| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
In free run mode, this WLAN info updating is only related to AFH
information, not related to the connection state, which is the current
implementation.
Always update WLAN info in free run mode now.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201126021059.11981-5-pkshih@realtek.com
|
|
Update A2DP+PAN+WL mechanism for CPT(Coexistence Performance Test) to
enhance WL/BT performance at the environment that some specific AP are
existing.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201126021059.11981-4-pkshih@realtek.com
|
|
Add message for debugging usage and the program flow is no change.
Add a variable reserved for WLAN firmware synchronize.
Add a group of variable to save BT packet counter, it will be
assigned as mechanism judgment in the future. Now it is just for
debug usage.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201126021059.11981-3-pkshih@realtek.com
|
|
When WLAN entering or leaving, it's necessary to run coexistence mechanism
to ensure the setting matched current status.
Without calling rtw_coex_run_coex(), WLAN poor throughput or bad A2DP
quality may happen.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201126021059.11981-2-pkshih@realtek.com
|
|
This reverts commit 28606150768a20b291a35dbbbb0ab4dd7d4739db.
Since actually Buffalo WI-U3-866D is falied to power on with the change.
The rtl8812au driver code to power on is same with the rtl8821a code.
But the rtl8821ae included rtl8821a does not support USB interface.
So seems that rtl8812au should be supported by rt1l8821a code with USB.
Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201121003411.9450-1-ikegami.t@gmail.com
|
|
Currently 'while (q->queued > 0)' loop was removed from mt76u_stop_tx()
code. This causes crash on device removal as we try to cleanup empty
queue:
[ 96.495571] kernel BUG at include/linux/skbuff.h:2297!
[ 96.498983] invalid opcode: 0000 [#1] SMP PTI
[ 96.501162] CPU: 3 PID: 27 Comm: kworker/3:0 Not tainted 5.10.0-rc5+ #11
[ 96.502754] Hardware name: LENOVO 20DGS08H00/20DGS08H00, BIOS J5ET48WW (1.19 ) 08/27/2015
[ 96.504378] Workqueue: usb_hub_wq hub_event
[ 96.505983] RIP: 0010:skb_pull+0x2d/0x30
[ 96.507576] Code: 00 00 8b 47 70 39 c6 77 1e 29 f0 89 47 70 3b 47 74 72 17 48 8b 87 c8 00 00 00 89 f6 48 01 f0 48 89 87 c8 00 00 00 c3 31 c0 c3 <0f> 0b 90 0f 1f 44 00 00 53 48 89 fb 48 8b bf c8 00 00 00 8b 43 70
[ 96.509296] RSP: 0018:ffffb11b801639b8 EFLAGS: 00010287
[ 96.511038] RAX: 000000001c6939ed RBX: ffffb11b801639f8 RCX: 0000000000000000
[ 96.512964] RDX: ffffb11b801639f8 RSI: 0000000000000018 RDI: ffff90c64e4fb800
[ 96.514710] RBP: ffff90c654551ee0 R08: ffff90c652bce7a8 R09: ffffb11b80163728
[ 96.516450] R10: 0000000000000001 R11: 0000000000000001 R12: ffff90c64e4fb800
[ 96.519749] R13: 0000000000000010 R14: 0000000000000020 R15: ffff90c64e352ce8
[ 96.523455] FS: 0000000000000000(0000) GS:ffff90c96eec0000(0000) knlGS:0000000000000000
[ 96.527171] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 96.530900] CR2: 0000242556f18288 CR3: 0000000146a10002 CR4: 00000000003706e0
[ 96.534678] Call Trace:
[ 96.538418] mt76x02u_tx_complete_skb+0x1f/0x50 [mt76x02_usb]
[ 96.542231] mt76_queue_tx_complete+0x23/0x50 [mt76]
[ 96.546028] mt76u_stop_tx.cold+0x71/0xa2 [mt76_usb]
[ 96.549797] mt76x0u_stop+0x2f/0x90 [mt76x0u]
[ 96.553638] drv_stop+0x33/0xd0 [mac80211]
[ 96.557449] ieee80211_do_stop+0x558/0x860 [mac80211]
[ 96.561262] ? dev_deactivate_many+0x298/0x2d0
[ 96.565101] ieee80211_stop+0x16/0x20 [mac80211]
Fix that by adding while loop again. We need loop, not just single
check, to clean all pending entries.
