diff options
author | John Muir <muirj@google.com> | 2018-10-17 15:17:40 -0700 |
---|---|---|
committer | John Muir <muirj@google.com> | 2018-10-17 15:17:40 -0700 |
commit | 0f48acbc0e130027cb5fc0c5d07c3c0e09def902 (patch) | |
tree | d34e9f54feabd9638a8196b9a29d79e7b75c1704 | |
parent | abe8a675bdc0544db0480dce5e7589e6f50ee655 (diff) | |
parent | a997344221e226ecf9baf1073287b00d05cdfa3e (diff) |
Merge 'dd-staging-vega' into 'daydreamos-msm-vega-4.4'.android-daydreamos-8.0.0_r0.7
* partner/dd-staging-vega:
Squashed 'drivers/staging/qcacld-3.0/' changes from 7cc21fd96b3d..3c26f936c70b
Squashed 'drivers/staging/qca-wifi-host-cmn/' changes from a1bae06617d0..b850630dd594
Squashed 'drivers/staging/fw-api/' changes from 61a93928f858..0acad70c6bf6
soc: qcom: fix race condition while freeing private data
diag: Prevent out of bound access while initializing msg mask
msm:ais:Handling bigger value than upper bound in msm_cpp_irq api
msm:ipa: Prevent NAT table deletion only if public ip is not assigned
net: core: null pointer derefernce in sockev_client_cb
msm: vidc: Increase minimum input buffer count for HEVC decode
msm: ipa3: Add mutex to prevent race condition
FROMLIST: binder: fix proc->files use-after-free
nl80211: nl80211_update_ft_ies to validate NL80211_ATTR_IE
msm: ais: Fix out-of-bounds read in string class name
soc: qcom: glink_smem_native_xprt: Move rx_worker in irq handler
diag: Allocate DCI memory using vzalloc instead of kzalloc
Bug: 117838324
Test: Compile passes.
Change-Id: I1153d4d86e3ac506cf87e519b72b7fd9456cbf15
100 files changed, 6278 insertions, 1993 deletions
diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c index 390c83719902..b0b36d00415d 100644 --- a/drivers/char/diag/diag_dci.c +++ b/drivers/char/diag/diag_dci.c @@ -26,6 +26,7 @@ #include <linux/reboot.h> #include <asm/current.h> #include <soc/qcom/restart.h> +#include <linux/vmalloc.h> #ifdef CONFIG_DIAG_OVER_USB #include <linux/usb/usbdiag.h> #endif @@ -258,7 +259,7 @@ static int diag_dci_init_buffer(struct diag_dci_buffer_t *buffer, int type) switch (type) { case DCI_BUF_PRIMARY: buffer->capacity = IN_BUF_SIZE; - buffer->data = kzalloc(buffer->capacity, GFP_KERNEL); + buffer->data = vzalloc(buffer->capacity); if (!buffer->data) return -ENOMEM; break; @@ -268,7 +269,7 @@ static int diag_dci_init_buffer(struct diag_dci_buffer_t *buffer, int type) break; case DCI_BUF_CMD: buffer->capacity = DIAG_MAX_REQ_SIZE + DCI_BUF_SIZE; - buffer->data = kzalloc(buffer->capacity, GFP_KERNEL); + buffer->data = vzalloc(buffer->capacity); if (!buffer->data) return -ENOMEM; break; @@ -2719,7 +2720,7 @@ static int diag_dci_init_remote(void) create_dci_event_mask_tbl(temp->event_mask_composite); } - partial_pkt.data = kzalloc(MAX_DCI_PACKET_SZ, GFP_KERNEL); + partial_pkt.data = vzalloc(MAX_DCI_PACKET_SZ); if (!partial_pkt.data) { pr_err("diag: Unable to create partial pkt data\n"); return -ENOMEM; @@ -2775,7 +2776,7 @@ int diag_dci_init(void) goto err; if (driver->apps_dci_buf == NULL) { - driver->apps_dci_buf = kzalloc(DCI_BUF_SIZE, GFP_KERNEL); + driver->apps_dci_buf = vzalloc(DCI_BUF_SIZE); if (driver->apps_dci_buf == NULL) goto err; } @@ -2792,12 +2793,12 @@ int diag_dci_init(void) return DIAG_DCI_NO_ERROR; err: pr_err("diag: Could not initialize diag DCI buffers"); - kfree(driver->apps_dci_buf); + vfree(driver->apps_dci_buf); driver->apps_dci_buf = NULL; if (driver->diag_dci_wq) destroy_workqueue(driver->diag_dci_wq); - kfree(partial_pkt.data); + vfree(partial_pkt.data); partial_pkt.data = NULL; mutex_destroy(&driver->dci_mutex); mutex_destroy(&dci_log_mask_mutex); @@ -2817,9 +2818,9 @@ void diag_dci_channel_init(void) void diag_dci_exit(void) { - kfree(partial_pkt.data); + vfree(partial_pkt.data); partial_pkt.data = NULL; - kfree(driver->apps_dci_buf); + vfree(driver->apps_dci_buf); driver->apps_dci_buf = NULL; mutex_destroy(&driver->dci_mutex); mutex_destroy(&dci_log_mask_mutex); @@ -2959,7 +2960,7 @@ int diag_dci_register_client(struct diag_dci_reg_tbl_t *reg_entry) new_entry->in_service = 0; INIT_LIST_HEAD(&new_entry->list_write_buf); mutex_init(&new_entry->write_buf_mutex); - new_entry->dci_log_mask = kzalloc(DCI_LOG_MASK_SIZE, GFP_KERNEL); + new_entry->dci_log_mask = vzalloc(DCI_LOG_MASK_SIZE); if (!new_entry->dci_log_mask) { pr_err("diag: Unable to create log mask for client, %d", driver->dci_client_id); @@ -2967,7 +2968,7 @@ int diag_dci_register_client(struct diag_dci_reg_tbl_t *reg_entry) } create_dci_log_mask_tbl(new_entry->dci_log_mask, DCI_LOG_MASK_CLEAN); - new_entry->dci_event_mask = kzalloc(DCI_EVENT_MASK_SIZE, GFP_KERNEL); + new_entry->dci_event_mask = vzalloc(DCI_EVENT_MASK_SIZE); if (!new_entry->dci_event_mask) { pr_err("diag: Unable to create event mask for client, %d", driver->dci_client_id); @@ -2977,7 +2978,7 @@ int diag_dci_register_client(struct diag_dci_reg_tbl_t *reg_entry) new_entry->buffers = kzalloc(new_entry->num_buffers * sizeof(struct diag_dci_buf_peripheral_t), - GFP_KERNEL); + GFP_KERNEL); if (!new_entry->buffers) { pr_err("diag: Unable to allocate buffers for peripherals in %s\n", __func__); @@ -3001,7 +3002,7 @@ int diag_dci_register_client(struct diag_dci_reg_tbl_t *reg_entry) if (!proc_buf->buf_primary) goto fail_alloc; proc_buf->buf_cmd = kzalloc(sizeof(struct diag_dci_buffer_t), - GFP_KERNEL); + GFP_KERNEL); if (!proc_buf->buf_cmd) goto fail_alloc; err = diag_dci_init_buffer(proc_buf->buf_primary, @@ -3034,7 +3035,7 @@ fail_alloc: if (proc_buf) { mutex_destroy(&proc_buf->health_mutex); if (proc_buf->buf_primary) { - kfree(proc_buf->buf_primary->data); + vfree(proc_buf->buf_primary->data); proc_buf->buf_primary->data = NULL; mutex_destroy( &proc_buf->buf_primary->data_mutex); @@ -3042,7 +3043,7 @@ fail_alloc: kfree(proc_buf->buf_primary); proc_buf->buf_primary = NULL; if (proc_buf->buf_cmd) { - kfree(proc_buf->buf_cmd->data); + vfree(proc_buf->buf_cmd->data); proc_buf->buf_cmd->data = NULL; mutex_destroy( &proc_buf->buf_cmd->data_mutex); @@ -3051,9 +3052,9 @@ fail_alloc: proc_buf->buf_cmd = NULL; } } - kfree(new_entry->dci_event_mask); + vfree(new_entry->dci_event_mask); new_entry->dci_event_mask = NULL; - kfree(new_entry->dci_log_mask); + vfree(new_entry->dci_log_mask); new_entry->dci_log_mask = NULL; kfree(new_entry->buffers); new_entry->buffers = NULL; @@ -3088,7 +3089,7 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) * Clear the client's log and event masks, update the cumulative * masks and send the masks to peripherals */ - kfree(entry->dci_log_mask); + vfree(entry->dci_log_mask); entry->dci_log_mask = NULL; diag_dci_invalidate_cumulative_log_mask(token); if (token == DCI_LOCAL_PROC) @@ -3097,7 +3098,7 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) if (ret != DIAG_DCI_NO_ERROR) { return ret; } - kfree(entry->dci_event_mask); + vfree(entry->dci_event_mask); entry->dci_event_mask = NULL; diag_dci_invalidate_cumulative_event_mask(token); if (token == DCI_LOCAL_PROC) @@ -3161,12 +3162,12 @@ int diag_dci_deinit_client(struct diag_dci_client_tbl *entry) } mutex_lock(&proc_buf->buf_primary->data_mutex); - kfree(proc_buf->buf_primary->data); + vfree(proc_buf->buf_primary->data); proc_buf->buf_primary->data = NULL; mutex_unlock(&proc_buf->buf_primary->data_mutex); mutex_lock(&proc_buf->buf_cmd->data_mutex); - kfree(proc_buf->buf_cmd->data); + vfree(proc_buf->buf_cmd->data); proc_buf->buf_cmd->data = NULL; mutex_unlock(&proc_buf->buf_cmd->data_mutex); diff --git a/drivers/char/diag/diag_masks.c b/drivers/char/diag/diag_masks.c index ad6805553998..ae766176c0ef 100644 --- a/drivers/char/diag/diag_masks.c +++ b/drivers/char/diag/diag_masks.c @@ -159,6 +159,9 @@ static void diag_send_log_mask_update(uint8_t peripheral, int equip_id) mutex_lock(&mask_info->lock); for (i = 0; i < MAX_EQUIP_ID; i++, mask++) { + if (!mask->ptr) + continue; + if (equip_id != i && equip_id != ALL_EQUIP_ID) continue; @@ -322,13 +325,14 @@ static void diag_send_msg_mask_update(uint8_t peripheral, int first, int last) int err = 0; int header_len = sizeof(struct diag_ctrl_msg_mask); int temp_len = 0; - uint8_t *buf = NULL, upd = 0; - uint8_t *temp = NULL; + uint8_t *buf = NULL, *temp = NULL; + uint8_t upd = 0; + uint8_t msg_mask_tbl_count_local = 0; uint32_t mask_size = 0; struct diag_mask_info *mask_info = NULL; struct diag_msg_mask_t *mask = NULL; struct diag_ctrl_msg_mask header; - uint8_t msg_mask_tbl_count_local; + struct diag_md_session_t *md_session_info = NULL; if (peripheral >= NUM_PERIPHERALS) return; @@ -342,15 +346,21 @@ static void diag_send_msg_mask_update(uint8_t peripheral, int first, int last) if (driver->md_session_mask != 0) { if (driver->md_session_mask & MD_PERIPHERAL_MASK(peripheral)) { - if (driver->md_session_map[peripheral]) + if (driver->md_session_map[peripheral]) { mask_info = driver->md_session_map[peripheral]->msg_mask; + md_session_info = + driver->md_session_map[peripheral]; + } } else if (driver->md_session_mask & MD_PERIPHERAL_PD_MASK(peripheral)) { upd = diag_mask_to_pd_value(driver->md_session_mask); - if (upd && driver->md_session_map[upd]) + if (upd && driver->md_session_map[upd]) { mask_info = driver->md_session_map[upd]->msg_mask; + md_session_info = + driver->md_session_map[upd]; + } } else { DIAG_LOG(DIAG_DEBUG_MASKS, "asking for mask update with unknown session mask\n"); @@ -369,7 +379,10 @@ static void diag_send_msg_mask_update(uint8_t peripheral, int first, int last) return; } buf = mask_info->update_buf; - msg_mask_tbl_count_local = driver->msg_mask_tbl_count; + if (md_session_info) + msg_mask_tbl_count_local = md_session_info->msg_mask_tbl_count; + else + msg_mask_tbl_count_local = driver->msg_mask_tbl_count; mutex_unlock(&driver->msg_mask_lock); mutex_lock(&mask_info->lock); switch (mask_info->status) { @@ -388,6 +401,8 @@ static void diag_send_msg_mask_update(uint8_t peripheral, int first, int last) } for (i = 0; i < msg_mask_tbl_count_local; i++, mask++) { + if (!mask->ptr) + continue; mutex_lock(&driver->msg_mask_lock); if (((mask->ssid_first > first) || (mask->ssid_last_tools < last)) && first != ALL_SSID) { @@ -550,6 +565,7 @@ static int diag_cmd_get_ssid_range(unsigned char *src_buf, int src_len, { int i; int write_len = 0; + uint8_t msg_mask_tbl_count = 0; struct diag_msg_mask_t *mask_ptr = NULL; struct diag_msg_ssid_query_t rsp; struct diag_ssid_range_t ssid_range; @@ -579,15 +595,17 @@ static int diag_cmd_get_ssid_range(unsigned char *src_buf, int src_len, return 0; } mutex_lock(&driver->msg_mask_lock); + msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count : + driver->msg_mask_tbl_count; rsp.cmd_code = DIAG_CMD_MSG_CONFIG; rsp.sub_cmd = DIAG_CMD_OP_GET_SSID_RANGE; rsp.status = MSG_STATUS_SUCCESS; rsp.padding = 0; - rsp.count = driver->msg_mask_tbl_count; + rsp.count = msg_mask_tbl_count; memcpy(dest_buf, &rsp, sizeof(rsp)); write_len += sizeof(rsp); mask_ptr = (struct diag_msg_mask_t *)mask_info->ptr; - for (i = 0; i < driver->msg_mask_tbl_count; i++, mask_ptr++) { + for (i = 0; i < msg_mask_tbl_count; i++, mask_ptr++) { if (write_len + sizeof(ssid_range) > dest_len) { pr_err("diag: In %s, Truncating response due to size limitations of rsp buffer\n", __func__); @@ -632,6 +650,8 @@ static int diag_cmd_get_build_mask(unsigned char *src_buf, int src_len, rsp.padding = 0; build_mask = (struct diag_msg_mask_t *)msg_bt_mask.ptr; for (i = 0; i < driver->bt_msg_mask_tbl_count; i++, build_mask++) { + if (!build_mask->ptr) + continue; if (build_mask->ssid_first != req->ssid_first) continue; num_entries = req->ssid_last - req->ssid_first + 1; @@ -662,6 +682,7 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len, int i; int write_len = 0; uint32_t mask_size = 0; + uint8_t msg_mask_tbl_count = 0; struct diag_msg_mask_t *mask = NULL; struct diag_build_mask_req_t *req = NULL; struct diag_msg_build_mask_t rsp; @@ -692,6 +713,8 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len, } mutex_lock(&driver->msg_mask_lock); + msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count : + driver->msg_mask_tbl_count; req = (struct diag_build_mask_req_t *)src_buf; rsp.cmd_code = DIAG_CMD_MSG_CONFIG; rsp.sub_cmd = DIAG_CMD_OP_GET_MSG_MASK; @@ -707,7 +730,9 @@ static int diag_cmd_get_msg_mask(unsigned char *src_buf, int src_len, mutex_unlock(&driver->md_session_lock); return -EINVAL; } - for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) { + for (i = 0; i < msg_mask_tbl_count; i++, mask++) { + if (!mask->ptr) + continue; if ((req->ssid_first < mask->ssid_first) || (req->ssid_first > mask->ssid_last_tools)) { continue; @@ -744,6 +769,7 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len, struct diag_msg_mask_t *mask_next = NULL; uint32_t *temp = NULL; struct diag_md_session_t *info = NULL; + uint8_t msg_mask_tbl_count = 0; mutex_lock(&driver->md_session_lock); info = diag_md_session_get_pid(pid); @@ -776,8 +802,12 @@ static int diag_cmd_set_msg_mask(unsigned char *src_buf, int src_len, mutex_unlock(&driver->md_session_lock); return -EINVAL; } - for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) { - if (i < (driver->msg_mask_tbl_count - 1)) { + msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count : + driver->msg_mask_tbl_count; + for (i = 0; i < msg_mask_tbl_count; i++, mask++) { + if (!mask->ptr) + continue; + if (i < (msg_mask_tbl_count - 1)) { mask_next = mask; mask_next++; } else @@ -881,6 +911,7 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len, struct diag_msg_mask_t *mask = NULL; struct diag_mask_info *mask_info = NULL; struct diag_md_session_t *info = NULL; + uint8_t msg_mask_tbl_count = 0; mutex_lock(&driver->md_session_lock); info = diag_md_session_get_pid(pid); @@ -915,9 +946,11 @@ static int diag_cmd_set_all_msg_mask(unsigned char *src_buf, int src_len, mutex_unlock(&driver->md_session_lock); return -EINVAL; } + msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count : + driver->msg_mask_tbl_count; mask_info->status = (req->rt_mask) ? DIAG_CTRL_MASK_ALL_ENABLED : DIAG_CTRL_MASK_ALL_DISABLED; - for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) { + for (i = 0; i < msg_mask_tbl_count; i++, mask++) { if (mask && mask->ptr) { mutex_lock(&mask->lock); memset(mask->ptr, req->rt_mask, @@ -1514,7 +1547,8 @@ static int diag_create_msg_mask_table(void) mutex_lock(&msg_mask.lock); mutex_lock(&driver->msg_mask_lock); driver->msg_mask_tbl_count = MSG_MASK_TBL_CNT; - for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) { + for (i = 0; (i < driver->msg_mask_tbl_count) && mask; + i++, mask++) { range.ssid_first = msg_mask_tbl[i].ssid_first; range.ssid_last = msg_mask_tbl[i].ssid_last; err = diag_create_msg_mask_table_entry(mask, &range); @@ -1539,7 +1573,8 @@ static int diag_create_build_time_mask(void) mutex_lock(&driver->msg_mask_lock); driver->bt_msg_mask_tbl_count = MSG_MASK_TBL_CNT; build_mask = (struct diag_msg_mask_t *)msg_bt_mask.ptr; - for (i = 0; i < driver->bt_msg_mask_tbl_count; i++, build_mask++) { + for (i = 0; (i < driver->bt_msg_mask_tbl_count) && build_mask; + i++, build_mask++) { range.ssid_first = msg_mask_tbl[i].ssid_first; range.ssid_last = msg_mask_tbl[i].ssid_last; err = diag_create_msg_mask_table_entry(build_mask, &range); @@ -1662,7 +1697,7 @@ static int diag_create_log_mask_table(void) mutex_lock(&log_mask.lock); mask = (struct diag_log_mask_t *)(log_mask.ptr); - for (i = 0; i < MAX_EQUIP_ID; i++, mask++) { + for (i = 0; (i < MAX_EQUIP_ID) && mask; i++, mask++) { mask->equip_id = i; mask->num_items = LOG_GET_ITEM_NUM(log_code_last_tbl[i]); mask->num_items_tools = mask->num_items; @@ -1706,7 +1741,6 @@ static int __diag_mask_init(struct diag_mask_info *mask_info, int mask_len, } kmemleak_not_leak(mask_info->update_buf); } - mutex_init(&mask_info->lock); return 0; } @@ -1730,9 +1764,10 @@ int diag_log_mask_copy(struct diag_mask_info *dest, struct diag_mask_info *src) struct diag_log_mask_t *src_mask = NULL; struct diag_log_mask_t *dest_mask = NULL; - if (!src) + if (!src || !dest) return -EINVAL; + mutex_init(&dest->lock); err = __diag_mask_init(dest, LOG_MASK_SIZE, APPS_BUF_SIZE); if (err) return err; @@ -1795,9 +1830,11 @@ static int diag_msg_mask_init(void) int err = 0; int i; + mutex_init(&msg_mask.lock); err = __diag_mask_init(&msg_mask, MSG_MASK_SIZE, APPS_BUF_SIZE); if (err) return err; + err = diag_create_msg_mask_table(); if (err) { pr_err("diag: Unable to create msg masks, err: %d\n", err); @@ -1812,7 +1849,8 @@ static int diag_msg_mask_init(void) return 0; } -int diag_msg_mask_copy(struct diag_mask_info *dest, struct diag_mask_info *src) +int diag_msg_mask_copy(struct diag_md_session_t *new_session, + struct diag_mask_info *dest, struct diag_mask_info *src) { int i; int err = 0; @@ -1823,17 +1861,25 @@ int diag_msg_mask_copy(struct diag_mask_info *dest, struct diag_mask_info *src) if (!src || !dest) return -EINVAL; - err = __diag_mask_init(dest, MSG_MASK_SIZE, APPS_BUF_SIZE); - if (err) - return err; + mutex_init(&dest->lock); mutex_lock(&dest->lock); mutex_lock(&driver->msg_mask_lock); + new_session->msg_mask_tbl_count = + driver->msg_mask_tbl_count; + err = __diag_mask_init(dest, + (new_session->msg_mask_tbl_count * + sizeof(struct diag_msg_mask_t)), APPS_BUF_SIZE); + if (err) { + mutex_unlock(&driver->msg_mask_lock); + mutex_unlock(&dest->lock); + return err; + } src_mask = (struct diag_msg_mask_t *)src->ptr; dest_mask = (struct diag_msg_mask_t *)dest->ptr; dest->mask_len = src->mask_len; dest->status = src->status; - for (i = 0; i < driver->msg_mask_tbl_count; i++) { + for (i = 0; i < new_session->msg_mask_tbl_count; i++) { range.ssid_first = src_mask->ssid_first; range.ssid_last = src_mask->ssid_last; err = diag_create_msg_mask_table_entry(dest_mask, &range); @@ -1849,10 +1895,12 @@ int diag_msg_mask_copy(struct diag_mask_info *dest, struct diag_mask_info *src) return err; } -void diag_msg_mask_free(struct diag_mask_info *mask_info) +void diag_msg_mask_free(struct diag_mask_info *mask_info, + struct diag_md_session_t *session_info) { int i; struct diag_msg_mask_t *mask = NULL; + uint8_t msg_mask_tbl_count = 0; if (!mask_info || !mask_info->ptr) return; @@ -1866,7 +1914,10 @@ void diag_msg_mask_free(struct diag_mask_info *mask_info) mutex_unlock(&mask_info->lock); return; } - for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) { + msg_mask_tbl_count = (session_info) ? + session_info->msg_mask_tbl_count : + driver->msg_mask_tbl_count; + for (i = 0; i < msg_mask_tbl_count; i++, mask++) { kfree(mask->ptr); mask->ptr = NULL; } @@ -1897,6 +1948,7 @@ static int diag_build_time_mask_init(void) int err = 0; /* There is no need for update buffer for Build Time masks */ + mutex_init(&msg_bt_mask.lock); err = __diag_mask_init(&msg_bt_mask, MSG_MASK_SIZE, 0); if (err) return err; @@ -1930,6 +1982,7 @@ static int diag_log_mask_init(void) int err = 0; int i; + mutex_init(&log_mask.lock); err = __diag_mask_init(&log_mask, LOG_MASK_SIZE, APPS_BUF_SIZE); if (err) return err; @@ -1964,6 +2017,7 @@ static int diag_event_mask_init(void) int err = 0; int i; + mutex_init(&event_mask.lock); err = __diag_mask_init(&event_mask, EVENT_MASK_SIZE, APPS_BUF_SIZE); if (err) return err; @@ -1985,6 +2039,7 @@ int diag_event_mask_copy(struct diag_mask_info *dest, if (!src || !dest) return -EINVAL; + mutex_init(&dest->lock); err = __diag_mask_init(dest, EVENT_MASK_SIZE, APPS_BUF_SIZE); if (err) return err; @@ -2024,6 +2079,7 @@ int diag_copy_to_user_msg_mask(char __user *buf, size_t count, struct diag_mask_info *mask_info = NULL; struct diag_msg_mask_t *mask = NULL; unsigned char *ptr = NULL; + uint8_t msg_mask_tbl_count = 0; if (!buf || count == 0) return -EINVAL; @@ -2056,7 +2112,11 @@ int diag_copy_to_user_msg_mask(char __user *buf, size_t count, mutex_unlock(&mask_info->lock); return -EINVAL; } - for (i = 0; i < driver->msg_mask_tbl_count; i++, mask++) { + msg_mask_tbl_count = (info) ? info->msg_mask_tbl_count : + driver->msg_mask_tbl_count; + for (i = 0; i < msg_mask_tbl_count; i++, mask++) { + if (!mask->ptr) + continue; ptr = mask_info->update_buf; len = 0; mutex_lock(&mask->lock); @@ -2131,6 +2191,8 @@ int diag_copy_to_user_log_mask(char __user *buf, size_t count, return -EINVAL; } for (i = 0; i < MAX_EQUIP_ID; i++, mask++) { + if (!mask->ptr) + continue; ptr = mask_info->update_buf; len = 0; mutex_lock(&mask->lock); diff --git a/drivers/char/diag/diag_masks.h b/drivers/char/diag/diag_masks.h index 6edeee954d74..a736ff269e8d 100644 --- a/drivers/char/diag/diag_masks.h +++ b/drivers/char/diag/diag_masks.h @@ -160,12 +160,13 @@ int diag_masks_init(void); void diag_masks_exit(void); int diag_log_mask_copy(struct diag_mask_info *dest, struct diag_mask_info *src); -int diag_msg_mask_copy(struct diag_mask_info *dest, - struct diag_mask_info *src); +int diag_msg_mask_copy(struct diag_md_session_t *new_session, + struct diag_mask_info *dest, struct diag_mask_info *src); int diag_event_mask_copy(struct diag_mask_info *dest, struct diag_mask_info *src); void diag_log_mask_free(struct diag_mask_info *mask_info); -void diag_msg_mask_free(struct diag_mask_info *mask_info); +void diag_msg_mask_free(struct diag_mask_info *mask_info, + struct diag_md_session_t *session_info); void diag_event_mask_free(struct diag_mask_info *mask_info); int diag_process_apps_masks(unsigned char *buf, int len, int pid); void diag_send_updates_peripheral(uint8_t peripheral); diff --git a/drivers/char/diag/diagchar.h b/drivers/char/diag/diagchar.h index 66d85eb2a026..51dde83f4c35 100644 --- a/drivers/char/diag/diagchar.h +++ b/drivers/char/diag/diagchar.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2008-2017, The Linux Foundation. All rights reserved. +/* Copyright (c) 2008-2018, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -442,6 +442,7 @@ struct diag_md_session_t { int pid; int peripheral_mask; uint8_t hdlc_disabled; + uint8_t msg_mask_tbl_count; struct timer_list hdlc_reset_timer; struct diag_mask_info *msg_mask; struct diag_mask_info *log_mask; diff --git a/drivers/char/diag/diagchar_core.c b/drivers/char/diag/diagchar_core.c index 61f62cd49029..24372f640277 100644 --- a/drivers/char/diag/diagchar_core.c +++ b/drivers/char/diag/diagchar_core.c @@ -1308,7 +1308,8 @@ static void diag_md_session_exit(void) diag_log_mask_free(session_info->log_mask); kfree(session_info->log_mask); session_info->log_mask = NULL; - diag_msg_mask_free(session_info->msg_mask); + diag_msg_mask_free(session_info->msg_mask, + session_info); kfree(session_info->msg_mask); session_info->msg_mask = NULL; diag_event_mask_free(session_info->event_mask); @@ -1380,7 +1381,9 @@ int diag_md_session_create(int mode, int peripheral_mask, int proc) "return value of event copy. err %d\n", err); goto fail_peripheral; } - err = diag_msg_mask_copy(new_session->msg_mask, &msg_mask); + new_session->msg_mask_tbl_count = 0; + err = diag_msg_mask_copy(new_session, new_session->msg_mask, + &msg_mask); if (err) { DIAG_LOG(DIAG_DEBUG_USERSPACE, "return value of msg copy. err %d\n", err); @@ -1416,7 +1419,8 @@ fail_peripheral: diag_event_mask_free(new_session->event_mask); kfree(new_session->event_mask); new_session->event_mask = NULL; - diag_msg_mask_free(new_session->msg_mask); + diag_msg_mask_free(new_session->msg_mask, + new_session); kfree(new_session->msg_mask); new_session->msg_mask = NULL; kfree(new_session); @@ -1444,7 +1448,8 @@ static void diag_md_session_close(int pid) diag_log_mask_free(session_info->log_mask); kfree(session_info->log_mask); session_info->log_mask = NULL; - diag_msg_mask_free(session_info->msg_mask); + diag_msg_mask_free(session_info->msg_mask, + session_info); kfree(session_info->msg_mask); session_info->msg_mask = NULL; diag_event_mask_free(session_info->event_mask); diff --git a/drivers/char/diag/diagfwd_cntl.c b/drivers/char/diag/diagfwd_cntl.c index 78088ab33439..70bbaebd6885 100644 --- a/drivers/char/diag/diagfwd_cntl.c +++ b/drivers/char/diag/diagfwd_cntl.c @@ -558,7 +558,7 @@ static void process_ssid_range_report(uint8_t *buf, uint32_t len, mask_ptr = (struct diag_msg_mask_t *)msg_mask.ptr; found = 0; for (j = 0; j < driver->msg_mask_tbl_count; j++, mask_ptr++) { - if (!mask_ptr || !ssid_range) { + if (!mask_ptr->ptr || !ssid_range) { found = 1; break; } @@ -630,7 +630,7 @@ static void diag_build_time_mask_update(uint8_t *buf, num_items = range->ssid_last - range->ssid_first + 1; for (i = 0; i < driver->bt_msg_mask_tbl_count; i++, build_mask++) { - if (!build_mask) { + if (!build_mask->ptr) { found = 1; break; } diff --git a/drivers/media/platform/msm/ais/pproc/cpp/msm_cpp.c b/drivers/media/platform/msm/ais/pproc/cpp/msm_cpp.c index 6c50070c91ab..0327bcb5a51a 100644 --- a/drivers/media/platform/msm/ais/pproc/cpp/msm_cpp.c +++ b/drivers/media/platform/msm/ais/pproc/cpp/msm_cpp.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2017, The Linux Foundation. All rights reserved. +/* Copyright (c) 2013-2018, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -836,9 +836,14 @@ static irqreturn_t msm_cpp_irq(int irq_num, void *data) if (irq_status & 0x8) { tx_level = msm_camera_io_r(cpp_dev->base + MSM_CPP_MICRO_FIFO_TX_STAT) >> 2; - for (i = 0; i < tx_level; i++) { - tx_fifo[i] = msm_camera_io_r(cpp_dev->base + - MSM_CPP_MICRO_FIFO_TX_DATA); + if (tx_level < MSM_CPP_TX_FIFO_LEVEL) { + for (i = 0; i < tx_level; i++) { + tx_fifo[i] = msm_camera_io_r(cpp_dev->base + + MSM_CPP_MICRO_FIFO_TX_DATA); + } + } else { + pr_err("Fatal invalid tx level %d", tx_level); + goto err; } spin_lock_irqsave(&cpp_dev->tasklet_lock, flags); queue_cmd = &cpp_dev->tasklet_queue_cmd[cpp_dev->taskletq_idx]; @@ -893,6 +898,7 @@ static irqreturn_t msm_cpp_irq(int irq_num, void *data) pr_debug("DEBUG_R1: 0x%x\n", msm_camera_io_r(cpp_dev->base + 0x8C)); } +err: msm_camera_io_w(irq_status, cpp_dev->base + MSM_CPP_MICRO_IRQGEN_CLR); return IRQ_HANDLED; } diff --git a/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c b/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c index 3d57c15943af..bc65288204e7 100644 --- a/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c +++ b/drivers/platform/msm/ipa/ipa_v2/ipa_nat.c @@ -327,14 +327,18 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) size_t tmp; gfp_t flag = GFP_KERNEL | (ipa_ctx->use_dma_zone ? GFP_DMA : 0); + mutex_lock(&ipa_ctx->nat_mem.lock); + if (!ipa_ctx->nat_mem.is_dev_init) { IPAERR_RL("Nat table not initialized\n"); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } IPADBG("\n"); if (init->table_entries == 0) { IPADBG("Table entries is zero\n"); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } @@ -342,6 +346,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) if (init->ipv4_rules_offset > (UINT_MAX - (TBL_ENTRY_SIZE * (init->table_entries + 1)))) { IPAERR_RL("Detected overflow\n"); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } /* Check Table Entry offset is not @@ -353,6 +358,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->ipv4_rules_offset, (init->table_entries + 1), tmp, ipa_ctx->nat_mem.size); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } @@ -360,6 +366,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) if (init->expn_rules_offset > UINT_MAX - (TBL_ENTRY_SIZE * init->expn_table_entries)) { IPAERR_RL("Detected overflow\n"); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } /* Check Expn Table Entry offset is not @@ -371,6 +378,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->expn_rules_offset, init->expn_table_entries, tmp, ipa_ctx->nat_mem.size); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } @@ -378,6 +386,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) if (init->index_offset > UINT_MAX - (INDX_TBL_ENTRY_SIZE * (init->table_entries + 1))) { IPAERR_RL("Detected overflow\n"); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } /* Check Indx Table Entry offset is not @@ -389,6 +398,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->index_offset, (init->table_entries + 1), tmp, ipa_ctx->nat_mem.size); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } @@ -396,6 +406,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) if (init->index_expn_offset > (UINT_MAX - (INDX_TBL_ENTRY_SIZE * init->expn_table_entries))) { IPAERR_RL("Detected overflow\n"); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } /* Check Expn Table entry offset is not @@ -407,6 +418,7 @@ int ipa2_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->index_expn_offset, init->expn_table_entries, tmp, ipa_ctx->nat_mem.size); + mutex_unlock(&ipa_ctx->nat_mem.lock); return -EPERM; } @@ -555,6 +567,7 @@ free_mem: free_nop: kfree(reg_write_nop); bail: + mutex_unlock(&ipa_ctx->nat_mem.lock); return result; } @@ -775,7 +788,7 @@ int ipa2_nat_del_cmd(struct ipa_ioc_v4_nat_del *del) return -EPERM; } - if (ipa_ctx->nat_mem.public_ip_addr) { + if (!ipa_ctx->nat_mem.public_ip_addr) { IPAERR_RL("Public IP addr not assigned and trying to delete\n"); return -EPERM; } diff --git a/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c b/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c index b399a3f9ead5..2099048eb82d 100644 --- a/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c +++ b/drivers/platform/msm/ipa/ipa_v3/ipa_nat.c @@ -368,6 +368,8 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("Detected overflow\n"); return -EPERM; } + mutex_lock(&ipa3_ctx->nat_mem.lock); + /* Check Table Entry offset is not beyond allocated size */ tmp = init->ipv4_rules_offset + @@ -377,6 +379,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->ipv4_rules_offset, (init->table_entries + 1), tmp, ipa3_ctx->nat_mem.size); + mutex_unlock(&ipa3_ctx->nat_mem.lock); return -EPERM; } @@ -384,6 +387,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) if (init->expn_rules_offset > (UINT_MAX - (TBL_ENTRY_SIZE * init->expn_table_entries))) { IPAERR_RL("Detected overflow\n"); + mutex_unlock(&ipa3_ctx->nat_mem.lock); return -EPERM; } /* Check Expn Table Entry offset is not @@ -395,6 +399,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->expn_rules_offset, init->expn_table_entries, tmp, ipa3_ctx->nat_mem.size); + mutex_unlock(&ipa3_ctx->nat_mem.lock); return -EPERM; } @@ -402,6 +407,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) if (init->index_offset > UINT_MAX - (INDX_TBL_ENTRY_SIZE * (init->table_entries + 1))) { IPAERR_RL("Detected overflow\n"); + mutex_unlock(&ipa3_ctx->nat_mem.lock); return -EPERM; } /* Check Indx Table Entry offset is not @@ -413,6 +419,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->index_offset, (init->table_entries + 1), tmp, ipa3_ctx->nat_mem.size); + mutex_unlock(&ipa3_ctx->nat_mem.lock); return -EPERM; } @@ -420,6 +427,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) if (init->index_expn_offset > UINT_MAX - (INDX_TBL_ENTRY_SIZE * init->expn_table_entries)) { IPAERR_RL("Detected overflow\n"); + mutex_unlock(&ipa3_ctx->nat_mem.lock); return -EPERM; } /* Check Expn Table entry offset is not @@ -431,6 +439,7 @@ int ipa3_nat_init_cmd(struct ipa_ioc_v4_nat_init *init) IPAERR_RL("offset:%d entrys:%d size:%zu mem_size:%zu\n", init->index_expn_offset, init->expn_table_entries, tmp, ipa3_ctx->nat_mem.size); + mutex_unlock(&ipa3_ctx->nat_mem.lock); return -EPERM; } @@ -580,6 +589,7 @@ destroy_imm_cmd: free_nop: ipahal_destroy_imm_cmd(nop_cmd_pyld); bail: + mutex_unlock(&ipa3_ctx->nat_mem.lock); return result; } diff --git a/drivers/soc/qcom/glink_smem_native_xprt.c b/drivers/soc/qcom/glink_smem_native_xprt.c index 042108d4035b..c18b61dbbca3 100644 --- a/drivers/soc/qcom/glink_smem_native_xprt.c +++ b/drivers/soc/qcom/glink_smem_native_xprt.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2017, The Linux Foundation. All rights reserved. +/* Copyright (c) 2014-2018, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -171,8 +171,6 @@ struct mailbox_config_info { * @kwork: Work to be executed when an irq is received. * @kworker: Handle to the entity processing of deferred commands. - * @tasklet Handle to tasklet to process incoming data - packets in atomic manner. * @task: Handle to the task context used to run @kworker. * @use_ref: Active uses of this transport use this to grab * a reference. Used for ssr synchronization. @@ -216,7 +214,6 @@ struct edge_info { struct kthread_work kwork; struct kthread_worker kworker; struct task_struct *task; - struct tasklet_struct tasklet; struct srcu_struct use_ref; bool in_ssr; spinlock_t rx_lock; @@ -1186,18 +1183,6 @@ static void __rx_worker(struct edge_info *einfo, bool atomic_ctx) } /** - * rx_worker_atomic() - worker function to process received command in atomic - * context. - * @param: The param parameter passed during initialization of the tasklet. - */ -static void rx_worker_atomic(unsigned long param) -{ - struct edge_info *einfo = (struct edge_info *)param; - - __rx_worker(einfo, true); -} - -/** * rx_worker() - worker function to process received commands * @work: kwork associated with the edge to process commands on. */ @@ -1216,7 +1201,7 @@ irqreturn_t irq_handler(int irq, void *priv) if (einfo->rx_reset_reg) writel_relaxed(einfo->out_irq_mask, einfo->rx_reset_reg); - tasklet_hi_schedule(&einfo->tasklet); + __rx_worker(einfo, true); einfo->rx_irq_count++; return IRQ_HANDLED; @@ -2348,7 +2333,6 @@ static int glink_smem_native_probe(struct platform_device *pdev) init_waitqueue_head(&einfo->tx_blocked_queue); init_kthread_work(&einfo->kwork, rx_worker); init_kthread_worker(&einfo->kworker); - tasklet_init(&einfo->tasklet, rx_worker_atomic, (unsigned long)einfo); einfo->read_from_fifo = read_from_fifo; einfo->write_to_fifo = write_to_fifo; init_srcu_struct(&einfo->use_ref); @@ -2451,7 +2435,6 @@ smem_alloc_fail: flush_kthread_worker(&einfo->kworker); kthread_stop(einfo->task); einfo->task = NULL; - tasklet_kill(&einfo->tasklet); kthread_fail: iounmap(einfo->out_irq_reg); ioremap_fail: @@ -2537,7 +2520,6 @@ static int glink_rpm_native_probe(struct platform_device *pdev) init_waitqueue_head(&einfo->tx_blocked_queue); init_kthread_work(&einfo->kwork, rx_worker); init_kthread_worker(&einfo->kworker); - tasklet_init(&einfo->tasklet, rx_worker_atomic, (unsigned long)einfo); einfo->intentless = true; einfo->read_from_fifo = memcpy32_fromio; einfo->write_to_fifo = memcpy32_toio; @@ -2699,7 +2681,6 @@ toc_init_fail: flush_kthread_worker(&einfo->kworker); kthread_stop(einfo->task); einfo->task = NULL; - tasklet_kill(&einfo->tasklet); kthread_fail: iounmap(msgram); msgram_ioremap_fail: @@ -2828,7 +2809,6 @@ static int glink_mailbox_probe(struct platform_device *pdev) init_waitqueue_head(&einfo->tx_blocked_queue); init_kthread_work(&einfo->kwork, rx_worker); init_kthread_worker(&einfo->kworker); - tasklet_init(&einfo->tasklet, rx_worker_atomic, (unsigned long)einfo); einfo->read_from_fifo = read_from_fifo; einfo->write_to_fifo = write_to_fifo; init_srcu_struct(&einfo->use_ref); @@ -2950,7 +2930,6 @@ smem_alloc_fail: flush_kthread_worker(&einfo->kworker); kthread_stop(einfo->task); einfo->task = NULL; - tasklet_kill(&einfo->tasklet); kthread_fail: iounmap(einfo->rx_reset_reg); rx_reset_ioremap_fail: diff --git a/drivers/soc/qcom/wcd-dsp-glink.c b/drivers/soc/qcom/wcd-dsp-glink.c index ee88a8aaf850..50cef91ad5a4 100644 --- a/drivers/soc/qcom/wcd-dsp-glink.c +++ b/drivers/soc/qcom/wcd-dsp-glink.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2017, The Linux Foundation. All rights reserved. +/* Copyright (c) 2016-2018, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -89,6 +89,9 @@ struct wdsp_glink_ch { /* Wait for ch connect state before sending any command */ wait_queue_head_t ch_connect_wait; + /* Wait for ch local and remote disconnect before channel free */ + wait_queue_head_t ch_free_wait; + /* * Glink channel configuration. This has to be the last * member of the strucuture as it has variable size @@ -338,7 +341,7 @@ static void wdsp_glink_notify_state(void *handle, const void *priv, mutex_lock(&ch->mutex); ch->channel_state = event; if (event == GLINK_CONNECTED) { - dev_dbg(wpriv->dev, "%s: glink channel: %s connected\n", + dev_info(wpriv->dev, "%s: glink channel: %s connected\n", __func__, ch->ch_cfg.name); for (i = 0; i < ch->ch_cfg.no_of_intents; i++) { @@ -360,31 +363,29 @@ static void wdsp_glink_notify_state(void *handle, const void *priv, ch->ch_cfg.name); wake_up(&ch->ch_connect_wait); - mutex_unlock(&ch->mutex); } else if (event == GLINK_LOCAL_DISCONNECTED) { /* * Don't use dev_dbg here as dev may not be valid if channel * closed from driver close. */ - pr_debug("%s: channel: %s disconnected locally\n", + pr_info("%s: channel: %s disconnected locally\n", __func__, ch->ch_cfg.name); mutex_unlock(&ch->mutex); - - if (ch->free_mem) { - kfree(ch); - ch = NULL; - } + ch->free_mem = true; + wake_up(&ch->ch_free_wait); + return; } else if (event == GLINK_REMOTE_DISCONNECTED) { - dev_dbg(wpriv->dev, "%s: remote channel: %s disconnected remotely\n", + pr_info("%s: remote channel: %s disconnected remotely\n", __func__, ch->ch_cfg.name); - mutex_unlock(&ch->mutex); /* * If remote disconnect happens, local side also has * to close the channel as per glink design in a * separate work_queue. */ - queue_work(wpriv->work_queue, &ch->lcl_ch_cls_wrk); + if (wpriv && wpriv->work_queue != NULL) + queue_work(wpriv->work_queue, &ch->lcl_ch_cls_wrk); } + mutex_unlock(&ch->mutex); } /* @@ -399,11 +400,11 @@ static int wdsp_glink_close_ch(struct wdsp_glink_ch *ch) mutex_lock(&wpriv->glink_mutex); if (ch->handle) { ret = glink_close(ch->handle); + ch->handle = NULL; if (IS_ERR_VALUE(ret)) { dev_err(wpriv->dev, "%s: glink_close is failed, ret = %d\n", __func__, ret); } else { - ch->handle = NULL; dev_dbg(wpriv->dev, "%s: ch %s is closed\n", __func__, ch->ch_cfg.name); } @@ -451,6 +452,7 @@ static int wdsp_glink_open_ch(struct wdsp_glink_ch *ch) ch->handle = NULL; ret = -EINVAL; } + ch->free_mem = false; } else { dev_err(wpriv->dev, "%s: ch %s is already opened\n", __func__, ch->ch_cfg.name); @@ -492,7 +494,7 @@ static int wdsp_glink_open_all_ch(struct wdsp_glink_priv *wpriv) err_open: for (j = 0; j < i; j++) - if (wpriv->ch[i]) + if (wpriv->ch[j]) wdsp_glink_close_ch(wpriv->ch[j]); done: @@ -631,6 +633,7 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv, goto err_ch_mem; } ch[i]->channel_state = GLINK_LOCAL_DISCONNECTED; + ch[i]->free_mem = true; memcpy(&ch[i]->ch_cfg, payload, ch_cfg_size); payload += ch_cfg_size; @@ -654,6 +657,7 @@ static int wdsp_glink_ch_info_init(struct wdsp_glink_priv *wpriv, INIT_WORK(&ch[i]->lcl_ch_open_wrk, wdsp_glink_lcl_ch_open_wrk); INIT_WORK(&ch[i]->lcl_ch_cls_wrk, wdsp_glink_lcl_ch_cls_wrk); init_waitqueue_head(&ch[i]->ch_connect_wait); + init_waitqueue_head(&ch[i]->ch_free_wait); } INIT_WORK(&wpriv->ch_open_cls_wrk, wdsp_glink_ch_open_cls_wrk); @@ -1060,36 +1064,48 @@ static int wdsp_glink_release(struct inode *inode, struct file *file) goto done; } + dev_info(wpriv->dev, "%s: closing wdsp_glink driver\n", __func__); if (wpriv->glink_state.handle) glink_unregister_link_state_cb(wpriv->glink_state.handle); flush_workqueue(wpriv->work_queue); - destroy_workqueue(wpriv->work_queue); - /* - * Clean up glink channel memory in channel state - * callback only if close channels are called from here. + * Wait for channel local and remote disconnect state notifications + * before freeing channel memory. */ - if (wpriv->ch) { - for (i = 0; i < wpriv->no_of_channels; i++) { - if (wpriv->ch[i]) { - wpriv->ch[i]->free_mem = true; - /* - * Channel handle NULL means channel is already - * closed. Free the channel memory here itself. - */ - if (!wpriv->ch[i]->handle) { - kfree(wpriv->ch[i]); - wpriv->ch[i] = NULL; - } else { - wdsp_glink_close_ch(wpriv->ch[i]); - } + for (i = 0; i < wpriv->no_of_channels; i++) { + if (wpriv->ch && wpriv->ch[i]) { + /* + * Only close glink channel from here if REMOTE has + * not already disconnected it + */ + wdsp_glink_close_ch(wpriv->ch[i]); + + ret = wait_event_timeout(wpriv->ch[i]->ch_free_wait, + (wpriv->ch[i]->free_mem == true), + msecs_to_jiffies(TIMEOUT_MS)); + if (!ret) { + pr_err("%s: glink ch %s failed to notify states properly %d\n", + __func__, wpriv->ch[i]->ch_cfg.name, + wpriv->ch[i]->channel_state); + ret = -EINVAL; + goto done; } } + } - kfree(wpriv->ch); - wpriv->ch = NULL; + flush_workqueue(wpriv->work_queue); + destroy_workqueue(wpriv->work_queue); + wpriv->work_queue = NULL; + + for (i = 0; i < wpriv->no_of_channels; i++) { + if (wpriv->ch && wpriv->ch[i]) { + kfree(wpriv->ch[i]); + wpriv->ch[i] = NULL; + } } + kfree(wpriv->ch); + wpriv->ch = NULL; mutex_destroy(&wpriv->glink_mutex); mutex_destroy(&wpriv->rsp_mutex); diff --git a/drivers/staging/fw-api/fw/dbglog.h b/drivers/staging/fw-api/fw/dbglog.h index 197866c18097..aa29c7a621e7 100755 --- a/drivers/staging/fw-api/fw/dbglog.h +++ b/drivers/staging/fw-api/fw/dbglog.h @@ -81,6 +81,7 @@ extern "C" { /* Debug Log levels*/ typedef enum { + DBGLOG_ML = 0, DBGLOG_VERBOSE = 0, DBGLOG_INFO, DBGLOG_INFO_LVL_1, diff --git a/drivers/staging/fw-api/fw/dbglog_id.h b/drivers/staging/fw-api/fw/dbglog_id.h index 18f6d833e3a0..d8b0d502dc87 100755 --- a/drivers/staging/fw-api/fw/dbglog_id.h +++ b/drivers/staging/fw-api/fw/dbglog_id.h @@ -50,6 +50,324 @@ extern "C" { */ #define DBGLOG_DBGID_SM_FRAMEWORK_PROXY_DBGLOG_MSG 1000 +/* RESMGR messageIDs for ML logging */ +typedef enum { + RESMGR_MSGID_DEFINITION_START = 0x0000, + RESMGR_CHMMGR_CHAINMASK_CHANGE_REQ_MSGID, + RESMGR_CHMMGR_PROCESS_CHM_CHANGE_REQ_MSGID, + RESMGR_CHMMGR_DB_UPDATE_MSGID, + RESMGR_CHMMGR_SEND_HW_MODE_PRE_NOTIF_MSGID, + RESMGR_OCM_SUSPEND_MSGID, + RESMGR_OCM_MIGRATE_MSGID, + RESGMR_OCM_RESUME_MSGID, + RESMGR_OCS_CHREQ_GRANT_MSGID, + RESMGR_OCS_CURR_CAT_WINDOW_MSGID, + RESMGR_OCS_CHREQ_RESTART_MSGID, + RESMGR_OCS_CHREQ_COMPLETE_MSGID, + RESMGR_OCS_WIN_CAT_DUR_MSGID, + RESMGR_OCS_PURGE_CHREQS_MSGID, + RESMGR_OCS_INVOKED_MSGID, + RESMGR_OCS_CHREQ_CREATE_MSGID, + RESMGR_OCS_CHREQ_DELETE_MSGID, + RESMGR_OCS_RECAL_QUOTAS_MSGID, + RESMGR_OCS_CHREQ_START_MSGID, + RESMGR_OCS_CHREQ_STOP_MSGID, + RESMGR_OCS_CHREQ_UPDATE_MSGID, + RESMGR_DBSMGR_SET_HW_MODE_MSGID, + RESMGR_DBSMGR_SET_CONNECTION_IN_PROGRESS_MSGID, + RESMGR_VCM_LINK_CREATE_MSGID, + RESMGR_VCM_LINK_DELETE_MSGID, + RESMGR_VC_INIT_VIR_CHAN_MSGID, + RESMGR_VC_ADD_LINK_MSGID, + RESMGR_VC_RMV_LINK_MSGID, + RESMGR_VC_REGISTER_LINK_MSGID, + RESMGR_VC_UNREGISTER_LINK_MSGID, + RESMGR_VC_ARBITRATE_ATTRIBUTES_MSGID, + RESMGR_DBSMGR_CHANGE_SCAN_STATE_MSGID, + RESMGR_DBSMGR_RECOMPUTE_SCAN_POLICY_MSGID, + RESMGR_DBSMGR_UPDATE_SCAN_POLICY_MSGID, + RESMGR_CHMMGR_INITIATE_VC_OPS_MSGID, + RESMGR_CHMMGR_INITIATE_WAL_OPS_MSGID, + RESMGR_EVENT_HANDLER_VDEV_MGR_MSGID, + RESMGR_EVENT_HANDLER_SCAN_POLICY_MSGID, + RESMGR_MSGID_DEFINITION_END = 0x7fff, +} RESMGR_MSGID; + +/* VDEVMGR messageIDs for ML logging */ +typedef enum { + VDEV_MGR_MSGID_DEFINITION_START = 0x0000, + VDEV_MGR_RESMGR_CHMMGR_NOTIF_VDEV_UP_MSGID, + VDEV_MGR_FIRST_BMISS_DETECTED_MSGID, + VDEV_MGR_FINAL_BMISS_DETECTED_MSGID, + VDEV_MGR_MY_BEACON_RECEIVED_MSGID, + VDEV_MGR_VDEV_PAUSE_MSGID, + VDEV_MGR_VDEV_UNPAUSE_MSGID, + VDEV_MGR_VDEV_MIGRATE_MSGID, + VDEV_MGR_REGISTER_RESMGR_EVENT_MSGID, + VDEV_MGR_EVENT_HANDLER_VDEV_MSGID, + VDEV_MGR_EVENT_HANDLER_BEACON_MSGID, + VDEV_MGR_EVENT_HANDLER_MGMT_TXRX, + VDEV_MGR_EVENT_HANDLER_11D_SCAN_OFFLOAD_MSG_ID, + VDEV_MGR_EVENT_HANDLER_WOW_KEEPALIVE_MSGID, + VDEV_MGR_EVENT_HANDLER_EXTSCAN_MSGID, + VDEV_MGR_EVENT_HANDLER_SWBMISS_MSGID, + VDEV_MGR_EVENT_HANDLER_BEACON_DTIMSYNC_MSGID, + VDEV_MGR_EVENT_HANDLER_BEACON_TSFOOR_MSGID, + VDEV_MGR_THREAD_COMM_BE_FLOW_CTRL_MSGID, + VDEV_MGR_THREAD_COMM_SYNC_RT_DATA_OFFLOAD_MSGID, + VDEV_MGR_THREAD_COMM_BE_VDEV_STATE_CHANGE_MSGID, + VDEV_MGR_THREAD_COMM_VDEV_STATE_CHANGE_CONF_MSGID, + VDEV_MGR_MSGID_DEFINITION_END = 0x7fff, +} VDEV_MGR_MSGID; + +/* SCAN messageIDs for ML logging */ +typedef enum { + SCAN_MSGID_DEFINITION_START = 0x0000, + SCAN_SCH_START_MSGID, + SCAN_EVENT_STARTED_MSGID, + SCAN_EVENT_FOREIGN_CHANNEL_MSGID, + SCAN_EVENT_FOREIGN_CHANNEL_EXIT_MSGID, + SCAN_EVENT_BSS_CHANNEL_MSGID, + SCAN_EVENT_PREEMPTED_MSGID, + SCAN_EVENT_RESTARTED_MSGID, + SCAN_EVENT_COMPLETED_MSGID, + SCAN_EVENT_DEQUEUED_MSGID, + SCAN_EVENT_SUSPENDED_MSGID, + SCAN_SCH_CANCEL_MSGID, + SCAN_SCH_SUSPEND_MSGID, + SCAN_MGR_EVENT_ASYNC_COMPLETE_MSGID, + SCAN_MGR_EVENT_COMPLETED_MSGID, + SCAN_MGR_EVENT_PREEMPTED_MSGID, + SCAN_MGR_EVENT_SUSPENDED_MSGID, + SCAN_POLICY_EVENT_MSGID, + SCAN_MGR_RESUME_EVENT_MSGID, + SCAN_MGR_SCAN_START_MSGID, + SCAN_MGR_CANCEL_MSGID, + SCAN_MGR_BCN_RECV_MSGID, + SCAN_MGR_CHECK_BAND_CHANNELS_MSGID, + SCAN_MGR_SCAN_POLICY_RECOMPUTE_MSGID, + SCAN_MGR_CLIENT_SCAN_POLICY_MSGID, + SCAN_ENG_START_MSGID, + SCAN_ENG_CANCEL_MSGID, + SCAN_SET_CHAN_LIST_MSGID, + SCAN_SEND_PROBE_REQ_RET_VDEV_MSGID, + SCAN_SEND_PROBE_REQ_RET_PASSIVE_MSGID, + SCAN_SEND_PROBE_REQ_2G_RET_MSGID, + SCAN_SEND_PROBE_REQ_5G_RET_MSGID, + SCAN_ADPATIVE_DWELL_ENABLED_MSGID, + SCAN_ADAPTIVE_DWELL_CH_ACTIVITY_START_MSGID, + SCAN_ADAPTIVE_DWELL_CH_ACTIVITY_END_MSGID, + SCAN_ADAPTIVE_DWELL_CH_CONGESTION_CHECK_MSGID, + SCAN_ADAPTIVE_DWELL_ACTIVE_STARTED_MSGID, + SCAN_ADAPTIVE_DWELL_ALL_PROBE_SENT_MSGID, + SCAN_ADAPTIVE_DWELL_PASSIVE_STARTED_MSGID, + SCAN_ADAPTIVE_DWELL_SWITCH_ACTIVE_MSGID, + SCAN_REGISTER_OFFLDMGR_CH_PREDICTION_MSGID, + SCAN_DEREGISTER_OFFLDMGR_CH_PREDICTION_MSGID, + SCAN_REGISTER_OFFLDMGR_ADAPTIVE_BCNPRB_MSGID, + SCAN_DEREGISTER_OFFLDMGR_ADAPTIVE_BCNPRB_MSGID, + SCAN_EVENT_HANDLER_MGMT_TXRX_MSGID, + SCAN_EVENT_HANDLER_NLO_MSGID, + SCAN_EVENT_HANDLER_SCAN_AUTOCHAN_MSGID, + SCAN_EVENT_HANDLER_VDEVMGR_MSGID, + SCAN_EVENT_HANDLER_OFFLOAD_BEACON_MSGID, + SCAN_EVENT_HANDLER_STA_TWT_MSGID, + SCAN_EVENT_HANDLER_BATCH_SCAN_MSGID, + SCAN_MSGID_DEFINITION_END = 0x7fff, +} SCAN_MSGID; + +/* MGMT_TXRX messageIDs for ML logging */ +typedef enum { + MGMT_TXRX_MSGID_DEFINITION_START = 0x0000, + MGMT_TXRX_WAL_LOCAL_FRAME_SEND_MSGID, + MGMT_TXRX_WAL_FRAME_SEND_MSGID, + MGMT_TXRX_FORWARD_TO_HOST_MSGID, + DATA_TXRX_WAL_LOCAL_FRAME_SEND_MSGID, + MGMT_TXRX_MSGID_DEFINITION_END = 0x7fff, +} MGMT_TXRX_MSGID; + +/* OFFLOAD messageIDs for ML logging */ +typedef enum { + OFFLOAD_MSGID_DEFINITION_START = 0x0000, + OFFLOAD_MGMT_RX_FRAME_ALLOW_MSGID, + OFFLOAD_MGMT_RX_FRAME_DROP_MSGID, + OFFLOAD_PROTO_DATA_RX_FRAME_STATUS_MSGID, + OFFLOAD_PROTO_DATA_RX_FRAME_TYPE_MSGID, + OFFLOAD_SCAN_CH_PREDICTION_MSGID, + OFFLOAD_SCAN_ADAPTIVE_BCNPRB_MSGID, + OFFLOAD_VDEV_OWN_BEACON_MSGID, + OFFLOAD_VDEV_BEACON_FILTER_MSGID, + OFFLOAD_VDEV_CONNECTING_MSGID, + OFFLOAD_11D_SCAN_MSGID, + OFFLOAD_BATCH_SCAN_MSGID, + OFFLOAD_OBSS_SCAN_MSGID, + OFFLOAD_ARP_RECV_MSGID, + OFFLOAD_ARP_DROP_MSGID, + OFFLOAD_ARP_REPLY_SUCCESS_MSGID, + OFFLOAD_ARP_REPLY_FAIL_MSGID, + OFFLOAD_NS_RECV_MSGID, + OFFLOAD_NS_DROP_MSGID, + OFFLOAD_NS_REPLY_SUCCESS_MSGID, + OFFLOAD_NS_REPLY_FAIL_MSGID, + OFFLOAD_GTK_PROESS_REKEY_MSGID, + OFFLOAD_GTK_REPLY_REKEY_MSGID, + OFFLOAD_GTK_PROESS_REKEY_FAIL_MSGID, + OFFLOAD_SUPPL_EAP_RECV_MSGID, + OFFLOAD_SUPPL_EAP_1X_MSGID, + OFFLOAD_MSGID_DEFINITION_END = 0x7fff, +} OFFLOAD_MSGID; + +/* STA_PWRSAVE messageIDs for ML logging */ +typedef enum { + STA_PWRSAVE_MSGID_DEFINITION_START = 0x0000, + STA_PWRSAVE_ARBITER_REQUEST_MSGID, + STA_PWRSAVE_MSGID_DEFINITION_END = 0x7fff, +} STA_PWRSAVE_MSGID; + +/* COEX messageIDs for ML logging */ +typedef enum { + COEX_MSGID_DEFINITION_START = 0x0000, + COEX_ASM_ANTENNA_REQUEST_MSGID, + COEX_ASM_ANTENNA_RELEASE_MSGID, + COEX_EVENT_HANDLER_RESMGR_MSGID, + COEX_EVENT_HANDLER_SCAN_ANT_MSGID, + COEX_EVENT_HANDLER_VDEV_ANT_OP_MSGID, + COEX_MSGID_DEFINITION_END = 0x7fff, +} COEX_MSGID; + +/* STA_SMPS messageIDs for ML logging */ +typedef enum { + STA_SMPS_MSGID_DEFINITION_START = 0x0000, + STA_SMPS_VC_CFG_NOTIFY_MSGID, + STA_SMPS_MSGID_EDFINITION_END = 0x7fff, +} STA_SMPS_MSGID; + +/* WAL messageIDs for ML logging */ +typedef enum { + WAL_MSGID_DEFINITION_START = 0x0000, + WAL_PDEV_CHANNEL_CHANGE_MSGID, + WAL_PDEV_HALPHY_RUN_DPD_CAL_MSGID, + WAL_TX_MGMT_COMP_MSGID, + WAL_TX_MGMT_ENQUEUE_MSGID, + WAL_RX_SUSPEND_START_MSGID, + WAL_RX_SUSPEND_SUCCESS_MSGID, + WAL_RX_RESUME_START_MSGID, + WAL_SOC_SWITCH_MODE_MSGID, + WAL_CONNECTION_PAUSE_BLOCK_ENABLE_MSGID, + WAL_CONNECTION_PAUSE_BLOCK_DISABLE_MSGID, + WAL_VDEV_PAUSE_ENABLE_MSGID, + WAL_VDEV_PAUSE_DISABLE_MSGID, + WAL_VDEV_PAUSE_RESET_MSGID, + WAL_PDEV_PAUSE_ENABLE_MSGID, + WAL_PDEV_PAUSE_DISABLE_MSGID, + WAL_PEER_SEND_N_REQ_MSGID, + WAL_PEER_PS_PRE_REQ_MSGID, + WAL_CONNECTION_PAUSE_ATTACH_TID_MSGID, + WAL_PDEV_PAUSE_NOTIFY_VDEV_CREATE_MSGID, + WAL_CONNECTION_PAUSE_PEER_CREATE_MSGID, + WAL_CONNECTION_PAUSE_TIDQ_HWQ_EMPTY_MSGID, + WAL_TX_SEND_ABORT_TX_MSGID, + WAL_TX_SEND_RESUME_TX_MSGID, + WAL_TX_FLUSH_TID_MSGID, + WAL_TX_FLUSH_PEER_MSGID, + WAL_TX_FLUSH_VDEV_MSGID, + WAL_VDEV_UP_MSGID, + WAL_VDEV_START_MSGID, + WAL_VDEV_DOWN_MSGID, + WAL_VDEV_STOP_MSGID, + WAL_VDEV_MIGRATE_MSGID, + WAL_PEER_CONSECUTIVE_FAILURE_MSGID, + WAL_PEER_CONSECUTIVE_FAILURE_RESET_MSGID, + WAL_PEER_STA_KICKOUT_MSGID, + SM_DISPATCH_EVENT_MSGID, + SM_STATE_TRANSITION_MSGID, + WAL_THREAD_COMM_TX_PAUSE_HWQ_EMPTY_MSGID, + WAL_THREAD_COMM_PEER_TX_PAUSE_REQ_MSGID, + WAL_THREAD_COMM_PEER_TX_UNPAUSE_REQ_MSGID, + WAL_THREAD_COMM_VDEV_TX_PAUSE_REQ_MSGID, + WAL_THREAD_COMM_PDEV_TX_PAUSE_REQ_MSGID, + WAL_THREAD_COMM_VDEV_TX_UNPAUSE_REQ_MSGID, + WAL_THREAD_COMM_PDEV_TX_UNPAUSE_REQ_MSGID, + WAL_THREAD_COMM_VDEV_TX_PAUSE_RESET_IND_MSGID, + WAL_THREAD_COMM_PEER_TX_BLOCK_REQ_MSGID, + WAL_THREAD_COMM_PEER_TX_UNBLOCK_REQ_MSGID, + WAL_THREAD_COMM_PEER_SEND_N_REQ_MSGID, + WAL_THREAD_COMM_PEER_PS_PRE_REQ_MSGID, + WAL_THREAD_COMM_TX_PAUSE_TID_CREATE_MSGID, + WAL_THREAD_COMM_TX_PAUSE_VDEV_CREATE_MSGID, + WAL_THREAD_COMM_TX_PAUSE_POST_RESPONSE_MSGID, + WAL_THREAD_COMM_PDEV_EVENT_HANDLER_MSGID, + WAL_THREAD_COMM_VDEV_EVENT_HANDLER_MSGID, + WAL_THREAD_COMM_PEER_EVENT_HANDLER_MSGID, + WAL_THREAD_COMM_POWER_MSGID, + WAL_THREAD_COMM_RT_POWER_BEACON_TIMEOUT_MSGID, + WAL_THREAD_COMM_RT_POWER_SUSPEND_FAIL_RESET_MSGID, + WAL_THREAD_COMM_RT_DATA_NULL_DEAUTH_MSGID, + WAL_THREAD_COMM_LOCAL_SEND_WITH_RATE_MSGID, + WAL_THREAD_COMM_LOCAL_SEND_COMPLETION_MSGID, + WAL_THREAD_COMM_TX_FLUSH_ENTITY_TID_MSGID, + WAL_THREAD_COMM_TX_FLUSH_ENTITY_PEER_MSGID, + WAL_THREAD_COMM_TX_FLUSH_ENTITY_VDEV_MSGID, + WAL_THREAD_COMM_TX_FLUSH_COMPLETE_MSGID, + WAL_THREAD_COMM_TAC_TID_LIST_OP_MSGID, + WAL_THREAD_COMM_TAC_TX_SCHED_MSGID, + WAL_THREAD_COMM_BE_RX_ATTACH_MSGID, + WAL_THREAD_COMM_TT_CONTROL_MSGID, + WAL_THREAD_COMM_RT_EXEC_DEV_RESET_MSGID, + WAL_THREAD_COMM_VDEV_MIGRATION_SYNC_MSGID, + WAL_THREAD_COMM_BE_SOC_SUSPEND_NOTIFY_MSGID, + WAL_THREAD_COMM_RT_SOC_SUSPEND_CONF_MSGID, + WAL_THREAD_COMM_TX_ABORT_MSGID, + WAL_THREAD_COMM_TX_RESUME_MSGID, + WAL_THREAD_COMM_RT_WPM_EXIT_HW_DTIM_AWAKE_MSGID, + WAL_THREAD_COMM_BE_RX_PROC_MSGID, + WAL_THREAD_COMM_BE_PEER_SET_PARAM_MSGID, + WAL_THREAD_COMM_PEER_SEND_MSG_MSGID, + WAL_THREAD_COMM_TID_DEL_MSGID, + WAL_TX_PAUSE_REQ_HANDLER_MSGID, + WAL_TX_PAUSE_RSP_HANDLER_MSGID, + WAL_SW_DTIM_POWER_MSG_HANDLER_MSGID, + WAL_PEER_KEY_SET_MSGID, + WAL_PEER_WAPI_EAPOL_TX_SEND_COMPLETE_MSGID, + WAL_PEER_PTK_M4_SENT_MSGID, + WAL_PEER_ALLOW_DATA_MSGID, + WAL_EVENT_HANDLER_VDEV_PAUSE_MSGID, + WAL_EVENT_HANDLER_STA_SWTIM_MSGID, + WAL_EVENT_HANDLER_VDEV_RECONFIG_MSGID, + WAL_MSGID_DEFINITION_END = 0x7fff, +} WAL_MSGID; + +/* WPM messageIDs for ML logging */ +typedef enum { + WPM_MSGID_DEFINITION_START = 0x0000, + WPM_ARBITER_REQUEST_MSGID, + WPM_MSGID_DEFINITION_END = 0x7fff, +} WPM_MSGID; + +/* MLME messageIDs for ML logging */ +typedef enum { + MLME_MSGID_DEFINITION_START = 0x0000, + MLME_THREAD_COMM_BE_HTT_SVC_VDEV_CHANGE_MSGID, + MLME_THREAD_COMM_INSTALL_KEY_MSGID, + MLME_THREAD_COMM_STORE_KEY_MSGID, + MLME_THREAD_COMM_UPDATE_STATUS_MSGID, + MLME_THREAD_COMM_CMD_PROXY_MSGID, + MLME_MSGID_DEFINITION_END = 0x7fff, +} MLME_MSGID; + +typedef enum { + SUPPL_MSGID_DEFINITION_START = 0x0000, + SUPPL_THREAD_COMM_INIT_AUTH_MSGID, + SUPPL_THREAD_COMM_STATUS_CHANGE_EVT_MSGID, + SUPPL_MSGID_DEFINITION_END = 0x7fff, +} SUPPL_MSGID; + +typedef enum { + AP_PWRSAVE_MSGID_DEFINITION_START = 0x0000, + AP_PWRSAVE_EVENT_HANDLER_SLEEP_STA_UPDATE_MSGID, + AP_PWRSAVE_MSGID_DEFINITION_END = 0x7fff, +} AP_PWRSAVE_MSGID; + /* INF debug identifier definitions */ #define INF_DBGID_DEFINITION_START 0 diff --git a/drivers/staging/fw-api/fw/htt.h b/drivers/staging/fw-api/fw/htt.h index 1523359afd65..31c49fe17256 100644 --- a/drivers/staging/fw-api/fw/htt.h +++ b/drivers/staging/fw-api/fw/htt.h @@ -168,9 +168,12 @@ * 3.51 Add SW peer ID and TID num to HTT TX WBM COMPLETION * 3.52 Add HTT_T2H FLOW_POOL_RESIZE msg def * 3.53 Update HTT_T2H FLOW_POOL_RESIZE msg def + * 3.54 Define mcast and mcast_valid flags within htt_tx_wbm_transmit_status + * 3.55 Add initiator / responder flags to RX_DELBA indication + * 3.56 Fix HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE bit-mask defs */ #define HTT_CURRENT_VERSION_MAJOR 3 -#define HTT_CURRENT_VERSION_MINOR 53 +#define HTT_CURRENT_VERSION_MINOR 56 #define HTT_NUM_TX_FRAG_DESC 1024 @@ -2341,7 +2344,11 @@ PREPACK struct htt_tx_wbm_transmit_status { * If this "valid" flag is not set, the * sw_peer_id and tid_num fields must be ignored. */ - reserved0: 10; + mcast: 1, + mcast_valid: 1, /* If this "mcast_valid" is set, the mcast field + * contains valid data. + */ + reserved0: 8; A_UINT32 reserved1: 32; } POSTPACK; @@ -2359,6 +2366,10 @@ PREPACK struct htt_tx_wbm_transmit_status { #define HTT_TX_WBM_COMPLETION_V2_TID_NUM_S 16 #define HTT_TX_WBM_COMPLETION_V2_VALID_M 0x00200000 #define HTT_TX_WBM_COMPLETION_V2_VALID_S 21 +#define HTT_TX_WBM_COMPLETION_V2_MCAST_M 0x00400000 +#define HTT_TX_WBM_COMPLETION_V2_MCAST_S 22 +#define HTT_TX_WBM_COMPLETION_V2_MCAST_VALID_M 0x00800000 +#define HTT_TX_WBM_COMPLETION_V2_MCAST_VALID_S 23 /* DWORD 4 */ #define HTT_TX_WBM_COMPLETION_V2_SCH_CMD_ID_GET(_var) \ @@ -2412,6 +2423,26 @@ PREPACK struct htt_tx_wbm_transmit_status { ((_var) |= ((_val) << HTT_TX_WBM_COMPLETION_V2_VALID_S)); \ } while (0) +#define HTT_TX_WBM_COMPLETION_V2_MCAST_GET(_var) \ + (((_var) & HTT_TX_WBM_COMPLETION_V2_MCAST_M) >> \ + HTT_TX_WBM_COMPLETION_V2_MCAST_S) + +#define HTT_TX_WBM_COMPLETION_V2_MCAST_SET(_var, _val) \ + do { \ + HTT_CHECK_SET_VAL(HTT_TX_WBM_COMPLETION_V2_MCAST, _val); \ + ((_var) |= ((_val) << HTT_TX_WBM_COMPLETION_V2_MCAST_S)); \ + } while (0) + +#define HTT_TX_WBM_COMPLETION_V2_MCAST_VALID_GET(_var) \ + (((_var) & HTT_TX_WBM_COMPLETION_V2_MCAST_VALID_M) >> \ + HTT_TX_WBM_COMPLETION_V2_MCAST_VALID_S) + +#define HTT_TX_WBM_COMPLETION_V2_MCAST_VALID_SET(_var, _val) \ + do { \ + HTT_CHECK_SET_VAL(HTT_TX_WBM_COMPLETION_V2_MCAST_VALID, _val); \ + ((_var) |= ((_val) << HTT_TX_WBM_COMPLETION_V2_MCAST_VALID_S)); \ + } while (0) + /** * @brief HTT TX WBM reinject status from firmware to host * @details @@ -4964,23 +4995,23 @@ PREPACK struct htt_rx_ring_selection_cfg_t { #define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MO_MGMT_0111_S 23 /* Beacon */ -#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_FP_MGMT_1000_M 0x01000001 +#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_FP_MGMT_1000_M 0x01000000 #define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_FP_MGMT_1000_S 24 -#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MD_MGMT_1000_M 0x02000001 +#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MD_MGMT_1000_M 0x02000000 #define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MD_MGMT_1000_S 25 -#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MO_MGMT_1000_M 0x00000001 +#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MO_MGMT_1000_M 0x04000000 #define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MO_MGMT_1000_S 26 /* ATIM */ -#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_FP_MGMT_1001_M 0x00000001 +#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_FP_MGMT_1001_M 0x08000000 #define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_FP_MGMT_1001_S 27 -#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MD_MGMT_1001_M 0x00000001 +#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MD_MGMT_1001_M 0x10000000 #define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MD_MGMT_1001_S 28 -#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MO_MGMT_1001_M 0x00000001 +#define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MO_MGMT_1001_M 0x20000000 #define HTT_RX_RING_SELECTION_CFG_PKT_TYPE_ENABLE_FLAG0_MO_MGMT_1001_S 29 /* Disassociation */ @@ -5567,6 +5598,7 @@ enum htt_t2h_msg_type { HTT_T2H_MSG_TYPE_PEER_UNMAP_V2 = 0x1f, HTT_T2H_MSG_TYPE_MONITOR_MAC_HEADER_IND = 0x20, HTT_T2H_MSG_TYPE_FLOW_POOL_RESIZE = 0x21, + HTT_T2H_MSG_TYPE_CFR_DUMP_COMPL_IND = 0x22, HTT_T2H_MSG_TYPE_TEST, /* keep this last */ @@ -7780,9 +7812,9 @@ PREPACK struct htt_chan_info_t * The following diagram shows the format of the rx DELBA message sent * from the target to the host: * - * |31 20|19 16|15 8|7 0| + * |31 20|19 16|15 10|9 8|7 0| * |---------------------------------------------------------------------| - * | peer ID | TID | reserved | msg type | + * | peer ID | TID | reserved | IR| msg type | * |---------------------------------------------------------------------| * * The following field definitions describe the format of the rx ADDBA @@ -7791,6 +7823,15 @@ PREPACK struct htt_chan_info_t * Bits 7:0 * Purpose: identifies this as an rx ADDBA or DELBA message * Value: ADDBA -> 0x5, DELBA -> 0x6 + * - IR (initiator / recipient) + * Bits 9:8 (DELBA only) + * Purpose: specify whether the DELBA handshake was initiated by the + * local STA/AP, or by the peer STA/AP + * Value: + * 0 - unspecified + * 1 - initiator (a.k.a. originator) + * 2 - recipient (a.k.a. responder) + * 3 - unused / reserved * - WIN_SIZE * Bits 15:8 (ADDBA only) * Purpose: Specifies the length of the block ack window (max = 64). @@ -7843,6 +7884,8 @@ PREPACK struct htt_chan_info_t #define HTT_RX_ADDBA_BYTES 4 +#define HTT_RX_DELBA_INITIATOR_M 0x00000300 +#define HTT_RX_DELBA_INITIATOR_S 8 #define HTT_RX_DELBA_TID_M HTT_RX_ADDBA_TID_M #define HTT_RX_DELBA_TID_S HTT_RX_ADDBA_TID_S #define HTT_RX_DELBA_PEER_ID_M HTT_RX_ADDBA_PEER_ID_M @@ -7853,6 +7896,14 @@ PREPACK struct htt_chan_info_t #define HTT_RX_DELBA_PEER_ID_SET HTT_RX_ADDBA_PEER_ID_SET #define HTT_RX_DELBA_PEER_ID_GET HTT_RX_ADDBA_PEER_ID_GET +#define HTT_RX_DELBA_INITIATOR_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_RX_DELBA_INITIATOR, value); \ + (word) |= (value) << HTT_RX_DELBA_INITIATOR_S; \ + } while (0) +#define HTT_RX_DELBA_INITIATOR_GET(word) \ + (((word) & HTT_RX_DELBA_INITIATOR_M) >> HTT_RX_DELBA_INITIATOR_S) + #define HTT_RX_DELBA_BYTES 4 /** @@ -10540,4 +10591,496 @@ PREPACK struct htt_flow_pool_resize_t { ((_var) |= ((_val) << HTT_FLOW_POOL_RESIZE_FLOW_POOL_NEW_SIZE_S)); \ } while (0) +/** + * @brief host -> target channel change message + * + * @details + * the meesage is generated by FW every time FW changes channel. This will be used by host mainly + * to associate RX frames to correct channel they were received on. + * The following field definitions describe the format of the HTT target + * to host channel change message. + * |31 16|15 8|7 5|4 0| + * |------------------------------------------------------------| + * | reserved | MSG_TYPE | + * |------------------------------------------------------------| + * | CHAN_MHZ | + * |------------------------------------------------------------| + * | BAND_CENTER_FREQ1 | + * |------------------------------------------------------------| + * | BAND_CENTER_FREQ2 | + * |------------------------------------------------------------| + * | CHAN_PHY_MODE | + * |------------------------------------------------------------| + * Header fields: + * - MSG_TYPE + * Bits 7:0 + * Value: 0xf + * - CHAN_MHZ + * Bits 31:0 + * Purpose: frequency of the primary 20mhz channel. + * - BAND_CENTER_FREQ1 + * Bits 31:0 + * Purpose: centre frequency of the full channel. + * - BAND_CENTER_FREQ2 + * Bits 31:0 + * Purpose: centre frequency2 of the channel. is only valid for 11acvht 80plus80. + * - CHAN_PHY_MODE + * Bits 31:0 + * Purpose: phy mode of the channel. +*/ + +PREPACK struct htt_chan_change_msg { + A_UINT32 chan_mhz; /* frequency in mhz */ + + A_UINT32 band_center_freq1; /* Center frequency 1 in MHz*/ + + A_UINT32 band_center_freq2; /* Center frequency 2 in MHz - valid only for 11acvht 80plus80 mode*/ + + A_UINT32 chan_mode; /* WLAN_PHY_MODE of the channel defined in wlan_defs.h */ +} POSTPACK; + +#define HTT_CFR_CAPTURE_MAGIC_PATTERN 0xCCCCCCCC +#define HTT_CFR_CAPTURE_READ_INDEX_OFFSET 0 /* bytes */ +#define HTT_CFR_CAPTURE_SIZEOF_READ_INDEX_BYTES 4 +#define HTT_CFR_CAPTURE_WRITE_INDEX_OFFSET /* bytes */ \ + (HTT_CFR_CAPTURE_READ_INDEX_OFFSET + HTT_CFR_CAPTURE_SIZEOF_READ_INDEX_BYTES) +#define HTT_CFR_CAPTURE_SIZEOF_WRITE_INDEX_BYTES 4 +#define HTT_CFR_CAPTURE_SIZEOF_MAGIC_PATTERN_BYTES 4 +/* + * The read and write indices point to the data within the host buffer. + * Because the first 4 bytes of the host buffer is used for the read index and + * the next 4 bytes for the write index, the data itself starts at offset 8. + * The read index and write index are the byte offsets from the base of the + * meta-data buffer, and thus have a minimum value of 8 rather than 0. + * Refer the ASCII text picture below. + */ +#define HTT_CFR_CAPTURE_INITIAL_RW_START_INDEX \ + (HTT_CFR_CAPTURE_SIZEOF_READ_INDEX_BYTES + \ + HTT_CFR_CAPTURE_SIZEOF_WRITE_INDEX_BYTES) + +/* + *************************************************************************** + * + * Layout when CFR capture message type is 'HTT_PEER_CFR_CAPTURE_MSG_TYPE_1' + * + *************************************************************************** + * + * The memory allocated by WMI_CHANNEL_CAPTURE_HOST_MEM_REQ_ID is used + * in the below format. The HTT message 'htt_cfr_dump_compl_ind' is sent by + * FW to Host whenever a CFR capture (CFR data1 or CFR data2 etc.,) is + * written into the Host memory region mentioned below. + * + * Read index is updated by the Host. At any point of time, the read index will + * indicate the index that will next be read by the Host. The read index is + * in units of bytes offset from the base of the meta-data buffer. + * + * Write index is updated by the FW. At any point of time, the write index will + * indicate from where the FW can start writing any new data. The write index is + * in units of bytes offset from the base of the meta-data buffer. + * + * If the Host is not fast enough in reading the CFR data, any new capture data + * would be dropped if there is no space left to write the new captures. + * + * The last 4 bytes of the memory region will have the magic pattern + * HTT_CFR_CAPTURE_MAGIC_PATTERN. This can be used to ensure that the FW does + * not overrun the host buffer. + * + * ,--------------------. read and write indices store the + * | | byte offset from the base of the + * | ,--------+--------. meta-data buffer to the next + * | | | | location within the data buffer + * | | v v that will be read / written + * ************************************************************************ + * * Read * Write * * Magic * + * * index * index * CFR data1 ...... CFR data N * pattern * + * * (4 bytes) * (4 bytes) * * (4 bytes)* + * ************************************************************************ + * |<---------- data buffer ---------->| + * + * |<----------------- meta-data buffer allocated in Host ----------------| + * + * Note: + * - Considering the 4 bytes needed to store the Read index (R) and the + * Write index (W), the initial value is as follows: + * R = W = HTT_CFR_CAPTURE_INITIAL_RW_START_INDEX + * - Buffer empty condition: + * R = W + * + * Regarding CFR data format: + * -------------------------- + * + * Each CFR tone is stored in HW as 16-bits with the following format: + * {bits[15:12], bits[11:6], bits[5:0]} = + * {unsigned exponent (4 bits), + * signed mantissa_real (6 bits), + * signed mantissa_imag (6 bits)} + * + * CFR_real = mantissa_real * 2^(exponent-5) + * CFR_imag = mantissa_imag * 2^(exponent-5) + * + * + * The CFR data is written to the 16-bit unsigned output array (buff) in + * ascending tone order. For example, the Legacy20 CFR is output as follows: + * + * buff[0]: [CFR_exp[-26], CFR_mant_real[-26], CFR_mant_imag[-26]] + * buff[1]: [CFR_exp[-25], CFR_mant_real[-25], CFR_mant_imag[-25]] + * . + * . + * . + * buff[N-2]: [CFR_exp[25], CFR_mant_real[25], CFR_mant_imag[25]] + * buff[N-1]: [CFR_exp[26], CFR_mant_real[26], CFR_mant_imag[26]] + */ + +/* Bandwidth of peer CFR captures */ +typedef enum { + HTT_PEER_CFR_CAPTURE_BW_20MHZ = 0, + HTT_PEER_CFR_CAPTURE_BW_40MHZ = 1, + HTT_PEER_CFR_CAPTURE_BW_80MHZ = 2, + HTT_PEER_CFR_CAPTURE_BW_160MHZ = 3, + HTT_PEER_CFR_CAPTURE_BW_80_80MHZ = 4, + HTT_PEER_CFR_CAPTURE_BW_MAX, +} HTT_PEER_CFR_CAPTURE_BW; + +/* Mode of the peer CFR captures. The type of RX frame for which the CFR + * was captured + */ +typedef enum { + HTT_PEER_CFR_CAPTURE_MODE_LEGACY = 0, + HTT_PEER_CFR_CAPTURE_MODE_DUP_LEGACY = 1, + HTT_PEER_CFR_CAPTURE_MODE_HT = 2, + HTT_PEER_CFR_CAPTURE_MODE_VHT = 3, + HTT_PEER_CFR_CAPTURE_MODE_MAX, +} HTT_PEER_CFR_CAPTURE_MODE; + +typedef enum { + /* This message type is currently used for the below purpose: + * + * - capture_method = WMI_PEER_CFR_CAPTURE_METHOD_NULL_FRAME in the + * wmi_peer_cfr_capture_cmd. The associated memory region gets allocated + * through WMI_CHANNEL_CAPTURE_HOST_MEM_REQ_ID + */ + HTT_PEER_CFR_CAPTURE_MSG_TYPE_1 = 0x1, + + /* Always keep this last */ + HTT_PEER_CFR_CAPTURE_MSG_TYPE_MAX, +} HTT_PEER_CFR_CAPTURE_MSG_TYPE; + +/** + * @brief target -> host CFR dump completion indication message definition + * htt_cfr_dump_compl_ind when the version is HTT_PEER_CFR_CAPTURE_MSG_TYPE_1. + * + * @details + * The following diagram shows the format of the Channel Frequency Response + * (CFR) dump completion indication. This inidcation is sent to the Host when + * the channel capture of a peer is copied by Firmware into the Host memory + * + * ************************************************************************** + * + * Message format when the CFR capture message type is + * 'HTT_PEER_CFR_CAPTURE_MSG_TYPE_1' + * + * ************************************************************************** + * + * |31 16|15 |7 0| + * |----------------------------------------------------------------| + * header: | reserved | msg_type | + * word 0 | | | + * |----------------------------------------------------------------| + * payload: | cfr_capture_msg_type | + * word 1 | | + * |----------------------------------------------------------------| + * | vdev_id | captype | chbw | sts | mode | capbw |S| req_id | + * word 2 | | | | | | | | | + * |----------------------------------------------------------------| + * | mac_addr31to0 | + * word 3 | | + * |----------------------------------------------------------------| + * | unused / reserved | mac_addr47to32 | + * word 4 | | | + * |----------------------------------------------------------------| + * | index | + * word 5 | | + * |----------------------------------------------------------------| + * | length | + * word 6 | | + * |----------------------------------------------------------------| + * | timestamp | + * word 7 | | + * |----------------------------------------------------------------| + * | counter | + * word 8 | | + * |----------------------------------------------------------------| + * | chan_mhz | + * word 9 | | + * |----------------------------------------------------------------| + * | band_center_freq1 | + * word 10 | | + * |----------------------------------------------------------------| + * | band_center_freq2 | + * word 11 | | + * |----------------------------------------------------------------| + * | chan_phy_mode | + * word 12 | | + * |----------------------------------------------------------------| + * where, + * req_id - memory request id (mem_req_id explained below) + * S - status field (status explained below) + * capbw - capture bandwidth (capture_bw explained below) + * mode - mode of capture (mode explained below) + * sts - space time streams (sts_count explained below) + * chbw - channel bandwidth (channel_bw explained below) + * captype - capture type (cap_type explained below) + * + * The following field definitions describe the format of the CFR dump + * completion indication sent from the target to the host + * + * Header fields: + * + * Word 0 + * - msg_type + * Bits 7:0 + * Purpose: Identifies this as CFR TX completion indication + * Value: HTT_T2H_MSG_TYPE_CFR_DUMP_COMPL_IND + * - reserved + * Bits 31:8 + * Purpose: Reserved + * Value: 0 + * + * Payload fields: + * + * Word 1 + * - cfr_capture_msg_type + * Bits 31:0 + * Purpose: Contains the type of the message HTT_PEER_CFR_CAPTURE_MSG_TYPE + * to specify the format used for the remainder of the message + * Value: HTT_PEER_CFR_CAPTURE_MSG_TYPE_1 + * (currently only MSG_TYPE_1 is defined) + * + * Word 2 + * - mem_req_id + * Bits 6:0 + * Purpose: Contain the mem request id of the region where the CFR capture + * has been stored - of type WMI_HOST_MEM_REQ_ID + * Value: WMI_CHANNEL_CAPTURE_HOST_MEM_REQ_ID + * - status + * Bit 7 + * Purpose: Boolean value carrying the status of the CFR capture of the peer + * Value: 1 (True) - Successful; 0 (False) - Not successful + * - capture_bw + * Bits 10:8 + * Purpose: Carry the bandwidth of the CFR capture + * Value: Bandwidth of the CFR capture of type HTT_PEER_CFR_CAPTURE_BW + * - mode + * Bits 13:11 + * Purpose: Carry the mode of the rx frame for which the CFR was captured + * Value: Mode of the CFR capture of type HTT_PEER_CFR_CAPTURE_MODE + * - sts_count + * Bits 16:14 + * Purpose: Carry the number of space time streams + * Value: Number of space time streams + * - channel_bw + * Bits 19:17 + * Purpose: Carry the bandwidth of the channel of the vdev performing the + * measurement + * Value: Bandwidth of the channel (of type HTT_PEER_CFR_CAPTURE_BW) + * - cap_type + * Bits 23:20 + * Purpose: Carry the type of the capture + * Value: Capture type (of type WMI_PEER_CFR_CAPTURE_METHOD) + * - vdev_id + * Bits 31:24 + * Purpose: Carry the virtual device id + * Value: vdev ID + * + * Word 3 + * - mac_addr31to0 + * Bits 31:0 + * Purpose: Contain the bits 31:0 of the peer MAC address + * Value: Bits 31:0 of the peer MAC address + * + * Word 4 + * - mac_addr47to32 + * Bits 15:0 + * Purpose: Contain the bits 47:32 of the peer MAC address + * Value: Bits 47:32 of the peer MAC address + * + * Word 5 + * - index + * Bits 31:0 + * Purpose: Contain the index at which this CFR dump was written in the Host + * allocated memory. This index is the number of bytes from the base address. + * Value: Index position + * + * Word 6 + * - length + * Bits 31:0 + * Purpose: Carry the length of the CFR capture of the peer, in bytes + * Value: Length of the CFR capture of the peer + * + * Word 7 + * - timestamp + * Bits 31:0 + * Purpose: Carry the time at which the CFR was captured in the hardware. The + * clock used for this timestamp is private to the target and not visible to + * the host i.e., Host can interpret only the relative timestamp deltas from + * one message to the next, but can't interpret the absolute timestamp from a + * single message. + * Value: Timestamp in microseconds + * + * Word 8 + * - counter + * Bits 31:0 + * Purpose: Carry the count of the current CFR capture from FW. This is + * helpful to identify any drops in FW in any scenario (e.g., lack of space + * in host memory) + * Value: Count of the current CFR capture + * + * Word 9 + * - chan_mhz + * Bits 31:0 + * Purpose: Carry the primary 20 MHz channel frequency in MHz of the VDEV + * Value: Primary 20 channel frequency + * + * Word 10 + * - band_center_freq1 + * Bits 31:0 + * Purpose: Carry the center frequency 1 in MHz of the VDEV + * Value: Center frequency 1 in MHz + * + * Word 11 + * - band_center_freq2 + * Bits 31:0 + * Purpose: Carry the center frequency 2 in MHz. valid only for 11acvht of + * the VDEV + * 80plus80 mode + * Value: Center frequency 2 in MHz + * + * Word 12 + * - chan_phy_mode + * Bits 31:0 + * Purpose: Carry the phy mode of the channel, of the VDEV + * Value: WLAN_PHY_MODE of the channel defined in wlan_defs.h + */ +PREPACK struct htt_cfr_dump_ind_type_1 { + A_UINT32 mem_req_id:7, + status:1, + capture_bw:3, + mode:3, + sts_count:3, + channel_bw:3, + cap_type:4, + vdev_id:8; + htt_mac_addr addr; + A_UINT32 index; + A_UINT32 length; + A_UINT32 timestamp; + A_UINT32 counter; + struct htt_chan_change_msg chan; +} POSTPACK; + +PREPACK struct htt_cfr_dump_compl_ind { + A_UINT32 msg_type; /* HTT_PEER_CFR_CAPTURE_MSG_TYPE */ + union { + /* Message format when msg_type = HTT_PEER_CFR_CAPTURE_MSG_TYPE_1 */ + struct htt_cfr_dump_ind_type_1 htt_cfr_dump_compl_ind_type_1; + /* If there is a need to change the memory layout and its associated + * HTT indication format, a new CFR capture message type can be + * introduced and added into this union. + */ + }; +} POSTPACK; + +/* + * Get / set macros for the bit fields within WORD-2 of htt_cfr_dump_compl_ind, + * msg_type = HTT_PEER_CFR_CAPTURE_MSG_TYPE_1 + */ +#define HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID_M 0X0000007F +#define HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID_S 0 +#define HTT_T2H_CFR_DUMP_TYPE1_STATUS_M 0X00000080 +#define HTT_T2H_CFR_DUMP_TYPE1_STATUS_S 7 +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_BW_M 0X00000700 +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_BW_S 8 +#define HTT_T2H_CFR_DUMP_TYPE1_MODE_M 0X00003800 +#define HTT_T2H_CFR_DUMP_TYPE1_MODE_S 11 +#define HTT_T2H_CFR_DUMP_TYPE1_STS_M 0X0001C000 +#define HTT_T2H_CFR_DUMP_TYPE1_STS_S 14 +#define HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW_M 0X000E0000 +#define HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW_S 17 +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE_M 0X00F00000 +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE_S 20 +#define HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID_M 0XFF000000 +#define HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID_S 24 + +#define HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_MEM_REQ_ID_S) + +#define HTT_T2H_CFR_DUMP_TYPE1_STATUS_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_STATUS, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_STATUS_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_STATUS_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_STATUS_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_STATUS_S) + +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_BW_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_CAP_BW, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_CAP_BW_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_BW_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_CAP_BW_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_CAP_BW_S) + +#define HTT_T2H_CFR_DUMP_TYPE1_MODE_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_MODE, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_MODE_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_MODE_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_MODE_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_MODE_S) + +#define HTT_T2H_CFR_DUMP_TYPE1_STS_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_STS, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_STS_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_STS_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_STS_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_STS_S) + +#define HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_CHAN_BW_S) + +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_CAP_TYPE_S) + +#define HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID_SET(word, value) \ + do { \ + HTT_CHECK_SET_VAL(HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID, value); \ + (word) |= (value) << HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID_S; \ + } while (0) +#define HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID_GET(word) \ + (((word) & HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID_M) >> \ + HTT_T2H_CFR_DUMP_TYPE1_VDEV_ID_S) + #endif diff --git a/drivers/staging/fw-api/fw/htt_stats.h b/drivers/staging/fw-api/fw/htt_stats.h index 447d0f0b36ef..1da4a55e849b 100644 --- a/drivers/staging/fw-api/fw/htt_stats.h +++ b/drivers/staging/fw-api/fw/htt_stats.h @@ -613,8 +613,8 @@ typedef struct { */ typedef struct { htt_tlv_hdr_t tlv_hdr; - A_UINT32 tried_mpdu_cnt_hist[1]; /* HTT_TX_PDEV_TRIED_MPDU_CNT_HIST */ A_UINT32 hist_bin_size; + A_UINT32 tried_mpdu_cnt_hist[1]; /* HTT_TX_PDEV_TRIED_MPDU_CNT_HIST */ } htt_tx_pdev_stats_tried_mpdu_cnt_hist_tlv_v; /* STATS_TYPE: HTT_DBG_EXT_STATS_PDEV_TX @@ -1384,9 +1384,9 @@ typedef struct { * */ typedef struct { htt_tlv_hdr_t tlv_hdr; + A_UINT32 hist_bin_size; /* Histogram of number of mpdus on tried mpdu */ A_UINT32 tried_mpdu_cnt_hist[1]; /* HTT_TX_HWQ_TRIED_MPDU_CNT_HIST */ - A_UINT32 hist_bin_size; } htt_tx_hwq_tried_mpdu_cnt_hist_tlv_v; #define HTT_TX_HWQ_TXOP_USED_CNT_HIST_TLV_SZ(_num_elems) (sizeof(A_UINT32) * (_num_elems)) diff --git a/drivers/staging/fw-api/fw/wmi_services.h b/drivers/staging/fw-api/fw/wmi_services.h index cd02da96c3e9..a67dada36748 100755 --- a/drivers/staging/fw-api/fw/wmi_services.h +++ b/drivers/staging/fw-api/fw/wmi_services.h @@ -257,7 +257,12 @@ typedef enum { WMI_SERVICE_INFRA_MBSSID=161, /* support infra multi-BSSID feature */ WMI_SERVICE_OBSS_SPATIAL_REUSE=162, /* support spatial reuse feature */ WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT=163, /* Support different beacon intervals on different VDEVs */ - + WMI_SERVICE_NAN_DBS_SUPPORT=164, /* Support DBS for NAN discovery interface */ + WMI_SERVICE_NDI_DBS_SUPPORT=165, /* Support DBS for NAN data interface */ + WMI_SERVICE_NAN_SAP_SUPPORT=166, /* Support SAP Concurrency for NAN Discovery interface */ + WMI_SERVICE_NDI_SAP_SUPPORT=167, /* Support SAP Concurrency for NAN Data interface */ + WMI_SERVICE_CFR_CAPTURE_SUPPORT=168, /* Support to capture uncompressed Channel Frequency Response (CFR) */ + WMI_SERVICE_CFR_CAPTURE_IND_MSG_TYPE_1=169, /* Message type HTT_PEER_CFR_CAPTURE_MSG_TYPE_1 in HTT_T2H_MSG_TYPE_CFR_DUMP_COMPL_IND */ /******* ADD NEW SERVICES HERE *******/ diff --git a/drivers/staging/fw-api/fw/wmi_tlv_defs.h b/drivers/staging/fw-api/fw/wmi_tlv_defs.h index dfe45b4ef8b2..96c2b9176c7b 100755 --- a/drivers/staging/fw-api/fw/wmi_tlv_defs.h +++ b/drivers/staging/fw-api/fw/wmi_tlv_defs.h @@ -924,6 +924,12 @@ typedef enum { WMITLV_TAG_STRUC_wmi_motion_det_base_line_event, WMITLV_TAG_STRUC_wmi_ndp_transport_ip_param, WMITLV_TAG_STRUC_wmi_obss_spatial_reuse_set_cmd_fixed_param, + WMITLV_TAG_STRUC_wmi_esp_estimate_event_fixed_param, + WMITLV_TAG_STRUC_wmi_nan_host_config_param, + WMITLV_TAG_STRUC_wmi_spectral_bin_scaling_params, + WMITLV_TAG_STRUC_wmi_peer_cfr_capture_cmd_fixed_param, + WMITLV_TAG_STRUC_wmi_peer_chan_width_switch_cmd_fixed_param, + WMITLV_TAG_STRUC_wmi_chan_width_peer_list, } WMITLV_TAG_ID; /* @@ -1302,6 +1308,8 @@ typedef enum { OP(WMI_MOTION_DET_START_STOP_CMDID) \ OP(WMI_MOTION_DET_BASE_LINE_START_STOP_CMDID) \ OP(WMI_PDEV_OBSS_PD_SPATIAL_REUSE_CMDID) \ + OP(WMI_PEER_CFR_CAPTURE_CMDID) \ + OP(WMI_PEER_CHAN_WIDTH_SWITCH_CMDID) \ /* add new CMD_LIST elements above this line */ @@ -1511,6 +1519,7 @@ typedef enum { OP(WMI_GET_TPC_POWER_EVENTID) \ OP(WMI_MOTION_DET_HOST_EVENTID) \ OP(WMI_MOTION_DET_BASE_LINE_HOST_EVENTID) \ + OP(WMI_ESP_ESTIMATE_EVENTID) \ /* add new EVT_LIST elements above this line */ @@ -2932,7 +2941,8 @@ WMITLV_CREATE_PARAM_STRUC(WMI_DEL_PROACTIVE_ARP_RSP_PATTERN_CMDID); /* NaN Request */ #define WMITLV_TABLE_WMI_NAN_CMDID(id,op,buf,len) \ WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_STRUC_wmi_nan_cmd_param, wmi_nan_cmd_param, fixed_param, WMITLV_SIZE_FIX) \ - WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_BYTE, A_UINT8, data, WMITLV_SIZE_VAR) + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_BYTE, A_UINT8, data, WMITLV_SIZE_VAR) \ + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_STRUC, wmi_nan_host_config_param, host_config, WMITLV_SIZE_VAR) WMITLV_CREATE_PARAM_STRUC(WMI_NAN_CMDID); /* NAN Data Get Capabilities Cmd */ @@ -3753,6 +3763,17 @@ WMITLV_CREATE_PARAM_STRUC(WMI_PEER_TID_CONFIGURATIONS_CMDID); WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_STRUC_wmi_obss_spatial_reuse_set_cmd_fixed_param, wmi_obss_spatial_reuse_set_cmd_fixed_param, fixed_param, WMITLV_SIZE_FIX) WMITLV_CREATE_PARAM_STRUC(WMI_PDEV_OBSS_PD_SPATIAL_REUSE_CMDID); +/* Peer CFR capture cmd */ +#define WMITLV_TABLE_WMI_PEER_CFR_CAPTURE_CMDID(id,op,buf,len) \ + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_STRUC_wmi_peer_cfr_capture_cmd_fixed_param, wmi_peer_cfr_capture_cmd_fixed_param, fixed_param, WMITLV_SIZE_FIX) +WMITLV_CREATE_PARAM_STRUC(WMI_PEER_CFR_CAPTURE_CMDID); + +/* CHANNEL WIDTH SWITCH commands for peers. */ +#define WMITLV_TABLE_WMI_PEER_CHAN_WIDTH_SWITCH_CMDID(id,op,buf,len) \ + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_STRUC_wmi_peer_chan_width_switch_cmd_fixed_param, wmi_peer_chan_width_switch_cmd_fixed_param, fixed_param, WMITLV_SIZE_FIX) \ + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_STRUC, wmi_chan_width_peer_list, peer_info, WMITLV_SIZE_VAR) +WMITLV_CREATE_PARAM_STRUC(WMI_PEER_CHAN_WIDTH_SWITCH_CMDID); + /************************** TLV definitions of WMI events *******************************/ @@ -3782,7 +3803,9 @@ WMITLV_CREATE_PARAM_STRUC(WMI_SERVICE_AVAILABLE_EVENTID); WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_STRUC, WMI_MAC_PHY_CHAINMASK_CAPABILITY, mac_phy_chainmask_caps, WMITLV_SIZE_VAR) \ WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_STRUC, WMI_OEM_DMA_RING_CAPABILITIES, oem_dma_ring_caps, WMITLV_SIZE_VAR) \ WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_STRUC_WMI_SAR_CAPABILITIES, WMI_SAR_CAPABILITIES, sar_caps, WMITLV_SIZE_FIX) \ - WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_STRUC, WMI_DMA_RING_CAPABILITIES, dma_ring_caps, WMITLV_SIZE_VAR) + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_STRUC, WMI_DMA_RING_CAPABILITIES, dma_ring_caps, WMITLV_SIZE_VAR) \ + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_ARRAY_STRUC, wmi_spectral_bin_scaling_params, wmi_bin_scaling_params, WMITLV_SIZE_VAR) + WMITLV_CREATE_PARAM_STRUC(WMI_SERVICE_READY_EXT_EVENTID); /* Ready event */ @@ -5052,6 +5075,11 @@ WMITLV_CREATE_PARAM_STRUC(WMI_MOTION_DET_HOST_EVENTID); WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_STRUC_wmi_motion_det_base_line_event, wmi_motion_det_base_line_event, fixed_param, WMITLV_SIZE_FIX) WMITLV_CREATE_PARAM_STRUC(WMI_MOTION_DET_BASE_LINE_HOST_EVENTID); +#define WMITLV_TABLE_WMI_ESP_ESTIMATE_EVENTID(id,op,buf,len) \ + WMITLV_ELEM(id,op,buf,len, WMITLV_TAG_STRUC_wmi_esp_estimate_event_fixed_param, wmi_esp_estimate_event_fixed_param, fixed_param, WMITLV_SIZE_FIX) +WMITLV_CREATE_PARAM_STRUC(WMI_ESP_ESTIMATE_EVENTID); + + #ifdef __cplusplus } #endif diff --git a/drivers/staging/fw-api/fw/wmi_unified.h b/drivers/staging/fw-api/fw/wmi_unified.h index 7ff381b07919..17d5a0791cfa 100755 --- a/drivers/staging/fw-api/fw/wmi_unified.h +++ b/drivers/staging/fw-api/fw/wmi_unified.h @@ -150,7 +150,7 @@ static INLINE void wmi_packed_arr_set_bits(A_UINT32 *arr, A_UINT32 entry_index, } /** 2 word representation of MAC addr */ -typedef struct { +typedef struct _wmi_mac_addr { /** upper 4 bytes of MAC address */ A_UINT32 mac_addr31to0; /** lower 2 bytes of MAC address */ @@ -178,6 +178,16 @@ typedef struct { } while (0) /* + * The below function declarations are for implementations on some + * platforms of the above macros, but in function form, to save code + * memory by avoiding macro-inlining of a non-trivial amount of code. + * These function versions of the above macros may not be available + * on all host and target platforms. + */ +void wmi_mac_addr_to_char_array(wmi_mac_addr *pwmi_mac_addr, A_UINT8 *c_macaddr); +void wmi_char_array_to_mac_addr(A_UINT8 *c_macaddr, wmi_mac_addr *pwmi_mac_addr); + +/* * wmi command groups. */ typedef enum { @@ -245,6 +255,7 @@ typedef enum { WMI_GRP_TWT, /* 0x3e TWT (Target Wake Time) for STA and AP */ WMI_GRP_MOTION_DET, /* 0x3f */ WMI_GRP_SPATIAL_REUSE, /* 0x40 */ + WMI_GRP_ESP, /* 0x41 Estimate Service Parameters (802.11mc) */ } WMI_GRP_ID; #define WMI_CMD_GRP_START_ID(grp_id) (((grp_id) << 12) | 0x1) @@ -526,6 +537,15 @@ typedef enum { */ WMI_PEER_TID_CONFIGURATIONS_CMDID, + /** Peer configuration for Channel Frequency Response (CFR) capture + * of type wmi_peer_cfr_capture_cmd. The CFR capture is communicated + * through HTT_T2H_MSG_TYPE_CFR_DUMP_COMPL_IND. + */ + WMI_PEER_CFR_CAPTURE_CMDID, + + /** WMI command related to AP channel width switching */ + WMI_PEER_CHAN_WIDTH_SWITCH_CMDID, + /* beacon/management specific commands */ /** transmit beacon by reference . used for transmitting beacon on low latency interface like pcie */ @@ -1704,6 +1724,9 @@ typedef enum { /** WMI events related to motion detection */ WMI_MOTION_DET_HOST_EVENTID = WMI_EVT_GRP_START_ID(WMI_GRP_MOTION_DET), WMI_MOTION_DET_BASE_LINE_HOST_EVENTID, + + /** WMI events related to Estimation of Service Parameters (802.11mc) */ + WMI_ESP_ESTIMATE_EVENTID = WMI_EVT_GRP_START_ID(WMI_GRP_ESP), } WMI_EVT_ID; /* defines for OEM message sub-types */ @@ -2324,6 +2347,9 @@ typedef struct { * where 2^n is the maximum number of BSSIDs */ A_UINT32 max_bssid_indicator; + + /* 2nd DWORD of HE MAC Capabilities */ + A_UINT32 he_cap_info_ext; } wmi_service_ready_ext_event_fixed_param; typedef enum { @@ -2769,6 +2795,20 @@ typedef struct { #define WMI_RSRC_CFG_FLAG_EAPOL_REKEY_MINRATE_SUPPORT_ENABLE_S 14 #define WMI_RSRC_CFG_FLAG_EAPOL_REKEY_MINRATE_SUPPORT_ENABLE_M 0x4000 + #define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_VALID_S 15 + #define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_VALID_M 0x8000 + + /* + * If the AC override valid bit is set then this field will specify the + * access category to use for EAPOL frames + * 0 - WMM_AC_BE + * 1 - WMM_AC_BK + * 2 - WMM_AC_VI + * 3 - WMM_AC_VO + */ + #define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_S 16 + #define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_M 0x30000 + A_UINT32 flag1; /** @brief smart_ant_cap - Smart Antenna capabilities information @@ -2895,6 +2935,16 @@ typedef struct { * where 2^n is the maximum number of BSSIDs */ A_UINT32 max_bssid_indicator; + + /** @brief ul_resp_config - Configures the 11ax uplink ofdma feature on STA. + * I.e. sending uplink response to a trigger frame sent by AP. + * @details + * 0 - fw default behavior, based on chipset + * 1 - UL_RESP is disabled. + * 2 - UL_RESP is enabled. + * other - reserved. + */ + A_UINT32 ul_resp_config; } wmi_resource_config; #define WMI_RSRC_CFG_FLAG_SET(word32, flag, value) \ @@ -2977,6 +3027,16 @@ typedef struct { #define WMI_RSRC_CFG_FLAG_EAPOL_REKEY_MINRATE_SUPPORT_ENABLE_GET(word32) \ WMI_RSRC_CFG_FLAG_GET((word32), EAPOL_REKEY_MINRATE_SUPPORT_ENABLE) +#define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_VALID_SET(word32, value) \ + WMI_RSRC_CFG_FLAG_SET((word32), EAPOL_AC_OVERRIDE_VALID, (value)) +#define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_VALID_GET(word32) \ + WMI_RSRC_CFG_FLAG_GET((word32), EAPOL_AC_OVERRIDE_VALID) + +#define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_SET(word32, value) \ + WMI_RSRC_CFG_FLAG_SET((word32), EAPOL_AC_OVERRIDE, (value)) +#define WMI_RSRC_CFG_FLAG_EAPOL_AC_OVERRIDE_GET(word32) \ + WMI_RSRC_CFG_FLAG_GET((word32), EAPOL_AC_OVERRIDE) + typedef struct { A_UINT32 tlv_header; /* TLV tag and len; tag equals WMITLV_TAG_STRUC_wmi_init_cmd_fixed_param */ @@ -5104,6 +5164,42 @@ typedef enum { * >21: invalid value (ignored) */ WMI_PDEV_PARAM_MWSCOEX_SET_5GNR_PWR_LIMIT, /* 0xA5 */ + /** Set max msdus available for cong ctrl in target */ + WMI_PDEV_PARAM_SET_CONG_CTRL_MAX_MSDUS, /* 0xA6 */ + /* + * Configures the Estimated Throughput Calculation indication (802.11mc) settings. + * The accompanying A_UINT32 parameter, in units of seconds, specifies how often FW needs to send the ESP estimation indication to the host. + * Value 0: Disable this feature + * Non zero Value: Periodicity (seconds) + */ + WMI_PDEV_PARAM_ESP_INDICATION_PERIOD, /* 0xA7 */ + + /* + * Enable/Disable periodic peer CFR capture + * WMI_PEER_CFR_CAPTURE_ENABLE - Enable per peer periodic CFR capture + * WMI_PEER_CFR_CAPTURE_DISABLE - Disable per peer periodic CFR capture + */ + WMI_PDEV_PARAM_PER_PEER_PERIODIC_CFR_ENABLE, + + /* + * Set the base timer for the periodic CFR capture. By default this is 10ms. + * The period ('periodicity' param in wmi_peer_cfr_capture_cmd) of + * CFR measurment of other peers will be in multiples of this base timer. + * The unit is in milliseconds. + */ + WMI_PDEV_PARAM_PERIODIC_CFR_BASE_TIMER, + + /* + * Once the periodic capture is enabled using + * WMI_PDEV_PARAM_PER_PEER_PERIODIC_CFR_ENABLE, the timer starts running in + * the target. This parameter will ensure that the timer stops if there are + * no active peers in the capture list. Once the peers are added again to + * the capture list, the timer will not start again. The timer has to be + * started again using WMI_PDEV_PARAM_PER_PEER_PERIODIC_CFR_ENABLE. + * Value 1: Enable this feature + * Value 0: Disable this feature + */ + WMI_PDEV_PARAM_ENABLE_OPTIMIZED_PERIODIC_CFR_TIMER, } WMI_PDEV_PARAM; typedef struct { @@ -5181,6 +5277,35 @@ typedef struct { */ } wmi_pdev_update_ctltable_request_fixed_param; +#define WMI_ESP_ESTIMATE_GET_BE(airtime) WMI_GET_BITS(airtime, 0, 8) +#define WMI_ESP_ESTIMATE_SET_BE(airtime, value) WMI_SET_BITS(airtime, 0, 8, value) + +#define WMI_ESP_ESTIMATE_GET_BK(airtime) WMI_GET_BITS(airtime, 8, 8) +#define WMI_ESP_ESTIMATE_SET_BK(airtime, value) WMI_SET_BITS(airtime, 8, 8, value) + +#define WMI_ESP_ESTIMATE_GET_VI(airtime) WMI_GET_BITS(airtime, 16, 8) +#define WMI_ESP_ESTIMATE_SET_VI(airtime, value) WMI_SET_BITS(airtime, 16, 8, value) + +#define WMI_ESP_ESTIMATE_GET_VO(airtime) WMI_GET_BITS(airtime, 24, 8) +#define WMI_ESP_ESTIMATE_SET_VO(airtime, value) WMI_SET_BITS(airtime, 24, 8, value) + +typedef struct { + A_UINT32 tlv_header; /* TLV tag and len; tag equals WMITLV_TAG_STRUC_wmi_esp_estimate_event_fixed_param */ + /** pdev_id for identifying the MAC + * See macros starting with WMI_PDEV_ID_ for values. + * In non-DBDC case host should set it to 0 + */ + A_UINT32 pdev_id; + /* + * Percentage of air time available for each AC + * BIT[0-7] : AC_BE + * BIT[8-15] : AC_BK + * BIT[16-23] : AC_VI + * BIT[24-31] : AC_VO + */ + A_UINT32 ac_airtime_percentage; +} wmi_esp_estimate_event_fixed_param; + #define WMI_FAST_DIVERSITY_BIT_OFFSET 0 #define WMI_SLOW_DIVERSITY_BIT_OFFSET 1 @@ -7204,55 +7329,55 @@ typedef struct { #define WMI_UNIFIED_VDEV_START_LDPC_RX_ENABLED (1<<3) /* BSS color 0-6 */ -#define WMI_HEOPS_COLOR_GET(he_ops) WMI_GET_BITS(he_ops, 0, 6) -#define WMI_HEOPS_COLOR_SET(he_ops, value) WMI_SET_BITS(he_ops, 0, 6, value) +#define WMI_HEOPS_COLOR_GET_D2(he_ops) WMI_GET_BITS(he_ops, 0, 6) +#define WMI_HEOPS_COLOR_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 0, 6, value) /* Default PE Duration subfield indicates the PE duration in units of 4 us */ -#define WMI_HEOPS_DEFPE_GET(he_ops) WMI_GET_BITS(he_ops, 6, 3) -#define WMI_HEOPS_DEFPE_SET(he_ops, value) WMI_SET_BITS(he_ops, 6, 3, value) +#define WMI_HEOPS_DEFPE_GET_D2(he_ops) WMI_GET_BITS(he_ops, 6, 3) +#define WMI_HEOPS_DEFPE_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 6, 3, value) /* TWT required */ -#define WMI_HEOPS_TWT_REQUIRED_GET(he_ops) WMI_GET_BITS(he_ops, 9, 1) -#define WMI_HEOPS_TWT_REQUIRED_SET(he_ops, value) WMI_SET_BITS(he_ops, 9, 1, value) +#define WMI_HEOPS_TWT_REQUIRED_GET_D2(he_ops) WMI_GET_BITS(he_ops, 9, 1) +#define WMI_HEOPS_TWT_REQUIRED_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 9, 1, value) /* DEPRECATED, use WMI_HEOPS_TWT_REQUIRED_GET instead */ -#define WMI_HEOPS_TWT_GET(he_ops) \ - WMI_HEOPS_TWT_REQUIRED_GET(he_ops) +#define WMI_HEOPS_TWT_GET_D2(he_ops) \ + WMI_HEOPS_TWT_REQUIRED_GET_D2(he_ops) /* DEPRECATED, use WMI_HEOPS_TWT_REQUIRED_SET instead */ -#define WMI_HEOPS_TWT_SET(he_ops, value) \ - WMI_HEOPS_TWT_REQUIRED_SET(he_ops, value) +#define WMI_HEOPS_TWT_SET_D2(he_ops, value) \ + WMI_HEOPS_TWT_REQUIRED_SET_D2(he_ops, value) /* RTS threshold in units of 32 us,0 - always use RTS 1023 - this is disabled */ -#define WMI_HEOPS_RTSTHLD_GET(he_ops) WMI_GET_BITS(he_ops, 10, 10) -#define WMI_HEOPS_RTSTHLD_SET(he_ops, value) WMI_SET_BITS(he_ops, 10, 10, value) +#define WMI_HEOPS_RTSTHLD_GET_D2(he_ops) WMI_GET_BITS(he_ops, 10, 10) +#define WMI_HEOPS_RTSTHLD_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 10, 10, value) /* Partial BSS Color field indicates whether BSS applies an AID assignment rule using partial BSS color bits */ -#define WMI_HEOPS_PARTBSSCOLOR_GET(he_ops) WMI_GET_BITS(he_ops, 20, 1) -#define WMI_HEOPS_PARTBSSCOLOR_SET(he_ops, value) WMI_SET_BITS(he_ops, 20, 1, value) +#define WMI_HEOPS_PARTBSSCOLOR_GET_D2(he_ops) WMI_GET_BITS(he_ops, 20, 1) +#define WMI_HEOPS_PARTBSSCOLOR_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 20, 1, value) /* MAX BSS supported by MultiBSS element */ -#define WMI_HEOPS_MAXBSSID_GET(he_ops) WMI_GET_BITS(he_ops, 21, 8) -#define WMI_HEOPS_MAXBSSID_SET(he_ops, value) WMI_SET_BITS(he_ops, 21, 8, value) +#define WMI_HEOPS_MAXBSSID_GET_D2(he_ops) WMI_GET_BITS(he_ops, 21, 8) +#define WMI_HEOPS_MAXBSSID_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 21, 8, value) /* Tx BSSID Indicator indicates whether HE AP corresponds to transmitted BSSID */ -#define WMI_HEOPS_TXBSSID_GET(he_ops) WMI_GET_BITS(he_ops, 29, 1) -#define WMI_HEOPS_TXBSSID_SET(he_ops, value) WMI_SET_BITS(he_ops, 29, 1, value) +#define WMI_HEOPS_TXBSSID_GET_D2(he_ops) WMI_GET_BITS(he_ops, 29, 1) +#define WMI_HEOPS_TXBSSID_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 29, 1, value) /* when set to 1 disables use of BSS color */ -#define WMI_HEOPS_BSSCOLORDISABLE_GET(he_ops) WMI_GET_BITS(he_ops, 30, 1) -#define WMI_HEOPS_BSSCOLORDISABLE_SET(he_ops, value) WMI_SET_BITS(he_ops, 30, 1, value) +#define WMI_HEOPS_BSSCOLORDISABLE_GET_D2(he_ops) WMI_GET_BITS(he_ops, 30, 1) +#define WMI_HEOPS_BSSCOLORDISABLE_SET_D2(he_ops, value) WMI_SET_BITS(he_ops, 30, 1, value) /**--- HEOPS_DUALBEACON: DO NOT USE - DEPRECATED ---*/ /* When set to 1 HE AP transmits beacons using two PHY formats, * one in non-HE format and other in an HE_EXT_SU PHY format */ -#define WMI_HEOPS_DUALBEACON_GET(he_ops) (0) -#define WMI_HEOPS_DUALBEACON_SET(he_ops, value) {;} +#define WMI_HEOPS_DUALBEACON_GET_D2(he_ops) (0) +#define WMI_HEOPS_DUALBEACON_SET_D2(he_ops, value) {;} #define WMI_MAX_HECAP_PHY_SIZE (3) /* Dual Band both 2.4 GHz and 5 GHz Supported */ -#define WMI_HECAP_PHY_DB_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 0, 1) -#define WMI_HECAP_PHY_DB_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 0, 1, value) +#define WMI_HECAP_PHY_DB_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 0, 1) +#define WMI_HECAP_PHY_DB_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 0, 1, value) /* * B0: Indicates STA support 40 MHz channel width in 2.4 GHz @@ -7266,8 +7391,8 @@ typedef struct { * MHz channel width in 5 GHz. Otherwise Reserved. * B6: Reserved */ -#define WMI_HECAP_PHY_CBW_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 1, 7) -#define WMI_HECAP_PHY_CBW_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 1, 7, value) +#define WMI_HECAP_PHY_CBW_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 1, 7) +#define WMI_HECAP_PHY_CBW_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 1, 7, value) /* * B0: Indicates STA supports reception of preamble puncturing in 80 MHz, @@ -7282,59 +7407,59 @@ typedef struct { * or 80+80 MHz, where in the primary 80 MHz of the preamble, the * primary 40 MHz is present */ -#define WMI_HECAP_PHY_PREAMBLEPUNCRX_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 8, 4) -#define WMI_HECAP_PHY_PREAMBLEPUNCRX_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 8, 4, value) +#define WMI_HECAP_PHY_PREAMBLEPUNCRX_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 8, 4) +#define WMI_HECAP_PHY_PREAMBLEPUNCRX_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 8, 4, value) /* Indicates transmitting STA is a Class A (1) or a Class B (0) device */ -#define WMI_HECAP_PHY_COD_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 12, 1) -#define WMI_HECAP_PHY_COD_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 12, 1, value) +#define WMI_HECAP_PHY_COD_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 12, 1) +#define WMI_HECAP_PHY_COD_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 12, 1, value) /* Indicates support of transmission and reception of LDPC encoded packets */ -#define WMI_HECAP_PHY_LDPC_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 13, 1) -#define WMI_HECAP_PHY_LDPC_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 13, 1, value) +#define WMI_HECAP_PHY_LDPC_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 13, 1) +#define WMI_HECAP_PHY_LDPC_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 13, 1, value) /* Below 2 macros are for maintaining backward compatability - Deprecated use WMI_HECAP_PHY_LDPC instead */ -#define WMI_HECAP_PHY_TXLDPC_GET(he_cap_phy) WMI_HECAP_PHY_LDPC_GET(he_cap_phy) -#define WMI_HECAP_PHY_TXLDPC_SET(he_cap_phy, value) WMI_HECAP_PHY_LDPC_SET(he_cap_phy, value) +#define WMI_HECAP_PHY_TXLDPC_GET_D2(he_cap_phy) WMI_HECAP_PHY_LDPC_GET_D2(he_cap_phy) +#define WMI_HECAP_PHY_TXLDPC_SET_D2(he_cap_phy, value) WMI_HECAP_PHY_LDPC_SET_D2(he_cap_phy, value) /* Below 2 macros are for maintaining backward compatability - Deprecated use WMI_HECAP_PHY_LDPC instead */ -#define WMI_HECAP_PHY_RXLDPC_GET(he_cap_phy) WMI_HECAP_PHY_LDPC_GET(he_cap_phy) -#define WMI_HECAP_PHY_RXLDPC_SET(he_cap_phy, value) WMI_HECAP_PHY_LDPC_SET(he_cap_phy, value) +#define WMI_HECAP_PHY_RXLDPC_GET_D2(he_cap_phy) WMI_HECAP_PHY_LDPC_GET_D2(he_cap_phy) +#define WMI_HECAP_PHY_RXLDPC_SET_D2(he_cap_phy, value) WMI_HECAP_PHY_LDPC_SET_D2(he_cap_phy, value) /* * B0: Indicates support of reception of 1x LTF and 0.8us guard interval duration for HE SU PPDUs. */ -#define WMI_HECAP_PHY_LTFGIFORHE_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 14, 1) -#define WMI_HECAP_PHY_LTFGIFORHE_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 14, 1, value) +#define WMI_HECAP_PHY_LTFGIFORHE_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 14, 1) +#define WMI_HECAP_PHY_LTFGIFORHE_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 14, 1, value) /* * When the Doppler Rx subfield is 1, indicates the maximum number of space- * time streams supported for reception when midamble is used in the Data field. */ -#define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 15, 2) -#define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 15, 2, value) +#define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 15, 2) +#define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 15, 2, value) /* * B0: For a transmitting STA acting as beamformee, it indicates support of * NDP reception using 4x LTF and 3.2 us guard interval duration */ -#define WMI_HECAP_PHY_LTFGIFORNDP_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 17, 1) -#define WMI_HECAP_PHY_LTFGIFORNDP_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 17, 1, value) +#define WMI_HECAP_PHY_LTFGIFORNDP_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 17, 1) +#define WMI_HECAP_PHY_LTFGIFORNDP_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 17, 1, value) /* indicates support for the transmission of HE PPDUs using STBC with one spatial stream for <= 80MHz Tx*/ -#define WMI_HECAP_PHY_TXSTBC_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 18, 1) -#define WMI_HECAP_PHY_TXSTBC_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 18, 1, value) +#define WMI_HECAP_PHY_TXSTBC_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 18, 1) +#define WMI_HECAP_PHY_TXSTBC_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 18, 1, value) /* indicates support for the reception of HE PPDUs using STBC with one spatial stream for <= 80MHz Tx*/ -#define WMI_HECAP_PHY_RXSTBC_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 19, 1) -#define WMI_HECAP_PHY_RXSTBC_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 19, 1, value) +#define WMI_HECAP_PHY_RXSTBC_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 19, 1) +#define WMI_HECAP_PHY_RXSTBC_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 19, 1, value) /* indicates transmitting STA supports transmitting HE PPDUs with Doppler procedure */ -#define WMI_HECAP_PHY_TXDOPPLER_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 20, 1) -#define WMI_HECAP_PHY_TXDOPPLER_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 20, 1, value) +#define WMI_HECAP_PHY_TXDOPPLER_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 20, 1) +#define WMI_HECAP_PHY_TXDOPPLER_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 20, 1, value) /* indicates transmitting STA supports receiving HE PPDUs with Doppler procedure */ -#define WMI_HECAP_PHY_RXDOPPLER_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 21, 1) -#define WMI_HECAP_PHY_RXDOPPLER_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 21, 1, value) +#define WMI_HECAP_PHY_RXDOPPLER_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 21, 1) +#define WMI_HECAP_PHY_RXDOPPLER_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 21, 1, value) /* * If the transmitting STA is an AP: @@ -7344,8 +7469,8 @@ typedef struct { * indicates STA supports of transmission of full bandwidth UL MU-MIMO * transmission. */ -#define WMI_HECAP_PHY_UL_MU_MIMO_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 22, 1) -#define WMI_HECAP_PHY_UL_MU_MIMO_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 22, 1, value) +#define WMI_HECAP_PHY_UL_MU_MIMO_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 22, 1) +#define WMI_HECAP_PHY_UL_MU_MIMO_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 22, 1, value) /* * If the transmitting STA is an AP: @@ -7355,8 +7480,8 @@ typedef struct { * indicates STA supports of transmission of UL MU-MIMO transmission on an * RU in an HE MU PPDU where the RU does not span the entire PPDU bandwidth. */ -#define WMI_HECAP_PHY_ULMUMIMOOFDMA_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 23, 1) -#define WMI_HECAP_PHY_ULMUMIMOOFDMA_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 23, 1, value) +#define WMI_HECAP_PHY_ULMUMIMOOFDMA_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 23, 1) +#define WMI_HECAP_PHY_ULMUMIMOOFDMA_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 23, 1, value) /* Tx DCM * B0:B1 @@ -7368,8 +7493,8 @@ typedef struct { * 0: 1 spatial stream * 1: 2 spatial streams */ -#define WMI_HECAP_PHY_DCMTX_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 24, 3) -#define WMI_HECAP_PHY_DCMTX_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 24, 3, value) +#define WMI_HECAP_PHY_DCMTX_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 24, 3) +#define WMI_HECAP_PHY_DCMTX_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 24, 3, value) /* Rx DCM * B0:B1 @@ -7381,36 +7506,36 @@ typedef struct { * 0: 1 spatial stream * 1: 2 spatial streams */ -#define WMI_HECAP_PHY_DCMRX_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 27, 3) -#define WMI_HECAP_PHY_DCMRX_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 27, 3, value) +#define WMI_HECAP_PHY_DCMRX_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 27, 3) +#define WMI_HECAP_PHY_DCMRX_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 27, 3, value) /* * Indicates that the STA supports the reception of an HE MU PPDU payload * over full bandwidth and partial bandwidth (106-tone RU within 20 MHz). */ -#define WMI_HECAP_PHY_ULHEMU_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 30, 1) -#define WMI_HECAP_PHY_ULHEMU_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 30, 1, value) +#define WMI_HECAP_PHY_ULHEMU_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 30, 1) +#define WMI_HECAP_PHY_ULHEMU_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 30, 1, value) /* Indicates support for operation as an SU beamformer */ -#define WMI_HECAP_PHY_SUBFMR_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 31, 1) -#define WMI_HECAP_PHY_SUBFMR_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 31, 1, value) +#define WMI_HECAP_PHY_SUBFMR_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 31, 1) +#define WMI_HECAP_PHY_SUBFMR_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 31, 1, value) /* Indicates support for operation as an SU beamformee */ -#define WMI_HECAP_PHY_SUBFME_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 0, 1) -#define WMI_HECAP_PHY_SUBFME_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 0, 1, value) +#define WMI_HECAP_PHY_SUBFME_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 0, 1) +#define WMI_HECAP_PHY_SUBFME_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 0, 1, value) /* Indicates support for operation as an MU Beamformer */ -#define WMI_HECAP_PHY_MUBFMR_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 1, 1) -#define WMI_HECAP_PHY_MUBFMR_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 1, 1, value) +#define WMI_HECAP_PHY_MUBFMR_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 1, 1) +#define WMI_HECAP_PHY_MUBFMR_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 1, 1, value) /* * Num STS -1 for <= 80MHz (min val 3) * The maximum number of space-time streams minus 1 that the STA can * receive in an HE NDP */ -#define WMI_HECAP_PHY_BFMESTSLT80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 2, 3) -#define WMI_HECAP_PHY_BFMESTSLT80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 2, 3, value) +#define WMI_HECAP_PHY_BFMESTSLT80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 2, 3) +#define WMI_HECAP_PHY_BFMESTSLT80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 2, 3, value) /* @@ -7418,8 +7543,8 @@ typedef struct { * The maximum number of space-time streams minus 1 that the STA can * receive in an HE NDP */ -#define WMI_HECAP_PHY_BFMESTSGT80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 5, 3) -#define WMI_HECAP_PHY_BFMESTSGT80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 5, 3, value) +#define WMI_HECAP_PHY_BFMESTSGT80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 5, 3) +#define WMI_HECAP_PHY_BFMESTSGT80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 5, 3, value) /* * Number Of Sounding Dimensions For <= 80 MHz @@ -7427,8 +7552,8 @@ typedef struct { * TXVECTOR parameter NUM_STS minus 1. * Otherwise, reserved. */ -#define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 8, 3) -#define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 8, 3, value) +#define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 8, 3) +#define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 8, 3, value) /* * Number Of Sounding Dimensions For > 80 MHz @@ -7436,40 +7561,40 @@ typedef struct { * TXVECTOR parameter NUM_STS minus 1. * Otherwise, reserved. */ -#define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 11, 3) -#define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 11, 3, value) +#define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 11, 3) +#define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 11, 3, value) /* * Indicates if the HE beamformee is capable of feedback with tone * grouping of 16 in the HE Compressed Beamforming Report field for * a SU-type feedback. */ -#define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 14, 1) -#define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 14, 1, value) +#define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 14, 1) +#define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 14, 1, value) /* * Indicates if the HE beamformee is capable of feedback with tone * grouping of 16 in the HE Compressed Beamforming Report field for * a MU-type feedback. */ -#define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 15, 1) -#define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 15, 1, value) +#define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 15, 1) +#define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 15, 1, value) /* * Indicates if HE beamformee is capable of feedback with codebook * size {4, 2} in the HECompressed Beamforming Report field for * a SU-type feedback. */ -#define WMI_HECAP_PHY_CODBK42SU_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 16, 1) -#define WMI_HECAP_PHY_CODBK42SU_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 16, 1, value) +#define WMI_HECAP_PHY_CODBK42SU_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 16, 1) +#define WMI_HECAP_PHY_CODBK42SU_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 16, 1, value) /* * Indicates if HE beamformee is capable of feedback with codebook * size {7, 5} in the HE Compressed Beamforming Report field for * a MU-type feedback. */ -#define WMI_HECAP_PHY_CODBK75MU_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 17, 1) -#define WMI_HECAP_PHY_CODBK75MU_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 17, 1, value) +#define WMI_HECAP_PHY_CODBK75MU_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 17, 1) +#define WMI_HECAP_PHY_CODBK75MU_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 17, 1, value) /* * Beamforming Feedback With Trigger Frame @@ -7482,73 +7607,73 @@ typedef struct { * B1: indicates support of transmission of MU-Type partial(1) bandwidth feedback * B2: indicates support of transmission of CQI-Onlypartial (1)and full bandwidth feedback */ -#define WMI_HECAP_PHY_BFFEEDBACKTRIG_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 18, 3) -#define WMI_HECAP_PHY_BFFEEDBACKTRIG_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 18, 3, value) +#define WMI_HECAP_PHY_BFFEEDBACKTRIG_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 18, 3) +#define WMI_HECAP_PHY_BFFEEDBACKTRIG_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 18, 3, value) /* Indicates the support of transmission and reception of an HE extended range SU PPDU payload transmitted * over the right 106-tone RU or partial BW ER */ -#define WMI_HECAP_PHY_HEERSU_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 21, 1) -#define WMI_HECAP_PHY_HEERSU_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 21, 1, value) +#define WMI_HECAP_PHY_HEERSU_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 21, 1) +#define WMI_HECAP_PHY_HEERSU_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 21, 1, value) /* Indicates that the non-AP STA supports reception of a DL MU-MIMO transmission on an RU in an HE MU PPDU * where the RU does not span the entire PPDU bandwidth. */ -#define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 22, 1) -#define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 22, 1, value) +#define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 22, 1) +#define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 22, 1, value) /* Indicates whether or not the PPE Threshold field is present */ -#define WMI_HECAP_PHY_PETHRESPRESENT_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 23, 1) -#define WMI_HECAP_PHY_PETHRESPRESENT_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 23, 1, value) +#define WMI_HECAP_PHY_PETHRESPRESENT_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 23, 1) +#define WMI_HECAP_PHY_PETHRESPRESENT_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 23, 1, value) /* Indicates that the STA supports SRP-based SR operation */ -#define WMI_HECAP_PHY_SRPSPRESENT_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 24, 1) -#define WMI_HECAP_PHY_SRPPRESENT_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 24, 1, value) +#define WMI_HECAP_PHY_SRPSPRESENT_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 24, 1) +#define WMI_HECAP_PHY_SRPPRESENT_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 24, 1, value) /* Indicates that the STA supports a power boost factor ar for the r-th RU in the range [0.5, 2] */ -#define WMI_HECAP_PHY_PWRBOOSTAR_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 25, 1) -#define WMI_HECAP_PHY_PWRBOOSTAR_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 25, 1, value) +#define WMI_HECAP_PHY_PWRBOOSTAR_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 25, 1) +#define WMI_HECAP_PHY_PWRBOOSTAR_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 25, 1, value) /* Indicates support for the reception of 4x LTF and 0.8us guard interval duration for HE SU PPDUs. */ -#define WMI_HECAP_PHY_4XLTFAND800NSECSGI_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 26, 1) -#define WMI_HECAP_PHY_4XLTFAND800NSECSGI_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 26, 1, value) +#define WMI_HECAP_PHY_4XLTFAND800NSECSGI_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 26, 1) +#define WMI_HECAP_PHY_4XLTFAND800NSECSGI_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 26, 1, value) /* For a transmitting STA acting as a beamformee, it indicates the maximum Nc for beamforming sounding * feedback supported If SU beamformee capable, then set to the maximum Nc for beamforming sounding feedback * minus 1. Otherwise, reserved. */ -#define WMI_HECAP_PHY_MAXNC_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 27, 3) -#define WMI_HECAP_PHY_MAXNC_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 27, 3, value) +#define WMI_HECAP_PHY_MAXNC_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 27, 3) +#define WMI_HECAP_PHY_MAXNC_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 27, 3, value) /* Indicates support for the transmission of an HE PPDU that has a bandwidth greater than 80 MHz and is using * STBC with one spatial stream */ -#define WMI_HECAP_PHY_STBCTXGT80_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 30, 1) -#define WMI_HECAP_PHY_STBCTXGT80_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 30, 1, value) +#define WMI_HECAP_PHY_STBCTXGT80_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 30, 1) +#define WMI_HECAP_PHY_STBCTXGT80_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 30, 1, value) /* Indicates support for the reception of an HE PPDU that has a bandwidth greater than 80 MHz and is using * STBC with one spatial stream */ -#define WMI_HECAP_PHY_STBCRXGT80_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 31, 1) -#define WMI_HECAP_PHY_STBCRXGT80_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 31, 1, value) +#define WMI_HECAP_PHY_STBCRXGT80_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 31, 1) +#define WMI_HECAP_PHY_STBCRXGT80_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 31, 1, value) /* Indicates support for the reception of an HE ER SU PPDU with 4x LTF and 0.8 us guard interval duration */ -#define WMI_HECAP_PHY_ERSU4X800NSECGI_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 0, 1) -#define WMI_HECAP_PHY_ERSU4X800NSECGI_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 0, 1, value) +#define WMI_HECAP_PHY_ERSU4X800NSECGI_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 0, 1) +#define WMI_HECAP_PHY_ERSU4X800NSECGI_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 0, 1, value) /* * Indicates support of 26-, 52-, and 106-tone mapping for a 20 MHz operating non-AP HE STA that is the * receiver of a 40 MHz HE MU PPDU in 2.4 GHz band, or the transmitter of a 40 MHz HE TB PPDU in 2.4GHz band. */ -#define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 1, 1) -#define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 1, 1, value) +#define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 1, 1) +#define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 1, 1, value) /* * Indicates support of 26-, 52-, and 106-tone mapping for a 20 MHz operating non-AP HE STA that is the * receiver of a 80+80 MHz or a 160 MHz HE MU PPDU, or the transmitter of a 80+80 MHz or 160 MHz HE TB PPDU. */ -#define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 2, 1) -#define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 2, 1, value) +#define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 2, 1) +#define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 2, 1, value) /* * Indicates supports of 160 MHz OFDMA for a non-AP HE STA that sets bit B1 of Channel Width Set to 1, and @@ -7556,32 +7681,32 @@ typedef struct { * bit is applicable while receiving a 80+80 MHz or a 160 MHz HE MU PPDU, or transmitting a 80+80 MHz or a * 160 MHz HE TB PPDU. */ -#define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 3, 1) -#define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 3, 1, value) +#define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 3, 1) +#define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 3, 1, value) /* Indicates support for the reception of an HE ER SU PPDU with 1x LTF and 0.8 us guard interval duration */ -#define WMI_HECAP_PHY_ERSU1X800NSECGI_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 4, 1) -#define WMI_HECAP_PHY_ERSU1X800NSECGI_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 4, 1, value) +#define WMI_HECAP_PHY_ERSU1X800NSECGI_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 4, 1) +#define WMI_HECAP_PHY_ERSU1X800NSECGI_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 4, 1, value) /* * When the Doppler Rx subfield is 1, indicates support for receiving midambles with 2x HE-LTF, 1x HE-LTF * in HE SU PPDU if the HE SU PPDU With 1x HE-LTF And 0.8 s GI subfield is set to 1, and 1x HE-LTF in * HE ER SU PPDU if the HE ER SU PPDU With 1x HELTF And 0.8 s GI subfield is set to 1. */ -#define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 5, 1) -#define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 5, 1, value) +#define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 5, 1) +#define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 5, 1, value) /*HTC + HE Support Set to 1 if STA supports reception of HE Variant HT control Field*/ -#define WMI_HECAP_MAC_HECTRL_GET(he_cap) WMI_GET_BITS(he_cap, 0, 1) -#define WMI_HECAP_MAC_HECTRL_SET(he_cap, value) WMI_SET_BITS(he_cap, 0, 1, value) +#define WMI_HECAP_MAC_HECTRL_GET_D2(he_cap) WMI_GET_BITS(he_cap, 0, 1) +#define WMI_HECAP_MAC_HECTRL_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 0, 1, value) /* set to 1 to for TWT Requestor support*/ -#define WMI_HECAP_MAC_TWTREQ_GET(he_cap) WMI_GET_BITS(he_cap, 1, 1) -#define WMI_HECAP_MAC_TWTREQ_SET(he_cap, value) WMI_SET_BITS(he_cap, 1, 1, value) +#define WMI_HECAP_MAC_TWTREQ_GET_D2(he_cap) WMI_GET_BITS(he_cap, 1, 1) +#define WMI_HECAP_MAC_TWTREQ_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 1, 1, value) /* set to 1 to for TWT Responder support*/ -#define WMI_HECAP_MAC_TWTRSP_GET(he_cap) WMI_GET_BITS(he_cap, 2, 1) -#define WMI_HECAP_MAC_TWTRSP_SET(he_cap, value) WMI_SET_BITS(he_cap, 2, 1, value) +#define WMI_HECAP_MAC_TWTRSP_GET_D2(he_cap) WMI_GET_BITS(he_cap, 2, 1) +#define WMI_HECAP_MAC_TWTRSP_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 2, 1, value) /* Level of frag support Set to 0 for no support for dynamic fragmentation. @@ -7592,78 +7717,78 @@ typedef struct { dynamic fragments for each MSDU within an AMPDU or multi-TID AMPDU and up to one dynamic fragment for each MMPDU in a multi-TID A-MPDU that is not a Single MPDU */ -#define WMI_HECAP_MAC_HEFRAG_GET(he_cap) WMI_GET_BITS(he_cap, 3, 2) -#define WMI_HECAP_MAC_HEFRAG_SET(he_cap, value) WMI_SET_BITS(he_cap, 3, 2, value) +#define WMI_HECAP_MAC_HEFRAG_GET_D2(he_cap) WMI_GET_BITS(he_cap, 3, 2) +#define WMI_HECAP_MAC_HEFRAG_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 3, 2, value) /* The maximum number of fragmented MSDUs, Nmax,defined by this field is Nmax = 2 Maximum Number Of FMPDUs*/ -#define WMI_HECAP_MAC_MAXFRAGMSDU_GET(he_cap) WMI_GET_BITS(he_cap, 5, 3) -#define WMI_HECAP_MAC_MAXFRAGMSDU_SET(he_cap, value) WMI_SET_BITS(he_cap, 5, 3, value) +#define WMI_HECAP_MAC_MAXFRAGMSDU_GET_D2(he_cap) WMI_GET_BITS(he_cap, 5, 3) +#define WMI_HECAP_MAC_MAXFRAGMSDU_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 5, 3, value) /* 0 = no restriction on the minimum payload , 1 = 128 octets min, 2 = 256 octets min, 3 = 512 octets min */ -#define WMI_HECAP_MAC_MINFRAGSZ_GET(he_cap) WMI_GET_BITS(he_cap, 8, 2) -#define WMI_HECAP_MAC_MINFRAGSZ_SET(he_cap, value) WMI_SET_BITS(he_cap, 8, 2, value) +#define WMI_HECAP_MAC_MINFRAGSZ_GET_D2(he_cap) WMI_GET_BITS(he_cap, 8, 2) +#define WMI_HECAP_MAC_MINFRAGSZ_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 8, 2, value) /*0 = no additional processing time, 1 = 8us,2 = 16us */ -#define WMI_HECAP_MAC_TRIGPADDUR_GET(he_cap) WMI_GET_BITS(he_cap, 10, 2) -#define WMI_HECAP_MAC_TRIGPADDUR_SET(he_cap, value) WMI_SET_BITS(he_cap, 10, 2, value) +#define WMI_HECAP_MAC_TRIGPADDUR_GET_D2(he_cap) WMI_GET_BITS(he_cap, 10, 2) +#define WMI_HECAP_MAC_TRIGPADDUR_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 10, 2, value) /*number of TIDs minus 1 of QoS Data frames that HE STA can aggregate in multi-TID AMPDU*/ -#define WMI_HECAP_MAC_MTID_GET(he_cap) WMI_GET_BITS(he_cap, 12, 3) -#define WMI_HECAP_MAC_MTID_SET(he_cap, value) WMI_SET_BITS(he_cap, 12, 3, value) +#define WMI_HECAP_MAC_MTID_GET_D2(he_cap) WMI_GET_BITS(he_cap, 12, 3) +#define WMI_HECAP_MAC_MTID_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 12, 3, value) /* * Indicates support by a STA to receive an ack-enabled A-MPDU in which an A-MSDU is carried in * a QoS Data frame for which no block ack agreement exists. */ -#define WMI_HECAP_MAC_AMSDUINAMPDU_GET(he_cap) WMI_GET_BITS(he_cap, 15, 1) -#define WMI_HECAP_MAC_AMSDUINAMPDU_SET(he_cap, value) WMI_SET_BITS(he_cap, 15, 1, value) +#define WMI_HECAP_MAC_AMSDUINAMPDU_GET_D2(he_cap) WMI_GET_BITS(he_cap, 15, 1) +#define WMI_HECAP_MAC_AMSDUINAMPDU_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 15, 1, value) /*--- HECAP_MAC_HELKAD: DO NOT USE - DEPRECATED ---*/ /*0=No Feedback,2=Unsolicited,3=Both*/ -#define WMI_HECAP_MAC_HELKAD_GET(he_cap) (0) -#define WMI_HECAP_MAC_HELKAD_SET(he_cap, value) {;} +#define WMI_HECAP_MAC_HELKAD_GET_D2(he_cap) (0) +#define WMI_HECAP_MAC_HELKAD_SET_D2(he_cap, value) {;} /* bit 16 reserved. */ /*Set to 1 for reception of AllAck support*/ -#define WMI_HECAP_MAC_AACK_GET(he_cap) WMI_GET_BITS(he_cap, 17, 1) -#define WMI_HECAP_MAC_AACK_SET(he_cap, value) WMI_SET_BITS(he_cap, 17, 1, value) +#define WMI_HECAP_MAC_AACK_GET_D2(he_cap) WMI_GET_BITS(he_cap, 17, 1) +#define WMI_HECAP_MAC_AACK_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 17, 1, value) /*Set to 1 if the STA supports reception of the UL MU Response Scheduling A-Control field*/ -#define WMI_HECAP_MAC_ULMURSP_GET(he_cap) WMI_GET_BITS(he_cap, 18, 1) -#define WMI_HECAP_MAC_ULMURSP_SET(he_cap, value) WMI_SET_BITS(he_cap, 18, 1, value) +#define WMI_HECAP_MAC_ULMURSP_GET_D2(he_cap) WMI_GET_BITS(he_cap, 18, 1) +#define WMI_HECAP_MAC_ULMURSP_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 18, 1, value) /*Set to 1 if the STA supports the BSR A-Control field functionality.