| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When the user sets count to zero the string buffer would remain
completely uninitialized which causes the kernel to parse its
own stack data, potentially leading to an info leak. In addition
to that, the string might be not terminated properly when the
user data does not contain a 0-terminator.
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Reviewed-by: Christoph Böhmwalder <christoph@boehmwalder.at>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Don't populate the read-only array reg_hole_list on the stack, instead make
it static. Makes the object code smaller by over 200 bytes:
Before:
text data bss dec hex filename
57518 15248 0 72766 11c3e debug.o
After:
text data bss dec hex filename
57218 15344 0 72562 11b72 debug.o
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Lockdep warns us that sc_pm_lock and cc_lock can cause a deadlock when
cc_lock is acquired by itself with interrupts enabled. Disable irqs
whenever taking cc_lock to avoid this.
[ 19.094524] kworker/u2:0/5 just changed the state of lock:
[ 19.094578] (&(&sc->sc_pm_lock)->rlock){-.-...}, at: [<f836c00e>] ath_isr+0x15e/0x200 [ath9k]
[ 19.094674] but this lock took another, HARDIRQ-unsafe lock in the past:
[ 19.094731] (&(&common->cc_lock)->rlock){+.-...}
[ 19.094741]
and interrupts could create inverse lock ordering between them.
[ 19.094866]
other info that might help us debug this:
[ 19.094926] Possible interrupt unsafe locking scenario:
[ 19.094985] CPU0 CPU1
[ 19.095036] ---- ----
[ 19.095086] lock(&(&common->cc_lock)->rlock);
[ 19.095197] local_irq_disable();
[ 19.095305] lock(&(&sc->sc_pm_lock)->rlock);
[ 19.095423] lock(&(&common->cc_lock)->rlock);
[ 19.095539] <Interrupt>
[ 19.095636] lock(&(&sc->sc_pm_lock)->rlock);
[ 19.095745]
*** DEADLOCK ***
[ 19.095965] 3 locks held by kworker/u2:0/5:
[ 19.096067] #0: ("%s"wiphy_name(local->hw.wiphy)){.+.+.+}, at: [<c1067f37>] process_one_work+0x127/0x580
[ 19.096260] #1: ((&local->dynamic_ps_enable_work)){+.+...}, at: [<c1067f37>] process_one_work+0x127/0x580
[ 19.096447] #2: (&sc->mutex){+.+...}, at: [<f836b8b0>] ath9k_config+0x30/0x1d0 [ath9k]
[ 19.096639]
the shortest dependencies between 2nd lock and 1st lock:
[ 19.096813] -> (&(&common->cc_lock)->rlock){+.-...} ops: 38 {
[ 19.096816] HARDIRQ-ON-W at:
[ 19.096816] __lock_acquire+0x57e/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock_bh+0x3f/0x50
[ 19.096816] ath_chanctx_set_channel+0xb6/0x2c0 [ath9k]
[ 19.096816] ath9k_config+0xa8/0x1d0 [ath9k]
[ 19.096816] ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[ 19.096816] ieee80211_do_open+0x67a/0x920 [mac80211]
[ 19.096816] ieee80211_open+0x41/0x50 [mac80211]
[ 19.096816] __dev_open+0xab/0x140
[ 19.096816] __dev_change_flags+0x89/0x150
[ 19.096816] dev_change_flags+0x28/0x60
[ 19.096816] do_setlink+0x290/0x890
[ 19.096816] rtnl_newlink+0x7cf/0x8e0
[ 19.096816] rtnetlink_rcv_msg+0xbf/0x1f0
[ 19.096816] netlink_rcv_skb+0xb9/0xe0
[ 19.096816] rtnetlink_rcv+0x1e/0x30
[ 19.096816] netlink_unicast+0x13a/0x2c0
[ 19.096816] netlink_sendmsg+0x290/0x380
[ 19.096816] ___sys_sendmsg+0x1e2/0x280
[ 19.096816] __sys_sendmsg+0x3f/0x80
[ 19.096816] SyS_socketcall+0x58c/0x6b0
[ 19.096816] do_fast_syscall_32+0x96/0x1d0
[ 19.096816] entry_SYSENTER_32+0x4c/0x7b
[ 19.096816] IN-SOFTIRQ-W at:
[ 19.096816] __lock_acquire+0x55a/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock+0x3c/0x50
[ 19.096816] ath_ps_full_sleep+0x24/0x70 [ath9k]
[ 19.096816] call_timer_fn+0xa4/0x300
[ 19.096816] run_timer_softirq+0x1b1/0x560
[ 19.096816] __do_softirq+0xb0/0x430
[ 19.096816] do_softirq_own_stack+0x33/0x40
[ 19.096816] irq_exit+0xad/0xc0
[ 19.096816] smp_apic_timer_interrupt+0x31/0x40
[ 19.096816] apic_timer_interrupt+0x37/0x3c
[ 19.096816] wp_page_copy+0xb8/0x580
[ 19.096816] do_wp_page+0x64/0x420
[ 19.096816] handle_mm_fault+0x430/0x990
[ 19.096816] __do_page_fault+0x18b/0x430
[ 19.096816] do_page_fault+0xb/0x10
[ 19.096816] common_exception+0x62/0x6a
[ 19.096816] INITIAL USE at:
[ 19.096816] __lock_acquire+0x204/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock_bh+0x3f/0x50
[ 19.096816] ath_chanctx_set_channel+0xb6/0x2c0 [ath9k]
[ 19.096816] ath9k_config+0xa8/0x1d0 [ath9k]
[ 19.096816] ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[ 19.096816] ieee80211_do_open+0x67a/0x920 [mac80211]
[ 19.096816] ieee80211_open+0x41/0x50 [mac80211]
[ 19.096816] __dev_open+0xab/0x140
[ 19.096816] __dev_change_flags+0x89/0x150
[ 19.096816] dev_change_flags+0x28/0x60
[ 19.096816] do_setlink+0x290/0x890
[ 19.096816] rtnl_newlink+0x7cf/0x8e0
[ 19.096816] rtnetlink_rcv_msg+0xbf/0x1f0
[ 19.096816] netlink_rcv_skb+0xb9/0xe0
[ 19.096816] rtnetlink_rcv+0x1e/0x30
[ 19.096816] netlink_unicast+0x13a/0x2c0
[ 19.096816] netlink_sendmsg+0x290/0x380
[ 19.096816] ___sys_sendmsg+0x1e2/0x280
[ 19.096816] __sys_sendmsg+0x3f/0x80
