If the TDLS links exists and SAP comes up, there is a chance
that the peer is created for SAP before deleting TDLS peers,
thus leading to crash.
The fix is to teardown the TDLS links before starting hostapd
or starting the association process to avoid TDLS in concurrency
case.
Change-Id: I06c0d4f8965d3a1e614e8bd89f2d6af0a504fa9e
CRs-Fixed: 2027831
There is a comparison between constant and boolean inside
update cds config api which will always fail.
To address this issue change the type of variable from boolean to
uint8_t.
Change-Id: I7ba4d9fedd148d713af334b394757da2a496f5a5
CRs-Fixed: 2027402
The dump_tx_desc function is called to report the number of freed and used
tx descriptors when a suspend is rejected by data path. The debug code
was directly referencing a data field whereas the code to check the freed
and used descriptors used a function that reports a different number under
certain compilation flags. Use the function in the debug statement such that
the value checked is the value printed.
Change-Id: Iad3f519dc88319c7a421f77376dd43e15e6eaf09
CRs-Fixed: 1113880
Several constants in rrm_global.h use logical || where a bitwise | was
probably intended. clang warns about this.
Hence, use bitwise operator instead of logical operator.
Change-Id: I5a0543096e7f213f3d60f3eda03eb7765595a364
CRs-Fixed: 2028989
In Napier emulation, due to the FPGA slowness and the need from
firmware side to live debug issues during driver load, increase
driver probe timeout accordingly.
Change-Id: I7e435082cebabe9ec6d15dc5c11a73b7db84f19b
CRs-fixed: 2028294
In FTM mode con mode change handler does module stop
after holding SSR protect and module stop bails
out assuming its idle mode module stop. Make sure to
do module stop properly for FTM mode even if SSR
protect lock is taken by con mode change handler.
Change-Id: I5d2d7006bb9f4897a5dd22893cdf6a7a864de97b
CRs-Fixed: 2027020
During driver recovery, following a crash in firmware, there is a
chance to get stuck waiting for the MC thread to exit after it has
already done so. This is due to an external thread being active in the
driver when it should not be possible. Improve logging in such cases
to find out which thread is running, and skip waiting for MC thread
shutdown if it is already stopped to prevent getting hung.
Change-Id: I53ddc3afb8561ecd2d6b708b6488c503068c49a6
CRs-Fixed: 2027020
When flow pool is created, pool status is set to FLOW_POOL_ACTIVE_UNPAUSED
irrespective of whether netif queues are paused or not.
Also, when descriptors are transferred from invalid pool to deficient pool,
pool status is not checked. So, if deficient pool is paused, then even
after receiving required descriptors from invalid pool, its status and
netif queues will still remain paused due to which traffic will not be able
to resume ever.
Sync pool status with netif queue status by:
1) Unpausing netif queues as well when pool is created.
2) If deficient pool is paused and on receiving descriptors from invalid
pool, no. of descriptors goes beyond start threshold, unpause the
queues and set the pool status to FLOW_POOL_ACTIVE_UNPAUSED.
Change-Id: I69390e40130892d218372e4a8a0ab4b0c7b94b7e
CRs-Fixed: 2025759
In case of dfs offload, do not run cac timer, as cac will also be
offloaded in that case. Decide the same based of service bit info.
Change-Id: If4dd62628270ff0ba8632a9cd644a9d7ed6f31a4
CRs-Fixed: 2021357
Add support to fill cac duration and dfs region in vdev
start command, these values are used in firmware on phyerror
processing and cac timer offload cases.
Change-Id: I8bfbd4a3f59002f92ee2e5e321c15da849fce9ec
CRs-Fixed: 2021357
There is race condition between the bus bandwidth work and cleaning up
an adapter. Under some conditions, it is possible for the bus bandwidth
work to access a paritally destroyed adapter, leading to a
use-after-free. To prevent the race condition, use the following
sequence:
1) Stop the bandwidth timer
2) Flush pending bandwidth work
3) Cleanup the adapter
4) Restart the bandwidth timer, if needed
Change-Id: I7166e75e65433d2dcb818ff8b41fe959c510a2e9
CRs-Fixed: 2025184
While implementing the fix for "qcacld-3.0: Fix wlan_hdd_driver_ops
kernel-doc" it was observed that the kernel-doc for functions
wlan_hdd_bus_suspend() and wlan_hdd_bus_resume() did not match the
function signatures. Update the kernel-doc to match the actual code,
and in the case of wlan_hdd_bus_suspend() update one call in
hdd_enable_ext_wow() to align with the real interface instead of the
previously documented interface.
