If CSR roam synch callback fails then the status is not updated
with error status code and this causes the caller to consider
roam synch indication is successful and RSO stop is not sent
to firmware leading to roam synch completion timeout at firmware
Send correct status to the caller of the api:
cm_roam_sync_event_handler_cb() if CSR roam synch processing
fails
CRs-Fixed: 3800617
Change-Id: I29214c04976498fd81cb5266738e341928af3af7
When roaming happens with full SAE for FT-SAE AKMs host doesn't
update the PMK received from firmware into its global cache.
This causes stale PMK to be sent to firmware when full SAE
happens when roaming to below AKM's:
WLAN_CRYPTO_KEY_MGMT_FT_SAE
WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY
So update the PMK sent from firmware for above AKM's when
auth status is connected (full SAE happens at host).
CRs-Fixed: 3807689
Change-Id: I25d1a253de37481952c41f54697521285a0ccf92
If host founds below all conditions are true:
1. Connected AP sends CCX IE in beacon/probe response
2. single PMK feature enabled via ini
"sae_single_pmk_feature_enabled"
3. And current connection is SAE with AKM type
WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY or
WLAN_CRYPTO_KEY_MGMT_SAE
Then host should mark connected AP supports
"single PMK feature" and update same to FW via RSO
command.
Change-Id: I831cfefb60271b03e5c5cbdfde0bd5277ee116e0
CRs-Fixed: 3795133
Currently bool values are not initialized and results
in unexpected values for bool variables,
Hence this change is to initialize structure to
NULL before use.
Change-Id: I07ec3880d35441d3dc84eaa44640ad07eba0b3c9
CRs-Fixed: 3800965
In the case of of 5 GHz + non-tx 6 GHz MLO connection, the scan entry
generated from the ML-probe might not carry MBSSID information of the
non-tx partner. The RNR of the assoc link will also not be inherited.
Therefore, the mbssid info is not generated for this non-tx 6 GHz scan
entry. In such cases, if there is a vdev restart, host driver sends zero
mac address in trans bssid, leading to issues with connection.
To fix this:
1. Look up the RNR db for the 6 GHz link, and determine if the bss param
corresponding to the bssid is non-tx MBSSID.
2. If it is a non-tx MBSSID and there is no mbssid info in the scan cache,
then configure the tx-bssid as broadcast mac.
3. This allows the firmware to auto-detect the tx bssid from the upcoming
beacons.
4. Also, save the neighbor entries from the beacon/probes received from
the firmware during roam sync and other events to facilitate the look-up.
5. If there is no existing entry for the roamed non-tx link, then caching
the neighbor info from the assoc partner link would store the valid entry
into the rnr db.
Change-Id: Ie5ef03fc8504cd63f6db98d2ce4af7eb5c2d7e00
CRs-Fixed: 3789675
After roaming to 11BE 320 MHz EHT AP, the channel width is wrongly
updated as 40 MHz in newly created pe_session. This causes wrong
channel info to be sent to kernel in the get sta channel request
and could result in disconnection. In lim_fill_ft_session(),
the chan_width is updated from VHT OP or Vendor VHT OP IE only
currently. But in 6 GHz EHT 320 mode, the VHT OP IE will not be
present and default 40 MHz is assigned.
So extract the channel info from EHT OP IE and use that to fill
the ft pe session created after roaming
Change-Id: I81b52391e69dfe87b103ca1ee90dd9658f02273a
CRs-Fixed: 3746276
Change the default connection dot11mode behavior of APs with
following security configuration which can support MLO:
1) WPA2 with PMF
2) WPA3-SAE with HnP (or H2E cap equals false)
Currently User has to force allow connection in MLO via INI or
else driver downgrades such candidates to 11ax.
Change-Id: I4ff232fc920e19e4f158eba3038abd57b045e705
CRs-Fixed: 3779433
Add support override the NSS capability with HW NSS capability
during TDLS setup.
Change-Id: I916193969d5aafe042ee1bea2adc29668c9109ee
CRs-Fixed: 3792456
Currently, ROAM_SYNC is aborted on the corresponding vdev when
the vdev is not in CONNECTED state. This abort operation sends
an RSO_STOP to fw but the status is not notified to the caller.
