Currently during runtime suspend, in dp_find_missing_tx_comp(),
TX descriptors are freed forcefully if the TX completions for
those descriptors do not arrive within 60 seconds.
In certain rare corner cases, there is a chance of TX buffer (that is
in the enqueue path) getting freed in the TX completion path due to
delayed completions. This results in NULL pointer dereference.
Following is the sequence of events for such a case,
1. dp_find_missing_tx_comp() frees a TX descriptor
2. Different buffer gets attached to the same TX descriptor
3. Delayed completion for the previous TX arrives and frees
the buffer in point 2.
Defer the free in dp_find_missing_tx_comp() when there is a delta in
HP/TP for the TX/COMP rings. If HP & TP are not same, then there is
high chance of processing the delayed completion beforehand, thus
avoiding the aforementioned race.
Change-Id: Ia835928f85ea0f79d0187a55333cb8959d0a72e9
CRs-Fixed: 3721341
While CSA, wlan_reg_get_bonded_channel_state_for_pwrmode function
returning invalid channel state for Legacy connection leads to
CSA failure.
This function wlan_reg_get_bonded_channel_state_for_pwrmode
is under macro 11BE feature flag, so for non MLO case returning
invalid.
To handle this issue in Legacy connection, remove 11BE feature
flag for wlan_reg_get_bonded_channel_state_for_pwrmode function.
Change-Id: I905cd84b6af1b91c6c4bf9b1cbaf6e2562dc62e2
CRs-Fixed: 3724006
This change is to update link state status in case
of WMI_MLO_LINK_STATE_SWITCH_EVENTID event.
Change-Id: Ia95c072aa9b2ccb64ca8a6b137d1f75bb6f87003
CRs-Fixed: 3721397
This change is to update no. of dwords for htt_tx_msdu_desc_ext2_t
as new dwords have to be added by FW to pass
rx buffer address info to support opt_dp_ctrl.
Change-Id: I3edb0a32a1e340d715c00776254ab50aca93c4e0
CRs-Fixed: 3717471
Enable CE-1 event history for perf builds to have additional
information for debugging CE issues.
Change-Id: I4031517c1fe04566a891117db1fe076b53d870d8
CRs-Fixed: 3721865
As per new requirement, host should send proper values
to get_channel request from upper layer for standby link.
Upper layer can use these information to fetch CU values
for standby link and print on console.
Change-Id: I045b8c5a3035f96e55281bd31d3e0b8043df4cb7
CRs-Fixed: 3719534
Introduce new event type to notify userspace about FW
pagefault. Use this new vendor subcommand to send
pagefault address and count of pagefault to userspace.
Change-Id: I330675b194a0f220cc627a0722494ba36a0def61
CRs-Fixed: 3713819
After draining txrx rings there is possibility of reg work
getting triggered to update rings write pointer, this
might cause the reg work to execute later after suspend
complete and cause allow suspend and prevent suspend count
to go out of sync. So make sure all the txrx dependent
tasks are complete after drain.
Change-Id: I30b0696cef4499cc1e92b4556488b58037520184
CRs-Fixed: 3717885
Currently out of memory worker thread completion wait is not present
before going to wlan suspend, this may lead to worked thread accessing
CE ring HP updates when wlan is in suspend state.
Avoid this by waiting for out of memory worker thread completion
before entering wlan suspend.
Change-Id: Id9d0ae9dc1de03f4e3d95bb6fac1c41ecbf7e202
CRs-Fixed: 3714467
While parsing ESP IE from beacon/probe response frame,
the condition in loop to copy ESP_INFO from the ESP IE is
incorrect which will iterate for 5 times rather than 4 times,
this may cause OOB access.
data < ((uint8_t *)esp_ie + esp_ie->esp_len + 3)
Here adding 3 for esp_ie->esp_len, actually esp_len itself is
1 byte extra (esp_ len = ESP_ID_EXTN + ESP_INFO * 4),
but by adding 3 again will loop for one more iteration
this will cause OOB access.
Remove 3 in loop condition to avoid one more extra iteration
and ignore ESP_ID_EXTN element for total elements, in function
util_scan_update_esp_data.
