Currently, opmode is extracted from sap_ctx->vdev without
checking if it's NULL. Add a preventive NULL check
on sap_ctx->vdev.
Change-Id: I084d7ad441f84426d316d729136286a24fbeed26
CRs-Fixed: 3786993
Move definition STA_ENTRY_TDLS_PEER out
of the TDLS feature macro, which will be used
in the common code lim_process_addba_req().
Otherwise it will happen compile error if
FEATURE_WLAN_TDLS disabled.
Change-Id: Idff66bc61b60147bfb9f5c627d2e5a29a28bd268
CRs-Fixed: 3784440
Currently there is no validaton for total num powers
which is calculated by adding powers sent by AP till
160 MHz and powers sent in ext element of the TPE IE.
total powers will increase more than allowed Tx powers
if AP sends some invalid value in ext count but array
limit is 15 only. which may become cause of out of
bound if AP sends some invalid value in ext count.
Fix is to add a validation check for total num powers.
If total num powers becaomes greater than allowed powers,
don't parse the ext element.
Change-Id: I1478b8d1dfa3c491a471790a12d0c3b0f62352f7
CRs-Fixed: 3695072
Driver use uninitialized unsafe channel array in the function
"wlansap_select_chan_with_best_bandwidth"
So, to fix this, initialize the unsafe channel array with zero
value.
Change-Id: If63226da00187086f27e716424b29e30137a46b1
CRs-Fixed: 3772902
Pointer 'dp_ctx' returned from call to function 'dp_psoc_get_priv'
may be NULL in below APIs:
1. dp_reset_tcp_delack
2. dp_bus_bandwidth_init
3. dp_bus_bandwidth_deinit
4. dp_bus_bw_compute_timer_try_start
5. dp_bus_bw_compute_timer_try_stop
6. ucfg_dp_set_cmn_dp_handle
7. __dp_bus_bw_compute_timer_start
Fix is to add NULL check for dp_ctx before use.
Change-Id: I5f9ea6ae8ce3bb13631ad9a2dfe25d9c3686a33b
CRs-Fixed: 3767091
Certain countries have dot11mode restrictions such as no
11be mode support, in which case the regdb updates the
phymode and sends to Host.
Add support to use this value to limit and update the
internal dot11mode to allow connection in corresponding
phymode.
Change-Id: If7dd8c261fbe61e96c7749dd1457713502409fa6
CRs-Fixed: 3747811
In cm_is_peer_preset_on_other_sta, wma_context is
fetched from gp_cds_context and used without any
validation checks. This may lead in NULL pointer
dereference.
To address this issue add null check before
accessing.
Change-Id: I78656303855efb2369afcf47d1aabe3b916498c4
CRs-Fixed: 3712317
To configure vendor requested phy_mode on all interfaces,
iterate all STA adapters which are in disconnect state to
configure the new VDEV phy_mode.
Change-Id: Ibd9d8959609c1ab07caa26cb8c9227c56e8fd234
CRs-Fixed: 3671847
Currently, the driver doesn't consider the force 20 MHz in
2.4 GHz configuration while calculating the channel width
for the session during roam. Therefore, fw and host will be
out-of-sync wrt the channel width of the connection.
Consider the force override 20 MHz in 2.4 GHz config which is
based on the ht40 cap of connect request for the channel width
computation.
Change-Id: Id616dd1ceefd5b2c2130be1b88067a92121e0fa1
CRs-Fixed: 3768406
As a part of vdev destroy is_dp_link_valid can return failure,
since the interface maybe down. This will lead to memory leak
since the dp_link memory won't be freed.
Fix this by replacing is_dp_link_valid with dp_link null check.
Change-Id: Ief03c1e42d62b4b89f1414f0c5642e592ee39fa2
CRs-Fixed: 3750214
Add magic number field in wlan_dp_link which is to
be used to identify the validity of dp_link.
Add logs in the dp_link free handler/callback.
Change-Id: I76e3149e1d72a9f5e69478734b6dbab5b4d8d922
CRs-Fixed: 3744331
Kernel configures mc address list once association/NDP connection
happens. Host driver flushes the existing list whenever a new list
is received from kernel. Also, it's expected to cleanup the final
list as part of disconnection/NDI cleanup.