[ 19.096816] SyS_socketcall+0x58c/0x6b0
[ 19.096816] do_fast_syscall_32+0x96/0x1d0
[ 19.096816] entry_SYSENTER_32+0x4c/0x7b
[ 19.096816] }
[ 19.096816] ... key at: [<f837b694>] __key.61991+0x0/0xffffc96c [ath9k]
[ 19.096816] ... acquired at:
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock+0x3c/0x50
[ 19.096816] ath9k_ps_wakeup+0x85/0xe0 [ath9k]
[ 19.096816] ath9k_bss_info_changed+0x2a/0x1b0 [ath9k]
[ 19.096816] ieee80211_bss_info_change_notify+0xf3/0x360 [mac80211]
[ 19.096816] ieee80211_recalc_txpower+0x33/0x40 [mac80211]
[ 19.096816] ieee80211_set_tx_power+0x45/0x1d0 [mac80211]
[ 19.096816] cfg80211_wext_siwtxpower+0xd3/0x350 [cfg80211]
[ 19.096816] ioctl_standard_call+0x4e/0x400
[ 19.096816] wext_handle_ioctl+0xf4/0x190
[ 19.096816] dev_ioctl+0xb7/0x630
[ 19.096816] sock_ioctl+0x13e/0x2d0
[ 19.096816] do_vfs_ioctl+0x84/0x750
[ 19.096816] SyS_ioctl+0x34/0x60
[ 19.096816] do_fast_syscall_32+0x96/0x1d0
[ 19.096816] entry_SYSENTER_32+0x4c/0x7b
[ 19.096816] -> (&(&sc->sc_pm_lock)->rlock){-.-...} ops: 597 {
[ 19.096816] IN-HARDIRQ-W at:
[ 19.096816] __lock_acquire+0x6ae/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock_irqsave+0x45/0x60
[ 19.096816] ath_isr+0x15e/0x200 [ath9k]
[ 19.096816] __handle_irq_event_percpu+0x44/0x340
[ 19.096816] handle_irq_event_percpu+0x1d/0x50
[ 19.096816] handle_irq_event+0x32/0x60
[ 19.096816] handle_level_irq+0x81/0x100
[ 19.096816] handle_irq+0x9c/0xd0
[ 19.096816] do_IRQ+0x5c/0x120
[ 19.096816] common_interrupt+0x36/0x3c
[ 19.096816] _raw_spin_unlock_irqrestore+0x57/0x70
[ 19.096816] ath9k_config+0x16a/0x1d0 [ath9k]
[ 19.096816] ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[ 19.096816] ieee80211_dynamic_ps_enable_work+0x1c3/0x680 [mac80211]
[ 19.096816] process_one_work+0x1d1/0x580
[ 19.096816] worker_thread+0x31/0x380
[ 19.096816] kthread+0xd9/0x110
[ 19.096816] ret_from_fork+0x19/0x24
[ 19.096816] IN-SOFTIRQ-W at:
[ 19.096816] __lock_acquire+0x55a/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock_irqsave+0x45/0x60
[ 19.096816] ath9k_ps_wakeup+0x24/0xe0 [ath9k]
[ 19.096816] ath9k_tasklet+0x42/0x260 [ath9k]
[ 19.096816] tasklet_action+0x196/0x1e0
[ 19.096816] __do_softirq+0xb0/0x430
[ 19.096816] do_softirq_own_stack+0x33/0x40
[ 19.096816] irq_exit+0xad/0xc0
[ 19.096816] do_IRQ+0x65/0x120
[ 19.096816] common_interrupt+0x36/0x3c
[ 19.096816] get_page_from_freelist+0x20a/0x970
[ 19.096816] __alloc_pages_nodemask+0xca/0xed0
[ 19.096816] __get_free_pages+0x14/0x30
[ 19.096816] pgd_alloc+0x1d/0x160
[ 19.096816] mm_init.isra.47+0x13a/0x1b0
[ 19.096816] copy_process.part.54+0xb55/0x1700
[ 19.096816] _do_fork+0xd4/0x6a0
[ 19.096816] SyS_clone+0x27/0x30
[ 19.096816] do_fast_syscall_32+0x96/0x1d0
[ 19.096816] entry_SYSENTER_32+0x4c/0x7b
[ 19.096816] INITIAL USE at:
[ 19.096816] __lock_acquire+0x204/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock_irqsave+0x45/0x60
[ 19.096816] ath9k_ps_wakeup+0x24/0xe0 [ath9k]
[ 19.096816] ath9k_start+0x29/0x1f0 [ath9k]
[ 19.096816] drv_start+0x71/0x270 [mac80211]
[ 19.096816] ieee80211_do_open+0x31f/0x920 [mac80211]
[ 19.096816] ieee80211_open+0x41/0x50 [mac80211]
[ 19.096816] __dev_open+0xab/0x140
[ 19.096816] __dev_change_flags+0x89/0x150
[ 19.096816] dev_change_flags+0x28/0x60
[ 19.096816] do_setlink+0x290/0x890
[ 19.096816] rtnl_newlink+0x7cf/0x8e0
[ 19.096816] rtnetlink_rcv_msg+0xbf/0x1f0
[ 19.096816] netlink_rcv_skb+0xb9/0xe0
[ 19.096816] rtnetlink_rcv+0x1e/0x30
[ 19.096816] netlink_unicast+0x13a/0x2c0
[ 19.096816] netlink_sendmsg+0x290/0x380
[ 19.096816] ___sys_sendmsg+0x1e2/0x280
[ 19.096816] __sys_sendmsg+0x3f/0x80
[ 19.096816] SyS_socketcall+0x58c/0x6b0
[ 19.096816] do_fast_syscall_32+0x96/0x1d0
[ 19.096816] entry_SYSENTER_32+0x4c/0x7b
[ 19.096816] }
[ 19.096816] ... key at: [<f837b67c>] __key.61994+0x0/0xffffc984 [ath9k]
[ 19.096816] ... acquired at:
[ 19.096816] check_usage_forwards+0x118/0x120
[ 19.096816] mark_lock+0x2e4/0x590
[ 19.096816] __lock_acquire+0x6ae/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] _raw_spin_lock_irqsave+0x45/0x60
[ 19.096816] ath_isr+0x15e/0x200 [ath9k]
[ 19.096816] __handle_irq_event_percpu+0x44/0x340
[ 19.096816] handle_irq_event_percpu+0x1d/0x50
[ 19.096816] handle_irq_event+0x32/0x60
[ 19.096816] handle_level_irq+0x81/0x100
[ 19.096816] handle_irq+0x9c/0xd0
[ 19.096816] do_IRQ+0x5c/0x120
[ 19.096816] common_interrupt+0x36/0x3c
[ 19.096816] _raw_spin_unlock_irqrestore+0x57/0x70
[ 19.096816] ath9k_config+0x16a/0x1d0 [ath9k]
[ 19.096816] ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[ 19.096816] ieee80211_dynamic_ps_enable_work+0x1c3/0x680 [mac80211]
[ 19.096816] process_one_work+0x1d1/0x580
[ 19.096816] worker_thread+0x31/0x380
[ 19.096816] kthread+0xd9/0x110
[ 19.096816] ret_from_fork+0x19/0x24
[ 19.096816]
stack backtrace:
[ 19.096816] CPU: 0 PID: 5 Comm: kworker/u2:0 Not tainted 4.13.0-mgm-ovl+ #51
