IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Call cpu_latency_qos_add/update/remove_request() instead of
pm_qos_add/update/remove_request(), respectively, because the
latter are going to be dropped.
No intentional functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com
Acked-by: Kalle Valo <kvalo@codeaurora.org>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Amit Kucheria <amit.kucheria@linaro.org>
Tested-by: Amit Kucheria <amit.kucheria@linaro.org>
With multiple VIFS ath10k, and probably others, tries to find the
minimum txpower for all vifs and uses that when setting txpower in
the firmware.
If a second vif is added and starts to scan, it's txpower is not
initialized yet and it set to zero.
ath10k had a patch to ignore zero values, but then it is impossible
to actually set txpower to zero.
So, instead initialize the txpower to INT_MIN in mac80211, and let
drivers know that means the power has not been set and so should
be ignored.
This should fix regression in:
commit 88407beb1b1462f706a1950a355fd086e1c450b6
Author: Ryan Hsu <ryanhsu@qca.qualcomm.com>
Date: Tue Dec 13 14:55:19 2016 -0800
ath10k: fix incorrect txpower set by P2P_DEVICE interface
Tested on ath10k 9984 with ath10k-ct firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Link: https://lore.kernel.org/r/20191217183057.24586-1-greearb@candelatech.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When there is WMI command failure, 'peer->sta' was not getting
cleaned up, and mac80211 frees the 'sta' memory, which is causing
the below page fault.
Cleaning up the sta pointer in ath11k whenever peer delete command
is sent.
Unable to handle kernel paging request at virtual address 200080000006a
pgd = ffffffc02a774000
[200080000006a] *pgd=0000000000000000, *pud=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
.
.
.
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.4.60 #1
Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT)
task: ffffffc00083c6d0 ti: ffffffc00083c6d0 task.ti: ffffffc00083c6d0
PC is at ath11k_dp_rx_process_mon_status+0x114/0x4e0 [ath11k]
LR is at ath11k_dp_rx_process_mon_status+0xe8/0x4e0 [ath11k]
pc : [<ffffffbffcf8e544>] lr : [<ffffffbffcf8e518>] pstate: 60000145
sp : ffffffc000833a30
Signed-off-by: Vikas Patel <vikpatel@codeaurora.org>
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
PPDU_CTRL type is missing in current pktlog dumps.
PPDU_CTRL is sent on CE5 with len 2560 bytes, current
driver ignores the payload len greter than 2048.
PPDU_CTRL of 2560 bytes is sent in two fragments of len 2028
and 532 bytes, but firmware reports pkt header has length as 2560
for both of the fragments.
Signed-off-by: Anilkumar Kolli <akolli@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In multi AP VAP scenario, when user bring down the interfaces. mac80211 mark
the interface down for the duplicated VAP and removed from the
local->interfaces list. ath11k_mac_get_arvif() is dependent on
ieee80211_iterate_active_interfaces_atomic() API to find the vdev id
in a given radio. In disassociation path, ath11k_mac_get_arvif() not
able to find the given vdev id since that VAP is removed from the
local->interfaces list. since sta_state callback throws error, mac80211 log
the below WARN_ON_ONCE message.
Fixed it by storing the allocated_vdev_map in each radio structure to maintain
the created vdev id bits. so that we can directly mask this against the given
vdev_id to find out the ar from the vdev_id.
