From 8729212960af16405baec6a8e2c15332e16975a2 Mon Sep 17 00:00:00 2001 From: Bala Venkatesh Date: Wed, 12 Dec 2018 17:12:35 +0530 Subject: qcacld-3.0: Modify the MAX_TX_PWR_CAP to 30dbm Modify the max tx power value form 22db to 30db to cover regulatory power requirements. Change-Id: Id24ed354ed364037ba0ff5dea9de9810fb255962 CRs-fixed: 2362060 --- core/cds/inc/cds_regdomain.h | 4 ++-- core/mac/src/pe/rrm/rrm_api.c | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/core/cds/inc/cds_regdomain.h b/core/cds/inc/cds_regdomain.h index 664e2ca8ac9c..0e925b2637c5 100644 --- a/core/cds/inc/cds_regdomain.h +++ b/core/cds/inc/cds_regdomain.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2011, 2014-2019 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -65,7 +65,7 @@ #define MAX_CHANNELS_PER_OPERATING_CLASS 25 #define CDS_MAX_SUPP_OPER_CLASSES 32 #define MIN_TX_PWR_CAP 8 -#define MAX_TX_PWR_CAP 22 +#define MAX_TX_PWR_CAP 30 #define CTRY_DEFAULT 0 #define CTRY_FLAG 0x8000 diff --git a/core/mac/src/pe/rrm/rrm_api.c b/core/mac/src/pe/rrm/rrm_api.c index 73e1314a670f..e67d9bbe74ae 100644 --- a/core/mac/src/pe/rrm/rrm_api.c +++ b/core/mac/src/pe/rrm/rrm_api.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -43,8 +43,6 @@ #include "rrm_global.h" #include "rrm_api.h" -#define MAX_RRM_TX_PWR_CAP 22 - uint8_t rrm_get_min_of_max_tx_power(tpAniSirGlobal pMac, int8_t regMax, int8_t apTxPower) -- cgit v1.2.3 From d5c2ff6edbe9ebc7e4d3f486a9a30dd865ba65c1 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Tue, 15 Oct 2019 03:56:48 -0700 Subject: Release 5.1.1.75 Release 5.1.1.75 Change-Id: I3ecedc7bc753a1d61cd8e5a48a6fbfab2da9dce7 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index f96580825196..f7ffb1b4f1fa 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "Z" -#define QWLAN_VERSION_BUILD 74 +#define QWLAN_VERSION_EXTRA "" +#define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.74Z" +#define QWLAN_VERSIONSTR "5.1.1.75" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From fc1186cfcb3647633bb76afa9b7fd6ef7b317c2c Mon Sep 17 00:00:00 2001 From: Sourav Mohapatra Date: Thu, 5 Sep 2019 14:34:19 +0530 Subject: qcacld-3.0: Prevent possible OOB access in hdd_sendactionframe In the function hdd_sendactionframe, the parameters passed include the payload and the corresponding payload length; payload being generic pointer. The payload is then typecasted into the destination structure of type tpSirMacVendorSpecificFrameHdr. If the size of the payload specified in payload_len is less than the size of the destination structure, there is possiblility of OOB read while accessing the same. To prevent this security vulnerability, add a sanity check for the payload_len against the size of the destination structure. Change-Id: Ib0e7b7bfcf78412d81f18cf887e5296d80272598 CRs-Fixed: 2517858 --- core/hdd/src/wlan_hdd_ioctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/hdd/src/wlan_hdd_ioctl.c b/core/hdd/src/wlan_hdd_ioctl.c index 207d48b91468..3d0418a5ca23 100644 --- a/core/hdd/src/wlan_hdd_ioctl.c +++ b/core/hdd/src/wlan_hdd_ioctl.c @@ -1055,6 +1055,11 @@ hdd_sendactionframe(hdd_adapter_t *adapter, const uint8_t *bssid, struct cfg80211_mgmt_tx_params params; #endif + if (payload_len < sizeof(tSirMacVendorSpecificFrameHdr)) { + hdd_warn("Invalid payload length: %d", payload_len); + return -EINVAL; + } + if (QDF_STA_MODE != adapter->device_mode) { hdd_warn("Unsupported in mode %s(%d)", hdd_device_mode_to_string(adapter->device_mode), -- cgit v1.2.3 From d714782be1b68d928148a8290a4347effe850d7c Mon Sep 17 00:00:00 2001 From: nshrivas Date: Tue, 15 Oct 2019 22:52:35 -0700 Subject: Release 5.1.1.75A Release 5.1.1.75A Change-Id: Ieacf9e51594321f3a40864cebc8d8db00c409a3c CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index f7ffb1b4f1fa..c5e84a391afc 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "" +#define QWLAN_VERSION_EXTRA "A" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75" +#define QWLAN_VERSIONSTR "5.1.1.75A" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From b87208ef69dbcbfaedb8397667c74b5d99e18092 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dhanotiya Date: Tue, 23 Jul 2019 15:50:10 +0530 Subject: qcacld-3.0: Fix memory leak in driver dump Currently when driver gets a command to dump the driver info, it allocates the memory and retrieves the information in that allocated memory. Maximum data that can be copied to user space buffer is equal to one PAGE_SIZE. In the command driver gets the size of the data which user space wants to read, minimum of the user space requested size or one PAGE_SIZE of the data is copied to user space buffer and current position of the driver buffer till which the data is copied is updated to user space is also updated. Driver copies the retrieved information to the user space buffer as explained above and updates the position pointer to the user space. In the next request driver expects from user space to request the remaining data from the updated position in last request, once all the data is copied to user space, driver frees internally allocated memory. In case if driver does not get the request to read remaining data after first request, it does not free the memory. Current handling of this memory is done in init domain after stop modules, but since this memory is allocated in active domain, driver should free the memory in active domain. Since with current implementation memory allocated in active domain is not freed in active domain, memleak is getting detected. To resolve above issue, move mem cleanup logic for driver dump info command from init domain to active domain in stop modules. Change-Id: Idb4f35f0a599ad55eebe13348b68562fa401fd7e CRs-Fixed: 2489877 --- core/hdd/inc/wlan_hdd_main.h | 10 ++++++++++ core/hdd/src/wlan_hdd_main.c | 1 + core/hdd/src/wlan_hdd_memdump.c | 14 ++------------ 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/core/hdd/inc/wlan_hdd_main.h b/core/hdd/inc/wlan_hdd_main.h index 98b9801c3521..0312da3f6601 100644 --- a/core/hdd/inc/wlan_hdd_main.h +++ b/core/hdd/inc/wlan_hdd_main.h @@ -3269,6 +3269,16 @@ hdd_station_info_t *hdd_get_stainfo(hdd_station_info_t *aStaInfo, int hdd_driver_memdump_init(void); void hdd_driver_memdump_deinit(void); +/** + * hdd_driver_mem_cleanup() - Frees memory allocated for + * driver dump + * + * This function frees driver dump memory. + * + * Return: None + */ +void hdd_driver_mem_cleanup(void); + /** * wlan_hdd_free_cache_channels() - Free the cache channels list * @hdd_ctx: Pointer to HDD context diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 2da610d8989d..24e2a9967fa9 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -11300,6 +11300,7 @@ int hdd_wlan_stop_modules(hdd_context_t *hdd_ctx, bool ftm_mode) } /* Free the cache channels of the command SET_DISABLE_CHANNEL_LIST */ wlan_hdd_free_cache_channels(hdd_ctx); + hdd_driver_mem_cleanup(); /* many adapter resources are not freed by design in SSR case */ if (!is_recover_stop) diff --git a/core/hdd/src/wlan_hdd_memdump.c b/core/hdd/src/wlan_hdd_memdump.c index ff048ba6be71..d0a834d7e298 100644 --- a/core/hdd/src/wlan_hdd_memdump.c +++ b/core/hdd/src/wlan_hdd_memdump.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2016-2019 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -61,15 +61,7 @@ static void *memdump_get_file_data(struct file *file) return hdd_ctx; } -/** - * hdd_driver_mem_cleanup() - Frees memory allocated for - * driver dump - * - * This function unallocates driver dump memory. - * - * Return: None - */ -static void hdd_driver_mem_cleanup(void) +void hdd_driver_mem_cleanup(void) { hdd_context_t *hdd_ctx; @@ -307,6 +299,4 @@ int hdd_driver_memdump_init(void) void hdd_driver_memdump_deinit(void) { hdd_driver_memdump_procfs_remove(); - - hdd_driver_mem_cleanup(); } -- cgit v1.2.3 From 9fe047d53790b6f7f77d5c893825e8a0e5de1344 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Thu, 17 Oct 2019 11:25:27 -0700 Subject: Release 5.1.1.75B Release 5.1.1.75B Change-Id: Ia5422b8fb937c31990d23903c2e33221415767ed CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index c5e84a391afc..fbf3b3f4c21d 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "A" +#define QWLAN_VERSION_EXTRA "B" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75A" +#define QWLAN_VERSIONSTR "5.1.1.75B" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 7a28ce01f7f6d93e1ab9950d8bb7224f7aa69ca2 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dhanotiya Date: Thu, 17 Oct 2019 18:01:04 +0530 Subject: qcacld-3.0: Reduce the log level for some apis There are few apis for which some of the log levels are set to error and which results in excessive logging to the dmsg logs. To address above issue, reduce log levels for the functions which logs frequently. Change-Id: Ie7ec52310a7bb665981c690f62823cbf414e813d CRs-fixed: 2544546 --- core/cds/src/cds_api.c | 2 +- core/hdd/src/wlan_hdd_cfg80211.c | 2 +- core/hdd/src/wlan_hdd_main.c | 6 +++--- core/hdd/src/wlan_hdd_p2p.c | 2 +- core/hdd/src/wlan_hdd_power.c | 6 +++--- core/sme/src/common/sme_api.c | 2 +- core/wma/src/wma_main.c | 4 ++-- core/wma/src/wma_scan_roam.c | 2 +- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/core/cds/src/cds_api.c b/core/cds/src/cds_api.c index c6de500cc785..c8898ebb5aa5 100644 --- a/core/cds/src/cds_api.c +++ b/core/cds/src/cds_api.c @@ -1180,7 +1180,7 @@ void *cds_get_context(QDF_MODULE_ID moduleId) } if (pModContext == NULL) { - QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR, + QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_DEBUG, "%s: Module ID %i context is Null", __func__, moduleId); } diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index 4fe13ea02348..5f92b6c09d0f 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -6689,7 +6689,7 @@ static int __wlan_hdd_cfg80211_wifi_logger_get_ring_data(struct wiphy *wiphy, WLAN_LOG_REASON_CODE_UNUSED, true, false); if (QDF_STATUS_SUCCESS != status) { - hdd_err("Failed to trigger bug report"); + hdd_debug("Failed to trigger bug report"); return -EINVAL; } } else { diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 24e2a9967fa9..02eabb6cf2e0 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -3679,8 +3679,8 @@ QDF_STATUS hdd_init_station_mode(hdd_adapter_t *adapter) status = hdd_lro_enable(hdd_ctx, adapter); if (status) /* Err code from errno.h */ - hdd_err("LRO is disabled either because of kernel doesnot support or disabled in INI or via vendor commandi. err code %d", - status); + hdd_debug("LRO is disabled either because of kernel doesnot support or disabled in INI or via vendor commandi. err code %d", + status); /* rcpi info initialization */ qdf_mem_zero(&adapter->rcpi, sizeof(adapter->rcpi)); @@ -3739,7 +3739,7 @@ void hdd_cleanup_actionframe(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter) &adapter->tx_action_cnf_event, msecs_to_jiffies(ACTION_FRAME_TX_TIMEOUT)); if (!rc) { - hdd_err("HDD Wait for Action Confirmation Failed!!"); + hdd_debug("HDD Wait for Action Confirmation Failed!!"); /* * Inform tx status as FAILURE to upper layer and free * cfgState->buf diff --git a/core/hdd/src/wlan_hdd_p2p.c b/core/hdd/src/wlan_hdd_p2p.c index ad8ac69b2df7..cd147f16a76a 100644 --- a/core/hdd/src/wlan_hdd_p2p.c +++ b/core/hdd/src/wlan_hdd_p2p.c @@ -2326,7 +2326,7 @@ static int __wlan_hdd_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev, msecs_to_jiffies (WAIT_CHANGE_CHANNEL_FOR_OFFCHANNEL_TX)); if (!rc) { - hdd_err("wait on offchannel_tx_event timed out"); + hdd_debug("wait on offchannel_tx_event timed out"); goto err_rem_channel; } } else if (offchan) { diff --git a/core/hdd/src/wlan_hdd_power.c b/core/hdd/src/wlan_hdd_power.c index 8e3a9b766ad2..81f52aeb8ebb 100644 --- a/core/hdd/src/wlan_hdd_power.c +++ b/core/hdd/src/wlan_hdd_power.c @@ -229,7 +229,7 @@ static int __wlan_hdd_ipv6_changed(struct notifier_block *nb, ENTER_DEV(ndev); if ((pAdapter == NULL) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) { - hdd_err("Adapter context is invalid %pK", pAdapter); + hdd_debug("Adapter context is invalid %pK", pAdapter); return NOTIFY_DONE; } @@ -923,7 +923,7 @@ static int __wlan_hdd_ipv4_changed(struct notifier_block *nb, ENTER_DEV(ndev); if ((pAdapter == NULL) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) { - hdd_err("Adapter context is invalid %pK", pAdapter); + hdd_debug("Adapter context is invalid %pK", pAdapter); return NOTIFY_DONE; } @@ -2517,7 +2517,7 @@ static int __wlan_hdd_cfg80211_get_txpower(struct wiphy *wiphy, /* Validate adapter sessionId */ if (wlan_hdd_validate_session_id(adapter->sessionId)) { - hdd_err("invalid session id: %d", adapter->sessionId); + hdd_debug("invalid session id: %d", adapter->sessionId); return -EINVAL; } diff --git a/core/sme/src/common/sme_api.c b/core/sme/src/common/sme_api.c index e51337c319af..12ae3afe075d 100644 --- a/core/sme/src/common/sme_api.c +++ b/core/sme/src/common/sme_api.c @@ -8043,7 +8043,7 @@ QDF_STATUS sme_8023_multicast_list(tHalHandle hHal, uint8_t sessionId, if (!CSR_IS_SESSION_VALID(pMac, sessionId) || (!csr_is_conn_state_infra(pMac, sessionId) && !csr_is_ndi_started(pMac, sessionId))) { - QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR, + QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_DEBUG, "%s: Invalid session: %d", __func__, sessionId); return QDF_STATUS_E_FAILURE; } diff --git a/core/wma/src/wma_main.c b/core/wma/src/wma_main.c index 3197cd84237e..fba86214196d 100644 --- a/core/wma/src/wma_main.c +++ b/core/wma/src/wma_main.c @@ -8399,7 +8399,7 @@ QDF_STATUS wma_mc_process_msg(void *cds_context, cds_msg_t *msg) qdf_mem_free(msg->bodyptr); break; default: - WMA_LOGE("Unhandled WMA message of type %d", msg->type); + WMA_LOGD("Unhandled WMA message of type %d", msg->type); if (msg->bodyptr) qdf_mem_free(msg->bodyptr); } @@ -8419,7 +8419,7 @@ void wma_log_completion_timeout(void *data) { tp_wma_handle wma_handle; - WMA_LOGE("%s: Timeout occured for log completion command", __func__); + WMA_LOGD("%s: Timeout occurred for log completion command", __func__); wma_handle = (tp_wma_handle) data; if (!wma_handle) diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index b3506ad4e1a4..e99baba16613 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -888,7 +888,7 @@ static void wma_roam_scan_fill_fils_params(tp_wma_handle wma_handle, struct roam_fils_params *dst_fils_params, *src_fils_params; if (!params || !roam_req || !roam_req->is_fils_connection) { - WMA_LOGE("wma_roam_scan_fill_fils_params- NULL"); + WMA_LOGD("wma_roam_scan_fill_fils_params- NULL"); return; } -- cgit v1.2.3 From 1c551ac19cf67a17769db56d2900d26c071ba5cf Mon Sep 17 00:00:00 2001 From: nshrivas Date: Fri, 18 Oct 2019 06:13:54 -0700 Subject: Release 5.1.1.75C Release 5.1.1.75C Change-Id: Iba9c1dc2ce73a5bd4aaa5de512389e463e072a65 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index fbf3b3f4c21d..f69968713a47 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "B" +#define QWLAN_VERSION_EXTRA "C" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75B" +#define QWLAN_VERSIONSTR "5.1.1.75C" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 35a916c48b112aae38f82552c4ad8c9105c6a505 Mon Sep 17 00:00:00 2001 From: Pragaspathi Thilagaraj Date: Mon, 22 Apr 2019 18:37:22 +0530 Subject: qcacld-3.0: Disconnect the other sta vdev before vdev destroy During vdev destroy, if any STA is in connecting state the roam command will be in active queue and thus vdev destroy is queued in pending queue. In case STA tries to connect to multiple BSSID and fails to connect, due to auth/assoc timeouts it may take more than vdev destroy time to get completed. Sterilization is waiting for wait for key and thus set hw mode on tip is not processed, now stop adapter will queue the stop bss behind the hw mode change so stop adapter will timeout for del bss leading to assert in wma when delete self sta is processed. So before vdev destroy is queued abort any STA ongoing connection to avoid vdev destroy timeout. Change-Id: Ibd1ea555616ba22179f3663a082f5281220ab918 CRs-Fixed: 2375712 --- core/hdd/inc/wlan_hdd_assoc.h | 10 ++++++++++ core/hdd/src/wlan_hdd_assoc.c | 18 ++++++++++++++++++ core/hdd/src/wlan_hdd_hostapd.c | 17 +++-------------- core/hdd/src/wlan_hdd_main.c | 23 +++++++++++++++++++++++ 4 files changed, 54 insertions(+), 14 deletions(-) diff --git a/core/hdd/inc/wlan_hdd_assoc.h b/core/hdd/inc/wlan_hdd_assoc.h index a5414a537160..bb3b945b76f2 100644 --- a/core/hdd/inc/wlan_hdd_assoc.h +++ b/core/hdd/inc/wlan_hdd_assoc.h @@ -268,6 +268,16 @@ tSirRFBand hdd_conn_get_connected_band(hdd_station_ctx_t *pHddStaCtx); */ hdd_adapter_t *hdd_get_sta_connection_in_progress(hdd_context_t *hdd_ctx); +/** + * hdd_abort_ongoing_sta_connection() - Disconnect the sta for which the + * connection is in progress. + * + * @hdd_ctx: hdd context + * + * Return: none + */ +void hdd_abort_ongoing_sta_connection(hdd_context_t *hdd_ctx); + /** * hdd_sme_roam_callback() - hdd sme roam callback * @pContext: pointer to adapter context diff --git a/core/hdd/src/wlan_hdd_assoc.c b/core/hdd/src/wlan_hdd_assoc.c index 6bb9f473aafe..4275482f7f14 100644 --- a/core/hdd/src/wlan_hdd_assoc.c +++ b/core/hdd/src/wlan_hdd_assoc.c @@ -424,6 +424,24 @@ end: return NULL; } +void hdd_abort_ongoing_sta_connection(hdd_context_t *hdd_ctx) +{ + hdd_adapter_t *sta_adapter; + QDF_STATUS status; + + sta_adapter = hdd_get_sta_connection_in_progress(hdd_ctx); + if (sta_adapter) { + hdd_debug("Disconnecting STA on vdev: %d", + sta_adapter->sessionId); + status = wlan_hdd_disconnect(sta_adapter, + eCSR_DISCONNECT_REASON_DEAUTH); + if (QDF_IS_STATUS_ERROR(status)) { + hdd_err("wlan_hdd_disconnect failed, status: %d", + status); + } + } +} + /** * hdd_remove_beacon_filter() - remove beacon filter * @adapter: Pointer to the hdd adapter diff --git a/core/hdd/src/wlan_hdd_hostapd.c b/core/hdd/src/wlan_hdd_hostapd.c index fad7bb785f10..77088b08230b 100644 --- a/core/hdd/src/wlan_hdd_hostapd.c +++ b/core/hdd/src/wlan_hdd_hostapd.c @@ -8001,7 +8001,6 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, bool disable_fw_tdls_state = false; uint8_t ignore_cac = 0; uint8_t beacon_fixed_len; - hdd_adapter_t *sta_adapter; ENTER(); @@ -8035,12 +8034,7 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, * disconnect the STA interface first if connection or key exchange is * in progress and then start SAP interface. */ - sta_adapter = hdd_get_sta_connection_in_progress(pHddCtx); - if (sta_adapter) { - hdd_debug("Disconnecting STA with session id: %d", - sta_adapter->sessionId); - wlan_hdd_disconnect(sta_adapter, eCSR_DISCONNECT_REASON_DEAUTH); - } + hdd_abort_ongoing_sta_connection(pHddCtx); /* * Reject start bss if reassoc in progress on any adapter. @@ -8717,7 +8711,6 @@ static int __wlan_hdd_cfg80211_stop_ap(struct wiphy *wiphy, hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev); hdd_context_t *pHddCtx = wiphy_priv(wiphy); hdd_scaninfo_t *pScanInfo = NULL; - hdd_adapter_t *staAdapter = NULL; QDF_STATUS status = QDF_STATUS_E_FAILURE; QDF_STATUS qdf_status = QDF_STATUS_E_FAILURE; tSirUpdateIE updateIE; @@ -8727,6 +8720,7 @@ static int __wlan_hdd_cfg80211_stop_ap(struct wiphy *wiphy, hdd_adapter_list_node_t *pAdapterNode = NULL; hdd_adapter_list_node_t *pNext = NULL; tsap_Config_t *pConfig; + hdd_adapter_t *staAdapter; hdd_info("enter(%s)", netdev_name(dev)); @@ -8774,12 +8768,7 @@ static int __wlan_hdd_cfg80211_stop_ap(struct wiphy *wiphy, * the STA and complete the SAP operation. STA will reconnect * after SAP stop is done. */ - staAdapter = hdd_get_sta_connection_in_progress(pHddCtx); - if (staAdapter) { - hdd_debug("Disconnecting STA with session id: %d", - staAdapter->sessionId); - wlan_hdd_disconnect(staAdapter, eCSR_DISCONNECT_REASON_DEAUTH); - } + hdd_abort_ongoing_sta_connection(pHddCtx); if (pAdapter->device_mode == QDF_SAP_MODE) { wlan_hdd_del_station(pAdapter); diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 02eabb6cf2e0..f1dc883a15be 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -5060,6 +5060,17 @@ QDF_STATUS hdd_stop_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, #endif #endif + /* + * During vdev destroy, if any STA is in connecting state the + * roam command will be in active queue and thus vdev destroy is + * queued in pending queue. In case STA tries to connect to + * multiple BSSID and fails to connect, due to auth/assoc + * timeouts it may take more than vdev destroy time to get + * completed. So before vdev destroy is queued abort any STA + * ongoing connection to avoid vdev destroy timeout. + */ + if (test_bit(SME_SESSION_OPENED, &adapter->event_flags)) + hdd_abort_ongoing_sta_connection(hdd_ctx); /* * It is possible that the caller of this function does not * wish to close the session @@ -5103,6 +5114,18 @@ QDF_STATUS hdd_stop_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, hdd_deregister_tx_flow_control(adapter); + /* + * During vdev destroy, if any STA is in connecting state the + * roam command will be in active queue and thus vdev destroy is + * queued in pending queue. In case STA tries to connect to + * multiple BSSID and fails to connect, due to auth/assoc + * timeouts it may take more than vdev destroy time to get + * complete. So before vdev destroy is queued abort any STA + * ongoing connection to avoid vdev destroy timeout. + */ + if (test_bit(SME_SESSION_OPENED, &adapter->event_flags)) + hdd_abort_ongoing_sta_connection(hdd_ctx); + mutex_lock(&hdd_ctx->sap_lock); if (test_bit(SOFTAP_BSS_STARTED, &adapter->event_flags)) { QDF_STATUS status; -- cgit v1.2.3 From a5436dfeac98920c265d6b2862ca3e6d472abd45 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Mon, 21 Oct 2019 02:52:43 -0700 Subject: Release 5.1.1.75D Release 5.1.1.75D Change-Id: Iff80ba5529a5ff37a25dd67c3fef51ffefd3b6b9 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index f69968713a47..c6ab2715625d 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "C" +#define QWLAN_VERSION_EXTRA "D" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75C" +#define QWLAN_VERSIONSTR "5.1.1.75D" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From c7218e297dbd35f1957e2ea29a53124f85a3c561 Mon Sep 17 00:00:00 2001 From: Balaji Pothunoori Date: Wed, 16 Oct 2019 19:12:17 +0530 Subject: qcacld-3.0: Return failure from hdd_wlan_start_modules hdd_wlan_start_modules returns success for many error paths. For each error path in hdd_wlan_start_modules, return an appropriate error code to the caller to improve error handling. Change-Id: Id4e6e84a8b833689df1f0a80fba6c25bdc1da857 CRs-Fixed: 2141141 --- core/hdd/src/wlan_hdd_main.