In function tdls_ct_idle_handler, idx is assigned from
tdls_info->index which can be 0 254. But tdls_conn_info
is static array in tdls_soc_priv_obj of size
WLAN_TDLS_STA_MAX_NUM (8). So check idx is less than
WLAN_TDLS_STA_MAX_NUM or not to avoid OOB memory access.
Change-Id: I8387cb0a44a79f0f83b25c12de2aa9fbc39ab2f3
CRs-Fixed: 2474432
As part of start_ap or connect_start to teardown active tdls peers
hdd_notify_teardown_tdls_links is called with argument vdev. But
TDLS might not be enabled on that vdev. With recent changes,
osif_priv object is initialized as part of tdls_vdev_init.
For the new interface if TDLS is not initialized then osif_priv
object will not be found and TDLS peers are not removed.
Change-Id: Idcf690bba2766664700a4851d390ee620f2fe73a
CRs-Fixed: 2460108
If tdls feature is disabled, as currently tdls_osif_init_cb is called
before checking flags, tdls_osif_deinit_cb will be missed which causes
memory leak.
Do tdls_osif_init_cb after checking tdls_feature_flags.
Change-Id: I008c69a9b39f5321d1ca79f5193539f5abd32a02
CRs-Fixed: 2459853
For implicit and external control the tdls connection is
established based on the tx and rx pkt count. But currently,
pkt count with connected AP also tracked.
Do not track packets for connected AP as TDLS is not possible
with connected AP.
Change-Id: I29d6f4e7858de1ec453d64b6fce548f5132c57d4
CRs-Fixed: 2457524
Presently osif tdls memory is freed as part of the osif_priv
when the vdev is logically destroyed. There is case seen
wherein the tdls is holding vdev reference and in the other
thread the interface down is received and the osif_priv is
freed resulting in the tdls osif priv also, if the other thread
tries to dereference the tdls os priv it will result
null pointer exception.
Move the tdls osif priv memory creation/deletion to the tdls component.
Change-Id: I3782f6304bee5a6eaab4d9122a569ba56fd29947
CRs-Fixed: 2436379
wlan_vdev_get_bsspeer() return bss peer without taking the ref count
of the peer and thus if peer is deleted after wlan_vdev_get_bsspeer()
returns a valid peer, the caller will have stale entry of the peer.
Stale entry of peer can lead to Assert.
Use wlan_objmgr_vdev_try_get_bsspeer API in TDLS to get the BSS peer
which increment the refcount if peer is valid. With this the peer
won't be deleted till the caller release the ref count of the peer.
Change-Id: I9dc26771a0e8dadf75898c94bff5d4b8fb8a88d5
CRs-Fixed: 2445795
Do not allow tdls peer update command if tdls peer is not
found in lim. If peer assoc command is given to FW
without peer create, FW will assert.
Remove tdls peers in tdls component in case of roaming as
peers are deleted in lim as part of roaming.
Change-Id: Ie227da682e4d30c9b583881f7e2eaafe91826476
CRs-Fixed: 2441951
It doesn't update rssi of tdls peers. So add logic to update it when
get all tdls peers.
Change-Id: I81d4536b5cb2443b088ee4a5d425d548eac152d6
CRs-Fixed: 2435903
Both FW and host support TDLS low rssi teardown, so remove the host
logic. In addition, host trigger low rssi teardown wrongly since
doesn't update rssi of tdls peer on time.
Change-Id: I93d7957e01ba805b73558a5ced7a1dc8cc2681c1
CRs-Fixed: 2437166
As part of every scan, TDLS component is notified.
TDLS component takes decision to allow the scan or not.
But after rejecting the scan for max no of times.
TDLS peer link status is set to idle which is not expected.
Overwriting this link status can lead to not finding the
peers to cleanup while 2nd interface is added.
Change-Id: I1a0120399118ef7e9168dbcb7b5009a88e000d5c
CRs-Fixed: 2435694
Currently, in function tdls_process_rx_frame. If vdev is
NULL then rx_mgmt memory is not freed.
Free the rx_mgmt memory before returning from function
tdls_process_rx_frame.
