Currently, all roam params are updated to firmware whenever
a new param(e.g. preferred channels) is configured by the
userspace. This may overwrite the firmware learned data with
fresh config which is not intended.
Isolate the configured param update to firmware to avoid
tampering other params.
As there are multiple roam params, isolate ROAM CHAN configuration
for now. Incremental changes can be added to make other params
adapt to this.
Change-Id: Ib8c01e42263a0d77b5747f71591ac282909ed7d3
CRs-Fixed: 3856863
Host updates the configured RSSI threshold from INI
"gNeighborLookupThreshold RoamRSSI_Trigger" over the
GETROAMTRIGGER command. But this RSSI threshold is reduced
by firmware in steps for reasons like candidate not found
during roam scan. So, the expectation is to print the next
RSSI threshold at which the roam scan will be triggered.
This value is received from firmware via the
WMI_ROAM_SCAN_STATS_EVENTID.
Fix is to store “next RSSI threshold” value in vdev mlme
and update same when GETROAMTRIGGER is queried.
Change-Id: I9b5dc80724d13f7cfe082f1214197d1c016e1a94
CRs-Fixed: 3827747
Sending deauth on one of the links in MLO connection will result
in removing anchor link in FW and driver shall silently remove the
next link without initiating another deauth. For this reason the
status of MLO peer is set to DISCONN_INITIATED on sending first
deauth frame so that subsequent links do not send again.
The MLO peer context holds the list of all object manager peers for
that MLD connection and failure to add to the context shall result
in termination of connection. Currently the failures are not handled
and the object manager peer is not having any MLO peer context and
this results in sending deauth frame on both the links.
Handle the error of peer create and MLO peer attach on roaming
to abort the roam sync.
Change-Id: I4d5a766b673b36edb44d19065237aa35ff7d5f1d
CRs-Fixed: 3837890
Fix compilation failures caused by type mismatch
between format and argument.
Fix some kernel-doc errors.
Change-Id: Id55c19eff1dd62102feffac1785b5fe825555fde
CRs-Fixed: 3805434
After increased wmi len, bcn frames go to roam sync event instead of roam
sync frame event, add scan entry logic of roam sync frame event handler is
missed in roam sync event handler, if old scan entry for roamed bssid aged
out, roam sync fails for no scan entry found.
To fix it, add scan entry logic in roam sync event handler too.
Change-Id: Ifb2d3323256b42a094a2871279353273275fbddf
CRs-Fixed: 3848978
Policy manager restricts three active home channels on same MAC and
if any two links of ML-STA falls under same MAC, then policy manager
sends force inactive num set to one which link bitmap of those two
links. FW will ensure to not make both the links active at the same.
In such cases when another VDEV comes up via concurrency on the same
MAC but with different frequency then, it will result in two active
VDEVs on same MAC. Now if FW decides to exchange the ML-STA links
which are sent in force inactive num via vdev repurpose, then
policy manager rejects this request and it see the upcoming link
will be in MCC with existing two frequencies (one from ML-STA and
another from concurrency) while actually the ML-STA link will
eventually becomes standby if vdev repupose is allowed.
For this reason, skip checking allow concurrency if the target
link in VDEV repurpose is part of dynamic inactive bitmap.
Change-Id: Ia7b1f798925c3ae02aceba68584dc02e44f2a514
CRs-Fixed: 3840955
F/W increased WMI event max length per CE2 config to satisfy increasing
mlo frame length in roam sync event, host checked frame len with old max
length wrongly, so roam sync failed.
To fix it, remove unnecessary frame len with old max length as
roam_sync_frame handler, frame len is checked with tlv len already.
CRs-Fixed: 3844499
Change-Id: I75394ffa6704b4556701ed060e4345a56906dc1b
If there is only 1 AP candidate, and it has been added to denylist by F/W,
it is not allowed to connect, it's bad user experience to end users.
To fix it, if there is only 1 AP candidate, and it has been added to
denylist by F/W, but deny reason is neither critical nor certificate
required, such as REASON_STA_KICKOUT, need allow user to connect it if no
other candidates.
Change-Id: I2ae66ceba943dcfbc927568684218b7120c1e490
CRs-Fixed: 3785252
When roam happened in F/W and send roam stats to host driver,
host driver send these roam stats info to user space by event
without cache them.
