Add null check on connect req params before
invoking cloning of rsn/rsnx ies for mlo stations
Change-Id: I651683ad7eb6a5c0404feee321402ac1f39edcfc
CRs-Fixed: 3234326
Add check to validate vendor IE length in util validate
reporting STA IE API to avoid OOB read.
Change-Id: I1cdd8eced7b5ffcecde6f0337eb45fc90077932f
CRs-Fixed: 3236561
Currently, in few instances the MLO peer APIs are called
with invalid ML peer pointer.
This change prevents NULL pointer access and clears MLO
flag for peer.
Change-Id: I8bcdae1d71655f7ed267cc5bc3f6d0fc51e930df
CRs-Fixed: 3245158
Extract EML and MLD Capabilities from Target via
wmi_service_ready_ext2_event. These values can be
used while advertising EML and MLD Capabilities.
Add helper function to get EML related delays in
Micro Secs from values got from EML and MLD advertisments.
Send EML Capabilities received from node to Target
via WMI_PEER_ASSOC.
CRs-Fixed: 3225495
Change-Id: Ibfa2ff8dbf11d4293125331376a7986e611d5f63
In current code, assoc peer is designated as primry umac,
on primary umac allocation, primary umac bit gets reset.
But in force umac case, primary umac bit not getting reset.
This change resets primary umac bit of assoc peer, if
assoc peer is not designated primary UMAC.
Change-Id: I640433548b9efeb20ba2b23f8d1141cc5505087b
CRs-Fixed: 3243326
Currently, in wlan_defrag_elemsubelem_fragseq() API,
there is possible buffer over-read in fragbuff buffer.
Buffer may have a malicious length larger than their
payload size, which leads to a buffer over-read during
defragmentation.
Fix is to validate the fragment length against the buffer
boundary in util_get_successorfrag().
Change-Id: Ia9e688a0ab17954eb464ec586820bb95b51f12d1
CRs-Fixed: 3236560
Add following fixes for STA to support and operate in
eMLSR mode
1) Update and send eMLSR cap flag to FW even in vdev start
request on both links.
2) Copy EML caps to wmi peer assoc mlo params to send it
to FW.
Change-Id: Ic17b9b82809659d7a4392c09eceecae7c53b2049
CRs-Fixed: 3237737
Add mld config checks in osif_vap_create_check and fail
once the config is invalid.
Change-Id: I26c3b4719fa9b18be0a4590861c654504fb3e6bf
CRs-Fixed: 3200923
In case of MLO, if connect is in progress and assoc vdev is moved to
connected state, if the disconnect is received before mlo mgr is
notified for connect, then it can lead to race between connect and
disconnect processing.
Add fix to avoid race between connect comlplete and disconnect by
checking connected link bitmap which is set in mlo connect notifier
Change-Id: I5783827c00106bf6bda2949e4154088fd172de15
CRs-Fixed: 3241708
The api wlan_mlo_peer_list_peek_head is invoked with lock acquired.
wlan_mlo_peer_create api does not invoke ml_peerlist_lock_acquire
and ml_peerlist_lock_release when invoking api mlo_get_mlpeer, this
causes race condition issue.
To resolve this issue, using api wlan_mlo_get_mlpeer instead of
api mlo_get_mlpeer.
Change-Id: Ifb41b7d83bf17938d210ce5a2d7f370d6355197c
CRs-Fixed: 3228243
A malicious input can cause a buffer over-read in util_find_extn_eid.
When len==2 and frame[TAG_LEN_POS]==0, the while loop will be entered
and an over-read will happen for frame[ELEM_ID_EXTN_POS].
Since both MIN_IE_LEN and ELEM_ID_EXTN_POS are equal to 2, ensure
(len > MIN_IE_LEN) before accessing the index.
Change-Id: Ia0aa8a2b59e8bf9ac06f5454e40687c5c34c5d88
CRs-Fixed: 3236559
Current max aid assignment doesn't consider start aid
which is causing start aid greater than max aid in
MBSSID MLO case.
This change accounts start aid while updating max aid
Change-Id: Ic6af28cd2599090538393082032932ba416b4c66
CRs-Fixed: 3220059
These utility functions help to parse the Probe Request Variant of
Multi-Link IE.
It implements 11BE draft 2.0 spec
Change-Id: I09dcf47ef481278f5c74082002f83d9c8e2155a4
CRs-Fixed: 3213367
Update definition for MLD capabilities subfield present in
the Common Info field of Basic Multi-Link element as per
IEEE802.11be D1.5.
Store parsed MLD capability in node to send these to Target.
Add endianness handling for MLD Capability.
Add a check if the value in the common info length tallies
with the length as determined from the presence bitmap for
MLD capabilities.
CRs-Fixed: 3206837
Change-Id: I3d03afbd60171b2cf5e81c9a8dbb51d7673c9163
As part of a transition of basic MLO functionality to IEEE802.11be
D1.5, add definitions and receive processing for the signaling of the
presence of BSS Parameters Change Count subfield in STA Info field in
Per-STA Profile subelement in Basic Multi-Link element Link Info
field. This presence is signaled by a new bit in the STA Control
field of the corresponding Per-STA Profile subelement. Rename the
definition for BSS Parameters Change Count (sub)field size to make it
generic since it may occur in various protocol signaling areas
related to MLO.
Change-Id: Ieb17f65547b7106442369b51cd6bc303046a224a
CRs-Fixed: 3197012
This change rejects association if MLD MAC address of Station
is same as AP MLD MAC address.
Change-Id: Ie8cafcf8bf0033dc63efbcd0047ddcabf996942b
CRs-Fixed: 3212459
Aid pool is divided into three pools. pool0 and pool2 is for legacy and
MLO clients. pool1 is for T2LM enabled clients. This is done to ensure
that T2LM enabled clients are starting from particular index so that
multi-link traffic element can be updated optimally.
