Age | Commit message (Collapse) | Author |
|
SBMerger: 325904710
Change-Id: I643195409710c7f7a5ab389223f7addc91d1e69a
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 325904710
Change-Id: I35eefbc23a31995da29d4adaaf423a78894b307f
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 325904710
Change-Id: Ifa999f3fe5f73252488ece7962960732ebb49c94
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
Remove csr_roam_save_security_rsp_ie() which is using
unused variables pWapiRspIE, nWapiRspIeLength,
nWpaRsnRspIeLength, pWpaRsnRspIE. Also remove
the functions which are used to get the value of
these variables.
Change-Id: I526fd492e98c119c51f760f7bfb58f454e5bebdf
CRs-Fixed: 2829557
Bug: 174210785
Signed-off-by: Srinivas Girigowda <quic_sgirigow@quicinc.com>
|
|
Remove csr_roam_save_security_rsp_ie() which is using
unused variables pWapiRspIE, nWapiRspIeLength,
nWpaRsnRspIeLength, pWpaRsnRspIE. Also remove
the functions which are used to get the value of
these variables.
Change-Id: I526fd492e98c119c51f760f7bfb58f454e5bebdf
CRs-Fixed: 2829557
Bug: 174210785
Signed-off-by: Srinivas Girigowda <quic_sgirigow@quicinc.com>
|
|
After roaming, FW updates host by roam sync indication. Host parses
the reassoc request in roam sync indication to update PMF capability
in PE session.
Change-Id: I9638a77150e81ea911e95d294c58d605871630a0
CRs-Fixed: 2746470
Bug: 170086722
Signed-off-by: Srinivas Girigowda <quic_sgirigow@quicinc.com>
|
|
After roaming, FW updates host by roam sync indication. Host parses
the reassoc request in roam sync indication to update PMF capability
in PE session.
Change-Id: I9638a77150e81ea911e95d294c58d605871630a0
CRs-Fixed: 2746470
Bug: 170086722
Signed-off-by: Srinivas Girigowda <quic_sgirigow@quicinc.com>
|
|
android-msm-floral-4.14-rvc-qpr1
Feb 2021.1
Bug: 174415365
Change-Id: I9fbb78f51fb59e5c5bdd22c3468b374944be599b
|
|
android-msm-pixel-4.14-rvc-qpr1
Feb 2021.1
Bug: 174415365
Change-Id: I39944e723c324fdf798faa526a11d366f48c47cb
|
|
Currently, In function lim_is_pkt_candidate_for_drop
to drop excessive management frames subType should be
SIR_MAC_MGMT_ASSOC_REQ, SIR_MAC_MGMT_DISASSOC and
SIR_MAC_MGMT_DEAUTH. As subType can not be equal to
3 management subtypes at same time,excessive frames for Assoc,
Disassoc and Deauth will never drop.
To drop excessive frames keep a check of OR instead of AND for
ASSOC, DISASSOC AND DEAUTH subTypes. Send diag event after all
duplicate checks in lim_process_disassoc_frame and
lim_process_deauth_frame.
Change-Id: I595378d409804d3fbd9c5d22a37090d6dc429075
CRs-Fixed: 2588832
Bug: 172349044
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
(cherry picked from commit 4336f46a4bde2f136f69a91f6afd6d5e173bd21f)
|
|
Currently, In function lim_is_pkt_candidate_for_drop
to drop excessive management frames subType should be
SIR_MAC_MGMT_ASSOC_REQ, SIR_MAC_MGMT_DISASSOC and
SIR_MAC_MGMT_DEAUTH. As subType can not be equal to
3 management subtypes at same time,excessive frames for Assoc,
Disassoc and Deauth will never drop.
To drop excessive frames keep a check of OR instead of AND for
ASSOC, DISASSOC AND DEAUTH subTypes. Send diag event after all
duplicate checks in lim_process_disassoc_frame and
lim_process_deauth_frame.
