Active connection req fetch may allocate memory to copy the
connect IEs, free after use.
Change-Id: Ida4892cd9efef8a4ebfaf925908eedc19a3d9d7b
CRs-Fixed: 3832469
Currently if Host receives ROAM SYNC event in
RSO STOPPED state, Host drops ROAM_SYNC event and
fails to send ROAM COMPLETE response to FW. This
results assert in fw with reason ROAM COMPLETE
response timeout.
If ROAM SYNC come to host in below scenario:
1. HOST sends RSO stop command with scan mode 4,
in order to process supplicant disabled roaming
request
2. FW already queued the roam sync event before
RSO STOP command receive from host
In this case host should send RSO STOP with
scan mode = 0 to FW. So that FW can stop roam sync
timer and change roam state to RSO STOP state
along with other internal cleanup in FW.
Change-Id: I8b25be98b30d7f8185d5f8dcd67a4b52f502fd37
CRs-Fixed: 3810436
After the change in commit I75f0b76ae920c885a1150d95ea011e5612ef62fd,
the gNeighborLookupThreshold INI value will be a negative number. This
update ensures that the INI comment accurately reflects the change.
Additionally, existing INI files may still include a positive number
(e.g., 76). To maintain compatibility, the default value is updated to
-76 in case the INI files haven't been updated to use negative numbers.
Change-Id: I1c588fcbc5716d9efadf1272842d60a29c26eba6
CRs-Fixed: 3826341
Add config to enable go ignore non-p2p probe req feature. If set,
don't need to send probe rsp to STA, hence save power.
Change-Id: I8b4776e4ffd1315bf30e210797b22a673cf2a6c2
CRs-Fixed: 3812361
Currently while processing roam synch legacy case
is not handled properly for self-roaming case and
host is sending roam as it finds peer is
already attached to a vdev.
To address this issue don't send roam stop if peer
is attached to same vdev.
Change-Id: I75bbeb23e2b94458e0709b8b27178549c7104ea1
CRs-Fixed: 3690348
os_if_cstats_log_nan_disc_enable_req_evt is defined but not
called when there is a NAN discovery enable event, this resulted
in missing of NAN discovery enable stats in the chipset stats
Fix this by calling os_if_cstats_log_nan_disc_enable_req_evt
when there is a NAN discovery enable event
Change-Id: Ic9610e01fb0449c5233d6e651c42d395cb1f21c5
CRs-Fixed: 3804972
Add chipset stats for deauth event when roam
is trgiggered due to deauth frame from AP
Change-Id: I21125d1fde5805a3893ff8d0f9ec2be49082f994
CRs-Fixed: 3804975
Currently nack status is read using the pmo lock with bottom half
disabled, but if the wow wakeup irq is triggered at the sametime
it is waiting for the same psoc lock resulting in the dead lock.
Hence get the hif handle directly rather than with spinlock api.
CRs-Fixed: 3798619
Change-Id: Ic2d5cd07c2dafb525003ec7e9e02bc17d0876dd0
Pointer returned from tdls_process_mlo_choice_tdls_vdev can be
NULL. Add NULL check to avoid dereference.
Change-Id: Ibd7f8914a721517d7b959b864c033686b1160648
CRs-Fixed: 3757772
This change is to check for station count with maximum
number of concurrent connections.
Change-Id: I539ae0b78deadf5e514f00d57542b4dd871e0e4e
CRs-Fixed: 3776536
Currently, driver check peer mac address to filter out duplicate
command in serialization queue. This peer mac address will be
peer MLD address from North bound and link address from the south
bound. For multi-link SAP, if disassociation or deauthentication
request received for two links of same STA (MLD address is same but
link address is different), then driver queue disassociation or
deauthentication command in the serialization for both links.
This will lead to duplicate disassociation or DE authentication commands
in the serialization for same STA.
So, to fix this, add check for MLD address and link address in the
serialization filter.
