When a DFS pulse is being processed, a channel change change can happen.
And the channel change initializes the radar filters which means
it frees and allocates the DFS filtering data structures.
This may result in memory violation (NULL Pointer dereference).
To avoid the memory violation lock the filter initialization and
DFS pulse processing.
Change-Id: I37c80d409433a9f97bd1f5e78b2b1e780b130290
CRs-Fixed: 2317455
Add API to clear CAC started channel in the DFS component.
Also, when AP detects the RADAR in DFS channel and restarts the AP vap in
NON-DFS channel, call MLME state machine to clear the DFS_WAIT flag and
move the state to RUN. Since MLME state machine is per vap, move the
NON-DFS check in dfs_clear_cac_started_chan() to MLME and call
dfs_mlme_proc_cac() per vap.
Change-Id: I67033aa6ea819b6ed5d39a3911191d2051f731fc
Acked-by: Shashikala Prabhu <pshashik@codeaurora.org>
CRs-Fixed: 2324561
Consider STA vap to be up in chan 100 VHT80 mode and stadfs enabled.
Say Radar is injected on chan 100 and 100 is added to NOL list and
IEEE80211_CHAN_SET_RADAR is set on it. On NOL timer expiry, during the
process of nol delete, dfs nol count is decremented. So it reads 0 now.
After this decrement, dfs_nol_update() is called and it returns without
calling dfs_mlme_clist_update as nol count is zero.
As dfs_mlme_clist_update is not invoked, IEEE80211_CHAN_CLR_RADAR flag is
not set. After NOL timeout, STA vap fails to associate with Root on VHT80
mode as 100 VHT80 is not available (chan 100’s RADAR flag not cleared).
CRs-Fixed: 2327546
Change-Id: Ic83ec2ac49e0fb7e887c3c7be2f8eefc419cb7c5
This commit includes the following changes:
Send usenol pdev param to FW.
Set and get dfs_disable_radar_marking flag.
Handle scan failure due to NOL violation.
Change-Id: I814f6381145f98eccf465af730734238c60d8896
CRs-Fixed: 2328894
* Move dfs DA files to a DA specific directory.
The new DA specific directory will be under a new git root.
* DA:- Direct Attach.
Change-Id: I413d736d60a071374baf45ca6b13c793ab8dcbfd
CRs-Fixed: 2305115
When second segment bangradar is issued, the primary channels are
added to NOL. During preCAC, when a bangradar or real radar is injected in
the second segment, no channels are added to NOL.
dfs_seg_id is updated by enhanced bangradar even when the command is not
issued. During preCAC, the second segment frequency stored in current
channel is invalid and it is stored in dfs itself.
Correct the condition for enhanced bangradar command. Update dfs_seg_id and
radar found segment id. Move the portion of code that update radar_found
parameters when enhanced bangradar command is issued. This portion checks
for radar found segment id that would not have been updated yet. Use proper
second segment frequency to add to NOL during preCAC.
Change-Id: I5e1f1004b45bc30b5da7bfa174a5c03bdea4fa71
CRs-Fixed: 2303458
In macro TAILQ_FOREACH_SAFE, var and tvar point to current head and the
next element respectively. If we unlock the spinlock inside the for loop
and then lock it again, there is a chance (race) that the next element is
pointed to by another thread of execution and both of them may try to
remove the same element at the same time. This may lead to panic.
Instead of using TAILQ_FOREACH_SAFE macro remove the element from the list
one by one using a while loop from the head of the list. Do not lock the
entire while loop, instead lock only during the removal of element from the
list.
This is required because we want to wait for the dfs_remove_from_nol timer
to complete. But the wait should not be done from inside the lock because
the same lock is used by the dfs_remove_from_nol timer.
Change-Id: If820dbb1789b7fcfc33c133b3f90968377bfbf3c
CRs-Fixed: 2322831
Redefine dfs filter type to avoid prealloc problem by making one
large chunk into multiple smaller chunks.
With current data structure, dfs attach was requesting huge chunk
of memory from the heap which results in failure.
Fix is to modify the data structure so that one large chunk
is made as multiple smaller chunks.
Change-Id: Iaa8d0b1b6e4b192b37e165c936920baa5d10a23b
CRs-Fixed: 2323927
Consider AP is brought up in channel 100 VHT80 mode. When "bangradar" cmd
is issued, all the HT20 channels 100, 104, 108, 112 must be added to NOL.
It is found that only chans 100, 104 are added to NOL. This is because
dfs_find_radar_affected_subchans() does not find out all the radar affected
HT20 (4 in this eg) sub-channels.
dfs_find_radar_affected_subchans() is invoked as dfs_use_nol_subchannel
_marking is set to true by default. Also, dfs_find_radar_affected_subchans
finds the frequency offsets of the radar_found channel from
radar_found->freq_offset variable which is updated only in case of real
HW radar. For bangradar, this freq_offset takes to some scrap value.
