In the case of roaming failure, FW sends HO fail indication to host
and initiates peer deletion in fw. Host should not queue deauth
frame to fw in case of HO_FAILURE.
Due to commit id I99bf4573b59dc810e0a1529fcd48061d10acae4e, host
sends a disconnect request to fw as part of HO failure handler.
There could be a possibility that host queue disconnection frame
after the vdev down in fw. This leads to assert in fw.
Fix is to set process_ho_fail variable in disassociation request
to true in case of ROAM_FAILURE. This flag tells LIM whether to
send the disassoc req OTA or not.
Change-Id: Ia504ff3ba8b07fcf66226b588eed379a71e2b896
CRs-Fixed: 2674297
Increased logging in policy_mgr_is_concurrency_allowed
by adding debug logs in policy_mgr_allow_multiple_sta_connections
and policy_mgr_is_6g_channel_allowed.
Change-Id: Ic285566209b4d63df579913e7390c48891a04855
CRs-Fixed: 2674968
Set_nud_stats request is received at driver when
roaming is in progress. WMI command sent for this
request causes an assert in firmware.
Fix is to reject set_nud_stats request received during
roaming.
Change-Id: I41e3b665ef02abcac5b59ce151c3938497be6283
CRs-Fixed: 2674624
This is to fix the error of missing soc NULL check.
Before dereferencing soc for decoding pdev handle,
add the NULL check for soc.
Change-Id: Idade64fd88790e9a6faffceb99fc42dcd683677d
CRs-Fixed: 2668317
If fw is down when runtime pm, runtime pm will return EFAULT
to kernel, so kernel will treat it as a critical error so all
future runtime PM API calls will return error, this is not what
driver expected.
Always make sure driver only return EAGAIN or EBUSY to kernel.
Change-Id: I651f75ee615af819a080e2955ac64a986620375f
CRs-Fixed: 2674531
Kernel includes the BSS entry in to the following
data structures.
1. bss list rdev->bss_list
2. bss search tree rdev->bss_tree
It also stores the pointer of the connected bss in
“current_bss” .
If the driver does an unlink of the bss it deletes
the entries from the above data structures,
but does not update the current_bss data structure.
This leaves the current_bss pointing to the
previous deleted bss entry.
Thus, when the next set of newly found bss entries
start finding for the bss entries in the bss_tree,
the comparison with the already freed bss entry
above shall lead to an invalid access.
Fix is to remove unlink BSS from the channel change
notify path as the kernel can take care of it.
Change-Id: Ic0dfa6423db169e63ac80cd5a0f3ce05f0438c5d
CRs-Fixed: 2673629
On receiving nbuf list in hdd_rx_packet_cbk, is_eapol and
is_dhcp flags are set to false only initially. In the
loop over all skbs, if any one of these flags is set to
true, these flags are not reset for each skb leading to
incorrect stat values and possible OOB access to rx_delivered
and rx_refused array.
Fix is to set is_eapol and is_dhcp flag to false in the
beginning of the nbuf loop.
Change-Id: Iacc7620f26fb0f71dee931c78993a75232e767b0
CRs-Fixed: 2669412
When the driver unload is triggered, the device could be in the
runtime suspend state, so the 1st thing driver does to do runtime
resume, During this runtime resume the bus bw timer could be started
which in some race conditions is not getting stopped.
Stop the bus bandwidth timer after the wlan chip is runtime resume.
Change-Id: Ie29f9b4d44cea5c5624020aa3b6b3f08489860d3
CRs-Fixed: 2672120
For each peer connected to SAP, there is a corresponding entry maintained
in HDD called station_info. Currently, this data is being stored as a
hash table. There are two primary complications in using a hash table
in this scenario:
- The max peers supported are 32. This is a very small number to
use a hash table for. The minute time complexity gains for a
fetch/insert operation do not justify the implementation
complexity.
- The hash table is being implemented with the use of kernel ht
APIs. These do not provide the granularity to achieve proper
synchronization as is needed in driver.
To address the above points, move the storage of sta_info from hash
table to linked list. This will provide simpler implementation and also
give access to using proper synchronization methods.
