From a6296dab11ce84425efe32e20c3971fad38249c4 Mon Sep 17 00:00:00 2001 From: Kiran Kumar Lokere Date: Fri, 24 Jan 2014 13:06:47 -0800 Subject: Fix SAP channel width issue after DFS channel switch Fixes SAP channel width issue when DFS channel switch happens. SAP was coming up with 20MHz channel width after DFS channel switch happend. CRs-Fixed: 600131 --- CORE/MAC/inc/sirApi.h | 1 + CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c | 90 +++++++++++++++++++------- CORE/SAP/src/sapModule.c | 4 +- CORE/SME/inc/csrInternal.h | 4 +- CORE/SME/inc/sme_Api.h | 4 +- CORE/SME/src/csr/csrApiRoam.c | 19 +++++- CORE/SME/src/sme_common/sme_Api.c | 7 +- 7 files changed, 97 insertions(+), 32 deletions(-) diff --git a/CORE/MAC/inc/sirApi.h b/CORE/MAC/inc/sirApi.h index a2750c146f2e..bf50c844fbe7 100644 --- a/CORE/MAC/inc/sirApi.h +++ b/CORE/MAC/inc/sirApi.h @@ -4752,6 +4752,7 @@ typedef struct sSirChanChangeRequest tANI_U16 messageLen; tANI_U8 sessionId; tANI_U8 targetChannel; + tANI_U8 cbMode; }tSirChanChangeRequest, *tpSirChanChangeRequest; typedef struct sSirChanChangeResponse diff --git a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c index 45b62e18b086..ca3323b72a0f 100644 --- a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c +++ b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c @@ -5836,6 +5836,10 @@ limProcessSmeChannelChangeRequest(tpAniSirGlobal pMac, tANI_U32 *pMsg) tpPESession psessionEntry; tANI_U8 sessionId; //PE sessionID tPowerdBm maxTxPwr; +#ifdef WLAN_FEATURE_11AC + tANI_U32 centerChan; + tANI_U32 chanWidth; +#endif if( pMsg == NULL ) { limLog(pMac, LOGE,FL("pMsg is NULL")); @@ -5863,14 +5867,6 @@ limProcessSmeChannelChangeRequest(tpAniSirGlobal pMac, tANI_U32 *pMsg) && maxTxPwr != WDA_MAX_TXPOWER_INVALID) { - /* - * Issue a set channel request with - * with channel bonding mode as - * PHY_SINGLE_CHANNEL_CENTERED - * TODO:Handle the channel bonding mode - * 40Mhz and 80Mhz Channel width for SAP - * channel change. - */ /* Store the New Channel Params in psessionEntry */ if (psessionEntry->currentOperChannel != @@ -5880,25 +5876,73 @@ limProcessSmeChannelChangeRequest(tpAniSirGlobal pMac, tANI_U32 *pMsg) psessionEntry->currentOperChannel, pChannelChangeReq->targetChannel); - limSetChannel(pMac, pChannelChangeReq->targetChannel, - PHY_SINGLE_CHANNEL_CENTERED, - maxTxPwr, - psessionEntry->peSessionId); - psessionEntry->currentOperChannel = - pChannelChangeReq->targetChannel; +#ifdef WLAN_FEATURE_11AC + if(psessionEntry->vhtCapability) + { + + if (wlan_cfgGetInt(pMac, WNI_CFG_VHT_CHANNEL_WIDTH, + &chanWidth) != eSIR_SUCCESS) + { + limLog(pMac, LOGP, + FL("Unable to retrieve Channel Width from CFG")); + } + + if(chanWidth == eHT_CHANNEL_WIDTH_20MHZ || chanWidth == eHT_CHANNEL_WIDTH_40MHZ) + { + if (cfgSetInt(pMac, WNI_CFG_VHT_CHANNEL_WIDTH, WNI_CFG_VHT_CHANNEL_WIDTH_20_40MHZ) + != eSIR_SUCCESS) + { + limLog(pMac, LOGP, FL("could not set WNI_CFG_CHANNEL_BONDING_MODE at CFG")); + } + } + if (chanWidth == eHT_CHANNEL_WIDTH_80MHZ) + { + if (cfgSetInt(pMac, WNI_CFG_VHT_CHANNEL_WIDTH, WNI_CFG_VHT_CHANNEL_WIDTH_80MHZ) + != eSIR_SUCCESS) + { + limLog(pMac, LOGP, FL("could not set WNI_CFG_CHANNEL_BONDING_MODE at CFG")); + } + + centerChan = limGetCenterChannel(pMac, pChannelChangeReq->targetChannel, + pChannelChangeReq->cbMode,WNI_CFG_VHT_CHANNEL_WIDTH_80MHZ); + if(centerChan != eSIR_CFG_INVALID_ID) + { + limLog(pMac, LOGW, FL("***Center Channel for 80MHZ channel width = %d"),centerChan); + psessionEntry->apCenterChan = centerChan; + if (cfgSetInt(pMac, WNI_CFG_VHT_CHANNEL_CENTER_FREQ_SEGMENT1, centerChan) + != eSIR_SUCCESS) + { + limLog(pMac, LOGP, FL("could not set WNI_CFG_CHANNEL_BONDING_MODE at CFG")); + } + } + } + + /* All the translation is done by now for gVhtChannelWidth from .ini file to + * the actual values as defined in spec. So, grabing the spec value which is + * updated in .dat file by the above logic */ + if (wlan_cfgGetInt(pMac, WNI_CFG_VHT_CHANNEL_WIDTH, + &chanWidth) != eSIR_SUCCESS) + { + limLog(pMac, LOGP, + FL("Unable to retrieve Channel Width from CFG")); + } + psessionEntry->vhtTxChannelWidthSet = chanWidth; + psessionEntry->apChanWidth = chanWidth; + } + psessionEntry->htSecondaryChannelOffset = limGetHTCBState(pChannelChangeReq->cbMode); + psessionEntry->htSupportedChannelWidthSet = (pChannelChangeReq->cbMode ? 1 : 0); - /* - *TODO:As of now the supported Channel width - * is only 20Mhz. AP Channel Bonding Mode for - * 40 Mhz and 80Mhz is pending implementation. - */ - psessionEntry->htSecondaryChannelOffset = - PHY_SINGLE_CHANNEL_CENTERED; - psessionEntry->htSupportedChannelWidthSet = - WNI_CFG_CHANNEL_BONDING_MODE_DISABLE; psessionEntry->htRecommendedTxWidthSet = psessionEntry->htSupportedChannelWidthSet; + psessionEntry->currentOperChannel = + pChannelChangeReq->targetChannel; + + limSetChannel(pMac, pChannelChangeReq->targetChannel, + pChannelChangeReq->cbMode, + maxTxPwr, + psessionEntry->peSessionId); +#endif } } diff --git a/CORE/SAP/src/sapModule.c b/CORE/SAP/src/sapModule.c index e94f3eb53a54..731ea68c4ca8 100644 --- a/CORE/SAP/src/sapModule.c +++ b/CORE/SAP/src/sapModule.c @@ -2414,8 +2414,8 @@ WLANSAP_ChannelChangeRequest(v_PVOID_t pSapCtx, tANI_U8 tArgetChannel) return VOS_STATUS_E_FAULT; } - halStatus = sme_RoamChannelChangeReq( hHal, - sapContext->sessionId, tArgetChannel); + halStatus = sme_RoamChannelChangeReq( hHal, sapContext->sessionId, tArgetChannel, + sapConvertSapPhyModeToCsrPhyMode(sapContext->csrRoamProfile.phyMode)); if (halStatus == eHAL_STATUS_SUCCESS) { diff --git a/CORE/SME/inc/csrInternal.h b/CORE/SME/inc/csrInternal.h index 4c0cf4cbe865..879c119c22de 100644 --- a/CORE/SME/inc/csrInternal.h +++ b/CORE/SME/inc/csrInternal.h @@ -1428,8 +1428,8 @@ tANI_BOOLEAN csrRoamIsStaMode(tpAniSirGlobal pMac, tANI_U32 sessionId); /* Post Channel Change Indication */ -eHalStatus csrRoamChannelChangeReq( tpAniSirGlobal pMac, - tANI_U32 sessionId, tANI_U8 targetChannel); +eHalStatus csrRoamChannelChangeReq(tpAniSirGlobal pMac, tANI_U32 sessionId, + tANI_U8 targetChannel, tANI_U8 cbMode); /* Post Beacon Tx Start Indication */ eHalStatus csrRoamStartBeaconReq( tpAniSirGlobal pMac, diff --git a/CORE/SME/inc/sme_Api.h b/CORE/SME/inc/sme_Api.h index 93d62b0c047b..7d3e2e85fcb7 100644 --- a/CORE/SME/inc/sme_Api.h +++ b/CORE/SME/inc/sme_Api.h @@ -3280,8 +3280,8 @@ eHalStatus sme_AddChAvoidCallback ); #endif /* FEATURE_WLAN_CH_AVOID */ -eHalStatus sme_RoamChannelChangeReq( tHalHandle hHal, - tANI_U8 sessionId, tANI_U8 targetChannel); +eHalStatus sme_RoamChannelChangeReq( tHalHandle hHal, tANI_U8 sessionId, + tANI_U8 targetChannel, eCsrPhyMode phyMode); eHalStatus sme_RoamStartBeaconReq( tHalHandle hHal, tANI_U8 sessionId, tANI_U8 dfsCacWaitStatus); diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c index 34c33b88a57b..c9822ff8d062 100644 --- a/CORE/SME/src/csr/csrApiRoam.c +++ b/CORE/SME/src/csr/csrApiRoam.c @@ -17280,7 +17280,7 @@ VOS_STATUS csrRoamReadTSF(tpAniSirGlobal pMac, tANI_U8 *pTimestamp) */ eHalStatus csrRoamChannelChangeReq( tpAniSirGlobal pMac, tANI_U32 sessionId, - tANI_U8 targetChannel) + tANI_U8 targetChannel, tANI_U8 cbMode) { eHalStatus status = eHAL_STATUS_SUCCESS; tSirChanChangeRequest *pMsg; @@ -17301,10 +17301,27 @@ csrRoamChannelChangeReq( tpAniSirGlobal pMac, tANI_U32 sessionId, vos_mem_set((void *)pMsg, sizeof( tSirChanChangeRequest ), 0); +#ifdef WLAN_FEATURE_11AC + // cbMode = 1 in cfg.ini is mapped to PHY_DOUBLE_CHANNEL_HIGH_PRIMARY = 3 + // in function csrConvertCBIniValueToPhyCBState() + // So, max value for cbMode in 40MHz mode is 3 (MAC\src\include\sirParams.h) + if(cbMode > PHY_DOUBLE_CHANNEL_HIGH_PRIMARY) + { + if(!WDA_getFwWlanFeatCaps(DOT11AC)) { + cbMode = csrGetHTCBStateFromVHTCBState(cbMode); + } + else + { + ccmCfgSetInt(pMac, WNI_CFG_VHT_CHANNEL_WIDTH, pMac->roam.configParam.nVhtChannelWidth, NULL, eANI_BOOLEAN_FALSE); + } + } +#endif + pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_CHANNEL_CHANGE_REQ); pMsg->messageLen = sizeof(tSirChanChangeRequest); pMsg->sessionId = pSession->sessionId; pMsg->targetChannel = targetChannel; + pMsg->cbMode = cbMode; status = palSendMBMessage(pMac->hHdd, pMsg); diff --git a/CORE/SME/src/sme_common/sme_Api.c b/CORE/SME/src/sme_common/sme_Api.c index af6b33cdff84..6df7077457a9 100644 --- a/CORE/SME/src/sme_common/sme_Api.c +++ b/CORE/SME/src/sme_common/sme_Api.c @@ -10916,14 +10916,17 @@ eHalStatus sme_AddChAvoidCallback \return eHalStatus ---------------------------------------------------------------------------*/ eHalStatus sme_RoamChannelChangeReq( tHalHandle hHal, - tANI_U8 sessionId, tANI_U8 targetChannel ) + tANI_U8 sessionId, tANI_U8 targetChannel, eCsrPhyMode phyMode) { eHalStatus status = eHAL_STATUS_FAILURE; tpAniSirGlobal pMac = PMAC_STRUCT( hHal ); status = sme_AcquireGlobalLock( &pMac->sme ); if ( HAL_STATUS_SUCCESS( status ) ) { - status = csrRoamChannelChangeReq( pMac, sessionId, targetChannel); + sme_SelectCBMode(hHal, phyMode, targetChannel); + + status = csrRoamChannelChangeReq( pMac, sessionId, targetChannel, + pMac->roam.configParam.channelBondingMode5GHz); sme_ReleaseGlobalLock( &pMac->sme ); } -- cgit v1.2.3 From d55e5103c6abac829f88cb13108421aa4f7ffe00 Mon Sep 17 00:00:00 2001 From: Rajeev Kumar Date: Tue, 14 Jan 2014 19:28:13 -0800 Subject: Fix of data abort issue while deleting peer. WMA is receiving DELETE_STA request from UMAC with staIndex as 0xff and TXRX module is accessing out of bound map entry from local_peer_ids pool this is leading to an invalid pointer getting assigned to peer and when it is de-referenced for vdev its leading to data abort.WMA should return failure for DELETE_STA request if staIndex passed is invalid. Change-Id: Ifb06003710c2bf407835bc9eef6a0de2a32d475d CRs-Fixed: 599539 --- CORE/CLD_TXRX/TXRX/ol_txrx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CORE/CLD_TXRX/TXRX/ol_txrx.c b/CORE/CLD_TXRX/TXRX/ol_txrx.c index 90f55b17d873..a8a0ba4c0114 100644 --- a/CORE/CLD_TXRX/TXRX/ol_txrx.c +++ b/CORE/CLD_TXRX/TXRX/ol_txrx.c @@ -154,7 +154,8 @@ ol_txrx_peer_find_by_local_id( struct ol_txrx_pdev_t *pdev, u_int8_t local_peer_id) { - if (local_peer_id == OL_TXRX_INVALID_LOCAL_PEER_ID) { + if ((local_peer_id == OL_TXRX_INVALID_LOCAL_PEER_ID) || + (local_peer_id >= OL_TXRX_NUM_LOCAL_PEER_IDS)) { return NULL; } return pdev->local_peer_ids.map[local_peer_id]; -- cgit v1.2.3 From 3cad4275bb611fc83384e49750411674213ac447 Mon Sep 17 00:00:00 2001 From: "Padma, Santhosh Kumar" Date: Fri, 24 Jan 2014 13:40:59 -0800 Subject: wlan: Global variables are not set properly for WMM-AC. Variable wmmAcAccessAllowed is not set properly because of which downgrading is not happening eventhough admission to high priority AC is rejected. This fix set variables properly for explicit case. CRs-Fixed:599938 --- CORE/HDD/src/wlan_hdd_wmm.