The consumers of the current channel list may want to search through 6G
channels that are not part of current channel list and belong to channel
list of different power mode.
Therefore, replace the regulatory current channel list with that of 6G
power based channel list.
Change-Id: Ie2ff8bbfb50a5f95f584b134b18246cb28b1c406
CRs-Fixed: 3110987
Fix partner link updation in scan entry when AP MLD has more than one
partner link.
Change-Id: I981f16c9de819390d6830ffe7a5b1e438a4f8403
CRs-Fixed: 3125861
First host checks below two things in PNO scan request:
1. Userspace sets NL80211_SCAN_FLAG_COLOCATED_6GHZ flag
in pno scan request.
2. At least one 6G channel is present in the pno scan req.
If any of above conditions satisfy, Host fills all remaining
(other than channel(s) present in pno scan req) valid 6 GHz
channel(s) to pno scan requests and set the flag
FLAG_SCAN_ONLY_IF_RNR_FOUND for each remaining channel(s).
Host sends this updated channel list via WMI command
WMI_START_SCAN_CMDID_param_tlvs->channel_list for pno scan
to firmware.
By this driver allows Firmware to scan 6G channels based on
RNR IEs only (for colocated APs reported by 2.4/5 GHz APs).
Change-Id: Ib6118c4525e9fbe233eb6a7e07a4a3345d486e8a
CRs-Fixed: 3103923
With the existing offset calculation formula in util_get_link_info_offset
function, the calculated offset was always greater than the length of the
ML IE. Hence, the above function always returned the value 0 for the
offset. The reason is, for example, '(BIT (4) & multi_link_ctrl) * 6'.
We are expecting this calculation to return a value of 6, but it is
returning 96 (= 0x10*6).
Modified the util_get_link_info_offset() to use WLAN_ML_BV_CTRL_PBM_*
presence bitmap to get the link info offset.
Change-Id: Ic548361ac2e82bddaed574cf197c3523d47304d5
CRs-Fixed: 3091674
Wlan host side doesn't have ways to know whether OBSS scan is
run or not if OBSS scan is offloaded to FW. So should let OBSS
scan disable action called directly to make sure OBSS scan is
disabled during each suspend.
Change-Id: I6134c038bbea2ae4f09662354d60063488696cb5
CRs-Fixed: 3097186
As requirement, concurrent mode, station 5G/2G scan need stop when AP
connected by peer station.
Condition:
STA + AP 5G (connected) + AP 2.4G skip 5G scan
STA + AP 5G (connected) skip 5G scan
STA + AP 2.4G (connected && 2.4G only) skip 2.4G scan
Others concurrency skip none
Add ini ch_list_trim_conc to enable/disable the feature. Default is
disabled.
Before send WMI_SCAN_CMD to firmware, call API
policy_mgr_scan_trim_chnls_for_connected_ap() to check if need
trim scan channel list. Which channel list need be trimmed
Change-Id: If4d1cf7347f757fb013ffcb4016e8e6f16859f42
CRs-Fixed: 3075068
Parse the per-STA profile IE and save the CSA, eCSA, Max Channel Switch
Time IE pointers in partner_link_info structure.
Change-Id: Icac75e3ad1f45bd5325c9144db7732684ebb4512
CRs-Fixed: 3087692
Host splits MBSSID into individual scan entries. The IEs
added into the new scan entries should neither be in the
non-inheritance list nor a duplicate IE. Host checks duplicity
of Vendor specific IEs by comparing the OUI, type subtype of
the non-tx and tx BSSID IEs.
Adaptive 11r VS IEs doesn't have subtype, and host uses
IE data as subtype. In this case, even if both the IEs are
same, still both are added into the new scan entry. The
supplicant uses the capability from the first IE belonging
to the tx profile leading to connection failure.
In MBSSID parsing logic, add exception for OUI from this
specific vendor in the Vendor IE comparison logic.
Change-Id: I7bb6cc7ebe34a5f007b9b84c91d6db6c7fcf997b
CRs-Fixed: 3084721
During SAE roam auth offload, update the beacon/probe response
frame coming from the FW via WMI_ROAM_FRAME_EVENTID into the
scan db.
