In SBS modes, there are 3 detectors shared between 2 pdevs that are operate
in 5GHz band. Global number space is used for detectors across these pdevs.
Detector list should be following in SBS modes.
For the pdev that use PHYA0:
detector 0 for normal mode
detector 2 for agile mode
For the pdev that use PHYA1:
detector 1 for normal mode
detector 2 for agile mode
There is no direct way of knowing which pdevs are using PHYA0 or PHYA1.
We need to look at the phy_id of a given pdev and compare against other
pdevs on the same psoc to figure out whether the given pdev is operating
using PHYA1. Add the necessary support for the same.
CRs-Fixed: 2993772
Change-Id: I034fe64a7a8988e327a60684a0d008f4b22ef395
Add QCA new status vendor attribute
QCA_WLAN_VENDOR_TWT_STATUS_POWER_SAVE_EXIT_TERMINATE
to indicate the TWT session termination due to power save
exit request from userspace.
Change-Id: I515e4e8384b92b2556d72c4015252f075577f13c
CRs-Fixed: 3013360
If two channel avoid event reported by FW back to back, flag
psoc_priv_obj->ch_avoid_ind of 2nd event set by
reg_process_ch_avoid_event may be modified when processing
1st event in reg_call_chan_change_cbks, from
scheduler_thread context.
Copy chan avoid info to message post to scheduler to avoid
such timing issue.
Change-Id: I8fd5e7e8f2d9b2117a5c6a54fd8b64659e10f7d6
CRs-Fixed: 3012331
In qdf_mem_multi_page_link, pages->cacheable_pages is array with elem num
pages->num_pages, but pages->cacheable_pages[pages->num_pages] is read,
out of bounds error will report if KASAN enabled.
When ini dp_tx_ext_desc is 6144 and DP_TX_DESC_POOL_SIZE is 6144,
Size in bytes of TX TSO Num Seg Desc is 16, page size is 4096, so TX TSO
Num Seq Desc need 24 pages (6144*16/4096), each address need 8 bytes,
so TSO Num Seq Desc need kmalloc 192 bytes to save address of 24 pages.
BUG: KASAN: slab-out-of-bounds in qdf_mem_multi_page_link+0x190/0x1f4
Read of size 8 at addr ffffff816b4d60c0 by task kworker/u16:0/8
CPU: 7 PID: 8 Comm: kworker/u16:0 Tainted: G S W O
Workqueue: cnss_driver_event cnss_driver_event_work
Call trace:
dump_backtrace+0x0/0x204
show_stack+0x18/0x24
dump_stack+0xcc/0x11c
print_address_description+0x88/0x578
__kasan_report+0x1ac/0x20c
kasan_report+0x14/0x20
__asan_load8+0x98/0x9c
qdf_mem_multi_page_link+0x190/0x1f4 [wlan]
dp_tx_tso_num_seg_pool_init+0x84/0x170 [wlan]
dp_soc_tx_desc_sw_pools_init+0xb4/0x128 [wlan]
dp_soc_init+0xf78/0x18c8 [wlan]
dp_soc_init_wifi3+0x14/0x20 [wlan]
cds_open+0x7e8/0x15fc [wlan]
hdd_wlan_start_modules+0x7d8/0xf10 [wlan]
hdd_wlan_startup+0x17c/0xbd4 [wlan]
wlan_hdd_pld_probe+0x234/0x370 [wlan]
pld_pcie_probe+0x6c/0x88 [wlan]
cnss_pci_call_driver_probe+0xd8/0x358
cnss_bus_call_driver_probe+0x38/0x6c
cnss_driver_event_work+0xf14/0x1188
process_one_work+0x53c/0x8b8
worker_thread+0x4f8/0x928
kthread+0x1e8/0x200
ret_from_fork+0x10/0x18
Allocated by task 8:
__kasan_kmalloc+0x100/0x1c0
kasan_kmalloc+0x10/0x1c
__kmalloc+0x130/0x448
kzalloc+0x14/0x20 [wlan]
__qdf_mem_malloc+0xcc/0x120 [wlan]
qdf_mem_multi_pages_alloc+0xc0/0x580 [wlan]
dp_prealloc_init+0x1b0/0x48c [wlan]
wlan_hdd_pld_probe+0x200/0x370 [wlan]
pld_pcie_probe+0x6c/0x88 [wlan]
cnss_pci_call_driver_probe+0xd8/0x358
cnss_bus_call_driver_probe+0x38/0x6c
cnss_driver_event_work+0xf14/0x1188
process_one_work+0x53c/0x8b8
worker_thread+0x4f8/0x928
kthread+0x1e8/0x200
ret_from_fork+0x10/0x18
The bad address belongs to the object
which belongs to the cache kmalloc-192 of size 192
The bad address is located 0 bytes to the right of
f816b4d60c0).
