Currently in the function hdd_set_ratemask_params, which handles
requests for the vendor command QCA_NL80211_VENDOR_SUBCMD_RATEMASK_CONFIG,
parses the attributes according to the wlan_hdd_set_ratemask_param_policy,
and copies them into the struct config_ratemask_params.
But in the nla_policy, the length of the parameter
QCA_WLAN_VENDOR_ATTR_RATEMASK_PARAMS_BITMAP is set to 128 bytes instead
of 128 bits (16 bytes), causing stack buffer overflow when copied onto
16 bytes stack buffer. To avoid this issue change the parameter length
from 128 bytes to 16 bytes.
Change-Id: I053d3810e3b4942344d7f1a12e365e9cfc71a492
CRs-Fixed: 3342629
When process hdd_process_ll_stats, the results->num_radio
may be 0 and it causes issue like
"Cannot malloc 0 bytes @ hdd_process_ll_stats:1475"
To resolve this issue, add checking before malloc memory.
Change-Id: I48d4a4045ebdad7465a97417e6514849cf12ef15
CRs-Fixed: 3374212
If ML SAP interface is created on ML STA interface, the MAC
address of the link adapter is changed to MLD address as SL SAP
uses same address for MLD and link. This leaves the DP interface
created with link address during open adapter is not cleared
and also leading to two adapter having same link address which
results in calling DP interface delete with same MAC address twice
and eventually leading to device crash.
Release the DP interface on mode change to ML SAP and create new
DP interface on mode change from SAP to STA. If close adapter is
called while in SAP mode then don't delete DP interface for link
adapter.
Change-Id: I001d4733ba208ccbbd2d65b53497d5120f27a179
CRs-Fixed: 3351414
Reproduce steps:
1. Driver received roam start from F/W, enqueue roam cmd in active queue.
2. Driver received disconnect cmd from wpa supplicant, set link vdev
vdev1 as disconnecting, enqueue disconnect cmd in pending queue.
3. Driver received MLO roam sync event from F/W, need handle link vdev
first, assoc vdev later.
4. Driver didn't handle link vdev1 roam sync for disconnecting state, DP
MLD peer isn't created.
5. Driver handled vdev0 roam sync, dp_peer_setup failed for DP MLD
peer not created, asserted.
To fix it, when handle vdev0 roam sync, check state of all mlo vdev,
if either disconnecting, abort roam sync, and delete roam req, let
disconnect from upper layer continue.
Change-Id: Ie03e0031908fef0f403d2cacf8ec976a147ef1ed
CRs-Fixed: 3371850
center_freq_diff may overflow int8 when channel width is 320 MHz.
Also clear acs_ch_params before pass it to regulatory API to avoid set
mhz_freq_seg1 which is uninitialized value.
Change-Id: I497ae02c7b53458537e706f2231c0ffef2439961
CRs-Fixed: 3371957
Introduce diag logging support for Neighbor report and
beacon report via event id EVENT_WLAN_NBR_RPT and
EVENT_WLAN_BCN_RPT.
For Neighbor report token, ssid, report number, frequency
list and frequency is sent. For Beacon report token, mode,
operating class, channel, duration, request_mode and report
number is sent.
Change-Id: I7ef407fa729e608ad0a7036f024acbf8b5180181
CRs-Fixed: 3370758
In current design, deauth will be sent for invalid rx
indication since it is expected only for unassociated
STA. However, if due to some rxdma errors, invalid rx
indication is received for an associated STA, then SM
cleanup for the associated STA would not happen after
the deauth. This stale SM entries causes association
failures during the next connection attempt from STA.
Fix this by preventing the deauth for the associated
STA on receiving a invalid peer indication.
Change-Id: I25cbc578ba76e74120e975f142334ff0fd931a6a
CRs-Fixed: 3359541
When nss is set to 1 then nss value is updated only for 80 MHz.
Update the he mcs map value for 160 MHz BW, to reflect the
updated nss value for 160 MHz as well.
Change-Id: I8a6090e4c58881a1ff7612d0dbfe788f8d8a2bcc
CRs-Fixed: 3369843
As part of assoc confirm, limMlmState is set to
eLIM_MLM_WT_DEL_BSS_RSP_STATE but in
lim_process_switch_channel_join_mlo its sets to eLIM_MLM_IDLE_STATE
leading to connect completion not completed as it expect
state as eLIM_MLM_WT_DEL_BSS_RSP_STATE, resulting in connect
command timeout.
To fix remove the resetting of limMlmState to eLIM_MLM_IDLE_STATE
Change-Id: I543eb25002859894eddc883c27a124d9fe713be7
CRs-Fixed: 3372631
Two different crashes are observed due to rtpm get/put count
mismatch for HIF_RTPM_ID_HTT dbgid.
