The rx descriptor obtained using the cookie
can be NULL if the cookie is invalid. Hence
dereferencing the rx descriptor without any
validation can cause invalid address access.
Fix this by validating the rx descriptor
which has been obtained using the cookie from
the hal ring descriptor.
Change-Id: Ib584f0d8175b581d15b0e1c67d2f6ed9119ecbfc
CRs-Fixed: 2629254
Move dp monitor inline APIs to header file from dp_rx_mon_dest.c
to dp_rx_mon.h to use it in component dev
CRs-Fixed: 2626054
Change-Id: I3a31dacd7d7e817f144708f9bda5536808080864
Per flag detect_enable to enable/disable detecting
interop issues ap function in firmware.
Change-Id: I52617e3700a3c79fc5b72c53af6d4b8db5e97879
CRs-Fixed: 2602001
Auto BW computes new bandwidth for adjacent regulatory rules. But this
combined bandwidth can be more than the bandwidth allowed for a
particular reg-domain. So relax the check for combined BW for
adjacent regulatory rules.
Change-Id: I1486988c114f0348f7228b91aeadc5c027c6a510
CRs-Fixed: 2626165
spin lock is called without init while peer attach
move spin-lock init before get ref
Change-Id: Ibf21ac6a7b06c62f2e64a2d89154b21183b9c472
CRs-Fixed: 2628750
In current monitor status ring implementation,
on pdev_attach, (srng->num_entires – 1) entries
(to keep one entry slot between hp and tp)
are replenished and last entry is not replenished to HW.
With qcn9000 monitor mode HW enhancements, status and destination ring
can be made lock-stepped.
for qcn9000 lock step is achieved by making monitor status ring
follow the monitor destination reap for a PPDU
However in existing flow during attach monitor status replenish logic
do not fill last entry but is filled up during first subsequent reap.
for first ppdu, i.e. after reaping destination ring,
when status ring is reaped, as first entry (hp = srng->num_entires – 1)
in status ring is NULL, so lock-stepping is not achieved.
To address this issue for qcn9000 as well as HK:
a. Replenish last entry in monitor status ring during attach
b. Modify src srng peek API to peek it from hp+1 entry
c. Introduce new HAL API get cur desc and move next
CRs-Fixed: 2626049
Change-Id: I7da6cd6006243cbca2151da22a31a6f5ed0015f3
From upper layers the vendor specific control roam bitmap is
converted to unified enum roam_trigger reason. From this bitmap,
deriver the fw trigger reason bitmap at
convert_control_roam_trigger_reason_bitmap.
Depreciate the roam_control_trigger_reason enum.
Change-Id: I64ac273d88b696c32c5b72462454a8983774ef90
CRs-Fixed: 2631968
Peer key security type is set in cdp_set_pn_check,
this API is called in key install step, but only
update Ucast field even if in Mcast key install.
This may be set wrongly if Ucast and Mcast security
modes are different. Add a new API to set
security modes of differ key types separately.
This change should be reviewd in associate with
review #3036742
Change-Id: Ib9723416fbedbe3dce61224928d51ef203cf7068
CRs-Fixed: 2623114
Array strings of size 73 may use index value(s) 73..74
Adding dbg ids to strings same as wlan_objmgr_ref_dbgid
CRs-Fixed: 2632424
Change-Id: I8eac1c4f015d54c626c2e74891d8c86ccfb962e4
According to new changes in kernel 5.2 version onwards, kernel takes
care of validating the NLA policies as provided by the driver. In this
case there is no need to re-validate the same in the driver.
Add a stub to return true for NLA parse in case the kernel version is
greater than equal to 5.2
Change-Id: Iea1fdcac3000ede2f8b9398cb85443e545cdd3f0
CRs-Fixed: 2632534
According to new changes in kernel 5.2 version onwards, driver has to
provide the policy for each NL command to be verified against while
registering wiphy to the kernel.
To enable support for this, define a new macro VENDOR_NLA_POLICY_NESTED
taking care of the version compatibility.
Change-Id: I6aec53e94c57434f8e68b936ad5422248c3fa167
CRs-Fixed: 2632081
According to new changes in kernel 5.2 version onwards, driver has to
provide the policy for each NL command to be verified against while
registering wiphy to the kernel.
To enable support for this, define a new macro taking care of the version
compatibility.
Change-Id: I0bf7153d1889e5b31c07d6bf4c7a95f5e72dd93c
CRs-Fixed: 2632019
Currently, Genoa CE4 is using interrupt mode. Host will not require
IRQ base on current CE configuration and change below:
"Change-Id: Icabe68298737dc412949484f6d3fdcd8c05910d5", which cause
no IRQ handle of tx completion and source ring full, blocking
TX finally. To unblock TX, correct configuration of CE4.
At the meanwhile, this issue expose another problem that the polling
mode seems doesn't work. Will scope it on another thread.
