For NCHO disable, clear static and dynamic channels from roam scan
list in driver and firmware.
Change-Id: I24bca4dfb34895b4e86455dea40764af163544f1
CRs-Fixed: 2605299
Currently cdp ops are given pdev/vdev/peer
handle as its arguments, which is directly
accessed in those APIs. This can cause a
race-condition in access of the respective
handles if it has been deleted in parallel.
Hence as a part of cdp convergence, pass only
the pdev_id or vdev_id or peer mac address,
which will be used to get the respective handles,
and hence avoiding the unwanted access of the
handles if it has been deleted.
Also remove the ops which are used to store
and retrieve such handles, that no more needed.
- register_peer
- clear_peer
- change_peer_state
- peer_get_ref_by_addr
- peer_release_ref
- peer_state_update
- get_vdev_by_sta_id
- register_ocb_peer
- get_peer_state
- get_vdev_for_peer
- update_ibss_add_peer_num_of_vdev
- remove_peers_for_vdev
- remove_peers_for_vdev_no_lock
- copy_mac_addr_raw
- add_last_real_peer
- is_vdev_restore_last_peer
- update_last_real_peer
- peer_detach_force_delete
Change-Id: I5134ca882f5fcf0e5941317e48712717eddb58fe
CRs-Fixed: 2541708
When CONFIG_WLAN_FEATURE_11W is disabled, compilation of lahaina still fails
in a few areas. Even though CONFIG_WLAN_FEATURE_11W should be always be
enabled now, add appropriate fixes for the compilation issues in the event
that CONFIG_WLAN_FEATURE_11W is disabled.
Change-Id: I1743678df6b66a63160795374de7969f313f55d9
CRs-Fixed: 2601362
Always use ECSA for STA/SAP channel switch between 6GHz band and
other 2Ghz or 5Ghz band since operating class is required to identify
an unique channel together with channel number in IE.
Change channel switch APIs to use frequency.
Change-Id: Ie655ae88b5223a3213146cb2684a70f91cdd5b04
CRs-Fixed: 2600136
In radio measurement beacon report frame, The BSSID field
indicates the BSSID of the BSS(s) for which a beacon report is
requested. When requesting beacon reports for all BSSs on the
channel, the BSSID field contains the wildcard BSSID; otherwise
the BSSID field contains a specific BSSID for a single BSS.
If BSSID is wildcard BSSID, bssid num should be 0 when use fill
scan result filter, or filtered scan result is always empty
since wildcard BSSID can't match any normal bssid.
Change-Id: Ia172ac8160d0c38ce4c875fc29458c6c8f26c804
CRs-Fixed: 2599634
In roaming path, while processing roam synch indication info/err
prints at the driver adds up latency to the total roaming
transition time and the KPI for maximum transition time exceeds
the expected 100ms. The printk buffer is protected by a global
raw spinlock for readers and writers. This restricts the contexts that
are allowed to access the buffer. So large latencies exists when
printing to kmsg done with QDF trace levels WARN, INFO, ERROR.
Change the redundant/less significant info, error, warn level
prints in roaming path to debug level.
Change-Id: I8e2a03ddef8f3cd680263939f6e0275b8703e681
CRs-Fixed: 2597624
CRYPTO_SET_KEY_CONVERGED is a temporary flag which is used for
converged crypto component transition. The transition has already
been done, so cleanup legacy code related to the flag in SME layer.
Change-Id: Iff9ba19887caaa39f43cb58d519a14cf6e759d59
CRs-fixed: 2593523
WLAN_CONV_CRYPTO_IE_SUPPORT is a temporary flag which is used for
converged crypto component transition. The transition has already
been done, so cleanup legacy code related to the flag.
Change-Id: Ide9fa97a9eb0b5c197c762205f386651efc51e33
CRs-fixed: 2592096
The host driver sends WMI_ROAM_PER_CONFIG_CMDID command after
WMI_ROAM_SCAN_MODE as part of RSO start/update. But the
expectation from firmware is that host should send this after
WMI_VDEV_PARAM_ROAM_FW_OFFLOAD but before WMI_ROAM_SCAN_MODE.
Also the WMI_VDEV_PARAM_ROAM_FW_OFFLOAD is sent after set key
response from csr->lim->wma->wmi. But the
WMI_ROAM_PER_CONFIG_CMDID is directly posted wma (csr->wma->wmi)
which can cause this command to go before the
WMI_VDEV_PARAM_ROAM_FW_OFFLOAD is sent to firmware.
