Currently the driver in case of force SCC picks up
2.4ghz SCC channel if any other STA/AP is already
up on that channel, so in the process of shifting
in the API sap_validate_channel it picks up 2.4ghz
and calls a reg API to set the freq related params
to it. Now since the frequency for 2.4ghz is 40 mhz
capable the max BW supported for 2.4ghz becomes 40 and
the driver starts the SAP on 40mhz.
Now since the OBSS scan is offloaded to the hostpad
and now since it was driver which started the SAP
on 40mhz there is no mechanism to start OBSS scan
from driver, which leads to channel blockage if
any legacy 11g, 11b lient is operating on the channel.
Fix is to lower down the BW to 20Mhz if the SAP does a
force SCC in 2.4ghz.
Change-Id: I0d85dfb5e9e8332957d853173063e77d18ea600c
CRs-Fixed: 2581495
The event WMI_ROAM_STATS_EVENTID is received after
every roam, once the roam synch complete is sent by the host.
This event contains details regarding the roam trigger reason,
values associated with the trigger, roam scan candidate info,
roam status, roam failure reason.
This helps in debugging/understanding the scenario when roam
failure happens.
WMI_ROAM_STATS_EVENTID Format:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
roam_stats_event_fixed_param |-> Contains vdev id and number of
| roams detail.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
roam_trigger data TLV |-> Has details on the roam trigger
| reason. Number of roam triggers
| TLV detail is present in the
| fixed param. Maximum 5 roam
| per event is supported
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
wmi_roam_scan_info TLV |-> Has details on the roam scan -
| scan type, rssi threshold,
| reason.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
wmi_roam_scan_channel_info |-> Has details on the roam scan
TLV | channels. Number of channels
| per trigger is found on the
| wmi_roam_scan_info TLV.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
wmi_roam_ap_info TLV |-> Has details on Roam candidate
| APs found during scan. Number
| of roam candidate APs per
| trigger is found on the
| on the wmi_roam_scan_info tlv.
| Max 8 candidates are allowed
| per roam scan.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
wmi_roam_result TLV |-> Info on roam success or failure.
| Fail reason, if roaming failed.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
wmi_roam_neighbor_report_info|->After roaming, firmware sends
TLV | neighbor/btm report to roamed AP
| to get list of roam candidates.
| This tlv provides info on this.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
wmi_roam_neighbor_channel_info|-> This has the info on the
| channel list received as part
| of BTM/Neighbor report.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Print the info received as part of this event into kmsg.
Featurize all the function defines for this roam logging under
WLAN_FEATURE_ROAM_OFFLOAD flag.
Change-Id: Iddc70b572f2e3dc47f08fd1c3c3597cb44981a17
CRs-Fixed: 2576222
In wma_rx_invalid_peer_ind driver store the i_addr1(ra) in invalid
peer list, which is the self address.
To fix store i_addr2(ta), which is the actual peer address,
in invalid peer list.
Change-Id: I6ff035f3155e611d867778ea56bfdbe8ed3302c8
CRs-Fixed: 2583502
In IPA uC ready handler, metering feature and perf level are not
initialized. Therefore properly initialize them after IPA pipes
are connected.
Change-Id: I99621bb2c2831d66e11b0ca903ecb324ef898836
CRs-Fixed: 2582409
In 6GHz BSS, the VHT and HT IE are not present and only
HE IE is present. Driver needs to update ch_width to peer
struct based on HE IE if vht and HT is not supported.
Change-Id: Ib48dc63f972cfc040b40c3dbf53a4c46f9e95eee
CRs-Fixed: 2583249
Currently the driver does not set weight calculated flag
in the spectrum channel structure for each channel as
true in 40, 80, 160 sorting case.
Now in the next iteration the weight calculation done
comes as false, and the weight is set as maximum
which leads to wrong channel and BW selection and the
last while running channel selection logic.
Fix is to set weight calculation done as true for all
the channels which come under the particular BW, and
skip the channels for which the weights are already
calculated.
Change-Id: Ib355dd5cf7c3aeeb5534bfa295785bdfc30eed86
CRs-Fixed: 2583538
Currently cdp_host_get_vdev_stats API provided
with vdev handle as its arguments, which is
directly accessed in that API. This can cause
a race-condition in access of the respective
handle if it has been deleted in parallel.
Hence as a part of cdp convergence, pass only
the vdev_id which will be used to get the
respective handles and hence avoiding unwanted
access of the handle if it has been deleted.
