The AP rejects the FILS-IM association request with reason
"Invalid IE format". In the assoc request, two problems are
seen:
1. The RSN IE has a junk group management cipher suite.
2. FILS HLP container IE is fragmented, and the fragment
IE does not immediately follow the HLP container IE.
In the assoc request, the RSN IE encoded in the authentication
is unpacked and the PMKID is replaced with the pmkr1 name
derived at the end of FILS authentication. Currently, the
existing PMKID in the RSN IE is replaced only if the group
management cipher is present. In non-802.11w case, the new
PMKID is appended at the end of existing PMKID, and leads to
improper IE format.
To fix this, replace the existing PMKID whenever PMKID is
present.
To fix invalid HLP container IE format, encode the HLP
container and its fragment IEs together in the assoc request.
Also, inorder to get the pmksa match from the crypto table for
a FT-FILS, fill both ssid and cache ID. Without cache id, the
cached entry is not updated with MDIE.
Change-Id: I654b5527a726eb7872b90fb19a3d97623f3caa68
CRs-Fixed: 3233081
Currently for big data stats, driver stores correct rssi
value in cache_conn_info. But since vdev is in disconnected
state and unified_ll_stats_get_sta command is queried periodically
for every 3 seconds, firmware will now return 0 as a new rssi value.
The correct rssi value which is stored in cache_conn_info now
gets overwritten in hdd_lost_link_cp_stats_info_cb.
To avoid this issue, do not overwrite the rssi value for
big data stats if the rssi value returned by firmware is 0.
Change-Id: Iee0dba113d6ed684c00230a2714744191bcd0f7f
CRs-Fixed: 3248245
Correct description of ratemask_set ini for VHT mode
to avoid wrong configuration.
Change-Id: I91b887d8268f8faa0d0c32f90da032d00eaa14f2
CRs-Fixed: 3198950
In ath_pktlog_hdr, uint32_t type_specific_data member is
required for the framework while parsing with structure
type wh_pktlog_hdr_v2_t and without this member leads to
crash in userspace.
wifi hal expects "status" variable which is inside struct
packet_dump to be of "tx_pkt_fate" enum and any value
other than this will cause a tombstone crash.
As sizeof (struct ath_pktlog_hdr) is different in driver
and wifi hal, if PKTLOG_HAS_SPECIFIC_DATA is not enabled
then "status" is not decoded at correct offset which
causes the crash
So, feature flag PKTLOG_HAS_SPECIFIC_DATA is made available
globally to avoid crashes in userspace.
Change-Id: Ie6aca4bbcb5795595945cc4470162ab32c9c6734
CRs-Fixed: 3241071
In target_if_get_roam_vendor_control_param_event_handler,
there are 2 possible NULL pointer dereference issues:
1. Host calls target_if_get_psoc_from_scn_hdl API to get
psoc object. But as per current logic even if psoc is
NULL, psoc is dereferenced by passing it as an argument
to get_wmi_unified_hdl_from_psoc.
2. Host calls get_wmi_unified_hdl_from_psoc API to get
wmi_handle pointer. But as per current logic even if
wmi_handle is NULL, wmi_handle is dereferenced by
passing is as an argument 1 to function
wmi_extract_roam_vendor_control_param_event.
Fix is to update the sanity check logic for psoc and
wmi_handle pointers to avoid possible NULL pointer
dereference.
Change-Id: I3c3df062b538b05218e729d7bf6806e221073269
CRs-Fixed: 3242435
Restrict BW for TDLS when connection is made
in 2.4 GHz to that of AP.
Also, restrict the BW if the TDLS connection
is made in DFS channel.
Change-Id: Ida8693837b4b8e11a706b5b9fa482399630d2beb
CRs-Fixed: 3246100
Currently host driver does not validate bw in lim parse tpe ie
api before it gets next higher bw, there is a possiblity
that this bw becomes invalid and driver ends up with out of bound
access for get higher bw array.
In current scenario when host driver tries to start vdev on
frequency 5640 for country US and executes this API for frequency
5640, at the same time country is changed to CN and this frequency
becomes invalid. so in the execution of this API host driver gets
invalid bw from reg set param and ends up with out of bound access
for get higher bw array.
To address above issue, add a check to validate bw before driver
acceses get higher bw array.
