During runtime PM suspend, some key WMI commands will be tagged
so that they can be extracted from HTC queue in order to send to
firmware with priority. Some of these commands are no longer needed
for tagging in latest offload sequence. Hence remove them from the
list.
Change-Id: If0bc547969837d6326aa8d7248d65677c5d3a940
CRS-fixed: 2398382
Add the WMI PDEV param 'wmi_pdev_param_ul_ppdu_duration' to
add command support to modify the UL PPDU duration.
Change-Id: If2f8ef02d4f992d91fa745599d5c08b1dfccceca
CRs-fixed: 2393139
Add support for UL_RU26 WMI service which will notify the host if
the target has allowed UL_RU26
Change-Id: I639c0872f541cf30776c9f76b87c4b950c1e17f4
CRs-Fixed: 2390350
check for max_ast entries supported by FW and add the
entry on host accordingly.
Change-Id: Ief70ba631bb41d50c79d3673e3eea0c45b0c1e19
CRs-Fixed: 2355947
In extract_hal_reg_cap_tlv(), field hal_reg_capabilities of
param_buf may be NULL, when access field wireless_modes of
hal_reg_capabilities, it will result in a NULL pointer access.
Fix is to add NULL pointer check for field hal_reg_capabilities
of param_buf.
Change-Id: Ie2a50ce1f06f9623cc771d4d580cb5f9f25cc5d4
CRs-Fixed: 2387212
Cleanup WMI to use new data structures in vdev mlme
for corresponding vdev mgmt op
Change-Id: I0126dcb34e569aac2af82de15e0f3362cf5a0a5e
CRs-Fixed: 2383346
Clear compilation warnings for wmi files which
has unsued functions in case of some macros
aren't defined.
Change-Id: If3a9ee68206a44e35f459e3c39d9da2d6f7ba4ba
Extended service ready event has a tlv
containing the spectral bin scaling parameters.
Populate the spectral capabilities using this info.
CRs-Fixed: 2379652
Change-Id: I0b4648302e7170b5965cf1aec68638e70cd36e73
Currently the driver uses structure for peer mac address
to store the mac address.
Use the already existing peer mac address array for the same.
Change-Id: Ib49b2ac4747fce3610da73a1d29c67ccaaeaad65
CRs-Fixed: 2390282
In extract_mac_phy_cap_service_ready_ext() the field num_hw_modes
of hw_caps is used as loop bounds and may be attacked.
hw_mode_caps is a pointer defined by firmware. The exact array
length cannot be got since hw_mode_caps pointing array length
is variable. Fix is to add check for field num_hw_modes of hw_caps.
Change-Id: Ie234db3f2356186a4e7aac121ec88dd7e6453efd
CRs-Fixed: 2387221
The TLV WMI added support for a new WMI_SERVICE_WLM_STATS_REQUEST
service along with an associated WMI_WLM_STATS_EVENTID event, so add
support for a proxy unified WMI service and event.
Change-Id: Ic79c4b757fe2d4e806306750250e3c102745c486
CRs-Fixed: 2388911
Add WMI_HOST_REGDMN_MODE_11AC_VHT20_2G in WMI_HOST_REGDMN_MODE
bitmap.
WMI_SERVICE_READY_EVENT indicates ht/vht capability by
hal_reg_capabilities-> wireless_modes, REGDMN_MODE_11AC_VHT20_2G
indicates 2g vht20, check and save it as
WMI_HOST_REGDMN_MODE_11AC_VHT20_2G.
Change-Id: Idfb9a0f576619d4f890c2c0df68fc903f311c510
CRs-Fixed: 2384269
The original implementation of the "get link status" feature contains
some design and implementation details that are not ideal, so fix the
following deficiencies:
- The link_status_params struct contains three fields that are unused.
- The only link_status_params field that is used, session_id, uses
legacy terminology instead of converged terminology
- The wmi_unified_link_status_req_cmd() implementation uses a void
pointer instead of the correct underlying type for the WMI handle.
Note that change I508ec083298caa45d4cbb1ba28b21e47e379a804
("qcacld-3.0: Align with revised "get link status" Unified WMI") is
interdependent with this change.
