A race between cfg80211 ap stop and wiphy system suspend can lead
to either DPM WD or serialization VDEV disconnect active command
timeout since scheduler thread gets suspended as part of wiphy
suspend and both cfg80211_disconnect and wiphy suspend/resume acquire
RTNL lock.
To address this race condition avoid ap stop when wiphy
suspend is already completed since scheduler thread gets suspended
as part of wiphy suspend and it can't process ap stop.
Change-Id: I5792b524a27326ca9e020600db2b82e16cc7ea96
CRs-Fixed: 3834305
As part of 802.11be_D4.1 new param Ext Max Tx power is added
in TPE for 320 MHz and while packing the TPE IE in beacon frame
max tx power will be calculated based on max_tx_pwr_interpret.
And max_tx_pwr_interpret is filled irrespective of channel bandwidth
which leads to TPE IE length more than 9 for legacy case also.
Pack tpe ie manually to consider max_tx_pwr_interpret to calculate
tx power only for 320 MHz and legacy method for less than 320 MHz.
CRs-Fixed: 3750566
Change-Id: Ibacb634c24d08886ccf2848a8dc8e2ecdf6b247a
When driver mode is changed from other mode to mission mode, regulatory
update will happen, flag is_regulatory_update_in_progress is set.
country_change_work thread is used to clear the flag, if other threads
holding OP lock, the work thread exits without clearing flag
is_regulatory_update_in_progress. SAP start is
blocked until timeout later.
To fix it, if failed to update regulatory, country_change_work thread
clears flag is_regulatory_update_in_progress too.
Change-Id: I97440ec14e5153f44a6a1b6028eb8dd9e75ccb5d
CRs-Fixed: 3831855
wma_self_peer_remove call wma_remove_peer with
del_vdev_req->self_mac_addr as peer mac address.
But wma_remove_peer still uses the pointer of self_mac_addr
to reference it after call wmi_unified_peer_delete_send.
Potentially the peer deleate event wma_peer_delete_handler
may come first and free the del_vdev_req memory.
In that case wma_remove_peer may access invalid memory,
wma_remove_objmgr_peer may fail to release the ref count on peer.
Fix by save del_vdev_req->self_mac_addr to local stack to
use it after send wmi_unified_peer_delete_send.
Change-Id: Idd9d765a13287144917d4774287da8b7ec4ea7ed
CRs-Fixed: 3815077
Change maximum value for SET_KEEP_ALIVE_INTERVAL_LEGACY command
to 255 as per new requirement.
Change-Id: Icfb7ec4700131685eb17feba4bf68e82bb2b6316
CRs-Fixed: 3830310
Currently while fetching the cu info from rnr, data length is checked only
for max rnr element which leads to possible out-of-bound reads with
invalid information elements.
Add fix to update the data length checks in the while loop to ensure
sufficient bytes are there.
CRs-Fixed: 3754687
Change-Id: I93f2fbc21fc5adfd848ebb27264cc18f7f553438
Add config to enable go ignore non-p2p probe req feature. If set,
don't need to send probe rsp to STA, hence save power.
Change-Id: I8b4776e4ffd1315bf30e210797b22a673cf2a6c2
CRs-Fixed: 3812361
Host driver opens adapter with ML-support having 2 vdevs and
1 MLD self peer. Now, during runtime, the country changes to
a non-11be supported region. This is followed by a set mac
address request from userspace, but since the EHT support
is disabled due to country change, the driver tries to
lookup the self peer using link mac address. But, since the
peer is created using MLD mac, the set mac address fails
leading to issues with DP-peer creation during connection.
To fix this, remove the EHT capability check from the adapter
routine and look up the peers and mac address only based on
the ML adapter configuration.
Change-Id: Iaabdf6c6b59d3b168c719b6dc0afd272a5725912
CRs-Fixed: 3800291
Currently, get_channel call doesn't consider the secondary
channel to compute the ccfs1. Therefore, in 2.4 GHz
HT40+/HT40- cases, get_channel returns wrong ccfs1.
To fix this, if STA connection is in HE/HT/EHT40 in 2.4 GHz,
then use secondary channel frequency for channel parameter
computation.
Change-Id: I44310192f8dcb5e02003f60b22fdae95d76a1870
CRs-Fixed: 3815126
Scenario here is:
1. AP configured in 320 MHz
2. Set country code = KR in DUT, It means DUT does not
support connection in 320 MHz.