One more instance where the WMI_ROAM_PER_CONFIG_CMDID can go
before vdev roam fw offload init is if the userspace sends
blacklist update command before offload init happens.
So route the WMI_ROAM_PER_CONFIG_CMDID via lim before posting
it to wma and add changes in rso update config to block the
blacklist command being sent in ROAM_DEINIT state.
Also Call csr_roam_offload_per_scan before csr_roam_send_rso_cmd
in csr_roam_offload_scan to send WMI_ROAM_PER_CONFIG_CMDID before
WMI_ROAM_SCAN_MODE.
Change-Id: I2600cfeafcc3e3ebfac6694c1f2cdb5df0366411
CRs-Fixed: 2596257
Modify sme_enable_sta_ps_check() to take power save mode
parameter as new argument.During certification WMMAC test
cases failed due to recent change of saving user power save
configuration. The uapsd auto trigger cmd could not be send
due to user power save configuration.
Apply the user power save configuration in conjunction with
power save mode.
Change-Id: I79bdfc3f4d168df23415bfb3418913de7a45886a
CRs-Fixed: 2592560
Scenario:-
1. Turn on SAP and STA on 2.4ghz and 5ghz
2. Turn off SAP
3. Turn off STA
4. Turn on SAP on 2.4ghz
Issue:-
In the start ap function, the driver calls
the stop opportunistic timer and calls the handler
to goto SMM mode.
After this, the SAP checks whether it requires the
DBS or not and then requests for DBS also, but since
the driver is already in DBS mode this command gets
rejected, so there would be 2 commands in the serialization
queue which would be SMM and start AP, which would lead to
a crash as SMM is sent before a connection on 2.4ghz as
Hastings is not capable to start a vdev in 2.4ghz without
DBS mode.
Fix:-
1.Not allow SMM if the current connection requires DBS
2. Check the HW capabilty in the active command only and
not before that to protect the reliability of hw mode.
Change-Id: I1c0c05ea05ba14d1556af2612daa3de2ffcba367
CRs-Fixed: 2587508
If gDot11Mode=1 is set to INI, DUT STA will be failed to
connect to 5G AP due to "unknown phymode" included in
vdev start.
Correct the driver to use freq API to identify 5G band
BSS instead of channel API.
And the change forces 11ax mode for 6ghz bss.
Change-Id: I692fa744756490e7125ccd5fd82c15febc19ce68
CRs-Fixed: 2594048
When roaming to whitelist SSID, firmware offloads
EAPOL 4-way HS to supplicant. Suppose initially if DUT connects
to SSID1 and then firmware roams to SSID2 then 4-way HS should be
offloaded to supplicant as the firmware doesn't posses the
pre-shared key. When roaming happens between same SSID, then
firmware has PSK and 4-way handshake is taken care by firmware.
But due to issue in roaming code, 4-way HS is offloaded to supplicant
even if roam happens between same SSID. Issue is for ROAM_RSO_STARTED
state in csr_roam_switch_to_rso_start API, there is no handling to send
RSO update if Roaming is already started, due to which
csr_roam_offload_scan is not invoked.
Second issue in roaming code is that RSO is not enabled with the
new SSID2 in firmware. RSO is not enabled as after set key
complete the state of roaming state was not set to
eCSR_NEIGHBOR_ROAM_STATE_INIT. Due to this the SSID in
firmware is still SSID1 and when firmware tries to roam again
to SSID2 it offloads 4-way HS to supplicant instead of handling
within firmware only.
Fix is to update the roam state from eCSR_NEIGHBOR_ROAM_STATE_CONNECTED
to eCSR_NEIGHBOR_ROAM_STATE_INIT in csr_process_roam_sync_callback after
roam synch propagation and also handle ROAM_RSO_STARTED state with
roam_command ROAM_SCAN_OFFLOAD_UPDATE_CFG instead of returing success from
csr_roam_switch_to_rso_start API. Now when supplicant does set key after
4-way HS, roaming is enabled via csr_roam_chk_lnk_set_ctx_rsp->
csr_roam_link_up->csr_neighbor_roam_indicate_connect->
csr_neighbor_roam_info_ctx_init->csr_post_roam_state_change.
Change-Id: I5b81f2e03fe1c7dee2820370d06f4e4f8017f12c
CRs-Fixed: 2587120
After removing alarms, suspend failures are still seen saying that
linux is failing to freeze tasks. This is because there is an error
log message that indicates that at the time of suspend, there was no
active wlan vdev since the DUT is also in airplane mode. Thus, change
the log message level from error to debug.
