Commit Graph

26898 Commits

Author SHA1 Message Date
5059afacee rsi: Remove internal header from Tx status skb
Device specific descriptor for each TX packet is prepared on top of
skb data address. This descriptor should be pulled out before
indicating the TX status to mac80211.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:44 +03:00
79e590d924 rsi: update tx command frame block/unblock data
TX command frame block/unblock data is modified to
use common descriptor structure.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:44 +03:00
bcb283d27f rsi: block/unblock data queues as per connection status
Data queues should be unblocked after station add notify frame
is sent and should be blocked after station delete notify is sent.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:43 +03:00
b3115e8a42 rsi: update autorate request command frame
When Short Gaurd Interval is enabled bit 9 is set in rate. Otherwise
it should not be set. Added missing 'else' case in this patch.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:42 +03:00
2a58900bf5 rsi: set_key enhancements
Broadcast bit to be set for broadcast and multicast packets.
For remove_key, tx and rx mic need not be filled.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:42 +03:00
a84faab0fd rsi: update set_key command frame
TX command frame set_key is modified to use common descriptor
structure.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:41 +03:00
de1d1813a8 rsi: update vap capabilities command frame
VAP capablities frame configured to device is modified to use
common descriptor structure.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:41 +03:00
f04854fa3c rsi: update set_channel command frame
TX command frame set_channel is modified to use common
descriptor structure. Also DFS channel indication to firmware
is added in the descriptor for dfs channels configuration.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:40 +03:00
5c7ca1bbf2 rsi: Update baseband RF programming frame
Baseband RF programming frame configured to device is modified
to use common descriptor structure.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:39 +03:00
3a9828c92b rsi: Update aggregation parameters command frame
AMPDU aggregation parameters frame configured to device is
modified to use common descriptor structure.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:39 +03:00
59e006dc77 rsi: Update peer notify command frame
TX command frame peer notify is updated to use common descriptor
structure. MPDU density value added to the frame.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:38 +03:00
dff80fc5fe rsi: remove unnecessary check for 802.11 management packet
The function rsi_mgmt_pkt_to_core() is for passing the 802.11
management frames to mac80211. So, it is unnecessary to check
again for the frame type 802.11 management in this function.
It can be checked before passing to this function.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:37 +03:00
6abdf2c193 rsi: Update in tx command frame radio capabilities
Radio capabilities frame is updated to use common descriptor
structure. Also, few changes to this frame is done like hardware
queues are increase to 12 from 8, default channel number is included.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:37 +03:00
9a629fafe7 rsi: immediate wakeup bit and priority for TX command packets
For all TX command packets immediate wakeup bit needs to be
set in descriptor. This will make sure device will wakeup if it
is in any sleep state. Priority of the packet is also set.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:36 +03:00
6c8ab76d6a rsi: add common structures needed for command packets
All internal management packets (command packets) use some common
fields and some packet specific fields for packet descriptors.
This patch adds some common structures which are needed for all
command packets.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:25:36 +03:00
cb16453565 rsi: Rename mutex tx_rxlock to the tx_lock.
We have now added separate lock for Rx. This lock is used to protect
tx path only

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:44 +03:00
6c409cad3d rsi: use separate mutex lock for receive thread
Deadlock issue is observed during our stress tests. The root
cause for the issue is same lock is used between tx and rx threads.

This patch adds a separate mutex lock for rx thread to resolve
the problem.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:43 +03:00
ebf084ea0e rsi: SDIO Rx packet processing enhancement
Newer firmware sends information about number of blocks through
interrupt only. We don't need to read extra register for this.
This patch adds needed driver changes for this enhancment. The
change here is backward compatible

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:42 +03:00
72bccf51d4 rsi: Optimise sdio claim and release host
SDIO host is already claimed in our interrupt handler. Some lower
level APIs claims host while performing SDIO read or write operations.
Let's use sdio_irq_task variable to check if we are in interrupt
context and claim/release the host accordingly.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:42 +03:00
5f6ae7cae2 rsi: rename variable in_sdio_litefi_irq
The variable in_sdio_litefi_irq is renamed to sdio_irq_task,
as it is more relevant here.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:41 +03:00
ceb2e4eab9 rsi: separate function for data packet descriptor
Data packet descriptor preparation code is moved a separate
function.

Signed-off-by: Pavani Muthyala <pavani.muthyala@redpinesignals.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:41 +03:00
0eb42586cf rsi: data packet descriptor enhancements
This patch covers some enhancements in data packet descriptor
preparation especially for EAPOL, multicast/broadcast packets.

Signed-off-by: Pavani Muthyala <pavani.muthyala@redpinesignals.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:40 +03:00
af19309776 rsi: data packet descriptor code cleanup
Currently this descriptor is prepared with the help of __le16
pointer. This patch makes use of a structure to prepare the
descriptor in a cleaner way.