1. During idle timeout shutdown: Missing rtpm related htc packet
tags for htt_h2t_ver_req_msg(), htt_h2t_frag_desc_bank_cfg_msg()
and htt_h2t_rx_ring_rfs_cfg_msg_ll() messages cause system crash.
2. During wlan connect: In ol_tx_completion_handler(), rtpm put is
called without rtpm get.
Fix given:
1. Add relevant HTC_TX_PACKET_TAG_RUNTIME_PUT and
HTC_TX_PACKET_TAG_RTPM_PUT_RC in the above functions to invoke
missing rtpm put calls and call htc_dec_return_htt_runtime_cnt()
to avoid calling rtpm put without rtpm get in htc_cleanup().
2. Remove extra htc_pm_runtime_put() from ol_tx_completion_handler().
Change-Id: Ia9163464af0fc0700046578633e9587c009841f5
CRs-Fixed: 3357909
Currently, in case of Tx action frame driver start the ROC req based on
the offchannel is set. Due to this, if the TX action freq is same as
current vdev freq then also driver started the ROC req on the same
channel.
Fix is, even offchannel is set, but current vdev freq is same as
that of the channel for the tx frame. Driver will skip the ROC.
Change-Id: I7ab2ade0f01ad5035f7b156ded7eb7af7c826b9e
CRs-Fixed: 3366671
When STA has connected with AP in EHT mode, STA sends 160 MHz
bandwidth to firmware in vdev start command. But during peer
assoc command STA has sent 80 MHz whereas AP has sent 160 MHz
bandwidth.
Due to puncturing AP's sends seg1 in VHT IE as 0 which causes
this issue, as driver supports EHT it can associate with EHT
operating bandwidth.
As part of fix, check EHT IE and if EHT IE supports 160 MHz
then send channel width as 160 MHz only.
Change-Id: Ib1d502401db997ef2567e64c3f8cbad42018e891
CRs-Fixed: 3364333
The stats from FW are not updated into the adapter
which can cause driver sending invalid RSSI and SNR values
to userspace when the target/host doesn't support ML.
Updated to the stats received from FW into the adapter.
Change-Id: I4040d61f91396b094ea4237a22cc8f103c6433af
CRs-Fixed: 3372110
While processing START SAP req, Host calls wlan_sap_get_concurrent_bw
to calculate SAP BW based on the concurrent channel & STA DFS channel.
The below issues are present due to current logic to calculate SAP BW
in this API:
1. In the case of standalone SAP, this API returns SAP bandwidth as
80 MHz always, this results in standalone SAP will never come up in
other BWs.
2. In the case of non-DBS HW, the host is not considering the value of
INI "g_sta_sap_scc_on_dfs_chan", the value is defined by the enum
PM_AP_DFS_MASTER_MODE.
By considering the value of STA DFS channel, HW mode, and INI
g_sta_sap_scc_on_dfs_chan, modify the logic to calculate concurrent
as well as standalone SAP BW in API wlan_sap_get_concurrent_bw.
Change-Id: Id521893feb9b6173efc2704f37dfa59f405655e2
CRs-Fixed: 3363394
STA fails to connect to 11BE AP if dot11mode ini is 11AC.
This is because driver fails to get intersected phy mode
Fix by allow connection for BE AP if VHT IE is present in beacon.
Change-Id: I76966fece5d2ad4b5213e77a6ebd1687b78cd27a
CRs-Fixed: 3364959
Issue1:Compilation fails when CONFIG_FEATURE_WLAN_EXTSCAN
is enabled as the latest kernels(>=5.2) expect
two params(policy and maxattr) as vendor_command_policy
whereas vendor_command_policy is empty for old kernel.
When the macro FEATURE_EXTSCAN_VENDOR_COMMANDS is
replaced, it results in a compilation error as
the comma is missing between vendor_command_policy
and the previous param for latest kernel.
Fix1:Add a comma between vendor_command_policy and
the previous param(.doit) to make it compilable
for newer kernels as well.
Issue2:As part of recent code changes
all occurrences of blacklist/whitelist replaces to
denylist/allowlist in the driver.
which replaced interface structure member in the driver,
without changing actual definition of interface structure,
causes compilation error.
Fix2:Rename to actual structure member names.
Change-Id: I0024de7bf237c13297ed9a088a73a9f5c6a78d17
CRs-Fixed: 3370114
For OSEN connection, there is no RSN IE advertised by the
HS2.0 AP. So the driver marks the auth type as open and
sends peer authorization before EAP, EAPOL and vdev
key installation is completed. This causes the EAPOL 4/4 frame
to be dropped by the firmware and AP sends de-authentication to
the Station.
