Firmware sends beacon/probe response of the roam candidate to host
through roam_frame_event when it chooses a candidate which needs
SAE authentication to be performed. This is needed as the host
checks if corresponding scan entry is present in the scan db
before starting SAE authentication trigger.
But in MLO roaming case, firmware might send ML probe response
and the scan entry corresponds to re-assoc link might be present
in the per STA profile of the ML probe response.
So, extract all per-STA profiles and add them to scan db.
Also, use this API to extract and add the link specific
ML probe responses for the ML probe response received
in roam sync indication if extraction via roam info fails due
to some reason(currently it may fail if fw roams to a link but
got ML probe rsp from other link as link_info is not
present roam info).
Change-Id: I6c67927732a54568dfe618bdecaca8f37515e203
CRs-Fixed: 3454834
Host received deauth and roam sync back-to-back after WoW, sent vdev
RSO_DISABLE before RSO_STATUS event, F/W assert.
1. Host received deauth event, limSmeState went out of link est state, sent
async event of cm_send_sb_disconnect_req.
2. Host received and handled roam_sync, CM_RSO: vdev0:
[ROAM_RSO_ENABLED(2)] --> [ROAM_SYNCH_IN_PROG(5)], roam sync failed since
not in link est state.
3. Host aborted roaming, ent back to CM-VDEV-0: CONNECTED, removed roaming
cmd from serialization queue.
4. Host sent RSO stop to F/W.
5. Host handled cm_send_sb_disconnect_req, dropped RSO stop during roam
sync, called cm_disconnect_continue_after_rso_stop without waiting for
RSO_STATUS event.
6. Host sent vdev RSO_DISABLE and vdev stop before received RSO_STATUS
event, F/W asserted.
To fix it, if host roam sync failed, need wait for HO_FAIL event and handle
it before handling other cmd, can't remove roaming cmd from assoc vdev
serialization queue to unblock other pending cmd before handling
HO_FAIL, just send assoc link RSO stop to F/W one time with
REASON_ROAM_SYNCH_FAILED, then wait for 2 events: FW_ROAM_EVT RSO status
and HO_FAIL. then handle HO_FAIL, at last remove roaming cmd, unblock other
cmd and trigger disconnect.
Change-Id: I03dd3ed21007ee67613c2d90b5567348c240f375
CRs-Fixed: 3445233
Extend WMI_ROAM_STATS_EVENTID event information for
requirement of:
1.Roam trigger related information, include timestamp,
trigger reason, trigger condition, abort reason,
scan type, roam status and fail reason.
2.Roam scan related information, include scan channel
number, dwell type, max dwell time of each channel
and total scan time.
3.all types of roam related frame information, include
timestamp and successful or failed status for Preauth,
Reassoc, EAPOL-M1/M2/M3/M4.
Cache roam information in wlan driver, when qca vendor
cmd of QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS get roam
information, driver send all the cached information to
user space.
change-Id: Ic5e1120b51c20c103100833b4296002c5939b021
CRs-Fixed: 3389269
For newer AKMs with key materials length greater than
16bytes, kek, kck lengths varies. Therefore, get the
lengths explicitly from firmware and use them for saving
kek and kek materials.
Change-Id: Ie7ae61744e101899f12addc1baf90aed542a367b
CRs-Fixed: 3371470
Componentized code should be adhering to the coding standard.
However struct roam_offload_synch_ind has a large number of
camelcase members.
To fix this replace camel case members with snake_case.
Change-Id: If866379d8f01cc0e932ea391d586575de4af9163
CRs-Fixed: 3383579
Currently, the definition of WMI_ROAM_GET_VENDOR_CONTROL_PARAM_ID
is present at the fw-api level. The host should not be using fw-api
definitions outside the WMI TLV code. To make sure it,
1. Add host-defined enum vendor_control_roam_param which defines
the param IDs that the host supports.
2. Add logic to convert host-defined enum vendor_control_roam_param
to fw-api defined enum WMI_ROAM_GET_VENDOR_CONTROL_PARAM_ID and
vice versa.