Signed-off-by: Pavani Muthyala <pavani.muthyala@redpinesignals.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:39 +03:00
6507de6df9 rsi: separate function for management packet descriptor
Management descriptor preparation is move to a separate function
as it will be called from a different context in upcoming patches.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:38 +03:00
de2dea16ec rsi: management frame descriptor preparation cleanup
Currently this descriptor is prepared with the help of __le16
pointer. This patch makes use of a structure to prepare the
descriptor in a cleaner way.

Signed-off-by: Pavani Muthyala <pavani.muthyala@redpinesignals.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:38 +03:00
015240018b rsi: set immediate wakeup bit
immediate wakeup bit is set while sending internal management
frame to the firmware.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:37 +03:00
d1f69e418f rsi: choose correct endpoint based on queue.
Till now only management packets were handled. Let's enhance
the logic for choosing endpoint to accommodate other packets.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:37 +03:00
5d16a1c1ae rsi: rename USB endpoint macros
These endpoints are for WLAN and BT protocols.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:36 +03:00
ac6107caa0 rsi: correct the logic of deriving queue number
Maximum valid queue number is 0x5. So anding with 0x7 should be
ok here.

Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:36 +03:00
ed833be6fa rsi: USB tx headroom cleanup
USB headroom is added while submitting the data to URB as per
firmware's requirement. This logic is moved to rsi_usb_card_write() so
that caller need not worry about it.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:35 +03:00
ea0676c470 rsi: card reset for USB interface
We need to reset the chip in teardown path so that it can work
next time when driver is loaded. This patch adds support for this
reset configuration for USB.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:35 +03:00
f746606a51 rsi: correct SDIO disconnect path handling
Sometimes it's observed that we get interrupt/Rx frame when device is
already detached from mac80211. In this case couple of error messages
are displayed in dmesg log. This patch corrects the order so that
disconnection will happen cleanly

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:34 +03:00
49ddac0d4b rsi: chip reset for SDIO interface
We need to reset the chip in teardown path so that it can work
next time when driver is loaded. This patch adds support for
this reset configuration for SDIO.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:34 +03:00
f95bbd979d rsi: fix sdio card reset problem
card reset is not working with recent kernels. Using
host->card->ocr instead of host->ocr_avail solved the problem.

Signed-off-by: Karun Eagalapati <karun256@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:33 +03:00
09cfb41f35 rsi: changes in eeprom read frame
EEPROM read frame is sent during device initialization to read mac address.
The format of the frame is modified in firmware to include eeprom length
and offset. This frame does not return firmware version now. Also same
frame is sent again to read rf type and band information.

Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:33 +03:00
e0d0ae8a43 rsi: use BUILD_BUG_ON check for fsm_state
Whenever new fsm_state enum element is added, fsm_state array
also needs to be updated. If this change is missed, we may end
up doing invalid access in array. BUILD_BUG_ON check will help
to avoid this problem.

Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-28 17:22:32 +03:00
1283c6174d Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
ath.git patches for 4.14. Major changes:

ath10k

* preparation for wcn3990 support
2017-07-28 15:11:34 +03:00
5f5d03143d brcmfmac: fix memleak due to calling brcmf_sdiod_sgtable_alloc() twice
Due to a bugfix in wireless tree and the commit mentioned below a merge
was needed which went haywire. So the submitted change resulted in the
function brcmf_sdiod_sgtable_alloc() being called twice during the probe
thus leaking the memory of the first call.

Cc: stable@vger.kernel.org # 4.6.x
Fixes: 4d79289598 ("brcmfmac: switch to new platform data")
Reported-by: Stefan Wahren <stefan.wahren@i2se.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-27 14:03:14 +03:00
58f36b4526 brcmfmac: Don't grow SKB by negative size
The commit to rework the headroom check in start_xmit() now calls
pxskb_expand_head() unconditionally if the header is CoW. Unfortunately,
it does so with the delta between the extant headroom and the header
length, which may be negative if there is already sufficient headroom.

pskb_expand_head() does allow for size being 0, in which case it just
copies, so clamp the header delta to zero.

Opening Chrome (and all my tabs) on a PCIE device was enough to reliably
hit this.

