If SAP start on 6 GHz, client associate request will not have HT
capability, so sta_ds->ch_width update too late in function
lim_update_sta_ds, but it is used by lim_populate_matching_rate_set
and lim_populate_eht_mcs_set, it lead to update 20 MHz eht mcs set
and caused other bandwidth eht mcs set not update and keep 0 finally
pass it to target. It will impact TX performance a lot.
Move forward functions to update sta_ds->ch_width for 6 GHz.
And update a typo of bw_160_rx_max_nss_for_mcs_10_and_11, it write
as tx.
Change-Id: I1c1cbe1daf8bfdf163d73c7aba5e7335e99e8157
CRs-Fixed: 3863495
Add check for upperbound for num_dev in case of num_dev
assigned less than max_tfe.
CRs-Fixed: 3868093
Change-Id: I7d13467a58617b431d5fbd44a2682fe45d8a23bf
Signed-off-by: Pranav Sanwal <quic_psanwal@quicinc.com>
race condiction may happen between thread left nbufs and NAPI RX nbuf.
Change is to make sure thread queue is clean before remove bh protect.
Change-Id: Icbc0d9b14cb7a1dd87f5b42f3e658531ed5bc3d9
CRs-Fixed: 3864304
currently if bss_max_idle_period is greater than default configured
value of sta_keep_alive then same value will be sent to FW. If any
AP sets bss_max_idle_period to greater than sta_keep_alive then reset
is not done on vdev stop due to which same value will be set for
new connection.
Fix is to not to send bss_max_idle_period as time period limit because
same value is updated in bss_max_idle_period of interface. So, default
configured value of sta_keep_alive_timer is required to be passed for
threshold validation. value reset is required once vdev stop happens
to avoid same keep alive even if bss_max_idle_period is not advertised
by AP.
CRs-Fixed: 3861815
Change-Id: I457a436a4c8a561600e93b3d5deaa0399fbd2c7d
On some platforms, those with all of icnss, cnss
and the corresponding wlan drivers being present, but
only one dt node for wlan device, we only need one
platform driver which is compatible with the dt node.
To achieve this, return '-ENODEV' on icnss driver loading
if there is no matching dt node, just as cnss2 does.
This change can also fix the issue as below:
Background: icnss2 returns '-EAGAIN' when wlan driver
register request comes too early, to trigger the retry
mechanism in wlan driver.
Considering a device with drivers and dt node as
mentioned upon, and a wlan driver is trying to
register itself in icnss2 driver. But it will
definitely fail because icnss2 has not been probed
(due to no compatible dt node) and retry for up to
50 times with a 100ms interval due to the return
value '-EAGAIN'. This delays android bootup.
With this fix applied, wlan driver loading will fail
before registering itself to platform driver because
it depends on icnss2 that failed to load.
Change-Id: I8dfe8821c0c8ec45e7e55913de26060a32ffce82
CRs-Fixed: 3867504
SP_READ_SEL register is incorrectly programmed during debug AHB register
collection. Fix it by correctly programming the SP and uSPTP id in this
register.
Change-Id: I332749e223c0f8b018e5a445b834b43ee1a66540
Signed-off-by: Kaushal Sanadhya <quic_ksanadhy@quicinc.com>
Currently, aperture register is not cleared after dumping
mempool debug data in snapshot. Fix this by clearing the
aperture register.
Change-Id: I3cb5e82da7ae17196323867561c1d58ec53c7786
Signed-off-by: Kamal Agrawal <quic_kamaagra@quicinc.com>
Currently, the capturescript accumulates content from previous
invocation, leading to repeated execution of the entire script.
Ensure that the content from previous invocation is cleared
before each execution. This optimization significantly reduces
snapshot latency for gen8.
Change-Id: I9d8c53c97650d5872f60c223727cc1d1e9ae1046
Signed-off-by: Kamal Agrawal <quic_kamaagra@quicinc.com>
Currently, the state type is not specified during debug AHB
register collection through the legacy path. Fix this by
specifying state type properly.
Change-Id: I31549a740c8024587a565c77561bc223e65d0a8d
Signed-off-by: Kamal Agrawal <quic_kamaagra@quicinc.com>
At few places, aperture register is not cleared after
programming registers behind aperture. Fix them by
clearing aperture register properly.
Change-Id: If82346a317d95218b04e396536df611e11d3e89e
Signed-off-by: Kamal Agrawal <quic_kamaagra@quicinc.com>
1. Ensure GX GDSC is ON to dump GMU registers on GX headswitch
2. Check for RPMH state to make sure GPU is active when dumping
the registers.