*/ -#define WMI_HECAP_MAC_BSR_GET(he_cap) WMI_GET_BITS(he_cap, 19, 1) -#define WMI_HECAP_MAC_BSR_SET(he_cap, value) WMI_SET_BITS(he_cap, 19, 1, value) +#define WMI_HECAP_MAC_BSR_GET_D2(he_cap) WMI_GET_BITS(he_cap, 19, 1) +#define WMI_HECAP_MAC_BSR_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 19, 1, value) /*Set to 1 when the STA supports broadcast TWT functionality.*/ -#define WMI_HECAP_MAC_BCSTTWT_GET(he_cap) WMI_GET_BITS(he_cap, 20, 1) -#define WMI_HECAP_MAC_BCSTTWT_SET(he_cap, value) WMI_SET_BITS(he_cap, 20, 1, value) +#define WMI_HECAP_MAC_BCSTTWT_GET_D2(he_cap) WMI_GET_BITS(he_cap, 20, 1) +#define WMI_HECAP_MAC_BCSTTWT_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 20, 1, value) /*Set to 1 if STA supports rx of Multi-STA BA that has 32-bit Block Ack Bitmap*/ -#define WMI_HECAP_MAC_32BITBA_GET(he_cap) WMI_GET_BITS(he_cap, 21, 1) -#define WMI_HECAP_MAC_32BITBA_SET(he_cap, value) WMI_SET_BITS(he_cap, 21, 1, value) +#define WMI_HECAP_MAC_32BITBA_GET_D2(he_cap) WMI_GET_BITS(he_cap, 21, 1) +#define WMI_HECAP_MAC_32BITBA_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 21, 1, value) /*Set to 1 if the STA supports MU cascading operation*/ -#define WMI_HECAP_MAC_MUCASCADE_GET(he_cap) WMI_GET_BITS(he_cap, 22, 1) -#define WMI_HECAP_MAC_MUCASCADE_SET(he_cap, value) WMI_SET_BITS(he_cap, 22, 1, value) +#define WMI_HECAP_MAC_MUCASCADE_GET_D2(he_cap) WMI_GET_BITS(he_cap, 22, 1) +#define WMI_HECAP_MAC_MUCASCADE_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 22, 1, value) /*Set to 1 when the STA supports reception of this multi-TID A-MPDU format*/ -#define WMI_HECAP_MAC_ACKMTIDAMPDU_GET(he_cap) WMI_GET_BITS(he_cap, 23, 1) -#define WMI_HECAP_MAC_ACKMTIDAMPDU_SET(he_cap, value) WMI_SET_BITS(he_cap, 23, 1, value) +#define WMI_HECAP_MAC_ACKMTIDAMPDU_GET_D2(he_cap) WMI_GET_BITS(he_cap, 23, 1) +#define WMI_HECAP_MAC_ACKMTIDAMPDU_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 23, 1, value) /*Set to 1 when the STA supports its reception*/ -#define WMI_HECAP_MAC_GROUPMSTABA_GET(he_cap) WMI_GET_BITS(he_cap, 24, 1) -#define WMI_HECAP_MAC_GROUPMSTABA_SET(he_cap, value) WMI_SET_BITS(he_cap, 24, 1, value) +#define WMI_HECAP_MAC_GROUPMSTABA_GET_D2(he_cap) WMI_GET_BITS(he_cap, 24, 1) +#define WMI_HECAP_MAC_GROUPMSTABA_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 24, 1, value) /*Set to 1 if the STA supports reception of the OMI A-Control field*/ -#define WMI_HECAP_MAC_OMI_GET(he_cap) WMI_GET_BITS(he_cap, 25, 1) -#define WMI_HECAP_MAC_OMI_SET(he_cap, value) WMI_SET_BITS(he_cap, 25, 1, value) +#define WMI_HECAP_MAC_OMI_GET_D2(he_cap) WMI_GET_BITS(he_cap, 25, 1) +#define WMI_HECAP_MAC_OMI_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 25, 1, value) /*1 if OFDMA Random Access Supported*/ -#define WMI_HECAP_MAC_OFDMARA_GET(he_cap) WMI_GET_BITS(he_cap, 26, 1) -#define WMI_HECAP_MAC_OFDMARA_SET(he_cap, value) WMI_SET_BITS(he_cap, 26, 1, value) +#define WMI_HECAP_MAC_OFDMARA_GET_D2(he_cap) WMI_GET_BITS(he_cap, 26, 1) +#define WMI_HECAP_MAC_OFDMARA_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 26, 1, value) /* Maximum AMPDU Length Exponent. * If the HE STA includes a VHT Capabilities element, the Maximum A-MPDU Length Exponent subfield in @@ -7671,130 +7796,130 @@ typedef struct { * Capabilities element indicate the maximum length of A-MPDU that the STA can Receive where EOF * padding is not included in this limit. */ -#define WMI_HECAP_MAC_MAXAMPDULEN_EXP_GET(he_cap) WMI_GET_BITS(he_cap, 27, 2) -#define WMI_HECAP_MAC_MAXAMPDULEN_EXP_SET(he_cap, value) WMI_SET_BITS(he_cap, 27, 2, value) +#define WMI_HECAP_MAC_MAXAMPDULEN_EXP_GET_D2(he_cap) WMI_GET_BITS(he_cap, 27, 2) +#define WMI_HECAP_MAC_MAXAMPDULEN_EXP_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 27, 2, value) /*A-MSDU Fragmentation Support*/ -#define WMI_HECAP_MAC_AMSDUFRAG_GET(he_cap) WMI_GET_BITS(he_cap, 29, 1) -#define WMI_HECAP_MAC_AMSDUFRAG_SET(he_cap, value) WMI_SET_BITS(he_cap, 29, 1, value) +#define WMI_HECAP_MAC_AMSDUFRAG_GET_D2(he_cap) WMI_GET_BITS(he_cap, 29, 1) +#define WMI_HECAP_MAC_AMSDUFRAG_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 29, 1, value) /*Flexible TWT Schedule Support*/ -#define WMI_HECAP_MAC_FLEXTWT_GET(he_cap) WMI_GET_BITS(he_cap, 30, 1) -#define WMI_HECAP_MAC_FLEXTWT_SET(he_cap, value) WMI_SET_BITS(he_cap, 30, 1, value) +#define WMI_HECAP_MAC_FLEXTWT_GET_D2(he_cap) WMI_GET_BITS(he_cap, 30, 1) +#define WMI_HECAP_MAC_FLEXTWT_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 30, 1, value) /*Rx Control Frame to MultiBSS*/ -#define WMI_HECAP_MAC_MBSS_GET(he_cap) WMI_GET_BITS(he_cap, 31, 1) -#define WMI_HECAP_MAC_MBSS_SET(he_cap, value) WMI_SET_BITS(he_cap, 31, 1, value) +#define WMI_HECAP_MAC_MBSS_GET_D2(he_cap) WMI_GET_BITS(he_cap, 31, 1) +#define WMI_HECAP_MAC_MBSS_SET_D2(he_cap, value) WMI_SET_BITS(he_cap, 31, 1, value) /* BSRP A-MPDU Aggregation * maintaining compatability since we dont support this now so not wasting memory */ -#define WMI_HECAP_MAC_BSRPAMPDU_GET(he_cap) (0) -#define WMI_HECAP_MAC_BSRPAMPDU_SET(he_cap, value) {;} +#define WMI_HECAP_MAC_BSRPAMPDU_GET_D2(he_cap) (0) +#define WMI_HECAP_MAC_BSRPAMPDU_SET_D2(he_cap, value) {;} /* Quiet Time Period (QTP) operation * maintaining compatability since we dont support this now so not wasting memory */ -#define WMI_HECAP_MAC_QTP_GET(he_cap) (0) -#define WMI_HECAP_MAC_QTP_SET(he_cap, value) {;} +#define WMI_HECAP_MAC_QTP_GET_D2(he_cap) (0) +#define WMI_HECAP_MAC_QTP_SET_D2(he_cap, value) {;} /* support by an AP for receiving an (A-)MPDU that contains a BQR in the * A-Control subfield and support by a non-AP STA for generating an (A-)MPDU * that contains a BQR in the A-Control subfield * maintaining compatability since we dont support this now so not wasting memory */ -#define WMI_HECAP_MAC_ABQR_GET(he_cap) (0) -#define WMI_HECAP_MAC_ABQR_SET(he_cap, value) {;} +#define WMI_HECAP_MAC_ABQR_GET_D2(he_cap) (0) +#define WMI_HECAP_MAC_ABQR_SET_D2(he_cap, value) {;} /*Indicates support by the STA for the role of SR Responder.*/ -#define WMI_HECAP_MAC_SRRESP_GET(he_cap) (0) -#define WMI_HECAP_MAC_SRRESP_SET(he_cap, value) {;} +#define WMI_HECAP_MAC_SRRESP_GET_D2(he_cap) (0) +#define WMI_HECAP_MAC_SRRESP_SET_D2(he_cap, value) {;} /* Indicates support for an AP to encode OPS information to TIM element of the FILS Discovery * frames or TIM frames as described in AP operation for opportunistic power save. * Indicates support for a non-AP STA to receive the opportunistic power save encoded TIM elements */ -#define WMI_HECAP_MAC_OPS_GET(he_cap) (0) -#define WMI_HECAP_MAC_OPS_SET(he_cap, value) {;} +#define WMI_HECAP_MAC_OPS_GET_D2(he_cap) (0) +#define WMI_HECAP_MAC_OPS_SET_D2(he_cap, value) {;} /* Indicates support for a non-AP STA to follow the NDP feedback report procedure and respond to * the NDP Feedback Report Poll Trigger frame. */ -#define WMI_HECAP_MAC_NDPFDBKRPT_GET(he_cap) (0) -#define WMI_HECAP_MAC_NDPFDBKRPT_SET(he_cap, value) {;} +#define WMI_HECAP_MAC_NDPFDBKRPT_GET_D2(he_cap) (0) +#define WMI_HECAP_MAC_NDPFDBKRPT_SET_D2(he_cap, value) {;} /* BELOW MACROS ARE DEPRECATED Also we are not defining bits for capabilities * beyond bit 31 we donot support as it adds additional dword to our struct which may be later * removed by standard */ -#define WMI_HECAP_MAC_MBAHECTRL_GET(he_cap) (0) /* DO NOT USE - DEPRECATED*/ -#define WMI_HECAP_MAC_MBAHECTRL_SET(he_cap, value) {;} /* DO NOT USE - DEPRECATED*/ +#define WMI_HECAP_MAC_MBAHECTRL_GET_D2(he_cap) (0) /* DO NOT USE - DEPRECATED*/ +#define WMI_HECAP_MAC_MBAHECTRL_SET_D2(he_cap, value) {;} /* DO NOT USE - DEPRECATED*/ -#define WMI_HECAP_MAC_MURTS_GET(he_cap) (0) /* DO NOT USE - DEPRECATED*/ -#define WMI_HECAP_MAC_MURTS_SET(he_cap, value) {;} /* DO NOT USE - DEPRECATED*/ +#define WMI_HECAP_MAC_MURTS_GET_D2(he_cap) (0) /* DO NOT USE - DEPRECATED*/ +#define WMI_HECAP_MAC_MURTS_SET_D2(he_cap, value) {;} /* DO NOT USE - DEPRECATED*/ /*Deprecate use WMI_HECAP_PHY_PREAMBLEPUNCRX instead*/ -#define WMI_HECAP_PHY_CBMODE_GET(he_cap_phy) WMI_HECAP_PHY_CBMODE_GET(he_cap_phy) -#define WMI_HECAP_PHY_CBMODE_SET(he_cap_phy, value) WMI_HECAP_PHY_CBMODE_SET(he_cap_phy, value) +#define WMI_HECAP_PHY_CBMODE_GET_D2(he_cap_phy) WMI_HECAP_PHY_CBMODE_GET_D2(he_cap_phy) +#define WMI_HECAP_PHY_CBMODE_SET_D2(he_cap_phy, value) WMI_HECAP_PHY_CBMODE_SET_D2(he_cap_phy, value) /* Below 2 macros are for maintaining backward compatability - Deprecated use WMI_HECAP_PHY_LTFGIFORHE_GET instead */ -#define WMI_HECAP_PHY_OLTF_GET(he_cap_phy) WMI_HECAP_PHY_LTFGIFORHE_GET(he_cap_phy) -#define WMI_HECAP_PHY_OLTF_SET(he_cap_phy, value) WMI_HECAP_PHY_LTFGIFORHE_SET(he_cap_phy, value) +#define WMI_HECAP_PHY_OLTF_GET_D2(he_cap_phy) WMI_HECAP_PHY_LTFGIFORHE_GET_D2(he_cap_phy) +#define WMI_HECAP_PHY_OLTF_SET_D2(he_cap_phy, value) WMI_HECAP_PHY_LTFGIFORHE_SET_D2(he_cap_phy, value) /*DEPRECATED - USE WMI_HECAP_PHY_BFMENLTSGT80MHZ*/ -#define WMI_HECAP_PHY_SUBFMESTS_GET(he_cap_phy) WMI_HECAP_PHY_BFMESTSLT80MHZ_GET(he_cap_phy) -#define WMI_HECAP_PHY_SUBFMESTS_SET(he_cap_phy, value) WMI_HECAP_PHY_BFMESTSLT80MHZ_SET(he_cap_phy, value) +#define WMI_HECAP_PHY_SUBFMESTS_GET_D2(he_cap_phy) WMI_HECAP_PHY_BFMESTSLT80MHZ_GET_D2(he_cap_phy) +#define WMI_HECAP_PHY_SUBFMESTS_SET_D2(he_cap_phy, value) WMI_HECAP_PHY_BFMESTSLT80MHZ_SET_D2(he_cap_phy, value) /*DEPRECATED - use WMI_HECAP_PHY_PETHRESPRESENT**/ -#define WMI_HECAP_PHY_PADDING_GET(he_cap_phy) WMI_HECAP_PHY_PETHRESPRESENT_GET(he_cap_phy) -#define WMI_HECAP_PHY_PADDING_SET(he_cap_phy, value) WMI_HECAP_PHY_PETHRESPRESENT_SET(he_cap_phy, value) +#define WMI_HECAP_PHY_PADDING_GET_D2(he_cap_phy) WMI_HECAP_PHY_PETHRESPRESENT_GET_D2(he_cap_phy) +#define WMI_HECAP_PHY_PADDING_SET_D2(he_cap_phy, value) WMI_HECAP_PHY_PETHRESPRESENT_SET_D2(he_cap_phy, value) /**DO NOT USE - DEPRECATED*/ -#define WMI_HECAP_PHY_DLOFMAMUMIMO_GET(he_cap_phy) (0) -#define WMI_HECAP_PHY_DLOFDMAMUMIO_SET(he_cap_phy, value) {;} +#define WMI_HECAP_PHY_DLOFMAMUMIMO_GET_D2(he_cap_phy) (0) +#define WMI_HECAP_PHY_DLOFDMAMUMIO_SET_D2(he_cap_phy, value) {;} /*DO NOT USE - DEPRECATED**/ -#define WMI_HECAP_PHY_32GI_GET(he_cap_phy) (0) -#define WMI_HECAP_PHY_32GI_SET(he_cap_phy, value) {;} +#define WMI_HECAP_PHY_32GI_GET_D2(he_cap_phy) (0) +#define WMI_HECAP_PHY_32GI_SET_D2(he_cap_phy, value) {;} /*DO NOT USE - DEPRECATED**/ -#define WMI_HECAP_PHY_NOSUNDIMENS_GET(he_cap_phy) (0) -#define WMI_HECAP_PHY_NOSUNDIMENS_SET(he_cap_phy, value) {;} +#define WMI_HECAP_PHY_NOSUNDIMENS_GET_D2(he_cap_phy) (0) +#define WMI_HECAP_PHY_NOSUNDIMENS_SET_D2(he_cap_phy, value) {;} /*DO NOT USE - DEPRECATED**/ -#define WMI_HECAP_PHY_40MHZNSS_GET(he_cap_phy)(0) -#define WMI_HECAP_PHY_40MHZNSS_SET(he_cap_phy, value) {;} +#define WMI_HECAP_PHY_40MHZNSS_GET_D2(he_cap_phy)(0) +#define WMI_HECAP_PHY_40MHZNSS_SET_D2(he_cap_phy, value) {;} /* START TEMPORARY WORKAROUND - * Leave legacy names as aliases for new names, until all references to the * legacy names have been removed. */ -#define WMI_HECAP_PHY_ULOFDMA_GET WMI_HECAP_PHY_ULMUMIMOOFDMA_GET -#define WMI_HECAP_PHY_ULOFDMA_SET WMI_HECAP_PHY_ULMUMIMOOFDMA_SET +#define WMI_HECAP_PHY_ULOFDMA_GET_D2 WMI_HECAP_PHY_ULMUMIMOOFDMA_GET_D2 +#define WMI_HECAP_PHY_ULOFDMA_SET_D2 WMI_HECAP_PHY_ULMUMIMOOFDMA_SET_D2 /* END TEMPORARY WORKAROUND */ /* DEPRECATED - use WMI_HECAP_PHY_DCMRX or WMI_HECAP_PHY_DCMTX */ -#define WMI_HECAP_PHY_DCM_GET(he_cap_phy) WMI_HECAP_PHY_DCMRX_GET(he_cap_phy) -#define WMI_HECAP_PHY_DCM_SET(he_cap_phy, value) WMI_HECAP_PHY_DCMRX_SET(he_cap_phy, value) +#define WMI_HECAP_PHY_DCM_GET_D2(he_cap_phy) WMI_HECAP_PHY_DCMRX_GET_D2(he_cap_phy) +#define WMI_HECAP_PHY_DCM_SET_D2(he_cap_phy, value) WMI_HECAP_PHY_DCMRX_SET_D2(he_cap_phy, value) /* * The maximum value for NSTS-1<=80MHz,(min val 3)total that can be sent * to the STA in a DL MU-MIMO transmission on full or partial bandwidth */ -#define WMI_HECAP_PHY_NSTSLT80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 5, 3) -#define WMI_HECAP_PHY_NSTSLT80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 5, 3, value) +#define WMI_HECAP_PHY_NSTSLT80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 5, 3) +#define WMI_HECAP_PHY_NSTSLT80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 5, 3, value) /* * The maximum value for NSTS-1 > 80MHz (min val 3) total that can be sent * to the STA in a DL MU-MIMO transmission on full or partial bandwidth */ -#define WMI_HECAP_PHY_NSTSGT80MHZ_GET(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 8, 3) -#define WMI_HECAP_PHY_NSTSGT80MHZ_SET(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 8, 3, value) +#define WMI_HECAP_PHY_NSTSGT80MHZ_GET_D2(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 8, 3) +#define WMI_HECAP_PHY_NSTSGT80MHZ_SET_D2(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 8, 3, value) #define WMI_GET_HW_RATECODE_PREAM_V1(_rcode) (((_rcode) >> 8) & 0x7) @@ -9028,6 +9153,8 @@ typedef struct { A_UINT32 csa_event_bitmap; /** offset (in octets/bytes) of MBSSID IE in beacon frame */ A_UINT32 mbssid_ie_offset; + /** offset (in octets/bytes) of ESP IE in beacon frame */ + A_UINT32 esp_ie_offset; /* * The TLVs follows: @@ -10290,6 +10417,9 @@ typedef struct { A_UINT32 peer_he_cap_phy[WMI_MAX_HECAP_PHY_SIZE]; A_UINT32 peer_he_mcs; /* Indicates number of HE MCS TLV present */ + /* 2nd DWORD of 11ax MAC Capabilities */ + A_UINT32 peer_he_cap_info_ext; + /* Following this struct are the TLV's: * A_UINT8 peer_legacy_rates[]; * A_UINT8 peer_ht_rates[]; @@ -11274,6 +11404,8 @@ typedef struct { A_UINT32 wmm_caps; A_UINT32 mcsset[ROAM_OFFLOAD_NUM_MCS_SET>>2]; /* since this 4 byte aligned, we don't declare it as tlv array */ A_UINT32 handoff_delay_for_rx; /* In msec. Delay Hand-Off by this duration to receive pending Rx frames from current BSS */ + A_UINT32 max_mlme_sw_retries; /* maximum number of software retries for preauth and reassoc req */ + A_UINT32 no_ack_timeout; /* In msec. duration to wait before another SW retry made if no ack seen for previous frame */ } wmi_roam_offload_tlv_param; @@ -15249,6 +15381,68 @@ typedef struct { A_UINT32 sw_retry_threshold; } wmi_peer_tid_configurations_cmd_fixed_param; +/* The below enable/disable macros are used for both per peer CFR capture + * control (as in wmi_peer_cfr_capture_cmd) and control of the entire periodic + * CFR capture feature (as in WMI_PDEV_PARAM_PER_PEER_PERIODIC_CFR_ENABLE) + */ +#define WMI_PEER_CFR_CAPTURE_ENABLE 1 +#define WMI_PEER_CFR_CAPTURE_DISABLE 0 + +#define WMI_PEER_CFR_ONE_SHOT_REQUEST 0 +#define WMI_PEER_CFR_PERIODICITY_MIN 10 /* 10ms */ +#define WMI_PEER_CFR_PERIODICITY_MAX 10*60*1000 /* 10 minutes */ + +/* Bandwidth of peer CFR captures */ +typedef enum { + WMI_PEER_CFR_CAPTURE_BW_20MHZ = 0, + WMI_PEER_CFR_CAPTURE_BW_40MHZ = 1, + WMI_PEER_CFR_CAPTURE_BW_80MHZ = 2, + WMI_PEER_CFR_CAPTURE_BW_160MHZ = 3, + WMI_PEER_CFR_CAPTURE_BW_80_80MHZ = 4, + WMI_PEER_CFR_CAPTURE_BW_MAX, +} WMI_PEER_CFR_CAPTURE_BW; + +/* Peer CFR capture method */ +typedef enum { + /* Send null frame on the requested bw and capture CFR on ACK */ + WMI_PEER_CFR_CAPTURE_METHOD_NULL_FRAME = 0, + /* New methods to be added here */ + WMI_PEER_CFR_CAPTURE_METHOD_MAX, +} WMI_PEER_CFR_CAPTURE_METHOD; + +/* + * Peer command structure to configure the CFR capture + */ +typedef struct { + /** TLV tag and len; tag equals + * WMITLV_TAG_STRUC_wmi_peer_cfr_capture_cmd_fixed_param + */ + A_UINT32 tlv_header; + + /* WMI_PEER_CFR_CAPTURE_ENABLE: Enable CFR capture for the peer + * WMI_PEER_CFR_CAPTURE_DISABLE: Disable CFR capture for the peer + */ + A_UINT32 request; + /* Peer MAC address. In AP mode, this is the address of the connected peer + * for which CFR capture is needed. In case of STA mode, this is the address + * of the AP to which the STA is connected + */ + wmi_mac_addr mac_addr; + /* vdev id */ + A_UINT32 vdev_id; + /* Periodicity of measurement in ms. + * WMI_PEER_CFR_ONE_SHOT_REQUEST: One-shot request i.e., Only one CFR + * capture for the request and no periodic CFR captures. + * The min value is WMI_PEER_CFR_PERIODICITY_MIN + * The max value is WMI_PEER_CFR_PERIODICITY_MAX + */ + A_UINT32 periodicity; + /* BW of measurement - of type WMI_PEER_CFR_CAPTURE_BW */ + A_UINT32 bandwidth; + /* Method used to capture CFR - of type WMI_PEER_CFR_CAPTURE_METHOD */ + A_UINT32 capture_method; +} wmi_peer_cfr_capture_cmd_fixed_param; + typedef enum { WMI_PEER_IND_SMPS = 0x0, /* spatial multiplexing power save */ WMI_PEER_IND_OMN, /* operating mode notification */ @@ -15857,6 +16051,12 @@ typedef struct { } wmi_nan_cmd_param; typedef struct { + A_UINT32 tlv_header; /** TLV tag and len; tag equals WMITLV_TAG_STRUC_wmi_nan_host_config_param */ + A_UINT32 nan_2g_disc_disable:1; /** This bit when set to 1 indicate NAN 2G discovery should be disabled */ + A_UINT32 nan_5g_disc_disable:1; /** This bit when set to 1 indicate NAN 5G discovery should be disabled */ +} wmi_nan_host_config_param; + +typedef struct { A_UINT32 tlv_header; /** TLV tag and len; tag equals WMITLV_TAG_STRUC_wmi_nan_event_hdr */ A_UINT32 data_len; /** length in byte of data[]. */ /* This structure is used to send REQ binary blobs @@ -21066,6 +21266,9 @@ typedef struct { A_UINT32 chainmask_table_id; /* PDEV ID to LMAC ID mapping */ A_UINT32 lmac_id; + /* 2nd DWORD of HE capability info field of 802.11ax, support Draft 3+ */ + A_UINT32 he_cap_info_2G_ext; + A_UINT32 he_cap_info_5G_ext; } WMI_MAC_PHY_CAPABILITIES; typedef struct { @@ -21992,6 +22195,9 @@ static INLINE A_UINT8 *wmi_id_to_name(A_UINT32 wmi_command) WMI_RETURN_STRING(WMI_MOTION_DET_BASE_LINE_CONFIG_PARAM_CMDID); WMI_RETURN_STRING(WMI_MOTION_DET_START_STOP_CMDID); WMI_RETURN_STRING(WMI_MOTION_DET_BASE_LINE_START_STOP_CMDID); + WMI_RETURN_STRING(WMI_SAR_LIMITS_CMDID); + WMI_RETURN_STRING(WMI_SAR_GET_LIMITS_CMDID); + WMI_RETURN_STRING(WMI_PEER_CHAN_WIDTH_SWITCH_CMDID); } return "Invalid WMI cmd"; @@ -22911,6 +23117,28 @@ typedef struct { A_INT32 noise_floor[WMI_MAX_CHAINS]; } wmi_dma_buf_release_spectral_meta_data; +typedef enum { + NO_SCALING = 0, /* No bin scaling*/ + /** + * scaled_bin_mag = bin_mag * + * sqrt(10^(max(legacy_max_gain - default_agc_max_gain + low_level_offset - RSSI_corr, + * (agc_total_gain_db < default_agc_max_gain) * high_level_offset)/10)) * + * 2^(DET{0,1,2}_SPECTRAL_SCAN_BIN_SCALE - legacy_spectral_scan_bin_scale) + */ + AGC_GAIN_RSSI_CORR_BASED = 1, +} WMI_SPECTRAL_SCALING_FORMULA_ID; + +typedef struct +{ + A_UINT32 tlv_header; /* TLV tag and len; tag equals WMITLV_TAG_STRUC_wmi_spectral_bin_scaling_params */ + A_UINT32 pdev_id; /* ID of pdev to which the scaling parameters are to be applied */ + WMI_SPECTRAL_SCALING_FORMULA_ID formula_id; /* Represets the formula to be used */ + A_UINT32 low_level_offset; /* low level offset for fine tuning the scaling factor based on RSSI and AGC gain */ + A_UINT32 high_level_offset; /* high level offset for fine tuning the scaling factor based on RSSI and AGC gain */ + A_UINT32 rssi_thr; /* RSSI threshold to be used to adjust the inband power of the given spectral report */ + A_UINT32 default_agc_max_gain;/* DEFAULT AGC MAX GAIN used. Fetched from register RXTD_RADAR_SBS_CTRL_1_L bits20:13 */ +} wmi_spectral_bin_scaling_params; + typedef struct { A_UINT32 tlv_header; /* TLV tag and len; tag equals WMITLV_TAG_STRUC_wmi_runtime_dpd_recal_cmd_fixed_param */ A_UINT32 enable; /* Enable/disable */ @@ -23198,6 +23426,1039 @@ typedef struct { A_UINT32 vdev_id; } wmi_obss_spatial_reuse_set_cmd_fixed_param; +typedef struct { + A_UINT32 tlv_header; /* TLV tag and len; tag equals WMITLV_TAG_STRUCT_wmi_chan_width_peer_list */ + wmi_mac_addr peer_macaddr; + A_UINT32 chan_width; /* wmi_channel_width */ +} wmi_chan_width_peer_list; + +typedef struct { + A_UINT32 tlv_header; /* TLV tag and len; tag equals WMITLV_TAG_STRUC_wmi_peer_chan_width_switch_cmd_fixed_param */ + A_UINT32 num_peers; + /* + * Following this structure is the TLV: + * struct wmi_chan_width_peer_list chan_width_peer_info[num_peers]; + */ +} wmi_peer_chan_width_switch_cmd_fixed_param; + +/* Default PE Duration subfield indicates the PE duration in units of 4 us */ +#define WMI_HEOPS_DEFPE_GET_D3(he_ops) WMI_GET_BITS(he_ops, 0, 3) +#define WMI_HEOPS_DEFPE_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 0, 3, value) + +/* TWT required */ +#define WMI_HEOPS_TWT_REQUIRED_GET_D3(he_ops) WMI_GET_BITS(he_ops, 3, 1) +#define WMI_HEOPS_TWT_REQUIRED_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 3, 1, value) + +/* RTS threshold in units of 32 us,0 - always use RTS 1023 - this is disabled */ +#define WMI_HEOPS_RTSTHLD_GET_D3(he_ops) WMI_GET_BITS(he_ops, 4, 10) +#define WMI_HEOPS_RTSTHLD_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 4, 10, value) + +/* VHT Operation Information Present */ +#define WMI_HEOPS_VHTOPSPRSNT_GET_D3(he_ops) WMI_GET_BITS(he_ops, 14, 1) +#define WMI_HEOPS_VHTOPSPRSNT_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 14, 1, value) + +/* Co-Located BSS */ +#define WMI_HEOPS_COLOCBSS_GET_D3(he_ops) WMI_GET_BITS(he_ops, 15, 1) +#define WMI_HEOPS_COLOCBSS_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 15, 1, value) + +/* ER SU Disable */ +#define WMI_HEOPS_ERSUDIS_GET_D3(he_ops) WMI_GET_BITS(he_ops, 16, 1) +#define WMI_HEOPS_ERSUDIS_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 16, 1, value) + +/* bit17 - bit23 are reserved */ + +/* BSS color */ +#define WMI_HEOPS_COLOR_GET_D3(he_ops) WMI_GET_BITS(he_ops, 24, 6) +#define WMI_HEOPS_COLOR_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 24, 6, value) + +/* Partial BSS Color field indicates whether BSS applies an AID assignment rule using partial BSS color bits */ +#define WMI_HEOPS_PARTBSSCOLOR_GET_D3(he_ops) WMI_GET_BITS(he_ops, 30, 1) +#define WMI_HEOPS_PARTBSSCOLOR_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 30, 1, value) + +/* when set to 1 disables use of BSS color */ +#define WMI_HEOPS_BSSCOLORDISABLE_GET_D3(he_ops) WMI_GET_BITS(he_ops, 31, 1) +#define WMI_HEOPS_BSSCOLORDISABLE_SET_D3(he_ops, value) WMI_SET_BITS(he_ops, 31, 1, value) + +/* PHY Capabilities Information field */ + + +/* bit 0 reserved */ + +/* + * B0: Indicates STA support 40 MHz channel width in 2.4 GHz + * B1: Indicates STA support 40 MHz and 80 MHz channel width in 5 GHz + * B2: Indicates STA supports 160 MHz channel width in 5 GHz + * B3: Indicates STA supports 160/80+80 MHz channel width in 5 GHz + * B4: If B1 is set to 0, then B5 indicates support of 242/106/52/26-tone + * RU mapping in 40 MHz channel width in 2.4 GHz. Otherwise Reserved. + * B5: If B2, B3, and B4 are set to 0, then B6 indicates support of + * 242-tone RU mapping in 40 MHz and 80 + * MHz channel width in 5 GHz. Otherwise Reserved. + * B6: Reserved + */ +#define WMI_HECAP_PHY_CBW_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 1, 7) +#define WMI_HECAP_PHY_CBW_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 1, 7, value) + +/* + * B0: Indicates STA supports reception of preamble puncturing in 80 MHz, + * where in the preamble only the secondary 20 MHz is punctured + * B1: Indicates STA supports reception of preamble puncturing in 80 MHz, + * where in the preamble only one of the two 20 MHz sub-channels in the + * secondary 40 MHz is punctured + * B2: Indicates STA supports reception of preamble puncturing in 160 MHz + * or 80+80 MHz, where in the primary 80 MHz of the preamble only the + * secondary 20 MHz is punctured + * B3: Indicates STA supports reception of preamble puncturing in 160 MHz + * or 80+80 MHz, where in the primary 80 MHz of the preamble, the + * primary 40 MHz is present + */ +#define WMI_HECAP_PHY_PREAMBLEPUNCRX_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 8, 4) +#define WMI_HECAP_PHY_PREAMBLEPUNCRX_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 8, 4, value) + +/* Indicates transmitting STA is a Class A (1) or a Class B (0) device */ +#define WMI_HECAP_PHY_COD_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 12, 1) +#define WMI_HECAP_PHY_COD_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 12, 1, value) + +/* Indicates support of transmission and reception of LDPC encoded packets */ +#define WMI_HECAP_PHY_LDPC_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 13, 1) +#define WMI_HECAP_PHY_LDPC_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 13, 1, value) + +/* + * B0: Indicates support of reception of 1x LTF and 0.8us guard interval duration for HE SU PPDUs. + */ +#define WMI_HECAP_PHY_LTFGIFORHE_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 14, 1) +#define WMI_HECAP_PHY_LTFGIFORHE_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 14, 1, value) + +/* + * If the Doppler Rx subfield is 1, indicates the maximum number of space-time streams supported for reception + * when a midamble is present in the Data field. + * If the Doppler Tx subfield is 1, indicates the maximum number of space-time streams supported for transmission + * when a midamble is present in the Data field. + * If both Doppler Rx and Doppler Tx subfields are 1, indicates the maximum number of space-time streams + * supported for transmission and reception when a midamble is present in the Data field. + */ +#define WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 15, 2) +#define WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 15, 2, value) + +/* + * B0: For a transmitting STA acting as beamformee, it indicates support of + * NDP reception using 4x LTF and 3.2 us guard interval duration + */ +#define WMI_HECAP_PHY_LTFGIFORNDP_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 17, 1) +#define WMI_HECAP_PHY_LTFGIFORNDP_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 17, 1, value) + +/* indicates support for the transmission of HE PPDUs using STBC with one spatial stream for <= 80MHz Tx */ +#define WMI_HECAP_PHY_TXSTBC_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 18, 1) +#define WMI_HECAP_PHY_TXSTBC_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 18, 1, value) + +/* indicates support for the reception of HE PPDUs using STBC with one spatial stream for <= 80MHz Tx */ +#define WMI_HECAP_PHY_RXSTBC_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 19, 1) +#define WMI_HECAP_PHY_RXSTBC_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 19, 1, value) + +/* indicates transmitting STA supports transmitting HE PPDUs with Doppler procedure */ +#define WMI_HECAP_PHY_TXDOPPLER_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 20, 1) +#define WMI_HECAP_PHY_TXDOPPLER_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 20, 1, value) + +/* indicates transmitting STA supports receiving HE PPDUs with Doppler procedure */ +#define WMI_HECAP_PHY_RXDOPPLER_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 21, 1) +#define WMI_HECAP_PHY_RXDOPPLER_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 21, 1, value) + +/* + * If the transmitting STA is an AP: + * indicates STA supports of reception of full bandwidth UL MU-MIMO + * transmission. + * If the transmitting STA is a non-AP STA: + * indicates STA supports of transmission of full bandwidth UL MU-MIMO + * transmission. + */ +#define WMI_HECAP_PHY_UL_MU_MIMO_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 22, 1) +#define WMI_HECAP_PHY_UL_MU_MIMO_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 22, 1, value) + +/* + * If the transmitting STA is an AP: + * indicates STA supports of reception of UL MUMIMO transmission on an + * RU in an HE MU PPDU where the RU does not span the entire PPDU bandwidth. + * If the transmitting STA is a non-AP STA: + * indicates STA supports of transmission of UL MU-MIMO transmission on an + * RU in an HE MU PPDU where the RU does not span the entire PPDU bandwidth. + */ +#define WMI_HECAP_PHY_ULMUMIMOOFDMA_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 23, 1) +#define WMI_HECAP_PHY_ULMUMIMOOFDMA_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 23, 1, value) + +/* Tx DCM + * B0:B1 + * 00: Does not support DCM + * 01: BPSK + * 10: QPSK + * 11: 16-QAM + * B2 signals maximum number of spatial streams with DCM + * 0: 1 spatial stream + * 1: 2 spatial streams + */ +#define WMI_HECAP_PHY_DCMTX_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 24, 3) +#define WMI_HECAP_PHY_DCMTX_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 24, 3, value) + +/* Rx DCM + * B0:B1 + * 00: Does not support DCM + * 01: BPSK + * 10: QPSK + * 11: 16-QAM + * B2 signals maximum number of spatial streams with DCM + * 0: 1 spatial stream + * 1: 2 spatial streams + */ +#define WMI_HECAP_PHY_DCMRX_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 27, 3) +#define WMI_HECAP_PHY_DCMRX_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 27, 3, value) + + +/* + * Indicates that the STA supports the reception of an HE MU PPDU payload + * over full bandwidth and partial bandwidth (106-tone RU within 20 MHz). + */ +#define WMI_HECAP_PHY_ULHEMU_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 30, 1) +#define WMI_HECAP_PHY_ULHEMU_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 30, 1, value) + +/* Indicates support for operation as an SU beamformer */ +#define WMI_HECAP_PHY_SUBFMR_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[0], 31, 1) +#define WMI_HECAP_PHY_SUBFMR_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[0], 31, 1, value) + +/* Indicates support for operation as an SU beamformee */ +#define WMI_HECAP_PHY_SUBFME_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 0, 1) +#define WMI_HECAP_PHY_SUBFME_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 0, 1, value) + +/* Indicates support for operation as an MU Beamformer */ +#define WMI_HECAP_PHY_MUBFMR_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 1, 1) +#define WMI_HECAP_PHY_MUBFMR_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 1, 1, value) + +/* + * Num STS -1 for <= 80MHz (min val 3) + * The maximum number of space-time streams minus 1 that the STA can + * receive in an HE NDP + */ +#define WMI_HECAP_PHY_BFMESTSLT80MHZ_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 2, 3) +#define WMI_HECAP_PHY_BFMESTSLT80MHZ_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 2, 3, value) + + +/* + * Num STS -1 for > 80MHz (min val 3) + * The maximum number of space-time streams minus 1 that the STA can + * receive in an HE NDP + */ +#define WMI_HECAP_PHY_BFMESTSGT80MHZ_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 5, 3) +#define WMI_HECAP_PHY_BFMESTSGT80MHZ_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 5, 3, value) + + +/* + * Number Of Sounding Dimensions For <= 80 MHz + * If SU beamformer capable, set to the maximum supported value of the + * TXVECTOR parameter NUM_STS minus 1. + * Otherwise, reserved. + */ +#define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 8, 3) +#define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 8, 3, value) + +/* + * Number Of Sounding Dimensions For > 80 MHz + * If SU beamformer capable, set to the maximum supported value of the + * TXVECTOR parameter NUM_STS minus 1. + * Otherwise, reserved. + */ +#define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 11, 3) +#define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 11, 3, value) + +/* + * Indicates if the HE beamformee is capable of feedback with tone + * grouping of 16 in the HE Compressed Beamforming Report field for + * a SU-type feedback. + */ +#define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 14, 1) +#define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 14, 1, value) + +/* + * Indicates if the HE beamformee is capable of feedback with tone + * grouping of 16 in the HE Compressed Beamforming Report field for + * a MU-type feedback. + */ +#define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 15, 1) +#define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 15, 1, value) + +/* + * Indicates if HE beamformee is capable of feedback with codebook + * size {4, 2} in the HECompressed Beamforming Report field for + * a SU-type feedback. + */ +#define WMI_HECAP_PHY_CODBK42SU_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 16, 1) +#define WMI_HECAP_PHY_CODBK42SU_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 16, 1, value) + +/* + * Indicates if HE beamformee is capable of feedback with codebook + * size {7, 5} in the HE Compressed Beamforming Report field for + * a MU-type feedback. + */ +#define WMI_HECAP_PHY_CODBK75MU_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 17, 1) +#define WMI_HECAP_PHY_CODBK75MU_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 17, 1, value) + +/* + * Beamforming Feedback With Trigger Frame + * If the transmitting STA is an AP STA: + * B0: indicates support of reception of SU-Type partial(1) and full bandwidth feedback(0) + * B1: indicates support of reception of MU-Type partial(1) bandwidth feedback + * B2: indicates support of reception of CQI-Only partial and full bandwidth feedback + * If the transmitting STA is a non-AP STA: + * B0: indicates support of transmission of SU-Type partial(1) and full bandwidth(0) feedback + * B1: indicates support of transmission of MU-Type partial(1) bandwidth feedback + * B2: indicates support of transmission of CQI-Onlypartial (1)and full bandwidth feedback + */ +#define WMI_HECAP_PHY_BFFEEDBACKTRIG_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 18, 3) +#define WMI_HECAP_PHY_BFFEEDBACKTRIG_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 18, 3, value) + +/* Indicates the support of transmission and reception of an HE extended range SU PPDU payload transmitted + * over the right 106-tone RU or partial BW ER + */ +#define WMI_HECAP_PHY_HEERSU_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 21, 1) +#define WMI_HECAP_PHY_HEERSU_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 21, 1, value) + +/* Indicates that the non-AP STA supports reception of a DL MU-MIMO transmission on an RU in an HE MU PPDU + * where the RU does not span the entire PPDU bandwidth. + */ +#define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 22, 1) +#define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 22, 1, value) + +/* Indicates whether or not the PPE Threshold field is present */ +#define WMI_HECAP_PHY_PETHRESPRESENT_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 23, 1) +#define WMI_HECAP_PHY_PETHRESPRESENT_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 23, 1, value) + +/* Indicates that the STA supports SRP-based SR operation */ +#define WMI_HECAP_PHY_SRPSPRESENT_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 24, 1) +#define WMI_HECAP_PHY_SRPPRESENT_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 24, 1, value) + +/* Indicates that the STA supports a power boost factor ar for the r-th RU in the range [0.5, 2] */ +#define WMI_HECAP_PHY_PWRBOOSTAR_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 25, 1) +#define WMI_HECAP_PHY_PWRBOOSTAR_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 25, 1, value) + +/* Indicates support for the reception of 4x LTF and 0.8us guard interval duration for HE SU PPDUs. */ +#define WMI_HECAP_PHY_4XLTFAND800NSECSGI_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 26, 1) +#define WMI_HECAP_PHY_4XLTFAND800NSECSGI_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 26, 1, value) + +/* For a transmitting STA acting as a beamformee, it indicates the maximum Nc for beamforming sounding + * feedback supported If SU beamformee capable, then set to the maximum Nc for beamforming sounding feedback + * minus 1. Otherwise, reserved. + */ +#define WMI_HECAP_PHY_MAXNC_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 27, 3) +#define WMI_HECAP_PHY_MAXNC_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 27, 3, value) + +/* Indicates support for the transmission of an HE PPDU that has a bandwidth greater than 80 MHz and is using + * STBC with one spatial stream + */ +#define WMI_HECAP_PHY_STBCTXGT80_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 30, 1) +#define WMI_HECAP_PHY_STBCTXGT80_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 30, 1, value) + +/* Indicates support for the reception of an HE PPDU that has a bandwidth greater than 80 MHz and is using + * STBC with one spatial stream + */ +#define WMI_HECAP_PHY_STBCRXGT80_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[1], 31, 1) +#define WMI_HECAP_PHY_STBCRXGT80_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[1], 31, 1, value) + +/* Indicates support for the reception of an HE ER SU PPDU with 4x LTF and 0.8 us guard interval duration */ +#define WMI_HECAP_PHY_ERSU4X800NSECGI_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 0, 1) +#define WMI_HECAP_PHY_ERSU4X800NSECGI_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 0, 1, value) + +/* + * Indicates support of 26-, 52-, and 106-tone mapping for a 20 MHz operating non-AP HE STA that is the + * receiver of a 40 MHz HE MU PPDU in 2.4 GHz band, or the transmitter of a 40 MHz HE TB PPDU in 2.4GHz band. + */ +#define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 1, 1) +#define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 1, 1, value) + +/* + * Indicates support of 26-, 52-, and 106-tone mapping for a 20 MHz operating non-AP HE STA that is the + * receiver of a 80+80 MHz or a 160 MHz HE MU PPDU, or the transmitter of a 80+80 MHz or 160 MHz HE TB PPDU. + */ +#define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 2, 1) +#define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 2, 1, value) + +/* + * Indicates supports of 160 MHz OFDMA for a non-AP HE STA that sets bit B1 of Channel Width Set to 1, and + * sets B2 and B3 of Channel Width Set each to 0, when operating with 80 MHz channel width. The capability + * bit is applicable while receiving a 80+80 MHz or a 160 MHz HE MU PPDU, or transmitting a 80+80 MHz or a + * 160 MHz HE TB PPDU. + */ +#define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 3, 1) +#define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 3, 1, value) + +/* Indicates support for the reception of an HE ER SU PPDU with 1x LTF and 0.8 us guard interval duration */ +#define WMI_HECAP_PHY_ERSU1X800NSECGI_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 4, 1) +#define WMI_HECAP_PHY_ERSU1X800NSECGI_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 4, 1, value) + +/* + * If the Doppler Rx subfield is 1, indicates support for receiving midambles with 2x HE-LTF, 1x HE-LTF in + * HE SU PPDU if the HE SU PPDU With 1x HE-LTF And 0.8 s GI subfield is set to 1, and 1x HE-LTF in + * HE ER SU PPDU if the HE ER SU PPDU With 1x HELTF And 0.8 s GI subfield is set to 1. + * + * If the Doppler Tx subfield is 1, indicates support for transmitting midambles with 2x HE-LTF, 1x HE-LTF + * in HE TB PPDU when allowed. + + * If both the Doppler Rx and Doppler Tx subfields are 1, indicates support for receiving midambles with 2x HELTF, + * 1x HE-LTF in HE SU PPDU if the HE SU PPDU With 1x HE-LTF And 0.8 s GI subfield is set to 1, and + * 1x HE-LTF in HE ER SU PPDU if the HE ER SU PPDU With 1x HE-LTF And 0.8 s GI subfield is set + * to 1; and also support for transmitting midambles with 2x HE-LTF, 1x HE-LTF in HE TB PPDU when allowed. + */ +#define WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 5, 1) +#define WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 5, 1, value) + +/* + * If the DCM Max Constellation Tx subfield is greater than 0, then the DCM Max BW subfield indicates the + * maximum bandwidth of a PPDU that the STA might transmit with DCM applied. + * + * If the DCM Max Constellation Rx subfield is greater than 0, then the DCM Max BW subfield indicates the + * maximum bandwidth of a PPDU with DCM applied that the STA can receive. + * + * If both the DCM Max Constellation Tx subfield and DCM Max Constellation Rx subfield are 0, then this + * subfield is reserved. + * + * 0=20MHz, 1=40Mhz, 2=80Mhz, 3=160Mhz or 80+80Mhz + */ +#define WMI_HECAP_PHY_DCMMAXBW_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 6, 2) +#define WMI_HECAP_PHY_DCMMAXBW_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 6, 2, value) + +/* + * For a non-AP STA, indicates support for receiving a DL HE MU PPDU where the number of OFDM symbols + * in the HE SIG-B field is greater than 16. + */ +#define WMI_HECAP_PHY_LNG16SIGBSYMBSUPRT_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 8, 1) +#define WMI_HECAP_PHY_LNG16SIGBSYMBSUPRT_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 8, 1, value) + +/* + * For an AP, indicates support for the reception of full bandwidth non-triggered CQI-only feedback. + * For a non-AP STA, indicates support for the transmission of full bandwidth non-triggered CQI-only feedback. + */ +#define WMI_HECAP_PHY_NONTRIGCQIFEEDBK_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 9, 1) +#define WMI_HECAP_PHY_NONTRIGCQIFEEDBK_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 9, 1, value) + +/* + * For a non-AP STA, indicates support for the transmission of 1024-QAM on a 26-, 52-, and 106-tone RU. + * Reserved for an AP. + */ +#define WMI_HECAP_PHY_TX1024QAM242RUSUPRT_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 10, 1) +#define WMI_HECAP_PHY_TX1024QAM242RUSUPRT_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 10, 1, value) + +/* + * Indicates support for the reception of 1024-QAM on a 26-, 52-, and 106-tone RU. + */ +#define WMI_HECAP_PHY_RX1024QAM242RUSUPRT_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 11, 1) +#define WMI_HECAP_PHY_RX1024QAM242RUSUPRT_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 11, 1, value) + +/* + * Indicates support for reception of an HE MU PPDU with an RU spanning the entire PPDU bandwidth and a + * compressed HE-SIG-B format. + */ +#define WMI_HECAP_PHY_RXFULBWSUWCMPRSSIGB_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 12, 1) +#define WMI_HECAP_PHY_RXFULBWSUWCMPRSSIGB_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 12, 1, value) + +/* + * Indicates support for reception of an HE MU PPDU with a bandwidth less than or equal to 80 MHz, an RU + * spanning the entire PPDU bandwidth and a non-compressed HE-SIG-B format. + */ +#define WMI_HECAP_PHY_RXFULBWSUWNONCMPRSSIGB_GET_D3(he_cap_phy) WMI_GET_BITS(he_cap_phy[2], 13, 1) +#define WMI_HECAP_PHY_RXFULBWSUWNONCMPRSSIGB_SET_D3(he_cap_phy, value) WMI_SET_BITS(he_cap_phy[2], 13, 1, value) + +/* HE MAC Capabilities Information field format */ + +/* HTC + HE Support Set to 1 if STA supports reception of HE Variant HT control Field */ +#define WMI_HECAP_MAC_HECTRL_GET_D3(he_cap) WMI_GET_BITS(he_cap, 0, 1) +#define WMI_HECAP_MAC_HECTRL_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 0, 1, value) + +/* set to 1 to for TWT Requestor support */ +#define WMI_HECAP_MAC_TWTREQ_GET_D3(he_cap) WMI_GET_BITS(he_cap, 1, 1) +#define WMI_HECAP_MAC_TWTREQ_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 1, 1, value) + +/* set to 1 to for TWT Responder support */ +#define WMI_HECAP_MAC_TWTRSP_GET_D3(he_cap) WMI_GET_BITS(he_cap, 2, 1) +#define WMI_HECAP_MAC_TWTRSP_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 2, 1, value) + +/* Level of frag support + Set to 0 for no support for dynamic fragmentation. + Set to 1 for support for dynamic fragments that are contained within a S-MPDU + Set to 2 for support for dynamic fragments that are contained within a Single MPDU and support for up to + one dynamic fragment for each MSDU and each MMPDU within an A-MPDU or multi-TID A-MPDU. + Set to 3 for support for dynamic fragments that are contained within a Single MPDU and support for multiple + dynamic fragments for each MSDU within an AMPDU or multi-TID AMPDU and up to one dynamic fragment + for each MMPDU in a multi-TID A-MPDU that is not a Single MPDU +*/ +#define WMI_HECAP_MAC_HEFRAG_GET_D3(he_cap) WMI_GET_BITS(he_cap, 3, 2) +#define WMI_HECAP_MAC_HEFRAG_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 3, 2, value) + +/* The maximum number of fragmented MSDUs, Nmax,defined by this field is Nmax = 2 Maximum Number Of FMPDUs */ +#define WMI_HECAP_MAC_MAXFRAGMSDU_GET_D3(he_cap) WMI_GET_BITS(he_cap, 5, 3) +#define WMI_HECAP_MAC_MAXFRAGMSDU_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 5, 3, value) + + +/* 0 = no restriction on the minimum payload , 1 = 128 octets min, 2 = 256 octets min, 3 = 512 octets min */ +#define WMI_HECAP_MAC_MINFRAGSZ_GET_D3(he_cap) WMI_GET_BITS(he_cap, 8, 2) +#define WMI_HECAP_MAC_MINFRAGSZ_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 8, 2, value) + +/*0 = no additional processing time, 1 = 8us,2 = 16us */ +#define WMI_HECAP_MAC_TRIGPADDUR_GET_D3(he_cap) WMI_GET_BITS(he_cap, 10, 2) +#define WMI_HECAP_MAC_TRIGPADDUR_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 10, 2, value) + +/* Indicates the number of TIDs of QoS Data frames that an HE STA can receive in a multi-TID AMPDU */ +#define WMI_HECAP_MAC_MTID_RX_GET_D3(he_cap) WMI_GET_BITS(he_cap, 12, 3) +#define WMI_HECAP_MAC_MTID_RX_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 12, 3, value) + +/* Indicates support for link adaptation using the HLA Control subfield. */ +#define WMI_HECAP_MAC_HELINK_ADPT_GET_D3(he_cap) WMI_GET_BITS(he_cap, 15, 2) +#define WMI_HECAP_MAC_HELINK_ADPT_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 15, 2, value) + +/* Set to 1 for reception of AllAck support */ +#define WMI_HECAP_MAC_AACK_GET_D3(he_cap) WMI_GET_BITS(he_cap, 17, 1) +#define WMI_HECAP_MAC_AACK_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 17, 1, value) + +/* Set to 1 if the STA supports reception of the UL MU Response Scheduling A-Control field */ +#define WMI_HECAP_MAC_TRS_GET_D3(he_cap) WMI_GET_BITS(he_cap, 18, 1) +#define WMI_HECAP_MAC_TRS_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 18, 1, value) + +/* Set to 1 if the STA supports the BSR A-Control field functionality.*/ +#define WMI_HECAP_MAC_BSR_GET_D3(he_cap) WMI_GET_BITS(he_cap, 19, 1) +#define WMI_HECAP_MAC_BSR_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 19, 1, value) + +/* Set to 1 when the STA supports broadcast TWT functionality.*/ +#define WMI_HECAP_MAC_BCSTTWT_GET_D3(he_cap) WMI_GET_BITS(he_cap, 20, 1) +#define WMI_HECAP_MAC_BCSTTWT_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 20, 1, value) + +/* Set to 1 if STA supports rx of Multi-STA BA that has 32-bit Block Ack Bitmap */ +#define WMI_HECAP_MAC_32BITBA_GET_D3(he_cap) WMI_GET_BITS(he_cap, 21, 1) +#define WMI_HECAP_MAC_32BITBA_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 21, 1, value) + +/* Set to 1 if the STA supports MU cascading operation */ +#define WMI_HECAP_MAC_MUCASCADE_GET_D3(he_cap) WMI_GET_BITS(he_cap, 22, 1) +#define WMI_HECAP_MAC_MUCASCADE_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 22, 1, value) + +/* Set to 1 when the STA supports reception of this multi-TID A-MPDU format */ +#define WMI_HECAP_MAC_ACKMTIDAMPDU_GET_D3(he_cap) WMI_GET_BITS(he_cap, 23, 1) +#define WMI_HECAP_MAC_ACKMTIDAMPDU_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 23, 1, value) + +/* bit 24 - reserved */ + +/* Set to 1 if the STA supports reception of the OMI A-Control field */ +#define WMI_HECAP_MAC_OMI_GET_D3(he_cap) WMI_GET_BITS(he_cap, 25, 1) +#define WMI_HECAP_MAC_OMI_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 25, 1, value) + +/*1 if OFDMA Random Access Supported */ +#define WMI_HECAP_MAC_OFDMARA_GET_D3(he_cap) WMI_GET_BITS(he_cap, 26, 1) +#define WMI_HECAP_MAC_OFDMARA_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 26, 1, value) + +/* Maximum AMPDU Length Exponent. + * If the HE STA includes a VHT Capabilities element, the Maximum A-MPDU Length Exponent subfield in + * HE Capabilities element combined with the Maximum A-MPDU Length Exponent subfield in VHT + * Capabilities element indicate the maximum length of A-MPDU that the STA can Receive where EOF + * padding is not included in this limit. +*/ +#define WMI_HECAP_MAC_MAXAMPDULEN_EXP_GET_D3(he_cap) WMI_GET_BITS(he_cap, 27, 2) +#define WMI_HECAP_MAC_MAXAMPDULEN_EXP_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 27, 2, value) + + +/* A-MSDU Fragmentation Support */ +#define WMI_HECAP_MAC_AMSDUFRAG_GET_D3(he_cap) WMI_GET_BITS(he_cap, 29, 1) +#define WMI_HECAP_MAC_AMSDUFRAG_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 29, 1, value) + +/* Flexible TWT Schedule Support */ +#define WMI_HECAP_MAC_FLEXTWT_GET_D3(he_cap) WMI_GET_BITS(he_cap, 30, 1) +#define WMI_HECAP_MAC_FLEXTWT_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 30, 1, value) + +/* Rx Control Frame to MultiBSS */ +#define WMI_HECAP_MAC_MBSS_GET_D3(he_cap) WMI_GET_BITS(he_cap, 31, 1) +#define WMI_HECAP_MAC_MBSS_SET_D3(he_cap, value) WMI_SET_BITS(he_cap, 31, 1, value) + +/* 2nd DWORD of HE MAC Capabilities */ + +/* BSRP A-MPDU Aggregation + * maintaining compatability since we dont support this now so not wasting memory + */ +#define WMI_HECAP_MAC_BSRPAMPDU_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 0, 1) +#define WMI_HECAP_MAC_BSRPAMPDU_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 0, 1, value) + +/* Quiet Time Period (QTP) operation + * maintaining compatability since we dont support this now so not wasting memory + */ +#define WMI_HECAP_MAC_QTP_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 1, 1) +#define WMI_HECAP_MAC_QTP_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 1, 1, value) + +/* support by an AP for receiving an (A-)MPDU that contains a BQR in the + * A-Control subfield and support by a non-AP STA for generating an (A-)MPDU + * that contains a BQR in the A-Control subfield + * maintaining compatability since we dont support this now so not wasting memory + */ +#define WMI_HECAP_MAC_ABQR_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 2, 1) +#define WMI_HECAP_MAC_ABQR_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 2, 1, value) + +/* Indicates support by the STA for the role of SRP Responder.*/ +#define WMI_HECAP_MAC_SRPRESP_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 3, 1) +#define WMI_HECAP_MAC_SRPRESP_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 3, 1, value) + +/* Indicates support for a non-AP STA to follow the NDP feedback report procedure and respond to + * the NDP Feedback Report Poll Trigger frame. + */ +#define WMI_HECAP_MAC_NDPFDBKRPT_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 4, 1) +#define WMI_HECAP_MAC_NDPFDBKRPT_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 4, 1, value) + +/* Indicates support for an AP to encode OPS information to TIM element of the FILS Discovery + * frames or TIM frames as described in AP operation for opportunistic power save. + * Indicates support for a non-AP STA to receive the opportunistic power save encoded TIM elements + */ +#define WMI_HECAP_MAC_OPS_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 5, 1) +#define WMI_HECAP_MAC_OPS_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 5, 1, value) + +/* Indicates support by a STA to receive an ack-enabled A-MPDU in which an A-MSDU is carried in + * a QoS Data frame for which no block ack agreement exists. + */ +#define WMI_HECAP_MAC_AMSDUINAMPDU_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 6, 1) +#define WMI_HECAP_MAC_AMSDUINAMPDU_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 6, 1, value) + +/* Indicates the number of TIDs of QoS Data frames that an HE STA can transmit in a multi-TID AMPDU */ +#define WMI_HECAP_MAC_MTID_TX_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 7, 3) +#define WMI_HECAP_MAC_MTID_TX_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 7, 3, value) + +/* Indicates whether an HE STA supports an HE subchannel selective transmission operation */ +#define WMI_HECAP_MAC_SUBCHANSELTX_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 10, 1) +#define WMI_HECAP_MAC_SUBCHANSELTX_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 10, 1, value) + +/* Indicates support by a STA to receive a TRS Control subfield or a Trigger frame with a User Info + * field addressed to the STA with the RU Allocation subfield of the TRS Control subfield or the User + * Info field indicating 2x996-tone. + */ +#define WMI_HECAP_MAC_UL2X996RU_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 11, 1) +#define WMI_HECAP_MAC_UL2X996RU_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 11, 1, value) + +/* Indicates whether an AP supports interpretation of the UL MU Data Disable subfield of the OM Control subfield */ +#define WMI_HECAP_MAC_OMCULMUDDIS_GET_D3(he_cap2) WMI_GET_BITS(he_cap2, 12, 1) +#define WMI_HECAP_MAC_OMCULMUDDIS_SET_D3(he_cap2, value) WMI_SET_BITS(he_cap2, 12, 1, value) + +/* + * The following conditionally-defined macros can be used in systems + * which only support either 802.11ax draft 2 or 802.11ax draft 3, + * but not both, and which make this D2 vs. D3 selection at build time. + */ +#ifdef SUPPORT_11AX_D3 + #define WMI_HEOPS_COLOR_GET WMI_HEOPS_COLOR_GET_D3 + #define WMI_HEOPS_COLOR_SET WMI_HEOPS_COLOR_SET_D3 + #define WMI_HEOPS_DEFPE_GET WMI_HEOPS_DEFPE_GET_D3 + #define WMI_HEOPS_DEFPE_SET WMI_HEOPS_DEFPE_SET_D3 + #define WMI_HEOPS_TWT_REQUIRED_GET WMI_HEOPS_TWT_REQUIRED_GET_D3 + #define WMI_HEOPS_TWT_REQUIRED_SET WMI_HEOPS_TWT_REQUIRED_SET_D3 + #define WMI_HEOPS_TWT_GET WMI_HEOPS_TWT_REQUIRED_GET_D3 /* DEPRECATED, use WMI_HEOPS_TWT_REQUIRED_GET */ + #define WMI_HEOPS_TWT_SET WMI_HEOPS_TWT_REQUIRED_SET_D3 /* DEPRECATED, use WMI_HEOPS_TWT_REQUIRED_SET */ + #define WMI_HEOPS_RTSTHLD_GET WMI_HEOPS_RTSTHLD_GET_D3 + #define WMI_HEOPS_RTSTHLD_SET WMI_HEOPS_RTSTHLD_SET_D3 + #define WMI_HEOPS_PARTBSSCOLOR_GET WMI_HEOPS_PARTBSSCOLOR_GET_D3 + #define WMI_HEOPS_PARTBSSCOLOR_SET WMI_HEOPS_PARTBSSCOLOR_SET_D3 + #define WMI_HEOPS_COLOCBSS_GET WMI_HEOPS_COLOCBSS_GET_D3 + #define WMI_HEOPS_COLOCBSS_SET WMI_HEOPS_COLOCBSS_SET_D3 + #define WMI_HEOPS_VHTOPSPRSNT_GET WMI_HEOPS_VHTOPSPRSNT_GET_D3 + #define WMI_HEOPS_VHTOPSPRSNT_SET WMI_HEOPS_VHTOPSPRSNT_SET_D3 + #define WMI_HEOPS_ERSUDIS_GET WMI_HEOPS_ERSUDIS_GET_D3 + #define WMI_HEOPS_ERSUDIS_SET WMI_HEOPS_ERSUDIS_SET_D3 + #define WMI_HEOPS_BSSCOLORDISABLE_GET WMI_HEOPS_BSSCOLORDISABLE_GET_D3 + #define WMI_HEOPS_BSSCOLORDISABLE_SET WMI_HEOPS_BSSCOLORDISABLE_SET_D3 + #define WMI_HEOPS_TXBSSID_GET(he_ops) (0) /* DEPRECATED - DO NOT USE */ + #define WMI_HEOPS_TXBSSID_SET(he_ops, value) /* DEPRECATED - DO NOT USE */ + + #define WMI_HECAP_PHY_CBW_GET WMI_HECAP_PHY_CBW_GET_D3 + #define WMI_HECAP_PHY_CBW_SET WMI_HECAP_PHY_CBW_SET_D3 + #define WMI_HECAP_PHY_PREAMBLEPUNCRX_GET WMI_HECAP_PHY_PREAMBLEPUNCRX_GET_D3 + #define WMI_HECAP_PHY_PREAMBLEPUNCRX_SET WMI_HECAP_PHY_PREAMBLEPUNCRX_SET_D3 + #define WMI_HECAP_PHY_COD_GET WMI_HECAP_PHY_COD_GET_D3 + #define WMI_HECAP_PHY_COD_SET WMI_HECAP_PHY_COD_SET_D3 + #define WMI_HECAP_PHY_LDPC_GET WMI_HECAP_PHY_LDPC_GET_D3 + #define WMI_HECAP_PHY_LDPC_SET WMI_HECAP_PHY_LDPC_SET_D3 + #define WMI_HECAP_PHY_TXLDPC_GET WMI_HECAP_PHY_LDPC_GET /* Deprecated use WMI_HECAP_PHY_LDPC */ + #define WMI_HECAP_PHY_TXLDPC_SET WMI_HECAP_PHY_LDPC_SET /* Deprecated use WMI_HECAP_PHY_LDPC */ + #define WMI_HECAP_PHY_RXLDPC_GET WMI_HECAP_PHY_LDPC_GET /* Deprecated use WMI_HECAP_PHY_LDPC */ + #define WMI_HECAP_PHY_RXLDPC_SET WMI_HECAP_PHY_LDPC_SET /* Deprecated use WMI_HECAP_PHY_LDPC */ + #define WMI_HECAP_PHY_LTFGIFORHE_GET WMI_HECAP_PHY_LTFGIFORHE_GET_D3 + #define WMI_HECAP_PHY_LTFGIFORHE_SET WMI_HECAP_PHY_LTFGIFORHE_SET_D3 + #define WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_GET WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_GET_D3 + #define WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_SET WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_SET_D3 + #define WMI_HECAP_PHY_LTFGIFORNDP_GET WMI_HECAP_PHY_LTFGIFORNDP_GET_D3 + #define WMI_HECAP_PHY_LTFGIFORNDP_SET WMI_HECAP_PHY_LTFGIFORNDP_SET_D3 + #define WMI_HECAP_PHY_TXSTBC_GET WMI_HECAP_PHY_TXSTBC_GET_D3 + #define WMI_HECAP_PHY_TXSTBC_SET WMI_HECAP_PHY_TXSTBC_SET_D3 + #define WMI_HECAP_PHY_RXSTBC_GET WMI_HECAP_PHY_RXSTBC_GET_D3 + #define WMI_HECAP_PHY_RXSTBC_SET WMI_HECAP_PHY_RXSTBC_SET_D3 + #define WMI_HECAP_PHY_TXDOPPLER WMI_HECAP_PHY_TXDOPPLER_GET_D3 + #define WMI_HECAP_PHY_TXDOPPLER_SET WMI_HECAP_PHY_TXDOPPLER_SET_D3 + #define WMI_HECAP_PHY_RXDOPPLER_GET WMI_HECAP_PHY_RXDOPPLER_GET_D3 + #define WMI_HECAP_PHY_RXDOPPLER_SET WMI_HECAP_PHY_RXDOPPLER_SET_D3 + #define WMI_HECAP_PHY_UL_MU_MIMO_GET WMI_HECAP_PHY_UL_MU_MIMO_GET_D3 + #define WMI_HECAP_PHY_UL_MU_MIMO_SET WMI_HECAP_PHY_UL_MU_MIMO_SET_D3 + #define WMI_HECAP_PHY_ULMUMIMOOFDMA_GET WMI_HECAP_PHY_ULMUMIMOOFDMA_GET_D3 + #define WMI_HECAP_PHY_ULMUMIMOOFDMA_SET WMI_HECAP_PHY_ULMUMIMOOFDMA_SET_D3 + #define WMI_HECAP_PHY_DCMTX_GET WMI_HECAP_PHY_DCMTX_GET_D3 + #define WMI_HECAP_PHY_DCMTX_SET WMI_HECAP_PHY_DCMTX_SET_D3 + #define WMI_HECAP_PHY_DCMRX_GET WMI_HECAP_PHY_DCMRX_GET_D3 + #define WMI_HECAP_PHY_DCMRX_SET WMI_HECAP_PHY_DCMRX_SET_D3 + /* DEPRECATED - use WMI_HECAP_PHY_DCMRX or WMI_HECAP_PHY_DCMTX */ + #define WMI_HECAP_PHY_DCM_GET WMI_HECAP_PHY_DCMRX_GET_D3 + #define WMI_HECAP_PHY_DCM_SET WMI_HECAP_PHY_DCMRX_SET_D3 + #define WMI_HECAP_PHY_ULHEMU_GET WMI_HECAP_PHY_ULHEMU_GET_D3 + #define WMI_HECAP_PHY_ULHEMU_SET WMI_HECAP_PHY_ULHEMU_SET_D3 + #define WMI_HECAP_PHY_SUBFMR_GET WMI_HECAP_PHY_SUBFMR_GET_D3 + #define WMI_HECAP_PHY_SUBFMR_SET WMI_HECAP_PHY_SUBFMR_SET_D3 + #define WMI_HECAP_PHY_SUBFME_GET WMI_HECAP_PHY_SUBFME_GET_D3 + #define WMI_HECAP_PHY_SUBFME_SET WMI_HECAP_PHY_SUBFME_SET_D3 + #define WMI_HECAP_PHY_MUBFMR_GET WMI_HECAP_PHY_MUBFMR_GET_D3 + #define WMI_HECAP_PHY_MUBFMR_SET WMI_HECAP_PHY_MUBFMR_SET_D3 + #define WMI_HECAP_PHY_BFMESTSLT80MHZ_GET WMI_HECAP_PHY_BFMESTSLT80MHZ_GET_D3 + #define WMI_HECAP_PHY_BFMESTSLT80MHZ_SET WMI_HECAP_PHY_BFMESTSLT80MHZ_SET_D3 + #define WMI_HECAP_PHY_BFMESTSGT80MHZ_GET WMI_HECAP_PHY_BFMESTSGT80MHZ_GET_D3 + #define WMI_HECAP_PHY_BFMESTSGT80MHZ_SET WMI_HECAP_PHY_BFMESTSGT80MHZ_SET_D3 + #define WMI_HECAP_PHY_NSTSLT80MHZ_GET WMI_HECAP_PHY_BFMESTSLT80MHZ_GET_D3 + #define WMI_HECAP_PHY_NSTSLT80MHZ_SET WMI_HECAP_PHY_BFMESTSLT80MHZ_SET_D3 + #define WMI_HECAP_PHY_NSTSGT80MHZ_GET WMI_HECAP_PHY_BFMESTSGT80MHZ_GET_D3 + #define WMI_HECAP_PHY_NSTSGT80MHZ_SET WMI_HECAP_PHY_BFMESTSGT80MHZ_SET_D3 + #define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_GET WMI_HECAP_PHY_NUMSOUNDLT80MHZ_GET_D3 + #define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_SET WMI_HECAP_PHY_NUMSOUNDLT80MHZ_SET_D3 + #define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_GET WMI_HECAP_PHY_NUMSOUNDGT80MHZ_GET_D3 + #define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_SET WMI_HECAP_PHY_NUMSOUNDGT80MHZ_SET_D3 + #define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_GET WMI_HECAP_PHY_NG16SUFEEDBACKLT80_GET_D3 + #define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_SET WMI_HECAP_PHY_NG16SUFEEDBACKLT80_SET_D3 + #define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_GET WMI_HECAP_PHY_NG16MUFEEDBACKGT80_GET_D3 + #define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_SET WMI_HECAP_PHY_NG16MUFEEDBACKGT80_SET_D3 + #define WMI_HECAP_PHY_CODBK42SU_GET WMI_HECAP_PHY_CODBK42SU_GET_D3 + #define WMI_HECAP_PHY_CODBK42SU_SET WMI_HECAP_PHY_CODBK42SU_SET_D3 + #define WMI_HECAP_PHY_CODBK75MU_GET WMI_HECAP_PHY_CODBK75MU_GET_D3 + #define WMI_HECAP_PHY_CODBK75MU_SET WMI_HECAP_PHY_CODBK75MU_SET_D3 + #define WMI_HECAP_PHY_BFFEEDBACKTRIG_GET WMI_HECAP_PHY_BFFEEDBACKTRIG_GET_D3 + #define WMI_HECAP_PHY_BFFEEDBACKTRIG_SET WMI_HECAP_PHY_BFFEEDBACKTRIG_SET_D3 + #define WMI_HECAP_PHY_HEERSU_GET WMI_HECAP_PHY_HEERSU_GET_D3 + #define WMI_HECAP_PHY_HEERSU_SET WMI_HECAP_PHY_HEERSU_SET_D3 + #define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_GET WMI_HECAP_PHY_DLMUMIMOPARTIALBW_GET_D3 + #define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_SET WMI_HECAP_PHY_DLMUMIMOPARTIALBW_SET_D3 + #define WMI_HECAP_PHY_PETHRESPRESENT_GET WMI_HECAP_PHY_PETHRESPRESENT_GET_D3 + #define WMI_HECAP_PHY_PETHRESPRESENT_SET WMI_HECAP_PHY_PETHRESPRESENT_SET_D3 + #define WMI_HECAP_PHY_SRPSPRESENT_GET WMI_HECAP_PHY_SRPSPRESENT_GET_D3 + #define WMI_HECAP_PHY_SRPPRESENT_SET WMI_HECAP_PHY_SRPPRESENT_SET_D3 + #define WMI_HECAP_PHY_PWRBOOSTAR_GET WMI_HECAP_PHY_PWRBOOSTAR_GET_D3 + #define WMI_HECAP_PHY_PWRBOOSTAR_SET WMI_HECAP_PHY_PWRBOOSTAR_SET_D3 + #define WMI_HECAP_PHY_4XLTFAND800NSECSGI_GET WMI_HECAP_PHY_4XLTFAND800NSECSGI_GET_D3 + #define WMI_HECAP_PHY_4XLTFAND800NSECSGI_SET WMI_HECAP_PHY_4XLTFAND800NSECSGI_SET_D3 + #define WMI_HECAP_PHY_MAXNC_GET WMI_HECAP_PHY_MAXNC_GET_D3 + #define WMI_HECAP_PHY_MAXNC_SET