WARN LOG:
WARNING: at net/mac80211/sta_info.c:1008
CPU: 2 PID: 2135 Comm: hostapd Not tainted #1
Hardware name: Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1 (DT)
task: ffffffc03a43d800 ti: ffffffc03a43d800 task.ti: ffffffc03a43d800
PC is at sta_set_sinfo+0x9dc/0xad4 [mac80211]
LR is at sta_set_sinfo+0x9cc/0xad4 [mac80211]
pc : [<ffffffbffce2a008>] lr : [<ffffffbffce29ff8>] pstate: 20000145
sp : ffffffc02cedb5f0
x29: ffffffc02cedb5f0 x28: ffffffc03a43d800
x27: 0000000000000014 x26: 0000000000000001
x25: ffffffc02cfc4000 x24: ffffffc036905508
x23: 0000000000000012 x22: ffffffc02cedb670
x21: ffffffc03bc64880 x20: ffffffc036904f80
x19: ffffffc02ae31000 x18: 00000000b019f3a1
x17: 0000000057f30331 x16: 00000000d8d1998e
x15: 0000000000000066 x14: 393a35383a36343a
x13: 6337203a6e6f6974 x12: 6174732065746169
x11: 636f737361736964 x10: 206f742064656c69
x9 : 6146203a31696669 x8 : 6337203a6e6f6974
x7 : 6174732065746169 x6 : ffffffc0008c33f6
x5 : 0000000000000000 x4 : 0000000000000000
x3 : 0000000000000000 x2 : 00000000ffffff92
x1 : 0000000000000000 x0 : ffffffbffcea1091
---[ end trace 63c4b1c527345d5a ]---
Call trace:
[<ffffffbffce2a008>] sta_set_sinfo+0x9dc/0xad4 [mac80211]
[<ffffffbffce2a2c4>] __sta_info_flush+0xec/0x130 [mac80211]
[<ffffffbffce3dc48>] ieee80211_nan_func_match+0x1a34/0x23e4 [mac80211]
[<ffffffbffcde03e0>] __cfg80211_stop_ap+0x60/0xf0 [cfg80211]
[<ffffffbffcdb6d08>] __cfg80211_leave+0x110/0x150 [cfg80211]
[<ffffffbffcdb6d78>] cfg80211_leave+0x30/0x48 [cfg80211]
[<ffffffbffcdb6fbc>] cfg80211_init_wdev+0x22c/0x808 [cfg80211]
[<ffffffc0000afe28>] notifier_call_chain+0x50/0x84
[<ffffffc0000afefc>] raw_notifier_call_chain+0x14/0x1c
[<ffffffc0004ae94c>] call_netdevice_notifiers_info+0x5c/0x6c
[<ffffffc0004ae96c>] call_netdevice_notifiers+0x10/0x18
[<ffffffc0004aea80>] __dev_close_many+0x54/0xc0
[<ffffffc0004aeb50>] dev_close_many+0x64/0xdc
[<ffffffc0004b0b70>] rollback_registered_many+0x138/0x2f4
[<ffffffc0004b0d4c>] rollback_registered+0x20/0x34
[<ffffffc0004b34b4>] unregister_netdevice_queue+0x68/0xa8
[<ffffffbffce3870c>] ieee80211_if_remove+0x84/0xc0 [mac80211]
[<ffffffbffce3e588>] ieee80211_nan_func_match+0x2374/0x23e4 [mac80211]
[<ffffffbffcdc29e8>] cfg80211_wext_giwscan+0x1000/0x1140 [cfg80211]
[<ffffffbffcb2a87c>] backport_genlmsg_multicast_allns+0x158/0x1b4 [compat]
[<ffffffc0004e0944>] genl_family_rcv_msg+0x258/0x2c0
[<ffffffc0004e09f4>] genl_rcv_msg+0x48/0x6c
[<ffffffc0004dfb50>] netlink_rcv_skb+0x5c/0xc4
[<ffffffc0004e06d8>] genl_rcv+0x34/0x48
[<ffffffc0004df570>] netlink_unicast+0x12c/0x1e0
[<ffffffc0004df9a4>] netlink_sendmsg+0x2bc/0x2dc
[<ffffffc00049a540>] sock_sendmsg+0x18/0x2c
[<ffffffc00049ab94>] ___sys_sendmsg+0x1bc/0x248
[<ffffffc00049ba24>] __sys_sendmsg+0x40/0x68
[<ffffffc00049ba5c>] SyS_sendmsg+0x10/0x20
[<ffffffc000085db0>] el0_svc_naked+0x24/0x28
Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
ath11k_mac_get_ar_by_vdev_id() get protected under rcu lock
and unlock. peer association confirmation event get used this API
without rcu protection, so corrected it.
Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Parse and store the out-of-band rates reported by the FW.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
We will start using ieee80211_tx_status_ext() so we do not need to track
tx rates inside a struct ieee80211_tx_info. It is currently not possible
to populate that struct with HE rate info anyhow.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Clang warns a few times (trimmed for brevity):
../drivers/net/wireless/ath/ath11k/debugfs_sta.c:185:7: warning:
variable 'rate_idx' is used uninitialized whenever 'if' condition is
false [-Wsometimes-uninitialized]
It is not wrong, rate_idx is only initialized in the first if block.
