When scheduler thread copy mlo_ie from pe_session to beacon template,
hostapd update EDCA params based on STA/SAP concurrency, zero and update
mlo_ie in pe_session for beacon template too, OOB happens for race
condition issue.
To fix it, serialize beacon template update to schedule thread.
Add length check to avoid OOB.
Change-Id: I756ea99e1f6c7280fb68acb8e0982b415dcb7ab6
CRs-Fixed: 3694478
Symbol export should be disabled if multiple chipsets
is supported, to avoid possible 'exports duplicate
symbol' issue which will result in wlan driver loading
failure during bootup.
Change-Id: Ia79e811ae813a7ab39aea597b3d01aba0762c144
CRs-Fixed: 3693883
Add ini to disable mcs 12 13 for SAP operating in
2.4 GHz with 40 MHz bandwidth.
Change-Id: I78ed90bf6bab80a8f81f7a0640b9aca9d2736f4d
CRs-Fixed: 3672437
At present, num_tx_chains_11a value is updated from the last
setting of num_tx_chains_11a in dynamic_cfg. If last setting
num_tx_chains_11a is 1, new num_tx_chains[NSS_CHAINS_BAND_5GHZ]
changed to 2 by vendor command, it will not be updated to 2.
Fix by update them based on new num_tx_chains[NSS_CHAINS_BAND_5GHZ]
value and ini config.
Change-Id: Id25e8f8d0427b77c2191dfc352b5827be543a191
CRs-Fixed: 3683946
Addressing an issue where the host driver receives a raom
sync key event with cipher type 15 and length 32 from the
firmware. Currently, Host lacks an updated cipher type and
defaults to value 0, corresponding to WEP key, with a maximum
length of 16. This invalid conversion result in firmware
crashing during the install key command.
This change is to add crypto cipher type corresponding
to fw implementation.
CRs-Fixed: 3680670
Change-Id: I2bc5b486fd9df79334191c84bc57151ed7efdfcf
When ML STA + Legacy STA concurrency is present, TDLS is disabled
on all the vdevs. If legacy STA gets disconnected, the TDLS
enable is done on only one MLO vdev, and on MLO link vdev TDLS
state is disabled. But TDLS peer set param commands are going
to firmware. This results in firmware abnormal behavior.
Enable TDLS on assoc & link vdev for ML STA case when concurrent
STA disconnects.
CRs-Fixed: 3685766
Change-Id: I36b839dd610e85d38081a985ceb68d8fad8879c5
Link switch uses cached partner links info in mlo_sta_ctx,
currently during roaming as partner links info is not filled
then link switch fails during connect.
Copy partner links info to sta context in mlo dev ctx on
roaming.
Change-Id: Ie513173f0ccdc39f46be5cf4af11021abe5950aa
CRs-Fixed: 3695386
In the api cm_roam_btm_req_event(), BTM request and
BTM Candidate Connectivity logs are printed for both
partial and full scan when disassoc_imminent is set for BTM
roam trigger. But actually, over the air frame was received
only once on the device.
So to avoid BTM frame logs duplication,
ignore the BTM request frame TLV & btm candidate TLV received from
firmware after BTM roam trigger with disassoc imminent set.
Change-Id: I7d8cf4a4f0c7e2ee7958ae3fc309f14890c2fd33
CRs-Fixed: 3675909
"CONNECTING" connectivity event is not logged during
NO CANDIDATE scenario which resulting in breaking of
connectivity logging mechanism.
Modify wlan_connectivity_connecting_event() api
to get connect request parameter as argument in
order to log CONNECTING event.
Change-Id: I040446db189c55ade3c6d0aa993388789f9881af
CRs-Fixed: 3678172
For MLO LINK connectivity log, the links not associated
during connection are also included as part of
inactive links which breaks the sanity of logging
mechanism.
Modify MLO LINK connectivity event to send the
associated link band bitmap in order facilitate
userspace to find links associated in current
connection and in turn find the inactive links
in a particular instance.
Change-Id: I7a490e9bf8a6666620d1c57b9f8047a22bf78fc5
CRs-Fixed: 3674048
After roaming to 2+5 MLO AP, MLD high RSSI roaming trigger is
getting disabled if assoc link is on 5 GHz.
To fix it, if self MLD roaming is supported, then don't enable
high rssi roaming trigger for 2.4 GHz link and disable it for 5
GHz link after roaming is competed.
Change-Id: I4c02cb2c946d97884fbc0d6cc513c585c21b9548
CRs-Fixed: 3670241
Send periodic fw stats to get chan noise floor when monitor mode
start, but not stop it when monitor mode stop,
pdev stats event is received even when event handler unregistered,
race condition lead to assert.
To fix it, when monitor mode stop, stop periodical pdev stats report
first.