Change-Id: I7d3a8a2937048f29a867453a91dfc1864932619e
CRs-Fixed: 2668300
This is to fix the error of missing vdev NULL check.
Instead of dereferencing vdev to get the vdev_id, can directly
use adapter's vdev_id, so that can avoid unnecessary vdev NULL
check and lesser operation.
Change-Id: I7d84046c405a82cd6967a8d79142acd5618e18db
CRs-Fixed: 2669233
Fix KW issue: therm_data.levelconf array elements are used uninitialized
Initialize therm_data in wma_update_thermal_mitigation_to_fw to zero
Change-Id: I40c4f57d70036956d0d618ad560ea9ea0f7dc07d
CRs-Fixed: 2669375
The mac address as pointer which is allocated by
wlan_hdd_get_intf_addr() may be null, and there is risk
about null pointer dereference without sanity check.
The fix is to add necessary null pointer check.
Change-Id: Ie0c3f841174e78b0d0b35e321ef7ca6b4cfdbe9a
CRs-Fixed: 2673727
Dfs radar processing function dfs_process_radar_ind is called
in interrupt context. Add new API policy_mgr_get_can_skip_radar_event
to be called in interrupt context to get radar skip flag.
The policy_mgr_get_dfs_master_dynamic_enabled will acquire mutex and can't
be called in interrupt context.
Change-Id: I1a3ce8536465d6f6da86b0cf7312e6430ea8ec89
CRs-Fixed: 2672701
When roam invoke from user space fails, internal disconnection
is triggered from csr. This queues disassociate command to lim
and then RSO command is also posted to lim. When disassociate
get processed, vdev down is sent, pe session is deleted and
roam offload flag at wma is cleared. When RSO stop is received
at wma, the roam offload flag is cleared and wma returns
failure without sending RSO command. So in STA+STA scenario,
after disconnection on 1st sta, roaming will be enabled on
2nd sta, but since RSO stop was not sent on 1st sta, firmware
will assert as btm offload is not disabled at the 1st STA.
Disable roaming first, followed by vdev stop/vdev down to
firmware.
Change-Id: I3f2f873cf50536b6f31bc0113ff737d6d95a520d
CRs-Fixed: 2672573
Presently whenever the control path is allocating the skb it is
passing the filename rather than than the function name required
by the qdf nbuf framework which is not much useful since when the
absolute path of the filename is considered and that can be truncated
leaving with only linenumber to understand the issue.
Pass the function name so it would help in root-causing the issue.
Change-Id: I998a88a3d22354500f3d01d09c91f0367755a179
CRs-Fixed: 2659490
Bring up SAP(2.4G)+SAP(161 channel with 11a mode)+STA mode, when STA
is connected to ref-ap on channel 36, 11a mode SAP will also switch
channel to STA's connected channel due to force scc, it will set
channel width to CH_WIDTH_40MHZ for 11a mode SAP channel switch,
actually 11a mode SAP doesn't support CH_WIDTH_40MHZ, it's wrong and
issue is introduced by
'Change-Id: I709dd35575866b7ec9fddcfb94078f114a78d1a2'.
Fix is to set channel width with 20MHz for 11a mode in function
wlansap_update_csa_channel_params().
Change-Id: I90fea788ff30ef0897c1ba98ad5b4d3c8eec3695
CRs-Fixed: 2623617
Address the incorrect Linux Foundation copyright
format in the copyright header.
Change-Id: I8921be98f1d837018ec2dfdf785fb314fd407207
CRs-Fixed: 2668480
If DUT connected to a non-PMF MBO/OCE enabled network, STA should
not initiate roaming due to BTM trigger.
If HOST disables BTM in firmware then firmware forwards frame to
host and host forward it to supplicant. Supplicant ignores the BTM
frame rather than send connect request to the driver.
Fix is to disable BTM offload if a peer doesn't support PMF.
