Currently, in host driver, if ucfg_dp_init_tx_rx fails, it returns
error and this error is handled in hdd_init_nan_data_mode by
unregister the wext and detroying the vdev.
But wext unregister fails as it is waiting for rtnl_lock forever
which causes CPU to struck there.
To fix this, add rtnl held flag which will check rtln lock is
supported or not.
Change-Id: Ibc826ace63919979d743f6c8fcc26f1438d25274
CRs-Fixed: 3248716
Add assoc link bit in mlo_support_link_band to indicate supported band of
assoc link.
bit4: 2 GHz
bit5: 5 GHz
bit6: 6 GHz
Change-Id: I8fa156f43656ba91b8622ce12034ddad0bcf28a2
CRs-Fixed: 3250252
Currently In os_if_monitor_mode_configure API,
tb attribute is getting accessed before parsing
the data coming from userspace.
This is leading to illegal memory access.
Move tb attribute access after parsing userspace
data with API wlan_cfg80211_nla_parse.
Change-Id: Ia972ebb87e18ed82c6c3a2ff3ce2d10a4b9685b9
CRs-Fixed: 3241952
For the below GET driver command, print the value
before sending it to user space to enhance automation
tools:
1. GETDWELLTIME for 2 GHz, 5 GHz and 6 GHz channels
2. GETSCANCHANNELTIME
3. GETSCANHOMETIME
Change-Id: I8d090898828049107d4a00bbc3622665aa0e30ac
CRs-Fixed: 3247541
For 11BE mode, channel width information may be set in EHT
operation IE, and 11BE sta should populate its channel width
information in HE capabilities IE after extracting EHT operation IE.
Otherwise 11BE sta can't sends correct bandwidth information
to 11BE AP.
Change-Id: I08b4b61ad21017fde52d504f6d3e5c9b1e948950
CRs-Fixed: 3246725
AP/peer may send DELBA continuously in some error scenarios.
Host driver generates a dump of the frame in INFO level
and a log in ERROR level for each DELBA received. This
results in excessive logs to the kernel logging.
Rate limit the logs to avoid spamming kernel logs.
Change-Id: I94b11b76b862924672e06520b5bf2e731ec462df
CRs-Fixed: 3248606
Display control pipes info on WOW ack failure which helps to
debug issues when full debug history is not available.
Change-Id: I6a84aa01c07831b7109d0741337cae6ac0be2f44
CRs-Fixed: 3246284
Currently host does not check the return value of
hdd_process_peer_chain_rssi_req, returns success
on error case as well in __wlan_hdd_cfg80211_get_chain_rssi.
Also double conversion of qdf status to os_if status
is taking place which is giving wrong error status.
Remove extra status conversion and consider the return value
of hdd_process_peer_chain_rssi_req.
Change-Id: I387a36afe80eb4e7aa5bad746074d077b20de331
CRs-Fixed: 3245972
Add all members of csr_roamstart_bssparams structure to
parent structure and remove csr_roamstart_bssparams structure
Change-Id: Ifa9f38305e72de45776d6ead25a7053063792382
CRs-Fixed: 3247189
The AP rejects the FILS-IM association request with reason
"Invalid IE format". In the assoc request, two problems are
seen:
1. The RSN IE has a junk group management cipher suite.
2. FILS HLP container IE is fragmented, and the fragment
IE does not immediately follow the HLP container IE.
In the assoc request, the RSN IE encoded in the authentication
is unpacked and the PMKID is replaced with the pmkr1 name
derived at the end of FILS authentication. Currently, the
existing PMKID in the RSN IE is replaced only if the group
management cipher is present. In non-802.11w case, the new
PMKID is appended at the end of existing PMKID, and leads to
improper IE format.
To fix this, replace the existing PMKID whenever PMKID is
present.
To fix invalid HLP container IE format, encode the HLP
container and its fragment IEs together in the assoc request.
