Direct Buf Rx has a source ring to communicate with the target.
The target updates its tail pointer in little-endian format and this update
doesn't go through any byte-order conversion at the target. On a big-endian
Host platform, this tail pointer will be read in reverse order of bytes.
To fix this, convert the tail pointer to the Host order before using it.
Change-Id: Ibcaf3d7507910ea81eeb895772241ab9861ee45a
CRs-Fixed: 2843259
With current implementation host does not allow
6GHz AP for WPS security, add a change to allow 6GHz AP for WPS.
Change-Id: I9e330f2984a716bb56e47313b65eedb4a1a0e216
CRs-Fixed: 2814259
Do not allocate memory if the ask is larger than the
maximum memory allowed for malloc. We have it limited to 4MB.
CRs-Fixed: 2828104
Change-Id: I5b463dd8eb640c76882653e82e6f6db7cb651cf2
Currently, 6g PSC/non-PSC channels in the scan request are
scanned or optimized to scan only if RNR IE is found based on
the inis scan_mode_6ghz and scan_mode_6ghz_duty_cycle.
As scan_mode_6ghz_duty_cycle is set to 4 by default, first 3
scans are optimized to scan only if RNR IE is found and 4th scan
would be full scan. If there is any standalone AP in 6g channel
that doesn't advertize RNR IE in colocated APs beacons/probe
responses, that's not scanned till the 4th scan.
Reverse the order for scan_mode_6ghz_duty_cycle such that the
first scan of every four scans is a full scan and rest of the
three scans are optimized. So, the standalone 6g APs can be found
in first scan itself based on the ini scan_mode_6ghz.
Change-Id: Ice1614a94f1fd166e283355616ace241a5df2bcb
CRs-Fixed: 2829550
Add a boolean is_chan_hop_blocked in struct regulatory_channel to check
if a channel is blocked for ACS hopping, when the noise detection param
on that particular channel is above the threshold.
Change-Id: Id1c73f1b153d2064eaf3a72a21d14a6f63ad0de4
CRs-Fixed: 2837859
Account for the Tx buffers allocated for IPA during
init. Add this memory to the overall Tx nbuf memory
allocations. Ensure that the nbuf size is taken from
end pointer to head pointer of nbuf.
Change-Id: Ie3a46c7e7674f3f2e1bf9e0791a7eb53d4bb0b21
CRs-Fixed: 2831015
During TCP Tx traffic account for the Tx nbuf memory mapped
and unmapped in the driver.
Change-Id: I40df92f124eec94f2fa3ddc8bcd910615f4539bf
CRs-Fixed: 2831015
WLAN chip components are little-endian based. When such a chip is attached
to a big-endian Host platform, there will be a mismatch in the order of
bytes for the data that is transferred between the Host and target.
Spectral HW module transfers the Spectral report directly to the Host DDR.
This transfer doesn't go through any byte-order conversion at the HW side.
So, to avoid invalid reads at the Host side on a big-endian platform,
convert the Spectral report to the Host byte-order before using it.
Change-Id: I742537f3a95ffca2e12b83535e83e2870ad06b10
CRs-Fixed: 2838371
Add support for WMI_TWT_NUDGE_DIALOG_CMDID and
WMI_TWT_NUDGE_DIALOG_COMPLETE_EVENTID.
Change-Id: I9d4bf1061f6f08479967619ce50d2756c062f55f
CRs-Fixed: 2825138
Support new firmware thermal level WMI_THERMAL_SHUTDOWN_TGT
to indicate target over heat and need to be shutdown completely.
Change-Id: Icdb8aab9fe7b8914681cc46a4ccb5579781c587d
CRs-Fixed: 2835410
When driver doing ipa rx buffer smmu mapping,
qdf_spin_lock_bh is used to protect rx descriptor pool,
but might sleep function is called by API ipa_is_ready.
This causes kernel panic about sleeping function called
from invalid context as following call trace:
Call trace:
___might_sleep+0x204/0x208
__might_sleep+0x50/0x88
__mutex_lock_common+0x5c/0x1078
mutex_lock_nested+0x40/0x50
ipa3_is_ready+0x2c/0x60
ipa_is_ready+0x24/0x38
dp_ipa_handle_rx_buf_pool_smmu_mapping+0x2dc/0x6d0 [wlan]
Move the ipa is ready check function call outside of spin lock.
Change-Id: I5d3a79dff8a045791834733514a40f7c1ccb0d8b
CRs-Fixed: 2839292
Move the WIN only DFS features from common code to WIN specific
Component dev. The following features are moved.
1. WIN Hardware mode switch.
2. StaDFS
3. dfs_set_nol
4. nol_history
CRs-Fixed: 2834311
Change-Id: I6c74dd13a16acb2a67bb3b477b13bc0e4ee165ce
When the number of HTT packets in the endpoint TxQueue is more
than MaxTxQueueDepth, we hit the overflow condition. If the
overflow condition is hit, in htc_try_send(), when EpSendFull()
returns HTC_SEND_FULL_KEEP, we try to send all the excess packets.
