In extract_roam_scan_ap_stats_tlv, if param buf is null, null
pointer dereference can happen while trying to access
num_roam_ap_info in the error message print.
Return failure if param_buf is NULL
Change-Id: I9f5cbb5534d1ef58bb9406ba8dc0aa68a9f8c194
CRs-Fixed: 2669350
The roam sequence in LFR-3.0 is roam scan start notification
from firmware followed by roam start indication and then
roam synch,roam synch frame events. Roam start is sent
after candidate selection and host driver will disable
queues when roam start is received.
But for emergency roam trigger, firmware sends roam start
indication directly without notifying roam scan start to disable
data path queues immediately after deauth received from the AP.
So roam start is received before roam scan is started at firmware
and before candidate selection is done.
After roam start notification, host sends scan abort for all scan
on vdev by setting scan command request type to
WMI_SCN_STOP_VAP_ALL. This results in roam scan getting aborted at
firmare in emergency deauth roaming case and roaming fails.
Introduce new vdev id value based on which the scan module will
abort only host triggered scans setting the flag
WMI_SCN_STOP_HOST_VAP_ALL in the scan request.
Change-Id: I3a162c55d4a008ff986fd957bed395b39c060bb5
CRs-Fixed: 2636410
'jiffies' does not include the device sleep time.
Use qdf_get_monotonic_boottime to monitor lapse of time for nol.
Change-Id: I6e00e003b8ee3d456ac4ec62b23fdaa02d577672
CRs-Fixed: 2652692
Split dp_rx_pdev_attach into dp_rx_pdev_desc_pool_alloc,
dp_rx_pdev_desc_pool_init, dp_rx_pdev_buffers_alloc and
dp_rx_pdev_detach into dp_rx_pdev_desc_pool_free, dp_rx
_pdev_desc_pool_deinit, dp_rx_pdev_buffers_free APIs
This split is made because dp_pdev_init is introduced
as part of this FR and these APIs will be called from
dp_pdev_init/dp_pdev_deinit or dp_pdev_attach/dp_pdev_
detach accordingly to maintain the symmetry to DP init
and deinit path
Change-Id: Ib543ddae90b90f4706004080b1f2b7d0e5cfbfbc
CRs-Fixed: 2663595
Split dp_mon_link_desc_pool_setup to alloc and init APIs and
dp_mon_link_desc_pool_cleanup to deinit and free APIs
This split is made because dp_pdev_init is introduced
as part of this FR and these APIs will be called from
dp_pdev_init/dp_pdev_deinit or dp_pdev_attach/dp_pdev_
detach accordingly to maintain the symmetry to DP init
and deinit path
Change-Id: I36b2a98bd317010124916e0b2779938eba3883ea
CRs-Fixed: 2663595
Split dp_hw_link_desc_pool_setup into dp_hw_link_desc_pool_alloc,
dp_hw_link_desc_pool_init and dp_hw_link_desc_ring_init APIs, and
likewise split dp_hw_link_desc_pool_cleanup into deinit, ring_deinit
and dp_hw_link_desc_pool_free APIs
This split is made because dp_pdev_init is introduced
as part of this FR and these APIs will be called from
dp_pdev_init/dp_pdev_deinit or dp_pdev_attach/dp_pdev_
detach accordingly to maintain the symmetry to DP init
and deinit path
Change-Id: I1682a59847db5d3441e85b00768667066bf5edf2
CRs-Fixed: 2663595
Split dp_srng_setup into dp_srng_alloc and dp_srng_init
likewise split dp_srng_cleanup into dp_srng_deinit and
dp_srng_free
This split is made because dp_pdev_init is introduced
as part of this FR and these APIs will be called from
dp_pdev_init/dp_pdev_deinit or dp_pdev_attach/dp_pdev_
detach accordingly to maintain the symmetry to DP init
and deinit path
Change-Id: I421fbd5bce074af6f75c147742f44e03568e6403
CRs-Fixed: 2663595
For qcn9000 in case of monitor mode, reap monitor destination
ring first and status ring later to avoid backpressure
on monitor destination ring
Change-Id: I4e1931afe0453221f1326ca7bdb7f0273cc7363d
CRs-Fixed: 2670656
As part of the Rolling CAC State Machine, introduce three state
enums (INIT, RUNNING and COMPLETE) and the corresponding state
events.