Change-Id: I4cc959b9244f5c22dea71194c86c583cd9c2a071
CRs-Fixed: 2583358
Supplicant delivers the HANG event via HIDL for STA
and via a legacy socket interface for SAP standalone case.
As per current supplicant implementation, wdev_id only matters
when the HANG event gets processed via HIDL.
Currently, for STA interface, host sends wdev as NULL to
cfg80211_vendor_event_alloc, this allows userspace to
process nl_cmd for QCA_NL80211_VENDOR_SUBCMD_HANG_REASON_INDEX
event with the 1st interface which is p2p in supplicant instead
of WLAN interface.
Set wdev with the proper value for STA interface to avoid processing
nl_cmd with P2P interface by userspace.
Change-Id: If3c1b2e11daf682a6ef535014738f4b2a2b5d009
CRs-Fixed: 2580359
Currently the driver caches the command which comes
for PS enable/disable and if the user disables the
command the API sme_ps_enable_disable cannot go
forward to enable/disable the command because
of the check for last user command cache to be disabled
or not.
Fix is to cache the command after the disable has
been sent to FW to avoid the scenario where the command
is not sent by host as the check to send the command failed.
Change-Id: Ibff459fa03aceaf6963735d22d30c54a488751f4
CRs-Fixed: 2582410
Currently the acs in progress is not set to 0 when
acs policy is 1 and the control returns the best channel
in do acs itself, hence it can lead to many unexpected
behaviour if set to 1 and acs is complete.
For example one case sceanrio is that the driver
returned from do acs without clearing the acs
in progress flag, and then stop adapter comes to
the driver for the same interface, the driver
would check that if acs in progress is tru then
it would wait for 3 seconds for it to complete.
Now since there is no complete to be there as
ACS had already been completed, there would be
an unnecessary delay for 3 seconds to shutdown
SAP which would cause latency.
Fix is to set the acs in progress as 0 when the overide
happens.
Change-Id: I03a80c4d4eeeb41f21e95e37bfbeb94e7ebee51e
CRs-Fixed: 2582703
Due to upgrade to kernel 5.4, struct pm_qos_request fields have changed,
causing compilation issues. Featurizing PM QoS so it is only enabled
for 4.19 kernel.
Change-Id: Ide2a3eb4b2bc970c6469efe8621bec55e50ecbd8
CRs-Fixed: 2580165
If hardware mode change is required during roaming, then
the roam command to disassoc from the current ap remains in the
active queue until SME receives hw_mode_res. Due to which the
SME requests for hardware mode switch and nss update are not
able to get queued into the active queue. Hence LFR2.0 roaming
fails to proceed after disassoc completion.
Removed the completed roam command from active queue.
Change-Id: I5f244ddba88cbb8af3a34e6f78b9b664ca009666
CRs-Fixed: 2576362
In SME layer, boundary check for dscp_to_up_map array is not present.
The dscpmapping is an array of 0x40 elements. Values in dscp_exceptions
are used to index dscpmapping. The indices are not validated to be less
than 0x40. The dscp_exceptions array is received from association
response frame. A malicious AP can send values up to 0xff, causing OOB
write of dscpmapping array.
Hence, max index check is added to avoid OOB write of dscpmapping array.
Change-Id: I73526849677e867673fc0bd0024ed2b003e4f89e
CRs-Fixed: 2569764
Fill HE capability and supported chan width in 6ghz
and remove VHT and HT support from the 6ghz channels
in wiphy structure.
Change-Id: Ibb1fbeca9bb7dc20b8545bc9f2b470cd7bef9fb2
CRs-Fixed: 2575744
Suppose, STA first connected to AP0 then connected to AP1.
After connection HOST sends current op channel to fw as roam
scan channel map only if the current(AP1) and previous AP(AP0)
profile does not match.
Now a disconnect indication comes to STA from AP1. While processing
deauth with currently associated AP (AP1) host first deletes its
previous connection profile(AP0) and then save the current AP profile
(AP1) as prev profile and complete disconnection with AP1.
At this point of time, STA successfully disconnected with AP1 and
has info about AP1 as a previous profile.
Now STA initiates a fresh connection with AP2 and successfully
connected. In case if the profile of AP1 and AP2 match, host does not
send the current home channel to fw after connection with AP2. This
results in the unavailability of the current home channel in fw scan
channel list and FW fails to find any AP available on current
operating channels in the partial scan.
Irrespective of capabilities of current and previously associated
APs, Host should send current home channel to FW after initial
connection as well as while roaming. FW has logic to append its
channel list with a list coming from host. So send current AP
channel to firmware all the time.
