Currently firmware is crashing due to levelconf structure received NULL
from host.
Hence initialize num_thermal_conf param to fill levelconf structure part of
WMI_THERM_THROT_SET_CONF_CMDID.
Change-Id: Ifcfb49253222fff6656327d9be3977a707c18af4
CRs-Fixed: 3064400
When wmi_roam_synch_frame_event receieved from firmware, memory is
malloced to save probe rsp/reassoc req/reassoc rsp once extract event,
when copied to vdev rso_cfg->roam_sync_frame_ind, memory is malloc again,
and original memory isn't freed, memory leak happens.
To fix it, assure memory is only malloced once to save
probe rsp/reassoc req/reassoc rsp when handle wmi_roam_synch_frame_event.
Change-Id: I6b31378bcf624547fca9fd858268252fd22f533d
CRs-Fixed: 3107576
For send_ll_stats_req from upper layer, need send 1 wmi cmd:
WMI_REQUEST_UNIFIED_LL_GET_STA_CMDID, and need 4 events from F/W
for dbs platform:
1. radio_stats_event for radio 0
2. tx_power_level_stats_event for radio 0
3. radio_stats_event for radio 1
4. tx_power_level_stats_event for radio 1.
If new ll_stats_req comes before last send_ll_stats_req finished,
link_stats_results memory wil be freed, left event can't be handled and
last send_ll_stats_req can't get response from low level and time out
after 1.6s, netlink is blocked during 1.6s, many app will be blocked.
To fix it, if new ll_stats_req comes before last send_ll_stats_req
finished, don't free link_stats_results memory.
Change-Id: I27453d8a3c72e62b030657323ecdf463114b4ac8
CRs-Fixed: 3106562
For MLO Roaming,
- RSO offload commands will be sent
to FW only on assoc vdev.
- Add new state for link vdev, will be
used only during roam sync.
Link vdev RSO state change : DEINIT -> MLO_ROAM_SYNCH -> DEINIT.
Change-Id: Ifb89e23fc48356ec8f0bc6a045f2dd4d81038076
CRs-Fixed: 3098570
Remove unwanted parameters from start_bss_req and use
the parameters from vdev instead.
Change-Id: Ifea96bf7908b0dae66807b7a346684fe46fdcd4e
CRs-Fixed: 3105488
CAC duration of new channel should be able to get before CSA. During
CSA, CAC duration of new channel is used to populate max channel
switch IE.
Change-Id: I25d430d3eb663c90555ebad7a214b0789ea8c1ce
CRs-Fixed: 3102581
wlan_hdd_ap_ap_force_scc_override lead to force SCC for same band.
For SBS the same band freq can be allowed, so add the SBS check.
Change-Id: I45cda6670adb7d966b83c814a74b970624c15658
CRs-Fixed: 3106025
Rename Legacy to non ML STA and MLO to ML STA in
if_mgr_handle_ml_sta_link_concurrency and related function.
Move if_mgr_get_ml_and_non_ml_sta_count to policy manager
util API. So that it can be used by other modules.
Change-Id: I61260ddf1c6008d8601efaac8d0e9e768e253499
CRs-Fixed: 3105269
As in SBS ML STA, both links are on 5Ghz, reject the 5Ghz
non-ML STA connection, to avoid enabling same band roaming on
both STA.
Also do not allow the SBS ML STA, if a non-ML STA is present
on 5Ghz.
Allow it only if primary interface is set OR dual STA roaming
is disabled.
Change-Id: I20a23ed3b4d87c9acac5417a6f2d484fc80f47d6
CRs-Fixed: 3103246
AP mode, function __wlan_hdd_cfg80211_dump_station() only get AP's
statistics. Add code to support get peer station statistics.
Change-Id: Ie821484e8a21116f4a4b6402ea2fcd85453e4cdf
CRs-Fixed: 3088695
Mlo flag of vdev is set in wlan_hdd_cfg80211_start_bss context which
happens before pe session creation, so we may get a mlo vdev but the
pe session is not created.
Check link session Before populate MLO RNR IE.
Change-Id: I59da17bf1722c5a580c804ec8e6bf801aa510b0a
CRs-Fixed: 3105243
Initialize sap bw as MAX BW in
policy_mgr_valid_sap_conc_channel_check() as
wlansap_get_csa_chanwidth_from_phymode() take care
of selecting BW for sap and it has a check that will
take minimum of selected BW and initialized BW.
If this BW is not initialized with Max BW then in cases
where original BW is 0 (20 Mhz) (cases such as channel
switch happens from 2.4Ghz to 5Ghz), the above mentioned
check will result in selected BW being 0 (20 Mhz) for
non-DBS HW.
Change-Id: I29febf09036ffa0163df58ce51b399abe2a43fe2
CRs-Fixed: 3101285
Add additional debug logs for EHT cap and MLO IE in the
parser APIs for ML STA and SAP.
