There are multiple issues with the Link Layer Stats Unified API:
- struct ll_stats_clear_params and struct ll_stats_get_params both
incorrectly use the identifier "sta_id" to refer to a vdev_id.
- struct ll_stats_set_params has an unused "sta_id" field.
- Functions wmi_unified_process_ll_stats_clear_cmd() and
wmi_unified_process_ll_stats_get_cmd() pass the MAC address as a
separate parameter rather than adhering to the commonly used
unified signature: func(handle, param).
- Not all of the functions and data structures are correctly protected
by the WLAN_FEATURE_LINK_LAYER_STATS feature flag.
Refine the Link Layer Stats Unified API to address these issues.
This is co-dependent with Ifd7c8de2358121dae4752525ff57021a32be85d3
("qcacld-3.0: Use the refined Link Layer Stats Unified API").
Change-Id: Ifdc1fada55a559f3b3d0837ec20cceb653c45c40
CRs-Fixed: 2409293
In struct roam_scan_filter_params the legacy identifier session_id is
currently used to identify the vdev of interest. To align with the
converged nomenclature rename this to vdev_id.
This is co-dependent with Ibeab45d4badbeda6baec6a53ab4ec561dd70ccd9
("qcacld-3.0: Use vdev_id in roam_scan_filter_params").
Change-Id: I16679abc7b3b61e6814fc1b0f13c6bc0e0fb7a39
CRs-Fixed: 2407402
In the function send_scan_start_cmd_tlv(), extraie_len_with_pad
is computed as roundup(params->extraie.len, sizeof(uint32_t)).
But extraie_len_with_pad is of type uint8_t. This causes
integeroverflow of extraie_len_with_pad. The length of the
wmi command buffer for scan command (len) is incremented by
this extraie_len_with_pad to allocate memory for the additional
IEs that are passed from upper layer to the firmware. But when
params->extraie.len is greater than 255, extraie_len_with_pad
overflows and obtains lower value. This causes lower wmi buffer
length allocation but the copy is done for entire
params->extraie.len resulting in overwriting of the skb that is
passed to firmware. This causes host assert when this skb is
freed.
Change the data type of extraie_len_with_pad to uint16_t from
uint8_t as the additional IE sent from upper layer can have a
maximum length of 2048. Also change the data type of len from
int to size_t to avoid overflow of len.
Change-Id: I11fae83a85a3f787b37e47df97ffc4b183cba913
CRs-Fixed: 2405641
EOK is a legacy definition and frequently misused. Remove references to
it from qcacmn.
Change-Id: Ic3179ad95beb75edb97e1dda7ac879a65a86a2e4
CRs-Fixed: 2404900
The unified WMI struct used to support the STA keepalive feature has a
few flaws:
- It is poorly named. Struct sta_params is a very generic name for a
struct that has a very specific purpose.
- It is poorly designed. It utilizes pointers to the IPv4 and MAC
addresses rather than support having those addresses within the
struct itself. This prevents the struct from completely representing
the payload, which is required if we want to utilize this struct in
the converged UMAC.
To resolve these issues rename and redesign the struct.
This is co-dependent with I20cf9f54a7ec920a90575ffd73c51708414d46a0
("qcacld-3.0: Use the redesigned STA keepalive interface").
Change-Id: I2a401fa6934f05555cb3c30088af62cfbc9a3c59
CRs-Fixed: 2404895
In struct plm_req_params the legacy identifier session_id is currently
used to identify the vdev of interest. To align with the converged
nomenclature rename this to vdev_id.
This is co-dependent with I3c5192d31caa05c8fe7157382680318b6671257f
("qcacld-3.0: Use vdev_id in plm_req_params").
Change-Id: I1554febcfb641059a82349aad904c54b62250111
CRs-Fixed: 2405067
While kernel boots, lots of chainmask information gets printed
on console and which decreases readability and dumps lots of
unwanted prints at boot time.
This patch reduces some print level from INFO->DEBUG and can be
enabled and used for debugging whenever needed.
Change-Id: Id1ec1eb4d46c6883f7c22152c765e99074c537ec
CRs-Fixed: 2404102
In send_peer_unmap_conf_cmd_tlv() return the correct error code
while sending PEER UNMAP RESPONSE command to FW.