This results in a race condition in the below scenario,
1. Firmware roamed to a 2-link ML AP and sent Roam sync ind
to host
2. Host posted ROAM_SYNC on vdev-0 in scheduler thread context
as the vdev-0 state is CONNECTED
3. Got a DISCONNECT request from userspace in user thread and
the states moved to DISCONNECTING.
4. Host tried to post ROAM_SYNC to vdev-1 but aborted as the
state is not CONNECTED and tries to send RSO_STOP to fw.
This RSO_STOP won’t be sent as it’s a link vdev and the
RSO_STOP should go from assoc vdev later.
But this status is not indicated to the caller which
proceeds with vdev-0 ROAM_SYNC.
5. As vdev-0 ROAM_SYNC doesn't check for the connection state
once processing is started, ROAM_SYNC would be completed
on vdev-0.
6. This causes out of sync and vdev-1 doesn't get cleaned-up.
7. As part of the disconnect, host tries to cleanup the old
peer on vdev-1. But firmware ignores this as that peer is
already cleaned up in fw.
This results in peer map-unmap issue later as the new Roamed
peer on vdev-1 will never get cleaned-up in host but the same
got cleaned up in fw. FW is free to use that peer_id to
another peer mac later and when it does, host DP complains.
So, indicate ROAM_SYNC abort status to the caller to abort
the complete Roaming.
Change-Id: Ic65149ddf28f01ca5d7a0f6d3137a38e64e6c6ae
CRs-Fixed: 3786671
When SAP CSA is started, host driver starts sending CSA IE
with beacon count. Host driver sends VDEV_RESTART to firmware
only when the beacon count reaches to 0(e.g. from 10 to 0).
But if CSA has to be aborted due to some reason(e.g. concurrent
SAP got disconnected), host driver stops the CSA by posting
EV_CHAN_SWITCH_DISABLED where it stops sending the CSA IE and
restores the VDEV state to UP-UP-ACTIVE. It updates the
templates and doesn't send VDEV_RESTART to firmware.
Currently, host driver sends VDEV_UP to firmware as part of
SAP state machine restoration. But firmware might not expect
this VDEV_UP as vdev is in UP state. Host has to avoid
sending VDEV_UP to firmware when the VDEV state is UP-ACTIVE.
Also, SAP CSA abort might result in other race conditions.
So, let the CSA continue if it's already started and SAP channel
gets evaluated once SAP is UP anyway.
Change-Id: Ic8ff8b0c58dd656b4e7ae2a2f9c46c3584a33165
CRs-Fixed: 3734991
Host driver doesn't disable RSO before restarting the vdev
for fw-initiated as well host-initiated CSA or BW change for
link vdev. Therefore, if the FW is in middle of roam(for host
initiated CSA) cases, this restart leads to race condition in FW.
Add a new reason code for VDEV restarts triggered due to CSA,
enable/disable the RSO SM based on this new reason code for
assoc as well as partner links.
Change-Id: I48925d76df62bb1c60f212048b95c434af18042f
CRs-Fixed: 3770973
In the api hdd_set_nss_params() and hdd_set_antenna_mode()
change in nss parameter or antenna mode cause the TDLS
teardown.
Add a check in api hdd_set_nss_params() and
hdd_set_antenna_mode() to prevent change in parameter
if there is a existing TDLS connection.
Change-Id: I8a58b8b0a617a8de490907e4c3181b15d90e0dbb
CRs-Fixed: 3789892
Firmware timestamp values are not printed for BTM_QUERY &
BTM_REQ events and wrong value for BTM_RSP. This is because
the timestamp values is read from wrong structures.
Read the firmware timestamp values from correct wmi structure
to fill the connectivity diag event
Change-Id: I568e87ee3e4bb66d3f73d353df794ced92b418c1
CRs-Fixed: 3788350
Pointer 'dp_ctx' returned from call to function 'dp_psoc_get_priv'
may be NULL in below APIs:
1. dp_reset_tcp_delack
2. dp_bus_bandwidth_init
3. dp_bus_bandwidth_deinit
4. dp_bus_bw_compute_timer_try_start
5. dp_bus_bw_compute_timer_try_stop
6. ucfg_dp_set_cmn_dp_handle
7. __dp_bus_bw_compute_timer_start
Fix is to add NULL check for dp_ctx before use.
