set mvdev to null only if mvdev is pointing to vdev
for which monitor vdev detach is called.
Change-Id: I5c82db4e8ea192636a8c322c36f55a5574f9dcee
CRs-Fixed: 3015003
Add an API wlan_reg_is_afc_power_event_received, to check if AFC power
event is received.
Add an API wlan_reg_get_6g_afc_mas_chan_list. to get the AFC master
channel list.
Export wlan_reg_get_6g_afc_chan_list so that it can be used by
APIs outside the UMAC module.
Change-Id: I09338a41f38e4db03f00ef2c15e9a0b7805f649e
CRs-Fixed: 2991293
WMI_MGMT_RX_REO_FILTER_CONFIGURATION_CMD is used to the configure re-order
criterion for incoming management frames.
Add target_if and tgt layer support for the same command.
Change-Id: I5daaf4d095774d751d98a27fd77dec9daaa6b16a
CRs-Fixed: 2960488
API "target_if_wifi_pos_oem_rsp_ev_handler" is the handler for
the event with WMI_OEM_RESPONSE_EVENTID. Host receives
"rsp->dma_len" from fw. The integer overflow occurs if
"oem_rsp->dma_len" is big enough while calculating the total
length of the Oem Data response buffer.
Fix is to add a sanity check for rsp->dma_len to avoid integer
overflow.
Change-Id: Idfbd358f62534eae0147f03505ced5728877a269
CRs-Fixed: 3001191
WMI_MGMT_RX_REO_FILTER_CONFIGURATION_CMD is used to the configure re-order
criterion for incoming management frames. Add WMI layer support for the
same command.
Change-Id: If1498fd4fbccd86e7d54d9eac268868b36523d06
CRs-Fixed: 2960472
When MGMT Rx REO feature is enabled, FW will be sending MGMT Rx REO
parameters TLV as part of WMI_MGMT_RX_EVENTID for the frames that require
reordering. Add APIs to extract the same.
Change-Id: I57b132927cf413384d680b5778bfe6a2e2737adf
CRs-Fixed: 2960471
The purpose of the multicast Domain Name System (mDNS) is to resolve
host names to IP addresses within small networks that do not include
a local name server.
It utilizes essentially the same programming interfaces, packet formats
and operating semantics as the unicast DNS, and the advantage is zero
configuration service while no need for central or global server.
Based on mDNS, the DNS-SD (Service Discovery) allows clients to discover
a named list of services by type in a specified domain using standard
DNS queries.
Here, we provide the ability to advertise the available services by
responding to mDNS queries.
Change-Id: Ie6a3cd319d219c2f338d83f4bdbd704a090711c4
CRs-Fixed: 3008552
Create a new struct afc_regulatory_info to store the parameters
received in the WMI_AFC_EVENTID.
Also add the following members to the wlan_regulatory_pdev_priv_obj:
1) bool is_6g_afc_power_event_received
2) bool is_6g_afc_expiry_event_received
3) struct regulatory_channel afc_chan_list[NUM_6GHZ_CHANNELS]
4) struct regulatory_channel mas_chan_list_6g_afc[NUM_6GHZ_CHANNELS]
Change-Id: I27ae8545e28bc2ca1c7004d2d2adcc539dc9a8f9
CRs-Fixed: 3017210
Add register and unregister handlers to MGMT Rx FW consumed event handlers.
Add target if layer handlers for the event.
Change-Id: I3b70f86811c562a3be75353585dc1f6cf43c02ac
CRs-Fixed: 2959925
When MGMT frames are consumed by the FW, FW sends MGMT Rx FW consumed event
to the Host. Add WMI layer functionality for this event handling.
Change-Id: Id95f41a717b88589e861781e1111b17dc90475be
CRs-Fixed: 2959118
As part of Spectral init, the Host sends DMA ring init command to
HALPHY. QCN9224 M2M emulation setups don't have HALPHY subsystem and
the WMI command need to be cleanly stubbed out in emulation FW image.
Until then, revert this Spectral init change.
Change-Id: I88e3e3995ee1b7103a03e4b6a38ff4117044c63c
CRs-Fixed: 3016633
Vendor commands using nested attributes should use properly defined
policies instead of RAW_DATA and the same has been enforced since 5.4
kernel. Hence, defined a policy for the vendor command
QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_STATUS.
Change-Id: Ibdf7a19ddd533653c0706b4f0cf3ac97d31b9e40
API "fw_diag_data_event_handler" is the handler of an event
WMI_DIAG_DATA_CONTAINER_EVENTID comes from FW. Arguments of
this handler function come from FW.
If num_data may be less than size of(struct wlan_diag_data),
possible OOB while extracting event data.
Fix is to add a sanity check for num_data to avoid the OOB
read.
Change-Id: Ia2eb62dbaa154936bdb4ea34065657d441f12810
CRs-Fixed: 3001178
In the WMI_MGMT_RX_EVENTID event handling, add a length
check to validate if the buffer length sent by the firmware
is less than or equal to the actual buffer length.
