Currently there is no way to find out PD Restart indication,
so platform driver has added an API to differentiate PD Restart
from SSR. Using this API in shutdown notify handler, sending
message to IPA to do required cleanup.
Change-Id: I9d07c6fc573b6db1c7d0c1b7c99f325e22fe81cd
CRs-Fixed: 2436036
When the ready event is received from the firmware, hdd callback
is called to create the pdev and update the capabilties. If
there is any error the error is not propogated back to hdd
which can result in the accessing the invalid memory.
Propagate the status correctly from hdd to wma to resolve this issue.
This will result in the probe failure until the resources are available
or reference leaks are fixed.
Change-Id: I97ec062893216e25e285d95d6bfb5cf3e91a4005
CRs-Fixed: 2426612
Generate PMK-R0 and PMK-R1NAME for FT-FILS connection and send it
over assoc request frame.
According to 802.11-2016 standard:
PMK-R0 is derived as:
R0-Key-Data = KDF-Hash-Length(XXKey, "FT-R0", SSIDlength ||
SSID || MDID || R0KHlength ||
R0KH-ID || S0KH-ID)
PMK-R0 = L(R0-Key-Data, 0, Q)
PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt))
PMK-R1 is derived as:
PMK-R1 = KDF-Hash-Length(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID)
PMK-R1Name is derived as:
PMKR1Name = Truncate-128(SHA-256(“FT-R1N” || PMKR0Name ||
R1KH-ID || S1KH-ID))
Call qdf_get_hash() function to generate a sha-256 or sha-384
hash. Use qdf_get_hash() with hmac(sha-256) or hmac(sha-384)
to generate hmac_hash.
Set PMKID count as 1 in RSN IE and copy the PMKR1-name
generated to the PMKID list. This PMKR1 should be the only
entry in PMKID list in assoc request frame sent by the driver
during FT-FILS initial mobility domain FILS connection.
Change-Id: Ic634aebbe42a58b92f871cf3258c62f7541d161a
CRs-Fixed: 2414719
With current design, firmware sends the kck, kek and replay
counters as part of wmi_key_material tlv over the
WMI_ROAM_SYNCH_EVENTID event. But the maximum supported kck key
length in wmi_key_material was 16 bytes. But for FT Suite-B
(akm 00:0f:ac:13), the kck_bits is 24 bytes long and cannot be
sent over wmi_key_material. So firmware sends kck, kek and
replay counter values over the new tlv wmi_key_material_ext.
Host driver copies the kck key with fixed 16 byte length to the
upper layers. Introduce kck_length parameter in csr_roam_info
and roam_offload_synch_ind structures and copy kck based on this
length.
Also fix maximum number of AKM suites supported to 5, as some
certification test cases advertise 5 akms.
Change-Id: Iab050e3e3f7efead8070a02094998d15f7ffcbd0
CRs-Fixed: 2400770
On failure in processing beacon report request in
sme_rrm_process_beacon_report_req_ind, xmit ind is
not sent to PE. This will result in all subsequent
beacon report requests to fail as current request
in PE is not freed. Beacon report request is received
with country code US-O and operating class 12. In this
scenario, third byte in country code is overwritten to
global_op_class which causes no channel to be populated
for scan as there is no operating class 12 in global op
class.
Fix is to send xmit ind to PE on failure in processing
beacon report req in SME for cleanup and not overwrite
the third byte in country code if value exceeds global
op value.
Change-Id: Ie07dbb1f45803cf93b45df2173f0ad064a194cb3
CRs-Fixed: 2439827
Propagation from qcacld-2.0 to qcacld-3.0
For the sap role, .get_station would invoke
wlan_hdd_get_station_remote() or wlan_hdd_get_sap_stats(), depends on
"gSapGetPeerInfo" ini setting. And fix the logic of determine sap get
peer info enable or not by target capability.
CRs-Fixed: 2427627
Change-Id: I3162950a6a7202d55b64ff9c60a26971d3a31555
In some parse APIs the duplicate IE detection logic is not present
and thus duplicate IE will be processed again.