Change-Id: I5f9ea6ae8ce3bb13631ad9a2dfe25d9c3686a33b
CRs-Fixed: 3767091
Certain countries have dot11mode restrictions such as no
11be mode support, in which case the regdb updates the
phymode and sends to Host.
Add support to use this value to limit and update the
internal dot11mode to allow connection in corresponding
phymode.
Change-Id: If7dd8c261fbe61e96c7749dd1457713502409fa6
CRs-Fixed: 3747811
In cm_is_peer_preset_on_other_sta, wma_context is
fetched from gp_cds_context and used without any
validation checks. This may lead in NULL pointer
dereference.
To address this issue add null check before
accessing.
Change-Id: I78656303855efb2369afcf47d1aabe3b916498c4
CRs-Fixed: 3712317
Currently, the driver doesn't consider the force 20 MHz in
2.4 GHz configuration while calculating the channel width
for the session during roam. Therefore, fw and host will be
out-of-sync wrt the channel width of the connection.
Consider the force override 20 MHz in 2.4 GHz config which is
based on the ht40 cap of connect request for the channel width
computation.
Change-Id: Id616dd1ceefd5b2c2130be1b88067a92121e0fa1
CRs-Fixed: 3768406
As a part of vdev destroy is_dp_link_valid can return failure,
since the interface maybe down. This will lead to memory leak
since the dp_link memory won't be freed.
Fix this by replacing is_dp_link_valid with dp_link null check.
Change-Id: Ief03c1e42d62b4b89f1414f0c5642e592ee39fa2
CRs-Fixed: 3750214
Add magic number field in wlan_dp_link which is to
be used to identify the validity of dp_link.
Add logs in the dp_link free handler/callback.
Change-Id: I76e3149e1d72a9f5e69478734b6dbab5b4d8d922
CRs-Fixed: 3744331
Kernel configures mc address list once association/NDP connection
happens. Host driver flushes the existing list whenever a new list
is received from kernel. Also, it's expected to cleanup the final
list as part of disconnection/NDI cleanup.
Currently, host expects the vdev/NDI state to be ASSOCIATED
in-order to flush the final configured list. But the STA vdev/NDI
state is already moved to DISCONNECTED by the time host tries to
flush the list from firmware. So, host doesn't send flush command
to firmware and it just flushes internal list from driver adapter.
This results in leaving the final configured entries uncleaned
in firmware and the mc list exhausts in few such iterations as the
firmware supports limited size(32).
Don't check for vdev/NDI state and always issue flush command to
firmware as part of disconnect to avoid this.
Change-Id: I8e070f40976a147959783b3c44f1e9aa24563d4b
CRs-Fixed: 3776542
When ML STA links are on MCC, TDLS action frames try to
set the link mode to force active. To avoid this
reject the TDLS mgmt request when ML STA links are on MCC.
Also enhance few debug prints for TDLS.
CRs-Fixed: 3717831
Change-Id: I69a942d80f5fac0ff25cfb47229e5dde6a693f97
When roaming happens from 3 Link AP to Legacy or 1 link AP after
a link switch, and the assoc vdev when connected to 3 Link AP is
disconnected during roaming, it causes the DP default link mapping
not to be updated. This resutls in data stall and ultimately
NUD failure is triggered resulting in disconnection.
After roaming to Multilink AP, then update the DP with
the new deflink as the assoc vdev.
CRs-Fixed: 3681911
Change-Id: I114a9858c3cbe58ef59743ad251a2b3af2543d3d
In the api wlan_connectivity_mgmt_event(), the VSIE is
extracted after logging the Deauth/Disassoc frames
due to which VSIE is not logged as part of
Deauth/Disassoc frame logging.