Change-Id: I7ef0f0d9cf6eab26e53f62a176fc771e862b8ccd
CRs-Fixed: 2594922
Use frequency as parameter for channel overlap handling
APIs - csr_check_concurrent_channel_overlap,
csr_calc_chb_for_sap_phymode, csr_get_ch_from_ht_profile,
csr_handle_conc_chnl_overlap_for_sap_go.
Change-Id: Ie3c9d466f21d7313998328432c063b1f6c7e5d0f
CRs-Fixed: 2577706
Force STA connection in VHT mode if AP HE adveritised rates
does not match with STA supported HE rates
Change-Id: Ia691a66ad4a2d2d2d59e07d07104e6771c6e4a84
CRs-Fixed: 2580041
The connected profile in csr_roam_session is filled after join
success with an AP in csr_roam_process_join_res(). The connected
profile information also has the country code advertised by the
AP over its beacon in the Country Element (EID 7). When STA
roams from AP1 having country IE to AP1 which doesn't have
country IE, the driver checks if the country IE is present in
the AP2 beacon IEs. If the country code is present, new value is
copied, else the older country code value is not cleared.
This results in beacon report failure when roamed to AP2 due
to country code and op class mismatch.
Clear the country code in connected profile before checking if the
country code IE is present.
Change-Id: I503f9761ff33fb245a25b23893360389d7a0b258
CRs-Fixed: 2590117
Currently use of comamnd QCA_NL80211_VENDOR_SUBCMD_OEM_DATA
is to pass data blobs from Application to FW but there is
no mechanism to send the data blobs from FW to Application.
To meet the above requirement update the usage of existing
OEM DATA command to use it as a vendor event as well to
send data blob from host to Application.
Change-Id: I502312f25d2754984b86e1cc4e011800a5d4b58a
CRs-Fixed: 2573464
The host driver checks the peer PMF capability
before adding MBO IE. But for open authentication
AP, the peer will not advertise PMF capability.
So while connecting to open mode AP, the MBO IE
doesn't get added in the association request frames.
Check if the authentication algorithm is open.
If the authentication algorithm is open don't
check for peer pmf capability to add MBO IE.
Change-Id: Ieae85ce696a40234535388a548906dc9521b19a0
CRs-Fixed: 2584527
In 11D scan procedure if WMI_11D_NEW_COUNTRY_EVENTID event is
received, host processes 11d new country code event.
Host driver as a response sends WMI_SCAN_CHAN_LIST_CMDID
new channel list cmd to firmware.
As a result the ongoing scan procedure is aborted by firmware,
and if the scan was a first scan for connection, then it would
lead to connection latency as the supplicant then have to
scan again.
Fix is to check if any scan is in progress, then delay
WMI_SCAN_CHAN_LIST_CMDID channel list command to FW till
the current scan is complete.
Change-Id: I4e747bb747c32430b5d8024823aa0df4928a8c71
CRs-Fixed: 2569741
Remove wlan_reg_freq_to_chan within function
csr_update_op_class_array and use channel frequencies
directly to retrieve opclass.
To utilize the new channel frequency function,
regional opclass table will be used unconditionally,
given no OTA packets' country IEs will be populated
here(and thus no need to carry global opclass).
Change-Id: Ida9831e7e74223455089770744222185ae3cb1d3
CRs-Fixed: 2576285
While processing BEACON_REPORTING_ACTIVE_REPORTING vendor command
on a particular STA (say its vdevid == 0), If scan started on any
interfaces (for example, on same STA (with vdev id == 0) or P2P
(with vdev id == 1) or on second STA (with vdev id == 1) of
STA + STA), Host should send a pause indication to upper layer only
for the vdev id(s) (here vdev id == 0) on which host processing
BEACON_REPORTING vendor command comes from user space.
Add sanity check to make sure that HOST should send pause
indication to upper layer only for vdev of STA for which host
processing BEACON_REPORTING vendor command at the moment.
Change-Id: I5ed5dc42e4dded2a803349d75234b84d3aa7f314
CRs-Fixed: 2582389
In 6GHz BSS, the VHT and HT IE are not present and only
HE IE is present. Driver needs to update ch_width to peer
struct based on HE IE if vht and HT is not supported.
Change-Id: Ib48dc63f972cfc040b40c3dbf53a4c46f9e95eee
CRs-Fixed: 2583249
If hardware mode change is required during roaming, then
the roam command to disassoc from the current ap remains in the
active queue until SME receives hw_mode_res. Due to which the
SME requests for hardware mode switch and nss update are not
able to get queued into the active queue. Hence LFR2.0 roaming
fails to proceed after disassoc completion.