3. Trigger connection with AP, while processing driver
founds, country code is KR, so downgraded connected
channel with to next max supported channel width as
per regulatory rule (which is 160 MHz here) and
successfully associated with AP in 160 MHz.
4. After connection Host receives “get_channel” request
from kernel.
5. Host gets currently connected BSSID and fetch
corresponding channel information from scan cache.
6. As scan cache gets updated via beacon/probe response
from AP and here advertise beacon/probe response in
320 MHz. This results value of channel width for
connected BSSID is 320 MHz and same host fill in
get_channel response.
7. By this time driver connected in 160 MHz and
connected channel width indicated to kernel is 320 MHz.
Due to mismatch in channel width, kernel triggered
disconnection.
Fix is to update connected channel width in response to
“get_channel” request.
Change-Id: I7c4a262d337f9deb8cb4436cae537d0069a98de1
CRs-Fixed: 3810073
Currently, driver check peer mac address to filter out duplicate
command in serialization queue. This peer mac address will be
peer MLD address from North bound and link address from the south
bound. For multi-link SAP, if disassociation or deauthentication
request received for two links of same STA (MLD address is same but
link address is different), then driver queue disassociation or
deauthentication command in the serialization for both links.
This will lead to duplicate disassociation or DE authentication commands
in the serialization for same STA.
So, to fix this, add check for MLD address and link address in the
serialization filter.
Change-Id: I2619e3009b28ceba6af4383e36ae40af82020b5f
CRs-Fixed: 3790148
For 11ax SAP, when received radar, sap_is_chan_change_needed for 11BE
return false sometimes, target freq and bw is same as current, after
CSA, vdev restart failed in lim_process_sme_channel_change_request,
vdev becomes hung in SUSPEND-SP-CSA_RESTART. After 1 min, Kernel trigger
disconnect.
To fix it, if SAP isn't 11BE mode, sap_is_chan_change_needed return
true directly as legacy code.
Change-Id: I6db94c3117890d0ee924975af8b3c9efd9fb08ba
CRs-Fixed: 3789066
Add support to handle GET_KEEP_ALIVE_INETRVAL command.
If received command in connected state return keep alive
period configured to firmware but if command received in
disconnected state, if user space has set keep alive
period then return the user space configured value or
else return INI configured value.
Change-Id: I5d386ecd141531795b471198bd70afa20210bdc5
CRs-Fixed: 3818096
When connect 2 + 6 GHz MLO AP, 2 GHz is assoc link, when populate per
sta profile of 6 GHz in assoc req, use BW of current 2 GHz session
wrongly, so 320M is disabled wrongly in EHT cap.
To fix it, when populate per sta profile for assoc req, pass
pe_session as NULL since partner link pe session isn't created at that
time, don't clear 320M cap for 6 GHz link.
When config EPCS, update eht cap at same time.
Change-Id: I7422f0353cc087a24575f9be1d5b30a032cc7b8e
CRs-Fixed: 3821390
P2P GO negotiation request is supposed to come only on
DUT listen channel.
But there may be chance of leakage on 2.4 GHz because
the ADC sampling rate is 60 MHz, DUT would receive the
attenuated (Rx BBF filter) signal 60 MHz away. So, the
req may get received in non-social channel.
fix is, add new logic to drop the P2P Go Negotiation
request if it is received on non-social channel.
Change-Id: I12ddddd47cd9b494f618b1ba9b383118221ff9d2
CRs-Fixed: 3808813
Currently, when Rx monitor mode interface is coming up, STA is
not disconnected causing RXDMA ring to be used as both error ring
and destination ring. This is causing backpressure in RXDMA ring.
To fix this, issue disconnect for STA when Rx monitor mode is
being added.
Change-Id: I95e73edd80472a8aae9092ebdbce5e514b1cd531
CRs-Fixed: 3799325
If pre-cac channel from userspace is Non DFS channel but
the pre-cac bandwidth is set to 160 MHz which cover DFS channel
range, we still allow the request instead of reject it.
Change-Id: I9a0778855bf6659fab20ae0cc82a17d652b0d282
CRs-Fixed: 3748905
If dyn_modulated_dtim enabled and activated, vdev WLAN_LEGACY_WMA_ID ref
leak may happen in wma_add_sta_req_sta_mode.
To fix it, release vdev ref in all cases in wma_add_sta_req_sta_mode.
Change-Id: Ib1d8262760fdc644a382c1405cdfda8498703440
CRs-Fixed: 3716752
