There is an API to get the scan aging time,
but there in no API to set the scan aging time
and can be configured through INI.
Add API to set the scan aging time run time.
CRs-Fixed: 2894428
Change-Id: Ide2b2eec780dd7ff07ebd783b0916a68c0e94a2c
Update default values of INI items to most commonly used values
in WCNSS_qcom_cfg.ini file on commercial devices.
Change-Id: Ie3a4ce2cbf4bc2352d5ebc5be939a47818a6d594
CRs-Fixed: 2874759
Modify the length check to drop beacons which has
WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH IE length less than 3. This is to
accommodate the addition of fields to this IE in the future.
Change-Id: I8cba60b631022f4348cce90ae41a003964040ad1
CRs-Fixed: 2884249
To check if a scan entry is a non-Tx VAP of our connected BSS, the current
implementation of scm_age_out_entries() searches through all scan entries
to find out our connected BSS. This check takes O(n) time where n = number
of scan entries. Running this check in the main loop of
scm_age_out_entries() results in an overall time complexity of O(square(n))
Time complexity can be improved if we do one iteration over scan entries
to find out our connected BSS, and save it in a local variable, and then
use that local variable in the main loop of scm_age_out_entries().
With this approach, we just do two iterations over scan entries
instead of nested iterations.
CRs-Fixed: 2877884
Change-Id: I51be764f4aa6f65ba9068d46eaa42791ac0f8d97
During multiple BSSID scan ie parse, there is memory allocation
on new_ie variable of size 1024 which may create buffer overflow
in util_gen_new_ie() if ie length is greater than 1024.
As part of fix, allocate memory of size ie length in new_ie.
And also add check before copying to pos variable in
util_gen_new_ie().
Change-Id: I55e0819817b5a616684067170bf28a314a145fc2
CRs-Fixed: 2867353
Currently there is no mechanism in driver to decide whether
to consider the user configured number of sched scan plan or
to configure only 1 schad scan plan.
There is a requirement to configure only one sched scan plan,
add ini support to meet this requiremet.
Change-Id: Iea3bc3f18696837150ce6f4bd60416a8a45bd1d3
CRs-Fixed: 2868125
Add length check in scan beacon IE processing function for the below IEs to
avoid any possible memory corruption.
1. WLAN_ELEMID_COUNTRY
2. WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH
3. WLAN_ELEMID_VHT_TX_PWR_ENVLP
4. WLAN_EXTN_ELEMID_MAX_CHAN_SWITCH_TIME
Change-Id: I860bee8633849215d46c2dfe60a1a98d7c80f510
CRs-Fixed: 2873039
util_scan_copy_beacon_data copies beacon and updates ie
pointers for the cache entry. However, two of the ie pointers
listed below are not updated:
1) hecap_6g - pointer to he 6ghz cap ie.
2) srp - pointer to spatial reuse parameter sub extended ie.
These non updated pointers will cause use after free issues
if the parent scan entry is freed.
Update ie pointers for hecap_6g and srp.
Change-Id: I6d0a6129941e3dc1267404a4191ab368c013a102
CRs-Fixed: 2862607
With the reception of MBSSIE beacon frame, host tries to
construct beacon frames for the non tx VAPs as well.
For which, it has to copy all the IEs from the
received beacon's IE except the MBSSID relevant element
IDs, by comparing the subelement data.
The memcpy that is being used in this case, does not check
the space availability in the target buffer which may lead
to random memory corruption. Hence, using safe memcpy to
avoid buffer overflow.
Change-Id: Ib0861d606dba7725077dd530dd15ebff59058cfd
CRs-Fixed: 2857436
Reading extcaps from the scan entry currently checks if the byte
to be accessed is less than the length of the IE. Following this,
it will attempt to access the extcap IE using the requested byte
as the index.
Avoid accessing the extcap IE if the byte is greater than one less
than the ie_len (since indexing starts from zero).
CRs-Fixed: 2856212
Change-Id: Ie357edcd6095570c05871af657381c287e92504e
Host updates proper FILS param set i.e. username, auth_type and
is_fils_connection in the FILS response.
Change-Id: I0c30325bc7d620aa286aae0dd299dec9b26219ff
CRs-Fixed: 2865060
When parsing FILS Indication IE, the data pointer is not
validated while moving the pointer which may cause
out of bound issue.
Validate data pointer before moving pointer.
Change-Id: Ib20f78fe58d7a4c8f9245e6b8d28212499cc6f50
CRs-Fixed: 2842475
During esp ie parse from beacon/probe response, the data pointer
is getting read from esp ie and it's not validate while updating
to esp params which may cause out of bound read issue.
