Commit Graph

30497 Commits

Author SHA1 Message Date
Brian Norris
38faed1504 ath10k: perform crash dump collection in workqueue
Commit 25733c4e67 ("ath10k: pci: use mutex for diagnostic window CE
polling") introduced a regression where we try to sleep (grab a mutex)
in an atomic context:

[  233.602619] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:254
[  233.602626] in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper/0
[  233.602636] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G        W         5.1.0-rc2 #4
[  233.602642] Hardware name: Google Scarlet (DT)
[  233.602647] Call trace:
[  233.602663]  dump_backtrace+0x0/0x11c
[  233.602672]  show_stack+0x20/0x28
[  233.602681]  dump_stack+0x98/0xbc
[  233.602690]  ___might_sleep+0x154/0x16c
[  233.602696]  __might_sleep+0x78/0x88
[  233.602704]  mutex_lock+0x2c/0x5c
[  233.602717]  ath10k_pci_diag_read_mem+0x68/0x21c [ath10k_pci]
[  233.602725]  ath10k_pci_diag_read32+0x48/0x74 [ath10k_pci]
[  233.602733]  ath10k_pci_dump_registers+0x5c/0x16c [ath10k_pci]
[  233.602741]  ath10k_pci_fw_crashed_dump+0xb8/0x548 [ath10k_pci]
[  233.602749]  ath10k_pci_napi_poll+0x60/0x128 [ath10k_pci]
[  233.602757]  net_rx_action+0x140/0x388
[  233.602766]  __do_softirq+0x1b0/0x35c
[...]

ath10k_pci_fw_crashed_dump() is called from NAPI contexts, and firmware
memory dumps are retrieved using the diag memory interface.

A simple reproduction case is to run this on QCA6174A /
WLAN.RM.4.4.1-00132-QCARMSWP-1, which happens to be a way to b0rk the
firmware:

  dd if=/sys/kernel/debug/ieee80211/phy0/ath10k/mem_value bs=4K count=1
of=/dev/null

(NB: simulated firmware crashes, via debugfs, don't trigger firmware
dumps.)

The fix is to move the crash-dump into a workqueue context, and avoid
relying on 'data_lock' for most mutual exclusion. We only keep using it
here for protecting 'fw_crash_counter', while the rest of the coredump
buffers are protected by a new 'dump_mutex'.

I've tested the above with simulated firmware crashes (debugfs 'reset'
file), real firmware crashes (the 'dd' command above), and a variety of
reboot and suspend/resume configurations on QCA6174A.

Reported here:
http://lkml.kernel.org/linux-wireless/20190325202706.GA68720@google.com

Fixes: 25733c4e67 ("ath10k: pci: use mutex for diagnostic window CE polling")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-29 17:24:37 +03:00
Luca Coelho
d156e67d3f iwlwifi: mvm: fix merge damage in iwl_mvm_vif_dbgfs_register()
When I rebased Greg's patch, I accidentally left the old if block that
was already there.  Remove it.

Fixes: 154d4899e4 ("iwlwifi: mvm: properly check debugfs dentry before using it")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-28 09:59:59 +03:00
Emmanuel Grumbach
5c9adef978 iwlwifi: fix driver operation for 5350
We introduced a bug that prevented this old device from
working. The driver would simply not be able to complete
the INIT flow while spewing this warning:

 CSR addresses aren't configured
 WARNING: CPU: 0 PID: 819 at drivers/net/wireless/intel/iwlwifi/pcie/drv.c:917
 iwl_pci_probe+0x160/0x1e0 [iwlwifi]

Cc: stable@vger.kernel.org # v4.18+
Fixes: a8cbb46f83 ("iwlwifi: allow different csr flags for different device families")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Fixes: c8f1b51e50 ("iwlwifi: allow different csr flags for different device families")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-28 09:59:59 +03:00
Luca Coelho
de1887c064 iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
We don't check for the validity of the lengths in the packet received
from the firmware.  If the MPDU length received in the rx descriptor
is too short to contain the header length and the crypt length
together, we may end up trying to copy a negative number of bytes
(headlen - hdrlen < 0) which will underflow and cause us to try to
copy a huge amount of data.  This causes oopses such as this one:

BUG: unable to handle kernel paging request at ffff896be2970000
PGD 5e201067 P4D 5e201067 PUD 5e205067 PMD 16110d063 PTE 8000000162970161
Oops: 0003 [#1] PREEMPT SMP NOPTI
CPU: 2 PID: 1824 Comm: irq/134-iwlwifi Not tainted 4.19.33-04308-geea41cf4930f #1
Hardware name: [...]
RIP: 0010:memcpy_erms+0x6/0x10
Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3
 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffffa4630196fc60 EFLAGS: 00010287
RAX: ffff896be2924618 RBX: ffff896bc8ecc600 RCX: 00000000fffb4610
RDX: 00000000fffffff8 RSI: ffff896a835e2a38 RDI: ffff896be2970000
RBP: ffffa4630196fd30 R08: ffff896bc8ecc600 R09: ffff896a83597000
R10: ffff896bd6998400 R11: 000000000200407f R12: ffff896a83597050
R13: 00000000fffffff8 R14: 0000000000000010 R15: ffff896a83597038
FS:  0000000000000000(0000) GS:ffff896be8280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff896be2970000 CR3: 000000005dc12002 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 iwl_mvm_rx_mpdu_mq+0xb51/0x121b [iwlmvm]
 iwl_pcie_rx_handle+0x58c/0xa89 [iwlwifi]
 iwl_pcie_irq_rx_msix_handler+0xd9/0x12a [iwlwifi]
 irq_thread_fn+0x24/0x49
 irq_thread+0xb0/0x122
 kthread+0x138/0x140
 ret_from_fork+0x1f/0x40

Fix that by checking the lengths for correctness and trigger a warning
to show that we have received wrong data.

Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-28 09:59:59 +03:00
Johannes Berg
ef6243acb4 genetlink: optionally validate strictly/dumps
Add options to strictly validate messages and dump messages,
sometimes perhaps validating dump messages non-strictly may
be required, so add an option for that as well.

Since none of this can really be applied to existing commands,
set the options everwhere using the following spatch:

    @@
    identifier ops;
    expression X;
    @@
    struct genl_ops ops[] = {
    ...,
     {
            .cmd = X,
    +       .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
            ...
     },
    ...
    };

For new commands one should just not copy the .validate 'opt-out'
flags and thus get strict validation.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-27 17:07:22 -04:00
Johannes Berg
8cb081746c netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:

 1) liberal (default)
     - undefined (type >= max) & NLA_UNSPEC attributes accepted
     - attribute length >= expected accepted
     - garbage at end of message accepted
 2) strict (opt-in)
     - NLA_UNSPEC attributes accepted
     - attribute length >= expected accepted

Split out parsing strictness into four different options:
 * TRAILING     - check that there's no trailing data after parsing
                  attributes (in message or nested)
 * MAXTYPE      - reject attrs > max known type
 * UNSPEC       - reject attributes with NLA_UNSPEC policy entries
 * STRICT_ATTRS - strictly validate attribute size

The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().

Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.

We end up with the following renames:
 * nla_parse           -> nla_parse_deprecated
 * nla_parse_strict    -> nla_parse_deprecated_strict
 * nlmsg_parse         -> nlmsg_parse_deprecated
 * nlmsg_parse_strict  -> nlmsg_parse_deprecated_strict
 * nla_parse_nested    -> nla_parse_nested_deprecated
 * nla_validate_nested -> nla_validate_nested_deprecated

Using spatch, of course:
    @@
    expression TB, MAX, HEAD, LEN, POL, EXT;
    @@
    -nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
    +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression TB, MAX, NLA, POL, EXT;
    @@
    -nla_parse_nested(TB, MAX, NLA, POL, EXT)
    +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)

    @@
    expression START, MAX, POL, EXT;
    @@
    -nla_validate_nested(START, MAX, POL, EXT)
    +nla_validate_nested_deprecated(START, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, MAX, POL, EXT;
    @@
    -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
    +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)

For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.

Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.

Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.

In effect then, this adds fully strict validation for any new command.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-27 17:07:21 -04:00
Michal Kubecek
ae0be8de9a netlink: make nla_nest_start() add NLA_F_NESTED flag
Even if the NLA_F_NESTED flag was introduced more than 11 years ago, most
netlink based interfaces (including recently added ones) are still not
setting it in kernel generated messages. Without the flag, message parsers
not aware of attribute semantics (e.g. wireshark dissector or libmnl's
mnl_nlmsg_fprintf()) cannot recognize nested attributes and won't display
the structure of their contents.

Unfortunately we cannot just add the flag everywhere as there may be
userspace applications which check nlattr::nla_type directly rather than
through a helper masking out the flags. Therefore the patch renames
nla_nest_start() to nla_nest_start_noflag() and introduces nla_nest_start()
as a wrapper adding NLA_F_NESTED. The calls which add NLA_F_NESTED manually
are rewritten to use nla_nest_start().

Except for changes in include/net/netlink.h, the patch was generated using
this semantic patch:

@@ expression E1, E2; @@
-nla_nest_start(E1, E2)
+nla_nest_start_noflag(E1, E2)

@@ expression E1, E2; @@
-nla_nest_start_noflag(E1, E2 | NLA_F_NESTED)
+nla_nest_start(E1, E2)

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-27 17:03:44 -04:00
David S. Miller
30e5a9a5ba Various updates, notably:
* extended key ID support (from 802.11-2016)
  * per-STA TX power control support
  * mac80211 TX performance improvements
  * HE (802.11ax) updates
  * mesh link probing support
  * enhancements of multi-BSSID support (also related to HE)
  * OWE userspace processing support
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAlzC5YYACgkQB8qZga/f
 l8QDWg/+N7wm+l7bTMx4hjJzZZ60n9fBvyGJx0gsnPVH8wdOiPoh/epuI04I8I4m
 pGNbGvPB9Z4z2tD56XsIQnXf88ab3R27bRupSSW1vtzVSbDhg8wQ7jg0nABrdyDS
 PgoTmDMfVERLewXdntqRANzVYGfoWSOzo1u6A0Xhys8FqxxX/eD+Vdo4dKzmeN47
 +LDfuCpInVPn0TOpFp5IJ4+B4a0dhkz2/Q1BOE7NquXVvk4X77VJohV/BgQJ04Io
 yt7mn5rzYM6j4o1XLACxUEHkXvht6h34abG0yHRnuoAEp/sdPz2jAXT4OxYqs6x0
 XdLdr8gZgkMnnYaOQef74uJ2Ku+4A1ootjXSPazA7BWX0X5GqHnET/INk2S6cQPj
 C95LYfKC0ICD0qfioBmmHx8icDGoovcaswCju2ozfqWaD4Lwr3BcesnNDFtkHD9o
 aYaTTGGSxFyr2bZWTDpv4D4H5g3V4srRJsXs+SokL54nvlwd/smUJ4PVTLomP9y2
 XswRtLdoiUsCrJy967CXfhsxnE5SRhmBQE38Jq8/pzetlRk2spvJJC5MGYF0O/nT
 0UHbrjBCFUT2s8jv+gWWabOBUovsNJlgaxFwrZ/eNVIk0DK0ERoMV3V4MktU8uza
 Y339T14kxw4wlY2z5pOmEgkxmKZbPb55dBba04JEZzz9zDTawTk=
 =JQOx
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-next-for-davem-2019-04-26' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next

Johannes Berg says:

====================
Various updates, notably:
 * extended key ID support (from 802.11-2016)
 * per-STA TX power control support
 * mac80211 TX performance improvements
 * HE (802.11ax) updates
 * mesh link probing support
 * enhancements of multi-BSSID support (also related to HE)
 * OWE userspace processing support
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 16:05:52 -04:00
Wright Feng
9ef77fbeda brcmfmac: send mailbox interrupt twice for specific hardware device
For PCIE wireless device with core revision less than 14, device may miss
PCIE to System Backplane Interrupt via PCIEtoSBMailbox. So add sending
mail box interrupt twice as a hardware workaround.

Signed-off-by: Wright Feng <wright.feng@cypress.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-26 15:00:53 +03:00
YueHaibing
a0656c6ec2 rtlwifi: rtl8192cu: remove set but not used variable 'turbo_scanoff'
Fixes gcc '-Wunused-but-set-variable' warning:

drivers/net/wireless/realtek/rtlwifi/rtl8192cu/rf.c: In function 'rtl92cu_phy_rf6052_set_cck_txpower':
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/rf.c:45:7: warning: variable 'turbo_scanoff' set but not used [-Wunused-but-set-variable]

It is not used any more since
commit e9b0784bb9 ("rtlwifi: rtl8192cu: Fix some code in RF handling")

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-26 14:58:53 +03:00
Jeff Xie
0b2ff1ff64 mwl8k: move spin_lock_bh to spin_lock in tasklet
It is unnecessary to call spin_lock_bh in a tasklet.

Signed-off-by: Jeff Xie <chongguiguzi@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-26 14:57:15 +03:00
Sergey Matyukevich
0b68fe10b8 qtnfmac: modify debugfs to support multiple cards
This patch modifies location of debugfs entries and their naming
conventions to support multiple wireless cards on pcie host.
Selected approach is to use separate directories for different
wireless cards in top-level qtnfmac debugfs directory.

Here is an example that clarifies the chosen naming conventions:

 $ sudo ls /sys/kernel/debug/qtnfmac/
   qtnfmac_pcie:0000:01:00.0

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-26 14:53:13 +03:00
Igor Mitsyanko
888f1564a2 qtnfmac: allow to control DFS slave radar detection
In ETSI region DFS slave device can operate in two modes on DFS channels:
 - do on-channel radar detection and use higher Tx power
 - don't do radar detection and use lower Tx power as a consequence

Allow user to control that behavior through qtnfmac module parameter.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-26 14:53:12 +03:00
Sergey Matyukevich
4f87d486fa qtnfmac: handle channel switch events for connected stations only
Channel switch events from firmware should be processed only when STA
is already connected to BSS. On connect this notification is not needed
since full BSS info will be supplied by cfg80211_connect_result.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-26 14:53:12 +03:00
Alexander Wetzel
cfe7007a9b mac80211_hwsim: Extended Key ID support
Allow Extended Key ID to be used with hwsim.

Hwsim can only communicate with other hwsim cards, allowing it to bypass
creation of A-MPDUs in the first place.

Mixing keyIDs in an A-MPDU is therefore impossible and can never cause
interoperability issues with other cards.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
[reword comment slightly]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-04-26 13:02:11 +02:00
Avraham Stern
0538395031 mac80211_hwsim: set p2p device interface support indication
P2P device interface type was not indicated in the supported
interface types even when hwsim was configured with p2p device
support. Fix it.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-04-26 13:02:11 +02:00
Paolo Bonzini
147b502bda wlcore: simplify/fix/optimize reg_ch_conf_pending operations
Bitmaps are defined on unsigned longs, so the usage of u32[2] in the
wlcore driver is incorrect.  As noted by Peter Zijlstra, casting arrays
to a bitmap is incorrect for big-endian architectures.