Change-Id: I58a0ced84aca74a7228064067bb096803cf952fd
CRs-Fixed: 3667212
Host filled link address in the NS tuple, DUT sent NA frame with link mac
addr, not MLD addr.
To fix it, let host fill MLD address in the NS tuple for MLO vdev.
Change-Id: I863dc6184c59ee06950e4aa2287d4d4a6ff30b5c
CRs-Fixed: 3693220
While iface combination dump looping based on max interfaces
defined but some iface array have index of max - 1, which
will lead Out-of-bound access of 2 bytes.
For example, wlan_hdd_sta_iface_limit supports max 2 interfaces,
but defined only one array of index.
Check with size of the array, So, only available index will access.
Change-Id: I9ab02557ea7b4290d56ef359a3d9072fd9b1e53d
CRs-Fixed: 3668965
Currently when calculate TPC command, assume local power constraint
is non-zero, but constraint is possible to be zero like AP can restore
local power constraint to zero after change to a non-zero value.
Add a local flag to check whether STA need follow AP's local power
constraint and calculate/update TPC command accordingly. In case if
AP configure invalid absolute constraint power to 0, add check and
don't follow this wrong configure.
Function lim_extract_ap_capability() may not update
localPowerConstraint if both power constraint IE and ESE TX power IE
not present, to avoid access uninitialized localPowerConstraint,
initialize it to zero and we have check when use it in
lim_calculate_tpc().
Change-Id: Ib4600574aefee7f4bcff84c06891dcc15f5d265a
CRs-Fixed: 3676758
If F/W doesn't support p2p device dynamic mac update, after dynamic mac
update, p2p tx will fail.
Check whether p2p device dynamic mac update supported by target, if not
supported, reject p2p device dynamic mac update request from upper layer.
Fix warning of uninitialized status.
Change-Id: I845bd9683f2b68c3ed28292917601fdefed13f72
CRs-Fixed: 3680411
Currently after link switch powersave conifig is not sent to firmware
resulting in STA not entering BMPS.
Set the powersave config to firmware after link switch
Change-Id: I60864b03144900edac2861348375280507b9e25c
CRs-Fixed: 3680566
In api cm_roam_scan_info_event(), band_mask is updated
for ROAM_STATS_SCAN_TYPE_HIGHER_BAND_6GHZ and
ROAM_STATS_SCAN_TYPE_HIGHER_BAND_5GHZ_6GHZ. But
the band mask is truncated for ROAM_STATS_SCAN_TYPE_FULL.
add check in api cm_roam_scan_info_event() to update
band mask only for scan type
ROAM_STATS_SCAN_TYPE_HIGHER_BAND_6GHZ and
ROAM_STATS_SCAN_TYPE_HIGHER_BAND_5GHZ_6GHZ in order
to prevent the band mask from truncating for
ROAM_STATS_SCAN_TYPE_FULL.
Change-Id: I3e85c87e3e304d0c4d4ae311c7be1939e73d05df
CRs-Fixed: 3666578
In some roaming scenario, the old bss peer was not destroyed before
new bss peer create, so new bss peer fail to attach to vdev because
max allowed create peer for STA vdev is 2 (self peer + bss peer + no
TDLS peer on TDLS disabled platform).
Add one more peer count to vdev max peer count for STA.
It has no impact to memory requirement.
Change-Id: I474b0b9493c385123351b1cdcdfab8e584803dca
CRs-Fixed: 3646841
After CSA to 5180 (unsafe), the sap_fsm_validate_and_change_channel
will call wlansap_set_channel_change_with_csa API to do a new CSA
to safe channel. But wlansap_set_channel_change_with_csa will not
set ch_switch_in_progress flag. Instead, we should use parent API
hdd_softap_set_channel_change to trigger CSA, which will set
ch_switch_in_progress flag. The existing code will do
unsafe check after CSA done in hdd_hostapd_check_channel_post_csa,
so combine the sap_fsm_validate_and_change_channel work into it.
The ch_switch_in_progress missing during CSA will cause another CSA
request being executed while the first CSA is still in-progress. This
is not supported.
Change-Id: I17c9181a32ffc4f35f647db1f957a05b00306bee
CRs-Fixed: 3683289
TDLS peer_update_timer and peer discovery timers are not stopped
upon sta disconnect.
So while the handler is invoked upon timer expiry, the
vdev could have been already deleted. This could result in
null pointer dereference of vdev while trying to get
TDLS vdev objects.
Since the timer is not required upon sta disconnection and
peer will already be deleted, stop the timer upon STA
disconnection itself, instead of doing it during vdev
destroy.
Change-Id: I3c405b3e7b57d25a7d1afbf6c93476271a29a6b8
CRs-Fixed: 3673078
Currently, mlo_link_agnostic is set to true without validating
destination address which means FW is free to choose
transmission link L0 or L1 due to which GAS frame TX is failing.
