On failure in processing beacon report request in
sme_rrm_process_beacon_report_req_ind, xmit ind is
not sent to PE. This will result in all subsequent
beacon report requests to fail as current request
in PE is not freed. Beacon report request is received
with country code US-O and operating class 12. In this
scenario, third byte in country code is overwritten to
global_op_class which causes no channel to be populated
for scan as there is no operating class 12 in global op
class.
Fix is to send xmit ind to PE on failure in processing
beacon report req in SME for cleanup and not overwrite
the third byte in country code if value exceeds global
op value.
Change-Id: Ie07dbb1f45803cf93b45df2173f0ad064a194cb3
CRs-Fixed: 2439827
Propagation from qcacld-2.0 to qcacld-3.0
For the sap role, .get_station would invoke
wlan_hdd_get_station_remote() or wlan_hdd_get_sap_stats(), depends on
"gSapGetPeerInfo" ini setting. And fix the logic of determine sap get
peer info enable or not by target capability.
CRs-Fixed: 2427627
Change-Id: I3162950a6a7202d55b64ff9c60a26971d3a31555
In some parse APIs the duplicate IE detection logic is not present
and thus duplicate IE will be processed again.
Fix by adding logic in missed API to parse IEs.
Change-Id: I0ad5decf41e72783c211fca2ca56d796b08a1003
CRs-Fixed: 2441001
Peer is created but not setup in LFR3 roaming case,
then peer->rx_tid[tid].array is not initialized with a valid
value before using,which cause null point dereference in
dp_rx_defrag_cleanup() when cleaning up peer.
Change-Id: Ia8fd7773041511f3865d8ba26f4844d9b33bcec0
CRs-Fixed: 2436112
Add gTxAggSwRetry for tx aggregation case, and
Add gTxNonAggSwRetry for non tx aggregation case.
Change-Id: I92265fb4e279eaf63c45f0134f997df02bca8737
CRs-Fixed: 2436305
Currently, the function csr_save_tx_power_to_cfg does not
update the max_tx_power_24/5 length before it copies the
max_tx_power_24/5 data. Then the channel and tx power info
is not complete.
Change-Id: I99e4def6678b68e192f421d03ca7768b341dfbab
CRs-Fixed: 2437214
Currently the driver does not update the PCL
channel list based upon the SRD ini, and thus
adds the SRD channels in the PCL for p2p-go,
which can lead to p2p-go operation on a channel
not expected.
Fix is to remove the SRD channels from the PCL
channel list, if the SRD ini is set.
Change-Id: I8824fa38ef59976816a5e230982c551263da0c9c
CRs-Fixed: 2437795
Connection is initiated with AP1, roaming to AP2 and then
roaming back to AP1.In this scenario, after assoc is done
to AP1 firmware has the pmk for AP1. Now firmware roams to
AP2 and sends roam sync indication with status as connected
and 1x is now offloaded to supplicant. Now even before 1x is
complete driver enables RSO for AP2 , due to this firmware
receives same PMK as that of AP1. Firmware flushes AP1 entry
because AP2 also has same PMK. After 1x , supplicant issues
new PMK which is sent to firmware and firmware updates this
for AP2 . Now when firmware tries to roam to AP1 and it dosent
have pmk for AP1 and it results in full EAP HS.
Change-Id: Id1a0b227cf7be12efa23f63c0abac6d3419469d5
CRs-Fixed: 2432114
In case of no scan result, ACS logic should select one channel based on
any of the below condition (as per mentioned order):
1. First valid channel from PCL
2. First safe channel from safe_channels
3. ACS start channel
Change-Id: Ife1d7a0a963b7773b92c091ed7cc976fcda25347
CRs-Fixed: 2430935
MLME debug stats are added to the sta, ap and ext mlme ops
functions. This will help in debugging.
Change-Id: I55a3a91c6daf98a77557175447798c670be5709a
CRs-Fixed: 2439436
For SHA384 based 11r AKMs below:
FT-FILS-SHA384, FT-SUITEB-SHA384, the FT MIC length is 24. But
the host driver has MIC length hardcoded as 16, so only first
16 bytes of MIC is copied into MIC field and the rest 8 bytes are
copied into R1KH-ID. This results in R1KH-ID and R0KH-ID parse
failure. Due to this, the host driver sends R0KH-ID as 0 to the
firmware in the R0KH-ID. So the next roaming fails in the
firmware.
