From cf087bcfef5e4febe63474523293987184687a10 Mon Sep 17 00:00:00 2001 From: Rachit Kankane Date: Mon, 11 May 2020 19:39:12 +0530 Subject: [PATCH 01/48] qcacld-3.0: Handle tx_power_level under radio stat Host driver do receives radio tx power level stats as part of radio stats even though we have different event ID for that. Handling the tx_power_level as part of radio stats only if num_tx_power_level is set. Change-Id: I46aff51c70c444c94c9b10f32b7776ba4a1ca4e8 CRs-Fixed: 2686882 --- core/hdd/src/wlan_hdd_stats.c | 43 ++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/core/hdd/src/wlan_hdd_stats.c b/core/hdd/src/wlan_hdd_stats.c index 3a06340ab4f1..e247d87cb9e3 100644 --- a/core/hdd/src/wlan_hdd_stats.c +++ b/core/hdd/src/wlan_hdd_stats.c @@ -938,15 +938,22 @@ static int hdd_llstats_post_radio_stats(struct hdd_adapter *adapter, QCA_WLAN_VENDOR_ATTR_LL_STATS_RADIO_NUM_CHANNELS, radiostat->num_channels)) { hdd_err("QCA_WLAN_VENDOR_ATTR put fail"); + goto failure; } if (radiostat->total_num_tx_power_levels) { - if (nla_put(vendor_event, + ret = + nla_put(vendor_event, QCA_WLAN_VENDOR_ATTR_LL_STATS_RADIO_TX_TIME_PER_LEVEL, sizeof(u32) * radiostat->total_num_tx_power_levels, - radiostat->tx_time_per_power_level)) { + radiostat->tx_time_per_power_level); + qdf_mem_free(radiostat->tx_time_per_power_level); + radiostat->tx_time_per_power_level = NULL; + if (ret) { + qdf_mem_free(radiostat->channels); + radiostat->channels = NULL; hdd_err("nla_put fail"); goto failure; } @@ -1046,7 +1053,7 @@ static void hdd_process_ll_stats(tSirLLStatsResults *results, if (results->paramId & WMI_LINK_STATS_RADIO) { struct wifi_radio_stats *rs_results, *stat_result; - u64 channel_size = 0; + u64 channel_size = 0, pwr_lvl_size = 0; int i; stats = qdf_mem_malloc(sizeof(*stats)); if (!stats) @@ -1066,12 +1073,39 @@ static void hdd_process_ll_stats(tSirLLStatsResults *results, for (i = 0; i < results->num_radio; i++) { channel_size = rs_results->num_channels * sizeof(struct wifi_channel_stats); + pwr_lvl_size = sizeof(uint32_t) * + rs_results->total_num_tx_power_levels; + + if (rs_results->total_num_tx_power_levels && + rs_results->tx_time_per_power_level) { + stat_result->tx_time_per_power_level = + qdf_mem_malloc(pwr_lvl_size); + if (!stat_result->tx_time_per_power_level) { + while (i-- > 0) { + stat_result--; + qdf_mem_free(stat_result-> + tx_time_per_power_level); + qdf_mem_free(stat_result-> + channels); + } + qdf_mem_free(stat_result); + qdf_mem_free(stats); + goto exit; + } + qdf_mem_copy(stat_result->tx_time_per_power_level, + rs_results->tx_time_per_power_level, + pwr_lvl_size); + } if (channel_size) { stat_result->channels = qdf_mem_malloc(channel_size); if (!stat_result->channels) { + qdf_mem_free(stat_result-> + tx_time_per_power_level); while (i-- > 0) { stat_result--; + qdf_mem_free(stat_result-> + tx_time_per_power_level); qdf_mem_free(stat_result-> channels); } @@ -1443,6 +1477,9 @@ static void wlan_hdd_handle_ll_stats(struct hdd_adapter *adapter, for (i = 0; i < num_radio; i++) { if (radio_stat->num_channels) qdf_mem_free(radio_stat->channels); + if (radio_stat->total_num_tx_power_levels) + qdf_mem_free(radio_stat-> + tx_time_per_power_level); radio_stat++; } return; From 6d6616e9803a5b359b27ab4f8004373760a0d242 Mon Sep 17 00:00:00 2001 From: Arun Kumar Khandavalli Date: Thu, 28 May 2020 08:14:16 +0530 Subject: [PATCH 02/48] qcacld-3.0: Reject interface up when the recovery is inprogress During the interface UP the driver will take rtnl lock and if the recovery is going on at the same time it will wait for the recovery to complete. If its a modem ssr, the IPA related module would register all the netdevices which need the rtnl_lock held by the driver. Reject the interface up when the SSR is inprogress. Change-Id: I7b2451f16c86cbe86a7c377d112bec12f7eb0252 CRs-Fixed: 2693540 --- core/hdd/src/wlan_hdd_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 48cd3f08f205..09ae00118926 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -4019,7 +4019,7 @@ static int hdd_open(struct net_device *net_dev) int errno; struct osif_vdev_sync *vdev_sync; - errno = osif_vdev_sync_trans_start_wait(net_dev, &vdev_sync); + errno = osif_vdev_sync_trans_start(net_dev, &vdev_sync); if (errno) return errno; From 7b9f1611eeabe97568a5bf886083d429a19aba1d Mon Sep 17 00:00:00 2001 From: Abhishek Ambure Date: Mon, 13 Jul 2020 20:43:50 +0530 Subject: [PATCH 03/48] qcacld-3.0: Don't free assoc rsp fail timer on rsp status TRY_AGAIN_LATER For WPA3 SAE, host runs pmf comeback timer to retry assoc request. Host retires assoc request once if assoc response has response status as TRY_AGAIN_LATER after 1 seconds. Problem scenario: Host sends assoc request to which AP respond with assoc response status TRY_AGAIN_LATER, deactivates assoc response failure timer and retransmit assoc request after 1 second. After 1 second host retransmit assoc req and marks this is "retried" assoc request. If to the retried assoc request host gets assoc response with reason status TRY_AGAIN_LATER, host deactivates assoc failure timer and drops the assoc response. Thus association does not complete and even association timer doesn't trigger. Fix: deactivate assoc failure timer after checking the assoc response status is not TRY_AGAIN_LATER and deactivate pmf comeback timer on assoc failure timer gets trigger. Change-Id: I7fc89063efec3c4a5b0521e9ff8301d6ea64683e CRs-Fixed: 2730194 --- core/mac/src/pe/include/lim_api.h | 14 ++++++++++++++ core/mac/src/pe/lim/lim_api.c | 6 +----- core/mac/src/pe/lim/lim_process_assoc_rsp_frame.c | 13 ++++++------- core/mac/src/pe/lim/lim_process_mlm_req_messages.c | 1 + 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/core/mac/src/pe/include/lim_api.h b/core/mac/src/pe/include/lim_api.h index b7daccc4dec8..0a66446aa128 100644 --- a/core/mac/src/pe/include/lim_api.h +++ b/core/mac/src/pe/include/lim_api.h @@ -114,6 +114,20 @@ QDF_STATUS lim_start(struct mac_context *mac); QDF_STATUS pe_start(struct mac_context *mac); void pe_stop(struct mac_context *mac); +#ifdef WLAN_FEATURE_11W +/** + * lim_stop_pmfcomeback_timer() - stop pmf comeback timer + * @session: Pointer to PE session + * + * Return: None + */ +void lim_stop_pmfcomeback_timer(struct pe_session *session); +#else +static inline void lim_stop_pmfcomeback_timer(struct pe_session *session) +{ +} +#endif + /** * pe_register_mgmt_rx_frm_callback() - registers callback for receiving * mgmt rx frames diff --git a/core/mac/src/pe/lim/lim_api.c b/core/mac/src/pe/lim/lim_api.c index d0bcb93d415b..dc074ecd2673 100644 --- a/core/mac/src/pe/lim/lim_api.c +++ b/core/mac/src/pe/lim/lim_api.c @@ -597,7 +597,7 @@ static inline void lim_nan_register_callbacks(struct mac_context *mac_ctx) #endif #ifdef WLAN_FEATURE_11W -static void lim_stop_pmfcomeback_timer(struct pe_session *session) +void lim_stop_pmfcomeback_timer(struct pe_session *session) { if (session->opmode != QDF_STA_MODE) return; @@ -605,10 +605,6 @@ static void lim_stop_pmfcomeback_timer(struct pe_session *session) qdf_mc_timer_stop(&session->pmf_retry_timer); session->pmf_retry_timer_info.retried = false; } -#else -static void lim_stop_pmfcomeback_timer(struct pe_session *session) -{ -} #endif /* diff --git a/core/mac/src/pe/lim/lim_process_assoc_rsp_frame.c b/core/mac/src/pe/lim/lim_process_assoc_rsp_frame.c index 5900be31e1d7..0a14e19a3daa 100644 --- a/core/mac/src/pe/lim/lim_process_assoc_rsp_frame.c +++ b/core/mac/src/pe/lim/lim_process_assoc_rsp_frame.c @@ -845,13 +845,6 @@ lim_process_assoc_rsp_frame(struct mac_context *mac_ctx, return; } lim_copy_u16((uint8_t *) &mac_capab, caps); - - /* Stop Association failure timer */ - if (subtype == LIM_ASSOC) - lim_deactivate_and_change_timer(mac_ctx, eLIM_ASSOC_FAIL_TIMER); - else - lim_stop_reassoc_retry_timer(mac_ctx); - lim_handle_assoc_reject_status(mac_ctx, session_entry, assoc_rsp, hdr->sa); @@ -882,6 +875,12 @@ lim_process_assoc_rsp_frame(struct mac_context *mac_ctx, return; } + /* Stop Association failure timer */ + if (subtype == LIM_ASSOC) + lim_deactivate_and_change_timer(mac_ctx, eLIM_ASSOC_FAIL_TIMER); + else + lim_stop_reassoc_retry_timer(mac_ctx); + if (assoc_rsp->status_code != eSIR_MAC_SUCCESS_STATUS) { /* *Re/Association response was received diff --git a/core/mac/src/pe/lim/lim_process_mlm_req_messages.c b/core/mac/src/pe/lim/lim_process_mlm_req_messages.c index fbe3ac54cc71..a145c6240b24 100644 --- a/core/mac/src/pe/lim/lim_process_mlm_req_messages.c +++ b/core/mac/src/pe/lim/lim_process_mlm_req_messages.c @@ -1943,6 +1943,7 @@ void lim_process_assoc_failure_timeout(struct mac_context *mac_ctx, session->peSessionId, session->limMlmState)); /* Change timer for future activations */ lim_deactivate_and_change_timer(mac_ctx, eLIM_ASSOC_FAIL_TIMER); + lim_stop_pmfcomeback_timer(session); /* * Free up buffer allocated for JoinReq held by * MLM state machine From 4d2fddfff7899666f0c408c4be3aa8cc06606e15 Mon Sep 17 00:00:00 2001 From: Sachin Ahuja Date: Tue, 14 Jul 2020 17:21:39 +0530 Subject: [PATCH 04/48] qcacld-3.0: Check for fw down before reinit complete Currently reinit resets the recovery in progress flag when reinit is successul. It may happen that after initial handshake with FW during reinit, FW crashes and send the FW down indication to the driver. Driver sets the recovery flag in FW down but it gets reset on the successul reinit. Now on subsequent shutdown, driver crashes as recovery flag is reset by last reinit. Check for fw down to reset the recovery flag on reinit completion CRs-Fixed: 2727205 Change-Id: I88effc1211de138351ef9b232645d0c616a9d5dc --- core/hdd/src/wlan_hdd_driver_ops.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/core/hdd/src/wlan_hdd_driver_ops.c b/core/hdd/src/wlan_hdd_driver_ops.c index 6e0e3b50802c..11795e7061d7 100644 --- a/core/hdd/src/wlan_hdd_driver_ops.c +++ b/core/hdd/src/wlan_hdd_driver_ops.c @@ -581,7 +581,17 @@ static int __hdd_soc_recovery_reinit(struct device *dev, } re_init_fail_cnt = 0; - cds_set_recovery_in_progress(false); + + /* + * In case of SSR within SSR we have seen the race + * where the reinit is successful and fw down is received + * which sets the recovery in progress. Now as reinit is + * successful we reset the recovery in progress here. + * So check if FW is down then don't reset the recovery + * in progress + */ + if (!qdf_is_fw_down()) + cds_set_recovery_in_progress(false); hdd_soc_load_unlock(dev); hdd_start_complete(0); From a08b1ead91a90da6bace4d5be909e158ef8a68c3 Mon Sep 17 00:00:00 2001 From: Jyoti Kumari Date: Fri, 27 Nov 2020 12:48:53 +0530 Subject: [PATCH 05/48] qcacld-3.0: Avoid excessive kmsg log in roam stats event handler Sometimes firmware sends WMI_ROAM_STATS_EVENTID repeatedly with wrong TLV. This causes event extraction failure at the event handler and continuous error logs are written to kmsg. Replace error prints in wma_roam_stats_event_handler() with debug level prints. Change-Id: Iba03e22239281a921cfcab4a37eba2894ec006f4 CRs-Fixed: 2826127 --- core/wma/src/wma_scan_roam.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index 21bc51fed810..bf4ba9b52531 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -3839,8 +3839,8 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, wma->wmi_handle, event, &roam_info->data_11kv, 0, 0); if (QDF_IS_STATUS_ERROR(status)) { - WMA_LOGE("%s: Roam 11kv stats extract failed vdev %d", - __func__, vdev_id); + wma_debug("%s: Roam 11kv stats extract failed vdev %d", + __func__, vdev_id); qdf_mem_free(roam_info); goto err; } @@ -3865,8 +3865,8 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, wma->wmi_handle, event, &roam_info->trigger, i); if (QDF_IS_STATUS_ERROR(status)) { - WMA_LOGE("%s: Extract roam trigger stats failed vdev%d", - __func__, vdev_id); + wma_debug("%s: Extract roam trigger stats failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } @@ -3877,8 +3877,8 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, &roam_info->scan, i, num_chan, num_ap); if (QDF_IS_STATUS_ERROR(status)) { - WMA_LOGE("%s: Roam scan stats extract failed vdev %d", - __func__, vdev_id); + wma_debug("%s: Roam scan stats extract failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } @@ -3890,19 +3890,18 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, wma->wmi_handle, event, &roam_info->result, i); if (QDF_IS_STATUS_ERROR(status)) { - WMA_LOGE("%s: Roam result stats extract failed vdev %d", - __func__, vdev_id); + wma_debug("%s: Roam result stats extract failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } - /* BTM req/resp or Neighbor report/response info */ status = wmi_unified_extract_roam_11kv_stats( wma->wmi_handle, event, &roam_info->data_11kv, i, num_rpt); if (QDF_IS_STATUS_ERROR(status)) { - WMA_LOGE("%s: Roam 11kv stats extract failed vdev %d", - __func__, vdev_id); + wma_debug("%s: Roam 11kv stats extract failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } From 0abea6386fd45459916c483384aff0e899785140 Mon Sep 17 00:00:00 2001 From: Jyoti Kumari Date: Tue, 1 Dec 2020 12:25:13 +0530 Subject: [PATCH 06/48] qcacld-3.0: Avoid excessive kmsg log in roam stats event handler Sometimes firmware sends WMI_ROAM_STATS_EVENTID repeatedly with wrong TLV. This causes event extraction failure at the event handler and continuous error logs are written to kmsg. Rate limit debug level prints in wma_roam_stats_event_handler() Change-Id: I03c1a50198d26096333d9b42190b34204453155a CRs-Fixed: 2829293 --- core/wma/src/wma_scan_roam.