Change-Id: I3cc87101310a7f0c6e82dc91ac33d747f5282796
CRs-Fixed: 2398586
A common pattern in WLAN to panic the driver is to log the reason and
then unconditionally panic. QDF_DEBUG_PANIC() takes a reason string to
help make the reason for the panic more obvious, but it is not always
used. Ensure all callers of QDF_DEBUG_PANIC() provide a reason string.
Additionally, make the reason string parameter of QDF_DEBUG_PANIC()
mandatory.
Change-Id: Ia3c7acfe590f7f465823fff3f2393653b2d20fe5
CRs-Fixed: 2403830
In struct roam_offload_scan_rssi_params the legacy identifier
session_id is currently used to identify the vdev of interest. To
align with the converged nomenclature rename this to vdev_id.
This is co-dependent with Ifb2282b8977ad1fb999e8460c0d276343793a0c6
("qcacld-3.0: Use vdev_id in roam_offload_scan_rssi_params").
Change-Id: Ifbbca30b9aca9688931ac0f4e4f703c28ad0ad32
CRs-Fixed: 2404094
In struct rssi_monitor_param the legacy identifier session_id is
currently used to identify the vdev of interest. To align with the
converged nomenclature rename this to vdev_id.
This is co-dependent with Icf5d5797eed143837c57a2b7d9a6c9b1b63387e9
("qcacld-3.0: Use vdev_id in rssi_monitor_param").
Change-Id: I6087c5018af98a84e7e784527000448ace7fac6e
CRs-Fixed: 2404081
In struct hidden_ssid_vdev_restart_params the legacy identifier
session_id is currently used to identify the vdev of interest. To
align with the converged nomenclature rename this to vdev_id.
This is co-dependent with Ie8c426aff1a8a1e7f75199c8cf7c761f1a893a05
("qcacld-3.0: Use vdev_id in hidden_ssid_vdev_restart_params").
Change-Id: Iea0bf0a3dcae9186cce4eb176b974515fd0d7624
CRs-Fixed: 2403934
Once user configs hundreds of wow pattern, it will cause
log flood here.
Remove the log here.
Change-Id: I56d749ca4b7db91a72c5a7fe12dbcd751397d19e
CRs-Fixed: 2402655
Add API to update cmn vdev mlme structures,
with the addition of new members to the new mlme
vdev structure,new api's are required to update
those members which will be subsequently used the
new mlme target if layer to send commands to the firmware
Change-Id: I9618613c0ad00f78003cd32951b30b631934ba71
In struct gateway_update_req_param the legacy identifier session_id is
currently used to identify the vdev of interest. To align with the
converged nomenclature rename this to vdev_id.
This is co-dependent with I2d24a54e80931a944580e968a841679d2da7b2a1
("qcacld-3.0: Use vdev_id in gateway_update_req_param").
Change-Id: I84b28aa734b570f0a7834fbac7d27e9c66b8b026
CRs-Fixed: 2404012
As part of the original TDLS componentization the legacy typedef
tTdlsPeerStateParams was replicated as qca-wifi-host-cmn struct
tdls_peer_state_params. Subsequently when the TDLS component was
relocated back to qcacld-3.0 this struct was replicated again as
struct tdls_peer_update_state in the qcacld-3.0 TDLS public structs.
Unfortunately this left the driver with three different data
structures which serve the same purpose. Not only is this pointless,
but due to the way in which these structures are used there is an
implicit requirement that they be exactly identical. Further
complicating matters is the fact that these three structures each have
embedded structs which are also replicated. This approach is very
fragile since any change to any of these structs must be replicated
across the entire set. To align with the converged software
architecture and to improve code maintainability exclusively use the
TDLS public structs.
Change-Id: Ifc976815fea57afae86cc91b91c6b48f70b2a9a7
CRs-Fixed: 2395340
During runtime PM suspend, some key WMI commands will be tagged
so that they can be extracted from HTC queue in order to send to
firmware with priority. Some of these commands are no longer needed
for tagging in latest offload sequence. Hence remove them from the
list.