Additionally move mt76_worker_disable/enable after !mt76_has_tx_pending()
as we want to tx_worker to run to process tx queues, while we wait for
exactly that.
I was a bit worried about accessing q->queued without lock, but
mt76_worker_disable() -> kthread_park() should assure this value will
be seen updated on other cpus.
Fixes: fe5b5ab52e9d ("mt76: unify queue tx cleanup code")
Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201126125520.72912-1-stf_xl@wp.pl
|
|
Some subsytem device IDs were missing from the list, so some AX210
devices were not recognized. Add them.
Signed-off-by: Golan Ben Ami <golan.ben.ami@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/iwlwifi.20201202143859.a06ba7540449.I7390305d088a49c1043c9b489154fe057989c18f@changeid
Link: https://lore.kernel.org/r/20201121003411.9450-1-ikegami.t@gmail.com
|
|
The NO_160 flag specifies if the device doesn't have 160 MHz support,
but we errorneously assumed the opposite. If the flag was set, we
were considering that 160 MHz was supported, but it's actually the
opposite. Fix it by inverting the bits, i.e. NO_160 is 0x1 and 160
is 0x0.
Fixes: d6f2134a3831 ("iwlwifi: add mac/rf types and 160MHz to the device tables")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/iwlwifi.20201202143859.375bec857ccb.I83884286b688965293e9810381808039bd7eedae@changeid
|
|
The 0x0024 subsytem device ID was missing from the list, so some AX210
devices were not recognized. Add it.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/iwlwifi.20201202143859.308eab4db42c.I3763196cd3f7bb36f3dcabf02ec4e7c4fe859c0f@changeid
|
|
After enabling CONFIG_DMA_API_DEBUG there was a warning about using
dma_unmap_single() in wrong direction from ath11k_dp_rx_process_mon_status().
[ 140.279477] ------------[ cut here ]------------
[ 140.279908] DMA-API: ath11k_pci 0000:06:00.0: device driver syncs DMA memory with different direction [device address=0x00000000fac08a40] [size=2176 bytes] [mapped with DMA_FROM_DEVICE] [s
[ 140.279925] WARNING: CPU: 7 PID: 97 at kernel/dma/debug.c:1120 check_sync+0x494/0x730
[ 140.279939] Modules linked in: ath11k_pci ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns nvme nvme_core
[ 140.279958] CPU: 7 PID: 97 Comm: kworker/u16:1 Not tainted 5.10.0-rc4+ #262
[ 140.279968] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018
[ 140.279995] Workqueue: phy0 ieee80211_scan_work [mac80211]
[ 140.280009] RIP: 0010:check_sync+0x494/0x730
[ 140.280022] Code: 8b 4c 24 10 4c 8b 44 24 18 4c 8b 54 24 20 48 89 c6 4c 89 54 24 10 4c 89 f9 4c 89 ea 48 c7 c7 40 b9 74 9c 41 56 e8 2f a0 ab 00 <0f> 0b 48 89 ef e8 e5 17 ac 00 41 58 4c 8b
[ 140.280033] RSP: 0018:ffff9f588024cbd8 EFLAGS: 00010086
[ 140.280046] RAX: 0000000000000000 RBX: ffff9f588024cc40 RCX: ffff8eed18dd9f98
[ 140.280057] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8eed18dd9f90
[ 140.280067] RBP: ffff8eebc1407800 R08: 00000000ffffffea R09: 0000000000000000
[ 140.280082] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffffffff9e081060
[ 140.280093] R13: ffff8eebc43908b0 R14: ffffffff9c74c104 R15: 00000000fac08a40
[ 140.280104] FS: 0000000000000000(0000) GS:ffff8eed18c00000(0000) knlGS:0000000000000000
[ 140.280115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 140.280127] CR2: 00007f6feafb12a0 CR3: 00000001604ca001 CR4: 00000000003706e0
[ 140.280138] Call Trace:
[ 140.280149] <IRQ>
[ 140.280161] debug_dma_sync_single_for_cpu+0x79/0x80
