Use proper format specifiers in dp_print_tso_stats,
also dp_tx_dump_tx_desc type cast variable as per
format specified to fix compilation issues.
Change-Id: Ic901144b15fb3a163eed6ad29400d0e3e668b4c6
CRs-Fixed: 3849167
If MLO peer attach fails for MLO VDEV, handle the failure and
remove the object manager peer and continue for next candidate
incase of initial connection.
Change-Id: Iba374f9b930db07bde84cea1cb18d36a0960c5b7
CRs-Fixed: 3844761
Below errors are observed with LTS 6.6.17:
htc_recv.c:49:4: error: 'snprintf' will always be truncated; specified \
size is 2, but format string expands to at least 5
[-Werror,-Wfortify-source].
htc_recv.c:58:3: error: 'snprintf' will always be truncated; specified \
size is 2, but format string expands to at least 5
[-Werror,-Wfortify-source].
Here, the compilation error is because the 2nd argument to snprintf is
using sizeof(byteOffset) which evaluates to 2 and the size of the buffer
we are writing to is 10 and when the format string content expands to
atleast 5 characters, only 2 characters are written to the output string.
Fix is to use size of the buffer we are writing to as the
snprintf 2nd argument.
CRs-Fixed: 3763920
Change-Id: I156260d26df643cd68b2e5d7fb7bf5d95f8026b2
Add APIs and callbacks to OSIF from CNX manager to notify
on assoc VDEV connect request becomes active in serialization.
Change-Id: Ica59c25199e0f09fc86b7311ae16d22f66af3b0c
CRs-Fixed: 3835003
Possible OOB Access array 'endpoint' of size '9' while calling
'log_packet_info' in below APIs:
get_htc_send_packets_credit_based()
get_htc_send_packets()
INT_MAX may be used to access array 'hif_ext_group->os_irq' of
size 16 in function hif_ipci_irq_set_affinity_hint().
Fix is to add index range check before accessing those arrays.
Change-Id: Iab40fe816d8dfcf1ffbf05987b11378ef0fe2572
CRs-Fixed: 3779968
Currently, when monitor interface is going down, buffer ring filters
are not being reset.
To fix this, set mv_dev to NULL after filter reset.
Change-Id: I7555acd6b4a54a362e36a43a970ab1c75e3c24c8
CRs-Fixed: 3841235
When roamed from MLO to SLO, clean up vdev1 link, and disable RSO,
but RSO isn't re-enabled when disconnect completed for vdev0 link in
same MLD existed, can't roam until next reconnect.
To fix it, When roamed from MLO to SLO, clean up vdev1 link, don't
disable RSO since it's internal disconnect, no wmi like vdev stop is
sent to F/W too, vdev1 is stopped by F/W already.
Change-Id: Ib83b15352e91cb8ef73fd42bc9a5e1c6181f4ea9
CRs-Fixed: 3844460
RSO stop isn't sent to F/W before link vdev stop when MLO
disconnect, F/W will assert later
To fix it, Send RSO stop to assoc vdev before link vdev stop when MLO
disconnect.
RSO stop for internal link cleanup has no side effect, only RSO disable
clears the RCL in firmware.
Change-Id: Id11da42ebebf0d9966974cc913cf6618cea0cfbb
CRs-Fixed: 3835214
Add logic to stitch MPDU from MSDU and
hold MPDU till PPDU_END tlv to update radiotap
header fields before submitting to stack for
local packet capture mode.
CRs-Fixed: 3821723
Change-Id: I7ac8127c1c0abfc747f37139c741dc69fb79a2a4
As part of disconnect driver clears copied connect request params
in sta_ctx. If driver receives connect request while already
connected, then an internal disconnect is triggered which will
clear the copied connect request params from the connect request.
Once this internal disconnect completes, connection on assoc link
will start with connect request params from the connection manager
request and has all the connect params saved. However on starting
partner link connect, driver relies on connect request params copied
to sta_ctx at the start of connect, which gets cleared in internal
disconnect this will result in not having proper IEs for connect
and crypto params from that partner link will be invalid.
Before start of partner link connect, check if the sta_ctx
connect request params are valid. If not, fetch the connect req
params from assoc VDEV's connect request.
Change-Id: I6b1288320425a3d3be841f47cf027142ca27334f
CRs-Fixed: 3830536
Allocate memory and copy scan and assoc IEs from the current
active connect request command in cm_get_active_connect_req_param().
Change-Id: Ia3567fb81a28f30ce4cd6fd3441c66d0756a976f
CRs-Fixed: 3833104
Driver calls this function "util_get_ml_bv_partner_link_info"
frequently during scanning and this function can logs the debug
prints frequently which can lead to crash due to excessive logging.