For SHA384 based AKMs, add changes to reparse the association/
reassociation response FT element. Introduce new FTIE structure
with MIC defined as array of 24 bytes. With this, the R0KH-ID
and R1KH-ID will be populated correctly in to the assoc response
structure and ultimately RSO command will carry the right R0KH-ID
to firmware.
Change-Id: I5aa50145fcd3ba91b1c92d4817b7f0e4fc216e3f
CRs-Fixed: 2430828
In TSO case, if eit header is less than 64 bytes in length,
it will result in unauthorized access to memory that has not
been dma mapped.
For TSO path, adjust the pkt download length before the call
to ce_send_fast(), so that the excess delta is taken into
account and handled.
Change-Id: I049f40afb87c66ad5544da583db27d066fe12453
CRs-Fixed: 2439186
Set MCC quota is mainly for miracast p2p interface when
STA+CLI or STA+GO. Change the condition checking to consider
the other (SAP) existing but not start, to avoid set quota
failure.
Change-Id: I2acfd2bf86991d884c40657dfdd027a235df1270
CRs-Fixed: 2439269
Currently rxmpdu count and fcs count is not getting
populated in station info, add support to populate rx mpdu count
and fcs count in station info and send to user space with
get_station command.
Change-Id: I5ae3c4c1e5647ad0b4777440ce0a1226ba4f373e
CRs-fixed: 2438671
In hdd_apf_read_memory_cb, context buffer length is checked
against sum of packet offset and event length, packet offset
and event length are extracted from FW response and can lead
to integer overflow, which will allow to pass the length check
and eventually will lead to buffer overwrite when event data is
copied to context buffer.
To avoid this issue, validate the event length against the
available length in the context buffer, which can be obtained
by getting difference of packet offset from the context buffer
length.
Change-Id: I53798e56403f1c550f0a762645ccd67a1dc8500d
CRs-fixed: 2436502
Check for validity of vdev obtained from the CDP
cdp_get_vdev_from_vdev_id API.
Change-Id: Ie7fb99a0e08135bd3f2cc6b63070a4bd72df943a
CRs-Fixed: 2434583
1. There is a need for STA to find better AP to connect to, so
this becomes priority over total scan duration.
2. Typically there are very few channel numbers to scan (with FW
CHAN MAP) therefore any penalty with higher dwell time is
compensated with the lesser number of channel. Only in case of
not finding a candidate FW does full scan but that probability
might reduce if AP is found in first CHAN map scan.
Change-Id: Ib923c2af9b92a1465730a861a2b56393dc3d8668
CRs-Fixed: 2431846
Support WDI 3.0 SW path intra-bss forwarding. Major
difference for WDI 3.0 is the metadata info passed
from ipa driver in skb->cb[].
Previously intra-bss fwd decision is done by FW and
it passes fw_desc to IPA where IPA driver passes onto
WLAN driver. Now for WDI 3.0, FW is not involved in RX
path and SW path intra-bss fwd decision has to be done
in wlan driver.
Change-Id: I0b4b9bbf16440dd47b6f97460f8931ea3a79303c
CRs-Fixed: 2426857
Currently when an RRM scan is issued for beacon report request from the
connected AP, we use the current scan country code to get the op class
table for the country.
However, the AP can specify which table to use in the country IE's 3rd
byte of the country field which is not parsed and stored in the scan
country code.
For RRM Scan for beacon report request, use the 3rd byte to get the table
number from the connected AP's beacon and if no table number is present,
then use the op class table based on the country code.
Change-Id: I0911ac908d1c71676f7c1450ab260eaa732ddcb9
CRs-Fixed: 2435942
After DUT STA connected, search connected ssid from scan cache,
get each channel and put into roam scan channel map. To make sure
current home channel is always included and don't set full
channel as channel map, add home channel into roam scan channel
map directly.
Change-Id: Ifb25562259a9b7f35849b39d8e0d238e754d4f96
CRs-Fixed: 2436200
Both FW and host support TDLS low rssi teardown, so remove the host
logic. In addition, host trigger low rssi teardown wrongly since
doesn't update rssi of tdls peer on time.
Change-Id: I93d7957e01ba805b73558a5ced7a1dc8cc2681c1
CRs-Fixed: 2437166
When SAP works in ACS mode, it needs to restart with a safe channel
if current channel is unsafe. Sometimes no channel is selected from
pcl channels. SAP can't just pick up one safe channel because the
channel may be DFS channel while SAP may disable DFS master capability.