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/CORE/HDD/src/wlan_hdd_wmm.c b/CORE/HDD/src/wlan_hdd_wmm.c index 784b37fed87f..7a68075d3b3e 100644 --- a/CORE/HDD/src/wlan_hdd_wmm.c +++ b/CORE/HDD/src/wlan_hdd_wmm.c @@ -780,6 +780,10 @@ static eHalStatus hdd_wmm_sme_callback (tHalHandle hHal, // this was triggered by an application pQosContext->lastStatus = HDD_WLAN_WMM_STATUS_SETUP_FAILED; + + pAc->wmmAcAccessAllowed = VOS_FALSE; + pAc->wmmAcAccessFailed = VOS_TRUE; + hdd_wmm_notify_app(pQosContext); } @@ -1221,6 +1225,9 @@ static eHalStatus hdd_wmm_sme_callback (tHalHandle hHal, // Tx queues) but let's consistently handle all cases here pAc->wmmAcAccessAllowed = hdd_wmm_is_access_allowed(pAdapter, pAc); + if(pAc->wmmAcAccessFailed) + pAc->wmmAcAccessAllowed = VOS_FALSE; + VOS_TRACE(VOS_MODULE_ID_HDD, WMM_TRACE_LEVEL_INFO, "%s: complete, access for TL AC %d is%sallowed", __func__, @@ -2026,8 +2033,8 @@ VOS_STATUS hdd_wmm_acquire_access( hdd_adapter_t* pAdapter, VOS_TRACE(VOS_MODULE_ID_HDD, WMM_TRACE_LEVEL_INFO_LOW, "%s: QoS not configured on both ends ", __func__); - pAdapter->hddWmmStatus.wmmAcStatus[acType].wmmAcAccessAllowed = VOS_TRUE; - *pGranted = VOS_TRUE; + *pGranted = pAdapter->hddWmmStatus.wmmAcStatus[acType].wmmAcAccessAllowed; + return VOS_STATUS_SUCCESS; } -- cgit v1.2.3 From c5706dafbe0b696a3b6325a583a2379c1b332697 Mon Sep 17 00:00:00 2001 From: "Padma, Santhosh Kumar" Date: Fri, 10 Jan 2014 21:08:48 +0530 Subject: wlan: Global variables are not set properly for implicit Qos. Variable wmmAcAccessAllowed is not set properly because of which downgrading is not happening eventhough admission to high priority AC is rejected. This fix set variables properly for implicit case. Change-Id: I33f271bd73f74a1aa0261fc1e4b24c5a914382bc CRs-Fixed: 598663 --- CORE/HDD/src/wlan_hdd_wmm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CORE/HDD/src/wlan_hdd_wmm.c b/CORE/HDD/src/wlan_hdd_wmm.c index 7a68075d3b3e..9f6f6209be98 100644 --- a/CORE/HDD/src/wlan_hdd_wmm.c +++ b/CORE/HDD/src/wlan_hdd_wmm.c @@ -758,7 +758,7 @@ static eHalStatus hdd_wmm_sme_callback (tHalHandle hHal, // the packets will flow. Note that the MAC will "do the right thing" pAc->wmmAcAccessPending = VOS_FALSE; pAc->wmmAcAccessFailed = VOS_TRUE; - pAc->wmmAcAccessAllowed = VOS_TRUE; + pAc->wmmAcAccessAllowed = VOS_FALSE; // this was triggered by implicit QoS so we know packets are pending status = WLANTL_STAPktPending( (WLAN_HDD_GET_CTX(pAdapter))->pvosContext, @@ -2061,8 +2061,8 @@ VOS_STATUS hdd_wmm_acquire_access( hdd_adapter_t* pAdapter, "%s: Implicit QoS for TL AC %d previously failed", __func__, acType); - pAdapter->hddWmmStatus.wmmAcStatus[acType].wmmAcAccessAllowed = VOS_TRUE; - *pGranted = VOS_TRUE; + pAdapter->hddWmmStatus.wmmAcStatus[acType].wmmAcAccessAllowed = VOS_FALSE; + *pGranted = VOS_FALSE; return VOS_STATUS_SUCCESS; } -- cgit v1.2.3 From 2bc8a3195005076b6db3a0e27f76986e68a4e70a Mon Sep 17 00:00:00 2001 From: "Kanchanapally, Vidyullatha" Date: Fri, 24 Jan 2014 13:47:37 -0800 Subject: wlan: copy measurement type and duration (RRM). Fix for issue where DUT was doing a passive scan instead of an active scan when there is a beacon report request on a specific channel. In the case where the num_APChannelReport is zero, the measurement type and measurement duration are not being copied. Hence added an else condition to address this. CRs-Fixed: 594614 --- CORE/MAC/src/pe/rrm/rrmApi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CORE/MAC/src/pe/rrm/rrmApi.c b/CORE/MAC/src/pe/rrm/rrmApi.c index 1420f699db6a..5e8f760f7dcf 100644 --- a/CORE/MAC/src/pe/rrm/rrmApi.c +++ b/CORE/MAC/src/pe/rrm/rrmApi.c @@ -668,6 +668,11 @@ rrmProcessBeaconReportReq( tpAniSirGlobal pMac, pSmeBcnReportReq->fMeasurementtype[num_APChanReport] = pBeaconReq->measurement_request.Beacon.meas_mode; } } + else + { + pSmeBcnReportReq->measurementDuration[0] = SYS_TU_TO_MS(measDuration); + pSmeBcnReportReq->fMeasurementtype[0] = pBeaconReq->measurement_request.Beacon.meas_mode; + } //Send request to SME. mmhMsg.type = eWNI_SME_BEACON_REPORT_REQ_IND; -- cgit v1.2.3 From fccd2403a2917a2cee78bc498cc1079d04923af2 Mon Sep 17 00:00:00 2001 From: "Padma, Santhosh Kumar" Date: Fri, 24 Jan 2014 13:54:50 -0800 Subject: wlan: Improper TID to Firmware. Host sends TID as invalid. So FW computes TID itself based on the IP header's DSCP value. This causes issue of sending data at high priority eventhough priority is downgraded at Host side.This fix helps to return proper TID. CRs-Fixed: 599938 --- CORE/SERVICES/COMMON/adf/adf_nbuf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CORE/SERVICES/COMMON/adf/adf_nbuf.c b/CORE/SERVICES/COMMON/adf/adf_nbuf.c index 7a72cb10aa10..7b2e98521dfe 100644 --- a/CORE/SERVICES/COMMON/adf/adf_nbuf.c +++ b/CORE/SERVICES/COMMON/adf/adf_nbuf.c @@ -357,7 +357,7 @@ __adf_nbuf_get_vlan_info(adf_net_handle_t hdl, struct sk_buff *skb, a_uint8_t __adf_nbuf_get_tid(struct sk_buff *skb) { - return ADF_NBUF_TX_EXT_TID_INVALID; + return skb->priority; } a_uint8_t -- cgit v1.2.3 From ed2330f2e5e4c296866f505171032987f87455ab Mon Sep 17 00:00:00 2001 From: "Padma, Santhosh Kumar" Date: Wed, 15 Jan 2014 22:24:23 +0530 Subject: wlan: rrm: Fix Null pointer de-referencing of pCurMeasReqIe. If the channel number provided in the Scan results is not matching with the channel number requested for in beacon report request by the AP, pCurMeasReqIe will be NULL> And the current code de-references the measurement duration without NULL check. Modified the code to do NULL check before accessing the pCurMeasReqIe Change-Id: I6f3b8ebd501cadb90a21847bd7c044bbbeb30448 CRs-Fixed: 600615 --- CORE/SME/src/rrm/sme_rrm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CORE/SME/src/rrm/sme_rrm.c b/CORE/SME/src/rrm/sme_rrm.c index 8019c00e459a..b4fb9f4b9512 100644 --- a/CORE/SME/src/rrm/sme_rrm.c +++ b/CORE/SME/src/rrm/sme_rrm.c @@ -352,7 +352,8 @@ static eHalStatus sme_CcxSendBeaconReqScanResults(tpAniSirGlobal pMac, break; } } - pBcnReport->measurementToken = pCurMeasReqIe->measurementToken; + if(NULL != pCurMeasReqIe) + pBcnReport->measurementToken = pCurMeasReqIe->measurementToken; smsLog( pMac, LOG1, "Channel(%d) MeasToken(%d)", channel, pBcnReport->measurementToken); msgCounter=0; @@ -364,7 +365,8 @@ static eHalStatus sme_CcxSendBeaconReqScanResults(tpAniSirGlobal pMac, ie_len = GET_IE_LEN_IN_BSS( pBssDesc->length ); pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.ChanNum = pBssDesc->channelId; pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.Spare = 0; - pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.MeasDuration = pCurMeasReqIe->measurementDuration; + if(NULL != pCurMeasReqIe) + pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.MeasDuration = pCurMeasReqIe->measurementDuration; pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.PhyType = pBssDesc->nwType; pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.RecvSigPower = pBssDesc->rssi; pBcnReport->bcnRepBssInfo[msgCounter].bcnReportFields.ParentTsf = pBssDesc->parentTSF; -- cgit v1.2.3 From be2282acaa42a6bed872c904d95a6cc4f497e73c Mon Sep 17 00:00:00 2001 From: "Kanchanapally, Vidyullatha" Date: Fri, 24 Jan 2014 14:00:49 -0800 Subject: wlan: Copying Duration info to Beacon Report. Fix for issue where duration IE is seen as zero in Beacon report. With the fix the duration will now be copied to the beacon report. CRs-Fixed: 596780 --- CORE/SME/src/rrm/sme_rrm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/CORE/SME/src/rrm/sme_rrm.c b/CORE/SME/src/rrm/sme_rrm.c index b4fb9f4b9512..c3af20dbbbcb 100644 --- a/CORE/SME/src/rrm/sme_rrm.c +++ b/CORE/SME/src/rrm/sme_rrm.c @@ -212,6 +212,7 @@ static eHalStatus sme_RrmSendBeaconReportXmitInd( tpAniSirGlobal pMac, pBeaconRep->messageType = eWNI_SME_BEACON_REPORT_RESP_XMIT_IND; pBeaconRep->length = length; pBeaconRep->uDialogToken = pSmeRrmContext->token; + pBeaconRep->duration = pSmeRrmContext->duration[0]; pBeaconRep->regClass = pSmeRrmContext->regClass; vos_mem_copy( pBeaconRep->bssId, pSmeRrmContext->sessionBssId, sizeof(tSirMacAddr) ); -- cgit v1.2.3 From 93714b38113f1c050a825b113439264ab30693cd Mon Sep 17 00:00:00 2001 From: Ganesh Babu Kumaravel Date: Sat, 11 Jan 2014 04:29:34 +0530 Subject: qcacld: Powersave handling in static ip address case. While static address is assigned Framework won't send powersave enabling command to the driver. So power save won't be enabled with powersave offload scenario. So upon association completion auto bmps timer with a duration of 5 secs is started. In case of DHCP case Framework will send powersave disable command before starting dhcp. Here this timer will be stopped and powersave will be enabled upon getting enable powersave from framework once dhcp is completed. In static address case upon expiry of this auto bmps timer power save will be enabled