Validate data pointer before updating to esp params.
Change-Id: I1167b82248613cc65fcd7c70cdcfe57595de6b21
CRs-Fixed: 2842234
During ie parse from beacon/probe response, the variable
tbtt_count and tbtt_length in util_scan_parse_rnr_ie() getting
read from ie and the value is not checked before using it which
may cause out of bound read issue
Validate tbtt_count and tbtt_length before using it
Change-Id: I51cfb2356fb16feda8a70c4b76c7f76c90b1393b
CRs-Fixed: 2836205
If is_bwnss_oui return true in util_scan_parse_vendor_ie,
and it will run into below logical:
scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8)
But in fact if ie->ie_len < 6, it will casue read out
of boundary issue. So add the length chekcing before
reading it
Change-Id: I0cdf723154eb808f8062efd897f9d67d54d4573b
CRs-Fixed: 2838849
Currently, 6g channels are sorted based on the weightage of each
channel. Frequencies are sorted but the flags associated to each
channel are not updated properly. So, channels carry invalid
flags to firmware and firmware may miss to scan few 6g channels
based on these flags and may scan few 6g channels unnecessarily.
Copy flags also while sorting frequencies to maintain the flags
of each channel as it is.
Also, change the type of phymode to enum scan_phy_mode
from uint32_t.
Change-Id: I0a2330faab1b738f2d7eff3d39ccbfffd51dfde0
CRs-Fixed: 2840029
A temporary variable "temp" is declared to use it while sorting
the channels based on the weightage/rnr info. This is declared
as a pointer to hold the reference of struct rnr_chan_weight but
memcpy is done to this without allocating memory.
Declare this as a variable instead of pointer to use it as an
intermediate variable for sorting.
Change-Id: If619f5fa462d5400f0a77e57317ac3c8debb34a5
CRs-Fixed: 2842819
Currently, 6g PSC/non-PSC channels in the scan request are
scanned or optimized to scan only if RNR IE is found based on
the inis scan_mode_6ghz and scan_mode_6ghz_duty_cycle.
As scan_mode_6ghz_duty_cycle is set to 4 by default, first 3
scans are optimized to scan only if RNR IE is found and 4th scan
would be full scan. If there is any standalone AP in 6g channel
that doesn't advertize RNR IE in colocated APs beacons/probe
responses, that's not scanned till the 4th scan.
Reverse the order for scan_mode_6ghz_duty_cycle such that the
first scan of every four scans is a full scan and rest of the
three scans are optimized. So, the standalone 6g APs can be found
in first scan itself based on the ini scan_mode_6ghz.
Change-Id: Ice1614a94f1fd166e283355616ace241a5df2bcb
CRs-Fixed: 2829550
Declare a TPE pointer to store the TPE IE in the scan cache ie list.
Write a function to obtain the TPE IE stored in the scan cache ie list.
Declare a minimum TPE IE length as 2 Bytes and use that to check the
sanity of the received TPE IE before storing it. Discard the TPE IE if the
length check fails.
Change-Id: If5b06604b03d07dd5fb26a62f90fb7202ce4eff0
CRs-Fixed: 2826300
In arch 32 platform, the size of rnr_chan_info is 8 bytes, and it only
allocates 4 bytes for each of them. Which cause memory access out of
bounds.
Change-Id: I4f1798c5354c6a76e32bdfed13ade9667465b789
CRs-Fixed: 2827289
Scan entry fails if any coruppted IEs are present
Introduced new ini parameters to enable scan based on ie
corruption. If ini parameter is enable then scan module skips
all IEs following coruppted IEs and adds scan entry without
completely dropping the frame. Otherwise if ini parameter is
disable then scan entry fails on corrupted ie.
Change-Id: If17b68448dd3e6ac3e98ed854ed67d7f16d9dff7
CRs-Fixed: 2806932
Fix MBSSID IE pasring by properly incrementing offsets while
pasing the IE.
Copy ext IEs also in final iteration.
Minor code readability changes done along with the above fixes.
Change-Id: I3aaf5dd440b48c4229ddefc37f75703fc58ba994
CRs-Fixed: 2814732
Add logic to
- Check if connect req freq is 6Ghz and security
is not allowed for 6Ghz, reject connect.
- Ignore 6Ghz APs if connect req security is invalid
for 6Ghz
Also added user config key_mgmt_mask_6ghz mask
to allow specific AKMs, by default all are allowed.
Add added user config check_6Ghz_security to enable
security checks as per spec.
Change-Id: I37518731faa4de67a49853e5ac544efa3b3ce1d6
CRs-Fixed: 2813013
This change fixed compilation error about implicit-fallthrough and
pointer to in cast.