Change-Id: I6569c22bc8f900296f49a4426f085912a33aa452
CRs-Fixed: 3014390
Add new TWT teardown status code to indicate host teared
down the TWT session due to PS disable.
Change-Id: I49c2d7bb1abc4ceb4f79b833cbafcb44e8b936fe
CRs-Fixed: 3013358
During beacon or probe response, if channel is dfs && frame type
is MGMT_SUBTYPE_BEACON, it would call "util_scan_add_hidden_ssid"
to deal with the packet. If the ie id matches with SSID then OOB
read may occur in ie_len as it is validated with upper bound of
ie_ssid.
Validate the ie length first. If it is more than 0 then copy
memory to SSID which are equivalent to ie length.
Change-Id: Ib5e2ab7f6f3337d4c3e5c240e3133d8f276be50a
CRs-Fixed: 3007473
Add QCA vendor attributes to configure the driver to enable/disable
the Broadcast TWT support and Rx Control Frame To MultiBSS support in
HE capabilities information field. This attribute is used for testing
purposes.
Change-Id: I22a2646b642d1e764e89b209e0c872ac113ca2ee
CRs-Fixed: 3012996
Set QDF_TIMER_MULTIPLIER_FRAC to default multiplier if it is defined.
Remove get API under this feature flag so that this can be modified using
set dynamically based on the emulation target detect.
Change-Id: If0743e6b571832ebf3319f9895350685a5cd53f0
CRs-Fixed: 2995514
In dfs test mode, 18 pulses are injected in a single burst, the host
driver reports the radar found event two or three times to
upper layer. For a single burst of radar pulses, radar found event
should be reported only once.
Fix the multiple radar founds for a single burst by disabling radar
detection and flushing the existing radar pulses from all queues
while processing the current radar found indication event in dfs test
mode (usenol=0).
Change-Id: I70c7c15147a5cde038773fd97735c113ca385932
CRs-Fixed: 2981217
Add dedicated monitor flag at SOC level and do not
enable legacy monitor rings for QCN9224
Also add flag to disable rxdma2sw ring for QCN9224.
Change-Id: I399d22d6c3361bb75ebaad4e46b156db5e628d6b
DUT as SAP and its VDEV change to UP state, since got radar event but
channel switch disabled. Then EV_DOWN is dropped and bss peer won't be
delete. Which cause unloading failure. This change moves VDEV to
UP-UP-ACTIVE state if got WLAN_VDEV_SM_EV_CHAN_SWITCH_DISABLED.
Change-Id: I9d3a47a66fd2281166f5106e0e7bfd36c3966ed0
CRs-Fixed: 3009264
Conditionally compile scan radio special vap stats.
Also rename spcl_vap to scan_spcl_vap to better reflect
funtionality.
Change-Id: I7d7f636209f6aa12cca0a3e808d7ae1fac9f397d
CRs-Fixed: 3009837
This change adds MLO support to Peer.
It implements,
1) MLO peer list management
2) AID allocation
3) MLO Peer creation/deletion
4) Notifying partner links on peer creation/deletion/assoc
Change-Id: Ie1b675dccdf0de1d79f6f32d9255cf3cca53fdf2
CRs-Fixed: 2967057
Add CDP interface API support for pkt_log_exit,
to cleanup pkt_log_init on failure.
Change-Id: Ib50efaed5997d341d3e76c2e1dbe42856df40191
CRs-Fixed: 3012201
Below are the changes in HW headers for E1.5
1) WBM2SW release source enum changed back to lithium values
2) DSCP to tid table num is added in Bank register
3) MCAST ctrl value is moved from Bank to seperate register
Change-Id: I342c451d792b1618dcb62ca9d4c77dcf4d4beeac
In order to support flow overide feature,
AST table has to be split between RxPCU and DDR.
With this split, RX monitor cannot make use of
ast_index to fetch peer as it is not from DDR.
So make use of sw_peer_id to fetch peer.
This sw_peer_id is derived from RX_MPDU_STAT_START_TLV
Change-Id: Ib2a003a2640fded3287c318d2ad59fd3127af9b6
CRs-fixed: 3004363
With latest architecture there are different HTT peer
data versions supported by the firmware, supported htt peer
version will be sent in the service ready and need to feedback
to the firmware in the init command.
Change-Id: Icd0470843198387cd7e0192cbe3821d45ef0534e
CRs-Fixed: 3008706
Set default value 7 for INI dp_reo_rings_map, this is just
one WAR to not block HMT before reo_ring_remap and dp thread
issue is fixed.