[ 19.096816] Hardware name: FUJITSU SIEMENS LIFEBOOK S6120/FJNB16C, BIOS Version 1.26 05/10/2004
[ 19.096816] Workqueue: phy0 ieee80211_dynamic_ps_enable_work [mac80211]
[ 19.096816] Call Trace:
[ 19.096816] <IRQ>
[ 19.096816] dump_stack+0x16/0x19
[ 19.096816] print_irq_inversion_bug.part.37+0x16c/0x179
[ 19.096816] check_usage_forwards+0x118/0x120
[ 19.096816] ? ret_from_fork+0x19/0x24
[ 19.096816] ? print_shortest_lock_dependencies+0x1a0/0x1a0
[ 19.096816] mark_lock+0x2e4/0x590
[ 19.096816] ? print_shortest_lock_dependencies+0x1a0/0x1a0
[ 19.096816] __lock_acquire+0x6ae/0x1260
[ 19.096816] lock_acquire+0xb1/0x1c0
[ 19.096816] ? ath_isr+0x15e/0x200 [ath9k]
[ 19.096816] _raw_spin_lock_irqsave+0x45/0x60
[ 19.096816] ? ath_isr+0x15e/0x200 [ath9k]
[ 19.096816] ath_isr+0x15e/0x200 [ath9k]
[ 19.096816] __handle_irq_event_percpu+0x44/0x340
[ 19.096816] handle_irq_event_percpu+0x1d/0x50
[ 19.096816] handle_irq_event+0x32/0x60
[ 19.096816] ? handle_nested_irq+0x100/0x100
[ 19.096816] handle_level_irq+0x81/0x100
[ 19.096816] handle_irq+0x9c/0xd0
[ 19.096816] </IRQ>
[ 19.096816] do_IRQ+0x5c/0x120
[ 19.096816] common_interrupt+0x36/0x3c
[ 19.096816] EIP: _raw_spin_unlock_irqrestore+0x57/0x70
[ 19.096816] EFLAGS: 00000286 CPU: 0
[ 19.096816] EAX: f60a3600 EBX: 00000286 ECX: 00000006 EDX: 00000001
[ 19.096816] ESI: f46c9e68 EDI: f46c8620 EBP: f60b5e8c ESP: f60b5e84
[ 19.096816] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[ 19.096816] ath9k_config+0x16a/0x1d0 [ath9k]
[ 19.096816] ieee80211_hw_config+0xa8/0x5f0 [mac80211]
[ 19.096816] ? ieee80211_hw_config+0x1db/0x5f0 [mac80211]
[ 19.096816] ieee80211_dynamic_ps_enable_work+0x1c3/0x680 [mac80211]
[ 19.096816] ? process_one_work+0x127/0x580
[ 19.096816] ? process_one_work+0x127/0x580
[ 19.096816] process_one_work+0x1d1/0x580
[ 19.096816] ? process_one_work+0x127/0x580
[ 19.096816] worker_thread+0x31/0x380
[ 19.096816] kthread+0xd9/0x110
[ 19.096816] ? process_one_work+0x580/0x580
[ 19.096816] ? kthread_create_on_node+0x30/0x30
[ 19.096816] ret_from_fork+0x19/0x24
Cc: QCA ath9k Development <ath9k-devel@qca.qualcomm.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: netdev@vger.kernel.org
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Use ARRAY_SIZE macro, rather than explicitly coding some variant of it
yourself.
Found with: find -type f -name "*.c" -o -name "*.h" | xargs perl -p -i -e
's/\bsizeof\s*\(\s*(\w+)\s*\)\s*\ /\s*sizeof\s*\(\s*\1\s*\[\s*0\s*\]\s*\)
/ARRAY_SIZE(\1)/g' and manual check/verification.
Signed-off-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
casting to void pointer from any pointer type and vice-versa is done
implicitly and therefore casting is not needed in such a case.
Done using Coccinellle.
Semantic Patch used :
@r@
expression x;
void* e;
type T;
identifier f;
@@
(
*((T *)e)
|
((T *)x)[...]
|
((T *)x)->f
|
- (T *)
e
)
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
usb_device_id are not supposed to change at runtime. All functions
working with usb_device_id provided by <linux/usb.h> work with
const usb_device_id. So mark the non-const structs as const.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
ath_ps_ops structures are only stored as a reference in the ps_ops
field of a ath_common structure. This field is of type const, so make
the structures as const.
Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Add the Dell Wireless 1802 card as an AR9462 in the ath9k pci list.
Note that the wowlan feature is supported and has been tested
successfully.
Signed-off by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
This patch fixes a trivial debugfs file permission issue. Debugfs
file ack_to has no write function, so S_IWUSR gets purged.
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Value assigned to variable offset at line 551 is overwritten at line 562,
before it can be used. This makes such variable assignment useless.
Addresses-Coverity-ID: 1226941
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Move ath9k_rng_stop/ath9k_rng_start pair into critical section,
use mutex_lock to void potential race accessing.
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
In the worst case, ath9k_rng_stop() may take 10s to stop rng kthread.
The time is too long for users, use wait_event_interruptible_timeout()
instead of msleep_interruptible(), wakup immediately once
kthread_should_stop() is true.
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The bug was triggered when do suspend/resuming continuously
on Dell XPS L322X/0PJHXN version 9333 (2013) with kernel
4.12.0-041200rc4-generic. But can't reproduce on DELL
E5440 + AR9300 PCIE chips.
The warning is caused by accessing invalid pointer sc->rng_task.
sc->rng_task is not be cleared after kthread_stop(sc->rng_task)
be called in ath9k_rng_stop(). Because the kthread is stopped
before ath9k_rng_kthread() be scheduled.