When looking at it I observed that:

- operations on reg_ch_conf_pending is always under the wl_lock mutex,
so set_bit is overkill

- the only case where reg_ch_conf_pending is accessed a u32 at a time is
unnecessary too.

This patch cleans up everything in this area, and changes tmp_ch_bitmap
to have the proper alignment.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 20:12:10 +03:00
Kalle Valo
324f1feb96 Revert "brcmfmac: send mailbox interrupt twice for specific hardware device"
This reverts commit 99d94ef367. I accidentally
applied this broken (failed to compile) patch due to a bug in my patchwork
script.

Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 20:08:31 +03:00
Wright Feng
99d94ef367 brcmfmac: send mailbox interrupt twice for specific hardware device
For PCIE wireless device with core revision less than 14, device may miss
PCIE to System Backplane Interrupt via PCIEtoSBMailbox. So add sending
mail box interrupt twice as a hardware workaround.

Signed-off-by: Wright Feng <wright.feng@cypress.com>
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:59:04 +03:00
Gabor Juhos
d0e61a0f7c rt2x00: add RT3883 support
Patch add support for RT3883 chip. Code was taken direclty
from openwrt project and merge into one patch.

Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:58:28 +03:00
Hans de Goede
b1a0ba8f77 brcmfmac: Add DMI nvram filename quirk for ACEPC T8 and T11 mini PCs
The ACEPC T8 and T11 mini PCs contain quite generic names in the sys_vendor
and product_name DMI strings, without this patch brcmfmac will try to load:
"brcmfmac43455-sdio.Default string-Default string.txt" as nvram file which
is way too generic.

The DMI strings on which we are matching are somewhat generic too, but
"To be filled by O.E.M." is less common then "Default string" and the
system-sku and bios-version strings are pretty unique. Beside the DMI
strings we also check the wifi-module chip-id and revision. I'm confident
that the combination of all this is unique.

Both the T8 and T11 use the same wifi-module, this commit adds DMI
quirks for both mini PCs pointing to brcmfmac43455-sdio.acepc-t8.txt .

BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1690852
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:57:44 +03:00
Pan Bian
8149069db8 p54: drop device reference count if fails to enable device
The function p54p_probe takes an extra reference count of the PCI
device. However, the extra reference count is not dropped when it fails
to enable the PCI device. This patch fixes the bug.

Cc: stable@vger.kernel.org
Signed-off-by: Pan Bian <bianpan2016@163.com>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:56:56 +03:00
Gustavo A. R. Silva
84242b82d8 rtlwifi: rtl8723ae: Fix missing break in switch statement
Add missing break statement in order to prevent the code from falling
through to case 0x1025, and erroneously setting rtlhal->oem_id to
RT_CID_819X_ACER when rtlefuse->eeprom_svid is equal to 0x10EC and
none of the cases in switch (rtlefuse->eeprom_smid) match.

This bug was found thanks to the ongoing efforts to enable
-Wimplicit-fallthrough.

Fixes: 238ad2ddf3 ("rtlwifi: rtl8723ae: Clean up the hardware info routine")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:55:48 +03:00
Colin Ian King
3b989e58e8 mwifiex: fix spelling mistake "capabilties" -> "capabilities"
There various spelling mistakes in function names and in message
text. Fix these.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:55:06 +03:00
Colin Ian King
b9574ce1d0 iwlegacy: fix spelling mistake "acumulative" -> "accumulative"
Fix spelling mistakes in rx stats text. I missed these from an earlier
round of fixing the same spelling mistake.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:54:36 +03:00
Tamás Szűcs
938c7c80c7 mwifiex: add support for SD8987 chipset
This patch adds support for Marvell 88W8987 chipset with SDIO interface.
Register offsets and supported feature flags are updated. The corresponding
firmware image file shall be "mrvl/sd8987_uapsta.bin".

Signed-off-by: Tamás Szűcs <tszucs@protonmail.ch>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:53:13 +03:00
Petr Štetiar
6b583201fa mwl8k: Fix rate_idx underflow
It was reported on OpenWrt bug tracking system[1], that several users
are affected by the endless reboot of their routers if they configure
5GHz interface with channel 44 or 48.

The reboot loop is caused by the following excessive number of WARN_ON
messages:

 WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516
                             ieee80211_rx_napi+0x1fc/0xa54 [mac80211]

as the messages are being correctly emitted by the following guard:

 case RX_ENC_LEGACY:
      if (WARN_ON(status->rate_idx >= sband->n_bitrates))

as the rate_idx is in this case erroneously set to 251 (0xfb). This fix
simply converts previously used magic number to proper constant and
guards against substraction which is leading to the currently observed
underflow.

1. https://bugs.openwrt.org/index.php?do=details&task_id=2218

Fixes: 854783444b ("mwl8k: properly set receive status rate index on 5 GHz receive")
Cc: <stable@vger.kernel.org>
Tested-by: Eubert Bao <bunnier@gmail.com>
Reported-by: Eubert Bao <bunnier@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:52:45 +03:00
YueHaibing
09ac2694b0 at76c50x-usb: Don't register led_trigger if usb_register_driver failed
Syzkaller report this:

[ 1213.468581] BUG: unable to handle kernel paging request at fffffbfff83bf338
[ 1213.469530] #PF error: [normal kernel read fault]
[ 1213.469530] PGD 237fe4067 P4D 237fe4067 PUD 237e60067 PMD 1c868b067 PTE 0
[ 1213.473514] Oops: 0000 [#1] SMP KASAN PTI
[ 1213.473514] CPU: 0 PID: 6321 Comm: syz-executor.0 Tainted: G         C        5.1.0-rc3+ #8
[ 1213.473514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 1213.473514] RIP: 0010:strcmp+0x31/0xa0
[ 1213.473514] Code: 00 00 00 00 fc ff df 55 53 48 83 ec 08 eb 0a 84 db 48 89 ef 74 5a 4c 89 e6 48 89 f8 48 89 fa 48 8d 6f 01 48 c1 e8 03 83 e2 07 <42> 0f b6 04 28 38 d0 7f 04 84 c0 75 50 48 89 f0 48 89 f2 0f b6 5d
[ 1213.473514] RSP: 0018:ffff8881f2b7f950 EFLAGS: 00010246
[ 1213.473514] RAX: 1ffffffff83bf338 RBX: ffff8881ea6f7240 RCX: ffffffff825350c6
[ 1213.473514] RDX: 0000000000000000 RSI: ffffffffc1ee19c0 RDI: ffffffffc1df99c0
[ 1213.473514] RBP: ffffffffc1df99c1 R08: 0000000000000001 R09: 0000000000000004
[ 1213.473514] R10: 0000000000000000 R11: ffff8881de353f00 R12: ffff8881ee727900
[ 1213.473514] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffffffc1eeaaf0
[ 1213.473514] FS:  00007fa66fa01700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
[ 1213.473514] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1213.473514] CR2: fffffbfff83bf338 CR3: 00000001ebb9e005 CR4: 00000000007606f0
[ 1213.473514] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1213.473514] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1213.473514] PKRU: 55555554
[ 1213.473514] Call Trace:
[ 1213.473514]  led_trigger_register+0x112/0x3f0
[ 1213.473514]  led_trigger_register_simple+0x7a/0x110
[ 1213.473514]  ? 0xffffffffc1c10000
[ 1213.473514]  at76_mod_init+0x77/0x1000 [at76c50x_usb]
[ 1213.473514]  do_one_initcall+0xbc/0x47d
[ 1213.473514]  ? perf_trace_initcall_level+0x3a0/0x3a0
[ 1213.473514]  ? kasan_unpoison_shadow+0x30/0x40
[ 1213.473514]  ? kasan_unpoison_shadow+0x30/0x40
[ 1213.473514]  do_init_module+0x1b5/0x547
[ 1213.473514]  load_module+0x6405/0x8c10
[ 1213.473514]  ? module_frob_arch_sections+0x20/0x20
[ 1213.473514]  ? kernel_read_file+0x1e6/0x5d0
[ 1213.473514]  ? find_held_lock+0x32/0x1c0
[ 1213.473514]  ? cap_capable+0x1ae/0x210
[ 1213.473514]  ? __do_sys_finit_module+0x162/0x190
[ 1213.473514]  __do_sys_finit_module+0x162/0x190
[ 1213.473514]  ? __ia32_sys_init_module+0xa0/0xa0
[ 1213.473514]  ? __mutex_unlock_slowpath+0xdc/0x690
[ 1213.473514]  ? wait_for_completion+0x370/0x370
[ 1213.473514]  ? vfs_write+0x204/0x4a0
[ 1213.473514]  ? do_syscall_64+0x18/0x450
[ 1213.473514]  do_syscall_64+0x9f/0x450
[ 1213.473514]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1213.473514] RIP: 0033:0x462e99
[ 1213.473514] Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1213.473514] RSP: 002b:00007fa66fa00c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 1213.473514] RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
[ 1213.473514] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[ 1213.473514] RBP: 00007fa66fa00c70 R08: 0000000000000000 R09: 0000000000000000
[ 1213.473514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa66fa016bc
[ 1213.473514] R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004

If usb_register failed, no need to call led_trigger_register_simple.

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 1264b95146 ("at76c50x-usb: add driver")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:52:14 +03:00
Alexey Khoroshilov
d1717282af mwl8k: fix error handling in mwl8k_post_cmd()
If pci_map_single() fails in mwl8k_post_cmd(),
it returns -ENOMEM immediately, while cleanup is required.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:51:46 +03:00
Larry Finger
b25105e126 b43: Remove empty function lpphy_papd_cal()
In commit d825db346270e ("b43: shut up clang -Wuninitialized variable
warning"), the message noted that function lpphy_papd_cal() was empty
and had an old TODO regarding its implementation. As the reverse
engineering project that created the LP-PHY version of this driver
has not been active for some time, it is safe to remove this empty
function.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:51:16 +03:00
Dan Carpenter
b4c35c1722 mwifiex: prevent an array overflow
The "rate_index" is only used as an index into the phist_data->rx_rate[]
array in the mwifiex_hist_data_set() function.  That array has
MWIFIEX_MAX_AC_RX_RATES (74) elements and it's used to generate some
debugfs information.  The "rate_index" variable comes from the network
skb->data[] and it is a u8 so it's in the 0-255 range.  We need to cap
it to prevent an array overflow.

Fixes: cbf6e05527 ("mwifiex: add rx histogram statistics support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:50:21 +03:00
Gustavo A. R. Silva
0c7beb2db9 zd1211rw: use struct_size() helper
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes, in particular in the
context in which this code is being used.

So, replace code of the following form:

sizeof(struct usb_req_write_regs) + count * sizeof(struct reg_data)

with:

struct_size(req, reg_writes, count)

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:49:50 +03:00
Gustavo A. R. Silva
ae187ba915 mwifiex: use struct_size() in kzalloc()
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:

struct foo {
    int stuff;
    struct boo entry[];
};

size = sizeof(struct foo) + count * sizeof(struct boo);
instance = kzalloc(size, GFP_KERNEL)

Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:

instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL)

Notice that, in this case, variable regd_size is not necessary,
hence it is removed.

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:45:14 +03:00
Siva Rebbagondla
0a60014b76 rsi: miscallaneous changes for 9116 and common
Below changes are done:
* Device 80MHz clock should be disabled for 9116 in 20MHz band.
* Default edca parameters should be used initially before
  connection.
* Default TA aggregation is 3 for 9116.
* Bootup parameters should be loaded first when channel is
  changed.
* 4 byte register writes are possible for 9116.

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:29 +03:00
Siva Rebbagondla
17ff2c794f rsi: reset device changes for 9116
Device reset register(watchdog timer related) addresses and
values are different for 9116.

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:29 +03:00
Siva Rebbagondla
1533f976c6 rsi: send new tx command frame wlan9116 features
For 9116 device, we have introduced w9116 features frame, which shall be
send when radio capabilities confirm is received.

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:28 +03:00
Siva Rebbagondla
f911c86166 rsi: new bootup parameters for 9116
Bootup parameters are different for 9116 device. Check added for device
model where-ever bootup parameters are being send.

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:27 +03:00
Siva Rebbagondla
9ba4562ac1 rsi: change in device init frame sequence for 9116
Initial frame exchange sequence has been changed for 9116 chip. Getting MAC
address using EEPROM read frame will be once common device configuration is
done and RESET_MAC frame is sending after bootup parameters confirmation is
received, which are different from RS9113 device

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:26 +03:00
Siva Rebbagondla
e5a1ecc97e rsi: add firmware loading for 9116 device
New firmware files and firmware loading method are added for 9116.

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:25 +03:00
Siva Rebbagondla
3ac61578fb rsi: move common part of firmware load to separate function
Till software bootloader ready state, communication with device is common
for 9113 and 9116. Hence moved that part of firmware loading to separate
function rsi_prepare_fw_load(). Also LMAC_VER_OFFSET is different for 9113
and 9116, so renamed existing macro to LMAC_VER_OFFSET_9113

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:24 +03:00
Siva Rebbagondla
54fdb318c1 rsi: add new device model for 9116
9116 device id entry is added in both SDIO and USB interfaces.
New enumberation value taken for the device model. Based on the
device model detected run time, few device specific operations
needs to be performed.

adding rsi_dev_model to get device type in run time, as we can use
same driver for 9113 and 9116 except few firmware load changes.

Signed-off-by: Siva Rebbagondla <siva8118@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:44:23 +03:00
Stanislaw Gruszka
9ea3812f01 rt2x00mmio: remove legacy comment
Remove comment about fields that were removed.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:09 +03:00
Stanislaw Gruszka
d954f9e3fb rt2x00: remove not used entry field
Remove not used any longer queue_entry field and flag.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:08 +03:00
Stanislaw Gruszka
eb662b1dc6 rt2x00: remove last_nostatus_check
We do not any longer check txstatus timeout from tasklet, so do not need
this optimization.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:07 +03:00
Stanislaw Gruszka
e5ceab9df4 rt2800mmio: use timer and work for handling tx statuses timeouts
Sometimes we can get into situation when there are pending statuses,
but we do not get INT_SOURCE_CSR_TX_FIFO_STATUS. Handle this situation
by arming timeout timer and read statuses (it will fix case when
we just do not have irq) and queue work to handle case we missed
statues from hardware FIFO.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:06 +03:00
Stanislaw Gruszka
2c7ba758cc rt2800mmio: fetch tx status changes
Prepare to use rt2800mmio_fetch_txstatus() in concurrent manner and drop
return value since is not longer needed.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:05 +03:00
Stanislaw Gruszka
6efa798764 rt2800: move txstatus pending routine
Move rt2800usb_txstatus_pending routine to rt2800lib. It will be reused
by rt2800mmio code.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:04 +03:00
Stanislaw Gruszka
f61131505e rt2800: new flush implementation for SoC devices
Use new flush_queue() callback for SoC devices, what was already done for
PCIe devices.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:04 +03:00
Stanislaw Gruszka
889bb866ba rt2800: partially restore old mmio txstatus behaviour
Do not disable txstatus interrupt and add quota of processed tx statuses in
one tasklet. Quota is needed to allow to fed device with new frames during
processing of tx statuses.