[ 140.280173] ? mark_held_locks+0x50/0x80
[ 140.280185] ? lockdep_hardirqs_on_prepare.part.0+0x65/0x130
[ 140.280197] ? __local_bh_enable_ip+0x6f/0xb0
[ 140.280215] ? ath11k_dp_rx_reap_mon_status_ring+0x202/0x340 [ath11k]
[ 140.280231] ath11k_dp_rx_reap_mon_status_ring+0x22c/0x340 [ath11k]
[ 140.280249] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k]
[ 140.280265] ath11k_dp_rx_process_mon_status+0x83/0x3c0 [ath11k]
[ 140.280278] ? __lock_acquire+0x3bd/0x6d0
[ 140.280296] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k]
[ 140.280311] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k]
[ 140.280326] ? ath11k_hw_mac_id_to_srng_id_qca6390+0x10/0x10 [ath11k]
[ 140.280341] ? ath11k_dp_rx_process_mon_rings+0x4a/0x1a0 [ath11k]
[ 140.280353] ? timer_fixup_init+0x30/0x30
[ 140.280367] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k]
[ 140.280385] ath11k_dp_service_mon_ring+0x2b/0x50 [ath11k]
[ 140.280400] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k]
[ 140.280413] call_timer_fn+0xb1/0x2d0
[ 140.280426] __run_timers.part.0+0x205/0x2f0
[ 140.280439] run_timer_softirq+0x21/0x50
[ 140.280450] __do_softirq+0xc2/0x454
[ 140.280463] asm_call_irq_on_stack+0x12/0x20
[ 140.280476] </IRQ>
[ 140.280488] do_softirq_own_stack+0x56/0x60
[ 140.280500] irq_exit_rcu+0x9a/0xd0
[ 140.280511] sysvec_apic_timer_interrupt+0x43/0xa0
[ 140.280526] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 140.280540] RIP: 0010:_raw_spin_unlock_irqrestore+0x25/0x40
[ 140.280551] Code: 80 00 00 00 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 ca 8f 4b ff 48 89 ef e8 22 dc 4b ff f6 c7 02 75 0c 53 9d <65> ff 0d 04 51 20 64 5b 5d c3 e8 9c 08 56
[ 140.280563] RSP: 0018:ffff9f58802e7878 EFLAGS: 00000246
[ 140.280578] RAX: 00000000000435ef RBX: 0000000000000246 RCX: 0000000000000040
[ 140.280592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9be13e84
[ 140.280603] RBP: ffff8eed18dde480 R08: 0000000000000001 R09: ffff8eebc2292760
[ 140.280614] R10: 0000000000000005 R11: ffff8eebc2292760 R12: 0000000000000000
[ 140.280625] R13: ffff9f58802e7900 R14: ffff8eed18dde480 R15: ffff8eed18dde480
[ 140.280637] ? _raw_spin_unlock_irqrestore+0x34/0x40
[ 140.280649] __mod_timer+0x274/0x400
[ 140.280661] ? wait_for_completion_timeout+0x76/0x110
[ 140.280675] schedule_timeout+0xa8/0x140
[ 140.280687] ? __next_timer_interrupt+0x100/0x100
[ 140.280698] wait_for_completion_timeout+0xa2/0x110
[ 140.280714] ath11k_start_scan+0x4c/0xf0 [ath11k]
[ 140.280730] ath11k_mac_op_hw_scan+0x1e9/0x2c0 [ath11k]
[ 140.280763] drv_hw_scan+0x79/0x260 [mac80211]
[ 140.280789] __ieee80211_scan_completed+0x379/0x440 [mac80211]
[ 140.280816] ieee80211_scan_work+0x12f/0x330 [mac80211]
[ 140.280830] process_one_work+0x279/0x5b0
[ 140.280842] worker_thread+0x49/0x300
[ 140.280854] ? process_one_work+0x5b0/0x5b0
[ 140.280868] kthread+0x135/0x150
[ 140.280880] ? __kthread_bind_mask+0x60/0x60
[ 140.280891] ret_from_fork+0x22/0x30
[ 140.280903] irq event stamp: 275961
[ 140.280918] hardirqs last enabled at (275960): [<ffffffff9b270f1f>] __local_bh_enable_ip+0x6f/0xb0
[ 140.280931] hardirqs last disabled at (275961): [<ffffffff9be13ca3>] _raw_spin_lock_irqsave+0x63/0x80
[ 140.280946] softirqs last enabled at (275944): [<ffffffffc055288d>] ath11k_ce_send+0x14d/0x260 [ath11k]
[ 140.280958] softirqs last disabled at (275953): [<ffffffff9c000f72>] asm_call_irq_on_stack+0x12/0x20
