After roaming the phy mode gets updated by FW via roam_sync event.
Update wma with the value from the roam_sync event.
Change-Id: Ie4b47ad83866f033bcd92781fdb05bd7456180f5
CRs-Fixed: 2477071
With the latest code in the following functions:
wma_add_bss_ap_mode
wma_add_bss_ibss_mode
wma_add_bss_sta_mode
wma_set_channel
hardware mode retrieval becomes unnecessary because
the DBS related config is not checked anymore.
Change-Id: I4fe03dee7148b17a6f2a40208d1cb77013db4c98
CRs-Fixed: 2478160
Add ini support for FIPS 4-way hanshake offload to firmware. FIPS
offload feature will add support to handle LFR 3.0 connection only
(auth/reassoc). If this ini is set then firmware will offload
4-way HS to supplicant. In the Roam sync indication firmware will
inform connected and not authenticated so that supplicant can take
care of 4-way HS.
Change-Id: I3da58910218ffc57094cac4c3cab4572631d9404
CRs-Fixed: 2459182
In P2P GO mode, if the P2P client device is not VHT capable and
only HT capable, but the DUT P2P GO is VHT capable and advertises
2x2 NSS and sends packets with 2x2 rates, it results in interop
issues with HT only capable P2P client devices.
When GO is operating in DBS mode, GO beacons advertise 2x2
capability but include OMN IE to indicate current operating mode
of 1x1. But here peer device is only HT capable and will not
understand OMN IE.
Check if the P2P client device is only HT capable and has
"\x00\x50\xf2\x04". Then downgrade the P2P GO operation to 1x1
nss. Modify rx mcs map value in association response to enable
only mcs 0-7.
Change-Id: I7177c5aee9a560a20c50a63886c0ee77f7d617ae
CRs-Fixed: 2464925
During roam fail, if firmware doesn't have any interface left on
2.4Ghz it moves to SMM from DBS, But doesn't inform to Host, which
assume DUT is in DBS mode and thus can send VDEV start on 2.4Ghz
without switching to DBS mode. This lead to assert in firmware.
To fix this firmware will indicate the new HW mode in ROAM INVOKE
FAIL and HO FAIL during roam. so handle the new HW mode indication
and update the host HW mode from the new HW mode indication. So
that host and firmware remain in sync
Change-Id: I854faea17c8eccf212b4efb9443b297cadca62b0
CRs-Fixed: 2473532
In wma_is_roam_in_progress function, return false if wma pointer
returned from cds_get_context is NULL.
Change-Id: I0a3447f038a45ea93e769142cb5883a3f39c0991
CRs-Fixed: 2475071
In monitor mode even if vdev start fails, vdev up is sent, which
leads to assert.
Fix is to move the vdev state machine to init state on vdev start
failure and not to send vdev up.
Change-Id: I89e6294329ba0541d0d86c5728ce36898a199659
CRs-Fixed: 2475370
Linux coding guidelines don't allow use of camel case identifiers.
So rename selfMacAddr to self_mac_addr to be in compliance.
Change-Id: Id70e00744883f9fd797da8d4bb1cf4f65c8aa9ff
CRs-Fixed: 2463827
Memory pointed by stakeyparams is not made NULL after
freeing in wma_set_stakey. This results in double free
during wma_add_bss_sta.
Change-Id: Ifa24d536e116be60f572d9926a511f9f498e6696
CRs-Fixed: 2463399
Add string for page fault wake up reason such that wake up
reason is logged properly.
Change-Id: I0f7138f730f5b9ca66f1d524d5d1868a99ccd88f
CRs-Fixed: 2471522
Propagation from qcacld2.0 to qcacld3.0.
The WMI CMD and EVENT of "get antenna isolation" are already defined,
but not used before in qcacld3.0.
Now, The host driver uses vendor command to get this information
instead of iwpriv command in qcacld-2.0.
The attribution of this feature is already defined in file
"qca_vendor.h". The name is "QCA_WLAN_VENDOR_ATTR_ANTENNA_ISOLATION".