Change-Id: I7db9af48bc525543b972dcaf40aee0a05d8f5023
CRs-Fixed: 3001331
In the WMI_PDEV_FIPS_EVENTID event handling, add a length
check to validate if the buffer length sent by the firmware
in fixed params is less than or equal to the actual buffer
length before processing the data.
Change-Id: I7a952d3e3a2f66060451263b72118a52aa89dd06
CRs-Fixed: 3009887
ESS (Extended Service Set) operating mode allows wireless
device to roam anywhere within the area covered by multiple
APs.
IBSS (Independent Basic Service Set) allows wireless device
to connect in peer-to-Peer mode only.
Fix is to allow connection manager module to filter only
those AP(s) which is/are part of ESS network.
Change-Id: I9536557daa624b9e44505efa0e0720e47b645517
CRs-Fixed: 3015220
Resolve compilation error seen on some platforms by rectifying print
format specifier for qdf_size_t to "zu" in MLO utility functions.
Change-Id: I68b0696fea1c54578631e731a3cc48ec0eb84c97
CRs-Fixed: 3017056
FW has some usecases when it needs to enqueue frames into hardware. In
BE WLAN chips, some hardware TX desc fields are moved into Tx
banks, hence a TX bank is also needed to queue to HW.
Dedicate a bank for FW usage.
Change-Id: I1f19f0ef85aff4c7592b0f07de4631259da743a6
CRs-Fixed: 3016828
The host can receive some spectral samples even after stopping the scan
as there could be some samples already sitting in the WMI event pipe.
Drop those frames in the driver itself.
CRs-Fixed: 3014336
Change-Id: I8aece67b46aa84e974b538f40ffcb937c855f5a3
When MGMT frames are consumed by the FW, FW sends MGMT Rx FW consumed event
to the Host. Add rx_ops and TGT layer functions for this event handling.
Change-Id: I50a4b02063bc545d6976944cf331982dc3e853d0
CRs-Fixed: 2959082
In SBS modes, there are 3 detectors shared between 2 pdevs that are operate
in 5GHz band. Global number space is used for detectors across these pdevs.
Detector list should be following in SBS modes.
For the pdev that use PHYA0:
detector 0 for normal mode
detector 2 for agile mode
For the pdev that use PHYA1:
detector 1 for normal mode
detector 2 for agile mode
There is no direct way of knowing which pdevs are using PHYA0 or PHYA1.
We need to look at the phy_id of a given pdev and compare against other
pdevs on the same psoc to figure out whether the given pdev is operating
using PHYA1. Add the necessary support for the same.
CRs-Fixed: 2993772
Change-Id: I034fe64a7a8988e327a60684a0d008f4b22ef395
Add QCA new status vendor attribute
QCA_WLAN_VENDOR_TWT_STATUS_POWER_SAVE_EXIT_TERMINATE
to indicate the TWT session termination due to power save
exit request from userspace.
Change-Id: I515e4e8384b92b2556d72c4015252f075577f13c
CRs-Fixed: 3013360
If two channel avoid event reported by FW back to back, flag
psoc_priv_obj->ch_avoid_ind of 2nd event set by
reg_process_ch_avoid_event may be modified when processing
1st event in reg_call_chan_change_cbks, from
scheduler_thread context.
Copy chan avoid info to message post to scheduler to avoid
such timing issue.
Change-Id: I8fd5e7e8f2d9b2117a5c6a54fd8b64659e10f7d6
CRs-Fixed: 3012331
In qdf_mem_multi_page_link, pages->cacheable_pages is array with elem num
pages->num_pages, but pages->cacheable_pages[pages->num_pages] is read,
out of bounds error will report if KASAN enabled.
When ini dp_tx_ext_desc is 6144 and DP_TX_DESC_POOL_SIZE is 6144,
Size in bytes of TX TSO Num Seg Desc is 16, page size is 4096, so TX TSO
Num Seq Desc need 24 pages (6144*16/4096), each address need 8 bytes,
so TSO Num Seq Desc need kmalloc 192 bytes to save address of 24 pages.