Patch fixes about 15% performance degradation on some scenarios caused by
0b0d556e0e ("rt2800mmio: use txdone/txstatus routines from lib").

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:43:03 +03:00
Aditya Pakki
d5414c2355 rsi: Fix NULL pointer dereference in kmalloc
kmalloc can fail in rsi_register_rates_channels but memcpy still attempts
to write to channels. The patch replaces these calls with kmemdup and
passes the error upstream.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:42:26 +03:00
Tomislav Požega
9490c56024 rt2x00: code-style fix in rt2800usb.c
Remove space leftovers.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:41:42 +03:00
Stanislaw Gruszka
61a4e5ff0d rt2x00: do not print error when queue is full
For unknown reasons printk() on some context can cause CPU hung on
embedded MT7620 AP/router MIPS platforms. What can result on wifi
disconnects.

This patch move queue full messages to debug level what is consistent
with other mac80211 drivers which drop packet silently if tx queue is
full. This make MT7620 OpenWRT routers more stable, what was reported
by various users.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:40:54 +03:00
Stanislaw Gruszka
e383c70474 rt2x00: check number of EPROTO errors
Some USB host devices/drivers on some conditions can always return
EPROTO error on submitted URBs. That can cause infinity loop in the
rt2x00 driver.

Since we can have single EPROTO errors we can not mark as device as
removed to avoid infinity loop. However we can count consecutive
EPROTO errors and mark device as removed if get lot of it.
I choose number 10 as threshold.

Reported-and-tested-by: Randy Oostdyk <linux-kernel@oostdyk.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:40:53 +03:00
Stanislaw Gruszka
bb3b18c925 rt2x00: use ratelimited variants dev_warn/dev_err
As reported by Randy we can overwhelm logs on some USB error conditions.
To avoid that use dev_warn_ratelimited() and dev_err_ratelimitd().

Reported-and-tested-by: Randy Oostdyk <linux-kernel@oostdyk.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:40:52 +03:00
Kangjie Lu
0ed2a00534 net: cw1200: fix a NULL pointer dereference
In case create_singlethread_workqueue fails, the fix free the
hardware and returns NULL to avoid NULL pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:40:09 +03:00
YueHaibing
3b6edcb3ff ray_cs: use remove_proc_subtree to simplify procfs code
Use remove_proc_subtree to remove the whole subtree

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:38:52 +03:00
YueHaibing
444efbde32 ray_cs: Check return value of pcmcia_register_driver
init_ray_cs does not check value of pcmcia_register_driver,
if it fails, there maybe cause a NULL pointer dereference in
exit_ray_cs.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:38:26 +03:00
Gustavo A. R. Silva
d442af2e1b rndis_wlan: use struct_size() helper
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes, in particular in the
context in which this code is being used.

So, replace code of the following form:

sizeof(*pmkids) + max_pmkids * sizeof(pmkids->bssid_info[0])

with:

struct_size(pmkids, bssid_info, num_pmkids)

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 19:37:44 +03:00
Kalle Valo
b99561c513 Third batch of patches intended for v5.2
* Bump the 20000-series FW API version supported;
 * Work on the new debugging infra continues;
 * One clean-up to prevent a bogus warning with clang;
 * A small cleanup in the PCI ID list;
 * Work on new hardware continues;
 * RTT confidence indication support for FTM;
 * An improvement in HE rate-scaling;
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAly5eWAACgkQoUecoho8
 xfqEIRAAlMWOsctlnqlA2oxuf4V/tAvI3rHPiPHbdrBGCM13muIihP/FXXFgDQTY
 k55o2Ugg5RTwitdhL3jU//meF+a755FvEqAD8BK1SfySid7frWvNMXIK8kWWp6Cw
 VzwG3gfZ0hV21P8gYdfg+HLwfiBHDKNGUAj08pA3jXAxA+tG6VrXNNGuHe5Jy3pK
 JxGNSQUtdHZPx6UVI5Em3Al+bfLmhXRlDDlZQl1amPY5+zHEvBJLSi9Mmf8UShle
 YDnFDUA3co6BDvuOaOM7j5buvb7sj+pEMQMTfhcnLtqo5cSF1eEbYHw0aZKYG9rl
 Ueej9moQoTNZWoy9DJVGrMWZd86XEmplgCEfrl7ricGVuOq73GWneeU7uuUnnMZr
 5SiS6o54WalYE0sY8RfhDWRWgAdN1chGmtrPsq+iIfOoEfnTzIqfKW4sG0MqIVHP
 UNyx8aBM0ebjfa1s6xSVBwEEZYCCdOHl1O56UVcvnHzB+c82xj2nadO7ebOnBKBf
 CQnUKCNWbE1HbLiAJdGWYHTWGdMkswDMYl8Zqf0Q2KZ2uCpmWHbjgSyVqkkUnYR1
 5vF+2kMJfNhjw5aBnnP4W5ZQSjIpp+Rtvnui9WiSYinXbfZ+b3EfJwx/2hKKq7d2
 y5lCCeX5hGKVp7P5fIOuN7shmvNrdyywawcRWwtlWmVpwHtkUKQ=
 =JJSw
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-next-for-kalle-2019-04-18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next

Third batch of patches intended for v5.2

* Bump the 20000-series FW API version supported;
* Work on the new debugging infra continues;
* One clean-up to prevent a bogus warning with clang;
* A small cleanup in the PCI ID list;
* Work on new hardware continues;
* RTT confidence indication support for FTM;
* An improvement in HE rate-scaling;
2019-04-25 18:26:23 +03:00
Douglas Anderson
b82d6c1f8f mwifiex: Make resume actually do something useful again on SDIO cards
The commit fc3a2fcaa1 ("mwifiex: use atomic bitops to represent
adapter status variables") had a fairly straightforward bug in it.  It
contained this bit of diff:

 - if (!adapter->is_suspended) {
 + if (test_bit(MWIFIEX_IS_SUSPENDED, &adapter->work_flags)) {

As you can see the patch missed the "!" when converting to the atomic
bitops.  This meant that the resume hasn't done anything at all since
that commit landed and suspend/resume for mwifiex SDIO cards has been
totally broken.

After fixing this mwifiex suspend/resume appears to work again, at
least with the simple testing I've done.

Fixes: fc3a2fcaa1 ("mwifiex: use atomic bitops to represent adapter status variables")
Cc: <stable@vger.kernel.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25 14:05:14 +03:00
Eric Biggers
877b5691f2 crypto: shash - remove shash_desc::flags
The flags field in 'struct shash_desc' never actually does anything.
The only ostensibly supported flag is CRYPTO_TFM_REQ_MAY_SLEEP.
However, no shash algorithm ever sleeps, making this flag a no-op.

With this being the case, inevitably some users who can't sleep wrongly
pass MAY_SLEEP.  These would all need to be fixed if any shash algorithm
actually started sleeping.  For example, the shash_ahash_*() functions,
which wrap a shash algorithm with the ahash API, pass through MAY_SLEEP
from the ahash API to the shash API.  However, the shash functions are
called under kmap_atomic(), so actually they're assumed to never sleep.

Even if it turns out that some users do need preemption points while
hashing large buffers, we could easily provide a helper function
crypto_shash_update_large() which divides the data into smaller chunks
and calls crypto_shash_update() and cond_resched() for each chunk.  It's
not necessary to have a flag in 'struct shash_desc', nor is it necessary
to make individual shash algorithms aware of this at all.

Therefore, remove shash_desc::flags, and document that the
crypto_shash_*() functions can be called from any context.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-04-25 15:38:12 +08:00
Erik Stromdahl
f91b63b0e3 ath10k: sdio: add missing error check
Although not likely, the bundle allocation might fail.
Add proper error check and warning print.

Signed-off-by: Erik Stromdahl <erik.stromdahl@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:26:19 +03:00
Alagu Sankar
fbd428a5b8 ath10k: add initialization of HTC header
HTC header carries junk values that may be interpreted by the firmware
differently. Enable credit update only if flow control is enabled for
the corresponding endpoint.

Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Erik Stromdahl <erik.stromdahl@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:26:09 +03:00
Kalle Valo
30382dd1cf ath10k: fix use-after-free on SDIO data frames
With SDIO there's a use after free after a data frame is transfered, call stack
below. This happens because ath10k_htt_tx_hl() directly transmits the skb
provided by mac80211 using ath10k_htc_send(), all other HTT functions use
separate skb created with ath10k_htc_alloc_skb() to transmit the HTC packet.
After the packet is transmitted mac80211 frees the skb in ieee80211_tx_status()
but HTT layer expects  that it still owns the skb, and frees it in
ath10k_htt_htc_tx_complete().

To fix this take a reference of skb before sending it to HTC layer to make sure
we still own the skb.

Tested on QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1.
ath10k_htt_tx_hl() is only used by SDIO and USB so other busses (PCI, AHB and
SNOC) should be unaffected.

call stack of use-after-free:
dump_backtrace+0x0/0x2d8
show_stack+0x20/0x2c
__dump_stack+0x20/0x28
dump_stack+0xc8/0xec
print_address_description+0x74/0x240
kasan_report+0x258/0x274
__asan_report_load4_noabort+0x20/0x28
skb_pull+0xbc/0x114
ath10k_htc_notify_tx_completion+0x190/0x2a4 [ath10k_core]
ath10k_sdio_write_async_work+0x1e4/0x2c4 [ath10k_sdio]
process_one_work+0x3d8/0x8b0
worker_thread+0x518/0x7e0
kthread+0x260/0x278
ret_from_fork+0x10/0x18

Allocated by one task:
kasan_kmalloc+0xa0/0x13c
kasan_slab_alloc+0x14/0x1c
kmem_cache_alloc+0x144/0x208
__alloc_skb+0xec/0x394
alloc_skb_with_frags+0x8c/0x374
sock_alloc_send_pskb+0x520/0x5d4
sock_alloc_send_skb+0x40/0x50
__ip_append_data+0xf5c/0x1858
ip_make_skb+0x194/0x1d4
udp_sendmsg+0xf24/0x1ab8
inet_sendmsg+0x1b0/0x2e0
sock_sendmsg+0x88/0xa0
__sys_sendto+0x220/0x3a8
__arm64_sys_sendto+0x78/0x80
el0_svc_common+0x120/0x1e0
el0_svc_compat_handler+0x64/0x80
el0_svc_compat+0x8/0x18

Freed by another task:
__kasan_slab_free+0x120/0x1d4
kasan_slab_free+0x10/0x1c
kmem_cache_free+0x74/0x504
kfree_skbmem+0x88/0xc8
__kfree_skb+0x24/0x2c
consume_skb+0x114/0x18c
__ieee80211_tx_status+0xb7c/0xf60 [mac80211]
ieee80211_tx_status+0x224/0x270 [mac80211]
ath10k_txrx_tx_unref+0x564/0x950 [ath10k_core]
ath10k_htt_t2h_msg_handler+0x178c/0x2a38 [ath10k_core]
ath10k_htt_htc_t2h_msg_handler+0x20/0x30 [ath10k_core]
ath10k_sdio_irq_handler+0xcc0/0x1654 [ath10k_sdio]
process_sdio_pending_irqs+0xec/0x358
sdio_run_irqs+0x68/0xe4
sdio_irq_work+0x1c/0x28
process_one_work+0x3d8/0x8b0
worker_thread+0x518/0x7e0
kthread+0x260/0x278
ret_from_fork+0x10/0x18

Reported-by: Wen Gong <wgong@codeaurora.org>
Tested-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:24:17 +03:00
Alagu Sankar
8ea51e409e ath10k: htt: support MSDU ids with SDIO
Transmit completion for SDIO is similar to PCIe, modify the high
latency path to allow SDIO modules to use the msdu id.

kvalo: the original patch from Alagu enabled this only for SDIO but I'm not
sure should we also enable this with USB. I'll use bus params to enable this
for so that it's easy to enable also for USB later.

Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1.

Co-developed-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Wen Gong <wgong@codeaurora.org>.
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:24:06 +03:00
Kalle Valo
6d084ac27a ath10k: initialise struct ath10k_bus params to zero
This way we don't need to set every variable and give them to default, which is
zero. This is also safer in case we forgot to initalise a new field in some of
the bus modules.

Compile tested only.

Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:23:54 +03:00
Alagu Sankar
e2a6b71128 ath10k: htt: don't use txdone_fifo with SDIO
HTT High Latency (ATH10K_DEV_TYPE_HL) does not use txdone_fifo at all, we don't
even initialise it by skipping ath10k_htt_tx_alloc_buf() in
ath10k_htt_tx_start(). Because of this using QCA6174 SDIO
ath10k_htt_rx_tx_compl_ind() will crash when it accesses unitialised
txdone_fifo. So skip txdone_fifo when using High Latency mode.

Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1.

Co-developed-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:23:39 +03:00
Wen Gong
70736b9753 ath10k: don't disable interrupts in ath10k_sdio_remove()
Disabling interrupts this early meant WMI communication was not working anymore
when the SDIO device was removed. But we call ath10k_core_unregister() that
will eventually call ath10k_sdio_hif_stop(), which disables the interrupts. So
there's actually no need to disable interrupts here.

Also remove cancel_work_sync() as it's also called in ath10k_sdio_hif_stop().

Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1.

Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:23:27 +03:00
Wen Gong
4504f0e5b5 ath10k: sdio: workaround firmware UART pin configuration bug
On QCA6174 SDIO devices the SDIO interrupt will fail if UART is
disabled from ath10k. SDIO firmware enables UART printouts by
default. If ath10k will try to enable UART again the firmware
will configure it's GPIO line incorrectly and SDIO interrupts
won't work anymore. The workaround is to set UART pin again (19
for QCA6174 SDIO) if uart_print is 0.

Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1.

Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-23 16:23:16 +03:00
Shahar S Matityahu
69166f7a37 iwlwifi: dbg_ini: set dump bit only when trigger collection is certain
In case the the trigger occurrences is zero or force_restart is set, the
driver sets IWL_FWRT_STATUS_DUMPING without actually scheduling trigger
collection. At this point no other dump collection can be performed.

Solve this by setting IWL_FWRT_STATUS_DUMPING bit only when the driver
is surely going to schedule dump collection

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:27:34 +03:00
Nathan Chancellor
f8510d67d6 iwlwifi: mvm: Change an 'else if' into an 'else' in iwl_mvm_send_add_bcast_sta
When building with -Wsometimes-uninitialized, Clang warns:

drivers/net/wireless/intel/iwlwifi/mvm/sta.c:2114:12: warning: variable
'queue' is used uninitialized whenever 'if' condition is false
[-Wsometimes-uninitialized]

Clang can't evaluate at this point that WARN(1, ...) always returns true
because __ret_warn_on is defined as !!(condition), which isn't
immediately evaluated as 1. Change this branch to else so that it's
clear to Clang that we intend to bail out here.