for that session. CRs-Fixed: 593367 Change-Id: Ib5a0f533edde98ac0c7ca9b2561273c1b8a953d0 --- CORE/HDD/src/wlan_hdd_assoc.c | 18 +++++++++++++++++ CORE/SME/inc/pmc.h | 11 +++++++++-- CORE/SME/inc/pmcApi.h | 6 ++++++ CORE/SME/inc/sme_Api.h | 5 +++++ CORE/SME/src/pmc/pmc.c | 15 ++++++++------ CORE/SME/src/pmc/pmcApi.c | 41 +++++++++++++++++++++++++++++++++++++++ CORE/SME/src/sme_common/sme_Api.c | 30 ++++++++++++++++++++++++++++ 7 files changed, 118 insertions(+), 8 deletions(-) diff --git a/CORE/HDD/src/wlan_hdd_assoc.c b/CORE/HDD/src/wlan_hdd_assoc.c index 73c13b18092c..d0e0c906ae6d 100644 --- a/CORE/HDD/src/wlan_hdd_assoc.c +++ b/CORE/HDD/src/wlan_hdd_assoc.c @@ -920,6 +920,15 @@ static eHalStatus hdd_DisConnectHandler( hdd_adapter_t *pAdapter, tCsrRoamInfo * } #endif + if (pHddCtx->cfg_ini->enablePowersaveOffload && + ((WLAN_HDD_INFRA_STATION == pAdapter->device_mode) || + (WLAN_HDD_P2P_CLIENT == pAdapter->device_mode))) + { + sme_PsOffloadDisableDeferredPowerSave( + WLAN_HDD_GET_HAL_CTX(pAdapter), + pAdapter->sessionId); + } + //Unblock anyone waiting for disconnect to complete complete(&pAdapter->disconnect_comp_var); return( status ); @@ -1884,6 +1893,15 @@ static eHalStatus hdd_RoamSetKeyCompleteHandler( hdd_adapter_t *pAdapter, tCsrRo WLANTL_STA_AUTHENTICATED ); pHddStaCtx->conn_info.uIsAuthenticated = VOS_TRUE; + + if (pHddCtx->cfg_ini->enablePowersaveOffload && + ((WLAN_HDD_INFRA_STATION == pAdapter->device_mode) || + (WLAN_HDD_P2P_CLIENT == pAdapter->device_mode))) + { + sme_PsOffloadEnableDeferredPowerSave( + WLAN_HDD_GET_HAL_CTX(pAdapter), + pAdapter->sessionId); + } } else { diff --git a/CORE/SME/inc/pmc.h b/CORE/SME/inc/pmc.h index 3d3e97b23aa5..6c8bc6b6c05c 100644 --- a/CORE/SME/inc/pmc.h +++ b/CORE/SME/inc/pmc.h @@ -51,6 +51,10 @@ /* Auto Ps Entry Timer Default value - 1000 ms */ #define AUTO_PS_ENTRY_TIMER_DEFAULT_VALUE 1000 +/* Auto Deferred Ps Entry Timer value - 5000 ms */ +#define AUTO_DEFERRED_PS_ENTRY_TIMER_DEFAULT_VALUE 5000 + + /* Host power sources. */ typedef enum ePowerSource { @@ -287,6 +291,9 @@ typedef struct sPsOffloadPerSessionInfo /* TRUE if Sta Mode Ps is Enabled */ tANI_BOOLEAN configStaPsEnabled; + /* TRUE if deferred Sta Mode Ps is Enabled */ + tANI_BOOLEAN configDefStaPsEnabled; + /* * Indicates current uapsd status * Enabled/Disabled/Required @@ -424,9 +431,9 @@ eHalStatus pmcOffloadClosePerSession(tHalHandle hHal, tANI_U32 sessionId); eHalStatus pmcOffloadStartPerSession(tHalHandle hHal, tANI_U32 sessionId); eHalStatus pmcOffloadStopPerSession(tHalHandle hHal, tANI_U32 sessionId); - eHalStatus pmcOffloadStartAutoStaPsTimer (tpAniSirGlobal pMac, - tANI_U32 sessionId); + tANI_U32 sessionId, + tANI_U32 timerValue); void pmcOffloadStopAutoStaPsTimer(tpAniSirGlobal pMac, tANI_U32 sessionId); diff --git a/CORE/SME/inc/pmcApi.h b/CORE/SME/inc/pmcApi.h index 0a7be56c2561..82802b3dd7ce 100644 --- a/CORE/SME/inc/pmcApi.h +++ b/CORE/SME/inc/pmcApi.h @@ -630,5 +630,11 @@ eHalStatus pmcOffloadSetTdlsProhibitBmpsStatus(tHalHandle hHal, tANI_BOOLEAN pmcOffloadIsPowerSaveEnabled (tHalHandle hHal, tANI_U32 sessionId, tPmcPowerSavingMode psMode); + +eHalStatus PmcOffloadEnableDeferredStaModePowerSave(tHalHandle hHal, + tANI_U32 sessionId); + +eHalStatus PmcOffloadDisableDeferredStaModePowerSave(tHalHandle hHal, + tANI_U32 sessionId); #endif diff --git a/CORE/SME/inc/sme_Api.h b/CORE/SME/inc/sme_Api.h index 7d3e2e85fcb7..c3dc77f35f68 100644 --- a/CORE/SME/inc/sme_Api.h +++ b/CORE/SME/inc/sme_Api.h @@ -3241,6 +3241,11 @@ eHalStatus sme_ConfigEnablePowerSave (tHalHandle hHal, tPmcPowerSavingMode psMod eHalStatus sme_ConfigDisablePowerSave (tHalHandle hHal, tPmcPowerSavingMode psMode); eHalStatus sme_PsOffloadEnablePowerSave (tHalHandle hHal, tANI_U32 sessionId); eHalStatus sme_PsOffloadDisablePowerSave (tHalHandle hHal, tANI_U32 sessionId); +eHalStatus sme_PsOffloadEnableDeferredPowerSave (tHalHandle hHal, + tANI_U32 sessionId); +eHalStatus sme_PsOffloadDisableDeferredPowerSave (tHalHandle hHal, + tANI_U32 sessionId); + /*SME API to convert convert the ini value to the ENUM used in csr and MAC*/ ePhyChanBondState sme_GetCBPhyStateFromCBIniValue(tANI_U32 cb_ini_value); diff --git a/CORE/SME/src/pmc/pmc.c b/CORE/SME/src/pmc/pmc.c index 6fadfc62ba27..f1cba31cd8cd 100644 --- a/CORE/SME/src/pmc/pmc.c +++ b/CORE/SME/src/pmc/pmc.c @@ -2807,7 +2807,7 @@ eHalStatus pmcOffloadStartPerSession(tHalHandle hHal, tANI_U32 sessionId) #ifdef FEATURE_WLAN_TDLS pmc->isTdlsPowerSaveProhibited = FALSE; #endif - + pmc->configDefStaPsEnabled = FALSE; return eHAL_STATUS_SUCCESS; } @@ -2826,6 +2826,7 @@ eHalStatus pmcOffloadStopPerSession(tHalHandle hHal, tANI_U32 sessionId) #ifdef FEATURE_WLAN_TDLS pmc->isTdlsPowerSaveProhibited = FALSE; #endif + pmc->configDefStaPsEnabled = FALSE; pmcOffloadStopAutoStaPsTimer(pMac, sessionId); pmcOffloadDoFullPowerCallbacks(pMac, sessionId, eHAL_STATUS_FAILURE); @@ -3019,7 +3020,8 @@ eHalStatus pmcOffloadEnableStaPsCheck(tpAniSirGlobal pMac, } eHalStatus pmcOffloadStartAutoStaPsTimer (tpAniSirGlobal pMac, - tANI_U32 sessionId) + tANI_U32 sessionId, + tANI_U32 timerValue) { VOS_STATUS vosStatus; tpPsOffloadPerSessionInfo pmc = &pMac->pmcOffloadInfo.pmc[sessionId]; @@ -3027,7 +3029,7 @@ eHalStatus pmcOffloadStartAutoStaPsTimer (tpAniSirGlobal pMac, smsLog(pMac, LOG2, FL("Entering pmcOffloadStartAutoStaPsTimer")); vosStatus = vos_timer_start(&pmc->autoPsEnableTimer, - pmc->autoPsEntryTimerPeriod); + timerValue); if(!VOS_IS_STATUS_SUCCESS(vosStatus)) { if(VOS_STATUS_E_ALREADY == vosStatus) @@ -3395,10 +3397,11 @@ eHalStatus pmcOffloadExitPowersaveState(tpAniSirGlobal pMac, tANI_U32 sessionId) /* Call Full Power Req Cbs */ pmcOffloadDoFullPowerCallbacks(pMac, sessionId, eHAL_STATUS_SUCCESS); - if(pmc->configStaPsEnabled) - pmcOffloadStartAutoStaPsTimer(pMac, sessionId); + if (pmc->configStaPsEnabled || pmc->configDefStaPsEnabled) + pmcOffloadStartAutoStaPsTimer(pMac, sessionId, + pmc->autoPsEntryTimerPeriod); else - smsLog(pMac, LOGE, FL("Master Sta Ps Disabled")); + smsLog(pMac, LOGE, FL("Master Sta Ps Disabled")); return eHAL_STATUS_SUCCESS; } diff --git a/CORE/SME/src/pmc/pmcApi.c b/CORE/SME/src/pmc/pmcApi.c index eb7bc507ac00..0a4b4ceff7bf 100644 --- a/CORE/SME/src/pmc/pmcApi.c +++ b/CORE/SME/src/pmc/pmcApi.c @@ -3509,6 +3509,7 @@ eHalStatus pmcOffloadCleanup(tHalHandle hHal, tANI_U32 sessionId) pmc->uapsdSessionRequired = FALSE; pmc->configStaPsEnabled = FALSE; + pmc->configDefStaPsEnabled = FALSE; pmcOffloadStopAutoStaPsTimer(pMac, sessionId); pmcOffloadDoStartUapsdCallbacks(pMac, sessionId, eHAL_STATUS_FAILURE); return eHAL_STATUS_SUCCESS; @@ -3839,6 +3840,9 @@ eHalStatus PmcOffloadDisableStaModePowerSave(tHalHandle hHal, */ smsLog(pMac, LOGE, FL("sta mode power save already disabled")); + /* Stop the Auto Sta Ps Timer if running */ + pmcOffloadStopAutoStaPsTimer(pMac, sessionId); + pmc->configDefStaPsEnabled = FALSE; } return status; } @@ -4305,3 +4309,40 @@ tANI_BOOLEAN pmcOffloadIsPowerSaveEnabled (tHalHandle hHal, tANI_U32 sessionId, } } +eHalStatus PmcOffloadEnableDeferredStaModePowerSave(tHalHandle hHal, + tANI_U32 sessionId) +{ + tpAniSirGlobal pMac = PMAC_STRUCT(hHal); + tpPsOffloadPerSessionInfo pmc = &pMac->pmcOffloadInfo.pmc[sessionId]; + eHalStatus status = eHAL_STATUS_FAILURE; + + if (!pMac->pmcOffloadInfo.staPsEnabled) + { + smsLog(pMac, LOGE, + FL("STA Mode PowerSave is not enabled in ini")); + return status; + } + + status = pmcOffloadStartAutoStaPsTimer(pMac, sessionId, + AUTO_DEFERRED_PS_ENTRY_TIMER_DEFAULT_VALUE); + if (eHAL_STATUS_SUCCESS == status) + { + smsLog(pMac, LOG2, + FL("Enabled Deferred ps for session %d"), sessionId); + pmc->configDefStaPsEnabled = TRUE; + } + return status; +} + +eHalStatus PmcOffloadDisableDeferredStaModePowerSave(tHalHandle hHal, + tANI_U32 sessionId) +{ + tpAniSirGlobal pMac = PMAC_STRUCT(hHal); + tpPsOffloadPerSessionInfo pmc = &pMac->pmcOffloadInfo.pmc[sessionId]; + + /* Stop the Auto Sta Ps Timer if running */ + pmcOffloadStopAutoStaPsTimer(pMac, sessionId); + pmc->configDefStaPsEnabled = FALSE; + return eHAL_STATUS_SUCCESS; +} + diff --git a/CORE/SME/src/sme_common/sme_Api.c b/CORE/SME/src/sme_common/sme_Api.c index 6df7077457a9..abc47d83b8f4 100644 --- a/CORE/SME/src/sme_common/sme_Api.c +++ b/CORE/SME/src/sme_common/sme_Api.c @@ -10683,6 +10683,36 @@ eHalStatus sme_PsOffloadDisablePowerSave (tHalHandle hHal, tANI_U32 sessionId) return (status); } +eHalStatus sme_PsOffloadEnableDeferredPowerSave (tHalHandle hHal, + tANI_U32 sessionId) +{ + eHalStatus status = eHAL_STATUS_FAILURE; + tpAniSirGlobal pMac = PMAC_STRUCT(hHal); + + status = sme_AcquireGlobalLock(&pMac->sme); + if (HAL_STATUS_SUCCESS( status )) + { + status = PmcOffloadEnableDeferredStaModePowerSave(hHal, sessionId); + sme_ReleaseGlobalLock( &pMac->sme ); + } + return (status); +} + +eHalStatus sme_PsOffloadDisableDeferredPowerSave (tHalHandle hHal, + tANI_U32 sessionId) +{ + eHalStatus status = eHAL_STATUS_FAILURE; + tpAniSirGlobal pMac = PMAC_STRUCT(hHal); + + status = sme_AcquireGlobalLock(&pMac->sme); + if (HAL_STATUS_SUCCESS( status )) + { + status = PmcOffloadDisableDeferredStaModePowerSave(hHal, sessionId); + sme_ReleaseGlobalLock( &pMac->sme ); + } + return (status); +} + tANI_S16 sme_GetHTConfig(tHalHandle hHal, tANI_U8 session_id, tANI_U16 ht_capab) { tpAniSirGlobal pMac = PMAC_STRUCT(hHal); -- cgit v1.2.3 From daac718b2d8f536f8054ccdd468bb02e50942678 Mon Sep 17 00:00:00 2001 From: Arif Hussain Date: Thu, 9 Jan 2014 11:56:08 -0800 Subject: wlan: Fix ioctl copy issue. Few IOCTL's SET command's uses ODD number, so we cannot utilize kernel facility "extra". We need to copy the user data in kernel buffer using copy_from_user function.. Change-Id: Ibf7d424384608c3b3667a7caea85bfe867d074c2 CRs-Fixed: 593806 --- CORE/HDD/inc/wlan_hdd_main.h | 2 + CORE/HDD/src/wlan_hdd_wext.c | 154 ++++++++++++++++++++++++++++++++++--------- 2 files changed, 125 insertions(+), 31 deletions(-) diff --git a/CORE/HDD/inc/wlan_hdd_main.h b/CORE/HDD/inc/wlan_hdd_main.h index 791ade2d26f7..877c4450b86f 100644 --- a/CORE/HDD/inc/wlan_hdd_main.h +++ b/CORE/HDD/inc/wlan_hdd_main.h @@ -213,6 +213,8 @@ #define HDD_PNO_SCAN_TIMERS_SET_MULTIPLE 6 #endif +#define MAX_USER_COMMAND_SIZE 4096 + #define HDD_MAC_ADDR_LEN 6 #define HDD_SESSION_ID_ANY 50 //This should be same as CSR_SESSION_ID_ANY typedef v_U8_t tWlanHddMacAddr[HDD_MAC_ADDR_LEN]; diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c index e2c9a60dd69d..afbcb38c88bf 100644 --- a/CORE/HDD/src/wlan_hdd_wext.c +++ b/CORE/HDD/src/wlan_hdd_wext.c @@ -278,8 +278,6 @@ static const hdd_freq_chan_map_t freq_chan_map[] = { {2412, 1}, {2417, 2}, #define WE_SET_AP_WPS_IE 4 //This is called in station mode to set probe rsp ie. #define WE_SET_CONFIG 5 -#define WLAN_PRIV_SET_CHAR_GET_NONE_BUFF_MAX 512 - /* Private ioctls and their sub-ioctls */ #define WLAN_PRIV_SET_THREE_INT_GET_NONE (SIOCIWFIRSTPRIV + 4) #define WE_SET_WLAN_DBG 1 @@ -489,6 +487,57 @@ int wlan_hdd_set_filter(hdd_context_t *pHddCtx, tpPacketFilterCfg pRequest, v_U8_t sessionId); #endif +/**--------------------------------------------------------------------------- + + \brief mem_alloc_copy_from_user_helper - + + Helper function to allocate buffer and copy user data. + + \param - wrqu - Pointer to IOCTL Data. + len - size + + \return - On Success pointer to buffer, On failure NULL + + --------------------------------------------------------------------------*/ +static void *mem_alloc_copy_from_user_helper(const void *wrqu_data, size_t len) +{ + u8 *ptr = NULL; + + /* in order to protect the code, an extra byte is post appended to the buffer + * and the null termination is added. However, when allocating (len+1) byte + * of memory, we need to make sure that there is no uint overflow when doing + * addition. In theory check len < UINT_MAX protects the uint overflow. For + * wlan private ioctl, the buffer size is much less than UINT_MAX, as a good + * guess, now, it is assumed that the private command buffer size is no + * greater than 4K (4096 bytes). So we use 4096 as the upper boundary for now. + */ + if (len > MAX_USER_COMMAND_SIZE) + { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "Invalid length"); + return NULL; + } + + + ptr = kmalloc(len + 1, GFP_KERNEL); + if (NULL == ptr) + { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "unable to allocate memory"); + return NULL; + } + + if (copy_from_user(ptr, wrqu_data, len)) + { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "%s: failed to copy data to user buffer", __func__); + kfree(ptr); + return NULL; + } + ptr[len] = '\0'; + return ptr; +} + /**--------------------------------------------------------------------------- \brief hdd_wlan_get_version() - @@ -5176,12 +5225,12 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in VOS_STATUS vstatus; int sub_cmd = wrqu->data.flags; int ret = 0; /* success */ + char *pBuffer = NULL; hdd_adapter_t *pAdapter = (netdev_priv(dev)); hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter); #ifdef WLAN_FEATURE_VOWIFI hdd_config_t *pConfig = pHddCtx->cfg_ini; #endif /* WLAN_FEATURE_VOWIFI */ - char usr_buf[WLAN_PRIV_SET_CHAR_GET_NONE_BUFF_MAX]; if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress) { @@ -5190,32 +5239,30 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in return -EBUSY; } - if (wrqu->data.length > WLAN_PRIV_SET_CHAR_GET_NONE_BUFF_MAX) - { - VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL, - "%s: Length of user data is too big", __func__); - return -E2BIG; - } - - if (copy_from_user(&usr_buf, wrqu->data.pointer, wrqu->data.length)) + /* ODD number is used for set, copy data using copy_from_user */ + pBuffer = mem_alloc_copy_from_user_helper(wrqu->data.pointer, + wrqu->data.length); + if (NULL == pBuffer) { - VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL, - "%s: Copy from user failed", __func__); - return -EFAULT; + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "mem_alloc_copy_from_user_helper fail"); + return -ENOMEM; } - VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: Received length %d", __func__, wrqu->data.length); - VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: Received data %s", __func__, usr_buf); + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, + "%s: Received length %d", __func__, wrqu->data.length); + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, + "%s: Received data %s", __func__, pBuffer); switch(sub_cmd) { case WE_WOWL_ADD_PTRN: VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "ADD_PTRN\n"); - hdd_add_wowl_ptrn(pAdapter, usr_buf); + hdd_add_wowl_ptrn(pAdapter, pBuffer); break; case WE_WOWL_DEL_PTRN: VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "DEL_PTRN\n"); - hdd_del_wowl_ptrn(pAdapter, usr_buf); + hdd_del_wowl_ptrn(pAdapter, pBuffer); break; #if defined WLAN_FEATURE_VOWIFI case WE_NEIGHBOR_REPORT_REQUEST: @@ -5230,7 +5277,7 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in if( !neighborReq.no_ssid ) { neighborReq.ssid.length = (wrqu->data.length - 1) > 32 ? 32 : (wrqu->data.length - 1) ; - vos_mem_copy( neighborReq.ssid.ssId, usr_buf, neighborReq.ssid.length ); + vos_mem_copy( neighborReq.ssid.ssId, pBuffer, neighborReq.ssid.length ); } callbackInfo.neighborRspCallback = NULL; @@ -5248,10 +5295,10 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in #endif case WE_SET_AP_WPS_IE: hddLog( LOGE, "Received WE_SET_AP_WPS_IE" ); - sme_updateP2pIe( WLAN_HDD_GET_HAL_CTX(pAdapter), &usr_buf, wrqu->data.length ); + sme_updateP2pIe( WLAN_HDD_GET_HAL_CTX(pAdapter), pBuffer, wrqu->data.length ); break; case WE_SET_CONFIG: - vstatus = hdd_execute_config_command(pHddCtx, usr_buf); + vstatus = hdd_execute_config_command(pHddCtx, pBuffer); if (VOS_STATUS_SUCCESS != vstatus) { ret = -EINVAL; @@ -5264,6 +5311,7 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in break; } } + kfree(pBuffer); return ret; } @@ -6503,7 +6551,6 @@ int iw_set_var_ints_getnone(struct net_device *dev, struct iw_request_info *info hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev); tHalHandle hHal = WLAN_HDD_GET_HAL_CTX(pAdapter); int sub_cmd = wrqu->data.flags; - int *value = (int*)extra; int apps_args[MAX_VAR_ARGS] = {0}; int num_args = wrqu->data.length; hdd_station_ctx_t *pStaCtx = NULL ; @@ -6524,7 +6571,14 @@ int iw_set_var_ints_getnone(struct net_device *dev, struct iw_request_info *info { num_args = MAX_VAR_ARGS; } - vos_mem_copy(apps_args, value, (sizeof(int)) * num_args); + + /* ODD number is used for set, copy data using copy_from_user */ + if (copy_from_user(apps_args, wrqu->data.pointer, (sizeof(int)) * num_args)) + { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "%s: failed to copy data to user buffer", __func__); + return -EFAULT; + } if(( sub_cmd == WE_MCC_CONFIG_CREDENTIAL ) || (sub_cmd == WE_MCC_CONFIG_PARAMS )) @@ -7861,9 +7915,23 @@ static int iw_set_packet_filter_params(struct net_device *dev, struct iw_request union iwreq_data *wrqu, char *extra) { hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev); - tpPacketFilterCfg pRequest = (tpPacketFilterCfg) extra; + tpPacketFilterCfg pRequest = NULL; + int ret; - return wlan_hdd_set_filter(WLAN_HDD_GET_CTX(pAdapter), pRequest, pAdapter->sessionId); + /* ODD number is used for set, copy data using copy_from_user */ + pRequest = mem_alloc_copy_from_user_helper(wrqu->data.pointer, + wrqu->data.length); + if (NULL == pRequest) + { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "mem_alloc_copy_from_user_helper fail"); + return -ENOMEM; + } + + ret = wlan_hdd_set_filter(WLAN_HDD_GET_CTX(pAdapter), pRequest, pAdapter->sessionId); + kfree(pRequest); + + return ret; } #endif static int iw_get_statistics(struct net_device *dev, @@ -8541,10 +8609,10 @@ static int iw_set_band_config(struct net_device *dev, union iwreq_data *wrqu, char *extra) { hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev); - tANI_U8 *ptr = extra; + tANI_U8 *ptr = NULL; int ret = 0; - VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,"%s: ", __func__); + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: ", __func__); if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress) { @@ -8553,23 +8621,47 @@ static int iw_set_band_config(struct net_device *dev, return -EBUSY; } + /* ODD number is used for set, copy data using copy_from_user */ + ptr = mem_alloc_copy_from_user_helper(wrqu->data.pointer, + wrqu->data.length); + if (NULL == ptr) + { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "mem_alloc_copy_from_user_helper fail"); + return -ENOMEM; + } + if (memcmp(ptr, "SETBAND ", 8) == 0) { /* Change band request received */ ret = hdd_setBand_helper(dev, ptr); - return ret; - } - return 0; + kfree(ptr); + + return ret; } static int iw_set_power_params_priv(struct net_device *dev, struct iw_request_info *info, union iwreq_data *wrqu, char *extra) { + int ret; + char *ptr; VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "Set power params Private"); - return iw_set_power_params(dev,info,wrqu,extra,0); + /* ODD number is used for set, copy data using copy_from_user */ + ptr = mem_alloc_copy_from_user_helper(wrqu->data.pointer, + wrqu->data.length); + if (NULL == ptr) + { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "mem_alloc_copy_from_user_helper fail"); + return -ENOMEM; + } + + ret = iw_set_power_params(dev, info, wrqu, ptr, 0); + kfree(ptr); + return ret; } -- cgit v1.2.3 From c4bea96a37714f0064a5f7e31fb6b50ad7642452 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Sirisilla Date: Fri, 24 Jan 2014 14:27:13 -0800 Subject: Unsafe use of Assert on MAC-SME modules. The CR identifies improper use of vos assert.At some places NULL pointers