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index f1dc883a15be..f165d57f3d7b 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -2390,7 +2390,8 @@ int hdd_wlan_start_modules(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, if (!reinit && !unint) { ret = pld_power_on(qdf_dev->dev); if (ret) { - hdd_err("Failed to Powerup the device: %d", ret); + hdd_err("Failed to Powerup the device; errno: %d", + ret); goto release_lock; } } @@ -2403,7 +2404,7 @@ int hdd_wlan_start_modules(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, (reinit == true) ? HIF_ENABLE_TYPE_REINIT : HIF_ENABLE_TYPE_PROBE); if (ret) { - hdd_err("Failed to open hif: %d", ret); + hdd_err("Failed to open hif; errno: %d", ret); goto power_down; } @@ -2416,20 +2417,22 @@ int hdd_wlan_start_modules(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, status = ol_cds_init(qdf_dev, hif_ctx); if (status != QDF_STATUS_SUCCESS) { - hdd_err("No Memory to Create BMI Context :%d", status); + hdd_err("No Memory to Create BMI Context; status: %d", + status); ret = qdf_status_to_os_return(status); goto hif_close; } ret = hdd_update_config(hdd_ctx); if (ret) { - hdd_err("Failed to update configuration :%d", ret); + hdd_err("Failed to update configuration; errno: %d", + ret); goto ol_cds_free; } status = cds_open(); if (!QDF_IS_STATUS_SUCCESS(status)) { - hdd_err("Failed to Open CDS: %d", status); + hdd_err("Failed to Open CDS; status: %d", status); ret = (status == QDF_STATUS_E_NOMEM) ? -ENOMEM : -EINVAL; goto deinit_config; } @@ -2451,8 +2454,8 @@ int hdd_wlan_start_modules(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, status = cds_pre_enable(hdd_ctx->pcds_context); if (!QDF_IS_STATUS_SUCCESS(status)) { - hdd_err("Failed to pre-enable CDS: %d", status); - ret = (status == QDF_STATUS_E_NOMEM) ? -ENOMEM : -EINVAL; + hdd_err("Failed to pre-enable CDS; status: %d", status); + ret = qdf_status_to_os_return(status); goto deregister_cb; } @@ -2481,9 +2484,10 @@ int hdd_wlan_start_modules(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, } if (reinit) { - if (hdd_ipa_uc_ssr_reinit(hdd_ctx)) { - hdd_err("HDD IPA UC reinit failed"); - ret = -EINVAL; + ret = hdd_ipa_uc_ssr_reinit(hdd_ctx); + if (ret) { + hdd_err("HDD IPA UC reinit failed; errno: %d", + ret); goto err_ipa_cleanup; } } @@ -2493,16 +2497,19 @@ int hdd_wlan_start_modules(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, hdd_info("Wlan transition (OPENED -> ENABLED)"); if (!adapter) { hdd_err("adapter is Null"); + ret = -EINVAL; goto err_ipa_cleanup; } if (QDF_GLOBAL_FTM_MODE == hdd_get_conparam()) { hdd_err("in ftm mode, no need to configure cds modules"); + ret = -EINVAL; break; } - if (hdd_configure_cds(hdd_ctx, adapter)) { - hdd_err("Failed to Enable cds modules"); + ret = hdd_configure_cds(hdd_ctx, adapter); + if (ret) { + hdd_err("Failed to Enable cds modules; errno: %d", ret); ret = -EINVAL; goto err_ipa_cleanup; } -- cgit v1.2.3 From df080d9a51ac391e0964f45ad6712bc802400185 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Wed, 23 Oct 2019 05:55:24 -0700 Subject: Release 5.1.1.75E Release 5.1.1.75E Change-Id: I912df0bc1d0c5bb2936fbccb3f7b5f49c170fd9c CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index c6ab2715625d..4917419bdae4 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "D" +#define QWLAN_VERSION_EXTRA "E" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75D" +#define QWLAN_VERSIONSTR "5.1.1.75E" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 8c0bba1b316014b02cb7d2d00cb2d58cbb835ccc Mon Sep 17 00:00:00 2001 From: Abhinav Kumar Date: Wed, 23 Oct 2019 15:30:17 +0530 Subject: qcacld-3.0: Reduce the candidate list to 5 in roam cmd for SAE auth Current driver configuration is as follow: 1. SME active roam command queue timeout is 30 seconds 2. SAE auth timeout is 5 seconds 3. Max BSS count in roam command (CSR_MAX_BSSID_COUNT) for SAE authentication is 8 As SAE auth timeout is 5 seconds and SME active command queue timeout are 30 seconds, so only 6 SAE auth timeouts (30/5 = 6) are enough to trigger SME active command queue timeout for roam command. In case of continuous SAE auth time out, Driver will try SAE connection till 8th candidate. So when driver tries to process SAE connection for 7th BSSID, device leads to crash as by this time SAE roam command(connect command) gets removed from SME active roam command queue. Fix is to reduce the candidate list to 5 in roam command for SAE authentication considering SME roam command queue timeout is of 30 seconds. Change-Id: Ic43f44ef14ea4c3b972635682941a624cdc6dcc7 CRs-Fixed: 2551462 --- core/sme/src/csr/csr_inside_api.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/sme/src/csr/csr_inside_api.h b/core/sme/src/csr/csr_inside_api.h index 6eb54de3cbe3..e417673842ae 100644 --- a/core/sme/src/csr/csr_inside_api.h +++ b/core/sme/src/csr/csr_inside_api.h @@ -85,10 +85,11 @@ #define CSR_ACTIVE_SCAN_LIST_CMD_TIMEOUT (1000*30) /* *************************************************************************** - * The MAX BSSID Count should be lower than the command timeout value and it - * can be of a fraction of 1/3 to 1/2 of the total command timeout value. + * The MAX BSSID Count should be lower than the command timeout value. + * As in some case auth timeout can take upto 5 sec (in case of SAE auth) try + * (command timeout/5000 - 1) candidates. * ***************************************************************************/ -#define CSR_MAX_BSSID_COUNT (SME_ACTIVE_LIST_CMD_TIMEOUT_VALUE/3000) - 2 +#define CSR_MAX_BSSID_COUNT (SME_ACTIVE_LIST_CMD_TIMEOUT_VALUE/5000) - 1 #define CSR_CUSTOM_CONC_GO_BI 100 extern uint8_t csr_wpa_oui[][CSR_WPA_OUI_SIZE]; bool csr_is_supported_channel(tpAniSirGlobal pMac, uint8_t channelId); -- cgit v1.2.3 From 0c9d2e89cca5532a0e23507770cd0274179d2be5 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Thu, 24 Oct 2019 01:22:45 -0700 Subject: Release 5.1.1.75F Release 5.1.1.75F Change-Id: I89652d1e416ad5161d73001516b24796959f2c82 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 4917419bdae4..166802bb7fe0 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "E" +#define QWLAN_VERSION_EXTRA "F" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75E" +#define QWLAN_VERSIONSTR "5.1.1.75F" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 0e30c164aee1ffd7bee4a9968566a5152222bc01 Mon Sep 17 00:00:00 2001 From: Vulupala Shashank Reddy Date: Fri, 25 Oct 2019 16:55:52 +0530 Subject: qcacld-3.0: Takecare to stop and down vdev in monitor mode In monitor mode there is no disconnect, so vdev stop and down is not handled. Make sure to stop and down the vdev before vdev delete. Change-Id: I25f5a0e01deda8f2e16e102113b10f32e89b3e38 CRs-Fixed: 2357047 --- core/wma/src/wma_dev_if.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/core/wma/src/wma_dev_if.c b/core/wma/src/wma_dev_if.c index 21fe8e3ea403..2c6d0e91c380 100644 --- a/core/wma/src/wma_dev_if.c +++ b/core/wma/src/wma_dev_if.c @@ -553,6 +553,29 @@ wma_ol_txrx_vdev_detach(tp_wma_handle wma_handle, iface->is_vdev_valid = false; } +/* + * wma_handle_monitor_mode_vdev_detach() - Stop and down monitor mode vdev + * @wma_handle: wma handle + * @vdev_id: used to get wma interface txrx node + * + * Monitor mode is unconneted mode, so do explicit vdev stop and down + * + * Return: None + */ +static void wma_handle_monitor_mode_vdev_detach(tp_wma_handle wma, + uint8_t vdev_id) +{ + if (wma_send_vdev_stop_to_fw(wma, vdev_id)) { + WMA_LOGE("%s: %d Failed to send vdev stop", __func__, __LINE__); + wma_remove_vdev_req(wma, vdev_id, + WMA_TARGET_REQ_TYPE_VDEV_STOP); + } + + if (wma_send_vdev_down_to_fw(wma, vdev_id) != QDF_STATUS_SUCCESS) + WMA_LOGE("Failed to send vdev down cmd: vdev %d", vdev_id); +} + + static QDF_STATUS wma_handle_vdev_detach(tp_wma_handle wma_handle, struct del_sta_self_params *del_sta_self_req_param, uint8_t generate_rsp) @@ -562,6 +585,9 @@ static QDF_STATUS wma_handle_vdev_detach(tp_wma_handle wma_handle, struct wma_txrx_node *iface = &wma_handle->interfaces[vdev_id]; struct wma_target_req *msg = NULL; + if (cds_get_conparam() == QDF_GLOBAL_MONITOR_MODE) + wma_handle_monitor_mode_vdev_detach(wma_handle, vdev_id); + status = wmi_unified_vdev_delete_send(wma_handle->wmi_handle, vdev_id); if (QDF_IS_STATUS_ERROR(status)) { WMA_LOGE("Unable to remove an interface"); @@ -1897,6 +1923,10 @@ int wma_vdev_stop_resp_handler(void *handle, uint8_t *cmd_param_info, return -EINVAL; } + /* Ignore stop_response in Monitor mode */ + if (cds_get_conparam() == QDF_GLOBAL_MONITOR_MODE) + return QDF_STATUS_SUCCESS; + iface = &wma->interfaces[resp_event->vdev_id]; /* vdev in stopped state, no more waiting for key */ -- cgit v1.2.3 From 0e529bc8ca1fb55efb219623ec5917bacd69e157 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Tue, 29 Oct 2019 02:29:12 -0700 Subject: Release 5.1.1.75G Release 5.1.1.75G Change-Id: I6640a3a1de06f727b82d1586c42f1603018073aa CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 166802bb7fe0..b16a712a52d9 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "F" +#define QWLAN_VERSION_EXTRA "G" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75F" +#define QWLAN_VERSIONSTR "5.1.1.75G" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From ed0daf58d69ffb130f0e0c7823ce4b7f21c5d480 Mon Sep 17 00:00:00 2001 From: Vulupala Shashank Reddy Date: Thu, 24 Oct 2019 16:15:45 +0530 Subject: qcacld-3.0: Fix sequence of close adapter during netdev going down During close adapter blocked_scan_request_q_lock is destroyed. The destroyed lock is accessed in wlan_hdd_cfg80211_scan_block_cb after close adapter. Move wlan_hdd_cfg80211_scan_block_cb to hdd_stop_adapter. Change-Id: I3d046434d9207d9cd193bc1ceab11fc333238422 CRs-Fixed: 2554805 --- core/hdd/src/wlan_hdd_main.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index f165d57f3d7b..b322a0b128fd 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -530,8 +530,6 @@ static int __hdd_netdev_notifier_call(struct notifier_block *nb, hdd_err("Timeout occurred while waiting for abortscan"); } cds_flush_work(&adapter->scan_block_work); - /* Need to clean up blocked scan request */ - wlan_hdd_cfg80211_scan_block_cb(&adapter->scan_block_work); hdd_debug("Scan is not Pending from user"); /* * After NETDEV_GOING_DOWN, kernel calls hdd_stop.Irrespective @@ -3969,6 +3967,9 @@ static void hdd_cleanup_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, return; } + qdf_list_destroy(&adapter->blocked_scan_request_q); + qdf_mutex_destroy(&adapter->blocked_scan_request_q_lock); + wlan_hdd_debugfs_csr_deinit(adapter); qdf_mutex_destroy(&adapter->arp_offload_info_lock); hdd_ns_offload_info_lock_destroy(adapter); @@ -4753,9 +4754,6 @@ QDF_STATUS hdd_close_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, if (QDF_STATUS_SUCCESS == status) { hdd_bus_bw_compute_timer_stop(hdd_ctx); - qdf_list_destroy(&adapter->blocked_scan_request_q); - qdf_mutex_destroy(&adapter->blocked_scan_request_q_lock); - /* cleanup adapter */ cds_clear_concurrency_mode(adapter->device_mode); hdd_cleanup_adapter(hdd_ctx, adapterNode->pAdapter, rtnl_held); @@ -4980,6 +4978,8 @@ QDF_STATUS hdd_stop_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, return -ENODEV; } + /* Need to clean up blocked scan request */ + wlan_hdd_cfg80211_scan_block_cb(&adapter->scan_block_work); scan_info = &adapter->scan_info; hdd_info("Disabling queues"); wlan_hdd_netif_queue_control(adapter, -- cgit v1.2.3 From 03795e12153301482e0a02417d69689c00b87fd7 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Tue, 29 Oct 2019 08:16:13 -0700 Subject: Release 5.1.1.75H Release 5.1.1.75H Change-Id: I255bbec9c3fb87708b3f96fa89ce77b358e77b63 