Change-Id: I772c0a5035896715204f6eee277090ed1f33e97c
CRs-Fixed: 3790270
Currently the bitmap of action frames that can wake up the host
is sent via the wmi command WMI_WOW_SET_ACTION_WAKE_UP_CMDID.
This bitmap doesn't include EHT action frames so currently the
host doesn't wake up for EHT action frames.
Enable wake up for EHT action frames during runtime/system suspend.
CRs-Fixed: 3811796
Change-Id: I2c6ab7b7fba5572a02ff0db0f5198f2e9138a97e
Currently EPCS is enabled only via the vendor command hook,
add the ini configuration to enable/disable the EPCS
CRs-Fixed: 3838932
Change-Id: I1a887fa2a91dd68877d96169d39ea868ee675241
Active connection req fetch may allocate memory to copy the
connect IEs, free after use.
Change-Id: Ida4892cd9efef8a4ebfaf925908eedc19a3d9d7b
CRs-Fixed: 3832469
Currently if Host receives ROAM SYNC event in
RSO STOPPED state, Host drops ROAM_SYNC event and
fails to send ROAM COMPLETE response to FW. This
results assert in fw with reason ROAM COMPLETE
response timeout.
If ROAM SYNC come to host in below scenario:
1. HOST sends RSO stop command with scan mode 4,
in order to process supplicant disabled roaming
request
2. FW already queued the roam sync event before
RSO STOP command receive from host
In this case host should send RSO STOP with
scan mode = 0 to FW. So that FW can stop roam sync
timer and change roam state to RSO STOP state
along with other internal cleanup in FW.
Change-Id: I8b25be98b30d7f8185d5f8dcd67a4b52f502fd37
CRs-Fixed: 3810436
After the change in commit I75f0b76ae920c885a1150d95ea011e5612ef62fd,
the gNeighborLookupThreshold INI value will be a negative number. This
update ensures that the INI comment accurately reflects the change.
Additionally, existing INI files may still include a positive number
(e.g., 76). To maintain compatibility, the default value is updated to
-76 in case the INI files haven't been updated to use negative numbers.
Change-Id: I1c588fcbc5716d9efadf1272842d60a29c26eba6
CRs-Fixed: 3826341
Add config to enable go ignore non-p2p probe req feature. If set,
don't need to send probe rsp to STA, hence save power.
Change-Id: I8b4776e4ffd1315bf30e210797b22a673cf2a6c2
CRs-Fixed: 3812361
Currently while processing roam synch legacy case
is not handled properly for self-roaming case and
host is sending roam as it finds peer is
already attached to a vdev.
To address this issue don't send roam stop if peer
is attached to same vdev.
Change-Id: I75bbeb23e2b94458e0709b8b27178549c7104ea1
CRs-Fixed: 3690348
os_if_cstats_log_nan_disc_enable_req_evt is defined but not
called when there is a NAN discovery enable event, this resulted
in missing of NAN discovery enable stats in the chipset stats
Fix this by calling os_if_cstats_log_nan_disc_enable_req_evt
when there is a NAN discovery enable event
Change-Id: Ic9610e01fb0449c5233d6e651c42d395cb1f21c5
CRs-Fixed: 3804972
Add chipset stats for deauth event when roam
is trgiggered due to deauth frame from AP
Change-Id: I21125d1fde5805a3893ff8d0f9ec2be49082f994
CRs-Fixed: 3804975
Currently nack status is read using the pmo lock with bottom half
disabled, but if the wow wakeup irq is triggered at the sametime
it is waiting for the same psoc lock resulting in the dead lock.
Hence get the hif handle directly rather than with spinlock api.
CRs-Fixed: 3798619
Change-Id: Ic2d5cd07c2dafb525003ec7e9e02bc17d0876dd0
Pointer returned from tdls_process_mlo_choice_tdls_vdev can be
NULL. Add NULL check to avoid dereference.
Change-Id: Ibd7f8914a721517d7b959b864c033686b1160648
CRs-Fixed: 3757772
This change is to check for station count with maximum
number of concurrent connections.