[ 140.280971] ---[ end trace 31cb94e18d401398 ]---
Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1606156046-24764-1-git-send-email-kvalo@codeaurora.org
|
|
This commit updates the BMPS exit path to be consistent with downstream in
terms of exiting BMPS mode. Downstream sets the flag to send a NULL data
frame to the host on exiting BMPS.
This will tell the AP to send any queued frames to the STA immediately.
Verified the relevant bit toggle in wireshark.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201120021403.2646574-2-bryan.odonoghue@linaro.org
|
|
qmi_msg_handler[] and ath10k_qmi_ops are only used as input arguments
to qmi_handle_init() which accepts const pointers to both qmi_ops and
qmi_msg_handler. Make them const to allow the compiler to put them in
read-only memory.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201122234031.33432-3-rikard.falkeborn@gmail.com
|
|
Should an error occur after calling 'ath10k_usb_create()', it should be
undone by a corresponding 'ath10k_usb_destroy()' call
Fixes: 4db66499df91 ("ath10k: add initial USB support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201122170358.1346065-1-christophe.jaillet@wanadoo.fr
|
|
If 'ath10k_usb_create()' fails, we should release some resources and report
an error instead of silently continuing.
Fixes: 4db66499df91 ("ath10k: add initial USB support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201122170342.1346011-1-christophe.jaillet@wanadoo.fr
|
|
The wmi service available event has been
extended to contain extra 128 bit for new services
to be indicated by firmware.
Currently the presence of any optional TLVs in
the wmi service available event leads to a parsing
error with the below error message:
ath10k_snoc 18800000.wifi: failed to parse svc_avail tlv: -71
The wmi service available event parsing should
not return error for the newly added optional TLV.
Fix this parsing for service available event message.
Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.2.2-00720-QCAHLSWMTPL-1
Fixes: cea19a6ce8bf ("ath10k: add WMI_SERVICE_AVAILABLE_EVENT support")
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605501291-23040-1-git-send-email-pillair@codeaurora.org
|
|
If 'kzalloc' fails, we must return an error code.
While at it, remove a useless initialization of 'err' which could hide the
issue.
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201122173943.1366167-1-christophe.jaillet@wanadoo.fr
|
|
It is rather easy to add more entries to ath11k_skb_cb while forgetting the
size limit of ieee80211_tx_info->driver_data. So just check this during the
build to reduce the change of accidental buffer overflow in the skbuff->cb.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-3-sven@narfation.org
|
|
It was observed that the codepath for the ATH11K_SKB_HW_80211_ENCAP was
used even when the IEEE80211_TX_CTRL_HW_80211_ENCAP was not enabled for a
an skbuff. This became even more prominent when the QCAs wlan-open patchset
for ath11k [1] was applied and a sane looking fix just caused crashes when
injecting frames via a monitor interface (for example with ratechecker):
[ 86.963152] Unable to handle kernel NULL pointer dereference at virtual address 00000338
[ 86.963192] pgd = ffffffc0008f0000
[ 86.971034] [00000338] *pgd=0000000051706003, *pud=0000000051706003, *pmd=0000000051707003, *pte=00e800000b000707
[ 86.984292] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[...]