SAP should select one valid channel for LTE COEX.
Change-Id: I303165f82b5c2a8d06447df4ba23fdcba5b1083c
CRs-Fixed: 2415007
With FT-FILS akm, initial mobility domain fils connection
requires FTIE in the assoc request frame. FTIE is copied from
auth response frame received from the AP and stored in fils_info.
Add frame parser changes to populate the FT-IE into the
association request frame.
Send this FTIE in the association request appended after MDIE.
Change-Id: I9087ff9f36b52f3ef08b03cba826bdc42834a9f8
CRs-Fixed: 2414678
FT-FILS initial mobility domain association requires FTIE in the
association request frame sent to the AP. FTIE has the R0-KH and
R1-KH ID that is needed to derive the FILS-FT key.
Host driver should save the FTIE received from the AP in the
authentication response frame and send it without any
modification to the AP in association request frame.
Change-ID: I047538e13b37e10c2cebad4959fc796af5d16df6
CRs-Fixed: 2414662
Expectation of user is fcc constraint should be applied when user input
is zero and should be cleared when input is negative value. But current
driver behavior is out of sync.
To address this, invert the user-input before invoking regulatory
component api ucfg_reg_set_fcc_constraint(). Also ensure reduced
tx power is effective in calculating maximum tx power while connecting
to access-point.
Change-Id: I73485685b70b805107a52080c64efde30e807dc3
CRs-Fixed: 2429993
Add new ini to configure various roam trigger parameters:
1. "minimum_btm_candidate_score"
Consider the AP as roam candidate only if its score is greater
than minimum_btm_candidate_score. This value will be sent over
the WMI_BTM_OFFLOAD_CONFIG command.
2. "roam_scan_inactivity_time"
Device inactivity monitoring time in milliseconds for which
the device is considered to be inactive with data packets
count is less than configured roam_inactive_count.
3. "roam_inactive_data_packet_count"
Maximum allowed data packets count during
roam_scan_inactivity_time.
4. "roam_scan_period_after_inactivity"
Roam scan period in ms after device was in inactive state.
5. "btm_roam_score_delta"
Roam scan delta value for btm triggered roam scan. This value
will be sent to firmware over the WMI_ROAM_AP_PROFILE wmi
command.
6. "idle_roam_score_delta"
Roam scan delta value for Idle roam scan trigger reason. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_delta_param_list tlv.
7. "disconnect_roam_trigger_min_rssi"
Candidate minimum rssi value for disconnect roam trigger. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
8. "beacon_miss_roam_min_rssi"
Candidate minimum rssi value for BTM triggered roam. This
value will be sent to firmware over the WMI_ROAM_AP_PROFILE
wmi commnd in the roam_score_min_rssi_param_list tlv.
9. "bss_load_trigger_5g_rssi_threshold"
If connected AP is in 5GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_5g_rssi_threshold.
10. "bss_load_trigger_2g_rssi_threshold"
If connected AP is in 2GHz band, then consider bss load roam
triggered only if load % > bss_load_threshold && connected AP
rssi is worse than bss_load_trigger_2g_rssi_threshold.
Change-Id: Ib026251a8ec403f4376a16a91ff1b5d969336816
CRs-Fixed: 2434922
After SSR, SAR configuration is lost.
Since, SSR is hidden from userland, VENDOR_SUBCMD_SET_SAR_LIMITS
to configure SAR shall not come again from userspace after SSR.
To restore SAR configuration, save this in hdd context when the vendor
command comes and restore after re-init.
Change-Id: I083fb72a9fad35af1a84bcc9d8d59976485b9fa3
CRs-Fixed: 2427382
1. The original mgmt send path changed by converged p2p component, now
wma_tx_packet() will not invoke when sending station mode action
frames, it invokes p2p_mgmt_tx() instead. But for tx buffers of PMF
frames sending to some target require to do bi-direction dma map to
pass smmu sanity check, which is missed in p2p_mgmt_tx() path.
2. The offchan flag passed to wlan_hdd_mgmt_tx() is not always accurate.
There have been cases where the flag is set even though the operation is
taking place on the home channel, and blindly following the flag leads
to an unnecessary ROC.
Fix it by adding QDF_NBUF_CB_TX_DMA_BI_MAP to new p2p mgmt tx path and
bring back home channel check to override the offchan flag if
necessary.
Change-Id: I9589157e57e95d0c61a432f87a07630c4b77f757
CRs-Fixed: 2423341