As the radar found frequency offsets are wrong, the radar found channels
are computed incorrectly and it leads to chaos in NOL addition.
dfs_find_radar_affected_subchans() is used to compute radar found
frequency offsets only in case of real HW radar. For bangradar,
dfs_get_bonding_channels() is used to compute the radar found sub-channels.
Change-Id: Ie190e9266bcb696a07e389736df1258409abf08b
CRs-Fixed: 2313201
When user sets the usenol to 0 and inject the radar, host sends RADAR found
WMI command to firmware. Firmware sends status code as 2 and starts a
2 minutes timer to receive channel change request from host. Since usenol
was set to 0, host does not change the channel. This leads to firmware
timer expiry and sends status code 1 to block all the DFS channels. This is
not desired.
Do not send the RADAR found WMI command to firmware when usenol is 0.
Change-Id: I5884eb343cc419d4c9f5bda3e6eaa7c95c4d4af5
CRs-Fixed: 2276722
For large local variable, it is better to use malloc to prevent the stack
overflow.
Change-Id: Ibf5f516132410122b730bfc1407ea14e0f26d630
CRs-Fixed: 2318354
etsi-precac done list will be updated only after CAC finishes on
the primary channel. This list will not get updated for preCAC on
secondary channel. When channel change happens from intermediate
channel(non-DFS) to weather radar channel after preCAC done, preCAC timeout
for rest of the non-erather radar DFS channels were taken as 10min
since that channel will not be present in etsi-precac done list.
In order to fix this, consider primary channel's CAC timeout only
if neither CAC nor preCAC is done on primary channel.
Change-Id: I274b0f07d7d04644e79262fcecf61036ff79f96e
CRs-fixed: 2312912
In DFS component 0 byte memory is allocated when dfs_nol_count is 0.
We see a print 'allocating 0 bytes at this location' during wifi unload.
Change-Id: I5d6ad36875d634ee5ae6a138656bdb3f538bcdbe
CRs-Fixed: 2316513
In the scheduler_post_message, src_id is now added to
know the source module of the msg. The present scheduler
doesn't know about the same which is scheduler_post_msg.
Replace the scheduler_post_msg with scheduler_post_message.
Change-Id: I954a56eb960e8caab25f0734da2f8badf77cad3a
CRs-Fixed: 2306020
Skip CAC if cac is already started on the same channel or the new channel
is subset of CAC started channel.
Change-Id: I8f6121f1f8d034acf3f0514a60401a3232becaa2
CRs-Fixed: 2309911
For a 2GHz pdev, dfs object is NULL and hence 'dfs is NULL' print is
always seen in some of the dfs functions when user enables the dfs
error logs.
To fix this, add non 5 GHz pdev check before dfs NULL check.
Change-Id: I4702d8c487d5533a2a99b4560471a38992ea9177
CRs-Fixed: 2296853
On NOL timer expiry, timer callback handler dfs_remove_from_nol is called.
It acquires dfs_nol_lock at various instances while accessing the elements
of NOL list like deleting an NOL element, printing or copying the elements
of NOL. Also, there is a thread scheduled in the callback handler
dfs_nol_elem_free_work to free the NOL element memory after all operations.
This thread does a del_timer_sync and hence waits for the timer handler to
complete operation before freeing the NOL timer element.
Consider a case where nol timer expires on channel (say chan 100) and
the timer handler is called on core1 of CPU. After all cleanup operations,
the thread to free NOL timer element is scheduled and acquires an NOL lock.
The lock will be released only after del_timer_sync succeeds in its
operation for which the handler (dfs_remove_from_nol) must have finished
executing on other CPUs.
While the Lock is held by Core1, nol timer expires on another channel
(say chan 120) and timer handler function dfs_remove_from_nol is called
from CPU Core0. In the handler, the same NOL lock is tried to be acquired.
Since it is already held by cleanup thread, it spins. del_timer_sync fails
to succeed in its timer cleanup as the handler function dfs_remove_from_nol
is executing on another CPU. It waits for the handler to finish execution
and handler waits for the lock acquired by the thread. It runs into
a deadlock.
Release the NOL lock before calling del_timer_sync. This will give a
chance for the handler to execute. Acquire the lock again when the next
element is removed from the free list.
CRs-Fixed: 2301063
Change-Id: I822714edee3269ccbb93838e3892796219e1b88e
Add DFS coverage for channel plus width combinations
for overlapping channels in ETSI domain.