Change-Id: I335057f75f67408275003b3fd7830c740eead301
CRs-Fixed: 3239465
- Validate and process the ML probe response
- Drop the beacon frame if ml probe sent flag is true
Change-Id: Id55cd381bab334628650e19e74044ca102f65dbc
CRs-Fixed: 3237674
Currently, phy_mode AUTO is not considered for candidate scoring
config if the platform doesn't support 11BE currently. This is
added as part of 11BE changes and the mode is considered fine
before the change I7f35379b94dcb64dec0da463b95967125dc7fd14.
This doesn't seem to be intentional.
So, consider phy_mode AUTO also for legacy platforms.
Change-Id: Id2eaa8208f5bf5a875e1e72a2117a24b070e6e6b
CRs-Fixed: 3242455
check memory size in dp_prealloc_get_context_memory, if memory size
needed > pre-allocated, then fall back to dynamic memory allocation.
Change-Id: I2727feef066046b54dff9206a1f6699ef4455fe8
CRs-Fixed: 3222594
Currently host driver deletes NDI interfaces using
vendor command. With the kernel 5.12 version onwards,
interface deletion is not allowed using vendor commands
as it leads to deadlock when driver tries to acquire
the RTNL_LOCK at the time of netdev register/unregister.
With this change, support both del_virtual intf and ndi
delete vendor cmd to stop and deinit adapter.
Now, with NDI delete vendor subcmd, NDI is down as stop adapter
and deinit adapter is executed and del virtual intf will clean
up(stop, deint and close) the adapter.
Since ndi delete vendor cmd already comes with the rtnl lock
and driver does not need to take the rtnl lock again
which will help to avoid the above issue.
Change-Id: I0fe69b1648dc76b902b8eea1fc4aef695d1bd152
CRs-Fixed: 3170293
After channel switches to new channel, STA sends sa query request to
AP/SAP device. SAP process sa query request and if OCI is invalid in
that sa query, then it sends deauth to STA on new channel.
Change-Id: I52a5dcaf2e0826d3bd899d7f52f02400927c4ae6
CRs-Fixed: 3227530
Wrong value of Roam reason and sub-reason code is sent to
userspace via diag logging.
Convert the value of reason and sub-reason code to qca
specific code before sending it to userspace
Change-Id: Iebdc5f8673e2da6a208a89caca9a742202256bcc
CRs-Fixed: 3236178
Currently a userspace request to enable NS offload dynamically
gets rejected if the offloads are in disabled state.
After this change, when a request to enable or disable of NS offloads
is received in the host and if the trigger type is to dynamically update
the NS offloads, then update the dynamic offload configuations and inform
the FW.
Change-Id: Ifb4a1d37b5f2e6c89d043b00f9cc0aaf426d870e
CRs-Fixed: 3237980
Add following host fixes related to EMLSR association.
1) Use phy cap get macro to extract EMLSR hw mode id.
2) Add logic to send EMLSR cap flag during vdev start.
3) Add logic to copy EML caps from assoc link common
info subfield to MLO peer assoc struct in order to
share EML caps to FW on both links via peer assoc.
4) Add checks to update EMLSR cap flag only if both
STA and AP support and advertise EMLSR mode.
5) Send EMLMR support flag along with EMLSR support
flag to FW as part of vdev set IE cmd for roaming
scenarios. Also, update common info length when EML
caps are present.
Change-Id: Ied2570d498a43adadd93899d4fdbe023d320676b
CRs-Fixed: 3235059
When intolerant STA connects to SAP, the forty MHz intolerant bit
will be set to 1 in assoc request frame.
So when supplicant triggers to change the channel width, the
secondary channel offset or supported channel width ie in HT info
field of beacon should be 0 instead of 1.
As part of fix, copy sec_ch_offset from start_bss_config
structure and store it to cbmode of csr session during bss
start. So whenever channel width change request comes, this
cbmode will have non zero value and it will set the secondary
channel offset as 0 internally.
Change-Id: Iaa5461ef7d72e9bdf942dd0faab7c0409611ca7e
CRs-Fixed: 3245288
If SAP is initially started on 40 MHz bandwidth, keep using it.
But still keep the old logic 20 MHz for internal CSA for SAP.