3. CX debugbus does not need GX ON, move it to its own function
so that it can be called independently.
4. Move the GX debugbus and tracebuffer under the GX check to
ensure we do not read/write these registers without checking
for GX ON.
Change-Id: I711df499a2499e7114044a9ef37b55c563f2939c
Signed-off-by: Urvashi Agrawal <quic_urvaagra@quicinc.com>
Signed-off-by: Kaushal Sanadhya <quic_ksanadhy@quicinc.com>
Currently, in ife hw manager we are checking the validity of ife out
resource id against the max supported resource id from the header.
The bound check is incorrect as it allows resource id equal to the
max value. Fix this to avoid OOB access.
CRs-Fixed: 3865200
Change-Id: Ib51190a0b089dd8379e1442546e852a81bdb7285
Signed-off-by: Mukund Madhusudan Atre <quic_matre@quicinc.com>
- Remove transcoding info since FW doesn't support
transoding info HFI in volcano
Change-Id: I7147a4e2ff5debedebb36ad8d676597ee309193a
Signed-off-by: Rajathi S <quic_rajathis@quicinc.com>
Currently, wlan_logging event flags is defined as unsigned long
and kernel APIs(set_bit/test_bit/clear_bit) are used to operate
on this. But these APIs might expect an unsigned long array and
static analyzer tool reported the same as OOB access on this.
Use QDF APIs to define the bitmap and to operate on the bitmap
also which takes care of these.
Change-Id: Ied1c5cbfc82dc0185c79278bdaedfbd894527ef9
CRs-Fixed: 3865946
When a context is submitted with a MAX constraint sub_type, followed by
back-to-back submissions of a MIN constraint sub_type, the expiry of the
MAX constraint is increased. This results in the max_pwrlevel being
retained for a longer period.
To fix this, add sub_type constraint check also. This ensures that
expiry is updated only if the previous and current sub_type constraint
are the same.
Change-Id: I46cd6efa3c2bd698bf26febfb1928f4fcd8ce30b
Signed-off-by: Sanjay Yadav <quic_sanjyada@quicinc.com>
As part of partial update, the DSI command engine is programmed
with the new ROI. However, because double buffering is not enabled
for DSI command mode registers, updating them during a partial
update use case when the previous frame is not yet finished can
result in a configuration mismatch between MDP and DSI. In this
scenario, DSI is configured with the new ROI, while MDP is still
configured for the previous frame’s ROI. This mismatch can lead
to a write pointer timeout.
To avoid this issue, wait for MDP to be idle before updating the
new ROI.
Change-Id: I1796cb7872edaf9e1d76681c2d948bc1b567c298
Signed-off-by: Anand Tarakh <quic_atarakh@quicinc.com>
Enable HOLB discard and drop stats for Apps WAN default pipe
for all >= 5.2 IPA HW version targets.
Change-Id: I404c5a431ff058c19edd72b7694ecd54710cb33f
Signed-off-by: Pavan Kumar M <quic_rpavan@quicinc.com>
Un-clocked access of registers during dumping the registers while
handling the start failure.
Reason for the issue is that handle regdump trying to read the hw
registers when HW clocks are disabled.
This commits adds a check to validate if the hw is initialized before
accessing the registers.
CRs-Fixed: 3865839
Change-Id: I46878fe1b5442689f8fd909b6bfc9fda0686dac9
Signed-off-by: Pranav Sanwal <quic_psanwal@quicinc.com>
Due to GKI limitation, cannot enable boot markers for kernel.6.1.
Need to add logs for KPI test.
Change-Id: Iba832fcc961fb284430ac8597a916c81077d1cff
Signed-off-by: Deru Wang <quic_deruwang@quicinc.com>
Currently, the DSP updates header buffers with unused DMA handle fds.
In the put_args section, if any DMA handle FDs are present in the
header buffer, the corresponding map is freed. However, since the
header buffer is exposed to users in unsigned PD, users can update
invalid FDs. If this invalid FD matches with any FD that is already
in use, it could lead to a use-after-free (UAF) vulnerability.
As a solution,add DMA handle references for DMA FDs, and the map for
the FD will be freed only when a reference is found.
Change-Id: Ie4d19dc0ef0ebdda5ed2fe6f7b64598ef661a63f
Signed-off-by: quic_anane <quic_anane@quicinc.com>
If a duplicate BSS with same BSSID and MLD address exists then it
can potentially override the scan entry in DB and later driver may
use this duplicate entry for connection whose freq and IEEE link id
could be different.
