From 2a13ebd1f815b672bcad583404da771c88a8df30 Mon Sep 17 00:00:00 2001 From: Varun Reddy Yeturu Date: Wed, 24 Sep 2014 13:50:19 -0700 Subject: wlan: LFR3: GTK Rekey Host driver support The Host supplicant would need to have the kck, kek and replay counter to perform a GTK rekey at any point in time. Since the roaming in LFR3 is done in the firmware, the key material is derived by the firmware. For the host supplicant to handle any subsequent GTK rekey operations, it would need the new key material from firmware. These changes address the same to pass the Key material from the firmware to the kernel routine. Change-Id: I641e8158f7a7f7bbb0f0d5cc0b7753e90124f4dd CRs-Fixed: 729648 --- CORE/HDD/src/wlan_hdd_assoc.c | 20 ++++++++++++++++++++ CORE/MAC/inc/sirApi.h | 6 ++++++ CORE/SERVICES/WMA/wma.c | 14 ++++++++++++++ CORE/SME/inc/csrApi.h | 3 +++ CORE/SME/inc/csrInternal.h | 3 +++ CORE/SME/src/csr/csrApiRoam.c | 10 ++++++++++ CORE/SME/src/csr/csrNeighborRoam.c | 30 +++++++++++++++++++++--------- 7 files changed, 77 insertions(+), 9 deletions(-) diff --git a/CORE/HDD/src/wlan_hdd_assoc.c b/CORE/HDD/src/wlan_hdd_assoc.c index 9c6c2a06ec28..0429e185cf19 100644 --- a/CORE/HDD/src/wlan_hdd_assoc.c +++ b/CORE/HDD/src/wlan_hdd_assoc.c @@ -3376,6 +3376,25 @@ hdd_smeRoamCallback(void *pContext, tCsrRoamInfo *pRoamInfo, tANI_U32 roamId, #ifdef WLAN_FEATURE_ROAM_OFFLOAD case eCSR_ROAM_AUTHORIZED_EVENT: { +#ifdef NL80211_KEY_LEN_PTK_KCK + struct cfg80211_auth_params auth_params; + if (pRoamInfo != NULL) { + auth_params.ptk_kck = pRoamInfo->kck; + auth_params.ptk_kek = pRoamInfo->kek; + auth_params.key_replay_ctr = pRoamInfo->replay_ctr; + auth_params.status = NL80211_AUTHORIZED; + VOS_TRACE_HEX_DUMP(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_DEBUG, + pRoamInfo->replay_ctr,NL80211_KEY_REPLAY_CTR_LEN); + hddLog(VOS_TRACE_LEVEL_DEBUG, + "LFR3:cfg80211_key_mgmt_auth NL80211_AUTHORIZED"); + cfg80211_key_mgmt_auth(pAdapter->dev, &auth_params, GFP_KERNEL); + } else { + VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR, + "LFR3:pRoamInfo is NULL. Not sending Authorized Event"); + halStatus = eHAL_STATUS_FAILURE; + } + break; +#else v_U8_t keyReplayCtr [NL80211_KEY_REPLAY_CTR_LEN]; vos_mem_zero(keyReplayCtr, sizeof(keyReplayCtr)); hddLog(VOS_TRACE_LEVEL_DEBUG, @@ -3383,6 +3402,7 @@ hdd_smeRoamCallback(void *pContext, tCsrRoamInfo *pRoamInfo, tANI_U32 roamId, cfg80211_authorization_event(pAdapter->dev, NL80211_AUTHORIZED, keyReplayCtr, GFP_KERNEL); break; +#endif } #endif #endif diff --git a/CORE/MAC/inc/sirApi.h b/CORE/MAC/inc/sirApi.h index 3ac2f1ca7184..2224d8e5ca2d 100644 --- a/CORE/MAC/inc/sirApi.h +++ b/CORE/MAC/inc/sirApi.h @@ -141,6 +141,9 @@ typedef enum #define SIR_KRK_KEY_LEN 16 #ifdef WLAN_FEATURE_ROAM_OFFLOAD #define SIR_BTK_KEY_LEN 32 +#define SIR_KCK_KEY_LEN 16 +#define SIR_KEK_KEY_LEN 16 +#define SIR_REPLAY_CTR_LEN 8 #define SIR_UAPSD_BITOFFSET_ACVO 0 #define SIR_UAPSD_BITOFFSET_ACVI 1 @@ -4846,6 +4849,9 @@ typedef struct sSirSmeRoamOffloadSynchInd tANI_U8 rssi; tANI_U8 roamReason; tANI_U32 