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index bf4ba9b52531..782178f61a13 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -3839,8 +3839,8 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, wma->wmi_handle, event, &roam_info->data_11kv, 0, 0); if (QDF_IS_STATUS_ERROR(status)) { - wma_debug("%s: Roam 11kv stats extract failed vdev %d", - __func__, vdev_id); + wma_debug_rl("%s: Roam 11kv stats extract failed vdev %d", + __func__, vdev_id); qdf_mem_free(roam_info); goto err; } @@ -3865,8 +3865,8 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, wma->wmi_handle, event, &roam_info->trigger, i); if (QDF_IS_STATUS_ERROR(status)) { - wma_debug("%s: Extract roam trigger stats failed vdev %d at %d iteration", - __func__, vdev_id, i); + wma_debug_rl("%s: Extract roam trigger stats failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } @@ -3877,8 +3877,8 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, &roam_info->scan, i, num_chan, num_ap); if (QDF_IS_STATUS_ERROR(status)) { - wma_debug("%s: Roam scan stats extract failed vdev %d at %d iteration", - __func__, vdev_id, i); + wma_debug_rl("%s: Roam scan stats extract failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } @@ -3890,18 +3890,19 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, wma->wmi_handle, event, &roam_info->result, i); if (QDF_IS_STATUS_ERROR(status)) { - wma_debug("%s: Roam result stats extract failed vdev %d at %d iteration", - __func__, vdev_id, i); + wma_debug_rl("%s: Roam result stats extract failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } + /* BTM req/resp or Neighbor report/response info */ status = wmi_unified_extract_roam_11kv_stats( wma->wmi_handle, event, &roam_info->data_11kv, i, num_rpt); if (QDF_IS_STATUS_ERROR(status)) { - wma_debug("%s: Roam 11kv stats extract failed vdev %d at %d iteration", - __func__, vdev_id, i); + wma_debug_rl("%s: Roam 11kv stats extract failed vdev %d at %d iteration", + __func__, vdev_id, i); qdf_mem_free(roam_info); return -EINVAL; } From 8ebe8acc29be87d61ef89fcb8aa3e5c7e8f40acd Mon Sep 17 00:00:00 2001 From: Ananya Gupta Date: Fri, 27 Nov 2020 00:26:55 +0530 Subject: [PATCH 07/48] qcacld-3.0: Pre-allocate pdev context Pre-allocate pdev context as size (53KB) exceeds threshold of dynamic allocation (4KB). Change-Id: Ib2adfc556ca1096ab7a800cd14a7da44ccd4f01a CRs-Fixed: 2828243 --- core/cds/src/cds_api.c | 2 + core/dp/txrx3.0/dp_txrx.c | 83 +++++++++++++++++++++++++++++++++++++++ core/dp/txrx3.0/dp_txrx.h | 25 ++++++++++++ 3 files changed, 110 insertions(+) diff --git a/core/cds/src/cds_api.c b/core/cds/src/cds_api.c index e83d402ef6a9..24e82111e29c 100644 --- a/core/cds/src/cds_api.c +++ b/core/cds/src/cds_api.c @@ -120,6 +120,8 @@ static struct ol_if_ops dp_ol_if_ops = { .get_con_mode = cds_get_conparam, .send_delba = cds_send_delba, #ifdef DP_MEM_PRE_ALLOC + .dp_prealloc_get_context = dp_prealloc_get_context_memory, + .dp_prealloc_put_context = dp_prealloc_put_context_memory, .dp_prealloc_get_consistent = dp_prealloc_get_coherent, .dp_prealloc_put_consistent = dp_prealloc_put_coherent, .dp_get_multi_pages = dp_prealloc_get_multi_pages, diff --git a/core/dp/txrx3.0/dp_txrx.c b/core/dp/txrx3.0/dp_txrx.c index 627c7b22fd35..512140e9a7f2 100644 --- a/core/dp/txrx3.0/dp_txrx.c +++ b/core/dp/txrx3.0/dp_txrx.c @@ -167,6 +167,24 @@ struct dp_consistent_prealloc_unaligned { qdf_dma_addr_t pa_unaligned; }; +/** + * struct dp_prealloc_context - element representing DP prealloc context memory + * @ctxt_type: DP context type + * @size: size of pre-alloc memory + * @in_use: check if element is being used + * @addr: address of memory allocated + */ +struct dp_prealloc_context { + enum dp_ctxt_type ctxt_type; + uint32_t size; + bool in_use; + void *addr; +}; + +static struct dp_prealloc_context g_dp_context_allocs[] = { + {DP_PDEV_TYPE, (sizeof(struct dp_pdev)), false, NULL} +}; + static struct dp_consistent_prealloc g_dp_consistent_allocs[] = { /* 5 REO DST rings */ {REO_DST, (sizeof(struct reo_destination_ring)) * REO_DST_RING_SIZE, 0, NULL, NULL, 0, 0}, @@ -292,6 +310,7 @@ static struct dp_consistent_prealloc_unaligned void dp_prealloc_deinit(void) { int i; + struct dp_prealloc_context *cp; struct dp_consistent_prealloc *p; struct dp_multi_page_prealloc *mp; struct dp_consistent_prealloc_unaligned *up; @@ -351,11 +370,23 @@ void dp_prealloc_deinit(void) qdf_mem_zero(up, sizeof(*up)); } } + + for (i = 0; i < QDF_ARRAY_SIZE(g_dp_context_allocs); i++) { + cp = &g_dp_context_allocs[i]; + if (qdf_unlikely(up->in_use)) + dp_warn("i %d: context in use while free", i); + + if (cp->addr) { + qdf_mem_free(cp->addr); + cp->addr = NULL; + } + } } QDF_STATUS dp_prealloc_init(void) { int i; + struct dp_prealloc_context *cp; struct dp_consistent_prealloc *p; struct dp_multi_page_prealloc *mp; struct dp_consistent_prealloc_unaligned *up; @@ -367,6 +398,23 @@ QDF_STATUS dp_prealloc_init(void) return QDF_STATUS_E_FAILURE; } + /*Context pre-alloc*/ + for (i = 0; i < QDF_ARRAY_SIZE(g_dp_context_allocs); i++) { + cp = &g_dp_context_allocs[i]; + cp->addr = qdf_mem_malloc(cp->size); + + if (qdf_unlikely(!cp->addr)) { + dp_warn("i %d: unable to preallocate %d bytes memory!", + i, cp->size); + break; + } + } + + if (i != QDF_ARRAY_SIZE(g_dp_context_allocs)) { + dp_err("unable to allocate context memory!"); + goto deinit; + } + for (i = 0; i < QDF_ARRAY_SIZE(g_dp_consistent_allocs); i++) { p = &g_dp_consistent_allocs[i]; p->in_use = 0; @@ -449,6 +497,41 @@ QDF_STATUS dp_prealloc_init(void) return QDF_STATUS_E_FAILURE; } +void *dp_prealloc_get_context_memory(uint32_t ctxt_type) +{ + int i; + struct dp_prealloc_context *cp; + + for (i = 0; i < QDF_ARRAY_SIZE(g_dp_context_allocs); i++) { + cp = &g_dp_context_allocs[i]; + + if ((ctxt_type == cp->ctxt_type) && !cp->in_use) { + cp->in_use = true; + return cp->addr; + } + } + + return NULL; +} + +QDF_STATUS dp_prealloc_put_context_memory(uint32_t ctxt_type, void *vaddr) +{ + int i; + struct dp_prealloc_context *cp; + + for (i = 0; i < QDF_ARRAY_SIZE(g_dp_context_allocs); i++) { + cp = &g_dp_context_allocs[i]; + + if ((ctxt_type == cp->ctxt_type) && vaddr == cp->addr) { + qdf_mem_zero(cp->addr, cp->size); + cp->in_use = false; + return QDF_STATUS_SUCCESS; + } + } + + return QDF_STATUS_E_FAILURE; +} + void *dp_prealloc_get_coherent(uint32_t *size, void **base_vaddr_unaligned, qdf_dma_addr_t *paddr_unaligned, qdf_dma_addr_t *paddr_aligned, diff --git a/core/dp/txrx3.0/dp_txrx.h b/core/dp/txrx3.0/dp_txrx.h index 6d3becef1c14..fdd3c2f7519d 100644 --- a/core/dp/txrx3.0/dp_txrx.h +++ b/core/dp/txrx3.0/dp_txrx.h @@ -425,6 +425,31 @@ QDF_STATUS dp_prealloc_init(void); */ void dp_prealloc_deinit(void); +/** + * dp_prealloc_get_context_memory() - gets pre-alloc DP context memory from + * global pool + * @ctxt_type: type of DP context + * + * This is done only as part of init happening in a single context. Hence + * no lock is used for protection + * + * Return: Address of context + */ +void *dp_prealloc_get_context_memory(uint32_t ctxt_type); + +/** + * dp_prealloc_put_context_memory() - puts back pre-alloc DP context memory to + * global pool + * @ctxt_type: type of DP context + * @vaddr: address of DP context + * + * This is done only as part of de-init happening in a single context. Hence + * no lock is used for protection + * + * Return: Failure if address not found + */ +QDF_STATUS dp_prealloc_put_context_memory(uint32_t ctxt_type, void *vaddr); + /** * dp_prealloc_get_coherent() - gets pre-alloc DP memory * @size: size of memory needed From 304f359d65e8c8b2a10fb16ab2f2061561af12d3 Mon Sep 17 00:00:00 2001 From: Mohit Khanna Date: Sat, 25 Jul 2020 09:32:10 -0700 Subject: [PATCH 08/48] qcacld-3.0: Enable DP_MEM_PRE_ALLOC flag Add support for DP SRNG consistent memory pre-alloc. Change-Id: I867ff901aa6d26f86b16167fb3955096d318d61c CRs-Fixed: 2740424 --- Kbuild | 1 + configs/default_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/Kbuild b/Kbuild index 9b59fec8e633..e58843b1eb2b 100644 --- a/Kbuild +++ b/Kbuild @@ -2867,6 +2867,7 @@ cppflags-$(CONFIG_FEATURE_TSO) += -DFEATURE_TSO cppflags-$(CONFIG_TSO_DEBUG_LOG_ENABLE) += -DTSO_DEBUG_LOG_ENABLE cppflags-$(CONFIG_DP_LFR) += -DDP_LFR cppflags-$(CONFIG_DUP_RX_DESC_WAR) += -DDUP_RX_DESC_WAR +cppflags-$(CONFIG_DP_MEM_PRE_ALLOC) += -DDP_MEM_PRE_ALLOC cppflags-$(CONFIG_DP_TXRX_SOC_ATTACH) += -DDP_TXRX_SOC_ATTACH cppflags-$(CONFIG_HTT_PADDR64) += -DHTT_PADDR64 cppflags-$(CONFIG_WLAN_FEATURE_BMI) += -DWLAN_FEATURE_BMI diff --git a/configs/default_defconfig b/configs/default_defconfig index daa6c4e927ff..ddc3543f0510 100644 --- a/configs/default_defconfig +++ b/configs/default_defconfig @@ -450,6 +450,7 @@ CONFIG_MAX_ALLOC_PAGE_SIZE := y CONFIG_REO_DESC_DEFER_FREE := y CONFIG_RXDMA_ERR_PKT_DROP := y CONFIG_DELIVERY_TO_STACK_STATUS_CHECK := y +CONFIG_DP_MEM_PRE_ALLOC := y ifeq ($(CONFIG_FEATURE_TSO), y) CONFIG_FEATURE_TSO_STATS := y From 6e9b81315116ae8cdb2501c712bdac38630c9fae Mon Sep 17 00:00:00 2001 From: Srinivas Dasari Date: Wed, 16 Dec 2020 16:57:12 +0530 Subject: [PATCH 09/48] qcacld-3.0: Send assoc reject upon failing to post ASSOC_IND Currently, lim silently drops the association if it fails to post ASSOC_IND due to some reason(e.g. invalid contents of assoc request) and the MLM state is stuck in eLIM_MLM_WT_ASSOC_CNF_STATE. Station context is not cleaned up till the next association. Gracefully cleanup the association in such failure cases. Change-Id: Iede43a1ddc4ac6ef300af02776b153b58dd70c2c CRs-Fixed: 2810235 --- .../src/pe/lim/lim_process_assoc_req_frame.c | 26 ++++++------------- .../src/pe/lim/lim_process_mlm_rsp_messages.c | 9 ++++++- core/mac/src/pe/lim/lim_types.h | 17 ++++++++++-- 3 files changed, 31 insertions(+), 21 deletions(-) diff --git a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c index 8ff6cf554058..aa746d954671 100644 --- a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c +++ b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c @@ -2960,19 +2960,9 @@ bool lim_fill_lim_assoc_ind_params( return true; } -/** - * lim_send_mlm_assoc_ind() - Sends assoc indication to SME - * @mac_ctx: Global Mac context - * @sta_ds: Station DPH hash entry - * @session_entry: PE session entry - * - * This function sends either LIM_MLM_ASSOC_IND - * or LIM_MLM_REASSOC_IND to SME. - * - * Return: None - */ -void lim_send_mlm_assoc_ind(struct mac_context *mac_ctx, - tpDphHashNode sta_ds, struct pe_session *session_entry) +QDF_STATUS lim_send_mlm_assoc_ind(struct mac_context *mac_ctx, + tpDphHashNode sta_ds, + struct pe_session *session_entry) { tpLimMlmAssocInd assoc_ind; tpSirAssocReq assoc_req; @@ -2982,7 +2972,7 @@ void lim_send_mlm_assoc_ind(struct mac_context *mac_ctx, if (!session_entry->parsedAssocReq) { pe_err(" Parsed Assoc req is NULL"); - return; + return QDF_STATUS_E_INVAL; } /* Get a copy of the already parsed Assoc Request */ @@ -2991,7 +2981,7 @@ void lim_send_mlm_assoc_ind(struct mac_context *mac_ctx, if (!assoc_req) { pe_err("assoc req for assoc_id:%d is NULL", sta_ds->assocId); - return; + return QDF_STATUS_E_INVAL; } /* Get the phy_mode */ @@ -3015,17 +3005,17 @@ void lim_send_mlm_assoc_ind(struct mac_context *mac_ctx, if (!assoc_ind) { lim_release_peer_idx(mac_ctx, sta_ds->assocId, session_entry); - return; + return QDF_STATUS_E_INVAL; } if (!lim_fill_lim_assoc_ind_params(assoc_ind, mac_ctx, sta_ds, session_entry)) { qdf_mem_free(assoc_ind); - return; + return QDF_STATUS_E_INVAL; } lim_post_sme_message(mac_ctx, LIM_MLM_ASSOC_IND, (uint32_t *)assoc_ind); qdf_mem_free(assoc_ind); } - return; + return QDF_STATUS_SUCCESS; } diff --git a/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c b/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c index b9f73f667f38..7621d0ae7a02 100644 --- a/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c +++ b/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c @@ -1941,7 +1941,14 @@ void lim_process_ap_mlm_add_sta_rsp(struct mac_context *mac, * 2) PE receives eWNI_SME_ASSOC_CNF from SME * 3) BTAMP-AP sends Re/Association Response to BTAMP-STA */ - lim_send_mlm_assoc_ind(mac, sta, pe_session); + if (lim_send_mlm_assoc_ind(mac, sta, pe_session) != QDF_STATUS_SUCCESS) + lim_reject_association(mac, sta->staAddr, + sta->mlmStaContext.subType, + true, sta->mlmStaContext.authType, + sta->assocId, true, + eSIR_MAC_UNSPEC_FAILURE_STATUS, + pe_session); + /* fall though to reclaim the original Add STA Response message */ end: if (0 != limMsgQ->bodyptr) { diff --git a/core/mac/src/pe/lim/lim_types.h b/core/mac/src/pe/lim/lim_types.h index 3c3d657900ed..a2f2939e0c90 100644 --- a/core/mac/src/pe/lim/lim_types.h +++ b/core/mac/src/pe/lim/lim_types.h @@ -446,8 +446,21 @@ lim_fill_sme_assoc_ind_params( struct mac_context *mac_ctx, tpLimMlmAssocInd assoc_ind, struct assoc_ind *sme_assoc_ind, struct pe_session *session_entry, bool assoc_req_alloc); -void lim_send_mlm_assoc_ind(struct mac_context *mac, tpDphHashNode sta, - struct pe_session *pe_session); + +/** + * lim_send_mlm_assoc_ind() - Sends assoc indication to SME + * @mac_ctx: Global Mac context + * @sta_ds: Station DPH hash entry + * @session_entry: PE session entry + * + * This function sends either LIM_MLM_ASSOC_IND + * or LIM_MLM_REASSOC_IND to SME. + * + * Return: QDF_STATUS + */ +QDF_STATUS lim_send_mlm_assoc_ind(struct mac_context *mac, + tpDphHashNode sta, + struct pe_session *pe_session); void lim_process_assoc_rsp_frame(struct mac_context *, uint8_t *, uint8_t, struct pe_session *); void lim_process_disassoc_frame(struct mac_context *, uint8_t *, struct pe_session *); From b882611840510e311fdcc119080ade9645586174 Mon Sep 17 00:00:00 2001 From: Jyoti Kumari Date: Fri, 29 Jan 2021 12:59:07 +0530 Subject: [PATCH 10/48] qcacld-3.0: Fix integer underflow in assoc response frame In func aead_decrypt_assoc_rsp(), it calls find_ie_data_after_fils_session_ie() to find IE pointer after FILS session IE from the frame payload. There is possibility of integer underflow if frame payload length is less than FIXED_PARAM_OFFSET_ASSOC_RSP which may increase value of buf_len variable in find_ie_data_after_fils_session_ie() and cause OOB during parsing process. Validate frame payload length with FIXED_PARAM_OFFSET_ASSOC_RSP, if it is less then return failure. Change-Id: I78fbcfeaa1058fcf2a6fe47cd5c26390b54974af CRs-Fixed: 2859024 --- core/mac/src/pe/lim/lim_process_fils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/mac/src/pe/lim/lim_process_fils.c b/core/mac/src/pe/lim/lim_process_fils.c index 1f2f2706d353..c69ef138e436 100644 --- a/core/mac/src/pe/lim/lim_process_fils.c +++ b/core/mac/src/pe/lim/lim_process_fils.c @@ -2241,6 +2241,11 @@ QDF_STATUS aead_decrypt_assoc_rsp(struct mac_context *mac_ctx, uint8_t *fils_ies; struct pe_fils_session *fils_info = session->fils_info; + if (*n_frame < FIXED_PARAM_OFFSET_ASSOC_RSP) { + pe_debug("payload len is less than ASSOC RES offset"); + return QDF_STATUS_E_FAILURE; + } + status = find_ie_data_after_fils_session_ie(mac_ctx, p_frame + FIXED_PARAM_OFFSET_ASSOC_RSP, ((*n_frame) - From 3a66174d01a71d55e6cad58fde11cbf7767c9789 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar Date: Mon, 25 Jan 2021 16:16:39 +0530 Subject: [PATCH 11/48] qcacld-3.0: Possible OOB read when parsing FT IE FTIE buffer carries multiple FT subelements (like R1KH-ID, R0KH-ID, GTK, IGTK, etc). Total FTIE buffer len = Number of FT subelements * (Subelement ID (1 bytes) + lenght (1 bytes) + data length) Currently, Host checks only the minimum length for FTIE buffer while filling each FT subelements. This leads to OOB if the remaining length of FTIE length buffer less than the length of an FT subelement. Before filling each subelement into FTIE buffer, add a check to validate subelement length against remaining FTIE length Change-Id: I5d6f4a59eef591d3a2da9f2403738d1fdd1a88b2 CRs-Fixed: 2857084 --- .../mac/src/sys/legacy/src/utils/src/parser_api.