Change-Id: I6f25c954f5328a029fadeceadc23cfc242de6bf7
CRs-Fixed: 2025169
Currently not all of the wlan_hdd_driver_ops public APIs have their
documentation in the interface (header) file. Update the files so that
the public interface, not the implementation, is documented.
Change-Id: I68a809c9bc2a844232a0f5d07086f924f8ce1ace
CRs-Fixed: 2024274
The kernel checkpatch script has detected some issues in
wlan_hdd_driver_ops.h and wlan_hdd_driver_ops.c, so fix them.
Change-Id: I1b08d9dd5147eeebeba2f545d7530bdff6867a5e
CRs-Fixed: 2024274
When DUT receives roam sync ind, addts and delts commands
needs to be removed as part of csr_roam_sync_callback,
Otherwise these commands will be active SME commands forever
as PE wont send resp as older PE session is deleted as part
of RSI indication.
Fix is to remove addts and delts command on roam sync ind.
Change-Id: I1df8416a76dff3899c146823bec04595877788f7
CRs-Fixed: 2023723
This is a qcacld-2.0 to qcacld-3.0 propagation.
Don't access user space memory directly in
drv_cmd_get_ibss_peer_info_all.
Change-Id: I36a706e2e91d1ed2a43897ac2eef9d81b2de7335
CRs-Fixed: 2022841
This is a qcacld-2.0 to qcacld-3.0 propagation.
Fix the variable uninitialized compile error.
Change-Id: I941d76a75a52b4cc6bd3de831b04f960f506f802
CRs-Fixed: 2022835
For some of the configurations, the default is not one of the
in-range values because we want to detect if the value has been
set or not.
Hence, do the range check when a value is present in the cfg.ini.
Change-Id: I4db722ed5053e2248dc23c7417d192fe6093ee46
CRs-Fixed: 2014145
This is a qcacld-2.0 to qcacld-3.0 propagation.
Firmware currently sets the default access category to ARP packets
as voice traffic id and host does not have a way to override this.
As a part of this change, add the cfg.ini support to override this
default access category.
Change-Id: I268cb9c0254d14f143615790c570ac5a255b359d
CRs-Fixed: 1111993
This is a qcacld-2.0 to qcacld-3.0 propagation.
The counter is incremented and logged for each -EBUSY and reset when
scan request is successfully accepted.
It should help us debug cases where the recovery timeout logic
isn't working well or is too slow to react.
Change-Id: I9dd4384cec2a6aefb56e97c1d871c2d2a4819bf6
CRs-Fixed: 1113120
qcacld-2.0 to qcacld-3.0 propagation.
Two threads accessing the procfs entry might end up in race condition and
lead to use-after-free for hdd_ctx->driver_dump_mem.
Hence, acquire a lock to protect hdd_ctx.
Change-Id: If871f4ceadf650978e16b4a336f688a0dae1c494
CRs-Fixed: 2005832
psoc is allocated during start module and destroy in stop modules.
due to this if psoc is used after stop modules it cause crash.
psoc should be the first thing to get allocated and last thing
to get destroyed.
Fix it by calling psoc destroy at the ned of the wlan exit and
allocating in wlan start.
Change-Id: I969a5688751ddfad9ab9c3152e6af0680d2be605
CRs-Fixed: 2027351
Add support to update HE MCS. lim_populate_he_mcs_set() is added to
take care of populating the rates and MCS values.
Change-Id: I12c0ab95cc566c906f1707010dfb2ef3ec4fa681
CRs-Fixed: 1073481
when wlan_mac.bin doesn’t end with ‘\0’,
get_next_line() can access the unexpected area.