BUG: KASAN: slab-out-of-bounds in qdf_mem_multi_page_link+0x190/0x1f4
Read of size 8 at addr ffffff816b4d60c0 by task kworker/u16:0/8
CPU: 7 PID: 8 Comm: kworker/u16:0 Tainted: G S W O
Workqueue: cnss_driver_event cnss_driver_event_work
Call trace:
dump_backtrace+0x0/0x204
show_stack+0x18/0x24
dump_stack+0xcc/0x11c
print_address_description+0x88/0x578
__kasan_report+0x1ac/0x20c
kasan_report+0x14/0x20
__asan_load8+0x98/0x9c
qdf_mem_multi_page_link+0x190/0x1f4 [wlan]
dp_tx_tso_num_seg_pool_init+0x84/0x170 [wlan]
dp_soc_tx_desc_sw_pools_init+0xb4/0x128 [wlan]
dp_soc_init+0xf78/0x18c8 [wlan]
dp_soc_init_wifi3+0x14/0x20 [wlan]
cds_open+0x7e8/0x15fc [wlan]
hdd_wlan_start_modules+0x7d8/0xf10 [wlan]
hdd_wlan_startup+0x17c/0xbd4 [wlan]
wlan_hdd_pld_probe+0x234/0x370 [wlan]
pld_pcie_probe+0x6c/0x88 [wlan]
cnss_pci_call_driver_probe+0xd8/0x358
cnss_bus_call_driver_probe+0x38/0x6c
cnss_driver_event_work+0xf14/0x1188
process_one_work+0x53c/0x8b8
worker_thread+0x4f8/0x928
kthread+0x1e8/0x200
ret_from_fork+0x10/0x18
Allocated by task 8:
__kasan_kmalloc+0x100/0x1c0
kasan_kmalloc+0x10/0x1c
__kmalloc+0x130/0x448
kzalloc+0x14/0x20 [wlan]
__qdf_mem_malloc+0xcc/0x120 [wlan]
qdf_mem_multi_pages_alloc+0xc0/0x580 [wlan]
dp_prealloc_init+0x1b0/0x48c [wlan]
wlan_hdd_pld_probe+0x200/0x370 [wlan]
pld_pcie_probe+0x6c/0x88 [wlan]
cnss_pci_call_driver_probe+0xd8/0x358
cnss_bus_call_driver_probe+0x38/0x6c
cnss_driver_event_work+0xf14/0x1188
process_one_work+0x53c/0x8b8
worker_thread+0x4f8/0x928
kthread+0x1e8/0x200
ret_from_fork+0x10/0x18
The bad address belongs to the object
which belongs to the cache kmalloc-192 of size 192
The bad address is located 0 bytes to the right of
f816b4d60c0).
Change-Id: I6569c22bc8f900296f49a4426f085912a33aa452
CRs-Fixed: 3014390
Add new TWT teardown status code to indicate host teared
down the TWT session due to PS disable.
Change-Id: I49c2d7bb1abc4ceb4f79b833cbafcb44e8b936fe
CRs-Fixed: 3013358
During beacon or probe response, if channel is dfs && frame type
is MGMT_SUBTYPE_BEACON, it would call "util_scan_add_hidden_ssid"
to deal with the packet. If the ie id matches with SSID then OOB
read may occur in ie_len as it is validated with upper bound of
ie_ssid.
Validate the ie length first. If it is more than 0 then copy
memory to SSID which are equivalent to ie length.
Change-Id: Ib5e2ab7f6f3337d4c3e5c240e3133d8f276be50a
CRs-Fixed: 3007473
Add QCA vendor attributes to configure the driver to enable/disable
the Broadcast TWT support and Rx Control Frame To MultiBSS support in
HE capabilities information field. This attribute is used for testing
purposes.
Change-Id: I22a2646b642d1e764e89b209e0c872ac113ca2ee
CRs-Fixed: 3012996
Set QDF_TIMER_MULTIPLIER_FRAC to default multiplier if it is defined.
Remove get API under this feature flag so that this can be modified using
set dynamically based on the emulation target detect.
Change-Id: If0743e6b571832ebf3319f9895350685a5cd53f0
CRs-Fixed: 2995514
In dfs test mode, 18 pulses are injected in a single burst, the host
driver reports the radar found event two or three times to
upper layer. For a single burst of radar pulses, radar found event
should be reported only once.
Fix the multiple radar founds for a single burst by disabling radar
detection and flushing the existing radar pulses from all queues
while processing the current radar found indication event in dfs test
mode (usenol=0).
Change-Id: I70c7c15147a5cde038773fd97735c113ca385932
CRs-Fixed: 2981217
Add dedicated monitor flag at SOC level and do not
enable legacy monitor rings for QCN9224
Also add flag to disable rxdma2sw ring for QCN9224.
Change-Id: I399d22d6c3361bb75ebaad4e46b156db5e628d6b
DUT as SAP and its VDEV change to UP state, since got radar event but
channel switch disabled. Then EV_DOWN is dropped and bss peer won't be
delete. Which cause unloading failure. This change moves VDEV to
UP-UP-ACTIVE state if got WLAN_VDEV_SM_EV_CHAN_SWITCH_DISABLED.
Change-Id: I9d3a47a66fd2281166f5106e0e7bfd36c3966ed0
CRs-Fixed: 3009264
Conditionally compile scan radio special vap stats.
Also rename spcl_vap to scan_spcl_vap to better reflect
funtionality.
Change-Id: I7d7f636209f6aa12cca0a3e808d7ae1fac9f397d
CRs-Fixed: 3009837
This change adds MLO support to Peer.
It implements,
1) MLO peer list management
2) AID allocation
3) MLO Peer creation/deletion
4) Notifying partner links on peer creation/deletion/assoc
Change-Id: Ie1b675dccdf0de1d79f6f32d9255cf3cca53fdf2
CRs-Fixed: 2967057
Add CDP interface API support for pkt_log_exit,
to cleanup pkt_log_init on failure.
Change-Id: Ib50efaed5997d341d3e76c2e1dbe42856df40191
CRs-Fixed: 3012201