Change-Id: I595378d409804d3fbd9c5d22a37090d6dc429075
CRs-Fixed: 2588832
Bug: 172349044
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
(cherry picked from commit a63e604b378f4beed7c4771f1b9ccd4a1fb86b23)
|
|
lim_is_pkt_candidate_for_drop() uses sta_ds to update last assoc
and deauth/disasocc received time without taking any lock for
sta_ds. deletion of sta_ds in pe_delete_session before accessing
sta_ds in dph_lookup_hash_entry can lead lead to Assert.
Similar is the case with sta_ds->last_assoc_received_time and
sta_ds->last_disassoc_deauth_received_time.
Fix is to use peer_priv instead of sta_ds and update
last_assoc_received_time and last_disassoc_deauth_received_time of
peer_mlme_priv_obj. In this case refcount gets increased for valid
peer and peer won't be deleted until lim_is_pkt_candidate_for_drop
releases the ref count of the peer.
Change-Id: I9daf31f9dd7b509eaf38a93078bb7418605b1c74
CRs-Fixed: 2598841
Bug: 172348733
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
(cherry picked from commit 62d411185037791242863b6f2a141a1247696484)
|
|
lim_is_pkt_candidate_for_drop() uses sta_ds to update last assoc
and deauth/disasocc received time without taking any lock for
sta_ds. deletion of sta_ds in pe_delete_session before accessing
sta_ds in dph_lookup_hash_entry can lead lead to Assert.
Similar is the case with sta_ds->last_assoc_received_time and
sta_ds->last_disassoc_deauth_received_time.
Fix is to use peer_priv instead of sta_ds and update
last_assoc_received_time and last_disassoc_deauth_received_time of
peer_mlme_priv_obj. In this case refcount gets increased for valid
peer and peer won't be deleted until lim_is_pkt_candidate_for_drop
releases the ref count of the peer.
Change-Id: I9daf31f9dd7b509eaf38a93078bb7418605b1c74
CRs-Fixed: 2598841
Bug: 172348733
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
(cherry picked from commit 62d411185037791242863b6f2a141a1247696484)
|
|
Currently, sequence number of the authentication frame is cached
to detect if the same frame is received again. But in SAP case,
it's possible to get authentication frame from two different
clients with the same sequence number. Host driver drops auth
frame from the second station as it is considered as a
duplicate frame. Though the driver drops the frame only if it's
a retry, it's possible to get auth frame from second client with
same sequence number and retry bit set.
Cache the client mac address along with sequence number to
avoid this.
Change-Id: I194adc9e0f90d074aef50340d2cd6c7b138cc9b5
CRs-Fixed: 2815784
Bug: 172309980
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
Currently, In function lim_is_pkt_candidate_for_drop
to drop excessive management frames subType should be
SIR_MAC_MGMT_ASSOC_REQ, SIR_MAC_MGMT_DISASSOC and
SIR_MAC_MGMT_DEAUTH. As subType can not be equal to
3 management subtypes at same time,excessive frames for Assoc,
Disassoc and Deauth will never drop.
To drop excessive frames keep a check of OR instead of AND for
ASSOC, DISASSOC AND DEAUTH subTypes. Send diag event after all
duplicate checks in lim_process_disassoc_frame and
lim_process_deauth_frame.
Change-Id: I595378d409804d3fbd9c5d22a37090d6dc429075
CRs-Fixed: 2588832
Bug: 172349044
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
lim_is_pkt_candidate_for_drop() uses sta_ds to update last assoc
and deauth/disasocc received time without taking any lock for
sta_ds. deletion of sta_ds in pe_delete_session before accessing
sta_ds in dph_lookup_hash_entry can lead lead to Assert.
Similar is the case with sta_ds->last_assoc_received_time and
sta_ds->last_disassoc_deauth_received_time.
Fix is to use peer_priv instead of sta_ds and update
last_assoc_received_time and last_disassoc_deauth_received_time of
peer_mlme_priv_obj. In this case refcount gets increased for valid
peer and peer won't be deleted until lim_is_pkt_candidate_for_drop
releases the ref count of the peer.