Also, inorder to get the pmksa match from the crypto table for
a FT-FILS, fill both ssid and cache ID. Without cache id, the
cached entry is not updated with MDIE.
Change-Id: I654b5527a726eb7872b90fb19a3d97623f3caa68
CRs-Fixed: 3233081
Currently for big data stats, driver stores correct rssi
value in cache_conn_info. But since vdev is in disconnected
state and unified_ll_stats_get_sta command is queried periodically
for every 3 seconds, firmware will now return 0 as a new rssi value.
The correct rssi value which is stored in cache_conn_info now
gets overwritten in hdd_lost_link_cp_stats_info_cb.
To avoid this issue, do not overwrite the rssi value for
big data stats if the rssi value returned by firmware is 0.
Change-Id: Iee0dba113d6ed684c00230a2714744191bcd0f7f
CRs-Fixed: 3248245
Correct description of ratemask_set ini for VHT mode
to avoid wrong configuration.
Change-Id: I91b887d8268f8faa0d0c32f90da032d00eaa14f2
CRs-Fixed: 3198950
In ath_pktlog_hdr, uint32_t type_specific_data member is
required for the framework while parsing with structure
type wh_pktlog_hdr_v2_t and without this member leads to
crash in userspace.
wifi hal expects "status" variable which is inside struct
packet_dump to be of "tx_pkt_fate" enum and any value
other than this will cause a tombstone crash.
As sizeof (struct ath_pktlog_hdr) is different in driver
and wifi hal, if PKTLOG_HAS_SPECIFIC_DATA is not enabled
then "status" is not decoded at correct offset which
causes the crash
So, feature flag PKTLOG_HAS_SPECIFIC_DATA is made available
globally to avoid crashes in userspace.
Change-Id: Ie6aca4bbcb5795595945cc4470162ab32c9c6734
CRs-Fixed: 3241071
In target_if_get_roam_vendor_control_param_event_handler,
there are 2 possible NULL pointer dereference issues:
1. Host calls target_if_get_psoc_from_scn_hdl API to get
psoc object. But as per current logic even if psoc is
NULL, psoc is dereferenced by passing it as an argument
to get_wmi_unified_hdl_from_psoc.
2. Host calls get_wmi_unified_hdl_from_psoc API to get
wmi_handle pointer. But as per current logic even if
wmi_handle is NULL, wmi_handle is dereferenced by
passing is as an argument 1 to function
wmi_extract_roam_vendor_control_param_event.
Fix is to update the sanity check logic for psoc and
wmi_handle pointers to avoid possible NULL pointer
dereference.
Change-Id: I3c3df062b538b05218e729d7bf6806e221073269
CRs-Fixed: 3242435
Restrict BW for TDLS when connection is made
in 2.4 GHz to that of AP.
Also, restrict the BW if the TDLS connection
is made in DFS channel.
Change-Id: Ida8693837b4b8e11a706b5b9fa482399630d2beb
CRs-Fixed: 3246100
Currently host driver does not validate bw in lim parse tpe ie
api before it gets next higher bw, there is a possiblity
that this bw becomes invalid and driver ends up with out of bound
access for get higher bw array.
In current scenario when host driver tries to start vdev on
frequency 5640 for country US and executes this API for frequency
5640, at the same time country is changed to CN and this frequency
becomes invalid. so in the execution of this API host driver gets
invalid bw from reg set param and ends up with out of bound access
for get higher bw array.
To address above issue, add a check to validate bw before driver
acceses get higher bw array.
Change-Id: I335057f75f67408275003b3fd7830c740eead301
CRs-Fixed: 3239465
- Validate and process the ML probe response
- Drop the beacon frame if ml probe sent flag is true
Change-Id: Id55cd381bab334628650e19e74044ca102f65dbc
CRs-Fixed: 3237674
Currently, phy_mode AUTO is not considered for candidate scoring
config if the platform doesn't support 11BE currently. This is
added as part of 11BE changes and the mode is considered fine
before the change I7f35379b94dcb64dec0da463b95967125dc7fd14.