Currently, host expects the vdev/NDI state to be ASSOCIATED
in-order to flush the final configured list. But the STA vdev/NDI
state is already moved to DISCONNECTED by the time host tries to
flush the list from firmware. So, host doesn't send flush command
to firmware and it just flushes internal list from driver adapter.
This results in leaving the final configured entries uncleaned
in firmware and the mc list exhausts in few such iterations as the
firmware supports limited size(32).
Don't check for vdev/NDI state and always issue flush command to
firmware as part of disconnect to avoid this.
Change-Id: I8e070f40976a147959783b3c44f1e9aa24563d4b
CRs-Fixed: 3776542
When ML STA links are on MCC, TDLS action frames try to
set the link mode to force active. To avoid this
reject the TDLS mgmt request when ML STA links are on MCC.
Also enhance few debug prints for TDLS.
CRs-Fixed: 3717831
Change-Id: I69a942d80f5fac0ff25cfb47229e5dde6a693f97
When roaming happens from 3 Link AP to Legacy or 1 link AP after
a link switch, and the assoc vdev when connected to 3 Link AP is
disconnected during roaming, it causes the DP default link mapping
not to be updated. This resutls in data stall and ultimately
NUD failure is triggered resulting in disconnection.
After roaming to Multilink AP, then update the DP with
the new deflink as the assoc vdev.
CRs-Fixed: 3681911
Change-Id: I114a9858c3cbe58ef59743ad251a2b3af2543d3d
In the api wlan_connectivity_mgmt_event(), the VSIE is
extracted after logging the Deauth/Disassoc frames
due to which VSIE is not logged as part of
Deauth/Disassoc frame logging.
Modify the api wlan_connectivity_mgmt_event() to extract
VSIE before logging the Deauth/Disassoc frames
Change-Id: Ia5ac504f6e17d0464a6ce0d442ae7eec658b2445
CRs-Fixed: 3761695
The vdev id in bs_req cannot exceed the WLAN_UMAC_PSOC_MAX_VDEVS
count.
Add the sanity check before accessing the ref_count array.
Change-Id: I31743b4be75944bb8947eac7537172d56614637d
CRs-Fixed: 3759720
Currently host can get station stats request while ll stats is in
progress and station stats request gets timeout for below sequence,
1) Host receives LL stats request and sends unified stats
command to fw.
2) FW has sent all the station stats events and in process
of sending ll stats, host gets station stats command
and sends the station stats command to fw.
3) After receiving all ll stats host resets pending stations
stats.
4) As request is already reset, host doesn't find any pending
request while processing the last stats event hence request
gets timeout.
To address this issue send cached stations stats if unified ll stats
is in progress.
Change-Id: I153ca4657c0736b4a174b247c82eb38527b9dae9
CRs-Fixed: 3753712
In case power constraint is not absolute then calculated
local power constraint is not updated as diff of regulatory
power and local power constraint. In case of power constraint
is not absolute the local constraint power is same as advertised
by AP and need to update as diff of regulatory power and LPC
advertised by AP.
Change-Id: Icc410c35c14aa2973789cdb26aa7a45ac1f6a0f3
CRs-Fixed: 3761422
Some targets may prefer to keep SAP on same channel even when the
channel is marked as unsafe due to coex operations.
Check the corresponding device capability and avoid chan switch
when the SAP is fixed channel(non-ACS) SAP.
Change-Id: I8d003359a587c5308899e0956b0414074bd748b0
CRs-Fixed: 3776847
For non-DBS solutions, if STA is present on an indoor channel
with operating bandwidth less than 80 MHz, the sta+sap indoor
concurrency support allows SAP to operate only on that BW.
However, the SAP BW selection logic selects 80 MHz BW for the
concurrent indoor SAP. Since, the SAP operation in 80 MHz
hosts indoor channels as well, the kernel tears down the SAP.
For the indoor STA+SAP concurrency, choose the same BW of
STA for the SAP operation.