chan_freq; + tANI_U8 kck[SIR_KCK_KEY_LEN]; + tANI_U8 kek[SIR_KEK_KEY_LEN]; + tANI_U8 replay_ctr[SIR_REPLAY_CTR_LEN]; } tSirSmeRoamOffloadSynchInd, *tpSirSmeRoamOffloadSynchInd; typedef struct sSirSmeRoamOffloadSynchCnf diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c index 08629c486942..eaf9de96b5dd 100644 --- a/CORE/SERVICES/WMA/wma.c +++ b/CORE/SERVICES/WMA/wma.c @@ -4701,6 +4701,7 @@ static int wma_roam_synch_event_handler(void *handle, u_int8_t *event, u_int32_t VOS_STATUS status; vos_msg_t vos_msg; wmi_channel *chan = NULL; + wmi_key_material *key = NULL; int size=0; tSirSmeRoamOffloadSynchInd *pRoamOffloadSynchInd; @@ -4755,6 +4756,19 @@ static int wma_roam_synch_event_handler(void *handle, u_int8_t *event, u_int32_t pRoamOffloadSynchInd->reassocRespLength); chan = (wmi_channel *) param_buf->chan; pRoamOffloadSynchInd->chan_freq = chan->mhz; + key = (wmi_key_material *) param_buf->key; + if (key != NULL) + { + VOS_TRACE_HEX_DUMP(VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_DEBUG, + key->replay_counter, + SIR_REPLAY_CTR_LEN); + vos_mem_copy(pRoamOffloadSynchInd->kck, key->kck, + SIR_KCK_KEY_LEN); + vos_mem_copy(pRoamOffloadSynchInd->kek, key->kek, + SIR_KEK_KEY_LEN); + vos_mem_copy(pRoamOffloadSynchInd->replay_ctr, key->replay_counter, + SIR_REPLAY_CTR_LEN); + } vos_msg.type = eWNI_SME_ROAM_OFFLOAD_SYNCH_IND; vos_msg.bodyptr = (void *) pRoamOffloadSynchInd; vos_msg.bodyval = 0; diff --git a/CORE/SME/inc/csrApi.h b/CORE/SME/inc/csrApi.h index 9d51501ecb2f..ea41782be258 100644 --- a/CORE/SME/inc/csrApi.h +++ b/CORE/SME/inc/csrApi.h @@ -1333,6 +1333,9 @@ typedef struct tagCsrRoamInfo #ifdef WLAN_FEATURE_ROAM_OFFLOAD tANI_U8 roamSynchInProgress; tANI_U8 synchAuthStatus; + tANI_U8 kck[SIR_KCK_KEY_LEN]; + tANI_U8 kek[SIR_KEK_KEY_LEN]; + tANI_U8 replay_ctr[SIR_REPLAY_CTR_LEN]; #endif tSirSmeChanInfo chan_info; }tCsrRoamInfo; diff --git a/CORE/SME/inc/csrInternal.h b/CORE/SME/inc/csrInternal.h index 541701e3f3b1..e0ec9647d539 100644 --- a/CORE/SME/inc/csrInternal.h +++ b/CORE/SME/inc/csrInternal.h @@ -897,6 +897,9 @@ typedef struct tagCsrRoamOffloadSynchStruct tANI_BOOLEAN bRoamSynchInProgress; /* a roam offload synch*/ tCsrRoamOffloadAuthStatus authStatus; /* authentication status */ + tANI_U8 kck[SIR_KCK_KEY_LEN]; + tANI_U8 kek[SIR_KEK_KEY_LEN]; + tANI_U8 replay_ctr[SIR_REPLAY_CTR_LEN]; } tCsrRoamOffloadSynchStruct; #endif diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c index aacd9578fe77..993f3b412f0a 100644 --- a/CORE/SME/src/csr/csrApiRoam.c +++ b/CORE/SME/src/csr/csrApiRoam.c @@ -18805,6 +18805,16 @@ void csrProcessRoamOffloadSynchInd(tpAniSirGlobal pMac, void *pMsgBuf) pMac->roam.pReassocResp, pMac->roam.reassocRespLen); + vos_mem_copy(pSession->roamOffloadSynchParams.kck, + smeRoamOffloadSynchInd->kck, + SIR_KCK_KEY_LEN); + vos_mem_copy(pSession->roamOffloadSynchParams.kek, + smeRoamOffloadSynchInd->kek, + SIR_KEK_KEY_LEN); + vos_mem_copy(pSession->roamOffloadSynchParams.replay_ctr, + smeRoamOffloadSynchInd->replay_ctr, + SIR_REPLAY_CTR_LEN); + if (pEntry) csrRoamEnqueueRoamOffloadSynch( pMac, smeRoamOffloadSynchInd->roamedVdevId, diff --git a/CORE/SME/src/csr/csrNeighborRoam.c b/CORE/SME/src/csr/csrNeighborRoam.c index 59563f2c3cdc..3e43fe3c0e19 100644 --- a/CORE/SME/src/csr/csrNeighborRoam.c +++ b/CORE/SME/src/csr/csrNeighborRoam.c @@ -5142,15 +5142,27 @@ eHalStatus csrNeighborRoamIndicateConnect(tpAniSirGlobal pMac, pMac->roam.pReassocResp = NULL; } if (eSIR_ROAM_AUTH_STATUS_AUTHENTICATED == - pSession->roamOffloadSynchParams.authStatus) - { - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_DEBUG, - "LFR3: Sending authorized event to supplicant"); - csrRoamCallCallback(pMac, sessionId, &roamInfo, 0, - eCSR_ROAM_AUTHORIZED_EVENT, 0); - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_DEBUG, - "LFR3:Send SynchCnf auth status authenticated"); - csrRoamOffloadSendSynchCnf( pMac, sessionId); + pSession->roamOffloadSynchParams.authStatus) { + if (pSession->connectedProfile.AuthType != + eCSR_AUTH_TYPE_OPEN_SYSTEM) { + vos_mem_copy(roamInfo.kck, + pSession->roamOffloadSynchParams.kck, + SIR_KCK_KEY_LEN); + vos_mem_copy(roamInfo.kek, + pSession->roamOffloadSynchParams.kek, + SIR_KEK_KEY_LEN); + vos_mem_copy(roamInfo.replay_ctr, + pSession->roamOffloadSynchParams.replay_ctr, + SIR_REPLAY_CTR_LEN); + VOS_TRACE(VOS_MODULE_ID_SME, + VOS_TRACE_LEVEL_DEBUG, + "LFR3:Send authorized event to supplicant"); + csrRoamCallCallback(pMac, sessionId, + &roamInfo, 0, eCSR_ROAM_AUTHORIZED_EVENT, 0); + } + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_DEBUG, + "LFR3:Send SynchCnf auth status authenticated"); + csrRoamOffloadSendSynchCnf( pMac, sessionId); } } else #endif -- cgit v1.2.3 From 7fb7c5841323210cb1e775ea2d59835d03ee69c2 Mon Sep 17 00:00:00 2001 From: Srinivas Girigowda Date: Mon, 22 Sep 2014 13:53:55 -0700 Subject: qcacld: HDD_UMAC: Support for set_scanning_mac_oui Provide the support to pass 3 bytes of MAC OUI received from the android framework via the NL vendor command to wma. Change-Id: Iaeea78ad9c031a34569c932a29230250814fb6f1 CRs-Fixed: 729811 --- CORE/HDD/inc/wlan_hdd_cfg80211.h | 13 +++++++++ CORE/HDD/src/wlan_hdd_cfg80211.c | 59 +++++++++++++++++++++++++++++++++++++++ CORE/MAC/inc/sirApi.h | 7 +++++ CORE/MAC/src/include/sirParams.h | 1 + CORE/SME/inc/sme_Api.h | 10 +++++++ CORE/SME/src/sme_common/sme_Api.c | 30 ++++++++++++++++++++ CORE/WDA/inc/wlan_qct_wda.h | 2 ++ 7 files changed, 122 insertions(+) diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h index e32ca03a5666..3500f087efa7 100644 --- a/CORE/HDD/inc/wlan_hdd_cfg80211.h +++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h @@ -166,6 +166,9 @@ enum qca_nl80211_vendor_subcmds { QCA_NL80211_VENDOR_SUBCMD_TDLS_STATE = 37, /* Get supported features */ QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_FEATURES = 38, + + /* Set scanning_mac_oui */ + QCA_NL80211_VENDOR_SUBCMD_SCANNING_MAC_OUI = 39, }; enum qca_nl80211_vendor_subcmds_index { @@ -801,6 +804,16 @@ enum qca_wlan_vendor_attr_get_supported_features { QCA_WLAN_VENDOR_ATTR_FEATURE_SET_AFTER_LAST - 1, }; +enum qca_wlan_vendor_attr_set_scanning_mac_oui { + QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI_INVALID = 0, + /* An array of 3 x Unsigned 8-bit value */ + QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI = 1, + /* keep last */ + QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI_AFTER_LAST, + QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI_MAX = + QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI_AFTER_LAST - 1, +}; + /* Feature defines */ #define WIFI_FEATURE_INFRA 0x0001 /* Basic infrastructure mode */ #define WIFI_FEATURE_INFRA_5G 0x0002 /* Support for 5 GHz Band */ diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c index 6f91b78ef81f..5b602f9a7b05 100644 --- a/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -1197,6 +1197,58 @@ nla_put_failure: return -EINVAL; } +static int +wlan_hdd_cfg80211_set_scanning_mac_oui(struct wiphy *wiphy, + struct wireless_dev *wdev, + void *data, int data_len) +{ + tpSirScanMacOui pReqMsg = NULL; + hdd_context_t *pHddCtx = wiphy_priv(wiphy); + struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI_MAX + 1]; + eHalStatus status; + + ENTER(); + + if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI_MAX, + data, data_len, + NULL)) { + hddLog(LOGE, FL("Invalid ATTR")); + return -EINVAL; + } + + pReqMsg = vos_mem_malloc(sizeof(*pReqMsg)); + if (!pReqMsg) { + hddLog(LOGE, FL("vos_mem_malloc failed")); + return -ENOMEM; + } + + /* Parse and fetch oui */ + if (!tb[QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI]) { + hddLog(LOGE, FL("attr mac oui failed")); + goto fail; + } + + nla_memcpy(&pReqMsg->oui[0], + tb[QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI], + sizeof(pReqMsg->oui)); + + hddLog(LOG1, FL("Oui (%02x:%02x:%02x)"), pReqMsg->oui[0], pReqMsg->oui[1], + pReqMsg->oui[2]); + + status = sme_SetScanningMacOui(pHddCtx->hHal, pReqMsg); + if (!HAL_STATUS_SUCCESS(status)) { + hddLog(VOS_TRACE_LEVEL_ERROR, + FL("sme_SetScanningMacOui failed(err=%d)"), status); + goto fail; + } + + return 0; + +fail: + vos_mem_free(pReqMsg); + return -EINVAL; +} + #ifdef WLAN_FEATURE_STATS_EXT static int wlan_hdd_cfg80211_stats_ext_request(struct wiphy *wiphy, struct wireless_dev *wdev, @@ -3932,6 +3984,13 @@ const struct wiphy_vendor_command hdd_wiphy_vendor_commands[] = WIPHY_VENDOR_CMD_NEED_NETDEV, .doit = wlan_hdd_cfg80211_get_supported_features }, + { + .info.vendor_id = QCA_NL80211_VENDOR_ID, + .info.subcmd = QCA_NL80211_VENDOR_SUBCMD_SCANNING_MAC_OUI, + .flags = WIPHY_VENDOR_CMD_NEED_WDEV | + WIPHY_VENDOR_CMD_NEED_NETDEV, + .doit = wlan_hdd_cfg80211_set_scanning_mac_oui + }, }; diff --git a/CORE/MAC/inc/sirApi.h b/CORE/MAC/inc/sirApi.h index 2224d8e5ca2d..f33811e01a92 100644 --- a/CORE/MAC/inc/sirApi.h +++ b/CORE/MAC/inc/sirApi.h @@ -104,6 +104,8 @@ typedef tANI_U8 tSirVersionString[SIR_VERSION_STRING_LEN]; #define PERIODIC_TX_PTRN_MAX_SIZE 1536 #define MAXNUM_PERIODIC_TX_PTRNS 6 +#define WIFI_SCANNING_MAC_OUI_LENGTH 3 + #ifdef FEATURE_WLAN_EXTSCAN @@ -5234,6 +5236,11 @@ typedef struct tANI_U8 stopReq; } tSirLLStatsClearReq, *tpSirLLStatsClearReq; +typedef struct +{ + tANI_U8 oui[WIFI_SCANNING_MAC_OUI_LENGTH]; +} tSirScanMacOui, *tpSirScanMacOui; + /*--------------------------------------------------------------------------- WLAN_HAL_LL_NOTIFY_STATS ---------------------------------------------------------------------------*/ diff --git a/CORE/MAC/src/include/sirParams.h b/CORE/MAC/src/include/sirParams.h index 9c784237833c..3bbfefc591cd 100644 --- a/CORE/MAC/src/include/sirParams.h +++ b/CORE/MAC/src/include/sirParams.h @@ -657,6 +657,7 @@ typedef struct sSirMbMsgP2p #endif #define SIR_HAL_GET_TEMPERATURE_REQ (SIR_HAL_ITC_MSG_TYPES_BEGIN + 290) +#define SIR_HAL_SET_SCAN_MAC_OUI_REQ (SIR_HAL_ITC_MSG_TYPES_BEGIN + 291) #define SIR_HAL_MSG_TYPES_END (SIR_HAL_MSG_TYPES_BEGIN + 0x1FF) diff --git a/CORE/SME/inc/sme_Api.h b/CORE/SME/inc/sme_Api.h index 74a667328465..aa3c494e540c 100644 --- a/CORE/SME/inc/sme_Api.h +++ b/CORE/SME/inc/sme_Api.h @@ -4059,4 +4059,14 @@ eHalStatus sme_getLinkStatus(tHalHandle hHal, eHalStatus sme_GetTemperature(tHalHandle hHal, void *tempContext, void (*pCallbackfn)(int temperature, void *pContext)); + +/* --------------------------------------------------------------------------- + \fn sme_SetScanningMacOui + \brief SME API to set scanning mac oui + \param hHal + \param pScanMacOui: Scanning Mac Oui (input 3 bytes) + \- return eHalStatus + -------------------------------------------------------------------------*/ +eHalStatus sme_SetScanningMacOui(tHalHandle hHal, tSirScanMacOui *pScanMacOui); + #endif //#if !defined( __SME_API_H ) diff --git a/CORE/SME/src/sme_common/sme_Api.c b/CORE/SME/src/sme_common/sme_Api.c index ec30c1fd517e..943bd470d013 100644 --- a/CORE/SME/src/sme_common/sme_Api.c +++ b/CORE/SME/src/sme_common/sme_Api.c @@ -14046,4 +14046,34 @@ eHalStatus sme_GetTemperature(tHalHandle hHal, } return(status); } + +/* --------------------------------------------------------------------------- + \fn sme_SetScanningMacOui + \brief SME API to set scanning mac oui + \param hHal + \param pScanMacOui: Scanning Mac Oui (input 3 bytes) + \- return eHalStatus + -------------------------------------------------------------------------*/ +eHalStatus sme_SetScanningMacOui(tHalHandle hHal, tSirScanMacOui *pScanMacOui) +{ + eHalStatus status = eHAL_STATUS_SUCCESS; + VOS_STATUS vosStatus = VOS_STATUS_SUCCESS; + tpAniSirGlobal pMac = PMAC_STRUCT(hHal); + vos_msg_t vosMessage; + + if (eHAL_STATUS_SUCCESS == (status = sme_AcquireGlobalLock(&pMac->sme))) { + /* Serialize the req through MC thread */ + vosMessage.bodyptr = pScanMacOui; + vosMessage.type = WDA_SET_SCAN_MAC_OUI_REQ; + vosStatus = vos_mq_post_message(VOS_MQ_ID_WDA, &vosMessage); + if (!VOS_IS_STATUS_SUCCESS(vosStatus)) { + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, + FL("Msg post Set Scan Mac OUI failed")); + status = eHAL_STATUS_FAILURE; + } + sme_ReleaseGlobalLock(&pMac->sme); + } + return status; +} + #endif diff --git a/CORE/WDA/inc/wlan_qct_wda.h b/CORE/WDA/inc/wlan_qct_wda.h index 37c3a0f5ef9b..1391cd004064 100644 --- a/CORE/WDA/inc/wlan_qct_wda.h +++ b/CORE/WDA/inc/wlan_qct_wda.h @@ -981,6 +981,8 @@ tSirRetStatus uMacPostCtrlMsg(void* pSirGlobal, tSirMbMsg* pMb); #define WDA_WLAN_SET_APP_TYPE2_PARAMS SIR_HAL_CONFIG_APP_TYPE2_PARAMS #endif +#define WDA_SET_SCAN_MAC_OUI_REQ SIR_HAL_SET_SCAN_MAC_OUI_REQ + tSirRetStatus wdaPostCtrlMsg(tpAniSirGlobal pMac, tSirMsgQ *pMsg); #define HAL_USE_BD_RATE2_FOR_MANAGEMENT_FRAME 0x40 // Bit 6 will be used to control BD rate for Management frames -- cgit v1.2.3 From 023593cfa5eeadb40819ca279fedd9340e4019ec Mon Sep 17 00:00:00 2001 From: Manikandaraja Venkatachalapathy Date: Thu, 18 Sep 2014 14:13:30 -0700 Subject: qcacld: WMA: pass oui data through wmi command. The oui data that is sent from framework is passed to firmware through a new WMI command. Change-Id: I7097b91c6bb44a5e7b58e8dcd93efe49aa3a762a CRs-Fixed: 729811 --- CORE/SERVICES/WMA/wma.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c index eaf9de96b5dd..b0307f688a87 100644 --- a/CORE/SERVICES/WMA/wma.c +++ b/CORE/SERVICES/WMA/wma.c @@ -6771,7 +6771,8 @@ VOS_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, /* Large timeout value for full scan cycle, 30 seconds */ cmd->max_scan_time = WMA_HW_DEF_SCAN_MAX_DURATION; - cmd->scan_ctrl_flags |= WMI_SCAN_ADD_OFDM_RATES; + cmd->scan_ctrl_flags |= WMI_SCAN_ADD_OFDM_RATES | + WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ; /* Do not combine multiple channels in a single burst. Come back * to home channel for data traffic after every foreign channel. @@ -21065,8 +21066,9 @@ static VOS_STATUS wma_process_ll_stats_getReq cmd->idle_time = 0; cmd->burst_duration = WMA_EXTSCAN_BURST_DURATION; cmd->scan_ctrl_flags = WMI_SCAN_ADD_BCAST_PROBE_REQ | - WMI_SCAN_ADD_CCK_RATES | - WMI_SCAN_ADD_OFDM_RATES; + WMI_SCAN_ADD_CCK_RATES | + WMI_SCAN_ADD_OFDM_RATES | + WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ; cmd->scan_priority = WMI_SCAN_PRIORITY_HIGH; cmd->notify_extscan_events = WMI_EXTSCAN_CYCLE_COMPLETED_EVENT | WMI_EXTSCAN_BUCKET_OVERRUN_EVENT; @@ -21832,6 +21834,49 @@ static void wma_process_unit_test_cmd(WMA_HANDLE handle, } #endif +VOS_STATUS wma_scan_probe_setoui(tp_wma_handle wma, + tSirScanMacOui *psetoui) +{ + wmi_scan_prob_req_oui_cmd_fixed_param *cmd; + wmi_buf_t wmi_buf; + uint32_t len; + u_int8_t *buf_ptr; + u_int32_t *oui_buf; + + if (!wma || !wma->wmi_handle) { + WMA_LOGE("%s: WMA is closed, can not issue cmd", + __func__); + return VOS_STATUS_E_INVAL; + } + len = sizeof(*cmd); + wmi_buf = wmi_buf_alloc(wma->wmi_handle, len); + if (!wmi_buf) { + WMA_LOGE("%s: wmi_buf_alloc failed", __func__); + return VOS_STATUS_E_NOMEM; + } + buf_ptr = (u_int8_t *)wmi_buf_data(wmi_buf); + cmd = (wmi_scan_prob_req_oui_cmd_fixed_param *)buf_ptr; + WMITLV_SET_HDR(&cmd->tlv_header, + WMITLV_TAG_STRUC_wmi_scan_prob_req_oui_cmd_fixed_param, + WMITLV_GET_STRUCT_TLVLEN( + wmi_scan_prob_req_oui_cmd_fixed_param)); + + oui_buf = &cmd->prob_req_oui; + vos_mem_zero(oui_buf, sizeof(cmd->prob_req_oui)); + *oui_buf = psetoui->oui[0] << 16 | psetoui->oui[1] << 8 + | psetoui->oui[2]; + WMA_LOGD("%s: wma:oui received from hdd %08x", __func__, + cmd->prob_req_oui); + + if (wmi_unified_cmd_send(wma->wmi_handle, wmi_buf, len, + WMI_SCAN_PROB_REQ_OUI_CMDID)) { + WMA_LOGE("%s: failed to send command", __func__); + adf_nbuf_free(wmi_buf); + return VOS_STATUS_E_FAILURE; + } + return VOS_STATUS_SUCCESS; +} + /* * function : wma_mc_process_msg * Description : @@ -22350,6 +22395,10 @@ VOS_STATUS wma_mc_process_msg(v_VOID_t *vos_context, vos_msg_t *msg) vos_mem_free(msg->bodyptr); break; #endif + case WDA_SET_SCAN_MAC_OUI_REQ: + wma_scan_probe_setoui(wma_handle, msg->bodyptr); + vos_mem_free(msg->bodyptr); + break; #ifdef WLAN_FEATURE_LINK_LAYER_STATS case WDA_LINK_LAYER_STATS_CLEAR_REQ: wma_process_ll_stats_clearReq(wma_handle, -- cgit v1.2.3 From 9f2b3a8dacc30c0a1b8514debf3f7be9a9e30383 Mon Sep 17 00:00:00 2001 From: Prashanth Bhatta Date: Thu, 25 Sep 2014 15:23:24 -0700 Subject: qcacld: Fix memory leak during SoftAP SSR When SoftAP SSR is triggered, memory leaks are noticed during unloading of the driver. Fix the memory leaks. Change-Id: I579b06d0f1fc52525a7782509894b219905ac057 CRs-fixed: 730419 --- CORE/HDD/src/wlan_hdd_cfg80211.c | 5 +++-- CORE/HDD/src/wlan_hdd_early_suspend.c | 4 ++-- CORE/SERVICES/WMA/wma.c | 20 ++++++++++++++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c index 5b602f9a7b05..c4a670677f2e 100644 --- a/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -6328,6 +6328,9 @@ static int wlan_hdd_cfg80211_stop_ap (struct wiphy *wiphy, clear_bit(SOFTAP_BSS_STARTED, &pAdapter->event_flags); /* BSS stopped, clear the active sessions for this device mode */ wlan_hdd_decr_active_session(pHddCtx, pAdapter->device_mode); + + pAdapter->sessionCtx.ap.beacon = NULL; + kfree(old); } mutex_unlock(&pHddCtx->sap_lock); @@ -6356,8 +6359,6 @@ static int wlan_hdd_cfg80211_stop_ap (struct wiphy *wiphy, // Reset WNI_CFG_PROBE_RSP Flags wlan_hdd_reset_prob_rspies(pAdapter); - pAdapter->sessionCtx.ap.beacon = NULL; - kfree(old); #ifdef WLAN_FEATURE_P2P_DEBUG if((pAdapter->device_mode == WLAN_HDD_P2P_GO) && (globalP2PConnectionStatus == P2P_GO_COMPLETED_STATE)) { diff --git a/CORE/HDD/src/wlan_hdd_early_suspend.c b/CORE/HDD/src/wlan_hdd_early_suspend.c index 486f37c0f03a..1e01dd616526 100644 --- a/CORE/HDD/src/wlan_hdd_early_suspend.c +++ b/CORE/HDD/src/wlan_hdd_early_suspend.c @@ -1992,10 +1992,10 @@ VOS_STATUS hdd_wlan_re_init(void *hif_sc) } /* Initialize the adf_ctx handle */ - adf_ctx = vos_mem_malloc(sizeof(*adf_ctx)); + adf_ctx = ((VosContextType*)(pVosContext))->adf_ctx; if (!adf_ctx) { - hddLog(VOS_TRACE_LEVEL_FATAL,"%s: Failed to allocate adf_ctx", __func__); + hddLog(VOS_TRACE_LEVEL_FATAL,"%s: Failed to get adf_ctx", __func__); goto err_re_init; } vos_mem_zero(adf_ctx, sizeof(*adf_ctx)); diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c index b0307f688a87..818e8ed1fc10 100644 --- a/CORE/SERVICES/WMA/wma.c +++ b/CORE/SERVICES/WMA/wma.c @@ -23950,6 +23950,8 @@ static void wma_cleanup_vdev_resp(tp_wma_handle wma) VOS_STATUS wma_wmi_service_close(v_VOID_t *vos_ctx) { tp_wma_handle wma_handle; + struct beacon_info *bcn; + int i; WMA_LOGD("%s: Enter", __func__); @@ -23972,6 +23974,24 @@ VOS_STATUS wma_wmi_service_close(v_VOID_t *vos_ctx) wmi_unified_detach(wma_handle->wmi_handle); wma_handle->wmi_handle = NULL; + for (i = 0; i < wma_handle->max_bssid; i++) { + bcn = wma_handle->interfaces[i].beacon; + + if (bcn) { + if (bcn->dma_mapped) + adf_nbuf_unmap_single(wma_handle->adf_dev, + bcn->buf, ADF_OS_DMA_TO_DEVICE); + adf_nbuf_free(bcn->buf); + vos_mem_free(bcn); + wma_handle->interfaces[i].beacon = NULL; + } + + if (wma_handle->interfaces[i].handle) { + adf_os_mem_free(wma_handle->interfaces[i].handle); + wma_handle->interfaces[i].handle = NULL; + } + } + vos_mem_free(wma_handle->interfaces); /* free the wma_handle */ vos_free_context(wma_handle->vos_context, VOS_MODULE_ID_WDA, wma_handle); -- cgit v1.2.3 From 9e8414cfa5213583d869f12dfe00805b90bb61c7 Mon Sep 17 00:00:00 2001 From: Ganesh Kondabattini Date: Thu, 25 Sep 2014 23:13:22 +0530 Subject: qcacld: p2p ie length should not exceed 251 bytes. Host is sometimes sending a p2p ie which is having size more than 251 bytes. Because of this target assert is happening. Adding code to check the length of p2p ie before passing it to the firmware. Change-Id: I9c20ab0b70a5a9d25d445bf815701f17a35e21ab CRs-Fixed: 730284 --- CORE/SERVICES/WMA/wma.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c index 818e8ed1fc10..6fd40ef26014 100644 --- a/CORE/SERVICES/WMA/wma.c +++ b/CORE/SERVICES/WMA/wma.c @@ -15003,6 +15003,19 @@ static int wma_p2p_go_set_beacon_ie(t_wma_handle *wma_handle, ie_len = (u_int32_t) (p2pIe[1] + 2); + /* More than one P2P IE may be included in a single frame. + If multiple P2P IEs are present, the complete P2P attribute + data consists of the concatenation of the P2P Attribute + fields of the P2P IEs. The P2P Attributes field of each + P2P IE may be any length up to the maximum (251 octets). + In this case host sends one P2P IE to firmware so the length + should not exceed more than 251 bytes + */ + if (ie_len > 251) { + WMA_LOGE("%s : invalid p2p ie length %u", __func__, ie_len); + return -EINVAL; + } + ie_len_aligned = roundup(ie_len, sizeof(A_UINT32)); wmi_buf_len = sizeof(wmi_p2p_go_set_beacon_ie_fixed_param) + ie_len_aligned + WMI_TLV_HDR_SIZE; -- cgit v1.2.3 From 1c45e865f1eeb9edc857f8c2660b34268948e22d Mon Sep 17 00:00:00 2001 From: AnjaneeDevi Kapparapu Date: Fri, 26 Sep 2014 14:33:57 +0530 Subject: Cafstaging Release 1.0.0.200 Cafstaging Release 1.0.0.200 Change-Id: I6e6c3878dd50c9ad0a490851b02c3d559ce691f4 CRs-Fixed: 688141 --- CORE/MAC/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CORE/MAC/inc/qwlan_version.h b/CORE/MAC/inc/qwlan_version.h index 1aa1e925c1b1..1165c160bea6 100644 --- a/CORE/MAC/inc/qwlan_version.h +++ b/CORE/MAC/inc/qwlan_version.h @@ -42,9 +42,9 @@ BRIEF DESCRIPTION: #define QWLAN_VERSION_MINOR 0 #define QWLAN_VERSION_PATCH 0 #define QWLAN_VERSION_EXTRA "" -#define QWLAN_VERSION_BUILD 199 +#define QWLAN_VERSION_BUILD 200 -#define QWLAN_VERSIONSTR "1.0.0.199" +#define QWLAN_VERSIONSTR "1.0.0.200" #define AR6320_REV1_VERSION 0x5000000 -- cgit v1.2.3