Change-Id: I31eed8806b939a12503bb4ddd8b9dec85f3c3540
CRs-Fixed: 2602888
Fix array index overrun by changing index size
WLAN_MAX_ROAM_CANDIDATE_AP from 8 to 9 in a roam
scan API
Also, replace local macro WLAN_MAC_ADDR_SIZE with
global macro QDF_MAC_ADDR_SIZE to avoid issues in
future
Change-Id: Ib546d18e1d85e87064eb5b78c08168db583acf2d
CRs-Fixed: 2621600
So far, only MKK4 and FCC DFS domains supported Chirp RADAR. But with new
Japan regulation, JP country which is mapped to MKKN DFS domain should
also detect the MKK4 DFS domain's Chirp RADAR.
Add Chirp RADAR detection support for MKKN DFS domain.
Change-Id: Iafd952d70726c9a9b85e73607d4a23c5022b8a46
CRs-Fixed: 2630894
Macro ATH_11AC_TXCOMPACT is defined, so CE4 sending completion will
not free the related htt_htc packets. Currently it depends on
htt_soc->htt_htc_pkt_misclist to free them once this kind of htt_htc
is no longer sitting in CE4 source ring which means CE sending
completion is done already. misclist will free the old/tail of
htt_htc packets if there is > 256 htt_htc packet is pending in list,
but CE4 source ring has 2048 entries, for extreme case, if CE4 sending
is blocking and > 256 htt_htc packets is pending in CE4,
misclist will free the tail htt_htc packet, but later CE4 sending
completion is coming, invalid access to htt_htc packets will happen.
Enlarge misclist trim threshold > 2048 to ensure that when free
htt_htc packet in misclist, the htt_htc packets has done sending
completion already.
Change-Id: I2d86f68485b1d45a5ea4edb6b952f746700df54f
CRs-Fixed: 2609903
Move RCC specific debug statistics to Data path
to avoid allocating nbuf for the PPDUs for which
MAC has not sent a Freeze TLV. Instead just update the
debug statistics at an earlier point irrespective of
MAC sending Freeze to PHY, to gather below information:
Status of number of PPDUs being captured by PHY
Status of MAC sending freeze TLV for the PPDUs
Update freeze reason for the number of PPDUs received
Add support to clear debug statistics at user's will.
Change-Id: I8def3ce1f3ecc0b169030704db3fb1fb1c0a20ee
CRs-Fixed: 2609604
Intercept monitor destination path for NDPA frames,
use it to generate noack frames for tx capture.
Change-Id: Ia54196bd84729a7863954b6deec7e02b52f23556
CRs-Fixed: 2605672
For MCL side, WLAN_UMAC_MAX_PDEVS is always 1 from current design,
so it's wrong to use WLAN_UMAC_MAX_PDEVS define array dcs_pdev_priv,
since dcs_pdev_priv includes firmware indicated pdev dcs information,
define WLAN_DCS_MAX_PDEVS to 3 for dcs use, this will be compatible
for both MCL and WIN side.
Change-Id: I3bac35f561c49e9959645e85774662ff48d7903d
CRs-Fixed: 2627683
Currently when checking for duplicate peer, only the vdev
id on which peer is going to be created is checked and not
on other vdev ids. So correct it by iterating over all
vdev ids.
Change-Id: Ie05ecc125d3285a522021b630fc7244501b6a797
CRs-Fixed: 2629146
Extend radiotap header to append ACK status and tx retry count
for packets sent to virtual mon interface.
Change-Id: I51037ffd11dfdee49278d43643fb7861a514ee18
CRs-Fixed: 2627710
As softap, send assoc failure if HT supported client try to associate
as WEP/TKIP pairwise key.
Change-Id: Ie33e5d83ec18e10aae51a4cc3515f754bd24774e
CRs-Fixed: 2623660
Regulatory rules cannot have maximum bandwidth more than the
width of the rule. Fix this logic for six ghz regulatory rules.
Change-Id: Icbd4eb95d4de54acaef0aa635c293451ba4e1987
CRs-Fixed: 2620699
In the scenario where nbuf_map fails during packet
send in htc_issue_packets, restore_tx_packet done
as part of cleanup, does nbuf unmap even though map
failed.
Fix is to set the fixup_netbuf flag only if nbuf map
is successful.
Change-Id: I642eff15792a7e374434e5a7a05ad546af376b3a
CRs-Fixed: 2625765
Handle minidump logging using dynamic
configurablity options. Data structures
to be logged in minidump can be configured
using internal INI file.
Change-Id: I99f12b3f98c4a9c0e15c3e5d611019e6b8d0909a
For FILS pmksa cache, the pmksa add/del/query is based on SSID
and cache id. The current crypto pmksa cache API dosn't support
SSID and cache ID.
1. Add SSID/Cache ID support to pmksa API
2. Add RSN IE pmkid field based on SSID/cache ID
Change-Id: I1577c6293b75d6f8e6210f314dd83462e06d8190
CRs-Fixed: 2621860
Send new flag WMI_ROAM_OFFLOAD_FLAG_SAE_SAME_PMKID through
11i offload param to indicate fw whether WLAN_SAE_SINGLE_PMK
feature is enable or not.
If flag is set, fw should use single PMKID for SAE roaming
between VSIE AP(s), else fw should complete roaming by
doing full SAE authentication.