Link: https://github.com/ClangBuiltLinux/linux/issues/399
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
[added a few more braces]
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:27:33 +03:00
Luca Coelho
2644f9d0db iwlwifi: remove unused 0x40C0 PCI device IDs
This device ID and device type was never released, so we can remove it
from the PCI IDs list.

Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:27:29 +03:00
Avraham Stern
957a67c828 iwlwifi: mvm: support rtt confidence indication
The range response notification API has changed to add a value that
indicates the confidence of the rtt result.
Support the new API and print the rtt confidence for debug.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:23 +03:00
Shahar S Matityahu
e91130cebd iwlwifi: dbg: add lmac and umac PC registers to periphery dump
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:23 +03:00
Shahar S Matityahu
32d2282a35 iwlwifi: dbg: add periphery memory dumping support to ax210 device family
Allows to dump periphery memory on ax210 devices.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:23 +03:00
Gregory Greenman
befebbb30a iwlwifi: rs: consider LDPC capability in case of HE
When building TLC configuration command, consider in case of HE,
if LDPC support is turned on in our capabilities.

Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:23 +03:00
Shahar S Matityahu
53032e6ec1 iwlwifi: dbg_ini: add debug prints to the ini flows
Add debug prints to the ini flow and rewrite existing prints to provide
more information

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:22 +03:00
Shahar S Matityahu
2953c393a0 iwlwifi: add FW_INFO debug level
Add FW_INFO debug level. This level is enabled if INFO or FW debug
levels are set.
Also, set fw request and callback prints under this debug level.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:22 +03:00
Shahar S Matityahu
77f99ae648 iwlwifi: dbg_ini: support notification and dhc regions type parsing
IWL_FW_INI_REGION_CSR and IWL_FW_INI_REGION_NOTIFICATION does not have
memory addresses attached to them so the driver should skip them when
parsing the region tlv.
Also, instead of declearing what region types should skip the addition of
the memory addresses, declare what regions have addition of memory
addresses.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:22 +03:00
Shaul Triebitz
718a8b23ad iwlwifi: unite macros with same meaning
TFD_*_SLOTS and IWL_*_QUEUE_SIZE both define the TX queue
size (number of TFDs).
Get rid of TFD_*_SLOTS and use only IWL_*_QUEUE_SIZE.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:22 +03:00
Shaul Triebitz
9a16ee0c6b iwlwifi: mvm: set 512 TX queue slots for AX210 devices
AX210 devices support 256 BA (256 MPDUs in an AMPDU).
The firmware requires that the number of TFDs will be
minimum twice as big as the BA size (2 * 256 = 512).

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:21 +03:00
Luca Coelho
0d37d9faa6 iwlwifi: bump FW API to 47 for 22000 series
Start supporting API version 47 for 22000 series.  The 9000 series is
now frozen on version 46.

Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-19 10:26:21 +03:00
Kalle Valo
db5e323feb Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
ath.git patches for 5.2. No major changes.
2019-04-19 10:20:10 +03:00
David S. Miller
f9a904efca wireless-drivers-next patches for 5.2
Nothing really special standing out this time, iwlwifi being the most
 active driver.
 
 Major changes:
 
 iwlwifi
 
 * send NO_DATA events so they can be captured in radiotap
 
 * support for multiple BSSID
 
 * support for some new FW API versions
 
 * support new hardware
 
 * debugfs cleanups by Greg-KH
 
 qtnfmac
 
 * allow each MAC to specify its own regulatory rules
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJcuHgsAAoJEG4XJFUm622bfo8H/3uRRxsQBHGg6e3NpELaxpNV
 IfrPDtvxyfILzIepBBhnZYUY0OrlTHKfMmzFBD9FFMojsxBYddnLZ/0iKUNKfwLm
 KzToW/64YJ784dc+tw85gjh8I3MB+RRoD0l01M1HuOkzQ4hDNEGK3IsMHsBs/oTZ
 huiqTYsTxStOj53vOpQiBFZ1pYBtvGLMxBdSepDcR27bgT1gwriynCSkSNglDH8z
 /t3m6hDGtZa6uVkoIVH+BAMu6+vt+vIkU/TOdmiW/zqBL2JYq6cDE0uIb3bLAzN6
 uvS1Rj42P3OwHUwFavlUBdr5Rdcj6P24S5ZhtVaGGWCBjMZI5/nO7IjzwyQnQuQ=
 =/6q9
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-next-for-davem-2019-04-18' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next

Kalle Valo says:

====================
wireless-drivers-next patches for 5.2

Nothing really special standing out this time, iwlwifi being the most
active driver.

Major changes:

iwlwifi

* send NO_DATA events so they can be captured in radiotap

* support for multiple BSSID

* support for some new FW API versions

* support new hardware

* debugfs cleanups by Greg-KH

qtnfmac

* allow each MAC to specify its own regulatory rules
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-18 11:07:55 -07:00
Larry Finger
b5250c9c14 rtlwifi: rtl8188ee: Remove extraneous file
Somehow file drivers/net/wireless/realtek/rtlwifi/rtl8188ee/trx.c.rej was
incorporated into the sources. Obviously, it can be removed.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-18 16:08:23 +03:00
Shaul Triebitz
c537e07b00 iwlwifi: cfg: use family 22560 based_params for AX210 family
Specifically, max_tfd_queue_size should be 0x10000 like in
22560 family and not 0x100 like in 22000 family.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-18 15:06:44 +03:00
Greg Kroah-Hartman
154d4899e4 iwlwifi: mvm: properly check debugfs dentry before using it
debugfs can now report an error code if something went wrong instead of
just NULL.  So if the return value is to be used as a "real" dentry, it
needs to be checked if it is an error before dereferencing it.

This is now happening because of ff9fb72bc0 ("debugfs: return error
values, not NULL").  If multiple iwlwifi devices are in the system, this
can cause problems when the driver attempts to create the main debugfs
directory again.  Later on in the code we fail horribly by trying to
dereference a pointer that is an error value.

Reported-by: Laura Abbott <labbott@redhat.com>
Reported-by: Gabriel Ramirez <gabriello.ramirez@gmail.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Luca Coelho <luciano.coelho@intel.com>
Cc: Intel Linux Wireless <linuxwifi@intel.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: stable <stable@vger.kernel.org> # 5.0
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-18 15:06:44 +03:00
Shahar S Matityahu
b35f63972c iwlwifi: dbg_ini: check debug TLV type explicitly
In ini debug TLVs bit 24 is set. The driver relies on it in the memory
allocation for the debug configuration. This implementation is
problematic in case of a new debug TLV that is not supported yet is added
and uses bit 24. In such a scenario the driver allocate space without
using it which causes errors in the apply point enabling flow.

Solve it by explicitly checking if a given TLV is part of the list of
the supported ini debug TLVs.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Fixes: f14cda6f3b ("iwlwifi: trans: parse and store debug ini TLVs")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-18 14:07:39 +03:00
Johannes Berg
72d3c7bbc9 iwlwifi: mvm: don't attempt debug collection in rfkill
If we fail to initialize because rfkill is enabled, then trying
to do debug collection currently just fails. Prevent that in the
high-level code, although we should probably also fix the lower
level code to do things more carefully.

It's not 100% clear that it fixes this commit, as the original
dump code at the time might've been more careful. In any case,
we don't really need to dump anything in this expected scenario.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fixes: 7125648074 ("iwlwifi: add fw dump upon RT ucode start failure")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-18 14:07:39 +03:00
Shahar S Matityahu
1c6bca6d75 iwlwifi: don't panic in error path on non-msix systems
The driver uses msix causes-register to handle both msix and non msix
interrupts when performing sync nmi.  On devices that do not support
msix this register is unmapped and accessing it causes a kernel panic.

Solve this by differentiating the two cases and accessing the proper
causes-register in each case.

Reported-by: Michal Hocko <mhocko@kernel.org>
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-18 14:07:39 +03:00
David S. Miller
6b0a7f84ea Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflict resolution of af_smc.c from Stephen Rothwell.

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-17 11:26:25 -07:00
David S. Miller
a44acf9060 wireless-drivers fixes for 5.1
Second set of fixes for 5.1.
 
 iwlwifi
 
 * add some new PCI IDs (plus a struct name change they depend on)
 
 * fix crypto with new devices, namely 22560 and above
 
 * fix for a potential deadlock in the TX path
 
 * a fix for offloaded rate-control
 
 * support new PCI HW IDs which use a new FW
 
 mt76
 
 * fix lock initialisation and a possible deadlock
 
 * aggregation fixes
 
 rt2x00
 
 * fix sequence numbering during retransmits
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJctIf2AAoJEG4XJFUm622bm4UH/RjizpPno79+PxKgZFxhYcWJ
 4sBW1hDwcO4FNKLX3tf6WR4N/vxkPEWSbB1gGRbHAIeYeb74ab5hYQoCVaOnU8GL
 uzhjgGVHwUnBi0oluuG12gpU9Zf6raV4Ec9HdRszx1A8DOa0qn5lUrXwWbF3GlZZ
 BU4ojdOZOVQx+yqE+xIr7okcbBpxRZgLK7KthKWgR4G9RlISIsfMYAHE1fwPmPr8
 b7fwqAKkgJ5fGSxez1tv7hlYaRw2zVwFYrVv3TegRKMl1pHTI/ps3ip37JTwv+O0
 lv5112AgEO2cSPT/R0wWqEkZ21Rc/AeFbttcQ9Ejw1SPc/w2d+fX8pTY5/RPw8w=
 =RCyH
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-for-davem-2019-04-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers

Kalle Valo says:

====================
wireless-drivers fixes for 5.1

Second set of fixes for 5.1.

iwlwifi

* add some new PCI IDs (plus a struct name change they depend on)

* fix crypto with new devices, namely 22560 and above

* fix for a potential deadlock in the TX path

* a fix for offloaded rate-control

* support new PCI HW IDs which use a new FW

mt76

* fix lock initialisation and a possible deadlock

* aggregation fixes

rt2x00

* fix sequence numbering during retransmits
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-15 12:02:29 -07:00
YueHaibing
bdfc4027de rtlwifi: rtl8723ae: Make rtl8723e_dm_refresh_rate_adaptive_mask static
Fix sparse warning:

drivers/net/wireless/realtek/rtlwifi/rtl8723ae/dm.c:666:6:
 warning: symbol 'rtl8723e_dm_refresh_rate_adaptive_mask' was not declared. Should it be static?

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-13 14:17:52 +03:00
Larry Finger
ddab2eee79 rtlwifi: Convert the wake_match variable to local
In five of the drivers, the contents of bits 29-31 of one of the RX
descriptors is used to set bits in a variable that is used to save the
wakeup condition for output in a debugging statement. The resulting
variable is not used anywhere else even though it is stored in a struct
and could be available in other routines. This variable is changed to be
local.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-13 14:15:45 +03:00
Larry Finger
0961d9874a rtlwifi: Fix duplicate tests of one of the RX descriptors
In drivers rtl8188ee, rtl8821ae, rtl8723be, and rtl8192ee, the reason
for a wake-up is returned in the fourth RX descriptor in bits 29-31. Due
to typographical errors, all but rtl8821ae test bit 31 twice and fail to
test bit 29.

This error causes no problems as the tests are only used to set bits in
the output of an optional debugging statement.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-13 14:15:44 +03:00
Colin Ian King
a927e8d8ab brcmfmac: fix leak of mypkt on error return path
Currently if the call to brcmf_sdiod_set_backplane_window fails then
error return path leaks mypkt. Fix this by returning by a new
error path labelled 'out' that calls brcmu_pkt_buf_free_skb to free
mypkt.  Also remove redundant check on err before calling
brcmf_sdiod_skbuff_write.

Addresses-Coverity: ("Resource Leak")
Fixes: a7c3aa1509 ("brcmfmac: Remove brcmf_sdiod_addrprep()")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-13 14:07:09 +03:00
Ondrej Jirman
e3062e05e1 brcmfmac: Loading the correct firmware for brcm43456
SDIO based brcm43456 is currently misdetected as brcm43455 and the wrong
firmware name is used. Correct the detection and load the correct
firmware file. Chiprev for brcm43456 is "9".

Signed-off-by: Ondrej Jirman <megous@megous.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-13 14:04:44 +03:00
Gustavo A. R. Silva
0cf83903aa brcmfmac: Use struct_size() in kzalloc()
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:

struct foo {
    int stuff;
    struct boo entry[];
};

size = sizeof(struct foo) + count * sizeof(struct boo);
instance = kzalloc(size, GFP_KERNEL)

Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:

instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL)

Notice that, in this case, variable reqsz is not necessary,
hence it is removed.