So, to avoid this, rate limit the logs in the function
"util_get_ml_bv_partner_link_info".
Change-Id: Iec778980aa2ce7aa1609622b90d64e784b2e7b1b
CRs-Fixed: 3753074
For MLO link vdev, during HO failure the disconnect sequence
is not completed resulting in disconnect command timeout.
Proceed to complete the disconnect sequence if RSO stop is
not sent in case of HO failure disconnect handling of the
MLO link vdev.
CRs-Fixed: 3825174
Change-Id: I5e7984928a8d175ae13e344dd442d868a0171e2d
RSO stop is skipped if disconnect reason is
REASON_FW_TRIGGERED_ROAM_FAILURE. It was done to avoid RSO stop
command for internal disconnect. But for HO failure also
same reason code is used with different source value.
In HO failure case firmware expects RSO stop and
roam deinit. Disconnect should continue after RSO stop response
is received.
Send RSO stop during HO failure disconnect.
CRs-Fixed: 3756884
Change-Id: Ia0300f3cf9f260c894a98845447885f62a67c8c3
If 3 SAP virtual iface are created first, then up, 3 MLD is
created during 3 vdev created, but 3rd failed to added to
g_mlo_ctx->ml_dev_list for WLAN_UMAC_MLO_MAX_DEV limit, when the vdev
deleted, assert will happen when remove MLD from g_mlo_ctx->ml_dev_list.
To fix it, check MLD num before create new MLD, if reached MAX num,
return failed.
Change-Id: I88f6cca802e4bf53548aee67cb0dca09df23a94d
CRs-Fixed: 3799142
Issue is: Supplicant initiated abort scan, but host fails
to abort it.
Host assigns unique scan cmd_id across vdevs for the pdev
and all vdevs uses same pdev serialization command queue
to enqueue and deque start or cancel scan command.
While processing cancel scan request, host uses unique
cmd_id of scan request to iterated among pdev serialization
cmd queue and if cmd_id is matched then that command id gets
flushed.
Currently host uses command id as well as vdev to cancel
scan request from pdev serialization command queue this may
results in cancel scan request failure as passing vdev is
not mandatory here. Command id match is sufficient to delete
scan command from pdev serialization command queue.
Fix is to use only unique scan cmd_id to cancel scan request
from pdev serialization command queue.
CRs-Fixed: 3824149
Change-Id: I76668defb465bfad42704df289608da1c9dc7c40
Host driver opens adapter with ML-support having 2 vdevs and
1 MLD self peer. Now, during runtime, the country changes to
a non-11be supported region. This is followed by a set mac
address request from userspace, but since the EHT support
is disabled due to country change, the driver tries to lookup
the self peer using link mac address. But, since the peer is
created using MLD mac, the set mac address fails leading to
issues with DP-peer creation during connection.
To fix this, remove the EHT capability check from the adapter
routine and look up the peers and mac address only based on
the ML adapter configuration.
Change-Id: I104e348445944cce128a6918d3fbd119ba9488dc
CRs-Fixed: 3805214
Reap more entries from error ring if the number of
available entries are less than half of the ring entries.
Change-Id: I742f97e41c0e392f1e50bbd95ab625bd6168a8e5
CRs-Fixed: 3749873
Currently as part of TDLS connection if TLDS connection is formed
on secondary vdev, osif_vdev of secondary vdev is updated with
osif_vdev of primary vdev.
Due to osif_vdev update, during vdev delete 1st vdev will call
API to free osif_vdev. When 2nd vdev try to access the osif_vdev
it will result in invalid pointer access.
As current change was done to handle case where osif_vdev
for MLO connection used to point to 2 different interfaces
and where secondary interface used to point to NULL/dummy netdev.
As per latest change osif_vdev will point to per vdev dp_link
which for MLO connection will have single interface. So osif_vdev
update is not required anymore.
So, to fix invalid/stale pointer issue remove osif_vdev update for
TDLS connection.
CRs-Fixed: 3814466
Change-Id: Icac13d88411ca572c9d5823a6bd2d3d5b1ba632f
Initiate disconnect if VDEV repurpose fails for any reason
and the VDEV moves to disconnected state (not connected).
Change-Id: Ie6421f2430fc109b4f10c22f98c3dbf3909bb103
CRs-Fixed: 3797171
first_msdu_payload is updated for every WIFIRX_HEADER_E
TLV received in the status nbuf and this could result
in incorrect offset into the nbuf for the first MSDU
if the PPDU has multiple MPDUs. Also, the size variable
used is 8 bit for the calculation of offset into the nbuf
for the frame which could result in possible overflow.