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/core/mac/src/sys/legacy/src/utils/src/parser_api.c b/core/mac/src/sys/legacy/src/utils/src/parser_api.c index 922a11c063fb..8c35a9d49e92 100644 --- a/core/mac/src/sys/legacy/src/utils/src/parser_api.c +++ b/core/mac/src/sys/legacy/src/utils/src/parser_api.c @@ -2911,7 +2911,7 @@ QDF_STATUS wlan_parse_ftie_sha384(uint8_t *frame, uint32_t frame_len, struct sSirAssocRsp *assoc_rsp) { const uint8_t *ie, *ie_end, *pos; - uint8_t ie_len; + uint8_t ie_len, remaining_ie_len; struct wlan_sha384_ftinfo_subelem *ft_subelem; ie = wlan_get_ie_ptr_from_eid(DOT11F_EID_FTINFO, frame, frame_len); @@ -2930,11 +2930,13 @@ QDF_STATUS wlan_parse_ftie_sha384(uint8_t *frame, uint32_t frame_len, pe_err("Invalid FTIE len:%d", ie_len); return QDF_STATUS_E_FAILURE; } + remaining_ie_len = ie_len; pos = ie + 2; qdf_mem_copy(&assoc_rsp->sha384_ft_info, pos, sizeof(struct wlan_sha384_ftinfo)); ie_end = ie + ie_len; pos += sizeof(struct wlan_sha384_ftinfo); + remaining_ie_len -= sizeof(struct wlan_sha384_ftinfo); ft_subelem = &assoc_rsp->sha384_ft_subelem; qdf_mem_zero(ft_subelem, sizeof(*ft_subelem)); while (ie_end - pos >= 2) { @@ -2942,11 +2944,20 @@ QDF_STATUS wlan_parse_ftie_sha384(uint8_t *frame, uint32_t frame_len, id = *pos++; len = *pos++; - if (len < 1) { + /* Subtract data length(len) + 1 bytes for + * Subelement ID + 1 bytes for length from + * remaining FTIE buffer len (ie_len). + * Subelement Parameter(s) field : + * Subelement ID Length Data + * Octets: 1 1 variable + */ + if (len < 1 || remaining_ie_len < (len + 2)) { pe_err("Invalid FT subelem length"); return QDF_STATUS_E_FAILURE; } + remaining_ie_len -= (len + 2); + switch (id) { case FTIE_SUBELEM_R1KH_ID: if (len != FTIE_R1KH_LEN) { From 4818cc5e49db89f251304b3f138639fb17392542 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Mon, 1 Feb 2021 19:51:31 +0530 Subject: [PATCH 12/48] qcacld-3.0: Flush frags for peer on add key request Fragments are not flushed as part of rekey which could result in fragments encrypted under different keys to be reassembled. Fix is to flush fragments for the peer for which add key request is received. Change-Id: I0c018ff7375272125c62aaea7b8ad4df9e842508 CRs-Fixed: 2875950 --- core/hdd/src/wlan_hdd_cfg80211.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index 294ae9f07dac..915bd1224cb5 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -17689,6 +17689,9 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, if (pairwise) wma_set_peer_ucast_cipher(mac_address.bytes, cipher); + cdp_peer_flush_frags(cds_get_context(QDF_MODULE_ID_SOC), + wlan_vdev_get_id(vdev), mac_address.bytes); + switch (adapter->device_mode) { case QDF_IBSS_MODE: errno = wlan_hdd_add_key_ibss(adapter, pairwise, key_index, From b0d79fd4bee78c3e29abd85e48a8cf1fede2f620 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Wed, 10 Feb 2021 15:42:16 +0530 Subject: [PATCH 13/48] qcacld-3.0: Enable config flag to disable EAPOL intrabss fwd Enable config flag to disable EAPOL intrabss fwd for Lithium Change-Id: I23959e38b5cbd845d369bebd6913150eca4551bf CRs-Fixed: 2876353 --- Kbuild | 1 + 1 file changed, 1 insertion(+) diff --git a/Kbuild b/Kbuild index 791ca6cc0503..d6aff1049f63 100644 --- a/Kbuild +++ b/Kbuild @@ -2902,6 +2902,7 @@ cppflags-y += -DENABLE_HAL_SOC_STATS cppflags-y += -DENABLE_HAL_REG_WR_HISTORY cppflags-y += -DDP_RX_DESC_COOKIE_INVALIDATE cppflags-y += -DPCI_LINK_STATUS_SANITY +cppflags-y += -DDISABLE_EAPOL_INTRABSS_FWD endif cppflags-$(CONFIG_WLAN_CLD_PM_QOS) += -DCLD_PM_QOS From 3f6185a40f3a24adabba753f78986f8a0fc9db67 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Sat, 27 Feb 2021 01:07:29 +0530 Subject: [PATCH 14/48] qcacld-3.0: Drop EAPOL frame with DA different from SAP vdev mac addr Fragmented EAPOL frames and EAPOL frames received in few error scenarios with DA different from SAP vdev mac addr will be dropped. Change-Id: I624eba5bdb43c6b88a1f57112550f8026cc35e24 CRs-Fixed: 2888227 --- core/hdd/src/wlan_hdd_softap_tx_rx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/core/hdd/src/wlan_hdd_softap_tx_rx.c b/core/hdd/src/wlan_hdd_softap_tx_rx.c index 81b18aa780af..aff65d1ca878 100644 --- a/core/hdd/src/wlan_hdd_softap_tx_rx.c +++ b/core/hdd/src/wlan_hdd_softap_tx_rx.c @@ -1136,6 +1136,15 @@ QDF_STATUS hdd_softap_rx_packet_cbk(void *adapter_context, qdf_nbuf_t rx_buf) STA_INFO_SOFTAP_RX_PACKET_CBK); } + if (qdf_unlikely(qdf_nbuf_is_ipv4_eapol_pkt(skb) && + qdf_mem_cmp(qdf_nbuf_data(skb) + + QDF_NBUF_DEST_MAC_OFFSET, + adapter->mac_addr.bytes, + QDF_MAC_ADDR_SIZE))) { + qdf_nbuf_free(skb); + continue; + } + hdd_event_eapol_log(skb, QDF_RX); qdf_dp_trace_log_pkt(adapter->vdev_id, skb, QDF_RX, QDF_TRACE_DEFAULT_PDEV_ID); From 787e55f8fc2cb02fee75422f247c8fe6d2d0ea7c Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Wed, 10 Feb 2021 13:17:15 +0530 Subject: [PATCH 15/48] qcacld-3.0: Drop non-EAPOL/WAPI frames from unauthorized peer Drop non-EAPOL/WAPI frames from unauthorized peer received in the IPA exception path. Change-Id: I0c0bc6e60efa193126ba1e3eca36c5e02f7f76a3 CRs-Fixed: 2860206 --- components/ipa/core/inc/wlan_ipa_priv.h | 2 ++ components/ipa/core/src/wlan_ipa_core.c | 43 +++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/components/ipa/core/inc/wlan_ipa_priv.h b/components/ipa/core/inc/wlan_ipa_priv.h index 2d3fc9610e86..d3555b5e442b 100644 --- a/components/ipa/core/inc/wlan_ipa_priv.h +++ b/components/ipa/core/inc/wlan_ipa_priv.h @@ -320,6 +320,7 @@ struct wlan_ipa_priv; * @interface_lock: Interface lock * @ifa_address: Interface address * @stats: Interface stats + * @bssid: BSSID. valid only for sta iface ctx; */ struct wlan_ipa_iface_context { struct wlan_ipa_priv *ipa_ctx; @@ -334,6 +335,7 @@ struct wlan_ipa_iface_context { qdf_spinlock_t interface_lock; uint32_t ifa_address; struct wlan_ipa_iface_stats stats; + struct qdf_mac_addr bssid; }; /** diff --git a/components/ipa/core/src/wlan_ipa_core.c b/components/ipa/core/src/wlan_ipa_core.c index 96c75cc53094..f7c69597352b 100644 --- a/components/ipa/core/src/wlan_ipa_core.c +++ b/components/ipa/core/src/wlan_ipa_core.c @@ -988,6 +988,8 @@ static void __wlan_ipa_w2i_cb(void *priv, qdf_ipa_dp_evt_type_t evt, uint8_t iface_id; uint8_t session_id = 0xff; struct wlan_ipa_iface_context *iface_context; + bool is_eapol_wapi = false; + struct qdf_mac_addr peer_mac_addr = QDF_MAC_ADDR_ZERO_INIT; ipa_ctx = (struct wlan_ipa_priv *)priv; if (!ipa_ctx) { @@ -1037,6 +1039,34 @@ static void __wlan_ipa_w2i_cb(void *priv, qdf_ipa_dp_evt_type_t evt, } iface_context->stats.num_rx_ipa_excep++; + if (iface_context->device_mode == QDF_STA_MODE) + qdf_copy_macaddr(&peer_mac_addr, &iface_context->bssid); + else if (iface_context->device_mode == QDF_SAP_MODE) + qdf_mem_copy(&peer_mac_addr.bytes[0], + qdf_nbuf_data(skb) + + QDF_NBUF_SRC_MAC_OFFSET, + QDF_MAC_ADDR_SIZE); + + if (qdf_nbuf_is_ipv4_eapol_pkt(skb) || + qdf_nbuf_is_ipv4_wapi_pkt(skb)) + is_eapol_wapi = true; + + /* + * Check for peer authorized state before allowing + * non-EAPOL/WAPI frames to be intrabss forwarded + * or submitted to stack. + */ + if (cdp_peer_state_get(ipa_ctx->dp_soc, + iface_context->session_id, + &peer_mac_addr.bytes[0]) != + OL_TXRX_PEER_STATE_AUTH && !is_eapol_wapi) { + ipa_err_rl("Non EAPOL/WAPI packet received when peer "QDF_MAC_ADDR_FMT" is unauthorized", + QDF_MAC_ADDR_REF(peer_mac_addr.bytes)); + ipa_ctx->ipa_rx_internal_drop_count++; + dev_kfree_skb_any(skb); + return; + } + /* Disable to forward Intra-BSS Rx packets when * ap_isolate=1 in hostapd.conf */ @@ -1467,6 +1497,7 @@ static void wlan_ipa_cleanup_iface(struct wlan_ipa_iface_context *iface_context) iface_context->session_id = WLAN_IPA_MAX_SESSION; qdf_spin_unlock_bh(&iface_context->interface_lock); iface_context->ifa_address = 0; + qdf_zero_macaddr(&iface_context->bssid); if (!iface_context->ipa_ctx->num_iface) { ipa_err("NUM INTF 0, Invalid"); QDF_ASSERT(0); @@ -2029,6 +2060,14 @@ void wlan_ipa_handle_multiple_sap_evt(struct wlan_ipa_priv *ipa_ctx, } #endif +static inline void +wlan_ipa_save_bssid_iface_ctx(struct wlan_ipa_priv *ipa_ctx, uint8_t iface_id, + uint8_t *mac_addr) +{ + qdf_mem_copy(ipa_ctx->iface_context[iface_id].bssid.bytes, + mac_addr, QDF_MAC_ADDR_SIZE); +} + /** * __wlan_ipa_wlan_evt() - IPA event handler * @net_dev: Interface net device @@ -2230,6 +2269,10 @@ static QDF_STATUS __wlan_ipa_wlan_evt(qdf_netdev_t net_dev, uint8_t device_mode, ipa_ctx->vdev_to_iface[session_id] = wlan_ipa_get_ifaceid(ipa_ctx, session_id); + wlan_ipa_save_bssid_iface_ctx(ipa_ctx, + ipa_ctx->vdev_to_iface[session_id], + mac_addr); + if (wlan_ipa_uc_sta_is_enabled(ipa_ctx->config) && (ipa_ctx->sap_num_connected_sta > 0 || wlan_ipa_is_sta_only_offload_enabled()) && From 39463c51108df41bbfd7747c7f9d1966c6bdc400 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Wed, 10 Feb 2021 15:15:40 +0530 Subject: [PATCH 16/48] qcacld-3.0: Do not intrabss fwd EAPOL frames in IPA exc path Do not intrabss forward EAPOL frames received in IPA exception path. Change-Id: I0be68ec2c186a7b64d4d2f1c3de7dbb20e49d860 CRs-Fixed: 2860225 --- components/ipa/core/src/wlan_ipa_core.c | 43 +++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/components/ipa/core/src/wlan_ipa_core.c b/components/ipa/core/src/wlan_ipa_core.c index f7c69597352b..57842bd1b7e1 100644 --- a/components/ipa/core/src/wlan_ipa_core.c +++ b/components/ipa/core/src/wlan_ipa_core.c @@ -971,6 +971,33 @@ wlan_ipa_send_skb_to_network(qdf_nbuf_t skb, ipa_ctx->ipa_rx_net_send_count++; } +/** + * wlan_ipa_eapol_intrabss_fwd_check() - Check if eapol pkt intrabss fwd is + * allowed or not + * @ipa_ctx: IPA global context + * @vdev_id: vdev id + * @nbuf: network buffer + * + * Return: true if intrabss fwd is allowed for eapol else false + */ +static bool +wlan_ipa_eapol_intrabss_fwd_check(struct wlan_ipa_priv *ipa_ctx, + uint8_t vdev_id, qdf_nbuf_t nbuf) +{ + uint8_t *vdev_mac_addr; + + vdev_mac_addr = cdp_get_vdev_mac_addr(ipa_ctx->dp_soc, vdev_id); + + if (!vdev_mac_addr) + return false; + + if (qdf_mem_cmp(qdf_nbuf_data(nbuf) + QDF_NBUF_DEST_MAC_OFFSET, + vdev_mac_addr, QDF_MAC_ADDR_SIZE)) + return false; + + return true; +} + /** * __wlan_ipa_w2i_cb() - WLAN to IPA callback handler * @priv: pointer to private data registered with IPA (we register a @@ -1047,9 +1074,21 @@ static void __wlan_ipa_w2i_cb(void *priv, qdf_ipa_dp_evt_type_t evt, QDF_NBUF_SRC_MAC_OFFSET, QDF_MAC_ADDR_SIZE); - if (qdf_nbuf_is_ipv4_eapol_pkt(skb) || - qdf_nbuf_is_ipv4_wapi_pkt(skb)) + if (qdf_nbuf_is_ipv4_eapol_pkt(skb)) { is_eapol_wapi = true; + if (iface_context->device_mode == QDF_SAP_MODE && + !wlan_ipa_eapol_intrabss_fwd_check(ipa_ctx, + iface_context->session_id, skb)) { + ipa_err_rl("EAPOL intrabss fwd drop DA:"QDF_MAC_ADDR_FMT, + QDF_MAC_ADDR_REF(qdf_nbuf_data(skb) + + QDF_NBUF_DEST_MAC_OFFSET)); + ipa_ctx->ipa_rx_internal_drop_count++; + dev_kfree_skb_any(skb); + return; + } + } else if (qdf_nbuf_is_ipv4_wapi_pkt(skb)) { + is_eapol_wapi = true; + } /* * Check for peer authorized state before allowing From f47bdb9ff78ca767b99943156b5f3bc2b2cda40b Mon Sep 17 00:00:00 2001 From: Jyoti Kumari Date: Tue, 2 Mar 2021 17:30:00 +0530 Subject: [PATCH 17/48] qcacld-3.0: wma_send_peer_assoc() sets incorrect peer state wma_send_peer_assoc() calls wma_unified_peer_state_update() which always sets the peer state as AUTH irrespective of peer state. Remove wma_unified_peer_state_update() from wma_send_peer_assoc() to handle peer state. Change-Id: I4a887acbc8018653c34b927636cce7cc05323838 CRs-Fixed: 2888808 --- core/wma/src/wma_mgmt.c | 43 ----------------------------------------- 1 file changed, 43 deletions(-) diff --git a/core/wma/src/wma_mgmt.c b/core/wma/src/wma_mgmt.c index 16b7f50428b1..b2c0b999c5ad 100644 --- a/core/wma/src/wma_mgmt.c +++ b/core/wma/src/wma_mgmt.c @@ -902,46 +902,6 @@ static inline uint8_t wma_parse_mpdudensity(uint8_t mpdudensity) return 0; } -#if defined(CONFIG_HL_SUPPORT) && defined(FEATURE_WLAN_TDLS) - -/** - * wma_unified_peer_state_update() - update peer state - * @sta_mac: pointer to sta mac addr - * @bss_addr: bss address - * @sta_type: sta entry type - * - * - * Return: None - */ -static void -wma_unified_peer_state_update( - uint8_t *sta_mac, - uint8_t *bss_addr, - uint8_t sta_type) -{ - void *soc = cds_get_context(QDF_MODULE_ID_SOC); - - if (STA_ENTRY_TDLS_PEER == sta_type) - cdp_peer_state_update(soc, sta_mac, - OL_TXRX_PEER_STATE_AUTH); - else - cdp_peer_state_update(soc, bss_addr, - OL_TXRX_PEER_STATE_AUTH); -} -#else - -static inline void -wma_unified_peer_state_update( - uint8_t *sta_mac, - uint8_t *bss_addr, - uint8_t sta_type) -{ - void *soc = cds_get_context(QDF_MODULE_ID_SOC); - - cdp_peer_state_update(soc, bss_addr, OL_TXRX_PEER_STATE_AUTH); -} -#endif - #define CFG_CTRL_MASK 0xFF00 #define CFG_DATA_MASK 0x00FF @@ -1506,9 +1466,6 @@ QDF_STATUS wma_send_peer_assoc(tp_wma_handle wma, if (params->wpa_rsn >> 1) cmd->need_gtk_2_way = 1; - wma_unified_peer_state_update(params->staMac, - params->bssId, params->staType); - #ifdef FEATURE_WLAN_WAPI if (params->encryptType == eSIR_ED_WPI) { ret = wma_vdev_set_param(wma->wmi_handle, params->smesessionId, From b97d14033dca0ea169e991d3327c05f1379965a4 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Mon, 1 Feb 2021 22:14:14 +0530 Subject: [PATCH 18/48] qcacld-3.0: Modify check to ensure consecutive PN for frags Modify check to ensure packet number is consecutive for fragments and drop the fragments if the check fails. Change-Id: Ica24f65aff65ca58bb010c876f27964b5b2bae6a CRs-Fixed: 2860242 --- core/dp/txrx/ol_rx_defrag.c | 8 +++++++- core/dp/txrx/ol_rx_pn.c | 37 +++++++++++++++++++++++------------- core/dp/txrx/ol_rx_pn.h | 14 +++++++++----- core/dp/txrx/ol_txrx.c | 20 ++++++++++++++++++- core/dp/txrx/ol_txrx_types.h | 4 ++-- 5 files changed, 61 insertions(+), 22 deletions(-) diff --git a/core/dp/txrx/ol_rx_defrag.c b/core/dp/txrx/ol_rx_defrag.c index 5ae389fedf04..2d0a15b334ac 100644 --- a/core/dp/txrx/ol_rx_defrag.c +++ b/core/dp/txrx/ol_rx_defrag.c @@ -668,7 +668,13 @@ ol_rx_defrag(ol_txrx_pdev_handle pdev, while (cur) { tmp_next = qdf_nbuf_next(cur); qdf_nbuf_set_next(cur, NULL); - if (!ol_rx_pn_check_base(vdev, peer, tid, cur)) { + /* + * Strict PN check between the first fragment of the current + * frame and the last fragment of the previous frame is not + * necessary. + */ + if (!ol_rx_pn_check_base(vdev, peer, tid, cur, + (cur == frag_list) ? false : true)) { /* PN check failed,discard frags */ if (prev) { qdf_nbuf_set_next(prev, NULL); diff --git a/core/dp/txrx/ol_rx_pn.c b/core/dp/txrx/ol_rx_pn.c index 3920c177f754..2cb97488d1ed 100644 --- a/core/dp/txrx/ol_rx_pn.c +++ b/core/dp/txrx/ol_rx_pn.