Introduce generic APIs such as dfs_rcac_sm_create,
dfs_rcac_sm_destroy and dfs_rcac_sm_deliver_evt for rolling
CAC State machine operations.
CRs-Fixed: 2659666
Change-Id: I528db71aa7d21dced7e47ff4f9cccfbfe94c8c21
Module param qdf_log_dump_at_kernel_enable is set to
false by default in wifi script when no value configured
through UCI so make kernel level logging unlikely.
Change-Id: I4aa3547c4049562b1cad63eb20d75b5b166a04c2
CRs-Fixed: 2664926
Restrict DMA Map/UnMap upto buffer size for packets in rx process.
This gives 2-3% cpu gain in peak throughput.
Change-Id: Iaf5e9f6f734d80b6d2c234bd8e679cf2a81c7e2c
CRs-Fixed: 2660698
During initialization of driver, the runtime pm usage
count is incremented to 1 when the pm state is NONE.
Runtime get is done as part of htc send packet for
a wmi command in scheduler thread context. In kworker,
runtime_start is processed as part of driver load and
runtime put is done prior to updating the pm state to
ON. Runtime put triggered as part of htc send packet
causes a panic since the state is NONE and usage
count is 1.
Fix is to set runtime pm state to ON prior to doing
a runtime put as part of initialization.
Change-Id: I52cca5240f2f0872c681aab3a58a382f3fa1df0e
CRs-Fixed: 2669029
Decouple IPA TCLring and IPA WBM completion ring size from regular
Tx TCLring and WBM completion ring size configuration.
This is required as there is limitation on IPA GSI rin size
configuration.
Change-Id: I689d0e8ca72f069c5b68dc1789358e091c554d30
CRs-Fixed: 2665010
Increase Tx HW and SW to 2K and 4K for qca6490.
This parameter change is based on the tuning exercise of 1Tx:8Rx device
tests in NaN scenario. This is helping Tx device to burst to multiple
Rx peers, there by improving the TPUT.
Change-Id: I28e1eafb78612c68fe172a640b1386ac88e051a2
CRs-Fixed: 2657056
Make _qdf_nbuf_unmap_nbytes_single to use in dp_rx_process.
Non-inline version takes more CPU.
Change-Id: Iaf5e9f5f734d81b6d2c234bd8e579cf2a81c7e2c
CRs-Fixed: 2634679
The number of rx chains in target is different to the value in host
side, this change converts the value from target to host.
Change-Id: I86044bf12e958da312924827a3fd1e6799beaf41
CRs-Fixed: 2668403
The parameter info is not updated in the
doc for qdf_bitmap interface.
Update the parameter info in the qdf_bitmap interface.
CRs-Fixed: 2660881
Change-Id: I4292d5563c2f92c42673098d7d87385d2b9be113
Size of the TLVs have changed across generation of chipsets
Offset values need to be configured into DMA register for preheader DMA
Added APIs to get offsets of each TLV based on chip type
Change-Id: Ic011332cbf3a1017f324f246e47c9e2c91441c70
Validate number of wds entries deleted during peer unmap
handling with the number which firmware has sent in
peer unmap message, which indicates the number of
wds ast entries deleted by firmware after peer delete.
Change-Id: I09e1c41bab19cd023e7a83baf1e90d51aab4229e
CRs-fixed: 2667445
The delayed register write enqueue fills a queue element
with the required data which can be dequeued in a workqueue
running on a different CPU. Since these operations are not
lock protected, there can be stale value access when memory
write has not been flushed to the actual address.
Using write memory barrier before setting the valid flag for
a queue element will make sure that the dequeuing worker
thread will always see the updated values if the element valid
flag is set and thereby avoid any race condition.
Change-Id: I81b0735f0fb39599095ad309157020c691e25a0b
CRs-Fixed: 2665576
Add an API wlan_reg_update_pdev_wireless_modes to update the wireless
modes in regulatory pdev_priv_obj with the wireless modes given as
input to it.