Change-Id: I564eebb260ff973d459603029705afbd380f2161
CRs-Fixed: 3756878
Host has to issue RSO_STOP to firmware before performing any
vdev operations(start/stop/down/up,..). Otherwise firmware may
face memory corruptions if it tries to access the same
vdev while host is modifying it.
Currently, RSO_STOP is sent to firmware only if all vdevs are
UP. But in OWE/EAPOL offloaded roaming cases, assoc vdev
would be UP and partner vdev would be down till EAPOL is
done and keys are received from userspace. Connect is started
on partner vdev once the keys are received. Host driver is going
to do a vdev start as part of this connect. So, RSO_STOP is
supposed to be sent to firmware before performing any connect
operations on partner vdev.
So, send RSO_STOP to firmware right after sending
ROAM_SYNC_COMPLETE even if the link vdev is no UP.
Change-Id: Idaa15c7b0cedff5fd6f276626047f349c500a5b8
CRs-Fixed: 3769038
If join ML-probe response doesn't have the per-STA profile for any
of the requesting partner and if the scan entry for that partner
is not found in the scan table, then host should fallback to MLSR
connection.
However, instead of checking the scan entry for the partner links
from the scan table, the driver validates if the partner info is
present in the ml_info of the assoc link scan entry. The assoc link
scan entry would always have the partner info(from RNR IE) even if
the scan entry of that partner is not found.
Directly look up the scan table for every partner link mac.
Change-Id: I896f09a99346459c70ecac8a207dd38b91b58ce2
CRs-Fixed: 3770034
Pointer 'dp_ctx' returned from call to function 'dp_psoc_get_priv'
may be NULL in below APIs:
ucfg_dp_set_hif_handle
ucfg_dp_update_config
ucfg_dp_get_rx_softirq_yield_duration
ucfg_dp_register_rx_mic_error_ind_handler
ucfg_dp_is_roam_after_nud_enabled
Fix is to add NULL check for dp_ctx before use.
Change-Id: I040f1a6ed92ad572e625663eee9ea1dd0c5e8530
CRs-Fixed: 3770367
Host receives "get_tdls_capabilities" request
to get TDLS capabilities from user space.
Host should immediately return fail indication
to user space if memory allocation failed for
skb buffer in
__wlan_hdd_cfg80211_get_tdls_capabilities.
Change-Id: I9e0a14949b55ad811968b718f17022897cd646eb
CRs-Fixed: 3770374
During HB failure disconnection, Host is deleting all connected
TDLS peers only if dph lookup of STA hash entry is success.
In case if host receives add tdls peer from north bound and
HB failure disconnection from south bound, there is a chance
host first delete DPH hash entry before deleting TDLS peer(s).
This leads to TDLS peer leak and assert.
Fix is to make sure to delete all TDLS peers irrespective of
STA hash entry while processing HB failure disconnection.
Change-Id: I6c79eded7d9df511e567f4782189454dbbb14ec1
CRs-Fixed: 3744674
If the scan entries for a non-tx profile MBSSID partner links
are not present at the time of candidate selection, then
host driver generates the scan entry for the missing partner
link from the assoc response.
The assoc response from the AP has PMKID in the RSN(some APs
do not include RSN IE in assoc resp).In this case, the RSN
along with PMKID gets inherited into the scan cache of the
missing partner and this leads to mismatch between M3 and
scan entry RSN causing disconnection.
To fix this, mark all the MBSSID partners without scan entries
as invalid links at the time of candidate shortlisting. Score
and connect to only non-tx candidates with valid scan entries.
Remove the probe response generation from assoc response logic.
Change-Id: I3b90ca1f1d81f2de7cc629576714c72975b11ae9
CRs-Fixed: 3738606
For MLO vdev currently the discovery attempts threshold is
multiplied by 2 to increase the discovery window thereby
increasing the discovery probability in noisy environmental
conditions. But 5 discovery attempts on each link is
sufficient threshold. Increased discovery attempts causes TP
issues with peer connected to different AP for MLO vdev since
frequent link active/inactive change happens.
So remove the discovery attempt multiplier for MLO TDLS vdev.
Enhance few debug logs.
CRs-Fixed: 3702198
Change-Id: If5513987447296140788c1ee021329dc721df65f