However, this is not necessarily an issue in practice because rate_idx
will only be used when initialized because
ath11k_accumulate_per_peer_tx_stats only uses rate_idx when flags is not
set to RATE_INFO_FLAGS_HE_MCS, RATE_INFO_FLAGS_VHT_MCS, or
RATE_INFO_FLAGS_MCS. Still, it is not good to stick uninitialized values
into another function so initialize it to zero to prevent any issues
down the line.
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Link: https://github.com/ClangBuiltLinux/linux/issues/832
Reported-by: ci_notify@linaro.org
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
BTCOEX feature is not supported by all QCA4019 chipsets.
Since btcoex enabled by default in firmware, host needs to
enable COEX support depends on the hardware. Enabling it
by default in unsupported hardware will cause some
feature disabled in hardware.
This patch will read btcoex_support flag and
wlan priority gpio pin number from DT. Depends on the
btcoex_support flag value host will expose BTCOEX support
and wlan priority gpio pin number to target.
Testing:
* Tested HW : QCA4019
* Tested FW : 10.4-3.2.1.1-00017
Signed-off-by: Tamizh Chelvam <tamizhr@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fix warnings which were recently introduced:
drivers/net/wireless/ath/ath10k/ahb.c:462: Alignment should match open parenthesis
drivers/net/wireless/ath/ath10k/ahb.c:470: Alignment should match open parenthesis
drivers/net/wireless/ath/ath10k/sdio.c:697: space prohibited before that close parenthesis ')'
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Pull networking updates from David Miller:
1) Add WireGuard
2) Add HE and TWT support to ath11k driver, from John Crispin.
3) Add ESP in TCP encapsulation support, from Sabrina Dubroca.
4) Add variable window congestion control to TIPC, from Jon Maloy.
5) Add BCM84881 PHY driver, from Russell King.
6) Start adding netlink support for ethtool operations, from Michal
Kubecek.
7) Add XDP drop and TX action support to ena driver, from Sameeh
Jubran.
8) Add new ipv4 route notifications so that mlxsw driver does not have
to handle identical routes itself. From Ido Schimmel.
9) Add BPF dynamic program extensions, from Alexei Starovoitov.
10) Support RX and TX timestamping in igc, from Vinicius Costa Gomes.
11) Add support for macsec HW offloading, from Antoine Tenart.
12) Add initial support for MPTCP protocol, from Christoph Paasch,
Matthieu Baerts, Florian Westphal, Peter Krystad, and many others.
13) Add Octeontx2 PF support, from Sunil Goutham, Geetha sowjanya, Linu
Cherian, and others.
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next: (1469 commits)
net: phy: add default ARCH_BCM_IPROC for MDIO_BCM_IPROC
udp: segment looped gso packets correctly
netem: change mailing list
qed: FW 8.42.2.0 debug features
qed: rt init valid initialization changed
qed: Debug feature: ilt and mdump
qed: FW 8.42.2.0 Add fw overlay feature
qed: FW 8.42.2.0 HSI changes
qed: FW 8.42.2.0 iscsi/fcoe changes
qed: Add abstraction for different hsi values per chip
qed: FW 8.42.2.0 Additional ll2 type
qed: Use dmae to write to widebus registers in fw_funcs
qed: FW 8.42.2.0 Parser offsets modified
qed: FW 8.42.2.0 Queue Manager changes
qed: FW 8.42.2.0 Expose new registers and change windows
qed: FW 8.42.2.0 Internal ram offsets modifications
MAINTAINERS: Add entry for Marvell OcteonTX2 Physical Function driver
Documentation: net: octeontx2: Add RVU HW and drivers overview
octeontx2-pf: ethtool RSS config support
octeontx2-pf: Add basic ethtool support
...
Pull perf updates from Ingo Molnar:
"Kernel side changes:
- Ftrace is one of the last W^X violators (after this only KLP is
left). These patches move it over to the generic text_poke()
interface and thereby get rid of this oddity. This requires a
surprising amount of surgery, by Peter Zijlstra.