WMI_HECAP_PHY_MAXNC_SET_D3 + #define WMI_HECAP_PHY_STBCTXGT80_GET WMI_HECAP_PHY_STBCTXGT80_GET_D3 + #define WMI_HECAP_PHY_STBCTXGT80_SET WMI_HECAP_PHY_STBCTXGT80_SET_D3 + #define WMI_HECAP_PHY_STBCRXGT80_GET WMI_HECAP_PHY_STBCRXGT80_GET_D3 + #define WMI_HECAP_PHY_STBCRXGT80_SET WMI_HECAP_PHY_STBCRXGT80_SET_D3 + #define WMI_HECAP_PHY_ERSU4X800NSECGI_GET WMI_HECAP_PHY_ERSU4X800NSECGI_GET_D3 + #define WMI_HECAP_PHY_ERSU4X800NSECGI_SET WMI_HECAP_PHY_ERSU4X800NSECGI_SET_D3 + #define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_GET WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_GET_D3 + #define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_SET WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_SET_D3 + #define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_GET WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_GET_D3 + #define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_SET WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_SET_D3 + #define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_GET WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_GET_D3 + #define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_SET WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_SET_D3 + #define WMI_HECAP_PHY_ERSU1X800NSECGI_GET WMI_HECAP_PHY_ERSU1X800NSECGI_GET_D3 + #define WMI_HECAP_PHY_ERSU1X800NSECGI_SET WMI_HECAP_PHY_ERSU1X800NSECGI_SET_D3 + #define WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_GET WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_GET_D3 + #define WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_SET WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_SET_D3 + #define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_GET WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_GET /* DEPRECATED */ + #define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_SET WMI_HECAP_PHY_MIDAMBLETXRX2XAND1XHELTF_SET /* DEPRECATED */ + #define WMI_HECAP_PHY_DCMMAXBW_GET WMI_HECAP_PHY_DCMMAXBW_GET_D3 + #define WMI_HECAP_PHY_DCMMAXBW_SET WMI_HECAP_PHY_DCMMAXBW_SET_D3 + #define WMI_HECAP_PHY_LNG16SIGBSYMBSUPRT_GET WMI_HECAP_PHY_LNG16SIGBSYMBSUPRT_GET_D3 + #define WMI_HECAP_PHY_LNG16SIGBSYMBSUPRT_SET WMI_HECAP_PHY_LNG16SIGBSYMBSUPRT_SET_D3 + #define WMI_HECAP_PHY_NONTRIGCQIFEEDBK_GET WMI_HECAP_PHY_NONTRIGCQIFEEDBK_GET_D3 + #define WMI_HECAP_PHY_NONTRIGCQIFEEDBK_SET WMI_HECAP_PHY_NONTRIGCQIFEEDBK_SET_D3 + #define WMI_HECAP_PHY_TX1024QAM242RUSUPRT_GET WMI_HECAP_PHY_TX1024QAM242RUSUPRT_GET_D3 + #define WMI_HECAP_PHY_TX1024QAM242RUSUPRT_SET WMI_HECAP_PHY_TX1024QAM242RUSUPRT_SET_D3 + #define WMI_HECAP_PHY_RX1024QAM242RUSUPRT_GET WMI_HECAP_PHY_RX1024QAM242RUSUPRT_GET_D3 + #define WMI_HECAP_PHY_RX1024QAM242RUSUPRT_SET WMI_HECAP_PHY_RX1024QAM242RUSUPRT_SET_D3 + #define WMI_HECAP_PHY_RXFULBWSUWCMPRSSIGB_GET WMI_HECAP_PHY_RXFULBWSUWCMPRSSIGB_GET_D3 + #define WMI_HECAP_PHY_RXFULBWSUWCMPRSSIGB_SET WMI_HECAP_PHY_RXFULBWSUWCMPRSSIGB_SET_D3 + #define WMI_HECAP_PHY_RXFULBWSUWNONCMPRSSIGB_GET WMI_HECAP_PHY_RXFULBWSUWNONCMPRSSIGB_GET_D3 + #define WMI_HECAP_PHY_RXFULBWSUWNONCMPRSSIGB_SET WMI_HECAP_PHY_RXFULBWSUWNONCMPRSSIGB_SET_D3 + #define WMI_HECAP_PHY_DB_GET(he_phy_cap) (0) /* DEPRECATED - DO NOT USE */ + #define WMI_HECAP_PHY_DB_SET(he_phy_cap, value) /* DEPRECATED - DO NOT USE */ + #define WMI_HECAP_MAC_HECTRL_GET WMI_HECAP_MAC_HECTRL_GET_D3 + #define WMI_HECAP_MAC_HECTRL_SET WMI_HECAP_MAC_HECTRL_SET_D3 + #define WMI_HECAP_MAC_TWTREQ_GET WMI_HECAP_MAC_TWTREQ_GET_D3 + #define WMI_HECAP_MAC_TWTREQ_SET WMI_HECAP_MAC_TWTREQ_SET_D3 + #define WMI_HECAP_MAC_TWTRSP_GET WMI_HECAP_MAC_TWTRSP_GET_D3 + #define WMI_HECAP_MAC_TWTRSP_SET WMI_HECAP_MAC_TWTRSP_SET_D3 + #define WMI_HECAP_MAC_HEFRAG_GET WMI_HECAP_MAC_HEFRAG_GET_D3 + #define WMI_HECAP_MAC_HEFRAG_SET WMI_HECAP_MAC_HEFRAG_SET_D3 + #define WMI_HECAP_MAC_MAXFRAGMSDU_GET WMI_HECAP_MAC_MAXFRAGMSDU_GET_D3 + #define WMI_HECAP_MAC_MAXFRAGMSDU_SET WMI_HECAP_MAC_MAXFRAGMSDU_SET_D3 + #define WMI_HECAP_MAC_MINFRAGSZ_GET WMI_HECAP_MAC_MINFRAGSZ_GET_D3 + #define WMI_HECAP_MAC_MINFRAGSZ_SET WMI_HECAP_MAC_MINFRAGSZ_SET_D3 + #define WMI_HECAP_MAC_TRIGPADDUR_GET WMI_HECAP_MAC_TRIGPADDUR_GET_D3 + #define WMI_HECAP_MAC_TRIGPADDUR_SET WMI_HECAP_MAC_TRIGPADDUR_SET_D3 + #define WMI_HECAP_MAC_MTID_RX_GET WMI_HECAP_MAC_MTID_RX_GET_D3 + #define WMI_HECAP_MAC_MTID_RX_SET WMI_HECAP_MAC_MTID_RX_SET_D3 + #define WMI_HECAP_MAC_HELINK_ADPT_GET WMI_HECAP_MAC_HELINK_ADPT_GET_D3 + #define WMI_HECAP_MAC_HELINK_ADPT_SET WMI_HECAP_MAC_HELINK_ADPT_SET_D3 + #define WMI_HECAP_MAC_AACK_GET WMI_HECAP_MAC_AACK_GET_D3 + #define WMI_HECAP_MAC_AACK_SET WMI_HECAP_MAC_AACK_SET_D3 + #define WMI_HECAP_MAC_TRS_GET WMI_HECAP_MAC_TRS_GET_D3 + #define WMI_HECAP_MAC_TRS_SET WMI_HECAP_MAC_TRS_SET_D3 + #define WMI_HECAP_MAC_ULMURSP_GET(he_cap) (0) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_MAC_ULMURSP_SET(he_cap, value) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_MAC_BSR_GET WMI_HECAP_MAC_BSR_GET_D3 + #define WMI_HECAP_MAC_BSR_SET WMI_HECAP_MAC_BSR_SET_D3 + #define WMI_HECAP_MAC_BCSTTWT_GET WMI_HECAP_MAC_BCSTTWT_GET_D3 + #define WMI_HECAP_MAC_BCSTTWT_SET WMI_HECAP_MAC_BCSTTWT_SET_D3 + #define WMI_HECAP_MAC_32BITBA_GET WMI_HECAP_MAC_32BITBA_GET_D3 + #define WMI_HECAP_MAC_32BITBA_SET WMI_HECAP_MAC_32BITBA_SET_D3 + #define WMI_HECAP_MAC_MUCASCADE_GET WMI_HECAP_MAC_MUCASCADE_GET_D3 + #define WMI_HECAP_MAC_MUCASCADE_SET WMI_HECAP_MAC_MUCASCADE_SET_D3 + #define WMI_HECAP_MAC_ACKMTIDAMPDU_GET WMI_HECAP_MAC_ACKMTIDAMPDU_GET_D3 + #define WMI_HECAP_MAC_ACKMTIDAMPDU_SET WMI_HECAP_MAC_ACKMTIDAMPDU_SET_D3 + #define WMI_HECAP_MAC_GROUPMSTABA_GET(he_cap) (0) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_MAC_GROUPMSTABA_SET(he_cap, value) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_MAC_OMI_GET WMI_HECAP_MAC_OMI_GET_D3 + #define WMI_HECAP_MAC_OMI_SET WMI_HECAP_MAC_OMI_SET_D3 + #define WMI_HECAP_MAC_OFDMARA_GET WMI_HECAP_MAC_OFDMARA_GET_D3 + #define WMI_HECAP_MAC_OFDMARA_SET WMI_HECAP_MAC_OFDMARA_SET_D3 + #define WMI_HECAP_MAC_MAXAMPDULEN_EXP_GET WMI_HECAP_MAC_MAXAMPDULEN_EXP_GET_D3 + #define WMI_HECAP_MAC_MAXAMPDULEN_EXP_SET WMI_HECAP_MAC_MAXAMPDULEN_EXP_SET_D3 + #define WMI_HECAP_MAC_AMSDUFRAG_GET WMI_HECAP_MAC_AMSDUFRAG_GET_D3 + #define WMI_HECAP_MAC_AMSDUFRAG_SET WMI_HECAP_MAC_AMSDUFRAG_SET_D3 + #define WMI_HECAP_MAC_FLEXTWT_GET WMI_HECAP_MAC_FLEXTWT_GET_D3 + #define WMI_HECAP_MAC_FLEXTWT_SET WMI_HECAP_MAC_FLEXTWT_SET_D3 + #define WMI_HECAP_MAC_MBSS_GET WMI_HECAP_MAC_MBSS_GET_D3 + #define WMI_HECAP_MAC_MBSS_SET WMI_HECAP_MAC_MBSS_SET_D3 + #define WMI_HECAP_MAC_BSRPAMPDU_GET WMI_HECAP_MAC_BSRPAMPDU_GET_D3 + #define WMI_HECAP_MAC_BSRPAMPDU_SET WMI_HECAP_MAC_BSRPAMPDU_SET_D3 + #define WMI_HECAP_MAC_QTP_GET WMI_HECAP_MAC_QTP_GET_D3 + #define WMI_HECAP_MAC_QTP_SET WMI_HECAP_MAC_QTP_SET_D3 + #define WMI_HECAP_MAC_ABQR_GET WMI_HECAP_MAC_ABQR_GET_D3 + #define WMI_HECAP_MAC_ABQR_SET WMI_HECAP_MAC_ABQR_SET_D3 + #define WMI_HECAP_MAC_SRPRESP_GET WMI_HECAP_MAC_SRPRESP_GET_D3 + #define WMI_HECAP_MAC_SRPRESP_SET WMI_HECAP_MAC_SRPRESP_SET_D3 + #define WMI_HECAP_MAC_SRRESP_GET(he_cap2) (0) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_MAC_SRRESP_SET(he_cap2, value) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_MAC_NDPFDBKRPT_GET WMI_HECAP_MAC_NDPFDBKRPT_GET_D3 + #define WMI_HECAP_MAC_NDPFDBKRPT_SET WMI_HECAP_MAC_NDPFDBKRPT_SET_D3 + #define WMI_HECAP_MAC_OPS_GET WMI_HECAP_MAC_OPS_GET_D3 + #define WMI_HECAP_MAC_OPS_SET WMI_HECAP_MAC_OPS_SET_D3 + #define WMI_HECAP_MAC_AMSDUINAMPDU_GET WMI_HECAP_MAC_AMSDUINAMPDU_GET_D3 + #define WMI_HECAP_MAC_AMSDUINAMPDU_SET WMI_HECAP_MAC_AMSDUINAMPDU_SET_D3 + #define WMI_HECAP_MAC_MTID_TX_GET WMI_HECAP_MAC_MTID_TX_GET_D3 + #define WMI_HECAP_MAC_MTID_TX_SET WMI_HECAP_MAC_MTID_TX_SET_D3 + #define WMI_HECAP_MAC_SUBCHANSELTX_GET WMI_HECAP_MAC_SUBCHANSELTX_GET_D3 + #define WMI_HECAP_MAC_SUBCHANSELTX_SET WMI_HECAP_MAC_SUBCHANSELTX_SET_D3 + #define WMI_HECAP_MAC_UL2X996RU_GET WMI_HECAP_MAC_UL2X996RU_GET_D3 + #define WMI_HECAP_MAC_UL2X996RU_SET WMI_HECAP_MAC_UL2X996RU_SET_D3 + #define WMI_HECAP_MAC_OMCULMUDDIS_GET WMI_HECAP_MAC_OMCULMUDDIS_GET_D3 + #define WMI_HECAP_MAC_OMCULMUDDIS_SET WMI_HECAP_MAC_OMCULMUDDIS_SET_D3 + #define WMI_HECAP_MAC_HELKAD_GET(he_cap) (0) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_MAC_HELKAD_SET(he_cap, value) /* DEPRECATED, DO NOT USE */ + #define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_GET WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_GET_D3 /* DEPRECATED - DO NOT USE */ + #define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_SET WMI_HECAP_PHY_MIDAMBLETXRXMAXNSTS_SET_D3 /* DEPRECATED - DO NOT USE */ +#else /* SUPPORT_11AX_D3 vs. D2 */ + /* D2 and D2- */ + #define WMI_HEOPS_COLOR_GET WMI_HEOPS_COLOR_GET_D2 + #define WMI_HEOPS_COLOR_SET WMI_HEOPS_COLOR_SET_D2 + #define WMI_HEOPS_DEFPE_GET WMI_HEOPS_DEFPE_GET_D2 + #define WMI_HEOPS_DEFPE_SET WMI_HEOPS_DEFPE_SET_D2 + #define WMI_HEOPS_TWT_REQUIRED_GET WMI_HEOPS_TWT_REQUIRED_GET_D2 + #define WMI_HEOPS_TWT_REQUIRED_SET WMI_HEOPS_TWT_REQUIRED_SET_D2 + #define WMI_HEOPS_TWT_GET WMI_HEOPS_TWT_GET_D2 /* Depricated */ + #define WMI_HEOPS_TWT_SET WMI_HEOPS_TWT_SET_D2 /* Depricated */ + #define WMI_HEOPS_RTSTHLD_GET WMI_HEOPS_RTSTHLD_GET_D2 + #define WMI_HEOPS_RTSTHLD_SET WMI_HEOPS_RTSTHLD_SET_D2 + #define WMI_HEOPS_PARTBSSCOLOR_GET WMI_HEOPS_PARTBSSCOLOR_GET_D2 + #define WMI_HEOPS_PARTBSSCOLOR_SET WMI_HEOPS_PARTBSSCOLOR_SET_D2 + #define WMI_HEOPS_MAXBSSID_GET WMI_HEOPS_MAXBSSID_GET_D2 + #define WMI_HEOPS_MAXBSSID_SET WMI_HEOPS_MAXBSSID_SET_D2 + #define WMI_HEOPS_TXBSSID_GET WMI_HEOPS_TXBSSID_GET_D2 + #define WMI_HEOPS_TXBSSID_SET WMI_HEOPS_TXBSSID_SET_D2 + #define WMI_HEOPS_BSSCOLORDISABLE_GET WMI_HEOPS_BSSCOLORDISABLE_GET_D2 + #define WMI_HEOPS_BSSCOLORDISABLE_SET WMI_HEOPS_BSSCOLORDISABLE_SET_D2 + #define WMI_HEOPS_DUALBEACON_GET WMI_HEOPS_DUALBEACON_GET_D2 + #define WMI_HEOPS_DUALBEACON_SET WMI_HEOPS_DUALBEACON_SET_D2 + #define WMI_HECAP_PHY_DB_GET WMI_HECAP_PHY_DB_GET_D2 + #define WMI_HECAP_PHY_DB_SET WMI_HECAP_PHY_DB_SET_D2 + #define WMI_HECAP_PHY_CBW_GET WMI_HECAP_PHY_CBW_GET_D2 + #define WMI_HECAP_PHY_CBW_SET WMI_HECAP_PHY_CBW_SET_D2 + #define WMI_HECAP_PHY_PREAMBLEPUNCRX_GET WMI_HECAP_PHY_PREAMBLEPUNCRX_GET_D2 + #define WMI_HECAP_PHY_PREAMBLEPUNCRX_SET WMI_HECAP_PHY_PREAMBLEPUNCRX_SET_D2 + #define WMI_HECAP_PHY_COD_GET WMI_HECAP_PHY_COD_GET_D2 + #define WMI_HECAP_PHY_COD_SET WMI_HECAP_PHY_COD_SET_D2 + #define WMI_HECAP_PHY_LDPC_GET WMI_HECAP_PHY_LDPC_GET_D2 + #define WMI_HECAP_PHY_LDPC_SET WMI_HECAP_PHY_LDPC_SET_D2 + #define WMI_HECAP_PHY_TXLDPC_GET WMI_HECAP_PHY_TXLDPC_GET_D2 + #define WMI_HECAP_PHY_TXLDPC_SET WMI_HECAP_PHY_TXLDPC_SET_D2 + #define WMI_HECAP_PHY_RXLDPC_GET WMI_HECAP_PHY_RXLDPC_GET_D2 + #define WMI_HECAP_PHY_RXLDPC_SET WMI_HECAP_PHY_RXLDPC_SET_D2 + #define WMI_HECAP_PHY_LTFGIFORHE_GET WMI_HECAP_PHY_LTFGIFORHE_GET_D2 + #define WMI_HECAP_PHY_LTFGIFORHE_SET WMI_HECAP_PHY_LTFGIFORHE_SET_D2 + #define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_GET WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_GET_D2 + #define WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_SET WMI_HECAP_PHY_MIDAMBLERXMAXNSTS_SET_D2 + #define WMI_HECAP_PHY_LTFGIFORNDP_GET WMI_HECAP_PHY_LTFGIFORNDP_GET_D2 + #define WMI_HECAP_PHY_LTFGIFORNDP_SET WMI_HECAP_PHY_LTFGIFORNDP_SET_D2 + #define WMI_HECAP_PHY_TXSTBC_GET WMI_HECAP_PHY_TXSTBC_GET_D2 + #define WMI_HECAP_PHY_TXSTBC_SET WMI_HECAP_PHY_TXSTBC_SET_D2 + #define WMI_HECAP_PHY_RXSTBC_GET WMI_HECAP_PHY_RXSTBC_GET_D2 + #define WMI_HECAP_PHY_RXSTBC_SET WMI_HECAP_PHY_RXSTBC_SET_D2 + #define WMI_HECAP_PHY_TXDOPPLER_GET WMI_HECAP_PHY_TXDOPPLER_GET_D2 + #define WMI_HECAP_PHY_TXDOPPLER_SET WMI_HECAP_PHY_TXDOPPLER_SET_D2 + #define WMI_HECAP_PHY_RXDOPPLER_GET WMI_HECAP_PHY_RXDOPPLER_GET_D2 + #define WMI_HECAP_PHY_RXDOPPLER_SET WMI_HECAP_PHY_RXDOPPLER_SET_D2 + #define WMI_HECAP_PHY_UL_MU_MIMO_GET WMI_HECAP_PHY_UL_MU_MIMO_GET_D2 + #define WMI_HECAP_PHY_UL_MU_MIMO_SET WMI_HECAP_PHY_UL_MU_MIMO_SET_D2 + #define WMI_HECAP_PHY_ULMUMIMOOFDMA_GET WMI_HECAP_PHY_ULMUMIMOOFDMA_GET_D2 + #define WMI_HECAP_PHY_ULMUMIMOOFDMA_SET WMI_HECAP_PHY_ULMUMIMOOFDMA_SET_D2 + #define WMI_HECAP_PHY_DCMTX_GET WMI_HECAP_PHY_DCMTX_GET_D2 + #define WMI_HECAP_PHY_DCMTX_SET WMI_HECAP_PHY_DCMTX_SET_D2 + #define WMI_HECAP_PHY_DCMRX_GET WMI_HECAP_PHY_DCMRX_GET_D2 + #define WMI_HECAP_PHY_DCMRX_SET WMI_HECAP_PHY_DCMRX_SET_D2 + #define WMI_HECAP_PHY_ULHEMU_GET WMI_HECAP_PHY_ULHEMU_GET_D2 + #define WMI_HECAP_PHY_ULHEMU_SET WMI_HECAP_PHY_ULHEMU_SET_D2 + #define WMI_HECAP_PHY_SUBFMR_GET WMI_HECAP_PHY_SUBFMR_GET_D2 + #define WMI_HECAP_PHY_SUBFMR_SET WMI_HECAP_PHY_SUBFMR_SET_D2 + #define WMI_HECAP_PHY_SUBFME_GET WMI_HECAP_PHY_SUBFME_GET_D2 + #define WMI_HECAP_PHY_SUBFME_SET WMI_HECAP_PHY_SUBFME_SET_D2 + #define WMI_HECAP_PHY_MUBFMR_GET WMI_HECAP_PHY_MUBFMR_GET_D2 + #define WMI_HECAP_PHY_MUBFMR_SET WMI_HECAP_PHY_MUBFMR_SET_D2 + #define WMI_HECAP_PHY_BFMESTSLT80MHZ_GET WMI_HECAP_PHY_BFMESTSLT80MHZ_GET_D2 + #define WMI_HECAP_PHY_BFMESTSLT80MHZ_SET WMI_HECAP_PHY_BFMESTSLT80MHZ_SET_D2 + #define WMI_HECAP_PHY_BFMESTSGT80MHZ_GET WMI_HECAP_PHY_BFMESTSGT80MHZ_GET_D2 + #define WMI_HECAP_PHY_BFMESTSGT80MHZ_SET WMI_HECAP_PHY_BFMESTSGT80MHZ_SET_D2 + #define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_GET WMI_HECAP_PHY_NUMSOUNDLT80MHZ_GET_D2 + #define WMI_HECAP_PHY_NUMSOUNDLT80MHZ_SET WMI_HECAP_PHY_NUMSOUNDLT80MHZ_SET_D2 + #define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_GET WMI_HECAP_PHY_NUMSOUNDGT80MHZ_GET_D2 + #define WMI_HECAP_PHY_NUMSOUNDGT80MHZ_SET WMI_HECAP_PHY_NUMSOUNDGT80MHZ_SET_D2 + #define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_GET WMI_HECAP_PHY_NG16SUFEEDBACKLT80_GET_D2 + #define WMI_HECAP_PHY_NG16SUFEEDBACKLT80_SET WMI_HECAP_PHY_NG16SUFEEDBACKLT80_SET_D2 + #define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_GET WMI_HECAP_PHY_NG16MUFEEDBACKGT80_GET_D2 + #define WMI_HECAP_PHY_NG16MUFEEDBACKGT80_SET WMI_HECAP_PHY_NG16MUFEEDBACKGT80_SET_D2 + #define WMI_HECAP_PHY_CODBK42SU_GET WMI_HECAP_PHY_CODBK42SU_GET_D2 + #define WMI_HECAP_PHY_CODBK42SU_SET WMI_HECAP_PHY_CODBK42SU_SET_D2 + #define WMI_HECAP_PHY_CODBK75MU_GET WMI_HECAP_PHY_CODBK75MU_GET_D2 + #define WMI_HECAP_PHY_CODBK75MU_SET WMI_HECAP_PHY_CODBK75MU_SET_D2 + #define WMI_HECAP_PHY_BFFEEDBACKTRIG_GET WMI_HECAP_PHY_BFFEEDBACKTRIG_GET_D2 + #define WMI_HECAP_PHY_BFFEEDBACKTRIG_SET WMI_HECAP_PHY_BFFEEDBACKTRIG_SET_D2 + #define WMI_HECAP_PHY_HEERSU_GET WMI_HECAP_PHY_HEERSU_GET_D2 + #define WMI_HECAP_PHY_HEERSU_SET WMI_HECAP_PHY_HEERSU_SET_D2 + #define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_GET WMI_HECAP_PHY_DLMUMIMOPARTIALBW_GET_D2 + #define WMI_HECAP_PHY_DLMUMIMOPARTIALBW_SET WMI_HECAP_PHY_DLMUMIMOPARTIALBW_SET_D2 + #define WMI_HECAP_PHY_PETHRESPRESENT_GET WMI_HECAP_PHY_PETHRESPRESENT_GET_D2 + #define WMI_HECAP_PHY_PETHRESPRESENT_SET WMI_HECAP_PHY_PETHRESPRESENT_SET_D2 + #define WMI_HECAP_PHY_SRPSPRESENT_GET WMI_HECAP_PHY_SRPSPRESENT_GET_D2 + #define WMI_HECAP_PHY_SRPPRESENT_SET WMI_HECAP_PHY_SRPPRESENT_SET_D2 + #define WMI_HECAP_PHY_PWRBOOSTAR_GET WMI_HECAP_PHY_PWRBOOSTAR_GET_D2 + #define WMI_HECAP_PHY_PWRBOOSTAR_SET WMI_HECAP_PHY_PWRBOOSTAR_SET_D2 + #define WMI_HECAP_PHY_4XLTFAND800NSECSGI_GET WMI_HECAP_PHY_4XLTFAND800NSECSGI_GET_D2 + #define WMI_HECAP_PHY_4XLTFAND800NSECSGI_SET WMI_HECAP_PHY_4XLTFAND800NSECSGI_SET_D2 + #define WMI_HECAP_PHY_MAXNC_GET WMI_HECAP_PHY_MAXNC_GET_D2 + #define WMI_HECAP_PHY_MAXNC_SET WMI_HECAP_PHY_MAXNC_SET_D2 + #define WMI_HECAP_PHY_STBCTXGT80_GET WMI_HECAP_PHY_STBCTXGT80_GET_D2 + #define WMI_HECAP_PHY_STBCTXGT80_SET WMI_HECAP_PHY_STBCTXGT80_SET_D2 + #define WMI_HECAP_PHY_STBCRXGT80_GET WMI_HECAP_PHY_STBCRXGT80_GET_D2 + #define WMI_HECAP_PHY_STBCRXGT80_SET WMI_HECAP_PHY_STBCRXGT80_SET_D2 + #define WMI_HECAP_PHY_ERSU4X800NSECGI_GET WMI_HECAP_PHY_ERSU4X800NSECGI_GET_D2 + #define WMI_HECAP_PHY_ERSU4X800NSECGI_SET WMI_HECAP_PHY_ERSU4X800NSECGI_SET_D2 + #define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_GET WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_GET_D2 + #define WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_SET WMI_HECAP_PHY_HEPPDU20IN40MHZ2G_SET_D2 + #define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_GET WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_GET_D2 + #define WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_SET WMI_HECAP_PHY_HEPPDU20IN160OR80P80MHZ_SET_D2 + #define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_GET WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_GET_D2 + #define WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_SET WMI_HECAP_PHY_HEPPDU80IN160OR80P80MHZ_SET_D2 + #define WMI_HECAP_PHY_ERSU1X800NSECGI_GET WMI_HECAP_PHY_ERSU1X800NSECGI_GET_D2 + #define WMI_HECAP_PHY_ERSU1X800NSECGI_SET WMI_HECAP_PHY_ERSU1X800NSECGI_SET_D2 + #define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_GET WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_GET_D2 + #define WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_SET WMI_HECAP_PHY_MIDAMBLERX2XAND1XHELTF_SET_D2 + #define WMI_HECAP_MAC_HECTRL_GET WMI_HECAP_MAC_HECTRL_GET_D2 + #define WMI_HECAP_MAC_HECTRL_SET WMI_HECAP_MAC_HECTRL_SET_D2 + #define WMI_HECAP_MAC_TWTREQ_GET WMI_HECAP_MAC_TWTREQ_GET_D2 + #define WMI_HECAP_MAC_TWTREQ_SET WMI_HECAP_MAC_TWTREQ_SET_D2 + #define WMI_HECAP_MAC_TWTRSP_GET WMI_HECAP_MAC_TWTRSP_GET_D2 + #define WMI_HECAP_MAC_TWTRSP_SET WMI_HECAP_MAC_TWTRSP_SET_D2 + #define WMI_HECAP_MAC_HEFRAG_GET WMI_HECAP_MAC_HEFRAG_GET_D2 + #define WMI_HECAP_MAC_HEFRAG_SET WMI_HECAP_MAC_HEFRAG_SET_D2 + #define WMI_HECAP_MAC_MAXFRAGMSDU_GET WMI_HECAP_MAC_MAXFRAGMSDU_GET_D2 + #define WMI_HECAP_MAC_MAXFRAGMSDU_SET WMI_HECAP_MAC_MAXFRAGMSDU_SET_D2 + #define WMI_HECAP_MAC_MINFRAGSZ_GET WMI_HECAP_MAC_MINFRAGSZ_GET_D2 + #define WMI_HECAP_MAC_MINFRAGSZ_SET WMI_HECAP_MAC_MINFRAGSZ_SET_D2 + #define WMI_HECAP_MAC_TRIGPADDUR_GET WMI_HECAP_MAC_TRIGPADDUR_GET_D2 + #define WMI_HECAP_MAC_TRIGPADDUR_SET WMI_HECAP_MAC_TRIGPADDUR_SET_D2 + #define WMI_HECAP_MAC_MTID_GET WMI_HECAP_MAC_MTID_GET_D2 + #define WMI_HECAP_MAC_MTID_SET WMI_HECAP_MAC_MTID_SET_D2 + #define WMI_HECAP_MAC_AMSDUINAMPDU_GET WMI_HECAP_MAC_AMSDUINAMPDU_GET_D2 + #define WMI_HECAP_MAC_AMSDUINAMPDU_SET WMI_HECAP_MAC_AMSDUINAMPDU_SET_D2 + #define WMI_HECAP_MAC_HELKAD_GET WMI_HECAP_MAC_HELKAD_GET_D2 + #define WMI_HECAP_MAC_HELKAD_SET WMI_HECAP_MAC_HELKAD_SET_D2 + #define WMI_HECAP_MAC_AACK_GET WMI_HECAP_MAC_AACK_GET_D2 + #define WMI_HECAP_MAC_AACK_SET WMI_HECAP_MAC_AACK_SET_D2 + #define WMI_HECAP_MAC_ULMURSP_GET WMI_HECAP_MAC_ULMURSP_GET_D2 + #define WMI_HECAP_MAC_ULMURSP_SET WMI_HECAP_MAC_ULMURSP_SET_D2 + #define WMI_HECAP_MAC_BSR_GET WMI_HECAP_MAC_BSR_GET_D2 + #define WMI_HECAP_MAC_BSR_SET WMI_HECAP_MAC_BSR_SET_D2 + #define WMI_HECAP_MAC_BCSTTWT_GET WMI_HECAP_MAC_BCSTTWT_GET_D2 + #define WMI_HECAP_MAC_BCSTTWT_SET WMI_HECAP_MAC_BCSTTWT_SET_D2 + #define WMI_HECAP_MAC_32BITBA_GET WMI_HECAP_MAC_32BITBA_GET_D2 + #define WMI_HECAP_MAC_32BITBA_SET WMI_HECAP_MAC_32BITBA_SET_D2 + #define WMI_HECAP_MAC_MUCASCADE_GET WMI_HECAP_MAC_MUCASCADE_GET_D2 + #define WMI_HECAP_MAC_MUCASCADE_SET WMI_HECAP_MAC_MUCASCADE_SET_D2 + #define WMI_HECAP_MAC_ACKMTIDAMPDU_GET WMI_HECAP_MAC_ACKMTIDAMPDU_GET_D2 + #define WMI_HECAP_MAC_ACKMTIDAMPDU_SET WMI_HECAP_MAC_ACKMTIDAMPDU_SET_D2 + #define WMI_HECAP_MAC_GROUPMSTABA_GET WMI_HECAP_MAC_GROUPMSTABA_GET_D2 + #define WMI_HECAP_MAC_GROUPMSTABA_SET WMI_HECAP_MAC_GROUPMSTABA_SET_D2 + #define WMI_HECAP_MAC_OMI_GET WMI_HECAP_MAC_OMI_GET_D2 + #define WMI_HECAP_MAC_OMI_SET WMI_HECAP_MAC_OMI_SET_D2 + #define WMI_HECAP_MAC_OFDMARA_GET WMI_HECAP_MAC_OFDMARA_GET_D2 + #define WMI_HECAP_MAC_OFDMARA_SET WMI_HECAP_MAC_OFDMARA_SET_D2 + #define WMI_HECAP_MAC_MAXAMPDULEN_EXP_GET WMI_HECAP_MAC_MAXAMPDULEN_EXP_GET_D2 + #define WMI_HECAP_MAC_MAXAMPDULEN_EXP_SET WMI_HECAP_MAC_MAXAMPDULEN_EXP_SET_D2 + #define WMI_HECAP_MAC_AMSDUFRAG_GET WMI_HECAP_MAC_AMSDUFRAG_GET_D2 + #define WMI_HECAP_MAC_AMSDUFRAG_SET WMI_HECAP_MAC_AMSDUFRAG_SET_D2 + #define WMI_HECAP_MAC_FLEXTWT_GET WMI_HECAP_MAC_FLEXTWT_GET_D2 + #define WMI_HECAP_MAC_FLEXTWT_SET WMI_HECAP_MAC_FLEXTWT_SET_D2 + #define WMI_HECAP_MAC_MBSS_GET WMI_HECAP_MAC_MBSS_GET_D2 + #define WMI_HECAP_MAC_MBSS_SET WMI_HECAP_MAC_MBSS_SET_D2 + #define WMI_HECAP_MAC_BSRPAMPDU_GET WMI_HECAP_MAC_BSRPAMPDU_GET_D2 + #define WMI_HECAP_MAC_BSRPAMPDU_SET WMI_HECAP_MAC_BSRPAMPDU_SET_D2 + #define WMI_HECAP_MAC_QTP_GET WMI_HECAP_MAC_QTP_GET_D2 + #define WMI_HECAP_MAC_QTP_SET WMI_HECAP_MAC_QTP_SET_D2 + #define WMI_HECAP_MAC_ABQR_GET WMI_HECAP_MAC_ABQR_GET_D2 + #define WMI_HECAP_MAC_ABQR_SET WMI_HECAP_MAC_ABQR_SET_D2 + #define WMI_HECAP_MAC_SRRESP_GET WMI_HECAP_MAC_SRRESP_GET_D2 + #define WMI_HECAP_MAC_SRRESP_SET WMI_HECAP_MAC_SRRESP_SET_D2 + #define WMI_HECAP_MAC_OPS_GET WMI_HECAP_MAC_OPS_GET_D2 + #define WMI_HECAP_MAC_OPS_SET WMI_HECAP_MAC_OPS_SET_D2 + #define WMI_HECAP_MAC_NDPFDBKRPT_GET WMI_HECAP_MAC_NDPFDBKRPT_GET_D2 + #define WMI_HECAP_MAC_NDPFDBKRPT_SET WMI_HECAP_MAC_NDPFDBKRPT_SET_D2 + #define WMI_HECAP_MAC_MBAHECTRL_GET WMI_HECAP_MAC_MBAHECTRL_GET_D2 + #define WMI_HECAP_MAC_MBAHECTRL_SET WMI_HECAP_MAC_MBAHECTRL_SET_D2 + #define WMI_HECAP_MAC_MURTS_GET WMI_HECAP_MAC_MURTS_GET_D2 + #define WMI_HECAP_MAC_MURTS_SET WMI_HECAP_MAC_MURTS_SET_D2 + #define WMI_HECAP_PHY_CBMODE_GET WMI_HECAP_PHY_CBMODE_GET_D2 + #define WMI_HECAP_PHY_CBMODE_SET WMI_HECAP_PHY_CBMODE_SET_D2 + #define WMI_HECAP_PHY_OLTF_GET WMI_HECAP_PHY_OLTF_GET_D2 + #define WMI_HECAP_PHY_OLTF_SET WMI_HECAP_PHY_OLTF_SET_D2 + #define WMI_HECAP_PHY_SUBFMESTS_GET WMI_HECAP_PHY_SUBFMESTS_GET_D2 + #define WMI_HECAP_PHY_SUBFMESTS_SET WMI_HECAP_PHY_SUBFMESTS_SET_D2 + #define WMI_HECAP_PHY_PADDING_GET WMI_HECAP_PHY_PADDING_GET_D2 + #define WMI_HECAP_PHY_PADDING_SET WMI_HECAP_PHY_PADDING_SET_D2 + #define WMI_HECAP_PHY_DLOFMAMUMIMO_GET WMI_HECAP_PHY_DLOFMAMUMIMO_GET_D2 + #define WMI_HECAP_PHY_DLOFDMAMUMIO_SET WMI_HECAP_PHY_DLOFDMAMUMIO_SET_D2 + #define WMI_HECAP_PHY_32GI_GET WMI_HECAP_PHY_32GI_GET_D2 + #define WMI_HECAP_PHY_32GI_SET WMI_HECAP_PHY_32GI_SET_D2 + #define WMI_HECAP_PHY_NOSUNDIMENS_GET WMI_HECAP_PHY_NOSUNDIMENS_GET_D2 + #define WMI_HECAP_PHY_NOSUNDIMENS_SET WMI_HECAP_PHY_NOSUNDIMENS_SET_D2 + #define WMI_HECAP_PHY_40MHZNSS_GET WMI_HECAP_PHY_40MHZNSS_GET_D2 + #define WMI_HECAP_PHY_40MHZNSS_SET WMI_HECAP_PHY_40MHZNSS_SET_D2 + #define WMI_HECAP_PHY_ULOFDMA_GET WMI_HECAP_PHY_ULOFDMA_GET_D2 + #define WMI_HECAP_PHY_ULOFDMA_SET WMI_HECAP_PHY_ULOFDMA_SET_D2 + #define WMI_HECAP_PHY_DCM_GET WMI_HECAP_PHY_DCM_GET_D2 + #define WMI_HECAP_PHY_DCM_SET WMI_HECAP_PHY_DCM_SET_D2 + #define WMI_HECAP_PHY_NSTSLT80MHZ_GET WMI_HECAP_PHY_NSTSLT80MHZ_GET_D2 + #define WMI_HECAP_PHY_NSTSLT80MHZ_SET WMI_HECAP_PHY_NSTSLT80MHZ_SET_D2 + #define WMI_HECAP_PHY_NSTSGT80MHZ_GET WMI_HECAP_PHY_NSTSGT80MHZ_GET_D2 + #define WMI_HECAP_PHY_NSTSGT80MHZ_SET WMI_HECAP_PHY_NSTSGT80MHZ_SET_D2 +#endif /* SUPPORT_11AX_D3 */ + + /* ADD NEW DEFS HERE */ diff --git a/drivers/staging/fw-api/fw/wmi_version.h b/drivers/staging/fw-api/fw/wmi_version.h index 1336842ac4db..b4d2f04fb35c 100755 --- a/drivers/staging/fw-api/fw/wmi_version.h +++ b/drivers/staging/fw-api/fw/wmi_version.h @@ -36,7 +36,7 @@ #define __WMI_VER_MINOR_ 0 /** WMI revision number has to be incremented when there is a * change that may or may not break compatibility. */ -#define __WMI_REVISION_ 558 +#define __WMI_REVISION_ 570 /** The Version Namespace should not be normally changed. Only * host and firmware of the same WMI namespace will work diff --git a/drivers/staging/qca-wifi-host-cmn/hif/src/hif_napi.c b/drivers/staging/qca-wifi-host-cmn/hif/src/hif_napi.c index e5cd495c58f6..4beee4c344ac 100644 --- a/drivers/staging/qca-wifi-host-cmn/hif/src/hif_napi.c +++ b/drivers/staging/qca-wifi-host-cmn/hif/src/hif_napi.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2015-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -1180,6 +1180,7 @@ static int hnc_cpu_notify_cb(struct notifier_block *nb, switch (action) { case CPU_ONLINE: + case CPU_ONLINE_FROZEN: napid->napi_cpu[cpu].state = QCA_NAPI_CPU_UP; NAPI_DEBUG("%s: CPU %ld marked %d", __func__, cpu, napid->napi_cpu[cpu].state); diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_idr.h b/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_idr.h new file mode 100644 index 000000000000..7ad63aca898e --- /dev/null +++ b/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_idr.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2018 The Linux Foundation. All rights reserved. + * + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER + * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/** + * DOC: qdf_idr(ID Allocation) + * QCA driver framework (QDF) ID allocation APIs + */ + +#if !defined(__QDF_IDR_H) +#define __QDF_IDR_H + +/* Include Files */ +#include <qdf_types.h> +#include <qdf_status.h> +#include <i_qdf_idr.h> + +/** + * qdf_idr - platform idr object + */ +typedef __qdf_idr qdf_idr; + +/** + * qdf_idr_create() - idr initialization function + * @idp: pointer to qdf idr + * + * Return: QDF status + */ +QDF_STATUS qdf_idr_create(qdf_idr *idp); + +/** + * qdf_idr_destroy() - idr deinitialization function + * @idp: pointer to qdf idr + * + * Return: QDF status + */ +QDF_STATUS qdf_idr_destroy(qdf_idr *idp); + +/** + * qdf_idr_alloc() - Allocates an unused ID + * @idp: pointer to qdf idr + * @ptr: pointer to be associated with the new ID + * @id: pointer to return new ID + * + * Return: QDF status + */ +QDF_STATUS qdf_idr_alloc(qdf_idr *idp, void *ptr, int32_t *id); + +/** + * qdf_idr_remove() - Removes this ID from the IDR. + * @idp: pointer to qdf idr + * @id: ID to be remove + * + * Return: QDF status + */ +QDF_STATUS qdf_idr_remove(qdf_idr *idp, int32_t id); + +/** + * qdf_idr_find() - find the user pointer from the IDR by id. + * @idp: pointer to qdf idr + * @id: ID to be remove + * @ptr: pointer to return user pointer for given ID + * + * Return: QDF status + */ +QDF_STATUS qdf_idr_find(qdf_idr *idp, int32_t id, void **ptr); + +#endif /* __QDF_IDR_H */ diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_mc_timer.h b/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_mc_timer.h index a83deeee142f..ee698a23ec59 100644 --- a/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_mc_timer.h +++ b/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_mc_timer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2014-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -81,6 +81,7 @@ typedef struct qdf_mc_timer_s { qdf_mutex_t lock; QDF_TIMER_TYPE type; QDF_TIMER_STATE state; + uint32_t cookie; } qdf_mc_timer_t; diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_nbuf.h b/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_nbuf.h index 5910229f12ee..0e09a1158734 100644 --- a/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_nbuf.h +++ b/drivers/staging/qca-wifi-host-cmn/qdf/inc/qdf_nbuf.h @@ -2372,17 +2372,6 @@ static inline void qdf_nbuf_reset_ctxt(__qdf_nbuf_t nbuf) __qdf_nbuf_reset_ctxt(nbuf); } -static inline void -qdf_nbuf_set_rx_info(__qdf_nbuf_t nbuf, void *info, uint32_t len) -{ - __qdf_nbuf_set_rx_info(nbuf, info, len); -} - -static inline void *qdf_nbuf_get_rx_info(__qdf_nbuf_t nbuf) -{ - return __qdf_nbuf_get_rx_info(nbuf); -} - static inline void qdf_nbuf_init(qdf_nbuf_t buf) { __qdf_nbuf_init(buf); diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_idr.h b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_idr.h new file mode 100644 index 000000000000..57b56c031104 --- /dev/null +++ b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_idr.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2018 The Linux Foundation. All rights reserved. + * + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER + * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/** + * DOC: i_qdf_idr.h (ID Allocation) + * Linux-specific definitions for QDF ID Allocation API's + */ + +#if !defined(__I_QDF_IDR_H) +#define __I_QDF_IDR_H + +#include <linux/idr.h> +#include <qdf_lock.h> + +/** + * struct __qdf_idr_s + * @lock: qdf spinlock + * @idr: idr handler + */ +struct __qdf_idr_s { + qdf_spinlock_t lock; + struct idr idr; +}; + +typedef struct __qdf_idr_s __qdf_idr; + +#endif /* __I_QDF_IDR_H */ diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_nbuf.h b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_nbuf.h index c779397130ad..f37005ff4f20 100644 --- a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_nbuf.h +++ b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_nbuf.h @@ -1510,42 +1510,6 @@ static inline void __qdf_nbuf_init(__qdf_nbuf_t nbuf) skb_reset_tail_pointer(nbuf); } -/** - * __qdf_nbuf_set_rx_info() - set rx info - * @nbuf: sk buffer - * @info: rx info - * @len: length - * - * Return: none - */ -static inline void -__qdf_nbuf_set_rx_info(__qdf_nbuf_t nbuf, void *info, uint32_t len) -{ - /* Customer may have skb->cb size increased, e.g. to 96 bytes, - * then len's large enough to save the rs status info struct - */ - uint8_t offset = sizeof(struct qdf_nbuf_cb); - uint32_t max = sizeof(((struct sk_buff *)0)->cb)-offset; - - len = (len > max ? max : len); - - memcpy(((uint8_t *)(nbuf->cb) + offset), info, len); -} - -/** - * __qdf_nbuf_get_rx_info() - get rx info - * @nbuf: sk buffer - * - * Return: rx_info - */ -static inline void * -__qdf_nbuf_get_rx_info(__qdf_nbuf_t nbuf) -{ - uint8_t offset = sizeof(struct qdf_nbuf_cb); - - return (void *)((uint8_t *)(nbuf->cb) + offset); -} - /* * __qdf_nbuf_get_cb() - returns a pointer to skb->cb * @nbuf: sk buff diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_idr.c b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_idr.c new file mode 100644 index 000000000000..b6341e2cb72f --- /dev/null +++ b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_idr.c @@ -0,0 +1,143 @@ +/* + * Copyright (c) 2018 The Linux Foundation. All rights reserved. + * + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER + * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/** + * DOC: qdf_idr + * This file provides the ability to map an ID to a pointer + */ + +/* Include files */ +#include <qdf_idr.h> +#include <qdf_module.h> + +#define QDF_IDR_START 0x100 +#define QDF_IDR_END 0 + +static int qdf_idr_gpf_flag(void) +{ + if (in_interrupt() || irqs_disabled() || in_atomic()) + return GFP_ATOMIC; + + return GFP_KERNEL; +} + +#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 9, 0) +/** + * __qdf_idr_alloc() - Allocates an unused ID + * @idp: pointer to qdf idr + * @ptr: pointer to be associated with the new ID + * @start: the minimum ID + * @end: the maximum ID + * + * Return: new ID + */ +static inline int32_t +__qdf_idr_alloc(qdf_idr *idp, void *ptr, int32_t start, int32_t end) +{ + int32_t id = 0; + + idr_get_new(&idp->idr, ptr, &id); + + return id; +} +#else +static inline int32_t +__qdf_idr_alloc(qdf_idr *idp, void *ptr, int32_t start, int32_t end) +{ + return idr_alloc(&idp->idr, ptr, start, end, qdf_idr_gpf_flag()); +} +#endif + +QDF_STATUS qdf_idr_create(qdf_idr *idp) +{ + if (!idp) + return QDF_STATUS_E_INVAL; + + qdf_spinlock_create(&idp->lock); + + idr_init(&idp->idr); + + return QDF_STATUS_SUCCESS; +} + +qdf_export_symbol(qdf_idr_create); + +QDF_STATUS qdf_idr_destroy(qdf_idr *idp) +{ + if (!idp) + return QDF_STATUS_E_INVAL; + + qdf_spinlock_destroy(&idp->lock); + idr_destroy(&idp->idr); + + return QDF_STATUS_SUCCESS; +} + +qdf_export_symbol(qdf_idr_destroy); + +QDF_STATUS qdf_idr_alloc(qdf_idr *idp, void *ptr, int32_t *id) +{ + int local_id; + + if (!idp || !ptr) + return QDF_STATUS_E_INVAL; + + qdf_spinlock_acquire(&idp->lock); + local_id = __qdf_idr_alloc(idp, ptr, QDF_IDR_START, QDF_IDR_END); + qdf_spinlock_release(&idp->lock); + if (local_id < QDF_IDR_START) + return QDF_STATUS_E_FAILURE; + + *id = local_id; + + return QDF_STATUS_SUCCESS; +} + +qdf_export_symbol(qdf_idr_alloc); + +QDF_STATUS qdf_idr_remove(qdf_idr *idp, int32_t id) +{ + if (!idp || id < QDF_IDR_START) + return QDF_STATUS_E_INVAL; + + qdf_spinlock_acquire(&idp->lock); + if (idr_find(&idp->idr, id)) + idr_remove(&idp->idr, id); + qdf_spinlock_release(&idp->lock); + + return QDF_STATUS_SUCCESS; +} + +qdf_export_symbol(qdf_idr_remove); + +QDF_STATUS qdf_idr_find(qdf_idr *idp, int32_t id, void **ptr) +{ + if (!ptr || (id < QDF_IDR_START)) + return QDF_STATUS_E_INVAL; + + qdf_spinlock_acquire(&idp->lock); + *ptr = idr_find(&idp->idr, id); + qdf_spinlock_release(&idp->lock); + if (!(*ptr)) + return QDF_STATUS_E_INVAL; + else + return QDF_STATUS_SUCCESS; +} + +qdf_export_symbol(qdf_idr_find); + diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_mc_timer.c b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_mc_timer.c index 1543c4d2ac86..b434c3a24b9b 100644 --- a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_mc_timer.c +++ b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_mc_timer.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2014-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -40,6 +40,7 @@ #include <linux/export.h> #ifdef CONFIG_MCL #include <cds_mc_timer.h> +#include <cds_sched.h> #endif /* Preprocessor definitions and constants */ @@ -53,6 +54,9 @@ static unsigned int persistent_timer_count; static qdf_mutex_t persistent_timer_count_lock; +static qdf_spinlock_t qdf_mc_timer_cookie_lock; +static uint32_t g_qdf_mc_timer_cookie; + /* Function declarations and documenation */ /** @@ -119,6 +123,7 @@ void qdf_timer_module_init(void) QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_INFO_HIGH, "Initializing the QDF MC timer module"); qdf_mutex_create(&persistent_timer_count_lock); + qdf_spinlock_create(&qdf_mc_timer_cookie_lock); } qdf_export_symbol(qdf_timer_module_init); @@ -597,10 +602,25 @@ QDF_STATUS qdf_mc_timer_start(qdf_mc_timer_t *timer, uint32_t expiration_time) qdf_spin_unlock_irqrestore(&timer->platform_info.spinlock); + qdf_spin_lock_irqsave(&qdf_mc_timer_cookie_lock); + timer->cookie = g_qdf_mc_timer_cookie++; + qdf_spin_unlock_irqrestore(&qdf_mc_timer_cookie_lock); + return QDF_STATUS_SUCCESS; } qdf_export_symbol(qdf_mc_timer_start); +#ifdef CONFIG_MCL +static void qdf_remove_timer_from_sys_msg(uint32_t timer_cookie) +{ + cds_remove_timer_from_sys_msg(timer_cookie); +} +#else +static inline void qdf_remove_timer_from_sys_msg(uint32_t timer_cookie) +{ +} +#endif + /** * qdf_mc_timer_stop() - stop a QDF timer * @timer: Pointer to timer object @@ -641,6 +661,8 @@ QDF_STATUS qdf_mc_timer_stop(qdf_mc_timer_t *timer) QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_INFO_HIGH, "%s: Cannot stop timer in state = %d", __func__, timer->state); + qdf_remove_timer_from_sys_msg(timer->cookie); + return QDF_STATUS_SUCCESS; } @@ -712,6 +734,7 @@ void qdf_timer_module_deinit(void) QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_INFO_HIGH, "De-Initializing the QDF MC timer module"); qdf_mutex_destroy(&persistent_timer_count_lock); + qdf_spinlock_destroy(&qdf_mc_timer_cookie_lock); } qdf_export_symbol(qdf_timer_module_deinit); diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_trace.c b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_trace.c index 53799d42b2c8..e1169ef2d1ca 100644 --- a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_trace.c +++ b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/qdf_trace.c @@ -417,7 +417,7 @@ void qdf_trace_hex_dump(QDF_MODULE_ID module, QDF_TRACE_LEVEL level, { const u8 *ptr = data; int i, linelen, remaining = buf_len; - unsigned char linebuf[BUFFER_SIZE]; + unsigned char linebuf[BUFFER_SIZE] = {0}; if (!(g_qdf_trace_info[module].module_trace_level & QDF_TRACE_LEVEL_TO_MODULE_BITMASK(level))) diff --git a/drivers/staging/qca-wifi-host-cmn/wmi/src/wmi_unified_tlv.c b/drivers/staging/qca-wifi-host-cmn/wmi/src/wmi_unified_tlv.c index 68b11c1708f8..f38e00d2c1e1 100644 --- a/drivers/staging/qca-wifi-host-cmn/wmi/src/wmi_unified_tlv.c +++ b/drivers/staging/qca-wifi-host-cmn/wmi/src/wmi_unified_tlv.c @@ -9086,7 +9086,7 @@ QDF_STATUS send_stats_ext_req_cmd_tlv(wmi_unified_t wmi_handle, QDF_STATUS ret; wmi_req_stats_ext_cmd_fixed_param *cmd; wmi_buf_t buf; - uint16_t len; + size_t len; uint8_t *buf_ptr; len = sizeof(*cmd) + WMI_TLV_HDR_SIZE + preq->request_data_len; @@ -9387,6 +9387,18 @@ QDF_STATUS send_nan_req_cmd_tlv(wmi_unified_t wmi_handle, nan_data_len = nan_req->request_data_len; nan_data_len_aligned = roundup(nan_req->request_data_len, sizeof(uint32_t)); + if (nan_data_len_aligned < nan_req->request_data_len) { + WMI_LOGE("%s: integer overflow while rounding up data_len", + __func__); + return QDF_STATUS_E_FAILURE; + } + + if (nan_data_len_aligned > WMI_SVC_MSG_MAX_SIZE - WMI_TLV_HDR_SIZE) { + WMI_LOGE("%s: wmi_max_msg_size overflow for given datalen", + __func__); + return QDF_STATUS_E_FAILURE; + } + len += WMI_TLV_HDR_SIZE + nan_data_len_aligned; buf = wmi_buf_alloc(wmi_handle, len); if (!buf) { diff --git a/drivers/staging/qcacld-3.0/Kbuild b/drivers/staging/qcacld-3.0/Kbuild index 206983d36990..ca76a2c26915 100644 --- a/drivers/staging/qcacld-3.0/Kbuild +++ b/drivers/staging/qcacld-3.0/Kbuild @@ -766,6 +766,7 @@ QDF_INC := -I$(WLAN_COMMON_INC)/$(QDF_OS_INC_DIR) \ QDF_OBJS := $(QDF_OBJ_DIR)/qdf_defer.o \ $(QDF_OBJ_DIR)/qdf_event.o \ + $(QDF_OBJ_DIR)/qdf_idr.o \ $(QDF_OBJ_DIR)/qdf_list.o \ $(QDF_OBJ_DIR)/qdf_lock.o \ $(QDF_OBJ_DIR)/qdf_mc_timer.o \ diff --git a/drivers/staging/qcacld-3.0/core/cds/inc/cds_api.h b/drivers/staging/qcacld-3.0/core/cds/inc/cds_api.h index 2cbf029e2723..fc0d4994c1e4 100644 --- a/drivers/staging/qcacld-3.0/core/cds/inc/cds_api.h +++ b/drivers/staging/qcacld-3.0/core/cds/inc/cds_api.h @@ -83,11 +83,9 @@ enum cds_driver_state { /** * enum cds_fw_state - Firmware state * @CDS_FW_STATE_UNINITIALIZED: Firmware is in uninitialized state. - * CDS_FW_STATE_DOWN: Firmware is down. */ enum cds_fw_state { CDS_FW_STATE_UNINITIALIZED = 0, - CDS_FW_STATE_DOWN, }; #define __CDS_IS_FW_STATE(_state, _mask) (((_state) & (_mask)) == (_mask)) @@ -256,9 +254,7 @@ static inline int cds_is_module_state_transitioning(void) */ static inline bool cds_is_fw_down(void) { - enum cds_fw_state state = cds_get_fw_state(); - - return __CDS_IS_FW_STATE(state, BIT(CDS_FW_STATE_DOWN)); + return pld_is_fw_down(); } /** diff --git a/drivers/staging/qcacld-3.0/core/cds/inc/cds_sched.h b/drivers/staging/qcacld-3.0/core/cds/inc/cds_sched.h index 30fe9521a1f9..7e28c20234b7 100644 --- a/drivers/staging/qcacld-3.0/core/cds/inc/cds_sched.h +++ b/drivers/staging/qcacld-3.0/core/cds/inc/cds_sched.h @@ -615,4 +615,16 @@ void cds_shutdown_notifier_purge(void); * shutdown. */ void cds_shutdown_notifier_call(void); + +/** + * cds_remove_timer_from_sys_msg() - Flush timer message from sys msg queue + * @timer_cookie: Unique cookie of the timer message to be flushed + * + * Find the timer message in the sys msg queue for the unique cookie + * and flush the message from the queue. + * + * Return: None + */ +void cds_remove_timer_from_sys_msg(uint32_t timer_cookie); + #endif /* #if !defined __CDS_SCHED_H */ diff --git a/drivers/staging/qcacld-3.0/core/cds/src/cds_concurrency.c b/drivers/staging/qcacld-3.0/core/cds/src/cds_concurrency.c index 51562db4dbbf..3b7e0bb33798 100644 --- a/drivers/staging/qcacld-3.0/core/cds/src/cds_concurrency.c +++ b/drivers/staging/qcacld-3.0/core/cds/src/cds_concurrency.c @@ -2930,7 +2930,7 @@ bool cds_is_connection_in_progress(uint8_t *session_id, sme_neighbor_middle_of_roaming( WLAN_HDD_GET_HAL_CTX(adapter), adapter->sessionId)) || - hdd_is_roaming_in_progress(adapter)) { + hdd_is_roaming_in_progress(hdd_ctx)) { cds_debug("%pK(%d) Reassociation in progress", WLAN_HDD_GET_STATION_CTX_PTR(adapter), adapter->sessionId); @@ -5595,6 +5595,10 @@ QDF_STATUS cds_get_pcl(enum cds_con_mode mode, cds_err("HDD context is NULL"); return status; } + if ((mode < 0) || (mode >= CDS_MAX_NUM_OF_MODE)) { + cds_err("Incorrect concurrency mode:%d recieved", mode); + return status; + } if (mode >= CDS_MAX_NUM_OF_MODE) { cds_err("requested mode:%d is not supported", mode); diff --git a/drivers/staging/qcacld-3.0/core/cds/src/cds_mc_timer.c b/drivers/staging/qcacld-3.0/core/cds/src/cds_mc_timer.c index c684471da955..4ff88a61eb38 100644 --- a/drivers/staging/qcacld-3.0/core/cds/src/cds_mc_timer.c +++ b/drivers/staging/qcacld-3.0/core/cds/src/cds_mc_timer.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2014-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -124,7 +124,7 @@ void cds_linux_timer_callback(unsigned long data) sys_build_message_header(SYS_MSG_ID_MC_TIMER, &msg); msg.callback = callback; msg.bodyptr = user_data; - msg.bodyval = 0; + msg.bodyval = timer->cookie; if (cds_mq_post_message(QDF_MODULE_ID_SYS, &msg) == QDF_STATUS_SUCCESS) return; diff --git a/drivers/staging/qcacld-3.0/core/cds/src/cds_sched.c b/drivers/staging/qcacld-3.0/core/cds/src/cds_sched.c index 3f9cbeb6c44b..2348f86245df 100644 --- a/drivers/staging/qcacld-3.0/core/cds/src/cds_sched.c +++ b/drivers/staging/qcacld-3.0/core/cds/src/cds_sched.c @@ -1218,6 +1218,49 @@ static int cds_ol_rx_thread(void *arg) } #endif +void cds_remove_timer_from_sys_msg(uint32_t timer_cookie) +{ + p_cds_msg_wrapper msg_wrapper = NULL; + struct list_head *pos, *q; + unsigned long flags; + p_cds_mq_type sys_msgq; + + if (!gp_cds_sched_context) { + cds_err("gp_cds_sched_context is null"); + return; + } + + if (!gp_cds_sched_context->McThread) { + cds_err("Cannot post message because MC thread is stopped"); + return; + } + + sys_msgq = &gp_cds_sched_context->sysMcMq; + /* No msg present in sys queue */ + if (cds_is_mq_empty(sys_msgq)) + return; + + spin_lock_irqsave(&sys_msgq->mqLock, flags); + list_for_each_safe(pos, q, &sys_msgq->mqList) { + msg_wrapper = list_entry(pos, cds_msg_wrapper, msgNode); + + if ((msg_wrapper->pVosMsg->type == SYS_MSG_ID_MC_TIMER) && + (msg_wrapper->pVosMsg->bodyval == timer_cookie)) { + /* return message to the Core */ + list_del(pos); + spin_unlock_irqrestore(&sys_msgq->mqLock, flags); + QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_DEBUG, + "%s: removing timer message with cookie %d", + __func__, timer_cookie); + cds_core_return_msg(gp_cds_sched_context->pVContext, + msg_wrapper); + return; + } + + } + spin_unlock_irqrestore(&sys_msgq->mqLock, flags); +} + /** * cds_sched_close() - close the cds scheduler * @p_cds_context: Pointer to the global CDS Context diff --git a/drivers/staging/qcacld-3.0/core/dp/htt/htt_t2h.c b/drivers/staging/qcacld-3.0/core/dp/htt/htt_t2h.c index 1b53e285a833..ebab0433581b 100644 --- a/drivers/staging/qcacld-3.0/core/dp/htt/htt_t2h.c +++ b/drivers/staging/qcacld-3.0/core/dp/htt/htt_t2h.c @@ -276,33 +276,12 @@ static void htt_t2h_lp_msg_handler(void *context, qdf_nbuf_t htt_t2h_msg, } case HTT_T2H_MSG_TYPE_RX_ADDBA: { - uint16_t peer_id; - uint8_t tid; - uint8_t win_sz; - uint16_t start_seq_num; - - /* - * FOR NOW, the host doesn't need to know the initial - * sequence number for rx aggregation. - * Thus, any value will do - specify 0. - */ - start_seq_num = 0; - peer_id = HTT_RX_ADDBA_PEER_ID_GET(*msg_word); - tid = HTT_RX_ADDBA_TID_GET(*msg_word); - win_sz = HTT_RX_ADDBA_WIN_SIZE_GET(*msg_word); - ol_rx_addba_handler(pdev->txrx_pdev, peer_id, tid, - win_sz, start_seq_num, - 0 /* success */); + qdf_print("HTT_T2H_MSG_TYPE_RX_ADDBA not supported "); break; } case HTT_T2H_MSG_TYPE_RX_DELBA: { - uint16_t peer_id; - uint8_t tid; - - peer_id = HTT_RX_DELBA_PEER_ID_GET(*msg_word); - tid = HTT_RX_DELBA_TID_GET(*msg_word); - ol_rx_delba_handler(pdev->txrx_pdev, peer_id, tid); + qdf_print("HTT_T2H_MSG_TYPE_RX_DELBA not supported "); break; } case HTT_T2H_MSG_TYPE_PEER_MAP: @@ -699,6 +678,8 @@ void htt_t2h_msg_handler(void *context, HTC_PACKET *pkt) { unsigned int num_mpdu_ranges; unsigned int num_msdu_bytes; + unsigned int calculated_msg_len; + unsigned int rx_mpdu_range_offset_bytes; uint16_t peer_id; uint8_t tid; int msg_len = qdf_nbuf_len(htt_t2h_msg); @@ -730,18 +711,46 @@ void htt_t2h_msg_handler(void *context, HTC_PACKET *pkt) * 1 word for every 4 MSDU bytes (round up), * 1 word for the MPDU range header */ + rx_mpdu_range_offset_bytes = + (HTT_RX_IND_HDR_BYTES + num_msdu_bytes + 3); + if (qdf_unlikely(num_msdu_bytes > + rx_mpdu_range_offset_bytes)) { + qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid num_msdu_bytes %u\n", + num_msdu_bytes); + WARN_ON(1); + break; + } pdev->rx_mpdu_range_offset_words = - (HTT_RX_IND_HDR_BYTES + num_msdu_bytes + 3) >> 2; + rx_mpdu_range_offset_bytes >> 2; num_mpdu_ranges = HTT_RX_IND_NUM_MPDU_RANGES_GET(*(msg_word + 1)); pdev->rx_ind_msdu_byte_idx = 0; - if (qdf_unlikely(pdev->rx_mpdu_range_offset_words + (num_mpdu_ranges * 4) > msg_len)) { - qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid mpdu_ranges %d\n", - num_mpdu_ranges); + if (qdf_unlikely(rx_mpdu_range_offset_bytes > + msg_len)) { + qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid rx_mpdu_range_offset_words %d\n", + pdev->rx_mpdu_range_offset_words); + WARN_ON(1); + break; + } + calculated_msg_len = rx_mpdu_range_offset_bytes + + (num_mpdu_ranges * (int)sizeof(uint32_t)); + /* + * Check that the addition and multiplication + * do not cause integer overflow + */ + if (qdf_unlikely(calculated_msg_len < + rx_mpdu_range_offset_bytes)) { + qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid num_mpdu_ranges %u\n", + (num_mpdu_ranges * (int)sizeof(uint32_t))); + WARN_ON(1); + break; + } + if (qdf_unlikely(calculated_msg_len > msg_len)) { + qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid offset_words + mpdu_ranges %u\n", + calculated_msg_len); WARN_ON(1); break; } - ol_rx_indication_handler(pdev->txrx_pdev, htt_t2h_msg, peer_id, tid, num_mpdu_ranges); @@ -988,6 +997,7 @@ void htt_t2h_msg_handler_fast(void *context, qdf_nbuf_t *cmpl_msdus, unsigned int num_mpdu_ranges; unsigned int num_msdu_bytes; unsigned int calculated_msg_len; + unsigned int rx_mpdu_range_offset_bytes; u_int16_t peer_id; u_int8_t tid; msg_len = qdf_nbuf_len(htt_t2h_msg); @@ -1012,21 +1022,29 @@ void htt_t2h_msg_handler_fast(void *context, qdf_nbuf_t *cmpl_msdus, * 1 word for every 4 MSDU bytes (round up), * 1 word for the MPDU range header */ + rx_mpdu_range_offset_bytes = + (HTT_RX_IND_HDR_BYTES + num_msdu_bytes + 3); + if (qdf_unlikely(num_msdu_bytes > + rx_mpdu_range_offset_bytes)) { + qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid num_msdu_bytes %u\n", + num_msdu_bytes); + WARN_ON(1); + break; + } pdev->rx_mpdu_range_offset_words = - (HTT_RX_IND_HDR_BYTES + num_msdu_bytes + 3) >> - 2; + rx_mpdu_range_offset_bytes >> 2; num_mpdu_ranges = HTT_RX_IND_NUM_MPDU_RANGES_GET(*(msg_word + 1)); pdev->rx_ind_msdu_byte_idx = 0; - if (qdf_unlikely(pdev->rx_mpdu_range_offset_words > + if (qdf_unlikely(rx_mpdu_range_offset_bytes > msg_len)) { qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid rx_mpdu_range_offset_words %d\n", pdev->rx_mpdu_range_offset_words); WARN_ON(1); break; } - calculated_msg_len = pdev->rx_mpdu_range_offset_words + + calculated_msg_len = rx_mpdu_range_offset_bytes + (num_mpdu_ranges * (int)sizeof(uint32_t)); /* @@ -1034,8 +1052,8 @@ void htt_t2h_msg_handler_fast(void *context, qdf_nbuf_t *cmpl_msdus, * do not cause integer overflow */ if (qdf_unlikely(calculated_msg_len < - pdev->rx_mpdu_range_offset_words)) { - qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid mpdu_ranges %u\n", + rx_mpdu_range_offset_bytes)) { + qdf_print("HTT_T2H_MSG_TYPE_RX_IND, invalid num_mpdu_ranges %u\n", (num_mpdu_ranges * (int)sizeof(uint32_t))); WARN_ON(1); diff --git a/drivers/staging/qcacld-3.0/core/dp/ol/inc/ol_txrx_htt_api.h b/drivers/staging/qcacld-3.0/core/dp/ol/inc/ol_txrx_htt_api.h index a4566eb46412..78e4387b8018 100644 --- a/drivers/staging/qcacld-3.0/core/dp/ol/inc/ol_txrx_htt_api.h +++ b/drivers/staging/qcacld-3.0/core/dp/ol/inc/ol_txrx_htt_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -502,47 +502,6 @@ ol_rx_sec_ind_handler(ol_txrx_pdev_handle pdev, enum htt_sec_type sec_type, int is_unicast, uint32_t *michael_key, uint32_t *rx_pn); -/** - * @brief Process an ADDBA message sent by the target. - * @details - * When the target notifies the host of an ADDBA event for a specified - * peer-TID, the host will set up the rx reordering state for the peer-TID. - * Specifically, the host will create a rx reordering array whose length - * is based on the window size specified in the ADDBA. - * - * @param pdev - data physical device handle - * (registered with HTT as a context pointer during attach time) - * @param peer_id - which peer the ADDBA event is for - * @param tid - which traffic ID within the peer the ADDBA event is for - * @param win_sz - how many sequence numbers are in the ARQ block ack window - * set up by the ADDBA event - * @param start_seq_num - the initial value of the sequence number during the - * block ack agreement, as specified by the ADDBA request. - * @param failed - indicate whether the target's ADDBA setup succeeded: - * 0 -> success, 1 -> fail - */ -void -ol_rx_addba_handler(ol_txrx_pdev_handle pdev, - uint16_t peer_id, - uint8_t tid, - uint8_t win_sz, uint16_t start_seq_num, uint8_t failed); - -/** - * @brief Process a DELBA message sent by the target. - * @details - * When the target notifies the host of a DELBA event for a specified - * peer-TID, the host will clean up the rx reordering state for the peer-TID. - * Specifically, the host will remove the rx reordering array, and will - * set the reorder window size to be 1 (stop and go ARQ). - * - * @param pdev - data physical device handle - * (registered with HTT as a context pointer during attach time) - * @param peer_id - which peer the ADDBA event is for - * @param tid - which traffic ID within the peer the ADDBA event is for - */ -void -ol_rx_delba_handler(ol_txrx_pdev_handle pdev, uint16_t peer_id, uint8_t tid); - enum htt_rx_flush_action { htt_rx_flush_release, htt_rx_flush_discard, diff --git a/drivers/staging/qcacld-3.0/core/dp/txrx/ol_rx_reorder.c b/drivers/staging/qcacld-3.0/core/dp/txrx/ol_rx_reorder.c index 68f9c70ecfc2..90d7ed8a833f 100644 --- a/drivers/staging/qcacld-3.0/core/dp/txrx/ol_rx_reorder.c +++ b/drivers/staging/qcacld-3.0/core/dp/txrx/ol_rx_reorder.c @@ -47,24 +47,12 @@ #include <ol_rx_defrag.h> /*=== data types and defines ===*/ -#define OL_RX_REORDER_ROUND_PWR2(value) g_log2ceil[value] + +/*---*/ /*=== global variables ===*/ -static char g_log2ceil[] = { - 1, /* 0 -> 1 */ - 1, /* 1 -> 1 */ - 2, /* 2 -> 2 */ - 4, 4, /* 3-4 -> 4 */ - 8, 8, 8, 8, /* 5-8 -> 8 */ - 16, 16, 16, 16, 16, 16, 16, 16, /* 9-16 -> 16 */ - 32, 32, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 32, 32, /* 17-32 -> 32 */ - 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 64, /* 33-64 -> 64 */ -}; +/*---*/ /*=== function definitions ===*/ @@ -528,91 +516,6 @@ ol_rx_reorder_peer_cleanup(struct ol_txrx_vdev_t *vdev, /* functions called by HTT */ void -ol_rx_addba_handler(ol_txrx_pdev_handle pdev, - uint16_t peer_id, - uint8_t tid, - uint8_t win_sz, uint16_t start_seq_num, uint8_t failed) -{ - uint8_t round_pwr2_win_sz; - unsigned int array_size; - struct ol_txrx_peer_t *peer; - struct ol_rx_reorder_t *rx_reorder; - - if (tid >= OL_TXRX_NUM_EXT_TIDS) { - ol_txrx_err("%s: invalid tid, %u\n", __FUNCTION__, tid); - WARN_ON(1); - return; - } - - peer = ol_txrx_peer_find_by_id(pdev, peer_id); - if (peer == NULL) - return; - - if (pdev->cfg.host_addba) { - ol_ctrl_rx_addba_complete(pdev->ctrl_pdev, - &peer->mac_addr.raw[0], tid, failed); - } - if (failed) - return; - - peer->tids_last_seq[tid] = IEEE80211_SEQ_MAX; /* invalid */ - rx_reorder = &peer->tids_rx_reorder[tid]; - - TXRX_ASSERT2(win_sz <= 64); - rx_reorder->win_sz = win_sz; - round_pwr2_win_sz = OL_RX_REORDER_ROUND_PWR2(win_sz); - array_size = - round_pwr2_win_sz * sizeof(struct ol_rx_reorder_array_elem_t); - rx_reorder->array = qdf_mem_malloc(array_size); - TXRX_ASSERT1(rx_reorder->array); - - rx_reorder->win_sz_mask = round_pwr2_win_sz - 1; - rx_reorder->num_mpdus = 0; - - peer->tids_next_rel_idx[tid] = - OL_RX_REORDER_IDX_INIT(start_seq_num, rx_reorder->win_sz, - rx_reorder->win_sz_mask); -} - -void -ol_rx_delba_handler(ol_txrx_pdev_handle pdev, uint16_t peer_id, uint8_t tid) -{ - struct ol_txrx_peer_t *peer; - struct ol_rx_reorder_t *rx_reorder; - - if (tid >= OL_TXRX_NUM_EXT_TIDS) { - ol_txrx_err("%s: invalid tid, %u\n", __FUNCTION__, tid); - WARN_ON(1); - return; - } - - peer = ol_txrx_peer_find_by_id(pdev, peer_id); - if (peer == NULL) - return; - - peer->tids_next_rel_idx[tid] = INVALID_REORDER_INDEX; - rx_reorder = &peer->tids_rx_reorder[tid]; - - /* check that there really was a block ack agreement */ - TXRX_ASSERT1(rx_reorder->win_sz_mask != 0); - /* - * Deallocate the old rx reorder array. - * The call to ol_rx_reorder_init below - * will reset rx_reorder->array to point to - * the single-element statically-allocated reorder array - * used for non block-ack cases. - */ - if (rx_reorder->array != &rx_reorder->base) { - ol_txrx_dbg("%s, delete reorder array, tid:%d\n", - __func__, tid); - qdf_mem_free(rx_reorder->array); - } - - /* set up the TID with default parameters (ARQ window size = 1) */ - ol_rx_reorder_init(rx_reorder, tid); -} - -void ol_rx_flush_handler(ol_txrx_pdev_handle pdev, uint16_t peer_id, uint8_t tid, diff --git a/drivers/staging/qcacld-3.0/core/dp/txrx/ol_txrx_types.h b/drivers/staging/qcacld-3.0/core/dp/txrx/ol_txrx_types.h index b565b2d0158f..12c6e0955fde 100644 --- a/drivers/staging/qcacld-3.0/core/dp/txrx/ol_txrx_types.h +++ b/drivers/staging/qcacld-3.0/core/dp/txrx/ol_txrx_types.h @@ -381,9 +381,10 @@ struct ol_tx_sched_t; #ifndef OL_TXRX_NUM_LOCAL_PEER_IDS /* * Each AP will occupy one ID, so it will occupy two IDs for AP-AP mode. - * And the remainder IDs will be assigned to other 32 clients. + * Clients will be assigned max 32 IDs. + * STA(associated)/P2P DEV (self-PEER) will get one ID. */ -#define OL_TXRX_NUM_LOCAL_PEER_IDS (2 + 32) +#define OL_TXRX_NUM_LOCAL_PEER_IDS (32 + 1 + 1 + 1) #endif #ifndef ol_txrx_local_peer_id_t diff --git a/drivers/staging/qcacld-3.0/core/hdd/inc/qc_sap_ioctl.h b/drivers/staging/qcacld-3.0/core/hdd/inc/qc_sap_ioctl.h index cb4cc4cf42e5..0115036aab8c 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/inc/qc_sap_ioctl.h +++ b/drivers/staging/qcacld-3.0/core/hdd/inc/qc_sap_ioctl.h @@ -44,11 +44,6 @@ typedef uint8_t qcmacaddr[QCSAP_ADDR_LEN]; -struct qc_mac_acl_entry { - qcmacaddr addr; - int vlan_id; -}; - /* * Retrieve the WPA/RSN information element for an associated station. */ diff --git a/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_cfg.h b/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_cfg.h index 643693a17b55..0183d725005f 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_cfg.h +++ b/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_cfg.h @@ -8413,6 +8413,97 @@ enum hdd_link_speed_rpt_type { #define CFG_STA_MIRACAST_MCC_REST_TIME_VAL_MAX (500) #define CFG_STA_MIRACAST_MCC_REST_TIME_VAL_DEFAULT (400) +/* + * <ini> + * sta_scan_burst_duration - Burst duration in case of split scan. + * @Min: 0 + * @Max: 180 + * @Default: 0 + * + * This ini is used to set burst duration of scan only when STA is active. + * + * Related: None. + * + * Supported Feature: Concurrency + * + * Usage: External + * + * </ini> + */ +#define CFG_STA_SCAN_BURST_DURATION_VAL "sta_scan_burst_duration" +#define CFG_STA_SCAN_BURST_DURATION_VAL_MIN (0) +#define CFG_STA_SCAN_BURST_DURATION_VAL_MAX (180) +#define CFG_STA_SCAN_BURST_DURATION_VAL_DEFAULT (0) + +/* + * <ini> + * p2p_scan_burst_duration - Burst duration in case of split scan for p2p scan. + * @Min: 0 + * @Max: 180 + * @Default: 0 + * + * This ini is used to set burst duration of scan for p2p scan requests. + * + * Related: None. + * + * Supported Feature: Concurrency + * + * Usage: External + * + * </ini> + */ +#define CFG_P2P_SCAN_BURST_DURATION_VAL "p2p_scan_burst_duration" +#define CFG_P2P_SCAN_BURST_DURATION_VAL_MIN (0) +#define CFG_P2P_SCAN_BURST_DURATION_VAL_MAX (180) +#define CFG_P2P_SCAN_BURST_DURATION_VAL_DEFAULT (0) + +/* + * <ini> + * go_scan_burst_duration - Burst duration in case of split scan when GO is + * active. + * @Min: 0 + * @Max: 180 + * @Default: 0 + * + * This ini is used to set burst duration of scan when GO is active. + * + * Related: None. + * + * Supported Feature: Concurrency + * + * Usage: External + * + * </ini> + */ +#define CFG_GO_SCAN_BURST_DURATION_VAL "go_scan_burst_duration" +#define CFG_GO_SCAN_BURST_DURATION_VAL_MIN (0) +#define CFG_GO_SCAN_BURST_DURATION_VAL_MAX (180) +#define CFG_GO_SCAN_BURST_DURATION_VAL_DEFAULT (0) + +/* + * <ini> + * ap_scan_burst_duration - Burst duration in case of split scan when ap + * is active. + * @Min: 0 + * @Max: 32 + * @Default: 0 + * + * This ini is used to set burst duration of scan when SAP is active. + * + * Related: None. + * + * Supported Feature: Concurrency + * + * Usage: External + * + * </ini> + */ +#define CFG_AP_SCAN_BURST_DURATION_VAL "ap_scan_burst_duration" +#define CFG_AP_SCAN_BURST_DURATION_VAL_MIN (0) +#define CFG_AP_SCAN_BURST_DURATION_VAL_MAX (32) +#define CFG_AP_SCAN_BURST_DURATION_VAL_DEFAULT (0) + + #ifdef FEATURE_AP_MCC_CH_AVOIDANCE /* * <ini> @@ -13329,6 +13420,30 @@ enum hw_filter_mode { #define CFG_ENABLE_UNIT_TEST_FRAMEWORK_MAX (1) #define CFG_ENABLE_UINT_TEST_FRAMEWORK_DEFAULT (0) +/* + * <ini> + * force_rsne_override - force rsnie override from user + * @Min: 0 + * @Max: 1 + * @Default: 0 + * + * This ini is used to enable/disable test mode to force rsne override used in + * security enhancement test cases to pass the RSNIE sent by user in + * assoc request. + * + * Related: None + * + * Supported Feature: STA + * + * Usage: internal + * + * </ini> + */ +#define CFG_FORCE_RSNE_OVERRIDE_NAME "force_rsne_override" +#define CFG_FORCE_RSNE_OVERRIDE_MIN (0) +#define CFG_FORCE_RSNE_OVERRIDE_MAX (1) +#define CFG_FORCE_RSNE_OVERRIDE_DEFAULT (0) + /*--------------------------------------------------------------------------- Type declarations -------------------------------------------------------------------------*/ @@ -13911,6 +14026,10 @@ struct hdd_config { uint8_t is_sta_connection_in_5gz_enabled; uint16_t p2p_listen_defer_interval; uint32_t sta_miracast_mcc_rest_time_val; + uint32_t sta_scan_burst_duration; + uint32_t p2p_scan_burst_duration; + uint32_t go_scan_burst_duration; + uint32_t ap_scan_burst_duration; bool is_ramdump_enabled; #ifdef FEATURE_AP_MCC_CH_AVOIDANCE bool sap_channel_avoidance; @@ -14193,6 +14312,7 @@ struct hdd_config { uint32_t neighbor_report_offload_cache_timeout; uint32_t neighbor_report_offload_max_req_cap; uint8_t enable_tx_sch_delay; + bool force_rsne_override; bool roam_force_rssi_trigger; bool is_unit_test_framework_enabled; }; diff --git a/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_main.h b/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_main.h index 689084bf565d..b0701bafc630 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_main.h +++ b/drivers/staging/qcacld-3.0/core/hdd/inc/wlan_hdd_main.h @@ -65,6 +65,7 @@ #else #include "wlan_tgt_def_config.h" #endif +#include <qdf_idr.h> /** Number of Tx Queues */ #ifdef QCA_LL_TX_FLOW_CONTROL_V2 @@ -773,7 +774,7 @@ typedef struct hdd_remain_on_chan_ctx { struct ieee80211_channel chan; enum nl80211_channel_type chan_type; unsigned int duration; - u64 cookie; + int32_t id; enum rem_on_channel_request_type rem_on_chan_request; qdf_mc_timer_t hdd_remain_on_chan_timer; action_pkt_buffer_t action_pkt_buff; @@ -832,7 +833,7 @@ enum action_frm_type { typedef struct hdd_cfg80211_state_s { uint16_t current_freq; - u64 action_cookie; + int32_t action_id; uint8_t *buf; size_t len; hdd_remain_on_chan_ctx_t *remain_on_chan_ctx; @@ -1632,14 +1633,10 @@ enum smps_mode { }; /** - * struct hdd_chain_rssi_context - hdd chain rssi context - * @response_event: chain rssi request wait event - * @ignore_result: Flag to ignore the result or not - * @chain_rssi: chain rssi array + * struct hdd_chain_rssi_priv - hdd chain rssi private + * @result: chain rssi array */ -struct hdd_chain_rssi_context { - struct completion response_event; - bool ignore_result; +struct hdd_chain_rssi_priv { struct chain_rssi_result result; }; @@ -1733,14 +1730,6 @@ struct suspend_resume_stats { }; /** - * struct hdd_nud_stats_context - hdd NUD stats context - * @response_event: NUD stats request wait event - */ -struct hdd_nud_stats_context { - struct completion response_event; -}; - -/** * struct hdd_scan_chan_info - channel info * @freq: radio frequence * @cmd flag: cmd flag @@ -2026,8 +2015,6 @@ struct hdd_context_s { #ifdef WLAN_FEATURE_EXTWOW_SUPPORT bool is_extwow_app_type1_param_set; bool is_extwow_app_type2_param_set; - bool ext_wow_should_suspend; - struct completion ready_to_extwow; #endif /* Time since boot up to extscan start (in micro seconds) */ @@ -2037,6 +2024,8 @@ struct hdd_context_s { struct delayed_work roc_req_work; qdf_spinlock_t hdd_roc_req_q_lock; qdf_list_t hdd_roc_req_q; + /*QDF ID allocation */ + qdf_idr p2p_idr; qdf_spinlock_t hdd_scan_req_q_lock; qdf_list_t hdd_scan_req_q; uint8_t miracast_value; @@ -2057,7 +2046,6 @@ struct hdd_context_s { struct hdd_offloaded_packets_ctx op_ctx; #endif bool mcc_mode; - struct hdd_chain_rssi_context chain_rssi_context; struct mutex memdump_lock; uint16_t driver_dump_size; @@ -2075,8 +2063,6 @@ struct hdd_context_s { */ uint32_t fine_time_meas_cap_target; uint32_t rx_high_ind_cnt; - /* completion variable to indicate set antenna mode complete*/ - struct completion set_antenna_mode_cmpl; /* Current number of TX X RX chains being used */ enum antenna_mode current_antenna_mode; bool bpf_enabled; @@ -2125,7 +2111,6 @@ struct hdd_context_s { uint8_t curr_band; uint32_t no_of_probe_req_ouis; uint32_t *probe_req_voui; - struct hdd_nud_stats_context nud_stats_context; uint8_t bt_a2dp_active:1; uint8_t bt_vo_active:1; #ifdef FEATURE_SPECTRAL_SCAN @@ -2142,6 +2127,7 @@ struct hdd_context_s { #endif struct sta_ap_intf_check_work_ctx *sta_ap_intf_check_work_info; uint8_t active_ac; + bool force_rsne_override; qdf_wake_lock_t monitor_mode_wakelock; struct qdf_mac_addr hw_macaddr; #ifdef WLAN_POWER_DEBUGFS @@ -2212,6 +2198,7 @@ hdd_adapter_t *hdd_get_adapter_by_rand_macaddr(hdd_context_t *hdd_ctx, QDF_STATUS hdd_init_station_mode(hdd_adapter_t *pAdapter); hdd_adapter_t *hdd_get_adapter(hdd_context_t *pHddCtx, enum tQDF_ADAPTER_MODE mode); +bool hdd_is_adapter_valid(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter); void hdd_deinit_adapter(hdd_context_t *pHddCtx, hdd_adapter_t *pAdapter, bool rtnl_held); QDF_STATUS hdd_stop_adapter(hdd_context_t *pHddCtx, hdd_adapter_t *pAdapter, @@ -2449,8 +2436,6 @@ QDF_STATUS wlan_hdd_check_custom_con_channel_rules(hdd_adapter_t *sta_adapter, void wlan_hdd_stop_sap(hdd_adapter_t *ap_adapter); void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter, bool reinit); -void wlan_hdd_soc_set_antenna_mode_cb(enum set_antenna_mode_status status); - #ifdef QCA_CONFIG_SMP int wlan_hdd_get_cpu(void); #else @@ -2736,7 +2721,7 @@ static inline int wlan_hdd_validate_session_id(u8 session_id) return -EINVAL; } -bool hdd_is_roaming_in_progress(hdd_adapter_t *adapter); +bool hdd_is_roaming_in_progress(hdd_context_t *hdd_ctx); void hdd_set_roaming_in_progress(bool value); /** * hdd_check_for_opened_interfaces()- Check for interface up @@ -2752,17 +2737,6 @@ void wlan_hdd_start_sap(hdd_adapter_t *ap_adapter, bool reinit); void hdd_set_rx_mode_rps(hdd_context_t *hdd_ctx, void *padapter, bool enable); /** - * hdd_init_nud_stats_ctx() - initialize NUD stats context - * @hdd_ctx: Pointer to hdd context - * - * Return: none - */ -static inline void hdd_init_nud_stats_ctx(hdd_context_t *hdd_ctx) -{ - init_completion(&hdd_ctx->nud_stats_context.response_event); -} - -/** * hdd_dbs_scan_selection_init() - initialization for DBS scan selection config * @hdd_ctx: HDD context * @@ -2940,4 +2914,17 @@ bool hdd_is_cli_iface_up(hdd_context_t *hdd_ctx); */ void wlan_hdd_free_cache_channels(hdd_context_t *hdd_ctx); +/** + * hdd_get_nud_stats_cb() - callback api to update the stats received from FW + * @data: pointer to hdd context. + * @rsp: pointer to data received from FW. + * @context: callback context + * + * This is called when wlan driver received response event for + * get arp stats to firmware. + * + * Return: None + */ +void hdd_get_nud_stats_cb(void *data, struct rsp_stats *rsp, void *context); + #endif /* end #if !defined(WLAN_HDD_MAIN_H) */ diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_assoc.