Change-Id: I5be27a7fa8a9417f578e406f3f9e8c7394439fa8
CRs-Fixed: 2436241
Currently, the vdev connection status is checked by getting
the bss peer of that vdev, and if the bss peer is in associated
state then vdev connected status is sent as true. It can happen
vdev is present and bss peer is deleted after getting the bss peer
from vdev pointer. Then bss peer can not be dereferenced to get the
its status.
Instead remove all the duplicate api's tdls_is_vdev_connected,
pmo_core_is_vdev_connected, and wlan_vdev_is_connected with
wlan_vdev_is_up. wlan_vdev_is_up gives success status
if associated.
Change-Id: I863c3c0689f329870bd08c813813c16956135209
CRs-Fixed: 2424996
Per the Linux Kernel coding style, as enforced by the kernel
checkpatch script, pointers should not be explicitly compared to
NULL. Therefore within tdls replace any such comparisons with logical
operations performed on the pointer itself.
Change-Id: I836dec2b71e0c11f11b18402c7b127bb4ccbba48
CRs-Fixed: 2418394
In function tdls_delete_all_tdls_peers, bss peer can be NULL
if the bss peer is removed from vdev object. Hence, add NULL
check before getting its reference.
Change-Id: I9b2b03bc6db899c1c06de95ec5ee680d4b600aa7
CRs-Fixed: 2419567
To address kernel control flow integrity (CFI) issues related to type
mismatch, correct the input argument type for sme_ser_cmd_callback().
Change-Id: I3f0b5df70163eca9282d2b1c2a48203448e4f0a6
CRs-Fixed: 2402977
After STA or P2P cli disconnection, TDLS component is notfied
of the disconnection to check if the TDLS can be enabled in FW
and host. But while sending tdls set state command to FW,
the disconnected vdev_id is given to FW. This can result in
FW assert while processing the next tdls commands.
Change-Id: Ib79547ce9d192b1d8bba3767655b3dada36e5e95
CRs-Fixed: 2412170
If the curr_peer link status is tearing or connected,
activate peer cmd is rejected and the return status is sent
to supplcant as success even.
But return failure status to supplicant if the link is tearing.
Change-Id: Ia976fee03c77191a7e617a3e21e8c5ddf98759d0
CRs-Fixed: 2411146
Chk frame member of the tdls_mgmt_req is declared locally inside of
the local function wlan_cfg80211_tdls_mgmt and address is copied
in the mgmt request, and posted to scheduler thread.
But, the validity of the chk frame variable is lost once returned
from the wlan_cfg80211_tdls_mgmt function. And the chk_frame
is used when processing the tdls_mgmt_req in scheduler thread.
And the stale data of chk_frame can be used.
Hence, make the chk_frame as a variable instead pointer inside
tdls_action_frame_request request.
Change-Id: Ib2a8a81e8f6db5550b1d0abee31d9f7ea5dacd9b
CRs-Fixed: 2402124
During TDLS componentization the legacy typedef tSirTdlsDelStaReq was
replicated, creating struct tdls_del_sta_req. Unfortunately this left
the driver with two different data structures which serve the same
purpose. Not only is this pointless, but due to the way in which these
structures are used there is an implicit requirement that they be
exactly identical. This approach is very fragile. To align with the
converged software architecture and to improve code maintainability
exclusively use the TDLS component struct.
Note that this struct must be promoted to be a public struct since it
is now accessed from outside the component.
Change-Id: I054ee24e07062a60c4e00b935cd1bc5b4a9aef95
CRs-Fixed: 2400769
During TDLS componentization the legacy typedef tSirTdlsAddStaReq was
replicated, creating struct tdls_add_sta_req. Unfortunately this left
the driver with two different data structures which serve the same
purpose. Not only is this pointless, but due to the way in which these
structures are used there is an implicit requirement that they be
exactly identical. This approach is very fragile. To align with the
converged software architecture and to improve code maintainability
exclusively use the TDLS component struct.
Note that this struct must be promoted to be a public struct since it
is now accessed from outside the component.