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index b16a712a52d9..44d7f4ecb2df 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "G" +#define QWLAN_VERSION_EXTRA "H" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75G" +#define QWLAN_VERSIONSTR "5.1.1.75H" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 4a76c8038ebea3312300471534568f42c388eec2 Mon Sep 17 00:00:00 2001 From: Vulupala Shashank Reddy Date: Mon, 14 Oct 2019 16:30:12 +0530 Subject: qcacld-3.0: Add support to include tx retry count for mon interface Extend radiotap header to append tx retry count for packets sent to virtual mon interface. Change-Id: Ia399c3184ba614d8ce78e6764fe617ec990078c7 CRs-Fixed: 2546291 --- core/cds/inc/cds_sched.h | 6 ++++-- core/cds/src/cds_sched.c | 2 +- core/dp/ol/inc/ol_txrx_osif_api.h | 6 ++++-- core/dp/txrx/ol_rx.c | 3 ++- core/dp/txrx/ol_rx_defrag.c | 3 ++- core/dp/txrx/ol_tx_send.c | 13 +++++++++---- core/dp/txrx/ol_txrx.c | 34 +++++++++++++++++++++++----------- core/dp/txrx/ol_txrx.h | 12 ++++++++++++ core/dp/txrx/ol_txrx_types.h | 1 + core/wma/src/wma_mgmt.c | 1 + 10 files changed, 59 insertions(+), 22 deletions(-) diff --git a/core/cds/inc/cds_sched.h b/core/cds/inc/cds_sched.h index 835b5a04c082..eae8de839f91 100644 --- a/core/cds/inc/cds_sched.h +++ b/core/cds/inc/cds_sched.h @@ -43,6 +43,7 @@ #include "cds_config.h" #include "cds_reg_service.h" #include "qdf_cpuhp.h" +#include "ol_txrx.h" #define TX_POST_EVENT 0x001 #define TX_SUSPEND_EVENT 0x002 @@ -90,7 +91,8 @@ typedef void (*cds_ol_rx_thread_cb)(void *context, void *rxpkt, uint16_t staid); typedef void (*cds_ol_mon_thread_cb)( void *context, void *monpkt, uint8_t vdev_id, uint8_t tid, - uint8_t status, bool pkt_format); + struct ol_mon_tx_status pkt_tx_status, + bool pkt_format); typedef int (*send_mode_change_event_cb)(void); @@ -140,7 +142,7 @@ struct cds_ol_mon_pkt { uint8_t tid; /* Tx packet status */ - uint8_t status; + struct ol_mon_tx_status pkt_tx_status; /* 0 = 802.3 format , 1 = 802.11 format */ bool pkt_format; diff --git a/core/cds/src/cds_sched.c b/core/cds/src/cds_sched.c index 5bb7e5bdd6e3..a1f8cf6c4ea4 100644 --- a/core/cds/src/cds_sched.c +++ b/core/cds/src/cds_sched.c @@ -1565,7 +1565,7 @@ static void cds_mon_from_queue(p_cds_sched_context pschedcontext) vdev_id = pkt->vdev_id; tid = pkt->tid; pkt->callback(pkt->context, pkt->monpkt, vdev_id, - tid, pkt->status, pkt->pkt_format); + tid, pkt->pkt_tx_status, pkt->pkt_format); cds_free_ol_mon_pkt(pschedcontext, pkt); spin_lock_bh(&pschedcontext->ol_mon_queue_lock); } diff --git a/core/dp/ol/inc/ol_txrx_osif_api.h b/core/dp/ol/inc/ol_txrx_osif_api.h index d2fe056a63d2..c89c56da105b 100644 --- a/core/dp/ol/inc/ol_txrx_osif_api.h +++ b/core/dp/ol/inc/ol_txrx_osif_api.h @@ -83,7 +83,7 @@ void ol_rx_data_process(struct ol_txrx_peer_t *peer, * @mon_buf_list: netbuf list * @type: data process type * @tid: tid number - * @status: Tx status + * @pkt_tx_status: Tx status * @pktformat: Frame format * * Return: none @@ -91,7 +91,9 @@ void ol_rx_data_process(struct ol_txrx_peer_t *peer, void ol_txrx_mon_data_process(uint8_t vdev_id, qdf_nbuf_t mon_buf_list, enum mon_data_process_type type, - uint8_t tid, uint8_t status, bool pktformat); + uint8_t tid, + struct ol_mon_tx_status pkt_tx_status, + bool pktformat); void ol_txrx_flush_rx_frames(struct ol_txrx_peer_t *peer, bool drop); diff --git a/core/dp/txrx/ol_rx.c b/core/dp/txrx/ol_rx.c index 17f3696b2ab3..e4310496dd35 100644 --- a/core/dp/txrx/ol_rx.c +++ b/core/dp/txrx/ol_rx.c @@ -1476,6 +1476,7 @@ ol_rx_in_order_indication_handler(ol_txrx_pdev_handle pdev, uint32_t filled = 0; uint8_t vdev_id; bool is_pkt_capture_flow_id = false; + struct ol_mon_tx_status pkt_tx_status = {0}; if (tid >= OL_TXRX_NUM_EXT_TIDS) { ol_txrx_err("%s: invalid tid, %u\n", __FUNCTION__, tid); @@ -1585,7 +1586,7 @@ ol_rx_in_order_indication_handler(ol_txrx_pdev_handle pdev, if (head_mon_msdu) ol_txrx_mon_data_process( vdev_id, head_mon_msdu, - PROCESS_TYPE_DATA_RX, 0, 0, + PROCESS_TYPE_DATA_RX, 0, pkt_tx_status, TXRX_PKT_FORMAT_8023); if (is_pkt_capture_flow_id) { diff --git a/core/dp/txrx/ol_rx_defrag.c b/core/dp/txrx/ol_rx_defrag.c index 4373999b4467..84045eb8ad58 100644 --- a/core/dp/txrx/ol_rx_defrag.c +++ b/core/dp/txrx/ol_rx_defrag.c @@ -684,6 +684,7 @@ ol_rx_defrag(ol_txrx_pdev_handle pdev, struct ieee80211_frame *wh; uint8_t key[DEFRAG_IEEE80211_KEY_LEN]; htt_pdev_handle htt_pdev = pdev->htt_pdev; + struct ol_mon_tx_status pkt_tx_status = {0}; vdev = peer->vdev; @@ -832,7 +833,7 @@ ol_rx_defrag(ol_txrx_pdev_handle pdev, if (head_mon_msdu) ol_txrx_mon_data_process( vdev->vdev_id, head_mon_msdu, - PROCESS_TYPE_DATA_RX, 0, 0, + PROCESS_TYPE_DATA_RX, 0, pkt_tx_status, TXRX_PKT_FORMAT_8023); } diff --git a/core/dp/txrx/ol_tx_send.c b/core/dp/txrx/ol_tx_send.c index da4ab21e38c1..1b69f9c0c327 100644 --- a/core/dp/txrx/ol_tx_send.c +++ b/core/dp/txrx/ol_tx_send.c @@ -835,6 +835,10 @@ ol_tx_process_mon_tx_completion( qdf_nbuf_t netbuf; int nbuf_len; struct qdf_tso_seg_elem_t *tso_seg = NULL; + struct ol_mon_tx_status pkt_tx_status = {0}; + + pkt_tx_status.status = status; + pkt_tx_status.tx_retry_cnt = payload->tx_retry_cnt; qdf_assert(tx_desc); @@ -928,7 +932,7 @@ ol_tx_process_mon_tx_completion( ol_txrx_mon_data_process(tx_desc->vdev_id, netbuf, PROCESS_TYPE_DATA_TX_COMPL, - tid, status, TXRX_PKT_FORMAT_8023); + tid, pkt_tx_status, TXRX_PKT_FORMAT_8023); } void @@ -936,7 +940,7 @@ ol_tx_offload_deliver_indication_handler(ol_txrx_pdev_handle pdev, void *msg) { int nbuf_len; qdf_nbuf_t netbuf; - uint8_t status; + struct ol_mon_tx_status pkt_tx_status = {0}; uint8_t tid = 0; bool pkt_format; u_int32_t *msg_word = (u_int32_t *)msg; @@ -974,7 +978,8 @@ ol_tx_offload_deliver_indication_handler(ol_txrx_pdev_handle pdev, void *msg) qdf_mem_copy(qdf_nbuf_data(netbuf), txhdr, sizeof(struct htt_tx_data_hdr_information)); - status = offload_deliver_msg->status; + pkt_tx_status.status = offload_deliver_msg->status; + pkt_tx_status.tx_retry_cnt = offload_deliver_msg->tx_retry_cnt; pkt_format = offload_deliver_msg->format; tid = offload_deliver_msg->tid_num; /* Is FW sends offload data during roaming */ @@ -985,7 +990,7 @@ ol_tx_offload_deliver_indication_handler(ol_txrx_pdev_handle pdev, void *msg) ol_txrx_mon_data_process( vdev_id, netbuf, PROCESS_TYPE_DATA_TX, - tid, status, pkt_format); + tid, pkt_tx_status, pkt_format); } /** diff --git a/core/dp/txrx/ol_txrx.c b/core/dp/txrx/ol_txrx.c index 07692b6347b7..be2929374b23 100644 --- a/core/dp/txrx/ol_txrx.c +++ b/core/dp/txrx/ol_txrx.c @@ -5471,14 +5471,15 @@ static inline int ol_txrx_drop_nbuf_list(qdf_nbuf_t buf_list) * @nbuf_list: netbuf list * @vdev_id: vdev id for which packet is captured * @tid: tid number - * @status: Tx status + * @pkt_tx_status: Tx status * @pktformat: Frame format * * Return: none */ static void ol_txrx_mon_mgmt_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, - uint8_t tid, uint8_t status, bool pkt_format) + uint8_t tid, struct ol_mon_tx_status pkt_tx_status, + bool pkt_format) { struct ol_txrx_pdev_t *pdev = (struct ol_txrx_pdev_t *)ppdev; uint8_t drop_count; @@ -5529,6 +5530,7 @@ bool ol_txrx_mon_mgmt_process(struct mon_rx_status *txrx_status, struct cds_ol_mon_pkt *pkt; ol_txrx_pdev_handle pdev = cds_get_context(QDF_MODULE_ID_TXRX); p_cds_sched_context sched_ctx = get_cds_sched_ctxt(); + struct ol_mon_tx_status pkt_tx_status = {0}; if (unlikely(!sched_ctx)) return false; @@ -5554,7 +5556,7 @@ bool ol_txrx_mon_mgmt_process(struct mon_rx_status *txrx_status, pkt->monpkt = (void *)nbuf; pkt->vdev_id = HTT_INVALID_VDEV; pkt->tid = HTT_INVALID_TID; - pkt->status = status; + pkt->pkt_tx_status = pkt_tx_status; pkt->pkt_format = TXRX_PKT_FORMAT_80211; cds_indicate_monpkt(sched_ctx, pkt); @@ -5859,6 +5861,7 @@ ol_txrx_update_tx_status(struct ol_txrx_pdev_t *pdev, tx_status->ant_signal_db = mon_hdr->rssi_comb; tx_status->tx_status = mon_hdr->status; tx_status->add_rtap_ext = true; + tx_status->tx_retry_cnt = mon_hdr->tx_retry_cnt; } /** @@ -5868,14 +5871,15 @@ ol_txrx_update_tx_status(struct ol_txrx_pdev_t *pdev, * @nbuf_list: netbuf list * @vdev_id: vdev id for which packet is captured * @tid: tid number - * @status: Tx status + * @pkt_tx_status: Tx status * @pktformat: Frame format * * Return: none */ static void ol_txrx_mon_tx_data_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, - uint8_t tid, uint8_t status, bool pkt_format) + uint8_t tid, struct ol_mon_tx_status pkt_tx_status, + bool pkt_format) { struct ol_txrx_pdev_t *pdev = (struct ol_txrx_pdev_t *)ppdev; qdf_nbuf_t msdu, next_buf; @@ -5947,7 +5951,8 @@ ol_txrx_mon_tx_data_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, mon_hdr.sgi = cmpl_desc->sgi; mon_hdr.ldpc = cmpl_desc->ldpc; mon_hdr.beamformed = cmpl_desc->beamformed; - mon_hdr.status = status; + mon_hdr.status = pkt_tx_status.status; + mon_hdr.tx_retry_cnt = pkt_tx_status.tx_retry_cnt; qdf_nbuf_pull_head( msdu, @@ -6052,6 +6057,7 @@ ol_txrx_mon_tx_data_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, msdu = next_buf; } + return; free_buf: @@ -6065,14 +6071,15 @@ free_buf: * @nbuf_list: netbuf list * @vdev_id: vdev id for which packet is captured * @tid: tid number - * @status: Tx status + * @pkt_tx_status: Tx status * @pktformat: Frame format * * Return: none */ static void ol_txrx_mon_rx_data_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, - uint8_t tid, uint8_t status, bool pkt_format) + uint8_t tid, struct ol_mon_tx_status pkt_tx_status, + bool pkt_format) { struct ol_txrx_pdev_t *pdev = (struct ol_txrx_pdev_t *)ppdev; qdf_nbuf_t buf_list = (qdf_nbuf_t)nbuf_list; @@ -6161,8 +6168,9 @@ ol_txrx_mon_rx_data_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, ol_htt_mon_note_chan(pdev, chan); htt_rx_mon_get_rx_status(pdev->htt_pdev, rx_desc, &rx_status); - rx_status.tx_status = status; + rx_status.tx_status = pkt_tx_status.status; rx_status.add_rtap_ext = true; + rx_status.tx_retry_cnt = pkt_tx_status.tx_retry_cnt; /* clear IEEE80211_RADIOTAP_F_FCS flag*/ rx_status.rtap_flags &= ~(BIT(4)); @@ -6233,13 +6241,17 @@ ol_txrx_pktcapture_status_map(uint8_t status) void ol_txrx_mon_data_process(uint8_t vdev_id, qdf_nbuf_t mon_buf_list, enum mon_data_process_type type, - uint8_t tid, uint8_t status, bool pkt_format) + uint8_t tid, + struct ol_mon_tx_status pkt_tx_status, + bool pkt_format) { uint8_t drop_count; struct cds_ol_mon_pkt *pkt; ol_txrx_pdev_handle pdev = cds_get_context(QDF_MODULE_ID_TXRX); p_cds_sched_context sched_ctx = get_cds_sched_ctxt(); cds_ol_mon_thread_cb callback = NULL; + pkt_tx_status.status = + ol_txrx_pktcapture_status_map(pkt_tx_status.status); if (!pdev) { ol_txrx_err("pdev is NULL"); @@ -6269,7 +6281,7 @@ void ol_txrx_mon_data_process(uint8_t vdev_id, pkt->monpkt = (void *)mon_buf_list; pkt->vdev_id = vdev_id; pkt->tid = tid; - pkt->status = ol_txrx_pktcapture_status_map(status); + pkt->pkt_tx_status = pkt_tx_status; pkt->pkt_format = pkt_format; cds_indicate_monpkt(sched_ctx, pkt); return; diff --git a/core/dp/txrx/ol_txrx.h b/core/dp/txrx/ol_txrx.h index 40c77a5e2c4c..a4498059c839 100644 --- a/core/dp/txrx/ol_txrx.h +++ b/core/dp/txrx/ol_txrx.h @@ -225,4 +225,16 @@ enum pktcapture_tx_status { pktcapture_tx_status_discard, pktcapture_tx_status_no_ack, }; + +/* + * struct ol_mon_tx_status - tx packets info + * @status: tx status + * @tx_retry_cnt: tx retry count + * + */ + +struct ol_mon_tx_status { + uint8_t status; + uint8_t tx_retry_cnt; +}; #endif /* _OL_TXRX__H_ */ diff --git a/core/dp/txrx/ol_txrx_types.h b/core/dp/txrx/ol_txrx_types.h index fe230839a151..3203a75ebeb0 100644 --- a/core/dp/txrx/ol_txrx_types.h +++ b/core/dp/txrx/ol_txrx_types.h @@ -576,6 +576,7 @@ struct ol_txrx_mon_hdr_elem_t { bool beamformed; bool dir; /* rx:0 , tx:1 */ uint8_t status; /* tx status */ + uint8_t tx_retry_cnt; }; /* diff --git a/core/wma/src/wma_mgmt.c b/core/wma/src/wma_mgmt.c index 09cbd9772617..bb3a22b820ba 100644 --- a/core/wma/src/wma_mgmt.c +++ b/core/wma/src/wma_mgmt.c @@ -2895,6 +2895,7 @@ wma_process_mon_mgmt_tx_data(wmi_mgmt_hdr *hdr, txrx_status.rate = ((txrx_status.rate == 6 /* Mbps */) ? 