So set sc->rng_task to null after kthread_stop(sc->rng_task) to
resolve this issue.
WARNING: CPU: 0 PID: 984 at linux/kernel/kthread.c:71 kthread_stop+0xf1/0x100
CPU: 0 PID: 984 Comm: NetworkManager Not tainted 4.12.0-041200rc4-generic #201706042031
Hardware name: Dell Inc. Dell System XPS L322X/0PJHXN, BIOS A09 05/15/2013
task: ffff950170fdda00 task.stack: ffffa22c01538000
RIP: 0010:kthread_stop+0xf1/0x100
RSP: 0018:ffffa22c0153b5b0 EFLAGS: 00010246
RAX: ffffffffa6257800 RBX: ffff950171b79560 RCX: 0000000000000000
RDX: 0000000080000000 RSI: 000000007fffffff RDI: ffff9500ac9a9680
RBP: ffffa22c0153b5c8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffa22c0153b648 R11: ffff9501768004b8 R12: ffff9500ac9a9680
R13: ffff950171b79f70 R14: ffff950171b78780 R15: ffff9501749dc018
FS: 00007f0d6bfd5540(0000) GS:ffff95017f200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc190161a08 CR3: 0000000232906000 CR4: 00000000001406f0
Call Trace:
ath9k_rng_stop+0x1a/0x20 [ath9k]
ath9k_stop+0x3b/0x1d0 [ath9k]
drv_stop+0x33/0xf0 [mac80211]
ieee80211_stop_device+0x43/0x50 [mac80211]
ieee80211_do_stop+0x4f2/0x810 [mac80211]
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196043
Reported-by: Giulio Genovese <giulio.genovese@gmail.com>
Tested-by: Giulio Genovese <giulio.genovese@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The hard coded register 0x9864 and 0x9924 are invalid
for ar9300 chips.
Cc: <stable@vger.kernel.org>
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
One scenario that could lead to UAF is two threads writing
simultaneously to the "tx99" debug file. One of them would
set the "start" value to true and follow to ath9k_tx99_init().
Inside the function it would set the sc->tx99_state to true
after allocating sc->tx99skb. Then, the other thread would
execute write_file_tx99() and call ath9k_tx99_deinit().
sc->tx99_state would be freed. After that, the first thread
would continue inside ath9k_tx99_init() and call
r = ath9k_tx99_send(sc, sc->tx99_skb, &txctl);
that would make use of the freed sc->tx99_skb memory.
Cc: <stable@vger.kernel.org>
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Signed-off-by: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.
Make these functions return void * and remove all the casts across
the tree, adding a (u8 *) cast only where the unsigned char pointer
was used directly, all done with the following spatch:
@@
expression SKB, LEN;
typedef u8;
identifier fn = { skb_push, __skb_push, skb_push_rcsum };
@@
- *(fn(SKB, LEN))
+ *(u8 *)fn(SKB, LEN)
@@
expression E, SKB, LEN;
identifier fn = { skb_push, __skb_push, skb_push_rcsum };
type T;
@@
- E = ((T *)(fn(SKB, LEN)))
+ E = fn(SKB, LEN)
@@
expression SKB, LEN;
identifier fn = { skb_push, __skb_push, skb_push_rcsum };
@@
- fn(SKB, LEN)[0]
+ *(u8 *)fn(SKB, LEN)
Note that the last part there converts from push(...)[0] to the
more idiomatic *(u8 *)push(...).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.
Make these functions (skb_put, __skb_put and pskb_put) return void *
and remove all the casts across the tree, adding a (u8 *) cast only
where the unsigned char pointer was used directly, all done with the
following spatch:
@@
expression SKB, LEN;
typedef u8;
identifier fn = { skb_put, __skb_put };
@@
- *(fn(SKB, LEN))
+ *(u8 *)fn(SKB, LEN)
@@
expression E, SKB, LEN;
identifier fn = { skb_put, __skb_put };
type T;
@@
- E = ((T *)(fn(SKB, LEN)))
+ E = fn(SKB, LEN)
which actually doesn't cover pskb_put since there are only three
users overall.
A handful of stragglers were converted manually, notably a macro in
drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
instances in net/bluetooth/hci_sock.c. In the former file, I also
had to fix one whitespace problem spatch introduced.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
A common pattern with skb_put() is to just want to memcpy()
some data into the new space, introduce skb_put_data() for
this.
An spatch similar to the one for skb_put_zero() converts many
of the places using it:
@@
identifier p, p2;
expression len, skb, data;
type t, t2;
@@
(
-p = skb_put(skb, len);
+p = skb_put_data(skb, data, len);
|
-p = (t)skb_put(skb, len);
+p = skb_put_data(skb, data, len);
)
(
p2 = (t2)p;
-memcpy(p2, data, len);
|
-memcpy(p, data, len);
)
@@
type t, t2;
identifier p, p2;
expression skb, data;
@@
t *p;
...
(
-p = skb_put(skb, sizeof(t));
+p = skb_put_data(skb, data, sizeof(t));
|
-p = (t *)skb_put(skb, sizeof(t));
+p = skb_put_data(skb, data, sizeof(t));
)
(
p2 = (t2)p;
-memcpy(p2, data, sizeof(*p));
|
-memcpy(p, data, sizeof(*p));
)
@@
expression skb, len, data;
@@
-memcpy(skb_put(skb, len), data, len);
+skb_put_data(skb, data, len);
(again, manually post-processed to retain some comments)
Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
There were many places that my previous spatch didn't find,
as pointed out by yuan linyu in various patches.
The following spatch found many more and also removes the
now unnecessary casts:
@@
identifier p, p2;
expression len;
expression skb;
type t, t2;
@@
(
-p = skb_put(skb, len);
+p = skb_put_zero(skb, len);
|
-p = (t)skb_put(skb, len);
+p = skb_put_zero(skb, len);
)
... when != p
(
p2 = (t2)p;
-memset(p2, 0, len);
|
-memset(p, 0, len);
)
@@
type t, t2;
identifier p, p2;
expression skb;
@@
t *p;
...