When the bss info of the preauth candidate is unavailable in
the host/kernel scan entry, supplicant fails to determine the
proper SAE PWE config of the peer and the commit request fails.
Change-Id: I8537147104f30b74ffb2e87946f2e5f4b129f0df
CRs-Fixed: 3075460
Do not limit the max length of RSN/WPA IE as they can contain multiple AKM
and CIPHER. We need to consider all the variables to limit the max length.
Change-Id: I204f86d7c773d0c104ad1f58b3648d6c5577af94
CRs-Fixed: 3051247
In case of split profile, while parsing the other segment
of the non transmitted profile present in the subsequent
MBSSID tag, it is possible that the beacon is corrupted where
the non tx profile length has gone out of bound.
In case of above scenario, the MBSSIE parsing code does not
free up the memory allocated for split_prof_start before
returning, which could possibly result into a memmory leak.
Handling the split_profile_continue bit before non tx profile
length check can avoid this situation.
Change-Id: Iaa491fd2803d88759e74ca5a668dddb9f8a42708
CRs-Fixed: 3023554
While parsing MBSS IE split profiles, bssid copy flag
is not reset in between sub element parsing resulting
in skipping the bssid copy for next non tx profile.
Reset skip_bssid_copy flag for each sub element parsing
so that correct bssid is copied for next non tx profile
CRs-Fixed: 3019298
Change-Id: I429190b21a3ddafdc75a73e8b063f6b6f629492a
"scan_entry->ie_list.multi_link is null" print is
flooding the scan component. Hence, remove this print.
Change-Id: I921eea8afc2dba5637c7c02717e2d1fb544ba103
CRs-Fixed: 3023813
During beacon or probe response, if channel is dfs && frame type
is MGMT_SUBTYPE_BEACON, it would call "util_scan_add_hidden_ssid"
to deal with the packet. If the ie id matches with SSID then OOB
read may occur in ie_len as it is validated with upper bound of
ie_ssid.
Validate the ie length first. If it is more than 0 then copy
memory to SSID which are equivalent to ie length.
Change-Id: Ib5e2ab7f6f3337d4c3e5c240e3133d8f276be50a
CRs-Fixed: 3007473
Add 4.9 ghz frequency check also in scan command. This change
is needed so that scan entry is formed and association happens in 4.9ghz.
Change-Id: I2fbf719ea6a5e747e07a5973a2da3d2ca2d11b7b
Currently, partner info array in scan entry is contains self link
information in first index. to avoid confusion, update partner info
with only partner links information and store self link id in ml_info
of scan entry
Change-Id: I53992fee355613b8521409da412254c05fb63fbf
CRs-fixed: 2991229
Replace util_scan_scm_chan_to_band with util_scan_scm_freq_to_band
to work for 6G channels.
Change-Id: I5f8843599cbea194a57cc7fc3b20163a7205f4e7
CRs-Fixed: 2987153
Add scan support for puncturing by extracting the puncturing
bitmap field in the EHT operation IE.
Change-Id: I221464f52bfce40b55344f995945836f80553579
CRs-Fixed: 2982502
NLO complete events were not received as
host is in runtime pm suspend state and thus
scan results were not sent to supplicant to
trigger re-connection. Add code to prevent
runtime pm suspend on receiving NLO match event
and resume Runtime PM on receiving NLO complete
event from firmware.
Change-Id: Iab91fb88fff3394ce5629be1eb6adc911a673b58
CRs-Fixed: 2954994
Fix the channel validity check for DS param IE in beacon or probe
response frames in scan.
Change-Id: I17132d3d406b2953ad31dc6ab40b0158e21bc5c4
CRs-Fixed: 2960334
Currently, host comapres HT Ie with htcap_cmn_ie
structure size but returns err in case ie len
is different from structure len which may break
the iteration and can lead to scan entry creation
failure.
Fix is not to break the loop and perform action
based on other Ie to avoid Ie parse failure which
leads to scan entry creation failure.
Change-Id: I93f0d67ae0f7ea8bb5dbeabc895b5c3d1ae43a73
CRs-Fixed: 2965729
Scan manager currently has two flags - scan_f_2ghz and scan_f_5ghz
for the requestor to specify which channel bands to scan.