Change-Id: I2619e3009b28ceba6af4383e36ae40af82020b5f
CRs-Fixed: 3790148
Add support to handle GET_KEEP_ALIVE_INETRVAL command.
If received command in connected state return keep alive
period configured to firmware but if command received in
disconnected state, if user space has set keep alive
period then return the user space configured value or
else return INI configured value.
Change-Id: I5d386ecd141531795b471198bd70afa20210bdc5
CRs-Fixed: 3818096
When connect 2 + 6 GHz MLO AP, 2 GHz is assoc link, when populate per
sta profile of 6 GHz in assoc req, use BW of current 2 GHz session
wrongly, so 320M is disabled wrongly in EHT cap.
To fix it, when populate per sta profile for assoc req, pass
pe_session as NULL since partner link pe session isn't created at that
time, don't clear 320M cap for 6 GHz link.
When config EPCS, update eht cap at same time.
Change-Id: I7422f0353cc087a24575f9be1d5b30a032cc7b8e
CRs-Fixed: 3821390
Below is the sequence of events causing RSO init command to
be sent to firmware while disconnect is happening:
1. Roam Start received from firmware in scheduler thread.
2. Connect request for reassoc received in supplicant thread.
3. This connect request triggers disconnect, but before RSO stop
& deinit is sent to firmware, roam synch event is received. This
roam synch is getting processed in the scheduler thread. But RSO
stop & deinit are sent in wpa_supplicant thread.
4. As part of roam synch host is posting RSO_ENABLE to RSO state
machine which triggers roam init to firmware.
5. Since disconnect sequence is already in progress, the RSO is
in init state before vdev stop. Disconnect sequence got executed
cleanly except for the RSO sequence.
This results in abnormal firmware behavior.
Check if the vdev is in connected state before sending roam init
to firmware.
CRs-Fixed: 3769766
Change-Id: I709c165bd9b11b323666e0e27cece76e6a4641dd
Currently, there is a rcu stall when dp vdev obtained from
dp_soc does not match vdev present in fisa flow which has
same vdev_id.
To fix this, if vdev id matches for both the vdev, drop the
skb.
Change-Id: I8be4ea77bd0bdd3096ebbad627674f7b8a9801cf
CRs-Fixed: 3817471
When dp_link is allocated, the member variable is
not initialized correctly. Change is to give initial
value to avoid of crash.
Change-Id: I0d032b4a25f31768f2aa5e7161cc625abe867df5
CRs-Fixed: 3797243
P2P GO negotiation request is supposed to come only on
DUT listen channel.
But there may be chance of leakage on 2.4 GHz because
the ADC sampling rate is 60 MHz, DUT would receive the
attenuated (Rx BBF filter) signal 60 MHz away. So, the
req may get received in non-social channel.
fix is, add new logic to drop the P2P Go Negotiation
request if it is received on non-social channel.
Change-Id: I12ddddd47cd9b494f618b1ba9b383118221ff9d2
CRs-Fixed: 3808813
Currently, when Rx monitor mode interface is coming up, STA is
not disconnected causing RXDMA ring to be used as both error ring
and destination ring. This is causing backpressure in RXDMA ring.
To fix this, issue disconnect for STA when Rx monitor mode is
being added.
Change-Id: I95e73edd80472a8aae9092ebdbce5e514b1cd531
CRs-Fixed: 3799325
During roaming tests, if an AP gets kicked out due to move away,
the driver adds the BSSID to an avoid list.
However, this approach has a drawback. If the AP later moves nearby
again, it won’t be picked up because it’s still on the avoid list.
To address this, the driver checks the RSSI value before adding the
BSSID to the avoid list for kickout roam reasons.
If the RSSI value is above -70 dBm (from INI good_rssi_threshold)
and get kickout, which means AP may have functionality issue, then
the BSSID can be added to the avoid list. Otherwise, if the signal
strength is bad below -70 dBm, the BSSID should not be avoid list
because the AP may move away, let roam logic to pick up or not based
on score value of the BSS.