Change-Id: I057ca0aff4a627c7fcdb9f90a5da46473813f60a
CRs-Fixed: 2381364
OOB read can occur while handling WMI_SERVICE_READY_EXT_EVENTID event
when large invalid num_phy received in that event, as this value is used
as index to array.
Change-Id: I0e80d04d19160e219028b07599a8b9953a798fb2
CRs-Fixed: 2374726
Currently we have same function name/different implementation when set
wmi scan channel list for WIN and MCL, the implementation for WIN side
send_scan_chan_list_cmd_tlv looks more intuitive which will remain with
minor change.
Remove definition of struct scan_chan_list_params and wmi_channel_param
which is no longer needed. Change HT flag set independent on VHT flag.
Add WMI DFS flag set if channel_param.dfs_set set.
Change-Id: I131ca09c12687bda5eb3eb03b7bcca1d62ac7aa9
CRs-Fixed: 2363675
Change Ie6c4a9847f2daa9ba2aebd17f386d584201b86d6 ("qcacld-3.0: Remove
obsolete set/reset ssid hotlist") in the qcacld-3.0 project removed
the only client of the WMI SSID hotlist infrastructure. Since this
infrastructure is obsolete, remove it.
Change-Id: I4a1de39c982947bbf4958d976426f95e3217f1a3
CRs-Fixed: 2381277
In extract_mac_phy_cap_service_ready_ext() the num_hw_modes
is used as loop bounds and may be attacked.
hw_mode_caps is a pointer defined by firmware. The exact
array length cannot be got since hw_mode_caps pointing array
length is variable. So use max number to check
num_hw_modes before loop.
The max number of hw modes is 24 including 11ax.
Change-Id: I72f30ba819bca89915bb09f271e3dbe7c0f157a6
CRs-Fixed: 2369233
Current Spectral WMI logs on TLV systems are
difficult to interpret, correct it.
Also, set their log level to QDF_TRACE_LEVLE_DEBUG.
Change-Id: I6f19143df230d82edc2fb8dd86b18addbb327d6b
CRs-Fixed: 2369960
The pointer to chain masks capabilities is increased, and the number
of chainmask capabilities isn't check if valid. Which will cause oob
read list of chain mask capabilities.
Change-Id: I1f11fb49d545a4f88fe4d0734968dbe17c3f1a7e
CRs-Fixed: 2347661
When WMI_SERVICE_READY_EXT_EVENT is received from firmware, the
function extract_hw_mode_cap_service_ready_ext_tlv is called to
update the soc caps and other capabilities to the host. hw_caps
is extracted directly from the param_buf value received from the
firmware and hw_caps->num_hw_modes is used to traverse
through the hw_mode_caps and update the values to it from the
param_buf->hw_mode_caps, need validate hw_caps->num_hw_modes and
param_buf->hw_mode_caps before use them.
Change-Id: I459f0afce7701ddf1d041912e3406643d27a7f9c
CRs-Fixed: 2336910
In wlan_cfg80211_scan the number of ssid, ssid length and number of
channels are not checked for max size of array and thus can lead to
Out of bound access of memories.
Fix is to add bound check before copying the params.
Change-Id: Ie6d4e546fb9c884d5988493b611ef7b217f0a95c
CRs-Fixed: 2375217
In extract_hal_reg_cap_tlv(), hal_reg_capabilities
can be optionally defined. This field can be NULL
resulting in a NULL pointer read. Add NULL pointer
check before qdf_memory_call().
Change-Id: I142bed65e80aa9b4bb88a4e68f74235dd50e3624
CRs-Fixed: 2368284
Rearrange the debug prints in the wmi path
so that valid information gets printed.
CRs-Fixed: 2368173
Change-Id: I8900eda444c9d1dee69f5c1e30662022580d2a7b
Validate num_mem_reqs should be less than TLV size in
extract_host_mem_req_tlv() function.
Change-Id: I88ebfc4bfe3abb9b0926990f5f777fc0d62e1fc1
CRs-Fixed: 2347667
The firmware sends a new wmi event WMI_ROAM_BLACKLIST_EVENTID
to send the blacklist AP list.