- x86/AMD PMUs: add support for 'Large Increment per Cycle Events' to
count certain types of events that have a special, quirky hw ABI
(by Kim Phillips)
- kprobes fixes by Masami Hiramatsu
Lots of tooling updates as well, the following subcommands were
updated: annotate/report/top, c2c, clang, record, report/top TUI,
sched timehist, tests; plus updates were done to the gtk ui, libperf,
headers and the parser"
* 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (57 commits)
perf/x86/amd: Add support for Large Increment per Cycle Events
perf/x86/amd: Constrain Large Increment per Cycle events
perf/x86/intel/rapl: Add Comet Lake support
tracing: Initialize ret in syscall_enter_define_fields()
perf header: Use last modification time for timestamp
perf c2c: Fix return type for histogram sorting comparision functions
perf beauty sockaddr: Fix augmented syscall format warning
perf/ui/gtk: Fix gtk2 build
perf ui gtk: Add missing zalloc object
perf tools: Use %define api.pure full instead of %pure-parser
libperf: Setup initial evlist::all_cpus value
perf report: Fix no libunwind compiled warning break s390 issue
perf tools: Support --prefix/--prefix-strip
perf report: Clarify in help that --children is default
tools build: Fix test-clang.cpp with Clang 8+
perf clang: Fix build with Clang 9
kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
tools lib: Fix builds when glibc contains strlcpy()
perf report/top: Make 'e' visible in the help and make it toggle showing callchains
perf report/top: Do not offer annotation for symbols without samples
...
There is a spelling mistake in a wcn36xx_err message. Fix it.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
There is a spelling mistake in a ar5523_err message. Fix it.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add the required USB ID for running SMCWUSBT-G2 wireless adapter (SMC
"EZ Connect g").
This device uses ar5523 chipset and requires firmware to be loaded. Even
though pid of the device is 4507, this patch adds it as 4506 so that
AR5523_DEVICE_UG macro can set the AR5523_FLAG_PRE_FIRMWARE flag for pid
4507.
Signed-off-by: Mert Dirik <mertdirik@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Use device_get_match_data() here to simplify the code a bit.
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Some printks in here don't have newlines at the end, meaning the log
will be sort of hard to read. Add newlines.
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The management packets, send to firmware via WMI, are
mapped using the direction DMA_TO_DEVICE. Currently in
case of wmi cleanup, these buffers are being unmapped
using an incorrect DMA direction. This can cause unwanted
behavior when the host driver is handling a restart
of the wlan firmware.
We might see a trace like below
[<ffffff8008098b18>] __dma_inv_area+0x28/0x58
[<ffffff8001176734>] ath10k_wmi_mgmt_tx_clean_up_pending+0x60/0xb0 [ath10k_core]
[<ffffff80088c7c50>] idr_for_each+0x78/0xe4
[<ffffff80011766a4>] ath10k_wmi_detach+0x4c/0x7c [ath10k_core]
[<ffffff8001163d7c>] ath10k_core_stop+0x58/0x68 [ath10k_core]
[<ffffff800114fb74>] ath10k_halt+0xec/0x13c [ath10k_core]
[<ffffff8001165110>] ath10k_core_restart+0x11c/0x1a8 [ath10k_core]
[<ffffff80080c36bc>] process_one_work+0x16c/0x31c
Fix the incorrect DMA direction during the wmi
management tx buffer cleanup.
Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1
Fixes: dc405152bb6 ("ath10k: handle mgmt tx completion event")
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
There are two error paths where "ret" wasn't set. Also one error path
we set the error code to -EINVAL but we should just preserve the error
code from ath11k_hal_srng_get_entrysize(). That function only returns
-EINVAL so this doesn't change anything.
I removed the "ret = 0;" initializers so that hopefully GCC will be able
to detect these sorts of bugs in the future.
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN to the list of known
fields. Not doing so will result in wireshark not calculating the
bitrate correctly.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In the unlikely event that cap->supported_bands has neither
WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer
band is null and a null dereference occurs when assigning
band->n_iftype_data. Move the assignment to the if blocks to
avoid this. Cleans up static analysis warnings.