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-13 13:58:36 +03:00
Kalle Valo
5f659c792a Second batch of patches intended for v5.2
* Work on the new debugging infra continues;
 * Fixes for the 22000 series;
 * Support for some new FW API changes;
 * Work on new hardware continues;
 * Some debugfs cleanups by Greg-KH;
 * General bugfixes;
 * Other cleanups;
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAlykbPEACgkQoUecoho8
 xfocxA//XQGIwKM/kNj9idxhZ9ATbTqMx32h6IU5dZvI/8uNOdAT3e+irdqLnpJP
 aaQfqK/jfmIvQwZ6WUuCTGCQvoC64saJUEB7hxxHDSujYCMeHTdSHPxxmYwUb/4L
 glTJai9vAl+bAaaVLZukfE4/sTNVbTXDjFD2k7A6Nkb0FeHRLN0yz6Qzkn6wnpIs
 jlxNLk+w0xnPnEFXqJhp+LX2oyYbhd6iV08rWKs7HnZhyM+hVx9GL+5UwIjqLsdC
 6Ps0USMcx2zLgaijihGKRW7P2VT1iMM8vQxf4e87ovOHCFjA3xbWqlw2tWlD70kD
 +VMYLJYCSo2bZdX1wn8GV7Asfy3gE1Ut8ufQU5v1dOplDmMWvyg1j0+Pat/u/gs0
 VGjoqPFgPR5bPNB3yWHNdvXpR6+C4PF5udeBqPOxbM6spa7SnSqxIxPKiUYf4HAu
 6BBg+DRvHD9YNYOTRh9w+vblsOQ5EEOZxhP/m+vDmSFoUwaeS/yw/K0iFaJyu5re
 JOkrCYtB87gtq25gZIJWkhiO/H3x6fY0r0xmiBjdzNbC6z/3ogfNaHlRgzLNu6Mf
 UjGK7aEeqXG0iP6PA8xfKlD4OJ41hyIpLFBM80+lX010S1PNwMWWO64yu2Vsorpo
 qmb4unTdYkpRn6Ii3q1XkVhKs3AgIN/hS8MJ25AldDMXEDbfpwY=
 =qVj2
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-next-for-kalle-2019-04-03' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next

Second batch of patches intended for v5.2

* Work on the new debugging infra continues;
* Fixes for the 22000 series;
* Support for some new FW API changes;
* Work on new hardware continues;
* Some debugfs cleanups by Greg-KH;
* General bugfixes;
* Other cleanups;
2019-04-13 13:45:03 +03:00
Kalle Valo
832bc250d7 Second batch of iwlwifi fixes intended for v5.1
* fix for a potential deadlock in the TX path;
 * a fix for offloaded rate-control;
 * support new PCI HW IDs which use a new FW;
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAlyka8EACgkQoUecoho8
 xfqbpg//dTiEkkB5vMeUYfsgyO4JdCmzCQg7ZYh7FfRtxP8EnRCD4CSQJHmU0K/G
 /K+cRn7nA06STbvshtmGQRJ9KJ8nLJ4wt1cZMXSi6O2bH6jdwKpBE6hCq71Kw99d
 zWns40Db3JFKE4/+OIRVAo1bdThjLquxrponGAr0CC7PzAo1BdG1ux34PlXev0Av
 n7rk/sLqPH/sfEOuVVU6WBNkhAAy0vSUfcZ2FOMuebx9Qkap7VFwSxGyuJI0mdPZ
 wQiAg4aCVUnbxscQB2ag82wMWui5HLtgdCh5aCgZNsCkWodr6iZXL32uhg8v09LZ
 yYnPWtyztm4t4InzeF3dmBfT/aKMeYn5C/tmi3oSIU0swUJdBeTuqYzKcuon4Ths
 +DJob2Gq8q1PEC6kSVfcJ7xZDt6bawfFdM9MwOSYYk2AYhyaPfSTud7w44NkqpKk
 fnfJHmFskYcz4pqld8/kjSHMTr/fZCRn3jDBaPoNZpJpZaPQ3y1jymyQ8/9d9OKM
 f44TDDMkRUw1rOiHm3IZQZiMXaUgY8ZHFF7z6sITwogPJVXSqG8d+kLfo0WBVk1B
 Bt/8ApuuyRm52CZPE+lYLP9rINdoMJFmOHA73sj6/RXWNYJ4QWzqzM4Fgld3ZuIh
 nldyeSWO/uFmlKcydT1wBNTqi63zn2PWIC0ejlwqDJ9L0KCSgMc=
 =EfCY
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-for-kalle-2019-04-03' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes

Second batch of iwlwifi fixes intended for v5.1

* fix for a potential deadlock in the TX path;
* a fix for offloaded rate-control;
* support new PCI HW IDs which use a new FW;
2019-04-12 21:34:27 +03:00
Stanislaw Gruszka
bafdf85dfa mt76x02: avoid status_list.lock and sta->rate_ctrl_lock dependency
Move ieee80211_tx_status_ext() outside of status_list lock section
in order to avoid locking dependency and possible deadlock reposed by
LOCKDEP in below warning.

Also do mt76_tx_status_lock() just before it's needed.

[  440.224832] WARNING: possible circular locking dependency detected
[  440.224833] 5.1.0-rc2+ #22 Not tainted
[  440.224834] ------------------------------------------------------
[  440.224835] kworker/u16:28/2362 is trying to acquire lock:
[  440.224836] 0000000089b8cacf (&(&q->lock)->rlock#2){+.-.}, at: mt76_wake_tx_queue+0x4c/0xb0 [mt76]
[  440.224842]
               but task is already holding lock:
[  440.224842] 000000002cfedc59 (&(&sta->lock)->rlock){+.-.}, at: ieee80211_stop_tx_ba_cb+0x32/0x1f0 [mac80211]
[  440.224863]
               which lock already depends on the new lock.

[  440.224863]
               the existing dependency chain (in reverse order) is:
[  440.224864]
               -> #3 (&(&sta->lock)->rlock){+.-.}:
[  440.224869]        _raw_spin_lock_bh+0x34/0x40
[  440.224880]        ieee80211_start_tx_ba_session+0xe4/0x3d0 [mac80211]
[  440.224894]        minstrel_ht_get_rate+0x45c/0x510 [mac80211]
[  440.224906]        rate_control_get_rate+0xc1/0x140 [mac80211]
[  440.224918]        ieee80211_tx_h_rate_ctrl+0x195/0x3c0 [mac80211]
[  440.224930]        ieee80211_xmit_fast+0x26d/0xa50 [mac80211]
[  440.224942]        __ieee80211_subif_start_xmit+0xfc/0x310 [mac80211]
[  440.224954]        ieee80211_subif_start_xmit+0x38/0x390 [mac80211]
[  440.224956]        dev_hard_start_xmit+0xb8/0x300
[  440.224957]        __dev_queue_xmit+0x7d4/0xbb0
[  440.224968]        ip6_finish_output2+0x246/0x860 [ipv6]
[  440.224978]        mld_sendpack+0x1bd/0x360 [ipv6]
[  440.224987]        mld_ifc_timer_expire+0x1a4/0x2f0 [ipv6]
[  440.224989]        call_timer_fn+0x89/0x2a0
[  440.224990]        run_timer_softirq+0x1bd/0x4d0
[  440.224992]        __do_softirq+0xdb/0x47c
[  440.224994]        irq_exit+0xfa/0x100
[  440.224996]        smp_apic_timer_interrupt+0x9a/0x220
[  440.224997]        apic_timer_interrupt+0xf/0x20
[  440.224999]        cpuidle_enter_state+0xc1/0x470
[  440.225000]        do_idle+0x21a/0x260
[  440.225001]        cpu_startup_entry+0x19/0x20
[  440.225004]        start_secondary+0x135/0x170
[  440.225006]        secondary_startup_64+0xa4/0xb0
[  440.225007]
               -> #2 (&(&sta->rate_ctrl_lock)->rlock){+.-.}:
[  440.225009]        _raw_spin_lock_bh+0x34/0x40
[  440.225022]        rate_control_tx_status+0x4f/0xb0 [mac80211]
[  440.225031]        ieee80211_tx_status_ext+0x142/0x1a0 [mac80211]
[  440.225035]        mt76x02_send_tx_status+0x2e4/0x340 [mt76x02_lib]
[  440.225037]        mt76x02_tx_status_data+0x31/0x40 [mt76x02_lib]
[  440.225040]        mt76u_tx_status_data+0x51/0xa0 [mt76_usb]
[  440.225042]        process_one_work+0x237/0x5d0
[  440.225043]        worker_thread+0x3c/0x390
[  440.225045]        kthread+0x11d/0x140
[  440.225046]        ret_from_fork+0x3a/0x50
[  440.225047]
               -> #1 (&(&list->lock)->rlock#8){+.-.}:
[  440.225049]        _raw_spin_lock_bh+0x34/0x40
[  440.225052]        mt76_tx_status_skb_add+0x51/0x100 [mt76]
[  440.225054]        mt76x02u_tx_prepare_skb+0xbd/0x116 [mt76x02_usb]
[  440.225056]        mt76u_tx_queue_skb+0x5f/0x180 [mt76_usb]
[  440.225058]        mt76_tx+0x93/0x190 [mt76]
[  440.225070]        ieee80211_tx_frags+0x148/0x210 [mac80211]
[  440.225081]        __ieee80211_tx+0x75/0x1b0 [mac80211]
[  440.225092]        ieee80211_tx+0xde/0x110 [mac80211]
[  440.225105]        __ieee80211_tx_skb_tid_band+0x72/0x90 [mac80211]
[  440.225122]        ieee80211_send_auth+0x1f3/0x360 [mac80211]
[  440.225141]        ieee80211_auth.cold.40+0x6c/0x100 [mac80211]
[  440.225156]        ieee80211_mgd_auth.cold.50+0x132/0x15f [mac80211]
[  440.225171]        cfg80211_mlme_auth+0x149/0x360 [cfg80211]
[  440.225181]        nl80211_authenticate+0x273/0x2e0 [cfg80211]
[  440.225183]        genl_family_rcv_msg+0x196/0x3a0
[  440.225184]        genl_rcv_msg+0x47/0x8e
[  440.225185]        netlink_rcv_skb+0x3a/0xf0
[  440.225187]        genl_rcv+0x24/0x40
[  440.225188]        netlink_unicast+0x16d/0x210
[  440.225189]        netlink_sendmsg+0x204/0x3b0
[  440.225191]        sock_sendmsg+0x36/0x40
[  440.225193]        ___sys_sendmsg+0x259/0x2b0
[  440.225194]        __sys_sendmsg+0x47/0x80
[  440.225196]        do_syscall_64+0x60/0x1f0
[  440.225197]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  440.225198]
               -> #0 (&(&q->lock)->rlock#2){+.-.}:
[  440.225200]        lock_acquire+0xb9/0x1a0
[  440.225202]        _raw_spin_lock_bh+0x34/0x40
[  440.225204]        mt76_wake_tx_queue+0x4c/0xb0 [mt76]
[  440.225215]        ieee80211_agg_start_txq+0xe8/0x2b0 [mac80211]
[  440.225225]        ieee80211_stop_tx_ba_cb+0xb8/0x1f0 [mac80211]
[  440.225235]        ieee80211_ba_session_work+0x1c1/0x2f0 [mac80211]
[  440.225236]        process_one_work+0x237/0x5d0
[  440.225237]        worker_thread+0x3c/0x390
[  440.225239]        kthread+0x11d/0x140
[  440.225240]        ret_from_fork+0x3a/0x50
[  440.225240]
               other info that might help us debug this:

[  440.225241] Chain exists of:
                 &(&q->lock)->rlock#2 --> &(&sta->rate_ctrl_lock)->rlock --> &(&sta->lock)->rlock

[  440.225243]  Possible unsafe locking scenario:

[  440.225244]        CPU0                    CPU1
[  440.225244]        ----                    ----
[  440.225245]   lock(&(&sta->lock)->rlock);
[  440.225245]                                lock(&(&sta->rate_ctrl_lock)->rlock);
[  440.225246]                                lock(&(&sta->lock)->rlock);
[  440.225247]   lock(&(&q->lock)->rlock#2);
[  440.225248]
                *** DEADLOCK ***

[  440.225249] 5 locks held by kworker/u16:28/2362:
[  440.225250]  #0: 0000000048fcd291 ((wq_completion)phy0){+.+.}, at: process_one_work+0x1b5/0x5d0
[  440.225252]  #1: 00000000f1c6828f ((work_completion)(&sta->ampdu_mlme.work)){+.+.}, at: process_one_work+0x1b5/0x5d0
[  440.225254]  #2: 00000000433d2b2c (&sta->ampdu_mlme.mtx){+.+.}, at: ieee80211_ba_session_work+0x5c/0x2f0 [mac80211]
[  440.225265]  #3: 000000002cfedc59 (&(&sta->lock)->rlock){+.-.}, at: ieee80211_stop_tx_ba_cb+0x32/0x1f0 [mac80211]
[  440.225276]  #4: 000000009d7b9a44 (rcu_read_lock){....}, at: ieee80211_agg_start_txq+0x33/0x2b0 [mac80211]
[  440.225286]
               stack backtrace:
[  440.225288] CPU: 2 PID: 2362 Comm: kworker/u16:28 Not tainted 5.1.0-rc2+ #22
[  440.225289] Hardware name: LENOVO 20KGS23S0P/20KGS23S0P, BIOS N23ET55W (1.30 ) 08/31/2018
[  440.225300] Workqueue: phy0 ieee80211_ba_session_work [mac80211]
[  440.225301] Call Trace:
[  440.225304]  dump_stack+0x85/0xc0
[  440.225306]  print_circular_bug.isra.38.cold.58+0x15c/0x195
[  440.225307]  check_prev_add.constprop.48+0x5f0/0xc00
[  440.225309]  ? check_prev_add.constprop.48+0x39d/0xc00
[  440.225311]  ? __lock_acquire+0x41d/0x1100
[  440.225312]  __lock_acquire+0xd98/0x1100
[  440.225313]  ? __lock_acquire+0x41d/0x1100
[  440.225315]  lock_acquire+0xb9/0x1a0
[  440.225317]  ? mt76_wake_tx_queue+0x4c/0xb0 [mt76]
[  440.225319]  _raw_spin_lock_bh+0x34/0x40
[  440.225321]  ? mt76_wake_tx_queue+0x4c/0xb0 [mt76]
[  440.225323]  mt76_wake_tx_queue+0x4c/0xb0 [mt76]
[  440.225334]  ieee80211_agg_start_txq+0xe8/0x2b0 [mac80211]
[  440.225344]  ieee80211_stop_tx_ba_cb+0xb8/0x1f0 [mac80211]
[  440.225354]  ieee80211_ba_session_work+0x1c1/0x2f0 [mac80211]
[  440.225356]  process_one_work+0x237/0x5d0
[  440.225358]  worker_thread+0x3c/0x390
[  440.225359]  ? wq_calc_node_cpumask+0x70/0x70
[  440.225360]  kthread+0x11d/0x140
[  440.225362]  ? kthread_create_on_node+0x40/0x40
[  440.225363]  ret_from_fork+0x3a/0x50

Cc: stable@vger.kernel.org
Fixes: 88046b2c9f ("mt76: add support for reporting tx status with skb")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-12 21:32:40 +03:00
Vijayakumar Durai
746ba11f17 rt2x00: do not increment sequence number while re-transmitting
Currently rt2x00 devices retransmit the management frames with
incremented sequence number if hardware is assigning the sequence.

This is HW bug fixed already for non-QOS data frames, but it should
be fixed for management frames except beacon.

Without fix retransmitted frames have wrong SN:

 AlphaNet_e8:fb:36 Vivotek_52:31:51 Authentication, SN=1648, FN=0, Flags=........C Frame is not being retransmitted 1648 1
 AlphaNet_e8:fb:36 Vivotek_52:31:51 Authentication, SN=1649, FN=0, Flags=....R...C Frame is being retransmitted 1649 1
 AlphaNet_e8:fb:36 Vivotek_52:31:51 Authentication, SN=1650, FN=0, Flags=....R...C Frame is being retransmitted 1650 1

With the fix SN stays correctly the same:

 88:6a:e3:e8:f9:a2 8c:f5:a3:88:76:87 Authentication, SN=1450, FN=0, Flags=........C
 88:6a:e3:e8:f9:a2 8c:f5:a3:88:76:87 Authentication, SN=1450, FN=0, Flags=....R...C
 88:6a:e3:e8:f9:a2 8c:f5:a3:88:76:87 Authentication, SN=1450, FN=0, Flags=....R...C

Cc: stable@vger.kernel.org
Signed-off-by: Vijayakumar Durai <vijayakumar.durai1@vivint.com>
[sgruszka: simplify code, change comments and changelog]
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-12 21:31:07 +03:00
Felix Fietkau
9dc27bcbe7 mt76: mt7603: send BAR after powersave wakeup
Now that the sequence number allocation is fixed, we can finally send a BAR
at powersave wakeup time to refresh the receiver side reorder window

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-12 21:28:26 +03:00
Felix Fietkau
aa3cb24be1 mt76: mt7603: fix sequence number assignment
If the MT_TXD3_SN_VALID flag is not set in the tx descriptor, the hardware
assigns the sequence number. However, the rest of the code assumes that the
sequence number specified in the 802.11 header gets transmitted.
This was causing issues with the aggregation setup, which worked for the
initial one (where the sequence numbers were still close), but not for
further teardown/re-establishing of sessions.