So host driver will use vendor command
"QCA_NL80211_VENDOR_SUBCMD_GET_HW_CAPABILITY" to get the information
from lower layer.
Change-Id: I915768f622ddc9a70a95ce4fe952f19917a8f901
CRs-Fixed: 2447360
During dynamic request voting(DRV) suspend PCIe link
is in L1SS sleep state such that target can do page
faults without waking up APPS and hence add debug
assert on page fault wake ups if target triggered
a page fault wake up during DRV wow suspend.
Change-Id: I130a9a568b7007366fe582bd2e231c9fca324368
CRs-Fixed: 2467471
Set the max_station config correctly at wma_open instead of using
the default value.
Change-Id: I63cd05462351359fbdcaae03dbdff940817b9bde
CRs-Fixed: 2468829
Cleanup CONFIG_MCL in peer_assoc_params and use common
flags and api to populate peer_flags in wmi peer assoc
command.
Change-Id: Ib06409c89ee519d8139b52158c8c907dc336beca
CRs-Fixed: 2467182
eCsrAuthType is the enum of AKMs to be used during connection.
So the name eCsrAuthType is misleading as akm and auth algo are
different.
Also the Linux Coding Style doesn't allow mixed-case names and
so-called Hungarian notation, so rename the enum eCsrAuthType to
be compliant.
Change-Id: I35e18d1f84babd0ef2928ae9d7258028d4c9b3c5
CRs-Fixed: 2463813
In the memory allocated for del_sta_params, set_link_params and
del_bss_params is not freed if the malloc for add_sta_params
fails. This causes memory leak in wma_roam_update_vdev.
Also in wma_extscan_operations_event_handler, oprn_ind is not
freed in case of failure.
Free the memory allocated for del_sta_params, set_link_params,
del_bss_params, oprn_ind during every return.
Change-Id: I727cc734943a2abcc2cfeca3285af13eb68cfe44
CRs-Fixed: 2464098
Currently in these APIs, driver has a potential mem leak if
the code deviates from the success path:-
1. sme_ap_disable_intra_bss_fwd, param pSapDisableIntraFwd
was not freed in case of mutex acquire gets fail.
2. sme_set_wisa_params, param cds_msg_wisa_params was not freed
in case of mutex cquire fail, and in case of msg failed to
post to scheduler.
3. sme_update_sta_inactivity_timeout, param inactivity_time was
not freed in any case, and has to be freed after use.
4. wma_del_tdls_sta, param peerStateParams needs to be freed
in every failure case, in which the driver sends a del rsp in
error case.
Change-Id: Ibb6061dc399c0f408e7469e91d8084c82786a561
CRs-Fixed: 2466435
Add NULL validaiton check for WMA global context
to avoid possible NULL pointer dereference.
Change-Id: I1cf0bcf574d397eb712ca0e1c39dcf848b9c5328
CRs-Fixed: 2423998
In LFR2 scenario, STA roams to IOT AP with which max nss
capability is advertised because ini configured vendor OUI
and data for max nss is found in AP's beacons or probe
responses. On receiving association response with reduced
nss, nss is not updated as part of add_sta. This is resulting
in incorrect nss to be sent in peer_assoc command.
Fix is to update MCS set so that appropriate nss is sent in
peer_assoc command.
Change-Id: Id137a09f24063c8260c21eda6cd74cbb571b9129
CRs-Fixed: 2464318
Add support for roaming in case the driver
detects a nud failure. The STA then would roam
to another BSSID, else if the roaming gets failed
the STA would remain connected to the same BSSID
as connected before.
Change-Id: Idbc99b0ce2f9cacd97564dd8cf9892120958eda2
CRs-Fixed: 2461675
Link BLM exposed APIs to the following:-
1. csr_get_scan_result:- Link this API with filter bssids in
the reject ap list maintained by the blacklist mgr.
2. lim_assoc_rej_add_to_rssi_based_reject_list:- Link this API
with the the blacklist mgr add bssid to reject list to add the
OCE and BTM related assoc rejects.
3. Userspace avoid list parsing logic for the userspace to set
the BSSID as avoided.