Fix by adding logic in missed API to parse IEs.
Change-Id: I0ad5decf41e72783c211fca2ca56d796b08a1003
CRs-Fixed: 2441001
Peer is created but not setup in LFR3 roaming case,
then peer->rx_tid[tid].array is not initialized with a valid
value before using,which cause null point dereference in
dp_rx_defrag_cleanup() when cleaning up peer.
Change-Id: Ia8fd7773041511f3865d8ba26f4844d9b33bcec0
CRs-Fixed: 2436112
Add gTxAggSwRetry for tx aggregation case, and
Add gTxNonAggSwRetry for non tx aggregation case.
Change-Id: I92265fb4e279eaf63c45f0134f997df02bca8737
CRs-Fixed: 2436305
Currently, the function csr_save_tx_power_to_cfg does not
update the max_tx_power_24/5 length before it copies the
max_tx_power_24/5 data. Then the channel and tx power info
is not complete.
Change-Id: I99e4def6678b68e192f421d03ca7768b341dfbab
CRs-Fixed: 2437214
Currently the driver does not update the PCL
channel list based upon the SRD ini, and thus
adds the SRD channels in the PCL for p2p-go,
which can lead to p2p-go operation on a channel
not expected.
Fix is to remove the SRD channels from the PCL
channel list, if the SRD ini is set.
Change-Id: I8824fa38ef59976816a5e230982c551263da0c9c
CRs-Fixed: 2437795
Connection is initiated with AP1, roaming to AP2 and then
roaming back to AP1.In this scenario, after assoc is done
to AP1 firmware has the pmk for AP1. Now firmware roams to
AP2 and sends roam sync indication with status as connected
and 1x is now offloaded to supplicant. Now even before 1x is
complete driver enables RSO for AP2 , due to this firmware
receives same PMK as that of AP1. Firmware flushes AP1 entry
because AP2 also has same PMK. After 1x , supplicant issues
new PMK which is sent to firmware and firmware updates this
for AP2 . Now when firmware tries to roam to AP1 and it dosent
have pmk for AP1 and it results in full EAP HS.
Change-Id: Id1a0b227cf7be12efa23f63c0abac6d3419469d5
CRs-Fixed: 2432114
In case of no scan result, ACS logic should select one channel based on
any of the below condition (as per mentioned order):
1. First valid channel from PCL
2. First safe channel from safe_channels
3. ACS start channel
Change-Id: Ife1d7a0a963b7773b92c091ed7cc976fcda25347
CRs-Fixed: 2430935
MLME debug stats are added to the sta, ap and ext mlme ops
functions. This will help in debugging.
Change-Id: I55a3a91c6daf98a77557175447798c670be5709a
CRs-Fixed: 2439436
For SHA384 based 11r AKMs below:
FT-FILS-SHA384, FT-SUITEB-SHA384, the FT MIC length is 24. But
the host driver has MIC length hardcoded as 16, so only first
16 bytes of MIC is copied into MIC field and the rest 8 bytes are
copied into R1KH-ID. This results in R1KH-ID and R0KH-ID parse
failure. Due to this, the host driver sends R0KH-ID as 0 to the
firmware in the R0KH-ID. So the next roaming fails in the
firmware.
For SHA384 based AKMs, add changes to reparse the association/
reassociation response FT element. Introduce new FTIE structure
with MIC defined as array of 24 bytes. With this, the R0KH-ID
and R1KH-ID will be populated correctly in to the assoc response
structure and ultimately RSO command will carry the right R0KH-ID
to firmware.
Change-Id: I5aa50145fcd3ba91b1c92d4817b7f0e4fc216e3f
CRs-Fixed: 2430828
In TSO case, if eit header is less than 64 bytes in length,
it will result in unauthorized access to memory that has not
been dma mapped.
For TSO path, adjust the pkt download length before the call
to ce_send_fast(), so that the excess delta is taken into
account and handled.