This doesn't seem to be intentional.
So, consider phy_mode AUTO also for legacy platforms.
Change-Id: Id2eaa8208f5bf5a875e1e72a2117a24b070e6e6b
CRs-Fixed: 3242455
check memory size in dp_prealloc_get_context_memory, if memory size
needed > pre-allocated, then fall back to dynamic memory allocation.
Change-Id: I2727feef066046b54dff9206a1f6699ef4455fe8
CRs-Fixed: 3222594
Currently host driver deletes NDI interfaces using
vendor command. With the kernel 5.12 version onwards,
interface deletion is not allowed using vendor commands
as it leads to deadlock when driver tries to acquire
the RTNL_LOCK at the time of netdev register/unregister.
With this change, support both del_virtual intf and ndi
delete vendor cmd to stop and deinit adapter.
Now, with NDI delete vendor subcmd, NDI is down as stop adapter
and deinit adapter is executed and del virtual intf will clean
up(stop, deint and close) the adapter.
Since ndi delete vendor cmd already comes with the rtnl lock
and driver does not need to take the rtnl lock again
which will help to avoid the above issue.
Change-Id: I0fe69b1648dc76b902b8eea1fc4aef695d1bd152
CRs-Fixed: 3170293
After channel switches to new channel, STA sends sa query request to
AP/SAP device. SAP process sa query request and if OCI is invalid in
that sa query, then it sends deauth to STA on new channel.
Change-Id: I52a5dcaf2e0826d3bd899d7f52f02400927c4ae6
CRs-Fixed: 3227530
Wrong value of Roam reason and sub-reason code is sent to
userspace via diag logging.
Convert the value of reason and sub-reason code to qca
specific code before sending it to userspace
Change-Id: Iebdc5f8673e2da6a208a89caca9a742202256bcc
CRs-Fixed: 3236178
Currently a userspace request to enable NS offload dynamically
gets rejected if the offloads are in disabled state.
After this change, when a request to enable or disable of NS offloads
is received in the host and if the trigger type is to dynamically update
the NS offloads, then update the dynamic offload configuations and inform
the FW.
Change-Id: Ifb4a1d37b5f2e6c89d043b00f9cc0aaf426d870e
CRs-Fixed: 3237980
Add following host fixes related to EMLSR association.
1) Use phy cap get macro to extract EMLSR hw mode id.
2) Add logic to send EMLSR cap flag during vdev start.
3) Add logic to copy EML caps from assoc link common
info subfield to MLO peer assoc struct in order to
share EML caps to FW on both links via peer assoc.
4) Add checks to update EMLSR cap flag only if both
STA and AP support and advertise EMLSR mode.
5) Send EMLMR support flag along with EMLSR support
flag to FW as part of vdev set IE cmd for roaming
scenarios. Also, update common info length when EML
caps are present.
Change-Id: Ied2570d498a43adadd93899d4fdbe023d320676b
CRs-Fixed: 3235059
When intolerant STA connects to SAP, the forty MHz intolerant bit
will be set to 1 in assoc request frame.
So when supplicant triggers to change the channel width, the
secondary channel offset or supported channel width ie in HT info
field of beacon should be 0 instead of 1.
As part of fix, copy sec_ch_offset from start_bss_config
structure and store it to cbmode of csr session during bss
start. So whenever channel width change request comes, this
cbmode will have non zero value and it will set the secondary
channel offset as 0 internally.
Change-Id: Iaa5461ef7d72e9bdf942dd0faab7c0409611ca7e
CRs-Fixed: 3245288
If SAP is initially started on 40 MHz bandwidth, keep using it.
But still keep the old logic 20 MHz for internal CSA for SAP.
This is to fix the SAP can't bring up on 2.4 GHz 40 MHz bw if SAP
OBSS scan disabled and configured as HT40 in hostapd conf.
Change-Id: Ib01be7fe594130f1eee35e3bfb773b1e913ec9c1
CRs-Fixed: 3234564
