Active connection req fetch may allocate memory to copy the
connect IEs, free after use.
Change-Id: Ida4892cd9efef8a4ebfaf925908eedc19a3d9d7b
CRs-Fixed: 3832469
A race between cfg80211 ap stop and wiphy system suspend can lead
to either DPM WD or serialization VDEV disconnect active command
timeout since scheduler thread gets suspended as part of wiphy
suspend and both cfg80211_disconnect and wiphy suspend/resume acquire
RTNL lock.
To address this race condition avoid ap stop when wiphy
suspend is already completed since scheduler thread gets suspended
as part of wiphy suspend and it can't process ap stop.
Change-Id: I5792b524a27326ca9e020600db2b82e16cc7ea96
CRs-Fixed: 3834305
As part of 802.11be_D4.1 new param Ext Max Tx power is added
in TPE for 320 MHz and while packing the TPE IE in beacon frame
max tx power will be calculated based on max_tx_pwr_interpret.
And max_tx_pwr_interpret is filled irrespective of channel bandwidth
which leads to TPE IE length more than 9 for legacy case also.
Pack tpe ie manually to consider max_tx_pwr_interpret to calculate
tx power only for 320 MHz and legacy method for less than 320 MHz.
CRs-Fixed: 3750566
Change-Id: Ibacb634c24d08886ccf2848a8dc8e2ecdf6b247a
When driver mode is changed from other mode to mission mode, regulatory
update will happen, flag is_regulatory_update_in_progress is set.
country_change_work thread is used to clear the flag, if other threads
holding OP lock, the work thread exits without clearing flag
is_regulatory_update_in_progress. SAP start is
blocked until timeout later.
To fix it, if failed to update regulatory, country_change_work thread
clears flag is_regulatory_update_in_progress too.
Change-Id: I97440ec14e5153f44a6a1b6028eb8dd9e75ccb5d
CRs-Fixed: 3831855
Currently if Host receives ROAM SYNC event in
RSO STOPPED state, Host drops ROAM_SYNC event and
fails to send ROAM COMPLETE response to FW. This
results assert in fw with reason ROAM COMPLETE
response timeout.
If ROAM SYNC come to host in below scenario:
1. HOST sends RSO stop command with scan mode 4,
in order to process supplicant disabled roaming
request
2. FW already queued the roam sync event before
RSO STOP command receive from host
In this case host should send RSO STOP with
scan mode = 0 to FW. So that FW can stop roam sync
timer and change roam state to RSO STOP state
along with other internal cleanup in FW.
Change-Id: I8b25be98b30d7f8185d5f8dcd67a4b52f502fd37
CRs-Fixed: 3810436
After the change in commit I75f0b76ae920c885a1150d95ea011e5612ef62fd,
the gNeighborLookupThreshold INI value will be a negative number. This
update ensures that the INI comment accurately reflects the change.
Additionally, existing INI files may still include a positive number
(e.g., 76). To maintain compatibility, the default value is updated to
-76 in case the INI files haven't been updated to use negative numbers.
Change-Id: I1c588fcbc5716d9efadf1272842d60a29c26eba6
CRs-Fixed: 3826341
wma_self_peer_remove call wma_remove_peer with
del_vdev_req->self_mac_addr as peer mac address.
But wma_remove_peer still uses the pointer of self_mac_addr
to reference it after call wmi_unified_peer_delete_send.
Potentially the peer deleate event wma_peer_delete_handler
may come first and free the del_vdev_req memory.
In that case wma_remove_peer may access invalid memory,
wma_remove_objmgr_peer may fail to release the ref count on peer.
Fix by save del_vdev_req->self_mac_addr to local stack to
use it after send wmi_unified_peer_delete_send.
Change-Id: Idd9d765a13287144917d4774287da8b7ec4ea7ed
CRs-Fixed: 3815077
Change maximum value for SET_KEEP_ALIVE_INTERVAL_LEGACY command
to 255 as per new requirement.
Change-Id: Icfb7ec4700131685eb17feba4bf68e82bb2b6316
CRs-Fixed: 3830310
Currently while fetching the cu info from rnr, data length is checked only
for max rnr element which leads to possible out-of-bound reads with
invalid information elements.
Add fix to update the data length checks in the while loop to ensure
sufficient bytes are there.
CRs-Fixed: 3754687
Change-Id: I93f2fbc21fc5adfd848ebb27264cc18f7f553438
Add config to enable go ignore non-p2p probe req feature. If set,
don't need to send probe rsp to STA, hence save power.
Change-Id: I8b4776e4ffd1315bf30e210797b22a673cf2a6c2
CRs-Fixed: 3812361
Currently while processing roam synch legacy case
is not handled properly for self-roaming case and
host is sending roam as it finds peer is
already attached to a vdev.
To address this issue don't send roam stop if peer
is attached to same vdev.
Change-Id: I75bbeb23e2b94458e0709b8b27178549c7104ea1
CRs-Fixed: 3690348
Host driver opens adapter with ML-support having 2 vdevs and
1 MLD self peer. Now, during runtime, the country changes to
a non-11be supported region. This is followed by a set mac
address request from userspace, but since the EHT support
is disabled due to country change, the driver tries to
lookup the self peer using link mac address. But, since the
peer is created using MLD mac, the set mac address fails
leading to issues with DP-peer creation during connection.
To fix this, remove the EHT capability check from the adapter
routine and look up the peers and mac address only based on
the ML adapter configuration.
Change-Id: Iaabdf6c6b59d3b168c719b6dc0afd272a5725912
CRs-Fixed: 3800291
Currently, get_channel call doesn't consider the secondary
channel to compute the ccfs1. Therefore, in 2.4 GHz
HT40+/HT40- cases, get_channel returns wrong ccfs1.