Change-Id: Id51ffb80cea3f845fefe14db25d0f7acda6ea0f3
CRs-Fixed: 2461281
The linux coding style forbids use of typedef unless clearly
some rules are met. The tSirBssDescription doesn't match any of
those criteria, so replace it with underlying structure
bss_description.
Change-Id: I36ad517325117cf04d499c7c472ca6ef5921a85d
CRs-Fixed: 2459769
The Linux Coding Style doesn't allow mixed-case names so rename
bssIdx in struct pe_session to be in compliance.
Change-Id: Idf2df6cb4ca30e4fdae74b8fb39445bb878003c5
CRs-Fixed: 2459768
The Linux Coding Style doesn't allow mixed-case names so rename
eSirBssType in struct pe_session to be in compliance.
Change-Id: Iafe6649a130c77064180c67fb1385d2d7a763370
CRs-Fixed: 2459767
In hdd_vdev_destroy, if policy_mgr_check_and_stop_opportunistic_timer
decides to move to single mac mode and while sending the HW mode change
the target goes down, this leads to timeout of the HW mode change req in
WMA layer which is 2 sec and in serialization its 4 sec, but
policy_mgr_check_and_stop_opportunistic_timer timeout in 1 sec and proceed
to sme_close_session and wait for it to complete.
sme_close_session queue WLAN_SER_CMD_DEL_STA_SESSION to serialization but
it remains in pending queue, behind HW mode change req.
Now due to SSR the wait event for sme_close_session is set and thus
hdd_vdev_destroy logically deletes the vdev.
Now on WMA timeout the HW mode change try to remove the request from
serialization which it fails to remove as it fails to get ref for vdev
with vdev being logically deleted.
Thus WLAN_SER_CMD_DEL_STA_SESSION is not processed and is flushed in
hdd_wlan_shutdown.
Thus as SSR WLAN_SER_CMD_DEL_STA_SESSION is flushed from serialization
queue, the wma_vdev_detach() is not called for that vdev and thus the
peer attached to the vdev are not deleted and wma vdev ref is also not
released, this lead vdev/peer ref leak.
To fix this update the wait timeout in
policy_mgr_check_and_stop_opportunistic_timer with proper value higher
than the serialization timeout for the HW mode change request. ALso
set the wait event in policy_mgr_pdev_set_hw_mode_cb in failure cases
as well to avoid timeout in case of hw mode change failures.
Also release pending peer and vdef refs in wma_wmi_service_close.
Change-Id: I5ddf8263b0dbf889be506332a67f5e18c1bfb111
CRs-Fixed: 2458034
When FILS authentication is performed, the key confirmation is
performed as part of the FILS exchange using association frames.
Hence, no additional 4-way handshake is necessary. But still the
host driver sets the WMI_PEER_NEED_PTK_4_WAY flag as part of
peer_assoc command. So firmware expects setting key command after
4-Way handshake is completed. But host sends the set key command
before M4 in this case, which results in firmware assert.
Don't set WMI_PEER_NEED_PTK_4_WAY for FILS connection.
Change-Id: I13451bd7592d5836c16cd648235f691b11aafb15
CRs-Fixed: 2458097
Host need to fill netbuf with qtime instead of tsf. So
host need to add tsf64 enable/disable related functions
and definitions to sync with FW.
The tsf64_time is new added to fw/host structure, so host
need to add parse functions to get tsf64_time from tx_desc.
Change-Id: Ieea0d8f905eb57629d279f8da0e811857b760b1f
CRs-Fixed: 2444456
This change I29209576622bc2495a7ce3064e82efca2e70d19a was to fix a
memory leak, but ibss creating peer pass a pointer on stack to
wma_set_stakey API, it makes a regression.
Fix it by passing all pointer from heap to wma_set_stakey API.
Change-Id: I178e4b6a15aa24faae78d9846427b3292d11a1a4
CRs-Fixed: 2455529
Currently, host sends 11k offload command to FW as part of RSO Start
and 11k offload disables to FW during RSO Stop. In case of STA+STA
concurrency, Host sends vdev_stop before 11k_deconfig for
currently enabled STA results to assert in FW.