Change-Id: Id55f6b42a7ae3bad45c334ff5163a9458b825cd6
CRs-Fixed: 2291635
Maximum among primary CAC timeout and secondary timeout was used to
determime preCAC timeout. Due to this the non-weather radar channels
were also using 600sec as preCAC timeout.
To fix this, CAC on primary channel is done, then use secondary
preCAC timeout.
CRs-fixed: 2303360
Change-Id: If229957d8778a0a7794650e2908da8353fb9e090
Change a few memory allocations of the DFS module from dynamic to
statically allocated memory from .bss segment to avoid any possible
runtime memory allocation failure because of the requested contiguous
memory of a large size.
The static allocation will not work for Multiple RADIO based boards as
it will use the same memory for all the radios.
Change-Id: I93b30a0a3f2f7d91466c930c12e9fae60699605a
CRs-Fixed: 2302097
When the beaconing channel is not affected by radar,
reduce bandwidth of the AP while retaining the beaconing (control) channel.
Since all subchannels were in ISM there is no need to perform CAC.
Random channel selection is run if primary beaconing channel is affected
by radar, wherein CAC will be run for new primary and secondary.
Change-Id: I3c141a02449361e2290086f4c15f7b3eb08c6115
CRs-Fixed: 2284350
Reduce log level for few prints to debug to avoid flooding
of prints to console.
Change-Id: I514585cc87d51ead15fb1f40d45f62023628d9bb
CRs-Fixed: 2296839
1. Rename XXX_timer_free() dfs functions as XXX_timer_detach().
2. Remove the code to free precac_nol_list from
dfs_zero_cac_timer_detach(). This is the redundant code since
dfs_reset() already frees the precac_nol_list.
Change-Id: I878f396795ce0e5c04af379a6db253d07ca66a83
CRs-Fixed: 2262081
When the variable 'false_radar_found' is 1 a set of dfs variables are
supposed to be reset. The reset of the variables are done from within
dfs_radarfound_action_fcc() and dfs_radarfound_action_generic().
However, neither the function dfs_radarfound_action_fcc() nor the
function dfs_radarfound_action_generic() is called when
'false_radar_found' is 1. Therefore, remove resetting of the dfs
variables from the two functions and perform resetting of the
dfs independent of the radar found action.
Change-Id: I120dd8dc7abe13aa9dcaa7a29c10deea06cb8043
CRs-Fixed: 2289775
All the dfs timers that are initialized with qdf_timer_init()
must be freed with qdf_timer_free() to avoid the timer leaks.
Change-Id: I5425f0a84d0e252e3a1dc9b835f1b655fe79a691
CRs-Fixed: 2262081
Add necessary wrapper functions so that other components/umac
can check if a HT20 channel is in NOL.
Change-Id: Ie2cda1fe8f71d829e261ebdcf4563a4c2ff352ae
CRs-Fixed: 2180879
Some dfs domains do not support bin5 radars and bin5 tables
will be null for these domains. So do not log error if number
of bin5 radars are zero.
Change-Id: If9cceae38fa71d1b9b2413f490976ab9f5156086
CRs-Fixed: 2285127
Changes to switch to the preferred preCAC channel after the
preCAC is done.
User can configure non-DFS channel as an intermediate
channel to reduce AP bringup time, and configure the DFS
channel as usual. PreCAC Logic will use the intermediate
channel as the home channel and will prioritize the DFS channel
to start preCAC first and switch automatically after the preCAC
timeout.
Command to configure intermediate non-DFS channel
iwpriv wifiX interCACChan <non-DFS channel num>
Assumption:
Intermediate channel should be configured before configuring
the DFS channel as operating channel.
Change-Id: I1dc00fa395aec53bfe5a6361095cd7d77ced503c
CRs-Fixed: 2272085
Description:-
'wifitool athX setprimarychans ch1 ch2 ... chn' will restart athX if
current channel is not in primary allowed channel list.
'wifitool athX getprimarychans' to get primary allowed channel list.
The channel selected by ACS, random channel selection will be ignored
if it's not present in primary allowed channel list.
When user sets the channel using iwconfig or doth_chanswitch, if the
channel is not present in the primary allowed channel list then HOST
does not honour the channel change.
Change-Id: If37592d4246334a3c8fb17d44aaead7a6f9e969e
CRs-Fixed: 2264102
Remove the function lmac_is_mode_offload and corresponding function pointer
dfs_is_mode_offload since it is not used by the DFS component.
