Firmware timestamp values are not printed for BTM_QUERY &
BTM_REQ events and wrong value for BTM_RSP. This is because
the timestamp values is read from wrong structures.
Read the firmware timestamp values from correct wmi structure
to fill the connectivity diag event
Change-Id: I568e87ee3e4bb66d3f73d353df794ced92b418c1
CRs-Fixed: 3788350
Pointer 'dp_ctx' returned from call to function 'dp_psoc_get_priv'
may be NULL in below APIs:
1. dp_reset_tcp_delack
2. dp_bus_bandwidth_init
3. dp_bus_bandwidth_deinit
4. dp_bus_bw_compute_timer_try_start
5. dp_bus_bw_compute_timer_try_stop
6. ucfg_dp_set_cmn_dp_handle
7. __dp_bus_bw_compute_timer_start
Fix is to add NULL check for dp_ctx before use.
Change-Id: I5f9ea6ae8ce3bb13631ad9a2dfe25d9c3686a33b
CRs-Fixed: 3767091
Certain countries have dot11mode restrictions such as no
11be mode support, in which case the regdb updates the
phymode and sends to Host.
Add support to use this value to limit and update the
internal dot11mode to allow connection in corresponding
phymode.
Change-Id: If7dd8c261fbe61e96c7749dd1457713502409fa6
CRs-Fixed: 3747811
In cm_is_peer_preset_on_other_sta, wma_context is
fetched from gp_cds_context and used without any
validation checks. This may lead in NULL pointer
dereference.
To address this issue add null check before
accessing.
Change-Id: I78656303855efb2369afcf47d1aabe3b916498c4
CRs-Fixed: 3712317
Currently, the driver doesn't consider the force 20 MHz in
2.4 GHz configuration while calculating the channel width
for the session during roam. Therefore, fw and host will be
out-of-sync wrt the channel width of the connection.
Consider the force override 20 MHz in 2.4 GHz config which is
based on the ht40 cap of connect request for the channel width
computation.
Change-Id: Id616dd1ceefd5b2c2130be1b88067a92121e0fa1
CRs-Fixed: 3768406
As a part of vdev destroy is_dp_link_valid can return failure,
since the interface maybe down. This will lead to memory leak
since the dp_link memory won't be freed.
Fix this by replacing is_dp_link_valid with dp_link null check.
Change-Id: Ief03c1e42d62b4b89f1414f0c5642e592ee39fa2
CRs-Fixed: 3750214
Add magic number field in wlan_dp_link which is to
be used to identify the validity of dp_link.
Add logs in the dp_link free handler/callback.
Change-Id: I76e3149e1d72a9f5e69478734b6dbab5b4d8d922
CRs-Fixed: 3744331
Kernel configures mc address list once association/NDP connection
happens. Host driver flushes the existing list whenever a new list
is received from kernel. Also, it's expected to cleanup the final
list as part of disconnection/NDI cleanup.
Currently, host expects the vdev/NDI state to be ASSOCIATED
in-order to flush the final configured list. But the STA vdev/NDI
state is already moved to DISCONNECTED by the time host tries to
flush the list from firmware. So, host doesn't send flush command
to firmware and it just flushes internal list from driver adapter.
This results in leaving the final configured entries uncleaned
in firmware and the mc list exhausts in few such iterations as the
firmware supports limited size(32).
Don't check for vdev/NDI state and always issue flush command to
firmware as part of disconnect to avoid this.
Change-Id: I8e070f40976a147959783b3c44f1e9aa24563d4b
CRs-Fixed: 3776542
When ML STA links are on MCC, TDLS action frames try to
set the link mode to force active. To avoid this
reject the TDLS mgmt request when ML STA links are on MCC.
Also enhance few debug prints for TDLS.
CRs-Fixed: 3717831
Change-Id: I69a942d80f5fac0ff25cfb47229e5dde6a693f97
When roaming happens from 3 Link AP to Legacy or 1 link AP after
a link switch, and the assoc vdev when connected to 3 Link AP is
disconnected during roaming, it causes the DP default link mapping
not to be updated. This resutls in data stall and ultimately
NUD failure is triggered resulting in disconnection.