Change-Id: I2d5fe50a6ba339e89f4b65febc7b1b1bbb200477
CRs-Fixed: 3205993
select assoc peer as primary umac,
1) if all links are from single PSOC
2) single link MLO connection
Change-Id: Ia38e6809ef7d0201a2267051b8b4bcec7b36547f
CRs-Fixed: 3203804
1) Do not free Tx VAP's AID manager, if AID manager of
non-Tx vap and Tx vap doesn't match
2) Do not allocate AID manager for MLD vaps, if AID
manager is already allocated
Change-Id: I08b19397540f364503eaa1c269c6d0679a9a9fc0
CRs-Fixed: 3212368
Parse EML capability sub field present in Common Info field of Basic
Multi-Link element from Association request send by non-AP MLD.
Add new API to get EML capabilities from the ML IE.
Update definitions for EML as per IEEE802.11be D1.5.
Store parsed EML capability in node to send these to Target.
CRs-Fixed: 3203322
Change-Id: Ib208ba2d8e86df7360656c1c844e4835a93cedc4
In order to provide the info about common info len and BSS
param change count, add API util_get_mlie_common_info_len()
and util_get_bvmlie_bssparamchangecnt().
Change-Id: I0f5fea2265cbb8f1df265542af7009d624a0129b
CRs-Fixed: 3202491
Currently even when the partner link assoc failure driver is maintining
the assoc link this is resulting in several side effects w.r.t
memory corruptions etc.
Disconnect the ml connection incase of link assoc failure.
Change-Id: I4bbdcf4099f3042f5065067ca5d817f986ffb30a
CRs-Fixed: 3204310
In mlo_ap_vdev_attach() we call cdp_update_mlo_ptnr_list(), and logic
exists which was supposed to test the return value for success.
However due to a misplaced parenthesis, the test for success is actually
applied to the last parameter, and that test result is sent as a
true/false value to cdp_update_mlo_ptnr_list().
To fix this issue relocate the parenthesis so that the last parameter
is correctly passed and the test for success is applied to the
return value.
Change-Id: I055150dae726a69f0e70f02f7fbe26550f48e558
CRs-Fixed: 3181220
This change adds MBSSID support for MLO AID manager.
It handles AID allocation and AID free for MLO and Non-MLO peers
associated to MLO/Non-MLO VDEVs
Change-Id: I616cca6afeb9178a3b7f183c6bd986fe9b30a4fa
CRs-Fixed: 3200173
Check mld ctx info first and then print the debug info
for teardown request with num socs and num links.
Change-Id: Ib37ce76955e2b83aaa5ecec08010f05e293c2a19
CRs-Fixed: 3200920
Add fix to release ml dev lock in case of failure.
Also add null check for assoc vdev
Change-Id: I5f81217b32d676b556030b504476bf4e3c92b718
CRs-Fixed: 3199710
As part of MLO stats feature, add support to send ll_stats
and get_station stats request to firmware for all the MLO vdevs.
Change-Id: Ic50a6294f868f0604d4cfc0d4b657b6085da2fb4
CRs-Fixed: 3181020
MLO peer attach fails if MLO peer with same MLD address gets
created. While freeing MLO peer, releasing of link peer ref
is missed
Fixed some of the corner cases handling with ml peer id, AID
Change-Id: Ia3ff13a3840083bfe389b39086a6c5aa1f709fca
CRs-Fixed: 3185069
Count the MLO vdevs in a pdev. WLAN_VDEV_FEXT2_MLO feature
flag in vdev object is set for all MLO vdevs. Simple solution is
to increment/decrement the count on every set/clear of
WLAN_VDEV_FEXT2_MLO feature flag. Since this feature flag will be
set/clear at multiple places for a given vdev, this approach
will lead to wrong MLO vdev count. To fix this we need to
increment/decrement the count on first set/first clear of
WLAN_VDEV_FEXT2_MLO flag. Add a lock also to prevent the race
conditions.
CRs-Fixed: 3106235
Change-Id: Ice7edde04553088fbb7c9b769508d441ccd6e4bf
In mlo_ser_set_link_req, req is again allocated and thus
the req->ctx.cb_arg doesn't points to the new memory.
so avod reallocating the req memory again in
mlo_ser_set_link_req and use the passed memory directly
as umac_cmd.
Change-Id: I0bdc9cf746b2a36c69b5ca0f773f06900a9783dd
CRs-Fixed: 3188736
T2LM negotiation happens per MLD level. Hence, define the T2LM related
structure in wlan_mlo_peer_context.
Add API to get the protected EHT action frame subtype.
Change-Id: Ia3870fbb38b8d673f96954af18078c96d20365f3
CRs-Fixed: 3167178
Add API to get the MLD capabilities from a given Basic variant Multi-Link
element or element fragment sequence.
Change-Id: I9f0d8069a970523948fd604b4977efd3d41a4d2d
CRs-Fixed: 3177254
Fix for crash seen during MLO NAWDS peer creation.
Peer assoc for MLO NAWDS peer is done in a different way
hence avoid peer assoc in wlan_mlo_peer_create.
CRs-Fixed: 3179437
Change-Id: I76356e68ef267fe2b4d37bfe29faca5ed8c02347
For single link MLO connection, there is no partner peer creation,
so wlan_mlo_link_peer_attach is not triggered. wlan_mlo_peer_create
is good enough to trigger mlo_mlme_peer_assoc_resp.
Change-Id: Ia76503e146a07d15d7b263aa36f9e8c4d110fc6e
CRs-Fixed: 3168623