Change-Id: I4ace2733cfe270667d14095f1d4dc2c5abb9f0d5
CRs-Fixed: 3788290
If pre-cac channel from userspace is Non DFS channel but
the pre-cac bandwidth is set to 160 MHz which cover DFS channel
range, we still allow the request instead of reject it.
Change-Id: I9a0778855bf6659fab20ae0cc82a17d652b0d282
CRs-Fixed: 3748905
If CSR roam synch callback fails then the status is not updated
with error status code and this causes the caller to consider
roam synch indication is successful and RSO stop is not sent
to firmware leading to roam synch completion timeout at firmware
Send correct status to the caller of the api:
cm_roam_sync_event_handler_cb() if CSR roam synch processing
fails
CRs-Fixed: 3800617
Change-Id: I29214c04976498fd81cb5266738e341928af3af7
When roaming happens with full SAE for FT-SAE AKMs host doesn't
update the PMK received from firmware into its global cache.
This causes stale PMK to be sent to firmware when full SAE
happens when roaming to below AKM's:
WLAN_CRYPTO_KEY_MGMT_FT_SAE
WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY
So update the PMK sent from firmware for above AKM's when
auth status is connected (full SAE happens at host).
CRs-Fixed: 3807689
Change-Id: I25d1a253de37481952c41f54697521285a0ccf92
If host founds below all conditions are true:
1. Connected AP sends CCX IE in beacon/probe response
2. single PMK feature enabled via ini
"sae_single_pmk_feature_enabled"
3. And current connection is SAE with AKM type
WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY or
WLAN_CRYPTO_KEY_MGMT_SAE
Then host should mark connected AP supports
"single PMK feature" and update same to FW via RSO
command.
Change-Id: I831cfefb60271b03e5c5cbdfde0bd5277ee116e0
CRs-Fixed: 3795133
Currently bool values are not initialized and results
in unexpected values for bool variables,
Hence this change is to initialize structure to
NULL before use.
Change-Id: I07ec3880d35441d3dc84eaa44640ad07eba0b3c9
CRs-Fixed: 3800965
In the case of of 5 GHz + non-tx 6 GHz MLO connection, the scan entry
generated from the ML-probe might not carry MBSSID information of the
non-tx partner. The RNR of the assoc link will also not be inherited.
Therefore, the mbssid info is not generated for this non-tx 6 GHz scan
entry. In such cases, if there is a vdev restart, host driver sends zero
mac address in trans bssid, leading to issues with connection.
To fix this:
1. Look up the RNR db for the 6 GHz link, and determine if the bss param
corresponding to the bssid is non-tx MBSSID.
2. If it is a non-tx MBSSID and there is no mbssid info in the scan cache,
then configure the tx-bssid as broadcast mac.
3. This allows the firmware to auto-detect the tx bssid from the upcoming
beacons.
4. Also, save the neighbor entries from the beacon/probes received from
the firmware during roam sync and other events to facilitate the look-up.
5. If there is no existing entry for the roamed non-tx link, then caching
the neighbor info from the assoc partner link would store the valid entry
into the rnr db.
Change-Id: Ie5ef03fc8504cd63f6db98d2ce4af7eb5c2d7e00
CRs-Fixed: 3789675
After roaming to 11BE 320 MHz EHT AP, the channel width is wrongly
updated as 40 MHz in newly created pe_session. This causes wrong
channel info to be sent to kernel in the get sta channel request
and could result in disconnection. In lim_fill_ft_session(),
the chan_width is updated from VHT OP or Vendor VHT OP IE only
currently. But in 6 GHz EHT 320 mode, the VHT OP IE will not be
present and default 40 MHz is assigned.
So extract the channel info from EHT OP IE and use that to fill
the ft pe session created after roaming
Change-Id: I81b52391e69dfe87b103ca1ee90dd9658f02273a
CRs-Fixed: 3746276
Change the default connection dot11mode behavior of APs with
following security configuration which can support MLO:
1) WPA2 with PMF
2) WPA3-SAE with HnP (or H2E cap equals false)
Currently User has to force allow connection in MLO via INI or
else driver downgrades such candidates to 11ax.