After roaming to Multilink AP, then update the DP with
the new deflink as the assoc vdev.
CRs-Fixed: 3681911
Change-Id: I114a9858c3cbe58ef59743ad251a2b3af2543d3d
In the api wlan_connectivity_mgmt_event(), the VSIE is
extracted after logging the Deauth/Disassoc frames
due to which VSIE is not logged as part of
Deauth/Disassoc frame logging.
Modify the api wlan_connectivity_mgmt_event() to extract
VSIE before logging the Deauth/Disassoc frames
Change-Id: Ia5ac504f6e17d0464a6ce0d442ae7eec658b2445
CRs-Fixed: 3761695
The vdev id in bs_req cannot exceed the WLAN_UMAC_PSOC_MAX_VDEVS
count.
Add the sanity check before accessing the ref_count array.
Change-Id: I31743b4be75944bb8947eac7537172d56614637d
CRs-Fixed: 3759720
Some targets may prefer to keep SAP on same channel even when the
channel is marked as unsafe due to coex operations.
Check the corresponding device capability and avoid chan switch
when the SAP is fixed channel(non-ACS) SAP.
Change-Id: I8d003359a587c5308899e0956b0414074bd748b0
CRs-Fixed: 3776847
Host has to issue RSO_STOP to firmware before performing any
vdev operations(start/stop/down/up,..). Otherwise firmware may
face memory corruptions if it tries to access the same
vdev while host is modifying it.
Currently, RSO_STOP is sent to firmware only if all vdevs are
UP. But in OWE/EAPOL offloaded roaming cases, assoc vdev
would be UP and partner vdev would be down till EAPOL is
done and keys are received from userspace. Connect is started
on partner vdev once the keys are received. Host driver is going
to do a vdev start as part of this connect. So, RSO_STOP is
supposed to be sent to firmware before performing any connect
operations on partner vdev.
So, send RSO_STOP to firmware right after sending
ROAM_SYNC_COMPLETE even if the link vdev is no UP.
Change-Id: Idaa15c7b0cedff5fd6f276626047f349c500a5b8
CRs-Fixed: 3769038
Pointer 'dp_ctx' returned from call to function 'dp_psoc_get_priv'
may be NULL in below APIs:
ucfg_dp_set_hif_handle
ucfg_dp_update_config
ucfg_dp_get_rx_softirq_yield_duration
ucfg_dp_register_rx_mic_error_ind_handler
ucfg_dp_is_roam_after_nud_enabled
Fix is to add NULL check for dp_ctx before use.
Change-Id: I040f1a6ed92ad572e625663eee9ea1dd0c5e8530
CRs-Fixed: 3770367
If the scan entries for a non-tx profile MBSSID partner links
are not present at the time of candidate selection, then
host driver generates the scan entry for the missing partner
link from the assoc response.
The assoc response from the AP has PMKID in the RSN(some APs
do not include RSN IE in assoc resp).In this case, the RSN
along with PMKID gets inherited into the scan cache of the
missing partner and this leads to mismatch between M3 and
scan entry RSN causing disconnection.
To fix this, mark all the MBSSID partners without scan entries
as invalid links at the time of candidate shortlisting. Score
and connect to only non-tx candidates with valid scan entries.
Remove the probe response generation from assoc response logic.
Change-Id: I3b90ca1f1d81f2de7cc629576714c72975b11ae9
CRs-Fixed: 3738606
For MLO vdev currently the discovery attempts threshold is
multiplied by 2 to increase the discovery window thereby
increasing the discovery probability in noisy environmental
conditions. But 5 discovery attempts on each link is
sufficient threshold. Increased discovery attempts causes TP
issues with peer connected to different AP for MLO vdev since
frequent link active/inactive change happens.
So remove the discovery attempt multiplier for MLO TDLS vdev.
Enhance few debug logs.
CRs-Fixed: 3702198
Change-Id: If5513987447296140788c1ee021329dc721df65f
Any MLD peer setup call to cdp shall happen only after
clearing the existing MLD peer otherwise the MLD peer's
VDEV reference is lost on recreation. This leads to
VDEV reference leak.
Add history to track the peer setup and destroy sequence,
to understand the CP peer create/destroy sequence when
any such leak happens.