Change-Id: I539ae0b78deadf5e514f00d57542b4dd871e0e4e
CRs-Fixed: 3776536
Currently, driver check peer mac address to filter out duplicate
command in serialization queue. This peer mac address will be
peer MLD address from North bound and link address from the south
bound. For multi-link SAP, if disassociation or deauthentication
request received for two links of same STA (MLD address is same but
link address is different), then driver queue disassociation or
deauthentication command in the serialization for both links.
This will lead to duplicate disassociation or DE authentication commands
in the serialization for same STA.
So, to fix this, add check for MLD address and link address in the
serialization filter.
Change-Id: I2619e3009b28ceba6af4383e36ae40af82020b5f
CRs-Fixed: 3790148
Add support to handle GET_KEEP_ALIVE_INETRVAL command.
If received command in connected state return keep alive
period configured to firmware but if command received in
disconnected state, if user space has set keep alive
period then return the user space configured value or
else return INI configured value.
Change-Id: I5d386ecd141531795b471198bd70afa20210bdc5
CRs-Fixed: 3818096
When connect 2 + 6 GHz MLO AP, 2 GHz is assoc link, when populate per
sta profile of 6 GHz in assoc req, use BW of current 2 GHz session
wrongly, so 320M is disabled wrongly in EHT cap.
To fix it, when populate per sta profile for assoc req, pass
pe_session as NULL since partner link pe session isn't created at that
time, don't clear 320M cap for 6 GHz link.
When config EPCS, update eht cap at same time.
Change-Id: I7422f0353cc087a24575f9be1d5b30a032cc7b8e
CRs-Fixed: 3821390
Below is the sequence of events causing RSO init command to
be sent to firmware while disconnect is happening:
1. Roam Start received from firmware in scheduler thread.
2. Connect request for reassoc received in supplicant thread.
3. This connect request triggers disconnect, but before RSO stop
& deinit is sent to firmware, roam synch event is received. This
roam synch is getting processed in the scheduler thread. But RSO
stop & deinit are sent in wpa_supplicant thread.
4. As part of roam synch host is posting RSO_ENABLE to RSO state
machine which triggers roam init to firmware.
5. Since disconnect sequence is already in progress, the RSO is
in init state before vdev stop. Disconnect sequence got executed
cleanly except for the RSO sequence.
This results in abnormal firmware behavior.
Check if the vdev is in connected state before sending roam init
to firmware.
CRs-Fixed: 3769766
Change-Id: I709c165bd9b11b323666e0e27cece76e6a4641dd
Currently, there is a rcu stall when dp vdev obtained from
dp_soc does not match vdev present in fisa flow which has
same vdev_id.
To fix this, if vdev id matches for both the vdev, drop the
skb.
Change-Id: I8be4ea77bd0bdd3096ebbad627674f7b8a9801cf
CRs-Fixed: 3817471
When dp_link is allocated, the member variable is
not initialized correctly. Change is to give initial
value to avoid of crash.
Change-Id: I0d032b4a25f31768f2aa5e7161cc625abe867df5
CRs-Fixed: 3797243
P2P GO negotiation request is supposed to come only on
DUT listen channel.
But there may be chance of leakage on 2.4 GHz because
the ADC sampling rate is 60 MHz, DUT would receive the
attenuated (Rx BBF filter) signal 60 MHz away. So, the
req may get received in non-social channel.
fix is, add new logic to drop the P2P Go Negotiation
request if it is received on non-social channel.
Change-Id: I12ddddd47cd9b494f618b1ba9b383118221ff9d2
CRs-Fixed: 3808813
Currently, when Rx monitor mode interface is coming up, STA is
not disconnected causing RXDMA ring to be used as both error ring
and destination ring. This is causing backpressure in RXDMA ring.
To fix this, issue disconnect for STA when Rx monitor mode is
being added.
Change-Id: I95e73edd80472a8aae9092ebdbce5e514b1cd531
CRs-Fixed: 3799325
During roaming tests, if an AP gets kicked out due to move away,
the driver adds the BSSID to an avoid list.
However, this approach has a drawback. If the AP later moves nearby
again, it won’t be picked up because it’s still on the avoid list.
To address this, the driver checks the RSSI value before adding the
BSSID to the avoid list for kickout roam reasons.