Fix this by adding 0 to the end of the buffer.
Change-Id: I01971aa5ad9679338a19e837f73969367d5b08f8
CRs-Fixed: 2026925
During p2p negotiation/invitation if the TX status for the actions frames
are reported success when they actually failed, the supplicant will
not retransmit the failed frames. It will move on to the next action
frame in the protocol. This would lead to GO Negotiation failure.
CRs-Fixed: 1112657
Change-Id: I9b462524793d8ced5ae86de75e085458070e6513
Update correct check while unpacking PPE threshold. Incorrect
placement of parentheses may lead to unexpected behavor.
Change-Id: If1af2ab7a0601e4a25183cb8fbaf0dfd99e9bf58
CRs-Fixed: 1073481
Update HE ops correctly in vdev start request. Currently the update
is done in a local copy and is not updating the vdev start request.
Fix is to copy the local he ops value into vdev start request.
Change-Id: Ife5b40a8df3d6a47c2f170efdb7aae009bb8be95
CRs-Fixed: 1073481
Decrement the peer ref cnt incremented while getting peer through
wlan_objmgr_get_peer() to pass it to wlan_mgmt_txrx_mgmt_frame_tx().
Change-Id: I2791075d63610d76fa1c70d3efe76df2b2618b01
CRs-Fixed: 2025052
TDLS mutex is not unlocked properly in few error instances.
Thus, the thread gets stuck.
The fix is to unlock mutex properly before returning.
Change-Id: Ic16015e568dd91af17b3bb1ba9b19722cb0f82d9
CRs-Fixed: 2026737
Add a HDD callback to get the type of a non connected vdev
needed by policy manager.
Change-Id: I9e0666217f7f4fef3d754534a83295f5e47b0ab9
CRs-Fixed: 2009818
Functionality to send the P2P QUOTA and MCC LATENCY values to FW
is moved back to HDD since the policy manager is not using them.
Change-Id: Ia084035a27056dab6ed8d66cab2687c2f697fb4c
CRs-Fixed: 2019994
After removing legacy policy manager header file had to add
correct header files from host common to allow the compilation
to happen successfully.
Change-Id: I566b8f09776520e8a43eb48cc944ce627dc0c5cf
CRs-Fixed: 2009818
Remove reference to legacy policy manager API to cope with
the policy manager moving to host common.
Change-Id: I5d2d4f497b02a4c701cd83e319d533c328be48cd
CRs-Fixed: 2009818
Replace policy manager header file include as part of policy manager
moving to host common.
Change-Id: Ie1f9d6675cc373c3325c9e76514f48299932cdda
CRs-Fixed: 2009818
Remove legacy policy manager code as part of policy manager moving to host
common.
Change-Id: I6cb9fe12bee3702556c9b52e7ccb7c69c762d8de
CRs-Fixed: 2009818
Currently hdd_release_and_destroy_pdev() retrieves and resets the
pdev's ospriv data pointer by directly dereferencing the pdev
object. This is not the correct object-oriented approach. Instead of
dereferencing the object, invoke the wlan_pdev_get_ospriv() and
wlan_pdev_reset_ospriv() methods that exists for this purpose.
Change-Id: I71a5d090648b76261d863a0b0168a83cdf9911b3
CRs-Fixed: 2024022
Currently hdd_release_and_destroy_vdev() resets the vdev's ospriv data
pointer by directly dereferencing the vdev object. This is not the
correct object-oriented approach. Instead of dereferencing the object,
invoke the wlan_vdev_reset_ospriv() method that exists for this
purpose.
Change-Id: I68a504b022933a47276d5c76c079472e8d3a6402
CRs-Fixed: 2024020
Interface change timer is wrongly multiplied by 50000 leading
to very large timeout value and FW getting stuck in ON state
even if there is no active interface and leading to battery drain.
Fix the battery drain issue by removing the wrong multiplication.