Change-Id: If338bc26e086490a3cc2bb4de32efa6a762ee0e6
CRs-Fixed: 3736548
Add new APIs to save number of links to which FW roamed
and add new API to retrieve this saved info.
Change-Id: Idfd8727855bd5da97a3808c78e89a505ef06c249
CRs-Fixed: 3755754
As per FW, value of gEnable2x2 and gEnableHtSMPS are
independent.
Remove dependency of INI "gEnable2x2: used to enables/
disables VHT Tx/Rx MCS values for 2x2" and INI
"gEnableHtSMPS : used to enable SM Power Save".
Initialize ht_cap_info.mimo_power_save bit as per INI
"gHtSMPS: used to set default SM Power Save Antenna mode"
Update SMPS HT cap as per FW capability
WMI_HT_CAP_DYNAMIC_SMPS and ini gHtSMPS.
Change-Id: I79ad8f060adb550c738c58259fa65f073ad9b42d
CRs-Fixed: 3771123
Currently, firmware-reported unsafe channels are ignored
and userspace configured channels are honored when
coex_unsafe_chan_nb_user_prefer ini is set. This is supported for
SAP mode only.
But some platforms may want driver to ignore the firmware-
reported coex channels for P2P-GO also.
Enhance the ini to allow user to configure mode specific
bit as mentioned below,
BIT 0: Don't honor fw coex/unsafe channel info for SAP mode
BIT 1: Don't honor fw coex/unsafe channel info for P2P-GO mode
Change-Id: I91a2c6b2da9aba411d081f6ae3b23d374fe53159
CRs-Fixed: 3766393
Currently, Host driver is rejecting force scc on non DBS
solution when QDF_MCC_TO_SCC_WITH_PREFERRED_BAND is set.
This change is to allow STA + SAP concurrency on non DBS solution.
CRs-Fixed: 3716279
Change-Id: Ief73a57d23f627764eca00254acf4cf7e9acd963
Host update “UL MU-MIMO” bit as HE cap in assoc request
based on below 2 things:
1. "enable_ul_mimo" INI
2. FW capability WMI_HECAP_PHY_ULMUMIMOOFDMA_GET
Fix is to overwrite he_cap->ul_mu feature in assoc request
configured via above FW capability with value of ini
"enable_ul_mimo".
Change-Id: I6ede13ec107a194f11a094ccd954155e859c02ec
CRs-Fixed: 3750038
Currently TDLS module acquires WIFI_POWER_EVENT_WAKELOCK_TDLS
wakelock and prevents run time suspend when TDLS is enabled for
a peer. While releasing the wakelock and allowing suspend, it
checks for the connected peer count in tdls_update_pmo_status().
But the peer count is not decremented here yet.
Below is the current call sequence:
tdls_disable_offchan_and_teardown_links()
-> 1. Call tdls_reset_peer() -> this calls
tdls_set_peer_link_status() ->
tdls_update_pmo_status()
-> 2. tdls_decrement_peer_count() - Sets the
connected peer count to 0
Update the sequence as below:
call tdls_decrement_peer_count() first and then call
tdls_reset_peer().
CRs-Fixed: 3735021
Change-Id: Idf91a0c96c9660df466143f8ac115f694b3070d2
HW is non-DBS. SAP is UP in 6 GHz. Now, when a STA connection is
attempted, the pcl for the second connection would have SAP SCC
channel with highest priority, all the 5 GHz channels with 2nd
highest priority and the 6 GHz channels with least priority.
Therefore, even if there is a strong 6 GHz candidate for STA, the
5 GHz candidate would be chosen and the SAP moves to SCC in 5 GHz.
To fix this, ignore the pcl scoring for the non-DBS concurrency
cases as the SAP can move to the channel of the best STA interface.
If the SAP is in legacy band, and if still a 6 GHz STA is chosen,
then the legacy SAP would be torn down. So, give STA the best
possible in non-DBS case.
