Currently the driver includes all the DFS channels as part of scan
in the scan list, and thus not exclude the DFS channels in the first
scan for faster scan.
Fix is to check the ini, for first DFS channel scan, and then remove
the DFS channels from the scan list if the ini is enabled.
Change-Id: I43d5c87676d4e66706da3cc0029c60559b70d179
CRs-Fixed: 2378805
Array mcs_count is of size 13 and the
macro MCS_MAX is 13
mcs_count array should be access only
till 12, hence change the comparison
from <= MCS_MAX to < MCS_MAX
Change-Id: Ieab9a8d1f2a06ff31fa79a062bfcbf96f298f0a1
The rx_pending flag is never set to 0 if the check for
TARGET_REGISTER_ACCESS_ALLOWED(scn) is failed when target is
not reachable. Since, the rx_pending flag is not set to 0,
ce_check_rx_pending(CE_state) check inside ce_tasklet() will
be true and tasklet gets rescheduled again and again.
Reset the rx_pending flag before TARGET_REGISTER_ACCESS_ALLOWED(scn)
check in ce_per_engine_service() to avoid continuous scheduling of
tasklet when check for TARGET_REGISTER_ACCESS_ALLOWED(scn) fails.
Change-Id: Ib9268e6cf2bdcd0ed0bf84934e9370bcef1cdbab
CRs-Fixed: 2375307
There are other places where txLookupQueue is protected
with htc_lock instead of lookup_queue_lock.
Change-Id: I91497ce4593a14033871d3e8c3a97deab222d365
For non-NSS platform, update no of rx packets being
sent from wifi driver to network stack in case of
vow traffic.
Change-Id: If16a5b9c37a16374d4217369b1f02360c62155a9
CRs-Fixed: 2371429
If two threads T1 and T2 are trying to stop the serialization timer,
both can get the timer while holding lock. Timer cmd pointer is set
to NULL after releasing lock.
Now if a third thread T3 is trying to start the timer at same time,
it may get the timer as soon as T1 make cmd NULL and adds its cmd
pointer to the timer in the list.
But T2, which was also trying to stop the timer can stop the timer
and set cmd back to NULL again. Thus T3 will not have the timer in
the timer list.
Now when driver try to abort/flush the command it will not find the
timer and In case timer is not found the command is not freed, leading
to vdev ref leak.
To fix this stop and update the timer while holding lock.
Change-Id: I363a4d36181328be310c7c980c981302501a9453
CRs-Fixed: 2376733
In wlan_cfg80211_scan the number of ssid, ssid length and number of
channels are not checked for max size of array and thus can lead to
Out of bound access of memories.
Fix is to add bound check before copying the params.
Change-Id: Ie6d4e546fb9c884d5988493b611ef7b217f0a95c
CRs-Fixed: 2375217
In extract_hal_reg_cap_tlv(), hal_reg_capabilities
can be optionally defined. This field can be NULL
resulting in a NULL pointer read. Add NULL pointer
check before qdf_memory_call().
Change-Id: I142bed65e80aa9b4bb88a4e68f74235dd50e3624
CRs-Fixed: 2368284
Initialize drop_bcn_on_chan_mismatch from INI
(CFG_DROP_BCN_ON_CHANNEL_MISMATCH) default value
Change-Id: I55c28aa5656ce6befe9cd3477ab0b14c99641cea
CRs-Fixed: 2375199
Currently, beacon or probe responses are dropped by the scan module
if the rates IE does not present. But, some AP's in 11n mode does not
add the rates IE.
So, it is not mandatory to have the rates IE in the beacon or probe
response.
Change-Id: Id57b2216c012d117cca1a3a2dbce9825d58b67c3
CRs-Fixed: 2376710
Per the Linux coding style both mixed-case names and so-called
Hungarian notation are frowned upon, so rename local variable
ptspecIE in send_set_ric_req_cmd_tlv() to align with the coding
style.
Note that there are other instances of mixed-case names in this
function, but these are global in scope and will need to be cleaned up
in a global effort.
Change-Id: I10780e2f751d1a1ed8f14a5ee4890794f498ec0b
CRs-Fixed: 2374719
Logs of the Spectral WMI interaction prints are under
OL_SPECTRAL_DEBUG_CONFIG_INTERACTIONS macro and is disabled by default.
As the WMI logs are already controllable at runtime from qdf_cv_lvl,
there is no need for OL_SPECTRAL_DEBUG_CONFIG_INTERACTIONS anymore.
Change-Id: I3b89192de4deb420d853631064c20add894fb1e3
CRs-Fixed: 2369846
When unit test command "iwpriv wlan0 wlan_suspend 0 0" is issued on
SAP-DUT (given that one REF-STA is connected), FW would go in WOW-D0
state. In this state, when HW receives the pkt from peer (REF-STA), it
generates MSI (REO-interrupt) and host process this pkt but it doesn't
wake-up the FW. Due to this situation, no TX is happening on SAP after
issueing wlan_suspend command.