Change-Id: Ia9226e483672369af36c6914e3ac914fe9de45e5
CRs-Fixed: 3710081
Delay write of SRNG regs may happen on different CPUs.
Sometimes wmb may not sufficient to protect the update
in sequence.
So to fix update issue sleep and retry before checking
again for update.
CRs-Fixed: 3717683
Change-Id: I6c7916f91ecefa8175d3e3d9108d018fc8a42cfc
After legacy STA connected 1 link of MLO AP as 11ax, MLO STA connect
same MLO AP, 1 link connect will fail for bss peer existed, tx queue
will be disabled, other links can't be used at all.
To fix it, when MLO STA select candidate AP link, if peer with BSS link
addr exist, disable the link.
Change-Id: Ib7e2f4cd43c8190c5e5fd0bb7786df41b022f518
CRs-Fixed: 3715997
Remove unused argument in mlo_send_link_connect() and
fetch MLD address from connect response to fill in
partner link connect request.
Change-Id: Iad6089c39d14115774cf1456341965cad8c0110d
CRs-Fixed: 3714999
Profile count information not sent to firmware
when DUT associated to TX BSS.
Populate profile count for TX BSS profile.
CRs-Fixed: 3633267
Change-Id: I08a13fe785dbbf66f7ec3394d7aa72f685438619
Issue:
TA of the MBSSID basic trigger always shows up as:
00:00:00:00:00:00, when the STA connected to Non-tx
VAP, due to which peers are not responding to the
basic trigger frames and getting more response
timeouts. This results into a dip in the throughput
(due to excessive retries).
Fix:
In AP solutions, it is expected that the non trans
bssid could be 00:00:00:00:00:00, during vdev MLME
up operation. Hnece, the updating the vdev up params
(trans bssid, profile index, profile number), should
not be dependent on the valid non trans bssid.
This condition is valid for STA solution, hence added
a opmode check specific for AP.
Change-Id: I766182c6dd0aba93d861800146eb44d3e3f6a706
CRs-Fixed: 3669310
When MLO partner link and assoc link are on same frequency, F/W will
assert.
To fix it, don't allow partner link is on same frequency of assoc link.
Change-Id: I01338dbbc0845e6f6284e4a374f5ad0a5cada334
CRs-Fixed: 3706613
FW sends "Center Frequency Index" as new center frequency.
via mlo sta standby csa event WMI_CSA_HANDLING_EVENTID.
Currently host uses value of Center Frequency Index (CFI)
directly to update center frequency for all links to
"mlo_link_info" structure. Due to this host maintains a
wrong value of center frequency throughout of connection
which leads to failure in calculation of bonded channel
in case of 6 GHz and 320 MHz connection.
Fix is to update center frequency in "mlo_link_info"
structure for all require link(s) as per CFI coming via
mlo sta standby csa event.
Change-Id: Iea04fb9b1c1c9b0dbd0be3647173708c47ea74be
CRs-Fixed: 3702255
Currently for any assoc failure the number of links part of the
association is reduced and retried with less number of partner links.
If the failure is due to "Association request rejected temporarily,
try again later" retry to the same with the same number
of partner links instead of downgrading the links.
Change-Id: Id2b50469a5265b0151c000b3bcead2db361ad152
CRs-Fixed: 3708221
While parsing probe response and assoc response frame,
timestamp data is copied to buffer variable without validating
the frame length. If received frame length is less than max
size of timestamp, this will lead Out-of-bound access.
Add frame length check with max size of timestamp before copying
from the frame received in util_gen_link_reqrsp_cmn.
Change-Id: I055ccc84d334316ecd772e19371d315274373c04
CRs-Fixed: 3699954
Currently, Host driver is updating partner bssid to kernel
based on number of link. In some cases number of link may be zero
leading to not updating partner link bssid to kernel.
This change is to eliminate number of link check for updating
partner link BSSID to kernel.