Fix is to update first_msdu_payload only for the first
WIFIRX_HEADER_E TLV entry for a PPDU and increase the
width of size variable to avoid possible integer overflow.
Change-Id: Ic12cb11328fc1414bd7a68fa941fa0ef764c8b1f
CRs-Fixed: 3788496
Register TTLM notify API()
wlan_mlo_t2lm_register_link_update_notify_handler()
only for WIN.
For MCC, call wlan_register_t2lm_link_update_notify_handler()
to register the MCC handlers to receive link update
notification.
CRs-Fixed: 3764848
Change-Id: Iadf06a0879213d84753f2114b6c5fd4cfa1b8618
In dp_rx_buffers_lt_replenish_simple pass desc_list
and tail pointers correctly to dp_rx_buffers_replenish.
To avoid NULL pointer dereference of desc_list
Change-Id: Ic94c93ddf7ef6343afafc78a70d5634c70fa8bc4
CRs-Fixed: 3665302
If host founds below all conditions are true:
1. Connected AP sends CCX IE in beacon/probe response
2. single PMK feature enabled via ini
"sae_single_pmk_feature_enabled"
3. And current connection is SAE with AKM type
WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY or
WLAN_CRYPTO_KEY_MGMT_SAE
Then host should mark connected AP supports
"single PMK feature" and update same to FW via RSO
command.
Change-Id: I696da4d2ca929e72ee5cff087a1411b492b03ce3
CRs-Fixed: 3803070
When fragment buffer received in REO2SW, MSDU length only valid
in the last fragment, need to copy that value to first fragment
for following process.
Change-Id: Ib3fbc07b11662fc161402befbb8396519fcebd33
CRs-Fixed: 3790059
Currently bool values are not initialized and results
in unexpected values for bool variables,
Hence this change is to initialize structure to NULL
before use.
Change-Id: I096ca0d3cb86083c2f57abaa429535ff76154fbd
CRs-Fixed: 3800969
In the case of of 5 GHz + non-tx 6 GHz MLO connection, the scan entry
generated from the ML-probe might not carry MBSSID information of the
non-tx partner. The RNR of the assoc link will also not be inherited.
Therefore, the mbssid info is not generated for this non-tx 6 GHz scan
entry. In such cases, if there is a vdev restart, host driver sends zero
mac address in trans bssid, leading to issues with connection.
To fix this:
1. Look up the RNR db for the 6 GHz link, and determine if the bss param
corresponding to the bssid is non-tx MBSSID.
2. If it is a non-tx MBSSID and there is no mbssid info in the scan cache,
then configure the tx-bssid as broadcast mac.
3. This allows the firmware to auto-detect the tx bssid from the upcoming
beacons.
4. Also, save the neighbor entries from the beacon/probes received from
the firmware during roam sync and other events to facilitate the look-up.
5. If there is no existing entry for the roamed non-tx link, then caching
the neighbor info from the assoc partner link would store the valid entry
into the rnr db.
Change-Id: I2c16ed1428b578efaeed98daca08b722b0d40a05
CRs-Fixed: 3784879
In util_scan_find_noninheritance_ie API,
ies[ELEM_ID_EXTN_POS] may lead to OOB access if
len==MIN_IE_LEN.
util_parse_noninheritance_list may lead to OOB
read access extn_elem[ELEM_ID_LIST_LEN_POS]
Fix is to add length checks and add sub_copy and length
subie_len checks before accessing extn_elem to avoid any
OOB read.
Change-Id: I7758c6e4d8d568a5050011603b48a23e0b11da94
CRs-Fixed: 3717569
Move the peer transition history infra under
WLAN_FEATURE_11BE_MLO_ADV_FEATURE flag to enable the changes
by default
Change-Id: I8b0e07fb045b1e383af4b4144e31e8b709a8c83d
CRs-Fixed: 3802485
After roaming update scan mlme bss info and update AP
channel info MLO mgr API are not called. This causes the
wrong channel width to be updated in the get_channel
command leading to disconnect.
Update standby link vdev scan entry state after roaming and
refactor the scan mlme info updation logic in a new API.
CRs-Fixed: 3753587
Change-Id: I5bcd4c807f6e23b5d604eec1158c21ccb4f29b58
In util_gen_new_ie, there are several possible out-of-bound reads
with invalid information elements such as improper/missing check when
updating tmp_old, missing check prior to starting while loop and missing
length check.
