Removed unused API for open and WEP check, as the logic, to check
open and WEP mode is not valid. If required proper API can
be added later.
Change-Id: Ia57bc28d40a70c8bd3b908400126c9741080a5fd
CRs-Fixed: 2949965
Currently, in get_htc_send_packets() when the
hif_system_pm_state_check() fails, we are not doing a
runtime PM put operation for the corresponding get operation.
This imbalance will never make the system enter runtime suspend
state and also we do a BUG() when such imbalance is encountered
during runtime PM deinit. This change also fixes a potential
memory leak.
Change-Id: I3e5916005d583de42a49dd2dc0632bfcca1251e4
CRs-Fixed: 2947247
Add new API reg_get_band_from_cur_chan_list to build a chan
list based on either primary/secondary current channel list
as per requirement.
The legacy API reg_get_band_channel_list uses primary
current chan list to build a channel list. SAP needs to use
a secondary current channel list. Add a new API for SAP,
reg_get_secondary_band_channel_list for the same. Both these
APIs will call new API reg_get_band_from_cur_chan_list
by passing primary/secondary current chan list respectively.
Change-Id: I1e5573ac9371fc3ce5dc2c387fbd1d47696a161a
CRs-Fixed: 2947516
The value of req->crypto.mgmt_ciphers is bit mask
of wlan_crypto_cipher_type, but the API
wlan_crypto_set_mgmtcipher expects the enum value of
wlan_crypto_cipher_type at present.
Fix by change wlan_crypto_set_mgmtcipher to use bit
mask of mgmt cipher type.
Change-Id: I2d262bbe3f47e41635097ef8ce5722a2baa38001
CRs-Fixed: 2946164
Current in wmi_rx_diag_event_work, rx diag event is processing
in a while loop, if there is continuous diag event comes from
fw, it is possible that it occupy the work queue, and other work
are not able to run.
Break the while loop so give a chance to other work.
Change-Id: I7af6d60aeb8c0524cc51d663658d5b17349daa60
CRs-Fixed: 2948839
AP sets multiple AKM suites in RSN information of beacon
or unicast probe response. In case if the invalid or
unsupported AKM/unicast cipher suite present in the AKM
suite list, the driver detects it as wrong RSN IE and
drops it. This results Device driver doesn't send
authentication to initiate a connection to that AP even
one or more than one valid AKM suites present in RSN IE.
Ideally, the driver should able to initiate connection if
at least one AKM/unicast cipher is valid and supported in
AKM suite list.
Change-Id: I8ed525e3945e4e437d15b496c80b1ad2aef4cb65
CRs-Fixed: 2948248
The current limits of DP RX packet drop thresholds are huge;
In scenarios, where the processing of RX packets is slow, huge
number of packets will be held in the memory and could eventually
lead to out of memory issues. Reducing the thresholds to address
the problem.
Change-Id: I76a2622fb30cda615aeb27fcc9c8e548ffec3e51
CRs-Fixed: 2941885
In wifipos component, channel info array is allocated for MAX_CHANNELS(255)
and passed to the regulatory module which uses NUM_CHANNELS to fill the
channels. NUM_CHANNELS can be more than 255. This may lead to an array out
of boundary access.
Use NUM_CHANNELS in wifipos component to allocate channel info array.
also, add a boundary check on the number of channels received from the
regulatory component.
Change-Id: I5b7a7a4767d8bbb259c5631cf744e57ee3e1effb
CRs-Fixed: 2938879
There is a timing race condition between RTPM suspend flow and
DP TX flow. When TX is queued during RTPM suspend flow. TX
ring update may be delayed. Add a force TX HP flush when RTPM
is rejected due to TX pending frame. This can help to improve
TX pending frames delay when race condition happens.
Change-Id: I6f60f2902dfda630f81528dcf978da6644d18ba7
CRs-Fixed: 2942744
In wlan suspend and resume cases it is seen that group
irqs are getting disabled multiple times without getting
enabled which is causing irqs to be disabled permenantly.
Track for unbalanced disabling/enabling group irqs which
helps to root cause the issue.
Change-Id: Ic1ef637c317f04b3299f17f19208df11ece3c013
CRs-Fixed: 2939809
Scan manager currently has two flags - scan_f_2ghz and scan_f_5ghz
for the requestor to specify which channel bands to scan.