Fixes: 270a6c1f65 ("brcmfmac: rework headroom check in .start_xmit()")
Signed-off-by: Daniel Stone <daniels@collabora.com>
Cc: Arend Van Spriel <arend.vanspriel@broadcom.com>
Cc: James Hughes <james.hughes@raspberrypi.org>
Cc: Hante Meuleman <hante.meuleman@broadcom.com>
Cc: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Cc: Franky Lin <franky.lin@broadcom.com>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-27 14:02:16 +03:00
6e9aae179f wl1251: add a missing spin_lock_init()
This fixes the following kernel warning:

  [ 5668.771453] BUG: spinlock bad magic on CPU#0, kworker/u2:3/9745
  [ 5668.771850]  lock: 0xce63ef20, .magic: 00000000, .owner: <none>/-1,
  .owner_cpu: 0
  [ 5668.772277] CPU: 0 PID: 9745 Comm: kworker/u2:3 Tainted: G        W
  4.12.0-03002-gec979a4-dirty #40
  [ 5668.772796] Hardware name: Nokia RX-51 board
  [ 5668.773071] Workqueue: phy1 wl1251_irq_work
  [ 5668.773345] [<c010c9e4>] (unwind_backtrace) from [<c010a274>]
  (show_stack+0x10/0x14)
  [ 5668.773803] [<c010a274>] (show_stack) from [<c01545a4>]
  (do_raw_spin_lock+0x6c/0xa0)
  [ 5668.774230] [<c01545a4>] (do_raw_spin_lock) from [<c06ca578>]
  (_raw_spin_lock_irqsave+0x10/0x18)
  [ 5668.774658] [<c06ca578>] (_raw_spin_lock_irqsave) from [<c048c010>]
  (wl1251_op_tx+0x38/0x5c)
  [ 5668.775115] [<c048c010>] (wl1251_op_tx) from [<c06a12e8>]
  (ieee80211_tx_frags+0x188/0x1c0)
  [ 5668.775543] [<c06a12e8>] (ieee80211_tx_frags) from [<c06a138c>]
  (__ieee80211_tx+0x6c/0x130)
  [ 5668.775970] [<c06a138c>] (__ieee80211_tx) from [<c06a3dbc>]
  (ieee80211_tx+0xdc/0x104)
  [ 5668.776367] [<c06a3dbc>] (ieee80211_tx) from [<c06a4af0>]
  (__ieee80211_subif_start_xmit+0x454/0x8c8)
  [ 5668.776824] [<c06a4af0>] (__ieee80211_subif_start_xmit) from
  [<c06a4f94>] (ieee80211_subif_start_xmit+0x30/0x2fc)
  [ 5668.777343] [<c06a4f94>] (ieee80211_subif_start_xmit) from
  [<c0578848>] (dev_hard_start_xmit+0x80/0x118)
  ...

by adding the missing spin_lock_init().

Reported-by: Pavel Machek <pavel@ucw.cz>
Cc: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-27 13:59:31 +03:00
d0116f6f7b rtlwifi: kfree entry until after entry->bssid has been accessed
The current code kfree's entry and then dereferences it by accessing
entry->bssid.  Avoid the dereference-after-free by moving the kfree
after the access to entry->bssid.

Detected by CoverityScan, CID#1448600 ("Read from pointer after free")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-27 13:58:18 +03:00
4b5dde2d62 mwifiex: correct channel stat buffer overflows
mwifiex records information about various channels as it receives scan
information. It does this by appending to a buffer that was sized
to the max number of supported channels on any band, but there are
numerous problems:

(a) scans can return info from more than one band (e.g., both 2.4 and 5
    GHz), so the determined "max" is not large enough
(b) some firmware appears to return multiple results for a given
    channel, so the max *really* isn't large enough
(c) there is no bounds checking when stashing these stats, so problems
    (a) and (b) can easily lead to buffer overflows

Let's patch this by setting a slightly-more-correct max (that accounts
for a combination of both 2.4G and 5G bands) and adding a bounds check
when writing to our statistics buffer.

Due to problem (b), we still might not properly report all known survey
information (e.g., with "iw <dev> survey dump"), since duplicate results
(or otherwise "larger than expected" results) will cause some
truncation. But that's a problem for a future bugfix.

(And because of this known deficiency, only log the excess at the WARN
level, since that isn't visible by default in this driver and would
otherwise be a bit too noisy.)

Fixes: bf35443314 ("mwifiex: channel statistics support for mwifiex")
Cc: <stable@vger.kernel.org>
Cc: Avinash Patil <patila@marvell.com>
Cc: Xinming Hu <huxm@marvell.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Reviewed-by: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-07-27 12:35:55 +03:00
81fc9b5ccf drivers/net: Fix ptr_ret.cocci warnings.
we can use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR
1. drivers/net/appletalk/ipddp.c
2. drivers/net/wireless/broadcom/brcm80211/brcmfmac/debug.c

Generated by: scripts/coccinelle/api/ptr_ret.cocci

Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-25 12:27:06 -07:00
bf8b286f86 iwlwifi: mvm: defer setting IWL_MVM_STATUS_IN_HW_RESTART
A hardware/firmware error may happen at any point in time. In
particular, it might happen while mac80211 is in the middle of
a flow. We observed the following situation:
 * mac80211 is in authentication flow, in ieee80211_prep_connection()
 * iwlwifi firmware crashes, but no error can be reported at this
   precise point (mostly because the driver method is void, but even
   if it wasn't we'd just shift to a race condition)
 * mac80211 continues the flow, trying to add the AP station
 * iwlwifi has already set its internal restart flag, and so thinks
   that adding the station is part of the restart and already set up,
   so it uses the information that's supposed to already be in the
   struct

This can happen with any flow in mac80211 and with any information
we try to preserve across hardware restarts.