Change-Id: I04fab853efbded48285ac063bb39c64f342c229b
CRs-Fixed: 2369107
Add host support for db2dbm RSSI changes. Firmware
indicates this capability when underlying hardware
has RSSI reporting feature. Based on this capability
host will know if firmware sends SNR or RSSI. If no
capablity is present then host will convert SNR to
rssi using a fixed offset of -96. If capability is
present host will directly use the rssi as it is.
Change-Id: I9058f16c6280d466feb96cf88a8a0d8cd7b02032
CRs-Fixed: 2364025
After driver load and interface up, if user changes the country code
and performs the interface down, now if interface change timer expires,
stop modules is invoked. When user again tries to do interface up, as a
part of start modules, update channel list indication comes from FW
with default country info from BDF file which overwrites user specified
country information.
To resolve this issue, if current country is set by user and if
driver gets notification to update channel list from FW with
different country code during restart of wlan modules then ignore
master channel list and send the current user country to FW.
Change-Id: I0a0c57eda03827dc3fef59928569bf2f0bc32634
CRs-Fixed: 2340798
As part of the NAN Discovery DBS support, new vendor command
- QCA_NL80211_VENDOR_SUBCMD_NAN_EXT - has been defined that
can carry the binary blob encapsulated within an attribute
and can carry additional attributes to enhance the NAN command
interface. Add the related definitions to support this command.
Add definitions to support the new NAN EXT vendor command.
Change-Id: I83c12c7512066434f8974619e1d953ac78d3a40d
CRs-Fixed: 2339032
Currently there is no converged wmi_service enum for the
WMI_SERVICE_VDEV_LATENCY_CONFIG.
Add wmi_service_vdev_latency_config as the converged enum.
Change-Id: I90d54ccd507b4267cd7310b4e6e5b1473c7dc41c
CRs-Fixed: 2366187
Add WMI support to send WMI_PEER_UNMAP_CONF_CMDID to FW
for peer unmap confirmation.
Change-Id: I1a260f840ed28f90568d9cba912cc5e5128c8c7d
CRs-Fixed: 2358066
This FR is to enhance existing pktlog debug tool
This feature will allow to capture pktlog for particular
peer mac address.
Change-Id: I3676095536185f25b0d498e03f70246260a324fd
While handling the WMI_SERVICE_READY_EXT_EVENTID WMI FW event, a NULL
pointer dereference can occur if param_buf->hal_reg_caps is not checked.
Check param_buf->hal_reg_caps before dereferencing it to avoid NULL
pointer dereference.
Change-Id: I00eba5e89fbdde78979d19f492df5ad4dca8b80c
CRs-Fixed: 2347673
Introduce a new wmi_send pdev param to enable/disable
"Subchannel Marking" in Firmware (only in Full Offload)
Change-Id: I3cd4f4f13ebca72c4505b6195cc8dc4856d41671
CRs-Fixed: 2334258
Current HTT_H2T messages from host driver does not have
consistency in message length set by host driver. Some
message types include HTC header length also within the
message length, while other types have message length
itself only, which causes difficulty in handling message
length in FW.
Change-Id: I885a21530a2d8f852387ae54cf7ee0751aad2516
CRs-Fixed: 2345075
Remove the unused fields from WMI unified vdev_start_params structure.
The channel information duplicated in vdev_start_params and
it sub structure channel is removed and all implementations
can use the channel sub structure directly.
Change-Id: I47cf4c4223111b6f564ec8336dbfcda4592e8e0c
CRs-Fixed: 2350505
In extract_roam_scan_stats_res_evt_tlv(), there is potential
buffer-overflow due to no input validation of following event
parameters from firmware:
(a) Roam scan frequencies against maximum value of 50
(WMI_ROAM_SCAN_STATS_CHANNELS_MAX) and
(b) Roam scan candidates against maximum value of 4
(WMI_ROAM_SCAN_STATS_CANDIDATES_MAX)
To fix this, validate roam scan stats event parameters.
Change-Id: I866b492f7ccb48c4960ff25a9e817cbdb394509e
CRs-Fixed: 2335530