To fix these OOB issues add and improve length checks in util_gen_new_ie.
Change-Id: I39b9cd82ab6a7bd1a4c8d7cd5039a998a290b85f
CRs-Fixed: 3717568
add a condition to check for rx_user_status to see
if its NULL or not. in 2.0 platforms it comes always as valid
for 1.0 platforms it could vary.
In case of rx_user_status is NULL then user rx_status instead.
for when rx_user_status is valid then 'or' both values.
Change-Id: I9e87d3b3592741a24ef2ef229bf7d4cdbdb871a3
CRs-Fixed: 3755942
add missing values for rx_status and rx_user_status
values are for both HE and EHT data as well as usig.
CRs-Fixed: 3734450
Change-Id: I1bfd1a3021e11c4b5f2c07f324273bb778bf5c0f
MLO manager will change the VDEV MLO flags on start of VDEV repurpose
and need to reset the flags on end of VDEV repurpose. Currently MLO
manager callback is not called after end of VDEV repurpose and flags
are not reset.
Always call MLO manager to reset the flags on VDEV repurpose completion.
Change-Id: Ie2d323888a01e4f19c439619b5ed267e43f0ce0c
CRs-Fixed: 3798911
Currently OOM work counter is incremented when schedule_work
is called and counter is decremented when work is scheduled.
But there is possibility of OOM schedule_work is getting called
from tasklet context and worker thread context and resulting
only one time work execution but active work counter being
incremented twice. This scenario may result in OOM work going
out of sync and preventing suspend usecase.
Avoid this by incrementing the OOM active work count only when
work is getting added to global work queue and corresponding count
will be decremented when work handler gets executed.
Change-Id: Ie02d5b9c821327337a1b822c81c51878af522832
CRs-Fixed: 3787873
ACK frame captured via TXMON as part of LPC has incorrect
RA field populated using addr2 from TLVs. This is resulting
in the TX ACK frame to be misinterpreted as RX ACK frame.
Fix is to use addr1 from TLVs to populate RA for TX ACK
frames.
Change-Id: I23022c5cbabafc7025abef9ef2e9e2370750dad7
CRs-Fixed: 3787647
Introduce an attribute QCA_WLAN_VENDOR_ATTR_CONFIG_KEEP_ALIVE_INTERVAL
in QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure
station's keep-alive interval to the driver/firmware. This can be used
to resolve kickout issues from APs which kick out STAs before the BSS
maximum idle period expires.
Change-Id: I80c743d5a10b559a2ec027a1098ff55fc450007b
CRs-Fixed: 3795409
Currently, CE history captures 1024 events. Addition of CE-1 events
to the CE history increased the memory requirement on perf builds by
56KB. Reducing CE history size to 768 will offset the memory
increase and also captures sufficient logs for issue debugging.
Change-Id: I411d8ba7422d0039ad7e2ab01c159c36aa68dc41
CRs-Fixed: 3781894
VDEV repurpose is in progress when NB disconnect is received.
Driver will change the state of CM to IDLE_DUE_TO_LINK_SWITCH
on disconnect complete due to VDEV repurpose. When the NB disconnect
gets active, instead of dropping the disconnect, queues a new
disconnect to do necessary cleanup and notify kernel if it is on
assoc VDEV. Here before VDEV repurpose disconnect moves the CM-SM
to IDLE_DUE_TO_LINK_SWITCH, the NB disconnect command gets active
and drops the disconnect request and finally the CM-SM moves to
IDLE_DUE_TO_LINK_SWITCH.
Supplicant sends new connect request and driver while handling this
sees the CM state as IDLE_DUE_TO_LINK_SWITCH and moves the SM to
connected to force trigger disconnect and later handle the connect.
This forced disconnect has cleared the VDEV-MLO flag on disconnect
complete but by the time peer create request is filled, this MLO-VDEV
flag is set so ML peer is created but during VDEV start MLO flag is not
set, so FW assertion failed while sending peer assoc indication with
MLO flag set.
Issue gets unflods when handling NB disconnect where the state of
CM is not set to IDLE_DUE_TO_LINK_SWITCH. So first set the CM-SM
before calling the disconnect complete handler.
Change-Id: Ieed1a1ace8ca18670c51d177d172243fc754b617
CRs-Fixed: 3784659
Add proper cinfo length check to fix heap buffer overflow issue
while generating link specific (re)association request/response,
as well as in the API for getting per-STA partner link information.
Change-Id: Ida561790bb745d6861a3a07b9db09b5b24443a6a
CRs-Fixed: 3699767