Currently, these flags are not utilized by the scan manager to
control the channels selected as part of the scan request channel
list. As a result, specifying a particular band will not
limit the scan manager to scan only the mentioned band - instead
scanning all supported channels.
Add a check to use these flags to avoid channels from bands
which are not selected.
Change-Id: I86e17184b5bb67cbf951eee5d43a8f80a93718d6
CRs-Fixed: 2934215
Add QCA vendor interface for userspace to get information of usable
channels for different interface types from the driver/firmware.
Change-Id: Ice662b9f14e95f32f853637e73bccd686678f278
CRs-Fixed: 2939047
This is about CFR feature, set max ta ra entries to 4 for QCA6490 and
QCA6750 base on HW design.
Change-Id: Ief62ac394e3991a896d9bb954289e63ac105e74e
CRs-Fixed: 2939149
Use the qdf_assert_always instead of qdf_assert when rx_desc is NULL
getting by dp_rx_cookie_2_va_mon_status to capture real problem here
since the qdf_assert does not do anything.
Change-Id: I480917ecaf30f9faa4fdcda93c09a59e972a7e1c
CRs-Fixed: 2944083
New regdomain of MKKN added channel 144 to JP.
Add 144 (5720Mhz) to JP outdoor frequency.
Change-Id: Ic50dd3aeb4e192672b71c7173b9fd4b4072b0e0a
CRs-fixed: 2943076
HTC buffer is freed in enqueue failure case. Then it is requeued to
htt_htc_pkt_misclist also. In deinit flow, misclist entry should be
cleared, so buffer double free is hit in this stage. Make a change
to not requeue this frame to misclist.
Change-Id: I0211c4b548d7df7176ee72a83e21f8fcf7fa464c
CRs-Fixed: 2942972
For some concurrency scenarios, there is a need to have each session
operate in independent power modes. To achieve this, add a second
current channel list to store info for the secondary power mode.
Also add the APIs to read from the secondary channel list.
Change-Id: Ib1bd712645de05786ea6d4bbfe6163c385bdfeaa
CRs-fixed: 2944483
On a partial offload chipset, when radar is detected on a DFS channel,
the host dfs wait timer (timeout of 200ms) is started, but there is a
delay in sending the avg_params to the FW. This delay happens for approx
330ms due to some high priority interrupt, due to this, the thread that
sends the avg_params to the FW seems to be suspended.
Host timer expiry is seen, and due to this there is a new target channel
chosen and multivdev restart is sent to the FW (the vdev is in restart
progress state). At this moment, the FW spoof timer (timeout is 300ms)
gets expired and a status code of 1 (indicating spoof failure) is sent
in the host dfs status WMI event. Due to this, the DFS channels are
blocked and the channel list is rebuilt with only non-DFS channels.
A non-DFS channel is chosen as the target channel. Since the vdev SM is
currently in restart progress state, when radar event is posted to the
vdev SM, assert is triggered and this leads to a crash.
The timeout value of the host timer is 200ms and the FW timer is 300ms.
The Host timer should be greater than the FW timer.
Therefore, increase the Host status timeout value from 200ms to 350ms.
Change-Id: I86858377fd5041922f232a1ac3d5ab781c7a63c1
CRs-Fixed: 2936809
CVE-2020-26145
Broadcast and multicast frames should never be fragmented. Several devices
process broadcasted fragments as normal unfragmented frames. Moreover, some
devices accept plaintext fragmented broadcast or multicast frames in
protected Wi-Fi networks. An adversary can abuse this to inject packets
by encapsulating them in a fragmented plaintext broadcast frame. Even
unicast packets can be encapsulated in broadcast Wi-Fi frames and hence
be injected.
Change-Id: I3181a05e177cf9374a14edb748bc5001d058e0f3
CRs-Fixed: 2893212
Drop non-EAPOL frames from unauthorized peer in security mode.
Enabling this feature by default with this change.
Change-Id: I9878b37088149e34f456a38a9c0f722e4c5ee49a
CRs-Fixed: 2943789
Provide multiple combinations to configure the msi interrupts
of DP and CE based on the number of MSIs available in the platform.
