| Age | Commit message (Collapse) | Author |
|---|
|
len is extracted from HTT message and could be an unexpected value in
case errors happen, so add validation before using to avoid possible
out-of-bound read in the following message iteration and parsing.
The same issue also applies to ppdu_info->ppdu_stats.common.num_users,
so validate it before using too.
These are found during code review.
Compile test only.
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230901015602.45112-1-quic_bqiang@quicinc.com
|
|
ath12k_core_reset()
Sometimes device recovery fail with this operation.
Run test command for many times:
echo assert > /sys/kernel/debug/ath12k/wcn7850\ hw2.0_0000\:03\:00.0/simulate_fw_crash
While recovery start, ath12k_core_post_reconfigure_recovery() will
call ieee80211_restart_hw(), and the restart_work which queued by
ieee80211_restart_hw() is running in another thread, it will call
into ath12k_mac_op_start() and ath12k_mac_wait_reconfigure(), and
the variables ab->recovery_start_count and ab->recovery_start is used
in ath12k_mac_wait_reconfigure(), so ath12k need to initialize the
variables before queue the restart_work, otherwise ath12k_mac_wait_reconfigure()
maybe use the un-initialized variables. Change to initialize the 2
variables earlier and then recovery process become correct.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230830060850.18881-1-quic_wgong@quicinc.com
|
|
for WCN7850
320 MHz bandwidth is reported only for single PHY mode for WCN7850, get it
from WMI_HOST_HW_MODE_SINGLE ath12k_wmi_caps_ext_params and report it for
6 GHz band.
After this patch, "iw list" shows 320 MHz support for WCN7850:
EHT Iftypes: managed
EHT PHY Capabilities: (0xe26f090010768800):
320MHz in 6GHz Supported
EHT bw=320 MHz, max NSS for MCS 8-9: Rx=0, Tx=0
EHT bw=320 MHz, max NSS for MCS 10-11: Rx=0, Tx=0
EHT bw=320 MHz, max NSS for MCS 12-13: Rx=0, Tx=0
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230828040420.2165-1-quic_wgong@quicinc.com
|
|
When compiling with clang 16.0.6 and CONFIG_FORTIFY_SOURCE=y, I've
noticed the following (somewhat confusing due to absence of an actual
source code location):
In file included from drivers/net/wireless/ath/ath9k/debug.c:17:
In file included from ./include/linux/slab.h:16:
In file included from ./include/linux/gfp.h:7:
In file included from ./include/linux/mmzone.h:8:
In file included from ./include/linux/spinlock.h:56:
In file included from ./include/linux/preempt.h:79:
In file included from ./arch/x86/include/asm/preempt.h:9:
In file included from ./include/linux/thread_info.h:60:
In file included from ./arch/x86/include/asm/thread_info.h:53:
In file included from ./arch/x86/include/asm/cpufeature.h:5:
In file included from ./arch/x86/include/asm/processor.h:23:
In file included from ./arch/x86/include/asm/msr.h:11:
In file included from ./arch/x86/include/asm/cpumask.h:5:
In file included from ./include/linux/cpumask.h:12:
In file included from ./include/linux/bitmap.h:11:
In file included from ./include/linux/string.h:254:
./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field'
declared with 'warning' attribute: detected read beyond size of field (2nd
parameter); maybe use struct_group()? [-Wattribute-warning]
__read_overflow2_field(q_size_field, size);
In file included from drivers/net/wireless/ath/ath9k/htc_drv_debug.c:17:
In file included from drivers/net/wireless/ath/ath9k/htc.h:20:
In file included from ./include/linux/module.h:13:
In file included from ./include/linux/stat.h:19:
In file included from ./include/linux/time.h:60:
In file included from ./include/linux/time32.h:13:
In file included from ./include/linux/timex.h:67:
In file included from ./arch/x86/include/asm/timex.h:5:
In file included from ./arch/x86/include/asm/processor.h:23:
In file included from ./arch/x86/include/asm/msr.h:11:
In file included from ./arch/x86/include/asm/cpumask.h:5:
In file included from ./include/linux/cpumask.h:12:
In file included from ./include/linux/bitmap.h:11:
In file included from ./include/linux/string.h:254:
./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field'
declared with 'warning' attribute: detected read beyond size of field (2nd
parameter); maybe use struct_group()? [-Wattribute-warning]
__read_overflow2_field(q_size_field, size);
The compiler actually complains on 'ath9k_get_et_strings()' and
'ath9k_htc_get_et_strings()' due to the same reason: fortification logic
inteprets call to 'memcpy()' as an attempt to copy the whole array from
it's first member and so issues an overread warning. These warnings may
be silenced by passing an address of the whole array and not the first
member to 'memcpy()'.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230829093856.234584-1-dmantipov@yandex.ru
|
|
Since both 'ar9550_hw_get_modes_txgain_index()' and
'ar9561_hw_get_modes_txgain_index()' never returns
negative values, prefer 'u32' over 'int' and adjust
'ar9003_hw_process_ini()' accordingly.
Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230823182401.196270-2-dmantipov@yandex.ru
|
|
Since commit 8896934c1684 ("ath9k_hw: remove direct accesses to channel
mode flags") changes 'ar9550_hw_get_modes_txgain_index()' so it never
returns -EINVAL, and 'ar9561_hw_get_modes_txgain_index()' never returns
negative value too, an extra check in 'ar9003_hw_process_ini()' may be
dropped.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230823182401.196270-1-dmantipov@yandex.ru
|
|
Radar detection fails in the secondary 80 MHz when the
the AP's primary 80 MHz is in non-DFS region in 160 MHz.
This is due to WMI channel flag WMI_CHAN_INFO_DFS_FREQ2 is not set
properly in case of the primary 80 MHz is in non-DFS region.
HALPHY detects the radar pulses in the secondary 80 MHz only when
WMI_CHAN_INFO_DFS_FREQ2 is set.
Fix this issue by setting WMI channel flag WMI_CHAN_INFO_DFS_FREQ2
based on the radar_enabled flag from the channel context.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230802085852.19821-3-quic_mdharane@quicinc.com
|
|
Fix WARN_ON() from ath12k_mac_update_vif_chan() if vdev is not up.
Since change_chanctx can be called even before vdev_up.
Do vdev stop followed by a vdev start in case of vdev is down.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0-02903-QCAHKSWPL_SILICONZ-1
Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230802085852.19821-2-quic_mdharane@quicinc.com
|
|
Since debugfs_create_file() return ERR_PTR and never return NULL, so use
IS_ERR() to check it instead of checking NULL.
Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230919050651.962694-1-ruanjinjie@huawei.com
|
|
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_fw_request.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel <aspriel@gmail.com>
Cc: Franky Lin <franky.lin@broadcom.com>
Cc: Hante Meuleman <hante.meuleman@broadcom.com>
Cc: Kalle Valo <kvalo@kernel.org>
Cc: Matthias Brugger <mbrugger@suse.com>
Cc: Hector Martin <marcan@marcan.st>
Cc: "Alvin Šipraga" <alsi@bang-olufsen.dk>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: linux-wireless@vger.kernel.org
Cc: brcm80211-dev-list.pdl@broadcom.com
Cc: SHA-cyfmac-dev-list@infineon.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Matthias Brugger <mbrugger@suse.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230915200552.never.642-kees@kernel.org
|
|
Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).
As found with Coccinelle[1], add __counted_by for struct brcmf_gscan_config.
[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Arend van Spriel <aspriel@gmail.com>
Cc: Franky Lin <franky.lin@broadcom.com>
Cc: Hante Meuleman <hante.meuleman@broadcom.com>
Cc: Kalle Valo <kvalo@kernel.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Hector Martin <marcan@marcan.st>
Cc: Ryohei Kondo <ryohei.kondo@cypress.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: linux-wireless@vger.kernel.org
Cc: brcm80211-dev-list.pdl@broadcom.com
Cc: SHA-cyfmac-dev-list@infineon.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230915200542.never.417-kees@kernel.org
|
|
Rename mtk_rxbm_desc structure in mtk_wed_bm_desc since it will be used
even on tx side by MT7988 SoC.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
|
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is (mostly) ignored
and this typically results in resource leaks. To improve here there is a
quest to make the remove callback return void. In the first step of this
quest all drivers are converted to .remove_new() which already returns
void.
wlcore_remove() returned zero unconditionally. With that converted to
return void instead, the wl12xx and wl18xx driver can be converted to
.remove_new trivially.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230912171249.755901-1-u.kleine-koenig@pengutronix.de
|
|
According to the driver provided by EDIMAX, the device ID
0x7392:0xb722 belongs to EDIMAX EW-7722UTn V3, so add a comment about this.
Signed-off-by: Zenm Chen <zenmchen@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230912053614.10644-1-zenmchen@gmail.com
|
|
Using mac_gen pointer to reuse the code with WiFi 7 chips, and define
MAC ports registers for WiFi 7 chips.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230911082049.33541-7-pkshih@realtek.com
|
|
MAC port is a design to support virtual interface on single MAC hardware.