Change-Id: I4ff232fc920e19e4f158eba3038abd57b045e705
CRs-Fixed: 3779433
Add support override the NSS capability with HW NSS capability
during TDLS setup.
Change-Id: I916193969d5aafe042ee1bea2adc29668c9109ee
CRs-Fixed: 3792456
Currently, ROAM_SYNC is aborted on the corresponding vdev when
the vdev is not in CONNECTED state. This abort operation sends
an RSO_STOP to fw but the status is not notified to the caller.
This results in a race condition in the below scenario,
1. Firmware roamed to a 2-link ML AP and sent Roam sync ind
to host
2. Host posted ROAM_SYNC on vdev-0 in scheduler thread context
as the vdev-0 state is CONNECTED
3. Got a DISCONNECT request from userspace in user thread and
the states moved to DISCONNECTING.
4. Host tried to post ROAM_SYNC to vdev-1 but aborted as the
state is not CONNECTED and tries to send RSO_STOP to fw.
This RSO_STOP won’t be sent as it’s a link vdev and the
RSO_STOP should go from assoc vdev later.
But this status is not indicated to the caller which
proceeds with vdev-0 ROAM_SYNC.
5. As vdev-0 ROAM_SYNC doesn't check for the connection state
once processing is started, ROAM_SYNC would be completed
on vdev-0.
6. This causes out of sync and vdev-1 doesn't get cleaned-up.
7. As part of the disconnect, host tries to cleanup the old
peer on vdev-1. But firmware ignores this as that peer is
already cleaned up in fw.
This results in peer map-unmap issue later as the new Roamed
peer on vdev-1 will never get cleaned-up in host but the same
got cleaned up in fw. FW is free to use that peer_id to
another peer mac later and when it does, host DP complains.
So, indicate ROAM_SYNC abort status to the caller to abort
the complete Roaming.
Change-Id: Ic65149ddf28f01ca5d7a0f6d3137a38e64e6c6ae
CRs-Fixed: 3786671
When SAP CSA is started, host driver starts sending CSA IE
with beacon count. Host driver sends VDEV_RESTART to firmware
only when the beacon count reaches to 0(e.g. from 10 to 0).
But if CSA has to be aborted due to some reason(e.g. concurrent
SAP got disconnected), host driver stops the CSA by posting
EV_CHAN_SWITCH_DISABLED where it stops sending the CSA IE and
restores the VDEV state to UP-UP-ACTIVE. It updates the
templates and doesn't send VDEV_RESTART to firmware.
Currently, host driver sends VDEV_UP to firmware as part of
SAP state machine restoration. But firmware might not expect
this VDEV_UP as vdev is in UP state. Host has to avoid
sending VDEV_UP to firmware when the VDEV state is UP-ACTIVE.
Also, SAP CSA abort might result in other race conditions.
So, let the CSA continue if it's already started and SAP channel
gets evaluated once SAP is UP anyway.
Change-Id: Ic8ff8b0c58dd656b4e7ae2a2f9c46c3584a33165
CRs-Fixed: 3734991
Host driver doesn't disable RSO before restarting the vdev
for fw-initiated as well host-initiated CSA or BW change for
link vdev. Therefore, if the FW is in middle of roam(for host
initiated CSA) cases, this restart leads to race condition in FW.
Add a new reason code for VDEV restarts triggered due to CSA,
enable/disable the RSO SM based on this new reason code for
assoc as well as partner links.
Change-Id: I48925d76df62bb1c60f212048b95c434af18042f
CRs-Fixed: 3770973
In the api hdd_set_nss_params() and hdd_set_antenna_mode()
change in nss parameter or antenna mode cause the TDLS
teardown.
Add a check in api hdd_set_nss_params() and
hdd_set_antenna_mode() to prevent change in parameter
if there is a existing TDLS connection.