Change-Id: I9daf31f9dd7b509eaf38a93078bb7418605b1c74
CRs-Fixed: 2598841
Bug: 172348733
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
After successful roam synch indication received in 802.1x/WPA3
security roaming, the peer will not be in authorized state since
EAP/EAPOL handshake is handled at the supplicant. Simultaneously
there is continuous vdev pause/unpause events from firmware, so
EAP handshake fails and EAP timeout kicks-in at supplicant and
disconnect is triggered. But on new connection the
hdd_reassoc_scenario flag is not reset, so
__wlan_hdd_cfg80211_ll_stats_get always returns failure and the
framework displays low rssi even though the connected AP rssi
is good.
Reset the hdd_reassoc_scenario flag after any disconnection.
Change-Id: I7b00fef86fa37d6e7ab857be1750add142f7e647
CRs-Fixed: 2752022
Bug: 170194686
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
Currently, sequence number of the authentication frame is cached
to detect if the same frame is received again. But in SAP case,
it's possible to get authentication frame from two different
clients with the same sequence number. Host driver drops auth
frame from the second station as it is considered as a
duplicate frame. Though the driver drops the frame only if it's
a retry, it's possible to get auth frame from second client with
same sequence number and retry bit set.
Cache the client mac address along with sequence number to
avoid this.
Change-Id: I194adc9e0f90d074aef50340d2cd6c7b138cc9b5
CRs-Fixed: 2815784
Bug: 172309980
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
Currently, In function lim_is_pkt_candidate_for_drop
to drop excessive management frames subType should be
SIR_MAC_MGMT_ASSOC_REQ, SIR_MAC_MGMT_DISASSOC and
SIR_MAC_MGMT_DEAUTH. As subType can not be equal to
3 management subtypes at same time,excessive frames for Assoc,
Disassoc and Deauth will never drop.
To drop excessive frames keep a check of OR instead of AND for
ASSOC, DISASSOC AND DEAUTH subTypes. Send diag event after all
duplicate checks in lim_process_disassoc_frame and
lim_process_deauth_frame.
Change-Id: I595378d409804d3fbd9c5d22a37090d6dc429075
CRs-Fixed: 2588832
Bug: 172349044
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
lim_is_pkt_candidate_for_drop() uses sta_ds to update last assoc
and deauth/disasocc received time without taking any lock for
sta_ds. deletion of sta_ds in pe_delete_session before accessing
sta_ds in dph_lookup_hash_entry can lead lead to Assert.
Similar is the case with sta_ds->last_assoc_received_time and
sta_ds->last_disassoc_deauth_received_time.
Fix is to use peer_priv instead of sta_ds and update
last_assoc_received_time and last_disassoc_deauth_received_time of
peer_mlme_priv_obj. In this case refcount gets increased for valid
peer and peer won't be deleted until lim_is_pkt_candidate_for_drop
releases the ref count of the peer.
Change-Id: I9daf31f9dd7b509eaf38a93078bb7418605b1c74
CRs-Fixed: 2598841
Bug: 172348733
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
After successful roam synch indication received in 802.1x/WPA3
security roaming, the peer will not be in authorized state since
EAP/EAPOL handshake is handled at the supplicant. Simultaneously
there is continuous vdev pause/unpause events from firmware, so
EAP handshake fails and EAP timeout kicks-in at supplicant and
disconnect is triggered. But on new connection the
hdd_reassoc_scenario flag is not reset, so
__wlan_hdd_cfg80211_ll_stats_get always returns failure and the
framework displays low rssi even though the connected AP rssi
is good.
Reset the hdd_reassoc_scenario flag after any disconnection.
Change-Id: I7b00fef86fa37d6e7ab857be1750add142f7e647
CRs-Fixed: 2752022
Bug: 170194686
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
SBMerger: 325904710
Change-Id: I34e9b8d036e24005a4d9f3a6932609446deb4fd7
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 325904710
Change-Id: Iac9c6b1e46dbc2e904879b064392f7fbfea78e29
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
In beacon report's RCPI, host updates current RSSI which is incorrect
according to "2008 11k spec reference: 18.4.8.5 RCPI Measurement".
Hence fill RCPI value in beacon report as per "2008 11k spec reference:
18.4.8.5 RCPI Measurement".
Change-Id: I2ce88ad9f5d0db252d96f9e25db336b081cdd9bb
CRs-Fixed: 2776844
Bug: 168426596
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
In beacon report's RCPI, host updates current RSSI which is incorrect
according to "2008 11k spec reference: 18.4.8.5 RCPI Measurement".