This situation only happens when iwpriv command issued as this command
would be fool the FW by notifying that APSS is in power-down state but
actually it is not in active state. When APSS is really in power-down
state then up-on receiption of any RX pkt would wake-up the APSS and
this waking-up process would wake-up FW as well.
Fix this situation by sending explicit FW wake-up event.
CRs-Fixed: 2325860
Change-Id: I18937e5c568c742f838cdf3f815c2184a916283c
Rearrange the debug prints in the wmi path
so that valid information gets printed.
CRs-Fixed: 2368173
Change-Id: I8900eda444c9d1dee69f5c1e30662022580d2a7b
Splitting the wds srcport learn function to add:
1. A wrapper function where host extracts the required fields from
nbuf cb and rx_tlv header.
2. A common function which can be called from both host path
as well as offload path.
Change-Id: I2f2c0580c049f48395a3e0a265e3fb5d8aed6774
Add cdp api to check if tx desc pool available descriptor
threshold has reached.
Change-Id: Ie542d03dd865d32aa6e01da00328aa51728b4276
CRs-Fixed: 2369218
In function qdf_trace_msg_cmn va_end is called without va_start.
This can lead to delay in driver logging.
Change-Id: I9d2c9893037f5836cf902e6e311a0a521b8389e0
CRs-Fixed: 2373637
The last_ack_rssi value is made to get updated with the
correct value and the code fragment to reset it to 0 has
been removed.
Change-Id: I87f9ca788c92ae6ffc05b10faeb82e03024050ce
According to the ucode and mac team, the new TB-PPDU (UL OFDMA
Dat frame) from any other users using the TLV's fields below:
* PHYRX_RSSI_LEGACY (has a reception type field that is
set to UL-MU)
* PHYRX_RSSI_HT
* PHYRX_COMMON_USER_INFO (has a reception type field that is
set to UL-MU)
* PHYRX_USER_INFO (has more detailed modulation info)
* PHYRX_USER_INFO (Could be more than one)
...
* PHYRX_DATA
* PHYRX_DATA (Could be more than one)
CRs-Fixed: 2329959
Change-Id: Ib5fa1734a5525d2b2d1db8756166f259be30b9c0
Current driver doesn't check for any TX pending flag before doing
bus suspend.
Add a logic which is similar to existing helium platform.
Change-Id: I49d078c3b86fc0d9659fbbc2f3c1a604a79a9dff
CRs-Fixed: 2360189
Driver first try to find peer for beacon frames with addr2,
and if no peer is found it loop through peer list 2nd time
for addr1. For beacon addr1 is broadcast address and thus
peer will never be found with broadcast address.
Thus use addr1 to find peer only if addr1 is not broadcast
address.
Change-Id: I7e5c221ec7f93f878981f4eafb69935aafd64174
CRs-Fixed: 2373793
Validate num_mem_reqs should be less than TLV size in
extract_host_mem_req_tlv() function.
Change-Id: I88ebfc4bfe3abb9b0926990f5f777fc0d62e1fc1
CRs-Fixed: 2347667
Packetdump invokes legacy data path API directly without
considering underlying HW:
1. ol_register_packetdump_callback
2. ol_deregister_packetdump_callback
Global pointer pdev_txrx_ctx will be casted to struct ol_txrx_pdev_t
always even Lithium (use struct dp_pdev) underlying, that leads to
struct dp_pdev be overwritten unexpectly.
Wrap with cdp API to avoid.
About packet-dump feature:
It is one debug feature/requirement for Android N, to track/dump
TX/RX data/mgmt. packets during connection. This enhancement can help
in debugging connection related issues.
This change only touches its data packet callback register API.
Change-Id: Ie63fd2dfa909f89741ccf0c5131f6d3305093a3e
CRs-Fixed: 2366334
Packetdump invokes legacy data path API directly without
considering underlying HW:
1. ol_register_packetdump_callback
2. ol_deregister_packetdump_callback
Global pointer pdev_txrx_ctx will be casted to struct ol_txrx_pdev_t
always even Lithium (use struct dp_pdev) underlying, and overwrite
struct dp_pdev unexpected.
Wrap with cdp API to avoid.
Change-Id: I5c8847ddc51548e8854ba600bec99ce5200dd817
CRs-Fixed: 2366344
Adds support to use bangradarenh command to inject radar on the
secondary segment, if AP is operating in HT80+80 or HT160 mode.
Change-Id: I78ab3d3fcb3ecf5fee274911bf6dc48f74c53818
CRs-Fixed: 2359763
Rename target_if_open() to target_if_init() and target_if_close()
to target_if_deinit() as these handles global target_if
initializations.