Change-Id: I19353e30be44d29d2ab5ec3de780ecdeb8907158
CRs-Fixed: 3088072
For QCA6390, firmware not advertise service capability for
tx aggr size 256 support information. Actually it supports
max tx aggr size 256. If user want to use aggr size 256 from
ini file , current behavior will reset the size 64 for QCA6390.
Fix this issue to adopt size from ini file configuration.
Change-Id: Icaed9af65d70e3d14ac604636c4269bd00a8c801
CRs-Fixed: 3089384
Avoid OOB read in dot11f_unpack_assoc_response API. Modify
the check to nBuf-len > 1 to read another byte of pBufRemaining.
This ensures a read of at least 2 bytes since all IEs have
at least 2 bytes.
Change-Id: Ic6756c11c05e68f0af5227971ce8b16a6c7e012a
CRs-Fixed: 3104235
LL stats request is not supported for SAP mode. But driver is not checking
for device mode for LL stats request. Instead it is depending on LL stats
request set flag which won't be set for SAP mode. In case of mode switch
from STA to SAP, it is possible that LL stats request set flag will be set
for STA mode and LL stats are requested after switching to SAP mode. This
will bypass the mode SAP.
To avoid this, reject LL stats request for SAP mode.
Change-Id: I8c680288991126f0b349584f502b22e18af72287
CRs-Fixed: 3081453
Currently STA will fail to start on 5G channel if SAP is up on
dfs channel already. So moving SAP from dfs to non-dfs channel
first to make sure STA connection can happen.
Change-Id: I1761debdd33b0b60755f159d598fd3c9b080ceee
CRs-Fixed: 3103726
Currently when ever there is a change in MLD MAC address, MLO manager is
not being notified with new MAC address. This resulting in memory leak
for mlo dev context which is created with old MLD address.
To address this, update MLD address in MLO manager with new MLD address.
Change-Id: I1a3eb9426dc39e5b4fe5bfaf0bd4a571280eb50c
CRs-Fixed: 3103077
In force SCC logic if 6Ghz freq is not allowed on the SAP interface
get the low 5Ghz freq for SBS scenario as we have 2 5Ghz freqs present
in this case.
Change-Id: I0783e5cf2825ee4f10549826b6dd71677976e6c3
CRs-Fixed: 3103876
Certificate 4.70.1_6G need verify that the following conditions are true:
a. APUT responds with a Probe Response frame with the Address 1 field
set to the broadcast address when test bed STA to send Probe Request with
SSID = as per Table 168, Address 1 = wildcard (broadcast).
Change-Id: I44581eaf251b79f47e374d8294616c554a9acf10
CRs-Fixed: 3104288
Currently to copy the assoc request to partner link assoc request,
qdf_nbuf_clone is used. But qdf_nbuf_clone will just copy the skb
structure but not the original packet. Hence while updating link assoc
request, original assoc request is being updated. As a result ML
security connection is failing.
To resolve this, use qdf_nbuf_copy to copy assoc request to link assoc
request.
Change-Id: Id31d293300ab6471ede4b40a505ebf2495c432b5
CRs-Fixed: 3099473
In function wma_data_tx_ack_comp_hdlr, wma_handle, which is already
validated by wma_validate_handle, is NULL checked again after
dereferencing. The fix is to remove the irrelevant NULL check.
Change-Id: I9eebdb398e61d2991d0ff8e23cd08870d57707e5
CRs-Fixed: 3096718
During recovery, when this timer is started, there is no
stop operation. If the timer is triggered and SSR is not
completed, it will visit re-inited data structure and lead
kernel crash.
Change-Id: I81b20c1cc9c66efb3f334a17f38613a116aeaf9e
CRs-fixed: 3101872
Customer reported their HLOS LTE-WLAN transition algo sometimes go wrong
for wrong low layer stats, Txretry delta is bigger than Txtotal delta.
Txretry unit is msdu while Txtotal unit is mpdu.
Add vdev/peer stats for mpdu number of successfully transmitted after
more than one retransmission attempt, to align mpdu tx_packets, tx_failed.
CRs-Fixed: 3102117
Change-Id: Id4b9d8fd81af4bf0c141dad481bfd2b3f6c1db2a
When STA+SAP concurrency, sta roaming pcl will remove all channels of SAP
band except scc channel to avoid mcc.
When SAP stopped, STA roaming pcl isn't updated for wrong vdev id is used,
so can't roam to all channels of old SAP band except scc channel to avoid
mcc.
Change-Id: I35adb55ac155e4c84f858f16796dbec12589ab2f
CRs-Fixed: 3102601
Before host received beacon miss, firmware has checked link by sending
QoS NULL data, don't need host send probe request to check now.
Some IoT AP can send probe response after receive probe request, but can't
send beacon sometimes, need disconnect in time too, or firmware will
assert.
Change-Id: I74105769cfbd9f80cdde21bfa7b8c6d75efc4a3a
CRs-Fixed: 3102930