To fix this, only set a new HW_RESTART_REQUESTED flag and translate
that to IN_HW_RESTART once mac80211 actually starts the restart by
calling our start() method. As a consequence, any mac80211 flow in
progress at the time of the restart will properly finish (certainly
with errors), before the restart is attempted.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=195299.

Reported-by: djagoo <dev@djagoo.io>
Reported-by: Łukasz Siudut <lsiudut@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2017-07-21 12:26:39 +03:00
7b758a1118 iwlwifi: mvm: handle IBSS probe_queue in a few missing places
When IBSS was implemented for DQA, we missid a few places where it
should be handled in the same way as AP.

Fixes: ee48b72211 ("iwlwifi: mvm: support ibss in dqa mode")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2017-07-21 12:26:39 +03:00
5462bcd8c9 iwlwifi: fix tracing when tx only is enabled
iwl_trace_data is somewhat confusing. It returns a bool
that tells if the payload of the skb should be added to
the tx_data event. If it returns false, then the payload
of the skb is added to the tx event.

The purpose is to be able to start tracing with
-e iwlwifi
and record non-data packets only which saves bandwidth.

Since EAPOLs are important, seldom and not real data
packet (despite being WiFi data packets), they are
included in tx event and thus iwl_trace_data returns false
on those. This last part was buggy, and because of that,
all the data packets were included in the tx event.

Fix that.

Fixes: 0c4cb7314d ("iwlwifi: tracing: decouple from mac80211")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2017-07-21 12:26:38 +03:00
2388bd7b13 iwlwifi: missing error code in iwl_trans_pcie_alloc()
We don't set the error code here so we end up returning ERR_PTR(0) which
is NULL.  The caller doesn't expect that so it results in a NULL
dereference.

Fixes: 2e5d4a8f61 ("iwlwifi: pcie: Add new configuration to enable MSIX")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2017-07-21 12:26:38 +03:00
61dd8a8a6a iwlwifi: mvm: fix a NULL pointer dereference of error in recovery
Sometimes, we can have an firmware crash while trying to
recover from a previous firmware problem.
When that happens, lots of things can go wrong. For example
the stations don't get added properly to mvm->fw_id_to_mac_id.

Mac80211 tries to stop A-MPDU upon reconfig but in case of
a firmware crash we will bail out fairly early and in the
end, we won't delete the A-MPDU Rx timeout.
When that timer expired after a double firmware crash,
we end up dereferencing mvm->fw_id_to_mac_id[sta_id]
which is NULL.

Fixes: 10b2b2019d ("iwlwifi: mvm: add infrastructure for tracking BA session in driver")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2017-07-21 12:26:37 +03:00
f6eac740a9 iwlwifi: pcie: fix unused txq NULL pointer dereference
Before TVQM, all TX queues were allocated straight at init.
With TVQM, queues are allocated on demand and hence we need
to check if a queue exists before dereferencing it.

Fixes: 66128fa08806 ("iwlwifi: move to TVQM mode")
Signed-off-by: Mordechai Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2017-07-21 12:26:37 +03:00
0b0f934e92 iwlwifi: dvm: prevent an out of bounds access
iwlagn_check_ratid_empty takes the tid as a parameter, but
it doesn't check that it is not IWL_TID_NON_QOS.
Since IWL_TID_NON_QOS = 8 and iwl_priv::tid_data is an array
with 8 entries, accessing iwl_priv::tid_data[IWL_TID_NON_QOS]
is a bad idea.
This happened in iwlagn_rx_reply_tx. Since
iwlagn_check_ratid_empty is relevant only to check whether
we can open A-MPDU, this flow is irrelevant if tid is
IWL_TID_NON_QOS. Call iwlagn_check_ratid_empty only inside
the
	if (tid != IWL_TID_NON_QOS)

a few lines earlier in the function.

Cc: <stable@vger.kernel.org>
Reported-by: Seraphime Kirkovski <kirkseraph@gmail.com>
Tested-by: Seraphime Kirkovski <kirkseraph@gmail.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2017-07-21 12:26:36 +03:00