Currently, these flags are not utilized by the scan manager to
control the channels selected as part of the scan request channel
list. As a result, specifying a particular band will not
limit the scan manager to scan only the mentioned band - instead
scanning all supported channels.
Add a check to use these flags to avoid channels from bands
which are not selected.
Change-Id: I86e17184b5bb67cbf951eee5d43a8f80a93718d6
CRs-Fixed: 2934215
For security cert TC, RSNIE length can be 1 but if the beacon is
dropped, old entry will remain in scan cache and cause cert TC
failure as connection with old entry with valid RSN IE will pass.
So instead of dropping the frame, do not store the RSN pointer so
that old entry is overwritten.
Change-Id: I2fe4d2dd2352be6850f7a18a2ec829733ded7ee8
CRs-Fixed: 2944120
Add new ini's for assoc active and passive dwell time
for 6g. These will be applied if STA is connected.
Change-Id: I680fbd3038968ecf6ff9920fff982456135bfd77
CRs-Fixed: 2941359
When obss scan is enabled, FW will trigger scan periodically by
a timer. If a scan was triggered, FW need to access host memory
for data transfer. Occasionally, suspend may happen during one
scan, then FW is unable to access host memory and fw will crash.
So disable the obss scan before suspend.
Change-Id: Ie507da929a3701473cb57888e96e702e34d4c95a
CRs-Fixed: 2927239
If MBSSID ie contains only header and no payload
then current logic can cause OOB read.
Added validation check for length of IE before
accessing MBSSID IE payload.
Change-Id: Id8b34e5f516f1a1c85bc7d93d9128cad29393e9d
CRs-Fixed: 2838631
Currently when updating the single pmk capability for an AP,
the driver only changes for the sae single pmk OUI advertised
by the AP and not the ini value. This causes the crypto entry
for the AP to be updated with single pmk flag to true even when
the ini is disabled.
So check the sae single pmk ini also to update the scan entry
as sae single pmk bss.
Change-Id: I2ae16c8da5af397b041723f9d5a3b2d8a6e7c986
CRs-Fixed: 2935440
The earlier logic for scanning non-inheritance IE fails if
non transmitted bssid profile has any extension element
such as MU EDCA before the extension element with
non-inheritance IE.
Since MU EDCA is also an extension element and it does not
have noninheritance element id in it, the logic used to fail
as the driver does not check further for any other extension
element ID in non transmitted bssid profile. Because of this
the IEs part of non-inheritance list used to get inherited,
causing disconnection issue.
With current fix, the scanning for non-inheritance IE has been
taken care properly. Driver will go through the non transmitted
bssid profile until it finds the extension element with
non-inheritance element ID in it.
Change-Id: Ib4346600a880a8390c6d023cf403ed18c62406d2
CRs-Fixed: 2935065
If multiple MBSSID beacons fail during scan entry generation,
it can lead to flooding of the console.
Rate limit this print to avoid scheduler timeouts.
CRs-Fixed: 2918649
Change-Id: I71ed2dafcedc7da4be130569776870a2bbb6b28f
Updated the EHT related variables as per latest fw cmn headers.
Address review comments from previous EHT gerrits.
Change-Id: I67cd58a4efcf3e06d2ca3b5570432593b1d80825
CRs-Fixed: 2902607
Add EHT capability and EHT operation IE definitions and supporting
functions to parse these IEs.
Change-Id: Ida6f8b29fb33a581d2f13584f92327162cfa1664
CRs-Fixed: 2858005
Currently util_is_noninh_ie is called based on WLAN_FEATURE_MBSSID,
but definition doesn't depend on WLAN_FEATURE_MBSSID which may
cause compilation issue.
Fix is to keep definition under WLAN_FEATURE_MBSSID feature flag
Change-Id: I409c367c98bf1fe06c1c3107348f4a469ebdbd07
CRs-Fixed: 2907601
If there is any non-inheritance element present as part of the
nontransmitted BSSID profile then while generating scan entry
for that profile, driver need not inherit those list of
element IDs and list of element ID extensions from the
transmitted BSSID profile.