For next generation chips, register addresses are changed but definitions
are the same, so move registers together to be easier to reuse codes.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230911082049.33541-6-pkshih@realtek.com
|
|
For existing chips, size of TX WD info is 6 words, but upcoming WiFi 7
chips become 8 words, so add a chip_info to reuse the code.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230911082049.33541-5-pkshih@realtek.com
|
|
The format v2 of TX descriptor contains 8-word body and 8-word info, and
fields include packet size, MAC_ID, security key ID and etc.
By design, it can possibly only fill body to reduce overhead, but this
driver keeps thing simple, so always fill body and info currently.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230911082049.33541-4-pkshih@realtek.com
|
|
This kind of TX descriptor is used to download firmware or send firmware
command. Because we want to reduce descriptor overhead and this only needs
two fields 'size' and 'type', hardware designers choose short form of
RX descriptor for it.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230911082049.33541-3-pkshih@realtek.com
|
|
RX descriptor is used to provide meta data of received data. The WiFi 7
chips use different RX descriptor format, so add this parser along with
hardware design.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230911082049.33541-2-pkshih@realtek.com
|
|
In MCC STA+GO mode, we calculate NoA information and fill it into the
beacon of P2P GO. Since NoA uses only 32 bits to describe time things,
we need to deal with renewal when TSF[63:32] is carried. We trigger FW
to notify that. Then, we can update NoA information for new time period
once we get notification from FW.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-9-pkshih@realtek.com
|
|
When receiving request of adjusting BT slot from coex. mechanism,
we need to fetch the new BT slot and use the new one to calculate
MCC (multi-channel concurrency) pattern. Then, we update the new
MCC pattern to FW.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-8-pkshih@realtek.com
|
|
MCC fills duration limit of a role according to NoA description.
If P2P PS changes during MCC, we don't process P2P PS via normal
flow. Instead, we re-fill duration limit of the role for new NoA
description, and then we do MCC update.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-7-pkshih@realtek.com
|
|
In MCC STA+GC mode, the offset between TBTTs of remote AP and remote GO
might change. If the change is larger than tolerance, we should update
MCC after re-calculating parameters for new things. So, we track that in
rtw89_track_work() now. And, we add MCC update flow to tell FW either to
change durations of roles or to replace entire pattern according to how
MCC plans BT slot.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-6-pkshih@realtek.com
|
|
Each MCC (multi-channel concurrency) role maintains a bitmap of mac IDs.
The bitmap is supposed to contain the two points below.
* mac ID of itself
* mac ID(s) of STA(s) connecting to it
Under STA+GC mode, the bitmaps of both roles should not change. However,
under STA+GO mode, the bitmap of GO may change due to P2P clients which
connect/disconnect to/from it.
FW controls (TDMA-based) MCC things via mac IDs in bitmap of each role.
For example, mac IDs are required by FW when it wants to pause role1's
TX in role0 slot.
So, to sync between driver and FW, we update the new mac ID bitmap of GO
to FW once it's changed.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-5-pkshih@realtek.com
|
|
DPK is one kind of RF calibration. When MCC (multi-channel concurrency)
start/stop, DPK needs to do extra things to be off/on. We add a chanctx
callback type, RTW89_CHANCTX_CALLBACK_RFK, and register it for RTL8852C
to deal with DPK according to MCC states.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-4-pkshih@realtek.com
|
|
After MCC (multi-channel concurrency) is started, FW will control channel
changes and use the corresponding backup of RF calibration result. And,
driver RF calibration (RF-K) won't be able to keep up with the speed at
which the channels are changing. So, even if we keep tracking it in driver,
the RF-K result might not be good either. To save these unnecessary things,
we disable driver RF-K tracking during MCC.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-3-pkshih@realtek.com
|
|
RF calibration will notify FW to backup the calibration result after it
is done on a channel. For MCC (multi-channel concurrency) flow, when we
at RTW89_ENTITY_MODE_MCC_PREPARE mode, RF calibration should execute on
second channel of MCC, i.e. RTW89_SUB_ENTITY_1, and then, notify FW to
backup the result for the second one.
Originally, the RF calibration flow only fit single channel case. We are
planning to support MCC on RTL8852C, so we refine its RF calibration flow
to fit MCC case.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908031145.20931-2-pkshih@realtek.com
|
|
While converting struct ieee80211_tim_ie::virtual_map to be a flexible
array it was observed that the TIM IE processing in cw1200_rx_cb()
could potentially process a malformed IE in a manner that could result
in a buffer over-read. Add logic to verify that the TIM IE length is
large enough to hold a valid TIM payload before processing it.