Addresses-Coverity: ("Explicit null dereference")
Fixes: 9f056ed8ee01 ("ath11k: add HE support")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This adds missing rx rate info stats like pilot evm,
per chain rssi, per user ul ppdu and mpdu counts and
ul ofdma rate info etc.
And add null checks for memory alloc failures.
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Currently the structure ts is not inititalized and ts.flags contains
garbage values from the stack. This is being passed into function
ath11k_dp_tx_status_parse that bit-wise or'ing in settings into the
ts.flags field. To avoid flags (and other fields) from containing
garbage, initialize the structure to zero before use.
Addresses-Coverity: ("Uninitialized scalar variable)"
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The channel info parameters are required by the firmware to process TxBf
parameters. Currently TxBf is passed prior to the channel info. This patch
moves TxBf setup after the channel setup.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This patch enables HE tlvs in ppdu stats for pktlog lite mode.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Anilkumar Kolli <akolli@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When CONFIG_ATH11K_DEBUGFS is disabled, but CONFIG_MAC80211_DEBUGFS
is turned on, the driver fails to build:
drivers/net/wireless/ath/ath11k/debugfs_sta.c: In function 'ath11k_dbg_sta_open_htt_peer_stats':
drivers/net/wireless/ath/ath11k/debugfs_sta.c:416:4: error: 'struct ath11k' has no member named 'debug'
ar->debug.htt_stats.stats_req = stats_req;
^~
It appears that just using the former symbol is sufficient here,
adding a Kconfig dependency takes care of the corner cases.
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
For some targets ex: QCS404, SCM permissions for MSA region is
statically configured in TrustZone fw. Add SCM call disable option
for such targets to avoid duplicate permissions.
Testing: Tested on WCN3990 HW
Tested FW: WLAN.HL.3.1-01040-QCAHLSWMTPLZ-1
Signed-off-by: Govind Singh <govinds@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This reverts commit 76d164f582150fd0259ec0fcbc485470bcd8033e.
PCIe hung issue was observed on multiple platforms. The issue was reproduced
when DUT was configured as AP and associated with 50+ STAs.
For QCA9984/QCA9888, the DMA_BURST_SIZE register controls the AXI burst size
of the RD/WR access to the HOST MEM.
0 - No split , RAW read/write transfer size from MAC is put out on bus
as burst length
1 - Split at 256 byte boundary
2,3 - Reserved
With PCIe protocol analyzer, we can see DMA Read crossing 4KB boundary when
issue happened. It broke PCIe spec and caused PCIe stuck. So revert
the default value from 0 to 1.
Tested: IPQ8064 + QCA9984 with firmware 10.4-3.10-00047
QCS404 + QCA9984 with firmware 10.4-3.9.0.2--00044
Synaptics AS370 + QCA9888 with firmware 10.4-3.9.0.2--00040
Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When simulate random transfer fail for sdio write and read, it crash
sometimes.
Test steps:
1. Add config and update kernel:
CONFIG_FAIL_MMC_REQUEST=y
CONFIG_FAULT_INJECTION=y
CONFIG_FAULT_INJECTION_DEBUG_FS=y
2. run simulate fail:
cd /sys/kernel/debug/mmc1/fail_mmc_request
echo 10 > probability
echo 10 > times # repeat until hitting issues
3. it crash, the act len of ath10k_htc_hdr is higher than allocate len, it cause panic:
[ 99.723482] skbuff: skb_over_panic: text:00000000caa0f780 len:57013 put:57013 head:000000004116f24a data:0000000019ecb4dc tail:0xdef5 end:0x640 dev:<NULL>
[ 99.737697] ------------[ cut here ]------------
[ 99.742327] kernel BUG at /mnt/host/source/src/third_party/kernel/v4.19/net/core/skbuff.c:104!