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_assoc.c index 7808ed9d7222..f517de1a0327 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_assoc.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_assoc.c @@ -1549,7 +1549,8 @@ static QDF_STATUS hdd_dis_connect_handler(hdd_adapter_t *pAdapter, WLAN_STOP_ALL_NETIF_QUEUE_N_CARRIER, WLAN_CONTROL_PATH); - if (hdd_ipa_is_enabled(pHddCtx)) + if (hdd_ipa_is_enabled(pHddCtx) && + (pHddStaCtx->conn_info.staId[0] != HDD_WLAN_INVALID_STA_ID)) hdd_ipa_wlan_evt(pAdapter, pHddStaCtx->conn_info.staId[0], HDD_IPA_STA_DISCONNECT, pHddStaCtx->conn_info.bssId.bytes); @@ -2444,6 +2445,14 @@ static QDF_STATUS hdd_association_completion_handler(hdd_adapter_t *pAdapter, hdd_err("config is NULL"); return QDF_STATUS_E_NULL_VALUE; } + + /* + * Enable roaming on other STA iface except this one. + * Firmware dosent support connection on one STA iface while + * roaming on other STA iface + */ + wlan_hdd_enable_roaming(pAdapter); + /* HDD has initiated disconnect, do not send connect result indication * to kernel as it will be handled by __cfg80211_disconnect. */ @@ -4792,6 +4801,12 @@ static void hdd_roam_channel_switch_handler(hdd_adapter_t *adapter, hdd_debug("channel switch for session:%d to channel:%d", adapter->sessionId, roam_info->chan_info.chan_id); + /* Enable Roaming on the interface which was disabled before CSA */ + if (adapter->device_mode == QDF_STA_MODE) + sme_start_roaming(WLAN_HDD_GET_HAL_CTX(adapter), + adapter->sessionId, + REASON_DRIVER_ENABLED); + chan_change.chan = roam_info->chan_info.chan_id; chan_change.chan_params.ch_width = roam_info->chan_info.ch_width; @@ -4841,6 +4856,7 @@ hdd_sme_roam_callback(void *pContext, tCsrRoamInfo *pRoamInfo, uint32_t roamId, hdd_station_ctx_t *pHddStaCtx = NULL; QDF_STATUS status = QDF_STATUS_SUCCESS; struct cfg80211_bss *bss_status; + hdd_context_t *pHddCtx; hdd_debug("CSR Callback: status= %d result= %d roamID=%d", roamStatus, roamResult, roamId); @@ -4853,6 +4869,7 @@ hdd_sme_roam_callback(void *pContext, tCsrRoamInfo *pRoamInfo, uint32_t roamId, pWextState = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter); pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR(pAdapter); + pHddCtx = WLAN_HDD_GET_CTX(pAdapter); /* Omitting eCSR_ROAM_UPDATE_SCAN_RESULT as this is too frequent */ if (eCSR_ROAM_UPDATE_SCAN_RESULT != roamStatus) @@ -5190,6 +5207,7 @@ hdd_sme_roam_callback(void *pContext, tCsrRoamInfo *pRoamInfo, uint32_t roamId, pAdapter->roam_ho_fail = false; pHddStaCtx->ft_carrier_on = false; complete(&pAdapter->roaming_comp_var); + schedule_delayed_work(&pHddCtx->roc_req_work, 0); break; default: @@ -5401,8 +5419,8 @@ static int32_t hdd_process_genie(hdd_adapter_t *pAdapter, uint32_t ret; uint8_t *pRsnIe; uint16_t RSNIeLen; - tDot11fIERSN dot11RSNIE; - tDot11fIEWPA dot11WPAIE; + tDot11fIERSN dot11RSNIE = {0}; + tDot11fIEWPA dot11WPAIE = {0}; tHalHandle halHandle = WLAN_HDD_GET_HAL_CTX(pAdapter); /* @@ -5425,21 +5443,23 @@ static int32_t hdd_process_genie(hdd_adapter_t *pAdapter, pRsnIe = gen_ie + 2; RSNIeLen = gen_ie_len - 2; /* Unpack the RSN IE */ - ret = dot11f_unpack_ie_rsn((tpAniSirGlobal) halHandle, - pRsnIe, RSNIeLen, &dot11RSNIE, - false); - if (DOT11F_FAILED(ret)) { + ret = sme_unpack_rsn_ie(halHandle, pRsnIe, RSNIeLen, + &dot11RSNIE, false); + if (!DOT11F_SUCCEEDED(ret)) { hdd_err("unpack failed, ret: 0x%x", ret); return -EINVAL; } + + hdd_debug("gp_cipher_suite_present: %d", + dot11RSNIE.gp_cipher_suite_present); /* Copy out the encryption and authentication types */ hdd_debug("pairwise cipher suite count: %d", dot11RSNIE.pwise_cipher_suite_count); hdd_debug("authentication suite count: %d", - dot11RSNIE.akm_suite_count); + dot11RSNIE.akm_suite_cnt); *pAuthType = hdd_translate_rsn_to_csr_auth_type( - dot11RSNIE.akm_suites[0]); + dot11RSNIE.akm_suite[0]); /* dot11RSNIE.pwise_cipher_suite_count */ *pEncryptType = hdd_translate_rsn_to_csr_encryption_type( @@ -5496,6 +5516,36 @@ static int32_t hdd_process_genie(hdd_adapter_t *pAdapter, } /** + * hdd_set_def_rsne_override() - set default encryption type and auth type + * in profile. + * @roam_profile: pointer to adapter + * @auth_type: pointer to auth type + * + * Set default value of encryption type and auth type in profile to + * search the AP using filter, as in force_rsne_override the RSNIE can be + * corrupt and we might not get the proper encryption type and auth type + * while parsing the RSNIE. + * + * Return: void + */ +static void hdd_set_def_rsne_override(tCsrRoamProfile *roam_profile, + eCsrAuthType *auth_type) +{ + hdd_debug("Set def values in roam profile"); + roam_profile->MFPCapable = roam_profile->MFPEnabled; + roam_profile->EncryptionType.numEntries = 2; + roam_profile->mcEncryptionType.numEntries = 2; + /* Use the cipher type in the RSN IE */ + roam_profile->EncryptionType.encryptionType[0] = eCSR_ENCRYPT_TYPE_AES; + roam_profile->EncryptionType.encryptionType[1] = eCSR_ENCRYPT_TYPE_TKIP; + roam_profile->mcEncryptionType.encryptionType[0] = + eCSR_ENCRYPT_TYPE_AES; + roam_profile->mcEncryptionType.encryptionType[1] = + eCSR_ENCRYPT_TYPE_TKIP; + *auth_type = eCSR_AUTH_TYPE_RSN_PSK; +} + +/** * hdd_set_genie_to_csr() - set genie to csr * @pAdapter: pointer to adapter * @RSNAuthType: pointer to auth type @@ -5508,6 +5558,7 @@ int hdd_set_genie_to_csr(hdd_adapter_t *pAdapter, eCsrAuthType *RSNAuthType) uint32_t status = 0; eCsrEncryptionType RSNEncryptType; eCsrEncryptionType mcRSNEncryptType; + hdd_context_t *hdd_ctx; #ifdef WLAN_FEATURE_11W uint8_t RSNMfpRequired = 0; uint8_t RSNMfpCapable = 0; @@ -5524,8 +5575,10 @@ int hdd_set_genie_to_csr(hdd_adapter_t *pAdapter, eCsrAuthType *RSNAuthType) } else { return 0; } - /* The actual processing may eventually be more extensive than this. */ - /* Right now, just consume any PMKIDs that are sent in by the app. */ + + /* The actual processing may eventually be more extensive than this. + * Right now, just consume any PMKIDs that are sent in by the app. + */ status = hdd_process_genie(pAdapter, bssid, &RSNEncryptType, &mcRSNEncryptType, RSNAuthType, @@ -5572,7 +5625,33 @@ int hdd_set_genie_to_csr(hdd_adapter_t *pAdapter, eCsrAuthType *RSNAuthType) hdd_debug("CSR AuthType = %d, EncryptionType = %d mcEncryptionType = %d", *RSNAuthType, RSNEncryptType, mcRSNEncryptType); } - return 0; + hdd_ctx = WLAN_HDD_GET_CTX(pAdapter); + if (hdd_ctx->force_rsne_override && + (pWextState->WPARSNIE[0] == DOT11F_EID_RSN)) { + hdd_warn("Test mode enabled set def Auth and enc type. RSN IE passed in connect req:"); + qdf_trace_hex_dump(QDF_MODULE_ID_HDD, QDF_TRACE_LEVEL_WARN, + pWextState->roamProfile.pRSNReqIE, + pWextState->roamProfile.nRSNReqIELength); + pWextState->roamProfile.force_rsne_override = true; + + hdd_debug("MFPEnabled %d", pWextState->roamProfile.MFPEnabled); + /* + * Reset MFPEnabled if testmode RSNE passed doesnt have MFPR + * or MFPC bit set + */ + if (pWextState->roamProfile.MFPEnabled && + !(pWextState->roamProfile.MFPRequired || + pWextState->roamProfile.MFPCapable)) { + hdd_debug("Reset MFPEnabled"); + pWextState->roamProfile.MFPEnabled = 0; + } + /* If parsing failed set the def value for the roam profile */ + if (status) + hdd_set_def_rsne_override(&pWextState->roamProfile, + RSNAuthType); + return 0; + } + return status; } #ifdef WLAN_FEATURE_FILS_SK diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg.c index 82be7b1cb71b..9d3f62e19ad8 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg.c @@ -3599,6 +3599,34 @@ struct reg_table_entry g_registry_table[] = { CFG_STA_MIRACAST_MCC_REST_TIME_VAL_MIN, CFG_STA_MIRACAST_MCC_REST_TIME_VAL_MAX), + REG_VARIABLE(CFG_STA_SCAN_BURST_DURATION_VAL, WLAN_PARAM_Integer, + struct hdd_config, sta_scan_burst_duration, + VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT, + CFG_STA_SCAN_BURST_DURATION_VAL_DEFAULT, + CFG_STA_SCAN_BURST_DURATION_VAL_MIN, + CFG_STA_SCAN_BURST_DURATION_VAL_MAX), + + REG_VARIABLE(CFG_P2P_SCAN_BURST_DURATION_VAL, WLAN_PARAM_Integer, + struct hdd_config, p2p_scan_burst_duration, + VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT, + CFG_P2P_SCAN_BURST_DURATION_VAL_DEFAULT, + CFG_P2P_SCAN_BURST_DURATION_VAL_MIN, + CFG_P2P_SCAN_BURST_DURATION_VAL_MAX), + + REG_VARIABLE(CFG_GO_SCAN_BURST_DURATION_VAL, WLAN_PARAM_Integer, + struct hdd_config, go_scan_burst_duration, + VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT, + CFG_GO_SCAN_BURST_DURATION_VAL_DEFAULT, + CFG_GO_SCAN_BURST_DURATION_VAL_MIN, + CFG_GO_SCAN_BURST_DURATION_VAL_MAX), + + REG_VARIABLE(CFG_AP_SCAN_BURST_DURATION_VAL, WLAN_PARAM_Integer, + struct hdd_config, ap_scan_burst_duration, + VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT, + CFG_AP_SCAN_BURST_DURATION_VAL_DEFAULT, + CFG_AP_SCAN_BURST_DURATION_VAL_MIN, + CFG_AP_SCAN_BURST_DURATION_VAL_MAX), + #ifdef FEATURE_AP_MCC_CH_AVOIDANCE REG_VARIABLE(CFG_SAP_MCC_CHANNEL_AVOIDANCE_NAME, WLAN_PARAM_Integer, @@ -5289,6 +5317,13 @@ struct reg_table_entry g_registry_table[] = { CFG_TX_SCH_DELAY_MIN, CFG_TX_SCH_DELAY_MAX), + REG_VARIABLE(CFG_FORCE_RSNE_OVERRIDE_NAME, WLAN_PARAM_Integer, + struct hdd_config, force_rsne_override, + VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT, + CFG_FORCE_RSNE_OVERRIDE_DEFAULT, + CFG_FORCE_RSNE_OVERRIDE_MIN, + CFG_FORCE_RSNE_OVERRIDE_MAX), + REG_VARIABLE(CFG_ROAM_FORCE_RSSI_TRIGGER_NAME, WLAN_PARAM_Integer, struct hdd_config, roam_force_rssi_trigger, @@ -7109,6 +7144,10 @@ void hdd_cfg_print(hdd_context_t *pHddCtx) CFG_TX_SCH_DELAY_NAME, pHddCtx->config->enable_tx_sch_delay); + hdd_debug("Name = [%s] Value = [%u]", + CFG_FORCE_RSNE_OVERRIDE_NAME, + pHddCtx->config->force_rsne_override); + hdd_cfg_print_11k_offload_params(pHddCtx); hdd_debug("Name = [%s] Value = [%u]", CFG_ROAM_FORCE_RSSI_TRIGGER_NAME, @@ -9548,6 +9587,14 @@ QDF_STATUS hdd_set_sme_config(hdd_context_t *pHddCtx) smeConfig->csrConfig.f_sta_miracast_mcc_rest_time_val = pHddCtx->config->sta_miracast_mcc_rest_time_val; + smeConfig->csrConfig.sta_scan_burst_duration = + pHddCtx->config->sta_scan_burst_duration; + smeConfig->csrConfig.p2p_scan_burst_duration = + pHddCtx->config->p2p_scan_burst_duration; + smeConfig->csrConfig.go_scan_burst_duration = + pHddCtx->config->go_scan_burst_duration; + smeConfig->csrConfig.ap_scan_burst_duration = + pHddCtx->config->ap_scan_burst_duration; #ifdef FEATURE_AP_MCC_CH_AVOIDANCE smeConfig->csrConfig.sap_channel_avoidance = pHddCtx->config->sap_channel_avoidance; diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.c index 000ac4ce0c85..3ebfdaa003af 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.c @@ -1588,10 +1588,17 @@ static int __wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy, if (status) return status; + if (!((adapter->device_mode == QDF_SAP_MODE) || + (adapter->device_mode == QDF_P2P_GO_MODE))) { + hdd_err("Invalid device mode %d", adapter->device_mode); + return -EINVAL; + } + if (cds_is_sub_20_mhz_enabled()) { hdd_err("ACS not supported in sub 20 MHz ch wd."); return -EINVAL; } + if (qdf_atomic_read(&adapter->sessionCtx.ap.acs_in_progress) > 0) { hdd_err("ACS rejected as previous req already in progress"); return -EINVAL; @@ -5405,6 +5412,7 @@ wlan_hdd_wifi_config_policy[QCA_WLAN_VENDOR_ATTR_CONFIG_MAX + 1] = { [QCA_WLAN_VENDOR_ATTR_CONFIG_LRO] = {.type = NLA_U8 }, [QCA_WLAN_VENDOR_ATTR_CONFIG_TOTAL_BEACON_MISS_COUNT] = { .type = NLA_U8}, + [QCA_WLAN_VENDOR_ATTR_CONFIG_RSN_IE] = {.type = NLA_U8}, }; /** @@ -5644,6 +5652,11 @@ __wlan_hdd_cfg80211_wifi_configuration_set(struct wiphy *wiphy, override_li = nla_get_u32( tb[QCA_WLAN_VENDOR_ATTR_CONFIG_LISTEN_INTERVAL]); + if (override_li > CFG_ENABLE_DYNAMIC_DTIM_MAX) { + hdd_err("Invalid value for listen interval - %d", + override_li); + return -EINVAL; + } status = sme_override_listen_interval(hdd_ctx->hHal, adapter->sessionId, override_li); @@ -6137,6 +6150,21 @@ __wlan_hdd_cfg80211_wifi_configuration_set(struct wiphy *wiphy, } + if (tb[QCA_WLAN_VENDOR_ATTR_CONFIG_RSN_IE] && + hdd_ctx->config->force_rsne_override) { + uint8_t force_rsne_override; + + force_rsne_override = + nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_CONFIG_RSN_IE]); + if (force_rsne_override > 1) { + hdd_err("Invalid test_mode %d", force_rsne_override); + ret_val = -EINVAL; + } + + hdd_ctx->force_rsne_override = force_rsne_override; + hdd_debug("force_rsne_override - %d", + hdd_ctx->force_rsne_override); + } return ret_val; } @@ -6201,7 +6229,7 @@ static int __wlan_hdd_cfg80211_wifi_logger_start(struct wiphy *wiphy, QDF_STATUS status; hdd_context_t *hdd_ctx = wiphy_priv(wiphy); struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_WIFI_LOGGER_START_MAX + 1]; - struct sir_wifi_start_log start_log; + struct sir_wifi_start_log start_log = { 0 }; ENTER_DEV(wdev->netdev); @@ -6253,6 +6281,8 @@ static int __wlan_hdd_cfg80211_wifi_logger_start(struct wiphy *wiphy, tb[QCA_WLAN_VENDOR_ATTR_WIFI_LOGGER_FLAGS]); hdd_debug("is_iwpriv_command =%d", start_log.is_iwpriv_command); + start_log.user_triggered = 1; + /* size is buff size which can be set using iwpriv command*/ start_log.size = 0; start_log.is_pktlog_buff_clear = false; @@ -10725,31 +10755,34 @@ end: * * Return: 0 for success, non-zero for failure */ -static int hdd_post_get_chain_rssi_rsp(hdd_context_t *hdd_ctx) +static int hdd_post_get_chain_rssi_rsp(hdd_context_t *hdd_ctx, + struct hdd_chain_rssi_priv *priv) { struct sk_buff *skb = NULL; - int data_len = sizeof(hdd_ctx->chain_rssi_context.result); + int data_len = sizeof(priv->result); + int rc; skb = cfg80211_vendor_cmd_alloc_reply_skb(hdd_ctx->wiphy, data_len+NLMSG_HDRLEN); if (!skb) { - hdd_err(FL("cfg80211_vendor_event_alloc failed")); + hdd_err("cfg80211_vendor_event_alloc failed"); return -ENOMEM; } - if (nla_put(skb, QCA_WLAN_VENDOR_ATTR_CHAIN_RSSI, data_len, - &hdd_ctx->chain_rssi_context.result)) { - hdd_err(FL("put fail")); + rc = nla_put(skb, QCA_WLAN_VENDOR_ATTR_CHAIN_RSSI, data_len, + &priv->result); + if (rc) { + hdd_err("put fail"); goto nla_put_failure; } cfg80211_vendor_cmd_reply(skb); - return 0; + return rc; nla_put_failure: kfree_skb(skb); - return -EINVAL; + return rc; } /** @@ -10769,13 +10802,18 @@ static int __wlan_hdd_cfg80211_get_chain_rssi(struct wiphy *wiphy, hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(wdev->netdev); struct get_chain_rssi_req_params req_msg; hdd_context_t *hdd_ctx = wiphy_priv(wiphy); - struct hdd_chain_rssi_context *context; + struct hdd_chain_rssi_priv *priv; struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_MAX + 1]; QDF_STATUS status; int retval; - unsigned long rc; const int mac_len = sizeof(req_msg.peer_macaddr); int msg_len; + struct hdd_request *request; + void *cookie; + static struct hdd_request_params params = { + .priv_size = sizeof(*priv), + .timeout_ms = WLAN_WAIT_TIME_CHAIN_RSSI, + }; ENTER(); @@ -10806,33 +10844,42 @@ static int __wlan_hdd_cfg80211_get_chain_rssi(struct wiphy *wiphy, nla_data(tb[QCA_WLAN_VENDOR_ATTR_MAC_ADDR]), mac_len); req_msg.session_id = pAdapter->sessionId; - spin_lock(&hdd_context_lock); - context = &hdd_ctx->chain_rssi_context; - INIT_COMPLETION(context->response_event); - context->ignore_result = false; - spin_unlock(&hdd_context_lock); + request = hdd_request_alloc(¶ms); + if (!request) { + hdd_err("Request Allocation Failure"); + return -ENOMEM; + } + + cookie = hdd_request_cookie(request); + + priv = hdd_request_priv(request); + + sme_chain_rssi_register_callback(hdd_ctx->hHal, + wlan_hdd_cfg80211_chainrssi_callback, + cookie); status = sme_get_chain_rssi(hdd_ctx->hHal, &req_msg); if (!QDF_IS_STATUS_SUCCESS(status)) { - hdd_err(FL("sme_get_chain_rssi failed(err=%d)"), status); - return -EINVAL; + hdd_err("sme_get_chain_rssi failed(err=%d)", status); + retval = -EINVAL; + goto exit; } - rc = wait_for_completion_timeout(&context->response_event, - msecs_to_jiffies(WLAN_WAIT_TIME_CHAIN_RSSI)); - if (!rc) { - hdd_err(FL("Target response timed out")); - spin_lock(&hdd_context_lock); - context->ignore_result = true; - spin_unlock(&hdd_context_lock); - return -ETIMEDOUT; + retval = hdd_request_wait_for_response(request); + if (retval) { + hdd_err("Target response timed out for get chain rssi"); + retval = -ETIMEDOUT; + goto exit; } - retval = hdd_post_get_chain_rssi_rsp(hdd_ctx); + retval = hdd_post_get_chain_rssi_rsp(hdd_ctx, priv); if (retval) - hdd_err(FL("Failed to send chain rssi to user space")); + hdd_err("Failed to send chain rssi to user space"); EXIT(); +exit: + sme_chain_rssi_deregister_callback(hdd_ctx->hHal); + hdd_request_put(request); return retval; } @@ -10858,35 +10905,27 @@ static int wlan_hdd_cfg80211_get_chain_rssi(struct wiphy *wiphy, return ret; } -void wlan_hdd_cfg80211_chainrssi_callback(void *ctx, void *pmsg) +void wlan_hdd_cfg80211_chainrssi_callback(void *ctx, void *pmsg, void *cookie) { - hdd_context_t *hdd_ctx = (hdd_context_t *)ctx; struct chain_rssi_result *data = (struct chain_rssi_result *)pmsg; - struct hdd_chain_rssi_context *context; - bool ignore_result; + struct hdd_chain_rssi_priv *priv; + struct hdd_request *request = NULL; ENTER(); - if (wlan_hdd_validate_context(hdd_ctx)) - return; - - spin_lock(&hdd_context_lock); - context = &hdd_ctx->chain_rssi_context; - ignore_result = context->ignore_result; - - if (ignore_result) { - hdd_err(FL("Ignore the result received after timeout")); - spin_unlock(&hdd_context_lock); + request = hdd_request_get(cookie); + if (!request) { + hdd_err("Obselete request"); return; } - memcpy(&context->result, data->chain_rssi, - sizeof(data->chain_rssi)); + priv = hdd_request_priv(request); - complete(&context->response_event); - spin_unlock(&hdd_context_lock); + memcpy(&priv->result, data, sizeof(*data)); - return; + hdd_request_complete(request); + hdd_request_put(request); + EXIT(); } /** @@ -11500,14 +11539,18 @@ static int __wlan_hdd_cfg80211_get_nud_stats(struct wiphy *wiphy, const void *data, int data_len) { int err = 0; - unsigned long rc; - struct hdd_nud_stats_context *context; struct net_device *dev = wdev->netdev; hdd_adapter_t *adapter = WLAN_HDD_GET_PRIV_PTR(dev); hdd_context_t *hdd_ctx = wiphy_priv(wiphy); struct get_arp_stats_params arp_stats_params; uint32_t pkt_type_bitmap; struct sk_buff *skb; + struct hdd_request *request = NULL; + static const struct hdd_request_params params = { + .priv_size = 0, + .timeout_ms = WLAN_WAIT_TIME_NUD_STATS, + }; + void *cookie = NULL; ENTER(); @@ -11524,14 +11567,23 @@ static int __wlan_hdd_cfg80211_get_nud_stats(struct wiphy *wiphy, if (err) return err; + if (adapter->device_mode != QDF_STA_MODE) { + QDF_TRACE(QDF_MODULE_ID_HDD, QDF_TRACE_LEVEL_ERROR, + "%s STATS supported in only STA mode !!", __func__); + return -EINVAL; + } + + request = hdd_request_alloc(¶ms); + if (!request) { + hdd_err("Request allocation failure"); + return -ENOMEM; + } + + cookie = hdd_request_cookie(request); + arp_stats_params.pkt_type = WLAN_NUD_STATS_ARP_PKT_TYPE; arp_stats_params.vdev_id = adapter->sessionId; - spin_lock(&hdd_context_lock); - context = &hdd_ctx->nud_stats_context; - INIT_COMPLETION(context->response_event); - spin_unlock(&hdd_context_lock); - pkt_type_bitmap = adapter->pkt_type_bitmap; /* send NUD failure event only when ARP tracking is enabled. */ @@ -11543,19 +11595,26 @@ static int __wlan_hdd_cfg80211_get_nud_stats(struct wiphy *wiphy, 0xFF, 0XFF, DATA_STALL_LOG_RECOVERY_TRIGGER_PDR); + if (sme_set_nud_debug_stats_cb(hdd_ctx->hHal, hdd_get_nud_stats_cb, + cookie) != QDF_STATUS_SUCCESS) { + hdd_err("Setting NUD debug stats callback failure"); + err = -EINVAL; + goto exit; + } + if (QDF_STATUS_SUCCESS != sme_get_nud_debug_stats(hdd_ctx->hHal, &arp_stats_params)) { QDF_TRACE(QDF_MODULE_ID_HDD, QDF_TRACE_LEVEL_ERROR, "%s STATS_SET_START CMD Failed!!", __func__); - return -EINVAL; + err = -EINVAL; + goto exit; } - rc = wait_for_completion_timeout(&context->response_event, - msecs_to_jiffies( - WLAN_WAIT_TIME_NUD_STATS)); - if (!rc) { - hdd_err("Target response timed out request "); - return -ETIMEDOUT; + err = hdd_request_wait_for_response(request); + if (err) { + hdd_err("SME timedout while retrieving NUD stats"); + err = -ETIMEDOUT; + goto exit; } skb = cfg80211_vendor_cmd_alloc_reply_skb(wiphy, @@ -11563,7 +11622,8 @@ static int __wlan_hdd_cfg80211_get_nud_stats(struct wiphy *wiphy, if (!skb) { hdd_err("%s: cfg80211_vendor_cmd_alloc_reply_skb failed", __func__); - return -ENOMEM; + err = -ENOMEM; + goto exit; } if (nla_put_u16(skb, COUNT_FROM_NETDEV, @@ -11585,7 +11645,8 @@ static int __wlan_hdd_cfg80211_get_nud_stats(struct wiphy *wiphy, rx_host_drop_reorder)) { hdd_err("nla put fail"); kfree_skb(skb); - return -EINVAL; + err = -EINVAL; + goto exit; } if (adapter->con_status) nla_put_flag(skb, AP_LINK_ACTIVE); @@ -11601,6 +11662,8 @@ static int __wlan_hdd_cfg80211_get_nud_stats(struct wiphy *wiphy, } cfg80211_vendor_cmd_reply(skb); +exit: + hdd_request_put(request); return err; } @@ -16060,6 +16123,11 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter, goto ret_status; } + /* + * Disable roaming on all other adapters before connect start + */ + wlan_hdd_disable_roaming(pAdapter); + disable_fw_tdls_state = true; wlan_hdd_check_conc_and_update_tdls_state(pHddCtx, disable_fw_tdls_state); @@ -16107,7 +16175,11 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter, qdf_mem_copy((void *)(pRoamProfile->SSIDs.SSIDList->SSID.ssId), ssid, ssid_len); - pRoamProfile->do_not_roam = !pAdapter->fast_roaming_allowed; + pRoamProfile->supplicant_disabled_roaming = + !pAdapter->fast_roaming_allowed; + pRoamProfile->roaming_allowed_on_iface = + pAdapter->fast_roaming_allowed; + /* cleanup bssid hint */ qdf_mem_zero(pRoamProfile->bssid_hint.bytes, QDF_MAC_ADDR_SIZE); @@ -16116,7 +16188,7 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter, if (bssid) { pRoamProfile->BSSIDs.numOfBSSIDs = 1; - pRoamProfile->do_not_roam = true; + pRoamProfile->supplicant_disabled_roaming = true; qdf_mem_copy((void *)(pRoamProfile->BSSIDs.bssid), bssid, QDF_MAC_ADDR_SIZE); /* @@ -16268,7 +16340,7 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter, cds_handle_conc_rule1(pAdapter, pRoamProfile); if (true != cds_handle_conc_rule2( pAdapter, pRoamProfile, &roamId)) { - status = 0; + status = -EINVAL; goto conn_failure; } } @@ -16381,6 +16453,13 @@ ret_status: if (disable_fw_tdls_state) wlan_hdd_check_conc_and_update_tdls_state(pHddCtx, false); + /* + * Enable roaming on other STA adapter for failure case. + * For success case, it is enabled in assoc completion handler + */ + if (status) + wlan_hdd_enable_roaming(pAdapter); + EXIT(); return status; } @@ -17365,9 +17444,11 @@ int wlan_hdd_try_disconnect(hdd_adapter_t *pAdapter) { unsigned long rc; hdd_station_ctx_t *pHddStaCtx; + hdd_context_t *hdd_ctx; int status, result = 0; tHalHandle hal; + hdd_ctx = WLAN_HDD_GET_CTX(pAdapter); pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR(pAdapter); hal = WLAN_HDD_GET_HAL_CTX(pAdapter); if (pAdapter->device_mode == QDF_STA_MODE) { @@ -17381,7 +17462,7 @@ int wlan_hdd_try_disconnect(hdd_adapter_t *pAdapter) * */ INIT_COMPLETION(pAdapter->roaming_comp_var); - if (hdd_is_roaming_in_progress(pAdapter)) { + if (hdd_is_roaming_in_progress(hdd_ctx)) { rc = wait_for_completion_timeout( &pAdapter->roaming_comp_var, msecs_to_jiffies(WLAN_WAIT_TIME_STOP_ROAM)); @@ -17737,7 +17818,7 @@ int wlan_hdd_disconnect(hdd_adapter_t *pAdapter, u16 reason) * */ INIT_COMPLETION(pAdapter->roaming_comp_var); - if (hdd_is_roaming_in_progress(pAdapter)) { + if (hdd_is_roaming_in_progress(pHddCtx)) { rc = wait_for_completion_timeout( &pAdapter->roaming_comp_var, msecs_to_jiffies(WLAN_WAIT_TIME_STOP_ROAM)); diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.h b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.h index debfa7c07869..37170f70e501 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.h +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_cfg80211.h @@ -459,12 +459,14 @@ void wlan_hdd_rso_cmd_status_cb(void *ctx, struct rso_cmd_status *rso_status); /** * wlan_hdd_cfg80211_chainrssi_callback - chainrssi callback - * @ctx: hdd context + * @hdd_ctx: hdd context * @pmsg: pmsg + * @context: callback context * * Return: void */ -void wlan_hdd_cfg80211_chainrssi_callback(void *ctx, void *pmsg); +void wlan_hdd_cfg80211_chainrssi_callback(void *hdd_ctx, void *pmsg, + void *context); void hdd_rssi_threshold_breached(void *hddctx, struct rssi_breach_event *data); diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_disa.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_disa.c index d12b0f4f7622..3499838264f7 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_disa.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_disa.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2016-2018 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -480,6 +480,11 @@ static int __wlan_hdd_cfg80211_encrypt_decrypt_msg(struct wiphy *wiphy, adapter = WLAN_HDD_GET_PRIV_PTR(dev); + if (hdd_ctx->config->is_ps_enabled) { + hdd_debug("DISA is not supported when PS is enabled"); + return -EINVAL; + } + ret = hdd_encrypt_decrypt_msg(adapter, hdd_ctx, data, data_len); return ret; diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_driver_ops.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_driver_ops.c index c571ed1a68c7..63b24dc9c375 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_driver_ops.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_driver_ops.c @@ -390,8 +390,6 @@ static int wlan_hdd_probe(struct device *dev, void *bdev, const struct hif_bus_i hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_DRIVER_INIT); hdd_remove_pm_qos(dev); - cds_clear_fw_state(CDS_FW_STATE_DOWN); - cds_set_driver_in_bad_state(false); probe_fail_cnt = 0; re_init_fail_cnt = 0; @@ -417,7 +415,6 @@ err_hdd_deinit: hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_DRIVER_INIT); hdd_remove_pm_qos(dev); - cds_clear_fw_state(CDS_FW_STATE_DOWN); hdd_stop_driver_ops_timer(); mutex_unlock(&hdd_init_deinit_lock); return ret; @@ -1316,9 +1313,8 @@ static void wlan_hdd_set_the_pld_uevent(struct pld_uevent_data *uevent) case PLD_RECOVERY: cds_set_recovery_in_progress(true); break; - case PLD_FW_DOWN: - cds_set_fw_state(CDS_FW_STATE_DOWN); - break; + default: + return; } } diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ext_scan.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ext_scan.c index 69e9314c0b95..425dd1196787 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ext_scan.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ext_scan.c @@ -4366,23 +4366,6 @@ int wlan_hdd_cfg80211_reset_passpoint_list(struct wiphy *wiphy, #undef PARAM_ROAM_PLMN /** - * wlan_hdd_init_completion_extwow() - Initialize ext wow variable - * @hdd_ctx: Global HDD context - * - * Return: none - */ -#ifdef WLAN_FEATURE_EXTWOW_SUPPORT -static inline void wlan_hdd_init_completion_extwow(hdd_context_t *pHddCtx) -{ - init_completion(&pHddCtx->ready_to_extwow); -} -#else -static inline void wlan_hdd_init_completion_extwow(hdd_context_t *pHddCtx) -{ -} -#endif - -/** * wlan_hdd_cfg80211_extscan_init() - Initialize the ExtScan feature * @hdd_ctx: Global HDD context * @@ -4390,7 +4373,6 @@ static inline void wlan_hdd_init_completion_extwow(hdd_context_t *pHddCtx) */ void wlan_hdd_cfg80211_extscan_init(hdd_context_t *hdd_ctx) { - wlan_hdd_init_completion_extwow(hdd_ctx); init_completion(&ext_scan_context.response_event); spin_lock_init(&ext_scan_context.context_lock); } diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_hostapd.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_hostapd.c index 37d78131da8c..dbd1797b1651 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_hostapd.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_hostapd.c @@ -2648,8 +2648,8 @@ int hdd_softap_unpack_ie(tHalHandle halHandle, uint32_t ret; uint8_t *pRsnIe; uint16_t RSNIeLen; - tDot11fIERSN dot11RSNIE; - tDot11fIEWPA dot11WPAIE; + tDot11fIERSN dot11RSNIE = {0}; + tDot11fIEWPA dot11WPAIE = {0}; if (NULL == halHandle) { hdd_err("Error haHandle returned NULL"); @@ -2672,25 +2672,27 @@ int hdd_softap_unpack_ie(tHalHandle halHandle, RSNIeLen = gen_ie_len - 2; /* Unpack the RSN IE */ memset(&dot11RSNIE, 0, sizeof(tDot11fIERSN)); - ret = dot11f_unpack_ie_rsn((tpAniSirGlobal) halHandle, - pRsnIe, RSNIeLen, &dot11RSNIE, - false); - if (DOT11F_FAILED(ret)) { + ret = sme_unpack_rsn_ie(halHandle, pRsnIe, RSNIeLen, + &dot11RSNIE, false); + if (!DOT11F_SUCCEEDED(ret)) { hdd_err("unpack failed, ret: 0x%x", ret); return -EINVAL; } + + hdd_debug("gp_cipher_suite_present: %d", + dot11RSNIE.gp_cipher_suite_present); /* Copy out the encryption and authentication types */ hdd_debug("pairwise cipher suite count: %d", dot11RSNIE.pwise_cipher_suite_count); hdd_debug("authentication suite count: %d", - dot11RSNIE.akm_suite_count); + dot11RSNIE.akm_suite_cnt); /* Here we have followed the apple base code, * but probably I suspect we can do something different * dot11RSNIE.akm_suite_count * Just translate the FIRST one */ *pAuthType = - hdd_translate_rsn_to_csr_auth_type(dot11RSNIE.akm_suites[0]); + hdd_translate_rsn_to_csr_auth_type(dot11RSNIE.akm_suite[0]); /* dot11RSNIE.pwise_cipher_suite_count */ *pEncryptType = hdd_translate_rsn_to_csr_encryption_type(dot11RSNIE. @@ -7984,7 +7986,6 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, tpWLAN_SAPEventCB pSapEventCallback; hdd_hostapd_state_t *pHostapdState; tHalHandle hHal = WLAN_HDD_GET_HAL_CTX(pHostapdAdapter); - struct qc_mac_acl_entry *acl_entry = NULL; int32_t i; struct hdd_config *iniConfig; hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pHostapdAdapter); @@ -8036,11 +8037,28 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, wlan_hdd_disconnect(sta_adapter, eCSR_DISCONNECT_REASON_DEAUTH); } + /* + * Reject start bss if reassoc in progress on any adapter. + * sme_is_any_session_in_middle_of_roaming is for LFR2 and + * hdd_is_roaming_in_progress is for LFR3 + */ + if (sme_is_any_session_in_middle_of_roaming(hHal) || + hdd_is_roaming_in_progress(pHddCtx)) { + hdd_info("Reassociation in progress"); + ret = -EINVAL; + goto ret_status; + } + + /* + * Disable Roaming on all adapters before starting bss + */ + wlan_hdd_disable_roaming(pHostapdAdapter); + sme_config = qdf_mem_malloc(sizeof(tSmeConfigParams)); if (!sme_config) { hdd_err("failed to allocate memory"); ret = -EINVAL; - goto ret_status; + goto enable_roaming; } iniConfig = pHddCtx->config; @@ -8058,6 +8076,11 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, hdd_err("Can't start BSS: update channel list failed"); return -EINVAL; } + + /* check if STA is on indoor channel*/ + if (cds_is_force_scc()) + hdd_check_and_disconnect_sta_on_invalid_channel( + pHddCtx); } if (pHostapdAdapter->device_mode == QDF_SAP_MODE) { @@ -8221,8 +8244,10 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, pIe = wlan_hdd_get_wps_ie_ptr(pBeacon->tail, pBeacon->tail_len); if (pIe) { - if (pIe[1] < (2 + WPS_OUI_TYPE_SIZE)) { - hdd_err("**Wps Ie Length is too small***"); + /* To acess pIe[15], length needs to be atlest 14 */ + if (pIe[1] < 14) { + hdd_err("**Wps Ie Length(%hhu) is too small***", + pIe[1]); ret = -EINVAL; goto error; } else if (memcmp(&pIe[2], WPS_OUI_TYPE, WPS_OUI_TYPE_SIZE) == @@ -8389,60 +8414,6 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, pConfig->cc_switch_mode = iniConfig->WlanMccToSccSwitchMode; #endif - pIe = - wlan_hdd_get_vendor_oui_ie_ptr(BLACKLIST_OUI_TYPE, - WPA_OUI_TYPE_SIZE, pBeacon->tail, - pBeacon->tail_len); - - /* pIe for black list is following form: - * type : 1 byte - * length : 1 byte - * OUI : 4 bytes - * acl type : 1 byte - * no of mac addr in black list: 1 byte - * list of mac_acl_entries: variable, 6 bytes per mac - * address + sizeof(int) for vlan id - */ - if ((pIe != NULL) && (pIe[1] != 0)) { - pConfig->SapMacaddr_acl = pIe[6]; - pConfig->num_deny_mac = pIe[7]; - hdd_debug("acl type = %d no deny mac = %d", pIe[6], pIe[7]); - if (pConfig->num_deny_mac > MAX_ACL_MAC_ADDRESS) - pConfig->num_deny_mac = MAX_ACL_MAC_ADDRESS; - acl_entry = (struct qc_mac_acl_entry *)(pIe + 8); - for (i = 0; i < pConfig->num_deny_mac; i++) { - qdf_mem_copy(&pConfig->deny_mac[i], acl_entry->addr, - sizeof(qcmacaddr)); - acl_entry++; - } - } - pIe = wlan_hdd_get_vendor_oui_ie_ptr(WHITELIST_OUI_TYPE, - WPA_OUI_TYPE_SIZE, pBeacon->tail, - pBeacon->tail_len); - - /* pIe for white list is following form: - * type : 1 byte - * length : 1 byte - * OUI : 4 bytes - * acl type : 1 byte - * no of mac addr in white list: 1 byte - * list of mac_acl_entries: variable, 6 bytes per mac - * address + sizeof(int) for vlan id - */ - if ((pIe != NULL) && (pIe[1] != 0)) { - pConfig->SapMacaddr_acl = pIe[6]; - pConfig->num_accept_mac = pIe[7]; - hdd_debug("acl type = %d no accept mac = %d", - pIe[6], pIe[7]); - if (pConfig->num_accept_mac > MAX_ACL_MAC_ADDRESS) - pConfig->num_accept_mac = MAX_ACL_MAC_ADDRESS; - acl_entry = (struct qc_mac_acl_entry *)(pIe + 8); - for (i = 0; i < pConfig->num_accept_mac; i++) { - qdf_mem_copy(&pConfig->accept_mac[i], acl_entry->addr, - sizeof(qcmacaddr)); - acl_entry++; - } - } if (!pHddCtx->config->force_sap_acs && !(ssid && qdf_str_len(PRE_CAC_SSID) == ssid_len && (0 == qdf_mem_cmp(ssid, PRE_CAC_SSID, ssid_len)))) { @@ -8673,6 +8644,10 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter, pHostapdState->bCommit = true; if (sme_config) qdf_mem_free(sme_config); + + /* Enable Roaming after start bss */ + wlan_hdd_enable_roaming(pHostapdAdapter); + EXIT(); return 0; @@ -8694,9 +8669,14 @@ error: pHostapdAdapter->sessionCtx.ap.sapConfig.acs_cfg.ch_list = NULL; } +enable_roaming: + /* Enable Roaming after start bss in case of failure */ + wlan_hdd_enable_roaming(pHostapdAdapter); + ret_status: if (disable_fw_tdls_state) wlan_hdd_check_conc_and_update_tdls_state(pHddCtx, false); + return ret; } diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c index c81b06968bdd..0550f25d322c 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ioctl.c @@ -89,6 +89,16 @@ */ #define NUM_OF_STA_DATA_TO_PRINT 16 +#ifdef WLAN_FEATURE_EXTWOW_SUPPORT +/** + * struct enable_ext_wow_priv - Private data structure for ext wow + * @ext_wow_should_suspend: Suspend status of ext wow + */ +struct enable_ext_wow_priv { + bool ext_wow_should_suspend; +}; +#endif + /* * Android DRIVER command structures */ @@ -1888,16 +1898,28 @@ static QDF_STATUS hdd_parse_plm_cmd(uint8_t *pValue, tSirPlmReq *pPlmRequest) #endif #ifdef WLAN_FEATURE_EXTWOW_SUPPORT -static void wlan_hdd_ready_to_extwow(void *callbackContext, bool is_success) +/** + * wlan_hdd_ready_to_extwow() - Callback function for enable ext wow + * @cookie: callback context + * @is_success: suspend status of ext wow + * + * Return: none + */ +static void wlan_hdd_ready_to_extwow(void *cookie, bool is_success) { - hdd_context_t *hdd_ctx = (hdd_context_t *) callbackContext; - int rc; + struct hdd_request *request = NULL; + struct enable_ext_wow_priv *priv = NULL; - rc = wlan_hdd_validate_context(hdd_ctx); - if (rc) + request = hdd_request_get(cookie); + if (!request) { + hdd_err("Obselete request"); return; - hdd_ctx->ext_wow_should_suspend = is_success; - complete(&hdd_ctx->ready_to_extwow); + } + priv = hdd_request_priv(request); + priv->ext_wow_should_suspend = is_success; + + hdd_request_complete(request); + hdd_request_put(request); } static int hdd_enable_ext_wow(hdd_adapter_t *adapter, @@ -1907,31 +1929,46 @@ static int hdd_enable_ext_wow(hdd_adapter_t *adapter, QDF_STATUS qdf_ret_status; hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(adapter); tHalHandle hHal = WLAN_HDD_GET_HAL_CTX(adapter); - int rc; + int rc = 0; + struct enable_ext_wow_priv *priv = NULL; + struct hdd_request *request = NULL; + void *cookie = NULL; + struct hdd_request_params hdd_params = { + .priv_size = sizeof(*priv), + .timeout_ms = WLAN_WAIT_TIME_READY_TO_EXTWOW, + }; qdf_mem_copy(¶ms, arg_params, sizeof(params)); - INIT_COMPLETION(hdd_ctx->ready_to_extwow); + request = hdd_request_alloc(&hdd_params); + if (!request) { + hdd_err("Request Allocation Failure"); + return -ENOMEM; + } + cookie = hdd_request_cookie(request); qdf_ret_status = sme_configure_ext_wow(hHal, ¶ms, - &wlan_hdd_ready_to_extwow, - hdd_ctx); + &wlan_hdd_ready_to_extwow, + cookie); if (QDF_STATUS_SUCCESS != qdf_ret_status) { hdd_err("sme_configure_ext_wow returned failure %d", - qdf_ret_status); - return -EPERM; + qdf_ret_status); + rc = -EPERM; + goto exit; } - rc = wait_for_completion_timeout(&hdd_ctx->ready_to_extwow, - msecs_to_jiffies(WLAN_WAIT_TIME_READY_TO_EXTWOW)); - if (!rc) { + rc = hdd_request_wait_for_response(request); + if (rc) { hdd_err("Failed to get ready to extwow"); - return -EPERM; + rc = -EPERM; + goto exit; } - if (!hdd_ctx->ext_wow_should_suspend) { + priv = hdd_request_priv(request); + if (!priv->ext_wow_should_suspend) { hdd_err("Received ready to ExtWoW failure"); - return -EPERM; + rc = -EPERM; + goto exit; } if (hdd_ctx->config->extWowGotoSuspend) { @@ -1943,8 +1980,8 @@ static int hdd_enable_ext_wow(hdd_adapter_t *adapter, rc = wlan_hdd_cfg80211_suspend_wlan(hdd_ctx->wiphy, NULL); if (rc < 0) { hdd_err("wlan_hdd_cfg80211_suspend_wlan failed, error = %d", - rc); - return rc; + rc); + goto exit; } rc = wlan_hdd_bus_suspend(state); @@ -1952,11 +1989,12 @@ static int hdd_enable_ext_wow(hdd_adapter_t *adapter, hdd_err("wlan_hdd_bus_suspend failed, status = %d", rc); wlan_hdd_cfg80211_resume_wlan(hdd_ctx->wiphy); - return rc; + goto exit; } } - - return 0; +exit: + hdd_request_put(request); + return rc; } static int hdd_enable_ext_wow_parser(hdd_adapter_t *adapter, int vdev_id, @@ -6472,6 +6510,35 @@ QDF_STATUS hdd_update_smps_antenna_mode(hdd_context_t *hdd_ctx, int mode) } /** + * wlan_hdd_soc_set_antenna_mode_cb() - Callback for set dual + * mac scan config + * @status: Status of set antenna mode + * @context: callback context + * + * Callback on setting the dual mac configuration + * + * Return: None + */ +static void +wlan_hdd_soc_set_antenna_mode_cb(enum set_antenna_mode_status status, + void *context) +{ + struct hdd_request *request = NULL; + + hdd_debug("Status: %d", status); + + request = hdd_request_get(context); + if (!request) { + hdd_err("obsolete request"); + return; + } + + /* Signal the completion of set dual mac config */ + hdd_request_complete(request); + hdd_request_put(request); +} + +/** * drv_cmd_set_antenna_mode() - SET ANTENNA MODE driver command * handler * @adapter: Pointer to network adapter @@ -6491,6 +6558,11 @@ static int drv_cmd_set_antenna_mode(hdd_adapter_t *adapter, int ret = 0; int mode; uint8_t *value = command; + struct hdd_request *request = NULL; + static const struct hdd_request_params request_params = { + .priv_size = 0, + .timeout_ms = WLAN_WAIT_TIME_ANTENNA_MODE_REQ, + }; if (((1 << QDF_STA_MODE) != hdd_ctx->concurrency_mode) || (hdd_ctx->no_of_active_sessions[QDF_STA_MODE] > 1)) { @@ -6552,36 +6624,40 @@ static int drv_cmd_set_antenna_mode(hdd_adapter_t *adapter, goto exit; } - params.set_antenna_mode_resp = - (void *)wlan_hdd_soc_set_antenna_mode_cb; + request = hdd_request_alloc(&request_params); + if (!request) { + hdd_err("Request Allocation Failure"); + ret = -ENOMEM; + goto exit; + } + + params.set_antenna_mode_ctx = hdd_request_cookie(request); + params.set_antenna_mode_resp = wlan_hdd_soc_set_antenna_mode_cb; hdd_debug("Set antenna mode rx chains: %d tx chains: %d", params.num_rx_chains, params.num_tx_chains); - - INIT_COMPLETION(hdd_ctx->set_antenna_mode_cmpl); status = sme_soc_set_antenna_mode(hdd_ctx->hHal, ¶ms); if (QDF_STATUS_SUCCESS != status) { hdd_err("set antenna mode failed status : %d", status); ret = -EFAULT; - goto exit; + goto request_put; } - ret = wait_for_completion_timeout( - &hdd_ctx->set_antenna_mode_cmpl, - msecs_to_jiffies(WLAN_WAIT_TIME_ANTENNA_MODE_REQ)); - if (!ret) { - ret = -EFAULT; + ret = hdd_request_wait_for_response(request); + if (ret) { hdd_err("send set antenna mode timed out"); - goto exit; + goto request_put; } status = hdd_update_smps_antenna_mode(hdd_ctx, mode); if (QDF_STATUS_SUCCESS != status) { ret = -EFAULT; - goto exit; + goto request_put; } ret = 0; +request_put: + hdd_request_put(request); exit: #ifdef FEATURE_WLAN_TDLS /* Reset tdls NSS flags */ diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ipa.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ipa.c index 73279fdfe3e0..5e8e1164942e 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ipa.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ipa.c @@ -3502,9 +3502,10 @@ static int __hdd_ipa_uc_ssr_deinit(void) for (idx = 0; (hdd_ipa->num_iface > 0) && (idx < HDD_IPA_MAX_IFACE); idx++) { iface_context = &hdd_ipa->iface_context[idx]; - if (iface_context->adapter && iface_context->adapter->magic == - WLAN_HDD_ADAPTER_MAGIC) + if (iface_context->adapter && + hdd_is_adapter_valid(hdd_ctx, iface_context->adapter)) { hdd_ipa_cleanup_iface(iface_context); + } } hdd_ipa->num_iface = 0; /* After SSR, wlan driver reloads FW again. But we need to protect diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_main.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_main.c index fc7d4b04297c..555993abd0a4 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_main.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_main.c @@ -4068,6 +4068,7 @@ static void hdd_wait_for_sme_close_sesion(hdd_context_t *hdd_ctx, hdd_err("failure waiting for session_close_comp_var"); if (adapter->device_mode == QDF_NDI_MODE) hdd_ndp_session_end_handler(adapter); + sme_print_commands(hdd_ctx->hHal); clear_bit(SME_SESSION_OPENED, &adapter->event_flags); } adapter->sessionId = HDD_SESSION_ID_INVALID; @@ -5291,6 +5292,35 @@ hdd_adapter_t *hdd_get_adapter(hdd_context_t *hdd_ctx, } /** + * hdd_is_adapter_valid() - Check if adapter is valid + * @hdd_ctx: hdd context + * @adapter: pointer to adapter + * + * Return: true if adapter address is valid or false otherwise + */ +bool hdd_is_adapter_valid(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter) +{ + hdd_adapter_list_node_t *adapter_node = NULL, *p_next = NULL; + hdd_adapter_t *p_adapter; + QDF_STATUS status; + + status = hdd_get_front_adapter(hdd_ctx, &adapter_node); + + while (NULL != adapter_node && QDF_STATUS_SUCCESS == status) { + p_adapter = adapter_node->pAdapter; + + if (p_adapter && (p_adapter == adapter)) + return true; + + status = hdd_get_next_adapter(hdd_ctx, adapter_node, &p_next); + adapter_node = p_next; + } + + return false; + +} + +/** * hdd_get_operating_channel() - return operating channel of the device mode * @hdd_ctx: Pointer to the HDD context. * @mode: Device mode for which operating channel is required. @@ -5681,6 +5711,7 @@ static int hdd_roc_context_init(hdd_context_t *hdd_ctx) { qdf_spinlock_create(&hdd_ctx->hdd_roc_req_q_lock); qdf_list_create(&hdd_ctx->hdd_roc_req_q, MAX_ROC_REQ_QUEUE_ENTRY); + qdf_idr_create(&hdd_ctx->p2p_idr); INIT_DELAYED_WORK(&hdd_ctx->roc_req_work, wlan_hdd_roc_request_dequeue); @@ -5733,6 +5764,7 @@ static void hdd_destroy_roc_req_q(hdd_context_t *hdd_ctx) static void hdd_roc_context_destroy(hdd_context_t *hdd_ctx) { flush_delayed_work(&hdd_ctx->roc_req_work); + qdf_idr_destroy(&hdd_ctx->p2p_idr); hdd_destroy_roc_req_q(hdd_ctx); qdf_spinlock_destroy(&hdd_ctx->hdd_roc_req_q_lock); } @@ -7533,6 +7565,8 @@ void hdd_indicate_mgmt_frame(tSirSmeMgmtFrameInd *frame_ind) hdd_adapter_t *adapter = NULL; void *cds_context = NULL; int i; + struct ieee80211_mgmt *mgmt = + (struct ieee80211_mgmt *)frame_ind->frameBuf; /* Get the global VOSS context.*/ cds_context = cds_get_global_context(); @@ -7546,6 +7580,11 @@ void hdd_indicate_mgmt_frame(tSirSmeMgmtFrameInd *frame_ind) if (0 != wlan_hdd_validate_context(hdd_ctx)) return; + if (frame_ind->frame_len < ieee80211_hdrlen(mgmt->frame_control)) { + hdd_err(" Invalid frame length"); + return; + } + if (SME_SESSION_ID_ANY == frame_ind->sessionId) { for (i = 0; i < CSR_ROAM_SESSION_MAX; i++) { adapter = @@ -7727,10 +7766,6 @@ static int hdd_context_init(hdd_context_t *hdd_ctx) hdd_ctx->ioctl_scan_mode = eSIR_ACTIVE_SCAN; hdd_ctx->max_intf_count = CSR_ROAM_SESSION_MAX; - hdd_init_ll_stats_ctx(); - hdd_init_nud_stats_ctx(hdd_ctx); - - init_completion(&hdd_ctx->chain_rssi_context.response_event); init_completion(&hdd_ctx->mc_sus_event_var); init_completion(&hdd_ctx->ready_to_suspend); @@ -7742,8 +7777,6 @@ static int hdd_context_init(hdd_context_t *hdd_ctx) qdf_list_create(&hdd_ctx->hddAdapters, MAX_NUMBER_OF_ADAPTERS); - init_completion(&hdd_ctx->set_antenna_mode_cmpl); - ret = hdd_scan_context_init(hdd_ctx); if (ret) goto list_destroy; @@ -10137,23 +10170,12 @@ void hdd_wlan_update_target_info(hdd_context_t *hdd_ctx, void *context) hdd_ctx->target_type = tgt_info->target_type; } -/** - * hdd_get_nud_stats_cb() - callback api to update the stats - * received from the firmware - * @data: pointer to adapter. - * @rsp: pointer to data received from FW. - * - * This is called when wlan driver received response event for - * get arp stats to firmware. - * - * Return: None - */ -static void hdd_get_nud_stats_cb(void *data, struct rsp_stats *rsp) +void hdd_get_nud_stats_cb(void *data, struct rsp_stats *rsp, void *context) { hdd_context_t *hdd_ctx = (hdd_context_t *)data; - struct hdd_nud_stats_context *context; int status; hdd_adapter_t *adapter = NULL; + struct hdd_request *request = NULL; ENTER(); @@ -10163,12 +10185,19 @@ static void hdd_get_nud_stats_cb(void *data, struct rsp_stats *rsp) } status = wlan_hdd_validate_context(hdd_ctx); - if (0 != status) + if (status != 0) return; + request = hdd_request_get(context); + if (!request) { + hdd_err("obselete request"); + return; + } + adapter = hdd_get_adapter_by_vdev(hdd_ctx, rsp->vdev_id); if ((NULL == adapter) || (WLAN_HDD_ADAPTER_MAGIC != adapter->magic)) { hdd_err("Invalid adapter or adapter has invalid magic"); + hdd_request_put(request); return; } @@ -10196,10 +10225,8 @@ static void hdd_get_nud_stats_cb(void *data, struct rsp_stats *rsp) rsp->icmpv4_rsp_recvd; } - spin_lock(&hdd_context_lock); - context = &hdd_ctx->nud_stats_context; - complete(&context->response_event); - spin_unlock(&hdd_context_lock); + hdd_request_complete(request); + hdd_request_put(request); EXIT(); } @@ -10248,9 +10275,6 @@ int hdd_register_cb(hdd_context_t *hdd_ctx) sme_set_rssi_threshold_breached_cb(hdd_ctx->hHal, hdd_rssi_threshold_breached); - sme_set_nud_debug_stats_cb(hdd_ctx->hHal, - hdd_get_nud_stats_cb); - status = sme_bpf_offload_register_callback(hdd_ctx->hHal, hdd_get_bpf_offload_cb); if (!QDF_IS_STATUS_SUCCESS(status)) { @@ -10286,9 +10310,6 @@ int hdd_register_cb(hdd_context_t *hdd_ctx) if (!QDF_IS_STATUS_SUCCESS(status)) hdd_err("set bt activity info callback failed"); - sme_chain_rssi_register_callback(hdd_ctx->hHal, - wlan_hdd_cfg80211_chainrssi_callback); - status = sme_congestion_register_callback(hdd_ctx->hHal, hdd_update_cca_info_cb); if (!QDF_IS_STATUS_SUCCESS(status)) @@ -10433,105 +10454,93 @@ QDF_STATUS hdd_issta_p2p_clientconnected(hdd_context_t *hdd_ctx) /** * wlan_hdd_disable_roaming() - disable roaming on all STAs except the input one - * @adapter: HDD adapter pointer - * - * This function loop through each adapter and disable roaming on each STA - * device mode except the input adapter. + * @cur_adapter: Current HDD adapter passed from caller * - * Note: On the input adapter roaming is not enabled yet hence no need to - * disable. + * This function loops through all adapters and disables roaming on each STA + * mode adapter except the current adapter passed from the caller * * Return: None */ -void wlan_hdd_disable_roaming(hdd_adapter_t *adapter) +void wlan_hdd_disable_roaming(hdd_adapter_t *cur_adapter) { - hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(adapter); - hdd_adapter_t *adapterIdx = NULL; - hdd_adapter_list_node_t *adapterNode = NULL; - hdd_adapter_list_node_t *pNext = NULL; + hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(cur_adapter); + hdd_adapter_t *adapter = NULL; + hdd_adapter_list_node_t *adapter_node = NULL; + hdd_adapter_list_node_t *next = NULL; QDF_STATUS status; + hdd_wext_state_t *wext_state; + hdd_station_ctx_t *sta_ctx; + tCsrRoamProfile *roam_profile; - if (hdd_ctx->config->isFastRoamIniFeatureEnabled && - hdd_ctx->config->isRoamOffloadScanEnabled && - QDF_STA_MODE == adapter->device_mode && - cds_is_sta_active_connection_exists()) { - hdd_debug("Connect received on STA sessionId(%d)", - adapter->sessionId); - /* - * Loop through adapter and disable roaming for each STA device - * mode except the input adapter. - */ - status = hdd_get_front_adapter(hdd_ctx, &adapterNode); - - while (NULL != adapterNode && QDF_STATUS_SUCCESS == status) { - adapterIdx = adapterNode->pAdapter; - - if (QDF_STA_MODE == adapterIdx->device_mode - && adapter->sessionId != adapterIdx->sessionId) { - hdd_debug("Disable Roaming on sessionId(%d)", - adapterIdx->sessionId); - sme_stop_roaming(WLAN_HDD_GET_HAL_CTX - (adapterIdx), - adapterIdx->sessionId, 0); - } + if (!cds_is_sta_active_connection_exists()) { + hdd_debug("No active sta session"); + return; + } - status = hdd_get_next_adapter(hdd_ctx, - adapterNode, - &pNext); - adapterNode = pNext; + status = hdd_get_front_adapter(hdd_ctx, &adapter_node); + while (QDF_IS_STATUS_SUCCESS(status) && adapter_node) { + adapter = adapter_node->pAdapter; + wext_state = WLAN_HDD_GET_WEXT_STATE_PTR(adapter); + sta_ctx = WLAN_HDD_GET_STATION_CTX_PTR(adapter); + roam_profile = &wext_state->roamProfile; + + if (cur_adapter->sessionId != adapter->sessionId && + adapter->device_mode == QDF_STA_MODE && + hdd_conn_is_connected(sta_ctx)) { + hdd_debug("%d Disable roaming", + adapter->sessionId); + sme_stop_roaming(WLAN_HDD_GET_HAL_CTX(adapter), + adapter->sessionId, + eCsrDriverDisabled); } + status = hdd_get_next_adapter(hdd_ctx, adapter_node, &next); + adapter_node = next; } } /** * wlan_hdd_enable_roaming() - enable roaming on all STAs except the input one - * @adapter: HDD adapter pointer + * @cur_adapter: Current HDD adapter passed from caller * - * This function loop through each adapter and enable roaming on each STA - * device mode except the input adapter. - * Note: On the input adapter no need to enable roaming because link got - * disconnected on this. + * This function loops through all adapters and enables roaming on each STA + * mode adapter except the current adapter passed from the caller * * Return: None */ -void wlan_hdd_enable_roaming(hdd_adapter_t *adapter) +void wlan_hdd_enable_roaming(hdd_adapter_t *cur_adapter) { - hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(adapter); - hdd_adapter_t *adapterIdx = NULL; - hdd_adapter_list_node_t *adapterNode = NULL; - hdd_adapter_list_node_t *pNext = NULL; + hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(cur_adapter); + hdd_adapter_t *adapter = NULL; + hdd_adapter_list_node_t *adapter_node = NULL; + hdd_adapter_list_node_t *next = NULL; QDF_STATUS status; + hdd_wext_state_t *wext_state; + hdd_station_ctx_t *sta_ctx; + tCsrRoamProfile *roam_profile; - if (hdd_ctx->config->isFastRoamIniFeatureEnabled && - hdd_ctx->config->isRoamOffloadScanEnabled && - QDF_STA_MODE == adapter->device_mode && - cds_is_sta_active_connection_exists()) { - hdd_debug("Disconnect received on STA sessionId(%d)", - adapter->sessionId); - /* - * Loop through adapter and enable roaming for each STA device - * mode except the input adapter. - */ - status = hdd_get_front_adapter(hdd_ctx, &adapterNode); - - while (NULL != adapterNode && QDF_STATUS_SUCCESS == status) { - adapterIdx = adapterNode->pAdapter; - - if (QDF_STA_MODE == adapterIdx->device_mode - && adapter->sessionId != adapterIdx->sessionId) { - hdd_debug("Enabling Roaming on sessionId(%d)", - adapterIdx->sessionId); - sme_start_roaming(WLAN_HDD_GET_HAL_CTX - (adapterIdx), - adapterIdx->sessionId, - REASON_CONNECT); - } + if (!cds_is_sta_active_connection_exists()) { + hdd_debug("No active sta session"); + return; + } - status = hdd_get_next_adapter(hdd_ctx, - adapterNode, - &pNext); - adapterNode = pNext; + status = hdd_get_front_adapter(hdd_ctx, &adapter_node); + while (QDF_IS_STATUS_SUCCESS(status) && adapter_node) { + adapter = adapter_node->pAdapter; + wext_state = WLAN_HDD_GET_WEXT_STATE_PTR(adapter); + sta_ctx = WLAN_HDD_GET_STATION_CTX_PTR(adapter); + roam_profile = &wext_state->roamProfile; + + if (cur_adapter->sessionId != adapter->sessionId && + adapter->device_mode == QDF_STA_MODE && + hdd_conn_is_connected(sta_ctx)) { + hdd_debug("%d Enable roaming", + adapter->sessionId); + sme_start_roaming(WLAN_HDD_GET_HAL_CTX(adapter), + adapter->sessionId, + REASON_DRIVER_ENABLED); } + status = hdd_get_next_adapter(hdd_ctx, adapter_node, &next); + adapter_node = next; } } @@ -11076,30 +11085,6 @@ end: } /** - * wlan_hdd_soc_set_antenna_mode_cb() - Callback for set dual - * mac scan config - * @status: Status of set antenna mode - * - * Callback on setting the dual mac configuration - * - * Return: None - */ -void wlan_hdd_soc_set_antenna_mode_cb( - enum set_antenna_mode_status status) -{ - hdd_context_t *hdd_ctx; - - hdd_debug("Status: %d", status); - - hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD); - if (0 != wlan_hdd_validate_context(hdd_ctx)) - return; - - /* Signal the completion of set dual mac config */ - complete(&hdd_ctx->set_antenna_mode_cmpl); -} - -/** * hdd_get_fw_version() - Get FW version * @hdd_ctx: pointer to HDD context. * @major_spid: FW version - major spid. @@ -12081,25 +12066,22 @@ void hdd_set_roaming_in_progress(bool value) /** * hdd_is_roaming_in_progress() - check if roaming is in progress - * @adapter - HDD adapter + * @hdd_ctx - Global HDD context + * + * Checks if roaming is in progress on any of the adapters * - * Return: true if roaming is in progress for STA type, else false + * Return: true if roaming is in progress else false */ -bool hdd_is_roaming_in_progress(hdd_adapter_t *adapter) +bool hdd_is_roaming_in_progress(hdd_context_t *hdd_ctx) { - hdd_context_t *hdd_ctx; - bool ret_status = false; - - hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD); if (!hdd_ctx) { hdd_err("HDD context is NULL"); - return ret_status; + return false; } - hdd_debug("dev mode = %d, roaming_in_progress = %d", - adapter->device_mode, hdd_ctx->roaming_in_progress); - ret_status = ((adapter->device_mode == QDF_STA_MODE) && - hdd_ctx->roaming_in_progress); - return ret_status; + + hdd_debug("roaming_in_progress = %d", hdd_ctx->roaming_in_progress); + + return hdd_ctx->roaming_in_progress; } hdd_adapter_t *hdd_get_adapter_by_rand_macaddr(hdd_context_t *hdd_ctx, diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ocb.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ocb.c index a7cd7c0c1962..79e5a9bad5ad 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ocb.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_ocb.c @@ -1322,6 +1322,7 @@ static void hdd_ocb_get_tsf_timer_callback(void *context_ptr, return; } + priv = hdd_request_priv(hdd_request); if (response) { priv->response = *response; priv->status = 0; diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_p2p.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_p2p.c index 1c5dc402965e..22c01e2fe955 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_p2p.