Change-Id: I37500ead43eed2295df24c70b96e0b6ff85738c6
CRs-Fixed: 2400768
During TDLS componentization the legacy typedef tSirTdlsSendMgmtReq
was replicated, creating struct tdls_send_mgmt_request. Unfortunately
this left the driver with two different data structures which serve
the same purpose. Not only is this pointless, but due to the way in
which these structures are used there is an implicit requirement that
they be exactly identical. This approach is very fragile. To align
with the converged software architecture and to improve code
maintainability exclusively use the TDLS component struct.
Note that this struct must be promoted to be a public struct since it
is now accessed from outside the component.
Change-Id: I7d304d3d211101c7227ea621f307f91ff68a5753
CRs-Fixed: 2400767
Enumeration TDLS_PEER_STATE_CONNCTED contains a spelling error, so
rename it to TDLS_PEER_STATE_CONNECTED.
Change-Id: Ifa0ff667a407cdad3e240aec6c188f20336a166a
CRs-Fixed: 2397350
As part of connection tracker handler, If the link is connected
then current tx and rx stats are compared with configured threshold
values. If the current stats fall below the threshold then idle timer
is initialized and idle peer data is stored in tdls soc and given as
userdata to the timer handler. The userdata is overwritten if the another
tdls peer becomes idle and this can lead to wrong tdls peer teardown.
Change-Id: I34638bdebe02e17e1c9e117e58352bdaab867921
CRs-Fixed: 2393320
Regulatory component is getting updated to reduce the
code size based on different regulatory features. In this
process new regulatory files are getting added and some
of the files are getting removed.
To compile the newly added files update the required changes
in driver Kbuild file.
Some of the functins which are not supposed to be invoked from
outside the component directly, replace those function calls
with the appropriate wrapper functions.
Change-Id: I31a25268250b99f4f156c4f149966213746d999e
CRs-Fixed: 2373780
Fix implicit tdls connection issue. Correct usage of qdf_mem_set.
DUT could receive multicast frames after tdls connection tear down,
add check condition of frames with multicast dest address in
tdls_update_rx_pkt_cnt.
Change-Id: Ia1d7bbf2c129e9aebc98f7fcdea263b745c221ec
CRs-Fixed: 2375043
It alloc memory with structures in sir_api.h, and process/parse them
with structures in tdls component, which will cause memory corruption
potentially. So, this change refacor these functions and let them use
unified structures. Remove unused structures in sir_api.h
Here are these functions:
- lim_send_sme_tdls_add_sta_rsp
- lim_send_tdls_comp_mgmt_rsp
- lim_send_sme_tdls_del_sta_rsp
- lim_send_sme_mgmt_tx_completion
Remove below unused tdls structures:
- tSirTdlsDelAllPeerInd
- tSirTdlsDelStaInd
- tSirTdlsEventnotify
- tSirTdlsLinkEstablishReq
- tSirTdlsLinkEstablishReqRsp
- tSirTdlsAddStaRsp
- tSirTdlsDelStaRsp
- tSirMgmtTxCompletionInd
Change-Id: Ic595cadefcdbeb2df44f97563c4652db409213a2
CRs-Fixed: 2373706
The field op_class_for_pref_off_chan_is_set in struct
tdls_peer_mlme_info is unused, so remove it.
Change-Id: I5c2ed954215677a25245e108a35c33fc7c33c247
CRs-Fixed: 2375420
TDLS is not supported in concurrency. As part of second interface
creation, TDLS is disabled in both host and FW. But after the second
interface is deleted, TDLS is not enabled in FW and host even for
Standalone STA and P2P client cases.
Change-Id: I362c22a79e171f9779393b1b893b5bfd14ff562a
CRs-Fixed: 2367083
This is mirror change for 0f9f01950
Currently if the number of APs in the STA environment
are many, then the STA will receive many beacons, whose
beacon process path can take long time, in the kernel
work queue, hence the other processes have to wait
for them to complete, and may get timeout, if the
the time to process the beaocns is larger than their
process timeout.
Fix is to :-
1. Add rate limit to failure conditions of memory
not allocated
2. Make memory allocation in path of beacon process
atomic.
Change-Id: I488b446c23fd01c993f7dd9bd989867fda2331d8
CRs-Fixed: 2363307