Change-Id: I9c88772c9571230c38e2cfa41c8a0c79663572ab
CRs-Fixed: 2616046
In a few scenarios, the number of reg rules can be 0. For example,
for a 2Ghz-only radio there are no 5Ghz reg rules. In such cases,
if we try to allocate memory (0 bytes) the allocation function prints
an error message. Also, the allocation is not required. Therefore, avoid
the allocation when the number of rules is zero.
Change-Id: Ic9caf578541970e9cf12cdde181f23762f137db8
CRs-Fixed: 2622109
Sometimes ack ba status tlv comes twice which cause ppdu desc to be hold
as waiting for some more tlv as mpdu ack ba tlv is not matching with
completion common tlv mpdu count.
Change-Id: Id946ecd53018ee7abe93aa6c5f62e69d41b750e8
There is memory leak in get_station_stats_cb:
priv->vdev_summary_stats, priv->vdev_chain_rssi,
priv->peer_adv_stats. But the “request” is not leaked,
that means the “.dealloc” should be called.
The suspect is the get_station_stats_cb was called two
times with same cookie (request) before the "request"
was freed, that caused the priv->vdev_summary_stats
and the others two member of "priv" were overwritten,
and then memory leaks.
From the cp stats components there are multiple places
to call ucfg_mc_cp_stats_reset_pending_req to reset the
unused pending.req(has a cookie) to zero. The zero
cookie may be used in again.
Change the ucfg_mc_cp_stats_reset_pending_req API to do
atomic operation of "reset" and "get" last pending
request.
Change-Id: I5efb7efec4da1edc0aab33b940dc126012a3f12e
CRs-Fixed: 2622444
PDEV was being obtained using lmac_id by directly indexing the
pdev_list array. Instead, we need to use dp_get_pdev_for_lmac_id.
Change-Id: I1c4a0f3df5db59390e17666a5f712c5412e22bb1
CRs-Fixed: 2627909
Since it support PCIe shadow register for QCN7605,
and these shadow register also falls below 512K,
which can be used for IPA write directly without
windowing. So don't use the temporary PCIE_PCIE_SCRATCH_2
for IPA GSI write now, insteadly, passing the correct shadow
register of copy engine 5 to IPA.
Change-Id: Ica3a502b96e98ee6c07c1032760b5dcb512957d8
Add doppler and spatial reuse in ppdu descriptor to be able to use it on
HE information for tx capture
Change-Id: Id87a692a89d00c64929624c22c2efc27bc873e43
This attribute enables/disables the host driver to send roam reason
information in the reassoc request to the AP in the same ESS.
Change-Id: Ie2606012c0487936dd0b436f0d6a75d2e115f4b4
CRs-Fixed: 2627261
If cds_dp_open fails during driver load time, cds_close is
called in clean up path. During cds_close, HTC cleanup happens
which makes target->hif_dev = NULL and in send_packet_completion
target->hif_dev is dereferenced without NULL check.
Add NULL check before dereferencing target->hif_dev during
send_packet_completion.
Change-Id: I236a083e194bf1f16d261e6334ac512c4f6bcd94
CRs-Fixed: 2625690
Add HIF changes for supporting the newly added USB bus type
for Genova.
FW team need athdiag tool to operate FW information. Host
driver need to pass the command and result between athdiag
tool and FW.
Change-Id: I6158a9f8c723a797d39beca09a913c7cb9e10025
CRs-Fixed: 2595515
Add change to increase vdev id bitmap size to the number of vdev ids
bitmap as sent by the FW to avoid memory overflow on host.
Change-Id: I92a2ae31cf0079c989b1788afc61e7f3153dc426
CRs-Fixed: 2626887
Maintain a history of the register writes which
have failed. The failure of register write is
determined by reading back the register after
writing a value to that register. If the read
value does not match the value which was written
then it is termed as a failed register write.
Change-Id: Ic3423c2cbd74bf498c0d3dd8ee7ce4231054541a
CRs-Fixed: 2624475
Fix compilation error in reg_country_opclass_freq_check
return false when HOST_OPCLASS is disabled.
Change-Id: Ib03e544311ae0a6c3496711f303ad17d490900ba
CRs-Fixed: 2624546
We are seeing a invalid memory access crash
in the dp_get_pdev_for_mac_id call from
dp_rx_process_invalid_peer, due to invalid mac id passed,
probably due to some stack correction.
We should instead use dp_get_pdev_for_lmac_id from
dp_rx_process_invalid_peer, where for invalid
mac id, we assert.
Change-Id: I0737132b5bbdd2fcbdb714d4643a69184ae3821e
CRs-Fixed: 2618432
There is possibility that DUT receives non-aggr frames
with non-aggr SN during BA setup during BA session
setup. SSN updates when ADDBA req is processed, should
also update REO SSN one more time when ADDBA resp sends
This will let REO to be able to receive frames in BA
session with new SN.
Change-Id: I4791bcd6f1ede90615c883d31426fcdecd50a631
CRs-Fixed: 2623505