Modify the api wlan_connectivity_mgmt_event() to extract
VSIE before logging the Deauth/Disassoc frames
Change-Id: Ia5ac504f6e17d0464a6ce0d442ae7eec658b2445
CRs-Fixed: 3761695
The vdev id in bs_req cannot exceed the WLAN_UMAC_PSOC_MAX_VDEVS
count.
Add the sanity check before accessing the ref_count array.
Change-Id: I31743b4be75944bb8947eac7537172d56614637d
CRs-Fixed: 3759720
Some targets may prefer to keep SAP on same channel even when the
channel is marked as unsafe due to coex operations.
Check the corresponding device capability and avoid chan switch
when the SAP is fixed channel(non-ACS) SAP.
Change-Id: I8d003359a587c5308899e0956b0414074bd748b0
CRs-Fixed: 3776847
Host has to issue RSO_STOP to firmware before performing any
vdev operations(start/stop/down/up,..). Otherwise firmware may
face memory corruptions if it tries to access the same
vdev while host is modifying it.
Currently, RSO_STOP is sent to firmware only if all vdevs are
UP. But in OWE/EAPOL offloaded roaming cases, assoc vdev
would be UP and partner vdev would be down till EAPOL is
done and keys are received from userspace. Connect is started
on partner vdev once the keys are received. Host driver is going
to do a vdev start as part of this connect. So, RSO_STOP is
supposed to be sent to firmware before performing any connect
operations on partner vdev.
So, send RSO_STOP to firmware right after sending
ROAM_SYNC_COMPLETE even if the link vdev is no UP.
Change-Id: Idaa15c7b0cedff5fd6f276626047f349c500a5b8
CRs-Fixed: 3769038
Pointer 'dp_ctx' returned from call to function 'dp_psoc_get_priv'
may be NULL in below APIs:
ucfg_dp_set_hif_handle
ucfg_dp_update_config
ucfg_dp_get_rx_softirq_yield_duration
ucfg_dp_register_rx_mic_error_ind_handler
ucfg_dp_is_roam_after_nud_enabled
Fix is to add NULL check for dp_ctx before use.
Change-Id: I040f1a6ed92ad572e625663eee9ea1dd0c5e8530
CRs-Fixed: 3770367
If the scan entries for a non-tx profile MBSSID partner links
are not present at the time of candidate selection, then
host driver generates the scan entry for the missing partner
link from the assoc response.
The assoc response from the AP has PMKID in the RSN(some APs
do not include RSN IE in assoc resp).In this case, the RSN
along with PMKID gets inherited into the scan cache of the
missing partner and this leads to mismatch between M3 and
scan entry RSN causing disconnection.
To fix this, mark all the MBSSID partners without scan entries
as invalid links at the time of candidate shortlisting. Score
and connect to only non-tx candidates with valid scan entries.
Remove the probe response generation from assoc response logic.
Change-Id: I3b90ca1f1d81f2de7cc629576714c72975b11ae9
CRs-Fixed: 3738606
For MLO vdev currently the discovery attempts threshold is
multiplied by 2 to increase the discovery window thereby
increasing the discovery probability in noisy environmental
conditions. But 5 discovery attempts on each link is
sufficient threshold. Increased discovery attempts causes TP
issues with peer connected to different AP for MLO vdev since
frequent link active/inactive change happens.
So remove the discovery attempt multiplier for MLO TDLS vdev.
Enhance few debug logs.
CRs-Fixed: 3702198
Change-Id: If5513987447296140788c1ee021329dc721df65f
Any MLD peer setup call to cdp shall happen only after
clearing the existing MLD peer otherwise the MLD peer's
VDEV reference is lost on recreation. This leads to
VDEV reference leak.
Add history to track the peer setup and destroy sequence,
to understand the CP peer create/destroy sequence when
any such leak happens.
Change-Id: If338bc26e086490a3cc2bb4de32efa6a762ee0e6
CRs-Fixed: 3736548
Add new APIs to save number of links to which FW roamed
and add new API to retrieve this saved info.
Change-Id: Idfd8727855bd5da97a3808c78e89a505ef06c249
CRs-Fixed: 3755754
As per FW, value of gEnable2x2 and gEnableHtSMPS are
independent.