In order to configure 11k for second STA without assertion, Driver
should de-config 11k for currently enabled STA before vdev stop/delete.
Fix is to configure 11k while start roaming and de-configure 11k
while stop roaming irrespective of the reason for roaming STOP.
Change-Id: I0915d8a0141194c331eb59ba0f2dfa9c8995628a
CRs-Fixed: 2449431
If calling lim_send_set_sta_key_req with sendRsp==false, it didn't free
the tpSetStaKeyParams memory allocated in this function. This scenario
is possible hit when station key update during roaming before new bss
adding.
Change-Id: I29209576622bc2495a7ce3064e82efca2e70d19a
CRs-Fixed: 2452108
VDEV UP command doesn't include right MBSSID information, it will
cause data stall issue and so on.
Fix is to provide right MBSSID information with VDEV UP command.
Change-Id: I0201722c14dee1b01b8dacc7e3095301fb02fd3a
CRs-Fixed: 2434405
In wma_start_extscan, it will always return error due to an
incorrect conditional statement.
Change-Id: Iddb81e34a59ff541d4a17e45b8eca13e704fb89d
CRs-Fixed: 2450704
In wma_stats_event_handler several fields lengths are added
together to check against param_buf->num_data (the overall
length of the buffer).
The problem is that num_pdev_stats, num_vdev_stats and
num_peer_stats represent the number of structures of each
type rather than the total number of bytes.
Therefore update the logic to compare the expected size of
the entire payload to the actual payload.
Change-Id: I94af679480e62a61d4b25a1f370b2f199985f874
CRs-Fixed: 2429010
Adaptive 11r feature that enables the AP to support FT-AKM
without configuring the FT-AKM in the network. The AP will
advertise non-FT akm with a vendor specific IE having Adaptive
11r bit set to 1 in the IE data. The AP also advertises the
MDE in beacon/probe response.
The STA should check the adaptive 11r capability if the AP
advertises MDE in beacon/probe and adaptive 11r capability in
vendor specific IE. If adaptive 11r capability is found,
STA should advertise the FT equivalent of the non-FT AKM.
Introdue a compile time flag WLAN_ADAPTIVE_11R_ENABLED to
enable/disable adaptive 11r support.
If the AP is adaptive 11r capable, set the is_adaptive_11r_ap
flag in bss descrtiptor. This flag will be sent in join request
and populated to pe_session. Also mark the CSR session as
adaptive 11r session based on this flag.
Add changes to check for the adaptive 11r service capability
advertised by firmware. If the host driver connects to adaptive
11r AP, enable RSO only if the firmware advertises adaptive
11r capability, else RSO should be disabled.
If the connection is adaptive 11r connection and if the adaptive
11r ini is enabled, set the adaptive_11r flag in
wmi_roam_11r_offload_tlv_param sent over the wmi command
WMI_ROAM_SCAN_MODE to the firmware. This will enable firmware to
filter the adaptive 11r AP from roam scan results.
Change-Id: If27a2393e3f4bb68942f5ebcec0135f57627f16b
CRs-Fixed: 2437988
If CRYPTO_SET_KEY_CONVERGED is enabled, the iface->key.key_cipher
is not set but is used to process multicast and broadcast
management frame.
Set iface->key.key_cipher with proper value when
CRYPTO_SET_KEY_CONVERGED is enabled.
Change-Id: I67d8bfe2210f4aad499830c4339de10c620d604d
CRs-Fixed: 2444420
Driver uses cipher stored in vdev to get the MIC length, which
may get updated if multiple peer(TDLS peer in STA case) get
connected to the vdev. Thus depending on latest peer cipher type
the MIC length will be calculated for all peers.
Add changes to store cipher info in peer and use it to calculate
MIC length for the frame if CRYPTO_SET_KEY_CONVERGED is defined.