Change-Id: I8a58b8b0a617a8de490907e4c3181b15d90e0dbb
CRs-Fixed: 3789892
Firmware timestamp values are not printed for BTM_QUERY &
BTM_REQ events and wrong value for BTM_RSP. This is because
the timestamp values is read from wrong structures.
Read the firmware timestamp values from correct wmi structure
to fill the connectivity diag event
Change-Id: I568e87ee3e4bb66d3f73d353df794ced92b418c1
CRs-Fixed: 3788350
Pointer 'dp_ctx' returned from call to function 'dp_psoc_get_priv'
may be NULL in below APIs:
1. dp_reset_tcp_delack
2. dp_bus_bandwidth_init
3. dp_bus_bandwidth_deinit
4. dp_bus_bw_compute_timer_try_start
5. dp_bus_bw_compute_timer_try_stop
6. ucfg_dp_set_cmn_dp_handle
7. __dp_bus_bw_compute_timer_start
Fix is to add NULL check for dp_ctx before use.
Change-Id: I5f9ea6ae8ce3bb13631ad9a2dfe25d9c3686a33b
CRs-Fixed: 3767091
Certain countries have dot11mode restrictions such as no
11be mode support, in which case the regdb updates the
phymode and sends to Host.
Add support to use this value to limit and update the
internal dot11mode to allow connection in corresponding
phymode.
Change-Id: If7dd8c261fbe61e96c7749dd1457713502409fa6
CRs-Fixed: 3747811
In cm_is_peer_preset_on_other_sta, wma_context is
fetched from gp_cds_context and used without any
validation checks. This may lead in NULL pointer
dereference.
To address this issue add null check before
accessing.
Change-Id: I78656303855efb2369afcf47d1aabe3b916498c4
CRs-Fixed: 3712317
Currently, the driver doesn't consider the force 20 MHz in
2.4 GHz configuration while calculating the channel width
for the session during roam. Therefore, fw and host will be
out-of-sync wrt the channel width of the connection.
Consider the force override 20 MHz in 2.4 GHz config which is
based on the ht40 cap of connect request for the channel width
computation.
Change-Id: Id616dd1ceefd5b2c2130be1b88067a92121e0fa1
CRs-Fixed: 3768406
As a part of vdev destroy is_dp_link_valid can return failure,
since the interface maybe down. This will lead to memory leak
since the dp_link memory won't be freed.
Fix this by replacing is_dp_link_valid with dp_link null check.
Change-Id: Ief03c1e42d62b4b89f1414f0c5642e592ee39fa2
CRs-Fixed: 3750214
Add magic number field in wlan_dp_link which is to
be used to identify the validity of dp_link.
Add logs in the dp_link free handler/callback.
Change-Id: I76e3149e1d72a9f5e69478734b6dbab5b4d8d922
CRs-Fixed: 3744331
Kernel configures mc address list once association/NDP connection
happens. Host driver flushes the existing list whenever a new list
is received from kernel. Also, it's expected to cleanup the final
list as part of disconnection/NDI cleanup.
Currently, host expects the vdev/NDI state to be ASSOCIATED
in-order to flush the final configured list. But the STA vdev/NDI
state is already moved to DISCONNECTED by the time host tries to
flush the list from firmware. So, host doesn't send flush command
to firmware and it just flushes internal list from driver adapter.
This results in leaving the final configured entries uncleaned
in firmware and the mc list exhausts in few such iterations as the
firmware supports limited size(32).
Don't check for vdev/NDI state and always issue flush command to
firmware as part of disconnect to avoid this.
Change-Id: I8e070f40976a147959783b3c44f1e9aa24563d4b
CRs-Fixed: 3776542
When ML STA links are on MCC, TDLS action frames try to
set the link mode to force active. To avoid this
reject the TDLS mgmt request when ML STA links are on MCC.
Also enhance few debug prints for TDLS.
CRs-Fixed: 3717831
Change-Id: I69a942d80f5fac0ff25cfb47229e5dde6a693f97