0x0c : 0x02); txrx_status.tx_status = status; txrx_status.add_rtap_ext = true; + txrx_status.tx_retry_cnt = hdr->tx_retry_cnt; wh = (struct ieee80211_frame *)qdf_nbuf_data(nbuf); wh->i_fc[1] &= ~IEEE80211_FC1_WEP; -- cgit v1.2.3 From dd0221e946e03e493c76ce7edf3ae99d0db508b6 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Wed, 30 Oct 2019 01:52:46 -0700 Subject: Release 5.1.1.75I Release 5.1.1.75I Change-Id: I6cd731468ae0996bb94329d5b99b49d04ac3012f CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 44d7f4ecb2df..378601849c76 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "H" +#define QWLAN_VERSION_EXTRA "I" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75H" +#define QWLAN_VERSIONSTR "5.1.1.75I" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 8713fbfa04bbf8239a77755d13f6d3481cb4847f Mon Sep 17 00:00:00 2001 From: Srinivas Dasari Date: Thu, 10 Oct 2019 18:37:24 +0530 Subject: qcacld-3.0: Clear PTK and GTK install flags in disconnect handler PTK and GTK are installed to firmware and installation status of each key is maintained in driver. Data transmission is allowed only if both the keys are installed. Currently these flags are getting cleared after installing both ptk and gtk to firmware. But if one key is installed and the other key is not installed due to some reason(e.g. connection abort), corresponding status is not cleared and being referred in the next connection attempt. This is causing the data transmission to happen from driver to firmware after installing GTK before installing PTK, as the ptk_installed from previous connection is still set. This is not allowed by firmware and issues an assertion. PTK and GTK are invalid once the station disconnects. So reset the flags as part of connection info cleanup. Reset the flags before issuing connection also to avoid usage of previous connect status or garbage values. Change-Id: I8fa7bd0a15eab2fed80f050e77df3554d0f1b73a CRs-Fixed: 2542785 --- core/hdd/src/wlan_hdd_assoc.c | 7 +++++++ core/hdd/src/wlan_hdd_cfg80211.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/core/hdd/src/wlan_hdd_assoc.c b/core/hdd/src/wlan_hdd_assoc.c index 4275482f7f14..e04e9a0ed1ff 100644 --- a/core/hdd/src/wlan_hdd_assoc.c +++ b/core/hdd/src/wlan_hdd_assoc.c @@ -1579,6 +1579,13 @@ static void hdd_conn_remove_connect_info(hdd_station_ctx_t *pHddStaCtx) pHddStaCtx->conn_info.proxyARPService = 0; qdf_mem_zero(&pHddStaCtx->conn_info.SSID, sizeof(tCsrSSIDInfo)); + + /* + * Reset the ptk, gtk status flags to avoid using current connection + * status in further connections. + */ + pHddStaCtx->conn_info.gtk_installed = false; + pHddStaCtx->conn_info.ptk_installed = false; } /** diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index 5f92b6c09d0f..9d53066ec6c9 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -16958,6 +16958,13 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter, qdf_mem_zero(&hdd_sta_ctx->conn_info.conn_flag, sizeof(hdd_sta_ctx->conn_info.conn_flag)); + /* + * Reset the ptk, gtk status flags to avoid using old/previous + * connection status. + */ + hdd_sta_ctx->conn_info.gtk_installed = false; + hdd_sta_ctx->conn_info.ptk_installed = false; + if (pRoamProfile) { hdd_station_ctx_t *pHddStaCtx; -- cgit v1.2.3 From 3f2f0f5b742ee0f6a6c5b5772ba35fccb2fc2294 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Wed, 30 Oct 2019 06:24:20 -0700 Subject: Release 5.1.1.75J Release 5.1.1.75J Change-Id: Idab0792cc0fb31c46f07dd9d02df544dcc096df4 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 378601849c76..68e54e5911fc 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "I" +#define QWLAN_VERSION_EXTRA "J" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75I" +#define QWLAN_VERSIONSTR "5.1.1.75J" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From f1465d88291cf1e0e3372a3b646f6b9a80c1ccf2 Mon Sep 17 00:00:00 2001 From: Vulupala Shashank Reddy Date: Wed, 30 Oct 2019 16:22:14 +0530 Subject: qcacld-3.0: Tx Power included instead of Ack RSSI in Radio tap header For virtual mon interface RSSI in Radio tap header is filled with Tx power. The RSSI is normalized with Noise Floor (-96), which is not required for TPC value, so add Normalized Noise Floor (96). Change-Id: Ic8c35a93d8c121527058bc1dd265e24952c92b73 CRs-Fixed: 2555934 --- core/dp/txrx/ol_txrx.c | 8 +++++++- core/wma/src/wma_mgmt.c | 9 ++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/core/dp/txrx/ol_txrx.c b/core/dp/txrx/ol_txrx.c index be2929374b23..2b56f7e3f3e9 100644 --- a/core/dp/txrx/ol_txrx.c +++ b/core/dp/txrx/ol_txrx.c @@ -115,6 +115,8 @@ enum dpt_set_param_debugfs { #define OL_TXRX_PEER_DEC_REF_CNT_SILENT(peer) \ qdf_atomic_dec(&peer->ref_cnt) +#define NORMALIZED_TO_NOISE_FLOOR (-96) + ol_txrx_peer_handle ol_txrx_peer_find_by_local_id_inc_ref(struct ol_txrx_pdev_t *pdev, uint8_t local_peer_id); @@ -5858,7 +5860,11 @@ ol_txrx_update_tx_status(struct ol_txrx_pdev_t *pdev, IEEE80211_CHAN_2GHZ : IEEE80211_CHAN_5GHZ); tx_status->chan_flags = channel_flags; - tx_status->ant_signal_db = mon_hdr->rssi_comb; + /* RSSI is filled with TPC which will be normalized + * during radiotap updation, so add 96 here + */ + tx_status->ant_signal_db = + mon_hdr->rssi_comb - NORMALIZED_TO_NOISE_FLOOR; tx_status->tx_status = mon_hdr->status; tx_status->add_rtap_ext = true; tx_status->tx_retry_cnt = mon_hdr->tx_retry_cnt; diff --git a/core/wma/src/wma_mgmt.c b/core/wma/src/wma_mgmt.c index bb3a22b820ba..0307894ac535 100644 --- a/core/wma/src/wma_mgmt.c +++ b/core/wma/src/wma_mgmt.c @@ -2777,6 +2777,7 @@ static const char *wma_get_status_str(uint32_t status) #define RATE_LIMIT 16 #define RESERVE_BYTES 100 +#define NORMALIZED_TO_NOISE_FLOOR (-96) /** * wma_process_mon_mgmt_tx_data(): process management tx packets @@ -2875,12 +2876,10 @@ wma_process_mon_mgmt_tx_data(wmi_mgmt_hdr *hdr, txrx_status.chan_freq = hdr->chan_freq; /* hdr->rate is in Kbps, convert into Mbps */ txrx_status.rate = (hdr->rate_kbps / 1000); - txrx_status.ant_signal_db = hdr->rssi; - /* RSSI -128 is invalid rssi for TX, add 96 here, - * will be normalized during radiotap updation + /* RSSI is filled with TPC which will be normalized + * during radiotap updation, so add 96 here */ - if (txrx_status.ant_signal_db == -128) - txrx_status.ant_signal_db += 96; + txrx_status.ant_signal_db = hdr->rssi - NORMALIZED_TO_NOISE_FLOOR; txrx_status.nr_ant = 1; txrx_status.rtap_flags |= -- cgit v1.2.3 From 2e163778913a9b2f50e4873a84321a0285530f20 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Thu, 31 Oct 2019 06:27:08 -0700 Subject: Release 5.1.1.75K Release 5.1.1.75K Change-Id: Iea08d93d337704e43ea20b1760df26d9db16bdb8 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 68e54e5911fc..c525b097a3f1 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "J" +#define QWLAN_VERSION_EXTRA "K" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75J" +#define QWLAN_VERSIONSTR "5.1.1.75K" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 6e01cf829ae6952cbe6a5d760e98293451b93936 Mon Sep 17 00:00:00 2001 From: Vulupala Shashank Reddy Date: Mon, 30 Sep 2019 18:08:12 +0530 Subject: qcacld-3.0: offload tx packets freq update for virtual mon Freq information not received from FW for offloaded tx frames. Now FW will send freq information of offload tx frames using existing htt interface reserved field. Update freq of offload tx packets, received in reserved field. Change-Id: I816844b2ea242fb813d6ab2ddb54aa3acab118d9 CRs-Fixed: 2557379 --- core/dp/txrx/ol_tx_send.c | 8 +++++++- core/dp/txrx/ol_txrx.c | 12 ++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/core/dp/txrx/ol_tx_send.c b/core/dp/txrx/ol_tx_send.c index 1b69f9c0c327..a1c433499fe2 100644 --- a/core/dp/txrx/ol_tx_send.c +++ b/core/dp/txrx/ol_tx_send.c @@ -54,6 +54,7 @@ #include #include #include +#include "cds_utils.h" #ifdef TX_CREDIT_RECLAIM_SUPPORT @@ -949,6 +950,7 @@ ol_tx_offload_deliver_indication_handler(ol_txrx_pdev_handle pdev, void *msg) struct htt_tx_offload_deliver_ind_hdr_t *offload_deliver_msg; bool is_pkt_during_roam = false; uint8_t vdev_id; + uint32_t freq = 0; offload_deliver_msg = (struct htt_tx_offload_deliver_ind_hdr_t *)msg; @@ -984,8 +986,12 @@ ol_tx_offload_deliver_indication_handler(ol_txrx_pdev_handle pdev, void *msg) tid = offload_deliver_msg->tid_num; /* Is FW sends offload data during roaming */ is_pkt_during_roam = (offload_deliver_msg->reserved_2 ? true : false); - if (is_pkt_during_roam) + if (is_pkt_during_roam) { vdev_id = HTT_INVALID_VDEV; + freq = (uint32_t)offload_deliver_msg->reserved_3; + + ol_htt_mon_note_chan(pdev, cds_freq_to_chan(freq)); + } ol_txrx_mon_data_process( vdev_id, diff --git a/core/dp/txrx/ol_txrx.c b/core/dp/txrx/ol_txrx.c index 2b56f7e3f3e9..5fdd4219b784 100644 --- a/core/dp/txrx/ol_txrx.c +++ b/core/dp/txrx/ol_txrx.c @@ -6043,8 +6043,10 @@ ol_txrx_mon_tx_data_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, /* * Get the channel info and update the rx status */ - cds_get_chan_by_session_id(vdev_id, &chan); - ol_htt_mon_note_chan(pdev, chan); + if (vdev_id != HTT_INVALID_VDEV) { + cds_get_chan_by_session_id(vdev_id, &chan); + ol_htt_mon_note_chan(pdev, chan); + } ol_txrx_update_tx_status(pdev, &tx_status, &mon_hdr); @@ -6170,8 +6172,10 @@ ol_txrx_mon_rx_data_cb(void *ppdev, void *nbuf_list, uint8_t vdev_id, /* * Get the channel info and update the rx status */ - cds_get_chan_by_session_id(vdev_id, &chan); - ol_htt_mon_note_chan(pdev, chan); + if (vdev_id != HTT_INVALID_VDEV) { + cds_get_chan_by_session_id(vdev_id, &chan); + ol_htt_mon_note_chan(pdev, chan); + } htt_rx_mon_get_rx_status(pdev->htt_pdev, rx_desc, &rx_status); rx_status.tx_status = pkt_tx_status.status; -- cgit v1.2.3 From 529497c3498afb9ba51e9e8c46232537ed5ad9cb Mon Sep 17 00:00:00 2001 From: nshrivas Date: Fri, 1 Nov 2019 06:15:15 -0700 Subject: Release 5.1.1.75L Release 5.1.1.75L Change-Id: I392b9b0243a86a89645371ebe77ff601bfc283a9 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index c525b097a3f1..3eb069e6c4f6 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "K" +#define QWLAN_VERSION_EXTRA "L" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75K" +#define QWLAN_VERSIONSTR "5.1.1.75L" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 7e2f302ac59d58865c02cd251f86323e9d0d8c1b Mon Sep 17 00:00:00 2001 From: gaurank kathpalia Date: Wed, 6 Nov 2019 12:43:35 +0530 Subject: qcacld-3.0: Use variable size structure to store channel in scan req Currently the array of scan channel list is of size SIR_ESE_MAX_MEAS_IE_REQS, but the memory is allocated dynamically for the channge which can be greater than SIR_ESE_MAX_MEAS_IE_REQS. So use dynamic array for this as memory is allocated for this every time. Change-Id: I3c854b339c49d9f628033aa6742d57568ec14954 CRs-Fixed: 2560184 --- core/mac/inc/sir_api.h | 9 +++++++-- core/mac/src/pe/lim/lim_ft_preauth.c | 5 +++-- core/mac/src/pe/lim/lim_p2p.c | 3 ++- core/mac/src/pe/lim/lim_process_sme_req_messages.c | 8 ++------ core/sme/src/csr/csr_api_scan.c | 18 ++++++------------ 5 files changed, 20 insertions(+), 23 deletions(-) diff --git a/core/mac/inc/sir_api.h b/core/mac/inc/sir_api.h index f1f523eca137..803d8af3e63b 100644 --- a/core/mac/inc/sir_api.h +++ b/core/mac/inc/sir_api.h @@ -925,6 +925,11 @@ typedef struct sSirChannelList { uint8_t channelNumber[SIR_ESE_MAX_MEAS_IE_REQS]; } tSirChannelList, *tpSirChannelList; +struct sir_channel_list { + uint8_t numChannels; + uint8_t channelNumber[]; +}; + typedef struct sSirDFSChannelList { uint32_t timeStamp[SIR_MAX_24G_5G_CHANNEL_RANGE]; @@ -1058,7 +1063,7 @@ typedef struct sSirSmeScanReq { uint32_t oui_field_offset; /* channelList MUST be the last field of this structure */ - tSirChannelList channelList; + struct sir_channel_list channelList; /*----------------------------- tSirSmeScanReq.... @@ -4340,7 +4345,7 @@ typedef struct sSirScanOffloadReq { uint32_t oui_field_len; uint32_t oui_field_offset; - tSirChannelList channelList; + struct sir_channel_list channelList; /*----------------------------- sSirScanOffloadReq.... ----------------------------- diff --git a/core/mac/src/pe/lim/lim_ft_preauth.c b/core/mac/src/pe/lim/lim_ft_preauth.c index 24c98a3313b5..250a7353b08a 100644 --- a/core/mac/src/pe/lim/lim_ft_preauth.c +++ b/core/mac/src/pe/lim/lim_ft_preauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -670,7 +670,8 @@ QDF_STATUS lim_send_preauth_scan_offload(tpAniSirGlobal mac_ctx, tSirRetStatus rc = eSIR_SUCCESS; tSirMsgQ msg; - scan_offload_req = qdf_mem_malloc(sizeof(tSirScanOffloadReq)); + scan_offload_req = qdf_mem_malloc(sizeof(tSirScanOffloadReq) + + sizeof(uint8_t)); if (NULL == scan_offload_req) { pe_err("Memory allocation failed for pScanOffloadReq"); return QDF_STATUS_E_NOMEM; diff --git a/core/mac/src/pe/lim/lim_p2p.c b/core/mac/src/pe/lim/lim_p2p.c index 1cb32030d462..121f18145831 100644 --- a/core/mac/src/pe/lim/lim_p2p.c +++ b/core/mac/src/pe/lim/lim_p2p.c @@ -79,7 +79,8 @@ static QDF_STATUS lim_send_hal_req_remain_on_chan_offload(tpAniSirGlobal pMac, return QDF_STATUS_E_INVAL; } - pScanOffloadReq = qdf_mem_malloc(sizeof(tSirScanOffloadReq)); + pScanOffloadReq = qdf_mem_malloc(sizeof(tSirScanOffloadReq) + + sizeof(uint8_t)); if (NULL == pScanOffloadReq) { pe_err("Memory allocation failed for pScanOffloadReq"); return QDF_STATUS_E_NOMEM; diff --git a/core/mac/src/pe/lim/lim_process_sme_req_messages.c b/core/mac/src/pe/lim/lim_process_sme_req_messages.c index 1aebd0ac2253..27e338bc77bc 100644 --- a/core/mac/src/pe/lim/lim_process_sme_req_messages.c +++ b/core/mac/src/pe/lim/lim_process_sme_req_messages.c @@ -1215,12 +1215,8 @@ static QDF_STATUS lim_send_hal_start_scan_offload_req(tpAniSirGlobal pMac, pe_debug("No IEs in the scan request from supplicant"); } - /** - * The tSirScanOffloadReq will reserve the space for first channel, - * so allocate the memory for (numChannels - 1) and uIEFieldLen - */ len = sizeof(tSirScanOffloadReq) + - (pScanReq->channelList.numChannels - 1) + + (pScanReq->channelList.numChannels) + pScanReq->uIEFieldLen + pScanReq->oui_field_len; pScanOffloadReq = qdf_mem_malloc(len); @@ -1328,7 +1324,7 @@ static QDF_STATUS lim_send_hal_start_scan_offload_req(tpAniSirGlobal pMac, pScanReq->probe_req_ie_bitmap, PROBE_REQ_BITMAP_LEN * sizeof(uint32_t)); pScanOffloadReq->oui_field_offset = sizeof(tSirScanOffloadReq) + - (pScanOffloadReq->channelList.numChannels - 1) + + (pScanOffloadReq->channelList.numChannels) + pScanOffloadReq->uIEFieldLen; if (pScanOffloadReq->num_vendor_oui != 0) { qdf_mem_copy( diff --git a/core/sme/src/csr/csr_api_scan.c b/core/sme/src/csr/csr_api_scan.c index 04b6ba509142..949134f96488 100644 --- a/core/sme/src/csr/csr_api_scan.c +++ b/core/sme/src/csr/csr_api_scan.c @@ -5877,10 +5877,8 @@ static void csr_populate_ie_whitelist_attrs(tSirSmeScanReq *msg, qdf_mem_copy(msg->probe_req_ie_bitmap, scan_req->probe_req_ie_bitmap, PROBE_REQ_BITMAP_LEN * sizeof(uint32_t)); msg->oui_field_len = scan_req->num_vendor_oui * sizeof(*scan_req->voui); - msg->oui_field_offset = (sizeof(tSirSmeScanReq) - - sizeof(msg->channelList.channelNumber) + - (sizeof(msg->channelList.channelNumber) * - scan_req->ChannelInfo.numOfChannels)) + + msg->oui_field_offset = (sizeof(tSirSmeScanReq) + + (scan_req->ChannelInfo.numOfChannels)) + scan_req->uIEFieldLen; if (scan_req->num_vendor_oui != 0) @@ -5901,10 +5899,8 @@ static QDF_STATUS csr_send_mb_scan_req(tpAniSirGlobal pMac, uint16_t sessionId, uint32_t i; struct qdf_mac_addr selfmac; - msgLen = (uint16_t) (sizeof(tSirSmeScanReq) - - sizeof(pMsg->channelList.channelNumber) + - (sizeof(pMsg->channelList.channelNumber) * - pScanReq->ChannelInfo.numOfChannels)) + + msgLen = (uint16_t) (sizeof(tSirSmeScanReq) + + (pScanReq->ChannelInfo.numOfChannels)) + (pScanReq->uIEFieldLen) + pScanReq->num_vendor_oui * sizeof(*pScanReq->voui); @@ -6058,10 +6054,8 @@ static QDF_STATUS csr_send_mb_scan_req(tpAniSirGlobal pMac, uint16_t sessionId, } pMsg->uIEFieldLen = (uint16_t) pScanReq->uIEFieldLen; - pMsg->uIEFieldOffset = (uint16_t) (sizeof(tSirSmeScanReq) - - sizeof(pMsg->channelList.channelNumber) + - (sizeof(pMsg->channelList.channelNumber) * - pScanReq->ChannelInfo.numOfChannels)); + pMsg->uIEFieldOffset = (uint16_t) (sizeof(tSirSmeScanReq) + + (pMsg->channelList.numChannels)); if (pScanReq->uIEFieldLen != 0) { qdf_mem_copy((uint8_t *) pMsg + pMsg->uIEFieldOffset, pScanReq->pIEField, pScanReq->uIEFieldLen); -- cgit v1.2.3 From 220041f19e8b30674ed8dd18b3f574cfbc71f7f1 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Wed, 6 Nov 2019 22:25:55 -0800 Subject: Release 5.1.1.75M Release 5.1.1.75M Change-Id: I89ed5c6fc265e9b81185fdf0ee2df89bf1cd257f CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 3eb069e6c4f6..41f78238e231 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "L" +#define QWLAN_VERSION_EXTRA "M" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75L" +#define QWLAN_VERSIONSTR "5.1.1.75M" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From f1c15961a8f0aa42485269d9bbe4d4cab504e292 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar Date: Thu, 14 Nov 2019 14:19:44 +0530 Subject: qcacld-3.0: Possible OOB write in rrm_process_radio_measurement_request In case if two measurement requests calls update_rrm_report() twice, possible out-of-bounds write for the allocated report array, report[] in rrm_process_radio_measurement_request. Change-Id: Icc8b7aa14bbcc1219d28025e599c9976a3525bba CRs-Fixed: 2564485 --- core/mac/src/pe/rrm/rrm_api.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/core/mac/src/pe/rrm/rrm_api.c b/core/mac/src/pe/rrm/rrm_api.c index e67d9bbe74ae..ea44a5ed7a4d 100644 --- a/core/mac/src/pe/rrm/rrm_api.c +++ b/core/mac/src/pe/rrm/rrm_api.c @@ -1137,28 +1137,30 @@ tSirRetStatus rrm_process_beacon_req(tpAniSirGlobal mac_ctx, tSirMacAddr peer, */ static tSirRetStatus update_rrm_report(tpAniSirGlobal mac_ctx, - tpSirMacRadioMeasureReport report, + tpSirMacRadioMeasureReport *report, tDot11fRadioMeasurementRequest *rrm_req, uint8_t *num_report, int index) { - if (report == NULL) { + tpSirMacRadioMeasureReport rrm_report; + + if (!*report) { /* * Allocate memory to send reports for * any subsequent requests. */ - report = qdf_mem_malloc(sizeof(*report) * + *report = qdf_mem_malloc(sizeof(tSirMacRadioMeasureReport) * (rrm_req->num_MeasurementRequest - index)); - if (NULL == report) { - pe_err("Unable to allocate memory during RRM Req processing"); + if (!*report) { + pe_err("Fail to alloc mem during RRM Req processing"); return eSIR_MEM_ALLOC_FAILED; } - pe_debug("rrm beacon type incapable of %d report", - *num_report); + pe_debug("rrm beacon type incapable of %d report", *num_report); } - report[*num_report].incapable = 1; - report[*num_report].type = + rrm_report = *report; + rrm_report[*num_report].incapable = 1; + rrm_report[*num_report].type = rrm_req->MeasurementRequest[index].measurement_type; - report[*num_report].token = + rrm_report[*num_report].token = rrm_req->MeasurementRequest[index].measurement_token; (*num_report)++; return eSIR_SUCCESS; @@ -1240,7 +1242,7 @@ rrm_process_radio_measurement_request(tpAniSirGlobal mac_ctx, break; default: /* Send a report with incapabale bit set. */ - status = update_rrm_report(mac_ctx, report, rrm_req, + status = update_rrm_report(mac_ctx, &report, rrm_req, &num_report, i); if (eSIR_SUCCESS != status) return status; -- cgit v1.2.3 From a2f21ba513332339ed7fec37fbe8ff64e1d349a9 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Mon, 18 Nov 2019 02:24:42 -0800 Subject: Release 5.1.1.75N Release 5.1.1.75N Change-Id: I6608770b44c1688097c17b63ddfc63f424d03142 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 41f78238e231..672cb76191fb 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "M" +#define QWLAN_VERSION_EXTRA "N" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75M" +#define QWLAN_VERSIONSTR "5.1.1.75N" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 9861a83f8c262d423d59b12922daf4b867e76e0c Mon Sep 17 00:00:00 2001 From: gaurank kathpalia Date: Thu, 21 Nov 2019 14:57:52 +0530 Subject: qcacld-3.0: Remove unnecessary brackets in driver Remove unnecessary brackets in driver. Change-Id: I33e0a97d1f76f4bff2471faad20b7dd2f36ce844 CRs-Fixed: 2571269 --- core/mac/src/pe/lim/lim_process_sme_req_messages.c | 4 ++-- core/sme/src/csr/csr_api_scan.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/core/mac/src/pe/lim/lim_process_sme_req_messages.c b/core/mac/src/pe/lim/lim_process_sme_req_messages.c index 27e338bc77bc..e5e33917fb9c 100644 --- a/core/mac/src/pe/lim/lim_process_sme_req_messages.c +++ b/core/mac/src/pe/lim/lim_process_sme_req_messages.c @@ -1216,7 +1216,7 @@ static QDF_STATUS lim_send_hal_start_scan_offload_req(tpAniSirGlobal pMac, } len = sizeof(tSirScanOffloadReq) + - (pScanReq->channelList.numChannels) + + pScanReq->channelList.numChannels + pScanReq->uIEFieldLen + pScanReq->oui_field_len; pScanOffloadReq = qdf_mem_malloc(len); @@ -1324,7 +1324,7 @@ static QDF_STATUS lim_send_hal_start_scan_offload_req(tpAniSirGlobal pMac, pScanReq->probe_req_ie_bitmap, PROBE_REQ_BITMAP_LEN * sizeof(uint32_t)); pScanOffloadReq->oui_field_offset = sizeof(tSirScanOffloadReq) + - (pScanOffloadReq->channelList.numChannels) + + pScanOffloadReq->channelList.numChannels + pScanOffloadReq->uIEFieldLen; if (pScanOffloadReq->num_vendor_oui != 0) { qdf_mem_copy( diff --git a/core/sme/src/csr/csr_api_scan.c b/core/sme/src/csr/csr_api_scan.c index 949134f96488..f2b9b69c2d35 100644 --- a/core/sme/src/csr/csr_api_scan.c +++ b/core/sme/src/csr/csr_api_scan.c @@ -5877,8 +5877,8 @@ static void csr_populate_ie_whitelist_attrs(tSirSmeScanReq *msg, qdf_mem_copy(msg->probe_req_ie_bitmap, scan_req->probe_req_ie_bitmap, PROBE_REQ_BITMAP_LEN * sizeof(uint32_t)); msg->oui_field_len = scan_req->num_vendor_oui * sizeof(*scan_req->voui); - msg->oui_field_offset = (sizeof(tSirSmeScanReq) + - (scan_req->ChannelInfo.numOfChannels)) + + msg->oui_field_offset = sizeof(tSirSmeScanReq) + + scan_req->ChannelInfo.numOfChannels + scan_req->uIEFieldLen; if (scan_req->num_vendor_oui != 0) -- cgit v1.2.3 From a06c03f737e30640d183f4a0473bc13c3a92305a Mon Sep 17 00:00:00 2001 From: nshrivas Date: Thu, 21 Nov 2019 07:54:23 -0800 Subject: Release 5.1.1.75O Release 5.1.1.75O Change-Id: I5e80fff91c425b3c13a011ae3af5b55d7e6a297f CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 672cb76191fb..bcc21f751029 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "N" +#define QWLAN_VERSION_EXTRA "O" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75N" +#define QWLAN_VERSIONSTR "5.1.1.75O" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 309e8dc4697e61b6823b07f0b49234e641046631 Mon Sep 17 00:00:00 2001 From: Pragaspathi Thilagaraj Date: Thu, 21 Nov 2019 18:57:55 +0530 Subject: qcacld-3.0: Validate number of requested EIDs in beacon request If the requested info field in beacon report request is present, the driver tries to allocate memory for the target beacon report EIDs from the number of requested EIDs received from the frame. In SLUB disabled builds, the qdf_mem_malloc function doesn't validate if the size provided is 0 and returns the value ZERO_SIZE_PTR(((void *)16)) for the pointer. When this pointer is dereferenced, it causes invalid address dereference. Since the number of requested EIDs is directly controlled by the frame sent by AP, validate this value before using it to allocate memory. Change-Id: Icbac3e952de0d7ae3144e9b319f2c51ccdf93ac5 CRs-Fixed: 2571480 --- core/mac/src/pe/rrm/rrm_api.