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2013-2017, 2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2011, 2013-2017, 2019, 2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -37,25 +37,36 @@ } while (0) int ol_rx_pn_cmp24(union htt_rx_pn_t *new_pn, - union htt_rx_pn_t *old_pn, int is_unicast, int opmode) + union htt_rx_pn_t *old_pn, int is_unicast, int opmode, + bool strict_chk) { - int rc = ((new_pn->pn24 & 0xffffff) <= (old_pn->pn24 & 0xffffff)); - return rc; + if (strict_chk) + return ((new_pn->pn24 & 0xffffff) - (old_pn->pn24 & 0xffffff) + != 1); + else + return ((new_pn->pn24 & 0xffffff) <= (old_pn->pn24 & 0xffffff)); } int ol_rx_pn_cmp48(union htt_rx_pn_t *new_pn, - union htt_rx_pn_t *old_pn, int is_unicast, int opmode) + union htt_rx_pn_t *old_pn, int is_unicast, int opmode, + bool strict_chk) { - int rc = ((new_pn->pn48 & 0xffffffffffffULL) <= - (old_pn->pn48 & 0xffffffffffffULL)); - return rc; + if (strict_chk) + return ((new_pn->pn48 & 0xffffffffffffULL) - + (old_pn->pn48 & 0xffffffffffffULL) != 1); + else + return ((new_pn->pn48 & 0xffffffffffffULL) <= + (old_pn->pn48 & 0xffffffffffffULL)); } int ol_rx_pn_wapi_cmp(union htt_rx_pn_t *new_pn, - union htt_rx_pn_t *old_pn, int is_unicast, int opmode) + union htt_rx_pn_t *old_pn, int is_unicast, int opmode, + bool strict_chk) { int pn_is_replay = 0; + /* TODO Strick check for WAPI is not implemented*/ + if (new_pn->pn128[1] == old_pn->pn128[1]) pn_is_replay = (new_pn->pn128[0] <= old_pn->pn128[0]); else @@ -73,7 +84,7 @@ int ol_rx_pn_wapi_cmp(union htt_rx_pn_t *new_pn, qdf_nbuf_t ol_rx_pn_check_base(struct ol_txrx_vdev_t *vdev, struct ol_txrx_peer_t *peer, - unsigned int tid, qdf_nbuf_t msdu_list) + unsigned int tid, qdf_nbuf_t msdu_list, bool strict_chk) { struct ol_txrx_pdev_t *pdev = vdev->pdev; union htt_rx_pn_t *last_pn; @@ -132,7 +143,7 @@ ol_rx_pn_check_base(struct ol_txrx_vdev_t *vdev, pn_is_replay = pdev->rx_pn[peer->security[index].sec_type]. cmp(&new_pn, last_pn, index == txrx_sec_ucast, - vdev->opmode); + vdev->opmode, strict_chk); } else { last_pn_valid = peer->tids_last_pn_valid[tid] = 1; } @@ -249,7 +260,7 @@ ol_rx_pn_check(struct ol_txrx_vdev_t *vdev, struct ol_txrx_peer_t *peer, unsigned int tid, qdf_nbuf_t msdu_list) { - msdu_list = ol_rx_pn_check_base(vdev, peer, tid, msdu_list); + msdu_list = ol_rx_pn_check_base(vdev, peer, tid, msdu_list, false); ol_rx_fwd_check(vdev, peer, tid, msdu_list); } @@ -258,7 +269,7 @@ ol_rx_pn_check_only(struct ol_txrx_vdev_t *vdev, struct ol_txrx_peer_t *peer, unsigned int tid, qdf_nbuf_t msdu_list) { - msdu_list = ol_rx_pn_check_base(vdev, peer, tid, msdu_list); + msdu_list = ol_rx_pn_check_base(vdev, peer, tid, msdu_list, false); ol_rx_deliver(vdev, peer, tid, msdu_list); } diff --git a/core/dp/txrx/ol_rx_pn.h b/core/dp/txrx/ol_rx_pn.h index 8e0c007b091d..fa64c3e5133c 100644 --- a/core/dp/txrx/ol_rx_pn.h +++ b/core/dp/txrx/ol_rx_pn.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2011, 2014-2017, 2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -24,13 +24,16 @@ #include /* ol_txrx_peer_t, etc. */ int ol_rx_pn_cmp24(union htt_rx_pn_t *new_pn, - union htt_rx_pn_t *old_pn, int is_unicast, int opmode); + union htt_rx_pn_t *old_pn, int is_unicast, int opmode, + bool strict_chk); int ol_rx_pn_cmp48(union htt_rx_pn_t *new_pn, - union htt_rx_pn_t *old_pn, int is_unicast, int opmode); + union htt_rx_pn_t *old_pn, int is_unicast, int opmode, + bool strict_chk); int ol_rx_pn_wapi_cmp(union htt_rx_pn_t *new_pn, - union htt_rx_pn_t *old_pn, int is_unicast, int opmode); + union htt_rx_pn_t *old_pn, int is_unicast, int opmode, + bool strict_chk); /** * @brief If applicable, check the Packet Number to detect replays. @@ -87,11 +90,12 @@ ol_rx_pn_check_only(struct ol_txrx_vdev_t *vdev, * @param tid - which TID within the peer the rx frames belong to * @param msdu_list - NULL-terminated list of MSDUs to perform PN check on * (if PN check is applicable, i.e. PN length > 0) + * @param strick_chk - if PN consecutive stric check is needed or not * @return list of netbufs that didn't fail the PN check */ qdf_nbuf_t ol_rx_pn_check_base(struct ol_txrx_vdev_t *vdev, struct ol_txrx_peer_t *peer, - unsigned int tid, qdf_nbuf_t msdu_list); + unsigned int tid, qdf_nbuf_t msdu_list, bool strict_chk); #endif /* _OL_RX_PN_H_ */ diff --git a/core/dp/txrx/ol_txrx.c b/core/dp/txrx/ol_txrx.c index b8a987268bac..e900ef93df3e 100644 --- a/core/dp/txrx/ol_txrx.c +++ b/core/dp/txrx/ol_txrx.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -1439,14 +1439,32 @@ ol_txrx_pdev_post_attach(struct cdp_soc_t *soc_hdl, uint8_t pdev_id) */ qdf_mem_zero(&pdev->rx_pn[0], sizeof(pdev->rx_pn)); + /* WEP: 24-bit PN */ + pdev->rx_pn[htt_sec_type_wep40].len = + pdev->rx_pn[htt_sec_type_wep104].len = + pdev->rx_pn[htt_sec_type_wep128].len = 24; + + pdev->rx_pn[htt_sec_type_wep40].cmp = + pdev->rx_pn[htt_sec_type_wep104].cmp = + pdev->rx_pn[htt_sec_type_wep128].cmp = ol_rx_pn_cmp24; + /* TKIP: 48-bit TSC, CCMP: 48-bit PN */ pdev->rx_pn[htt_sec_type_tkip].len = pdev->rx_pn[htt_sec_type_tkip_nomic].len = pdev->rx_pn[htt_sec_type_aes_ccmp].len = 48; + + pdev->rx_pn[htt_sec_type_aes_ccmp_256].len = + pdev->rx_pn[htt_sec_type_aes_gcmp].len = + pdev->rx_pn[htt_sec_type_aes_gcmp_256].len = 48; + pdev->rx_pn[htt_sec_type_tkip].cmp = pdev->rx_pn[htt_sec_type_tkip_nomic].cmp = pdev->rx_pn[htt_sec_type_aes_ccmp].cmp = ol_rx_pn_cmp48; + pdev->rx_pn[htt_sec_type_aes_ccmp_256].cmp = + pdev->rx_pn[htt_sec_type_aes_gcmp].cmp = + pdev->rx_pn[htt_sec_type_aes_gcmp_256].cmp = ol_rx_pn_cmp48; + /* WAPI: 128-bit PN */ pdev->rx_pn[htt_sec_type_wapi].len = 128; pdev->rx_pn[htt_sec_type_wapi].cmp = ol_rx_pn_wapi_cmp; diff --git a/core/dp/txrx/ol_txrx_types.h b/core/dp/txrx/ol_txrx_types.h index e298612a111c..f9fedd30279d 100644 --- a/core/dp/txrx/ol_txrx_types.h +++ b/core/dp/txrx/ol_txrx_types.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -834,7 +834,7 @@ struct ol_txrx_pdev_t { struct { int (*cmp)(union htt_rx_pn_t *new, union htt_rx_pn_t *old, - int is_unicast, int opmode); + int is_unicast, int opmode, bool strict_chk); int len; } rx_pn[htt_num_sec_types]; From 39a69108ba2a3b3069e6013da034ebcc46ee7606 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Tue, 2 Feb 2021 20:33:05 +0530 Subject: [PATCH 19/48] qcacld-3.0: Drop mcast and plaintext frags in protected network Multicast frames should not be fragmented and plaintext frags should not be reassembeld in protected network. Fix is to drop mcast frags and plaintext frags received in protected network. Change-Id: I98cf0715f5832f2f86f86b79dbdbc3a7c86dbfd0 CRs-Fixed: 2860245 --- core/dp/txrx/ol_rx_defrag.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/core/dp/txrx/ol_rx_defrag.c b/core/dp/txrx/ol_rx_defrag.c index 5ae389fedf04..6346560c9d9f 100644 --- a/core/dp/txrx/ol_rx_defrag.c +++ b/core/dp/txrx/ol_rx_defrag.c @@ -414,6 +414,8 @@ ol_rx_reorder_store_frag(ol_txrx_pdev_handle pdev, struct ol_rx_reorder_array_elem_t *rx_reorder_array_elem; uint16_t frxseq, rxseq, seq; htt_pdev_handle htt_pdev = pdev->htt_pdev; + void *rx_desc; + uint8_t index; seq = seq_num & peer->tids_rx_reorder[tid].win_sz_mask; qdf_assert(seq == 0); @@ -427,6 +429,28 @@ ol_rx_reorder_store_frag(ol_txrx_pdev_handle pdev, IEEE80211_SEQ_FRAG_MASK; more_frag = mac_hdr->i_fc[1] & IEEE80211_FC1_MORE_FRAG; + rx_desc = htt_rx_msdu_desc_retrieve(htt_pdev, frag); + qdf_assert(htt_rx_msdu_has_wlan_mcast_flag(htt_pdev, rx_desc)); + index = htt_rx_msdu_is_wlan_mcast(htt_pdev, rx_desc) ? + txrx_sec_mcast : txrx_sec_ucast; + + /* + * Multicast/Broadcast frames should not be fragmented so drop + * such frames. + */ + if (index != txrx_sec_ucast) { + ol_rx_frames_free(htt_pdev, frag); + return; + } + + if (peer->security[index].sec_type != htt_sec_type_none && + !htt_rx_mpdu_is_encrypted(htt_pdev, rx_desc)) { + ol_txrx_err("Unencrypted fragment received in security mode %d", + peer->security[index].sec_type); + ol_rx_frames_free(htt_pdev, frag); + return; + } + if ((!more_frag) && (!fragno) && (!rx_reorder_array_elem->head)) { rx_reorder_array_elem->head = frag; rx_reorder_array_elem->tail = frag; From 8e747007174593cb3cb3da61c955f7f5c586886f Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Sat, 27 Feb 2021 12:19:09 +0530 Subject: [PATCH 20/48] qcacld-3.0: Do not intrabss forward fragmented EAPOL frames Do not intrabss forward fragmented EAPOL frames that have DA different from the SAP vdev mac addr. Change-Id: I4145227c9b02fe8cec86ef4ffc3bc2025f906923 CRs-Fixed: 2888467 --- core/dp/txrx/ol_rx_fwd.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/core/dp/txrx/ol_rx_fwd.c b/core/dp/txrx/ol_rx_fwd.c index d966d8009b5b..1a84ab9a66ab 100644 --- a/core/dp/txrx/ol_rx_fwd.c +++ b/core/dp/txrx/ol_rx_fwd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2014-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2011, 2014-2019, 2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -203,6 +203,20 @@ ol_rx_fwd_check(struct ol_txrx_vdev_t *vdev, continue; } + if (vdev->opmode == wlan_op_mode_ap && + qdf_nbuf_is_ipv4_eapol_pkt(msdu) && + qdf_mem_cmp(qdf_nbuf_data(msdu) + + QDF_NBUF_DEST_MAC_OFFSET, + vdev->mac_addr.raw, + QDF_MAC_ADDR_SIZE)) { + TXRX_STATS_MSDU_LIST_INCR( + pdev, tx.dropped.host_reject, msdu); + qdf_nbuf_set_next(msdu, NULL); + qdf_nbuf_tx_free(msdu, QDF_NBUF_PKT_ERROR); + msdu = msdu_list; + continue; + } + /* * This MSDU needs to be forwarded to the tx path. * Check whether it also needs to be sent to the OS From 1788c57c745d2ea2e7aeecbdda0b218bf175e226 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Mon, 1 Feb 2021 13:37:00 +0530 Subject: [PATCH 21/48] qcacld-3.0: Add support to flush fragments for a particular peer Add support for flushing fragments for a particular peer. Change-Id: I91236d2edc73317380590458b974013a02e858a1 CRs-Fixed: 2860131 --- core/dp/txrx/ol_txrx.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/core/dp/txrx/ol_txrx.c b/core/dp/txrx/ol_txrx.c index b8a987268bac..031a3e494dac 100644 --- a/core/dp/txrx/ol_txrx.c +++ b/core/dp/txrx/ol_txrx.c @@ -3624,6 +3624,36 @@ static void ol_txrx_peer_unmap_sync_cb_set( pdev->peer_unmap_sync_cb = peer_unmap_sync; } +/** + * ol_txrx_peer_flush_frags() - Flush fragments for a particular peer + * @soc_hdl - datapath soc handle + * @vdev_id - virtual device id + * @peer_mac - peer mac address + * + * Return: None + */ +static void +ol_txrx_peer_flush_frags(struct cdp_soc_t *soc_hdl, uint8_t vdev_id, + uint8_t *peer_mac) +{ + struct ol_txrx_peer_t *peer; + struct ol_txrx_soc_t *soc = cdp_soc_t_to_ol_txrx_soc_t(soc_hdl); + struct ol_txrx_pdev_t *pdev = + ol_txrx_get_pdev_from_pdev_id(soc, OL_TXRX_PDEV_ID); + + if (!pdev) + return; + + peer = ol_txrx_peer_find_hash_find_get_ref(pdev, peer_mac, 0, 1, + PEER_DEBUG_ID_OL_INTERNAL); + if (!peer) + return; + + ol_rx_reorder_peer_cleanup(peer->vdev, peer); + + ol_txrx_peer_release_ref(peer, PEER_DEBUG_ID_OL_INTERNAL); +} + /** * ol_txrx_dump_tx_desc() - dump tx desc total and free count * @txrx_pdev: Pointer to txrx pdev @@ -6347,6 +6377,7 @@ static struct cdp_peer_ops ol_ops_peer = { .set_peer_as_tdls_peer = ol_txrx_set_peer_as_tdls_peer, #endif /* CONFIG_HL_SUPPORT */ .peer_detach_force_delete = ol_txrx_peer_detach_force_delete, + .peer_flush_frags = ol_txrx_peer_flush_frags, }; static struct cdp_tx_delay_ops ol_ops_delay = { From f277e9b44e03af70c376279d2fbe94dfc52e8f33 Mon Sep 17 00:00:00 2001 From: Yeshwanth Sriram Guntuka Date: Tue, 6 Apr 2021 14:57:06 +0530 Subject: [PATCH 22/48] qcacld-3.0: Ignore RTPM suspend on pending IPA tx comps In STA+SAP mode, disable pipes is not done as part of either last client disconnection or SAP down. In the scenario where APPS suspend does not get triggered, IPA pipes are not disabled and on runtime suspend, PCIe link is suspended which would result in a NOC error if IPA HW accesses wlan registers. Fix is to avoid runtime suspend if there are any pending IPA tx completions. Change-Id: I190da658d233cb5d6c85846312ddc7a251f9f9d5 CRs-Fixed: 2918334 --- core/hdd/src/wlan_hdd_driver_ops.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/core/hdd/src/wlan_hdd_driver_ops.c b/core/hdd/src/wlan_hdd_driver_ops.c index 938215d9dd39..ed5cfbbe914b 100644 --- a/core/hdd/src/wlan_hdd_driver_ops.c +++ b/core/hdd/src/wlan_hdd_driver_ops.c @@ -1521,6 +1521,11 @@ static int wlan_hdd_runtime_suspend(struct device *dev) return -EBUSY; } + if (ucfg_ipa_is_tx_pending(hdd_ctx->pdev)) { + hdd_debug("IPA TX comps pending, ignore rtpm suspend"); + return -EBUSY; + } + status = ucfg_pmo_psoc_bus_runtime_suspend(hdd_ctx->psoc, hdd_pld_runtime_suspend_cb); err = qdf_status_to_os_return(status); From ea7a7fd2847a18517c7c4c15945ded37275b81c5 Mon Sep 17 00:00:00 2001 From: VIJAY RAJ Date: Wed, 8 Sep 2021 12:01:32 +0530 Subject: [PATCH 23/48] qcacld-3.0: Fix buffer overflow in pe_filter_bcn_probe_frame() In pe_filter_bcn_probe_frame(), the value of bcn_ssid.length could be greater than WLAN_SSID_MAX_LEN. Added a check to prevent possible buffer overflow Change-Id: I4a5247e9ea8a1c14335935cbe0739fb21a34d1ef CRs-Fixed: 3028274 --- core/mac/src/pe/lim/lim_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/mac/src/pe/lim/lim_api.c b/core/mac/src/pe/lim/lim_api.c index 743b65ed700e..b4ab8f14f1e8 100644 --- a/core/mac/src/pe/lim/lim_api.c +++ b/core/mac/src/pe/lim/lim_api.c @@ -1179,6 +1179,9 @@ static bool pe_filter_bcn_probe_frame(struct mac_context *mac_ctx, return false; bcn_ssid.length = ssid_ie[1]; + if (bcn_ssid.length > WLAN_SSID_MAX_LEN) + return false; + qdf_mem_copy(&bcn_ssid.ssId, &ssid_ie[2], bcn_ssid.length); From b26aad69f44bf4a0efe03733d53cb352755f541e Mon Sep 17 00:00:00 2001 From: hangtian Date: Thu, 23 Sep 2021 15:12:53 +0800 Subject: [PATCH 24/48] qcacld-3.0: Invalid rem_len computation in roam stats evt handler rem_len is calculated based on MAX size of the WMI message (WMI_SVC_MSG_MAX_SIZE) while extracting data from WMI_ROAM_STATS_EVENTID event data. Correct this by considering the actual message length received in the event. Change-Id: If24f732a8fdc0ad403e9b8a936ff8cfa0b7f7737 CRs-Fixed: 3035196 --- core/wma/src/wma_scan_roam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/wma/src/wma_scan_roam.c b/core/wma/src/wma_scan_roam.c index 6900530d1aa8..32b57d9c4e50 100644 --- a/core/wma/src/wma_scan_roam.c +++ b/core/wma/src/wma_scan_roam.c @@ -3786,7 +3786,7 @@ int wma_roam_stats_event_handler(WMA_HANDLE handle, uint8_t *event, num_tlv = MAX_ROAM_SCAN_STATS_TLV; } - rem_len = WMI_SVC_MSG_MAX_SIZE - sizeof(*fixed_param); + rem_len = len - sizeof(*fixed_param); if (rem_len < num_tlv * sizeof(wmi_roam_trigger_reason)) { wma_err_rl("Invalid roam trigger data"); goto err; From 69f1b5a4e3cc24166bbc8a077e3ae8b5ca5a5309 Mon Sep 17 00:00:00 2001 From: Karthik Kantamneni Date: Wed, 18 Nov 2020 16:51:15 +0530 Subject: [PATCH 25/48] qcacld-3.0: Fix uninitialized IPA MCC work cancellation IPA MCC work is initialiazed only when uc code loaded successfully, before canceling MCC work check for uc load success state. Change-Id: I9af501d1b974d0da21891634bde2beafd69701b2 CRs-Fixed: 2822382 --- components/ipa/core/src/wlan_ipa_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/ipa/core/src/wlan_ipa_core.c b/components/ipa/core/src/wlan_ipa_core.c index 57842bd1b7e1..971f66f33f79 100644 --- a/components/ipa/core/src/wlan_ipa_core.c +++ b/components/ipa/core/src/wlan_ipa_core.c @@ -3428,7 +3428,8 @@ QDF_STATUS wlan_ipa_cleanup(struct wlan_ipa_priv *ipa_ctx) /* Teardown IPA sys_pipe for MCC */ if (wlan_ipa_uc_sta_is_enabled(ipa_ctx->config)) { wlan_ipa_teardown_sys_pipe(ipa_ctx); - qdf_cancel_work(&ipa_ctx->mcc_work); + if (ipa_ctx->uc_loaded) + qdf_cancel_work(&ipa_ctx->mcc_work); } wlan_ipa_wdi_destroy_rm(ipa_ctx); From 01cba11e686c3b7a8ebb9b56de7e6c4ca147bfd9 Mon Sep 17 00:00:00 2001 From: Deeksha Gupta Date: Wed, 29 Sep 2021 13:38:44 +0530 Subject: [PATCH 26/48] qcacld-3.0: Fix possible OOB in unpack_tlv_core Currently in unpack_tlv_core(), nBufRemaining is validated after calling framesntohs API. Since, framesntohs() copies pIn address to pOut address with length = 2 bytes as below. DOT11F_MEMCPY(pCtx, (uint16_t *)pOut, pIn, 2); which could cause OOB issue if pIn contains less than 2 bytes. Fix is to validate the nBufRemaining size before calling framesntohs(). Change-Id: I3ead03ec948282a410ddba5b01f82ca31d3d9199 CRs-Fixed: 3042282 --- core/mac/src/include/dot11f.h | 4 ++-- .../mac/src/sys/legacy/src/utils/src/dot11f.c | 20 ++++++++++++------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/core/mac/src/include/dot11f.h b/core/mac/src/include/dot11f.h index dd1b47b12eea..507f905e17b7 100644 --- a/core/mac/src/include/dot11f.h +++ b/core/mac/src/include/dot11f.