start_bss on SAP interface even when roaming is
in progress on STA interface. This leads to two simultaneous vdev starts
in FW which causes the FW to assert.
Add changes to reject the start_bss request for SAP if roaming is in
progress on any STA interface.
Also, when a connect for STA or start_bss for SAP is received and
roaming is not in progress for any STA interface, stop roaming on all
STA interfaces by sending WMI_ROAM_SCAN_MODE_NONE to FW. Also after
association or start_bss completion, enable roaming again on connected
STA interface.
Change-Id: I3baaffeef3b350e6527660cbac4b79fa4d9f83f0
CRs-Fixed: 2221337
Out of Buffer access may occur in wmi_get_buf_extscan_start_cmd()
function if user provided inputs are different for below parameters
which are assigned in hdd_extscan_start_fill_bucket_channel_spec()
function
1. QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_NUM_CHANNEL_SPECS
2. QCA_WLAN_VENDOR_ATTR_EXTSCAN_CHANNEL_SPEC
To address this issue return failure status if numChannels is not
equal to the total number of channel entries.
Change-Id: I60d74161dc3752bd7f609af3910d7c86a99488ec
CRs-Fixed: 2255189
Presently, wrong channel is passed in ch_in_pcl() as a result of which
PCL discount is applied on wrong channel resulting in wrong ACS weight
calculation.
Pass correct channel in ch_in_pcl().
Change-Id: Id87c0afe501d7217ae6b170656bf6d2fab89b5b7
CRs-Fixed: 2257182
When gvendor_acs_support=1, ch_width provided by hostapd is not getting
copied to sap_cfg. As a result, ch_width is 0 (20Mhz) irrepective of
whatever provided by hostapd causing issues.
Copy ch_width irrespective of gvendor_acs_support value.
Change-Id: I7013eb7ee3610790194916078640d633747de15e
CRs-Fixed: 2247771
This reverts the change I48227166d722496afd2d9dd7aca1ae78d44c8833
because it is refering to the API csr_is_duplicate_bss_description()
which is deprecated and not defined.
Change-Id: I0f133eed437754f20547a1450090df09a6e0f2ba
The function hdd_validate_adapter() can expose kernel address space
with a bad adapter pointer. Fix this by removing unwanted information
from the error print.
Change-Id: I65caab9d710e031992661efdf6f8c72d0c7bf82c
CRs-Fixed: 2235225
WIFI_LOGGER_PACKET_FATE_SUPPORTED bit in logging features
indicates the support to packet fate stats. Set the bit to indicate
the packet fate stats support to user space.
Change-Id: Ie286b3bf994fc75a987a42a329dd159db978ebe6
CRs-Fixed: 2233537
When DUT P2P Go/SAP deauth ref STA, in race condition, scheduler
thread may try to clear peer data and drop pending rx packets
after peer freed in peer unmap handler in soft irq context,
use after free issue will happen.
Error log:
BUG: spinlock bad magic on CPU#1, scheduler_threa/28550
Unable to handle kernel paging request at virtual address
6b6b6b6b6b715b
Stackframe:
do_raw_spin_lock+0x34/0x154
_raw_spin_lock_bh+0x24/0x30
ol_txrx_clear_peer_internal+0x68/0xb0 [wlan]
ol_txrx_clear_peer+0x78/0xa0 [wlan]
hdd_softap_deregister_sta+0xd0/0x200 [wlan]
hdd_hostapd_sap_event_cb+0xca8/0x20b8 [wlan]
Change-Id: Ib8d133528f5ff22125218861206d241f96eaf0da
CRs-Fixed: 2247334
Propagation from cld2.0 to cld3.0.
While connected AP requires DUT to do radio
measurement for itself in passive scan mode,
DUT sends empty beacon report.
In passive scan, sta only listens beacons.
Connected AP beacon is offloaded to firmware, and
Firmware discards it except that special
IE exists in the beacon. Connected AP beacon will
not be sent to host. Hence, timer of connected BSS
is not updated in scan result lists
and cannot meet "scan timer > RRM_scan_timer".
Fix the issue by adding connected
BSS judging condition.
Change-Id: I48227166d722496afd2d9dd7aca1ae78d44c8833
CRs-Fixed: 2239559
Separate out QCA_LL_LEGACY_TX_FLOW_CONTROL
and QCA_LL_TX_FLOW_CONTROL_V2 flow control implementation
in different files to compile out features cleanly.
Change-Id: I5d6ddf9ea61b409b25d242852ed1f0102e94ad88
CRs-Fixed: 2228902