[ 87.713339] [<ffffffbffc802480>] ieee80211_tx_status_8023+0xf8/0x220 [mac80211]
[ 87.715654] [<ffffffbffc98bad4>] ath11k_dp_tx_completion_handler+0x42c/0xa10 [ath11k]
[ 87.722924] [<ffffffbffc989190>] ath11k_dp_service_srng+0x70/0x3c8 [ath11k]
[ 87.730831] [<ffffffbffca03460>] 0xffffffbffca03460
[ 87.737599] [<ffffffc00046ef58>] net_rx_action+0xf8/0x288
[ 87.742462] [<ffffffc000097554>] __do_softirq+0xfc/0x220
[ 87.748014] [<ffffffc000097900>] irq_exit+0x98/0xe8
[ 87.753396] [<ffffffc0000cf188>] __handle_domain_irq+0x90/0xb8
[ 87.757999] [<ffffffc000081ca4>] gic_handle_irq+0x6c/0xc8
[ 87.763899] Exception stack(0xffffffc00081bdc0 to 0xffffffc00081bef0)
Problem is that the state of ath11k_skb_cb->flags must be considered
unknown and could contain anything when it is not manually initialized. So
it could also contain ATH11K_SKB_HW_80211_ENCAP. And this can result in the
code to assume that the ath11k_skb_cb->vif is set - even when this is not
always the case for non ATH11K_SKB_HW_80211_ENCAP transmissions.
Tested-on: IPQ8074 hw2.0 WLAN.HK.2.4.0.1.r1-00026-QCAHKSWPL_SILICONZ-2
[1] https://source.codeaurora.org/quic/qsdk/oss/system/feeds/wlan-open/tree/mac80211/patches?h=NHSS.QSDK.11.4.r3
(162 patches at the moment which are often not upstreamed but essential
to get ath11k working)
Fixes: e7f33e0c52c0 ("ath11k: add tx hw 802.11 encapsulation offloading support")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-2-sven@narfation.org
|
|
The driver_data area of ieee80211_tx_info is used in ath11k for
ath11k_skb_cb. The first function in the TX patch which rewrites it to
ath11k_skb_cb is already ath11k_mac_op_tx. No one else in the code path
must use it for something else before it reinitializes it. Otherwise the
data has to be considered uninitialized or corrupt.
But the ieee80211_tx_info.control shares exactly the same area as
ieee80211_tx_info.driver_data and ath11k is still using it. This results in
best case in a
ath11k c000000.wifi1: no vif found for mgmt frame, flags 0x0
or (slightly worse) in a kernel oops.
Instead, the interesting data must be moved first into the ath11k_skb_cb
and ieee80211_tx_info.control must then not be used anymore.
Tested-on: IPQ8074 hw2.0 WLAN.HK.2.4.0.1.r1-00026-QCAHKSWPL_SILICONZ-2
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-1-sven@narfation.org
|
|
Trivial conflict in CAN, keep the net-next + the byteswap wrapper.
Conflicts:
drivers/net/can/usb/gs_usb.c
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
|
Unused structure ath11k_vdev_stop_status is removed.
'ath11k_mac_get_ar_vdev_stop_status' api has been replaced
with 'ath11k_mac_get_ar_by_vdev_id' inside vdev_stopped_event.
Signed-off-by: Ritesh Singh <ritesi@codeaurora.org>
Signed-off-by: Maharaja Kennadyrajan <mkenna@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605514143-17652-4-git-send-email-mkenna@codeaurora.org
|
|
Peer creation in firmware fails, if last peer deletion
is still in progress.
Hence, add wait for the event after deleting every peer
from host driver to synchronize with firmware.
Signed-off-by: Ritesh Singh <ritesi@codeaurora.org>
Signed-off-by: Maharaja Kennadyrajan <mkenna@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605514143-17652-3-git-send-email-mkenna@codeaurora.org
|
|
When the interface is added immediately after removing the
interface, vdev deletion in firmware might not have been
completed.