Change-Id: I035ece1bc0af8e583782460868193affb76db0f3
CRs-Fixed: 3363916
In case of 1x MLO roaming, 4 way handshake is offloaded to supplicant
and link vdev is down in FW. Host has to bring up link vdev post
set key installation.
Add handling in host for following:
- During roam sync indication handle only assoc link.
- Save reassoc response and link information.
- After keys are installed bring up link vdev by
queueing connect req on link vdev.
- Enable roaming after all links are up.
Change-Id: I9c0722f88e950ba05ec3dd7f44883bedf568f97d
CRs-Fixed: 3287316
Pass the akm explicitly in the external auth
request to the userspace since there are many
SAE AKM suites.
Change-Id: Ifef8657f7ef75b402aa670813eba6adc5ab9853a
CRs-Fixed: 3355395
For SAE-EXT-KEY AKM with group-21 pwe, the PMK
length is 64bytes. Therefore, increase the max
size of the PMK to 64bytes in host to facilitate
PMK storage and PMK offloads.
Change-Id: I777a31acd56073d6a0312c47d95fe7d155b06fc6
CRs-Fixed: 3353102
Roam sync may get aborted on link vdev due to multiple reasons.
Link scan entry being not available at host is one such case.
del_sta response of BSS gets dropped due to stale link-RSO state
and results in disconnect timeout.
Reset the RSO state machine of link vdev when roaming is aborted
to allow cleanup the vdev in next disconnect.
Change-Id: Ie584c5b7ccae989cf2ce64e85da26d1b3526f1e0
CRs-Fixed: 3352543
When firmware attempts roaming to an MLO AP, it tries to find
the complete ML info(all links info) either through ML probe
response or beacons from all the links. It forwards all link
beacons(or ML probe response) to host as part of roam sync
indication through roam sync frame event.
Add support to fetch both link beacons and add them to scan db.
If firmware sends ML probe response, generate link probe response
as well and add it to the scan db.
The link scan result can be used in link connect in case of
hybrid roaming like OWE, 1x,..
Change-Id: Ic8457a5630441d6fd3faeb4791c79422db787f94
CRs-Fixed: 3335225
Firmware may send two consecutive roam sync frame indications when
it supports MLO roaming. The first event carries link beacon and
second event carries assoc beacon. This is to let host driver have
both the link scan results if host has to take care of link
connect(e.g. OWE MLO roaming, EAP MLO roaming,.. ).
If host driver doesn't have support/doesn't need link beacon,
it would be overwritten by assoc beacon(e.g. wpa2 MLO roaming,
SAE MLO roaming, ..).
This results in a memleak as the previous cached beacon is
not freed(vdev->rso_cfg->roam_sync_frame_ind->bcn_probe_rsp).
Free the existing beacon if new one is received. Also, remove the
current free's from extract_roam_sync_frame_event_tlv() which
doesn't need any such freeing as the copy always happens to a
freshly allocated buffer.
Change-Id: If3b4d6e4b8e1e2af5306171ad7eda28e744da64e
CRs-Fixed: 3322094
Host driver expects maximum of WLAN_UMAC_MLO_MAX_VDEVS links
info in roam sync indication. But firmware may send more
number of links than expected and it may lead to buffer overflow.
Add a check to validate the number of links.
Change-Id: Id89d23470622ba3ca7e01a99cc7c12021ca3dafd
CRs-Fixed: 3314460
Add changes to enhance the debugs in the RSO path,
to identify the current pmk stored in the rso config.
Also, restrict the PMK dumps to a minimum size of 2.
Change-Id: I6e89afed45f5d43b45508ae43b59400a6e24e5ef
CRs-Fixed: 3312677
To protect user privacy, print SSID with QDF_SSID_FMT
and QDF_SSID_REF, then SSID will be hide in logs if
anonymization is enabled.
Change-Id: I3dd129b52c85c84e666f4f07b28a1e58f81259b7
CRs-Fixed: 3291841
More than one roam sync frame event can be sent from FW so
the beacon, reassoc req or rsp length can be zero.