Change-Id: If0bc547969837d6326aa8d7248d65677c5d3a940
CRS-fixed: 2398382
The CONVERGED_TDLS_ENABLE feature flag was originally introduced when
the TDLS feature was being componentized so that one could select
either the legacy implementation or the componentized implementation.
That componentization activity has concluded and the legacy
implementation no longer exists. To align with the current usage
remove all legacy TDLS code and switch to using the FEATURE_WLAN_TDLS
feature flag since that more accurately describes the code being
protected.
Change-Id: Ieef785844bd25b06604167eae2f52e39717f502f
CRs-Fixed: 2395694
Add the WMI PDEV param 'wmi_pdev_param_ul_ppdu_duration' to
add command support to modify the UL PPDU duration.
Change-Id: If2f8ef02d4f992d91fa745599d5c08b1dfccceca
CRs-fixed: 2393139
Add support for UL_RU26 WMI service which will notify the host if
the target has allowed UL_RU26
Change-Id: I639c0872f541cf30776c9f76b87c4b950c1e17f4
CRs-Fixed: 2390350
check for max_ast entries supported by FW and add the
entry on host accordingly.
Change-Id: Ief70ba631bb41d50c79d3673e3eea0c45b0c1e19
CRs-Fixed: 2355947
In son_ol_send_null(), check for the return value of
GET_WMI_HDL_FROM_PSOC() before using it.
Also, pass argument of type wmi_unified_t in calls
to wmi_unified_stats_request_send().
Change-Id: Idfedae2fcbde6d18b1829adefcabac0adbc55859
CRs-Fixed: 2371368
In extract_hal_reg_cap_tlv(), field hal_reg_capabilities of
param_buf may be NULL, when access field wireless_modes of
hal_reg_capabilities, it will result in a NULL pointer access.
Fix is to add NULL pointer check for field hal_reg_capabilities
of param_buf.
Change-Id: Ie2a50ce1f06f9623cc771d4d580cb5f9f25cc5d4
CRs-Fixed: 2387212
Cleanup WMI to use new data structures in vdev mlme
for corresponding vdev mgmt op
Change-Id: I0126dcb34e569aac2af82de15e0f3362cf5a0a5e
CRs-Fixed: 2383346
Clear compilation warnings for wmi files which
has unsued functions in case of some macros
aren't defined.
Change-Id: If3a9ee68206a44e35f459e3c39d9da2d6f7ba4ba
Extended service ready event has a tlv
containing the spectral bin scaling parameters.
Populate the spectral capabilities using this info.
CRs-Fixed: 2379652
Change-Id: I0b4648302e7170b5965cf1aec68638e70cd36e73
Currently the driver uses structure for peer mac address
to store the mac address.
Use the already existing peer mac address array for the same.
Change-Id: Ib49b2ac4747fce3610da73a1d29c67ccaaeaad65
CRs-Fixed: 2390282
In extract_mac_phy_cap_service_ready_ext() the field num_hw_modes
of hw_caps is used as loop bounds and may be attacked.
hw_mode_caps is a pointer defined by firmware. The exact array
length cannot be got since hw_mode_caps pointing array length
is variable. Fix is to add check for field num_hw_modes of hw_caps.
Change-Id: Ie234db3f2356186a4e7aac121ec88dd7e6453efd
CRs-Fixed: 2387221
The TLV WMI added support for a new WMI_SERVICE_WLM_STATS_REQUEST
service along with an associated WMI_WLM_STATS_EVENTID event, so add
support for a proxy unified WMI service and event.
Change-Id: Ic79c4b757fe2d4e806306750250e3c102745c486
CRs-Fixed: 2388911
Add WMI_HOST_REGDMN_MODE_11AC_VHT20_2G in WMI_HOST_REGDMN_MODE
bitmap.
WMI_SERVICE_READY_EVENT indicates ht/vht capability by
hal_reg_capabilities-> wireless_modes, REGDMN_MODE_11AC_VHT20_2G
indicates 2g vht20, check and save it as
WMI_HOST_REGDMN_MODE_11AC_VHT20_2G.
Change-Id: Idfb9a0f576619d4f890c2c0df68fc903f311c510
CRs-Fixed: 2384269
The sme_session_id field in struct add_ts_param is poorly named since
that is legacy MCL nomenclature, so there is a desire to rename it to
vdev_id to align with the converged nomenclature. As the first phase
of renaming introduce a union so that both the old and new name can be
used by legacy projects, but otherwise only use the new name within
the qcacmn project.