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -26,7 +26,7 @@ * * * This file was automatically generated by 'framesc' - * Tue Aug 11 23:34:13 2020 from the following file(s): + * Wed Sep 29 13:23:21 2021 from the following file(s): * * dot11f.frms * diff --git a/core/mac/src/sys/legacy/src/utils/src/dot11f.c b/core/mac/src/sys/legacy/src/utils/src/dot11f.c index 6a3cdcb7c26e..5405b84ff3e3 100644 --- a/core/mac/src/sys/legacy/src/utils/src/dot11f.c +++ b/core/mac/src/sys/legacy/src/utils/src/dot11f.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -24,7 +24,7 @@ * * * This file was automatically generated by 'framesc' - * Tue Aug 11 23:34:13 2020 from the following file(s): + * Wed Sep 29 13:23:21 2021 from the following file(s): * * dot11f.frms * @@ -14933,25 +14933,30 @@ static uint32_t unpack_tlv_core(tpAniSirGlobal pCtx, } /* & length, */ if (pTlv->sLen == 2) { - framesntohs(pCtx, &len, pBufRemaining, pTlv->fMsb); if (2 > nBufRemaining) { FRAMES_LOG0(pCtx, FRLOGE, FRFL("This frame reports " "fewer two byte(s) remaining.\n")); status |= DOT11F_INCOMPLETE_TLV; FRAMES_DBG_BREAK(); goto MandatoryCheck; - } - pBufRemaining += 2; - nBufRemaining -= 2; + } + framesntohs(pCtx, &len, pBufRemaining, pTlv->fMsb); + pBufRemaining += 2; + nBufRemaining -= 2; } else { len = *pBufRemaining; pBufRemaining += 1; nBufRemaining -= 1; } } else { + if (TLVs[0].sType > nBufRemaining) { + FRAMES_LOG0(pCtx, FRLOGE, FRFL("This frame reports " + "fewer LVs[0].sType byte(s) remaining.\n")); + status |= DOT11F_INCOMPLETE_TLV; + goto MandatoryCheck; + } pBufRemaining += TLVs[0].sType; nBufRemaining -= TLVs[0].sType; - framesntohs(pCtx, &len, pBufRemaining, (TLVs[0].sType == 2)); if (2 > nBufRemaining) { FRAMES_LOG0(pCtx, FRLOGE, FRFL("This frame reports " "fewer two byte(s) remaining.\n")); @@ -14959,6 +14964,7 @@ static uint32_t unpack_tlv_core(tpAniSirGlobal pCtx, FRAMES_DBG_BREAK(); goto MandatoryCheck; } + framesntohs(pCtx, &len, pBufRemaining, (TLVs[0].sType == 2)); pBufRemaining += 2; nBufRemaining -= 2; } From 8a9195751bbf8ea86d1e761875ef3735d795c0d5 Mon Sep 17 00:00:00 2001 From: Gururaj Pandurangi Date: Mon, 25 Oct 2021 17:19:51 -0700 Subject: [PATCH 27/48] qcacld-3.0: Avoid OOB read in dot11f_unpack_assoc_response Avoid OOB read in dot11f_unpack_assoc_response API. Add check for when nBuf == len to read another byte of pBufRemaining. Change-Id: Iccdb0b268d16f4169b8b701ade6085d47897f785 CRs-Fixed: 3042293 --- core/mac/src/sys/legacy/src/utils/src/dot11f.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/mac/src/sys/legacy/src/utils/src/dot11f.c b/core/mac/src/sys/legacy/src/utils/src/dot11f.c index 5405b84ff3e3..4385cbba5e0d 100644 --- a/core/mac/src/sys/legacy/src/utils/src/dot11f.c +++ b/core/mac/src/sys/legacy/src/utils/src/dot11f.c @@ -335,7 +335,7 @@ static uint32_t get_container_ies_len(tpAniSirGlobal pCtx, len += *(pBufRemaining+1); pBufRemaining += len + 2; len += 2; - while (len < nBuf) { + while (len + 1 < nBuf) { pIe = find_ie_defn(pCtx, pBufRemaining, nBuf - len, IEs); if (NULL == pIe) break; From a37f094e4c733f3357a262e3b7df3923848defdc Mon Sep 17 00:00:00 2001 From: Surya Prakash Sivaraj Date: Wed, 20 Apr 2022 17:02:30 +0530 Subject: [PATCH 28/48] qcacld-3.0: Overide blacklist and connect to AP Currently the connection manager queries the blacklist manager about the action to be taken and if all the candidates of a certain SSID are blacklisted then the connection would be rejected. there are various types of blacklisting, some can be overided and some have to be strictly followed. Fix is to overide the blacklist candidate and connect to it if no other candidates are suitable for connection. Change-Id: Id47fd214130411179d9a53005841786d6d14ce81 CRs-Fixed: 2831535 --- .../blacklist_mgr/core/src/wlan_blm_core.c | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/components/blacklist_mgr/core/src/wlan_blm_core.c b/components/blacklist_mgr/core/src/wlan_blm_core.c index 1b63fa2229ab..d228984dd611 100644 --- a/components/blacklist_mgr/core/src/wlan_blm_core.c +++ b/components/blacklist_mgr/core/src/wlan_blm_core.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2011-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -288,6 +289,8 @@ blm_filter_bssid(struct wlan_objmgr_pdev *pdev, qdf_list_t *scan_list) uint32_t scan_list_size; enum blm_bssid_action action; qdf_list_node_t *cur_node = NULL, *next_node = NULL; + struct scan_cache_node *force_connect_candidate = NULL; + bool are_all_candidate_blacklisted = true; if (!scan_list || !qdf_list_size(scan_list)) { blm_debug("Scan list is NULL or No BSSIDs present"); @@ -303,6 +306,43 @@ blm_filter_bssid(struct wlan_objmgr_pdev *pdev, qdf_list_t *scan_list) scan_node = qdf_container_of(cur_node, struct scan_cache_node, node); action = blm_action_on_bssid(pdev, scan_node->entry); + + if (are_all_candidate_blacklisted && + (action == BLM_ACTION_NOP || + action == BLM_MOVE_AT_LAST)) + are_all_candidate_blacklisted = false; + + /* + * The below logic is added to select the best candidate + * amongst the blacklisted candidates. This is done to + * handle a case where all the BSSIDs become blacklisted + * and hence there are continuous connection failures. + * With the below logic if the action on BSSID is to remove + * then we keep a backup node and restore the candidate + * list. + */ + if (action == BLM_REMOVE_FROM_LIST && + are_all_candidate_blacklisted) { + if (!force_connect_candidate) { + force_connect_candidate = + qdf_mem_malloc( + sizeof(*force_connect_candidate)); + if (!force_connect_candidate) + return QDF_STATUS_E_NOMEM; + force_connect_candidate->entry = + util_scan_copy_cache_entry(scan_node->entry); + if (!force_connect_candidate->entry) + return QDF_STATUS_E_NOMEM; + } else if (scan_node->entry->bss_score > + force_connect_candidate->entry->bss_score) { + util_scan_free_cache_entry( + force_connect_candidate->entry); + force_connect_candidate->entry = + util_scan_copy_cache_entry(scan_node->entry); + if (!force_connect_candidate->entry) + return QDF_STATUS_E_NOMEM; + } + } if (action != BLM_ACTION_NOP) blm_modify_scan_list(scan_list, scan_node, action); cur_node = next_node; @@ -310,6 +350,14 @@ blm_filter_bssid(struct wlan_objmgr_pdev *pdev, qdf_list_t *scan_list) scan_list_size--; } + if (are_all_candidate_blacklisted && force_connect_candidate) { + qdf_list_insert_front(scan_list, + &force_connect_candidate->node); + } else if (force_connect_candidate) { + util_scan_free_cache_entry(force_connect_candidate->entry); + qdf_mem_free(force_connect_candidate); + } + return QDF_STATUS_SUCCESS; } From d4f61502c665764a87ab9317e872918658fb8c30 Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Thu, 21 Apr 2022 01:21:58 -0700 Subject: [PATCH 29/48] Release 5.2.022.10U Release 5.2.022.10U Change-Id: Ifc3fb0b8b8d6b60b162a773790036229708868b0 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index bcbf77eaea18..0aa38f84c444 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "T" +#define QWLAN_VERSION_EXTRA "U" #define QWLAN_VERSION_BUILD 10 -#define QWLAN_VERSIONSTR "5.2.022.10T" +#define QWLAN_VERSIONSTR "5.2.022.10U" #endif /* QWLAN_VERSION_H */ From ad738d1ec747084b44d2999c4ee7c89430c13538 Mon Sep 17 00:00:00 2001 From: Lincoln Tran Date: Wed, 9 Mar 2022 14:38:47 -0800 Subject: [PATCH 30/48] qcacld-3.0: Add pointer check before dereferencing Make sure the parsed association request array is valid at the association ID index, before dereferencing it. This will prevent NULL pointer deref. There is already a check for the beginning of the parsed assoc req array, but it is not checking at the assoc ID index. Change-Id: Icac3b2a4a0646dec4c64a2224e3271b0842a8194 CRs-Fixed: 3147273 --- core/mac/src/pe/lim/lim_assoc_utils.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/core/mac/src/pe/lim/lim_assoc_utils.c b/core/mac/src/pe/lim/lim_assoc_utils.c index ee94873bc587..af5046232677 100644 --- a/core/mac/src/pe/lim/lim_assoc_utils.c +++ b/core/mac/src/pe/lim/lim_assoc_utils.c @@ -2492,9 +2492,11 @@ lim_add_sta(struct mac_context *mac_ctx, assoc_req = (tpSirAssocReq) session_entry->parsedAssocReq[aid]; - add_sta_params->wpa_rsn = assoc_req->rsnPresent; - add_sta_params->wpa_rsn |= - (assoc_req->wpaPresent << 1); + if (assoc_req) { + add_sta_params->wpa_rsn = assoc_req->rsnPresent; + add_sta_params->wpa_rsn |= + (assoc_req->wpaPresent << 1); + } } } From b09a1237786fc1be447f21571cd6473fe98f3acf Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Tue, 3 May 2022 11:27:14 -0700 Subject: [PATCH 31/48] Release 5.2.022.10V Release 5.2.022.10V Change-Id: Ia13e789ffa3fba8ee4e67deaa3c22ccff869f53b CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 0aa38f84c444..326c6a35b7eb 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "U" +#define QWLAN_VERSION_EXTRA "V" #define QWLAN_VERSION_BUILD 10 -#define QWLAN_VERSIONSTR "5.2.022.10U" +#define QWLAN_VERSIONSTR "5.2.022.10V" #endif /* QWLAN_VERSION_H */ From 8443b5e06de057ded8b3497d510f66472bf35138 Mon Sep 17 00:00:00 2001 From: chunquan Date: Fri, 7 Jan 2022 15:43:31 +0800 Subject: [PATCH 32/48] qcacld-3.0: Fix out-of-bounds in tx_stats The tx_stats array length num_entries can't be more than param_buf->num_tx_stats from fw. Otherwies out-of-bounds will happen when read wmi_tx_stats. Change-Id: I7ab3c7cc7baef6d903ba6301622bd67efe52cebe CRs-Fixed: 3104318 --- core/wma/src/wma_utils.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/core/wma/src/wma_utils.c b/core/wma/src/wma_utils.c index fa345f5ed838..e986cd0a1cf1 100644 --- a/core/wma/src/wma_utils.c +++ b/core/wma/src/wma_utils.c @@ -1123,9 +1123,9 @@ wma_fill_tx_stats(struct sir_wifi_ll_ext_stats *ll_stats, struct sir_wifi_tx *tx_stats; struct sir_wifi_ll_ext_peer_stats *peer_stats; uint32_t *tx_mpdu_aggr, *tx_succ_mcs, *tx_fail_mcs, *tx_delay; - uint32_t len, dst_len, param_len, tx_mpdu_aggr_array_len, - tx_succ_mcs_array_len, tx_fail_mcs_array_len, - tx_delay_array_len; + uint32_t len, dst_len, param_len, num_entries, + tx_mpdu_aggr_array_len, tx_succ_mcs_array_len, + tx_fail_mcs_array_len, tx_delay_array_len; result = *buf; dst_len = *buf_length; @@ -1204,6 +1204,12 @@ wma_fill_tx_stats(struct sir_wifi_ll_ext_stats *ll_stats, return QDF_STATUS_E_FAILURE; } + num_entries = fix_param->num_peer_ac_tx_stats * WLAN_MAX_AC; + if (num_entries > param_buf->num_tx_stats) { + wma_err("tx stats invalid arg, %d", num_entries); + return QDF_STATUS_E_FAILURE; + } + for (i = 0; i < fix_param->num_peer_ac_tx_stats; i++) { uint32_t peer_id = wmi_peer_tx[i].peer_id; struct sir_wifi_tx *ac; From 28f138040fe38b6a3e521caef998a3d2c5962618 Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Fri, 13 May 2022 01:28:07 -0700 Subject: [PATCH 33/48] Release 5.2.022.10W Release 5.2.022.10W Change-Id: I195fe725ee3daf00be54ccbc0bbe14e4598024c5 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 326c6a35b7eb..0f84f7036f09 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "V" +#define QWLAN_VERSION_EXTRA "W" #define QWLAN_VERSION_BUILD 10 -#define QWLAN_VERSIONSTR "5.2.022.10V" +#define QWLAN_VERSIONSTR "5.2.022.10W" #endif /* QWLAN_VERSION_H */ From dfd3c33d444632f653e6bdd8075d05486cb59bf3 Mon Sep 17 00:00:00 2001 From: Tiger Yu Date: Wed, 18 Nov 2020 17:19:46 +0800 Subject: [PATCH 34/48] qcacld-3.0: Enable TSO/SG feature by the FEATURE_TSO/dp_sg_support The hdd_set_netdev_flags enable the TSO feature regardless of the FEATURE_TSO, which will cause the performance regression issue on the non-tso supported chip. Enable TSO feature based on the FEATURE_TSO, and enable the SG feature separately by ini dp_sg_support for legacy chip to fix it. Change-Id: I0fcb189069f0aa2069ae8427ad96a8db25a91a2f CRs-Fixed: 2812953 --- core/cds/src/cds_api.c | 1 + core/dp/ol/inc/ol_cfg.h | 1 + core/dp/txrx/ol_cfg.c | 1 + core/dp/txrx/ol_txrx.c | 3 +++ core/hdd/src/wlan_hdd_main.c | 12 ++++++++++-- 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/core/cds/src/cds_api.c b/core/cds/src/cds_api.c index 37ce2f4c1112..1b8f870cd70f 100644 --- a/core/cds/src/cds_api.c +++ b/core/cds/src/cds_api.c @@ -460,6 +460,7 @@ static void cds_cdp_cfg_attach(struct wlan_objmgr_psoc *psoc) cfg_get(psoc, CFG_DP_CE_CLASSIFY_ENABLE); cdp_cfg.tso_enable = cfg_get(psoc, CFG_DP_TSO); cdp_cfg.lro_enable = cfg_get(psoc, CFG_DP_LRO); + cdp_cfg.sg_enable = cfg_get(psoc, CFG_DP_SG); cdp_cfg.enable_data_stall_detection = cfg_get(psoc, CFG_DP_ENABLE_DATA_STALL_DETECTION); cdp_cfg.gro_enable = cfg_get(psoc, CFG_DP_GRO); diff --git a/core/dp/ol/inc/ol_cfg.h b/core/dp/ol/inc/ol_cfg.h index 88b9374aac1a..d393655197d3 100644 --- a/core/dp/ol/inc/ol_cfg.h +++ b/core/dp/ol/inc/ol_cfg.h @@ -111,6 +111,7 @@ struct txrx_pdev_cfg_t { bool gro_enable; bool tso_enable; bool lro_enable; + bool sg_enable; bool enable_data_stall_detection; bool enable_flow_steering; bool disable_intra_bss_fwd; diff --git a/core/dp/txrx/ol_cfg.c b/core/dp/txrx/ol_cfg.c index 9df6b0bae340..31ac0dd93ef5 