Hence the current code validation check is incorrect resulting
in roam abort.
To fix this, change the validation to check if beacon,
reassoc req or rsp value is non zero and then check the size.
Change-Id: I6ddec91686c23d9b8dac4c891b37bb1ce9d0fb30
CRs-Fixed: 3306428
This change
1.fixes the use of uninitialized
variable in host driver.
2.Adds validation in extract_roam_sync_frame_event_tlv
Where these frame lengths are getting populated,
also at the place where subtraction happens to prevent
overflows
3.Adds NULL check in wma_handle_roam_reason_deauth, to avoid
the null pointer dereference.
Change-Id: I2d5ba61fb109f6d8b497df29cfa2dd572c00adeb
CRs-Fixed: 3297792
When roam from SAE legacy to SAE MLO, pre-auth TA is MLD address,
while peer AP expects link address, pre-auth fails.
Parse transmit address field from firmware roam_preauth_start_event and
include it when send NL80211_EXTERNAL_AUTH_START to wpa supplicant for
SAE roaming cases.
If transmit address is all zeros, wpa_supplicant will not do ML sae
auth, use MLD address as TA.
If transmit address is not zeros, wpa_supplicant will do ML sae auth,
use 'transmit address' as TA.
Since self peer is created with mld address, when roam from legacy to
MLO, try to get peer by mld address during pre-auth tx since bss peer
absent, or TX fails for no peer.
Change-Id: I99ed846e94165bfe01e1d1e8c620f035751c7056
CRs-Fixed: 3289987
Based on the new requirement, fw fills the tx packet counts per mcs
and rx packet count per mcs index in the peer extd stats event.
Add logic to parse tx packet count per mcs and rx packet count per mcs
from peer extd stats event.
Change-Id: I4cd8c1ed5dd6942022d9f930f8de0bcbcb679eb5
CRs-Fixed: 3289683
Send MLO Roam config to target, including:
support_link_num: Configure max number of link mlo connection supports.
support_link_band: Configure the band bitmap of mlo connection supports
Bit 0: 2.4 GHz band support if 1
Bit 1: 5 GHz band support if 1
Bit 2: 6 GHz band support if 1
Change-Id: Id59fc93cc271266ff794702d997ffc5113de5bc1
CRs-Fixed: 3273012
Fill param 'timeout' for WMI_WOW_COAP_ADD_KEEPALIVE_PATTERN_CMDID,
which represents the period to send CoAP keepalive message.
Change-Id: I86b87470277eee00de9e33a07e635dd1a5412f3d
CRs-Fixed: 3275955
Currently host starts the start_rso_stop_timer when it sends roam
stop related commands to firmware. And tries to stop the timer when
it receives roam event with reason ROAM_REASON_RSO_STATUS or
ROAM_REASON_HO_FAILED. Since firmware also sends roam event with
above reasons when host configs other roam parameters. This causes
host confused about whether to stop the timer or not.
To resolve this issue, add one more condition
roam_event->notif_params == WMI_ROAM_SCAN_MODE_NONE
Change-Id: Ia24d5bba1e35bc4102951adcafc76edda7769d35
CRs-Fixed: 3267506
Idle roam inactive time is expected in seconds but
the host driver is sending it in milliseconds, this causes
idle roam trigger not happening at the target.
Send the idle roam inactive time in seconds instead of
milliseconds.
Change-Id: If326a4bf464164183fdcd9baea9002483053adf7
CRs-Fixed: 3246541
WMI_ROAM_GET_VENDOR_CONTROL_PARAM_CMDID: Add support
for a new roam command to get vendor control parameters
from FW. Host needs to send proper param ID in command
(from enum WMI_ROAM_GET_VENDOR_CONTROL_PARAM_ID)
to get corresponding INI value from FW.
WMI_ROAM_GET_VENDOR_CONTROL_PARAM_EVENTID:
Add support for a new roam event to get param value
from FW. FW sends this event upon receiving
WMI_ROAM_GET_VENDOR_CONTROL_PARAM_CMDID command.
