When roam from legacy to mlo, vdev1 is updated first, ml peer is created,
but failed to attach since it is link vdev, then vdev0 is updated, ml peer
is created again, ref count is 1.
When disconnect, stop vdev1 first, in stop event handler, ml peer ref count
becomes 0, mlo_peer_cleanup is called unexpectedly.
mlo_peer_cleanup should be called after MLO vdev0 stopped.
To fix it, change wlan_mlo_peer_create, mlo_dev_mlpeer_attach is called if
the ml peer not attached and can't be found.
Change-Id: Iae3b2b498849646ae71154484b555a7fc9a36017
CRs-Fixed: 3277886
Per spec 11be_D2.1.1, the TSF Offset subfield of the STA Info field
indicates the offset (Toffset)between the TSF timer of the reported
AP (TA) and the TSF timer of the reporting AP (TB) and is encoded
as a 2s complement signed integer with units of 2 µs. Toffset is
calculated as Toffset= Floor((TA – TB)/2).
Change-Id: I7810568f6308e369dcf2ff26bdfd1246783466d4
CRs-Fixed: 3276836
When teardown completeion event is received from FW, teardown
completion handler resets pdev link to NULL, when the expectation
is only to put pdev state in teardown, such that when soc goes
down the list gets cleared.
Change-Id: Ief490eabe0546207f0ef649cb6d5cde1faf582d8
CRs-Fixed: 3280671
Add API to extract MLD AP MSD capabilities from MLO IE
common info field if present. This will be shared with FW
via peer assoc cmd.
Change-Id: I0ebcd5408a40f3314932d4a2a7e586c208af2ee5
CRs-Fixed: 3271118
As 11be 2.1 spec 35.3.3.3 Fields and elements not carried in a per-STA
profile, an AP affiliated with an AP MLD shall not include a Timestamp
field, a Beacon Interval field. Change ML probe rsp per-STA profile decode
logic accordingly. Copy Timestamp from the starting of the probe response
frame.
Change-Id: I0fe5682c170dc3dcd6e5a93c68473cd4cb6999b8
CRs-Fixed: 3280227
This change adds protection, if partner link peer creation failure
leads to MLO peer free. It also returns failure.
Change-Id: I4f2097c3a2942cecf01f77c7e4899595bbce0dff
CRs-Fixed: 3277770
For T2LM capable MLO STAs the AID is allocated from the second pool.
There is an inconsistency in allocating these AID pools.
Please check the example below.
Let's say the max_aid in ML AID manager is 12 and the start_aid is 3.
As per the current implementation,
aid_end1 = (ml_aid_mgr->max_aid - start_aid)/AID_NUM_BUCKET
= ( 12 - 3)/3 = 3
Only 3 AIDs are available in pool_1. But, all these 3 AID are reserved due
to start_aid = 3. Hence, we will not be able to allocate any AID from
pool_1.
With the fix,
pool_1_max_aid = (ml_aid_mgr->max_aid - start_aid)/AID_NUM_BUCKET
= 3
aid_end1 = pool_1_max_aid + start_aid
= 6
So for pool 1, AID 4,5 and 6 are available now.
Change-Id: Ia96966b542e68511acbf46de32448f0d95d31c69
CRs-Fixed: 3276564
Currently, for all link peers of ML peer, is_primary set as
true, since all link peers are attached to same PSOC.
But, FW and DP needs only one peer to be set primary.
So far, FW and DP are considering last peer created or last peer
assoc received as primary peer.
This method causing issue since the order is not guaranteed
between FW and DP layer.
So, added a change to set is_primary to one of the link peers
only
Change-Id: I1c1aa87056baf86091fefc780180b5fc6a16af0d
CRs-Fixed: 3274360
During dynamic mac address change process, some link vdev mld
address will be changed successfully and some link vdev mld
address will be failed to be changed from target in failure case.
In vdev deleting, if no result to find mlo dev ctx by mld mac
address, try to use vdev->mlo_dev_ctx to detach vdev from mlo
dev ctx. This will avoid memory leak in above failure case of
dynamic mac address change.
Change-Id: I11304c92f9258e2390cfe2d03f29ada0db80e6af
CRs-Fixed: 3271092
For fixed field of per-sta profile for mlo, only assoc rsp is parsed,
need include reassoc rsp.
Change-Id: I8be3ab2d2f7719bda0190b59c6d24c07d12f21e8
CRs-Fixed: 3273819
Avoid code duplication by using common definitions
i.e use enum wlan_ml_linfo_subelementid.