Change-Id: Icc23bc6c666c2e474c17c9a5175ca54721861e0d
CRs-Fixed: 2017489
This change includes to drop RX mgmt packets before sending to MC thread
context based on below conditions
1) Print an warn message when no.of pending RX packets reaches to
1/4th of threshold
2) Drop probe req, probe resp and beacon frames when
no.of pending RX packets reaches to 1/2 of threshold
3) Drop all the RX management packets when no.of pending RX packets
equals to threshold
Add a counter to maintain no.of pending management packets in queue
and MGMT_RX_PACKETS_THRESHOLD for threshold value
Change-Id: I9428a1a054f717a285378dbe95592ba0c5c569e6
CRs-Fixed: 2011645
qcacld-2.0 to qcacld-3.0 propagation
AP1 starts on 2.4g, AP2 starts on 5g ht40.
The AP2 is always failed to find the interference
AP during OBSS scan. It is because the cld driver
uses passive scan but the dwell time is set to
active scan's default dwell time 80ms. That is too
short for passive scan.
The fix is to set the dwell time based on scan type.
Change-Id: I687217f7d15f963f0043dab661ae29bb026ba7b5
CRs-Fixed: 1093940
Memory is not freed in csr_process_set_hw_mode in the
failure case when connection or bt coex is in progress.
Fix is to free memory in failure case.
Change-Id: I6be164c516ce30d5def7b0088c8b62d6409acf6a
CRs-Fixed: 2024748
FTM mode is purely a testing mode. As such, crashes in firmware should
not be gracefully handled. Instead, crash the system to produce a crash
dump to aid in the debugging process.
Change-Id: Ie4098b02be39a25c00f839566d35456bad5834d6
CRs-Fixed: 2025877
Relocate 11ax related functions' kernel doc from c files to
header files in HDD to be inline with kernel specification.
Change-Id: Ib911f029414386c4a7b00cbd526886fb50853be2
CRs-Fixed: 1073481
Extend channel bonding to 11ax dot11mode. Currently channel bonding
is enabled only for 11n and 11ac, extend this to support 11ax as well.
Change-Id: I45cd733962b71ac05c1c8839593edbecec76b0a9
CRs-Fixed: 2025238
QCA_NL80211_VENDOR_SUBCMD_SETBAND does not work because
vendor_id is missed.
Add vendor_id for QCA_NL80211_VENDOR_SUBCMD_SETBAND.
Change-Id: Ide61bc28fe5f555f9e55bd05be19ac86a5777eb5
CRs-Fixed: 2021204
External threads and interface change timer are racing against each other
leading to various side effects. Fix the race condition between external
threads and interface change timer by leveraging existing ssr/driver
unload protection mechanism for module stop.
Change-Id: Ic3d6d516161afee1dd65abb8f1eafe160bea54ff
CRs-Fixed: 2021483
Converged host driver code listens for a vdev_destroy event from
object manager to release vdev related resources. Currently, vdevs
are destroyed in firmware before they are destroyed by object manager,
leading to a possible use-after-free situation in firmware. Reverse
the order of vdev destroy, first in object manger, then in firmware,
to prevent the potential use-after-free.
Change-Id: I54bbede9732cecb3bec291692f452758976184c4
CRs-Fixed: 2024633
Rename the HDD object manager wrapper functions to better reflect their
relevance to object manager.
Change-Id: Ic12cd192096c9fd89dd19568edfaac72001cd965
CRs-Fixed: 2025251
Since converged P2P component supports rx vendor specific public
action frame, not register in hdd layer again.
Change-Id: Ic0aaecffbffeb61ff4413d46c58a97c2bfb4ea84
CRs-Fixed: 2024394
Free memory allocated in ol_tx_desc_dup_detect_init() and spinlock
created in ol_txrx_pdev_post_attach() in case of failure condiiton.
Change-Id: I7e3909622e5b63af2d20c2c8cc0a8cc4350e4085
CRs-Fixed: 2024377
qcacld-2.0 to qcacld-3.0 propagation.
There is a race condition, LTE channel avoidance indication is received
while BSS is starting, thus BSS is starting on the unsafe channel and
driver is not honoring the unsafe channel list given by LTE
coex event.