Change-Id: I2e2704aeaea0db41c4d82792808cc8765290cc7c
CRs-Fixed: 3707662
Currently, while generating non-TX VAP scan entry from the
TX VAP beacon or probe response MBSSID IE, driver copies
the ML IE from MBSSID and main frame which lead to 2 ML IE
in the TX VAP frame.
Fix is, add proper check to copy the non-TX VAP ML IE from
MBSSID IE.
CRs-Fixed: 3708786
Change-Id: I93f2552fe8a0080ffc871b39b164fadd86df8ff0
Currently host is not validating roaming cfg file
per key and value and only checking if no unpermitted
characters are present in the file before parsing.
To address this issue, parse roaming ini file
only if no unpermitted characters are present in the key
and value otherwise fall back to roaming backup ini file.
If the backup file don't pass validation criteria's
then don't parse it as well.
Change-Id: I6068d41ed67698ec60c0985151282936590b1544
CRs-Fixed: 3678910
Currently a fixed size array of 2K is used to hold the NBUF pointer
references for RX refill thread NBUFs. Since the queue length of the
NBUF queue is a compile time config, any length change beyond 2K
would result in overflow errors.
Allocate the memory for NBUF references dynamically instead to avoid
such overflow conditions.
Change-Id: I20680768faf20d7688ce33f68ce2aa2be2079be0
CRs-Fixed: 3707803
On HO failure driver triggers internal disconnect and if
the existing connection is two link MLO, then disconnect
is issued first on partner VDEV and later on assoc VDEV.
To avoid STA+STA roaming conflict where STA2 roamed to
STA1's BSSID and STA1 resulted in HO failure and to
prioritize STA1 cleanup so that STA2 will not fail during
peer create.
The original change I379c03138b70580f44c2b96489ada030ec6fc20e
This is leading to cleaning up assoc VDEV first followed by
partner VDEV, but DP component removes the entry of DP peer
on assoc VDEV cleanup as the expectation is partner VDEV
gets cleaned first followed by assoc VDEV. This is causes
reference leak on the peer.
To address this issue don't prioritize disconnect for
HO Fail case.
Change-Id: I8d5abd0bb5ded49527ce851b9155ad22d7dcf5a8
CRs-Fixed: 3708018
Peer state could be queried from both fast path and
slow path. Change separates this call and allows log
print from slow path call.
Change-Id: Iad2cc209e15fe95366cd606c5daa6233f2c5535e
CRs-Fixed: 3700370
Add vdev delete notify callback for DP vdev, which
is called when dp_vdev is freed. This will notify
the osif/non-cmn dp layer upon dp_vdev delete.
Change-Id: I22110ebd048066e84644c04b4903c50dd61c61a4
CRs-Fixed: 3696638
Add necessary changes for deprecated kernel APIs and other changes
in kernel code in order to compile on LTS 6.5 kernel.
Change-Id: I7c51b1d435090877d488f6433357ed1ed7c265b4
CRs-Fixed: 3663875
After received WoW ACK from FW, there should be some RX packets
coming and IRQ delayed, if these packets are not got processed,
FW UMAC will crash. Change adds an explicit check and abort suspend
if rings are not empty.
Change-Id: I758e1b71d0f5fc9be8cab1bea0f3db20c1698ecc
CRs-Fixed: 3693657
Include <linux/qcom-iommu-util.h> file based on ANDROID_COMMON_KERNEL
macro as this file is not available in upstream kernel.
Change-Id: I2e56b33d290319352236d1faae3b29cd6362bc07
CRs-Fixed: 3682260
Currently, CFG80211_SINGLE_NETDEV_MULTI_LINK_SUPPORT is enabled based on
__ANDROID_COMMON_KERNEL__ and kernel version greater than equal to 5.15.
Enable it for above condition or if kernel version is greater than or
equal to 6.6.
Change-Id: I12ae6bf116e37999c935012485651bfadf8b9b2a
CRs-Fixed: 3681611
Certain APs available to end users may allow EHT/MLO config
in non-WPA3 security modes (like WPA2). Current implementation
will not allow connection to such APs in EHT/MLO and instead
downgrades to 11ax mode.