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/core/mac/src/pe/rrm/rrm_api.c b/core/mac/src/pe/rrm/rrm_api.c index ea44a5ed7a4d..e001fbbb26fb 100644 --- a/core/mac/src/pe/rrm/rrm_api.c +++ b/core/mac/src/pe/rrm/rrm_api.c @@ -572,6 +572,11 @@ rrm_process_beacon_report_req(tpAniSirGlobal pMac, } if (pBeaconReq->measurement_request.Beacon.RequestedInfo.present) { + if (!pBeaconReq->measurement_request.Beacon.RequestedInfo. + num_requested_eids) { + pe_debug("802.11k BCN RPT: Requested num of EID is 0"); + return eRRM_FAILURE; + } pCurrentReq->request.Beacon.reqIes.pElementIds = qdf_mem_malloc(sizeof(uint8_t) * pBeaconReq->measurement_request.Beacon. @@ -580,6 +585,7 @@ rrm_process_beacon_report_req(tpAniSirGlobal pMac, pe_err("Unable to allocate memory for request IEs buffer"); return eRRM_FAILURE; } + pCurrentReq->request.Beacon.reqIes.num = pBeaconReq->measurement_request.Beacon.RequestedInfo. num_requested_eids; @@ -587,6 +593,11 @@ rrm_process_beacon_report_req(tpAniSirGlobal pMac, pBeaconReq->measurement_request.Beacon. RequestedInfo.requested_eids, pCurrentReq->request.Beacon.reqIes.num); + pe_debug("802.11k BCN RPT: Requested EIDs: num:[%d]", + pCurrentReq->request.Beacon.reqIes.num); + QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG, + pCurrentReq->request.Beacon.reqIes.pElementIds, + pCurrentReq->request.Beacon.reqIes.num); } if (pBeaconReq->measurement_request.Beacon.num_APChannelReport) { -- cgit v1.2.3 From 007e63ee934c2123334fa01bf2a576d3e3c5eb8a Mon Sep 17 00:00:00 2001 From: nshrivas Date: Fri, 22 Nov 2019 04:08:30 -0800 Subject: Release 5.1.1.75P Release 5.1.1.75P Change-Id: I6d0308ec6570f09649dde5059a698d508662a947 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index bcc21f751029..eba387cc64ae 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "O" +#define QWLAN_VERSION_EXTRA "P" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75O" +#define QWLAN_VERSIONSTR "5.1.1.75P" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 38c2a74667500b3974dfb659dbee3c8bb6096f56 Mon Sep 17 00:00:00 2001 From: Vevek Venkatesan Date: Thu, 28 Nov 2019 17:51:42 +0530 Subject: qcacld-3.0: setup IPA sys pipes if ipa_wdi_init succeeds At present, IPA sys pipes setup done before ipa_wdi_init, so chances for IPA uC is not yet up and running. As wdi init succeeds only if uC is up and running, setting up IPA sys pipes after ipa_wdi_init succeeds. Change-Id: Iee9783b0238a3bc96a2e73e47ffebf3b44623485 CRs-Fixed: 2573929 --- core/hdd/src/wlan_hdd_ipa.c | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/core/hdd/src/wlan_hdd_ipa.c b/core/hdd/src/wlan_hdd_ipa.c index d582e6ba8fc3..f2275fc5e09f 100644 --- a/core/hdd/src/wlan_hdd_ipa.c +++ b/core/hdd/src/wlan_hdd_ipa.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2019 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -658,6 +658,7 @@ static int hdd_ipa_uc_enable_pipes(struct hdd_ipa_priv *hdd_ipa); static int hdd_ipa_wdi_init(struct hdd_ipa_priv *hdd_ipa); static void hdd_ipa_send_pkt_to_tl(struct hdd_ipa_iface_context *iface_context, struct ipa_rx_data *ipa_tx_desc); +static int hdd_ipa_setup_sys_pipe(struct hdd_ipa_priv *hdd_ipa); /** * hdd_ipa_uc_get_db_paddr() - Get Doorbell physical address @@ -4062,6 +4063,19 @@ static void hdd_ipa_uc_loaded_handler(struct hdd_ipa_priv *ipa_ctxt) return; } + /* Setup IPA sys_pipe for MCC */ + if (hdd_ipa_uc_sta_is_enabled(ipa_ctxt->hdd_ctx)) { + ret = hdd_ipa_setup_sys_pipe(ipa_ctxt); + if (ret) { + HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR, + "ipa sys pipes setup failed ret=%d", ret); + return; + } + + INIT_WORK(&ipa_ctxt->mcc_work, + hdd_ipa_mcc_work_handler); + } + /* Connect pipe */ ret = hdd_ipa_wdi_conn_pipes(ipa_ctxt, ipa_res); if (ret) { @@ -7503,14 +7517,6 @@ static QDF_STATUS __hdd_ipa_init(hdd_context_t *hdd_ctx) hdd_ipa->sta_connected = 0; hdd_ipa->ipa_pipes_down = true; hdd_ipa->wdi_enabled = false; - /* Setup IPA sys_pipe for MCC */ - if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx)) { - ret = hdd_ipa_setup_sys_pipe(hdd_ipa); - if (ret) - goto fail_create_sys_pipe; - - INIT_WORK(&hdd_ipa->mcc_work, hdd_ipa_mcc_work_handler); - } ret = hdd_ipa_wdi_init(hdd_ipa); if (ret) { @@ -7518,15 +7524,25 @@ static QDF_STATUS __hdd_ipa_init(hdd_context_t *hdd_ctx) "ipa wdi init failed ret=%d", ret); if (ret == -EACCES) { if (hdd_ipa_uc_send_wdi_control_msg(false)) - goto fail_create_sys_pipe; + goto ipa_wdi_destroy; } else { - goto fail_create_sys_pipe; + goto ipa_wdi_destroy; + } + } else { + /* Setup IPA sys_pipe for MCC */ + if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx)) { + ret = hdd_ipa_setup_sys_pipe(hdd_ipa); + if (ret) + goto ipa_wdi_destroy; + + INIT_WORK(&hdd_ipa->mcc_work, + hdd_ipa_mcc_work_handler); } } } else { ret = hdd_ipa_setup_sys_pipe(hdd_ipa); if (ret) - goto fail_create_sys_pipe; + goto ipa_wdi_destroy; } init_completion(&hdd_ipa->ipa_resource_comp); @@ -7534,7 +7550,7 @@ static QDF_STATUS __hdd_ipa_init(hdd_context_t *hdd_ctx) HDD_IPA_LOG(QDF_TRACE_LEVEL_DEBUG, "exit: success"); return QDF_STATUS_SUCCESS; -fail_create_sys_pipe: +ipa_wdi_destroy: hdd_ipa_wdi_destroy_rm(hdd_ipa); fail_setup_rm: qdf_spinlock_destroy(&hdd_ipa->pm_lock); -- cgit v1.2.3 From 4423492a78bd6a39c8cafa5032f7dd88f6e7b868 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Mon, 2 Dec 2019 07:45:07 -0800 Subject: Release 5.1.1.75Q Release 5.1.1.75Q Change-Id: Idc6946ecbc9c5764dce1aaa2a732819658622bbc CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index eba387cc64ae..2eec9fa935b5 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "P" +#define QWLAN_VERSION_EXTRA "Q" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75P" +#define QWLAN_VERSIONSTR "5.1.1.75Q" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From 940b9244107eff28d5b884843a687a941fa3d79d Mon Sep 17 00:00:00 2001 From: Sourav Mohapatra Date: Thu, 28 Nov 2019 09:21:57 +0530 Subject: qcacld-3.0: Destroy monitor mode vdev during stop adapter In monitor mode during driver unload VDEV, PDEV and PSOC objects are leaking because stop adapter is not cleaning up monitor mode vdev. Destroy monitor mode vdev object during stop adapter such that VDEV object and its parent PDEV, PSOC objects can be cleaned up properly. Change-Id: Ic5778d03226a880981a4b6affbeeee357e007f65 CRs-Fixed: 2576722 --- core/hdd/src/wlan_hdd_main.c | 12 ++++++++++++ core/wma/src/wma_dev_if.c | 7 ++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index b322a0b128fd..6747d89d69e5 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -5086,6 +5086,18 @@ QDF_STATUS hdd_stop_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter, hdd_wait_for_sme_close_sesion(hdd_ctx, adapter, false); break; + case QDF_MONITOR_MODE: + wlan_hdd_scan_abort(adapter); + hdd_deregister_tx_flow_control(adapter); + + /* + * It is possible that the caller of this function does not + * wish to close the session + */ + if (bCloseSession) + hdd_wait_for_sme_close_sesion(hdd_ctx, adapter, true); + break; + case QDF_SAP_MODE: if (test_bit(ACS_PENDING, &adapter->event_flags)) { cds_flush_delayed_work(&adapter->acs_pending_work); diff --git a/core/wma/src/wma_dev_if.c b/core/wma/src/wma_dev_if.c index 2c6d0e91c380..5d06b0141c2d 100644 --- a/core/wma/src/wma_dev_if.c +++ b/core/wma/src/wma_dev_if.c @@ -690,9 +690,10 @@ QDF_STATUS wma_vdev_detach(tp_wma_handle wma_handle, if (iface->type == WMI_VDEV_TYPE_STA) wma_pno_stop(wma_handle, vdev_id); - /* P2P Device */ - if ((iface->type == WMI_VDEV_TYPE_AP) && - (iface->sub_type == WMI_UNIFIED_VDEV_SUBTYPE_P2P_DEVICE)) { + if (((iface->type == WMI_VDEV_TYPE_AP) && + (iface->sub_type == WMI_UNIFIED_VDEV_SUBTYPE_P2P_DEVICE)) || + (iface->type == WMI_VDEV_TYPE_OCB) || + (iface->type == WMI_VDEV_TYPE_MONITOR)) { status = wma_self_peer_remove(wma_handle, pdel_sta_self_req_param, generateRsp); if ((status != QDF_STATUS_SUCCESS) && generateRsp) { -- cgit v1.2.3 From 01b7ae36bb6f63756fea35e0289c300a8cda31b9 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Tue, 3 Dec 2019 06:04:41 -0800 Subject: Release 5.1.1.75R Release 5.1.1.75R Change-Id: Ife77697a9ab667eef9ee986c128783d2fbda3455 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 2eec9fa935b5..46cf2cc2dd36 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "Q" +#define QWLAN_VERSION_EXTRA "R" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75Q" +#define QWLAN_VERSIONSTR "5.1.1.75R" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From c134153efec09d752b23a44f917a54b0c4b3aecb Mon Sep 17 00:00:00 2001 From: Paul Zhang Date: Mon, 14 Oct 2019 14:06:34 +0800 Subject: qcacld-3.0: Add ini to disable aggressive EDCA config Add action_oui ini gActionOUIDisableAggressiveEDCA to identify peers for which aggressive EDCA configuration causes some IOT issues. Change-Id: Ifea0c224cef2378727c9f78d8b571ea9c57bb662 CRs-Fixed: 2507191 --- core/hdd/inc/wlan_hdd_cfg.h | 27 ++++++++++++++++++++ core/hdd/src/wlan_hdd_cfg.c | 42 +++++++++++++++++++++----------- core/mac/inc/ani_global.h | 4 ++- core/mac/src/pe/sch/sch_beacon_process.c | 3 ++- core/sme/src/csr/csr_api_roam.c | 9 +++++++ 5 files changed, 69 insertions(+), 16 deletions(-) diff --git a/core/hdd/inc/wlan_hdd_cfg.h b/core/hdd/inc/wlan_hdd_cfg.h index 09b887cdb178..11817f9704af 100644 --- a/core/hdd/inc/wlan_hdd_cfg.h +++ b/core/hdd/inc/wlan_hdd_cfg.h @@ -12721,6 +12721,32 @@ enum hw_filter_mode { #define CFG_ACTION_OUI_CONNECT_1X1_WITH_1_CHAIN_NAME "gActionOUIConnect1x1with1TxRxChain" #define CFG_ACTION_OUI_CONNECT_1X1_WITH_1_CHAIN_DEFAULT "001018 06 02FFF0040000 BC 21 40 001018 06 02FFF0050000 BC 21 40 001018 06 02FFF4050000 BC 21 40" +/* + * + * gActionOUIDisableAggressiveEDCA - Used to specify action OUIs to control + * EDCA configuration when join the candidate AP + * + * This ini is used to specify AP OUIs. The station's EDCA should follow the + * APs' when connecting to those AP, even if the gEnableEdcaParams is set. + * For example, it follows the AP's EDCA whose OUI is 0050F2 with the + * following setting: + * gActionOUIDisableAggressiveEDCA=0050F2 00 01 + * Explain: 0050F2: OUI + * 00: data length is 0 + * 01: info mask, only OUI present in Info mask + * Refer to gEnableActionOUI