Always check current operating channel with unsafe channel list on
SAP start.
Change-Id: Ieda6fd4c6fa61fd45d340a850d61a6954d2a67a9
CRs-Fixed: 1106969
Currently, Host modify the vdev pause bitmap
directly which may be problematic in scenario
where this value update information need to
notify to other components.
Hence as a part of this fix, Add (set/clear/update) API's
for vdev pause bitmap modification.
Change-Id: I5c8d6576d27076f697463b42632962327306902f
CRs-Fixed: 2013376
qcacld-2.0 to qcacld-3.0 propagation
In function sap_process_avoid_ie, if type of avoid_ch_ie is not
QCOM_VENDOR_IE_MCC_AVOID_CH, we need to get next node(scan result)
for process. Otherwise the dead loop causes VosMcThread stuck.
Change-Id: If0e736c5b8a5638ea2bc96c3afb25be286959942
CRs-Fixed: 2019048
There is a possible case for pending_event queue corruption during
driver unloading, by using differnt lock between hdd_ipa_wlan_evt()
and hdd_ipa_uc_proc_pending_event().
Fix by using the same ipa_lock for pending_event queue processing.
Change-Id: If01ded0c2f7d1547b33da6401a98b6495811024d
CRs-Fixed: 1110222
If the device is DBS capable, then it may switch between 2x2 and
1x1 depending on the active session. If the reference device is
non-VHT STA and is HT-STA, then the reference device may not be
able to decode operating mode notification frame. Thus, there can
be IOT issues.
The fix is to associate with non-VHT STA that are HT STA with 1x1
Nss capability.
Change-Id: Ic6c889f18a2e20bbde9e0d8228de65cffa5162b8
CRs-Fixed: 2023200
Currently, WMA is not checking whether the south bound disconnect
(deauth/disassoc from AP) is in progress before processing
LFR3 Roam synch indication which leads to FW out of sync with host.
Fix is to ignore LFR3 Roam Synch Indication if south bound disconnect
is in progress in host.
Change-Id: If3c78139cf1d1d0aa0f977bd2cbdca53c7b1a81c
CRs-Fixed: 2019702
Add support to enable or disable range extenstion using
enable_range_ext iwpriv command. get_range_ext iwpriv is used
to check if range extenstion is enabled or not.
Change-Id: I2231ef9641cfa669dd4b1e820a3b7ec00546a9a3
CRs-Fixed: 1073481
Add support to enable or disable DCM using enable_dcm
iwpriv command. get_dcm iwpriv is used to check if
DCM is enabled or not.
Change-Id: I9d81bba92d227a238faf2e705132c80c8e91de86
CRs-Fixed: 1073481
Update shortgi to handle values upto 4. With support
of 802.11ax, short gi value can go upto 4. This change
set will add support to handle that.
Change-Id: Ifb7e6b0b6298995758bf065c6e54d58d5bd65496
CRs-Fixed: 1073481
Add support for vendor commands to query HE capabilities.
Add support to include HE capabilities in wma_handle as received
from FW to be sent to userspace when queried via vendor sub command.
Change-Id: Icbf141bd1e0646346c2b18aabf3dfb3590d853d7
CRs-Fixed: 1073481
There is a chance that roaming_in_progress is not reset if
WOW_REASON_AP_ASSOC_LOST is received before roaming abort.
Clear roaming_in_progress during disconnect to fix this.
Also, clear connection_in_progress, defer_disconnect and
disable napi.
Change-Id: I9d7b80d83b423b0d5471ddb1aadc4d181fe76116
CRs-Fixed: 2022412
Currently, vdev_id and session_id are assumed to be the same, but are
generated in two separate code paths. Unsurprisingly, this leads to a
whole host of desync issues. Instead, modify sme_open_session to take
a session_id, which will be populated with an objmgr vdev_id. This means
vdev_id and session_id can no longer desync, as there is only a single
source for both.
Change-Id: I104aba29beb3c19d0ef2ff23380e3d005e01ced0
CRs-Fixed: 2022136