are asserted but no action is taken.This patch fixes such issues. CRs-Fixed: 589661 --- CORE/MAC/src/pe/lim/limScanResultUtils.c | 7 +++- CORE/SAP/src/sapModule.c | 6 ++- CORE/SME/src/QoS/sme_Qos.c | 71 +++++++++++++++++++++----------- CORE/SME/src/btc/btcApi.c | 12 +++++- CORE/SME/src/csr/csrApiRoam.c | 66 ++++++++++++++++++++++++----- CORE/SME/src/csr/csrApiScan.c | 19 +++++++-- CORE/SME/src/csr/csrCmdProcess.c | 6 ++- CORE/SME/src/csr/csrNeighborRoam.c | 41 ++++++++++++++---- CORE/SME/src/csr/csrUtil.c | 6 ++- CORE/SME/src/p2p/p2p_Api.c | 1 + CORE/SME/src/pmc/pmc.c | 63 +++++++++++++++++++++++----- 11 files changed, 235 insertions(+), 63 deletions(-) diff --git a/CORE/MAC/src/pe/lim/limScanResultUtils.c b/CORE/MAC/src/pe/lim/limScanResultUtils.c index 4755a6074981..3710177c4217 100644 --- a/CORE/MAC/src/pe/lim/limScanResultUtils.c +++ b/CORE/MAC/src/pe/lim/limScanResultUtils.c @@ -145,7 +145,12 @@ limCollectBssDescription(tpAniSirGlobal pMac, tANI_U8 rfBand = 0; pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo); - VOS_ASSERT(WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) >= SIR_MAC_B_PR_SSID_OFFSET); + + if (SIR_MAC_B_PR_SSID_OFFSET > WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo)) + { + VOS_ASSERT(WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) >= SIR_MAC_B_PR_SSID_OFFSET); + return eHAL_STATUS_FAILURE; + } ieLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo) - SIR_MAC_B_PR_SSID_OFFSET; rxChannel = WDA_GET_RX_CH(pRxPacketInfo); pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo); diff --git a/CORE/SAP/src/sapModule.c b/CORE/SAP/src/sapModule.c index 731ea68c4ca8..17af0026da54 100644 --- a/CORE/SAP/src/sapModule.c +++ b/CORE/SAP/src/sapModule.c @@ -145,7 +145,11 @@ WLANSAP_Open ptSapContext pSapCtx = NULL; /*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/ - VOS_ASSERT(pvosGCtx); + if (NULL == pvosGCtx) + { + VOS_ASSERT(pvosGCtx); + return VOS_STATUS_E_FAULT; + } /*------------------------------------------------------------------------ Allocate (and sanity check?!) SAP control block ------------------------------------------------------------------------*/ diff --git a/CORE/SME/src/QoS/sme_Qos.c b/CORE/SME/src/QoS/sme_Qos.c index daf9db6626c2..fd61b087d8f2 100644 --- a/CORE/SME/src/QoS/sme_Qos.c +++ b/CORE/SME/src/QoS/sme_Qos.c @@ -3366,12 +3366,11 @@ eHalStatus sme_QosCreateTspecRICIE(tpAniSirGlobal pMac, sme_QosWmmTspecInfo *pTs tDot11fIERICDataDesc ricIE; tANI_U32 nStatus; - VOS_ASSERT(NULL != pRICBuffer); - VOS_ASSERT(NULL != pRICLength); - VOS_ASSERT(NULL != pRICIdentifier); - if (pRICBuffer == NULL || pRICIdentifier == NULL || pRICLength == NULL) + { + VOS_ASSERT(0); return eHAL_STATUS_FAILURE; + } vos_mem_zero(&ricIE, sizeof(tDot11fIERICDataDesc)); @@ -4418,10 +4417,14 @@ eHalStatus sme_QosProcessReassocReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } sme_QosProcessFTReassocReqEv(pMac, sessionId, pEvent_info); return eHAL_STATUS_SUCCESS; } @@ -4433,10 +4436,15 @@ eHalStatus sme_QosProcessReassocReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } //buffer the existing flows to be renewed after handoff is done sme_QosBufferExistingFlows(pMac, sessionId); @@ -4452,10 +4460,15 @@ eHalStatus sme_QosProcessReassocReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } sme_QosProcessFTReassocReqEv(pMac, sessionId, pEvent_info); return eHAL_STATUS_SUCCESS; @@ -4990,10 +5003,15 @@ eHalStatus sme_QosProcessDisconnectEv(tpAniSirGlobal pMac, v_U8_t sessionId, voi "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + VOS_ASSERT(0); + return eHAL_STATUS_SUCCESS; + } + return eHAL_STATUS_SUCCESS; } sme_QosInitACs(pMac, sessionId); @@ -5057,10 +5075,15 @@ eHalStatus sme_QosProcessJoinReqEv(tpAniSirGlobal pMac, v_U8_t sessionId, void * "%s: %d: no need for state transition, should " "already be in handoff state", __func__, __LINE__); - VOS_ASSERT(pSession->ac_info[0].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[1].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[2].curr_state == SME_QOS_HANDOFF); - VOS_ASSERT(pSession->ac_info[3].curr_state == SME_QOS_HANDOFF); + if ((pSession->ac_info[0].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[1].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[2].curr_state != SME_QOS_HANDOFF) || + (pSession->ac_info[3].curr_state != SME_QOS_HANDOFF)) + { + // just print + VOS_ASSERT(0); + } + //buffer the existing flows to be renewed after handoff is done sme_QosBufferExistingFlows(pMac, sessionId); //clean up the control block partially for handoff diff --git a/CORE/SME/src/btc/btcApi.c b/CORE/SME/src/btc/btcApi.c index 0da0cc789bec..7ac71976410e 100644 --- a/CORE/SME/src/btc/btcApi.c +++ b/CORE/SME/src/btc/btcApi.c @@ -930,7 +930,11 @@ static VOS_STATUS btcDeferAclComplete( tpAniSirGlobal pMac, tpSmeBtEvent pEvent BT_INVALID_CONN_HANDLE ); if(pAclEventHist) { - VOS_ASSERT(pAclEventHist->bNextEventIdx >0); + if (pAclEventHist->bNextEventIdx <= 0) + { + VOS_ASSERT(pAclEventHist->bNextEventIdx >0); + return VOS_STATUS_E_EMPTY; + } //Found one if(BT_CONN_STATUS_SUCCESS != pEvent->uEventParam.btAclConnection.status) { @@ -1098,7 +1102,11 @@ static VOS_STATUS btcDeferSyncComplete( tpAniSirGlobal pMac, tpSmeBtEvent pEvent BT_INVALID_CONN_HANDLE ); if(pSyncEventHist) { - VOS_ASSERT(pSyncEventHist->bNextEventIdx >0); + if (pSyncEventHist->bNextEventIdx <= 0) + { + VOS_ASSERT(pSyncEventHist->bNextEventIdx >0); + return VOS_STATUS_E_EMPTY; + } //Found one if(BT_CONN_STATUS_SUCCESS != pEvent->uEventParam.btSyncConnection.status) { diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c index c9822ff8d062..740570712cdd 100644 --- a/CORE/SME/src/csr/csrApiRoam.c +++ b/CORE/SME/src/csr/csrApiRoam.c @@ -5749,7 +5749,11 @@ static tANI_BOOLEAN csrRoamProcessResults( tpAniSirGlobal pMac, tSmeCmd *pComman roamInfo.pbFrames = pSession->connectedInfo.pbFrames; roamInfo.staId = pSession->connectedInfo.staId; roamInfo.u.pConnectedProfile = &pSession->connectedProfile; - VOS_ASSERT( roamInfo.staId != 0 ); + if (0 == roamInfo.staId) + { + VOS_ASSERT( 0 ); + return eANI_BOOLEAN_FALSE; + } pSession->bRefAssocStartCnt--; csrRoamCallCallback(pMac, sessionId, &roamInfo, pCommand->u.roamCmd.roamId, eCSR_ROAM_ASSOCIATION_COMPLETION, eCSR_ROAM_RESULT_ASSOCIATED); @@ -7587,8 +7591,12 @@ static void csrRoamingStateConfigCnfProcessor( tpAniSirGlobal pMac, tANI_U32 res csrRoamComplete(pMac, eCsrJoinFailure, NULL); return; } - // If we are roaming TO an Infrastructure BSS... - VOS_ASSERT(pScanResult != NULL); + if ( NULL == pScanResult) + { + // If we are roaming TO an Infrastructure BSS... + VOS_ASSERT(pScanResult != NULL); + return; + } if ( csrIsInfraBssDesc( pBssDesc ) ) { tDot11fBeaconIEs *pIesLocal = (tDot11fBeaconIEs *)pScanResult->Result.pvIes; @@ -10136,7 +10144,12 @@ void csrCallRoamingCompletionCallback(tpAniSirGlobal pMac, tCsrRoamSession *pSes if(pSession->bRefAssocStartCnt) { pSession->bRefAssocStartCnt--; - VOS_ASSERT( pSession->bRefAssocStartCnt == 0); + + if (0 != pSession->bRefAssocStartCnt) + { + VOS_ASSERT( pSession->bRefAssocStartCnt == 0); + return; + } //Need to call association_completion because there is an assoc_start pending. csrRoamCallCallback(pMac, pSession->sessionId, NULL, roamId, eCSR_ROAM_ASSOCIATION_COMPLETION, @@ -10417,7 +10430,11 @@ void csrRoamCompletion(tpAniSirGlobal pMac, tANI_U32 sessionId, tCsrRoamInfo *pR if(pCommand) { roamId = pCommand->u.roamCmd.roamId; - VOS_ASSERT( sessionId == pCommand->sessionId ); + if (sessionId != pCommand->sessionId) + { + VOS_ASSERT( sessionId == pCommand->sessionId ); + return; + } } if(eCSR_ROAM_ROAMING_COMPLETION == roamStatus) { @@ -10426,7 +10443,11 @@ void csrRoamCompletion(tpAniSirGlobal pMac, tANI_U32 sessionId, tCsrRoamInfo *pR } else { - VOS_ASSERT(pSession->bRefAssocStartCnt == 0); + if (pSession->bRefAssocStartCnt != 0) + { + VOS_ASSERT(pSession->bRefAssocStartCnt == 0); + return; + } smsLog(pMac, LOGW, FL(" indicates association completion. roamResult = %d"), roamResult); csrRoamCallCallback(pMac, sessionId, pRoamInfo, roamId, roamStatus, roamResult); } @@ -12289,7 +12310,12 @@ static eHalStatus csrRoamStartWds( tpAniSirGlobal pMac, tANI_U32 sessionId, tCsr //Otherwise we need to add code to handle the //situation just like IBSS. Though for WDS station, we need to send disassoc to PE first then //send stop_bss to PE, before we can continue. - VOS_ASSERT( !csrIsConnStateWds( pMac, sessionId ) ); + + if (csrIsConnStateWds( pMac, sessionId )) + { + VOS_ASSERT(0); + return eHAL_STATUS_FAILURE; + } vos_mem_set(&bssConfig, sizeof(tBssConfigParam), 0); /* Assume HDD provide bssid in profile */ vos_mem_copy(&pSession->bssParams.bssid, pProfile->BSSIDs.bssid[0], @@ -13233,8 +13259,12 @@ csrSendMBGetWPSPBCSessions( tpAniSirGlobal pMac, tANI_U32 sessionId, vos_mem_set(pMsg, sizeof( tSirSmeGetWPSPBCSessionsReq ), 0); pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_GET_WPSPBC_SESSION_REQ); pBuf = (tANI_U8 *)&pMsg->pUsrContext; - VOS_ASSERT(pBuf); + if( NULL == pBuf) + { + VOS_ASSERT(pBuf); + return eHAL_STATUS_FAILURE; + } wTmpBuf = pBuf; // pUsrContext dwTmp = pal_cpu_to_be32((tANI_U32)pUsrContext); @@ -14975,7 +15005,11 @@ void csrRoamVccTrigger(tpAniSirGlobal pMac) -------------------------------------------------------------------------*/ ul_mac_loss_trigger_threshold = pMac->roam.configParam.vccUlMacLossThreshold; - VOS_ASSERT( ul_mac_loss_trigger_threshold != 0 ); + if (0 == ul_mac_loss_trigger_threshold) + { + VOS_ASSERT( ul_mac_loss_trigger_threshold != 0 ); + return; + } smsLog(pMac, LOGW, "csrRoamVccTrigger: UL_MAC_LOSS_THRESHOLD is %d", ul_mac_loss_trigger_threshold ); if(ul_mac_loss_trigger_threshold < ul_mac_loss) @@ -16802,7 +16836,12 @@ eHalStatus csrRoamUpdateAPWPSIE( tpAniSirGlobal pMac, tANI_U32 sessionId, tSirAP pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_UPDATE_APWPSIE_REQ); pBuf = (tANI_U8 *)&pMsg->transactionId; - VOS_ASSERT(pBuf); + + if (NULL == pBuf) + { + VOS_ASSERT(pBuf); + return eHAL_STATUS_FAILURE; + } wTmpBuf = pBuf; // transactionId @@ -16842,11 +16881,16 @@ eHalStatus csrRoamUpdateWPARSNIEs( tpAniSirGlobal pMac, tANI_U32 sessionId, tSir pMsg->messageType = pal_cpu_to_be16((tANI_U16)eWNI_SME_SET_APWPARSNIEs_REQ); pBuf = (tANI_U8 *)&pMsg->transactionId; wTmpBuf = pBuf; + + if (NULL == pBuf) + { + VOS_ASSERT(pBuf); + return eHAL_STATUS_FAILURE; + } // transactionId *pBuf = 0; *( pBuf + 1 ) = 0; pBuf += sizeof(tANI_U16); - VOS_ASSERT(pBuf); // bssId vos_mem_copy((tSirMacAddr *)pBuf, &pSession->selfMacAddr, diff --git a/CORE/SME/src/csr/csrApiScan.c b/CORE/SME/src/csr/csrApiScan.c index 015e89870bbf..81ca2ecd514f 100644 --- a/CORE/SME/src/csr/csrApiScan.c +++ b/CORE/SME/src/csr/csrApiScan.c @@ -238,7 +238,11 @@ int csrCheckValidateLists(void * dest, const void *src, v_SIZE_t num, int idx) if((tANI_U32)(pElem->next) > 0x00010000) { pElem = pElem->next; - VOS_ASSERT(count > 0); + if (count <=0) + { + VOS_ASSERT(count > 0); + return 0; + } count--; } else @@ -263,6 +267,7 @@ int csrCheckValidateLists(void * dest, const void *src, v_SIZE_t num, int idx) (unsigned int)dest, (unsigned int)src, (int)num); VOS_ASSERT(0); ii = 0; + return ii; } } else @@ -3247,7 +3252,11 @@ static tCsrScanResult *csrScanSaveBssDescription( tpAniSirGlobal pMac, tSirBssDe pCsrBssDescription->AgingCount = (tANI_S32)pMac->roam.configParam.agingCount; vos_mem_copy(&pCsrBssDescription->Result.BssDescriptor, pBSSDescription, cbBSSDesc); #if defined(VOSS_ENSBALED) - VOS_ASSERT( pCsrBssDescription->Result.pvIes == NULL ); + if ( NULL != pCsrBssDescription->Result.pvIes) + { + VOS_ASSERT( pCsrBssDescription->Result.pvIes == NULL ); + return NULL; + } #endif csrScanAddResult(pMac, pCsrBssDescription, pIes); } @@ -4106,7 +4115,11 @@ tANI_BOOLEAN csrLearnCountryInformation( tpAniSirGlobal pMac, tSirBssDescription } else { - VOS_ASSERT( pMac->scan.domainIdCurrent == pMac->scan.domainIdDefault ); + if (pMac->scan.domainIdCurrent != pMac->scan.domainIdDefault) + { + VOS_ASSERT( pMac->scan.domainIdCurrent == pMac->scan.domainIdDefault ); + return eANI_BOOLEAN_FALSE; + } if( HAL_STATUS_SUCCESS(csrGetRegulatoryDomainForCountry( pMac, pIesLocal->Country.country, &domainId, COUNTRY_QUERY)) && diff --git a/CORE/SME/src/csr/csrCmdProcess.c b/CORE/SME/src/csr/csrCmdProcess.c index 8d88e75e18ce..506b5d8a8d15 100644 --- a/CORE/SME/src/csr/csrCmdProcess.c +++ b/CORE/SME/src/csr/csrCmdProcess.c @@ -124,7 +124,11 @@ tANI_BOOLEAN csrCheckPSReady(void *pv) { tpAniSirGlobal pMac = PMAC_STRUCT( pv ); - VOS_ASSERT( pMac->roam.sPendingCommands >= 0 ); + if (pMac->roam.sPendingCommands < 0) + { + VOS_ASSERT( pMac->roam.sPendingCommands >= 0 ); + return 0; + } return (pMac->roam.sPendingCommands == 0); } diff --git a/CORE/SME/src/csr/csrNeighborRoam.c b/CORE/SME/src/csr/csrNeighborRoam.c index 6de4bc73dbd8..b2c91819dac9 100644 --- a/CORE/SME/src/csr/csrNeighborRoam.c +++ b/CORE/SME/src/csr/csrNeighborRoam.c @@ -974,8 +974,12 @@ static eHalStatus csrNeighborRoamIssuePreauthReq(tpAniSirGlobal pMac) tCsrRoamInfo *roamInfo; #endif - /* This must not be true here */ - VOS_ASSERT(pNeighborRoamInfo->FTRoamInfo.preauthRspPending == eANI_BOOLEAN_FALSE); + if (eANI_BOOLEAN_FALSE != pNeighborRoamInfo->FTRoamInfo.preauthRspPending) + { + /* This must not be true here */ + VOS_ASSERT(pNeighborRoamInfo->FTRoamInfo.preauthRspPending == eANI_BOOLEAN_FALSE); + return eHAL_STATUS_FAILURE; + } /* Issue Preauth request to PE here */ /* Need to issue the preauth request with the BSSID that is there in the head of the roamable AP list */ @@ -2207,7 +2211,12 @@ static eHalStatus csrNeighborRoamScanRequestCallback(tHalHandle halHandle, void /* Now we have completed scanning the channel list. We have get the result by applying appropriate filter sort the results based on neighborScore and RSSI and select the best candidate out of the list */ NEIGHBOR_ROAM_DEBUG(pMac, LOGW, FL("Channel list scan completed. Current chan index = %d"), currentChanIndex); - VOS_ASSERT(pNeighborRoamInfo->roamChannelInfo.currentChanIndex == 0); + + if (pNeighborRoamInfo->roamChannelInfo.currentChanIndex != 0) + { + VOS_ASSERT(pNeighborRoamInfo->roamChannelInfo.currentChanIndex == 0); + return eHAL_STATUS_FAILURE; + } hstatus = csrNeighborRoamProcessScanComplete(pMac); @@ -2640,7 +2649,11 @@ void csrNeighborRoamNeighborScanTimerCallback(void *pv) return; } - VOS_ASSERT(sessionId == pNeighborRoamInfo->csrSessionId); + if (sessionId != pNeighborRoamInfo->csrSessionId) + { + VOS_ASSERT(sessionId == pNeighborRoamInfo->csrSessionId); + return; + } switch (pNeighborRoamInfo->neighborRoamState) { @@ -3528,7 +3541,6 @@ VOS_STATUS csrNeighborRoamTransitToCFGChanScan(tpAniSirGlobal pMac) numOfChannels * sizeof(tANI_U8)); } - VOS_ASSERT(currChannelListInfo->ChannelList == NULL); currChannelListInfo->ChannelList = vos_mem_malloc(numOfChannels * sizeof(tANI_U8)); if (NULL == currChannelListInfo->ChannelList) @@ -3842,7 +3854,11 @@ VOS_STATUS csrNeighborRoamNeighborLookupUPCallback (v_PVOID_t pAdapter, v_U8_t r return VOS_STATUS_SUCCESS; } - VOS_ASSERT(WLANTL_HO_THRESHOLD_UP == rssiNotification); + if (WLANTL_HO_THRESHOLD_UP != rssiNotification) + { + VOS_ASSERT(WLANTL_HO_THRESHOLD_UP == rssiNotification); + return VOS_STATUS_E_FAILURE; + } vosStatus = csrNeighborRoamNeighborLookupUpEvent(pMac); return vosStatus; } @@ -3882,7 +3898,11 @@ VOS_STATUS csrNeighborRoamNeighborLookupDOWNCallback (v_PVOID_t pAdapter, v_U8_t return VOS_STATUS_SUCCESS; } - VOS_ASSERT(WLANTL_HO_THRESHOLD_DOWN == rssiNotification); + if (WLANTL_HO_THRESHOLD_DOWN != rssiNotification) + { + VOS_ASSERT(WLANTL_HO_THRESHOLD_DOWN == rssiNotification); + return VOS_STATUS_E_FAILURE; + } vosStatus = csrNeighborRoamNeighborLookupDownEvent(pMac); return vosStatus; @@ -4666,8 +4686,11 @@ void csrNeighborRoamGetHandoffAPInfo(tpAniSirGlobal pMac, tpCsrNeighborRoamBSSIn tpCsrNeighborRoamControlInfo pNeighborRoamInfo = &pMac->roam.neighborRoamInfo; tpCsrNeighborRoamBSSInfo pBssNode; - VOS_ASSERT(NULL != pHandoffNode); - + if (NULL == pHandoffNode) + { + VOS_ASSERT(NULL != pHandoffNode); + return; + } #ifdef WLAN_FEATURE_VOWIFI_11R if (pNeighborRoamInfo->is11rAssoc) { diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c index 2e498d870d5c..26bc906900b2 100644 --- a/CORE/SME/src/csr/csrUtil.c +++ b/CORE/SME/src/csr/csrUtil.c @@ -1939,7 +1939,11 @@ eCsrMediaAccessType csrGetQoSFromBssDesc( tHalHandle hHal, tSirBssDescription *p { eCsrMediaAccessType qosType = eCSR_MEDIUM_ACCESS_DCF; - VOS_ASSERT( pIes != NULL ); + if (NULL == pIes) + { + VOS_ASSERT( pIes != NULL ); + return( qosType ); + } do { diff --git a/CORE/SME/src/p2p/p2p_Api.c b/CORE/SME/src/p2p/p2p_Api.c index 5a65dd1cc361..601a005d0087 100644 --- a/CORE/SME/src/p2p/p2p_Api.c +++ b/CORE/SME/src/p2p/p2p_Api.c @@ -1540,6 +1540,7 @@ static eHalStatus p2pListenStateDiscoverableCallback(tHalHandle halHandle, void if (!VOS_IS_STATUS_SUCCESS(status)) { VOS_ASSERT(status); + return status; } } else diff --git a/CORE/SME/src/pmc/pmc.c b/CORE/SME/src/pmc/pmc.c index f1cba31cd8cd..fde38b8910f5 100644 --- a/CORE/SME/src/pmc/pmc.c +++ b/CORE/SME/src/pmc/pmc.c @@ -275,10 +275,18 @@ eHalStatus pmcEnterRequestFullPowerState (tHalHandle hHal, tRequestFullPowerReas if ( pMac->pmc.rfSuppliesVotedOff ) { status = vos_chipVoteOnRFSupply(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if(VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } status = vos_chipVoteOnXOBuffer(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if(VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } pMac->pmc.rfSuppliesVotedOff = FALSE; } @@ -484,10 +492,18 @@ eHalStatus pmcEnterImpsState (tHalHandle hHal) //Vote off RF supplies. Note RF supllies are not voted off if there is a //pending request for full power already status = vos_chipVoteOffRFSupply(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if (VOS_STATUS_SUCCESS != status ) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } status = vos_chipVoteOffXOBuffer(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + if (VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } pMac->pmc.rfSuppliesVotedOff= TRUE; @@ -1493,10 +1509,20 @@ eHalStatus pmcEnterStandbyState (tHalHandle hHal) //Note that RF supplies are not voted off if there is already a pending request //for full power status = vos_chipVoteOffRFSupply(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + + if (VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } status = vos_chipVoteOffXOBuffer(&callType, NULL, NULL); - VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + + if (VOS_STATUS_SUCCESS != status) + { + VOS_ASSERT( VOS_IS_STATUS_SUCCESS( status ) ); + return eHAL_STATUS_FAILURE; + } pMac->pmc.rfSuppliesVotedOff= TRUE; @@ -1842,7 +1868,12 @@ static void pmcProcessDeferredMsg( tpAniSirGlobal pMac ) switch (pDeferredMsg->messageType) { case eWNI_PMC_WOWL_ADD_BCAST_PTRN: - VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlAddBcastPtrn) ); + if (pDeferredMsg->size != sizeof(tSirWowlAddBcastPtrn)) + { + VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlAddBcastPtrn) ); + return; + } + if (pmcSendMessage(pMac, eWNI_PMC_WOWL_ADD_BCAST_PTRN, &pDeferredMsg->u.wowlAddPattern, sizeof(tSirWowlAddBcastPtrn)) != eHAL_STATUS_SUCCESS) @@ -1852,7 +1883,11 @@ static void pmcProcessDeferredMsg( tpAniSirGlobal pMac ) break; case eWNI_PMC_WOWL_DEL_BCAST_PTRN: - VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlDelBcastPtrn) ); + if (pDeferredMsg->size != sizeof(tSirWowlDelBcastPtrn)) + { + VOS_ASSERT( pDeferredMsg->size == sizeof(tSirWowlDelBcastPtrn) ); + return; + } if (pmcSendMessage(pMac, eWNI_PMC_WOWL_DEL_BCAST_PTRN, &pDeferredMsg->u.wowlDelPattern, sizeof(tSirWowlDelBcastPtrn)) != eHAL_STATUS_SUCCESS) @@ -1862,7 +1897,11 @@ static void pmcProcessDeferredMsg( tpAniSirGlobal pMac ) break; case eWNI_PMC_PWR_SAVE_CFG: - VOS_ASSERT( pDeferredMsg->size == sizeof(tSirPowerSaveCfg) ); + if (pDeferredMsg->size != sizeof(tSirPowerSaveCfg)) + { + VOS_ASSERT( pDeferredMsg->size == sizeof(tSirPowerSaveCfg) ); + return; + } if (pmcSendMessage(pMac, eWNI_PMC_PWR_SAVE_CFG, &pDeferredMsg->u.powerSaveConfig, sizeof(tSirPowerSaveCfg)) != eHAL_STATUS_SUCCESS) @@ -2020,7 +2059,11 @@ eHalStatus pmcPrepareCommand( tpAniSirGlobal pMac, tANI_U32 sessionId, eHalStatus status = eHAL_STATUS_RESOURCES; tSmeCmd *pCommand = NULL; - VOS_ASSERT( ppCmd ); + if (NULL == ppCmd) + { + VOS_ASSERT( ppCmd ); + return eHAL_STATUS_FAILURE; + } do { pCommand = smeGetCommandBuffer( pMac ); -- cgit v1.2.3 From 31478275760f247ed422ca070d911766e1884141 Mon Sep 17 00:00:00 2001 From: Deepak Dhamdhere Date: Fri, 24 Jan 2014 15:28:24 -0800 Subject: qcacld: Use START_SCAN to change channel while connected. If WDA_CHAN_SWITCH_REQ is received while station is connected, do not use VDEV_START. Instead, ask firmware to do passive scan on that channel. It is used for preauth during roaming. Modified wma_set_channel to divert to wma_start_scan when connected. Added state machine to track preauth channel request and completion. Added channel frequency to htt tx descriptor of management tx frame. Needs firmware modification that detects auth frame with channel frequency tag and allows it to transmit. CRs-Fixed: 592816 --- CORE/CLD_TXRX/TXRX/ol_tx.c | 4 +- CORE/SERVICES/COMMON/ol_htt_tx_api.h | 21 ++- CORE/SERVICES/COMMON/ol_txrx_ctrl_api.h | 3 +- CORE/SERVICES/COMMON/wdi_in.h | 3 +- CORE/SERVICES/WMA/wma.c | 237 +++++++++++++++++++++++++++----- CORE/SERVICES/WMA/wma.h | 13 ++ 6 files changed, 238 insertions(+), 43 deletions(-) diff --git a/CORE/CLD_TXRX/TXRX/ol_tx.c b/CORE/CLD_TXRX/TXRX/ol_tx.c index 4290b76fd15a..630283ffc0dc 100644 --- a/CORE/CLD_TXRX/TXRX/ol_tx.c +++ b/CORE/CLD_TXRX/TXRX/ol_tx.c @@ -654,7 +654,8 @@ ol_txrx_mgmt_send( ol_txrx_vdev_handle vdev, adf_nbuf_t tx_mgmt_frm, u_int8_t type, - u_int8_t use_6mbps) + u_int8_t use_6mbps, + u_int16_t chanfreq) { struct ol_txrx_pdev_t *pdev = vdev->pdev; struct ol_tx_desc_t *tx_desc; @@ -767,6 +768,7 @@ ol_txrx_mgmt_send( tx_mgmt_frm, &tx_msdu_info.htt); htt_tx_desc_display(tx_desc->htt_tx_desc); + htt_tx_desc_set_chanfreq((u_int32_t *)(tx_desc->htt_tx_desc), chanfreq); ol_tx_enqueue(vdev->pdev, txq, tx_desc, &tx_msdu_info); if (tx_msdu_info.peer) { diff --git a/CORE/SERVICES/COMMON/ol_htt_tx_api.h b/CORE/SERVICES/COMMON/ol_htt_tx_api.h index 98e5dcd1274c..b145b50396bf 100644 --- a/CORE/SERVICES/COMMON/ol_htt_tx_api.h +++ b/CORE/SERVICES/COMMON/ol_htt_tx_api.h @@ -654,13 +654,30 @@ htt_tx_desc_set_peer_id( static inline void htt_tx_desc_set_peer_id(u_int32_t *htt_tx_desc, u_int16_t peer_id) { - u_int32_t *peer_id_field_ptr; + u_int16_t *peer_id_field_ptr; - peer_id_field_ptr = (u_int32_t *) + peer_id_field_ptr = (u_int16_t *) (htt_tx_desc + HTT_TX_DESC_PEERID_DESC_PADDR_OFFSET_DWORD); *peer_id_field_ptr = peer_id; } #endif /* QCA_WIFI_ISOC */ +#ifdef QCA_WIFI_ISOC +void +htt_tx_desc_set_chanfreq( + u_int32_t *htt_tx_desc, + u_int16_t chanfreq); +#else +static inline +void htt_tx_desc_set_chanfreq(u_int32_t *htt_tx_desc, u_int16_t chanfreq) +{ + u_int16_t *chanfreq_field_ptr; + + chanfreq_field_ptr = (u_int16_t *) + (htt_tx_desc + HTT_TX_DESC_PEERID_DESC_PADDR_OFFSET_DWORD + sizeof(u_int16_t)); + + *chanfreq_field_ptr = chanfreq; +} +#endif /* QCA_WIFI_ISOC */ #endif /* _OL_HTT_TX_API__H_ */ diff --git a/CORE/SERVICES/COMMON/ol_txrx_ctrl_api.h b/CORE/SERVICES/COMMON/ol_txrx_ctrl_api.h index d40bca237e68..84a960ba7ac1 100644 --- a/CORE/SERVICES/COMMON/ol_txrx_ctrl_api.h +++ b/CORE/SERVICES/COMMON/ol_txrx_ctrl_api.h @@ -511,7 +511,8 @@ ol_txrx_mgmt_send( ol_txrx_vdev_handle vdev, adf_nbuf_t tx_mgmt_frm, u_int8_t type, - u_int8_t use_6mbps); + u_int8_t use_6mbps, + u_int16_t chanfreq); /** * @brief Setup the monitor mode vap (vdev) for this pdev diff --git a/CORE/SERVICES/COMMON/wdi_in.h b/CORE/SERVICES/COMMON/wdi_in.h index db87a78a4587..4ecab9885825 100644 --- a/CORE/SERVICES/COMMON/wdi_in.h +++ b/CORE/SERVICES/COMMON/wdi_in.h @@ -551,7 +551,8 @@ wdi_in_mgmt_send( ol_txrx_vdev_handle vdev, adf_nbuf_t tx_mgmt_frm, u_int8_t type, - u_int8_t use_6mbps); + u_int8_t use_6mbps, + u_int16_t chanfreq); /** * @brief Setup the monitor mode vap (vdev) for this pdev diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c index 2cb64bbc85e1..4b2024681d4f 100644 --- a/CORE/SERVICES/WMA/wma.c +++ b/CORE/SERVICES/WMA/wma.c @@ -3154,11 +3154,10 @@ VOS_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, /* Allocate the memory */ *buf = wmi_buf_alloc(wma_handle->wmi_handle, len); - if (!*buf) { - WMA_LOGP("failed to allocate memory for start scan cmd"); - vos_status = VOS_STATUS_E_FAILURE; - goto error; - } + if (!*buf) { + WMA_LOGP("failed to allocate memory for start scan cmd"); + return VOS_STATUS_E_FAILURE; + } buf_ptr = (u_int8_t *) wmi_buf_data(*buf); cmd = (wmi_start_scan_cmd_fixed_param *) buf_ptr; @@ -3282,10 +3281,11 @@ VOS_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, buf_ptr += WMI_TLV_HDR_SIZE + ie_len_with_pad; *buf_len = len; - vos_status = VOS_STATUS_SUCCESS; + return VOS_STATUS_SUCCESS; error: - vos_mem_free(scan_req); - return vos_status; + vos_mem_free(*buf); + *buf = NULL; + return vos_status; } /* function : wma_get_buf_stop_scan_cmd @@ -3324,7 +3324,6 @@ VOS_STATUS wma_get_buf_stop_scan_cmd(tp_wma_handle wma_handle, *buf_len = len; vos_status = VOS_STATUS_SUCCESS; error: - vos_mem_free(abort_scan_req); return vos_status; } @@ -3384,7 +3383,7 @@ VOS_STATUS wma_send_snr_request(tp_wma_handle wma_handle, void *pGetRssiReq) * Returns : */ VOS_STATUS wma_start_scan(tp_wma_handle wma_handle, - tSirScanOffloadReq *scan_req) + tSirScanOffloadReq *scan_req, v_U16_t msg_type) { VOS_STATUS vos_status = VOS_STATUS_SUCCESS; wmi_buf_t buf; @@ -3425,23 +3424,28 @@ VOS_STATUS wma_start_scan(tp_wma_handle wma_handle, goto error; } - WMA_LOGI("WMA --> WMI_START_SCAN_CMDID"); + if (msg_type == WDA_CHNL_SWITCH_REQ) { + wma_handle->roam_preauth_scan_id = cmd->scan_id; + } + // WMA_LOGI("WMA --> WMI_START_SCAN_CMDID"); return VOS_STATUS_SUCCESS; error: wma_reset_scan_info(wma_handle, cmd->vdev_id); if (buf) adf_nbuf_free(buf); error1: - scan_event = (tSirScanOffloadEvent *) vos_mem_malloc - (sizeof(tSirScanOffloadEvent)); - if (!scan_event) { - WMA_LOGP("Failed to allocate memory for scan rsp"); - return VOS_STATUS_E_NOMEM; - } - scan_event->event = WMI_SCAN_EVENT_COMPLETED; - scan_event->reasonCode = eSIR_SME_SCAN_FAILED; - wma_send_msg(wma_handle, WDA_RX_SCAN_EVENT, (void *) scan_event, 0) ; - + /* Send completion event for only for start scan request */ + if (msg_type == WDA_START_SCAN_OFFLOAD_REQ) { + scan_event = + (tSirScanOffloadEvent *) vos_mem_malloc(sizeof(tSirScanOffloadEvent)); + if (!scan_event) { + WMA_LOGP("Failed to allocate memory for scan rsp"); + return VOS_STATUS_E_NOMEM; + } + scan_event->event = WMI_SCAN_EVENT_COMPLETED; + scan_event->reasonCode = eSIR_SME_SCAN_FAILED; + wma_send_msg(wma_handle, WDA_RX_SCAN_EVENT, (void *) scan_event, 0) ; + } return vos_status; } @@ -3660,8 +3664,8 @@ VOS_STATUS wma_roam_scan_offload_rssi_thresh(tp_wma_handle wma_handle, wmi_roam_scan_rssi_threshold_fixed_param)); /* fill in threshold values */ rssi_threshold_fp->vdev_id = wma_handle->roam_offload_vdev_id; - rssi_threshold_fp->roam_scan_rssi_thresh = rssi_thresh; - rssi_threshold_fp->roam_rssi_thresh_diff = rssi_thresh_diff; + rssi_threshold_fp->roam_scan_rssi_thresh = rssi_thresh & 0x000000ff; + rssi_threshold_fp->roam_rssi_thresh_diff = rssi_thresh_diff & 0x000000ff; status = wmi_unified_cmd_send(wma_handle->wmi_handle, buf, len, WMI_ROAM_SCAN_RSSI_THRESHOLD); @@ -5041,19 +5045,161 @@ static void wma_remove_vdev_req(tp_wma_handle wma, u_int8_t vdev_id, vos_mem_free(req_msg); } +/* function : wma_roam_preauth_chan_set + * Description: Send a single channel passive scan request + * to handle set_channel operation for preauth + * Args: + * Returns : + */ +VOS_STATUS wma_roam_preauth_chan_set(tp_wma_handle wma_handle, + tpSwitchChannelParams params, u_int8_t vdev_id) +{ + VOS_STATUS vos_status = VOS_STATUS_SUCCESS; + tSirScanOffloadReq scan_req; + u_int8_t bssid[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + + WMA_LOGI("%s: channel %d", __func__, params->channelNumber); + + /* Prepare a dummy scan request and get the + * wmi_start_scan_cmd_fixed_param structure filled properly + */ + vos_mem_zero(&scan_req, sizeof(scan_req)); + vos_copy_macaddr((v_MACADDR_t *) &scan_req.bssId, (v_MACADDR_t *)bssid); + vos_copy_macaddr((v_MACADDR_t *)&scan_req.selfMacAddr, (v_MACADDR_t *)¶ms->selfStaMacAddr); + scan_req.channelList.numChannels = 1; + scan_req.channelList.channelNumber[0] = params->channelNumber; + scan_req.numSsid = 0; + scan_req.minChannelTime = WMA_ROAM_PREAUTH_SCAN_TIME; + scan_req.maxChannelTime = WMA_ROAM_PREAUTH_SCAN_TIME; + scan_req.scanType = eSIR_PASSIVE_SCAN; + scan_req.p2pScanType = P2P_SCAN_TYPE_LISTEN; + scan_req.sessionId = vdev_id; + wma_handle->roam_preauth_chan_context = params; + wma_handle->roam_preauth_chanfreq = vos_chan_to_freq(params->channelNumber); + + vos_status = wma_start_scan(wma_handle, &scan_req, WDA_CHNL_SWITCH_REQ); + + wma_handle->roam_preauth_scan_state = (vos_status == VOS_STATUS_SUCCESS) ? + WMA_ROAM_PREAUTH_CHAN_REQUESTED : WMA_ROAM_PREAUTH_CHAN_NONE; + return vos_status; +} + +VOS_STATUS wma_roam_preauth_chan_cancel(tp_wma_handle wma_handle, + tpSwitchChannelParams params, u_int8_t vdev_id) +{ + tAbortScanParams abort_scan_req; + VOS_STATUS vos_status = VOS_STATUS_SUCCESS; + + WMA_LOGI("%s: channel %d", __func__, params->channelNumber); + + abort_scan_req.SessionId = vdev_id; + wma_handle->roam_preauth_scan_state = WMA_ROAM_PREAUTH_CHAN_CANCEL_REQUESTED; + wma_handle->roam_preauth_chan_context = params; + vos_status = wma_stop_scan(wma_handle, &abort_scan_req); + return vos_status; +} + +static void wma_roam_preauth_scan_event_handler(tp_wma_handle wma_handle, + u_int8_t vdev_id, wmi_scan_event_fixed_param *wmi_event) +{ + VOS_STATUS vos_status = VOS_STATUS_SUCCESS; + tSwitchChannelParams *params; + + WMA_LOGI("%s: event 0x%x, reason 0x%x", + __func__, wmi_event->event, wmi_event->reason); + switch(wma_handle->roam_preauth_scan_state) { + case WMA_ROAM_PREAUTH_CHAN_REQUESTED: + if (wmi_event->event & WMI_SCAN_EVENT_FOREIGN_CHANNEL) { + /* complete set_chan request */ + wma_handle->roam_preauth_scan_state = WMA_ROAM_PREAUTH_ON_CHAN; + vos_status = VOS_STATUS_SUCCESS; + } else if (wmi_event->event & + (WMI_SCAN_EVENT_START_FAILED|WMI_SCAN_EVENT_COMPLETED)){ + /* Failed to get preauth channel or finished (unlikely) */ + wma_handle->roam_preauth_scan_state = WMA_ROAM_PREAUTH_CHAN_NONE; + vos_status = VOS_STATUS_E_FAILURE; + } else + return; + break; + case WMA_ROAM_PREAUTH_CHAN_CANCEL_REQUESTED: + /* Completed or cancelled, complete set_chan cancel request */ + wma_handle->roam_preauth_scan_state = WMA_ROAM_PREAUTH_CHAN_NONE; + break; + + case WMA_ROAM_PREAUTH_ON_CHAN: + if (wmi_event->event & + (WMI_SCAN_EVENT_COMPLETED | WMI_SCAN_EVENT_BSS_CHANNEL)) + wma_handle->roam_preauth_scan_state = WMA_ROAM_PREAUTH_CHAN_COMPLETED; + /* There is no WDA request to complete. Next set channel request will + * look at this state and complete it. + */ + break; + default: + WMA_LOGE("%s: unhandled event 0x%x, reason 0x%x", + __func__, wmi_event->event, wmi_event->reason); + return; + } + + if((params = (tpSwitchChannelParams) wma_handle->roam_preauth_chan_context)) { + WMA_LOGI("%s: sending WDA_SWITCH_CHANNEL_RSP, status = 0x%x", + __func__, vos_status); + params->chainMask = wma_handle->pdevconfig.txchainmask; + params->smpsMode = SMPS_MODE_DISABLED; + params->status = vos_status; + wma_send_msg(wma_handle, WDA_SWITCH_CHANNEL_RSP, (void *)params, 0); + wma_handle->roam_preauth_chan_context = NULL; + } + +} + +/* + * wma_set_channel + * If this request is called when station is connected, it should use + */ static void wma_set_channel(tp_wma_handle wma, tpSwitchChannelParams params) { struct wma_vdev_start_req req; struct wma_target_req *msg; - VOS_STATUS status; - - vos_mem_zero(&req, sizeof(req)); - if (!wma_find_vdev_by_addr(wma, params->selfStaMacAddr, &req.vdev_id)) { - WMA_LOGP("%s: Failed to find vdev id for %pM\n", - __func__, params->selfStaMacAddr); - status = VOS_STATUS_E_FAILURE; - goto send_resp; - } + VOS_STATUS status = VOS_STATUS_SUCCESS; + u_int8_t vdev_id, peer_id; + ol_txrx_peer_handle peer; + ol_txrx_pdev_handle pdev; + struct wma_txrx_node *intr = wma->interfaces; + + if (!wma_find_vdev_by_addr(wma, params->selfStaMacAddr, &vdev_id)) { + WMA_LOGP("%s: Failed to find vdev id for %pM", + __func__, params->selfStaMacAddr); + status = VOS_STATUS_E_FAILURE; + goto send_resp; + } + pdev = vos_get_context(VOS_MODULE_ID_TXRX, wma->vos_context); + peer = ol_txrx_find_peer_by_addr(pdev, intr[vdev_id].bssid, &peer_id); + + if (peer && (peer->state == ol_txrx_peer_state_conn || + peer->state == ol_txrx_peer_state_auth)) { + /* Trying to change channel while connected should not invoke VDEV_START. + * Instead, use start scan command in passive mode to park station + * on that channel + */ + WMA_LOGI("%s: calling set_scan, state 0x%x", __func__, wma->roam_preauth_scan_state); + if (wma->roam_preauth_scan_state == WMA_ROAM_PREAUTH_CHAN_NONE) { + status = wma_roam_preauth_chan_set(wma, params, vdev_id); + /* response will be asynchronous */ + return; + } else if (wma->roam_preauth_scan_state == WMA_ROAM_PREAUTH_CHAN_REQUESTED || + wma->roam_preauth_scan_state == WMA_ROAM_PREAUTH_ON_CHAN) { + status = wma_roam_preauth_chan_cancel(wma, params, vdev_id); + /* response will be asynchronous */ + return; + } else if (wma->roam_preauth_scan_state == WMA_ROAM_PREAUTH_CHAN_COMPLETED) { + /* Already back on home channel. Complete the request */ + wma->roam_preauth_scan_state = WMA_ROAM_PREAUTH_CHAN_NONE; + status = VOS_STATUS_SUCCESS; + } + goto send_resp; + } + vos_mem_zero(&req, sizeof(req)); + req.vdev_id = vdev_id; msg = wma_fill_vdev_req(wma, req.vdev_id, WDA_CHNL_SWITCH_REQ, WMA_TARGET_REQ_TYPE_VDEV_START, params, 1000); if (!msg) { @@ -5090,6 +5236,8 @@ send_resp: #endif status); params->status = status; + WMA_LOGI("%s: sending WDA_SWITCH_CHANNEL_RSP, status = 0x%x", + __func__, status); wma_send_msg(wma, WDA_SWITCH_CHANNEL_RSP, (void *)params, 0); } @@ -12426,7 +12574,7 @@ VOS_STATUS wma_mc_process_msg(v_VOID_t *vos_context, vos_msg_t *msg) (tDelStaSelfParams *)msg->bodyptr, 1); break; case WDA_START_SCAN_OFFLOAD_REQ: - wma_start_scan(wma_handle, msg->bodyptr); + wma_start_scan(wma_handle, msg->bodyptr, msg->type); break; case WDA_STOP_SCAN_OFFLOAD_REQ: wma_stop_scan(wma_handle, msg->bodyptr); @@ -12711,6 +12859,16 @@ static int wma_scan_event_callback(WMA_HANDLE handle, u_int8_t *data, u_int8_t vdev_id; v_U32_t scan_id; + param_buf = (WMI_SCAN_EVENTID_param_tlvs *) data; + wmi_event = param_buf->fixed_param; + vdev_id = wmi_event->vdev_id; + scan_id = wma_handle->interfaces[vdev_id].scan_info.scan_id; + + if (wma_handle->roam_preauth_scan_id == wmi_event->scan_id) { + /* This is the scan requested by roam preauth set_channel operation */ + wma_roam_preauth_scan_event_handler(wma_handle, vdev_id, wmi_event); + return 0; + } scan_event = (tSirScanOffloadEvent *) vos_mem_malloc (sizeof(tSirScanOffloadEvent)); if (!scan_event) { @@ -12718,10 +12876,6 @@ static int wma_scan_event_callback(WMA_HANDLE handle, u_int8_t *data, return -ENOMEM; } - param_buf = (WMI_SCAN_EVENTID_param_tlvs *) data; - wmi_event = param_buf->fixed_param; - vdev_id = wmi_event->vdev_id; - scan_id = wma_handle->interfaces[vdev_id].scan_info.scan_id; scan_event->event = wmi_event->event; WMA_LOGI("WMA <-- wmi_scan_event : event %lu, scan_id %lu, freq %lu", @@ -14508,6 +14662,7 @@ VOS_STATUS WDA_TxPacket(void *wma_context, void *tx_frame, u_int16_t frmLen, tpSirMacFrameCtl pFc = (tpSirMacFrameCtl)(adf_nbuf_data(tx_frame)); u_int8_t use_6mbps = 0; u_int8_t downld_comp_required = 0; + u_int16_t chanfreq; #ifdef WLAN_FEATURE_11W tANI_U8 *pFrame = NULL; void *pPacket = NULL; @@ -14713,8 +14868,14 @@ VOS_STATUS WDA_TxPacket(void *wma_context, void *tx_frame, u_int16_t frmLen, if(tx_flag & HAL_USE_BD_RATE2_FOR_MANAGEMENT_FRAME) use_6mbps = 1; + if (wma_handle->roam_preauth_scan_state == WMA_ROAM_PREAUTH_ON_CHAN) { + chanfreq = wma_handle->roam_preauth_chanfreq; + WMA_LOGI("%s: Preauth frame on channel %d", __func__, chanfreq); + } else { + chanfreq = 0; + } /* Hand over the Tx Mgmt frame to TxRx */ - status = wdi_in_mgmt_send(txrx_vdev, tx_frame, tx_frm_index, use_6mbps); + status = wdi_in_mgmt_send(txrx_vdev, tx_frame, tx_frm_index, use_6mbps, chanfreq); /* * Failed to send Tx Mgmt Frame diff --git a/CORE/SERVICES/WMA/wma.h b/CORE/SERVICES/WMA/wma.h index 33560c9ebcc3..40a546c675ab 100644 --- a/CORE/SERVICES/WMA/wma.h +++ b/CORE/SERVICES/WMA/wma.h @@ -156,6 +156,7 @@ #define WMA_ROAM_BEACON_WEIGHT_DEFAULT (14) #define WMA_ROAM_OPP_SCAN_PERIOD_DEFAULT (120000) #define WMA_ROAM_OPP_SCAN_AGING_PERIOD_DEFAULT (WMA_ROAM_OPP_SCAN_PERIOD_DEFAULT * 5) +#define WMA_ROAM_PREAUTH_SCAN_TIME (50) #define WMA_INVALID_KEY_IDX 0xff #define WMA_DFS_RADAR_FOUND 1 @@ -215,6 +216,14 @@ enum wma_tdls_peer_reason { }; #endif /* FEATURE_WLAN_TDLS */ +typedef enum { + /* Roaming preauth channel state */ + WMA_ROAM_PREAUTH_CHAN_NONE, + WMA_ROAM_PREAUTH_CHAN_REQUESTED, + WMA_ROAM_PREAUTH_ON_CHAN, + WMA_ROAM_PREAUTH_CHAN_CANCEL_REQUESTED, + WMA_ROAM_PREAUTH_CHAN_COMPLETED +} t_wma_roam_preauth_chan_state_t; /* * memory chunck allocated by Host to be managed by FW * used only for low latency interfaces like pcie @@ -515,6 +524,10 @@ typedef struct { void* pGetRssiReq; u_int32_t roam_offload_vdev_id; v_BOOL_t roam_offload_enabled; + t_wma_roam_preauth_chan_state_t roam_preauth_scan_state; + u_int32_t roam_preauth_scan_id; + u_int16_t roam_preauth_chanfreq; + void *roam_preauth_chan_context; /* Here ol_ini_info is used to store ini * status of arp offload, ns offload -- cgit v1.2.3 From beb54297b4b869c76c50126dea1852ffad228b75 Mon Sep 17 00:00:00 2001 From: Komal Seelam Date: Fri, 24 Jan 2014 15:40:21 -0800 Subject: qcacld: enable mpq8092 compilation Enable mpq8092 compilation --- Android.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Android.mk b/Android.mk index 2d8fbf314db6..de83532a4213 100644 --- a/Android.mk +++ b/Android.mk @@ -3,8 +3,8 @@ # Assume no targets will be supported WLAN_CHIPSET := -# Build/Package options for 8084 target -ifeq ($(call is-board-platform,apq8084),true) +# Build/Package options for 8084/8092 target +ifeq ($(call is-board-platform-in-list, apq8084 mpq8092),true) WLAN_CHIPSET := qca_cld WLAN_SELECT := CONFIG_QCA_CLD_WLAN=m WLAN_ISOC_SELECT := CONFIG_QCA_WIFI_ISOC=0 -- cgit v1.2.3 From 26ce11dc7a5cdb55efe3dd8c7c4d2ceec1ae6a55 Mon Sep 17 00:00:00 2001 From: Prakash Dhavali Date: Sat, 25 Jan 2014 18:26:49 -0800 Subject: Release 4.0.0.74 Caf Staging --- CORE/MAC/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CORE/MAC/inc/qwlan_version.h b/CORE/MAC/inc/qwlan_version.h index 19fc0c29812e..4bf4003f730f 100644 --- a/CORE/MAC/inc/qwlan_version.h +++ b/CORE/MAC/inc/qwlan_version.h @@ -42,8 +42,8 @@ BRIEF DESCRIPTION: #define QWLAN_VERSION_MINOR 0 #define QWLAN_VERSION_PATCH 0 #define QWLAN_VERSION_EXTRA "" -#define QWLAN_VERSION_BUILD 73 +#define QWLAN_VERSION_BUILD 74 -#define QWLAN_VERSIONSTR "4.0.0.73" +#define QWLAN_VERSIONSTR "4.0.0.74" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3