100644 --- a/core/dp/txrx/ol_cfg.c +++ b/core/dp/txrx/ol_cfg.c @@ -208,6 +208,7 @@ struct cdp_cfg *ol_pdev_cfg_attach(qdf_device_t osdev, void *pcfg_param) cfg_ctx->gro_enable = cfg_param->gro_enable; cfg_ctx->tso_enable = cfg_param->tso_enable; cfg_ctx->lro_enable = cfg_param->lro_enable; + cfg_ctx->sg_enable = cfg_param->sg_enable; cfg_ctx->enable_data_stall_detection = cfg_param->enable_data_stall_detection; cfg_ctx->enable_flow_steering = cfg_param->enable_flow_steering; diff --git a/core/dp/txrx/ol_txrx.c b/core/dp/txrx/ol_txrx.c index 63ecc632689e..44136dd6768a 100644 --- a/core/dp/txrx/ol_txrx.c +++ b/core/dp/txrx/ol_txrx.c @@ -5887,6 +5887,9 @@ static uint32_t ol_txrx_get_cfg(struct cdp_soc_t *soc_hdl, enum cdp_dp_cfg cfg) case cfg_dp_lro_enable: value = cfg_ctx->lro_enable; break; + case cfg_dp_sg_enable: + value = cfg_ctx->sg_enable; + break; case cfg_dp_gro_enable: value = cfg_ctx->gro_enable; break; diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 038a9c540e58..8c960fe00a99 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -215,6 +215,12 @@ #define MAX_NET_DEV_REF_LEAK_ITERATIONS 10 #define NET_DEV_REF_LEAK_ITERATION_SLEEP_TIME_MS 10 +#ifdef FEATURE_TSO +#define TSO_FEATURE_FLAGS (NETIF_F_TSO | NETIF_F_TSO6 | NETIF_F_SG) +#else +#define TSO_FEATURE_FLAGS 0 +#endif + int wlan_start_ret_val; static DECLARE_COMPLETION(wlan_start_comp); static qdf_atomic_t wlan_hdd_state_fops_ref; @@ -7148,8 +7154,10 @@ void hdd_set_netdev_flags(struct hdd_adapter *adapter) (NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM); if (cdp_cfg_get(soc, cfg_dp_tso_enable) && enable_csum) - adapter->dev->features |= - (NETIF_F_TSO | NETIF_F_TSO6 | NETIF_F_SG); + adapter->dev->features |= TSO_FEATURE_FLAGS; + + if (cdp_cfg_get(soc, cfg_dp_sg_enable)) + adapter->dev->features |= NETIF_F_SG; adapter->dev->features |= NETIF_F_RXCSUM; temp = (uint64_t)adapter->dev->features; From e6844ff40af1790867790b80394b5c988808111a Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Fri, 13 May 2022 03:59:58 -0700 Subject: [PATCH 35/48] Release 5.2.022.10X Release 5.2.022.10X Change-Id: I58e4754bef6b24ccebeabb26362d7349622fdd79 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 0f84f7036f09..6c78fd152f1a 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "W" +#define QWLAN_VERSION_EXTRA "X" #define QWLAN_VERSION_BUILD 10 -#define QWLAN_VERSIONSTR "5.2.022.10W" +#define QWLAN_VERSIONSTR "5.2.022.10X" #endif /* QWLAN_VERSION_H */ From 84810c87c2f83bf304ea927ef96063b6b6357730 Mon Sep 17 00:00:00 2001 From: Madhvapathi Sriram Date: Fri, 13 Mar 2020 11:47:46 -0700 Subject: [PATCH 36/48] qcacld-3.0: Add support to configure rate mask to cap phy rate The ini ratemask_type and ratemask_set can be used to limit the maximum phy rate. The ratemask_type is used to select the phy mode and the ratemask_set to select desired NSS and MCS. It can be used to optimize link performance. Change-Id: Ia5c9f3a80eb93710bdcf53dabc4a45e554753b01 CRs-Fixed: 2758859 --- components/mlme/core/src/wlan_mlme_main.c | 39 +++++++++- .../mlme/dispatcher/inc/cfg_mlme_rates.h | 78 ++++++++++++++++++- .../dispatcher/inc/wlan_mlme_public_struct.h | 38 +++++++++ core/wma/src/wma_dev_if.c | 70 +++++++++++++++++ 4 files changed, 223 insertions(+), 2 deletions(-) diff --git a/components/mlme/core/src/wlan_mlme_main.c b/components/mlme/core/src/wlan_mlme_main.c index 274005ecd442..a9870fbee6f8 100644 --- a/components/mlme/core/src/wlan_mlme_main.c +++ b/components/mlme/core/src/wlan_mlme_main.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2018-2021 The Linux Foundation. All rights reserved. - * Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved. + * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -234,6 +234,42 @@ static void mlme_init_chainmask_cfg(struct wlan_objmgr_psoc *psoc, cfg_get(psoc, CFG_ENABLE_BT_CHAIN_SEPARATION); } +static void mlme_init_ratemask_cfg(struct wlan_objmgr_psoc *psoc, + struct wlan_mlme_ratemask *ratemask_cfg) +{ + uint32_t masks[CFG_MLME_RATE_MASK_LEN] = { 0 }; + qdf_size_t len = 0; + QDF_STATUS status; + + ratemask_cfg->type = cfg_get(psoc, CFG_RATEMASK_TYPE); + if ((ratemask_cfg->type <= WLAN_MLME_RATEMASK_TYPE_NO_MASK) || + (ratemask_cfg->type >= WLAN_MLME_RATEMASK_TYPE_MAX)) { + mlme_legacy_debug("Ratemask disabled"); + return; + } + + status = qdf_uint32_array_parse(cfg_get(psoc, CFG_RATEMASK_SET), + masks, + CFG_MLME_RATE_MASK_LEN, + &len); + + if (status != QDF_STATUS_SUCCESS || len != CFG_MLME_RATE_MASK_LEN) { + /* Do not enable ratemaks if config is invalid */ + ratemask_cfg->type = WLAN_MLME_RATEMASK_TYPE_NO_MASK; + mlme_legacy_err("Failed to parse ratemask"); + return; + } + + ratemask_cfg->lower32 = masks[0]; + ratemask_cfg->higher32 = masks[1]; + ratemask_cfg->lower32_2 = masks[2]; + ratemask_cfg->higher32_2 = masks[3]; + mlme_legacy_debug("Ratemask type: %d, masks:0x%x, 0x%x, 0x%x, 0x%x", + ratemask_cfg->type, ratemask_cfg->lower32, + ratemask_cfg->higher32, ratemask_cfg->lower32_2, + ratemask_cfg->higher32_2); +} + #ifdef WLAN_FEATURE_11W static void mlme_init_pmf_cfg(struct wlan_objmgr_psoc *psoc, struct wlan_mlme_generic *gen) @@ -2447,6 +2483,7 @@ QDF_STATUS mlme_cfg_on_psoc_enable(struct wlan_objmgr_psoc *psoc) mlme_init_reg_cfg(psoc, &mlme_cfg->reg); mlme_init_btm_cfg(psoc, &mlme_cfg->btm); mlme_init_roam_score_config(psoc, mlme_cfg); + mlme_init_ratemask_cfg(psoc, &mlme_cfg->ratemask_cfg); return status; } diff --git a/components/mlme/dispatcher/inc/cfg_mlme_rates.h b/components/mlme/dispatcher/inc/cfg_mlme_rates.h index eb886a368d59..04bd31bc1bf7 100644 --- a/components/mlme/dispatcher/inc/cfg_mlme_rates.h +++ b/components/mlme/dispatcher/inc/cfg_mlme_rates.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -30,6 +31,7 @@ #define CFG_SUPPORTED_MCS_SET_LEN 16 #define CFG_BASIC_MCS_SET_LEN 16 #define CFG_CURRENT_MCS_SET_LEN 16 +#define CFG_MLME_RATE_MASK_LEN 4 /* * @@ -221,6 +223,78 @@ CFG_CURRENT_MCS_SET_DATA, \ "current MCS set") +/* + * + * ratemask_type - PHY type for the ratemask. + * @Min: 0 No rate mask set defined - disabled the configuration + * @Max: 4 + * @Default: 0 + * + * This ini is used to set the PHY type for ratemask in rate selection. + * + * 0 = Disables the configuration + * 1 = The rate mask specified is for CCK/OFDM configuration + * 2 = The rate mask specified is for HT configuration + * 3 = The rate mask specified is for VHT configuration + * 4 = The rate mask specified is for HE/11ax configuration + * + * Related: CFG_RATEMASK_SET + * + * Usage: External + */ +#define CFG_RATEMASK_TYPE CFG_INI_UINT( \ + "ratemask_type", \ + 0, \ + 4, \ + 0, \ + CFG_VALUE_OR_DEFAULT, \ + "Ratemask type") + +/* + * + * ratemask_set - ratemasks for a PHY type used in rate selection + * @Min: default data length of ratemask in string format + * @Max: default data length of ratemask in string format + * @Default: 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF + * + * This is used to set the rate mask value to be used in rate selection. + * Each of the four words must be configured. + * A bit value of 1 represents rate is enabled + * A bit value of 0 represents rate is disabled + * + * [b31-b0],[b63-b32],[b95-b64],[b127-b96] + * For HE targets, 12 bits correpond to one NSS setting. Ex: + * b0-13 => NSS1, MCS 0-13 + * b14-27 => NSS2, MCS 0-13 and so on for other NSS. + * Note that the bit representation is continuous. + * + * For VHT targets, 10 bits correspond to one NSS setting. + * b0-9 => NSS1, MCS 0-9 + * b10-19 => NSS2, MCS 0-9 and so on for other NSS. + * + * For HT targets, 8 bits correspond to one NSS setting. + * b0-7 => NSS1, MCS 0-7 + * b8-15 => NSS2, MCS 0-7 and so on for other NSS. + * + * For OFDM/CCK targets, 8 bits correspond to one NSS setting. + * Bit position |-b3-|-b2-|-b1-|-b0-| + * Rates in Mbps |-1 -|-2 -|-5.5|-11-| CCK Rates + * + * Bit position |-b11-|-b10-|-b09-|-b08-|-b07-|-b06-|-b05-|-b04-| + * Rates in Mbps |- 9 -|- 18-|-36 -|-54 -|- 6 -|-12 -| -24-|-48- | OFDM Rates + * + * Related: CFG_RATEMASK_TYPE + * + * Usage: External + */ +#define CFG_RATEMASK_DATA "0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF" +#define CFG_RATEMASK_SET CFG_INI_STRING( \ + "ratemask_set", \ + 0, \ + sizeof(CFG_RATEMASK_DATA) - 1, \ + CFG_RATEMASK_DATA, \ + "Ratemasks for rate selection") + #define CFG_RATES_ALL \ CFG(CFG_MAX_HT_MCS_FOR_TX_DATA) \ CFG(CFG_DISABLE_ABG_RATE_FOR_TX_DATA) \ @@ -232,6 +306,8 @@ CFG(CFG_SUPPORTED_RATES_11A) \ CFG(CFG_SUPPORTED_MCS_SET) \ CFG(CFG_BASIC_MCS_SET) \ - CFG(CFG_CURRENT_MCS_SET) + CFG(CFG_CURRENT_MCS_SET) \ + CFG(CFG_RATEMASK_TYPE) \ + CFG(CFG_RATEMASK_SET) #endif /* __CFG_MLME_RATES_H */ diff --git a/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h b/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h index ba509b90a535..490989c71d70 100644 --- a/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h +++ b/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2018-2021 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -1123,6 +1124,42 @@ struct wlan_mlme_chainmask { bool enable_bt_chain_separation; }; +/** + * enum wlan_mlme_ratemask_type: Type of PHY for ratemask + * @WLAN_MLME_RATEMASK_TYPE_NO_MASK: no ratemask set + * @WLAN_MLME_RATEMASK_TYPE_CCK: CCK/OFDM rate + * @WLAN_MLEM_RATEMASK_TYPE_HT: HT rate + * @WLAN_MLME_RATEMASK_TYPE_VHT: VHT rate + * @WLAN_MLME_RATEMASK_TYPE_HE: HE rate + * + * This is used for 'type' values in wlan_mlme_ratemask + */ +enum wlan_mlme_ratemask_type { + WLAN_MLME_RATEMASK_TYPE_NO_MASK = 0, + WLAN_MLME_RATEMASK_TYPE_CCK = 1, + WLAN_MLME_RATEMASK_TYPE_HT = 2, + WLAN_MLME_RATEMASK_TYPE_VHT = 3, + WLAN_MLME_RATEMASK_TYPE_HE = 4, + /* keep this last */ + WLAN_MLME_RATEMASK_TYPE_MAX, +}; + +/** + * struct wlan_mlme_ratemask - ratemask config parameters + * @type: Type of PHY the mask to be applied + * @lower32: Lower 32 bits in the 1st 64-bit value + * @higher32: Higher 32 bits in the 1st 64-bit value + * @lower32_2: Lower 32 bits in the 2nd 64-bit value + * @higher32_2: Higher 32 bits in the 2nd 64-bit value + */ +struct wlan_mlme_ratemask { + enum wlan_mlme_ratemask_type type; + uint32_t lower32; + uint32_t higher32; + uint32_t lower32_2; + uint32_t higher32_2; +}; + /* struct wlan_mlme_generic - Generic CFG config items * * @band_capability: HW Band Capability - Both or 2.4G only or 5G only @@ -2401,6 +2438,7 @@ struct wlan_mlme_cfg { struct wlan_mlme_reg reg; struct roam_trigger_score_delta trig_score_delta[NUM_OF_ROAM_TRIGGERS]; struct roam_trigger_min_rssi trig_min_rssi[NUM_OF_ROAM_MIN_RSSI]; + struct wlan_mlme_ratemask ratemask_cfg; }; enum pkt_origin { diff --git a/core/wma/src/wma_dev_if.c b/core/wma/src/wma_dev_if.c index 4327dcaca226..0e9a8cfd8c93 100644 --- a/core/wma/src/wma_dev_if.c +++ b/core/wma/src/wma_dev_if.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2013-2021 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -90,6 +91,7 @@ #include "../../core/src/vdev_mgr_ops.h" #include "wlan_utility.h" #include +#include "wmi_unified_vdev_api.h" QDF_STATUS wma_find_vdev_id_by_addr(tp_wma_handle wma, uint8_t *addr, uint8_t *vdev_id) @@ -1159,6 +1161,36 @@ QDF_STATUS wma_handle_channel_switch_resp(tp_wma_handle wma, return QDF_STATUS_SUCCESS; } +/* + * wma_get_ratemask_type() - convert user input ratemask type to FW type + * @type: User input ratemask type maintained in HDD + * @fwtype: Value return arg for fw ratemask type value + * + * Return: FW configurable ratemask type + */ +static QDF_STATUS wma_get_ratemask_type(enum wlan_mlme_ratemask_type type, + uint8_t *fwtype) +{ + switch (type) { + case WLAN_MLME_RATEMASK_TYPE_CCK: + *fwtype = WMI_RATEMASK_TYPE_CCK; + break; + case WLAN_MLME_RATEMASK_TYPE_HT: + *fwtype = WMI_RATEMASK_TYPE_HT; + break; + case WLAN_MLME_RATEMASK_TYPE_VHT: + *fwtype = WMI_RATEMASK_TYPE_VHT; + break; + case WLAN_MLME_RATEMASK_TYPE_HE: + *fwtype = WMI_RATEMASK_TYPE_HE; + break; + default: + return QDF_STATUS_E_INVAL; + } + + return QDF_STATUS_SUCCESS; +} + QDF_STATUS wma_vdev_start_resp_handler(struct vdev_mlme_obj *vdev_mlme, struct vdev_start_response *rsp) { @@ -1172,6 +1204,9 @@ QDF_STATUS wma_vdev_start_resp_handler(struct vdev_mlme_obj *vdev_mlme, QDF_STATUS status; enum vdev_assoc_type assoc_type = VDEV_ASSOC; struct vdev_mlme_obj *mlme_obj; + struct wlan_mlme_psoc_ext_obj *mlme_psoc_obj; + const struct wlan_mlme_ratemask *ratemask_cfg; + struct config_ratemask_params rparams = {0}; wma = cds_get_context(QDF_MODULE_ID_WMA); if (!wma) { @@ -1184,6 +1219,9 @@ QDF_STATUS wma_vdev_start_resp_handler(struct vdev_mlme_obj *vdev_mlme, return QDF_STATUS_E_FAILURE; } + mlme_psoc_obj = mlme_get_psoc_ext_obj(psoc); + ratemask_cfg = &mlme_psoc_obj->cfg.ratemask_cfg; + #ifdef FEATURE_AP_MCC_CH_AVOIDANCE if (!mac_ctx) { WMA_LOGE("%s: Failed to get mac_ctx", __func__); @@ -1292,6 +1330,38 @@ QDF_STATUS wma_vdev_start_resp_handler(struct vdev_mlme_obj *vdev_mlme, if (iface->type == WMI_VDEV_TYPE_AP && wma_is_vdev_up(rsp->vdev_id)) wma_set_sap_keepalive(wma, rsp->vdev_id); + /* Send ratemask to firmware */ + if ((ratemask_cfg->type > WLAN_MLME_RATEMASK_TYPE_NO_MASK) && + (ratemask_cfg->type < WLAN_MLME_RATEMASK_TYPE_MAX)) { + struct wmi_unified *wmi_handle = wma->wmi_handle; + + if (!wmi_handle) { + wma_err(FL("wmi_handle is null")); + return QDF_STATUS_E_INVAL; + } + + rparams.vdev_id = rsp->vdev_id; + status = wma_get_ratemask_type(ratemask_cfg->type, + &rparams.type); + + if (QDF_IS_STATUS_ERROR(status)) { + wma_err(FL("unable to map ratemask")); + /* don't fail, default rates will still work */ + return QDF_STATUS_SUCCESS; + } + + rparams.lower32 = ratemask_cfg->lower32; + rparams.higher32 = ratemask_cfg->higher32; + rparams.lower32_2 = ratemask_cfg->lower32_2; + rparams.higher32_2 = ratemask_cfg->higher32_2; + + status = wmi_unified_vdev_config_ratemask_cmd_send(wmi_handle, + &rparams); + /* Only log failure. Do not abort */ + if (QDF_IS_STATUS_ERROR(status)) + wma_err(FL("failed to send ratemask")); + } + return QDF_STATUS_SUCCESS; } From 653638763fb5909e04508f8c1971c0561bd4fcd4 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dhanotiya Date: Tue, 23 Feb 2021 20:32:46 +0530 Subject: [PATCH 37/48] qcacld-3.0: Add ini to enable/disable vht mcs 10 and 11 support Currently there is no ini to enable/disable vht mac 10, 11 and this feature is completely based on FW capability. Based on current requirement add support to enable/disable vht mcs 10/11 feature from ini. CRs-Fixed: 2861854 Change-Id: I350daea8a2f81bfeac25ccdda026d1a5d1c133e3 --- .../mlme/dispatcher/inc/cfg_mlme_vht_caps.h | 23 ++++++++++++++++++- .../mlme/dispatcher/src/wlan_mlme_api.c | 7 ++++-- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/components/mlme/dispatcher/inc/cfg_mlme_vht_caps.h