Change-Id: Iea2c25d97d8a039ed0f8083078427a8f8de70cd1
CRs-Fixed: 2814658
In concurrent mode active scan, both active and passive scan dwell
time should be updated. Because FW will use passive scan dwell for
DFS channel scan. If it still is default value 110ms, DFS channel
scan will spend much time. AP KPI will drop much.
So, for active scan, update passive and active scan dwell together
in concurrent mode.
Change-Id: I9ceb4ece6da2a794fff3b87c7be3214a9dbc46ab
CRs-Fixed: 2790910
6g sorting APIs scm_sort_6ghz_channel_list and scm_add_rnr_info
are under define FEATURE_6G_SCAN_CHAN_SORT_ALGO. This is not
enabled for WIN platforms, which results in compilation error.
Also, allocate memory to hold tmp_list_count no.of 6g channels
rrm info instead of MAX_6GHZ_CHANNEL.
Also, do duty cycle scan in connected state as well. Full scan
including 6g PSC and non-PSC channels in connected state would
take lot of time. So, it's better to do duty cycle scan in
connected state as well.
Change-Id: I6e2622c49012237929c5e952c32d44c087851928
CRs-Fixed: 2810923
Below optimizations can help to improve 6g scan,
1. RNR-only: Consider only 6g RNR(PSC and non-PSC) channels found
while scanning 2g and 5g bands, as the 6g APs are likely to
present in RNR channels.
2. Duty cycle: There is a chance to miss the standalone 6g APs as
they don't advertise RNR IEs. So, instead of optimizing all
scan requests, we can consider to do a full scan with duty
cycle(n) where optimization is skipped for every nth full scan.
The full scan requests 1 to n-1 are going to be optimized as
per RNR-only policy.
Driver shall maintain a scan count to track the full scans and
decides whether to optimize the scan (scan count 1 to n-1) or
send it as it is(scan count n) to firmware.
Change-Id: I35b31e900b74dbcd7791f4c2fcfe87b3c629758b
CRs-Fixed: 2806409
Add the below values to scan_mode_6ghz enum,
1. SCAN_MODE_6G_RNR_ONLY: Scan the channels (PSC and non-PSC)
found in RNR-IEs while scanning 2g and 5g bands. Host fills
all PSC and non-PSC channels in the scan request and set the
flag FLAG_SCAN_ONLY_IF_RNR_FOUND for each channel.
2. SCAN_MODE_6G_PSC_DUTY_CYCLE: Scan the complete PSC channel
list for every duty cycle. For every duty cycle scan, host
fills all 6g channels and sets the flag
FLAG_SCAN_ONLY_IF_RNR_FOUND only for non-PSC channels. Rest
of the scans will be done only on RNR channels(PSC and non-PSC).
3. SCAN_MODE_6G_ALL_DUTY_CYCLE: Scan the complete 6g(PSC and
non-PSC) channel list for every duty cycle. For every duty
cycle scan, host fills all 6g channels and doesn't set
the flag FLAG_SCAN_ONLY_IF_RNR_FOUND for any 6g
channel(PSC/non-PSC). Rest of the scans will be done only
on RNR(PSC/non-PSC) channels.
Change the default ini value to PSC_DUTY_CYCLE.
Change-Id: I73bc08d973bd57dbe2ba6644c3842da9ce850cec
CRs-Fixed: 2806406
Introduce scan_mode_6ghz_duty_cycle ini parameter.
It disables full scan optimization after every default value
provided in ini and forward scan request as it is to firmware
without optimization.
Change-Id: I68c1f79432ae646157be94241a779af8189c3c8c
CRs-Fixed: 2801797
Userspace/framework tracks last few days(e.g: 10 days) history of
connected APs and maintains best 10 channels out of that list by
considering multiple parameters like scoring, location etc.
It's likely to find an AP in one of these channels when a scan issued.
So, framework issues first scan request with a maximum of 10 channels
in the below cases currently,
1. When the wifi is turned on
2. When the wifi is in disconnected state and user turns on the screen.
Host driver shouldn't add any more channels to this scan request as
it's expected to complete the scan as soon as possible to connect
quickly to the known APs. Don't add 6g RNR channels also in the
scan request.
Further scans from framework would be full scans or with list a
of channels(more than 10) and RNR channels can be added to them.
Also, don't add all 6g channels if userspace hasn't given any as
the current framework/kernels are matured enough decide whether to
issue scan with 6g channels or not. RNR channels can be added as
mentioned. Remove SCAN_MODE_6G_NO_OPERATION as it's not needed
anymore with this.