Change-Id: Ia09c1a42207461878d023e8f4534f2d26fb2f81b
CRs-Fixed: 3227859
In current code, deauth is skipped for PMF clients
but ML peer state is updated for PMF clients also
This fix skips ML Peer state update for PMF clients
Change-Id: I41c870a5ff4bb658f378b65c729947fad324e807
CRs-Fixed: 3261671
Add null check on connect req params before
invoking cloning of rsn/rsnx ies for mlo stations
Change-Id: I651683ad7eb6a5c0404feee321402ac1f39edcfc
CRs-Fixed: 3234326
Add check to validate vendor IE length in util validate
reporting STA IE API to avoid OOB read.
Change-Id: I1cdd8eced7b5ffcecde6f0337eb45fc90077932f
CRs-Fixed: 3236561
Currently, in few instances the MLO peer APIs are called
with invalid ML peer pointer.
This change prevents NULL pointer access and clears MLO
flag for peer.
Change-Id: I8bcdae1d71655f7ed267cc5bc3f6d0fc51e930df
CRs-Fixed: 3245158
Extract EML and MLD Capabilities from Target via
wmi_service_ready_ext2_event. These values can be
used while advertising EML and MLD Capabilities.
Add helper function to get EML related delays in
Micro Secs from values got from EML and MLD advertisments.
Send EML Capabilities received from node to Target
via WMI_PEER_ASSOC.
CRs-Fixed: 3225495
Change-Id: Ibfa2ff8dbf11d4293125331376a7986e611d5f63
In current code, assoc peer is designated as primry umac,
on primary umac allocation, primary umac bit gets reset.
But in force umac case, primary umac bit not getting reset.
This change resets primary umac bit of assoc peer, if
assoc peer is not designated primary UMAC.
Change-Id: I640433548b9efeb20ba2b23f8d1141cc5505087b
CRs-Fixed: 3243326
Currently, in wlan_defrag_elemsubelem_fragseq() API,
there is possible buffer over-read in fragbuff buffer.
Buffer may have a malicious length larger than their
payload size, which leads to a buffer over-read during
defragmentation.
Fix is to validate the fragment length against the buffer
boundary in util_get_successorfrag().
Change-Id: Ia9e688a0ab17954eb464ec586820bb95b51f12d1
CRs-Fixed: 3236560
Add following fixes for STA to support and operate in
eMLSR mode
1) Update and send eMLSR cap flag to FW even in vdev start
request on both links.
2) Copy EML caps to wmi peer assoc mlo params to send it
to FW.
Change-Id: Ic17b9b82809659d7a4392c09eceecae7c53b2049
CRs-Fixed: 3237737
Add mld config checks in osif_vap_create_check and fail
once the config is invalid.
Change-Id: I26c3b4719fa9b18be0a4590861c654504fb3e6bf
CRs-Fixed: 3200923
In case of MLO, if connect is in progress and assoc vdev is moved to
connected state, if the disconnect is received before mlo mgr is
notified for connect, then it can lead to race between connect and
disconnect processing.
Add fix to avoid race between connect comlplete and disconnect by
checking connected link bitmap which is set in mlo connect notifier
Change-Id: I5783827c00106bf6bda2949e4154088fd172de15
CRs-Fixed: 3241708
The api wlan_mlo_peer_list_peek_head is invoked with lock acquired.
wlan_mlo_peer_create api does not invoke ml_peerlist_lock_acquire
and ml_peerlist_lock_release when invoking api mlo_get_mlpeer, this
causes race condition issue.
To resolve this issue, using api wlan_mlo_get_mlpeer instead of
api mlo_get_mlpeer.
Change-Id: Ifb41b7d83bf17938d210ce5a2d7f370d6355197c
CRs-Fixed: 3228243
A malicious input can cause a buffer over-read in util_find_extn_eid.
When len==2 and frame[TAG_LEN_POS]==0, the while loop will be entered
and an over-read will happen for frame[ELEM_ID_EXTN_POS].
Since both MIN_IE_LEN and ELEM_ID_EXTN_POS are equal to 2, ensure
(len > MIN_IE_LEN) before accessing the index.
Change-Id: Ia0aa8a2b59e8bf9ac06f5454e40687c5c34c5d88
CRs-Fixed: 3236559
Current max aid assignment doesn't consider start aid
which is causing start aid greater than max aid in
MBSSID MLO case.
This change accounts start aid while updating max aid
Change-Id: Ic6af28cd2599090538393082032932ba416b4c66
CRs-Fixed: 3220059
These utility functions help to parse the Probe Request Variant of
Multi-Link IE.