Change-Id: Ib2c8ebab936951798112759e1ac0baba85996036
CRs-Fixed: 3005555
It is mandatory request to check security mode in 6Ghz band,
so enable check_6ghz_security by default. Keep default disable
for WIN as requested.
Change-Id: Idcc4cb9add98ad4bda8e4357e83460ca25221692
CRs-Fixed: 3006930
In the function list_empty(), there is macro READ_ONCE() and
assembler instruction "ldar" will be used. It requests 8 byptes
alignment for qdf_mem_header address or data abort will happen.
To resolve this issue, align the qdf_mem_header address when
invoking function qdf_mem_dma_get_header().
CRs-Fixed: 2997107
Change-Id: I3d079c3c7e0f3634d85f891327284aefb7a65711
Add BW_320MHz in mgmt_ch_width in host diag module.
Also remove WLAN_FEATURE_11BE feature flag within enum
mgmt_dot11_mode for 11BE related modes.
Change-Id: I2914735edd5aa21ad1d94b0e5fcf718b189fc432
CRs-Fixed: 3009301
hif_ext_group and soc->intr_ctx[i].lro_ctx are allocated
but not free while fail to register parts of ext_group in
hif_register_ext_group, which cause memory leak. Fix is
to detach according resource before return.
Change-Id: I03ecc37437d09bf9275f128b1f2b320124a7df64
CRs-Fixed: 2988891
Add change to support max channel switch IE as a INI config.
With this INI enabled, max channel switch IE will be used in scenario,
where client disconnection is to be avoided with CSA on CAC channel.
Change-Id: I786e7e12e12ebcb3fc7d0720ed02e01bff6c82b8
CRs-Fixed: 2949206
Instead of using a fixed sized array of cfis for every operating class row,
which occupies a large amount of unused memory for many operating class
rows, use a pointer to an array and the length of the array so that each
row uses only the right amount of the memory required.
Change-Id: Ifc9974b7dc7c71b2e51b2a93a8d5c08f4fa89dfc
CRs-Fixed: 3009346
The bridge forwards the multicast packets to all the
interfaces attached the bridge.
When the STA network interface receives such packets
from bridge and send it to the AP, it is echoed back
from the BSS.
These packets are not intended for the bridge as it
will lead to looping.
Add a check to detect and drop such packets when
received back from the BSS.
Change-Id: I5a4a2a3e015df2b9c78de405d7d917216baed051
CRs-Fixed: 2997189
Currently driver has only one name for an INI, with
this change add second name as well for few INIs based on
new requirement.
Change-Id: I67bd50652c3be7912c516b81d40f6a1ea7a7b90a
CRs-Fixed: 3007172
It is not right that linkstate_vote is 0 when entering
hif_vote_link_down, this indicates there is a mismatch
for vote up/down.
Enable debug to catch such case at first time.
Change-Id: I128bc42917ca5de949ee0d0b657579c14dd96eac
CRs-Fixed: 3009469
Avoid calling qdf_timer_mod after qdf_timer_stop as the
node is deleted after timer is stopped and qdf_timer_mod
dereferences the deleted node leading to data abort.
Replace 'qdf_timer_mod' by the sequence
'qdf_timer_sync_cancel, qdf_timer_start' to be SMP safe.
If a timer is being started for the first time, use only
'qdf_timer_start' and not the sequence
'qdf_timer_sync_cancel, qdf_timer_start'
Change-Id: Ida5440d4a54d49aa97f57fbda57ab1ef2cce16e6
CRs-Fixed: 3005699
Tx data transfer in host mode with nbuf map_unmap debug frmwk
enabled and enhanced stats disabled results in an assert.
This is because on Tx completion path, nbuf unmap is done using API
qdf_mem_unmap_nbytes_single which takes physical address of nbuf
for unmap and does not remove nbuf from map_unmap tracking list and
when nbuf is freed, it results in assert as the tracking list still
contains that nbuf entry.
In order to fix this, define a new API for nbuf unmap passing physical
and virtual address of nbuf as arguments. Physical address is passed
as an argument in order to avoid cache miss in per packet path which
eventually helps in improving the KPI.
Change-Id: I77ab6ac3ac98556b9caff8aa3ee82bc23cd26de7
CRs-Fixed: 3006671
Currently driver supports only one name for an ini parameter,
there is no aliasing support for ini names.
With this change add support for multiple ini names for the
same ini parameter.
Change-Id: Ib16a258975f5c3d152fa1dfbbdb6b3e6cc222784
CRs-Fixed: 3007156