Removed the completed roam command from active queue.
Change-Id: I5f244ddba88cbb8af3a34e6f78b9b664ca009666
CRs-Fixed: 2576362
In SME layer, boundary check for dscp_to_up_map array is not present.
The dscpmapping is an array of 0x40 elements. Values in dscp_exceptions
are used to index dscpmapping. The indices are not validated to be less
than 0x40. The dscp_exceptions array is received from association
response frame. A malicious AP can send values up to 0xff, causing OOB
write of dscpmapping array.
Hence, max index check is added to avoid OOB write of dscpmapping array.
Change-Id: I73526849677e867673fc0bd0024ed2b003e4f89e
CRs-Fixed: 2569764
Suppose, STA first connected to AP0 then connected to AP1.
After connection HOST sends current op channel to fw as roam
scan channel map only if the current(AP1) and previous AP(AP0)
profile does not match.
Now a disconnect indication comes to STA from AP1. While processing
deauth with currently associated AP (AP1) host first deletes its
previous connection profile(AP0) and then save the current AP profile
(AP1) as prev profile and complete disconnection with AP1.
At this point of time, STA successfully disconnected with AP1 and
has info about AP1 as a previous profile.
Now STA initiates a fresh connection with AP2 and successfully
connected. In case if the profile of AP1 and AP2 match, host does not
send the current home channel to fw after connection with AP2. This
results in the unavailability of the current home channel in fw scan
channel list and FW fails to find any AP available on current
operating channels in the partial scan.
Irrespective of capabilities of current and previously associated
APs, Host should send current home channel to FW after initial
connection as well as while roaming. FW has logic to append its
channel list with a list coming from host. So send current AP
channel to firmware all the time.
Change-Id: I7942b98116c651e6b53f1134fd6cc85bc80b5354
CRs-Fixed: 2561340
Currently if roaming is offloaded to target, and it is a ESE capable
association, but 11r capable is not available, the Tspec configure
before roaming can't handover to new AP in host, but target has
reassociated with new AP include Tspec configure, and if want to
delete Tspec after roaming it fails to find it in lim in host.
Fix it by also enable ftHandoffInProgress flag if hit such case
Change-Id: Ie242d3c2e137c31bc5f213ea1756846f18b860ae
CRs-Fixed: 2566015
If the entry of ch power info is not locked, free after use may be
happened. For example, csr_save_to_channel_power2_g_5_g does
csr_purge_channel_power, while csr_save_tx_power_to_cfg is called
in another thread and it calls csr_ll_peek_head then does some
operation on the entry.
Change-Id: If6cc4d8e0072e97288b60d3c72499b79c0a2bf67
CRs-Fixed: 2580147
For SAP/P2P GO on 5G, when receive cmd to disable 5G band when
modem n79 band used, will move to 2G band via CSA.
1. If no active connection on 2G, select ch by safe list, or
channel 6.
2. If there is STA on 2G, force scc with it.
3. If there is SAP/GO on 2G, force scc with it.
4. Handle one race condition that if candidate is already
selected & FW has gone ahead with roaming or about to go ahead
when set_band comes, it will be complicated for FW to stop the
current roaming. Instead, host will check roam sync to make sure
the new AP is on 2G, or disconnect the AP.
5. If 2 SAP on 5G, move both to 2G and keep scc.
When Set band to enable 5G band again, restored all 5G SAP/Go..
Change-Id: I9b2b1ead3b4502022aeefc08359037457bb051f9
CRs-Fixed: 2580204
Cleanup peer id from the callers of cdp APIs from
where the peer ID was passed, and use mac address
instead to identify the STA.
Change-Id: Ie6dcae77e959439a71c11b1a2fa0daddcaa6e719
CRs-Fixed: 2529822
Use channel frequency directly in function csr_get_dot11_mode() and
csr_neighbor_roam_preauth_rsp_handler().
Change-Id: I2dac911fac1d1c154a3d0f5465cfef3d85e81b85
CRs-Fixed: 2568346
In the present implementation, it is observed that "SETROAMSCANCONTROL 0"
command is not clearing STATIC channels in the firmware for ROAM scan list.
So to clear STATIC channels configured for ROAM scan and set dynamically
added ROAM scan channels host sends two RSO commands to Firmware.
In the first RSO command STATIC channel list is cleared and second RSO
command will add dynamically added ROAM scan channels to ROAM scan list
in firmware.