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230831-ieee80211_tim_ie-v3-1-e10ff584ab5d@quicinc.com
|
|
Since commit 2d47c6956ab3 ("ubsan: Tighten UBSAN_BOUNDS on GCC"),
UBSAN_BOUNDS no longer pretends 1-element arrays are unbounded. Walking
'element' and 'channel_list' will trigger warnings, so make them proper
flexible arrays.
False positive warnings were:
UBSAN: array-index-out-of-bounds in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:6984:20
index 1 is out of range for type '__le32 [1]'
UBSAN: array-index-out-of-bounds in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1126:27
index 1 is out of range for type '__le16 [1]'
for these lines of code:
6884 ch.chspec = (u16)le32_to_cpu(list->element[i]);
1126 params_le->channel_list[i] = cpu_to_le16(chanspec);
Cc: stable@vger.kernel.org # 6.5+
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230914070227.12028-1-juerg.haefliger@canonical.com
|
|
Only skip the code path trying to access the rfc1042 headers when the
buffer is too small, so the driver can still process packets without
rfc1042 headers.
Fixes: 119585281617 ("wifi: mwifiex: Fix OOB and integer underflow when rx packets")
Signed-off-by: Pin-yen Lin <treapking@chromium.org>
Acked-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Matthew Wang <matthewmwang@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230908104308.1546501-1-treapking@chromium.org
|
|
The MAC address is stored at offset 0x107 in the EEPROM, like correctly
stated in the comment. Add a two bytes reserved field right before the
MAC address to shift it from offset 0x105 to 0x107.
With this the MAC address returned from my RTL8723du wifi stick can be
correctly decoded as "Shenzhen Four Seas Global Link Network Technology
Co., Ltd."
Fixes: 87caeef032fc ("wifi: rtw88: Add rtw8723du chipset support")
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reported-by: Yanik Fuchs <Yanik.fuchs@mbv.ch>
Cc: stable@vger.kernel.org
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230907071614.2032404-1-s.hauer@pengutronix.de
|
|
Getting a BAR can be an explanation if we're chasing packet loss. Add a
print with the relevant debug level in that code path.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.913e989a1751.I6bff9020e339d91b61b5ad6aede27bcf8c7e6819@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This can be moved to constants, while at it also rename
it to have a better name with MVM_ prefix.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.59823deebfda.Ied68b11ca40771d1cfc8c82ee8f9f2b9ea27da65@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Transition to d3 is much faster if there is no power save during the
transition. Therefore a new flag was added to the device power cmd to
indicate the power save isn't allowed until the transition is completed.
Set this flag in _iwl_mvm_suspend, when the transition begins.
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.ced036106507.Ib5ed5a47ee35f624902bd8882dde3e559285965b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Some new fields were added to the context info structure,
define them for future use.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.ef1553ab5178.I326ac8719566e04f799d294d8e863383cff87eaa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
If the firmware crashes in the de-activation / re-activation
of the link during CSA, we will not have a valid phy_ctxt
pointer in mvmvif. This is a legit case, but when mac80211
removes the station to cleanup our state during the
re-configuration, we need to make sure we clear ap_sta
otherwise we won't re-add the station after the firmware has
been restarted. Later on, we'd activate the link, try to send
a TLC command crash again on ASSERT 3508.
Fix this by properly cleaning up our state.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.2651e6f6a55a.I4cd50e88ee5c23c1c8dd5b157a800e4b4c96f236@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Currently we are setting the rate in the tx cmd for
mgmt frames (e.g. during connection establishment).
This was problematic when sending mgmt frames in eSR mode,
as we don't know what link this frame will be sent on
(This is decided by the FW), so we don't know what is the
lowest rate.
Fix this by not setting the rate in tx cmd and rely
on FW to choose the right one.
Set rate only for injected frames with fixed rate,
or when no sta is given.
Also set for important frames (EAPOL etc.) the High Priority flag.
Fixes: 055b22e770dd ("iwlwifi: mvm: Set Tx rate and flags when there is not station")
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.6c7e59620ee0.I6eaed3ccdd6dd62b9e664facc484081fc5275843@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
If the channel bandwidth is greater or equal than 80MHz,
enable FILS DF transmittion, even if the control channel is non-PSC.
That's because that in 80MHz there must be a sub 20MHz PSC
channel, and since the FILS DF is duplicated on all sub 20MHz
channels, within the 80MHz (hence it will be sent on a PSC channel).