Change-Id: I6455258c61bd3c2be7ec6c629b44d1aa08978740
CRs-Fixed: 2664896
The roam sequence in LFR-3.0 is roam scan start notification
from firmware followed by roam start indication and then
roam synch,roam synch frame events. Roam start is sent
after candidate selection and host driver will disable
queues when roam start is received.
But for emergency roam trigger, firmware sends roam start
indication directly without notifying roam scan start to disable
data path queues immediately after deauth received from the AP.
So roam start is received before roam scan is started at firmware
and before candidate selection is done.
After roam start notification, host sends scan abort for all scan
on vdev by setting scan command request type to
WMI_SCN_STOP_VAP_ALL. This results in roam scan getting aborted at
firmare in emergency deauth roaming case and roaming fails.
Define new vdev id value based on which the scan module will
abort only host triggered scans setting the request type to
WMI_SCN_STOP_HOST_VAP_ALL in the scan request.
Change-Id: Ie8b005285973461f654329e1b2dc1a45205331f5
CRs-Fixed: 2644323
It is more proper to define gEnableMCCAdaptiveScheduler as bool. Then
enable_mcc_adaptive_sch in struct policy_mgr_cfg should be defined as
bool.
Change-Id: I97e2c708e413f86722192b80de39d336e219b3fa
CRs-Fixed: 2656591
Regarding to the go+sap scc on dfs channel, sap can follow with go
to the same dfs channel, but sap tx is hung.
Since the host set the dfs_cac_block_tx by mistake when ap started,
though the ap skip the cac because the scc go finished the cac
procedure, then dfs_cac_block_tx has no chance to be reset.
The fix is to take account of dfs cac state to determine the proper
dfs_cac_block_tx.
Change-Id: I7a35225711f587b83d2fc381108d7d3f15893867
CRs-Fixed: 2631457
Add sanity check for mlme_obj in wlan_mlme_update_oce_flags to avoid
illegal memory access when mlme_obj is not valid.
Change-Id: I7dfd72cc704d3f9c11241fb2217f0b2ab7eda3d3
CRs-Fixed: 2669262
On Genoa, when 2G SAP exist, when STA roam from 2G to 5G by LFR2,
hardware mode need switch from single MAC mode to dbs mode.
Since disconnect current AP happens before reassociate, in
hw mode response handler, found original AP disconnected
already on host side, then don't reassoc new AP, it's regression
of Change-Id: I794c6bf3f749bba9c339fd18b5202d50091b73a7.
Fix: In hw mode response handler, don't check connect state of
current AP when reassoc new AP.
If found disconnect pending during host roaming, don't reassoc.
Add debug log when error happens.
Change-Id: Id836ac84a4156e9db28f6892c8c9eb5210dfb6e0
CRs-Fixed: 2668869
When NDI is removed from framework, driver deletes all NDPs
as part of eWNI_SME_STOP_BSS_REQ. Driver posts WMA_DELETE_STA_RSP
to lim from wma just after sending PEER_DELETE request to
firmware for NDP and ignores the DEL_STA response from firmware.
If there are multiple peers, all peer delete requests are sent
back to back to firmware. NDI peer delete and NDI VDEV delete
request also follow these immediately. All these commands
can go back to back to firmware as driver doesn't wait for
any of these responses.
But firmware needs some time to send NDP end frame to
the NDP peer after receiving NDP peer delete. Firmware might hold
the NDP peer delete request till it successfully sends the frame
to the peer.
Driver must wait till the NDP peer delete response is received to
proceed further with NDI cleanup/NDI vdev delete.
So, send NDP_END_ALL to firmware to let the firmware
initiate cleanup for all NDP peers. Use ucfg_nan_disable_ndi to
do the same which takes care of waiting for response from firmware
indicating cleanup has started. Then wait for all NDP END
indications and unblock the wait upon receiving last NDP END
indication.
Change-Id: I250883b3e9759ad903c3ce17f8c2c0b74a81f496
CRs-Fixed: 2619757
Currently there is no ini to control the rrm support on
SAP.
Add a new ini to enable/disable rrm on SAP.
Change-Id: Idef8da807bc5f8e2b4a1d61997824006e78b0cf6
CRs-Fixed: 2658926