(
-p = skb_put(skb, sizeof(t));
+p = skb_put_zero(skb, sizeof(t));
|
-p = (t *)skb_put(skb, sizeof(t));
+p = skb_put_zero(skb, sizeof(t));
)
... when != p
(
p2 = (t2)p;
-memset(p2, 0, sizeof(*p));
|
-memset(p, 0, sizeof(*p));
)
@@
expression skb, len;
@@
-memset(skb_put(skb, len), 0, len);
+skb_put_zero(skb, len);
Apply it to the tree (with one manual fixup to keep the
comment in vxlan.c, which spatch removed.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
ath.git patches for 4.13. Major changes:
ath10k
* add initial SDIO support (still work in progress)
|
|
When driver fail to reset card ah->curchan value stay NULL. When
later driver try to update tx power it oops by using ah->curchan
(calltrace is shown below).
This problem were reported at various places and for some it was
fixed by making ath9k_hw_chip_reset() do not fail. I have this bug
report on some oldish RHEL kernel with AR9285, however it's hard to
debug where reset fail when kernel OOPS, so I think this patch
should be applied. Hopefully ah->curchan is not used unconditionally
on other places until is initialized on ath9k_config().
ath: phy0: Chip reset failed
ath: phy0: Unable to reset hardware; reset status -22 (freq 2412 MHz)
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f8a35585>] ath9k_hw_set_txpowerlimit+0x25/0x80 [ath9k_hw]
Oops: 0000 [#1] SMP
<snip>
Call Trace:
[<f8aac1aa>] ? ath9k_cmn_update_txpow+0x1a/0x30 [ath9k_common]
[<f8cf4f4e>] ? ath_complete_reset+0x4e/0x130 [ath9k]
[<f8cf54d7>] ? ath9k_start+0x127/0x1e0 [ath9k]
[<f8c2e52f>] ? ieee80211_do_open+0x30f/0x910 [mac80211]
[<c07bd96d>] ? dev_open+0x8d/0xf0
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The array field eeprom_data in struct th9k_platform_data
is a fixed size array so it can never be NULL.
Addresses-Coverity-ID: 1364903
Cc: Arend Van Spriel <arend.vanspriel@broadcom.com>
Cc: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
It's spelled hardware, not harware.
Signed-off-by: Ammly Fredrick <ammlyf@gmail.com>
[kvalo@qca.qualcomm.com: improve commit log]
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Somehow I missed this in my RX rate cleanup series, causing some
drivers to not report correct bandwidth since this flag isn't
used by mac80211 anymore. Fix this, and make hwsim also report
higher bandwidths appropriately.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
We currently use a lot of flags that are mutually incompatible,
separate this out into actual encoding and bandwidth enum values.
Much of this again done with spatch, with manual post-editing,
mostly to add the switch statements and get rid of the conversions.
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_80MHZ
+status->bw = RATE_INFO_BW_80
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_40MHZ
+status->bw = RATE_INFO_BW_40
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_20MHZ
+status->bw = RATE_INFO_BW_20
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_160MHZ
+status->bw = RATE_INFO_BW_160
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_5MHZ
+status->bw = RATE_INFO_BW_5
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_10MHZ
+status->bw = RATE_INFO_BW_10
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_VHT
+status->encoding = RX_ENC_VHT
@@
expression status;
@@
-status->enc_flags |= RX_ENC_FLAG_HT
+status->encoding = RX_ENC_HT
@@
expression status;
@@
-status.enc_flags |= RX_ENC_FLAG_VHT
+status.encoding = RX_ENC_VHT
@@
expression status;
@@
-status.enc_flags |= RX_ENC_FLAG_HT
+status.encoding = RX_ENC_HT
@@
expression status;
@@
-(status->enc_flags & RX_ENC_FLAG_HT)
+(status->encoding == RX_ENC_HT)
@@
expression status;
@@
-(status->enc_flags & RX_ENC_FLAG_VHT)
+(status->encoding == RX_ENC_VHT)
@@
expression status;
@@
-(status->enc_flags & RX_ENC_FLAG_5MHZ)
+(status->bw == RATE_INFO_BW_5)
@@
expression status;
@@
-(status->enc_flags & RX_ENC_FLAG_10MHZ)
+(status->bw == RATE_INFO_BW_10)
@@
expression status;
@@
-(status->enc_flags & RX_ENC_FLAG_40MHZ)
+(status->bw == RATE_INFO_BW_40)
@@
expression status;
@@
-(status->enc_flags & RX_ENC_FLAG_80MHZ)
+(status->bw == RATE_INFO_BW_80)
@@
expression status;
@@
-(status->enc_flags & RX_ENC_FLAG_160MHZ)
+(status->bw == RATE_INFO_BW_160)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
In preparation for adding support for HE rates, clean up
the driver report encoding for rate/bandwidth reporting
on RX frames.
Much of this patch was done with the following spatch:
@@
expression status;
@@
-status->flag & (RX_FLAG_HT | RX_FLAG_VHT)
+status->enc_flags & (RX_ENC_FLAG_HT | RX_ENC_FLAG_VHT)
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_SHORTPRE
+status->enc_flags op RX_ENC_FLAG_SHORTPRE
@@
expression status;
@@
-status->flag & RX_FLAG_SHORTPRE
+status->enc_flags & RX_ENC_FLAG_SHORTPRE
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_HT
+status->enc_flags op RX_ENC_FLAG_HT
@@
expression status;
@@
-status->flag & RX_FLAG_HT
+status->enc_flags & RX_ENC_FLAG_HT
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_40MHZ
+status->enc_flags op RX_ENC_FLAG_40MHZ
@@
expression status;
@@
-status->flag & RX_FLAG_40MHZ
+status->enc_flags & RX_ENC_FLAG_40MHZ
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_SHORT_GI
+status->enc_flags op RX_ENC_FLAG_SHORT_GI
@@
expression status;
@@
-status->flag & RX_FLAG_SHORT_GI
+status->enc_flags & RX_ENC_FLAG_SHORT_GI
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_HT_GF
+status->enc_flags op RX_ENC_FLAG_HT_GF
@@
expression status;
@@
-status->flag & RX_FLAG_HT_GF
+status->enc_flags & RX_ENC_FLAG_HT_GF
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_VHT
+status->enc_flags op RX_ENC_FLAG_VHT
@@
expression status;
@@
-status->flag & RX_FLAG_VHT
+status->enc_flags & RX_ENC_FLAG_VHT