Change-Id: I03679bcf359a0f425aab7b9ea1c3cb6d84fbb0ca
CRs-Fixed: 3225160
Add new tags for reassociation request and reassociation
response. Parse the association id from roam stats event
and send it over the connectivity logging event
Add support to print AID and BT-COEX field.
Change-Id: I7926b5c69a84404b666acfd5e2db30426d085881
CRs-Fixed: 3221624
Add support to parse a new INI named
"bss_load_trigger_6g_rssi_threshold/RoamCU_6GRSSIRange"
and send its value to FW via WMI_ROAM_BSS_LOAD_CONFIG_CMDID.
Min, Max and default value of this INI:
Min: -120
Max: 0
Default: -70
Change-Id: I9aa99d887553de4022fc0a31dc0644601cd340d6
CRs-Fixed: 3225548
For FT-FILS AKM, 1st connection to an AP in a realm takes place
with Full EAP. 2nd connection to any AP in the realm does the
FT initial mobility domain association with authentication
algorithm as FILS. Subsequent connection/roam happens with
FT protocol.
fils_ft key is derived during 2nd connection. But driver
copies from fils_ft buffer after 1st connection is complete
to fill the PMK in the 11r TLV. This causes the pmk len = 0
is sent in the 11r TLV.
Fill the initial connection PMK in RSO command after 1st
connection. From 2nd connection onwards fill the fils_ft.
Change-Id: I52399fc7bd3526a11e29c54a3ca13d43bbaf6b80
CRs-Fixed: 3197226
Currently driver checks TX flag only for authentication
frames. This causes wrong tag for the frames.
Check TX flag for Deauth/Disassoc & authentication frames
also.
Change-Id: Id499bc1978ee72bac2435be165b31d0db49ce9d8
CRs-Fixed: 3203858
This change updates the auth_status and mac address of
roamed peer received in roam_sync_indication from FW to dp.
Change-Id: I27744017c87a956927108c5b3b0f9220d7e42965
CRs-Fixed: 3185110
Passing WMI_SCAN_FILTER_PROBE_REQ in scan control flags to fw,
for sync with host triggered scans
Change-Id: Ided83c10c48427db29c95a2dc8eac6df6ff467f7
CRs-Fixed: 3184905
SAE authentication logging events are sent from host
driver during connection as well as during roaming.
But the other roaming frame related stats are printed
as part of the WMI_ROAM_STATS_EVENTID handling.
Since this roam stats event is received after preauth
frame related logs are queued to userspace, the order
of the logs are not correct.
Cache the SAE preauth logs in mlme and print them
upon receiving ROAM stats event. Read the firmware
service capability to decide if new caching needs
to be used or legacy behavior needs to be followed
Change-Id: I76381b9deef222f1481325974e2b5d9730eb2b67
CRs-Fixed: 3154147
Currently min_dwell_time_6g ini support is there only for normal
scan.
Added support to configure min_dwell_time_6g in roam offload scan.
Change-Id: I7da5fff738dbaf2a28a909e58ab6c797724ccfaf
CRs-Fixed: 3156597
Currently wmi_roam_event_id event handler only register under feature
WLAN_FEATURE_ROAM_OFFLOAD, but it's needed for LFR2 roaming too. So
refine roam event processing for LFR2/LFR3.
Change-Id: Ic07fd8a543142fc1e151f484979ab99ff55ce802
CRs-Fixed: 3161973
Currently, STA doesn't support roam between WPA2 to WPA3
security or vice versa. To support this feature, host sends
list of allowed_authmode. So that Firmware will check and
roam on those authmode.
Fix, add support for allowed_authmode list in ap_profile.
Change-Id: I438a133a434ea12ec34680997ace358fd4910028
CRs-Fixed: 3113219
Add support for security score. On the basis of score,
host will select AP for initial connection and roaming.
Change-Id: I041a1b0c1456d7f01dd07e9b282996c56755655e
CRs-Fixed: 3113213
As part of the Roam candidate result logging, the
driver prints ROAM if reassociation is successful and
NO_ROAM if candidate is found and roaming is successful.