Change-Id: I852e4b519f55d8020237989314f8506aa275f379
CRs-Fixed: 2444416
In wma_roam_synch_event_handler, if vdev_id is out of bounds,
code is redirected to cleanup, where iface is dereferenced to
set the value of roam_synch_in_progress.
This will result in a NULL pointer dereference because iface
hasn't yet been set.
Since this function does not have logic to set
iface->roam_synch_in_progress to true then it does not need
"cleanup" logic to undo that. So, remove the cleanup logic.
Change-Id: I8ffa0b9186c3595444cb188bbf00624b519e3894
CRs-Fixed: 2427334
When AP sends deauthentication/disassociation frame, host will
handle the deauth/disassoc frame. If the ini
"enable_disconnect_roam_offload" is enabled, firmware will
trigger a roam scan immediately after deauth/disassoc is
received and roam to a new AP. If roam failure happens after
this roam scan, firmware will send WMI_ROAM_EVENTID with reason
WMI_ROAM_REASON_DEAUTH.
Register a WMA callback to call the PE disconnect handler
function. This will call lim_tear_down_link_with_ap() to
handle the deauth state machine changes and posts message to
sme to inform the link lost info.
Change-Id: I404b019595b96c0710d09cb9218e3a1d28924fc7
CRs-Fixed: 2443219
When the ready event is received from the firmware, hdd callback
is called to create the pdev and update the capabilties. If
there is any error the error is not propogated back to hdd
which can result in the accessing the invalid memory.
Propagate the status correctly from hdd to wma to resolve this issue.
This will result in the probe failure until the resources are available
or reference leaks are fixed.
Change-Id: I97ec062893216e25e285d95d6bfb5cf3e91a4005
CRs-Fixed: 2426612
Generate PMK-R0 and PMK-R1NAME for FT-FILS connection and send it
over assoc request frame.
According to 802.11-2016 standard:
PMK-R0 is derived as:
R0-Key-Data = KDF-Hash-Length(XXKey, "FT-R0", SSIDlength ||
SSID || MDID || R0KHlength ||
R0KH-ID || S0KH-ID)
PMK-R0 = L(R0-Key-Data, 0, Q)
PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt))
PMK-R1 is derived as:
PMK-R1 = KDF-Hash-Length(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID)
PMK-R1Name is derived as:
PMKR1Name = Truncate-128(SHA-256(“FT-R1N” || PMKR0Name ||
R1KH-ID || S1KH-ID))
Call qdf_get_hash() function to generate a sha-256 or sha-384
hash. Use qdf_get_hash() with hmac(sha-256) or hmac(sha-384)
to generate hmac_hash.
Set PMKID count as 1 in RSN IE and copy the PMKR1-name
generated to the PMKID list. This PMKR1 should be the only
entry in PMKID list in assoc request frame sent by the driver
during FT-FILS initial mobility domain FILS connection.
Change-Id: Ic634aebbe42a58b92f871cf3258c62f7541d161a
CRs-Fixed: 2414719
With current design, firmware sends the kck, kek and replay
counters as part of wmi_key_material tlv over the
WMI_ROAM_SYNCH_EVENTID event. But the maximum supported kck key
length in wmi_key_material was 16 bytes. But for FT Suite-B
(akm 00:0f:ac:13), the kck_bits is 24 bytes long and cannot be
sent over wmi_key_material. So firmware sends kck, kek and
replay counter values over the new tlv wmi_key_material_ext.
Host driver copies the kck key with fixed 16 byte length to the
upper layers. Introduce kck_length parameter in csr_roam_info
and roam_offload_synch_ind structures and copy kck based on this
length.
Also fix maximum number of AKM suites supported to 5, as some
certification test cases advertise 5 akms.
Change-Id: Iab050e3e3f7efead8070a02094998d15f7ffcbd0
CRs-Fixed: 2400770
Peer is created but not setup in LFR3 roaming case,
then peer->rx_tid[tid].array is not initialized with a valid
value before using,which cause null point dereference in
dp_rx_defrag_cleanup() when cleaning up peer.
Change-Id: Ia8fd7773041511f3865d8ba26f4844d9b33bcec0
CRs-Fixed: 2436112