If the RSSI value is above -70 dBm (from INI good_rssi_threshold)
and get kickout, which means AP may have functionality issue, then
the BSSID can be added to the avoid list. Otherwise, if the signal
strength is bad below -70 dBm, the BSSID should not be avoid list
because the AP may move away, let roam logic to pick up or not based
on score value of the BSS.
Change-Id: I4ace2733cfe270667d14095f1d4dc2c5abb9f0d5
CRs-Fixed: 3788290
If pre-cac channel from userspace is Non DFS channel but
the pre-cac bandwidth is set to 160 MHz which cover DFS channel
range, we still allow the request instead of reject it.
Change-Id: I9a0778855bf6659fab20ae0cc82a17d652b0d282
CRs-Fixed: 3748905
If CSR roam synch callback fails then the status is not updated
with error status code and this causes the caller to consider
roam synch indication is successful and RSO stop is not sent
to firmware leading to roam synch completion timeout at firmware
Send correct status to the caller of the api:
cm_roam_sync_event_handler_cb() if CSR roam synch processing
fails
CRs-Fixed: 3800617
Change-Id: I29214c04976498fd81cb5266738e341928af3af7
When roaming happens with full SAE for FT-SAE AKMs host doesn't
update the PMK received from firmware into its global cache.
This causes stale PMK to be sent to firmware when full SAE
happens when roaming to below AKM's:
WLAN_CRYPTO_KEY_MGMT_FT_SAE
WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY
So update the PMK sent from firmware for above AKM's when
auth status is connected (full SAE happens at host).
CRs-Fixed: 3807689
Change-Id: I25d1a253de37481952c41f54697521285a0ccf92
If host founds below all conditions are true:
1. Connected AP sends CCX IE in beacon/probe response
2. single PMK feature enabled via ini
"sae_single_pmk_feature_enabled"
3. And current connection is SAE with AKM type
WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY or
WLAN_CRYPTO_KEY_MGMT_SAE
Then host should mark connected AP supports
"single PMK feature" and update same to FW via RSO
command.
Change-Id: I831cfefb60271b03e5c5cbdfde0bd5277ee116e0
CRs-Fixed: 3795133
Currently bool values are not initialized and results
in unexpected values for bool variables,
Hence this change is to initialize structure to
NULL before use.
Change-Id: I07ec3880d35441d3dc84eaa44640ad07eba0b3c9
CRs-Fixed: 3800965
In the case of of 5 GHz + non-tx 6 GHz MLO connection, the scan entry
generated from the ML-probe might not carry MBSSID information of the
non-tx partner. The RNR of the assoc link will also not be inherited.
Therefore, the mbssid info is not generated for this non-tx 6 GHz scan
entry. In such cases, if there is a vdev restart, host driver sends zero
mac address in trans bssid, leading to issues with connection.
To fix this:
1. Look up the RNR db for the 6 GHz link, and determine if the bss param
corresponding to the bssid is non-tx MBSSID.
2. If it is a non-tx MBSSID and there is no mbssid info in the scan cache,
then configure the tx-bssid as broadcast mac.
3. This allows the firmware to auto-detect the tx bssid from the upcoming
beacons.
4. Also, save the neighbor entries from the beacon/probes received from
the firmware during roam sync and other events to facilitate the look-up.
5. If there is no existing entry for the roamed non-tx link, then caching
the neighbor info from the assoc partner link would store the valid entry
into the rnr db.
Change-Id: Ie5ef03fc8504cd63f6db98d2ce4af7eb5c2d7e00
CRs-Fixed: 3789675
After roaming to 11BE 320 MHz EHT AP, the channel width is wrongly
updated as 40 MHz in newly created pe_session. This causes wrong
channel info to be sent to kernel in the get sta channel request
and could result in disconnection. In lim_fill_ft_session(),
the chan_width is updated from VHT OP or Vendor VHT OP IE only
currently. But in 6 GHz EHT 320 mode, the VHT OP IE will not be
present and default 40 MHz is assigned.