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_STBC_MASK
+status->enc_flags op RX_ENC_FLAG_STBC_MASK
@@
expression status;
@@
-status->flag & RX_FLAG_STBC_MASK
+status->enc_flags & RX_ENC_FLAG_STBC_MASK
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_LDPC
+status->enc_flags op RX_ENC_FLAG_LDPC
@@
expression status;
@@
-status->flag & RX_FLAG_LDPC
+status->enc_flags & RX_ENC_FLAG_LDPC
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_10MHZ
+status->enc_flags op RX_ENC_FLAG_10MHZ
@@
expression status;
@@
-status->flag & RX_FLAG_10MHZ
+status->enc_flags & RX_ENC_FLAG_10MHZ
@@
assignment operator op;
expression status;
@@
-status->flag op RX_FLAG_5MHZ
+status->enc_flags op RX_ENC_FLAG_5MHZ
@@
expression status;
@@
-status->flag & RX_FLAG_5MHZ
+status->enc_flags & RX_ENC_FLAG_5MHZ
@@
assignment operator op;
expression status;
@@
-status->vht_flag op RX_VHT_FLAG_80MHZ
+status->enc_flags op RX_ENC_FLAG_80MHZ
@@
expression status;
@@
-status->vht_flag & RX_VHT_FLAG_80MHZ
+status->enc_flags & RX_ENC_FLAG_80MHZ
@@
assignment operator op;
expression status;
@@
-status->vht_flag op RX_VHT_FLAG_160MHZ
+status->enc_flags op RX_ENC_FLAG_160MHZ
@@
expression status;
@@
-status->vht_flag & RX_VHT_FLAG_160MHZ
+status->enc_flags & RX_ENC_FLAG_160MHZ
@@
assignment operator op;
expression status;
@@
-status->vht_flag op RX_VHT_FLAG_BF
+status->enc_flags op RX_ENC_FLAG_BF
@@
expression status;
@@
-status->vht_flag & RX_VHT_FLAG_BF
+status->enc_flags & RX_ENC_FLAG_BF
@@
assignment operator op;
expression status, STBC;
@@
-status->flag op STBC << RX_FLAG_STBC_SHIFT
+status->enc_flags op STBC << RX_ENC_FLAG_STBC_SHIFT
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_SHORTPRE
+status.enc_flags op RX_ENC_FLAG_SHORTPRE
@@
expression status;
@@
-status.flag & RX_FLAG_SHORTPRE
+status.enc_flags & RX_ENC_FLAG_SHORTPRE
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_HT
+status.enc_flags op RX_ENC_FLAG_HT
@@
expression status;
@@
-status.flag & RX_FLAG_HT
+status.enc_flags & RX_ENC_FLAG_HT
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_40MHZ
+status.enc_flags op RX_ENC_FLAG_40MHZ
@@
expression status;
@@
-status.flag & RX_FLAG_40MHZ
+status.enc_flags & RX_ENC_FLAG_40MHZ
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_SHORT_GI
+status.enc_flags op RX_ENC_FLAG_SHORT_GI
@@
expression status;
@@
-status.flag & RX_FLAG_SHORT_GI
+status.enc_flags & RX_ENC_FLAG_SHORT_GI
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_HT_GF
+status.enc_flags op RX_ENC_FLAG_HT_GF
@@
expression status;
@@
-status.flag & RX_FLAG_HT_GF
+status.enc_flags & RX_ENC_FLAG_HT_GF
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_VHT
+status.enc_flags op RX_ENC_FLAG_VHT
@@
expression status;
@@
-status.flag & RX_FLAG_VHT
+status.enc_flags & RX_ENC_FLAG_VHT
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_STBC_MASK
+status.enc_flags op RX_ENC_FLAG_STBC_MASK
@@
expression status;
@@
-status.flag & RX_FLAG_STBC_MASK
+status.enc_flags & RX_ENC_FLAG_STBC_MASK
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_LDPC
+status.enc_flags op RX_ENC_FLAG_LDPC
@@
expression status;
@@
-status.flag & RX_FLAG_LDPC
+status.enc_flags & RX_ENC_FLAG_LDPC
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_10MHZ
+status.enc_flags op RX_ENC_FLAG_10MHZ
@@
expression status;
@@
-status.flag & RX_FLAG_10MHZ
+status.enc_flags & RX_ENC_FLAG_10MHZ
@@
assignment operator op;
expression status;
@@
-status.flag op RX_FLAG_5MHZ
+status.enc_flags op RX_ENC_FLAG_5MHZ
@@
expression status;
@@
-status.flag & RX_FLAG_5MHZ
+status.enc_flags & RX_ENC_FLAG_5MHZ
@@
assignment operator op;
expression status;
@@
-status.vht_flag op RX_VHT_FLAG_80MHZ
+status.enc_flags op RX_ENC_FLAG_80MHZ
@@
expression status;
@@
-status.vht_flag & RX_VHT_FLAG_80MHZ
+status.enc_flags & RX_ENC_FLAG_80MHZ
@@
assignment operator op;
expression status;
@@
-status.vht_flag op RX_VHT_FLAG_160MHZ
+status.enc_flags op RX_ENC_FLAG_160MHZ
@@
expression status;
@@
-status.vht_flag & RX_VHT_FLAG_160MHZ
+status.enc_flags & RX_ENC_FLAG_160MHZ
@@
assignment operator op;
expression status;
@@
-status.vht_flag op RX_VHT_FLAG_BF
+status.enc_flags op RX_ENC_FLAG_BF
@@
expression status;
@@
-status.vht_flag & RX_VHT_FLAG_BF
+status.enc_flags & RX_ENC_FLAG_BF
@@
assignment operator op;
expression status, STBC;
@@
-status.flag op STBC << RX_FLAG_STBC_SHIFT
+status.enc_flags op STBC << RX_ENC_FLAG_STBC_SHIFT
@@
@@
-RX_FLAG_STBC_SHIFT
+RX_ENC_FLAG_STBC_SHIFT
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
Kalle Valo says:
====================
wireless-drivers-next patches for 4.12
Quite a lot of patches for rtlwifi and iwlwifi this time, but changes
also for other active wireless drivers.
Major changes:
ath9k
* add support for Dell Wireless 1601 PCI device
* add debugfs file to manually override noise floor
ath10k
* bump up FW API to 6 for a new QCA6174 firmware branch
wil6210
* support 8 kB RX buffers
iwlwifi
* work to support A000 devices continues
* add support for FW API 30
* add Geographical and Dynamic Specific Absorption Rate (SAR) support
* support a few new PCI device IDs
rtlwifi
* work on adding Bluetooth coexistance support, not finished yet
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
Johannes Berg says:
====================
My last pull request has been a while, we now have:
* connection quality monitoring with multiple thresholds
* support for FILS shared key authentication offload
* pre-CAC regulatory compliance - only ETSI allows this
* sanity check for some rate confusion that hit ChromeOS
(but nobody else uses it, evidently)
* some documentation updates
* lots of cleanups
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Introduce a debugfs option to manually override the noise floor,
ignoring the automatically tuned noise floor of the driver/hw.