Since non-inheritance element is an element ID extension, it
should be part of extension element. So the logic we use over
here is to find if there are any extension element present in
the nontransmitted BSSID profile. if yes, then only go ahead
with below logic or else go with the normal flow.
Logic:
Mark and store the start of the list of element IDs and
list of Element ID extension.
While generating the new ie for the non transmitted BSSID
profile, do not inherit the IEs present in the above
mentioned lists.
Change-Id: I466afa8273e841b6f7656b1dc59342bc2d4f13bc
CRs-Fixed: 2883389
If any nontransmitted BSSID profile is fragmented across
multiple MBSSID elements, then it is called split profile.
For a split profile to exist we need to have at least two
MBSSID elements as part of the RX beacon or probe response
Hence, first we need to identify the next MBSSID element
and check for the 5th bit from the starting of the next
MBSSID IE and if it does not have Nontransmitted BSSID
capability element, then it's a split profile case.
This change is responsible in accumulating the non
transmitted BSSID profile, fragmented across multiple
MBSSIDs, so that the scan entry will not miss any
information.
Change-Id: Ia78cc47d1ffd03ada659d257b83741e7ab921fa2
CRs-Fixed: 2883389
There is an API to get the scan aging time,
but there in no API to set the scan aging time
and can be configured through INI.
Add API to set the scan aging time run time.
CRs-Fixed: 2894428
Change-Id: Ide2b2eec780dd7ff07ebd783b0916a68c0e94a2c
Modify the length check to drop beacons which has
WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH IE length less than 3. This is to
accommodate the addition of fields to this IE in the future.
Change-Id: I8cba60b631022f4348cce90ae41a003964040ad1
CRs-Fixed: 2884249
During multiple BSSID scan ie parse, there is memory allocation
on new_ie variable of size 1024 which may create buffer overflow
in util_gen_new_ie() if ie length is greater than 1024.
As part of fix, allocate memory of size ie length in new_ie.
And also add check before copying to pos variable in
util_gen_new_ie().
Change-Id: I55e0819817b5a616684067170bf28a314a145fc2
CRs-Fixed: 2867353
Currently there is no mechanism in driver to decide whether
to consider the user configured number of sched scan plan or
to configure only 1 schad scan plan.
There is a requirement to configure only one sched scan plan,
add ini support to meet this requiremet.
Change-Id: Iea3bc3f18696837150ce6f4bd60416a8a45bd1d3
CRs-Fixed: 2868125
Add length check in scan beacon IE processing function for the below IEs to
avoid any possible memory corruption.
1. WLAN_ELEMID_COUNTRY
2. WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH
3. WLAN_ELEMID_VHT_TX_PWR_ENVLP
4. WLAN_EXTN_ELEMID_MAX_CHAN_SWITCH_TIME
Change-Id: I860bee8633849215d46c2dfe60a1a98d7c80f510
CRs-Fixed: 2873039
With the reception of MBSSIE beacon frame, host tries to
construct beacon frames for the non tx VAPs as well.
For which, it has to copy all the IEs from the
received beacon's IE except the MBSSID relevant element
IDs, by comparing the subelement data.
The memcpy that is being used in this case, does not check
the space availability in the target buffer which may lead
to random memory corruption. Hence, using safe memcpy to
avoid buffer overflow.
Change-Id: Ib0861d606dba7725077dd530dd15ebff59058cfd
CRs-Fixed: 2857436
During esp ie parse from beacon/probe response, the data pointer
is getting read from esp ie and it's not validate while updating
to esp params which may cause out of bound read issue.
Validate data pointer before updating to esp params.
Change-Id: I1167b82248613cc65fcd7c70cdcfe57595de6b21
CRs-Fixed: 2842234
During ie parse from beacon/probe response, the variable
tbtt_count and tbtt_length in util_scan_parse_rnr_ie() getting
read from ie and the value is not checked before using it which
may cause out of bound read issue
Validate tbtt_count and tbtt_length before using it
Change-Id: I51cfb2356fb16feda8a70c4b76c7f76c90b1393b
CRs-Fixed: 2836205