Hence, add vdev_delete_resp_event and wait_event_timeout
to synchronize with firmware.
Signed-off-by: Ritesh Singh <ritesi@codeaurora.org>
Signed-off-by: Maharaja Kennadyrajan <mkenna@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605514143-17652-2-git-send-email-mkenna@codeaurora.org
|
|
This is an immutable branch from mhi tree for handling an API change in MHI
subsystem and minimise conflicts between ath and mhi trees.
|
|
Add the missing destroy_workqueue() before return from
cw1200_init_common in the error handling case.
Fixes: a910e4a94f69 ("cw1200: add driver for the ST-E CW1100 & CW1200 WLAN chipsets")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119070842.1011-1-miaoqinglang@huawei.com
|
|
The REG_PORT is defined twice, so remove one of them.
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119101204.72fd5f0a@xhacker.debian
|
|
In rtl8723e_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 531:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 534, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 535:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015218.12220-1-baijiaju1990@gmail.com
|
|
In rtl92de_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 667:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 669, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 670:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015205.12162-1-baijiaju1990@gmail.com
|
|
In rtl92ce_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 530:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 533, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 534:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015151.12110-1-baijiaju1990@gmail.com
|
|
In rtl88ee_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 677:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 680, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 681:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015127.12033-1-baijiaju1990@gmail.com
|
|
In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple
warnings by explicitly adding multiple break statements instead of
letting the code fall through to the next case.
Link: https://github.com/KSPP/linux/issues/115
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201117160958.GA18807@embeddedor
|
|
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: 17ff2c794f39 ("rsi: reset device changes for 9116")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605582454-39649-1-git-send-email-zhangchangzhong@huawei.com
|
|
bindex can be out of BA window (64):
tid 0 seq 2983, start_seq 2915, bindex 68, index 39
tid 0 seq 2984, start_seq 2915, bindex 69, index 40
tid 0 seq 2985, start_seq 2915, bindex 70, index 41
tid 0 seq 2986, start_seq 2915, bindex 71, index 42
tid 0 seq 2879, start_seq 2915, bindex 4060, index 63
tid 0 seq 2854, start_seq 2915, bindex 4035, index 38
tid 0 seq 2795, start_seq 2915, bindex 3976, index 43
tid 0 seq 2989, start_seq 2924, bindex 65, index 45
tid 0 seq 2992, start_seq 2924, bindex 68, index 48
tid 0 seq 2993, start_seq 2924, bindex 69, index 49
tid 0 seq 2994, start_seq 2924, bindex 70, index 50
tid 0 seq 2997, start_seq 2924, bindex 73, index 53
tid 0 seq 2795, start_seq 2941, bindex 3950, index 43
tid 0 seq 2921, start_seq 2941, bindex 4076, index 41
tid 0 seq 2929, start_seq 2941, bindex 4084, index 49
tid 0 seq 3011, start_seq 2946, bindex 65, index 3
tid 0 seq 3012, start_seq 2946, bindex 66, index 4
tid 0 seq 3013, start_seq 2946, bindex 67, index 5
In result isset() will try to dereference something on the stack,
causing panics:
BUG: unable to handle page fault for address: ffffa742800ed01f
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 6a4e9067 P4D 6a4e9067 PUD 6a4ec067 PMD 6a4ed067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Not tainted 5.8.5-arch1-1-kdump #1
Hardware name: Apple Inc. MacBookAir3,1/Mac-942452F5819B1C1B, BIOS MBA31.88Z.0061.B07.1201241641 01/24/12