Change-Id: I935eb6461f1774043adaa0539b6e8e0ea9824382
CRs-Fixed: 2352015
Local variable is used to store cpumask to send it to
irq_set_affinity_hint and qdf_dev_set_irq_affinity APIs.
This memory is used by the kernel later outside the
current contect resulting in invalid memory access.
Fix this by using global variables to store cpumask.
Change-Id: I086f40bf1b3499d2c2ccb1ce18140b2dc2761d04
CRs-Fixed: 2373548
Currently, the function causes the system false when
tries to release the spinlock because it holds the
spinlock longer than max_hold_time.
Change-Id: I90c78b7d8530cf3d1c224a693ab9f743f669b730
CRs-Fixed: 2371481
Each cmd in serialization list holds a vdev ref by
I8d573ff5a25e6dff928b2708e51ad7b97e292277. When vdev is
destroyed physically, it means vdev ref count is 0, all
serialization cmds of this vdev are released, don't need purge
in vdev destroy handler.
Change-Id: Iea75707c88154e1e3e87369285b82d1288523e22
CRs-Fixed: 2367242
During Zerowait DFS, when radar is hit, the NOL IE element that
is being sent to its uplink is prepared after the precac timer
is turned off, which returns wrong center frequency
information for secondary segment.
This center frequency is used to built the list of subchannels to
be sent to root, which in turn are all 0s.
Reorder the function calls to prepare the IE before the
precac timer is turned off when radar is found so that the
list of subchannels are built properly.
Change-Id: I74e800cbbeb3730c862a72ddbe8f78219592e343
CRs-Fixed: 2373036
When adding stop command to the serialization queue, if the command is
getting added to the pending queue of the vdev and there already existed
another stop command in the same queue, then return already exists as the
return value after the command is enqueued.
This to avoid notifying the vdev state machine with down event multiple
times though the command already in the pending queue would have notified.
Change-Id: I1830251c6b6c1fa2860f17a3ea8a869e8a3c87ff
CRs-Fixed: 2372563
When the command is released from the queue, it is added back to the global
pool. Reset the status flag of the command before releasing it back to the
global pool.
Change-Id: I3e51fc6aa0ffc0dafe87b838a5a256fc65d12d09
CRs-Fixed: 2372562
In the current implementation, if there are any active commands
in the vdev queues then on vdev destroy we remove the commands from
the respective queue and return the command to the global pool.
We should also stop the timers for the corresponding active commands,
otherwise the timeout cb may be called after the destroy is executed.
Change-Id: I51a1049e952073d83b5caee3835e4f9adca2bb9e
CRs-Fixed: 2365411
Per the Linux coding style both mixed-case names and so-called
Hungarian notation are frowned upon, therefore replace the identifier
pAddPeriodicTxPtrnParams everywhere it occurs.
Change-Id: Id80fc4cd22a8e4af125f01b937e03eea0b898283
CRs-Fixed: 2371906
This change will resolve displaying NSS value
in stats in case of HT. And also it will give
proper NSS value to calculate rate value. Modify MCS
value to match with Tx stats from firmware.
Also retain original MCS value to use in radiotap code
for HT case.
Change-Id: I4dad068262a5e9188a5935db6b2cbf8d14138e7e
Add INI support to disable spectral feature and do not process the spectral
user commands if spectral feature is disabled.
Change-Id: Id353131675454652d59fd5d5f8fd3d732a07b777
Acked-by: Shashikala Prabhu <pshashik@codeaurora.org>
CRs-Fixed: 2343947
Using both structure wmi_tdls_params and tdls_info if TDLS component
sets FW states, which will cause memory corruption potentially. Use
enum wmi_tdls_state as type of tdls state.
Change-Id: Ia1e78a5c6d8aee9ab5166c0704dd7827f42c2457
CRs-Fixed: 2372452
Disable adaptive dwell time for scans in not connected state to
optimize host scans for fast connection.
Change-Id: I28f762c3ee44ffc20a7565ccc1d8e40f16aedb4e
CRs-Fixed: 2357888
wmi_unified_bcn_buf_ll_cmd in wmi_unified.h had compilation flag
CONFIG_MCL. To get rid of the compilation flag, a separate header
file is created
Change-Id: I0bbcdf749f461f6880aacc1e3ef4e8e8fdc08ff6
CRs-Fixed: 2366773
Two new WCNSS_qcom.ini values "roam_score_delta" and
"roam_trigger_bitmap" are introduced. These values are sent to
firmware over the WMI command WMI_ROAM_AP_PROFILE over the
structure wmi_roam_cnd_scoring_param. The values to this
structure are populated from struct scoring_params.
Add roam_score_delta and roam_trigger_bitmap in scoring_param.
Populate these values from roam request to the structure
wmi_roam_cnd_scoring_param to be sent over the wmi command.
Change-Id: I012867e60ddf18a276250ef3bd27015f191d8a6a
CRs-Fixed: 2368263