b/components/mlme/dispatcher/inc/cfg_mlme_vht_caps.h index 3c20e6acaaf2..cc4bb01740fc 100644 --- a/components/mlme/dispatcher/inc/cfg_mlme_vht_caps.h +++ b/components/mlme/dispatcher/inc/cfg_mlme_vht_caps.h @@ -597,6 +597,26 @@ 0, \ "Enable subfee in vendor vht ie") +/* + * + * enable_vhtmcs_10_11_support - Enable/Disable vht mcs 10, 11 support + * @Min: 0 + * @Max: 1 + * @Default: 1 + * + * This ini is used to enable/disable mcs 10, 11 support. + * + * Related: NA + * + * Usage: Internal + * + * + */ +#define CFG_ENABLE_VHT_MCS_10_11 CFG_INI_BOOL( \ + "enable_vhtmcs_10_11_support", \ + 1, \ + "Enable/Disable vht mcs 10, 11 support") + #define CFG_VHT_CAPS_ALL \ CFG(CFG_VHT_SUPP_CHAN_WIDTH) \ CFG(CFG_VHT_SU_BEAMFORMEE_CAP) \ @@ -630,6 +650,7 @@ CFG(CFG_ENABLE_SUBFEE_IN_VENDOR_VHTIE) \ CFG(CFG_TX_BF_CAP) \ CFG(CFG_AS_CAP) \ - CFG(CFG_DISABLE_LDPC_WITH_TXBF_AP) + CFG(CFG_DISABLE_LDPC_WITH_TXBF_AP) \ + CFG(CFG_ENABLE_VHT_MCS_10_11) #endif /* __CFG_MLME_VHT_CAPS_H */ diff --git a/components/mlme/dispatcher/src/wlan_mlme_api.c b/components/mlme/dispatcher/src/wlan_mlme_api.c index ba7694e78860..bd0741c61e3f 100644 --- a/components/mlme/dispatcher/src/wlan_mlme_api.c +++ b/components/mlme/dispatcher/src/wlan_mlme_api.c @@ -3228,8 +3228,11 @@ mlme_update_vht_cap(struct wlan_objmgr_psoc *psoc, struct wma_tgt_vht_cap *cfg) if (vht_cap_info->short_gi_160mhz && !cfg->vht_short_gi_160) vht_cap_info->short_gi_160mhz = cfg->vht_short_gi_160; - vht_cap_info->vht_mcs_10_11_supp = cfg->vht_mcs_10_11_supp; - mlme_legacy_debug(" vht_mcs_10_11_supp %d", cfg->vht_mcs_10_11_supp); + if (cfg_get(psoc, CFG_ENABLE_VHT_MCS_10_11)) + vht_cap_info->vht_mcs_10_11_supp = cfg->vht_mcs_10_11_supp; + + mlme_legacy_debug("vht_mcs_10_11_supp %d", + vht_cap_info->vht_mcs_10_11_supp); return QDF_STATUS_SUCCESS; } From eaedbbf72ca87aa51011807c200f5b69cb9e7dbd Mon Sep 17 00:00:00 2001 From: Nirav Shah Date: Mon, 6 Sep 2021 22:05:09 +0530 Subject: [PATCH 38/48] qcacld-3.0: Add ini configuration to limit supported HE MCS rates Add ini configuration to limit supported TX/RX HE MCS rates. In case of XR use-case, higher throughput is not needed but higher reliability is expected. So, this ini provide option to limit HE MCS rate capability to MCS0-7 to achieve higher reliability. Change-Id: Id6343f5b28d341e5ee377d11ad8420e3b8ded6ef CRs-Fixed: 3033342 --- components/mlme/core/src/wlan_mlme_main.c | 8 +- .../mlme/dispatcher/inc/cfg_mlme_he_caps.h | 141 ++++++++++++++++-- .../mlme/dispatcher/src/wlan_mlme_api.c | 42 +++++- 3 files changed, 174 insertions(+), 17 deletions(-) diff --git a/components/mlme/core/src/wlan_mlme_main.c b/components/mlme/core/src/wlan_mlme_main.c index a9870fbee6f8..6331f0121592 100644 --- a/components/mlme/core/src/wlan_mlme_main.c +++ b/components/mlme/core/src/wlan_mlme_main.c @@ -1095,13 +1095,13 @@ static void mlme_init_he_cap_in_cfg(struct wlan_objmgr_psoc *psoc, he_caps->dot11_he_cap.rx_full_bw_su_he_mu_non_cmpr_sigb = cfg_default(CFG_HE_RX_FULL_BW_MU_NON_CMPR_SIGB); he_caps->dot11_he_cap.rx_he_mcs_map_lt_80 = - cfg_default(CFG_HE_RX_MCS_MAP_LT_80); + cfg_get(psoc, CFG_HE_RX_MCS_MAP_LT_80); he_caps->dot11_he_cap.tx_he_mcs_map_lt_80 = - cfg_default(CFG_HE_TX_MCS_MAP_LT_80); - value = cfg_default(CFG_HE_RX_MCS_MAP_160); + cfg_get(psoc, CFG_HE_TX_MCS_MAP_LT_80); + value = cfg_get(psoc, CFG_HE_RX_MCS_MAP_160); qdf_mem_copy(he_caps->dot11_he_cap.rx_he_mcs_map_160, &value, sizeof(uint16_t)); - value = cfg_default(CFG_HE_TX_MCS_MAP_160); + value = cfg_get(psoc, CFG_HE_TX_MCS_MAP_160); qdf_mem_copy(he_caps->dot11_he_cap.tx_he_mcs_map_160, &value, sizeof(uint16_t)); value = cfg_default(CFG_HE_RX_MCS_MAP_80_80); diff --git a/components/mlme/dispatcher/inc/cfg_mlme_he_caps.h b/components/mlme/dispatcher/inc/cfg_mlme_he_caps.h index 7fd251e041e7..ecba16b1e8a4 100644 --- a/components/mlme/dispatcher/inc/cfg_mlme_he_caps.h +++ b/components/mlme/dispatcher/inc/cfg_mlme_he_caps.h @@ -507,35 +507,158 @@ 0, \ "He Rx Full Bw Mu Non Cmpr Sigb") -#define CFG_HE_RX_MCS_MAP_LT_80 CFG_UINT( \ +/* 11AX related INI configuration */ +/* + * + * he_rx_mcs_map_lt_80 - configure Rx HE-MCS Map for ≤ 80 MHz + * @Min: 0 + * @Max: 0xFFFF + * @Default: 0xFFFA + * + * This ini is used to configure Rx HE-MCS Map for ≤ 80 MHz + * 0:1 Max HE-MCS For 1 SS + * 2:3 Max HE-MCS For 2 SS + * 4:5 Max HE-MCS For 3 SS + * 6:7 Max HE-MCS For 4 SS + * 8:9 Max HE-MCS For 5 SS + * 10:11 Max HE-MCS For 6 SS + * 12:13 Max HE-MCS For 7 SS + * 14:15 Max HE-MCS For 8 SS + * + * 0 indicates support for HE-MCS 0-7 for n spatial streams + * 1 indicates support for HE-MCS 0-9 for n spatial streams + * 2 indicates support for HE-MCS 0-11 for n spatial streams + * 3 indicates that n spatial streams is not supported for HE PPDUs + * + * Related: NA + * + * Supported Feature: 11AX + * + * Usage: External + * + * + */ +#define CFG_HE_RX_MCS_MAP_LT_80 CFG_INI_UINT( \ "he_rx_mcs_map_lt_80", \ 0, \ 0xFFFF, \ - 0xFFF0, \ + 0xFFFA, \ CFG_VALUE_OR_DEFAULT, \ "He Rx Mcs Map Lt 80") -#define CFG_HE_TX_MCS_MAP_LT_80 CFG_UINT( \ +/* 11AX related INI configuration */ +/* + * + * he_tx_mcs_map_lt_80 - configure Tx HE-MCS Map for ≤ 80 MHz + * @Min: 0 + * @Max: 0xFFFF + * @Default: 0xFFFA + * + * This ini is used to configure Tx HE-MCS Map for ≤ 80 MHz + * 0:1 Max HE-MCS For 1 SS + * 2:3 Max HE-MCS For 2 SS + * 4:5 Max HE-MCS For 3 SS + * 6:7 Max HE-MCS For 4 SS + * 8:9 Max HE-MCS For 5 SS + * 10:11 Max HE-MCS For 6 SS + * 12:13 Max HE-MCS For 7 SS + * 14:15 Max HE-MCS For 8 SS + * + * 0 indicates support for HE-MCS 0-7 for n spatial streams + * 1 indicates support for HE-MCS 0-9 for n spatial streams + * 2 indicates support for HE-MCS 0-11 for n spatial streams + * 3 indicates that n spatial streams is not supported for HE PPDUs + * + * Related: NA + * + * Supported Feature: 11AX + * + * Usage: External + * + * + */ +#define CFG_HE_TX_MCS_MAP_LT_80 CFG_INI_UINT( \ "he_tx_mcs_map_lt_80", \ 0, \ 0xFFFF, \ - 0xFFF0, \ + 0xFFFA, \ CFG_VALUE_OR_DEFAULT, \ "He Tx Mcs Map Lt 80") - -#define CFG_HE_RX_MCS_MAP_160 CFG_UINT( \ +/* 11AX related INI configuration */ +/* + * + * he_rx_mcs_map_160 - configure Rx HE-MCS Map for 160 MHz + * @Min: 0 + * @Max: 0xFFFF + * @Default: 0xFFFA + * + * This ini is used to configure Rx HE-MCS Map for 160 MHz + * 0:1 Max HE-MCS For 1 SS + * 2:3 Max HE-MCS For 2 SS + * 4:5 Max HE-MCS For 3 SS + * 6:7 Max HE-MCS For 4 SS + * 8:9 Max HE-MCS For 5 SS + * 10:11 Max HE-MCS For 6 SS + * 12:13 Max HE-MCS For 7 SS + * 14:15 Max HE-MCS For 8 SS + * + * 0 indicates support for HE-MCS 0-7 for n spatial streams + * 1 indicates support for HE-MCS 0-9 for n spatial streams + * 2 indicates support for HE-MCS 0-11 for n spatial streams + * 3 indicates that n spatial streams is not supported for HE PPDUs + * + * Related: NA + * + * Supported Feature: 11AX + * + * Usage: External + * + * + */ +#define CFG_HE_RX_MCS_MAP_160 CFG_INI_UINT( \ "he_rx_mcs_map_160", \ 0, \ 0xFFFF, \ - 0xFFF0, \ + 0xFFFA, \ CFG_VALUE_OR_DEFAULT, \ "He Rx Mcs Map 160") -#define CFG_HE_TX_MCS_MAP_160 CFG_UINT( \ +/* 11AX related INI configuration */ +/* + * + * he_tx_mcs_map_160 - configure Tx HE-MCS Map for 160 MHz + * @Min: 0 + * @Max: 0xFFFF + * @Default: 0xFFFA + * + * This ini is used to configure Tx HE-MCS Map for 160 MHz + * 0:1 Max HE-MCS For 1 SS + * 2:3 Max HE-MCS For 2 SS + * 4:5 Max HE-MCS For 3 SS + * 6:7 Max HE-MCS For 4 SS + * 8:9 Max HE-MCS For 5 SS + * 10:11 Max HE-MCS For 6 SS + * 12:13 Max HE-MCS For 7 SS + * 14:15 Max HE-MCS For 8 SS + * + * 0 indicates support for HE-MCS 0-7 for n spatial streams + * 1 indicates support for HE-MCS 0-9 for n spatial streams + * 2 indicates support for HE-MCS 0-11 for n spatial streams + * 3 indicates that n spatial streams is not supported for HE PPDUs + * + * Related: NA + * + * Supported Feature: 11AX + * + * Usage: External + * + * + */ +#define CFG_HE_TX_MCS_MAP_160 CFG_INI_UINT( \ "he_tx_mcs_map_160", \ 0, \ 0xFFFF, \ - 0xFFF0, \ + 0xFFFA, \ CFG_VALUE_OR_DEFAULT, \ "He Tx Mcs Map 160") diff --git a/components/mlme/dispatcher/src/wlan_mlme_api.c b/components/mlme/dispatcher/src/wlan_mlme_api.c index bd0741c61e3f..2fa9d7df4928 100644 --- a/components/mlme/dispatcher/src/wlan_mlme_api.c +++ b/components/mlme/dispatcher/src/wlan_mlme_api.c @@ -537,6 +537,32 @@ QDF_STATUS wlan_mlme_cfg_get_enable_ul_ofdm(struct wlan_objmgr_psoc *psoc, return QDF_STATUS_SUCCESS; } +/* mlme_get_min_rate_cap() - get minimum capability for HE-MCS between + * ini value and fw capability. + * + * Rx HE-MCS Map and Tx HE-MCS Map subfields format where 2-bit indicates + * 0 indicates support for HE-MCS 0-7 for n spatial streams + * 1 indicates support for HE-MCS 0-9 for n spatial streams + * 2 indicates support for HE-MCS 0-11 for n spatial streams + * 3 indicates that n spatial streams is not supported for HE PPDUs + * + */ +static uint16_t mlme_get_min_rate_cap(uint16_t val1, uint16_t val2) +{ + uint16_t ret = 0, i; + + for (i = 0; i < 8; i++) { + if (((val1 >> (2 * i)) & 0x3) == 0x3 || + ((val2 >> (2 * i)) & 0x3) == 0x3) { + ret |= 0x3 << (2 * i); + continue; + } + ret |= QDF_MIN((val1 >> (2 * i)) & 0x3, + (val2 >> (2 * i)) & 0x3) << (2 * i); + } + return ret; +} + QDF_STATUS mlme_update_tgt_he_caps_in_cfg(struct wlan_objmgr_psoc *psoc, struct wma_tgt_cfg *wma_cfg) { @@ -781,8 +807,12 @@ QDF_STATUS mlme_update_tgt_he_caps_in_cfg(struct wlan_objmgr_psoc *psoc, mlme_obj->cfg.he_caps.dot11_he_cap.rx_full_bw_su_he_mu_non_cmpr_sigb = he_cap->rx_full_bw_su_he_mu_non_cmpr_sigb; - tx_mcs_map = he_cap->tx_he_mcs_map_lt_80; - rx_mcs_map = he_cap->rx_he_mcs_map_lt_80; + tx_mcs_map = mlme_get_min_rate_cap( + mlme_obj->cfg.he_caps.dot11_he_cap.tx_he_mcs_map_lt_80, + he_cap->tx_he_mcs_map_lt_80); + rx_mcs_map = mlme_get_min_rate_cap( + mlme_obj->cfg.he_caps.dot11_he_cap.rx_he_mcs_map_lt_80, + he_cap->rx_he_mcs_map_lt_80); if (!mlme_obj->cfg.vht_caps.vht_cap_info.enable2x2) { nss = 2; tx_mcs_map = HE_SET_MCS_4_NSS(tx_mcs_map, HE_MCS_DISABLE, nss); @@ -795,8 +825,12 @@ QDF_STATUS mlme_update_tgt_he_caps_in_cfg(struct wlan_objmgr_psoc *psoc, if (cfg_in_range(CFG_HE_TX_MCS_MAP_LT_80, tx_mcs_map)) mlme_obj->cfg.he_caps.dot11_he_cap.tx_he_mcs_map_lt_80 = tx_mcs_map; - tx_mcs_map = *((uint16_t *)he_cap->tx_he_mcs_map_160); - rx_mcs_map = *((uint16_t *)he_cap->rx_he_mcs_map_160); + tx_mcs_map = mlme_get_min_rate_cap( + *((uint16_t *)mlme_obj->cfg.he_caps.dot11_he_cap.tx_he_mcs_map_160), + *((uint16_t *)he_cap->tx_he_mcs_map_160)); + rx_mcs_map = mlme_get_min_rate_cap( + *((uint16_t *)mlme_obj->cfg.he_caps.dot11_he_cap.rx_he_mcs_map_160), + *((uint16_t *)he_cap->rx_he_mcs_map_160)); if (!mlme_obj->cfg.vht_caps.vht_cap_info.enable2x2) { nss = 2; From 0c02dff291f3523a0be88a4b9c1f2e974f4d9a3a Mon Sep 17 00:00:00 2001 From: Kiran Kumar Lokere Date: Thu, 10 Jun 2021 09:58:38 -0700 Subject: [PATCH 39/48] qcacld-3.0: Config support for STA bss color collision detection Add INI configuration support to enable/disable BSS color collision detection offload in STA mode. Change-Id: I9d8f096813d74242566ccae5f92e872bcaca6295 CRs-Fixed: 2965133 --- components/mlme/core/src/wlan_mlme_main.c | 2 ++ .../mlme/dispatcher/inc/cfg_mlme_obss_ht40.h | 23 +++++++++++++++++++ .../dispatcher/inc/wlan_mlme_public_struct.h | 2 ++ .../mlme/dispatcher/inc/wlan_mlme_ucfg_api.h | 13 +++++++++++ .../mlme/dispatcher/src/wlan_mlme_ucfg_api.c | 16 +++++++++++++ core/hdd/src/wlan_hdd_main.c | 9 ++++++++ core/mac/src/pe/lim/lim_session.c | 4 ++++ 7 files changed, 69 insertions(+) diff --git a/components/mlme/core/src/wlan_mlme_main.c b/components/mlme/core/src/wlan_mlme_main.c index 6331f0121592..67e0e19b1c6b 100644 --- a/components/mlme/core/src/wlan_mlme_main.c +++ b/components/mlme/core/src/wlan_mlme_main.c @@ -1238,6 +1238,8 @@ static void mlme_init_obss_ht40_cfg(struct wlan_objmgr_psoc *psoc, (bool)cfg_default(CFG_OBSS_DETECTION_OFFLOAD); obss_ht40->obss_color_collision_offload_enabled = (bool)cfg_default(CFG_OBSS_COLOR_COLLISION_OFFLOAD); + obss_ht40->bss_color_collision_det_sta = + cfg_get(psoc, CFG_BSS_CLR_COLLISION_DETCN_STA); } static void mlme_init_threshold_cfg(struct wlan_objmgr_psoc *psoc, diff --git a/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h b/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h index 284b49fdb91e..f7008cc22f90 100644 --- a/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h +++ b/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -243,6 +244,27 @@ 0, \ "Enable obss color collision offload") +/* + * + * bss_color_collision_det_sta - Enables BSS color collision detection in STA + * @Min: 0 + * @Max: 1 + * @Default: 0 + * + * This ini used to enable or disable the BSS color collision detection in + * STA mode if obss_color_collision_offload is enabled. + * + * Supported Feature: STA + * + * Usage: Internal/External + * + * + */ +#define CFG_BSS_CLR_COLLISION_DETCN_STA CFG_INI_BOOL( \ + "bss_color_collision_det_sta", \ + 0, \ + "BSS color collision detection in STA") + #define CFG_OBSS_HT40_ALL \ CFG(CFG_OBSS_HT40_SCAN_ACTIVE_DWELL_TIME) \ CFG(CFG_OBSS_HT40_SCAN_PASSIVE_DWELL_TIME) \ @@ -253,6 +275,7 @@ CFG(CFG_OBSS_HT40_WIDTH_CH_TRANSITION_DELAY) \ CFG(CFG_OBSS_HT40_OVERRIDE_HT40_20_24GHZ) \ CFG(CFG_OBSS_DETECTION_OFFLOAD) \ + CFG(CFG_BSS_CLR_COLLISION_DETCN_STA) \ CFG(CFG_OBSS_COLOR_COLLISION_OFFLOAD) #endif /* CFG_MLME_OBSS_HT40_H__ */ diff --git a/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h b/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h index 490989c71d70..adfcd8b68082 100644 --- a/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h +++ b/components/mlme/dispatcher/inc/wlan_mlme_public_struct.h @@ -1336,6 +1336,7 @@ struct wlan_mlme_cfg_twt { * @is_override_ht20_40_24g: use channel bonding in 2.4 GHz * @obss_detection_offload_enabled: Enable OBSS detection offload * @obss_color_collision_offload_enabled: Enable obss color collision + * @bss_color_collision_det_sta: STA BSS color collision detection offload */ struct wlan_mlme_obss_ht40 { uint32_t active_dwelltime; @@ -1348,6 +1349,7 @@ struct wlan_mlme_obss_ht40 { bool is_override_ht20_40_24g; bool obss_detection_offload_enabled; bool obss_color_collision_offload_enabled; + bool bss_color_collision_det_sta; }; /** diff --git a/components/mlme/dispatcher/inc/wlan_mlme_ucfg_api.h b/components/mlme/dispatcher/inc/wlan_mlme_ucfg_api.h index ee106928928d..b91b7ea8b5ce 100644 --- a/components/mlme/dispatcher/inc/wlan_mlme_ucfg_api.h +++ b/components/mlme/dispatcher/inc/wlan_mlme_ucfg_api.h @@ -1,5 +1,6 @@ /* * Copyright (c) 2018-2021 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -3980,6 +3981,18 @@ QDF_STATUS ucfg_mlme_set_obss_color_collision_offload_enabled( struct wlan_objmgr_psoc *psoc, uint8_t value); +/** + * ucfg_mlme_set_bss_color_collision_det_sta() - Enable bss color + * collision detection offload for STA mode + * @psoc: pointer to psoc object + * @value: enable or disable + * + * Return: QDF Status + */ +QDF_STATUS +ucfg_mlme_set_bss_color_collision_det_sta(struct wlan_objmgr_psoc *psoc, + uint8_t value); + /** * ucfg_mlme_set_restricted_80p80_bw_supp() - Set the restricted 80p80 support * @psoc: pointer to psoc object diff --git a/components/mlme/dispatcher/src/wlan_mlme_ucfg_api.c b/components/mlme/dispatcher/src/wlan_mlme_ucfg_api.c index 114b98ed51df..bdbc2aaa4243 100644 --- a/components/mlme/dispatcher/src/wlan_mlme_ucfg_api.c +++ b/components/mlme/dispatcher/src/wlan_mlme_ucfg_api.