qcacld: IMPS Req sent to Firmware in connected state

Due to race condition between reception of Deauth frame from AP and disconnect from Upper layer, driver sends IMPS Request to firmware when firmware is in connected state.As a result Firmware crashes.So when deauth req comes from upper layer read the status of FW state and accordingly return the error code so that SME does not issue IMPS request. Change-Id: Ie4592b64f7aa263b3264eaddde390acdccd4b8c0 CRs-Fixed: 643624
author: Komal Seelam <kseelam@qti.qualcomm.com> 2014-04-04 12:56:47 +0530
committer: Akash Patel <c_akashp@qca.qualcomm.com> 2014-04-11 08:44:26 -0700
commit: 4988756fd593a14277aa7eba9d1d72ac9a94372d (patch)
tree: 58eac1125865db974d36b2eed62d6d2b0678f03c
parent: 4e79075f5f6f3de00eb9bd9b9ff601ef79b11ddb (diff)
5 files changed, 31 insertions, 1 deletions
diff --git a/CORE/MAC/inc/sirApi.h b/CORE/MAC/inc/sirApi.h
index de7195ba26c4..85e980c61432 100644
--- a/CORE/MAC/inc/sirApi.h
+++ b/CORE/MAC/inc/sirApi.h
@@ -341,6 +341,7 @@ typedef enum eSirResultCodes
 #ifdef WLAN_FEATURE_GTK_OFFLOAD
     eSIR_SME_GTK_OFFLOAD_GETINFO_REQ_FAILED,
 #endif // WLAN_FEATURE_GTK_OFFLOAD
+    eSIR_SME_DEAUTH_STATUS,
     eSIR_DONOT_USE_RESULT_CODE = SIR_MAX_ENUM_SIZE
 } tSirResultCodes;
 
diff --git a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
index fa62695dfe23..38cc8bb80b94 100644
--- a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
+++ b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
@@ -2888,6 +2888,22 @@ __limProcessSmeDeauthReq(tpAniSirGlobal pMac, tANI_U32 *pMsgBuf)
 
                         retCode       = eSIR_SME_STA_NOT_AUTHENTICATED;
                         deauthTrigger = eLIM_HOST_DEAUTH;
+
+/*
+               here we received deauth request from AP so sme state is
+               eLIM_SME_WT_DEAUTH_STATE.if we have ISSUED delSta then
+               mlm state should be eLIM_MLM_WT_DEL_STA_RSP_STATE and if
+               we got delBSS rsp then mlm state should be eLIM_MLM_IDLE_STATE
+               so the below condition captures the state where delSta
+               not done and firmware still in connected state.
+*/
+
+                        if (psessionEntry->limSmeState == eLIM_SME_WT_DEAUTH_STATE &&
+                            psessionEntry->limMlmState != eLIM_MLM_IDLE_STATE &&
+                            psessionEntry->limMlmState != eLIM_MLM_WT_DEL_STA_RSP_STATE)
+                        {
+                            retCode = eSIR_SME_DEAUTH_STATUS;
+                        }
                         goto sendDeauth;
                     }
 
diff --git a/CORE/SME/inc/csrInternal.h b/CORE/SME/inc/csrInternal.h
index 18d31b7cd867..a7efdd839254 100644
--- a/CORE/SME/inc/csrInternal.h
+++ b/CORE/SME/inc/csrInternal.h
@@ -1025,6 +1025,7 @@ typedef struct tagCsrRoamStruct
     tANI_U8        RoamRssiDiff;
     tANI_BOOLEAN   isWESModeEnabled;
 #endif
+    tANI_U32 deauthRspStatus;
 }tCsrRoamStruct;
 
 
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index f171b3298a49..5afaf0a7cf8a 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -6071,6 +6071,17 @@ static tANI_BOOLEAN csrRoamProcessResults( tpAniSirGlobal pMac, tSmeCmd *pComman
                     sme_QosCsrEventInd(pMac, (tANI_U8)sessionId, SME_QOS_CSR_DISCONNECT_IND, NULL);
 #endif
                     csrRoamLinkDown(pMac, sessionId);
+
+                    /*
+                          DelSta not done FW still in conneced state so dont
+                          issue IMPS req
+                    */
+
+                    if (pMac->roam.deauthRspStatus == eSIR_SME_DEAUTH_STATUS)
+                    {
+                        smsLog(pMac, LOGW, FL("FW still in connected state "));
+                        break;
+                    }
                     csrScanStartIdleScan(pMac);
                     break;
                 case eCsrForcedIbssLeave:
@@ -8272,6 +8283,7 @@ static void csrRoamRoamingStateDeauthRspProcessor( tpAniSirGlobal pMac, tSirSmeD
     //No one is sending eWNI_SME_DEAUTH_REQ to PE.
     smsLog(pMac, LOGW, FL("is no-op"));
     statusCode = csrGetDeAuthRspStatusCode( pSmeRsp );
+    pMac->roam.deauthRspStatus = statusCode;
     if ( CSR_IS_ROAM_SUBSTATE_DEAUTH_REQ( pMac, pSmeRsp->sessionId) )
     {
         csrRoamComplete( pMac, eCsrNothingToJoin, NULL );
diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c
index 89414d9429ea..bc48b3113285 100644
--- a/CORE/SME/src/csr/csrUtil.c
+++ b/CORE/SME/src/csr/csrUtil.c
@@ -6082,7 +6082,7 @@ tSirResultCodes csrGetDeAuthRspStatusCode( tSirSmeDeauthRsp *pSmeRsp )
     tANI_U8 *pBuffer = (tANI_U8 *)pSmeRsp;
     tANI_U32 ret;
 
-    pBuffer += (sizeof(tANI_U16) + sizeof(tANI_U16) + sizeof(tSirMacAddr));
+    pBuffer += (sizeof(tANI_U16) + sizeof(tANI_U16) + sizeof(tANI_U8) +sizeof(tANI_U16));
     //tSirResultCodes is an enum, assuming is 32bit
     //If we cannot make this assumption, use copymemory
     pal_get_U32( pBuffer, &ret );
author	Komal Seelam <kseelam@qti.qualcomm.com>	2014-04-04 12:56:47 +0530
committer	Akash Patel <c_akashp@qca.qualcomm.com>	2014-04-11 08:44:26 -0700
commit	4988756fd593a14277aa7eba9d1d72ac9a94372d (patch)
tree	58eac1125865db974d36b2eed62d6d2b0678f03c
parent	4e79075f5f6f3de00eb9bd9b9ff601ef79b11ddb (diff)