Also, 6ghz scan functionality gets enahanced depending on various
requirements. This can be moved to a separate file so that core
scan_manager.c file won't be bloated with new code.
Change-Id: I1800a3e95e438720f94d8eec3544023cab16b081
CRs-Fixed: 2805900
Release the spinlock which was taken to get a reference to the
oldest node in the scan database.
CRs-Fixed: 2811548
Change-Id: I7d274e80575774bb1b41732b20f170c3f1f2dc60
Locks must be taken before accessing scan_db nodes to ensure
reference counts are not changed while changing entries within
the node or while freeing the node.
Ensure that a spinlock is used before increasing the reference
count to make sure that there is no other execution context
accessing the scan_db.
CRs-Fixed: 2791279
Change-Id: I4402ff15de7c8d4fc31009f7307ba262b4df6702
Adds wlan_scan_get_scan_id, wlan_scan_init_default_params,
wlan_scan_register_requester and wlan_scan_unregister_requester
APIs to use from non-osif component, as ucfg_* API should only
be used from OSIF.
Change-Id: Ia90313030e853c957ca85e47ff2b67097490ef87
CRs-Fixed: 2791549
Compiling with gcc 9.3 will cause many implicit-fallthrough
compile errors.
Fix is to add keyword fallthrough to resolve such compile error.
Change-Id: I2e7dd1525861d951e3be44f6665e149499f0f5d6
CRs-Fixed: 2785178
Currently, there is no provision for dynamic dwell time control in 6G.
Update existing driver commands SETDWELLTIME and GETDWELLTIME to
support 6G.
Change-Id: Id284097e300f3ed45557ebe7ea2287e0da9a485b
CRs-Fixed: 2789720
Non-Tx beacon generated in driver contains TX
beacon capabilities instead of capabilities
advertised as part of non-TX profile in MBSSID IE.
Copy the non-TX beacon capabilities from MBSSID IE
profile to driver generated non-TX beacon.
Change-Id: Iecf63b959176bac8d60055e6b77082a6f3ec117c
CRs-Fixed: 2789394
Currently for STA mode, depending on the scan_mode_6g ini value
driver will remove or add 6g channels to scan req, due to which
in some cases, scan is taking more time to complete.
Fix is to add new value to enum scan_mode_6g, when scan_mode_6g
ini value set to SCAN_MODE_6G_NO_OPERATION driver will not
modify the channel list.
Change-Id: I5b6891f142b54f4fa2fe6e9a75bf5fbd2e5f3adc
CRs-Fixed: 2783911
Adds rsn cap info in scan entry security info, to get the
rsn caps directly from scan entry without need of parsing
RSN IE again.
Change-Id: Ideeb0780841a70fda94d8580dbb025d162716d06
CRs-Fixed: 2786586
Currently P2P doesn't support 6Ghz, disable adding RNR channels
list to reduce P2P scan time duration.
Change-Id: I14e2c1a8d122e99bfd29acb59af5a6f5877f9a35
CRs-Fixed: 2783592
Move RSNXE IE parsing to crypto module and add entry of RSNXE IE in
util_scan_copy_beacon_data() so that a copy of RSNXE IE remains in
scan entry cache and doesn't get free on scan result update.
Change-Id: I792c8636d7e1f21c6291158188ab2c1d241151ec
CRs-Fixed: 2780832
SAE Public Key (SAE-PK) authentication is an extension of SAE. Host adds
support for SAE-PK APs roam score which host uses to select AP for initial
connection and roaming.
User configures SAE-PK APs weightage using INI "sae_pk_ap_weightage".
Change-Id: I9066c483188bcbf01e3ffbcc4c57f04e1a9129f1
CRs-Fixed: 2769373
Currently P2P doesn't support 6Ghz, disable P2P interfaces
6Ghz channel list updating to reduce P2P scan time duration.
Change-Id: Idd851dfb52e123215c5a2bd968f896e88a0dfb0e
CRs-Fixed: 2774756
Adds wlan_scan_start and wlan_scan_cancel public APIs to use
from non-osif component, as ucfg_* API should only be used from
OSIF.
Change-Id: If603e49a57641dba26163454bce12327660b20fd
CRs-Fixed: 2773612
Add support to filter APs based on dot11mode such
as connect only 11N/11AC/11AX capable APs.
Change-Id: I0046c726d944dd08453c19086282e32d0599ddac
CRs-Fixed: 2769979
In function __scm_handle_bcn_probe the two macros
QDF_MAC_ADDR_FMT and QDF_MAC_ADDR_REF should appear or
disappear together.
Change-Id: I8510de0b14903f788ec3183d6cc014d061715fcf
CRs-Fixed: 2767031