RIP: 0010:brcms_c_ampdu_dotxstatus+0x343/0x9f0 [brcmsmac]
Code: 54 24 20 66 81 e2 ff 0f 41 83 e4 07 89 d1 0f b7 d2 66 c1 e9 03 0f b7 c9 4c 8d 5c 0c 48 49 8b 4d 10 48 8b 79 68 41 57 44 89 e1 <41> 0f b6 33 41 d3 e0 48 c7 c1 38 e0 ea c0 48 83 c7 10 44 21 c6 4c
RSP: 0018:ffffa742800ecdd0 EFLAGS: 00010207
RAX: 0000000000000019 RBX: 000000000000000b RCX: 0000000000000006
RDX: 0000000000000ffe RSI: 0000000000000004 RDI: ffff8fc6ad776800
RBP: ffff8fc6855acb00 R08: 0000000000000001 R09: 00000000000005d9
R10: 00000000fffffffe R11: ffffa742800ed01f R12: 0000000000000006
R13: ffff8fc68d75a000 R14: 00000000000005db R15: 0000000000000019
FS: 0000000000000000(0000) GS:ffff8fc6aad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffa742800ed01f CR3: 000000002480a000 CR4: 00000000000406e0
Call Trace:
<IRQ>
brcms_c_dpc+0xb46/0x1020 [brcmsmac]
? wlc_intstatus+0xc8/0x180 [brcmsmac]
? __raise_softirq_irqoff+0x1a/0x80
brcms_dpc+0x37/0xd0 [brcmsmac]
tasklet_action_common.constprop.0+0x51/0xb0
__do_softirq+0xff/0x340
? handle_level_irq+0x1a0/0x1a0
asm_call_on_stack+0x12/0x20
</IRQ>
do_softirq_own_stack+0x5f/0x80
irq_exit_rcu+0xcb/0x120
common_interrupt+0xd1/0x200
asm_common_interrupt+0x1e/0x40
RIP: 0010:cpuidle_enter_state+0xb3/0x420
Check if the block is within BA window and only then check block's
status. Otherwise as Behan wrote: "When I came back to Dublin I
was courtmartialed in my absence and sentenced to death in my absence,
so I said they could shoot me in my absence."
Also reported:
https://bbs.archlinux.org/viewtopic.php?id=258428
https://lore.kernel.org/linux-wireless/87tuwgi92n.fsf@yujinakao.com/
Reported-by: Yuji Nakao <contact@yujinakao.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201116030635.645811-1-dima@arista.com
|
|
The left-hand side of the assignment from cpu_to_le32() should be of
type __le32. This commit clears the warning reported by sparse when
building with C=1 CF="-D__CHECK_ENDIAN__".
Fixes: d56fd83cf99c ("brcmfmac: fix SDIO access for big-endian host")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Remi Depommier <rde@setrix.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201116001639.31958-1-rde@setrix.com
|
|
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: b7da53cd6cd1 ("qtnfmac_pcie: use single PCIe driver for all platforms")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201114123347.29632-1-wanghai38@huawei.com
|
|
The variable u4tmp is overwritten by the following call and the assignment
is useless, so remove it.
Reported-by: Tosk Robot <tencent_os_robot@tencent.com>
Signed-off-by: Kaixu Xia <kaixuxia@tencent.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605332735-9648-1-git-send-email-kaixuxia@tencent.com
|
|
ezusb_read_ltv() is always invoked via the ->read_ltv() callback. This
callback is mostly invoked under orinoco_lock() which disables BH.
There are a few invocations during probe which occur in preemptible
context via:
ezusb_probe() -> orinoco_init() -> determine_fw_capabilities()
Extend `hermes_ops' with the ->read_ltv_pr callback which is implemented
with the same callback like ->read_ltv on `hermes_ops_local'.
On `ezusb_ops' ->read_ltv is used for callbacks under the lock which
need to poll.
The new ->read_ltv_pr() is used in the preemptible context in which it
is possible to wait for the completion. Provide HERMES_READ_RECORD_PR()
and hermes_read_wordrec_pr() which behave like their non _pr equivalents
and invoke ->read_ltv_pr().
This removes the last user of ezusb_req_ctx_wait() and can now be
removed.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-11-bigeasy@linutronix.de
|
|
All invocations of ezusb_docmd_wait() happen via ->cmd_wait(). This
callback is always invoked under the orinoco_lock() which disables BH.
Use ezusb_req_ctx_wait_poll() for ezusb_docmd_wait() because it must not
sleep.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-10-bigeasy@linutronix.de
|
|
ezusb_doicmd_wait() is invoked via ->init_cmd_wait() callback.