Change-Id: I2388b26da0d4c485b1b73b3ffb8f4b30767c31ee
CRs-Fixed: 2661579
As a part of vdev responses from the FW, the driver fetches the
appropriate vdev_response_timer info using the vdev_id. This vdev_id is
taken from the response coming from FW. Currently, this vdev_id is not
being validated and is being used to access the array psoc_vdev_rt. This
can potentially lead to out of bounds access.
Add validation to the vdev_id before performing the fetch operation.
Change-Id: I6f25a14ccc3c8a96a1b6c863a760809c29de4003
CRs-Fixed: 2658462
In kernel logs, qtimer currently logs the time-stamps in decimal. Change
time-stamp from decimal to hex in order to order to help correlate
better with other logs in hex qtimer time-stamp.
Change-Id: I46964609645305b1847406841e1b1b641aae9074
CRs-Fixed: 2666868
1) Modified MSI interrupt mask for QCN9000 so that rx and tx
interrupts can be decoupled.
2) Removed lmac interrupts from polling mode and switched
them to msi interrupts. Added MSI masks for lmac rings.
3) Enable monitor mode LWM interrupt. This was already enabled in
integrated ahb interrupts but missing in msi. Replenish buffers in
RXDMA refill ring based on low threshold interrupts in addition to
regular Rx processing. Also made interrupt batch counter threshold as 8
for monitor status ring since ppdu end interrupts are not available in
PCI chipset and require srng msi interrupts to reap monitor status ring
Change-Id: I5c84b14d6b0a9c26fb3f0d67c349e79751a60861
In current monitor status ring implementation,
on pdev_attach, (srng->num_entires – 1) entries
(to keep one entry slot between hp and tp)
are replenished and last entry is not replenished to HW.
With qcn9000 monitor mode HW enhancements, status and destination ring
can be made lock-stepped.
for qcn9000 lock step is achieved by making monitor status ring
follow the monitor destination reap for a PPDU
However in existing flow during attach monitor status replenish logic
do not fill last entry but is filled up during first subsequent reap.
for first ppdu, i.e. after reaping destination ring,
when status ring is reaped, as first entry (hp = srng->num_entires – 1)
in status ring is NULL, so lock-stepping is not achieved.
To address this issue for qcn9000 as well as HK:
a. Replenish last entry in monitor status ring during attach
b. Modify src srng peek API to peek it from hp+1 entry
c. Introduce new HAL API get cur desc and move next
d. Remove WAR to skip status ring entries if DMA is not done
Change-Id: I60b8e7c075253d37e6b849a9b24f473c5afce82c
CRs-Fixed: 2626049
- For directly connected peers, during peer de-auth,
a Single Peer delete request to the FW from host
should delete all AST entries attached to the peer.
- This optimization is aimed at optimizing host-fw
handshake messages
Change-Id: Iaebe2022f90ef9a10a6a0f37b21c409cf9e9ea39
CRs-fixed: 2647242
Feature Description:
FCC/JP domains do not support PreCAC. However, we can always start
beaconning in a channel if we have completed CAC in that channel for more
than or equal to the CAC period of that channel.
If an Agile engine is available and the next channel is known, we can
start CAC in the next channel using agile, while continuing the Tx/Rx
in the current channel. And when we want to start beaconning in the
next channel after a radar detection (or after/for a user request) we can
do so without any new CAC. This allows us to jump to the new channel
without having to disrupt any ongoing data traffic. This type of
continuous CAC in the next channel while operating in the current channel
is known as Rolling CAC.
Following changes are implemented:
I)Per DFS PDEV:
1) 'dfs_agile_rcac_freq' to store agile RCAC frequency.
2) 'dfs_agile_rcac_ucfg' to enable/disable RCAC feature.
II)Per DFS PSOC:
1) 'dfs_rcac_timer' is the only RCAC timer for the device/Psoc. This will
be shared by pdev level dfs objects.
2) 'dfs_rcac_timer_running' to indicate if RCAC is running or not.