Change-Id: I93743c3b1e3180589a3af83ed9e51d8dc95324d9
CRs-Fixed: 2384156
In function extract_nan_event_rsp_tlv processing WMI_NAN_EVENTID,
fix a potential null pointer dereference of NAN event info data
structure.
Change-Id: I2180d3ce75d89a698d34c56d2abc7687a5fdd485
CRs-fixed: 2381237
Do not call regdb core functions from other components directly.
Instead, call regdb dispatcher functions.
Also, wlan_objmgr_vdev_obj.h file is removed from reg_services.h file in
Ie43acc03a5c35200f3e43bc978b792d5047eeb77 and reg_services.h is removed
from wlan_reg_services_api.h in I891b14fac7a4eddf2697d2ecdc0ac4a82046f532.
Therefore to fix "'struct wlan_channel' declared inside parameter list"
error in wlan_dfs_utils_api.h file, I have included wlan_objmgr_vdev_obj.h
file before wlan_dfs_utils_api.h in scan, dfs and wmi component.
Change-Id: Id8816f5137c3b1f9200c59fc3f9041980631f22f
CRs-Fixed: 2349173
The original implementation of the "get link status" feature contains
some design and implementation details that are not ideal, so fix the
following deficiencies:
- The link_status_params struct contains three fields that are unused.
- The only link_status_params field that is used, session_id, uses
legacy terminology instead of converged terminology
- The wmi_unified_link_status_req_cmd() implementation uses a void
pointer instead of the correct underlying type for the WMI handle.
Note that change I508ec083298caa45d4cbb1ba28b21e47e379a804
("qcacld-3.0: Align with revised "get link status" Unified WMI") is
interdependent with this change.
Change-Id: I057ca0aff4a627c7fcdb9f90a5da46473813f60a
CRs-Fixed: 2381364
Callback signature in wmi_process_fw_event_default_ctx
is different for WIN and MCL. Make it same.
Change-Id: I28ad8e6068742095bdb9bc265e46dead8bfb217d
CRs-Fixed: 2372980
OOB read can occur while handling WMI_SERVICE_READY_EXT_EVENTID event
when large invalid num_phy received in that event, as this value is used
as index to array.
Change-Id: I0e80d04d19160e219028b07599a8b9953a798fb2
CRs-Fixed: 2374726
Currently we have same function name/different implementation when set
wmi scan channel list for WIN and MCL, the implementation for WIN side
send_scan_chan_list_cmd_tlv looks more intuitive which will remain with
minor change.
Remove definition of struct scan_chan_list_params and wmi_channel_param
which is no longer needed. Change HT flag set independent on VHT flag.
Add WMI DFS flag set if channel_param.dfs_set set.
Change-Id: I131ca09c12687bda5eb3eb03b7bcca1d62ac7aa9
CRs-Fixed: 2363675
Change Ie6c4a9847f2daa9ba2aebd17f386d584201b86d6 ("qcacld-3.0: Remove
obsolete set/reset ssid hotlist") in the qcacld-3.0 project removed
the only client of the WMI SSID hotlist infrastructure. Since this
infrastructure is obsolete, remove it.
Change-Id: I4a1de39c982947bbf4958d976426f95e3217f1a3
CRs-Fixed: 2381277
In extract_mac_phy_cap_service_ready_ext() the num_hw_modes
is used as loop bounds and may be attacked.
hw_mode_caps is a pointer defined by firmware. The exact
array length cannot be got since hw_mode_caps pointing array
length is variable. So use max number to check
num_hw_modes before loop.
The max number of hw modes is 24 including 11ax.
Change-Id: I72f30ba819bca89915bb09f271e3dbe7c0f157a6
CRs-Fixed: 2369233
Current Spectral WMI logs on TLV systems are
difficult to interpret, correct it.
Also, set their log level to QDF_TRACE_LEVLE_DEBUG.
Change-Id: I6f19143df230d82edc2fb8dd86b18addbb327d6b
CRs-Fixed: 2369960
