Avoid OOB read in dot11f_unpack_assoc_response API. Add check
for when nBuf == len to read another byte of pBufRemaining.
Change-Id: Iccdb0b268d16f4169b8b701ade6085d47897f785
CRs-Fixed: 3042293
In STA+STA case, if SSR happens, driver will clear the
no_of_active_sessions = 0 at the beginning of wlan shutdown
by policy_mgr_clear_concurrent_session_count.
In the shutdown process, one STA will be disconnected and
in the setting PCL of second STA, the no_of_active_sessions
will be decreased to 255 from 0
in policy_mgr_store_and_del_conn_info.
Fix by move the policy_mgr_clear_concurrent_session_count
to policy mgr enable/disable.
Change-Id: I70bcc60fe3030db71376a626d6f9625fe299417d
CRs-Fixed: 3063772
When a sta is being steered, sending a deauth may interrupt the
association/EAPOL handshake on the new BSS.
Do not kickout sta if it is being steered.
Change-Id: I15dd26bca27699087cdb790de8cb95281dade385
CRs-Fixed: 3042990
Add API to set/get ACL policy. Add API to add/delete ACL MAC.
Add API to kickout sta according to MAC.
Change-Id: I329501d4f0c929b6e7933a8e484b5d8493dbbabe
CRs-Fixed: 3042927
Currently, Driver is registering control port over NL feature. But
EAPOL packets are not sent over NL only incase of non-ML connection.
Because of this EAPOL packets are being dropped.
To avoid this, Send EAPOL packets over NL for non ML connection
in the above scenario.
Change-Id: Iabe4e9cf5934ffd28753f99fbef9c5bbce7224e8
CRs-Fixed: 3061152
Enable the below datapath MLO features in Kbuild
- DP_USE_REDUCED_PEER_ID_FIELD_WIDTH
The above feature reduces the width of peer_id from
peer_metadata, thereby reducing the size of the peer
object array.
Change-Id: I58533c241a40184129786f11a47f3722cf005a61
CRs-Fixed: 3059637
Check the existing two connection are in below comibation or not
GO + GO
GO + GC
GC + GC
GO + STA
GC + STA
If the existing two connection are in above combination and third
connection comes as GO or GC or STA then check whether firmware
supports p2p-p2p concurrency or not.
if firmware supports p2p-p2p concurrency and third connection is
GO or GC or STA then only allow the third connection as GO or GC
or STA otherwise do not allow third connection as GO or GC or STA
with above combination.
Change-Id: I0c2408232e84438dc5dd8d104b75fdee126aa31f
CRs-Fixed: 3043845
Currently, sta_info is allocated for MLD address but never freed. Add
logic to free the station info for MLD address too.
Change-Id: If957bb5e77e83f2bf272f2d4d58bd3ab8d5e19e0
CRs-fixed: 3059099
2 threads blocked to wait channel_switch_complete_evt for SAP channel
switch is already in progress, qdf_event_set only woke up 1st thread
later, 2nd thread still kept blocked with hold net_dev for debug id
NET_DEV_HOLD_COUNTRY_CHANGE_UPDATE_SAP, leak happened.
Change-Id: Iad296f68aeaefe5a6b88ad6bea95cc377b2ae515
CRs-Fixed: 3061960
Based on the new NCHO requirement, allow ADDROAMSCANFREQUENCIES to add
roam scan frequencies irrespective of the roam scan control value.
Change-Id: I5742f6d590e3ec51bfb294610ede05b1935a4790
CRs-Fixed: 3046763
From 5.11 kernel, nla_strlcpy() is renamed to nla_strscpy(), hence
handle it accordingly in WLAN driver by using newly created wrapper
API wlan_cfg80211_nla_strscpy().
Change-Id: I8303c107539ac0755f5403174cce4f65b79d591d
CRs-fixed: 3060053
In wlan_hdd_main.c file, there is no reference to any interface from
subsystem_restart.h, so remove it to avoid compilation errors since
subsystem_restart.h is no longer supported and the file is not present
latest msm-kalama kernel.
Change-Id: Id5858bf436a44f612bab15f341bf0dc8dafc90f2
CRs-fixed: 3060053
The log subtype field is not filled for the connecting fail
subtype logs. This causes WLAN_CONNECTING event to be sent
in case of connection failure also.
Fill the log subtype as WLAN_CONNECTING_FAIL for connection
failures.
Change-Id: I36d5c756274d77f562f1acfc1d75a79fcda210d9
CRs-Fixed: 3060642
Set PCL command was sent from CSR->LIM->WMA in
legacy implementation. With current flow set
pcl follows policy_mgr->WMA path.
So remove unused LIM set roam PCL code.
Change-Id: I300f901fbd62ebab14527f05d98528c108823cd0
CRs-Fixed: 3062176
In OSIF every north bound entry is protected via dsc. DSC op start/stop
takes a spinlock for every call into the driver, the framework
also searches through a osif vdev list for every into driver call.