Remove dependency of INI "gEnable2x2: used to enables/
disables VHT Tx/Rx MCS values for 2x2" and INI
"gEnableHtSMPS : used to enable SM Power Save".
Initialize ht_cap_info.mimo_power_save bit as per INI
"gHtSMPS: used to set default SM Power Save Antenna mode"
Update SMPS HT cap as per FW capability
WMI_HT_CAP_DYNAMIC_SMPS and ini gHtSMPS.
Change-Id: I79ad8f060adb550c738c58259fa65f073ad9b42d
CRs-Fixed: 3771123
Currently, firmware-reported unsafe channels are ignored
and userspace configured channels are honored when
coex_unsafe_chan_nb_user_prefer ini is set. This is supported for
SAP mode only.
But some platforms may want driver to ignore the firmware-
reported coex channels for P2P-GO also.
Enhance the ini to allow user to configure mode specific
bit as mentioned below,
BIT 0: Don't honor fw coex/unsafe channel info for SAP mode
BIT 1: Don't honor fw coex/unsafe channel info for P2P-GO mode
Change-Id: I91a2c6b2da9aba411d081f6ae3b23d374fe53159
CRs-Fixed: 3766393
Currently, Host driver is rejecting force scc on non DBS
solution when QDF_MCC_TO_SCC_WITH_PREFERRED_BAND is set.
This change is to allow STA + SAP concurrency on non DBS solution.
CRs-Fixed: 3716279
Change-Id: Ief73a57d23f627764eca00254acf4cf7e9acd963
Host update “UL MU-MIMO” bit as HE cap in assoc request
based on below 2 things:
1. "enable_ul_mimo" INI
2. FW capability WMI_HECAP_PHY_ULMUMIMOOFDMA_GET
Fix is to overwrite he_cap->ul_mu feature in assoc request
configured via above FW capability with value of ini
"enable_ul_mimo".
Change-Id: I6ede13ec107a194f11a094ccd954155e859c02ec
CRs-Fixed: 3750038
Currently TDLS module acquires WIFI_POWER_EVENT_WAKELOCK_TDLS
wakelock and prevents run time suspend when TDLS is enabled for
a peer. While releasing the wakelock and allowing suspend, it
checks for the connected peer count in tdls_update_pmo_status().
But the peer count is not decremented here yet.
Below is the current call sequence:
tdls_disable_offchan_and_teardown_links()
-> 1. Call tdls_reset_peer() -> this calls
tdls_set_peer_link_status() ->
tdls_update_pmo_status()
-> 2. tdls_decrement_peer_count() - Sets the
connected peer count to 0
Update the sequence as below:
call tdls_decrement_peer_count() first and then call
tdls_reset_peer().
CRs-Fixed: 3735021
Change-Id: Idf91a0c96c9660df466143f8ac115f694b3070d2
HW is non-DBS. SAP is UP in 6 GHz. Now, when a STA connection is
attempted, the pcl for the second connection would have SAP SCC
channel with highest priority, all the 5 GHz channels with 2nd
highest priority and the 6 GHz channels with least priority.
Therefore, even if there is a strong 6 GHz candidate for STA, the
5 GHz candidate would be chosen and the SAP moves to SCC in 5 GHz.
To fix this, ignore the pcl scoring for the non-DBS concurrency
cases as the SAP can move to the channel of the best STA interface.
If the SAP is in legacy band, and if still a 6 GHz STA is chosen,
then the legacy SAP would be torn down. So, give STA the best
possible in non-DBS case.
Change-Id: If268b61c61e77db96b499437cdbc95188240fba8
CRs-Fixed: 3749399
Currently STA+Mon mode is not supported in LPC case
as both mode uses monitor interface to capture
packets. So to distinguish between two different
monitor modes export new API to store monitor interface flags
Change-Id: I463353a1a01f53d48e004f60c52c24f1d8084154
CRs-Fixed: 3739289
As per new requirement, If DUT associates with an AP does
not support BTM then when host receives BTM req frame
from FW. Instead of forwarding the BTM req frame to
supplicant, host should drop it.
Change-Id: Ie6b6c27c01b072fac19dc039327cb9a86370b535
CRs-Fixed: 3746758