Additionally, the overwrite of the TID sequence number in WTBL2 was resetting
the hardware assigned sequence numbers, causing them to drift further apart.

Fix this by using the software assigned sequence numbers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-12 21:28:26 +03:00
Felix Fietkau
2170e2157d mt76: mt7603: add missing initialization for dev->ps_lock
Fixes lockdep complaint and a potential race condition

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-12 21:28:25 +03:00
Felix Fietkau
2b4a669802 mac80211: make ieee80211_schedule_txq schedule empty TXQs
Currently there is no way for the driver to signal to mac80211 that it should
schedule a TXQ even if there are no packets on the mac80211 part of that queue.
This is problematic if the driver has an internal retry queue to deal with
software A-MPDU retry.

This patch changes the behavior of ieee80211_schedule_txq to always schedule
the queue, as its only user (ath9k) seems to expect such behavior already:
it calls this function on tx status and on powersave wakeup whenever its
internal retry queue is not empty.

Also add an extra argument to ieee80211_return_txq to get the same behavior.

This fixes an issue on ath9k where tx queues with packets to retry (and no
new packets in mac80211) would not get serviced.

Fixes: 89cea7493a ("ath9k: Switch to mac80211 TXQ scheduling and airtime APIs")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-04-08 13:31:31 +02:00
Johannes Berg
45fcef8b72 mac80211_hwsim: calculate if_combination.max_interfaces
If we just set this to 2048, and have multiple limits you
can select from, the total number might run over and cause
a warning in cfg80211. This doesn't make sense, so we just
calculate the total max_interfaces now.

Reported-by: syzbot+8f91bd563bbff230d0ee@syzkaller.appspotmail.com
Fixes: 99e3a44bac ("mac80211_hwsim: allow setting iftype support")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-04-08 13:31:24 +02:00
Will Deacon
fb24ea52f7 drivers: Remove explicit invocations of mmiowb()
mmiowb() is now implied by spin_unlock() on architectures that require
it, so there is no reason to call it from driver code. This patch was
generated using coccinelle:

	@mmiowb@
	@@
	- mmiowb();

and invoked as:

$ for d in drivers include/linux/qed sound; do \
spatch --include-headers --sp-file mmiowb.cocci --dir $d --in-place; done

NOTE: mmiowb() has only ever guaranteed ordering in conjunction with
spin_unlock(). However, pairing each mmiowb() removal in this patch with
the corresponding call to spin_unlock() is not at all trivial, so there
is a small chance that this change may regress any drivers incorrectly
relying on mmiowb() to order MMIO writes between CPUs using lock-free
synchronisation. If you've ended up bisecting to this commit, you can
reintroduce the mmiowb() calls using wmb() instead, which should restore
the old behaviour on all architectures other than some esoteric ia64
systems.

Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2019-04-08 12:01:02 +01:00
Gustavo A. R. Silva
95336d4cb5 qtnfmac: replace qtnf_cmd_acl_data_size() with struct_size()
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:

struct foo {
    int stuff;
    struct boo entry[];
};

size = sizeof(struct foo) + count * sizeof(struct boo);
instance = kzalloc(size, GFP_KERNEL)

Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:

size = struct_size(instance, entry, count);

or

instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL)

Based on the above, replace qtnf_cmd_acl_data_size() with the
new struct_size() helper.

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 19:38:36 +03:00
Jeff Xie
38bb0baea3 rtlwifi: move spin_lock_bh to spin_lock in tasklet
It is unnecessary to call spin_lock_bh in a tasklet.

Signed-off-by: Jeff Xie <chongguiguzi@gmail.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:26:40 +03:00
Ping-Ke Shih
60209d482b rtlwifi: fix potential NULL pointer dereference
In case dev_alloc_skb fails, the fix safely returns to avoid
potential NULL pointer dereference.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:25:27 +03:00
Kangjie Lu
765976285a rtlwifi: fix a potential NULL pointer dereference
In case alloc_workqueue fails, the fix reports the error and
returns to avoid NULL pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:24:53 +03:00
Dan Carpenter
2cd2b42439 mwifiex: add a bounds check in mwifiex_process_sta_rx_packet()
Smatch complains that "local_rx_pd->priority" can't be trusted because
it comes from skb->data and it can go up to 255 instead of being capped
in the 0-7 range.  A few lines earlier, on the other side of the if
statement, we cap priority so it seems harmless to add a bounds check
here as well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:20:47 +03:00
YueHaibing
003b686ace mwifiex: Fix mem leak in mwifiex_tm_cmd
'hostcmd' is alloced by kzalloc, should be freed before
leaving from the error handling cases, otherwise it will
cause mem leak.

Fixes: 3935ccc14d ("mwifiex: add cfg80211 testmode support")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:18:42 +03:00
Kangjie Lu
e5b9b206f3 net: mwifiex: fix a NULL pointer dereference
In case dev_alloc_skb fails, the fix returns -ENOMEM to avoid
NULL pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:17:55 +03:00
Colin Ian King
6603c5844a iwlegacy: remove redundant assignment to *res
Currently 1 is being assigned to *res and then it is immediately
updated with the computed result.  The first assignment is
redundant and can be removed.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:14:47 +03:00
Arnd Bergmann
d825db3462 b43: shut up clang -Wuninitialized variable warning
Clang warns about what is clearly a case of passing an uninitalized
variable into a static function:

drivers/net/wireless/broadcom/b43/phy_lp.c:1852:23: error: variable 'gains' is uninitialized when used here
      [-Werror,-Wuninitialized]
                lpphy_papd_cal(dev, gains, 0, 1, 30);
                                    ^~~~~
drivers/net/wireless/broadcom/b43/phy_lp.c:1838:2: note: variable 'gains' is declared here
        struct lpphy_tx_gains gains, oldgains;
        ^
1 error generated.

However, this function is empty, and its arguments are never evaluated,
so gcc in contrast does not warn here. Both compilers behave in a
reasonable way as far as I can tell, so we should change the code
to avoid the warning everywhere.

We could just eliminate the lpphy_papd_cal() function entirely,
given that it has had the TODO comment in it for 10 years now
and is rather unlikely to ever get done. I'm doing a simpler
change here, and just pass the 'oldgains' variable in that has
been initialized, based on the guess that this is what was
originally meant.

Fixes: 2c0d6100da ("b43: LP-PHY: Begin implementing calibration & software RFKILL support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:14:03 +03:00
Kangjie Lu
46953f9722 brcmfmac: fix missing checks for kmemdup
In case kmemdup fails, the fix sets conn_info->req_ie_len and
conn_info->resp_ie_len to zero to avoid buffer overflows.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:13:16 +03:00
Piotr Figiel
a9fd0953fa brcmfmac: convert dev_init_lock mutex to completion
Leaving dev_init_lock mutex locked in probe causes BUG and a WARNING when
kernel is compiled with CONFIG_PROVE_LOCKING. Convert mutex to completion
which silences those warnings and improves code readability.

Fix below errors when connecting the USB WiFi dongle:

brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43143 for chip BCM43143/2
BUG: workqueue leaked lock or atomic: kworker/0:2/0x00000000/434
     last function: hub_event
1 lock held by kworker/0:2/434:
 #0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: usb_hub_wq hub_event
[<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
[<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
[<809c4324>] (dump_stack) from [<8014195c>] (process_one_work+0x710/0x808)
[<8014195c>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
Exception stack(0xed1d9fb0 to 0xed1d9ff8)
9fa0:                                     00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000

======================================================
WARNING: possible circular locking dependency detected
4.19.23-00084-g454a789-dirty #123 Not tainted
------------------------------------------------------
kworker/0:2/434 is trying to acquire lock:
e29cf799 ((wq_completion)"events"){+.+.}, at: process_one_work+0x174/0x808

but task is already holding lock:
18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 (&devinfo->dev_init_lock){+.+.}:
       mutex_lock_nested+0x1c/0x24
       brcmf_usb_probe+0x78/0x550 [brcmfmac]
       usb_probe_interface+0xc0/0x1bc
       really_probe+0x228/0x2c0
       __driver_attach+0xe4/0xe8
       bus_for_each_dev+0x68/0xb4
       bus_add_driver+0x19c/0x214
       driver_register+0x78/0x110
       usb_register_driver+0x84/0x148
       process_one_work+0x228/0x808
       worker_thread+0x2c/0x564
       kthread+0x13c/0x16c
       ret_from_fork+0x14/0x20
         (null)

-> #1 (brcmf_driver_work){+.+.}:
       worker_thread+0x2c/0x564
       kthread+0x13c/0x16c
       ret_from_fork+0x14/0x20
         (null)

-> #0 ((wq_completion)"events"){+.+.}:
       process_one_work+0x1b8/0x808
       worker_thread+0x2c/0x564
       kthread+0x13c/0x16c
       ret_from_fork+0x14/0x20
         (null)

other info that might help us debug this:

Chain exists of:
  (wq_completion)"events" --> brcmf_driver_work --> &devinfo->dev_init_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&devinfo->dev_init_lock);
                               lock(brcmf_driver_work);
                               lock(&devinfo->dev_init_lock);
  lock((wq_completion)"events");

 *** DEADLOCK ***

1 lock held by kworker/0:2/434:
 #0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]

stack backtrace:
CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: events request_firmware_work_func
[<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
[<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
[<809c4324>] (dump_stack) from [<80172838>] (print_circular_bug+0x210/0x330)
[<80172838>] (print_circular_bug) from [<80175940>] (__lock_acquire+0x160c/0x1a30)
[<80175940>] (__lock_acquire) from [<8017671c>] (lock_acquire+0xe0/0x268)
[<8017671c>] (lock_acquire) from [<80141404>] (process_one_work+0x1b8/0x808)
[<80141404>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
Exception stack(0xed1d9fb0 to 0xed1d9ff8)
9fa0:                                     00000000 00000000 00000000 00000000
9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9fe0: 00000000 00000000 00000000 00000000 00000013 00000000

Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:12:06 +03:00
Piotr Figiel
24d413a31a brcmfmac: fix Oops when bringing up interface during USB disconnect
Fix a race which leads to an Oops with NULL pointer dereference.  The
dereference is in brcmf_config_dongle() when cfg_to_ndev() attempts to get
net_device structure of interface with index 0 via if2bss mapping. This
shouldn't fail because of check for bus being ready in brcmf_netdev_open(),
but it's not synchronised with USB disconnect and there is a race: after
the check the bus can be marked down and the mapping for interface 0 may be
gone.

Solve this by modifying disconnect handling so that the removal of mapping
of ifidx to brcmf_if structure happens after netdev removal (which is
synchronous with brcmf_netdev_open() thanks to rtln being locked in
devinet_ioctl()). This assures brcmf_netdev_open() returns before the
mapping is removed during disconnect.

Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = bcae2612
[00000008] *pgd=8be73831
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in: brcmfmac brcmutil nf_log_ipv4 nf_log_common xt_LOG xt_limit
iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis
u_ether usb_serial_simple usbserial cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc
usbmisc_imx ulpi 8250_exar 8250_pci 8250 8250_base libcomposite configfs
udc_core [last unloaded: brcmutil]
CPU: 2 PID: 24478 Comm: ifconfig Not tainted 4.19.23-00078-ga62866d-dirty #115
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
PC is at brcmf_cfg80211_up+0x94/0x29c [brcmfmac]
LR is at brcmf_cfg80211_up+0x8c/0x29c [brcmfmac]
pc : [<7f26a91c>]    lr : [<7f26a914>]    psr: a0070013
sp : eca99d28  ip : 00000000  fp : ee9c6c00
r10: 00000036  r9 : 00000000  r8 : ece4002c
r7 : edb5b800  r6 : 00000000  r5 : 80f08448  r4 : edb5b968
r3 : ffffffff  r2 : 00000000  r1 : 00000002  r0 : 00000000
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: 7ca0c04a  DAC: 00000051
Process ifconfig (pid: 24478, stack limit = 0xd9e85a0e)
Stack: (0xeca99d28 to 0xeca9a000)
9d20:                   00000000 80f873b0 0000000d 80f08448 eca99d68 50d45f32
9d40: 7f27de94 ece40000 80f08448 80f08448 7f27de94 ece4002c 00000000 00000036
9d60: ee9c6c00 7f27262c 00001002 50d45f32 ece40000 00000000 80f08448 80772008
9d80: 00000001 00001043 00001002 ece40000 00000000 50d45f32 ece40000 00000001
9da0: 80f08448 00001043 00001002 807723d0 00000000 50d45f32 80f08448 eca99e58
9dc0: 80f87113 50d45f32 80f08448 ece40000 ece40138 00001002 80f08448 00000000
9de0: 00000000 80772434 edbd5380 eca99e58 edbd5380 80f08448 ee9c6c0c 80805f70
9e00: 00000000 ede08e00 00008914 ece40000 00000014 ee9c6c0c 600c0013 00001043
9e20: 0208a8c0 ffffffff 00000000 50d45f32 eca98000 80f08448 7ee9fc38 00008914
9e40: 80f68e40 00000051 eca98000 00000036 00000003 80808b9c 6e616c77 00000030
9e60: 00000000 00000000 00001043 0208a8c0 ffffffff 00000000 80f08448 00000000
9e80: 00000000 816d8b20 600c0013 00000001 ede09320 801763d4 00000000 50d45f32
9ea0: eca98000 80f08448 7ee9fc38 50d45f32 00008914 80f08448 7ee9fc38 80f68e40
9ec0: ed531540 8074721c 00000800 00000001 00000000 6e616c77 00000030 00000000
9ee0: 00000000 00001002 0208a8c0 ffffffff 00000000 50d45f32 80f08448 7ee9fc38
9f00: ed531560 ec8fc900 80285a6c 80285138 edb910c0 00000000 ecd91008 ede08e00
9f20: 80f08448 00000000 00000000 816d8b20 600c0013 00000001 ede09320 801763d4
9f40: 00000000 50d45f32 00021000 edb91118 edb910c0 80f08448 01b29000 edb91118
9f60: eca99f7c 50d45f32 00021000 ec8fc900 00000003 ec8fc900 00008914 7ee9fc38
9f80: eca98000 00000036 00000003 80285a6c 00086364 7ee9fe1c 000000c3 00000036
9fa0: 801011c4 80101000 00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc 600c0010 00000003 00000000 00000000
[<7f26a91c>] (brcmf_cfg80211_up [brcmfmac]) from [<7f27262c>] (brcmf_netdev_open+0x74/0xe8 [brcmfmac])
[<7f27262c>] (brcmf_netdev_open [brcmfmac]) from [<80772008>] (__dev_open+0xcc/0x150)
[<80772008>] (__dev_open) from [<807723d0>] (__dev_change_flags+0x168/0x1b4)
[<807723d0>] (__dev_change_flags) from [<80772434>] (dev_change_flags+0x18/0x48)
[<80772434>] (dev_change_flags) from [<80805f70>] (devinet_ioctl+0x67c/0x79c)
[<80805f70>] (devinet_ioctl) from [<80808b9c>] (inet_ioctl+0x210/0x3d4)
[<80808b9c>] (inet_ioctl) from [<8074721c>] (sock_ioctl+0x350/0x524)
[<8074721c>] (sock_ioctl) from [<80285138>] (do_vfs_ioctl+0xb0/0x9b0)
[<80285138>] (do_vfs_ioctl) from [<80285a6c>] (ksys_ioctl+0x34/0x5c)
[<80285a6c>] (ksys_ioctl) from [<80101000>] (ret_fast_syscall+0x0/0x28)
Exception stack(0xeca99fa8 to 0xeca99ff0)
9fa0:                   00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc
Code: e5970328 eb002021 e1a02006 e3a01002 (e5909008)
---[ end trace 5cbac2333f3ac5df ]---

Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:11:37 +03:00
Piotr Figiel
504f06725d brcmfmac: remove unused variable i from brcmf_usb_free_q
Variable i is not used so remove it.

Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:11:04 +03:00
Piotr Figiel
2b78e5f522 brcmfmac: remove pending parameter from brcmf_usb_free_q
brcmf_usb_free_q is no longer called with pending=true thus this boolean
parameter is no longer needed.

Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:11:03 +03:00
Piotr Figiel
db3b9e2e1d brcmfmac: fix race during disconnect when USB completion is in progress
It was observed that rarely during USB disconnect happening shortly after
connect (before full initialization completes) usb_hub_wq would wait
forever for the dev_init_lock to be unlocked. dev_init_lock would remain
locked though because of infinite wait during usb_kill_urb:

[ 2730.656472] kworker/0:2     D    0   260      2 0x00000000
[ 2730.660700] Workqueue: events request_firmware_work_func
[ 2730.664807] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
[ 2730.670587] [<809dd164>] (schedule) from [<8069af44>] (usb_kill_urb+0xdc/0x114)
[ 2730.676815] [<8069af44>] (usb_kill_urb) from [<7f258b50>] (brcmf_usb_free_q+0x34/0xa8 [brcmfmac])
[ 2730.684833] [<7f258b50>] (brcmf_usb_free_q [brcmfmac]) from [<7f2517d4>] (brcmf_detach+0xa0/0xb8 [brcmfmac])
[ 2730.693557] [<7f2517d4>] (brcmf_detach [brcmfmac]) from [<7f251a34>] (brcmf_attach+0xac/0x3d8 [brcmfmac])
[ 2730.702094] [<7f251a34>] (brcmf_attach [brcmfmac]) from [<7f2587ac>] (brcmf_usb_probe_phase2+0x468/0x4a0 [brcmfmac])
[ 2730.711601] [<7f2587ac>] (brcmf_usb_probe_phase2 [brcmfmac]) from [<7f252888>] (brcmf_fw_request_done+0x194/0x220 [brcmfmac])
[ 2730.721795] [<7f252888>] (brcmf_fw_request_done [brcmfmac]) from [<805748e4>] (request_firmware_work_func+0x4c/0x88)
[ 2730.731125] [<805748e4>] (request_firmware_work_func) from [<80141474>] (process_one_work+0x228/0x808)
[ 2730.739223] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[ 2730.746105] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[ 2730.752227] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)

[ 2733.099695] kworker/0:3     D    0  1065      2 0x00000000
[ 2733.103926] Workqueue: usb_hub_wq hub_event
[ 2733.106914] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
[ 2733.112693] [<809dd164>] (schedule) from [<809e2a8c>] (schedule_timeout+0x214/0x3e4)
[ 2733.119621] [<809e2a8c>] (schedule_timeout) from [<809dde2c>] (wait_for_common+0xc4/0x1c0)
[ 2733.126810] [<809dde2c>] (wait_for_common) from [<7f258d00>] (brcmf_usb_disconnect+0x1c/0x4c [brcmfmac])
[ 2733.135206] [<7f258d00>] (brcmf_usb_disconnect [brcmfmac]) from [<8069e0c8>] (usb_unbind_interface+0x5c/0x1e4)
[ 2733.143943] [<8069e0c8>] (usb_unbind_interface) from [<8056d3e8>] (device_release_driver_internal+0x164/0x1fc)
[ 2733.152769] [<8056d3e8>] (device_release_driver_internal) from [<8056c078>] (bus_remove_device+0xd0/0xfc)
[ 2733.161138] [<8056c078>] (bus_remove_device) from [<8056977c>] (device_del+0x11c/0x310)
[ 2733.167939] [<8056977c>] (device_del) from [<8069cba8>] (usb_disable_device+0xa0/0x1cc)
[ 2733.174743] [<8069cba8>] (usb_disable_device) from [<8069507c>] (usb_disconnect+0x74/0x1dc)
[ 2733.181823] [<8069507c>] (usb_disconnect) from [<80695e88>] (hub_event+0x478/0xf88)
[ 2733.188278] [<80695e88>] (hub_event) from [<80141474>] (process_one_work+0x228/0x808)
[ 2733.194905] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
[ 2733.201724] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
[ 2733.207913] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)

It was traced down to a case where usb_kill_urb would be called on an URB
structure containing more or less random data, including large number in
its use_count. During the debugging it appeared that in brcmf_usb_free_q()
the traversal over URBs' lists is not synchronized with operations on those
lists in brcmf_usb_rx_complete() leading to handling
brcmf_usbdev_info structure (holding lists' head) as lists' element and in
result causing above problem.

Fix it by walking through all URBs during brcmf_cancel_all_urbs using the
arrays of requests instead of linked lists.

Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:11:02 +03:00
Piotr Figiel
5cdb0ef614 brcmfmac: fix NULL pointer derefence during USB disconnect
In case USB disconnect happens at the moment transmitting workqueue is in
progress the underlying interface may be gone causing a NULL pointer
dereference. Add synchronization of the workqueue destruction with the
detach implementation in core so that the transmitting workqueue is stopped
during detach before the interfaces are removed.

Fix following Oops:

Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = 9e6a802d
[00000008] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT SMP ARM
Modules linked in: nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle
xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis u_ether
usb_serial_simple usbserial cdc_acm brcmfmac brcmutil smsc95xx usbnet
ci_hdrc_imx ci_hdrc ulpi usbmisc_imx 8250_exar 8250_pci 8250 8250_base
libcomposite configfs udc_core
CPU: 0 PID: 7 Comm: kworker/u8:0 Not tainted 4.19.23-00076-g03740aa-dirty #102
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: brcmf_fws_wq brcmf_fws_dequeue_worker [brcmfmac]
PC is at brcmf_txfinalize+0x34/0x90 [brcmfmac]
LR is at brcmf_fws_dequeue_worker+0x218/0x33c [brcmfmac]
pc : [<7f0dee64>]    lr : [<7f0e4140>]    psr: 60010093
sp : ee8abef0  ip : 00000000  fp : edf38000
r10: ffffffed  r9 : edf38970  r8 : edf38004
r7 : edf3e970  r6 : 00000000  r5 : ede69000  r4 : 00000000
r3 : 00000a97  r2 : 00000000  r1 : 0000888e  r0 : ede69000
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: 7d03c04a  DAC: 00000051
Process kworker/u8:0 (pid: 7, stack limit = 0x24ec3e04)
Stack: (0xee8abef0 to 0xee8ac000)
bee0:                                     ede69000 00000000 ed56c3e0 7f0e4140
bf00: 00000001 00000000 edf38004 edf3e99c ed56c3e0 80d03d00 edfea43a edf3e970
bf20: ee809880 ee804200 ee971100 00000000 edf3e974 00000000 ee804200 80135a70
bf40: 80d03d00 ee804218 ee809880 ee809894 ee804200 80d03d00 ee804218 ee8aa000
bf60: 00000088 80135d5c 00000000 ee829f00 ee829dc0 00000000 ee809880 80135d30
bf80: ee829f1c ee873eac 00000000 8013b1a0 ee829dc0 8013b07c 00000000 00000000
bfa0: 00000000 00000000 00000000 801010e8 00000000 00000000 00000000 00000000
bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[<7f0dee64>] (brcmf_txfinalize [brcmfmac]) from [<7f0e4140>] (brcmf_fws_dequeue_worker+0x218/0x33c [brcmfmac])
[<7f0e4140>] (brcmf_fws_dequeue_worker [brcmfmac]) from [<80135a70>] (process_one_work+0x138/0x3f8)
[<80135a70>] (process_one_work) from [<80135d5c>] (worker_thread+0x2c/0x554)
[<80135d5c>] (worker_thread) from [<8013b1a0>] (kthread+0x124/0x154)
[<8013b1a0>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c)
Exception stack(0xee8abfb0 to 0xee8abff8)
bfa0:                                     00000000 00000000 00000000 00000000
bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
Code: e1530001 0a000007 e3560000 e1a00005 (05942008)
---[ end trace 079239dd31c86e90 ]---

Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:10:19 +03:00
Piotr Figiel
c80d26e81e brcmfmac: fix WARNING during USB disconnect in case of unempty psq
brcmu_pkt_buf_free_skb emits WARNING when attempting to free a sk_buff
which is part of any queue. After USB disconnect this may have happened
when brcmf_fws_hanger_cleanup() is called as per-interface psq was never
cleaned when removing the interface.
Change brcmf_fws_macdesc_cleanup() in a way that it removes the
corresponding packets from hanger table (to avoid double-free when
brcmf_fws_hanger_cleanup() is called) and add a call to clean-up the
interface specific packet queue.

Below is a WARNING during USB disconnect with Raspberry Pi WiFi dongle
running in AP mode. This was reproducible when the interface was
transmitting during the disconnect and is fixed with this commit.

------------[ cut here ]------------
WARNING: CPU: 0 PID: 1171 at drivers/net/wireless/broadcom/brcm80211/brcmutil/utils.c:49 brcmu_pkt_buf_free_skb+0x3c/0x40
Modules linked in: nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis u_ether cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc ulpi usbmisc_imx 8250_exar 8250_pci 8250 8250_base libcomposite configfs udc_core
CPU: 0 PID: 1171 Comm: kworker/0:0 Not tainted 4.19.23-00075-gde33ed8 #99
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: usb_hub_wq hub_event
[<8010ff84>] (unwind_backtrace) from [<8010bb64>] (show_stack+0x10/0x14)
[<8010bb64>] (show_stack) from [<80840278>] (dump_stack+0x88/0x9c)
[<80840278>] (dump_stack) from [<8011f5ec>] (__warn+0xfc/0x114)
[<8011f5ec>] (__warn) from [<8011f71c>] (warn_slowpath_null+0x40/0x48)
[<8011f71c>] (warn_slowpath_null) from [<805a476c>] (brcmu_pkt_buf_free_skb+0x3c/0x40)
[<805a476c>] (brcmu_pkt_buf_free_skb) from [<805bb6c4>] (brcmf_fws_cleanup+0x1e4/0x22c)
[<805bb6c4>] (brcmf_fws_cleanup) from [<805bc854>] (brcmf_fws_del_interface+0x58/0x68)
[<805bc854>] (brcmf_fws_del_interface) from [<805b66ac>] (brcmf_remove_interface+0x40/0x150)
[<805b66ac>] (brcmf_remove_interface) from [<805b6870>] (brcmf_detach+0x6c/0xb0)
[<805b6870>] (brcmf_detach) from [<805bdbb8>] (brcmf_usb_disconnect+0x30/0x4c)
[<805bdbb8>] (brcmf_usb_disconnect) from [<805e5d64>] (usb_unbind_interface+0x5c/0x1e0)
[<805e5d64>] (usb_unbind_interface) from [<804aab10>] (device_release_driver_internal+0x154/0x1ec)
[<804aab10>] (device_release_driver_internal) from [<804a97f4>] (bus_remove_device+0xcc/0xf8)
[<804a97f4>] (bus_remove_device) from [<804a6fc0>] (device_del+0x118/0x308)
[<804a6fc0>] (device_del) from [<805e488c>] (usb_disable_device+0xa0/0x1c8)
[<805e488c>] (usb_disable_device) from [<805dcf98>] (usb_disconnect+0x70/0x1d8)
[<805dcf98>] (usb_disconnect) from [<805ddd84>] (hub_event+0x464/0xf50)
[<805ddd84>] (hub_event) from [<80135a70>] (process_one_work+0x138/0x3f8)
[<80135a70>] (process_one_work) from [<80135d5c>] (worker_thread+0x2c/0x554)
[<80135d5c>] (worker_thread) from [<8013b1a0>] (kthread+0x124/0x154)
[<8013b1a0>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c)
Exception stack(0xecf8dfb0 to 0xecf8dff8)
dfa0:                                     00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
---[ end trace 38d234018e9e2a90 ]---
------------[ cut here ]------------

Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:10:18 +03:00
Rafał Miłecki
4684997d9e brcmfmac: reset PCIe bus on a firmware crash
This includes bus reset & reloading a firmware. It should be sufficient
for a user space to (setup and) use a wireless device again.

Support for reset on USB & SDIO can be added later.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:00:13 +03:00
Rafał Miłecki
a2ec87ddbf brcmfmac: add a function designated for handling firmware fails
This improves handling PCIe firmware halts by printing a clear error
message and replaces a similar code in the SDIO bus support.

It will also allow further improvements like trying to recover from a
firmware crash.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:00:12 +03:00
Rafał Miłecki
c969282071 brcmfmac: support repeated brcmf_fw_alloc_request() calls
During a normal brcmfmac lifetime brcmf_fw_alloc_request() is called
once only during the probe. It's safe to assume provided array is clear.