It implements 11BE draft 2.0 spec
Change-Id: I09dcf47ef481278f5c74082002f83d9c8e2155a4
CRs-Fixed: 3213367
Update definition for MLD capabilities subfield present in
the Common Info field of Basic Multi-Link element as per
IEEE802.11be D1.5.
Store parsed MLD capability in node to send these to Target.
Add endianness handling for MLD Capability.
Add a check if the value in the common info length tallies
with the length as determined from the presence bitmap for
MLD capabilities.
CRs-Fixed: 3206837
Change-Id: I3d03afbd60171b2cf5e81c9a8dbb51d7673c9163
As part of a transition of basic MLO functionality to IEEE802.11be
D1.5, add definitions and receive processing for the signaling of the
presence of BSS Parameters Change Count subfield in STA Info field in
Per-STA Profile subelement in Basic Multi-Link element Link Info
field. This presence is signaled by a new bit in the STA Control
field of the corresponding Per-STA Profile subelement. Rename the
definition for BSS Parameters Change Count (sub)field size to make it
generic since it may occur in various protocol signaling areas
related to MLO.
Change-Id: Ieb17f65547b7106442369b51cd6bc303046a224a
CRs-Fixed: 3197012
This change rejects association if MLD MAC address of Station
is same as AP MLD MAC address.
Change-Id: Ie8cafcf8bf0033dc63efbcd0047ddcabf996942b
CRs-Fixed: 3212459
Aid pool is divided into three pools. pool0 and pool2 is for legacy and
MLO clients. pool1 is for T2LM enabled clients. This is done to ensure
that T2LM enabled clients are starting from particular index so that
multi-link traffic element can be updated optimally.
Change-Id: I2d5fe50a6ba339e89f4b65febc7b1b1bbb200477
CRs-Fixed: 3205993
select assoc peer as primary umac,
1) if all links are from single PSOC
2) single link MLO connection
Change-Id: Ia38e6809ef7d0201a2267051b8b4bcec7b36547f
CRs-Fixed: 3203804
1) Do not free Tx VAP's AID manager, if AID manager of
non-Tx vap and Tx vap doesn't match
2) Do not allocate AID manager for MLD vaps, if AID
manager is already allocated
Change-Id: I08b19397540f364503eaa1c269c6d0679a9a9fc0
CRs-Fixed: 3212368
Parse EML capability sub field present in Common Info field of Basic
Multi-Link element from Association request send by non-AP MLD.
Add new API to get EML capabilities from the ML IE.
Update definitions for EML as per IEEE802.11be D1.5.
Store parsed EML capability in node to send these to Target.
CRs-Fixed: 3203322
Change-Id: Ib208ba2d8e86df7360656c1c844e4835a93cedc4
In order to provide the info about common info len and BSS
param change count, add API util_get_mlie_common_info_len()
and util_get_bvmlie_bssparamchangecnt().
Change-Id: I0f5fea2265cbb8f1df265542af7009d624a0129b
CRs-Fixed: 3202491
Currently even when the partner link assoc failure driver is maintining
the assoc link this is resulting in several side effects w.r.t
memory corruptions etc.
Disconnect the ml connection incase of link assoc failure.
Change-Id: I4bbdcf4099f3042f5065067ca5d817f986ffb30a
CRs-Fixed: 3204310
In mlo_ap_vdev_attach() we call cdp_update_mlo_ptnr_list(), and logic
exists which was supposed to test the return value for success.
However due to a misplaced parenthesis, the test for success is actually
applied to the last parameter, and that test result is sent as a
true/false value to cdp_update_mlo_ptnr_list().
To fix this issue relocate the parenthesis so that the last parameter
is correctly passed and the test for success is applied to the
return value.
Change-Id: I055150dae726a69f0e70f02f7fbe26550f48e558
CRs-Fixed: 3181220
This change adds MBSSID support for MLO AID manager.
It handles AID allocation and AID free for MLO and Non-MLO peers
associated to MLO/Non-MLO VDEVs
Change-Id: I616cca6afeb9178a3b7f183c6bd986fe9b30a4fa
CRs-Fixed: 3200173
Check mld ctx info first and then print the debug info
for teardown request with num socs and num links.
Change-Id: Ib37ce76955e2b83aaa5ecec08010f05e293c2a19
CRs-Fixed: 3200920
Add fix to release ml dev lock in case of failure.
Also add null check for assoc vdev
Change-Id: I5f81217b32d676b556030b504476bf4e3c92b718
CRs-Fixed: 3199710