Hence fill RCPI value in beacon report as per "2008 11k spec reference:
18.4.8.5 RCPI Measurement".
Change-Id: I2ce88ad9f5d0db252d96f9e25db336b081cdd9bb
CRs-Fixed: 2776844
Bug: 168426596
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
SBMerger: 325904710
Change-Id: I2736960256b0b3f25c3fd0e8db55c34e831c0358
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 325904710
Change-Id: I8c896f3b1ccbb6972543629d2096d485d6193917
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 325904710
Change-Id: Idef33ab062fcb2cef56638fb725d5341650e0302
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 325904710
Change-Id: I41096363532d1bee80e3c3d00c49a82800f566ac
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
Currently the driver skips the 2.4ghz channels if
5ghz are present and BW is greater than 40Mhz.
It may happen that these 5ghz channels get
stripped out before channel selection due
to LTE-COEX or some other reasons.
Fix is to keep the 2.4ghz channels and select
them if 5ghz are not available.
Change-Id: Ic39936be9f0e0d1cf3b6bbfe904ea788bab87bcb
CRs-Fixed: 2797943
Bug: 170222921
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently the driver skips the 2.4ghz channels if
5ghz are present and BW is greater than 40Mhz.
It may happen that these 5ghz channels get
stripped out before channel selection due
to LTE-COEX or some other reasons.
Fix is to keep the 2.4ghz channels and select
them if 5ghz are not available.
Change-Id: Ic39936be9f0e0d1cf3b6bbfe904ea788bab87bcb
CRs-Fixed: 2797943
Bug: 170222921
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently the driver skips the 2.4ghz channels if
5ghz are present and BW is greater than 40Mhz.
It may happen that these 5ghz channels get
stripped out before channel selection due
to LTE-COEX or some other reasons.
Fix is to keep the 2.4ghz channels and select
them if 5ghz are not available.
Change-Id: Ic39936be9f0e0d1cf3b6bbfe904ea788bab87bcb
CRs-Fixed: 2797943
Bug: 170222921
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently the driver skips the 2.4ghz channels if
5ghz are present and BW is greater than 40Mhz.
It may happen that these 5ghz channels get
stripped out before channel selection due
to LTE-COEX or some other reasons.
Fix is to keep the 2.4ghz channels and select
them if 5ghz are not available.
Change-Id: Ic39936be9f0e0d1cf3b6bbfe904ea788bab87bcb
CRs-Fixed: 2797943
Bug: 170222921
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
SBMerger: 325904710
Change-Id: Ib82d3e35f8280f50b84d6f8b7edd74b507206304
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 325904710
Change-Id: I0b6bf6ec6d63fdda2960c08bc3dc4ce3e7ad9081
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
Currently in driver does not update the rate flags correctly
in wma as rate flags should include all the subsets of the
lower rartesets, which is not thye case today and driver only
updates the higher rate flag. Because of which it leads to
invalid computation of txrate at the kernel.
Change-Id: I5529532b3d41b68693b5b4b8952ee0f1414354db
CRs-Fixed: 2776370
Bug: 166722837
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently in driver does not update the rate flags correctly
in wma as rate flags should include all the subsets of the
lower rartesets, which is not thye case today and driver only
updates the higher rate flag. Because of which it leads to
invalid computation of txrate at the kernel.
Change-Id: I5529532b3d41b68693b5b4b8952ee0f1414354db
CRs-Fixed: 2776370
Bug: 166722837
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently the driver enables the SRD channels
support for both P2P_GO and SAP if the SRD master
mode is enabled.
Have individual ini values to enable/disable
the SRD channel for each op-mode as required.
Change-Id: If6e66996ed19dacbde7f71a6702f378a7e9a273c
CRs-Fixed: 2748446
Bug: 160167978
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently the driver enables the SRD channels
support for both P2P_GO and SAP if the SRD master
mode is enabled.
Have individual ini values to enable/disable
the SRD channel for each op-mode as required.