OEMs may want to control this driver behavior via INI based
on the requirement. To allow connecting to such APs in EHT/MLO
a new INI is introduced as a bitmap. The default value of this
INI will not allow connection to any of those APs in EHT/MLO.
Change-Id: I3e657f3f4ba1f5efc9263cb90bcd1773233975ac
CRs-Fixed: 3693813
Each link in MLO can have different RSN capabilities with
different AKMs, PMF capability, UC/MC cipher suites and so on.
For any choice of links for MLO connection, the AKMs of the
links should have one common AKM.
Eliminate partner links without overlapping AKMs from MLO
connection.
Modify partner link AKM to match assoc link AKM, so that
only overlapping AKM is chosen even though an AKM with
higher security exists for partner link.
Change-Id: I9573e938789a4b95ae824872845d31008861f6f2
CRs-Fixed: 3693814
For non-TxMBSSID ML AP ML probe req may not receive any response
from MBSSID AP and later partner link may fail to connect as
scan entry is not present.
Introduce new flag to suggest whether the partner link scan entry
is present or not in the scan DB. If flag is set to true, generate
scan entry for such links.
Introduce new APIs which will generate ML probe resp using
the per-STA profile of partner link from assoc resp frame.
Introduce API to get the current candidate scan entry from
connect request.
Change-Id: I1c33956b01eb468afa26be5b0bfba634ee3a0aee
CRs-Fixed: 3675830
Handle ipa_init when opt_ipa_wifi capability is not supported
by IPA subsystem.
Change-Id: I6a120589b4ba6b60a1c15420c545f4768cff047b
CRs-Fixed: 3695354
On set country code, host updates EHT cap IE to FW via
WMI_VDEV_SET_IE_CMDID command. 320 MHz BW capability in
EHT cap IE should be as per new country code.
Change-Id: I3b80dbeee6f35dacc41f15612373ea7f8efc5803
CRs-Fixed: 3670311
Excessive logging in wlan_mgmt_txrx_desc_get if descritor is
not found.
Rate limit excessive logging in error log.
Change-Id: I929c5cca5dea94db4b618f0390d76a6ca83159a9
CRs-Fixed: 3696162
RSO is stopped upon receiving link switch request to avoid the
race between link switch and roaming. RSO is enabled again once
link switch operation is successfully completed, i.e. upon connect
complete of the new link.
But link switch may fail due to multiple reasons (e.g. scan
result/partner info is not available for link switch) and the
connection is retained with single link as the other link is
already cleaned up as part of link switch request processing.
RSO is not enabled in such failure cases and thus firmware
doesn't roam even it finds a better candidate.
Restore RSO state to ENABLED upon link switch failure.
Also, cleanup the failed link bit in wlan_connected_links upon
link switch failure.
Change-Id: Ieefd7bf9615c80e7ab6ecdbee5c99d6e52857cc6
CRs-Fixed: 3681892
Currently Mon status ring resources allocation and cleanup
is not in sync, during cleanup we are freeing more than allocated
for single MAC solutions like QCA6750.
Fix this by cleaning mon status ring resources properly for single
mac QCA6750.
Change-Id: I8c8564d106fda29f7a6a36f887aa3adee9dc1edf
CRs-Fixed: 3693448
Wireless environment may have APs with same BSSID but different
MLD address and if any APs BSSID is similar to the current
candidates affiliated partner link BSSID, then receiving beacon
or probe resp from such APs will override the affiliated link's
scan entry and the MLD address may be different or NULL if the
AP is non-ML.
If link VDEV connection starts and during candidate selection
it may find the scan entry of this other AP and attempt to drive
connection will lead to creating ML link VDEV's peer with
different MLD address than assoc VDEV's peer.
Enhance scan filter to match MLD address for link VDEV to avoid
such scan entry override.
Change-Id: I11c9b4efdf2d60e92482b296d731d613a200bf0e
CRs-Fixed: 3668326
This change refines the log in htc_tx_completion_handler()
to avoid flooding by using qdf_rl_err().
Change-Id: If24f29cab89098a5e33f79aaa2cf43704b957d0f
CRs-Fixed: 3694797