[ 99.750937] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[ 99.831154] Process kworker/0:2 (pid: 151, stack limit = 0x00000000728010bf)
[ 99.838200] CPU: 0 PID: 151 Comm: kworker/0:2 Tainted: G W 4.19.85 #48
[ 99.846022] Hardware name: MediaTek krane sku0 board (DT)
[ 99.851429] Workqueue: events sdio_irq_work
[ 99.855614] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 99.860402] pc : skb_panic+0x64/0x68
[ 99.863974] lr : skb_panic+0x64/0x68
[ 99.867542] sp : ffffff8008833a90
[ 99.870850] x29: ffffff8008833ac0 x28: ffffffe52e337370
[ 99.876159] x27: ffffffe52e328a90 x26: 000000000000e0d0
[ 99.881469] x25: ffffffe52e336b60 x24: 000000000000deb5
[ 99.886779] x23: ffffffe52e340680 x22: ffffffe4efd47e00
[ 99.892088] x21: 000000000000deb5 x20: ffffffa516d85b4c
[ 99.897397] x19: ffffffa526928037 x18: 0000000000000000
[ 99.902706] x17: 000000000000003c x16: ffffffa5265b6c80
[ 99.908015] x15: 0000000000000006 x14: 3a76656420303436
[ 99.913325] x13: 0000000000029bf0 x12: 0000000000000000
[ 99.918634] x11: 0000000000000000 x10: 0000000000000000
[ 99.923943] x9 : a3b907e4b2783000 x8 : a3b907e4b2783000
[ 99.929253] x7 : 0000000000000000 x6 : ffffffa526f66d76
[ 99.934563] x5 : 0000000000000000 x4 : 0000000000000000
[ 99.939872] x3 : 000000000002a5ab x2 : ffffffe53feed918
[ 99.945182] x1 : ffffffe53fee4a08 x0 : 000000000000008e
[ 99.950491] Call trace:
[ 99.952937] skb_panic+0x64/0x68
[ 99.956165] skb_put+0x7c/0x84
[ 99.959224] ath10k_sdio_irq_handler+0x740/0xbb8 [ath10k_sdio]
[ 99.965055] process_sdio_pending_irqs+0x58/0x1a4
[ 99.969758] sdio_run_irqs+0x34/0x60
[ 99.973329] sdio_irq_work+0x1c/0x28
[ 99.974930] cros-ec-spi spi2.0: SPI transfer timed out
[ 99.976904] process_one_work+0x210/0x410
[ 99.976911] worker_thread+0x234/0x3dc
[ 99.976923] kthread+0x120/0x130
[ 99.982090] cros-ec-spi spi2.0: spi transfer failed: -110
[ 99.986054] ret_from_fork+0x10/0x18
[ 99.986063] Code: aa1403e2 2a1503e4 a90023e9 97e37d1a (d4210000)
[ 99.986068] ---[ end trace cb6d948c5a0fd6c7 ]---
[ 100.017250] Kernel panic - not syncing: Fatal exception
[ 100.018879] cros-ec-spi spi2.0: Command xfer error (err:-110)
[ 100.023659] SMP: stopping secondary CPUs
[ 100.023703] Kernel Offset: 0x251dc00000 from 0xffffff8008000000
[ 100.023707] CPU features: 0x0,2188200c
[ 100.023709] Memory Limit: none
The simulate fail of sdio is not a real sdio transter fail, it only
set an error status in mmc_should_fail_request after the transfer end,
actually the transfer is success, then sdio_io_rw_ext_helper will
return error status and stop transfer the left data. For example,
the really RX len is 286 bytes, then it will split to 2 blocks in
sdio_io_rw_ext_helper, one is 256 bytes, left is 30 bytes, if the
first 256 bytes get an error status by mmc_should_fail_request,then
the left 30 bytes will not read in this RX operation. Then when the
next RX arrive, the left 30 bytes will be considered as the header
of the read, the top 8 bytes will be considered as ath10k_htc_hdr,
but actually the 8 bytes is not the ath10k_htc_hdr, so the act_len
from this ath10k_htc_hdr is not correct, if it is a big value, such
as 57013, it will trigger skb_panic.
Drop the skb with invalid length will be reasonable.
This patch only effect sdio chips.
Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00029.
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fixes coccicheck warning:
drivers/net/wireless/ath/ath10k/htt_rx.c:2143:2-31: WARNING: Assignment of 0/1 to bool variable
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The WiFi firmware found on sm8150 requires that the QDSS clock is
ticking in order to operate, so add an optional clock to the binding to
allow this to be specified in the sm8150 dts and add the clock to the
list of clocks in the driver.
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The description of ath10k_pci_dump_memory_sram() is inaccurate, an error
can never be returned, it is always the length. Update the comment to
reflect.