Also, if FILS DF Tx is enabled, always configure the firmware
with the actual channel bandwidth, even before there is a connected
client (rather than the minimum bandwidth e.g. 20MHz), since FILS
DF transmission on a PSC channel take presedent over power
consumption.
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.83b9a76fc6c4.I6703111cc6befcd0e9cd9adf3cb127a648dbb7b1@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
If the device initialized with ME active, this would indeed
work, since the NVM information would be obtained from ME.
However, in the much more likely case that ME isn't active
and the firmware takes actions requiring the sync, this was
not working correctly when the firmware is only run at init
to obtain NVM data, since mac80211 isn't even initialized.
Fix this by moving the 'pldr_sync' handling to a different
place.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.45a94d480e56.Id9277f1df6a63ab0dfca0d0c0f448c759e1b8e73@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
When we drop frames we want to have something printed in the logger.
This won't be printed by default of course.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.c2f02fecf66f.Ib472f9fd92856c6e5b5a99b68fdca0f694a531e9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Disable firmware debug asserts, which are used for internal
firmware testing purposes only.
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.8feafd9b17be.Ia7bec82ac25897caab581692d67055aa1aca2ed2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This condition will never be true.
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.56ff0569d16c.I455839fad0f4f05043815aee884fab9ec7323f7d@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Enable the TOP (HW part) fatal error interrupt and add a
print when it happens. Currently FW always adds also the
SW error interrupt, but for >= Bz we'll need to do PLDR
in case this is asserted, so leave a TODO item already.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.127d914a4d0d.I41ea409df63474554ef727c49382d0b5bf15939e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
If the hardware is not responding, as indicated by (currently)
five consecutive HW errors during reading, then just give up
and fail, rather than attempting forever and forever for this
to not return any useful data anyway.
Even though we no longer completely deadlock the machine if it
takes a long time, we still make it pretty much unusable since
we'll eventually hold the RTNL while waiting for this process
to finish.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.345af79f431c.I5ecde6b76b1e3a1572bd59d3cf8f827e767cedeb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
If the bus has no parent due to the topology, the device rescan
(after some kind of reset was detected) wouldn't work. On the
other hand, some platforms appear to require scanning the parent,
though it's not clear why.
However if there's no parent, then we skip the rescan, which isn't a
good idea. Change the code to go to the parent only if that exists,
and rescan the bus itself where it doesn't.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230913145231.f7795a1ccdab.I2b84810a743469a1bcabf3628262cf54311593f4@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Modify the prototype for change_beacon() in struct cfg80211_op to
accept cfg80211_ap_settings instead of cfg80211_beacon_data so that
it can process data in addition to beacons.
Modify the prototypes of ieee80211_change_beacon() and driver specific
functions accordingly.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Link: https://lore.kernel.org/r/20230727174100.11721-4-quic_alokad@quicinc.com
[while at it, remove pointless "if (info)" check in tracing that just
makes all the lines longer than they need be - it's never NULL]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
There really isn't any support for scanning at different
channel widths than 20 MHz since there's no way to set it.
Remove this support for now, if somebody wants to maintain
this whole thing later we can revisit how it should work.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
A few lines above, space is kzalloc()'ed for:
sizeof(struct iwl_nvm_data) +
sizeof(struct ieee80211_channel) +
sizeof(struct ieee80211_rate)
'mvm->nvm_data' is a 'struct iwl_nvm_data', so it is fine.
At the end of this structure, there is the 'channels' flex array.
Each element is of type 'struct ieee80211_channel'.
So only 1 element is allocated in this array.
When doing:
mvm->nvm_data->bands[0].channels = mvm->nvm_data->channels;
We point at the first element of the 'channels' flex array.
So this is fine.
However, when doing:
mvm->nvm_data->bands[0].bitrates =
(void *)((u8 *)mvm->nvm_data->channels + 1);
because of the "(u8 *)" cast, we add only 1 to the address of the beginning
of the flex array.
It is likely that we want point at the 'struct ieee80211_rate' allocated
just after.
Remove the spurious casting so that the pointer arithmetic works as
expected.
Fixes: 8ca151b568b6 ("iwlwifi: add the MVM driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/23f0ec986ef1529055f4f93dcb3940a6cf8d9a94.1690143750.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Debugging indicates that nothing else is clearing the info->flags,
so some frames were flagged as ACKed when they should not be.
Explicitly clear the ack flag to ensure this does not happen.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Acked-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230808205605.4105670-1-greearb@candelatech.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