As part of this logic, we are calling restore_tx_packet(); the
intention of calling resotre_tx_packet() is to just perform
skb_pull_head(), but restore_tx_packet() will also unmap the
HTT packet. Later, when we try to send the excess packets, these
would be already unmapped and when the HW/FW try to access this
unmapped location, it would lead to SMMU fault.
Change-Id: Ie60a302d6a2736f7aa12944b7016d2bdb9ffb10d
CRs-Fixed: 2836444
Currently, Stats request commands are sent over qmi right from the
target suspend request is sent to FW. This is leading to a crash in
FW since it is trying to access PCI when it is in suspend state.
To address this, send stats request over QMI only after the ack is
received for the target suspend command.
Change-Id: Id7a79d52740916f66476bf911e571c0ff466c7d3
CRs-Fixed: 2838737
Introduce wmi_validate_handle() with the caller function name
embedded in it to validate the WMI handle and log incase
of error. Calling functions can avoid logging in case
wmi_validate_handle() returns -EINVAL. This reduces logging and
thereby memory foot print.
Change-Id: Ie0a6a84ffad6e5cf2da8f547c7209dc77cdf5729
CRs-Fixed: 2838960
Currently, Rx diag event work is not being flushed during idle shutdown.
This may result in use after free access if the scheduled diag event work
gets the chance to execute after driver modules are closed.
To address this, flush diag events work during idle shutdown.
Change-Id: I348e80d2c86a5e070f0fb67d66b758529fede76c
CRs-Fixed: 2838020
Current Linux version of qdf_snprintf() doesn't pass the additional
arguments(...) to snprintf(). As a result, the behavior is undefined.
Fix it by passing the additional arguments as a variable-argument-list to
vsnprintf().
Change-Id: Iea8ee0737907eaaea2df99631316d7d45a8e562f
CRs-Fixed: 2838962
Currently QMI message length is not being validated before
handling QMI event. This is resulting in illegal memory access
when QMI message length is invalid.
To address this, discard QMI events with invalid length.
Change-Id: Ia9f04bcb4fa3b365cbbf2be8885a8d30f78f8f10
CRs-Fixed: 2839277
In dual station case, wlan0 is connected to AP, wlan1
connects to the same ap and will get failed because two
interfaces can not connect to same band (same ap).
At present wlan1 will do unlink bss of ap after connect fail.
This may corrupt the bss tree in kernel because the bss is
still pointed by wlan0’s wdev -> current_bss.
Fix by avoid the unlink bss if the bss is still connected
in any interfaces.
Change-Id: I27c76eca2d4f130addabbdc2600f6959d24c8511
CRs-Fixed: 2837496
FW memory allocation depends upon important resource config sent from
host during wmi init. Hence, log these important resource config parameters
sent during wmi init.
Change-Id: I5e187b905716a5a2c1767bc4b081f54034994653
CRs-Fixed: 2839119
Low memory profiles like 256M and 16M profiles support
only NSS Wi-Fi offload mode and HOST data path APIs are
not used in NSS offload mode
Disable HOST data path APIs which are not used in both
NSS Wi-Fi offload mode and in HOST mode (in NSS offload mode)
CRs-Fixed: 2831478
Change-Id: I6895054a6c96bd446c2df7761ce65feef662a3cc
Add support to send preferred_xt_streams and preferred_rx_streams
in multivdev restart.
CRs-Fixed: 2833470
Change-Id: I2c06a8bd9a64b15126e216eeb65699e104cbca64
The macro QCA_SUPPORT_DFS_CHAN_POSTNOL is specific to WIN code.
Therefore remove the macro QCA_SUPPORT_DFS_CHAN_POSTNOL and
associated code from Common code and add it to component dev.
CRs-Fixed: 2829537
Change-Id: Ib49424c44817d6af5e485c87d6f7b08afee4fa11
Remove the following functions from Common dev to component-dev:
1) dfs_bangradar
2) dfs_start_host_based_bangradar
3) dfs_fill_emulate_bang_radar_test
4) dfs_check_bangradar_sanity
5) dfs_start_host_based_bangradar
CRs-Fixed: 2829438
Change-Id: I5d3564bcb89e60629ee7fddc9827e03e9d9da6a2
cld80211_oem_rsp_alloc_skb api is used to alloc skb for reply msg.
A static buffer pointer is returned from this reentrant func
which can be called by kworker and scheduler thread at same
time resulting single buffer access by both threads. After
kworker thread freeing this skb, scheduler is further updating
data in this skb resulting in page fault error. Use local
skb pointer to avoid such race conditions
CRs-Fixed: 2822390
Change-Id: I5f807d06c4890b027c86de9187f17fb83b19db5e
With connection manager convergence the STA vdev related ops are
being handled under converged code.
Remove unused functions from mlme interface.
Change-Id: Ibd90ef81b235bca1097891eb4964e2b5e741292c
CRs-Fixed: 2837096