Fixes: 219cc084c6706 ("ath10k: add memory dump support QCA9984")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
ath10k_pci_dump_memory_reg() will try to access memory of type
ATH10K_MEM_REGION_TYPE_IOREG however, if a hardware restart is in progress
this can crash a system.
Individual ioread32() time has been observed to jump from 15-20 ticks to >
80k ticks followed by a secure-watchdog bite and a system reset.
Work around this corner case by only issuing the read transaction when the
driver state is ATH10K_STATE_ON.
Tested-on: QCA9988 PCI 10.4-3.9.0.2-00044
Fixes: 219cc084c6706 ("ath10k: add memory dump support QCA9984")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fixes coccicheck warning:
drivers/net/wireless/ath/wil6210/main.c:765:1-14: WARNING: Assignment of 0/1 to bool variable
drivers/net/wireless/ath/wil6210/txrx.c:1143:1-19: WARNING: Assignment of 0/1 to bool variable
drivers/net/wireless/ath/wil6210/wmi.c:1516:4-23: WARNING: Assignment of 0/1 to bool variable
drivers/net/wireless/ath/wil6210/wmi.c:1523:4-23: WARNING: Assignment of 0/1 to bool variable
drivers/net/wireless/ath/wil6210/wmi.c:1538:4-30: WARNING: Assignment of 0/1 to bool variable
drivers/net/wireless/ath/wil6210/wmi.c:1545:4-30: WARNING: Assignment of 0/1 to bool variable
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fixes coccicheck warning:
drivers/net/wireless/ath/ath9k/ar9003_aic.c:409:2-12: WARNING: Assignment of 0/1 to bool variable
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The wil6210 driver locks a mutex in begin() ethtool_ops callback and
unlocks it in complete() so that all ethtool requests are serialized. This
is not going to work correctly with netlink interface; e.g. when ioctl
triggers a netlink notification, netlink code would call begin() again
while the mutex taken by ioctl code is still held by the same task.
Let's get rid of the begin() and complete() callbacks and move the mutex
locking into the remaining ethtool_ops handlers except get_drvinfo which
only copies strings that are not changing so that there is no need for
serialization.
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ioremap has provided non-cached semantics by default since the Linux 2.6
days, so remove the additional ioremap_nocache interface.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
The FIELD_SIZEOF() macro was redundant, and is being removed from the
kernel. Since commit c593642c8be0 ("treewide: Use sizeof_field() macro")
this is one of the last users of the old macro, so replace it.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Three of the WMI command handlers were not casting to the right data type.
Lets make the code consistent with the other handlers.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
set_cqm_rssi_config() is used by the kernel to configure connection
quality monitor RSSI threshold.
wil6210 uses WMI_SET_LINK_MONITOR_CMDID to set the RSSI threshold to
FW which in turn reports RSSI threshold changes with
WMI_LINK_MONITOR_EVENTID.
Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Wil6210 AP has a separate ring for transmitting multicast packets,
multicast packets are transmitted without an ack from the receiver side.
Therefore, 802.11 spec defines some low MCS rates for multicat packets.
However, there is no guarantee that these packets were really received
and handled on the client side.
Some applications that rely on multicast packets, may prefer to
transmit these packets as a unicast to ensure reliability, and also
to ensure better performance with high MCS rates.
multicast to unicast is done by duplicating multicast packets to all
clients and changing the DA (multicast) to the MAC address of the
client.
see NL80211_CMD_SET_MULTICAST_TO_UNICAST for more info.
Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fix incorrect definitions of MAC ID bits inside Rx status message.
Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
ucode_debug memory region defined as 4K bytes. Fix this according to
Talyn device memory map.
Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
max_assoc_sta can receive values (from the user or from the FW)
that are higher than WIL6210_MAX_CID.
Verify that cid doesn't exceed the upper bound of WIL6210_MAX_CID.
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
On some crash dump cases mem_lock is already taken, error
returns and crash dump copy fails.
In this case wait until mem_lock available instead of failing
the operation.
Also take the mem_lock for writing to prevent other threads from
altering the state of the device while collecting crash dump.
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
mem_lock is taken for the entire wil_reset().
Optimize this by taking mem_lock just before device is
being reset and release the lock after FW download.
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