Change-Id: I7942b98116c651e6b53f1134fd6cc85bc80b5354
CRs-Fixed: 2561340
Protect pktlog funcitonality under given mutex to avoid possible
race condition between pktlog_release/pktlog_open and pktlogmod_exit.
Also call pktlogmod_exit before calling wdi_event_detach to avoid
accessing freed memory in pktlog release.
Change-Id: I452af523338788447f5c2764e883165237083f7d
CRs-Fixed: 2087777
If the first addba response frame is not sent out successfully for some
corner cases, the ba_status will be always set to DP_RX_BA_IN_PROGRESS.
The processing for next coming addba request frames will be in dead loop.
Which will block finishing the addba exchanging procedure.
Add checking with the return of lim_send_addba_response_frame, if failure,
will recover the ba_status to inactive status to give chance for next
coming addba request frame.
And also use pe_err_rl instead of pe_err to avoid excessive logging.
Change-Id: Ifc6adc166b5093742b34dd7d74924f9d54146ea4
CRs-Fixed: 2579510
Currently in the driver, the NSS reported to the userspace in case of
max rate reporting doesn't take into account if the hardware mode is DBS
or not. This causes the NSS to remain 2 even if the connection has
changed to 1x1.
Add a check if the current mode is DBS or not and update the NSS
accordingly.
Change-Id: I66ea830c7c6483c7ce957e1276b4ac5a535b17df
CRs-Fixed: 2579182
Change the default value of normalize weight ini to
disable all non-PSC 6ghz channels for the SAP ACS
operation, and give weightage only to the PSC
frequencies.
Change-Id: I4c8f349a396ffe4a2f378a59f5a67036b9d573eb
CRs-Fixed: 2578824
Currently if roaming is offloaded to target, and it is a ESE capable
association, but 11r capable is not available, the Tspec configure
before roaming can't handover to new AP in host, but target has
reassociated with new AP include Tspec configure, and if want to
delete Tspec after roaming it fails to find it in lim in host.
Fix it by also enable ftHandoffInProgress flag if hit such case
Change-Id: Ie242d3c2e137c31bc5f213ea1756846f18b860ae
CRs-Fixed: 2566015
“New channel width” information is not present in CSA event
received by host. When STA processes CSA beacon & CSA action frame
and moves to new channel, “New channel width” & "new channel center
frequencies" are not applied.
Firmware adds "Channel switch wrapper IE" information in CSA event and
sets "WMI_CSWRAP_IE_EXTENDED_PRESENT" bit in ies_present_flag.
Channel switch wrapper ie elemets are parsed to get Wide Bandwidth
Channel Switch information.
Change-Id: I095c49ae5a78cbfa8947e98cc39ec647aa7f3d27
CRs-Fixed: 2571406
As part of commit id I024e03e4ac46f8118da544889de3ffd7cc67a1b4, host
has increased the no of TID'S(8 * no_of_peers_supported + num_vdevs +
2) to fix a firmware assert. This causes memory allocation issues on
some firmware branches. Due to this fix is reverted
Change-Id: I70c9436ce7dcf886d3228298931b9f9569d1fdb1
Crs-Fixed: 2581524
1. Convert channel to frequency and use frequency
Regulatory API to check DFS status.
2. Skip dfs check for 6G channels.
Change-Id: I54b6d6a3ad25c192af4eec4e7f43932bada728b5
CRs-Fixed: 2580568
To avoid conditional compilation inside function body use QDF API
qdf_set_wake_up_idle in RX thread startup api.
Change-Id: Ibe78fb19893c6a942cfbdde2f33684ea402af47b
CRs-Fixed: 2580958
In multiple NDP peer case NDP indication might come for these
peers before first NDI confirm is sent for first peer. This
results in not updating policy manager session for NDI and
not creating datapath TX pool. Fix this issue by using one
time init flag for NDI instead of relying on peer count.
Change-Id: I812ff9be46580f3fb2da03ae7e1c1a36d205c38f
CRs-fixed: 2573935
If the entry of ch power info is not locked, free after use may be
happened. For example, csr_save_to_channel_power2_g_5_g does
csr_purge_channel_power, while csr_save_tx_power_to_cfg is called
in another thread and it calls csr_ll_peek_head then does some
operation on the entry.
Change-Id: If6cc4d8e0072e97288b60d3c72499b79c0a2bf67
CRs-Fixed: 2580147
If STA is on LTE-coex channel, start SAP on same band, to force
scc, it need select the LTE-coex channel too, or SAP failed to
start.
CRs-Fixed: 2580240
Change-Id: Ib05524711cb2475c3ca5ec7cf61a2b29c05658b6