But the expectation is to print ROAM even if candidate
is found and roaming has failed.
Change the logic to print ROAM/NO_ROAM based on below condition:
1. Roam result successful -> ROAM
2. Roam result failure && candidate is found -> ROAM
3. ROam result failure && candidate is not found -> NO_ROAM
Fix the authentication/association missing frame print
in the roam logging, also cleanup the unused API's.
Change-Id: I43e0cea007890f4796b421b0a42cc71b8ca1a600
CRs-Fixed: 3146630
Currently for WTC BTM roam trigger, below order is followed:
[22:22:51.127105][BTM] RESP token=1 status=1 delay=0 [vdev_id=0
fw_time=00:53:58.350672]
[22:22:51.127129][BTM] WTC reason_code=6 [vdev_id=0
fw_time=00:53:58.350672]
But expected order is:
[22:22:51.127129][BTM] WTC reason_code=6 [vdev_id=0
fw_time=00:53:58.350672]
[22:22:51.127105][BTM] RESP token=1 status=1 delay=0 [vdev_id=0
fw_time=00:53:58.350672]
Fix this order issue and also ignore the BTM response TLV if
timestamp is 0.
Change-Id: I21fe268a3e3ea065482c1c2938d03b844cd387ea
CRs-Fixed: 3143297
Replace blacklist/whitelist with denylist/allowlist in
qcacld3.0. and replace blm with dlm.
Change-Id: I9ba61dde3b3ea008ca3777448d1f8dab83d33ec1
CRs-Fixed: 3091211
Add tlv array number check for vdev_mac mapping elements in roam
and roam sync event to fix potential out of bounds access of memory.
Change-Id: Iad3951bab65153a67d1b76aa745a831d0fd2cb45
CRs-Fixed: 3132366
Firmware doesn't expect any vdev commands from host while RSO stop
is happening. It sends a response to the RSO_STOP command once
it's done with cleanup. Host needs to run a timer after sending
RSO stop command to firmware and wait for a maximum of 6 seconds
for the response. Host can stop the timer and allow the commands
to firmware in the below cases,
1. RSO_STOP response with success status
2. RSO_STOP response with HO_FAIL status followed by
HO_FAIL event: Host needs to wait till HO_FAIL event is received
If firmware doesn't send any response in the 6 seconds wait, issue
a recovery to help to check the firmware state.
Also, set WMI_ROAM_SCAN_MODE_FLAG_REPORT_STATUS always when MLO is
supported while sending RSO_STOP to firmware. It's sent only
in case of wpa_supplicant disabled roaming currently.
Change-Id: I8182e60beb9288dba23cc72e978dc781c8ab1707
CRs-Fixed: 3106023
Add ini support to configure 6GHz active and passive
scan dwell time and send this to firmware
to be used for LFR scans via WMI_ROAM_SCAN_MODE.
Based on these values, firmware will use host sent values
else use hardcoded values.
Currently firmware uses hardcoded values to configure 6Ghz
roam scan dwell time. With this change user can configure
it using INI.
Change-Id: I90e79ad59eef7f73faa0b9dfd2d38b65aca12285
CRs-Fixed: 3116861
FW can send more than one wmi_roam_sync_frame_event_id before
roam sync event,change done in host code to handle this scenario.
Change-Id: I1ab02ed3e984948b8e57a2f9a2000b9f9493629c
CRs-Fixed: 3116569
If reassoc MAC from user space is broadcast MAC as:
"wpa_cli DRIVER FASTREASSOC ff:ff:ff:ff:ff:ff 0",
user space invoked roaming candidate selection will be based on firmware
score algorithm, current connection will be kept if current AP has highest
score. It is requirement from customer which can avoid ping-pong roaming.
Change-Id: I8de3e2a26a6f346c900157aa823205f849d233f7
CRs-Fixed: 3106276
Update HW mode change tlv information to wma/policy mgr.
Losing the information will cause FW/host out of sync.
Change-Id: I1ba9931d10617664da653e85335fade1352c3600
CRs-Fixed: 3109789