Change-Id: Ic359326032c5776540c773a51d7531c0cfcd7bdc
CRs-Fixed: 2571119
Currently the monitor mode does not check the chan
validity and BW validity before starting the monitor
mode vdev which could result in invalid configuration
given to FW and thus further can lead to assert.
Eg. If the command comes for an invalid channel, or
suppose 160 MHZ and the device supports 80 MHZ only
then it can lead to assert.
Fix is to verify the channel and BW info and reject
the command if found invalid.
Change-Id: Iaf9f06f8d4b943bd1e8db5c22ea155a4fe3e61a8
CRs-Fixed: 2572152
PMF info isn't filled in scan filter when find AP in scan
cache to build LFR3 channel map.
Change-Id: Ibacf0ee6534298415f97fc42e5223b7d85f203e0
CRs-Fixed: 2571777
In case of disconnect from peer or HB failure the connected profile,
roam info etc are not freed. So connected BSSID is still present in
sme session.
Now in STA+STA case if the vdev0 STA connect to a BSSID say AP1 and
then disconnect due to HB failure. Now if the 2nd vdev1 STA connect to
AP1 and again disconnect due to HB failure, in
csr_roam_chk_lnk_deauth_ind it will try to find the session using
BSSID, but as vdev0 BSSID is not yet deleted it will get the vdev0
vdev id and continue the process on the wrong BSSID.
This result in actual CSR session in connected state for the vdev1
but all other layer in disconnected state.
Now if a connect request is received on vdev1 again, as CSR is
connected state it lead to reassoc req to LIM and lead to out of
sync issues.
To fix this free connected profile, roam info etc during peer
initiated disconnects. Also ignore the BSSID if a vdev is already
connected to it.
Change-Id: I0f862259dc297217c7b9ecd5d1521a8ded2aadc3
CRs-Fixed: 2577795
Clear wlan_reg_freq_to_chan in is_dfs_unsafe_extra_band_chan,
refine unsafe_channel_list for hdd_context to store frequency.
Change-Id: I48a75e053228b202122633a32e750f446f839ea3
CRs-Fixed: 2574028
There is a race condition while handling the below scenario,
1. NAN enable request is received from framework.
2. Policy mgr opportunistic timer expired and set hw mode
initiated to Single MAC mode in scheduler thread at
the same time
As the opportunistic timer handler doesn't have any info if
NAN enable initiated in DBS mode, it's configuring the hw
mode to Single Mac Mode just before NAN enable request is sent
to firmware. So the NAN enable request is sent to firmware in
Single Mac Mode which is not allowed by firmware.
NAN enable/disable is also similar to connection in progress
status in case of STA. So provide NAN enable/disable status
through hdd_is_connection_in_progress() to the opportunistic
timer handler. Opportunistic timer handler restarts the timer as
connection(NAN enable/disable) is in progress.
Also set hw_mode_change_in_progress before checking the
connection progress status. This is to avoid a possible race in
the below scenario,
1. NAN-enable sets the state but scheduler thread had read the
state just before that
2. NAN-enable read the hw_mode_change_in_progress just
before it gets set by scheduler thread.
Change-Id: I1a184c84520deb3f6ad1ec010a0fdefda96a5364
CRs-Fixed: 2566841
Remove logs in csr_nonscan_active_ll_peek_head to prevent
excessive logging while testing CVE-2017-0624
Change-Id: Ie5ab57d36fc05a3eac0d4fdba33a72b11eb7c561
CRs-Fixed: 2573914
1) Change the following functions to make them use channel
frequencies intead of channel IDs:
csr_process_roam_sync_callback
csr_save_to_channel_power2_g_5_g
csr_save_tx_power_to_cfg
2) Remove some local variable and code within function
csr_save_tx_power_to_cfg as they're not used.
3) Retain the code for channel ID utilization within
csr_get_channel_power_info as they're used to
indicate diag info to upper layer apps.
Change-Id: Ib294fd04f770c008afaa0049fb1951aa912caf34
CRs-Fixed: 2573403
There are two path in code to deauth a associated STA in SAP mode:
1. Deauth issued from user space
2. Deauth issued from peer
Rectified the check for ongoing deauth before queuing for another.
Change-Id: Ib3f45968c770b1df25c77aed9fd1e3bc8edd6e72
CRs-Fixed: 2567087
The ANI level determines how well the device is coping with interference
in the wireless environment. Add support in the driver to query the ANI
level from the firmware and populate it for userspace entities to use.
Change-Id: I54934f670aa11737e11eca4d64e12f9dffb4f430
CRs-Fixed: 2554674