for more detail about the format. + * + * Related: gEnableEdcaParams, gEnableActionOUI + * + * Supported Feature: Action OUIs + * + * Usage: External + * + * + */ +#define CFG_ACTION_OUI_DISABLE_AGGRESSIVE_EDCA "gActionOUIDisableAggressiveEDCA" +#define CFG_ACTION_OUI_DISABLE_AGGRESSIVE_EDCA_DEFAULT "" + /* End of action oui inis */ /* @@ -16400,6 +16426,7 @@ struct hdd_config { uint8_t action_oui_ito_alternate[MAX_ACTION_OUI_STRING_LEN]; uint8_t action_oui_switch_to_11n[MAX_ACTION_OUI_STRING_LEN]; uint8_t action_oui_connect_1x1_with_1_chain[MAX_ACTION_OUI_STRING_LEN]; + uint8_t action_oui_disable_aggressive_edca[MAX_ACTION_OUI_STRING_LEN]; uint8_t rssi_weightage; uint8_t ht_caps_weightage; uint8_t vht_caps_weightage; diff --git a/core/hdd/src/wlan_hdd_cfg.c b/core/hdd/src/wlan_hdd_cfg.c index 2f32051f1764..edda70828e15 100644 --- a/core/hdd/src/wlan_hdd_cfg.c +++ b/core/hdd/src/wlan_hdd_cfg.c @@ -5100,6 +5100,12 @@ struct reg_table_entry g_registry_table[] = { VAR_FLAGS_OPTIONAL, (void *)CFG_ACTION_OUI_CONNECT_1X1_WITH_1_CHAIN_DEFAULT), + REG_VARIABLE_STRING(CFG_ACTION_OUI_DISABLE_AGGRESSIVE_EDCA, + WLAN_PARAM_String, + struct hdd_config, action_oui_disable_aggressive_edca, + VAR_FLAGS_OPTIONAL, + (void *)CFG_ACTION_OUI_DISABLE_AGGRESSIVE_EDCA_DEFAULT), + REG_VARIABLE(CFG_DTIM_1CHRX_ENABLE_NAME, WLAN_PARAM_Integer, struct hdd_config, enable_dtim_1chrx, VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT, @@ -6829,32 +6835,36 @@ static void hdd_cfg_print_action_oui(hdd_context_t *hdd_ctx) struct hdd_config *config = hdd_ctx->config; hdd_debug("Name = [%s] value = [%u]", - CFG_ENABLE_ACTION_OUI, - config->enable_action_oui); + CFG_ENABLE_ACTION_OUI, + config->enable_action_oui); hdd_debug("Name = [%s] value = [%s]", - CFG_ACTION_OUI_CONNECT_1X1_NAME, - config->action_oui_connect_1x1); + CFG_ACTION_OUI_CONNECT_1X1_NAME, + config->action_oui_connect_1x1); hdd_debug("Name = [%s] value = [%s]", - CFG_ACTION_OUI_ITO_EXTENSION_NAME, - config->action_oui_ito_extension); + CFG_ACTION_OUI_ITO_EXTENSION_NAME, + config->action_oui_ito_extension); hdd_debug("Name = [%s] value = [%s]", - CFG_ACTION_OUI_CCKM_1X1_NAME, - config->action_oui_cckm_1x1); + CFG_ACTION_OUI_CCKM_1X1_NAME, + config->action_oui_cckm_1x1); hdd_debug("Name = [%s] value = [%s]", - CFG_ACTION_OUI_ITO_ALTERNATE_NAME, - config->action_oui_ito_alternate); + CFG_ACTION_OUI_ITO_ALTERNATE_NAME, + config->action_oui_ito_alternate); hdd_debug("Name = [%s] value = [%s]", - CFG_ACTION_OUI_SWITCH_TO_11N_MODE_NAME, - config->action_oui_switch_to_11n); + CFG_ACTION_OUI_SWITCH_TO_11N_MODE_NAME, + config->action_oui_switch_to_11n); hdd_debug("Name = [%s] value = [%s]", - CFG_ACTION_OUI_CONNECT_1X1_WITH_1_CHAIN_NAME, - config->action_oui_connect_1x1_with_1_chain); + CFG_ACTION_OUI_CONNECT_1X1_WITH_1_CHAIN_NAME, + config->action_oui_connect_1x1_with_1_chain); + + hdd_debug("Name = [%s] value = [%s]", + CFG_ACTION_OUI_DISABLE_AGGRESSIVE_EDCA, + config->action_oui_disable_aggressive_edca); } @@ -9964,6 +9974,10 @@ void hdd_set_all_sme_action_ouis(hdd_context_t *hdd_ctx) hdd_set_sme_action_oui(hdd_ctx, ini_string, WMI_ACTION_OUI_CONNECT_1x1_WITH_1_CHAIN); + ini_string = config->action_oui_disable_aggressive_edca; + ini_string[MAX_ACTION_OUI_STRING_LEN - 1] = '\0'; + hdd_set_sme_action_oui(hdd_ctx, ini_string, + WMI_ACTION_OUI_DISABLE_AGGRESSIVE_EDCA); } /* End of action oui functions */ diff --git a/core/mac/inc/ani_global.h b/core/mac/inc/ani_global.h index bfb3d7cb2476..9e4866866985 100644 --- a/core/mac/inc/ani_global.h +++ b/core/mac/inc/ani_global.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -1016,6 +1016,8 @@ typedef struct sAniSirGlobal { /* 11k Offload Support */ bool is_11k_offload_supported; + /* if true, it is forced to follow the AP's edca */ + bool follow_ap_edca; uint32_t peer_rssi; uint32_t peer_txrate; uint32_t peer_rxrate; diff --git a/core/mac/src/pe/sch/sch_beacon_process.c b/core/mac/src/pe/sch/sch_beacon_process.c index 787e43a0a545..be88a0a11551 100644 --- a/core/mac/src/pe/sch/sch_beacon_process.c +++ b/core/mac/src/pe/sch/sch_beacon_process.c @@ -976,7 +976,8 @@ sch_beacon_edca_process(tpAniSirGlobal pMac, tSirMacEdcaParamSetIE *edca, session->gLimEdcaParams[EDCA_AC_VI] = edca->acvi; session->gLimEdcaParams[EDCA_AC_VO] = edca->acvo; - if (pMac->roam.configParam.enable_edca_params) { + if (pMac->roam.configParam.enable_edca_params && + !pMac->follow_ap_edca) { session->gLimEdcaParams[EDCA_AC_VO].aci.aifsn = pMac->roam.configParam.edca_vo_aifs; session->gLimEdcaParams[EDCA_AC_VI].aci.aifsn = diff --git a/core/sme/src/csr/csr_api_roam.c b/core/sme/src/csr/csr_api_roam.c index debd009b3727..6d7f23d21bcb 100644 --- a/core/sme/src/csr/csr_api_roam.c +++ b/core/sme/src/csr/csr_api_roam.c @@ -16019,6 +16019,15 @@ QDF_STATUS csr_send_join_req_msg(tpAniSirGlobal pMac, uint32_t sessionId, csr_dump_vendor_ies((uint8_t *)pBssDescription->ieFields, ieLen); + is_vendor_ap_present = csr_check_vendor_ap_present(pMac, + pBssDescription, + ucDot11Mode, pIes, ieLen, + WMI_ACTION_OUI_DISABLE_AGGRESSIVE_EDCA); + if (is_vendor_ap_present) + pMac->follow_ap_edca = true; + else + pMac->follow_ap_edca = false; + is_vendor_ap_present = csr_check_vendor_ap_present( pMac, pBssDescription, ucDot11Mode, pIes, ieLen, -- cgit v1.2.3 From 43ba71f5db23e3c077ba480138498db7b67236aa Mon Sep 17 00:00:00 2001 From: Will Huang Date: Tue, 26 Nov 2019 10:01:47 +0800 Subject: qcacld-3.0: Enable Tspec handover when ESE capable roaming Currently if roaming is offloaded to target, and it is a ESE capable association, but 11r capable is not available, the Tspec configure before roaming can't handover to new AP in host, but target has reassociated with new AP include Tspec configure, and if want to delete Tspec after roaming it fails to find it in lim in host. Fix it by also enable ftHandoffInProgress flag if hit such case Change-Id: Ie242d3c2e137c31bc5f213ea1756846f18b860ae CRs-Fixed: 2566015 --- core/sme/src/qos/sme_qos.c | 63 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 54 insertions(+), 9 deletions(-) diff --git a/core/sme/src/qos/sme_qos.c b/core/sme/src/qos/sme_qos.c index 184715046dea..a9872543d6e0 100644 --- a/core/sme/src/qos/sme_qos.c +++ b/core/sme/src/qos/sme_qos.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -4878,6 +4878,54 @@ static QDF_STATUS sme_qos_process_reassoc_failure_ev(tpAniSirGlobal pMac, return QDF_STATUS_SUCCESS; } +#ifdef WLAN_FEATURE_ROAM_OFFLOAD +#ifdef FEATURE_WLAN_ESE +static bool sme_qos_ft_handoff_required(tpAniSirGlobal pmac, + uint8_t session_id) +{ + tCsrRoamSession *csr_roam_session; + + if (csr_roam_is11r_assoc(pmac, session_id)) + return true; + + csr_roam_session = CSR_GET_SESSION(pmac, session_id); + + if (csr_roam_session->roam_synch_in_progress && + csr_roam_is_ese_assoc(pmac, session_id) && + csr_roam_session->connectedInfo.nTspecIeLength) + return true; + + return false; +} +#else +static inline bool sme_qos_ft_handoff_required(tpAniSirGlobal pmac, + uint8_t session_id) +{ + return csr_roam_is11r_assoc(pmac, session_id) ? true : false; +} +#endif +#else +static inline bool sme_qos_ft_handoff_required(tpAniSirGlobal pmac, + uint8_t session_id) +{ + return false; +} +#endif + +#ifdef FEATURE_WLAN_ESE +static inline bool sme_qos_legacy_handoff_required(tpAniSirGlobal pmac, + uint8_t session_id) +{ + return csr_roam_is_ese_assoc(pmac, session_id) ? false : true; +} +#else +static inline bool sme_qos_legacy_handoff_required(tpAniSirGlobal pmac, + uint8_t session_id) +{ + return true; +} +#endif + /* * sme_qos_process_handoff_assoc_req_ev() - Function to process the * SME_QOS_CSR_HANDOFF_ASSOC_REQ event indication from CSR @@ -4926,16 +4974,13 @@ static QDF_STATUS sme_qos_process_handoff_assoc_req_ev(tpAniSirGlobal pMac, break; } } -#ifdef WLAN_FEATURE_ROAM_OFFLOAD - if (csr_roam_is11r_assoc(pMac, sessionId)) + + if (sme_qos_ft_handoff_required(pMac, sessionId)) pSession->ftHandoffInProgress = true; -#endif + /* If FT handoff/ESE in progress, legacy handoff need not be enabled */ - if (!pSession->ftHandoffInProgress -#ifdef FEATURE_WLAN_ESE - && !csr_roam_is_ese_assoc(pMac, sessionId) -#endif - ) + if (!pSession->ftHandoffInProgress && + sme_qos_legacy_handoff_required(pMac, sessionId)) pSession->handoffRequested = true; /* this session no longer needs UAPSD */ -- cgit v1.2.3 From ee79f22d978b072b684d6ab5a98ba974bb14b6c3 Mon Sep 17 00:00:00 2001 From: nshrivas Date: Tue, 3 Dec 2019 20:28:21 -0800 Subject: Release 5.1.1.75S Release 5.1.1.75S Change-Id: I3f27a4ad01abc893197a53e07f23bb0bc2999596 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 46cf2cc2dd36..079feac37fa6 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "R" +#define QWLAN_VERSION_EXTRA "S" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75R" +#define QWLAN_VERSIONSTR "5.1.1.75S" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3 From c088552cfb6f8edbdddcfdd643d06aca6ce5d26f Mon Sep 17 00:00:00 2001 From: gaurank kathpalia Date: Thu, 5 Dec 2019 11:20:54 +0530 Subject: qcacld-3.0: Prevent wlan suspend if conn in progress Currently the driver does not check if the state is key exchange in progress and suspends wlan before set-key happens which further results in FW also in wake up state. This would result in delayed EAP exchange, and also in power loss. Scenario:- 1. Turn on STA and try to connect to enterprise network 2. Turn off display. Here the display turn off would trigger APPS suspend while the STA is trying to connect, and authenticate and since there is no check in driver to prevent suspend in set key in progress state, it would result in a FW assert, as the expectation of FW is to allow suspend only after set key has been done. Fix is to prevent WLAN-suspend in case of connection in progress, and allow suspend only in connected and authenticated state. Change-Id: Ic173116f7ba424005d938a43c75831a6a4dc874c CRs-Fixed: 2512866 --- core/hdd/src/wlan_hdd_power.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/hdd/src/wlan_hdd_power.c b/core/hdd/src/wlan_hdd_power.c index 81f52aeb8ebb..7e95159b4ae0 100644 --- a/core/hdd/src/wlan_hdd_power.c +++ b/core/hdd/src/wlan_hdd_power.c @@ -70,6 +70,7 @@ #include #include "cds_utils.h" #include "wlan_hdd_packet_filter_api.h" +#include "cds_concurrency.h" /* Preprocessor definitions and constants */ #define HDD_SSR_BRING_UP_TIME 30000 @@ -2034,6 +2035,11 @@ static int __wlan_hdd_cfg80211_suspend_wlan(struct wiphy *wiphy, } mutex_unlock(&pHddCtx->iface_change_lock); + if (cds_is_connection_in_progress(NULL, NULL)) { + hdd_err("Suspend rejected: conn in progress"); + return -EINVAL; + } + /* If RADAR detection is in progress (HDD), prevent suspend. The flag * "dfs_cac_block_tx" is set to true when RADAR is found and stay true * until CAC is done for a SoftAP which is in started state. -- cgit v1.2.3 From 01acdfec1f8eaa8bd2753a64051e589cc288778b Mon Sep 17 00:00:00 2001 From: nshrivas Date: Fri, 6 Dec 2019 01:43:52 -0800 Subject: Release 5.1.1.75T Release 5.1.1.75T Change-Id: If521a69d30881df9351f7e635b7ccc055d0f546d CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 079feac37fa6..d60887bdae29 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 1 #define QWLAN_VERSION_PATCH 1 -#define QWLAN_VERSION_EXTRA "S" +#define QWLAN_VERSION_EXTRA "T" #define QWLAN_VERSION_BUILD 75 -#define QWLAN_VERSIONSTR "5.1.1.75S" +#define QWLAN_VERSIONSTR "5.1.1.75T" #endif /* QWLAN_VERSION_H */ -- cgit v1.2.3