Change-Id: If6e66996ed19dacbde7f71a6702f378a7e9a273c
CRs-Fixed: 2748446
Bug: 160167978
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Check if NAN SRD operation is enabled in the ini
"etsi13_srd_chan_in_master_mode" and send the same to firmware
for all SRD channels.
Change-Id: I2aa8fd34c67b2061963b62a34d29c73740af3a76
CRs-Fixed: 2748455
Bug: 160167978
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently driver acquires wakelock for scans received from hdd.
But for RRM scan initiated from AP for beacon reports, the
wakelock is not acquired and if host goes to suspend while scan
is in progress,FW asserts.
Fix is to avoid the system suspend by taking the wakelock
before rrm scan start.
Change-Id: I02ddc9b5e6ba5f1782d00e34f044ace34c54d0b0
CRs-Fixed: 2331741
Bug: 161624543
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Check if NAN SRD operation is enabled in the ini
"etsi13_srd_chan_in_master_mode" and send the same to firmware
for all SRD channels.
Change-Id: I2aa8fd34c67b2061963b62a34d29c73740af3a76
CRs-Fixed: 2748455
Bug: 160167978
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently driver acquires wakelock for scans received from hdd.
But for RRM scan initiated from AP for beacon reports, the
wakelock is not acquired and if host goes to suspend while scan
is in progress,FW asserts.
Fix is to avoid the system suspend by taking the wakelock
before rrm scan start.
Change-Id: I02ddc9b5e6ba5f1782d00e34f044ace34c54d0b0
CRs-Fixed: 2331741
Bug: 161624543
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
SBMerger: 325523750
Change-Id: I2076f075d03a542b4928d8d8ede24c8b4ee755e2
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
Signed-off-by: Petri Gynther <pgynther@google.com>
|
|
SBMerger: 325523750
Change-Id: I278766c14266e6ebc322509d946acf9e1326c663
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
Mlme info is not updated for the new AP to which driver roamed and
also not updated for the old AP after driver roamed to new AP.
Also in some case when deauth is from peer the Mlme info is not reset
by driver for the disconnected AP.
As mlme info of the AP is not updated and it remain in associated state
The AGE out logic skip the AP and thus it never ageout.
Fix this by properly updating the MLME info of the AP during roaming
and disconnection.
Change-Id: Ib17499c8ab0c4725d146d7c09077c92661adbdd5
CRs-Fixed: 2419853
Bug: 161078546
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Mlme info is not updated for the new AP to which driver roamed and
also not updated for the old AP after driver roamed to new AP.
Also in some case when deauth is from peer the Mlme info is not reset
by driver for the disconnected AP.
As mlme info of the AP is not updated and it remain in associated state
The AGE out logic skip the AP and thus it never ageout.
Fix this by properly updating the MLME info of the AP during roaming
and disconnection.
Change-Id: Ib17499c8ab0c4725d146d7c09077c92661adbdd5
CRs-Fixed: 2419853
Bug: 161078546
Signed-off-by: Rajeev Kumar <quic_rajekuma@quicinc.com>
|
|
Currently the driver is not synchronized properly between SSR and wifi
ON/OFF. This causes a potential deadlock resulting in a DSC timeout.
To synchronize, add a wait in wlan_hdd_state_ctrl_param_write
which is called during WiFi ON/OFF. This wait will ensure that the
driver recovery is complete before proceeding with ON/OFF.
Change-Id: Ia1c4f8d7076d77c591276ee380b55a747cf606bd
CRs-Fixed: 2701513
Bug: 157090295
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
Currently the driver is not synchronized properly between SSR and wifi
ON/OFF. This causes a potential deadlock resulting in a DSC timeout.
To synchronize, add a wait in wlan_hdd_state_ctrl_param_write
which is called during WiFi ON/OFF. This wait will ensure that the
driver recovery is complete before proceeding with ON/OFF.
Change-Id: Ia1c4f8d7076d77c591276ee380b55a747cf606bd
CRs-Fixed: 2701513
Bug: 157090295
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
|
|
Merge from build: 6652503
Bug: 149536833
Change-Id: I855cd0cb8eac5a80642b0fac5e293785d564c4bd
Signed-off-by: Wilson Sung <wilsonsung@google.com>
|