This callback is only invoked hermesi_program_init() and
hermesi_program_end() which are the ->program_init() and ->program_end()
callbacks as assigned by `hermes_ops_local'. They are never used by the
USB interface since the USB interface provides its own set of callbacks
by `ezusb_ops'.
Replace ezusb_doicmd_wait() with a warning in case I missed the obvious.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-9-bigeasy@linutronix.de
|
|
All invocation of ezusb_write_ltv() happen via ->write_ltv() and are
performed under the orinoco_lock() which disables BH.
Use ezusb_req_ctx_wait_poll() for ezusb_write_ltv() because it must not
sleep.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-8-bigeasy@linutronix.de
|
|
ezusb_read_pda() is invoked via ->read_pda() while firmware is loaded in
preemtible context.
Use ezusb_req_ctx_wait_compl() in ezusb_read_pda().
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-7-bigeasy@linutronix.de
|
|
The ezusb_program() is invoked via ->program() in preemptible
context during firmware loading. This is also true for the
->program_init() and ->program_end() callback.
Use ezusb_req_ctx_wait_compl() in ezusb_program_init(),
ezusb_program_bytes(), ezusb_program_end() which are part of firmware
loading during device probe.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-6-bigeasy@linutronix.de
|
|
ezusb_init() is always invoked in preemptible context during device
probe. Only orinoco_up() -> orinoco_reinit_firmware() may invoke the
function from atomic context but this is never used for the USB
interface.
Use ezusb_req_ctx_wait_compl() for the ezusb_write_ltv() and
ezusb_docmd_wait() invocations from within ezusb_init().
Preserve the generic versions which have still other user via the
callback.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-5-bigeasy@linutronix.de
|
|
ezusb_xmit() sets ->in_rid in its request which means it does not wait
for an answer.
Use the ezusb_req_ctx_wait_skip() to denote that an answer is not
expected.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-4-bigeasy@linutronix.de
|
|
ezusb_access_ltv() sends the prepared request to the USB device.
Requests which have ->in_rid set expect an answer from the USB device
and the function has to wait until the URB with the answer arrives.
The function uses in_interrupt() to determine if it can simply sleep on
the completion and be woken up once the answer arrives or if it needs to
poll on the completion.
The usage of in_interrupt() in drivers is phased out and Linus clearly
requested that code which changes behaviour depending on context should
either be separated or the context be conveyed in an argument passed by the
caller, which usually knows the context.
Aside of that in_interrupt() is not correct as it does not catch preempt
disabled regions in which sleeping is also not allowed.
Provide stubs which can be used as a replacement. The current default is
the current behaviour which sleeps/polls depending on in_interrupt().
The goal is to audit all callers and use either the poll or sleep
version.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-3-bigeasy@linutronix.de
|
|
ezusb_xmit() allocates a context which is leaked if
orinoco_process_xmit_skb() returns an error.
Move ezusb_alloc_ctx() after the invocation of
orinoco_process_xmit_skb() because the context is not needed so early.
ezusb_access_ltv() will cleanup the context in case of an error.
Fixes: bac6fafd4d6a0 ("orinoco: refactor xmit path")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-2-bigeasy@linutronix.de
|
|
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: 3b1e0a7bdfee ("brcmfmac: add support for SAE authentication offload")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Reviewed-by: Chi-hsien Lin <chi-hsien.lin@infineon.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605248896-16812-1-git-send-email-zhangchangzhong@huawei.com
|
|
a set of atomic_inc() looks more readable
Signed-off-by: Yejune Deng <yejune.deng@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1604991491-27908-1-git-send-email-yejune.deng@gmail.com
|
|
It's much easier to spot what went wrong when you print out the
unhandled key type.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112181432.2958021-1-briannorris@chromium.org
|
|
Fix sometimes FW information will be parsed as wrong value,
do a correction of sign bit to show the correct information.
(Ex, Value should be 20, but it shows 236.)
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-12-pkshih@realtek.com
|