III) New APIs:
1. A dispatcher API 'ucfg_dfs_set_rcac_enable' to set rcac config.
2. A dispatcher API 'ucfg_dfs_get_rcac_enable' to get rcac_config.
3. A dispatcher API 'ucfg_dfs_set_rcac_freq' to set user configured
rcac freq.
4. A dispatcher API 'ucfg_dfs_get_rcac_freq' to get the user configured
rcac freq.
5. Rolling CAC timer init/deinit APIs.
CRs-Fixed: 2659666
Change-Id: Iae002b2ab77964fca4faf237b0d0a4e2f2afe4c2
The gwlan_logging struct is used by offline tools, so it needs to be
made non-static. Remove the static keyword from gwlan_logging.
Change-Id: I05f47328914c40a2c957ca404b6681ba8507d367
CRs-Fixed: 2663164
Enable monitor destination ring interrupt to fix
packet is getting stuck in monitor mode.
Fix and add monitor mode debug count
Change-Id: I74efdcf6a4373dd73e373285c8cd3aa5757cd0b2
Add new crypto API to set the single PMK AP flag in
crypto pmksa entry and to clear the BSSID entries in the
crypto pmk cache with the SAE single pmk flag set.
Clear the entries with Sae single pmk flag on connection
and roaming success case. Mark the BSS as Sae pmk capable
after initial connection and roaming if the AP advertises
the VSIE
Change-Id: I42ca0c3a70945f974eec1065661ac0b781096126
CRs-Fixed: 2652936
This is regression issue.
regression cause I24cddb9d10e4cb675c8375cbd0f589c7718bd680.
Issue happens in get_htc_send_packets, and it is possible
htc_packet_dequeue but hif_pm_runtime_get failed as suspend
state.
Revise to original logical before regression change.
Change-Id: I74c309d7a3decdd6fe905e9f1e61916905876aec
CRs-Fixed: 2663338
During dp_tx_hw_enqueue writing into HW SRNG,
if devcie is already runtime suspended, set the
SRNG_FLUSH_EVENT, so that it will be flushed
as part of dp runtime resume callback.
Change-Id: I95e74844cf74eb4f73862da3da9d93422f1eea8c
CRs-Fixed: 2664660
The cleanup done in case of pdev attach failure
does not deinitialize the IPA tx and rx buffers.
Also the tx descriptors are not freed in this
cleanup path.
Due to this, the tx descriptors and IPA tx/rx
buffers memory is neither freed not unmapped.
Fix this pdev attach failure cleanup path to
avoid memory leaks.
Change-Id: I570e3618f0f48f56749466fce5bcba5a4ef1c161
CRs-Fixed: 2663036
In order to avoid panic in hif_pci_runtime_pm_warn(), call
qdf_is_fw_down() to check if fw is down. If fw is down, return without
panicking.
Change-Id: I3fd3e0334220c1cf3ae6b3ec3fd5b1ede1705013
CRs-Fixed: 2664133
Change DP interrupt names to unique values so that
interrupt affinity can be adjusted based on this. This is
similar to what is being done for Copy Engine interrupts.
Change-Id: I7f1789c8c0103e7c01b0a2956a7a37149c7462d1
Add qdf wrapper for function dmac_inv_range. This
invalidates the specified virtual address range.
Change-Id: Ia3f92cb5136dbdbfea1e9cda8a52b474456a4e0a
CRs-Fixed: 2634679
In target_if_vdev_mgr_rsp_timer_cb host send failure resp to vdev mgr
and then trigger recovery. Thus the next cmd can go to firmware before
recovery and this result in firmware states getting cleaned up and
this it's difficult to get the info from firmware for the timeout.
Thus trigger recovery before sending failure resp for vdev cmd timeout.
Change-Id: I645837e754750969744016f2da78c174308acfad
CRs-Fixed: 2665947
Provide global function pointers for accessing DFS APIs that
1. Configures (enable/disable) rolling CAC feature.
2. Retrieves the current configuration of rolling CAC feature.
3. Programs a rolling CAC frequency.
4. Retrieves the current rolling CAC frequency.
CRs-Fixed: 2659495
Change-Id: I7fc63d150f4dc1cb5db4d671ff21c01caaf38aaf