Crypto keys for each link is saved as a hash function of BSSID and
corresponding link's IEEE link id. So picking scan entry with wrong
link id will result in not finding crypto keys.
For link switch cases this error results in triggering disconnect but
the response of link switch goes as success as error is not properly
notified to mlo manager and FW expects valid crypto keys to be plumbed
before sending link switch success.
Add link id and frequency to scan filter for partner link connect and
link switch connect to avoid connection if scan entry is not found.
Change-Id: I0b400dd584e1a4fa4ee717e34308c1434083a6dd
CRs-Fixed: 3831342
Introduce APIs to fetch the self IEEE link id of the scan entry
and also add new fields to scan filter to enable filtering
entries matching the link id.
Change-Id: I5da8592dc60dbca4734601d746a1137655ee0b34
CRs-Fixed: 3843567
Add link id to connect request for partner link roaming to
match with scan entry's self link id to avoid selecting
a candidate with same BSSID and MLD but different link id.
Change-Id: I4b903f2e64a9eb4cc9f197577b2b11ea657aa2b2
CRs-Fixed: 3843561
To avoid array index out of bound for chan_list->chan index use
qdf_min to fill chan_list->num_chan.
CRs-Fixed: 3776519
Change-Id: I33d5059a4f8da6637c2bbf69378cfad5d65ba1b5
Previously, the Host driver assigned a minimum score of 1 to
any candidate, if the BSSID was in the deny list.
This commit introduces a change to prioritize candidates based on
their link type. The new scoring system adds more weight to MLO
over SLO and Legacy links. The priority order is as follows:
MLO 3-link > MLO 2-link > SLO > Legacy.
Change-Id: I1bb8247d7a2ae88967c0949c0a51e32a3d8a44da
CRs-Fixed: 3855155
In api extract_roam_frame_info_tlv(), the request_response
bit is checked in order to determine whether the frame
received is a request frame or response frame which
in turn used to evaluate wmi_roam_frame_info->status_code
as tx_status code for transmitted frame and IEEE 80211
status code for received frames.
However, the request_response bit is only valid for Authentication
frames and hence status code for Association and Re-association
frame is reported incorrectly.
Fix the check to evaluate wmi_roam_frame_info->status_code as
tx_status code for the following:
1. Frame is Authentication Frame and request_response bit is
set to '0'
2. Frame is Association Request frame
3. Frame is Re-Association Request Frame.
Change-Id: Icb7633ba8bf662f4987be016715051fa6d1adc06
CRs-Fixed: 3800906
Add check for upperbound for num devices obtained from query cap v2
preventing integer overflow.
CRs-Fixed: 3864081
Change-Id: I899c794bad2278f39dbea3f80ca701e54cf8d1a9
Signed-off-by: Pranav Sanwal <quic_psanwal@quicinc.com>
When there is CWB enablement + dynamic clock change request in
single commit, during modeset enables the cwb seamless check
is hit for primary connector causing bridge pre enable
and enable calls skipped for dsi connector. This change ensures
the above seamless transition is taken care with any modeset case
as well.
Change-Id: I8d7ef4f8c579d44ddb0bfd5dc584fe5c778df886
Signed-off-by: Jayaprakash Madisetty <quic_jmadiset@quicinc.com>
Signed-off-by: Mahadevan <quic_mahap@quicinc.com>
Currently, compact fastrpc ioctl functions allocate memory dynamically
and return without freeing this memory. Do memory free before return.
Change-Id: I4591ccc951e7e43362a4c2d9e0265c89ab8582f8
Signed-off-by: rnallago <quic_rnallago@quicinc.com>
Say, a context is invalidated, and we drain all its hardware
fences in drawctxt->hw_fence_list as part of recovery sequence.
However, the KGSL_CONTEXT_PRIV_INVALID remains set. Say, as part
of replay, another context causes a GPU fault and we again run
recovery. If the invalidated context has not been destroyed yet,
after recovery we will again get a handle to that context. And
say if context gets destroyed concurrently, we will end up
de-referencing invalid drawctxt->hw_fence_list pointer. To fix this,
try to take context reference before de-referencing
drawctxt->hw_fence_list. In case the context is in the middle of
getting destroyed, but hasn't been removed from the
device->context_idr, _kgsl_context_get() will fail and avoid
de-referencing the invalid drawctxt->hw_fence_list pointer.
Change-Id: I93d8b7ad23c8cd6a805ed82a70b1b573f15c79ae
Signed-off-by: Harshdeep Dhatt <quic_hdhatt@quicinc.com>
(cherry picked from commit d94431237b)