In per-packet path this is operation of taking/releasing the spinlocks
and traversal of the linked lists is costly. To avoid this and
protect the DP operations against SSR/load unload define a new
atomic variable. Before SSR/driver unload wait for the DP op
also to complete.
Change-Id: I4e9061b9e6b454b20789f9d7d3b7e3955a9bfaa5
CRs-Fixed: 3060552
Host sends the EXT CAP IE based on the capability
coming from the supplicant in join request. But, after
roaming the cached join request will be freed. Therefore,
after roaming few capabilities sent by the userspace are
not saved and therefore lost in reassoc request.
Save the EXT CAP IE from the join request in the VDEV
and use the cached capability for sending Ext cap IE.
Change-Id: I71947388b4c6e9e56a5832557416d9b462de70e2
CRs-Fixed: 3038496
During components psoc open, if the Nth component psoc open fails,
then previous (N-1)th psoc's must be closed in reverse order as
part of error handling.
Change-Id: Id12a6c667b74b0ac17e45c2aa2451add18fbdae1
CRs-Fixed: 3061676
If ini gDisableDFSChSwitch=1 is set to setup dfs test mode,
should disable dfs nol function regardless sap operation
channel dfs or not, because sap's bonded channels may have
dfs channels if bandwidth is 160M.
Fix it by invoke wlan_mlme_check_chan_param_has_dfs().
Change-Id: If42c85a3dd1b83e495d7e6a556a6769c3e9e28b6
CRs-Fixed: 3038252
There is frequent output when get unexpected vendor specific action
frame. So, add this change and reduce the log level.
Change-Id: I9d832546a4436bdf7dd25cb00a7de5cce1295b31
CRs-Fixed: 3060750
Currently, target_if forwards the blacklist event to upper layers
even if there is no AP info present. This event can be dropped in
target_if to avoid accessing unallocated memory.
Change-Id: Icfaabb0a8e3304882979ffde7f5cd27fd4c8a067
CRs-Fixed: 3057424
In WPA3 SAE TX case, auth_algo, auth_type and auth_seq_num
are not filled to the connectivity logging.
In SAE RX case, the auth frames are not getting logged.
Fix connectivity logging to handle SAE RX and TX case
by adding the params mentiioned above.
Change-Id: I388dd154f9d80aaf51f45bb571139072c77bf782
CRs-Fixed: 3057861
Add support to send beacon miss disconnection logging event.
Fix the diag attribute end marker in the event table.
Change-Id: I11fc8859af383b69bcba42654fb3a2bc597fef83
CRs-Fixed: 3056266
Issue is, if the req->ssid_len is greater than 32 then
record->conn_info.ssid_len is limited to 32, but while copying the ssid to
the destination array, req->ssid_len is used, which may cause out of
bounds access.
Fix is to use destination array ssid length record->conn_info.ssid_len
Change-Id: I2a661b18fc1d27eec8b2f85877681fc1b782ad39
CRs-Fixed: 3059161
For resetting NOA, "P2P_SET_NOA 0 0 0" command will be
used. Since duration and interval are same, currently the
set will be rejected.
Handle the count 0 case and bypass the existing validation
for periodic NOA.
Change-Id: I5294d7bcdd70d9280e50167c961d2e9c525fca4c
CRs-Fixed: 3054252
Currently FASTREASSOC issues roam command to trigger fw process
LFR3 roaming. When roam event comes back, it deletes the old pe
session and creates a new one hence the bss desc info is lost.
Funtion lim_is_medium_time_valid could not get desc info and
cause addTS fail.
To resolve this issue, store the wmm info in the pe session if
it presents.
Change-Id: I6c7c79c96fed7384a686a1fa0f49069440096e90
CRs-Fixed: 3058801
Currently WMI_DBGLOG_TIME_STAMP_SYNC_CMDID command sent
every 1 sec causes RTPM collapse and inturn has power
impact. So to avoid this enable time of the day synchronization
only after connection/roaming.
Send WMI_DBGLOG_TIME_STAMP_SYNC_CMDID as part of RSO
start command.
Change-Id: Iee3cefe1318a6e5507a43cefb9666cc2a439fe06
CRs-Fixed: 3060762
This reverts commit I784e4b1735f4f217713f65c30092bac2ad6cb698.
Some AP reports HT20 in beacon frame but HT40 in assoc response
frame. FW roaming will decide BW HT40 based on assoc response.
In previous change host will decide BW based on assoc response
as FW does. But the issue is after roaming, the host will check
beacon for AP BW changing and then do vdev restart. But the vdev
restart may be rejected by FW if the FW roaming is still in
progress. To avoid the complication, revert the change.
The original issue will be fixed by validation the channel
segment by Ia41c51feca855cab54e908438c51a8d12075f864 to avoid
the kernel check channel failure and disconnect.
Change-Id: Ib170acb3588cf07bf666d446f5dde73de2d4705b
CRs-Fixed: 3061233