In my tests with a AR9580 based module and a tx99 5 MHz interferer,
I could tune the noisefloor to -95 dBm or above to allow communication
again. The automatic noise floor calibration sometimes could adapt to
the situation as well, but not reliably and permanently.
I would consider this "feature" experimental and interesting for people
debugging the noise floor calibration or other effects of the hardware.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fit.fraunhofer.de>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The macro results are assigned to u8 variables/fields. Adding the cast
fixes plenty of clang warnings about "implicit conversion from 'int' to
'u8'".
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Add the Dell Wireless 1601 card as an AR9462 in the ath9k pci list.
Note that the wowlan feature is supported and has been tested
successfully.
Signed-off-by: Damien Thébault <damien@dtbo.net>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The > should be >= or we read one space beyond the end of the array.
Fixes: ab5c4f71d8c7 ("ath9k: allow to load EEPROM content via firmware API")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer or accessing memory beyond the endpoint array should a
malicious device lack the expected endpoints.
Fixes: 36bcce430657 ("ath9k_htc: Handle storage devices")
Cc: stable <stable@vger.kernel.org> # 2.6.39+
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Doing so enables the FFT generation without prior
configuration, leading to an IRQ storm caused by
invalid (or at least unwanted) PHY errors.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
T: Bus=01 Lev=02 Prnt=02 Port=02 Cnt=01 Dev#= 7 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=ff Prot=ff MxPS=64 #Cfgs= 1
P: Vendor=1eda ProdID=2315 Rev=01.08
S: Manufacturer=ATHEROS
S: Product=USB2.0 WLAN
S: SerialNumber=12345
C: #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 6 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Set the NL80211_EXT_FEATURE_CQM_RSSI_LIST wiphy extended feature
wholesale in all mac80211-based drivers that do not set the
IEEE80211_VIF_BEACON_FILTER flags on their interfaces. mac80211 will
be processing supplied RSSI values in ieee80211_rx_mgmt_beacon and
will detect when the thresholds set by
ieee80211_set_cqm_rssi_range_config are crossed. Remaining (few)
drivers need code to enable the firmware to monitor the thresholds.
This is mostly only compile-tested.
Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Fix typos and add the following to the scripts/spelling.txt:
aligment||alignment
I did not touch the "N_BYTE_ALIGMENT" macro in
drivers/net/wireless/realtek/rtlwifi/wifi.h to avoid unpredictable
impact.
I fixed "_aligment_handler" in arch/openrisc/kernel/entry.S because
it is surrounded by #if 0 ... #endif. It is surely safe and I
confirmed "_alignment_handler" is correct.
I also fixed the "controler" I found in the same hunk in
arch/openrisc/kernel/head.S.
Link: http://lkml.kernel.org/r/1481573103-11329-8-git-send-email-yamada.masahiro@socionext.com
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
This patch fixes the OTP register definitions for the AR934x and AR9550
WMAC SoC.
Previously, the ath9k driver was unable to initialize the integrated
WMAC on an Aerohive AP121:
| ath: phy0: timeout (1000 us) on reg 0x30018: 0xbadc0ffe & 0x00000007 != 0x00000004
| ath: phy0: timeout (1000 us) on reg 0x30018: 0xbadc0ffe & 0x00000007 != 0x00000004
| ath: phy0: Unable to initialize hardware; initialization status: -5
| ath9k ar934x_wmac: failed to initialize device
| ath9k: probe of ar934x_wmac failed with error -5
It turns out that the AR9300_OTP_STATUS and AR9300_OTP_DATA
definitions contain a typo.
Cc: Gabor Juhos <juhosg@openwrt.org>
Cc: stable@vger.kernel.org
Fixes: add295a4afbdf5852d0 "ath9k: use correct OTP register offsets for AR9550"
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The relayfs was changed to use per CPU constructs to handle the rchan
buffers. But the users of the rchan buffers in other parts of the kernel
were not modified. This caused crashes like
BUG: unable to handle kernel paging request at 00003a5198a0b910
IP: [<ffffffffa973cb3a>] ath_cmn_process_fft+0xea/0x610
PGD 0 [ 179.522449]
Oops: 0000 [#1] SMP
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.0-rc5 #1
[...]
Call Trace:
<IRQ> [ 179.656426] [<ffffffffa9704373>] ? ath_rx_tasklet+0x2f3/0xd10
[<ffffffffa9702106>] ? ath9k_tasklet+0x1b6/0x230
[<ffffffffa90dcbd1>] ? tasklet_action+0xf1/0x100
[<ffffffffa9a3cb3f>] ? __do_softirq+0xef/0x284
[<ffffffffa90dd22e>] ? irq_exit+0xae/0xb0
[<ffffffffa9a3c89f>] ? do_IRQ+0x4f/0xd0
[<ffffffffa9a3aa42>] ? common_interrupt+0x82/0x82
<EOI> [ 179.703152] [<ffffffffa9a39c1d>] ? poll_idle+0x2d/0x57
[<ffffffffa908c845>] ? sched_clock+0x5/0x10
[<ffffffffa97bc8d6>] ? cpuidle_enter_state+0xf6/0x2d0
[<ffffffffa911988e>] ? cpu_startup_entry+0x14e/0x230
[<ffffffffaa3cdf70>] ? start_kernel+0x461/0x481
[<ffffffffaa3cd120>] ? early_idt_handler_array+0x120/0x120
[<ffffffffaa3cd413>] ? x86_64_start_kernel+0x14c/0x170
Code: 31 db 41 be ff ff ff ff 4c 8b 26 48 8b 6e 08 49 8b 84 24 60 05 00
00 48 8b 00 0f b7 40 04 66 89 44 24 48 eb 11 48 8b 55 40 48 98 <48>
8b 3c c2 e8 ad a0 a4 ff 01 c3 41 8d 56 01 be 00 02 00 00 48
RIP [<ffffffffa973cb3a>] ath_cmn_process_fft+0xea/0x610
RSP <ffff9b43e7003d20>
CR2: 00003a5198a0b910
Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers")
Cc: Akash Goel <akash.goel@intel.com>
Cc: Nick Kossifidis <mickflemm@gmail.com>
Reported-by: Mathias Kretschmer <mathias.kretschmer@fit.fraunhofer.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
ath_tx_count_airtime is doing a lot of unnecessary work:
- Redundant station lookup
- Redundant rcu_read_lock/unlock
- Useless memcpy of bf->rates
- Useless NULL check of bf->bf_mpdu
- Redundant lookup of the skb tid
Additionally, it tries to look up the mac80211 queue index from the txq,
which fails if the frame was delivered via the power save queue.