Change-Id: Ie55f5c8dc89466fa992451373819d148680318f1
CRs-Fixed: 2252565
Rename the function dfs_mlme_deliver_event_up_afrer_cac() to
dfs_mlme_deliver_event_up_after_cac and rename the function pointer
mlme_deliver_event_up_afrer_ca to mlme_deliver_event_up_after_cac
Change-Id: I29c2094a0b45c9583b897e088ce9938c759e26ba
CRs-Fixed: 2251792
DFS test timer is initialized and used by Full-offload but the timer is not
reset during DFS reset.
Reset DFS task timer during DFS reset.
Change-Id: I5d5395744a98e5ca2a7a94971e7c1c6e6e0b174f
CRs-Fixed: 2252612
In ETSI domain, after CAC, channel is added to ETSI CAC cleared list,
so that next time it can skip CAC if channel is already present in this
list. If radar found, remove channel(s) from this list indicating that
when channel(s) is/are selected in future, the CAC needs to be re-done.
Change-Id: If6b31ecda2ab159188e7724bce7d1c2d8375fa3c
CRs-Fixed: 2143266
Fix out of bound access for array "weight_list" with size 55 bytes
and declared on stack of function utils_dfs_get_chan_list. Same memory
is accessed in function policy_mgr_update_with_safe_channel_list with
index 127, leading to OOB access.
Change-Id: Ib7ba74e0096e90fd197bc563d2e82e497cf83759
CRs-Fixed: 2232833
Callbacks are defined for both cases, so remove compiler
flag around callback declaration and assign callback for both
HOST_DFS_SPOOF_TEST enabled and disabled cases.
Change-Id: I5e3cedaaa5be550243ac090da3ab6499c5e83904
CRs-Fixed: 2249806
Move the functions dfs_set_update_nol_flag and dfs_get_update_nol_flag
from dfs_cac.c to dfs_nol.c.
Change-Id: Ie2829bf10d5c6f61c4cc062f54c4c9ca2cc6e34b
CRs-Fixed: 2252573
1. Do not send the RADAR found command to FW for bangradar. Since FW is
unaware of the bangradar command for Partial Offload chips there is no
need to send the Radar found indication to FW in bangradar processing.
2. Fix two times vap restart during spoof test: After sending the radar
found command to the FW, the host waits for the FW to send the status
check event to the host but if FW takes a very long time to send the
event then the host timer times out and restarts the channel. After the
channel restart if the host receives the status from FW, the host does
the channel change again. Increase the host timer timeout value to avoid
the two times channel change.
3. When removing the spoofed-radar-infected channel from NOL list, also
remove the channel from regulatory channel list so that the regulatory
channels are consistent with NOL.
Change-Id: I914d48e6202261b87a5ed6f8f40e150eb42463e2
CRs-Fixed: 2250008
In Repeater AP scenario, when STA vap starts scan, it calls the
registered DFS callback function to get the AP CAC status. For a
2 GHz pdev, dfs object is NULL and hence 'dfs is NULL' print is
always seen when user enables the dfs error logs.
Add non 5 GHz pdev check in dfs callback function before dfs NULL check.
Change-Id: Id087d0b126996406f2b6e1b5b34b90a12a18a890
CRs-Fixed: 2245034
Currently if the delta peak of the ETSI type 4 radar pulse is 0, it will
be considered as radar false dection, which affects normal dfs ETSI type
4 certification test.
More checks are added when delta peak of the ETSI type 4 radar pulse is 0.
If psidx_diff, the difference in the FFT peak index between the short FFT
and the first long FFT, is greater than 4 and less than 16, it is still
considered as valid ETSI type 4 radar pulse.
Change-Id: Iee9c22e0c208023bb9f0f70121f8269169b63d18
CRs-Fixed: 2173576
In FCC domain, process the radar pulses and send the summary of radar
found information to FW.
Change-Id: Ib30f57927a9718315fd90f5c44d47dae38bf36f0
CRs-Fixed: 2211883
Address the following issues in the umac folder:
CHECK: 'defintions' may be misspelled - perhaps 'definitions'?
CHECK: 'destory' may be misspelled - perhaps 'destroy'?
CHECK: 'faild' may be misspelled - perhaps 'failed'?
CHECK: 'initilization' may be misspelled - perhaps 'initialization'?
CHECK: 'managment' may be misspelled - perhaps 'management'?
CHECK: 'muticast' may be misspelled - perhaps 'multicast'?
CHECK: 'ouput' may be misspelled - perhaps 'output'?
CHECK: 'segement' may be misspelled - perhaps 'segment'?
CHECK: 'successfull' may be misspelled - perhaps 'successful'?
CHECK: 'untill' may be misspelled - perhaps 'until'?
Change-Id: If60c276c134ef10ce6be26cd5a4036d53d5724b6
CRs-Fixed: 2241586