To fix this, if STA connection is in HE/HT/EHT40 in 2.4 GHz,
then use secondary channel frequency for channel parameter
computation.
Change-Id: I44310192f8dcb5e02003f60b22fdae95d76a1870
CRs-Fixed: 3815126
os_if_cstats_log_nan_disc_enable_req_evt is defined but not
called when there is a NAN discovery enable event, this resulted
in missing of NAN discovery enable stats in the chipset stats
Fix this by calling os_if_cstats_log_nan_disc_enable_req_evt
when there is a NAN discovery enable event
Change-Id: Ic9610e01fb0449c5233d6e651c42d395cb1f21c5
CRs-Fixed: 3804972
Add chipset stats for deauth event when roam
is trgiggered due to deauth frame from AP
Change-Id: I21125d1fde5805a3893ff8d0f9ec2be49082f994
CRs-Fixed: 3804975
Currently nack status is read using the pmo lock with bottom half
disabled, but if the wow wakeup irq is triggered at the sametime
it is waiting for the same psoc lock resulting in the dead lock.
Hence get the hif handle directly rather than with spinlock api.
CRs-Fixed: 3798619
Change-Id: Ic2d5cd07c2dafb525003ec7e9e02bc17d0876dd0
Scenario here is:
1. AP configured in 320 MHz
2. Set country code = KR in DUT, It means DUT does not
support connection in 320 MHz.
3. Trigger connection with AP, while processing driver
founds, country code is KR, so downgraded connected
channel with to next max supported channel width as
per regulatory rule (which is 160 MHz here) and
successfully associated with AP in 160 MHz.
4. After connection Host receives “get_channel” request
from kernel.
5. Host gets currently connected BSSID and fetch
corresponding channel information from scan cache.
6. As scan cache gets updated via beacon/probe response
from AP and here advertise beacon/probe response in
320 MHz. This results value of channel width for
connected BSSID is 320 MHz and same host fill in
get_channel response.
7. By this time driver connected in 160 MHz and
connected channel width indicated to kernel is 320 MHz.
Due to mismatch in channel width, kernel triggered
disconnection.
Fix is to update connected channel width in response to
“get_channel” request.
Change-Id: I7c4a262d337f9deb8cb4436cae537d0069a98de1
CRs-Fixed: 3810073
Pointer returned from tdls_process_mlo_choice_tdls_vdev can be
NULL. Add NULL check to avoid dereference.
Change-Id: Ibd7f8914a721517d7b959b864c033686b1160648
CRs-Fixed: 3757772
This change is to check for station count with maximum
number of concurrent connections.
Change-Id: I539ae0b78deadf5e514f00d57542b4dd871e0e4e
CRs-Fixed: 3776536
Currently, driver check peer mac address to filter out duplicate
command in serialization queue. This peer mac address will be
peer MLD address from North bound and link address from the south
bound. For multi-link SAP, if disassociation or deauthentication
request received for two links of same STA (MLD address is same but
link address is different), then driver queue disassociation or
deauthentication command in the serialization for both links.
This will lead to duplicate disassociation or DE authentication commands
in the serialization for same STA.
So, to fix this, add check for MLD address and link address in the
serialization filter.
Change-Id: I2619e3009b28ceba6af4383e36ae40af82020b5f
CRs-Fixed: 3790148
For 11ax SAP, when received radar, sap_is_chan_change_needed for 11BE
return false sometimes, target freq and bw is same as current, after
CSA, vdev restart failed in lim_process_sme_channel_change_request,
vdev becomes hung in SUSPEND-SP-CSA_RESTART. After 1 min, Kernel trigger
disconnect.
To fix it, if SAP isn't 11BE mode, sap_is_chan_change_needed return
true directly as legacy code.
Change-Id: I6db94c3117890d0ee924975af8b3c9efd9fb08ba
CRs-Fixed: 3789066
Add support to handle GET_KEEP_ALIVE_INETRVAL command.
If received command in connected state return keep alive
period configured to firmware but if command received in
disconnected state, if user space has set keep alive
period then return the user space configured value or
else return INI configured value.
Change-Id: I5d386ecd141531795b471198bd70afa20210bdc5
CRs-Fixed: 3818096
When connect 2 + 6 GHz MLO AP, 2 GHz is assoc link, when populate per
sta profile of 6 GHz in assoc req, use BW of current 2 GHz session
wrongly, so 320M is disabled wrongly in EHT cap.
To fix it, when populate per sta profile for assoc req, pass
pe_session as NULL since partner link pe session isn't created at that
time, don't clear 320M cap for 6 GHz link.
When config EPCS, update eht cap at same time.
Change-Id: I7422f0353cc087a24575f9be1d5b30a032cc7b8e
CRs-Fixed: 3821390
Below is the sequence of events causing RSO init command to
be sent to firmware while disconnect is happening:
1. Roam Start received from firmware in scheduler thread.
2. Connect request for reassoc received in supplicant thread.
3. This connect request triggers disconnect, but before RSO stop
& deinit is sent to firmware, roam synch event is received. This
roam synch is getting processed in the scheduler thread. But RSO
stop & deinit are sent in wpa_supplicant thread.
4. As part of roam synch host is posting RSO_ENABLE to RSO state
machine which triggers roam init to firmware.
5. Since disconnect sequence is already in progress, the RSO is
in init state before vdev stop. Disconnect sequence got executed
cleanly except for the RSO sequence.
This results in abnormal firmware behavior.
Check if the vdev is in connected state before sending roam init
to firmware.
CRs-Fixed: 3769766
Change-Id: I709c165bd9b11b323666e0e27cece76e6a4641dd