This patch fixes all of these issues by passing down the right set of
pointers instead of doing extra work
Cc: stable@vger.kernel.org
Fixes: 63fefa050477 ("ath9k: Introduce airtime fairness scheduling between stations")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The code currently relies on refcounting to disable IRQs from within the
IRQ handler and re-enabling them again after the tasklet has run.
However, due to race conditions sometimes the IRQ handler might be
called twice, or the tasklet may not run at all (if interrupted in the
middle of a reset).
This can cause nasty imbalances in the irq-disable refcount which will
get the driver permanently stuck until the entire radio has been stopped
and started again (ath_reset will not recover from this).
Instead of using this fragile logic, change the code to ensure that
running the irq handler during tasklet processing is safe, and leave the
refcount untouched.
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
In an RFC patch, Sven Eckelmann and Simon Wunderlich reported:
"QCA 802.11n chips (especially AR9330/AR9340) sometimes end up in a
state in which a read of AR_CFG always returns 0xdeadbeef.
This should not happen when when the power_mode of the device is
ATH9K_PM_AWAKE."
Include the check for the default register state in the existing MAC
hang check.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Also include common MAC alive check. This should make the hang checks
more reliable for modes where beacons are not sent and is used as a
starting point for further hang check improvements
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Currently, the common ath9k_common module needs to have a
dependency on RELAY and DEBUG_FS in order to built. This
is usually not a problem. But for RAM and FLASH starved
AR71XX devices, every little bit counts.
This patch adds a new symbol CONFIG_ATH9K_COMMON_DEBUG
which makes it possible to drop the RELAY and DEBUG_FS
dependency there and move it to ATH_(HTC)_DEBUGFS.
Note: The shared FFT/spectral code (which is the only user
of the relayfs in ath9k*) needs DEBUG_FS to export the relayfs
interface to dump the data to userspace. So it makes no sense
to have the functions compiled in, if DEBUG_FS is not there.
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Trivial fix to spelling mistake in ath_err message
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't currently harmful.
However, for some new features (e.g. KTSAN / Kernel Thread Sanitizer),
it is necessary to instrument reads and writes separately, which is not
possible with ACCESS_ONCE(). This distinction is critical to correct
operation.
It's possible to transform the bulk of kernel code using the Coccinelle
script below. However, for some files (including the ath9k ar9003 mac
driver), this mangles the formatting. As a preparatory step, this patch
converts the driver to use {READ,WRITE}_ONCE() without said mangling.
----
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: ath9k-devel@qca.qualcomm.com
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Cc: ath9k-devel@lists.ath9k.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't currently harmful.
However, for some new features (e.g. KTSAN / Kernel Thread Sanitizer),
it is necessary to instrument reads and writes separately, which is not
possible with ACCESS_ONCE(). This distinction is critical to correct
operation.
It's possible to transform the bulk of kernel code using the Coccinelle
script below. However, for some files (including the ath9k ar9002 mac
driver), this mangles the formatting. As a preparatory step, this patch
converts the driver to use {READ,WRITE}_ONCE() without said mangling.
----
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: ath9k-devel@qca.qualcomm.com
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Cc: ath9k-devel@lists.ath9k.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
Kalle Valo says:
====================
wireless-drivers-next patches for 4.11
The most notable change here is the inclusion of airtime fairness
scheduling to ath9k. It prevents slow clients from hogging all the
airtime and unfairly slowing down faster clients.
Otherwise smaller changes and cleanup.
Major changes:
ath9k
* cleanup eeprom endian handling
* add airtime fairness scheduling
ath10k
* fix issues for new QCA9377 firmware version
* support dev_coredump() for firmware crash dump
* enable channel 169 on 5 GHz band
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Starting with commit d94a461d7a7d ("ath9k: use ieee80211_tx_status_noskb
where possible") the driver uses rcu_read_lock() && rcu_read_unlock(), yet on
returning early in ath_tx_edma_tasklet() the unlock is missing leading to stalls
and suspicious RCU usage:
===============================
[ INFO: suspicious RCU usage. ]
4.9.0-rc8 #11 Not tainted
-------------------------------
kernel/rcu/tree.c:705 Illegal idle entry in RCU read-side critical section.!
other info that might help us debug this:
RCU used illegally from idle CPU!
rcu_scheduler_active = 1, debug_locks = 0
RCU used illegally from extended quiescent state!
1 lock held by swapper/7/0:
#0:
(
rcu_read_lock
){......}
, at:
[<ffffffffa06ed110>] ath_tx_edma_tasklet+0x0/0x450 [ath9k]
stack backtrace:
CPU: 7 PID: 0 Comm: swapper/7 Not tainted 4.9.0-rc8 #11
Hardware name: Acer Aspire V3-571G/VA50_HC_CR, BIOS V2.21 12/16/2013
ffff88025efc3f38 ffffffff8132b1e5 ffff88017ede4540 0000000000000001
ffff88025efc3f68 ffffffff810a25f7 ffff88025efcee60 ffff88017edebdd8
ffff88025eeb5400 0000000000000091 ffff88025efc3f88 ffffffff810c3cd4
Call Trace:
<IRQ>
[<ffffffff8132b1e5>] dump_stack+0x68/0x93
[<ffffffff810a25f7>] lockdep_rcu_suspicious+0xd7/0x110
[<ffffffff810c3cd4>] rcu_eqs_enter_common.constprop.85+0x154/0x200
[<ffffffff810c5a54>] rcu_irq_exit+0x44/0xa0
[<ffffffff81058631>] irq_exit+0x61/0xd0
[<ffffffff81018d25>] do_IRQ+0x65/0x110
[<ffffffff81672189>] common_interrupt+0x89/0x89
<EOI>
[<ffffffff814ffe11>] ? cpuidle_enter_state+0x151/0x200
[<ffffffff814ffee2>] cpuidle_enter+0x12/0x20
[<ffffffff8109a6ae>] call_cpuidle+0x1e/0x40
[<ffffffff8109a8f6>] cpu_startup_entry+0x146/0x220
[<ffffffff810336f8>] start_secondary+0x148/0x170
Signed-off-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de>
Fixes: d94a461d7a7d ("ath9k: use ieee80211_tx_status_noskb where possible")
Cc: <stable@vger.kernel.org> # v4.9
Acked-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Tested-by: Gabriel Craciunescu <nix.or.die@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