This is to fix the SAP can't bring up on 2.4 GHz 40 MHz bw if SAP
OBSS scan disabled and configured as HT40 in hostapd conf.
Change-Id: Ib01be7fe594130f1eee35e3bfb773b1e913ec9c1
CRs-Fixed: 3234564
Update the link address on which association has
happened for SAE authentication.
Change-Id: I0e3e386a8ec028ace04f0f81bc48a65be52ba1a2
CRs-Fixed: 3225835
In the cm_roam_result_info_event() api, for roam result the
current AP bssid is sent instead of candidate AP.
Correct this to send candidate AP bssid during roam result
logging.
Change-Id: I4b1d4634faa3fbf3e7b32af8c13d4b444d26c505
CRs-Fixed: 3237021
When SAP tries to come on 2.4 GHz channel with 40 MHz bandwidth
then it should start on same bandwidth if no other interface is
up. But currently SAP is getting switch from 40 MHz to 20 MHz
even in standalone case.
As a part of fix, check any other vdev is present on same mac or
not. If it's not present then start SAP on given bandwidth
Change-Id: Id9625a3dfaec34480f86b7ca1459ea33c32299fe
CRs-Fixed: 3226558
Add change in bus bandwidth to set set high bus vote
level into DP component introduced by change to
skip special frame rate info update.
Change: Ie8989dde506c654525099f9d154abe93162a0bac
Change-Id: Ib0a2241ac63536fe885c89715d70c778af444f2d
CRs-Fixed: 3245764
In MLO case two link adapters will be present, only one link adapter
shares vdev with MLD adapter other link adapter has its own vdev.
But currently for both link adapters vdevs same MLD adapter mac is
provided fix this by checking shared vdev link adapter.
Change-Id: I54c9c270052bfa1b6884d742a20e01a08a4df39c
CRs-Fixed: 3200644
build script changes to include DP component files
Changes were backed out because of association issue
introduced by MLO adapter to DP interface mapping issue
and to avoid any further regression.
Re-introduce changes after preforming complete sanity
to vet out any regression which might be introduced
by these changes.
Change-Id: I8c185e7496a8c7315b7bdd2c0bd98bb60a047f86
CRs-Fixed: 3198619
Cleanup HDD code which is refactored to
DP component.
Changes were backed out because of association issue
introduced by MLO adapter to DP interface mapping issue
and to avoid any further regression.
Re-introduce changes after preforming complete sanity
to vet out any regression which might be introduced
by these changes.
Change-Id: If5f1cf432b5c02848202debee7de696b2f20be9a
CRs-Fixed: 3198619
All the DP specific code logic is moved out of HDD to
new DP component. So update HDD module to use newly
introduced DP component APIs for DP specific operations.
Changes were backed out because of association issue
introduced by MLO adapter to DP interface mapping issue
and to avoid any further regression.
Re-introduce changes after preforming complete sanity
to vet out any regression which might be introduced
by these changes.
Change-Id: I377aecc4343e75dd17d279a2eb84fc49e737e784
CRs-Fixed: 3198619
Add and register HDD callback APIs with DP component.
With this changes DP component will be able to call
HDD APIs which cannot be moved to DP component,
and to get information from HDD.
Changes were backed out because of association issue
introduced by MLO adapter to DP interface mapping issue
and to avoid any further regression.
Re-introduce changes after preforming complete sanity
to vet out any regression which might be introduced
by these changes.
Change-Id: Ie55ab16cb25a93061d09684a9eda5738f4e151a8
CRs-Fixed: 3198619
HDD changes to incorporate new DP component
Changes were backed out because of association issue
introduced by MLO adapter to DP interface mapping issue
and to avoid any further regression.
Re-introduce changes after performing complete sanity to
vet out any regression which might be introduced by these changes.
Change-Id: I058b9121c8490e9b0906421a35e01c55a1a7c25a
CRs-Fixed: 3198619
Currently in host driver, for non-random mac addr, ndi mac addr
pointer is null, so, hdd_ndi_set_mode function returns error.
To fix this, dynamic mac address is updated for only randomized mac
in hdd_ndi_set_mode function. Thus, null pointer check is removed
and function does not return the error.
CRs-Fixed: 3243783
Change-Id: I27fff615ec66acfd86bd13449b79b0d36469803f