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_p2p.c @@ -730,8 +730,7 @@ QDF_STATUS wlan_hdd_remain_on_channel_callback(tHalHandle hHal, void *pCtx, cfg80211_remain_on_channel_expired( pRemainChanCtx->dev-> ieee80211_ptr, - pRemainChanCtx-> - cookie, + (u64)pRemainChanCtx->id, &pRemainChanCtx->chan, GFP_KERNEL); pAdapter->last_roc_ts = @@ -772,6 +771,7 @@ QDF_STATUS wlan_hdd_remain_on_channel_callback(tHalHandle hHal, void *pCtx, pRemainChanCtx->action_pkt_buff.frame_ptr = NULL; pRemainChanCtx->action_pkt_buff.frame_length = 0; } + qdf_idr_remove(&hdd_ctx->p2p_idr, pRemainChanCtx->id); } qdf_mem_free(pRemainChanCtx); mutex_unlock(&cfgState->remain_on_chan_ctx_lock); @@ -1291,13 +1291,13 @@ static void wlan_hdd_indicate_roc_drop(hdd_adapter_t *adapter, hdd_debug("indicate roc drop to userspace"); cfg80211_ready_on_channel( adapter->dev->ieee80211_ptr, - (uintptr_t)ctx, + (u64)ctx->id, &ctx->chan, ctx->duration, GFP_KERNEL); cfg80211_remain_on_channel_expired( ctx->dev->ieee80211_ptr, - ctx->cookie, + (u64)ctx->id, &ctx->chan, GFP_KERNEL); } @@ -1367,6 +1367,7 @@ static int wlan_hdd_request_remain_on_channel(struct wiphy *wiphy, hdd_adapter_t *sta_adapter; int ret; int status = 0; + int roc_id; hdd_debug("Device_mode %s(%d)", hdd_device_mode_to_string(pAdapter->device_mode), @@ -1389,12 +1390,18 @@ static int wlan_hdd_request_remain_on_channel(struct wiphy *wiphy, return -ENOMEM; } + if (QDF_STATUS_SUCCESS != qdf_idr_alloc(&pHddCtx->p2p_idr, + pRemainChanCtx, &roc_id)) { + hdd_err("alloc id fail"); + qdf_mem_free(pRemainChanCtx); + return -EFAULT; + } qdf_mem_copy(&pRemainChanCtx->chan, chan, sizeof(struct ieee80211_channel)); pRemainChanCtx->duration = duration; pRemainChanCtx->dev = dev; - *cookie = (uintptr_t) pRemainChanCtx; - pRemainChanCtx->cookie = *cookie; + *cookie = (u64)roc_id; + pRemainChanCtx->id = roc_id; pRemainChanCtx->rem_on_chan_request = request_type; pRemainChanCtx->action_pkt_buff.freq = 0; pRemainChanCtx->action_pkt_buff.frame_ptr = NULL; @@ -1562,8 +1569,7 @@ void hdd_remain_chan_ready_handler(hdd_adapter_t *pAdapter, cfg80211_ready_on_channel( pAdapter->dev-> ieee80211_ptr, - (uintptr_t) - pRemainChanCtx, + (u64)pRemainChanCtx->id, &pRemainChanCtx->chan, pRemainChanCtx-> duration, GFP_KERNEL); @@ -1617,6 +1623,7 @@ __wlan_hdd_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy, hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev); hdd_cfg80211_state_t *cfgState = WLAN_HDD_GET_CFG_STATE_PTR(pAdapter); hdd_remain_on_chan_ctx_t *pRemainChanCtx; + hdd_remain_on_chan_ctx_t *cur_ctx; hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter); int status; int qdf_status; @@ -1641,10 +1648,17 @@ __wlan_hdd_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy, if (0 != status) return status; + + if (QDF_STATUS_SUCCESS != qdf_idr_find(&pHddCtx->p2p_idr, + (int32_t)cookie, (void **)&cur_ctx)) { + hdd_debug("failed to find cookie, 0x%llx", cookie); + return -EFAULT; + } + qdf_spin_lock(&pHddCtx->hdd_roc_req_q_lock); list_for_each_safe(tmp, q, &pHddCtx->hdd_roc_req_q.anchor) { curr_roc_req = list_entry(tmp, hdd_roc_req_t, node); - if ((uintptr_t) curr_roc_req->pRemainChanCtx == cookie) { + if (curr_roc_req->pRemainChanCtx == cur_ctx) { qdf_status = qdf_list_remove_node(&pHddCtx->hdd_roc_req_q, (qdf_list_node_t *) curr_roc_req); @@ -1664,15 +1678,15 @@ __wlan_hdd_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy, pRemainChanCtx = cfgState->remain_on_chan_ctx; if (pRemainChanCtx) { - hdd_debug("action_cookie = %08llx, roc cookie = %08llx, cookie = %08llx", - cfgState->action_cookie, pRemainChanCtx->cookie, + hdd_debug("action_id = %x, roc id = %x, cookie = %08llx", + cfgState->action_id, pRemainChanCtx->id, cookie); - if (pRemainChanCtx->cookie == cookie) { + if (pRemainChanCtx->id == (int32_t)cookie) { /* request to cancel on-going roc */ if (cfgState->buf) { /* Tx frame pending */ - if (cfgState->action_cookie != cookie) { + if (cfgState->action_id != (int32_t)cookie) { hdd_debug("Cookie matched with RoC cookie but not with tx cookie, indicate expired event for roc"); /* RoC was extended to accomodate the tx frame */ if (REMAIN_ON_CHANNEL_REQUEST == @@ -1681,21 +1695,21 @@ __wlan_hdd_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy, cfg80211_remain_on_channel_expired( pRemainChanCtx->dev-> ieee80211_ptr, - pRemainChanCtx->cookie, + (u64)pRemainChanCtx->id, &pRemainChanCtx->chan, GFP_KERNEL); } pRemainChanCtx->rem_on_chan_request = OFF_CHANNEL_ACTION_TX; - pRemainChanCtx->cookie = - cfgState->action_cookie; + pRemainChanCtx->id = + cfgState->action_id; mutex_unlock(&cfgState-> remain_on_chan_ctx_lock); return 0; } } - } else if (cfgState->buf && cfgState->action_cookie == - cookie) { + } else if (cfgState->buf && cfgState->action_id == + (int32_t)cookie) { mutex_unlock(&cfgState->remain_on_chan_ctx_lock); hdd_debug("Cookie not matched with RoC cookie but matched with tx cookie, cleanup action frame"); /*free the buf and return 0*/ @@ -1829,6 +1843,7 @@ static int __wlan_hdd_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev, uint8_t home_ch = 0; bool enb_random_mac = false; uint32_t mgmt_hdr_len = sizeof(struct ieee80211_hdr_3addr); + int32_t mgmt_id; ENTER(); @@ -2168,12 +2183,19 @@ send_frame: mutex_lock(&cfgState->remain_on_chan_ctx_lock); if (cfgState->remain_on_chan_ctx) { - cfgState->action_cookie = - cfgState->remain_on_chan_ctx->cookie; - *cookie = cfgState->action_cookie; + cfgState->action_id = + cfgState->remain_on_chan_ctx->id; + *cookie = cfgState->action_id; } else { - *cookie = (uintptr_t) cfgState->buf; - cfgState->action_cookie = *cookie; + if (QDF_STATUS_SUCCESS != qdf_idr_alloc( + &pHddCtx->p2p_idr, + cfgState->buf, &mgmt_id)) { + hdd_err("alloc id fail"); + goto err; + } + + *cookie = (u64)mgmt_id; + cfgState->action_id = mgmt_id; } mutex_unlock(&cfgState->remain_on_chan_ctx_lock); @@ -2266,10 +2288,16 @@ err: } return 0; err_rem_channel: - *cookie = (uintptr_t) cfgState; + if (QDF_STATUS_SUCCESS != qdf_idr_alloc(&pHddCtx->p2p_idr, + cfgState, &mgmt_id)) + mgmt_id = 0; + + *cookie = (u64)mgmt_id; cfg80211_mgmt_tx_status( pAdapter->dev->ieee80211_ptr, *cookie, buf, len, false, GFP_KERNEL); + qdf_idr_remove(&pHddCtx->p2p_idr, mgmt_id); + EXIT(); return 0; } @@ -2352,11 +2380,14 @@ int wlan_hdd_cfg80211_mgmt_tx_cancel_wait(struct wiphy *wiphy, void hdd_send_action_cnf(hdd_adapter_t *pAdapter, bool actionSendSuccess) { hdd_cfg80211_state_t *cfgState = WLAN_HDD_GET_CFG_STATE_PTR(pAdapter); + hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(pAdapter); cfgState->actionFrmState = HDD_IDLE; - if (NULL == cfgState->buf) + if (NULL == cfgState->buf) { + qdf_idr_remove(&hdd_ctx->p2p_idr, cfgState->action_id); return; + } if (cfgState->is_go_neg_ack_received) { @@ -2369,6 +2400,7 @@ void hdd_send_action_cnf(hdd_adapter_t *pAdapter, bool actionSendSuccess) */ hdd_debug("Drop the pending ack received in cfgState->actionFrmState %d", cfgState->actionFrmState); + qdf_idr_remove(&hdd_ctx->p2p_idr, cfgState->action_id); return; } @@ -2382,10 +2414,11 @@ void hdd_send_action_cnf(hdd_adapter_t *pAdapter, bool actionSendSuccess) */ cfg80211_mgmt_tx_status( pAdapter->dev->ieee80211_ptr, - cfgState->action_cookie, + (u64)cfgState->action_id, cfgState->buf, cfgState->len, actionSendSuccess, GFP_KERNEL); + qdf_idr_remove(&hdd_ctx->p2p_idr, cfgState->action_id); qdf_mem_free(cfgState->buf); cfgState->buf = NULL; diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_scan.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_scan.c index 8bf9f8689eeb..ad9eca70a9f9 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_scan.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_scan.c @@ -94,6 +94,10 @@ struct nla_policy scan_policy[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1] = { [QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE] = {.type = NLA_U64}, [QCA_WLAN_VENDOR_ATTR_SCAN_IE] = {.type = NLA_BINARY, .len = MAX_DEFAULT_SCAN_IE_LEN}, + [QCA_WLAN_VENDOR_ATTR_SCAN_MAC] = {.type = NLA_UNSPEC, + .len = QDF_MAC_ADDR_SIZE}, + [QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK] = {.type = NLA_UNSPEC, + .len = QDF_MAC_ADDR_SIZE}, }; /** diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_spectral.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_spectral.c index f679588ae437..2c2921d98de8 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_spectral.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_spectral.c @@ -115,7 +115,10 @@ static int __wlan_hdd_cfg80211_spectral_scan_start(struct wiphy *wiphy, return -EPERM; } adapter = WLAN_HDD_GET_PRIV_PTR(dev); - + if (wlan_hdd_validate_session_id(adapter->sessionId)) { + hdd_err("invalid session id: %d", adapter->sessionId); + return -EINVAL; + } /* initialize config parameters*/ config_req = hdd_ctx->ss_config; diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.c index 5372c2fe3b34..d625a332d441 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.c @@ -130,7 +130,6 @@ static int rssi_mcs_tbl[][10] = { #ifdef WLAN_FEATURE_LINK_LAYER_STATS -static struct hdd_ll_stats_context ll_stats_context; /** * put_wifi_rate_stat() - put wifi rate stats @@ -1033,20 +1032,22 @@ static void hdd_ll_process_peer_stats(hdd_adapter_t *adapter, * @ctx: Pointer to hdd context * @indType: Indication type * @pRsp: Pointer to response + * @cookie: Callback context * * After receiving Link Layer indications from FW.This callback converts the * firmware data to the NL data and send the same to the kernel/upper layers. * * Return: None */ -void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, - int indType, void *pRsp) +void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, int indType, + void *pRsp, void *cookie) { hdd_context_t *pHddCtx = (hdd_context_t *) ctx; - struct hdd_ll_stats_context *context; + struct hdd_ll_stats_priv *priv = NULL; hdd_adapter_t *pAdapter = NULL; tpSirLLStatsResults linkLayerStatsResults = (tpSirLLStatsResults) pRsp; int status; + struct hdd_request *request = NULL; status = wlan_hdd_validate_context(pHddCtx); if (status) @@ -1055,7 +1056,7 @@ void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, pAdapter = hdd_get_adapter_by_vdev(pHddCtx, linkLayerStatsResults->ifaceId); - if (NULL == pAdapter) { + if (!pAdapter) { hdd_err("vdev_id %d does not exist with host", linkLayerStatsResults->ifaceId); return; @@ -1074,18 +1075,23 @@ void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, linkLayerStatsResults->num_radio, linkLayerStatsResults->results); - context = &ll_stats_context; - spin_lock(&context->context_lock); + request = hdd_request_get(cookie); + if (!request) { + hdd_err("Obselete request"); + return; + } + + priv = hdd_request_priv(request); + /* validate response received from target */ - if ((context->request_id != linkLayerStatsResults->rspId) || - !(context->request_bitmap & linkLayerStatsResults->paramId)) { - spin_unlock(&context->context_lock); + if ((priv->request_id != linkLayerStatsResults->rspId) || + !(priv->request_bitmap & linkLayerStatsResults->paramId)) { hdd_err("Error : Request id %d response id %d request bitmap 0x%x response bitmap 0x%x", - context->request_id, linkLayerStatsResults->rspId, - context->request_bitmap, linkLayerStatsResults->paramId); + priv->request_id, linkLayerStatsResults->rspId, + priv->request_bitmap, linkLayerStatsResults->paramId); + hdd_request_put(request); return; } - spin_unlock(&context->context_lock); if (linkLayerStatsResults->paramId & WMI_LINK_STATS_RADIO) { hdd_ll_process_radio_stats(pAdapter, @@ -1094,10 +1100,8 @@ void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, linkLayerStatsResults->num_radio, linkLayerStatsResults->rspId); - spin_lock(&context->context_lock); if (!linkLayerStatsResults->moreResultToFollow) - context->request_bitmap &= ~(WMI_LINK_STATS_RADIO); - spin_unlock(&context->context_lock); + priv->request_bitmap &= ~(WMI_LINK_STATS_RADIO); } else if (linkLayerStatsResults->paramId & WMI_LINK_STATS_IFACE) { @@ -1106,17 +1110,15 @@ void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, linkLayerStatsResults->num_peers, linkLayerStatsResults->rspId); - spin_lock(&context->context_lock); /* Firmware doesn't send peerstats event if no peers are * connected. HDD should not wait for any peerstats in * this case and return the status to middleware after * receiving iface stats */ if (!linkLayerStatsResults->num_peers) - context->request_bitmap &= + priv->request_bitmap &= ~(WMI_LINK_STATS_ALL_PEER); - context->request_bitmap &= ~(WMI_LINK_STATS_IFACE); - spin_unlock(&context->context_lock); + priv->request_bitmap &= ~(WMI_LINK_STATS_IFACE); } else if (linkLayerStatsResults-> paramId & WMI_LINK_STATS_ALL_PEER) { @@ -1125,21 +1127,19 @@ void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, linkLayerStatsResults->results, linkLayerStatsResults->rspId); - spin_lock(&context->context_lock); if (!linkLayerStatsResults->moreResultToFollow) - context->request_bitmap &= ~(WMI_LINK_STATS_ALL_PEER); - spin_unlock(&context->context_lock); + priv->request_bitmap &= + ~(WMI_LINK_STATS_ALL_PEER); } else { hdd_err("INVALID LL_STATS_NOTIFY RESPONSE"); } - spin_lock(&context->context_lock); /* complete response event if all requests are completed */ - if (0 == context->request_bitmap) - complete(&context->response_event); - spin_unlock(&context->context_lock); + if (!priv->request_bitmap) + hdd_request_complete(request); + hdd_request_put(request); break; } default: @@ -1304,34 +1304,59 @@ nla_policy [QCA_WLAN_VENDOR_ATTR_LL_STATS_GET_CONFIG_REQ_MASK] = {.type = NLA_U32} }; +/** + * wlan_hdd_send_ll_stats_req() - send LL stats request + * @hdd_ctx: pointer to hdd context + * @req: pointer to LL stats get request + * + * Return: 0 if success, non-zero if failure + */ static int wlan_hdd_send_ll_stats_req(hdd_context_t *hdd_ctx, tSirLLStatsGetReq *req) { - unsigned long rc; - struct hdd_ll_stats_context *context; + int ret = 0; + struct hdd_ll_stats_priv *priv = NULL; + struct hdd_request *request = NULL; + void *cookie = NULL; + static const struct hdd_request_params params = { + .priv_size = sizeof(*priv), + .timeout_ms = WLAN_WAIT_TIME_LL_STATS, + }; + + ENTER(); + + request = hdd_request_alloc(¶ms); + if (!request) { + hdd_err("Request Allocation Failure"); + return -ENOMEM; + } - context = &ll_stats_context; - spin_lock(&context->context_lock); - context->request_id = req->reqId; - context->request_bitmap = req->paramIdMask; - INIT_COMPLETION(context->response_event); - spin_unlock(&context->context_lock); + cookie = hdd_request_cookie(request); + + priv = hdd_request_priv(request); + + priv->request_id = req->reqId; + priv->request_bitmap = req->paramIdMask; if (QDF_STATUS_SUCCESS != - sme_ll_stats_get_req(hdd_ctx->hHal, req)) { + sme_ll_stats_get_req(hdd_ctx->hHal, req, cookie)) { hdd_err("sme_ll_stats_get_req Failed"); - return -EINVAL; + ret = -EINVAL; + goto exit; } - rc = wait_for_completion_timeout(&context->response_event, - msecs_to_jiffies(WLAN_WAIT_TIME_LL_STATS)); - if (!rc) { + ret = hdd_request_wait_for_response(request); + if (ret) { hdd_err("Target response timed out request id %d request bitmap 0x%x", - context->request_id, context->request_bitmap); - return -ETIMEDOUT; + priv->request_id, priv->request_bitmap); + ret = -ETIMEDOUT; + goto exit; } + EXIT(); - return 0; +exit: + hdd_request_put(request); + return ret; } int wlan_hdd_ll_stats_get(hdd_adapter_t *adapter, uint32_t req_id, @@ -4094,18 +4119,17 @@ static int __wlan_hdd_cfg80211_get_station(struct wiphy *wiphy, wlan_hdd_get_station_stats(pAdapter); - if (pAdapter->hdd_stats.summary_stat.rssi) - pAdapter->rssi = pAdapter->hdd_stats.summary_stat.rssi; + pAdapter->rssi = pAdapter->hdd_stats.summary_stat.rssi; + snr = pAdapter->hdd_stats.summary_stat.snr; /* for new connection there might be no valid previous RSSI */ if (!pAdapter->rssi) { hdd_get_rssi_snr_by_bssid(pAdapter, pHddStaCtx->conn_info.bssId.bytes, - &pAdapter->rssi, NULL); + &pAdapter->rssi, &snr); } sinfo->signal = pAdapter->rssi; - snr = pAdapter->hdd_stats.summary_stat.snr; hdd_debug("snr: %d, rssi: %d", pAdapter->hdd_stats.summary_stat.snr, pAdapter->hdd_stats.summary_stat.rssi); @@ -4834,17 +4858,6 @@ int wlan_hdd_cfg80211_dump_survey(struct wiphy *wiphy, return ret; } -/** - * hdd_init_ll_stats_ctx() - initialize link layer stats context - * - * Return: none - */ -inline void hdd_init_ll_stats_ctx(void) -{ - spin_lock_init(&ll_stats_context.context_lock); - init_completion(&ll_stats_context.response_event); - ll_stats_context.request_bitmap = 0; -} /** * hdd_display_hif_stats() - display hif stats diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.h b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.h index 06ede453e39c..cb030553d144 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.h +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_stats.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -83,17 +83,14 @@ struct index_data_rate_type { #ifdef WLAN_FEATURE_LINK_LAYER_STATS /** - * struct hdd_ll_stats_context - hdd link layer stats context + * struct hdd_ll_stats_priv - hdd link layer stats private * * @request_id: userspace-assigned link layer stats request id * @request_bitmap: userspace-assigned link layer stats request bitmap - * @response_event: LL stats request wait event */ -struct hdd_ll_stats_context { +struct hdd_ll_stats_priv { uint32_t request_id; uint32_t request_bitmap; - struct completion response_event; - spinlock_t context_lock; }; /* @@ -286,8 +283,8 @@ void wlan_hdd_cfg80211_stats_ext_callback(void *ctx, void wlan_hdd_cfg80211_stats_ext2_callback(void *ctx, struct stats_ext2_event *pmsg); -void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, - int indType, void *pRsp); +void wlan_hdd_cfg80211_link_layer_stats_callback(void *ctx, int indType, + void *pRsp, void *context); /** * wlan_hdd_get_rcpi() - Wrapper to get current RCPI diff --git a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_wext.c b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_wext.c index 653b6af5803f..75348567c229 100644 --- a/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_wext.c +++ b/drivers/staging/qcacld-3.0/core/hdd/src/wlan_hdd_wext.c @@ -4818,7 +4818,8 @@ static int __iw_set_bitrate(struct net_device *dev, hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev); hdd_wext_state_t *pWextState; hdd_station_ctx_t *pHddStaCtx = WLAN_HDD_GET_STATION_CTX_PTR(pAdapter); - uint8_t supp_rates[WNI_CFG_SUPPORTED_RATES_11A_LEN]; + uint8_t supp_rates[WNI_CFG_SUPPORTED_RATES_11A_LEN + + WNI_CFG_SUPPORTED_RATES_11B_LEN]; uint32_t a_len = WNI_CFG_SUPPORTED_RATES_11A_LEN; uint32_t b_len = WNI_CFG_SUPPORTED_RATES_11B_LEN; uint32_t i, rate; @@ -4854,7 +4855,8 @@ static int __iw_set_bitrate(struct net_device *dev, &a_len) == QDF_STATUS_SUCCESS) && (sme_cfg_get_str(WLAN_HDD_GET_HAL_CTX(pAdapter), - WNI_CFG_SUPPORTED_RATES_11B, supp_rates, + WNI_CFG_SUPPORTED_RATES_11B, + supp_rates + a_len, &b_len) == QDF_STATUS_SUCCESS)) { for (i = 0; i < (b_len + a_len); ++i) { /* supported rates returned is double @@ -5779,9 +5781,8 @@ static void hdd_get_class_a_statistics_cb(void *stats, void *context) tCsrGlobalClassAStatsInfo *returned_stats; ENTER(); - if ((NULL == stats) || (NULL == context)) { - hdd_err("Bad param, stats [%p] context [%p]", - stats, context); + if (NULL == stats) { + hdd_err("Bad param, stats"); return; } @@ -10172,6 +10173,13 @@ static int iw_get_policy_manager_ut_ops(hdd_context_t *hdd_ctx, case WE_POLICY_MANAGER_CLIST_CMD: { hdd_debug("<iwpriv wlan0 pm_clist> is called"); + if ((apps_args[0] < 0) || (apps_args[1] < 0) || + (apps_args[2] < 0) || (apps_args[3] < 0) || + (apps_args[4] < 0) || (apps_args[5] < 0) || + (apps_args[6] < 0) || (apps_args[7] < 0)) { + hdd_err("Invalid input params recieved for the IOCTL"); + return 0; + } cds_incr_connection_count_utfw(apps_args[0], apps_args[1], apps_args[2], apps_args[3], apps_args[4], apps_args[5], apps_args[6], @@ -10182,6 +10190,11 @@ static int iw_get_policy_manager_ut_ops(hdd_context_t *hdd_ctx, case WE_POLICY_MANAGER_DLIST_CMD: { hdd_debug("<iwpriv wlan0 pm_dlist> is called"); + if ((apps_args[0] < 0) || (apps_args[1] < 0)) { + hdd_err("Invalid input params recieved for the IOCTL"); + return 0; + } + cds_decr_connection_count_utfw(apps_args[0], apps_args[1]); } @@ -10190,6 +10203,13 @@ static int iw_get_policy_manager_ut_ops(hdd_context_t *hdd_ctx, case WE_POLICY_MANAGER_ULIST_CMD: { hdd_debug("<iwpriv wlan0 pm_ulist> is called"); + if ((apps_args[0] < 0) || (apps_args[1] < 0) || + (apps_args[2] < 0) || (apps_args[3] < 0) || + (apps_args[4] < 0) || (apps_args[5] < 0) || + (apps_args[6] < 0) || (apps_args[7] < 0)) { + hdd_err("Invalid input params recieved for the IOCTL"); + return 0; + } cds_update_connection_info_utfw(apps_args[0], apps_args[1], apps_args[2], apps_args[3], apps_args[4], apps_args[5], apps_args[6], @@ -10200,6 +10220,11 @@ static int iw_get_policy_manager_ut_ops(hdd_context_t *hdd_ctx, case WE_POLICY_MANAGER_DBS_CMD: { hdd_debug("<iwpriv wlan0 pm_dbs> is called"); + if (apps_args[0] < 0) { + hdd_err("Invalid input param recieved for the IOCTL"); + return 0; + } + if (apps_args[0] == 0) wma_set_dbs_capability_ut(0); else @@ -10221,6 +10246,10 @@ static int iw_get_policy_manager_ut_ops(hdd_context_t *hdd_ctx, hdd_debug("<iwpriv wlan0 pm_pcl> is called"); + if (apps_args[0] < 0) { + hdd_err("Invalid input param recieved for the IOCTL"); + return 0; + } cds_get_pcl(apps_args[0], pcl, &pcl_len, weight_list, QDF_ARRAY_SIZE(weight_list)); @@ -10264,6 +10293,11 @@ static int iw_get_policy_manager_ut_ops(hdd_context_t *hdd_ctx, QDF_STATUS status; hdd_debug("<iwpriv wlan0 pm_query_action> is called"); + if (apps_args[0] < 0) { + hdd_err("Invalid input params recieved for the IOCTL"); + return 0; + } + status = cds_current_connections_update(adapter->sessionId, apps_args[0], SIR_UPDATE_REASON_UT); @@ -10276,6 +10310,11 @@ static int iw_get_policy_manager_ut_ops(hdd_context_t *hdd_ctx, bool allow; hdd_debug("<iwpriv wlan0 pm_query_allow> is called"); + if ((apps_args[0] < 0) || (apps_args[1] < 0) || + (apps_args[2] < 0)) { + hdd_err("Invalid input params recieved for the IOCTL"); + return 0; + } allow = cds_allow_concurrency( apps_args[0], apps_args[1], apps_args[2]); pr_info("allow %d {0 = don't allow, 1 = allow}", allow); diff --git a/drivers/staging/qcacld-3.0/core/mac/inc/ani_global.h b/drivers/staging/qcacld-3.0/core/mac/inc/ani_global.h index 76c7ca1eb992..e41f9f390695 100644 --- a/drivers/staging/qcacld-3.0/core/mac/inc/ani_global.h +++ b/drivers/staging/qcacld-3.0/core/mac/inc/ani_global.h @@ -839,6 +839,8 @@ typedef struct sAniSirLim { uint32_t scan_id, uint32_t flags); QDF_STATUS(*sme_msg_callback) (tHalHandle hal, cds_msg_t *msg); + QDF_STATUS(*stop_roaming_callback) + (tHalHandle hal, uint8_t session_id, uint8_t reason); uint8_t retry_packet_cnt; uint8_t scan_disabled; uint8_t beacon_probe_rsp_cnt_per_scan; @@ -987,6 +989,10 @@ typedef struct sAniSirGlobal { void *readyToExtWoWContext; #endif uint32_t f_sta_miracast_mcc_rest_time_val; + uint32_t sta_scan_burst_duration; + uint32_t p2p_scan_burst_duration; + uint32_t go_scan_burst_duration; + uint32_t ap_scan_burst_duration; uint8_t f_prefer_non_dfs_on_radar; hdd_ftm_msg_processor ftm_msg_processor_callback; uint32_t fine_time_meas_cap; diff --git a/drivers/staging/qcacld-3.0/core/mac/inc/sir_api.h b/drivers/staging/qcacld-3.0/core/mac/inc/sir_api.h index 117d1ce22656..827876bc69a2 100644 --- a/drivers/staging/qcacld-3.0/core/mac/inc/sir_api.h +++ b/drivers/staging/qcacld-3.0/core/mac/inc/sir_api.h @@ -493,6 +493,7 @@ typedef struct sSirSmeReadyReq { void *csr_roam_synch_cb; void *pe_roam_synch_cb; void *sme_msg_cb; + void *stop_roaming_cb; } tSirSmeReadyReq, *tpSirSmeReadyReq; /** @@ -546,16 +547,35 @@ struct sir_set_dual_mac_cfg { }; /** + * enum set_antenna_mode_status - Status of set antenna mode + * command + * @SET_ANTENNA_MODE_STATUS_OK: command successful + * @SET_ANTENNA_MODE_STATUS_EINVAL: invalid antenna mode + * @SET_ANTENNA_MODE_STATUS_ECANCELED: mode change cancelled + * @SET_ANTENNA_MODE_STATUS_ENOTSUP: mode not supported + */ +enum set_antenna_mode_status { + SET_ANTENNA_MODE_STATUS_OK, + SET_ANTENNA_MODE_STATUS_EINVAL, + SET_ANTENNA_MODE_STATUS_ECANCELED, + SET_ANTENNA_MODE_STATUS_ENOTSUP, +}; + +typedef void (*antenna_mode_cb)(enum set_antenna_mode_status status, + void *context); + +/** * struct sir_antenna_mode_param - antenna mode param * @num_tx_chains: Number of TX chains * @num_rx_chains: Number of RX chains - * @reason: Reason for setting antenna mode * @set_antenna_mode_resp: callback to set antenna mode command + * @set_antenna_mode_ctx: callback context to set antenna mode command */ struct sir_antenna_mode_param { uint32_t num_tx_chains; uint32_t num_rx_chains; - void *set_antenna_mode_resp; + antenna_mode_cb set_antenna_mode_resp; + void *set_antenna_mode_ctx; }; /** @@ -1308,6 +1328,7 @@ typedef struct sSirSmeJoinReq { bool ignore_assoc_disallowed; bool enable_bcast_probe_rsp; bool force_24ghz_in_ht20; + bool force_rsne_override; tSirBssDescription bssDescription; /* * WARNING: Pls make bssDescription as last variable in struct @@ -1722,6 +1743,7 @@ typedef struct sSirSmeDisassocInd { typedef struct sSirSmeDisassocCnf { uint16_t messageType; /* eWNI_SME_DISASSOC_CNF */ uint16_t length; + uint8_t sme_session_id; tSirResultCodes statusCode; struct qdf_mac_addr bssid; struct qdf_mac_addr peer_macaddr; @@ -3907,21 +3929,6 @@ struct sir_dual_mac_config_resp { }; /** - * enum set_antenna_mode_status - Status of set antenna mode - * command - * @SET_ANTENNA_MODE_STATUS_OK: command successful - * @SET_ANTENNA_MODE_STATUS_EINVAL: invalid antenna mode - * @SET_ANTENNA_MODE_STATUS_ECANCELED: mode change cancelled - * @SET_ANTENNA_MODE_STATUS_ENOTSUP: mode not supported - */ -enum set_antenna_mode_status { - SET_ANTENNA_MODE_STATUS_OK, - SET_ANTENNA_MODE_STATUS_EINVAL, - SET_ANTENNA_MODE_STATUS_ECANCELED, - SET_ANTENNA_MODE_STATUS_ENOTSUP, -}; - -/** * struct sir_antenna_mode_resp - set antenna mode response * @status: Status of setting the antenna mode */ @@ -6688,7 +6695,6 @@ typedef void (*hw_mode_transition_cb)(uint32_t old_hw_mode_index, struct sir_vdev_mac_map *vdev_mac_map); typedef void (*dual_mac_cb)(uint32_t status, uint32_t scan_config, uint32_t fw_mode_config); -typedef void (*antenna_mode_cb)(uint32_t status); /** * struct sir_nss_update_request diff --git a/drivers/staging/qcacld-3.0/core/mac/inc/sir_mac_prot_def.h b/drivers/staging/qcacld-3.0/core/mac/inc/sir_mac_prot_def.h index bacef2c0dd91..a2189869299e 100644 --- a/drivers/staging/qcacld-3.0/core/mac/inc/sir_mac_prot_def.h +++ b/drivers/staging/qcacld-3.0/core/mac/inc/sir_mac_prot_def.h @@ -998,10 +998,10 @@ struct merged_mac_rate_set { uint8_t num_rates; uint8_t rate[2 * SIR_MAC_RATESET_EID_MAX]; }; - +/* Reserve 1 byte for NULL character in the SSID name field to print in %s */ typedef struct sSirMacSSid { uint8_t length; - uint8_t ssId[SIR_MAC_MAX_SSID_LENGTH]; + uint8_t ssId[SIR_MAC_MAX_SSID_LENGTH + 1]; } qdf_packed tSirMacSSid; typedef struct sSirMacWpaInfo { diff --git a/drivers/staging/qcacld-3.0/core/mac/src/cfg/cfgUtil/dot11f.frms b/drivers/staging/qcacld-3.0/core/mac/src/cfg/cfgUtil/dot11f.frms index 7e14a8285133..4fc22efc0620 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/cfg/cfgUtil/dot11f.frms +++ b/drivers/staging/qcacld-3.0/core/mac/src/cfg/cfgUtil/dot11f.frms @@ -1386,7 +1386,7 @@ IE RSN (EID_RSN) // 7.3.2.25 // The version is 2 octets, and we only support version 1. version, 2 MUSTBE 1; // The next four octets will be the Group Cipher Suite - gp_cipher_suite[4]; + OPTIONAL gp_cipher_suite[4]; // The IE *may* stop here; if there's any more, we should see two more // octets giving the number of Pairwise Cipher Suites OPTIONAL pwise_cipher_suite_count, 2; @@ -1395,10 +1395,10 @@ IE RSN (EID_RSN) // 7.3.2.25 // to 61. However, that seems needlessly wasteful of space. pwise_cipher_suites[4][0..6] COUNTIS pwise_cipher_suite_count; // Optional count of AKM suite selectors - OPTIONAL akm_suite_count, 2; + OPTIONAL akm_suite_cnt, 2; // Again, I see nothing in the Standard explicitly limiting the number of // AKM suite selectors other than the maximum size of an IE. - akm_suites[4][0..6] COUNTIS akm_suite_count; + akm_suite[4][0..6] COUNTIS akm_suite_cnt; OPTIONAL RSN_Cap[2]; // Finally, the IE may contain zero or more PMKIDs: OPTIONAL pmkid_count, 2; @@ -1408,7 +1408,7 @@ IE RSN (EID_RSN) // 7.3.2.25 IE RSNOpaque (EID_RSN) // 7.3.2.25 { - data[ 6..253 ]; + data[ 0..253 ]; } IE WAPI (EID_WAPI) // 7.3.2.25 diff --git a/drivers/staging/qcacld-3.0/core/mac/src/include/dot11f.h b/drivers/staging/qcacld-3.0/core/mac/src/include/dot11f.h index 9b5192db27fc..5317c4ef9648 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/include/dot11f.h +++ b/drivers/staging/qcacld-3.0/core/mac/src/include/dot11f.h @@ -1,9 +1,6 @@ /* * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. * - * Previously licensed under the ISC license by Qualcomm Atheros, Inc. - * - * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all @@ -19,12 +16,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* - * This file was originally distributed by Qualcomm Atheros, Inc. - * under proprietary terms before Copyright ownership was assigned - * to the Linux Foundation. - */ - #ifndef DOT11F_H #define DOT11F_H /* @@ -35,7 +26,7 @@ * * * This file was automatically generated by 'framesc' - * Mon Aug 6 14:48:18 2018 from the following file(s): + * Tue Sep 4 16:59:43 2018 from the following file(s): * * dot11f.frms * @@ -6606,8 +6597,9 @@ typedef struct sDot11fIERSN { uint8_t gp_cipher_suite[4]; uint16_t pwise_cipher_suite_count; uint8_t pwise_cipher_suites[6][4]; - uint16_t akm_suite_count; - uint8_t akm_suites[6][4]; + uint16_t akm_suite_cnt; + uint8_t akm_suite[6][4]; + uint8_t RSN_Cap_present; uint8_t RSN_Cap[2]; uint16_t pmkid_count; uint8_t pmkid[4][16]; @@ -6618,7 +6610,7 @@ typedef struct sDot11fIERSN { #define DOT11F_EID_RSN (48) /* N.B. These #defines do *not* include the EID & length */ -#define DOT11F_IE_RSN_MIN_LEN (6) +#define DOT11F_IE_RSN_MIN_LEN (2) #define DOT11F_IE_RSN_MAX_LEN (130) @@ -6697,7 +6689,7 @@ typedef struct sDot11fIERSNOpaque { #define DOT11F_EID_RSNOPAQUE (48) /* N.B. These #defines do *not* include the EID & length */ -#define DOT11F_IE_RSNOPAQUE_MIN_LEN (6) +#define DOT11F_IE_RSNOPAQUE_MIN_LEN (0) #define DOT11F_IE_RSNOPAQUE_MAX_LEN (253) diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_action_frame.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_action_frame.c index aed9b6698751..76df52fe414f 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_action_frame.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_action_frame.c @@ -57,6 +57,7 @@ #include "cds_concurrency.h" #include "wma_types.h" #include "wma.h" +#include "dot11f.h" #define BA_DEFAULT_TX_BUFFER_SIZE 64 @@ -1444,6 +1445,7 @@ static void __lim_process_sa_query_request_action_frame(tpAniSirGlobal pMac, { tpSirMacMgmtHdr pHdr; uint8_t *pBody; + uint32_t frame_len; uint8_t transId[2]; /* Prima --- Below Macro not available in prima @@ -1452,7 +1454,12 @@ static void __lim_process_sa_query_request_action_frame(tpAniSirGlobal pMac, pHdr = WMA_GET_RX_MAC_HEADER(pRxPacketInfo); pBody = WMA_GET_RX_MPDU_DATA(pRxPacketInfo); + frame_len = WMA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); + if (frame_len < sizeof(struct sDot11fSaQueryReq)) { + pe_err("Invalid frame length"); + return; + } /* If this is an unprotected SA Query Request, then ignore it. */ if (pHdr->fc.wep == 0) return; @@ -1504,7 +1511,7 @@ static void __lim_process_sa_query_response_action_frame(tpAniSirGlobal pMac, tpPESession psessionEntry) { tpSirMacMgmtHdr pHdr; - uint32_t frameLen; + uint32_t frame_len; uint8_t *pBody; tpDphHashNode pSta; uint16_t aid; @@ -1512,16 +1519,22 @@ static void __lim_process_sa_query_response_action_frame(tpAniSirGlobal pMac, uint8_t retryNum; pHdr = WMA_GET_RX_MAC_HEADER(pRxPacketInfo); - frameLen = WMA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); + frame_len = WMA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); pBody = WMA_GET_RX_MPDU_DATA(pRxPacketInfo); pe_debug("SA Query Response received"); + if (frame_len < sizeof(struct sDot11fSaQueryRsp)) { + pe_err("Invalid frame length"); + return; + } /* When a station, supplicant handles SA Query Response. * Forward to SME to HDD to wpa_supplicant. */ if (LIM_IS_STA_ROLE(psessionEntry)) { - lim_send_sme_mgmt_frame_ind(pMac, pHdr->fc.subType, (uint8_t *) pHdr, - frameLen + sizeof(tSirMacMgmtHdr), 0, + lim_send_sme_mgmt_frame_ind(pMac, pHdr->fc.subType, + (uint8_t *)pHdr, + frame_len + sizeof(tSirMacMgmtHdr), + 0, WMA_GET_RX_CH(pRxPacketInfo), psessionEntry, WMA_GET_RX_RSSI_NORMALIZED( diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_assoc_req_frame.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_assoc_req_frame.c index ab2d20fa4a49..22410721b48e 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_assoc_req_frame.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_assoc_req_frame.c @@ -727,6 +727,152 @@ static void lim_print_ht_cap(tpAniSirGlobal mac_ctx, tpPESession session, } /** + * lim_check_wpa_rsn_ie() - wpa and rsn ie related checks + * @session: pointer to pe session entry + * @mac_ctx: pointer to Global MAC structure + * @sub_type: Assoc(=0) or Reassoc(=1) Requestframe + * @hdr: pointer to the MAC head + * @assoc_req: pointer to ASSOC/REASSOC Request frame + * @pmf_connection: flag indicating pmf connection + * + * This function checks if wpa/rsn IE is present and validates + * ie version, length and mismatch. + * + * Return: true if no error, false otherwise + */ +static bool lim_check_wpa_rsn_ie(tpPESession session, tpAniSirGlobal mac_ctx, + uint8_t sub_type, tpSirMacMgmtHdr hdr, + tpSirAssocReq assoc_req, bool *pmf_connection) +{ + uint32_t ret; + tDot11fIEWPA dot11f_ie_wpa = {0}; + tDot11fIERSN dot11f_ie_rsn = {0}; + tSirRetStatus status = eSIR_SUCCESS; + + /* + * Clear the buffers so that frame parser knows that there isn't a + * previously decoded IE in these buffers + */ + qdf_mem_set((uint8_t *)&dot11f_ie_rsn, sizeof(dot11f_ie_rsn), 0); + qdf_mem_set((uint8_t *)&dot11f_ie_wpa, sizeof(dot11f_ie_wpa), 0); + + pe_err("RSN enabled auth, Re/Assoc req from STA: " + MAC_ADDRESS_STR, MAC_ADDR_ARRAY(hdr->sa)); + + if (assoc_req->rsnPresent) { + if (!assoc_req->rsn.length) { + pe_warn("Re/Assoc rejected from: " + MAC_ADDRESS_STR, + MAC_ADDR_ARRAY(hdr->sa)); + /* + * rcvd Assoc req frame with RSN IE but length is 0 + */ + lim_send_assoc_rsp_mgmt_frame(mac_ctx, + eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS, + 1, hdr->sa, sub_type, 0, session); + return false; + } + + /* Unpack the RSN IE */ + ret = dot11f_unpack_ie_rsn(mac_ctx, &assoc_req->rsn.info[0], + assoc_req->rsn.length, + &dot11f_ie_rsn, false); + if (!DOT11F_SUCCEEDED(ret)) { + pe_err("Invalid RSN ie"); + lim_send_assoc_rsp_mgmt_frame( + mac_ctx, + eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS, + 1, hdr->sa, sub_type, 0, session); + return false; + } + + /* Check RSN version is supported */ + if (SIR_MAC_OUI_VERSION_1 == dot11f_ie_rsn.version) { + /* + * check the groupwise and + * pairwise cipher suites + */ + status = lim_check_rx_rsn_ie_match(mac_ctx, + dot11f_ie_rsn, session, + assoc_req->HTCaps.present, + pmf_connection); + if (eSIR_SUCCESS != status) { + pe_warn("Re/Assoc rejected from: " + MAC_ADDRESS_STR, + MAC_ADDR_ARRAY(hdr->sa)); + /* + * some IE is not properly sent + * received Association frame with RSN IE but + * length is 0 + */ + lim_send_assoc_rsp_mgmt_frame(mac_ctx, status, + 1, hdr->sa, + sub_type, 0, + session); + return false; + } + } else { + pe_warn("Re/Assoc rejected from: " + MAC_ADDRESS_STR, + MAC_ADDR_ARRAY(hdr->sa)); + /* + * rcvd Assoc req frame with RSN + * IE version wrong + */ + lim_send_assoc_rsp_mgmt_frame( + mac_ctx, + eSIR_MAC_UNSUPPORTED_RSN_IE_VERSION_STATUS, + 1, hdr->sa, sub_type, 0, + session); + return false; + } + } else if (assoc_req->wpaPresent) { + if (!assoc_req->wpa.length) { + pe_warn("Re/Assoc rejected from: " + MAC_ADDRESS_STR, + MAC_ADDR_ARRAY(hdr->sa)); + /* + * rcvd Assoc req frame with invalid WPA IE + */ + lim_send_assoc_rsp_mgmt_frame(mac_ctx, + eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS, + 1, hdr->sa, sub_type, 0, session); + return false; + } + /* Unpack the WPA IE */ + ret = dot11f_unpack_ie_wpa(mac_ctx, &assoc_req->wpa.info[4], + (assoc_req->wpa.length - 4), + &dot11f_ie_wpa, false); + if (!DOT11F_SUCCEEDED(ret)) { + pe_err("Invalid WPA IE"); + lim_send_assoc_rsp_mgmt_frame(mac_ctx, + eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS, + 1, hdr->sa, sub_type, 0, session); + return false; + } + /* + * check the groupwise and pairwise cipher suites + */ + status = lim_check_rx_wpa_ie_match(mac_ctx, dot11f_ie_wpa, + session, + assoc_req->HTCaps.present); + if (eSIR_SUCCESS != status) { + pe_warn("Re/Assoc rejected from: " + MAC_ADDRESS_STR, + MAC_ADDR_ARRAY(hdr->sa)); + /* + * rcvd Assoc req frame with WPA IE but mismatch + */ + lim_send_assoc_rsp_mgmt_frame(mac_ctx, status, 1, + hdr->sa, sub_type, 0, + session); + return false; + } + } + return true; +} + +/** * lim_chk_n_process_wpa_rsn_ie() - wpa ie related checks * @mac_ctx: pointer to Global MAC structure * @hdr: pointer to the MAC head @@ -746,15 +892,6 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, uint8_t sub_type, bool *pmf_connection) { uint8_t *wps_ie = NULL; - tDot11fIEWPA dot11f_ie_wpa; - tDot11fIERSN dot11f_ie_rsn; - tSirRetStatus status = eSIR_SUCCESS; - /* - * Clear the buffers so that frame parser knows that there isn't a - * previously decoded IE in these buffers - */ - qdf_mem_set((uint8_t *) &dot11f_ie_rsn, sizeof(dot11f_ie_rsn), 0); - qdf_mem_set((uint8_t *) &dot11f_ie_wpa, sizeof(dot11f_ie_wpa), 0); /* if additional IE is present, check if it has WscIE */ if (assoc_req->addIEPresent && assoc_req->addIE.length) @@ -765,147 +902,18 @@ static bool lim_chk_n_process_wpa_rsn_ie(tpAniSirGlobal mac_ctx, assoc_req->addIEPresent, assoc_req->addIE.length); /* when wps_ie is present, RSN/WPA IE is ignored */ - if (wps_ie == NULL) { - /* check whether as RSN IE is present */ - if (LIM_IS_AP_ROLE(session) && - session->pLimStartBssReq->privacy && - session->pLimStartBssReq->rsnIE.length) { - pe_err("RSN enabled auth, Re/Assoc req from STA: " - MAC_ADDRESS_STR, - MAC_ADDR_ARRAY(hdr->sa)); - if (assoc_req->rsnPresent) { - if (assoc_req->rsn.length) { - /* Unpack the RSN IE */ - if (dot11f_unpack_ie_rsn(mac_ctx, - &assoc_req->rsn.info[0], - assoc_req->rsn.length, - &dot11f_ie_rsn, false) != - DOT11F_PARSE_SUCCESS) { - pe_err("Invalid RSN ie"); - return false; - } - - /* Check RSN version is supported */ - if (SIR_MAC_OUI_VERSION_1 == - dot11f_ie_rsn.version) { - /* - * check the groupwise and - * pairwise cipher suites - */ - status = - lim_check_rx_rsn_ie_match( - mac_ctx, dot11f_ie_rsn, - session, - assoc_req->HTCaps.present, - pmf_connection); - if (eSIR_SUCCESS != status) { - pe_warn("Re/Assoc rejected from: " MAC_ADDRESS_STR, - MAC_ADDR_ARRAY( - hdr->sa)); - - /* - * some IE is not - * properly sent - * received Association - * req frame with RSN IE - * but length is 0 - */ - lim_send_assoc_rsp_mgmt_frame( - mac_ctx, - status, 1, - hdr->sa, - sub_type, 0, - session); - return false; - } - } else { - pe_warn("Re/Assoc rejected from: " MAC_ADDRESS_STR, - MAC_ADDR_ARRAY( - hdr->sa)); - /* - * rcvd Assoc req frame with RSN - * IE version wrong - */ - lim_send_assoc_rsp_mgmt_frame( - mac_ctx, - eSIR_MAC_UNSUPPORTED_RSN_IE_VERSION_STATUS, - 1, hdr->sa, sub_type, 0, - session); - return false; - } - } else { - pe_warn("Re/Assoc rejected from: " - MAC_ADDRESS_STR, - MAC_ADDR_ARRAY(hdr->sa)); - /* - * rcvd Assoc req frame with RSN IE but - * length is 0 - */ - lim_send_assoc_rsp_mgmt_frame(mac_ctx, - eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS, - 1, hdr->sa, sub_type, 0, - session); - return false; - } - } /* end - if(assoc_req->rsnPresent) */ - if ((!assoc_req->rsnPresent) && assoc_req->wpaPresent) { - /* Unpack the WPA IE */ - if (assoc_req->wpa.length) { - /* OUI is not taken care */ - if (dot11f_unpack_ie_wpa(mac_ctx, - &assoc_req->wpa.info[4], - assoc_req->wpa.length, - &dot11f_ie_wpa, false) != - DOT11F_PARSE_SUCCESS) { - pe_err("Invalid WPA IE"); - return false; - } - /* - * check the groupwise and pairwise - * cipher suites - */ - status = lim_check_rx_wpa_ie_match( - mac_ctx, dot11f_ie_wpa, - session, - assoc_req->HTCaps.present); - if (eSIR_SUCCESS != status) { - pe_warn("Re/Assoc rejected from: " - MAC_ADDRESS_STR, - MAC_ADDR_ARRAY( - hdr->sa)); - /* - * rcvd Assoc req frame with WPA - * IE but mismatch - */ - lim_send_assoc_rsp_mgmt_frame( - mac_ctx, status, 1, - hdr->sa, sub_type, 0, - session); - return false; - } - } else { - pe_warn("Re/Assoc rejected from: " - MAC_ADDRESS_STR, - MAC_ADDR_ARRAY(hdr->sa)); - /* - * rcvd Assoc req frame with invalid WPA - * IE - */ - lim_send_assoc_rsp_mgmt_frame(mac_ctx, - eSIR_MAC_INVALID_INFORMATION_ELEMENT_STATUS, - 1, hdr->sa, sub_type, 0, - session); - return false; - } /* end - if(assoc_req->wpa.length) */ - } /* end - if(assoc_req->wpaPresent) */ - } - /* - * end of if(session->pLimStartBssReq->privacy - * && session->pLimStartBssReq->rsnIE->length) - */ - } /* end of if( ! assoc_req->wscInfo.present ) */ - else { + if (wps_ie) { pe_debug("Assoc req WSE IE is present"); + return true; + } + /* when wps_ie is present, RSN/WPA IE is ignored */ + if (LIM_IS_AP_ROLE(session) && + session->pLimStartBssReq->privacy && + session->pLimStartBssReq->rsnIE.length) { + /* check whether RSN IE is present */ + return lim_check_wpa_rsn_ie(session, mac_ctx, + sub_type, hdr, + assoc_req, pmf_connection); } return true; } diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_auth_frame.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_auth_frame.c index c5cc08c5940f..8d9cb6c3a7b2 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_auth_frame.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_auth_frame.c @@ -106,12 +106,12 @@ static void lim_process_auth_shared_system_algo(tpAniSirGlobal mac_ctx, tpSirMacMgmtHdr mac_hdr, tSirMacAuthFrameBody *rx_auth_frm_body, tSirMacAuthFrameBody *auth_frame, - uint8_t *challenge_txt_arr, tpPESession pe_session) { uint32_t val; - uint8_t cfg_privacy_opt_imp, *challenge; + uint8_t cfg_privacy_opt_imp; struct tLimPreAuthNode *auth_node; + uint8_t challenge_txt_arr[SIR_MAC_SAP_AUTH_CHALLENGE_LENGTH] = {0}; pe_debug("=======> eSIR_SHARED_KEY"); if (LIM_IS_AP_ROLE(pe_session)) @@ -192,19 +192,39 @@ static void lim_process_auth_shared_system_algo(tpAniSirGlobal mac_ctx, lim_delete_pre_auth_node(mac_ctx, mac_hdr->sa); return; } - lim_activate_auth_rsp_timer(mac_ctx, auth_node); - auth_node->fTimerStarted = 1; + /* * get random bytes and use as challenge text. - * If it fails we already have random stack bytes. */ - if (!QDF_IS_STATUS_SUCCESS(cds_rand_get_bytes(0, - (uint8_t *) challenge_txt_arr, - SIR_MAC_SAP_AUTH_CHALLENGE_LENGTH))) + get_random_bytes(challenge_txt_arr, + SIR_MAC_SAP_AUTH_CHALLENGE_LENGTH); + qdf_mem_zero(auth_node->challengeText, + SIR_MAC_SAP_AUTH_CHALLENGE_LENGTH); + if (!qdf_mem_cmp(challenge_txt_arr, + auth_node->challengeText, + SIR_MAC_SAP_AUTH_CHALLENGE_LENGTH)) { pe_err("Challenge text preparation failed"); - challenge = auth_node->challengeText; - qdf_mem_copy(challenge, (uint8_t *)challenge_txt_arr, - sizeof(challenge_txt_arr)); + lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGW); + auth_frame->authAlgoNumber = + rx_auth_frm_body->authAlgoNumber; + auth_frame->authTransactionSeqNumber = + rx_auth_frm_body->authTransactionSeqNumber + 1; + auth_frame->authStatusCode = eSIR_MAC_TRY_AGAIN_LATER; + lim_send_auth_mgmt_frame(mac_ctx, + auth_frame, + mac_hdr->sa, + LIM_NO_WEP_IN_FC, + pe_session); + lim_delete_pre_auth_node(mac_ctx, mac_hdr->sa); + return; + } + + lim_activate_auth_rsp_timer(mac_ctx, auth_node); + auth_node->fTimerStarted = 1; + + qdf_mem_copy(auth_node->challengeText, + challenge_txt_arr, + sizeof(challenge_txt_arr)); /* * Sending Authenticaton frame with challenge. */ @@ -273,7 +293,6 @@ static void lim_process_auth_frame_type1(tpAniSirGlobal mac_ctx, { tpDphHashNode sta_ds_ptr = NULL; struct tLimPreAuthNode *auth_node; - uint8_t challenge_txt_arr[SIR_MAC_SAP_AUTH_CHALLENGE_LENGTH]; uint32_t maxnum_preauth; uint16_t associd = 0; @@ -459,8 +478,7 @@ static void lim_process_auth_frame_type1(tpAniSirGlobal mac_ctx, case eSIR_SHARED_KEY: lim_process_auth_shared_system_algo(mac_ctx, mac_hdr, - rx_auth_frm_body, auth_frame, - challenge_txt_arr, pe_session); + rx_auth_frm_body, auth_frame, pe_session); break; default: pe_err("rx Auth frm for unsupported auth algo %d " diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_deauth_frame.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_deauth_frame.c index 721b1adcabb9..b20c16a2745c 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_deauth_frame.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_deauth_frame.c @@ -87,6 +87,11 @@ lim_process_deauth_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo, pBody = WMA_GET_RX_MPDU_DATA(pRxPacketInfo); frame_rssi = (int32_t)WMA_GET_RX_RSSI_NORMALIZED(pRxPacketInfo); + frameLen = WMA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); + if (frameLen < sizeof(reasonCode)) { + pe_err("Deauth Frame length invalid %d", frameLen); + return ; + } if (LIM_IS_STA_ROLE(psessionEntry) && ((eLIM_SME_WT_DISASSOC_STATE == psessionEntry->limSmeState) || @@ -138,7 +143,6 @@ lim_process_deauth_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo, /* If the frame received is unprotected, forward it to the supplicant to initiate */ /* an SA query */ - frameLen = WMA_GET_RX_PAYLOAD_LEN(pRxPacketInfo); /* send the unprotected frame indication to SME */ lim_send_sme_unprotected_mgmt_frame_ind(pMac, pHdr->fc.subType, diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_mlm_req_messages.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_mlm_req_messages.c index 0a6f2452d450..bcb076a245ef 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_mlm_req_messages.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_mlm_req_messages.c @@ -520,7 +520,7 @@ lim_mlm_add_bss(tpAniSirGlobal mac_ctx, addbss_param->rateSet.numRates = SIR_MAC_RATESET_EID_MAX; } qdf_mem_copy(addbss_param->rateSet.rate, mlm_start_req->rateSet.rate, - mlm_start_req->rateSet.numRates); + addbss_param->rateSet.numRates); addbss_param->nwType = mlm_start_req->nwType; addbss_param->htCapable = mlm_start_req->htCapable; diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_sme_req_messages.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_sme_req_messages.c index 3e31e035909c..9dd33f8250f6 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_sme_req_messages.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_process_sme_req_messages.c @@ -548,6 +548,7 @@ static bool __lim_process_sme_sys_ready_ind(tpAniSirGlobal pMac, uint32_t *pMsgB pe_register_callbacks_with_wma(pMac, ready_req); pMac->lim.add_bssdescr_callback = ready_req->add_bssdescr_cb; pMac->lim.sme_msg_callback = ready_req->sme_msg_cb; + pMac->lim.stop_roaming_callback = ready_req->stop_roaming_cb; } pe_debug("sending WMA_SYS_READY_IND msg to HAL"); MTRACE(mac_trace_msg_tx(pMac, NO_SESSION, msg.type)); @@ -2554,6 +2555,8 @@ static void __lim_process_sme_disassoc_cnf(tpAniSirGlobal pMac, uint32_t *pMsgBu tpDphHashNode pStaDs; tpPESession psessionEntry; uint8_t sessionId; + uint32_t *msg = NULL; + QDF_STATUS status; qdf_mem_copy(&smeDisassocCnf, pMsgBuf, sizeof(struct sSirSmeDisassocCnf)); @@ -2563,11 +2566,27 @@ static void __lim_process_sme_disassoc_cnf(tpAniSirGlobal pMac, uint32_t *pMsgBu &sessionId); if (psessionEntry == NULL) { pe_err("session does not exist for given bssId"); + status = lim_prepare_disconnect_done_ind(pMac, &msg, + smeDisassocCnf.sme_session_id, + eSIR_SME_INVALID_SESSION, + NULL); + if (QDF_IS_STATUS_SUCCESS(status)) + lim_send_sme_disassoc_deauth_ntf(pMac, + QDF_STATUS_SUCCESS, + (uint32_t *)msg); return; } if (!lim_is_sme_disassoc_cnf_valid(pMac, &smeDisassocCnf, psessionEntry)) { pe_err("received invalid SME_DISASSOC_CNF message"); + status = lim_prepare_disconnect_done_ind(pMac, &msg, + psessionEntry->smeSessionId, + eSIR_SME_INVALID_PARAMETERS, + &smeDisassocCnf.bssid.bytes[0]); + if (QDF_IS_STATUS_SUCCESS(status)) + lim_send_sme_disassoc_deauth_ntf(pMac, + QDF_STATUS_SUCCESS, + (uint32_t *)msg); return; } #ifdef FEATURE_WLAN_DIAG_SUPPORT_LIM /* FEATURE_WLAN_DIAG_SUPPORT */ @@ -2591,6 +2610,15 @@ static void __lim_process_sme_disassoc_cnf(tpAniSirGlobal pMac, uint32_t *pMsgBu psessionEntry->limSmeState); lim_print_sme_state(pMac, LOGE, psessionEntry->limSmeState); + status = lim_prepare_disconnect_done_ind(pMac, &msg, + psessionEntry->smeSessionId, + eSIR_SME_INVALID_STATE, + &smeDisassocCnf.bssid. + bytes[0]); + if (QDF_IS_STATUS_SUCCESS(status)) + lim_send_sme_disassoc_deauth_ntf(pMac, + QDF_STATUS_SUCCESS, + (uint32_t *)msg); return; } break; @@ -2603,7 +2631,14 @@ static void __lim_process_sme_disassoc_cnf(tpAniSirGlobal pMac, uint32_t *pMsgBu default: /* eLIM_UNKNOWN_ROLE */ pe_err("received unexpected SME_DISASSOC_CNF role %d", GET_LIM_SYSTEM_ROLE(psessionEntry)); - + status = lim_prepare_disconnect_done_ind(pMac, &msg, + psessionEntry->smeSessionId, + eSIR_SME_INVALID_STATE, + &smeDisassocCnf.bssid.bytes[0]); + if (QDF_IS_STATUS_SUCCESS(status)) + lim_send_sme_disassoc_deauth_ntf(pMac, + QDF_STATUS_SUCCESS, + (uint32_t *)msg); return; } @@ -2617,6 +2652,14 @@ static void __lim_process_sme_disassoc_cnf(tpAniSirGlobal pMac, uint32_t *pMsgBu pe_err("DISASSOC_CNF for a STA with no context, addr= " MAC_ADDRESS_STR, MAC_ADDR_ARRAY(smeDisassocCnf.peer_macaddr.bytes)); + status = lim_prepare_disconnect_done_ind(pMac, &msg, + psessionEntry->smeSessionId, + eSIR_SME_INVALID_PARAMETERS, + &smeDisassocCnf.bssid.bytes[0]); + if (QDF_IS_STATUS_SUCCESS(status)) + lim_send_sme_disassoc_deauth_ntf(pMac, + QDF_STATUS_SUCCESS, + (uint32_t *)msg); return; } @@ -2627,6 +2670,14 @@ static void __lim_process_sme_disassoc_cnf(tpAniSirGlobal pMac, uint32_t *pMsgBu pe_err("No need of cleanup for addr:" MAC_ADDRESS_STR "as MLM state is %d", MAC_ADDR_ARRAY(smeDisassocCnf.peer_macaddr.bytes), pStaDs->mlmStaContext.mlmState); + status = lim_prepare_disconnect_done_ind(pMac, &msg, + psessionEntry->smeSessionId, + eSIR_SME_SUCCESS, + NULL); + if (QDF_IS_STATUS_SUCCESS(status)) + lim_send_sme_disassoc_deauth_ntf(pMac, + QDF_STATUS_SUCCESS, + (uint32_t *)msg); return; } @@ -5006,7 +5057,7 @@ static void lim_process_sme_update_access_policy_vendor_ie( { struct sme_update_access_policy_vendor_ie *update_vendor_ie; struct sPESession *pe_session_entry; - uint8_t num_bytes; + uint16_t num_bytes; if (!msg) { pe_err("Buffer is Pointing to NULL"); diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c index 84a5907678d2..ae1993701f74 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.c @@ -896,7 +896,7 @@ lim_send_sme_disassoc_ntf(tpAniSirGlobal pMac, tpPESession session = NULL; uint16_t i, assoc_id; tpDphHashNode sta_ds = NULL; - struct sir_sme_discon_done_ind *sir_sme_dis_ind; + QDF_STATUS status; pe_debug("Disassoc Ntf with trigger : %d reasonCode: %d", disassocTrigger, reasonCode); @@ -982,36 +982,13 @@ lim_send_sme_disassoc_ntf(tpAniSirGlobal pMac, case eLIM_PEER_ENTITY_DISASSOC: case eLIM_LINK_MONITORING_DISASSOC: - sir_sme_dis_ind = - qdf_mem_malloc(sizeof(*sir_sme_dis_ind)); - if (!sir_sme_dis_ind) { - pe_err("call to AllocateMemory failed for disconnect indication"); + status = lim_prepare_disconnect_done_ind(pMac, &pMsg, + smesessionId, + reasonCode, &peerMacAddr[0]); + if (!QDF_IS_STATUS_SUCCESS(status)) { + pe_err("Failed to prepare message"); return; } - - pe_debug("send eWNI_SME_DISCONNECT_DONE_IND with retCode: %d", - reasonCode); - - sir_sme_dis_ind->message_type = - eWNI_SME_DISCONNECT_DONE_IND; - sir_sme_dis_ind->length = - sizeof(*sir_sme_dis_ind); - qdf_mem_copy(sir_sme_dis_ind->peer_mac, peerMacAddr, - sizeof(tSirMacAddr)); - sir_sme_dis_ind->session_id = smesessionId; - sir_sme_dis_ind->reason_code = reasonCode; - /* - * Instead of sending deauth reason code as 505 which is - * internal value(eSIR_SME_LOST_LINK_WITH_PEER_RESULT_CODE) - * Send reason code as zero to Supplicant - */ - if (reasonCode == eSIR_SME_LOST_LINK_WITH_PEER_RESULT_CODE) - sir_sme_dis_ind->reason_code = 0; - else - sir_sme_dis_ind->reason_code = reasonCode; - - pMsg = (uint32_t *)sir_sme_dis_ind; - break; default: @@ -1368,6 +1345,45 @@ void lim_send_sme_tdls_event_notify(tpAniSirGlobal pMac, uint16_t msgType, } #endif /* FEATURE_WLAN_TDLS */ +QDF_STATUS lim_prepare_disconnect_done_ind(tpAniSirGlobal mac_ctx, + uint32_t **msg, + uint8_t session_id, + tSirResultCodes reason_code, + uint8_t *peer_mac_addr) +{ + struct sir_sme_discon_done_ind *sir_sme_dis_ind; + + sir_sme_dis_ind = qdf_mem_malloc(sizeof(*sir_sme_dis_ind)); + if (!sir_sme_dis_ind) { + pe_err("Failed to allocate memory"); + return QDF_STATUS_E_FAILURE; + } + + pe_debug("Prepare eWNI_SME_DISCONNECT_DONE_IND withretCode: %d", + reason_code); + + sir_sme_dis_ind->message_type = eWNI_SME_DISCONNECT_DONE_IND; + sir_sme_dis_ind->length = sizeof(*sir_sme_dis_ind); + sir_sme_dis_ind->session_id = session_id; + if (peer_mac_addr) + qdf_mem_copy(sir_sme_dis_ind->peer_mac, + peer_mac_addr, ETH_ALEN); + + /* + * Instead of sending deauth reason code as 505 which is + * internal value(eSIR_SME_LOST_LINK_WITH_PEER_RESULT_CODE) + * Send reason code as zero to Supplicant + */ + if (reason_code == eSIR_SME_LOST_LINK_WITH_PEER_RESULT_CODE) + sir_sme_dis_ind->reason_code = 0; + else + sir_sme_dis_ind->reason_code = reason_code; + + *msg = (uint32_t *)sir_sme_dis_ind; + + return QDF_STATUS_SUCCESS; +} + /** * lim_send_sme_deauth_ntf() * @@ -1406,8 +1422,8 @@ lim_send_sme_deauth_ntf(tpAniSirGlobal pMac, tSirMacAddr peerMacAddr, tSirSmeDeauthInd *pSirSmeDeauthInd; tpPESession psessionEntry; uint8_t sessionId; - uint32_t *pMsg; - struct sir_sme_discon_done_ind *sir_sme_dis_ind; + uint32_t *pMsg = NULL; + QDF_STATUS status; psessionEntry = pe_find_session_by_bssid(pMac, peerMacAddr, &sessionId); switch (deauthTrigger) { @@ -1443,38 +1459,14 @@ lim_send_sme_deauth_ntf(tpAniSirGlobal pMac, tSirMacAddr peerMacAddr, case eLIM_PEER_ENTITY_DEAUTH: case eLIM_LINK_MONITORING_DEAUTH: - sir_sme_dis_ind = - qdf_mem_malloc(sizeof(*sir_sme_dis_ind)); - if (!sir_sme_dis_ind) { - pe_err("call to AllocateMemory failed for disconnect indication"); + status = lim_prepare_disconnect_done_ind(pMac, &pMsg, + smesessionId, reasonCode, + &peerMacAddr[0]); + if (!QDF_IS_STATUS_SUCCESS(status)) { + pe_err("Failed to prepare message"); return; } - - pe_debug("send eWNI_SME_DISCONNECT_DONE_IND withretCode: %d", - reasonCode); - - sir_sme_dis_ind->message_type = - eWNI_SME_DISCONNECT_DONE_IND; - sir_sme_dis_ind->length = - sizeof(*sir_sme_dis_ind); - sir_sme_dis_ind->session_id = smesessionId; - sir_sme_dis_ind->reason_code = reasonCode; - qdf_mem_copy(sir_sme_dis_ind->peer_mac, peerMacAddr, - ETH_ALEN); - /* - * Instead of sending deauth reason code as 505 which is - * internal value(eSIR_SME_LOST_LINK_WITH_PEER_RESULT_CODE) - * Send reason code as zero to Supplicant - */ - if (reasonCode == eSIR_SME_LOST_LINK_WITH_PEER_RESULT_CODE) - sir_sme_dis_ind->reason_code = 0; - else - sir_sme_dis_ind->reason_code = reasonCode; - - pMsg = (uint32_t *)sir_sme_dis_ind; - break; - default: /** * Deauthentication indication due to Deauthentication @@ -2347,6 +2339,12 @@ void lim_handle_csa_offload_msg(tpAniSirGlobal mac_ctx, tpSirMsgQ msg) goto err; } + /* Send RSO Stop to FW before triggering the vdev restart for CSA */ + if (mac_ctx->lim.stop_roaming_callback) + mac_ctx->lim.stop_roaming_callback(mac_ctx, + session_entry->smeSessionId, + eCsrDriverDisabled); + lim_prepare_for11h_channel_switch(mac_ctx, session_entry); csa_offload_ind = qdf_mem_malloc(sizeof(tSmeCsaOffloadInd)); if (NULL == csa_offload_ind) { diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.h b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.h index 55a58ff0ee03..d83676fb5e97 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.h +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_send_sme_rsp_messages.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2016,2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -58,6 +58,23 @@ void lim_post_sme_scan_rsp_message(tpAniSirGlobal, tSirResultCodes, void lim_send_sme_join_reassoc_rsp(tpAniSirGlobal, uint16_t, tSirResultCodes, uint16_t, tpPESession, uint8_t, uint16_t); + +/* + * lim_prepare_disconnect_done_ind() - Prepares the disconnect done ind message + * @mac_ctx: Global mac_ctx + * @session_id: PE session id + * @reason_code: Disconnect indication reason code + * @peer_mac_addr: MAC address of the peer + * + * Prepares the disconnect done indication message to be sent to the upper layer + * + * Return: QDF Status + */ +QDF_STATUS lim_prepare_disconnect_done_ind(tpAniSirGlobal mac_ctx, + uint32_t **msg, + uint8_t session_id, + tSirResultCodes reason_code, + uint8_t *peer_mac_addr); void lim_send_sme_disassoc_ntf(tpAniSirGlobal, tSirMacAddr, tSirResultCodes, uint16_t, uint16_t, uint8_t, uint16_t, tpPESession); void lim_send_sme_deauth_ntf(tpAniSirGlobal, tSirMacAddr, tSirResultCodes, uint16_t, diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_sme_req_utils.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_sme_req_utils.c index 0e74b66f257a..98529fbde2c3 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_sme_req_utils.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/lim/lim_sme_req_utils.c @@ -511,7 +511,13 @@ uint8_t lim_is_sme_join_req_valid(tpAniSirGlobal pMac, tpSirSmeJoinReq pJoinReq) { uint8_t valid = true; - if (!lim_is_rsn_ie_valid_in_sme_req_message(pMac, &pJoinReq->rsnIE)) { + /* + * If force_rsne_override is enabled that mean User has provided the + * test RSNIE which need to be send as it is in assoc req and thus RSNIE + * validity is not required. + */ + if (!pJoinReq->force_rsne_override && + !lim_is_rsn_ie_valid_in_sme_req_message(pMac, &pJoinReq->rsnIE)) { pe_err("received SME_JOIN_REQ with invalid RSNIE"); valid = false; goto end; diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_gen.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_gen.c index 60e594d705cd..c3e255910eb0 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_gen.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_gen.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -104,6 +104,7 @@ sch_append_addn_ie(tpAniSirGlobal mac_ctx, tpPESession session, uint8_t *p2p_ie = NULL; uint8_t noa_len = 0; uint8_t noa_strm[SIR_MAX_NOA_ATTR_LEN + SIR_P2P_IE_HEADER_LEN]; + uint8_t ext_p2p_ie[DOT11F_IE_P2PBEACON_MAX_LEN + 2]; bool valid_ie; valid_ie = (addn_ielen <= WNI_CFG_PROBE_RSP_BCN_ADDNIE_DATA_LEN && @@ -112,8 +113,27 @@ sch_append_addn_ie(tpAniSirGlobal mac_ctx, tpPESession session, if (!valid_ie) return status; + qdf_mem_zero(&ext_p2p_ie[0], DOT11F_IE_P2PBEACON_MAX_LEN + 2); + /* + * P2P IE extracted in wlan_hdd_add_hostapd_conf_vsie may not + * be at the end of additional IE buffer. The buffer sent to WMA + * expect P2P IE at the end of beacon buffer and will result in + * beacon corruption if P2P IE is not at end of beacon buffer. + */ + status = lim_strip_ie(mac_ctx, addn_ie, &addn_ielen, SIR_MAC_EID_VENDOR, + ONE_BYTE, SIR_MAC_P2P_OUI, SIR_MAC_P2P_OUI_SIZE, + ext_p2p_ie, DOT11F_IE_P2PBEACON_MAX_LEN); + qdf_mem_copy(&add_ie[0], addn_ie, addn_ielen); + if (status == eSIR_SUCCESS && ext_p2p_ie[0] == SIR_MAC_EID_VENDOR && + !qdf_mem_cmp(&ext_p2p_ie[2], SIR_MAC_P2P_OUI, + SIR_MAC_P2P_OUI_SIZE)) { + qdf_mem_copy(&add_ie[addn_ielen], ext_p2p_ie, + ext_p2p_ie[1] + 2); + addn_ielen += ext_p2p_ie[1] + 2; + } + p2p_ie = limGetP2pIEPtr(mac_ctx, &add_ie[0], addn_ielen); if ((p2p_ie != NULL) && !mac_ctx->beacon_offload) { /* get NoA attribute stream P2P IE */ diff --git a/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_process.c b/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_process.c index 53f09e973e19..c4808e0bc7ef 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_process.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/pe/sch/sch_beacon_process.c @@ -905,8 +905,6 @@ sch_beacon_process(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info, return; } - if (bcn.ssidPresent) - bcn.ssId.ssId[bcn.ssId.length] = 0; /* * First process the beacon in the context of any existing AP or BTAP * session. This takes cares of following two scenarios: diff --git a/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/dot11f.c b/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/dot11f.c index 2613952ab913..d3e07959ac0f 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/dot11f.