From d054e0b3e2076009894f037f7cb61e446991ee75 Mon Sep 17 00:00:00 2001 From: Srinivas Dasari Date: Wed, 24 Apr 2024 18:26:07 +0530 Subject: [PATCH] qcacld-3.0: Send ROAM_SYNC abort status to caller MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, ROAM_SYNC is aborted on the corresponding vdev when the vdev is not in CONNECTED state. This abort operation sends an RSO_STOP to fw but the status is not notified to the caller. This results in a race condition in the below scenario, 1. Firmware roamed to a 2-link ML AP and sent Roam sync ind to host 2. Host posted ROAM_SYNC on vdev-0 in scheduler thread context as the vdev-0 state is CONNECTED 3. Got a DISCONNECT request from userspace in user thread and the states moved to DISCONNECTING. 4. Host tried to post ROAM_SYNC to vdev-1 but aborted as the state is not CONNECTED and tries to send RSO_STOP to fw. This RSO_STOP won’t be sent as it’s a link vdev and the RSO_STOP should go from assoc vdev later. But this status is not indicated to the caller which proceeds with vdev-0 ROAM_SYNC. 5. As vdev-0 ROAM_SYNC doesn't check for the connection state once processing is started, ROAM_SYNC would be completed on vdev-0. 6. This causes out of sync and vdev-1 doesn't get cleaned-up. 7. As part of the disconnect, host tries to cleanup the old peer on vdev-1. But firmware ignores this as that peer is already cleaned up in fw. This results in peer map-unmap issue later as the new Roamed peer on vdev-1 will never get cleaned-up in host but the same got cleaned up in fw. FW is free to use that peer_id to another peer mac later and when it does, host DP complains. So, indicate ROAM_SYNC abort status to the caller to abort the complete Roaming. Change-Id: Ic65149ddf28f01ca5d7a0f6d3137a38e64e6c6ae CRs-Fixed: 3786671 --- .../connection_mgr/core/src/wlan_cm_roam_fw_sync.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/components/umac/mlme/connection_mgr/core/src/wlan_cm_roam_fw_sync.c b/components/umac/mlme/connection_mgr/core/src/wlan_cm_roam_fw_sync.c index 4cce41547d..90f0d7204d 100644 --- a/components/umac/mlme/connection_mgr/core/src/wlan_cm_roam_fw_sync.c +++ b/components/umac/mlme/connection_mgr/core/src/wlan_cm_roam_fw_sync.c @@ -113,12 +113,12 @@ QDF_STATUS cm_fw_roam_sync_req(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id, cm_is_peer_preset_on_other_sta(psoc, vdev, vdev_id, event)) { mlme_err("vdev %d Roam sync not handled in connecting/disconnecting state", vdev_id); - status = wlan_cm_roam_state_change(wlan_vdev_get_pdev(vdev), - vdev_id, - WLAN_ROAM_RSO_STOPPED, - REASON_ROAM_SYNCH_FAILED); + wlan_cm_roam_state_change(wlan_vdev_get_pdev(vdev), + vdev_id, + WLAN_ROAM_RSO_STOPPED, + REASON_ROAM_SYNCH_FAILED); wlan_objmgr_vdev_release_ref(vdev, WLAN_MLME_SB_ID); - return status; + return QDF_STATUS_E_INVAL; } mlo_sta_stop_reconfig_timer(vdev); wlan_clear_mlo_sta_link_removed_flag(vdev);