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2018-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -1783,6 +1784,21 @@ ucfg_mlme_set_obss_detection_offload_enabled(struct wlan_objmgr_psoc *psoc, return QDF_STATUS_SUCCESS; } +QDF_STATUS +ucfg_mlme_set_bss_color_collision_det_sta(struct wlan_objmgr_psoc *psoc, + uint8_t value) +{ + struct wlan_mlme_psoc_ext_obj *mlme_obj; + + mlme_obj = mlme_get_psoc_ext_obj(psoc); + if (!mlme_obj) + return QDF_STATUS_E_INVAL; + + mlme_obj->cfg.obss_ht40.bss_color_collision_det_sta = value; + + return QDF_STATUS_SUCCESS; +} + QDF_STATUS ucfg_mlme_set_obss_color_collision_offload_enabled( struct wlan_objmgr_psoc *psoc, uint8_t value) diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 8c960fe00a99..06d1bff6b9b1 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -2509,6 +2510,14 @@ int hdd_update_tgt_cfg(hdd_handle_t hdd_handle, struct wma_tgt_cfg *cfg) if (QDF_IS_STATUS_ERROR(status)) hdd_err("Failed to set WNI_CFG_OBSS_COLOR_COLLISION_OFFLOAD"); + if (!cfg->obss_color_collision_offloaded) { + status = ucfg_mlme_set_bss_color_collision_det_sta( + hdd_ctx->psoc, + cfg->obss_color_collision_offloaded); + if (QDF_IS_STATUS_ERROR(status)) + hdd_err("Failed to set CFG_BSS_CLR_COLLISION_DET_STA"); + } + ucfg_mlme_get_bcast_twt(hdd_ctx->psoc, &bval); if (bval) ucfg_mlme_set_bcast_twt(hdd_ctx->psoc, cfg->bcast_twt_support); diff --git a/core/mac/src/pe/lim/lim_session.c b/core/mac/src/pe/lim/lim_session.c index df3eeb63e7db..eacb32ec1f93 100644 --- a/core/mac/src/pe/lim/lim_session.c +++ b/core/mac/src/pe/lim/lim_session.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2011-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -710,6 +711,9 @@ struct pe_session *pe_create_session(struct mac_context *mac, if (status != QDF_STATUS_SUCCESS) pe_err("cannot create ap_ecsa_timer"); } + if (session_ptr->opmode == QDF_STA_MODE) + session_ptr->is_session_obss_color_collision_det_enabled = + mac->mlme_cfg->obss_ht40.bss_color_collision_det_sta; pe_init_fils_info(session_ptr); pe_init_pmf_comeback_timer(mac, session_ptr); session_ptr->ht_client_cnt = 0; From a61c0dfdc502059366e85cf76ae77d80ddfa0760 Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Wed, 18 May 2022 09:32:43 -0700 Subject: [PATCH 40/48] Release 5.2.022.10Y Release 5.2.022.10Y Change-Id: I2727eb5346853b7af6a5b69074d75c11739a7c84 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 6c78fd152f1a..db4296e55973 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "X" +#define QWLAN_VERSION_EXTRA "Y" #define QWLAN_VERSION_BUILD 10 -#define QWLAN_VERSIONSTR "5.2.022.10X" +#define QWLAN_VERSIONSTR "5.2.022.10Y" #endif /* QWLAN_VERSION_H */ From d9e719c9a8ed89fa7115d176365759c9c1aa5155 Mon Sep 17 00:00:00 2001 From: Tushnim Bhattacharyya Date: Mon, 11 Oct 2021 14:07:44 -0700 Subject: [PATCH 41/48] qcacld-3.0: Set default value for bss_color_collision_det_sta to 1 For STAUT to follow the rules governing OBSS Narrow Bandwidth RU in UL OFDMA Tolerance Support, bss_color_collision_det_sta to be set to 1. Change-Id: Ibe283f8bec9febbaf9a876d1afd55389ea4c971d CRs-Fixed: 3053624 --- components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h b/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h index f7008cc22f90..cb7a5873ff67 100644 --- a/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h +++ b/components/mlme/dispatcher/inc/cfg_mlme_obss_ht40.h @@ -249,7 +249,7 @@ * bss_color_collision_det_sta - Enables BSS color collision detection in STA * @Min: 0 * @Max: 1 - * @Default: 0 + * @Default: 1 * * This ini used to enable or disable the BSS color collision detection in * STA mode if obss_color_collision_offload is enabled. @@ -262,7 +262,7 @@ */ #define CFG_BSS_CLR_COLLISION_DETCN_STA CFG_INI_BOOL( \ "bss_color_collision_det_sta", \ - 0, \ + 1, \ "BSS color collision detection in STA") #define CFG_OBSS_HT40_ALL \ From b8e40f9b2ee8fdb1f6b68520b26621e75095f66c Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Wed, 18 May 2022 10:17:06 -0700 Subject: [PATCH 42/48] Release 5.2.022.10Z Release 5.2.022.10Z Change-Id: Ic918875a06956289b9e64411b2fe6f9758f40093 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index db4296e55973..9491be1cd065 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "Y" +#define QWLAN_VERSION_EXTRA "Z" #define QWLAN_VERSION_BUILD 10 -#define QWLAN_VERSIONSTR "5.2.022.10Y" +#define QWLAN_VERSIONSTR "5.2.022.10Z" #endif /* QWLAN_VERSION_H */ From a767adf5f465d59946a54d1b2fe7f200e748912d Mon Sep 17 00:00:00 2001 From: Nisha Menon Date: Mon, 15 Mar 2021 15:37:41 -0700 Subject: [PATCH 43/48] qcacld-3.0: Enable feature to dump reo queue info in DDR Enable DUMP_REO_QUEUE_INFO_IN_DDR to send cache flush cmd to REO using cmd: iwpriv wlan0 txrx_stats 34 0 Cache flush cmd will invalidate the h/w cache and ensure that h/w writes to DDR. In the cmd callback, the reo status tlvs are processed and the vaddr of the reo queue desc is used to read the queue information from DDR and dump it in the host driver logs. Change-Id: I4521b777d13c490ac687f9ff673182262bc52f62 CRs-Fixed: 2899824 --- Kbuild | 1 + configs/default_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/Kbuild b/Kbuild index f0926c7d7e50..a2b8091f7624 100644 --- a/Kbuild +++ b/Kbuild @@ -3316,6 +3316,7 @@ cppflags-$(CONFIG_HIF_CPU_PERF_AFFINE_MASK) += -DHIF_CPU_PERF_AFFINE_MASK cppflags-$(CONFIG_SMMU_S1_UNMAP) += -DCONFIG_SMMU_S1_UNMAP cppflags-$(CONFIG_GENERIC_SHADOW_REGISTER_ACCESS_ENABLE) += -DGENERIC_SHADOW_REGISTER_ACCESS_ENABLE cppflags-$(CONFIG_IPA_SET_RESET_TX_DB_PA) += -DIPA_SET_RESET_TX_DB_PA +cppflags-$(CONFIG_DUMP_REO_QUEUE_INFO_IN_DDR) += -DDUMP_REO_QUEUE_INFO_IN_DDR KBUILD_CPPFLAGS += $(cppflags-y) diff --git a/configs/default_defconfig b/configs/default_defconfig index 67c6c7003767..af5258d80f8e 100644 --- a/configs/default_defconfig +++ b/configs/default_defconfig @@ -46,6 +46,7 @@ ifeq ($(CONFIG_CNSS_QCA6490), y) CONFIG_HASTINGS_BT_WAR := y CONFIG_WDI3_IPA_OVER_GSI :=y CONFIG_GENERIC_SHADOW_REGISTER_ACCESS_ENABLE :=y + CONFIG_DUMP_REO_QUEUE_INFO_IN_DDR :=y endif ifeq ($(CONFIG_CNSS_QCA6750), y) From 513bd685450181fb42f6ad4adbee57fefef3e2e9 Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Wed, 18 May 2022 23:29:44 -0700 Subject: [PATCH 44/48] Release 5.2.022.11 Release 5.2.022.11 Change-Id: I9b9f16f37dc5a2df00ad799ba3d90d41e79ef882 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 9491be1cd065..1aa256a6b6a9 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "Z" -#define QWLAN_VERSION_BUILD 10 +#define QWLAN_VERSION_EXTRA "" +#define QWLAN_VERSION_BUILD 11 -#define QWLAN_VERSIONSTR "5.2.022.10Z" +#define QWLAN_VERSIONSTR "5.2.022.11" #endif /* QWLAN_VERSION_H */ From 7b50322c10e8139b8f0a61a4cebcf41615ca0885 Mon Sep 17 00:00:00 2001 From: Rahul Gusain Date: Thu, 12 May 2022 12:17:30 +0530 Subject: [PATCH 45/48] qcacld-3.0: Don't proceed with NDP peer handling if NDI is not UP Firmware might send NDP peer indication/NDP responder response while NDI deletion is in progress. Currently, NDP peer entry gets added though vdev is moved to DOWN state and cleanup is in progress. This leads to stale peer entry on that NDI vdev and doesn't allow vdev delete when IFF_DOWN comes, as a peer is present. Check the vdev state before creating peer for NDP and skip peer creation if NDI vdev is not in UP state(which indicates that the vdev down is happening). Also, don't process the NDP confirm if NDP peer is not created. Change-Id: I73e79cc33b1a294e3f4a4a6e2f371033862c5709 CRs-Fixed: 3061756 --- components/mlme/core/inc/wlan_mlme_main.h | 9 +++++++++ components/mlme/core/src/wlan_mlme_main.c | 18 ++++++++++++++++++ components/nan/core/src/nan_main.c | 10 ++++++++++ core/mac/src/pe/nan/nan_datapath.c | 6 ++++++ 4 files changed, 43 insertions(+) diff --git a/components/mlme/core/inc/wlan_mlme_main.h b/components/mlme/core/inc/wlan_mlme_main.h index 86f85984a91b..e98e7a9223f0 100644 --- a/components/mlme/core/inc/wlan_mlme_main.h +++ b/components/mlme/core/inc/wlan_mlme_main.h @@ -608,4 +608,13 @@ QDF_STATUS mlme_get_cfg_wlm_reset(struct wlan_objmgr_psoc *psoc, */ void mlme_reinit_control_config_lfr_params(struct wlan_objmgr_psoc *psoc, struct wlan_mlme_lfr_cfg *lfr); + +/** + * wlan_is_vdev_id_up() - check if vdev id is in UP state + * @pdev: Pointer to pdev + * @vdev_id: vdev id + * + * Return: if vdev is up + */ +bool wlan_is_vdev_id_up(struct wlan_objmgr_pdev *pdev, uint8_t vdev_id); #endif diff --git a/components/mlme/core/src/wlan_mlme_main.c b/components/mlme/core/src/wlan_mlme_main.c index 67e0e19b1c6b..9035571d1a0c 100644 --- a/components/mlme/core/src/wlan_mlme_main.c +++ b/components/mlme/core/src/wlan_mlme_main.c @@ -3115,4 +3115,22 @@ void mlme_set_roam_state(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id, mlme_priv->mlme_roam.roam_sm.state = new_state; wlan_objmgr_vdev_release_ref(vdev, WLAN_MLME_OBJMGR_ID); } + +bool wlan_is_vdev_id_up(struct wlan_objmgr_pdev *pdev, uint8_t vdev_id) +{ + struct wlan_objmgr_vdev *vdev; + bool is_up = false; + + if (!pdev) + return is_up; + + vdev = wlan_objmgr_get_vdev_by_id_from_pdev(pdev, vdev_id, + WLAN_LEGACY_MAC_ID); + if (vdev) { + is_up = QDF_IS_STATUS_SUCCESS(wlan_vdev_is_up(vdev)); + wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID); + } + + return is_up; +} #endif diff --git a/components/nan/core/src/nan_main.c b/components/nan/core/src/nan_main.c index 0de7322a7897..4e806a8a10a6 100644 --- a/components/nan/core/src/nan_main.c +++ b/components/nan/core/src/nan_main.c @@ -530,6 +530,7 @@ static QDF_STATUS nan_handle_confirm( struct wlan_objmgr_psoc *psoc; struct nan_psoc_priv_obj *psoc_nan_obj; struct nan_vdev_priv_obj *vdev_nan_obj; + struct wlan_objmgr_peer *peer; QDF_STATUS status; vdev_id = wlan_vdev_get_id(confirm->vdev); @@ -539,6 +540,15 @@ static QDF_STATUS nan_handle_confirm( return QDF_STATUS_E_NULL_VALUE; } + peer = wlan_objmgr_get_peer_by_mac(psoc, + confirm->peer_ndi_mac_addr.bytes, + WLAN_NAN_ID); + if (!peer) { + nan_debug("Drop NDP confirm as peer isn't available"); + return QDF_STATUS_E_NULL_VALUE; + } + wlan_objmgr_peer_release_ref(peer, WLAN_NAN_ID); + psoc_nan_obj = nan_get_psoc_priv_obj(psoc); if (!psoc_nan_obj) { nan_err("psoc_nan_obj is null"); diff --git a/core/mac/src/pe/nan/nan_datapath.c b/core/mac/src/pe/nan/nan_datapath.c index f20e53801460..0c4868f3fee8 100644 --- a/core/mac/src/pe/nan/nan_datapath.c +++ b/core/mac/src/pe/nan/nan_datapath.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2016-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -50,6 +51,11 @@ static QDF_STATUS lim_add_ndi_peer(struct mac_context *mac_ctx, QDF_STATUS status; uint8_t zero_mac_addr[QDF_MAC_ADDR_SIZE] = { 0, 0, 0, 0, 0, 0 }; + if (!wlan_is_vdev_id_up(mac_ctx->pdev, vdev_id)) { + pe_err_rl("NDI vdev is not up"); + return QDF_STATUS_E_FAILURE; + } + if (!qdf_mem_cmp(&zero_mac_addr, &peer_mac_addr.bytes[0], QDF_MAC_ADDR_SIZE)) { pe_err("Failing to add peer with all zero mac addr"); From 0dfce398955274dcd9429138373a0f9f3c57e3dc Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Thu, 19 May 2022 01:31:03 -0700 Subject: [PATCH 46/48] Release 5.2.022.11A Release 5.2.022.11A Change-Id: Iadd6077e86e13f027a69f67ab4375120a1e1cfb0 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index 1aa256a6b6a9..e2c4d11bb77e 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "" +#define QWLAN_VERSION_EXTRA "A" #define QWLAN_VERSION_BUILD 11 -#define QWLAN_VERSIONSTR "5.2.022.11" +#define QWLAN_VERSIONSTR "5.2.022.11A" #endif /* QWLAN_VERSION_H */ From 9a13c2aed0496c20cd71ac6d43a969b9c7c593c7 Mon Sep 17 00:00:00 2001 From: Paul Zhang Date: Wed, 23 Feb 2022 14:54:50 +0800 Subject: [PATCH 47/48] qcacld-3.0: fetch profile_data from right position Since structure wmi_wlan_profile_t includes tlv header, it has to consider the tlv header in each iteration. CRs-Fixed: 3136374 Change-Id: I14a86ed14f616a5f1aaeabd25a81fa22d762ffe3 --- core/wma/src/wma_utils.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/core/wma/src/wma_utils.c b/core/wma/src/wma_utils.c index e986cd0a1cf1..61fd15bcb4e9 100644 --- a/core/wma/src/wma_utils.c +++ b/core/wma/src/wma_utils.c @@ -805,7 +805,6 @@ int wma_profile_data_report_event_handler(void *handle, uint8_t *event_buf, wmi_wlan_profile_t *profile_data; uint32_t i = 0; uint32_t entries; - uint8_t *buf_ptr; char temp_str[150]; param_buf = (WMI_WLAN_PROFILE_DATA_EVENTID_param_tlvs *) event_buf; @@ -813,12 +812,9 @@ int wma_profile_data_report_event_handler(void *handle, uint8_t *event_buf, WMA_LOGE("%s: Invalid profile data event buf", __func__); return -EINVAL; } + profile_ctx = param_buf->profile_ctx; - buf_ptr = (uint8_t *)profile_ctx; - buf_ptr = buf_ptr + sizeof(wmi_wlan_profile_ctx_t) + WMI_TLV_HDR_SIZE; - profile_data = (wmi_wlan_profile_t *) buf_ptr; entries = profile_ctx->bin_count; - if (entries > param_buf->num_profile_data) { WMA_LOGE("FW bin count %d more than data %d in TLV hdr", entries, @@ -847,6 +843,7 @@ int wma_profile_data_report_event_handler(void *handle, uint8_t *event_buf, QDF_TRACE(QDF_MODULE_ID_WMA, QDF_TRACE_LEVEL_ERROR, "Profile ID: Count: TOT: Min: Max: hist_intvl: hist[0]: hist[1]:hist[2]"); + profile_data = param_buf->profile_data; for (i = 0; i < entries; i++) { if (i == WMI_WLAN_PROFILE_MAX_BIN_CNT) break; From a9e21e15dfb26e6614e0f02563a225bf5b4b1002 Mon Sep 17 00:00:00 2001 From: Madan Koyyalamudi Date: Wed, 25 May 2022 01:28:35 -0700 Subject: [PATCH 48/48] Release 5.2.022.11B Release 5.2.022.11B Change-Id: I33c5f44688d6832630db5331e01595088a1488e2 CRs-Fixed: 774533 --- core/mac/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mac/inc/qwlan_version.h b/core/mac/inc/qwlan_version.h index e2c4d11bb77e..26f67e3408a9 100644 --- a/core/mac/inc/qwlan_version.h +++ b/core/mac/inc/qwlan_version.h @@ -32,9 +32,9 @@ #define QWLAN_VERSION_MAJOR 5 #define QWLAN_VERSION_MINOR 2 #define QWLAN_VERSION_PATCH 022 -#define QWLAN_VERSION_EXTRA "A" +#define QWLAN_VERSION_EXTRA "B" #define QWLAN_VERSION_BUILD 11 -#define QWLAN_VERSIONSTR "5.2.022.11A" +#define QWLAN_VERSIONSTR "5.2.022.11B" #endif /* QWLAN_VERSION_H */