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/dot11f.c @@ -1,9 +1,6 @@ /* * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. * - * Previously licensed under the ISC license by Qualcomm Atheros, Inc. - * - * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the * above copyright notice and this permission notice appear in all @@ -20,12 +17,6 @@ */ /* - * This file was originally distributed by Qualcomm Atheros, Inc. - * under proprietary terms before Copyright ownership was assigned - * to the Linux Foundation. - */ - -/* * \file dot11f.c * * \brief Structures, functions & definitions for @@ -33,7 +24,7 @@ * * * This file was automatically generated by 'framesc' - * Mon Aug 6 14:48:18 2018 from the following file(s): + * Tue Sep 4 16:59:43 2018 from the following file(s): * * dot11f.frms * @@ -306,7 +297,8 @@ static const tIEDefn *find_ie_defn(tpAniSirGlobal pCtx, while (0xff != pIe->eid || pIe->extn_eid) { if (*pBuf == pIe->eid) { if (pIe->eid == 0xff) { - if ((*(pBuf + 2)) == pIe->extn_eid) + if ((nBuf > 2) && + (*(pBuf + 2)) == pIe->extn_eid) return pIe; } else { if (0 == pIe->noui) @@ -823,8 +815,10 @@ uint32_t dot11f_unpack_tlv_authorized_ma_cs(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 6)) + if (unlikely(tlvlen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->mac, pBuf, 6); pBuf += 6; @@ -847,8 +841,10 @@ uint32_t dot11f_unpack_tlv_version2(tpAniSirGlobal pCtx, uint32_t status = DOT11F_PARSE_SUCCESS; uint8_t tmp5__; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp5__ = *pBuf; pBuf += 1; @@ -907,14 +903,18 @@ uint32_t dot11f_unpack_tlv_extended_listen_timing(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 2)) + if (unlikely(tlvlen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->availibilityPeriod, pBuf, 0); pBuf += 2; tlvlen -= (uint8_t)2; - if (unlikely(tlvlen < 2)) + if (unlikely(tlvlen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->availibilityInterval, pBuf, 0); pBuf += 2; @@ -933,20 +933,26 @@ uint32_t dot11f_unpack_tlv_listen_channel(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 3)) + if (unlikely(tlvlen < 3)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->countryString, pBuf, 3); pBuf += 3; tlvlen -= (uint8_t)3; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->regulatoryClass = *pBuf; pBuf += 1; tlvlen -= (uint8_t)1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->channel = *pBuf; pBuf += 1; @@ -1037,14 +1043,18 @@ uint32_t dot11f_unpack_tlv_notice_of_absence(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->index = *pBuf; pBuf += 1; tlvlen -= (uint8_t)1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->CTSWindowOppPS = *pBuf; pBuf += 1; @@ -1072,20 +1082,26 @@ uint32_t dot11f_unpack_tlv_operating_channel(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 3)) + if (unlikely(tlvlen < 3)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->countryString, pBuf, 3); pBuf += 3; tlvlen -= (uint8_t)3; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->regulatoryClass = *pBuf; pBuf += 1; tlvlen -= (uint8_t)1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->channel = *pBuf; pBuf += 1; @@ -1104,14 +1120,18 @@ uint32_t dot11f_unpack_tlv_p2_p_capability(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->deviceCapability = *pBuf; pBuf += 1; tlvlen -= (uint8_t)1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->groupCapability = *pBuf; pBuf += 1; @@ -1130,8 +1150,10 @@ uint32_t dot11f_unpack_tlv_p2_p_device_id(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 6)) + if (unlikely(tlvlen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->P2PDeviceAddress, pBuf, 6); pBuf += 6; @@ -1157,20 +1179,26 @@ uint32_t dot11f_unpack_tlv_p2_p_device_info(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 6)) + if (unlikely(tlvlen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->P2PDeviceAddress, pBuf, 6); pBuf += 6; tlvlen -= (uint8_t)6; - if (unlikely(tlvlen < 2)) + if (unlikely(tlvlen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->configMethod, pBuf, 0); pBuf += 2; tlvlen -= (uint8_t)2; - if (unlikely(tlvlen < 8)) + if (unlikely(tlvlen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->primaryDeviceType, pBuf, 8); pBuf += 8; @@ -1217,20 +1245,26 @@ uint32_t dot11f_unpack_tlv_primary_device_type(tpAniSirGlobal pCtx, uint32_t status = DOT11F_PARSE_SUCCESS; (void)pBuf; (void)tlvlen; /* Shutup the compiler */ pDst->present = 1; - if (unlikely(tlvlen < 2)) + if (unlikely(tlvlen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->primary_category, pBuf, 1); pBuf += 2; tlvlen -= (uint8_t)2; - if (unlikely(tlvlen < 4)) + if (unlikely(tlvlen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->oui, pBuf, 4); pBuf += 4; tlvlen -= (uint8_t)4; - if (unlikely(tlvlen < 2)) + if (unlikely(tlvlen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->sub_category, pBuf, 1); pBuf += 2; @@ -1252,20 +1286,26 @@ uint32_t dot11f_unpack_tlv_request_device_type(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 2)) + if (unlikely(tlvlen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->primary_category, pBuf, 1); pBuf += 2; tlvlen -= (uint8_t)2; - if (unlikely(tlvlen < 4)) + if (unlikely(tlvlen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->oui, pBuf, 4); pBuf += 4; tlvlen -= (uint8_t)4; - if (unlikely(tlvlen < 2)) + if (unlikely(tlvlen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->sub_category, pBuf, 1); pBuf += 2; @@ -1319,8 +1359,10 @@ uint32_t dot11f_unpack_tlv_uuid_e(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 16)) + if (unlikely(tlvlen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->uuid, pBuf, 16); pBuf += 16; @@ -1339,8 +1381,10 @@ uint32_t dot11f_unpack_tlv_uuid_r(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 16)) + if (unlikely(tlvlen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->uuid, pBuf, 16); pBuf += 16; @@ -1373,8 +1417,10 @@ uint32_t dot11f_unpack_tlv_vendor_extension(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 3)) + if (unlikely(tlvlen < 3)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->vendorId, pBuf, 3); pBuf += 3; @@ -1400,8 +1446,10 @@ uint32_t dot11f_unpack_tlv_version(tpAniSirGlobal pCtx, uint32_t status = DOT11F_PARSE_SUCCESS; uint8_t tmp6__; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp6__ = *pBuf; pBuf += 1; @@ -1440,8 +1488,10 @@ uint32_t dot11f_unpack_tlv_non_prefferd_chan_rep(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->oper_class = *pBuf; pBuf += 1; @@ -1470,8 +1520,10 @@ uint32_t dot11f_unpack_tlv_oce_cap(tpAniSirGlobal pCtx, uint32_t status = DOT11F_PARSE_SUCCESS; uint8_t tmp7__; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp7__ = *pBuf; pBuf += 1; @@ -1495,8 +1547,10 @@ uint32_t dot11f_unpack_tlv_reduced_wan_metrics(tpAniSirGlobal pCtx, uint32_t status = DOT11F_PARSE_SUCCESS; uint8_t tmp8__; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp8__ = *pBuf; pBuf += 1; @@ -1517,14 +1571,18 @@ uint32_t dot11f_unpack_tlv_rssi_assoc_rej(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->delta_rssi = *pBuf; pBuf += 1; tlvlen -= (uint8_t)1; - if (unlikely(tlvlen < 1)) + if (unlikely(tlvlen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->retry_delay = *pBuf; pBuf += 1; @@ -1549,8 +1607,10 @@ uint32_t dot11f_unpack_tlv_p2_p_interface(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; pDst->present = 1; - if (unlikely(tlvlen < 6)) + if (unlikely(tlvlen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->P2PDeviceAddress, pBuf, 6); pBuf += 6; @@ -1577,22 +1637,28 @@ uint32_t dot11f_unpack_ie_gtk(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp9__, pBuf, 0); pBuf += 2; ielen -= 2; pDst->keyId = tmp9__ >> 0 & 0x3; pDst->reserved = tmp9__ >> 2 & 0x3feb; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->keyLength = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->RSC, pBuf, 8); pBuf += 8; @@ -1622,26 +1688,34 @@ uint32_t dot11f_unpack_ie_igtk(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->keyID, pBuf, 2); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->IPN, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->keyLength = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 24)) + if (unlikely(ielen < 24)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->key, pBuf, 24); (void)pCtx; @@ -1687,8 +1761,10 @@ uint32_t dot11f_unpack_ie_r1_kh_id(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->PMK_R1_ID, pBuf, 6); (void)pCtx; @@ -1709,8 +1785,10 @@ uint32_t dot11f_unpack_ie_ap_channel_report(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->regulatoryClass = *pBuf; pBuf += 1; @@ -1740,8 +1818,10 @@ uint32_t dot11f_unpack_ie_bcn_reporting_detail(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->reportingDetail = *pBuf; (void)pCtx; @@ -1787,14 +1867,18 @@ uint32_t dot11f_unpack_ie_beacon_reporting(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->reportingCondition = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->threshold = *pBuf; (void)pCtx; @@ -1815,8 +1899,10 @@ uint32_t dot11f_unpack_ie_condensed_country_str(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->countryStr, pBuf, 2); (void)pCtx; @@ -1837,8 +1923,10 @@ uint32_t dot11f_unpack_ie_measurement_pilot(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurementPilot = *pBuf; pBuf += 1; @@ -1863,8 +1951,10 @@ uint32_t dot11f_unpack_ie_multi_bssid(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->maxBSSIDIndicator = *pBuf; pBuf += 1; @@ -1889,20 +1979,26 @@ uint32_t dot11f_unpack_ie_ric_data(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->Identifier = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->resourceDescCount = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->statusCode, pBuf, 0); (void)pCtx; @@ -1923,8 +2019,10 @@ uint32_t dot11f_unpack_ie_ric_descriptor(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->resourceType = *pBuf; pBuf += 1; @@ -1954,8 +2052,10 @@ uint32_t dot11f_unpack_ie_rrm_enabled_cap(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp10__ = *pBuf; pBuf += 1; @@ -1968,8 +2068,10 @@ uint32_t dot11f_unpack_ie_rrm_enabled_cap(tpAniSirGlobal pCtx, pDst->BeaconActive = tmp10__ >> 5 & 0x1; pDst->BeaconTable = tmp10__ >> 6 & 0x1; pDst->BeaconRepCond = tmp10__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp11__ = *pBuf; pBuf += 1; @@ -1982,8 +2084,10 @@ uint32_t dot11f_unpack_ie_rrm_enabled_cap(tpAniSirGlobal pCtx, pDst->LCIAzimuth = tmp11__ >> 5 & 0x1; pDst->TCMCapability = tmp11__ >> 6 & 0x1; pDst->triggeredTCM = tmp11__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp12__ = *pBuf; pBuf += 1; @@ -1992,8 +2096,10 @@ uint32_t dot11f_unpack_ie_rrm_enabled_cap(tpAniSirGlobal pCtx, pDst->RRMMIBEnabled = tmp12__ >> 1 & 0x1; pDst->operatingChanMax = tmp12__ >> 2 & 0x7; pDst->nonOperatinChanMax = tmp12__ >> 5 & 0x7; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp13__ = *pBuf; pBuf += 1; @@ -2004,8 +2110,10 @@ uint32_t dot11f_unpack_ie_rrm_enabled_cap(tpAniSirGlobal pCtx, pDst->RCPIMeasurement = tmp13__ >> 5 & 0x1; pDst->RSNIMeasurement = tmp13__ >> 6 & 0x1; pDst->BssAvgAccessDelay = tmp13__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp14__ = *pBuf; pDst->BSSAvailAdmission = tmp14__ >> 0 & 0x1; @@ -2079,8 +2187,10 @@ uint32_t dot11f_unpack_ie_schedule(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp15__, pBuf, 0); pBuf += 2; @@ -2089,26 +2199,34 @@ uint32_t dot11f_unpack_ie_schedule(tpAniSirGlobal pCtx, pDst->tsid = tmp15__ >> 1 & 0xf; pDst->direction = tmp15__ >> 5 & 0x3; pDst->reserved = tmp15__ >> 7 & 0x1ff; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->service_start_time, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->service_interval, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->max_service_dur, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->spec_interval, pBuf, 0); (void)pCtx; @@ -2129,124 +2247,162 @@ uint32_t dot11f_unpack_ie_tclas(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->user_priority = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->classifier_type = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->classifier_mask = *pBuf; pBuf += 1; ielen -= (uint8_t)1; switch (pDst->classifier_type) { case 0: - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.EthParams.source, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.EthParams.dest, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.EthParams.type, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; break; case 1: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.version = *pBuf; pBuf += 1; ielen -= (uint8_t)1; switch (pDst->info.IpParams.version) { case 4: - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV4Params.source, pBuf, 4); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV4Params.dest, pBuf, 4); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV4Params.src_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV4Params.dest_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.params.IpV4Params.DSCP = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.params.IpV4Params.proto = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.params.IpV4Params.reserved = *pBuf; pBuf += 1; ielen -= (uint8_t)1; break; case 6: - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV6Params.source, pBuf, 16); pBuf += 16; ielen -= (uint8_t)16; - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV6Params.dest, pBuf, 16); pBuf += 16; ielen -= (uint8_t)16; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV6Params.src_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV6Params.dest_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 3)) + if (unlikely(ielen < 3)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV6Params.flow_label, pBuf, 3); pBuf += 3; @@ -2255,8 +2411,10 @@ uint32_t dot11f_unpack_ie_tclas(tpAniSirGlobal pCtx, } break; case 2: - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.Params8021dq.tag_type, pBuf, 0); pBuf += 2; @@ -2284,8 +2442,10 @@ uint32_t dot11f_unpack_ie_ts_delay(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->delay, pBuf, 0); (void)pCtx; @@ -2306,14 +2466,18 @@ uint32_t dot11f_unpack_ie_tsf_info(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->TsfOffset, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->BeaconIntvl, pBuf, 0); (void)pCtx; @@ -2337,8 +2501,10 @@ uint32_t dot11f_unpack_ie_tspec(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp16__, pBuf, 0); pBuf += 2; @@ -2351,102 +2517,134 @@ uint32_t dot11f_unpack_ie_tspec(tpAniSirGlobal pCtx, pDst->psb = tmp16__ >> 10 & 0x1; pDst->user_priority = tmp16__ >> 11 & 0x7; pDst->tsinfo_ack_pol = tmp16__ >> 14 & 0x3; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp17__ = *pBuf; pBuf += 1; ielen -= 1; pDst->schedule = tmp17__ >> 0 & 0x1; pDst->unused = tmp17__ >> 1 & 0x7f; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp18__, pBuf, 0); pBuf += 2; ielen -= 2; pDst->size = tmp18__ >> 0 & 0x7fff; pDst->fixed = tmp18__ >> 15 & 0x1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->max_msdu_size, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->min_service_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->max_service_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->inactivity_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->suspension_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->service_start_time, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->min_data_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->mean_data_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->peak_data_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->burst_size, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->delay_bound, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->min_phy_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->surplus_bw_allowance, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->medium_time, pBuf, 0); (void)pCtx; @@ -2470,8 +2668,10 @@ uint32_t dot11f_unpack_ie_vht_caps(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &tmp19__, pBuf, 0); pBuf += 4; @@ -2496,28 +2696,36 @@ uint32_t dot11f_unpack_ie_vht_caps(tpAniSirGlobal pCtx, pDst->rxAntPattern = tmp19__ >> 28 & 0x1; pDst->txAntPattern = tmp19__ >> 29 & 0x1; pDst->reserved1 = tmp19__ >> 30 & 0x3; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->rxMCSMap, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp20__, pBuf, 0); pBuf += 2; ielen -= 2; pDst->rxHighSupDataRate = tmp20__ >> 0 & 0x1fff; pDst->reserved2 = tmp20__ >> 13 & 0x7; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->txMCSMap, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp21__, pBuf, 0); pDst->txSupDataRate = tmp21__ >> 0 & 0x1fff; @@ -2540,26 +2748,34 @@ uint32_t dot11f_unpack_ie_vht_operation(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->chanWidth = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->chanCenterFreqSeg1 = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->chanCenterFreqSeg2 = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->basicMCSSet, pBuf, 0); (void)pCtx; @@ -2581,8 +2797,10 @@ uint32_t dot11f_unpack_ie_wmm_schedule(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; @@ -2591,8 +2809,10 @@ uint32_t dot11f_unpack_ie_wmm_schedule(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp22__, pBuf, 0); pBuf += 2; @@ -2601,26 +2821,34 @@ uint32_t dot11f_unpack_ie_wmm_schedule(tpAniSirGlobal pCtx, pDst->tsid = tmp22__ >> 1 & 0xf; pDst->direction = tmp22__ >> 5 & 0x3; pDst->reserved = tmp22__ >> 7 & 0x1ff; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->service_start_time, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->service_interval, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->max_service_dur, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->spec_interval, pBuf, 0); (void)pCtx; @@ -2641,8 +2869,10 @@ uint32_t dot11f_unpack_ie_wmmtclas(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; @@ -2651,124 +2881,162 @@ uint32_t dot11f_unpack_ie_wmmtclas(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->user_priority = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->classifier_type = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->classifier_mask = *pBuf; pBuf += 1; ielen -= (uint8_t)1; switch (pDst->classifier_type) { case 0: - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.EthParams.source, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.EthParams.dest, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.EthParams.type, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; break; case 1: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.version = *pBuf; pBuf += 1; ielen -= (uint8_t)1; switch (pDst->info.IpParams.version) { case 4: - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV4Params.source, pBuf, 4); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV4Params.dest, pBuf, 4); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV4Params.src_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV4Params.dest_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.params.IpV4Params.DSCP = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.params.IpV4Params.proto = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->info.IpParams.params.IpV4Params.reserved = *pBuf; pBuf += 1; ielen -= (uint8_t)1; break; case 6: - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV6Params.source, pBuf, 16); pBuf += 16; ielen -= (uint8_t)16; - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV6Params.dest, pBuf, 16); pBuf += 16; ielen -= (uint8_t)16; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV6Params.src_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.IpParams.params.IpV6Params.dest_port, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 3)) + if (unlikely(ielen < 3)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->info.IpParams.params.IpV6Params.flow_label, pBuf, 3); pBuf += 3; @@ -2777,8 +3045,10 @@ uint32_t dot11f_unpack_ie_wmmtclas(tpAniSirGlobal pCtx, } break; case 2: - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->info.Params8021dq.tag_type, pBuf, 0); pBuf += 2; @@ -2803,8 +3073,10 @@ uint32_t dot11f_unpack_ie_wmmtclasproc(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; @@ -2813,8 +3085,10 @@ uint32_t dot11f_unpack_ie_wmmtclasproc(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->processing = *pBuf; (void)pCtx; @@ -2835,8 +3109,10 @@ uint32_t dot11f_unpack_ie_wmmts_delay(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; @@ -2845,8 +3121,10 @@ uint32_t dot11f_unpack_ie_wmmts_delay(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->delay, pBuf, 0); (void)pCtx; @@ -2870,8 +3148,10 @@ uint32_t dot11f_unpack_ie_wmmtspec(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; @@ -2880,8 +3160,10 @@ uint32_t dot11f_unpack_ie_wmmtspec(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp23__, pBuf, 0); pBuf += 2; @@ -2894,102 +3176,134 @@ uint32_t dot11f_unpack_ie_wmmtspec(tpAniSirGlobal pCtx, pDst->psb = tmp23__ >> 10 & 0x1; pDst->user_priority = tmp23__ >> 11 & 0x7; pDst->tsinfo_ack_pol = tmp23__ >> 14 & 0x3; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp24__ = *pBuf; pBuf += 1; ielen -= 1; pDst->tsinfo_rsvd = tmp24__ >> 0 & 0x7f; pDst->burst_size_defn = tmp24__ >> 7 & 0x1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp25__, pBuf, 0); pBuf += 2; ielen -= 2; pDst->size = tmp25__ >> 0 & 0x7fff; pDst->fixed = tmp25__ >> 15 & 0x1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->max_msdu_size, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->min_service_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->max_service_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->inactivity_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->suspension_int, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->service_start_time, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->min_data_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->mean_data_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->peak_data_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->burst_size, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->delay_bound, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->min_phy_rate, pBuf, 0); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->surplus_bw_allowance, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->medium_time, pBuf, 0); (void)pCtx; @@ -3010,20 +3324,26 @@ uint32_t dot11f_unpack_ie_wider_bw_chan_switch_ann(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->newChanWidth = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->newCenterChanFreq0 = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->newCenterChanFreq1 = *pBuf; (void)pCtx; @@ -3044,8 +3364,10 @@ uint32_t dot11f_unpack_ie_azimuth_req(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->request = *pBuf; (void)pCtx; @@ -3066,8 +3388,10 @@ uint32_t dot11f_unpack_ie_max_age(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->max_age, pBuf, 0); (void)pCtx; @@ -3117,14 +3441,18 @@ uint32_t dot11f_unpack_ie_neighbor_rpt(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->bssid, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp26__ = *pBuf; pBuf += 1; @@ -3136,8 +3464,10 @@ uint32_t dot11f_unpack_ie_neighbor_rpt(tpAniSirGlobal pCtx, pDst->QosCap = tmp26__ >> 5 & 0x1; pDst->apsd = tmp26__ >> 6 & 0x1; pDst->rrm = tmp26__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp27__ = *pBuf; pBuf += 1; @@ -3146,26 +3476,34 @@ uint32_t dot11f_unpack_ie_neighbor_rpt(tpAniSirGlobal pCtx, pDst->ImmBA = tmp27__ >> 1 & 0x1; pDst->MobilityDomain = tmp27__ >> 2 & 0x1; pDst->reserved = tmp27__ >> 3 & 0x1f; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->reserved1, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->regulatoryClass = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->PhyType = *pBuf; pBuf += 1; @@ -3196,8 +3534,10 @@ uint32_t dot11f_unpack_ie_req_mac_addr(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->addr, pBuf, 6); (void)pCtx; @@ -3218,8 +3558,10 @@ uint32_t dot11f_unpack_ie_tgt_mac_addr(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->addr, pBuf, 6); (void)pCtx; @@ -3265,8 +3607,10 @@ uint32_t dot11f_unpack_ie_aid(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->assocId, pBuf, 0); (void)pCtx; @@ -3287,26 +3631,34 @@ uint32_t dot11f_unpack_ie_cf_params(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->cfp_count = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->cfp_period = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->cfp_maxduration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->cfp_durremaining, pBuf, 0); (void)pCtx; @@ -3352,20 +3704,26 @@ uint32_t dot11f_unpack_ie_chan_switch_ann(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->switchMode = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->newChannel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->switchCount = *pBuf; (void)pCtx; @@ -3428,8 +3786,10 @@ uint32_t dot11f_unpack_ie_country(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 3)) + if (unlikely(ielen < 3)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->country, pBuf, 3); pBuf += 3; @@ -3475,20 +3835,26 @@ uint32_t dot11f_unpack_ie_edca_param_set(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->qos = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->reserved = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp28__ = *pBuf; pBuf += 1; @@ -3497,22 +3863,28 @@ uint32_t dot11f_unpack_ie_edca_param_set(tpAniSirGlobal pCtx, pDst->acbe_acm = tmp28__ >> 4 & 0x1; pDst->acbe_aci = tmp28__ >> 5 & 0x3; pDst->unused1 = tmp28__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp29__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acbe_acwmin = tmp29__ >> 0 & 0xf; pDst->acbe_acwmax = tmp29__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acbe_txoplimit, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp30__ = *pBuf; pBuf += 1; @@ -3521,22 +3893,28 @@ uint32_t dot11f_unpack_ie_edca_param_set(tpAniSirGlobal pCtx, pDst->acbk_acm = tmp30__ >> 4 & 0x1; pDst->acbk_aci = tmp30__ >> 5 & 0x3; pDst->unused2 = tmp30__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp31__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acbk_acwmin = tmp31__ >> 0 & 0xf; pDst->acbk_acwmax = tmp31__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acbk_txoplimit, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp32__ = *pBuf; pBuf += 1; @@ -3545,22 +3923,28 @@ uint32_t dot11f_unpack_ie_edca_param_set(tpAniSirGlobal pCtx, pDst->acvi_acm = tmp32__ >> 4 & 0x1; pDst->acvi_aci = tmp32__ >> 5 & 0x3; pDst->unused3 = tmp32__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp33__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acvi_acwmin = tmp33__ >> 0 & 0xf; pDst->acvi_acwmax = tmp33__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acvi_txoplimit, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp34__ = *pBuf; pBuf += 1; @@ -3569,16 +3953,20 @@ uint32_t dot11f_unpack_ie_edca_param_set(tpAniSirGlobal pCtx, pDst->acvo_acm = tmp34__ >> 4 & 0x1; pDst->acvo_aci = tmp34__ >> 5 & 0x3; pDst->unused4 = tmp34__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp35__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acvo_acwmin = tmp35__ >> 0 & 0xf; pDst->acvo_acwmax = tmp35__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acvo_txoplimit, pBuf, 0); (void)pCtx; @@ -3600,8 +3988,10 @@ uint32_t dot11f_unpack_ie_erp_info(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp36__ = *pBuf; pDst->non_erp_present = tmp36__ >> 0 & 0x1; @@ -3652,14 +4042,18 @@ uint32_t dot11f_unpack_ie_ese_rad_mgmt_cap(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->mgmt_state = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp37__ = *pBuf; pDst->mbssid_mask = tmp37__ >> 0 & 0x7; @@ -3682,20 +4076,26 @@ uint32_t dot11f_unpack_ie_ese_traf_strm_met(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->tsid = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->state = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->msmt_interval, pBuf, 0); (void)pCtx; @@ -3716,8 +4116,10 @@ uint32_t dot11f_unpack_ie_ese_traf_strm_rate_set(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->tsid = *pBuf; pBuf += 1; @@ -3747,14 +4149,18 @@ uint32_t dot11f_unpack_ie_ese_txmit_power(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->power_limit = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->reserved = *pBuf; (void)pCtx; @@ -3775,8 +4181,10 @@ uint32_t dot11f_unpack_ie_ese_version(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; (void)pCtx; @@ -3885,26 +4293,34 @@ uint32_t dot11f_unpack_ie_fh_param_set(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->dwell_time, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->hop_set = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->hop_pattern = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->hop_index = *pBuf; (void)pCtx; @@ -3925,14 +4341,18 @@ uint32_t dot11f_unpack_ie_fh_params(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->radix = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->nchannels = *pBuf; (void)pCtx; @@ -3953,26 +4373,34 @@ uint32_t dot11f_unpack_ie_fh_patt_table(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->flag = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->nsets = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->modulus = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->offset = *pBuf; pBuf += 1; @@ -4022,28 +4450,36 @@ uint32_t dot11f_unpack_ie_ft_info(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp38__, pBuf, 0); pBuf += 2; ielen -= 2; pDst->reserved = tmp38__ >> 0 & 0xff; pDst->IECount = tmp38__ >> 8 & 0xff; - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->MIC, pBuf, 16); pBuf += 16; ielen -= (uint8_t)16; - if (unlikely(ielen < 32)) + if (unlikely(ielen < 32)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->Anonce, pBuf, 32); pBuf += 32; ielen -= (uint8_t)32; - if (unlikely(ielen < 32)) + if (unlikely(ielen < 32)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->Snonce, pBuf, 32); pBuf += 32; @@ -4079,8 +4515,10 @@ uint32_t dot11f_unpack_ie_ht_caps(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp39__, pBuf, 0); pBuf += 2; @@ -4099,8 +4537,10 @@ uint32_t dot11f_unpack_ie_ht_caps(tpAniSirGlobal pCtx, pDst->psmp = tmp39__ >> 13 & 0x1; pDst->stbcControlFrame = tmp39__ >> 14 & 0x1; pDst->lsigTXOPProtection = tmp39__ >> 15 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp40__ = *pBuf; pBuf += 1; @@ -4108,14 +4548,18 @@ uint32_t dot11f_unpack_ie_ht_caps(tpAniSirGlobal pCtx, pDst->maxRxAMPDUFactor = tmp40__ >> 0 & 0x3; pDst->mpduDensity = tmp40__ >> 2 & 0x7; pDst->reserved1 = tmp40__ >> 5 & 0x7; - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->supportedMCSSet, pBuf, 16); pBuf += 16; ielen -= (uint8_t)16; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp41__, pBuf, 0); pBuf += 2; @@ -4125,8 +4569,10 @@ uint32_t dot11f_unpack_ie_ht_caps(tpAniSirGlobal pCtx, pDst->reserved2 = tmp41__ >> 3 & 0x1f; pDst->mcsFeedback = tmp41__ >> 8 & 0x3; pDst->reserved3 = tmp41__ >> 10 & 0x3f; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &tmp42__, pBuf, 0); pBuf += 4; @@ -4147,8 +4593,10 @@ uint32_t dot11f_unpack_ie_ht_caps(tpAniSirGlobal pCtx, pDst->uncompressedSteeringMatrixBFAntennae = tmp42__ >> 21 & 0x3; pDst->compressedSteeringMatrixBFAntennae = tmp42__ >> 23 & 0x3; pDst->reserved4 = tmp42__ >> 25 & 0x7f; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp43__ = *pBuf; pBuf += 1; @@ -4189,14 +4637,18 @@ uint32_t dot11f_unpack_ie_ht_info(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->primaryChannel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp44__ = *pBuf; pBuf += 1; @@ -4206,8 +4658,10 @@ uint32_t dot11f_unpack_ie_ht_info(tpAniSirGlobal pCtx, pDst->rifsMode = tmp44__ >> 3 & 0x1; pDst->controlledAccessOnly = tmp44__ >> 4 & 0x1; pDst->serviceIntervalGranularity = tmp44__ >> 5 & 0x7; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp45__, pBuf, 0); pBuf += 2; @@ -4217,8 +4671,10 @@ uint32_t dot11f_unpack_ie_ht_info(tpAniSirGlobal pCtx, pDst->transmitBurstLimit = tmp45__ >> 3 & 0x1; pDst->obssNonHTStaPresent = tmp45__ >> 4 & 0x1; pDst->reserved = tmp45__ >> 5 & 0x7ff; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp46__, pBuf, 0); pBuf += 2; @@ -4230,8 +4686,10 @@ uint32_t dot11f_unpack_ie_ht_info(tpAniSirGlobal pCtx, pDst->pcoActive = tmp46__ >> 10 & 0x1; pDst->pcoPhase = tmp46__ >> 11 & 0x1; pDst->reserved2 = tmp46__ >> 12 & 0xf; - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->basicMCSSet, pBuf, 16); pBuf += 16; @@ -4261,8 +4719,10 @@ uint32_t dot11f_unpack_ie_ibss_params(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->atim, pBuf, 0); (void)pCtx; @@ -4283,20 +4743,26 @@ uint32_t dot11f_unpack_ie_link_identifier(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->bssid, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->InitStaAddr, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->RespStaAddr, pBuf, 6); (void)pCtx; @@ -4396,14 +4862,18 @@ uint32_t dot11f_unpack_ie_measurement_report(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->token = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp47__ = *pBuf; pBuf += 1; @@ -4412,8 +4882,10 @@ uint32_t dot11f_unpack_ie_measurement_report(tpAniSirGlobal pCtx, pDst->incapable = tmp47__ >> 1 & 0x1; pDst->refused = tmp47__ >> 2 & 0x1; pDst->unused = tmp47__ >> 3 & 0x1f; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->type = *pBuf; pBuf += 1; @@ -4423,26 +4895,34 @@ uint32_t dot11f_unpack_ie_measurement_report(tpAniSirGlobal pCtx, } else { switch (pDst->type) { case 0: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.Basic.channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohq(pCtx, &pDst->report.Basic.meas_start_time, pBuf, 0); pBuf += 8; ielen -= (uint8_t)8; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->report.Basic.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp48__ = *pBuf; pBuf += 1; @@ -4455,158 +4935,208 @@ uint32_t dot11f_unpack_ie_measurement_report(tpAniSirGlobal pCtx, pDst->report.Basic.unused = tmp48__ >> 5 & 0x7; break; case 1: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.CCA.channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohq(pCtx, &pDst->report.CCA.meas_start_time, pBuf, 0); pBuf += 8; ielen -= (uint8_t)8; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->report.CCA.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.CCA.cca_busy_fraction = *pBuf; pBuf += 1; ielen -= (uint8_t)1; break; case 2: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohq(pCtx, &pDst->report.RPIHistogram.meas_start_time, pBuf, 0); pBuf += 8; ielen -= (uint8_t)8; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->report.RPIHistogram.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi0_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi1_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi2_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi3_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi4_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi5_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi6_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.RPIHistogram.rpi7_density = *pBuf; pBuf += 1; ielen -= (uint8_t)1; break; case 5: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.Beacon.regClass = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.Beacon.channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohq(pCtx, &pDst->report.Beacon.meas_start_time, pBuf, 0); pBuf += 8; ielen -= (uint8_t)8; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->report.Beacon.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp49__ = *pBuf; pBuf += 1; ielen -= 1; pDst->report.Beacon.condensed_PHY = tmp49__ >> 0 & 0x7f; pDst->report.Beacon.reported_frame_type = tmp49__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.Beacon.RCPI = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.Beacon.RSNI = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->report.Beacon.BSSID, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->report.Beacon.antenna_id = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->report.Beacon.parent_TSF, pBuf, 0); pBuf += 4; @@ -4710,14 +5240,18 @@ uint32_t dot11f_unpack_ie_measurement_request(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_token = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp50__ = *pBuf; pBuf += 1; @@ -4728,106 +5262,138 @@ uint32_t dot11f_unpack_ie_measurement_request(tpAniSirGlobal pCtx, pDst->report = tmp50__ >> 3 & 0x1; pDst->durationMandatory = tmp50__ >> 4 & 0x1; pDst->unused = tmp50__ >> 5 & 0x7; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_type = *pBuf; pBuf += 1; ielen -= (uint8_t)1; switch (pDst->measurement_type) { case 0: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.Basic.channel_no = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->measurement_request.Basic.meas_start_time, pBuf, 8); pBuf += 8; ielen -= (uint8_t)8; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->measurement_request.Basic.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; break; case 1: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.CCA.channel_no = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->measurement_request.CCA.meas_start_time, pBuf, 8); pBuf += 8; ielen -= (uint8_t)8; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->measurement_request.CCA.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; break; case 2: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.RPIHistogram.channel_no = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->measurement_request.RPIHistogram.meas_start_time, pBuf, 8); pBuf += 8; ielen -= (uint8_t)8; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->measurement_request.RPIHistogram.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; break; case 5: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.Beacon.regClass = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.Beacon.channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->measurement_request.Beacon.randomization, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->measurement_request.Beacon.meas_duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.Beacon.meas_mode = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->measurement_request.Beacon.BSSID, pBuf, 6); pBuf += 6; @@ -4841,8 +5407,10 @@ uint32_t dot11f_unpack_ie_measurement_request(tpAniSirGlobal pCtx, sizeof(*pDst), append_ie); break; case 8: - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.lci.loc_subject = *pBuf; pBuf += 1; @@ -4856,14 +5424,18 @@ uint32_t dot11f_unpack_ie_measurement_request(tpAniSirGlobal pCtx, sizeof(*pDst), append_ie); break; case 16: - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->measurement_request.ftmrr.random_interval, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->measurement_request.ftmrr.min_ap_count = *pBuf; pBuf += 1; @@ -4896,14 +5468,18 @@ uint32_t dot11f_unpack_ie_mobility_domain(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->MDID, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp51__ = *pBuf; pDst->overDSCap = tmp51__ >> 0 & 0x1; @@ -4956,14 +5532,18 @@ uint32_t dot11f_unpack_ie_neighbor_report(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->bssid, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp52__ = *pBuf; pBuf += 1; @@ -4975,8 +5555,10 @@ uint32_t dot11f_unpack_ie_neighbor_report(tpAniSirGlobal pCtx, pDst->QosCap = tmp52__ >> 5 & 0x1; pDst->apsd = tmp52__ >> 6 & 0x1; pDst->rrm = tmp52__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp53__ = *pBuf; pBuf += 1; @@ -4985,26 +5567,34 @@ uint32_t dot11f_unpack_ie_neighbor_report(tpAniSirGlobal pCtx, pDst->ImmBA = tmp53__ >> 1 & 0x1; pDst->MobilityDomain = tmp53__ >> 2 & 0x1; pDst->reserved = tmp53__ >> 3 & 0x1f; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->reserved1, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->regulatoryClass = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->PhyType = *pBuf; pBuf += 1; @@ -5035,44 +5625,58 @@ uint32_t dot11f_unpack_ie_obss_scan_parameters(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->obssScanPassiveDwell, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->obssScanActiveDwell, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->bssChannelWidthTriggerScanInterval, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->obssScanPassiveTotalPerChannel, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->obssScanActiveTotalPerChannel, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->bssWidthChannelTransitionDelayFactor, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->obssScanActivityThreshold, pBuf, 0); (void)pCtx; @@ -5094,8 +5698,10 @@ uint32_t dot11f_unpack_ie_operating_mode(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp54__ = *pBuf; pDst->chanWidth = tmp54__ >> 0 & 0x3; @@ -5410,14 +6016,18 @@ uint32_t dot11f_unpack_ie_pti_control(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->tid = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->sequence_control, pBuf, 0); (void)pCtx; @@ -5439,8 +6049,10 @@ uint32_t dot11f_unpack_ie_pu_buffer_status(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp55__ = *pBuf; pDst->ac_bk_traffic_aval = tmp55__ >> 0 & 0x1; @@ -5466,14 +6078,18 @@ uint32_t dot11f_unpack_ie_power_caps(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->minTxPower = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->maxTxPower = *pBuf; (void)pCtx; @@ -5494,8 +6110,10 @@ uint32_t dot11f_unpack_ie_power_constraints(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->localPowerConstraints = *pBuf; (void)pCtx; @@ -5516,20 +6134,26 @@ uint32_t dot11f_unpack_ie_qbss_load(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->stacount, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->chautil = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->avail, pBuf, 0); (void)pCtx; @@ -5550,8 +6174,10 @@ uint32_t dot11f_unpack_ie_QCN_IE(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->version, pBuf, 4); (void)pCtx; @@ -5572,14 +6198,18 @@ uint32_t dot11f_unpack_ie_QComVendorIE(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->type = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->channel = *pBuf; (void)pCtx; @@ -5601,8 +6231,10 @@ uint32_t dot11f_unpack_ie_qos_caps_ap(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp56__ = *pBuf; pDst->count = tmp56__ >> 0 & 0xf; @@ -5629,8 +6261,10 @@ uint32_t dot11f_unpack_ie_qos_caps_station(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp57__ = *pBuf; pDst->acvo_uapsd = tmp57__ >> 0 & 0x1; @@ -5683,26 +6317,34 @@ uint32_t dot11f_unpack_ie_quiet(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->count = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->period = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->duration, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->offset, pBuf, 0); (void)pCtx; @@ -5723,8 +6365,10 @@ uint32_t dot11f_unpack_ie_rcpiie(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->rcpi = *pBuf; (void)pCtx; @@ -5818,13 +6462,16 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx, { uint32_t status = DOT11F_PARSE_SUCCESS; uint8_t def_cipher_suite[4] = {0x00, 0x0f, 0xac, 0x04}; + uint8_t def_akm_suite[4] = {0x00, 0x0f, 0xac, 0x01}; (void) pBuf; (void)ielen; /* Shutup the compiler */ if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->version, pBuf, 0); pBuf += 2; @@ -5833,40 +6480,53 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 4)) - return DOT11F_INCOMPLETE_IE; - - if (ielen < 4) { - pDst->present = 0; - return DOT11F_SKIPPED_BAD_IE; - } - - DOT11F_MEMCPY(pCtx, pDst->gp_cipher_suite, pBuf, 4); - pBuf += 4; - ielen -= (uint8_t)4; if (!ielen) { + pDst->RSN_Cap_present = 0U; pDst->gp_mgmt_cipher_suite_present = 0U; + pDst->gp_cipher_suite_present = 1; + DOT11F_MEMCPY(pCtx, pDst->gp_cipher_suite, def_cipher_suite, 4); pDst->pwise_cipher_suite_count = 1; DOT11F_MEMCPY(pCtx, pDst->pwise_cipher_suites, def_cipher_suite, 4); - pDst->akm_suite_count = 0U; + pDst->akm_suite_cnt = 1; + DOT11F_MEMCPY(pCtx, pDst->akm_suite, def_akm_suite, 4); pDst->pmkid_count = 0U; return 0U; } else { - if (unlikely(ielen < 2)) + pDst->gp_cipher_suite_present = 1; + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } - if (ielen < 2) { + DOT11F_MEMCPY(pCtx, pDst->gp_cipher_suite, pBuf, 4); + pBuf += 4; + ielen -= (uint8_t)4; + } + if (!ielen) { + pDst->RSN_Cap_present = 0U; + pDst->gp_mgmt_cipher_suite_present = 0U; + pDst->pwise_cipher_suite_count = 1; + DOT11F_MEMCPY(pCtx, + pDst->pwise_cipher_suites, def_cipher_suite, 4); + pDst->akm_suite_cnt = 1; + DOT11F_MEMCPY(pCtx, pDst->akm_suite, def_akm_suite, 4); + pDst->pmkid_count = 0U; + return 0U; + } else { + if (unlikely(ielen < 2)) { pDst->present = 0; - return DOT11F_SKIPPED_BAD_IE; + return DOT11F_INCOMPLETE_IE; } framesntohs(pCtx, &pDst->pwise_cipher_suite_count, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; } - if (unlikely(ielen < pDst->pwise_cipher_suite_count * 4)) + if (unlikely(ielen < pDst->pwise_cipher_suite_count * 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } if (!pDst->pwise_cipher_suite_count || pDst->pwise_cipher_suite_count > 6) { @@ -5874,48 +6534,50 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx, return DOT11F_SKIPPED_BAD_IE; } - if (ielen < pDst->pwise_cipher_suite_count * 4) { - pDst->present = 0; - return DOT11F_SKIPPED_BAD_IE; - } - DOT11F_MEMCPY(pCtx, pDst->pwise_cipher_suites, pBuf, (pDst->pwise_cipher_suite_count * 4)); pBuf += (pDst->pwise_cipher_suite_count * 4); ielen -= (pDst->pwise_cipher_suite_count * 4); if (!ielen) { - pDst->akm_suite_count = 0U; + pDst->RSN_Cap_present = 0U; + pDst->gp_mgmt_cipher_suite_present = 0U; + pDst->akm_suite_cnt = 1; + DOT11F_MEMCPY(pCtx, pDst->akm_suite, def_akm_suite, 4); pDst->pmkid_count = 0U; return 0U; } else { - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } - framesntohs(pCtx, &pDst->akm_suite_count, pBuf, 0); + framesntohs(pCtx, &pDst->akm_suite_cnt, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; } - if (unlikely(ielen < pDst->akm_suite_count * 4)) + if (unlikely(ielen < pDst->akm_suite_cnt * 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } - if (pDst->akm_suite_count > 6) { + if (!pDst->akm_suite_cnt || + pDst->akm_suite_cnt > 6) { pDst->present = 0; return DOT11F_SKIPPED_BAD_IE; } - DOT11F_MEMCPY(pCtx, pDst->akm_suites, pBuf, (pDst->akm_suite_count * 4)); - pBuf += (pDst->akm_suite_count * 4); - ielen -= (pDst->akm_suite_count * 4); + DOT11F_MEMCPY(pCtx, pDst->akm_suite, pBuf, (pDst->akm_suite_cnt * 4)); + pBuf += (pDst->akm_suite_cnt * 4); + ielen -= (pDst->akm_suite_cnt * 4); if (!ielen) { + pDst->RSN_Cap_present = 0U; pDst->gp_mgmt_cipher_suite_present = 0U; pDst->pmkid_count = 0U; return 0U; } else { - if (unlikely(ielen < 2)) - return DOT11F_INCOMPLETE_IE; - - if (ielen < 2) { + pDst->RSN_Cap_present = 1; + if (unlikely(ielen < 2)) { pDst->present = 0; - return DOT11F_SKIPPED_BAD_IE; + return DOT11F_INCOMPLETE_IE; } DOT11F_MEMCPY(pCtx, pDst->RSN_Cap, pBuf, 2); @@ -5923,31 +6585,26 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx, ielen -= (uint8_t)2; } if (!ielen) { + pDst->RSN_Cap_present = 0U; pDst->gp_mgmt_cipher_suite_present = 0U; pDst->pmkid_count = 0U; return 0U; } else { - if (unlikely(ielen < 2)) - return DOT11F_INCOMPLETE_IE; - - if (ielen < 2) { + if (unlikely(ielen < 2)) { pDst->present = 0; - return DOT11F_SKIPPED_BAD_IE; + return DOT11F_INCOMPLETE_IE; } framesntohs(pCtx, &pDst->pmkid_count, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; } - if (unlikely(ielen < pDst->pmkid_count * 16)) - return DOT11F_INCOMPLETE_IE; - - if (pDst->pmkid_count > 4) { + if (unlikely(ielen < pDst->pmkid_count * 16)) { pDst->present = 0; - return DOT11F_SKIPPED_BAD_IE; + return DOT11F_INCOMPLETE_IE; } - if (ielen < pDst->pmkid_count * 16) { + if (pDst->pmkid_count > 4) { pDst->present = 0; return DOT11F_SKIPPED_BAD_IE; } @@ -5959,12 +6616,9 @@ uint32_t dot11f_unpack_ie_rsn(tpAniSirGlobal pCtx, return 0U; } else { pDst->gp_mgmt_cipher_suite_present = 1; - if (unlikely(ielen < 4)) - return DOT11F_INCOMPLETE_IE; - - if (ielen < 4) { + if (unlikely(ielen < 4)) { pDst->present = 0; - return DOT11F_SKIPPED_BAD_IE; + return DOT11F_INCOMPLETE_IE; } DOT11F_MEMCPY(pCtx, pDst->gp_mgmt_cipher_suite, pBuf, 4); @@ -5987,8 +6641,10 @@ uint32_t dot11f_unpack_ie_rsniie(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->rsni = *pBuf; (void)pCtx; @@ -6117,20 +6773,26 @@ uint32_t dot11f_unpack_ie_tim(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->dtim_count = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->dtim_period = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->bmpctl = *pBuf; pBuf += 1; @@ -6160,14 +6822,18 @@ uint32_t dot11f_unpack_ie_tpc_report(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->tx_power = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->link_margin = *pBuf; (void)pCtx; @@ -6206,20 +6872,26 @@ uint32_t dot11f_unpack_ie_time_advertisement(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->timing_capabilities = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 10)) + if (unlikely(ielen < 10)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->time_value, pBuf, 10); pBuf += 10; ielen -= (uint8_t)10; - if (unlikely(ielen < 5)) + if (unlikely(ielen < 5)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->time_error, pBuf, 5); (void)pCtx; @@ -6240,14 +6912,18 @@ uint32_t dot11f_unpack_ie_timeout_interval(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->timeoutType = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohl(pCtx, &pDst->timeoutValue, pBuf, 0); (void)pCtx; @@ -6268,32 +6944,42 @@ uint32_t dot11f_unpack_ie_vht_ext_bss_load(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->muMIMOCapStaCount = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->ssUnderUtil = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->FortyMHzUtil = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->EightyMHzUtil = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->OneSixtyMHzUtil = *pBuf; (void)pCtx; @@ -6351,8 +7037,10 @@ uint32_t dot11f_unpack_ie_wapi(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->version, pBuf, 0); pBuf += 2; @@ -6361,14 +7049,18 @@ uint32_t dot11f_unpack_ie_wapi(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->akm_suite_count, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < pDst->akm_suite_count * 4)) + if (unlikely(ielen < pDst->akm_suite_count * 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } if (pDst->akm_suite_count > 4) { pDst->present = 0; @@ -6378,14 +7070,18 @@ uint32_t dot11f_unpack_ie_wapi(tpAniSirGlobal pCtx, DOT11F_MEMCPY(pCtx, pDst->akm_suites, pBuf, (pDst->akm_suite_count * 4)); pBuf += (pDst->akm_suite_count * 4); ielen -= (pDst->akm_suite_count * 4); - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->unicast_cipher_suite_count, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < pDst->unicast_cipher_suite_count * 4)) + if (unlikely(ielen < pDst->unicast_cipher_suite_count * 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } if (pDst->unicast_cipher_suite_count > 4) { pDst->present = 0; @@ -6395,14 +7091,18 @@ uint32_t dot11f_unpack_ie_wapi(tpAniSirGlobal pCtx, DOT11F_MEMCPY(pCtx, pDst->unicast_cipher_suites, pBuf, (pDst->unicast_cipher_suite_count * 4)); pBuf += (pDst->unicast_cipher_suite_count * 4); ielen -= (pDst->unicast_cipher_suite_count * 4); - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->multicast_cipher_suite, pBuf, 4); pBuf += 4; ielen -= (uint8_t)4; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp58__, pBuf, 0); pBuf += 2; @@ -6413,15 +7113,19 @@ uint32_t dot11f_unpack_ie_wapi(tpAniSirGlobal pCtx, pDst->bkid_count = 0U; return 0U; } else { - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->bkid_count, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; } - if (unlikely(ielen < pDst->bkid_count * 16)) + if (unlikely(ielen < pDst->bkid_count * 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } if (pDst->bkid_count > 4) { pDst->present = 0; @@ -6472,14 +7176,18 @@ uint32_t dot11f_unpack_ie_wfatpc(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->txPower = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->linkMargin = *pBuf; (void)pCtx; @@ -6526,8 +7234,10 @@ uint32_t dot11f_unpack_ie_wmm_caps(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; @@ -6536,8 +7246,10 @@ uint32_t dot11f_unpack_ie_wmm_caps(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp59__ = *pBuf; pDst->reserved = tmp59__ >> 0 & 0xf; @@ -6564,14 +7276,18 @@ uint32_t dot11f_unpack_ie_wmm_info_ap(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp60__ = *pBuf; pDst->param_set_count = tmp60__ >> 0 & 0xf; @@ -6596,14 +7312,18 @@ uint32_t dot11f_unpack_ie_wmm_info_station(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp61__ = *pBuf; pDst->acvo_uapsd = tmp61__ >> 0 & 0x1; @@ -6639,8 +7359,10 @@ uint32_t dot11f_unpack_ie_wmm_params(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->version = *pBuf; pBuf += 1; @@ -6649,20 +7371,26 @@ uint32_t dot11f_unpack_ie_wmm_params(tpAniSirGlobal pCtx, pDst->present = 0; return status | DOT11F_BAD_FIXED_VALUE; } - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->qosInfo = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->reserved2 = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp62__ = *pBuf; pBuf += 1; @@ -6671,22 +7399,28 @@ uint32_t dot11f_unpack_ie_wmm_params(tpAniSirGlobal pCtx, pDst->acbe_acm = tmp62__ >> 4 & 0x1; pDst->acbe_aci = tmp62__ >> 5 & 0x3; pDst->unused1 = tmp62__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp63__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acbe_acwmin = tmp63__ >> 0 & 0xf; pDst->acbe_acwmax = tmp63__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acbe_txoplimit, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp64__ = *pBuf; pBuf += 1; @@ -6695,22 +7429,28 @@ uint32_t dot11f_unpack_ie_wmm_params(tpAniSirGlobal pCtx, pDst->acbk_acm = tmp64__ >> 4 & 0x1; pDst->acbk_aci = tmp64__ >> 5 & 0x3; pDst->unused2 = tmp64__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp65__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acbk_acwmin = tmp65__ >> 0 & 0xf; pDst->acbk_acwmax = tmp65__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acbk_txoplimit, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp66__ = *pBuf; pBuf += 1; @@ -6719,22 +7459,28 @@ uint32_t dot11f_unpack_ie_wmm_params(tpAniSirGlobal pCtx, pDst->acvi_acm = tmp66__ >> 4 & 0x1; pDst->acvi_aci = tmp66__ >> 5 & 0x3; pDst->unused3 = tmp66__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp67__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acvi_acwmin = tmp67__ >> 0 & 0xf; pDst->acvi_acwmax = tmp67__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acvi_txoplimit, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp68__ = *pBuf; pBuf += 1; @@ -6743,16 +7489,20 @@ uint32_t dot11f_unpack_ie_wmm_params(tpAniSirGlobal pCtx, pDst->acvo_acm = tmp68__ >> 4 & 0x1; pDst->acvo_aci = tmp68__ >> 5 & 0x3; pDst->unused4 = tmp68__ >> 7 & 0x1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp69__ = *pBuf; pBuf += 1; ielen -= 1; pDst->acvo_acwmin = tmp69__ >> 0 & 0xf; pDst->acvo_acwmax = tmp69__ >> 4 & 0xf; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->acvo_txoplimit, pBuf, 0); (void)pCtx; @@ -6773,8 +7523,10 @@ uint32_t dot11f_unpack_ie_wpa(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->version, pBuf, 0); pBuf += 2; @@ -6790,8 +7542,10 @@ uint32_t dot11f_unpack_ie_wpa(tpAniSirGlobal pCtx, return 0U; } else { pDst->multicast_cipher_present = 1U; - if (unlikely(ielen < 4)) + if (unlikely(ielen < 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->multicast_cipher, pBuf, 4); pBuf += 4; @@ -6802,15 +7556,19 @@ uint32_t dot11f_unpack_ie_wpa(tpAniSirGlobal pCtx, pDst->auth_suite_count = 0U; return 0U; } else { - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->unicast_cipher_count, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; } - if (unlikely(ielen < pDst->unicast_cipher_count * 4)) + if (unlikely(ielen < pDst->unicast_cipher_count * 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } if (pDst->unicast_cipher_count > 4) { pDst->present = 0; @@ -6824,15 +7582,19 @@ uint32_t dot11f_unpack_ie_wpa(tpAniSirGlobal pCtx, pDst->auth_suite_count = 0U; return 0U; } else { - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->auth_suite_count, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; } - if (unlikely(ielen < pDst->auth_suite_count * 4)) + if (unlikely(ielen < pDst->auth_suite_count * 4)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } if (pDst->auth_suite_count > 4) { pDst->present = 0; @@ -6845,8 +7607,10 @@ uint32_t dot11f_unpack_ie_wpa(tpAniSirGlobal pCtx, if (!ielen) { return 0U; } else { - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->caps, pBuf, 0); } @@ -7387,26 +8151,34 @@ uint32_t dot11f_unpack_ie_ext_chan_switch_ann(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->switch_mode = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->new_reg_class = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->new_channel = *pBuf; pBuf += 1; ielen -= (uint8_t)1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->switch_count = *pBuf; (void)pCtx; @@ -7427,8 +8199,10 @@ uint32_t dot11f_unpack_ie_fils_assoc_delay_info(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->assoc_delay_info = *pBuf; (void)pCtx; @@ -7449,14 +8223,18 @@ uint32_t dot11f_unpack_ie_fils_hlp_container(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->dest_mac, pBuf, 6); pBuf += 6; ielen -= (uint8_t)6; - if (unlikely(ielen < 6)) + if (unlikely(ielen < 6)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->src_mac, pBuf, 6); pBuf += 6; @@ -7482,8 +8260,10 @@ uint32_t dot11f_unpack_ie_fils_indication(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &tmp70__, pBuf, 0); pBuf += 2; @@ -7517,8 +8297,10 @@ uint32_t dot11f_unpack_ie_fils_kde(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->key_rsc, pBuf, 8); pBuf += 8; @@ -7563,8 +8345,10 @@ uint32_t dot11f_unpack_ie_fils_nonce(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 16)) + if (unlikely(ielen < 16)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->nonce, pBuf, 16); (void)pCtx; @@ -7585,8 +8369,10 @@ uint32_t dot11f_unpack_ie_fils_public_key(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->key_type = *pBuf; pBuf += 1; @@ -7611,8 +8397,10 @@ uint32_t dot11f_unpack_ie_fils_session(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 8)) + if (unlikely(ielen < 8)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } DOT11F_MEMCPY(pCtx, pDst->session, pBuf, 8); (void)pCtx; @@ -7674,8 +8462,10 @@ uint32_t dot11f_unpack_ie_hs20vendor_ie(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp71__ = *pBuf; pBuf += 1; @@ -7689,16 +8479,20 @@ uint32_t dot11f_unpack_ie_hs20vendor_ie(tpAniSirGlobal pCtx, } else { switch (pDst->hs_id_present) { case 1: - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->hs_id.pps_mo.pps_mo_id, pBuf, 0); pBuf += 2; ielen -= (uint8_t)2; break; case 2: - if (unlikely(ielen < 2)) + if (unlikely(ielen < 2)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } framesntohs(pCtx, &pDst->hs_id.anqp_domain.anqp_domain_id, pBuf, 0); pBuf += 2; @@ -7725,8 +8519,10 @@ uint32_t dot11f_unpack_ie_ht2040_bss_coexistence(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } tmp72__ = *pBuf; pDst->info_request = tmp72__ >> 0 & 0x1; @@ -7753,8 +8549,10 @@ uint32_t dot11f_unpack_ie_ht2040_bss_intolerant_report(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->operating_class = *pBuf; pBuf += 1; @@ -7804,8 +8602,10 @@ uint32_t dot11f_unpack_ie_sec_chan_offset_ele(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->secondaryChannelOffset = *pBuf; (void)pCtx; @@ -7841,8 +8641,10 @@ uint32_t dot11f_unpack_ie_vendor_vht_ie(tpAniSirGlobal pCtx, if (pDst->present) status = DOT11F_DUPLICATE_IE; pDst->present = 1; - if (unlikely(ielen < 1)) + if (unlikely(ielen < 1)) { + pDst->present = 0; return DOT11F_INCOMPLETE_IE; + } pDst->sub_type = *pBuf; pBuf += 1; @@ -8017,7 +8819,7 @@ static const tIEDefn IES_AssocRequest[] = { 0, 3, 3, SigIeQOSCapsStation, {0, 0, 0, 0, 0}, 0, DOT11F_EID_QOSCAPSSTATION, 0, 0, }, { offsetof(tDot11fAssocRequest, RSNOpaque), offsetof(tDot11fIERSNOpaque, - present), 0, "RSNOpaque", 0, 8, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, + present), 0, "RSNOpaque", 0, 2, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSNOPAQUE, 0, 0, }, { offsetof(tDot11fAssocRequest, ExtSuppRates), offsetof(tDot11fIEExtSuppRates, present), 0, "ExtSuppRates", @@ -8305,7 +9107,7 @@ static const tIEDefn IES_Authentication[] = { 0, DOT11F_EID_CHALLENGETEXT, 0, 0, }, { offsetof(tDot11fAuthentication, RSNOpaque), offsetof(tDot11fIERSNOpaque, present), 0, "RSNOpaque", - 0, 8, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, + 0, 2, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSNOPAQUE, 0, 0, }, { offsetof(tDot11fAuthentication, MobilityDomain), offsetof(tDot11fIEMobilityDomain, present), 0, "MobilityDomain", @@ -8424,7 +9226,7 @@ static const tIEDefn IES_Beacon[] = { present), 0, "ExtSuppRates", 0, 3, 14, SigIeExtSuppRates, {0, 0, 0, 0, 0}, 0, DOT11F_EID_EXTSUPPRATES, 0, 0, }, { offsetof(tDot11fBeacon, RSN), offsetof(tDot11fIERSN, present), 0, "RSN", - 0, 8, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, + 0, 4, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, { offsetof(tDot11fBeacon, QBSSLoad), offsetof(tDot11fIEQBSSLoad, present), 0, "QBSSLoad", 0, 7, 7, SigIeQBSSLoad, {0, 0, 0, 0, 0}, 0, DOT11F_EID_QBSSLOAD, 0, 0, }, @@ -8644,7 +9446,7 @@ static const tIEDefn IES_Beacon2[] = { present), 0, "ExtSuppRates", 0, 3, 14, SigIeExtSuppRates, {0, 0, 0, 0, 0}, 0, DOT11F_EID_EXTSUPPRATES, 0, 0, }, { offsetof(tDot11fBeacon2, RSNOpaque), offsetof(tDot11fIERSNOpaque, - present), 0, "RSNOpaque", 0, 8, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, + present), 0, "RSNOpaque", 0, 2, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSNOPAQUE, 0, 0, }, { offsetof(tDot11fBeacon2, EDCAParamSet), offsetof(tDot11fIEEDCAParamSet, present), 0, "EDCAParamSet", 0, 20, 20, SigIeEDCAParamSet, {0, 0, 0, 0, 0}, @@ -8843,7 +9645,7 @@ static const tIEDefn IES_BeaconIEs[] = { 0, 3, 14, SigIeExtSuppRates, {0, 0, 0, 0, 0}, 0, DOT11F_EID_EXTSUPPRATES, 0, 0, }, { offsetof(tDot11fBeaconIEs, RSN), offsetof(tDot11fIERSN, present), 0, - "RSN", 0, 8, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, + "RSN", 0, 4, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, { offsetof(tDot11fBeaconIEs, QBSSLoad), offsetof(tDot11fIEQBSSLoad, present), 0, "QBSSLoad", 0, 7, 7, SigIeQBSSLoad, {0, 0, 0, 0, 0}, 0, DOT11F_EID_QBSSLOAD, 0, 0, }, @@ -9480,7 +10282,7 @@ static const tIEDefn IES_ProbeResponse[] = { 0, 3, 14, SigIeExtSuppRates, {0, 0, 0, 0, 0}, 0, DOT11F_EID_EXTSUPPRATES, 0, 0, }, { offsetof(tDot11fProbeResponse, RSNOpaque), offsetof(tDot11fIERSNOpaque, - present), 0, "RSNOpaque", 0, 8, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, + present), 0, "RSNOpaque", 0, 2, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSNOPAQUE, 0, 0, }, { offsetof(tDot11fProbeResponse, QBSSLoad), offsetof(tDot11fIEQBSSLoad, present), 0, "QBSSLoad", 0, 7, 7, SigIeQBSSLoad, {0, 0, 0, 0, 0}, @@ -9751,7 +10553,7 @@ static const tIEDefn IES_ReAssocRequest[] = { 0, DOT11F_EID_SUPPCHANNELS, 0, 0, }, { offsetof(tDot11fReAssocRequest, RSNOpaque), offsetof(tDot11fIERSNOpaque, present), 0, "RSNOpaque", - 0, 8, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, + 0, 2, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSNOPAQUE, 0, 0, }, { offsetof(tDot11fReAssocRequest, QOSCapsStation), offsetof(tDot11fIEQOSCapsStation, present), 0, "QOSCapsStation", @@ -9900,7 +10702,7 @@ static const tIEDefn IES_ReAssocResponse[] = { 0, DOT11F_EID_RRMENABLEDCAP, 0, 0, }, { offsetof(tDot11fReAssocResponse, RSNOpaque), offsetof(tDot11fIERSNOpaque, present), 0, "RSNOpaque", - 0, 8, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, + 0, 2, 255, SigIeRSNOpaque, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSNOPAQUE, 0, 0, }, { offsetof(tDot11fReAssocResponse, MobilityDomain), offsetof(tDot11fIEMobilityDomain, present), 0, "MobilityDomain", @@ -10146,7 +10948,7 @@ static const tIEDefn IES_TDLSDisRsp[] = { "SuppOperatingClasses", 0, 3, 34, SigIeSuppOperatingClasses, {0, 0, 0, 0, 0}, 0, DOT11F_EID_SUPPOPERATINGCLASSES, 0, 0, }, { offsetof(tDot11fTDLSDisRsp, RSN), offsetof(tDot11fIERSN, present), 0, - "RSN", 0, 8, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, + "RSN", 0, 4, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, { offsetof(tDot11fTDLSDisRsp, ExtCap), offsetof(tDot11fIEExtCap, present), 0, "ExtCap", 0, 3, 17, SigIeExtCap, {0, 0, 0, 0, 0}, 0, DOT11F_EID_EXTCAP, 0, 0, }, @@ -10277,7 +11079,7 @@ static const tFFDefn FFS_TDLSSetupCnf[] = { static const tIEDefn IES_TDLSSetupCnf[] = { { offsetof(tDot11fTDLSSetupCnf, RSN), offsetof(tDot11fIERSN, present), 0, - "RSN", 0, 8, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, + "RSN", 0, 4, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, { offsetof(tDot11fTDLSSetupCnf, EDCAParamSet), offsetof(tDot11fIEEDCAParamSet, present), 0, "EDCAParamSet", 0, 20, 20, SigIeEDCAParamSet, {0, 0, 0, 0, 0}, @@ -10352,7 +11154,7 @@ static const tIEDefn IES_TDLSSetupReq[] = { 0, 4, 98, SigIeSuppChannels, {0, 0, 0, 0, 0}, 0, DOT11F_EID_SUPPCHANNELS, 0, 0, }, { offsetof(tDot11fTDLSSetupReq, RSN), offsetof(tDot11fIERSN, present), 0, - "RSN", 0, 8, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, + "RSN", 0, 4, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, { offsetof(tDot11fTDLSSetupReq, ExtCap), offsetof(tDot11fIEExtCap, present), 0, "ExtCap", 0, 3, 17, SigIeExtCap, {0, 0, 0, 0, 0}, 0, DOT11F_EID_EXTCAP, 0, 0, }, @@ -10441,7 +11243,7 @@ static const tIEDefn IES_TDLSSetupRsp[] = { 0, 4, 98, SigIeSuppChannels, {0, 0, 0, 0, 0}, 0, DOT11F_EID_SUPPCHANNELS, 0, 0, }, { offsetof(tDot11fTDLSSetupRsp, RSN), offsetof(tDot11fIERSN, present), 0, - "RSN", 0, 8, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, + "RSN", 0, 4, 132, SigIeRSN, {0, 0, 0, 0, 0}, 0, DOT11F_EID_RSN, 0, 0, }, { offsetof(tDot11fTDLSSetupRsp, ExtCap), offsetof(tDot11fIEExtCap, present), 0, "ExtCap", 0, 3, 17, SigIeExtCap, {0, 0, 0, 0, 0}, 0, DOT11F_EID_EXTCAP, 0, 0, }, @@ -12103,7 +12905,7 @@ static uint32_t unpack_core(tpAniSirGlobal pCtx, append_ie); break; case SigIeRICDataDesc: - /* reset the pointers back since this is a container IE and it doesnt have its own EID and Len. */ + /* reset the pointers back since this is a container IE and it doesn't have its own EID and Len. */ pBufRemaining -= 2; nBufRemaining += 2; if (pIe && pIe->noui) { @@ -13677,20 +14479,30 @@ uint32_t dot11f_get_packed_iersn(tpAniSirGlobal pCtx, (void)pCtx; while (pIe->present) { *pnNeeded += 2; - *pnNeeded += 4; + if (pIe->gp_cipher_suite_present) { + + *pnNeeded += 4; + } else { + break; + } if (pIe->pwise_cipher_suite_count) { *pnNeeded += 2; } else { break; } *pnNeeded += (pIe->pwise_cipher_suite_count * 4); - if (pIe->akm_suite_count) { + if (pIe->akm_suite_cnt) { *pnNeeded += 2; } else { break; } - *pnNeeded += (pIe->akm_suite_count * 4); + *pnNeeded += (pIe->akm_suite_cnt * 4); + if (pIe->RSN_Cap_present) { + *pnNeeded += 2; + } else { + break; + } if (pIe->pmkid_count) { *pnNeeded += 2; } else { @@ -15112,7 +15924,7 @@ static uint32_t get_packed_size_core(tpAniSirGlobal pCtx, break; case SigIeRICDataDesc: offset = sizeof(tDot11fIERICDataDesc); - pnNeeded -= 2 ; /* Subtract the length and Oui as this is our container IE to group Ies and it doesnt have its own length and OUI. */ + pnNeeded -= 2 ; /* Subtract the length and Oui as this is our container IE to group Ies and it doesn't have its own length and OUI. */ status |= dot11f_get_packed_ieric_data_desc( pCtx, (tDot11fIERICDataDesc *) @@ -21965,9 +22777,13 @@ uint32_t dot11f_pack_ie_rsn(tpAniSirGlobal pCtx, frameshtons(pCtx, pBuf, pSrc->version, 0); *pnConsumed += 2; pBuf += 2; - DOT11F_MEMCPY(pCtx, pBuf, pSrc->gp_cipher_suite, 4); - *pnConsumed += 4; - pBuf += 4; + if (pSrc->gp_cipher_suite_present) { + DOT11F_MEMCPY(pCtx, pBuf, pSrc->gp_cipher_suite, 4); + *pnConsumed += 4; + pBuf += 4; + } else { + break; + } if (pSrc->pwise_cipher_suite_count) { frameshtons(pCtx, pBuf, pSrc->pwise_cipher_suite_count, 0); *pnConsumed += 2; @@ -21978,17 +22794,23 @@ uint32_t dot11f_pack_ie_rsn(tpAniSirGlobal pCtx, DOT11F_MEMCPY(pCtx, pBuf, &(pSrc->pwise_cipher_suites), (pSrc->pwise_cipher_suite_count * 4)); *pnConsumed += (pSrc->pwise_cipher_suite_count * 4); pBuf += (pSrc->pwise_cipher_suite_count * 4); - if (pSrc->akm_suite_count) { - frameshtons(pCtx, pBuf, pSrc->akm_suite_count, 0); + if (pSrc->akm_suite_cnt) { + frameshtons(pCtx, pBuf, pSrc->akm_suite_cnt, 0); + *pnConsumed += 2; + pBuf += 2; + } else { + break; + } + DOT11F_MEMCPY(pCtx, pBuf, &(pSrc->akm_suite), (pSrc->akm_suite_cnt * 4)); + *pnConsumed += (pSrc->akm_suite_cnt * 4); + pBuf += (pSrc->akm_suite_cnt * 4); + if (pSrc->RSN_Cap_present) { + DOT11F_MEMCPY(pCtx, pBuf, pSrc->RSN_Cap, 2); *pnConsumed += 2; pBuf += 2; } else { break; } - DOT11F_MEMCPY(pCtx, pBuf, &(pSrc->akm_suites), (pSrc->akm_suite_count * 4)); - *pnConsumed += (pSrc->akm_suite_count * 4); - pBuf += (pSrc->akm_suite_count * 4); - if (pSrc->pmkid_count) { frameshtons(pCtx, pBuf, pSrc->pmkid_count, 0); *pnConsumed += 2; diff --git a/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/parser_api.c b/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/parser_api.c index a3316bc7cd82..05005cb773bc 100644 --- a/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/parser_api.c +++ b/drivers/staging/qcacld-3.0/core/mac/src/sys/legacy/src/utils/src/parser_api.c @@ -1500,7 +1500,7 @@ populate_dot11f_rsn(tpAniSirGlobal pMac, status = dot11f_unpack_ie_rsn(pMac, pRsnIe->rsnIEdata + idx + 2, /* EID, length */ pRsnIe->rsnIEdata[idx + 1], pDot11f, false); - if (DOT11F_FAILED(status)) { + if (!DOT11F_SUCCEEDED(status)) { pe_err("Parse failure in Populate Dot11fRSN (0x%08x)", status); return eSIR_FAILURE; @@ -1806,7 +1806,8 @@ tSirRetStatus populate_dot11f_tpc_report(tpAniSirGlobal pMac, tDot11fIETPCReport *pDot11f, tpPESession psessionEntry) { - uint16_t staid, txPower; + uint16_t staid; + uint8_t tx_power; tSirRetStatus nSirStatus; nSirStatus = lim_get_mgmt_staid(pMac, &staid, psessionEntry); @@ -1817,8 +1818,9 @@ populate_dot11f_tpc_report(tpAniSirGlobal pMac, } /* FramesToDo: This function was "misplaced" in the move to Gen4_TVM... */ /* txPower = halGetRateToPwrValue( pMac, staid, pMac->lim.gLimCurrentChannelId, isBeacon ); */ - txPower = 0; - pDot11f->tx_power = (uint8_t) txPower; + tx_power = cfg_get_regulatory_max_transmit_power(pMac, + psessionEntry->currentOperChannel); + pDot11f->tx_power = tx_power; pDot11f->link_margin = 0; pDot11f->present = 1; diff --git a/drivers/staging/qcacld-3.0/core/pld/inc/pld_common.h b/drivers/staging/qcacld-3.0/core/pld/inc/pld_common.h index 2ebfd7810af9..d6756bde9b2f 100644 --- a/drivers/staging/qcacld-3.0/core/pld/inc/pld_common.h +++ b/drivers/staging/qcacld-3.0/core/pld/inc/pld_common.h @@ -538,6 +538,7 @@ int pld_smmu_map(struct device *dev, phys_addr_t paddr, uint32_t *iova_addr, size_t size); unsigned int pld_socinfo_get_serial_number(struct device *dev); int pld_is_qmi_disable(struct device *dev); +int pld_is_fw_down(void); int pld_force_assert_target(struct device *dev); bool pld_is_fw_dump_skipped(struct device *dev); void pld_set_cc_source(struct device *dev, enum pld_cc_src cc_source); diff --git a/drivers/staging/qcacld-3.0/core/pld/src/pld_common.c b/drivers/staging/qcacld-3.0/core/pld/src/pld_common.c index f0fc78d5337a..dbdfd3e183dc 100644 --- a/drivers/staging/qcacld-3.0/core/pld/src/pld_common.c +++ b/drivers/staging/qcacld-3.0/core/pld/src/pld_common.c @@ -1414,6 +1414,23 @@ int pld_is_qmi_disable(struct device *dev) } /** + * pld_is_fw_down() - Check WLAN fw is down or not + * + * This is a SNOC specific API. This API will be called + * to check if WLAN FW is down or not. dev is not passed + * in this API as it could be called during driver unloading + * when all the information driver stored will be gone. + * + * Return: 1 FW is down + * 0 FW is not down + * Non zero failure code for errors + */ +int pld_is_fw_down(void) +{ + return pld_snoc_is_fw_down(); +} + +/** * pld_force_assert_target() - Send a force assert to FW. * This can use various sideband requests available at platform to * initiate a FW assert. diff --git a/drivers/staging/qcacld-3.0/core/pld/src/pld_snoc.h b/drivers/staging/qcacld-3.0/core/pld/src/pld_snoc.h index d2676227ac29..9b42e22764fe 100644 --- a/drivers/staging/qcacld-3.0/core/pld/src/pld_snoc.h +++ b/drivers/staging/qcacld-3.0/core/pld/src/pld_snoc.h @@ -147,6 +147,10 @@ static inline uint8_t *pld_snoc_get_wlan_mac_address(struct device *dev, *num = 0; return NULL; } +static inline int pld_snoc_is_fw_down(void) +{ + return 0; +} static inline int pld_snoc_force_assert_target(struct device *dev) { return 0; @@ -335,6 +339,11 @@ unsigned int pld_snoc_socinfo_get_serial_number(struct device *dev) { return icnss_socinfo_get_serial_number(dev); } +static inline int pld_snoc_is_fw_down(void) +{ + return icnss_is_fw_down(); +} + static inline uint8_t *pld_snoc_get_wlan_mac_address(struct device *dev, uint32_t *num) { diff --git a/drivers/staging/qcacld-3.0/core/sme/inc/csr_api.h b/drivers/staging/qcacld-3.0/core/sme/inc/csr_api.h index 72bfa7b75f56..892619934146 100644 --- a/drivers/staging/qcacld-3.0/core/sme/inc/csr_api.h +++ b/drivers/staging/qcacld-3.0/core/sme/inc/csr_api.h @@ -412,6 +412,7 @@ typedef struct tagCsrScanResultFilter { struct sCsrChannel_ pcl_channels; struct qdf_mac_addr bssid_hint; enum tQDF_ADAPTER_MODE csrPersona; + bool ignore_pmf_cap; #ifdef WLAN_FEATURE_FILS_SK bool realm_check; uint8_t fils_realm[2]; @@ -1002,7 +1003,9 @@ typedef struct tagCsrRoamProfile { tSirMacRateSet extended_rates; struct qdf_mac_addr bssid_hint; bool force_24ghz_in_ht20; - bool do_not_roam; + bool supplicant_disabled_roaming; + bool roaming_allowed_on_iface; + bool driver_disabled_roaming; #ifdef WLAN_FEATURE_FILS_SK bool fils_connection; uint8_t *hlp_ie; @@ -1010,6 +1013,7 @@ typedef struct tagCsrRoamProfile { struct cds_fils_connection_info *fils_con_info; #endif bool chan_switch_hostapd_rate_enabled; + bool force_rsne_override; } tCsrRoamProfile; #ifdef FEATURE_WLAN_MCC_TO_SCC_SWITCH @@ -1340,6 +1344,10 @@ typedef struct tagCsrConfigParam { bool enable5gEBT; bool enableSelfRecovery; uint32_t f_sta_miracast_mcc_rest_time_val; + uint32_t sta_scan_burst_duration; + uint32_t p2p_scan_burst_duration; + uint32_t go_scan_burst_duration; + uint32_t ap_scan_burst_duration; #ifdef FEATURE_AP_MCC_CH_AVOIDANCE bool sap_channel_avoidance; #endif /* FEATURE_AP_MCC_CH_AVOIDANCE */ diff --git a/drivers/staging/qcacld-3.0/core/sme/inc/csr_internal.h b/drivers/staging/qcacld-3.0/core/sme/inc/csr_internal.h index c6125967639f..dde9efc6cd29 100644 --- a/drivers/staging/qcacld-3.0/core/sme/inc/csr_internal.h +++ b/drivers/staging/qcacld-3.0/core/sme/inc/csr_internal.h @@ -175,6 +175,8 @@ typedef enum { eCsrLostLink1Abort, eCsrLostLink2Abort, eCsrLostLink3Abort, + /* Roaming disabled from driver during connect/start BSS */ + eCsrDriverDisabled, } eCsrRoamReason; typedef enum { diff --git a/drivers/staging/qcacld-3.0/core/sme/inc/csr_neighbor_roam.h b/drivers/staging/qcacld-3.0/core/sme/inc/csr_neighbor_roam.h index 9d4abb985c26..3687d3262baf 100644 --- a/drivers/staging/qcacld-3.0/core/sme/inc/csr_neighbor_roam.h +++ b/drivers/staging/qcacld-3.0/core/sme/inc/csr_neighbor_roam.h @@ -332,6 +332,8 @@ void csr_roam_reset_roam_params(tpAniSirGlobal mac_ptr); #define REASON_SUPPLICANT_DISABLED_ROAMING 39 #define REASON_CTX_INIT 40 #define REASON_FILS_PARAMS_CHANGED 41 +#define REASON_SME_ISSUED 42 +#define REASON_DRIVER_ENABLED 43 #if defined(WLAN_FEATURE_HOST_ROAM) || defined(WLAN_FEATURE_ROAM_OFFLOAD) QDF_STATUS csr_roam_offload_scan(tpAniSirGlobal pMac, uint8_t sessionId, diff --git a/drivers/staging/qcacld-3.0/core/sme/inc/sme_api.h b/drivers/staging/qcacld-3.0/core/sme/inc/sme_api.h index b11b4244d8bb..2003b86dce52 100644 --- a/drivers/staging/qcacld-3.0/core/sme/inc/sme_api.h +++ b/drivers/staging/qcacld-3.0/core/sme/inc/sme_api.h @@ -289,6 +289,13 @@ QDF_STATUS sme_close_session(tHalHandle hHal, uint8_t sessionId, bool flush_all_sme_cmds, csr_roamSessionCloseCallback callback, void *pContext); +/** + * sme_print_commands(): Print active, pending sme and scan commands + * @hal_handle: The handle returned by mac_open + * + * Return: None + */ +void sme_print_commands(tHalHandle hal_handle); QDF_STATUS sme_update_roam_params(tHalHandle hHal, uint8_t session_id, struct roam_ext_params *roam_params_src, int update_param); #ifdef FEATURE_WLAN_SCAN_PNO @@ -1017,10 +1024,12 @@ QDF_STATUS sme_ll_stats_clear_req(tHalHandle hHal, QDF_STATUS sme_ll_stats_set_req(tHalHandle hHal, tSirLLStatsSetReq *psetStatsReq); QDF_STATUS sme_ll_stats_get_req(tHalHandle hHal, - tSirLLStatsGetReq *pgetStatsReq); + tSirLLStatsGetReq *pgetStatsReq, + void *context); QDF_STATUS sme_set_link_layer_stats_ind_cb(tHalHandle hHal, void (*callbackRoutine)(void *callbackCtx, - int indType, void *pRsp)); + int indType, void *pRsp, + void *cookie)); QDF_STATUS sme_set_link_layer_ext_cb(tHalHandle hal, void (*ll_stats_ext_cb)(tHddHandle callback_ctx, tSirLLStatsResults * rsp)); @@ -1105,6 +1114,16 @@ QDF_STATUS sme_wifi_start_logger(tHalHandle hal, bool sme_neighbor_middle_of_roaming(tHalHandle hHal, uint8_t sessionId); +/* + * sme_is_any_session_in_middle_of_roaming() - check if roaming is in progress + * @hal: HAL Handle + * + * Checks if any SME session is in middle of roaming + * + * Return : true if roaming is in progress else false + */ +bool sme_is_any_session_in_middle_of_roaming(tHalHandle hal); + QDF_STATUS sme_enable_uapsd_for_ac(void *cds_ctx, uint8_t sta_id, sme_ac_enum_type ac, uint8_t tid, uint8_t pri, uint32_t srvc_int, @@ -1551,7 +1570,8 @@ QDF_STATUS sme_get_nud_debug_stats(tHalHandle hal, struct get_arp_stats_params *get_stats_param); QDF_STATUS sme_set_nud_debug_stats_cb(tHalHandle hal, - void (*cb)(void *, struct rsp_stats *)); + void (*cb)(void *, struct rsp_stats *, void *context), + void *context); #ifdef WLAN_FEATURE_UDP_RESPONSE_OFFLOAD @@ -1715,11 +1735,26 @@ QDF_STATUS sme_get_chain_rssi(tHalHandle phal, * sme_chain_rssi_register_callback - chain rssi callback * @phal: global hal handle * @pchain_rssi_ind_cb: callback function pointer + * @context: callback context * * Return: QDF_STATUS enumeration. */ -QDF_STATUS sme_chain_rssi_register_callback(tHalHandle phal, - void (*pchain_rssi_ind_cb)(void *ctx, void *pmsg)); +QDF_STATUS +sme_chain_rssi_register_callback(tHalHandle phal, + void (*pchain_rssi_ind_cb)(void *ctx, + void *pmsg, + void *context), + void *context); + +/** + * sme_chain_rssi_deregister_callback() - De-register chain rssi callback + * @hal: global hal handle + * + * This function De-registers the scandone callback to SME + * + * Return: None + */ +void sme_chain_rssi_deregister_callback(tHalHandle hal); /** * sme_process_msg_callback() - process callback message from LIM @@ -1973,6 +2008,20 @@ void sme_display_disconnect_stats(tHalHandle hal, uint8_t session_id); QDF_STATUS sme_set_vc_mode_config(uint32_t vc_bitmap); /** + * sme_unpack_rsn_ie: wrapper to unpack RSN IE and update def RSN params + * if optional fields are not present. + * @hal: handle returned by mac_open + * @buf: rsn ie buffer pointer + * @buf_len: rsn ie buffer length + * @rsn_ie: outframe rsn ie structure + * @append_ie: flag to indicate if the rsn_ie need to be appended from buf + * + * Return: parse status + */ +uint32_t sme_unpack_rsn_ie(tHalHandle hal, uint8_t *buf, + uint8_t buf_len, tDot11fIERSN *rsn_ie, + bool append_ie); +/** * sme_is_sta_key_exchange_in_progress() - checks whether the STA/P2P client * session has key exchange in progress * diff --git a/drivers/staging/qcacld-3.0/core/sme/inc/sme_inside.h b/drivers/staging/qcacld-3.0/core/sme/inc/sme_inside.h index 7aebd87117cf..4f41473de54f 100644 --- a/drivers/staging/qcacld-3.0/core/sme/inc/sme_inside.h +++ b/drivers/staging/qcacld-3.0/core/sme/inc/sme_inside.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -256,6 +256,18 @@ QDF_STATUS csr_process_same_ap_reassoc_cmd(tpAniSirGlobal mac_ctx, tSmeCmd *sme_cmd); QDF_STATUS csr_process_scan_command(tpAniSirGlobal pMac, tSmeCmd *pCommand); QDF_STATUS csr_roam_process_command(tpAniSirGlobal pMac, tSmeCmd *pCommand); + +/** + * csr_roam_wm_status_change_complete() - Remove WM status change command + * from SME active command list + * @mac_ctx: global mac context + * + * This API removes WM status change command from SME active command list + * if present. + * + * Return: void + */ +void csr_roam_wm_status_change_complete(tpAniSirGlobal mac_ctx); void csr_roam_process_wm_status_change_command(tpAniSirGlobal pMac, tSmeCmd *pCommand); void csr_reinit_roam_cmd(tpAniSirGlobal pMac, tSmeCmd *pCommand); diff --git a/drivers/staging/qcacld-3.0/core/sme/inc/sme_internal.h b/drivers/staging/qcacld-3.0/core/sme/inc/sme_internal.h index 70ee891d2615..9acde640f1de 100644 --- a/drivers/staging/qcacld-3.0/core/sme/inc/sme_internal.h +++ b/drivers/staging/qcacld-3.0/core/sme/inc/sme_internal.h @@ -191,8 +191,9 @@ typedef struct tagSmeStruct { void (*pChAvoidNotificationCb)(void *hdd_context, void *indi_param); #endif /* FEATURE_WLAN_CH_AVOID */ #ifdef WLAN_FEATURE_LINK_LAYER_STATS + void *ll_stats_context; void (*pLinkLayerStatsIndCallback)(void *callbackContext, - int indType, void *pRsp); + int indType, void *pRsp, void *context); void (*link_layer_stats_ext_cb)(tHddHandle callback_ctx, tSirLLStatsResults *rsp); #endif /* WLAN_FEATURE_LINK_LAYER_STATS */ @@ -274,11 +275,13 @@ typedef struct tagSmeStruct { struct sir_lost_link_info *lost_link_info); void (*rso_cmd_status_cb)(void *hdd_context, struct rso_cmd_status *rso_status); - void (*get_arp_stats_cb)(void *, struct rsp_stats *); + void *get_arp_stats_context; + void (*get_arp_stats_cb)(void *, struct rsp_stats *, void *); void (*bt_activity_info_cb)(void *context, uint32_t bt_activity); void (*chip_power_save_fail_cb)(void *, struct chip_pwr_save_fail_detected_params *); - void (*pchain_rssi_ind_cb)(void *ctx, void *pmsg); + void *pchain_rssi_ind_ctx; + void (*pchain_rssi_ind_cb)(void *hdd_ctx, void *pmsg, void *context); void (*spectral_scan_cb)(void *context, struct spectral_samp_msg *samp_msg); void (*stats_ext2_cb)(void *, struct stats_ext2_event *); diff --git a/drivers/staging/qcacld-3.0/core/sme/src/common/sme_api.c b/drivers/staging/qcacld-3.0/core/sme/src/common/sme_api.c index d91b99851730..d990df2f6798 100644 --- a/drivers/staging/qcacld-3.0/core/sme/src/common/sme_api.c +++ b/drivers/staging/qcacld-3.0/core/sme/src/common/sme_api.c @@ -1673,6 +1673,7 @@ QDF_STATUS sme_hdd_ready_ind(tHalHandle hHal) msg->add_bssdescr_cb = csr_scan_process_single_bssdescr; msg->csr_roam_synch_cb = csr_roam_synch_callback; msg->sme_msg_cb = sme_process_msg_callback; + msg->stop_roaming_cb = sme_stop_roaming; if (eSIR_FAILURE != u_mac_post_ctrl_msg(hHal, (tSirMbMsg *) msg)) @@ -2396,6 +2397,7 @@ static QDF_STATUS sme_process_antenna_mode_resp(tpAniSirGlobal mac, tListElem *entry; tSmeCmd *command; bool found; + void *context; antenna_mode_cb callback; struct sir_antenna_mode_resp *param; @@ -2424,13 +2426,13 @@ static QDF_STATUS sme_process_antenna_mode_resp(tpAniSirGlobal mac, return QDF_STATUS_E_FAILURE; } - callback = - command->u.set_antenna_mode_cmd.set_antenna_mode_resp; + context = command->u.set_antenna_mode_cmd.set_antenna_mode_ctx; + callback = command->u.set_antenna_mode_cmd.set_antenna_mode_resp; if (callback) { if (!param) sme_err("Set antenna mode call back is NULL"); else - callback(param->status); + callback(param->status, context); } else sme_err("Callback does not exist"); @@ -6160,6 +6162,53 @@ QDF_STATUS sme_close_session(tHalHandle hHal, uint8_t sessionId, return status; } +void sme_print_commands(tHalHandle hal_handle) +{ + QDF_STATUS status; + tpAniSirGlobal pMac = PMAC_STRUCT(hal_handle); + tListElem *entry; + tSmeCmd *command; + + status = sme_acquire_global_lock(&pMac->sme); + if (QDF_IS_STATUS_SUCCESS(status)) { + sme_err("Active sme commands:"); + csr_ll_lock(&pMac->sme.smeCmdActiveList); + if (!csr_ll_is_list_empty(&pMac->sme.smeCmdActiveList, + LL_ACCESS_NOLOCK)) { + entry = csr_ll_peek_head(&pMac->sme.smeCmdActiveList, + false); + while (entry) { + command = GET_BASE_ADDR(entry, tSmeCmd, Link); + dump_csr_command_info(pMac, command); + entry = csr_ll_next(&pMac->sme.smeCmdActiveList, + entry, LL_ACCESS_NOLOCK); + } + } + csr_ll_unlock(&pMac->sme.smeCmdActiveList); + sme_err("Pending sme commands:"); + csr_ll_lock(&pMac->sme.smeCmdPendingList); + if (!csr_ll_is_list_empty(&pMac->sme.smeCmdPendingList, + LL_ACCESS_NOLOCK)) { + entry = csr_ll_peek_head(&pMac->sme.smeCmdPendingList, + false); + while (entry) { + command = GET_BASE_ADDR(entry, tSmeCmd, Link); + dump_csr_command_info(pMac, command); + entry = csr_ll_next(&pMac->sme. + smeCmdPendingList, + entry, LL_ACCESS_NOLOCK); + } + } + csr_ll_unlock(&pMac->sme.smeCmdPendingList); + sme_err("active scan commands:%d pending scan commands:%d", + csr_ll_count(&pMac->sme.smeScanCmdActiveList), + csr_ll_count(&pMac->sme.smeScanCmdPendingList)); + + sme_release_global_lock(&pMac->sme); + } + +} + /** * sme_roam_update_apwpsie() - To update AP's WPS IE. This function should be * called after SME AP session is created @@ -9050,18 +9099,21 @@ QDF_STATUS sme_config_fast_roaming(tHalHandle hal, uint8_t session_id, tCsrRoamSession *session = CSR_GET_SESSION(mac_ctx, session_id); QDF_STATUS status; - /* do_not_roam flag is set in wlan_hdd_cfg80211_connect_start - * when supplicant initiate connect request with BSSID. - * This flag reset when supplicant sends vendor command to enable - * roaming after association. + /* + * supplicant_disabled_roaming flag is set to true in + * wlan_hdd_cfg80211_connect_start when supplicant initiate connect + * request with BSSID. This flag is reset when supplicant sends + * vendor command to enable roaming after association. * * This request from wpa_supplicant will be skipped in this function - * if roaming is disabled using driver command or INI and do_not_roam - * flag remains set. So make sure to set do_not_roam flag as per - * wpa_supplicant even if roam request from wpa_supplicant ignored. + * if roaming is disabled using driver command or INI and + * supplicant_disabled_roaming flag remains set. So make sure to set + * supplicant_disabled_roaming flag as per wpa_supplicant even if roam + * request from wpa_supplicant ignored. */ if (session && session->pCurRoamProfile) - session->pCurRoamProfile->do_not_roam = !is_fast_roam_enabled; + session->pCurRoamProfile->supplicant_disabled_roaming = + !is_fast_roam_enabled; if (!mac_ctx->roam.configParam.isFastRoamIniFeatureEnabled) { sme_debug("Fast roam is disabled through ini"); @@ -9127,11 +9179,33 @@ QDF_STATUS sme_stop_roaming(tHalHandle hal, uint8_t session_id, uint8_t reason) tSirRoamOffloadScanReq *req; tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal); tpCsrNeighborRoamControlInfo roam_info; + tCsrRoamSession *session; if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) { sme_err("incorrect session/vdev ID"); return QDF_STATUS_E_INVAL; } + + session = CSR_GET_SESSION(mac_ctx, session_id); + if (session->pCurRoamProfile && + !session->pCurRoamProfile->roaming_allowed_on_iface) { + sme_debug("Roaming was never started on session %d", + session_id); + return QDF_STATUS_SUCCESS; + } + + /* + * set the driver_disabled_roaming flag to true even if roaming + * is not enabled on this session so that roam start requests for + * this session can be blocked until driver enables roaming + */ + if (reason == eCsrDriverDisabled && session->pCurRoamProfile && + session->pCurRoamProfile->csrPersona == QDF_STA_MODE) { + session->pCurRoamProfile->driver_disabled_roaming = true; + sme_debug("driver_disabled_roaming set for session %d", + session_id); + } + roam_info = &mac_ctx->roam.neighborRoamInfo[session_id]; req = qdf_mem_malloc(sizeof(*req)); if (!req) { @@ -9140,10 +9214,12 @@ QDF_STATUS sme_stop_roaming(tHalHandle hal, uint8_t session_id, uint8_t reason) } req->Command = ROAM_SCAN_OFFLOAD_STOP; - if (reason == eCsrForcedDisassoc) + + if ((reason == eCsrForcedDisassoc) || (reason == eCsrDriverDisabled)) req->reason = REASON_ROAM_STOP_ALL; else - req->reason = REASON_ROAM_SYNCH_FAILED; + req->reason = REASON_SME_ISSUED; + req->sessionId = session_id; if (csr_neighbor_middle_of_roaming(mac_ctx, session_id)) req->middle_of_roaming = 1; @@ -14484,11 +14560,12 @@ QDF_STATUS sme_ll_stats_set_req(tHalHandle hHal, tSirLLStatsSetReq * * @hHal * @pgetStatsReq: Link Layer get stats request params structure + * @context: Callback context for ll stats * * Return QDF_STATUS */ QDF_STATUS sme_ll_stats_get_req(tHalHandle hHal, tSirLLStatsGetReq - *pgetStatsReq) + *pgetStatsReq, void *context) { QDF_STATUS status = QDF_STATUS_SUCCESS; QDF_STATUS qdf_status = QDF_STATUS_SUCCESS; @@ -14507,6 +14584,7 @@ QDF_STATUS sme_ll_stats_get_req(tHalHandle hHal, tSirLLStatsGetReq *get_stats_req = *pgetStatsReq; + pMac->sme.ll_stats_context = context; if (QDF_STATUS_SUCCESS == sme_acquire_global_lock(&pMac->sme)) { /* Serialize the req through MC thread */ cds_message.bodyptr = get_stats_req; @@ -14536,16 +14614,17 @@ QDF_STATUS sme_ll_stats_get_req(tHalHandle hHal, tSirLLStatsGetReq /** * sme_set_link_layer_stats_ind_cb() - SME API to trigger the stats are - * available after get request + * available after get request * - * @hHal - * @callback_routine - HDD callback which needs to be invoked after - * getting status notification from FW + * @hHal: handle in hdd context + * @callback_routine: HDD callback which needs to be invoked after + * getting status notification from FW * * Return QDF_STATUS */ QDF_STATUS sme_set_link_layer_stats_ind_cb(tHalHandle hHal, - void (*callback_routine)(void *callbackCtx, int indType, void *pRsp)) + void (*callback_routine)(void *callbackCtx, int indType, void *pRsp, + void *context)) { QDF_STATUS status = QDF_STATUS_SUCCESS; tpAniSirGlobal pMac = PMAC_STRUCT(hHal); @@ -15339,6 +15418,20 @@ bool sme_neighbor_middle_of_roaming(tHalHandle hHal, uint8_t sessionId) return val; } +bool sme_is_any_session_in_middle_of_roaming(tHalHandle hal) +{ + tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal); + uint8_t session_id; + + for (session_id = 0; session_id < CSR_ROAM_SESSION_MAX; session_id++) { + if (CSR_IS_SESSION_VALID(mac_ctx, session_id) && + csr_neighbor_middle_of_roaming(mac_ctx, session_id)) + return true; + } + + return false; +} + /** * sme_send_flush_logs_cmd_to_fw() - Flush FW logs * @mac: MAC handle @@ -15584,13 +15677,15 @@ QDF_STATUS sme_set_rssi_threshold_breached_cb(tHalHandle h_hal, * sme_set_nud_debug_stats_cb() - set nud debug stats callback * @hal: global hal handle * @cb: callback function pointer + * @context: callback context * - * This function stores nud debug stats callback function. + * This function stores nud debug stats callback function and context * * Return: QDF_STATUS enumeration. */ QDF_STATUS sme_set_nud_debug_stats_cb(tHalHandle hal, - void (*cb)(void *, struct rsp_stats *)) + void (*cb)(void *, struct rsp_stats *, void *), + void *context) { QDF_STATUS status = QDF_STATUS_SUCCESS; tpAniSirGlobal mac; @@ -15611,6 +15706,7 @@ QDF_STATUS sme_set_nud_debug_stats_cb(tHalHandle hal, } mac->sme.get_arp_stats_cb = cb; + mac->sme.get_arp_stats_context = context; sme_release_global_lock(&mac->sme); return status; } @@ -18276,21 +18372,18 @@ QDF_STATUS sme_get_chain_rssi(tHalHandle phal, return status; } -/** - * sme_chain_rssi_register_callback - chain rssi callback - * @hal: global hal handle - * @pchain_rssi_ind_cb: callback function pointer - * - * Return: QDF_STATUS enumeration. - */ -QDF_STATUS sme_chain_rssi_register_callback(tHalHandle phal, - void (*pchain_rssi_ind_cb)(void *, void *)) +QDF_STATUS +sme_chain_rssi_register_callback(tHalHandle phal, + void (*pchain_rssi_ind_cb)(void *, void *, + void *), + void *context) { QDF_STATUS status; tpAniSirGlobal pmac = PMAC_STRUCT(phal); status = sme_acquire_global_lock(&pmac->sme); if (QDF_STATUS_SUCCESS == status) { + pmac->sme.pchain_rssi_ind_ctx = context; pmac->sme.pchain_rssi_ind_cb = pchain_rssi_ind_cb; sme_release_global_lock(&pmac->sme); } @@ -18298,6 +18391,20 @@ QDF_STATUS sme_chain_rssi_register_callback(tHalHandle phal, return status; } +void sme_chain_rssi_deregister_callback(tHalHandle hal) +{ + tpAniSirGlobal pmac; + + if (!hal) { + sme_err("hal is not valid"); + return; + } + + pmac = PMAC_STRUCT(hal); + if (pmac->sme.pchain_rssi_ind_cb) + pmac->sme.pchain_rssi_ind_cb = NULL; +} + QDF_STATUS sme_set_reorder_timeout(tHalHandle hal, struct sir_set_rx_reorder_timeout_val *req) { @@ -18779,6 +18886,15 @@ free_action_oui: action_oui = NULL; } +uint32_t sme_unpack_rsn_ie(tHalHandle hal, uint8_t *buf, + uint8_t buf_len, tDot11fIERSN *rsn_ie, + bool append_ie) +{ + tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal); + + return dot11f_unpack_ie_rsn(mac_ctx, buf, buf_len, rsn_ie, append_ie); +} + /** * sme_destroy_action_oui_info() - destroy all action ouis info * @pmac: pointer to mac context diff --git a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_roam.c b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_roam.c index c68c8fe4c86f..752a3eab3241 100644 --- a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_roam.c +++ b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_roam.c @@ -2827,6 +2827,14 @@ QDF_STATUS csr_change_default_config_param(tpAniSirGlobal pMac, pMac->f_sta_miracast_mcc_rest_time_val = pParam->f_sta_miracast_mcc_rest_time_val; + pMac->sta_scan_burst_duration = + pParam->sta_scan_burst_duration; + pMac->p2p_scan_burst_duration = + pParam->p2p_scan_burst_duration; + pMac->go_scan_burst_duration = + pParam->go_scan_burst_duration; + pMac->ap_scan_burst_duration = + pParam->ap_scan_burst_duration; #ifdef FEATURE_AP_MCC_CH_AVOIDANCE pMac->sap.sap_channel_avoidance = pParam->sap_channel_avoidance; @@ -3146,6 +3154,14 @@ QDF_STATUS csr_get_config_param(tpAniSirGlobal pMac, tCsrConfigParam *pParam) pParam->enable5gEBT = pMac->enable5gEBT; pParam->f_sta_miracast_mcc_rest_time_val = pMac->f_sta_miracast_mcc_rest_time_val; + pParam->sta_scan_burst_duration = + pMac->sta_scan_burst_duration; + pParam->p2p_scan_burst_duration = + pMac->p2p_scan_burst_duration; + pParam->go_scan_burst_duration = + pMac->go_scan_burst_duration; + pParam->ap_scan_burst_duration = + pMac->ap_scan_burst_duration; sme_update_roam_pno_channel_prediction_config(pMac, pParam, ROAM_CONFIG_TO_SME_CONFIG); pParam->early_stop_scan_enable = @@ -6077,11 +6093,6 @@ QDF_STATUS csr_roam_process_command(tpAniSirGlobal pMac, tSmeCmd *pCommand) switch (pCommand->u.roamCmd.roamReason) { case eCsrForcedDisassoc: - if (eCSR_ROAMING_STATE_IDLE == pMac->roam.curState[sessionId]) { - sme_err("Ignore eCsrForcedDisassoc cmd on roam state %d", - eCSR_ROAMING_STATE_IDLE); - return QDF_STATUS_E_FAILURE; - } status = csr_roam_process_disassoc_deauth(pMac, pCommand, true, false); csr_free_roam_profile(pMac, sessionId); @@ -6319,7 +6330,7 @@ static QDF_STATUS csr_roam_save_params(tpAniSirGlobal mac_ctx, */ nIeLen = 8 + 2 + 2 + (rsnie->pwise_cipher_suite_count * 4) - + (rsnie->akm_suite_count * 4); + + (rsnie->akm_suite_cnt * 4); if (rsnie->pmkid_count) /* pmkid */ nIeLen += 2 + rsnie->pmkid_count * 4; @@ -6348,17 +6359,17 @@ static QDF_STATUS csr_roam_save_params(tpAniSirGlobal mac_ctx, rsnie->pwise_cipher_suite_count * 4); pIeBuf += rsnie->pwise_cipher_suite_count * 4; } - qdf_mem_copy(pIeBuf, &rsnie->akm_suite_count, 2); + qdf_mem_copy(pIeBuf, &rsnie->akm_suite_cnt, 2); pIeBuf += 2; - if (rsnie->akm_suite_count) { + if (rsnie->akm_suite_cnt) { /* copy akm_suites */ - qdf_mem_copy(pIeBuf, rsnie->akm_suites, - rsnie->akm_suite_count * 4); - pIeBuf += rsnie->akm_suite_count * 4; + qdf_mem_copy(pIeBuf, rsnie->akm_suite, + rsnie->akm_suite_cnt * 4); + pIeBuf += rsnie->akm_suite_cnt * 4; } /* copy the rest */ - qdf_mem_copy(pIeBuf, rsnie->akm_suites + - rsnie->akm_suite_count * 4, + qdf_mem_copy(pIeBuf, rsnie->akm_suite + + rsnie->akm_suite_cnt * 4, 2 + rsnie->pmkid_count * 4); session_ptr->nWpaRsnRspIeLength = nIeLen + 2; } @@ -8002,7 +8013,10 @@ QDF_STATUS csr_roam_copy_profile(tpAniSirGlobal pMac, pDstProfile->wps_state = pSrcProfile->wps_state; pDstProfile->ieee80211d = pSrcProfile->ieee80211d; pDstProfile->sap_dot11mc = pSrcProfile->sap_dot11mc; - pDstProfile->do_not_roam = pSrcProfile->do_not_roam; + pDstProfile->supplicant_disabled_roaming = + pSrcProfile->supplicant_disabled_roaming; + pDstProfile->roaming_allowed_on_iface = + pSrcProfile->roaming_allowed_on_iface; qdf_mem_copy(&pDstProfile->Keys, &pSrcProfile->Keys, sizeof(pDstProfile->Keys)); #ifdef WLAN_FEATURE_11W @@ -8036,6 +8050,7 @@ QDF_STATUS csr_roam_copy_profile(tpAniSirGlobal pMac, } pDstProfile->chan_switch_hostapd_rate_enabled = pSrcProfile->chan_switch_hostapd_rate_enabled; + pDstProfile->force_rsne_override = pSrcProfile->force_rsne_override; end: if (!QDF_IS_STATUS_SUCCESS(status)) { csr_release_profile(pMac, pDstProfile); @@ -10987,9 +11002,34 @@ csr_roam_prepare_filter_from_profile(tpAniSirGlobal mac_ctx, goto free_filter; } scan_fltr->uapsd_mask = profile->uapsd_mask; - scan_fltr->authType = profile->AuthType; - scan_fltr->EncryptionType = profile->EncryptionType; - scan_fltr->mcEncryptionType = profile->mcEncryptionType; + if (profile->force_rsne_override) { + sme_debug("force_rsne_override enabled fill all auth type and enctype"); + + scan_fltr->authType.numEntries = eCSR_NUM_OF_SUPPORT_AUTH_TYPE; + for (i = 0; i < scan_fltr->authType.numEntries; i++) + scan_fltr->authType.authType[i] = i; + + idx = 0; + for (i = 0; i < eCSR_NUM_OF_ENCRYPT_TYPE; i++) { + if (i == eCSR_ENCRYPT_TYPE_TKIP || + i == eCSR_ENCRYPT_TYPE_AES || + i == eCSR_ENCRYPT_TYPE_AES_GCMP || + i == eCSR_ENCRYPT_TYPE_AES_GCMP_256) { + scan_fltr-> + EncryptionType.encryptionType[idx] = i; + scan_fltr-> + mcEncryptionType.encryptionType[idx] = i; + idx++; + } + } + scan_fltr->EncryptionType.numEntries = idx; + scan_fltr->mcEncryptionType.numEntries = idx; + scan_fltr->ignore_pmf_cap = true; + } else { + scan_fltr->authType = profile->AuthType; + scan_fltr->EncryptionType = profile->EncryptionType; + scan_fltr->mcEncryptionType = profile->mcEncryptionType; + } scan_fltr->BSSType = profile->BSSType; scan_fltr->phyMode = profile->phyMode; #ifdef FEATURE_WLAN_WAPI @@ -11428,6 +11468,12 @@ csr_roam_send_disconnect_done_indication(tpAniSirGlobal mac_ctx, tSirSmeRsp } else sme_err("Inactive session %d", discon_ind->session_id); + + /* + * Release WM status change command as eWNI_SME_DISCONNECT_DONE_IND + * has been sent to HDD and there is nothing else left to do. + */ + csr_roam_wm_status_change_complete(mac_ctx); } static void @@ -12801,7 +12847,7 @@ QDF_STATUS csr_roam_lost_link(tpAniSirGlobal pMac, uint32_t sessionId, } -static void csr_roam_wm_status_change_complete(tpAniSirGlobal pMac) +void csr_roam_wm_status_change_complete(tpAniSirGlobal pMac) { tListElem *pEntry; tSmeCmd *pCommand; @@ -12836,7 +12882,7 @@ void csr_roam_process_wm_status_change_command(tpAniSirGlobal pMac, if (!pSession) { sme_err("session %d not found", pCommand->sessionId); - return; + goto end; } sme_debug("session:%d, CmdType : %d", pCommand->sessionId, pCommand->u.wmStatusChangeCmd.Type); @@ -12863,10 +12909,15 @@ void csr_roam_process_wm_status_change_command(tpAniSirGlobal pMac, pCommand->u.wmStatusChangeCmd.Type); break; } - /* Lost Link just triggers a roaming sequence. We can complte the - * Lost Link command here since there is nothing else to do. - */ - csr_roam_wm_status_change_complete(pMac); + +end: + if (status != QDF_STATUS_SUCCESS) { + /* + * As status returned is not success, there is nothing else + * left to do so release WM status change command here. + */ + csr_roam_wm_status_change_complete(pMac); + } } @@ -15100,6 +15151,8 @@ QDF_STATUS csr_send_join_req_msg(tpAniSirGlobal pMac, uint32_t sessionId, csr_retrieve_rsn_ie(pMac, sessionId, pProfile, pBssDescription, pIes, (tCsrRSNIe *) (wpaRsnIE)); + csr_join_req->force_rsne_override = + pProfile->force_rsne_override; } #ifdef FEATURE_WLAN_WAPI else if (csr_is_profile_wapi(pProfile)) { @@ -15975,6 +16028,7 @@ QDF_STATUS csr_send_mb_disassoc_cnf_msg(tpAniSirGlobal pMac, status = QDF_STATUS_SUCCESS; if (!QDF_IS_STATUS_SUCCESS(status)) break; + pMsg->sme_session_id = pDisassocInd->sessionId; pMsg->messageType = eWNI_SME_DISASSOC_CNF; pMsg->statusCode = eSIR_SME_SUCCESS; pMsg->length = sizeof(tSirSmeDisassocCnf); @@ -16015,6 +16069,7 @@ QDF_STATUS csr_send_mb_deauth_cnf_msg(tpAniSirGlobal pMac, pMsg->messageType = eWNI_SME_DEAUTH_CNF; pMsg->statusCode = eSIR_SME_SUCCESS; pMsg->length = sizeof(tSirSmeDeauthCnf); + pMsg->sme_session_id = pDeauthInd->sessionId; qdf_copy_macaddr(&pMsg->bssid, &pDeauthInd->bssid); status = QDF_STATUS_SUCCESS; if (!QDF_IS_STATUS_SUCCESS(status)) { @@ -19597,10 +19652,31 @@ csr_roam_offload_scan(tpAniSirGlobal mac_ctx, uint8_t session_id, return QDF_STATUS_E_FAILURE; } + if ((session->pCurRoamProfile && + session->pCurRoamProfile->roaming_allowed_on_iface == false)) { + sme_debug("Roaming disabled on iface, session: %d", session_id); + return QDF_STATUS_E_FAILURE; + } + + if ((command == ROAM_SCAN_OFFLOAD_START) && + (session->pCurRoamProfile && + session->pCurRoamProfile->driver_disabled_roaming)) { + if (reason == REASON_DRIVER_ENABLED) { + session->pCurRoamProfile-> + driver_disabled_roaming = false; + sme_debug("driver_disabled_roaming reset for session %d", + session_id); + } else { + sme_debug("Roam start received for session %d on which driver has disabled roaming", + session_id); + return QDF_STATUS_E_FAILURE; + } + } + if ((ROAM_SCAN_OFFLOAD_START == command && - REASON_CTX_INIT != reason) && - (session->pCurRoamProfile && - session->pCurRoamProfile->do_not_roam)) { + REASON_CTX_INIT != reason) && + (session->pCurRoamProfile && + session->pCurRoamProfile->supplicant_disabled_roaming)) { sme_debug("Supplicant disabled driver roaming"); return QDF_STATUS_E_FAILURE; } @@ -19626,7 +19702,7 @@ csr_roam_offload_scan(tpAniSirGlobal mac_ctx, uint8_t session_id, /* Roaming is not supported currently for FILS akm */ if (session->pCurRoamProfile && CSR_IS_AUTH_TYPE_FILS( session->pCurRoamProfile->AuthType.authType[0]) && - !mac_ctx->is_fils_roaming_supported) { + !mac_ctx->is_fils_roaming_supported) { sme_info("FILS Roaming not suppprted by fw"); return QDF_STATUS_SUCCESS; } diff --git a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_scan.c b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_scan.c index f9972a421b04..1415a8297134 100644 --- a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_scan.c +++ b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_api_scan.c @@ -1607,12 +1607,16 @@ static void csr_scan_add_result(tpAniSirGlobal pMac, struct tag_csrscan_result *pResult, tDot11fBeaconIEs *pIes, uint32_t sessionId) { - tpCsrNeighborRoamControlInfo pNeighborRoamInfo = - &pMac->roam.neighborRoamInfo[sessionId]; - + tpCsrNeighborRoamControlInfo pNeighborRoamInfo; struct qdf_mac_addr bssid; uint8_t channel_id = pResult->Result.BssDescriptor.channelId; + if (!CSR_IS_SESSION_VALID(pMac, sessionId)) { + sme_err("Invalid session id: %d", sessionId); + return; + } + + pNeighborRoamInfo = &pMac->roam.neighborRoamInfo[sessionId]; qdf_mem_zero(&bssid.bytes, QDF_MAC_ADDR_SIZE); qdf_mem_copy(bssid.bytes, &pResult->Result.BssDescriptor.bssId, QDF_MAC_ADDR_SIZE); diff --git a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_cmd_process.c b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_cmd_process.c index e433459082af..eeba107230cc 100644 --- a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_cmd_process.c +++ b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_cmd_process.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -119,7 +119,9 @@ QDF_STATUS csr_msg_processor(tpAniSirGlobal mac_ctx, void *msg_buf) * due to failure or finding the condition meets both * SAP and infra/IBSS requirement. */ - if (eWNI_SME_SETCONTEXT_RSP == sme_rsp->messageType) { + if (eWNI_SME_SETCONTEXT_RSP == sme_rsp->messageType || + eWNI_SME_DISCONNECT_DONE_IND == + sme_rsp->messageType) { sme_warn("handling msg 0x%X CSR state is %d", sme_rsp->messageType, cur_state); csr_roam_check_for_link_status_change(mac_ctx, diff --git a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_neighbor_roam.c b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_neighbor_roam.c index 7d39d4c72daf..e9688f9edc65 100644 --- a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_neighbor_roam.c +++ b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_neighbor_roam.c @@ -949,6 +949,7 @@ static void csr_neighbor_roam_info_ctx_init( tpCsrNeighborRoamControlInfo ngbr_roam_info = &pMac->roam.neighborRoamInfo[session_id]; tCsrRoamSession *session = &pMac->roam.roamSession[session_id]; + struct tagCsrRoamProfile *roam_profile = session->pCurRoamProfile; int init_ft_flag = false; @@ -1047,10 +1048,9 @@ static void csr_neighbor_roam_info_ctx_init( ROAM_SCAN_OFFLOAD_START, REASON_CTX_INIT); - if (session->pCurRoamProfile && - session->pCurRoamProfile->do_not_roam) { + if (roam_profile && + roam_profile->supplicant_disabled_roaming) { sme_debug("Supplicant disabled driver roaming"); - csr_roam_offload_scan(pMac, session_id, ROAM_SCAN_OFFLOAD_STOP, REASON_SUPPLICANT_DISABLED_ROAMING); diff --git a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_util.c b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_util.c index f697d54cb12e..c26c1a4a95db 100644 --- a/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_util.c +++ b/drivers/staging/qcacld-3.0/core/sme/src/csr/csr_util.c @@ -2854,10 +2854,10 @@ static bool csr_get_rsn_information(tHalHandle hal, tCsrAuthList *auth_type, CSR_RSN_OUI_SIZE); c_ucast_cipher = (uint8_t) (rsn_ie->pwise_cipher_suite_count); - c_auth_suites = (uint8_t) (rsn_ie->akm_suite_count); + c_auth_suites = (uint8_t) (rsn_ie->akm_suite_cnt); for (i = 0; i < c_auth_suites && i < CSR_RSN_MAX_AUTH_SUITES; i++) { qdf_mem_copy((void *)&authsuites[i], - (void *)&rsn_ie->akm_suites[i], CSR_RSN_OUI_SIZE); + (void *)&rsn_ie->akm_suite[i], CSR_RSN_OUI_SIZE); } /* Check - Is requested unicast Cipher supported by the BSS. */ @@ -3310,6 +3310,7 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId, tpAniSirGlobal pMac = PMAC_STRUCT(hHal); bool fRSNMatch; uint8_t cbRSNIe = 0; + uint32_t ret; uint8_t UnicastCypher[CSR_RSN_OUI_SIZE]; uint8_t MulticastCypher[CSR_RSN_OUI_SIZE]; uint8_t AuthSuite[CSR_RSN_OUI_SIZE]; @@ -3323,6 +3324,7 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId, tDot11fBeaconIEs *pIesLocal = pIes; eCsrAuthType negAuthType = eCSR_AUTH_TYPE_UNKNOWN; tCsrRoamSession *session = CSR_GET_SESSION(pMac, sessionId); + tDot11fIERSN rsn_ie = {0}; if (!CSR_IS_SESSION_VALID(pMac, sessionId) || !session) return 0; @@ -3338,6 +3340,21 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId, (pMac, pSirBssDesc, &pIesLocal)))) { break; } + + /* + * Use intersection of the RSN cap sent by user space and + * the AP, so that only common capability are enabled. + */ + if (pProfile->pRSNReqIE && pProfile->nRSNReqIELength) { + ret = dot11f_unpack_ie_rsn(pMac, pProfile->pRSNReqIE + 2, + pProfile->nRSNReqIELength -2, &rsn_ie, false); + if (DOT11F_SUCCEEDED(ret)) { + pIesLocal->RSN.RSN_Cap[0] = pIesLocal->RSN.RSN_Cap[0] & + rsn_ie.RSN_Cap[0]; + pIesLocal->RSN.RSN_Cap[1] = pIesLocal->RSN.RSN_Cap[1] & + rsn_ie.RSN_Cap[1]; + } + } /* See if the cyphers in the Bss description match with the * settings in the profile. */ @@ -3370,14 +3387,12 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId, qdf_mem_copy(&pAuthSuite->AuthOui[0], AuthSuite, sizeof(AuthSuite)); - /* RSN capabilities follows the Auth Suite (two octects) - * !!REVIEW - What should STA put in RSN capabilities, currently - * just putting back APs capabilities For one, we shouldn't - * EVER be sending out "pre-auth supported". It is an AP only - * capability For another, we should use the Management Frame - * Protection values given by the supplicant - */ + /* PreAuthSupported is an AP only capability */ RSNCapabilities.PreAuthSupported = 0; + /* + * Use the Management Frame Protection values given by the + * supplicant, if AP and STA both are MFP capable. + */ #ifdef WLAN_FEATURE_11W if (RSNCapabilities.MFPCapable && pProfile->MFPCapable) { RSNCapabilities.MFPCapable = pProfile->MFPCapable; @@ -4064,6 +4079,22 @@ uint8_t csr_retrieve_rsn_ie(tHalHandle hHal, uint32_t sessionId, do { if (!csr_is_profile_rsn(pProfile)) break; + /* copy RSNIE from user as it is if test mode is enabled */ + if (pProfile->force_rsne_override && + pProfile->nRSNReqIELength && pProfile->pRSNReqIE) { + sme_debug("force_rsne_override, copy RSN IE provided by user"); + if (pProfile->nRSNReqIELength <= + DOT11F_IE_RSN_MAX_LEN) { + cbRsnIe = (uint8_t) pProfile->nRSNReqIELength; + qdf_mem_copy(pRsnIe, pProfile->pRSNReqIE, + cbRsnIe); + } else { + sme_warn("csr_retrieve_rsn_ie detect invalid RSN IE length (%d)", + pProfile->nRSNReqIELength); + } + break; + } + if (csr_roam_is_fast_roam_enabled(pMac, sessionId)) { /* If "Legacy Fast Roaming" is enabled ALWAYS rebuild * the RSN IE from scratch. So it contains the current @@ -5078,6 +5109,74 @@ static bool csr_is_fils_realm_match(tSirBssDescription *bss_descr, return true; } #endif + +/** + * csr_match_security() - wrapper to check if the security is matching + * @mac_ctx: mac context + * @filter: scan filter + * @bss_desc: BSS Descriptor + * @ies_ptr: Pointer to the IE fields + * @neg_auth_type: Negotiated Auth type with the AP + * @neg_uc_cipher: Negotiated unicast cipher suite + * @neg_mc_cipher: Negotiated multicast cipher + * + * Return: true if matched else false. + */ +#ifdef WLAN_FEATURE_11W +static inline bool csr_match_security(tpAniSirGlobal mac_ctx, + tCsrScanResultFilter *filter, tSirBssDescription *bss_desc, + tDot11fBeaconIEs *ies_ptr, eCsrAuthType *neg_auth, + eCsrEncryptionType *neg_uc, + eCsrEncryptionType *neg_mc) +{ + + if (!filter) + return false; + + if (filter->bWPSAssociation || filter->bOSENAssociation) + return true; + + if (filter->ignore_pmf_cap) + return csr_is_security_match(mac_ctx, &filter->authType, + &filter->EncryptionType, + &filter->mcEncryptionType, + NULL, NULL, NULL, + bss_desc, ies_ptr, neg_auth, + neg_uc, neg_mc); + else + return csr_is_security_match(mac_ctx, &filter->authType, + &filter->EncryptionType, + &filter->mcEncryptionType, + &filter->MFPEnabled, + &filter->MFPRequired, + &filter->MFPCapable, + bss_desc, ies_ptr, neg_auth, + neg_uc, neg_mc); + +} +#else +static inline bool csr_match_security(tpAniSirGlobal mac_ctx, + tCsrScanResultFilter *filter, tSirBssDescription *bss_desc, + tDot11fBeaconIEs *ies_ptr, eCsrAuthType *neg_auth, + eCsrEncryptionType *neg_uc, + eCsrEncryptionType *neg_mc) + +{ + if (!filter) + return false; + + if (filter->bWPSAssociation || filter->bOSENAssociation) + return true; + + return csr_is_security_match(mac_ctx, &filter->authType, + &filter->EncryptionType, + &filter->mcEncryptionType, + NULL, NULL, NULL, + bss_desc, ies_ptr, neg_auth, + neg_uc, neg_mc); +} +#endif + /** * csr_match_bss() - to compare the bss * @hal: pointer to hal context @@ -5192,25 +5291,8 @@ bool csr_match_bss(tHalHandle hal, tSirBssDescription *bss_descr, NULL, NULL, ie_ptr)) goto end; -#ifdef WLAN_FEATURE_11W - if ((!filter->bWPSAssociation) && (!filter->bOSENAssociation) && - !csr_is_security_match(mac_ctx, &filter->authType, - &filter->EncryptionType, - &filter->mcEncryptionType, - &filter->MFPEnabled, - &filter->MFPRequired, - &filter->MFPCapable, - bss_descr, ie_ptr, neg_auth, - neg_uc, neg_mc)) -#else - if ((!filter->bWPSAssociation) && (!filter->bOSENAssociation) && - !csr_is_security_match(mac_ctx, &filter->authType, - &filter->EncryptionType, - &filter->mcEncryptionType, - NULL, NULL, NULL, - bss_descr, ie_ptr, neg_auth, - neg_uc, neg_mc)) -#endif + if (!csr_match_security(mac_ctx, filter, bss_descr, ie_ptr, neg_auth, + neg_uc, neg_mc)) goto end; if (!csr_is_capabilities_match(mac_ctx, filter->BSSType, bss_descr)) goto end; diff --git a/drivers/staging/qcacld-3.0/core/wma/src/wma_features.c b/drivers/staging/qcacld-3.0/core/wma/src/wma_features.c index 0b6a042a9004..02bad28a87da 100644 --- a/drivers/staging/qcacld-3.0/core/wma/src/wma_features.c +++ b/drivers/staging/qcacld-3.0/core/wma/src/wma_features.c @@ -10285,7 +10285,8 @@ int wma_get_arp_stats_handler(void *handle, uint8_t *data, connect_stats_event->icmpv4_rsp_recvd); } - mac->sme.get_arp_stats_cb(mac->hHdd, &rsp); + mac->sme.get_arp_stats_cb(mac->hHdd, &rsp, + mac->sme.get_arp_stats_context); EXIT(); @@ -10618,6 +10619,11 @@ int wma_peer_ant_info_evt_handler(void *handle, u_int8_t *event, return -EINVAL; } + if (!pmac->sme.pchain_rssi_ind_cb) { + WMA_LOGE("%s: callback not registered", __func__); + return -EINVAL; + } + param_buf = (WMI_PEER_ANTDIV_INFO_EVENTID_param_tlvs *) event; if (!param_buf) { WMA_LOGE("Invalid peer_ant_info event buffer"); @@ -10643,7 +10649,8 @@ int wma_peer_ant_info_evt_handler(void *handle, u_int8_t *event, peer_ant_info->chain_rssi, sizeof(peer_ant_info->chain_rssi)); - pmac->sme.pchain_rssi_ind_cb(pmac->hHdd, &chain_rssi_result); + pmac->sme.pchain_rssi_ind_cb(pmac->hHdd, &chain_rssi_result, + pmac->sme.pchain_rssi_ind_ctx); return 0; } @@ -10675,7 +10682,10 @@ void wma_spectral_scan_config(WMA_HANDLE wma_handle, if (wma == NULL) return; - + if (!wma_is_vdev_valid(req->vdev_id)) { + WMA_LOGE(FL("Invalid vdev id")); + return; + } /* save the copy of the config params */ qdf_mem_copy(&wma->ss_configs, req, sizeof(*req)); diff --git a/drivers/staging/qcacld-3.0/core/wma/src/wma_main.c b/drivers/staging/qcacld-3.0/core/wma/src/wma_main.c index a6abf0b05cc8..7557d80f13f0 100644 --- a/drivers/staging/qcacld-3.0/core/wma/src/wma_main.c +++ b/drivers/staging/qcacld-3.0/core/wma/src/wma_main.c @@ -859,6 +859,8 @@ static void wma_set_modulated_dtim(tp_wma_handle wma, &wma->interfaces[vdev_id]; bool prev_dtim_enabled; uint32_t listen_interval; + uint32_t beacon_interval_mod; + uint32_t max_mod_dtim; QDF_STATUS ret; iface->alt_modulated_dtim = privcmd->param_value; @@ -873,22 +875,41 @@ static void wma_set_modulated_dtim(tp_wma_handle wma, if ((true == iface->alt_modulated_dtim_enabled) || (true == prev_dtim_enabled)) { - listen_interval = iface->alt_modulated_dtim - * iface->dtimPeriod; + beacon_interval_mod = iface->beaconInterval / 100; + if (!beacon_interval_mod) + beacon_interval_mod = 1; - ret = wma_vdev_set_param(wma->wmi_handle, - privcmd->param_vdev_id, - WMI_VDEV_PARAM_LISTEN_INTERVAL, - listen_interval); + if (iface->dtimPeriod) + max_mod_dtim = wma->staMaxLIModDtim + / (iface->dtimPeriod*beacon_interval_mod); + else + max_mod_dtim = wma->staMaxLIModDtim/beacon_interval_mod; + + if (!max_mod_dtim) + max_mod_dtim = 1; + + if (iface->alt_modulated_dtim > max_mod_dtim) { + WMA_LOGE("User ModDtim(%d) exceeding ceiling limit(%d)", + iface->alt_modulated_dtim, max_mod_dtim); + listen_interval = max_mod_dtim * iface->dtimPeriod; + } else { + listen_interval = iface->alt_modulated_dtim + * iface->dtimPeriod; + } + + WMA_LOGD("Setting Listen Interval %d for vdev id %d", + listen_interval, vdev_id); + ret = wma_vdev_set_param(wma->wmi_handle, vdev_id, + WMI_VDEV_PARAM_LISTEN_INTERVAL, + listen_interval); if (QDF_IS_STATUS_ERROR(ret)) /* Even if it fails, continue */ WMA_LOGW("Failed to set listen interval %d", listen_interval); - ret = wma_vdev_set_param(wma->wmi_handle, - privcmd->param_vdev_id, - WMI_VDEV_PARAM_DTIM_POLICY, - NORMAL_DTIM); + ret = wma_vdev_set_param(wma->wmi_handle, vdev_id, + WMI_VDEV_PARAM_DTIM_POLICY, + NORMAL_DTIM); if (QDF_IS_STATUS_ERROR(ret)) WMA_LOGE("Failed to Set to Normal DTIM policy"); } diff --git a/drivers/staging/qcacld-3.0/core/wma/src/wma_scan_roam.c b/drivers/staging/qcacld-3.0/core/wma/src/wma_scan_roam.c index ef223586f05d..ec853ca2fbdd 100644 --- a/drivers/staging/qcacld-3.0/core/wma/src/wma_scan_roam.c +++ b/drivers/staging/qcacld-3.0/core/wma/src/wma_scan_roam.c @@ -364,8 +364,12 @@ QDF_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, * of channels in every transition by using * burst scan. */ - cmd->burst_duration = - wma_get_burst_duration( + if (pMac->go_scan_burst_duration) + cmd->burst_duration = + pMac->go_scan_burst_duration; + else + cmd->burst_duration = + wma_get_burst_duration( scan_req->maxChannelTime, wma_handle->miracast_value); @@ -373,14 +377,19 @@ QDF_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, } if (wma_is_sta_active(wma_handle) || wma_is_p2p_cli_active(wma_handle)) { - if (scan_req->burst_scan_duration) + if (pMac->sta_scan_burst_duration) { cmd->burst_duration = + pMac->sta_scan_burst_duration; + } else { + if (scan_req->burst_scan_duration) + cmd->burst_duration = scan_req->burst_scan_duration; - else - /* Typical background scan. - * Disable burst scan for now. - */ - cmd->burst_duration = 0; + else + /* Typical background scan. + * Disable burst scan for now. + */ + cmd->burst_duration = 0; + } break; } if (wma_is_ndi_active(wma_handle)) { @@ -426,20 +435,28 @@ QDF_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, cmd->repeat_probe_time = scan_req->maxChannelTime / 3; - cmd->burst_duration = - WMA_BURST_SCAN_MAX_NUM_OFFCHANNELS * - scan_req->maxChannelTime; - if (cmd->burst_duration > - WMA_P2P_SCAN_MAX_BURST_DURATION) { - uint8_t channels = - WMA_P2P_SCAN_MAX_BURST_DURATION / + if (pMac->p2p_scan_burst_duration) { + cmd->burst_duration = + pMac->p2p_scan_burst_duration; + } else { + cmd->burst_duration = + WMA_BURST_SCAN_MAX_NUM_OFFCHANNELS * scan_req->maxChannelTime; - if (channels) - cmd->burst_duration = - channels * scan_req->maxChannelTime; - else - cmd->burst_duration = + if (cmd->burst_duration > + WMA_P2P_SCAN_MAX_BURST_DURATION) { + uint8_t channels = + WMA_P2P_SCAN_MAX_BURST_DURATION + / scan_req->maxChannelTime; + if (channels) { + cmd->burst_duration = + channels * + scan_req-> + maxChannelTime; + } else { + cmd->burst_duration = WMA_P2P_SCAN_MAX_BURST_DURATION; + } + } } cmd->scan_priority = WMI_SCAN_PRIORITY_MEDIUM; break; @@ -465,11 +482,16 @@ QDF_STATUS wma_get_buf_start_scan_cmd(tp_wma_handle wma_handle, cds_get_channel(CDS_SAP_MODE, NULL)))) { cmd->dwell_time_passive = cmd->dwell_time_active; } - cmd->burst_duration = 0; - if (CDS_IS_DFS_CH(cds_get_channel(CDS_SAP_MODE, NULL))) - cmd->burst_duration = - WMA_BURST_SCAN_MAX_NUM_OFFCHANNELS * - scan_req->maxChannelTime; + + if (pMac->ap_scan_burst_duration) { + cmd->burst_duration = pMac->ap_scan_burst_duration; + } else { + cmd->burst_duration = 0; + if (CDS_IS_DFS_CH(cds_get_channel(CDS_SAP_MODE, NULL))) + cmd->burst_duration = + WMA_BURST_SCAN_MAX_NUM_OFFCHANNELS * + scan_req->maxChannelTime; + } WMA_LOGD("SAP: burst_duration: %d", cmd->burst_duration); } @@ -2099,7 +2121,8 @@ QDF_STATUS wma_process_roaming_config(tp_wma_handle wma_handle, wma_roam_scan_fill_scan_params(wma_handle, pMac, NULL, &scan_params); - if (roam_req->reason == REASON_ROAM_STOP_ALL) + if (roam_req->reason == REASON_ROAM_STOP_ALL || + roam_req->reason == REASON_ROAM_SYNCH_FAILED) mode = WMI_ROAM_SCAN_MODE_NONE; else mode = WMI_ROAM_SCAN_MODE_NONE | @@ -3559,7 +3582,7 @@ QDF_STATUS wma_pno_start(tp_wma_handle wma, tpSirPNOScanReq pno) pno->aNetworks[i].ssId.length; qdf_mem_copy(params->aNetworks[i].ssid.mac_ssid, pno->aNetworks[i].ssId.ssId, - WMI_MAC_MAX_SSID_LENGTH); + pno->aNetworks[i].ssId.length); } params->enable_pno_scan_randomization = @@ -6020,7 +6043,7 @@ QDF_STATUS wma_set_epno_network_list(tp_wma_handle wma, req->networks[i].ssid.length; qdf_mem_copy(params->networks[i].ssid.mac_ssid, req->networks[i].ssid.ssId, - WMI_MAC_MAX_SSID_LENGTH); + req->networks[i].ssid.length); } } diff --git a/drivers/staging/qcacld-3.0/core/wma/src/wma_utils.c b/drivers/staging/qcacld-3.0/core/wma/src/wma_utils.c index ecbb3e8c211f..8d3cbff16eec 100644 --- a/drivers/staging/qcacld-3.0/core/wma/src/wma_utils.c +++ b/drivers/staging/qcacld-3.0/core/wma/src/wma_utils.c @@ -1413,7 +1413,8 @@ static int wma_unified_link_peer_stats_event_handler(void *handle, */ pMac->sme.pLinkLayerStatsIndCallback(pMac->hHdd, WMA_LINK_LAYER_STATS_RESULTS_RSP, - link_stats_results); + link_stats_results, + pMac->sme.ll_stats_context); qdf_mem_free(link_stats_results); return 0; @@ -1608,8 +1609,9 @@ post_stats: * used to retrieve the correct HDD context */ mac->sme.pLinkLayerStatsIndCallback(mac->hHdd, - WMA_LINK_LAYER_STATS_RESULTS_RSP, - link_stats_results); + WMA_LINK_LAYER_STATS_RESULTS_RSP, + link_stats_results, + mac->sme.ll_stats_context); wma_unified_radio_tx_mem_free(handle); return 0; @@ -1813,7 +1815,8 @@ static int wma_unified_link_radio_stats_event_handler(void *handle, pMac->sme.pLinkLayerStatsIndCallback(pMac->hHdd, WMA_LINK_LAYER_STATS_RESULTS_RSP, - link_stats_results); + link_stats_results, + pMac->sme.ll_stats_context); wma_unified_radio_tx_mem_free(handle); return 0; @@ -2291,7 +2294,8 @@ int wma_unified_link_iface_stats_event_handler(void *handle, */ pMac->sme.pLinkLayerStatsIndCallback(pMac->hHdd, WMA_LINK_LAYER_STATS_RESULTS_RSP, - link_stats_results); + link_stats_results, + pMac->sme.ll_stats_context); qdf_mem_free(link_stats_results); return 0; @@ -3230,7 +3234,7 @@ int wma_stats_event_handler(void *handle, uint8_t *cmd_param_info, } while (0); if (excess_data || - (sizeof(*event) > WMI_SVC_MSG_MAX_SIZE - buf_len)) { + (buf_len > WMI_SVC_MSG_MAX_SIZE - sizeof(*event))) { WMA_LOGE("excess wmi buffer: stats pdev %d vdev %d peer %d", event->num_pdev_stats, event->num_vdev_stats, event->num_peer_stats); diff --git a/drivers/staging/qcacld-3.0/uapi/linux/qca_vendor.h b/drivers/staging/qcacld-3.0/uapi/linux/qca_vendor.h index ff4887ddb295..47cf97c36635 100644 --- a/drivers/staging/qcacld-3.0/uapi/linux/qca_vendor.h +++ b/drivers/staging/qcacld-3.0/uapi/linux/qca_vendor.h @@ -3293,6 +3293,19 @@ enum qca_wlan_vendor_attr_config { /* 8-bit unsigned value to set the total beacon miss count */ QCA_WLAN_VENDOR_ATTR_CONFIG_TOTAL_BEACON_MISS_COUNT = 52, + /* + * 8-bit unsigned value indicating the driver to use the RSNE as-is from + * the connect interface. Exclusively used for the scenarios where the + * device is used as a test bed device with special functionality and + * not recommended for production. This helps driver to not validate the + * RSNE passed from user space and thus allow arbitrary IE data to be + * used for testing purposes. + * 1-enable, 0-disable. + * Applications set/reset this configuration. If not reset, this + * parameter remains in use until the driver is unloaded. + */ + QCA_WLAN_VENDOR_ATTR_CONFIG_RSN_IE = 56, + QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST, QCA_WLAN_VENDOR_ATTR_CONFIG_MAX = QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST - 1, diff --git a/net/core/sockev_nlmcast.c b/net/core/sockev_nlmcast.c index 22148bf76e0a..1e92c5632b97 100644 --- a/net/core/sockev_nlmcast.c +++ b/net/core/sockev_nlmcast.c @@ -69,14 +69,17 @@ static int sockev_client_cb(struct notifier_block *nb, struct nlmsghdr *nlh; struct sknlsockevmsg *smsg; struct socket *sock; + struct sock *sk; sock = (struct socket *)data; - if (socknlmsgsk == 0) + if (!socknlmsgsk || !sock) goto done; - if ((socknlmsgsk == NULL) || (sock == NULL) || (sock->sk == NULL)) + + sk = sock->sk; + if (!sk) goto done; - if (sock->sk->sk_family != AF_INET && sock->sk->sk_family != AF_INET6) + if (sk->sk_family != AF_INET && sk->sk_family != AF_INET6) goto done; if (event != SOCKEV_BIND && event != SOCKEV_LISTEN) @@ -98,12 +101,11 @@ static int sockev_client_cb(struct notifier_block *nb, memset(smsg, 0, sizeof(struct sknlsockevmsg)); smsg->pid = current->pid; _sockev_event(event, smsg->event, sizeof(smsg->event)); - smsg->skfamily = sock->sk->sk_family; - smsg->skstate = sock->sk->sk_state; - smsg->skprotocol = sock->sk->sk_protocol; - smsg->sktype = sock->sk->sk_type; - smsg->skflags = sock->sk->sk_flags; - + smsg->skfamily = sk->sk_family; + smsg->skstate = sk->sk_state; + smsg->skprotocol = sk->sk_protocol; + smsg->sktype = sk->sk_type; + smsg->skflags = sk->sk_flags; nlmsg_notify(socknlmsgsk, skb, 0, SKNLGRP_SOCKEV, 0, GFP_KERNEL); done: return 0; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 87873798ef8c..85b65522c2e8 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -10487,6 +10487,7 @@ static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info) return -EOPNOTSUPP; if (!info->attrs[NL80211_ATTR_MDID] || + !info->attrs[NL80211_ATTR_IE] || !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) return -EINVAL; |