So extract the channel info from EHT OP IE and use that to fill
the ft pe session created after roaming
Change-Id: I81b52391e69dfe87b103ca1ee90dd9658f02273a
CRs-Fixed: 3746276
Change the default connection dot11mode behavior of APs with
following security configuration which can support MLO:
1) WPA2 with PMF
2) WPA3-SAE with HnP (or H2E cap equals false)
Currently User has to force allow connection in MLO via INI or
else driver downgrades such candidates to 11ax.
Change-Id: I4ff232fc920e19e4f158eba3038abd57b045e705
CRs-Fixed: 3779433
Add support override the NSS capability with HW NSS capability
during TDLS setup.
Change-Id: I916193969d5aafe042ee1bea2adc29668c9109ee
CRs-Fixed: 3792456
Currently, ROAM_SYNC is aborted on the corresponding vdev when
the vdev is not in CONNECTED state. This abort operation sends
an RSO_STOP to fw but the status is not notified to the caller.
This results in a race condition in the below scenario,
1. Firmware roamed to a 2-link ML AP and sent Roam sync ind
to host
2. Host posted ROAM_SYNC on vdev-0 in scheduler thread context
as the vdev-0 state is CONNECTED
3. Got a DISCONNECT request from userspace in user thread and
the states moved to DISCONNECTING.
4. Host tried to post ROAM_SYNC to vdev-1 but aborted as the
state is not CONNECTED and tries to send RSO_STOP to fw.
This RSO_STOP won’t be sent as it’s a link vdev and the
RSO_STOP should go from assoc vdev later.
But this status is not indicated to the caller which
proceeds with vdev-0 ROAM_SYNC.
5. As vdev-0 ROAM_SYNC doesn't check for the connection state
once processing is started, ROAM_SYNC would be completed
on vdev-0.
6. This causes out of sync and vdev-1 doesn't get cleaned-up.
7. As part of the disconnect, host tries to cleanup the old
peer on vdev-1. But firmware ignores this as that peer is
already cleaned up in fw.
This results in peer map-unmap issue later as the new Roamed
peer on vdev-1 will never get cleaned-up in host but the same
got cleaned up in fw. FW is free to use that peer_id to
another peer mac later and when it does, host DP complains.
So, indicate ROAM_SYNC abort status to the caller to abort
the complete Roaming.
Change-Id: Ic65149ddf28f01ca5d7a0f6d3137a38e64e6c6ae
CRs-Fixed: 3786671
When SAP CSA is started, host driver starts sending CSA IE
with beacon count. Host driver sends VDEV_RESTART to firmware
only when the beacon count reaches to 0(e.g. from 10 to 0).
But if CSA has to be aborted due to some reason(e.g. concurrent
SAP got disconnected), host driver stops the CSA by posting
EV_CHAN_SWITCH_DISABLED where it stops sending the CSA IE and
restores the VDEV state to UP-UP-ACTIVE. It updates the
templates and doesn't send VDEV_RESTART to firmware.
Currently, host driver sends VDEV_UP to firmware as part of
SAP state machine restoration. But firmware might not expect
this VDEV_UP as vdev is in UP state. Host has to avoid
sending VDEV_UP to firmware when the VDEV state is UP-ACTIVE.
Also, SAP CSA abort might result in other race conditions.
So, let the CSA continue if it's already started and SAP channel
gets evaluated once SAP is UP anyway.
Change-Id: Ic8ff8b0c58dd656b4e7ae2a2f9c46c3584a33165
CRs-Fixed: 3734991
Host driver doesn't disable RSO before restarting the vdev
for fw-initiated as well host-initiated CSA or BW change for
link vdev. Therefore, if the FW is in middle of roam(for host
initiated CSA) cases, this restart leads to race condition in FW.
Add a new reason code for VDEV restarts triggered due to CSA,
enable/disable the RSO SM based on this new reason code for
assoc as well as partner links.
Change-Id: I48925d76df62bb1c60f212048b95c434af18042f
CRs-Fixed: 3770973
In the api hdd_set_nss_params() and hdd_set_antenna_mode()
change in nss parameter or antenna mode cause the TDLS
teardown.
Add a check in api hdd_set_nss_params() and
hdd_set_antenna_mode() to prevent change in parameter
if there is a existing TDLS connection.
Change-Id: I8a58b8b0a617a8de490907e4c3181b15d90e0dbb
CRs-Fixed: 3789892