Change-Id: If268b61c61e77db96b499437cdbc95188240fba8
CRs-Fixed: 3749399
Currently STA+Mon mode is not supported in LPC case
as both mode uses monitor interface to capture
packets. So to distinguish between two different
monitor modes export new API to store monitor interface flags
Change-Id: I463353a1a01f53d48e004f60c52c24f1d8084154
CRs-Fixed: 3739289
As per new requirement, If DUT associates with an AP does
not support BTM then when host receives BTM req frame
from FW. Instead of forwarding the BTM req frame to
supplicant, host should drop it.
Change-Id: Ie6b6c27c01b072fac19dc039327cb9a86370b535
CRs-Fixed: 3746758
For Dual SAP(legacy SAP + 6 GHz SAP), WFA HE-4.1.1 cert
case requires the following:
a) If Dual SAP is enabled, the 6 GHz SSID should be
discovered via the RNR IE of the colocated legacy SAP.
b) If a co-located neighbor is present, the 6 GHz SAP
should not send FD or unsolicited probe responses.
Add support for the above the cert case by configuring the
FD support for the 6 GHz SAP based on the operation of the
co-located SAP.
Change-Id: I045911cd34bceccdb08248ae7b99beb8454a2c98
CRs-Fixed: 3732649
Currently default link update is only done in link switch
or dynamic mac address update case.
There is other scenario also where default link case become
inactive and update to DP will not happen.
So, to handle those scenarios, expert new API to update
DP default link.
CRs-Fixed: 3733584
Change-Id: Iab24c38c454cc5cb9f568de680531b38e4d3da45
Currently when suspend sequence is going on and WOW handshake with
F.W is completed, then we check for wow initial wakeup flag if it
is not set then we proceed for suspend. But if this wow initial
wake flag is set just after it being checked in suspend sequence
then we miss honoring the wake message and host will be stuck in
suspend state.
So to avoid this make sure we are requesting resume from wow initial
wakeup setting context. So that resume request is posted properly.
Change-Id: Idd082ef82a4d7dbd62d7762f10debe1db9baed88
CRs-Fixed: 3743425
User/wpa_supplicant disable roaming flag is only effective for current
connection, it will be cleared during new connection.
APP/wpa_supplicant can uses QCA_NL80211_VENDOR_SUBCMD_ROAMING to change
roaming behavior for current connection.
Change-Id: If9f439f51e25e3d67f5db5557c0d8f468b071596
CRs-Fixed: 3737996
On receiving QCA_WLAN_VENDOR_ATTR_CONFIG_BTM_SUPPORT vendor
command, do below action in host:
1. Disable btm_offload_config in FW via RSO command.
2. If btm_offload_config disabled in FW at step #1,
FW forwards BTM frame to Host, Host needs to drop frame.
3. Disable btm ext capability (p_ext_cap->bss_transition)
bit in assoc request and unicast probe request to AP.
4. On disconnection, restore BTM configuration.
Change-Id: I228bafe243c43bc055f19d472c2f2d986225f577
CRs-Fixed: 3742276
Add support to process newly added vendor command
QCA_WLAN_VENDOR_ATTR_CONFIG_BTM_SUPPORT.
User space use this vendor command to disable/enable
BTM roaming for STA interface.
If host receives this vendor command in connected
state, host should return failure to user space.
Change-Id: Iafadc2fab2ee30a0eb2e8e7ebb7178c1d36fe1c9
CRs-Fixed: 3715920
AP sends "Operating Mode Notification" IE having max supported
channel width (say ap operating bw) via beacon/probe response/
association/re-association response frame.
When datapath detect leaky AP, to enable/disable, userspace
sends ch_width update to host.
Step 1. If STA founds OMN IE present in above frame, host
sends update channel width (say new AP operating BW is
80 MHz) ind via WMI_PEER_SET_PARAM_CMDID with param id 4
(WMI_HOST_PEER_CHWIDTH).
Step 2: After ch_width update to 80 MHz in FW at step 1,
if host receives a update ch_width (to 160 MHz) request
from userspace on leaky AP detection disable. Host updates
its internal channel info structure with new BW and sends
update indication to FW via WMI_VDEV_SET_PARAM_CMDID
with param id WMI_VDEV_PARAM_CHWIDTH_WITH_NOTIFY.