Number of MSIs used for CE and DP can be changed by modifying the
MSI assignment table in platform driver. Best possible mask for that
MSI is automatically chosen based on predetermined settings.
Change-Id: I02b44fb033631d69d97f2d8d2d3f698541d37aad
In some RX backpressure cases, we see the HW accessing REO
queue descriptors of a deleted peer(after the queue descriptors
are unmapped/freed), this is leading to SMMU faults. There are
cases where the HW is accessing the stale REO queue descriptors
after ~12seconds after the queue descriptors were freed.
In order to avoid the problem, HW team has suggested to defer
unmapping/free of REO Queue descriptors. Add the logic for the
same.
Change-Id: I5b1fb966dc75b963ccc9d22c40272c8d1d8d6026
CRs-Fixed: 2939223
It's regression of change: qcacmn: Fix smmu fault for tx buffer unmapped.
Only 1 tx buffer is smmu mapped for IPA with it.
During STA-SAP tethering, when IPA access 2nd tx buffer, smmu fault
happens.
Remove qdf_assert_always since it already exists in
__dp_ipa_handle_buf_smmu_mapping.
Change-Id: Ife8ed17d85a8bcfc507c312001af4b905c9b3a27
CRs-Fixed: 2937435
Modify check to ensure packet number is consecutive for
fragments and drop the fragments if the check fails.
Change-Id: I2ca0ef6211594ba35aae894e6a385d3d5778bff6
CRs-Fixed: 2874369
Register dp_peer_flush_frags API in dp peer ops
for flushing fragments for a particular peer.
Change-Id: Ia179d3160bdc306ec965c465134042c66a0c40a6
CRs-Fixed: 2874366
For security cert TC, RSNIE length can be 1 but if the beacon is
dropped, old entry will remain in scan cache and cause cert TC
failure as connection with old entry with valid RSN IE will pass.
So instead of dropping the frame, do not store the RSN pointer so
that old entry is overwritten.
Change-Id: I2fe4d2dd2352be6850f7a18a2ec829733ded7ee8
CRs-Fixed: 2944120
Some of the targets require more QDF nbuf history
size, so making the size configurable keeping
default same.
Change-Id: Ic4ac43a1eacb1e58c0a05b794349525d614d7fc8
CRs-Fixed: 2929968
Firmware generates wmi Rx diag events every few milliseconds,
and processing the same in system shared work queue may lead to
work queue lock-up detection. Hence, move Rx diag event processing
to dedicated work queue.
Change-Id: I10cdde317794e35bc6d10677ab76ea24a66e1880
CRs-Fixed: 2941409
Add new ini's for assoc active and passive dwell time
for 6g. These will be applied if STA is connected.
Change-Id: I680fbd3038968ecf6ff9920fff982456135bfd77
CRs-Fixed: 2941359
Even though HP/TP updates are posted writes at CPU level, they
are getting blocked until soc comes out retention which is hogging
CPU.
To avoid this if EP is in low power state update HP/TP writes from
delayed work context. In delayed work vote for EP awake wait till it
comes out low power state and then proceed to HP/TP update.
Change-Id: I61d5795f58f25f850b5a9ad4d30e3181dba23713
CRs-Fixed: 2913495
In monitor mode, when the channel is set to any 2G band channel
the mac_id passed to dp_mon_process API is 1. As part of
dp_rx_buffers_replenish, refill history is logged and the
mac_id is used to index into the history array. The array is
of size 1 and OOB access would happen when ring_num which
is the mac_id, passed in is 1.
Fix is to pass the pdev->lmac_id instead to
dp_rx_refill_ring_record_entry and add ring_num sanity check.
Change-Id: Id824ec8b01e7923ad74771d5f34a25f5fccb65f3
CRs-Fixed: 2939544
For every channel change, a print is displayed onto console.
reduce log level to suppress print.
CRs-Fixed: 2921656
Change-Id: Ib300ecc17c09412aa6502cc45ec1c4b7da3b54ce
In cm_update_scan_db_on_connect_success, the current candidate is
always retrieved from connect req even when the resp is for reassoc
this can lead to invalid pointer access.
Fix this by getting current candidate from roam command for reassoc
resp.
Change-Id: I99afc49abd7581cf43279654a5fe1e67e2448bd0
CRs-Fixed: 2941836