For OSEN connection, authorize the peer after install key
happens based on the connect_rsp->is_osen_connection flag.
Change-Id: Ie490cc20de4f24f0343dcec0d12a9a4be5a1ab76
CRs-Fixed: 3349792
1. If CSA failed for last CSA in progress, can't stop SAP, SAP stop and
SAP CSA concurrency may lead to assert.
2. When access global var like pm_conc_connection_list, always need add
lock protection.
3. During CSA in progress, NAN CSA don't block current thread, just
return.
4. When SAP CSA completed, need check whether need CSA again for NAN
started during CSA.
Change-Id: I076ecad7395a265bbe83aaf97617a9a8b6c8b41a
CRs-Fixed: 3357265
The wpa_supplicant disables the BTM cap in extcap IE whenever
the MBO AP is not PMF capable, or if the btm_disable conf is set.
In current host driver design, the BTM offload is disabled only for
the MBO+non-PMF case. Therefore, add change to disable the btm offload
config if the BTM CAP is not present in the (re)assoc request as this
is determined based on intersection of peer and self cap.
Change-Id: I2fdc1010bccf5ce23f4ab2177aed6c374f7a510f
CRs-Fixed: 3369096
Fix issue that driver doesn't report puncture cap to kernel and hostapd for
undefined MACRO.
Enable a new build flag CFG80211_RU_PUNCTURE_SUPPORT when kernel code
contains nl80211_put_ru_punct_supp_bw.
Change-Id: Ib375c248065b4899f2d336155b1f71a5359e6fb7
CRs-Fixed: 3356751
Currently vdev reference is not released if attribute of vendor
command QCA_NL80211_VENDOR_SUBCMD_SET_MONITOR_MODE is invalid.
Fix this vdev reference leak by releasing the vdev reference in
above error case.
Change-Id: Ib3019dc02b6a3f48fc25f4bbe40e8de9f311a4c6
CRs-Fixed: 3344228
Driver receive NL80211_CMD_START_AP to get fixed freq, width and
puncture_bitmap from EHT IE, disable punctured 20M sub channels in
regulatory component to compatible with dynamic puncture for DFS,
and send to F/W by vdev start wmi cmd, update eht op in beacon template,
Update chan width and centre freq in legacy he/vht op after remove
punctured 20M sub channels in beacon template.
Fix issue that driver can't get correct eht op IE from IE parameter of
start AP for wrong eht op max length is used.
change-Id: I085ae9d9cb4d7c65ca3a9901362903e7d5140779
CRs-Fixed: 3356750
If while roaming from 2.4 GHz to 5 GHz band with SAE
encryption, rates shouldn't be filled from the current
session/AP as this may lead to incorrectly filling rates
for instance this may lead to incorrectly filling CCk rates
for SAE Pre-Auth while roaming from 2.4 GHz to 5 GHz. As
even though with roaming offloaded, sae pre_auth due to
crypto limitations of fw has to be triggered by the driver.
Change-Id: I2293563db047e10ec8a2ade9f3b2a602cf3e3edf
CRs-Fixed: 3336853
Currently host sends many ap keep alive timeout,
mgmt_tx_rate separately to firmware.
Combine these multiple vdev set params,
send to WMI to reduce number of transactions.
Also replace target wmi pdev/vdev params with host wmi
pdev/vdev params to fix existing broken layering
violation.
Change-Id: I362770b367588220fc35508e4411635e35b3a548
CRs-Fixed: 3333872
Currently host sends many ap keep alive timeout vdev
set params separately to firmware.
Combine these multiple vdev set params,
send to WMI to reduce number of transactions.
Also replace target wmi pdev/vdev params with host wmi
pdev/vdev params to fix existing broken layering
violation.
Change-Id: I82276e1f0761629489c38c5b7a64e7f0c35e82ce
CRs-Fixed: 3333784
Currently host sends two he_range_ext vdev set
params separately to firmware.
Combine two he_range_ext vdev set params,
send to WMI to reduce number of transactions.
Also replace target wmi pdev/vdev params with host wmi
pdev/vdev params to fix existing broken layering
violation.
Change-Id: I6b83b37eb73aa3c1946c8463a335d404aa373c2f
CRs-Fixed: 3333780
Currently host sends two tx power limit pdev set params
separately to firmware.
Combine the two tx power limit pdevset params and also
bmiss cnt vdev set params,
send to WMI to reduce number of transactions.
Also replace target wmi pdev/vdev params with host wmi
pdev/vdev params.
Change-Id: I3a232b57677ad604a25d71e9ff3069814a2c338c
CRs-Fixed: 3333774