Fix is to set mlo_link_agnostic to false when dest address is not
AP address, so that FW can choose freq as per channel which is
sent as part of mgmt frame.
Change-Id: Icacc4ce06b0eda341342ac1cdcf347de74e59e39
CRs-Fixed: 3666152
(cherry picked from commit d3cbd7154a31479cb79230643a0a8818b41d2a67)
Add support for QCA_NL80211_VENDOR_SUBCMD_REGULATORY_TPC_INFO vendor
command to return the STA TPC information used within the BSS.
If STA is ML STA, multiple link TPC information will be returned to
userspace.
Change-Id: I6fd30893c057c876e9a01e112595e5cb0c906a70
CRs-Fixed: 3665538
Currently, host disables btm_offload feature if the connected AP
supports MBO/OCE but not PMF. Firmware doesn't process the btm
requests received from AP in such cases and forwards the same
to host. Host forwards them to userspace. But userspace may not
expect these frames as roaming is offloaded to firmware.
Drop the BTM request frames in driver for LFR3 cases when the
connected AP supports MBO without PMF.
Change-Id: I35800ff31f8a48d12eb57cdd36856fdef2b53b8e
CRs-Fixed: 3687371
Identify APs which don't support three links and downgrade the
max connection links to two so that connecting to such APs will
not lead to unexpected behavior.
Change-Id: I25d2c0fd09e29b6f0cc2d228e52733bcbceb39fd
CRs-Fixed: 3636112
Currently for STA + STA case, consider the below scenario:
1. Roam start received on vdev 2 & vdev 0. Vdev 2 roam
serialization command becomes active and vdev 0 roam
command is on the pending queue.
2. HO failure with AP0 received on vdev 2. This dequeues
the vdev2 roam serialization command. Vdev0 roam command
becomes active.
3. Roam synch indication received on vdev0 with peer AP as
AP0 (which is the peer on vdev 2). So duplicate detection
logic prevents same peer creation, so roam synch fails but
its not indicated properly to firmware. This leads to
disconnection of both the STAs.
To address the issue, first enqueue disconnect with high
priority set before removing roam command from serialization
so disconnect gets activated if roam was active for the
vdev.
Also while processing roam synch indication, check if peer is
found on different STA and send roam stop to fw so fw also
cleans up and initiates HO failure.
Change-Id: Iddeddcde782b936dc2ea4b8f32fd0be3c0ced591
CRs-Fixed: 3686114
In LA by default, the max supported SAP interface number -
QDF_MAX_NO_OF_SAP_MODE is 2. In third party framework or using
command line to add SAP interface, the active number of SAP
interface may exceed the number of QDF_MAX_NO_OF_SAP_MODE.
To avoid running into unexpected scenario, add check the active
SAP interface number with configuration of macro QDF_MAX_NO_OF_SAP_MODE
when adding virtual interface.
And in MDM we support 4 SAP, so make the QDF_MAX_NO_OF_SAP_MODE
configurable by Kbuild.
Change-Id: I7b64ae8f580d2b11ab5bd46c9346567f4ceabc39
CRs-Fixed: 3673518
Station connect and csa to less channel width, if we continue
set channel width back to initial connection which is greater
than csa channel width, center freq1 get failed.
Update association channel width and check the value while
set new channel width.
CRs-Fixed: 3683738
Change-Id: I396528abda663d2a77cfc9598ddb89b36c4600ba
Currently, RSO_STOP is sent to firmware if ROAM_SYNC is aborted
due to some reason. Host doesn't check for the current state of
RSO state machine and may send the RSO_STOP twice. Firmware
responds with SUCCESS for the second request and driver
continue to cleanup peer/vdev assuming that it's a normal
RSO_STOP response. This results inconsistency in firmware
as it might be in the middle of peer/vdev cleanup and
leads to ASSERTION.
Check for the RSO state machine status and avoid sending
RSO_STOP twice.
Change-Id: I87cdb4a682095772070a839bbb86e56a9450b299
CRs-Fixed: 3677172
As part of set feature set command, update STA_P2P,
STA_SAP, STA_NAN, STA_TDLS, STA_SAP_P2P, STA_SAP_NAN,
STA_P2P_NAN, STA_P2P_TDLS, STA_SAP_TDLS, STA_NAN_TDLS,
STA_SAP_P2P_TDLS, STA_SAP_NAN_TDLS, STA_P2P_P2P_TDLS,
STA_P2P_NAN_TDLS iface combinations to fw.
Also use WLAN_FEATURE_NO_P2P_CONCURRENCY sta dual p2p
support combination.
Change-Id: I315c219f79995dedb0c2856d326838351d8a3d5e
CRs-Fixed: 3674696