Change-Id: I049f40afb87c66ad5544da583db27d066fe12453
CRs-Fixed: 2439186
Set MCC quota is mainly for miracast p2p interface when
STA+CLI or STA+GO. Change the condition checking to consider
the other (SAP) existing but not start, to avoid set quota
failure.
Change-Id: I2acfd2bf86991d884c40657dfdd027a235df1270
CRs-Fixed: 2439269
Currently rxmpdu count and fcs count is not getting
populated in station info, add support to populate rx mpdu count
and fcs count in station info and send to user space with
get_station command.
Change-Id: I5ae3c4c1e5647ad0b4777440ce0a1226ba4f373e
CRs-fixed: 2438671
In hdd_apf_read_memory_cb, context buffer length is checked
against sum of packet offset and event length, packet offset
and event length are extracted from FW response and can lead
to integer overflow, which will allow to pass the length check
and eventually will lead to buffer overwrite when event data is
copied to context buffer.
To avoid this issue, validate the event length against the
available length in the context buffer, which can be obtained
by getting difference of packet offset from the context buffer
length.
Change-Id: I53798e56403f1c550f0a762645ccd67a1dc8500d
CRs-fixed: 2436502
Check for validity of vdev obtained from the CDP
cdp_get_vdev_from_vdev_id API.
Change-Id: Ie7fb99a0e08135bd3f2cc6b63070a4bd72df943a
CRs-Fixed: 2434583
1. There is a need for STA to find better AP to connect to, so
this becomes priority over total scan duration.
2. Typically there are very few channel numbers to scan (with FW
CHAN MAP) therefore any penalty with higher dwell time is
compensated with the lesser number of channel. Only in case of
not finding a candidate FW does full scan but that probability
might reduce if AP is found in first CHAN map scan.
Change-Id: Ib923c2af9b92a1465730a861a2b56393dc3d8668
CRs-Fixed: 2431846
Support WDI 3.0 SW path intra-bss forwarding. Major
difference for WDI 3.0 is the metadata info passed
from ipa driver in skb->cb[].
Previously intra-bss fwd decision is done by FW and
it passes fw_desc to IPA where IPA driver passes onto
WLAN driver. Now for WDI 3.0, FW is not involved in RX
path and SW path intra-bss fwd decision has to be done
in wlan driver.
Change-Id: I0b4b9bbf16440dd47b6f97460f8931ea3a79303c
CRs-Fixed: 2426857
Currently when an RRM scan is issued for beacon report request from the
connected AP, we use the current scan country code to get the op class
table for the country.
However, the AP can specify which table to use in the country IE's 3rd
byte of the country field which is not parsed and stored in the scan
country code.
For RRM Scan for beacon report request, use the 3rd byte to get the table
number from the connected AP's beacon and if no table number is present,
then use the op class table based on the country code.
Change-Id: I0911ac908d1c71676f7c1450ab260eaa732ddcb9
CRs-Fixed: 2435942
After DUT STA connected, search connected ssid from scan cache,
get each channel and put into roam scan channel map. To make sure
current home channel is always included and don't set full
channel as channel map, add home channel into roam scan channel
map directly.
Change-Id: Ifb25562259a9b7f35849b39d8e0d238e754d4f96
CRs-Fixed: 2436200
Both FW and host support TDLS low rssi teardown, so remove the host
logic. In addition, host trigger low rssi teardown wrongly since
doesn't update rssi of tdls peer on time.
Change-Id: I93d7957e01ba805b73558a5ced7a1dc8cc2681c1
CRs-Fixed: 2437166
When SAP works in ACS mode, it needs to restart with a safe channel
if current channel is unsafe. Sometimes no channel is selected from
pcl channels. SAP can't just pick up one safe channel because the
channel may be DFS channel while SAP may disable DFS master capability.
SAP should select one valid channel for LTE COEX.
Change-Id: I303165f82b5c2a8d06447df4ba23fdcba5b1083c
CRs-Fixed: 2415007