In case, if host allows ch_width update greater than ch_width
present in OMN IE (ap operating bw), FW only disable leaky
detection but did not update Rx/Tx BW as per new ch_width as
ap operating bw is still 80 MHz (configured at step 1).
This leads to out of sync for value of ch_width in host and
FW and IOT issues.
To keep host and FW in sync with current AP's operating BW,
add a sanity check and reject request before updating internal
channel info structure in host if new ch_width (coming from
user space) is greater than ap operating bw present OMN IE.
Change-Id: Iedc1706e32b9e08512ca6c9b98162902cd32f976
CRs-Fixed: 3732557
When enable irq failure is encountered trigger recovery with reason
code ENABLE_IRQ_FAILURE, this helps to recover the system in error
scenario.
Change-Id: I003f43fc9e3473cc939729700a03c8a8c790d34f
CRs-Fixed: 3724860
In the api extract_roam_frame_info_tlv(), the status code
for the MGMT tx packet is filled with tx_status value instead
of correct value.
Modify the api extract_roam_frame_info_tlv() to populate the
proper value of status code for MGMT TX packet.
Change-Id: Ia07b34ccc74f47bfac56bb1831e4ad1bce237d63
CRs-Fixed: 3741911
Force single link on 2 GHz:
mlo_support_link_num=1, mlo_support_link_band=1
Force single link on 5 GHz:
mlo_support_link_num=1, mlo_support_link_band=2
Force single link on 6 GHz:
mlo_support_link_num=1, mlo_support_link_band=4
Force 2 links on 2+5 GHz, force assoc link 2 GHz:
mlo_support_link_num=2, mlo_support_link_band=0x13
Force 2 links on 2+5 GHz, force assoc link 5 GHz:
mlo_support_link_num=2, mlo_support_link_band=0x23
Force 2 links on 5+6 GHz, force assoc link 6 GHz:
mlo_support_link_num=2, mlo_support_link_band=0x46
Change-Id: Id6f56421528a42aa7059693845fe71a206bded93
CRs-Fixed: 3722009
In mlo_roam_copy_reassoc_rsp(), assoc_rsp is a pointer inside
copied_reassoc_rsp incase of memory allocation for assoc_rsp,
copied_reassoc_rsp is getting freed but in the same error leg
"connect_ies->assoc_rsp.len" is getting set to 0 resulting in
use-after-free
Remove the code in the error handling to avoid use-after-free.
Change-Id: I5a7b3bbef42db4e8bedba0c7c3eaf961e4d7e83a
CRs-Fixed: 3728493
Currently, In the MLO t2lm API, wlan_mlo_parse_bcn_prbresp_t2lm_ie
is missing frame boundary checks which may lead to out-of-bound
reads if the lengths are not checked by the caller.
Fix is, while parsing t2lm ie pass the frame length and add
check for frame boundary.
CRs-Fixed: 3707241
Change-Id: Ic83638eff2250a704df8dfa8bd233238fcc7a25b
Currently, Host driver is enabling CTS2SELF for most of the qcom
AP (8CFDF0) and It will try to send the data in all the cases by
not waiting for RTS-CTS and in some cases if it does not win the
medium, it will take around 4x time than normal RTS-CTS(in case
of failure) leading to throughput issue.
This change is to disable CTS2SELF for OUI : 8CFDF0
Change-Id: I4becf0d1c093f458868634a9636d2e14d60a9f37
CRs-Fixed: 3689771
Add support to send roam cancel diag event in instances with
below reasons:
IDLE ROAM scan cancelled due to screen ON
scan cancelled due to other high priority roam scan
Add new diag structure & reason code enum for this diag
event
CRs-Fixed: 3708863
Change-Id: I1f7a819d766735f7d89eda3945e7ed92d22919ae
Extend the page fault action INI to handle following:
1) Ignore page fault event
2) Trigger SSR on page fault threshold
3) Send blob of data to userspace on page fault threshold
On pagefault wakeup event, save per symbol pagefault timestamp
and once the event count reaches configured threshold within the
configured time interval, either trigger SSR or notify userspace
with pagefault address and count based on INI configuration.
Change-Id: I0a3ece369ad0c7aac676fc91f6863e06a3f4ce8c
CRs-Fixed: 3713813