Further brcmfmac improvements may require calling it multiple times
though. This patch allows it by fixing invalid firmware paths like:
brcm/brcmfmac4366c-pcie.binbrcm/brcmfmac4366c-pcie.bin

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 13:00:11 +03:00
Igor Mitsyanko
b63967cae6 qtnfmac: use scan duration param for different scan types
Use scan duration param for both active and passive scan dwell times.
Document what different types of dwell times are used for. Explicitly
specify that if unset, automatic selection by device firmware
will be used.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:34 +03:00
Igor Mitsyanko
bc70732f9b qtnfmac: send EAPOL frames via control path
Use control path to send EAPOL frames to make sure they are
sent with higher priority with aggregation disabled.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:33 +03:00
Sergey Matyukevich
72b3270e01 qtnfmac: allow changing the netns
Allow to change netns for wireless interfaces created by qtnfmac driver.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:33 +03:00
Sergey Matyukevich
83b00f6eb8 qtnfmac: simplify firmware state tracking
This patch streamlines firmware state tracking. In particular, state
QTNF_FW_STATE_FW_DNLD_DONE is removed, states QTNF_FW_STATE_RESET and
QTNF_FW_STATE_DETACHED are merged into a single state. Besides, new
state QTNF_FW_STATE_RUNNING is introduced to distinguish between
the following two cases:
- firmware load succeeded, firmware init process is ongoing
- firmware init succeeded, firmware is fully functional

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:32 +03:00
Sergey Matyukevich
ae1946be26 qtnfmac: fix core attach error path in pcie backend
Report that firmware is up and running only for successful firmware
download. Simplify qtnf_pcie_fw_boot_done: modify error path so that
no need to pass firmware dowload result to this function. Finally,
do not create debugfs entries if firmware download succeeded,
but core attach failed.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:31 +03:00
Igor Mitsyanko
93eeab2679 qtnfmac: update bands information on CHANGE_INTF command
In some regions, different regulatory limits (like max Tx power) may be
defined for different operating modes. As an example: in ETSI regions
DFS master devices may use higher transmit powers compared to DFS slave
devices. Update bands information in CHANGE_INTF command if mode of
operation changes.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:30 +03:00
Igor Mitsyanko
438fb43bca qtnfmac: pass DFS region to firmware on region update
Pass DFS region as requested by regulatory core directly to firmware
so it can initialize radar detection block accordingly.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:29 +03:00
Igor Mitsyanko
c698bce015 qtnfmac: allow each MAC to specify its own regulatory rules
Currently driver uses the same regulatory rules to register all wiphy
instances. This is not logically correct since each wiphy may have
different capabilities (different supported bands, EIRP etc).
Allow firmware to pass regulatory rules for each MAC separately.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:28 +03:00
Igor Mitsyanko
48cefdfbcb qtnfmac: flexible regulatory domain registration logic
Use REGULATORY_CUSTOM_REG flag only if firmware advertised a custom
regulatory domain prior to wiphy registration. Use REGULATORY_STRICT_REG
flag only if firmware knows its regulatory domain.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:27 +03:00
Igor Mitsyanko
2c31129f8f qtnfmac: pass complete channel info in regulatory notifier
Currently only a portion of per-channel information is passed to
firmware. Extend logic to pass all useful per-channel data.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:26 +03:00
Igor Mitsyanko
a2fbaaf757 qtnfmac: include full channels info to regulatory notifier
Before regulatory notifier is invoked by a wireless core, it will
update band information for the wiphy. Pass this information to
firmware together with new region alpha2 code.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:26 +03:00
Igor Mitsyanko
642f15a5ce qtnfmac: simplify error reporting in regulatory notifier
Error reporting in qtnf_cfg80211_reg_notifier only requires to print
one type of message and an error code. Firmware will report success
for an attempt to set regulatory region to the same value,
so no special handling is required for this case.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:25 +03:00
Igor Mitsyanko
d123172175 qtnfmac: make regulatory notifier work on per-phy basis
Wireless core calls regulatory notifier for each wiphy and it only
guarantees that bands info is updated for this particular wiphy prior
to calling a notifier. Hence updating all wiphy which belong to driver
in a single notifier callback is redundant and incorrect.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04 12:57:24 +03:00
Maya Erez
fa0b735414 wil6210: print error in FW and board files load failures
Add an error print-out in case FW and board files load fails,
as such an error is not printed on all failures and user may
not understand why the interface up operations didn't succeed.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:45:28 +03:00
Maya Erez
b4a967b7d0 wil6210: reset buff id in status message after completion
Since DR bit and buffer id are written in different dwords of
the status message, the DR bit can already be set to 1 while the
buffer id is not updated yet.
Resetting the buffer id in the status message will allow the driver
to identify such cases and re-read the status message until the buffer
id is written by HW.
In case DR bit is set but buffer id is zero, need to read the status
message again, until a valid id is identified.

In addition to that, move the completed buffer id to the tail of the
free list to prevent its immediate reuse in the upcoming refill.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:45:17 +03:00
Ahmad Masri
8454e72a36 wil6210: add support for ucode tracing
The driver needs to expose RGF_USER_USAGE_2 register that contains
the offset of the ucode logging table.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:45:07 +03:00
Maya Erez
1683a001d5 wil6210: prevent access to RGF_CAF_ICR in Talyn
Due to access control RGF_CAF_ICR cannot be accessed by host.
Such an access will cause device AHB logger to halt and it will not
capture future AHB fault if there is any.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:44:58 +03:00
Lior David
49122ec426 wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
The functions that send management TX frame have 3 possible
results: success and other side acknowledged receive (ACK=1),
success and other side did not acknowledge receive(ACK=0) and
failure to send the frame. The current implementation
incorrectly reports the ACK=0 case as failure.

Signed-off-by: Lior David <liord@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:44:48 +03:00
Ahmad Masri
4bf019865c wil6210: fix report of rx packet checksum in edma mode
Update the rx packet checksum of received packet according to edma
HW spec:

No need to calculate checksum in the following cases:
L4_status=0 and L3_status=0 - No L3 and no L4 known protocols found
L4_status=0 and L3_status=1 - L3 was found, and checksum check passed.
No known L4 protocol was found.
L4_status=1 - L4 was found, and checksum check passed.

Recalculate checksum in the following cases:
L4_status=3 and L3_status=1 - It means that L3 protocol was found,
and checksum passed, but L4 checksum failed.
L4_status=3 and L3_status=2	- Both L3 and L4 checksum check failed.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:44:38 +03:00
Dedy Lansky
29ca376066 wil6210: free edma_rx_swtail upon reset
edma_rx_swtail dma memory free is missing.
Add this part of Rx desc ring free.

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:35:07 +03:00
Dedy Lansky
7b834639c4 wil6210: use OEM MAC address from OTP
In addition to existing MAC address field in OTP, new field added for
OEM MAC address.
wil6210 gives precedence to the new OEM MAC address and will use it if
its valid.

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:34:57 +03:00
Ahmad Masri
e4a29bdd8f wil6210: check mid is valid
Check that the mid is valid and that it does not exceed the memory
size allocated to vifs array.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:34:47 +03:00
Maya Erez
044974fbea wil6210: update WIL_MCS_MAX to 15
Update max MCS to 15, which is supported by Talyn-MB.
This will allow collecting statistics on number of RX packets
in higher MCS.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:34:36 +03:00
Maya Erez
f6194f769d wil6210: do not set BIT_USER_SUPPORT_T_POWER_ON_0 in Talyn-MB
In Sparrow, FW might sleep long time due to T_Power_On calculation
in slow clock, so T_Power_On was set to zero to shorten the L1SS
wake-up time.
In Talyn-MB the L1SS wake-up procedure is handled by the PMU (HW),
hence T_Power_On calculation is accurate and should not be forced
to zero.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:34:26 +03:00
Maya Erez
5793fe9d4f wil6210: increase PCP stop command timeout
In case there are connected stations, FW needs to disconnect
them before handling PCP stop. This flow can take several
seconds.
Increasing PCP stop timeout to 5 seconds to allow that.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:34:15 +03:00
Ahmad Masri
a061894587 wil6210: prevent device memory access while in reset or suspend
Accessing some of the memory of the device while the device is
resetting or suspending may cause unexpected error as the HW is still
not in a stable state. Prevent this access to guarantee successful
read/write memory operations.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:34:04 +03:00
Alexei Avshalom Lazar
73a7d1e34d wil6210: align to latest auto generated wmi.h
Align to latest version of the auto generated wmi file
describing the interface with FW.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-03 15:33:53 +03:00
Ihab Zhaika
ef8a913766 iwlwifi: remove misconfigured pci ids from 22260 series
Two of the PCI ID entries for the 22260 series were incorrectly using
the subsystem vendor ID (which we ignore) as the PCI device ID.  This is
obviously wrong and can be simply removed since we already have the
correct entries in the list.

Signed-off-by: Ihab Zhaika <ihab.zhaika@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:05 +03:00
Sara Sharon
d14ae796f8 iwlwifi: mvm: support HE context cmd API change
Support API change to pass all mbssid parameters to the firmware.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:05 +03:00
Shaul Triebitz
c30aef01ba iwlwifi: set 512 TX queue slots for AX210 devices
AX210 devices support 256 BA (256 MPDUs in an AMPDU).
The firmware requires that the number of TFDs will be
minimum twice as big as the BA size (2 * 256 = 512).

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:05 +03:00
Avraham Stern
afc1e3b4fc iwlwifi: mvm: use correct GP2 register address for 22000 family
The device time register address has changed for 22000 devices.
Add a util function for getting the GP2 time and use the correct
register address depending on the device family.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:04 +03:00
Shahar S Matityahu
56fe12d283 iwlwifi: dbg: fill radio registers data regardless of fifos data dumping
The driver calculates memory regions dump size, allocate memory and
fills the data.  The driver fills the radio registers data only if the
memory size of the fifos is greater then zero, so in case the user
masked out the fifos from the dump, the driver will skip filling the
radio register data.

Solve this by checking filling radio registers data independently from
fifos data.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:04 +03:00
Greg Kroah-Hartman
cf5d566322 iwlwifi: pcie: no need to check return value of debugfs_create functions
When calling debugfs functions, there is no need to ever check the
return value.  The function can work or not, but the code logic should
never do something different based on this.

Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Luca Coelho <luciano.coelho@intel.com>
Cc: Intel Linux Wireless <linuxwifi@intel.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:03 +03:00
Greg Kroah-Hartman
c9af7528c3 iwlwifi: mvm: no need to check return value of debugfs_create functions
When calling debugfs functions, there is no need to ever check the
return value.  The function can work or not, but the code logic should
never do something different based on this.

Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Luca Coelho <luciano.coelho@intel.com>
Cc: Intel Linux Wireless <linuxwifi@intel.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:03 +03:00
Johannes Berg
3f7fbc8cc1 iwlwifi: mvm: remove buggy and unnecessary hw_queue initialization
After converting the driver to TXQs, it no longer has any reason
to initialize vif->hw_queue/vif->cab_queue since it no longer sets
the HW_QUEUE_CONTROL flag. Remove the code that initialized those,
it was broken due to relying on an uninitialized stack value in
used_hw_queues, as Colin reported.

Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:02 +03:00
Shahar S Matityahu
30eba3f9a4 iwlwifi: dbg_ini: apply rx fifo offset after reading the region registers
The region registers comes in abolute value so read the registers before
applying the rx fifo offset.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:02 +03:00
Shahar S Matityahu
33a4038615 iwlwifi: dbg_ini: remove redundant type argument from iwl_dump_ini_mem
Since iwl_dump_ini_mem receive struct iwl_fw_ini_region_cfg which holds
the region type, there is no point to pass the type separately.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:02 +03:00
Shahar S Matityahu
84294b5be1 iwlwifi: dbg_ini: remove redundant curly brackets from trigger collection flow
remove redundant curly brackets from iwl_fw_ini_dump_trigger and
iwl_fw_ini_get_trigger_len

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:01 +03:00
Liad Kaufman
0bfefe2f41 iwlwifi: mvm: fix pointer reference when setting HE QAM thres
Pointer referencing when setting HE QAM thresholds (when nominal
packet padding bit is on) caused kernel crash due to bad
referencing. Fix that.

Signed-off-by: Liad Kaufman <liad.kaufman@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:01 +03:00
Shahar S Matityahu
4c704534c3 iwlwifi: dbg_ini: add monitor header to smem monitor
Add write pointer and cycle count registers to smem monitor header.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:00 +03:00
Shahar S Matityahu
d63916aeba iwlwifi: dbg_ini: fix the dram monitor header size
Add sizeof(struct iwl_fw_ini_error_dump_range) to the header of the dram
monitor.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:00 +03:00
Shahar S Matityahu
f0e1e1c20d iwlwifi: dbg_ini: change memory range base address to u64
AX210 devices will use u64 for the base address to the DRAM monitor
buffer. To support this, change the structure for all device families
so both address sizes fit.

Also move range_data_size to the top of the struct to ease the parsing
of the memory range.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:20:00 +03:00
Johannes Berg
192a7e1f73 iwlwifi: mvm: IBSS: use BE FIFO for multicast
Back in commit 4d339989ac ("iwlwifi: mvm: support ibss in dqa mode")
we changed queue selection for IBSS to be:

    if (ieee80211_is_probe_resp(fc) || ieee80211_is_auth(fc) ||
        ieee80211_is_deauth(fc))
            return IWL_MVM_DQA_AP_PROBE_RESP_QUEUE;
    if (info->hw_queue == info->control.vif->cab_queue)
            return info->hw_queue;
    return IWL_MVM_DQA_AP_PROBE_RESP_QUEUE;

Clearly, the thought at the time must've been that mac80211 will
select the hw_queue as the cab_queue, so that we'll return and use
that, where we store the multicast queue for IBSS. This, however,
isn't true because mac80211 doesn't implement powersave for IBSS
and thus selects the normal IBSS interface AC queue (best effort).

This therefore always used the probe response queue, which maps to
the BE FIFO.

In commit cfbc6c4c5b ("iwlwifi: mvm: support mac80211 TXQs model")
we rethought this code, and as a consequence now started mapping the
multicast traffic to the multicast hardware queue since we no longer
relied on mac80211 selecting the queue, doing it ourselves instead.
This queue is mapped to the MCAST FIFO. however, this isn't actually
enabled/controlled by the firmware in IBSS mode because we don't
implement powersave, and frames from this queue can never go out in
this case.

Therefore, we got queue hang reports such as
https://bugzilla.kernel.org/show_bug.cgi?id=201707

Fix this by mapping the multicast queue to the BE FIFO in IBSS so
that all the frames can go out.

Fixes: cfbc6c4c5b ("iwlwifi: mvm: support mac80211 TXQs model")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:59 +03:00
Shahar S Matityahu
60eeaf572f iwlwifi: dbg_ini: add registers addresses in fifo dump
Add to the fifo dump the registers addresses.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:59 +03:00
Shaul Triebitz
186e6c871b iwlwifi: trust calling function
When initializing or overriding HE band capabilities, no
need to check the band validity.
Trust the calling function to use a valid band.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:58 +03:00
Shahar S Matityahu
1cdb4d8f2a iwlwifi: dbg_ini: add region id to the region dump
Add the region id of the collected memory to the header of the memory
region.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:58 +03:00
Shahar S Matityahu
990ffe3e81 iwlwifi: dbg_ini: add version to dump header
Add version to dump header to allow future changes of the dump struct,
once the ini debug flow becomes operational, without breaking backwards
compatibility.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:57 +03:00
Shahar S Matityahu
9802162f98 iwlwifi: dbg_ini: add memory offset to the base address of a memory region
Add the offset to the base address of a memory region to show the actual
addresses being read.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:57 +03:00
Shahar S Matityahu
4bdb2676d8 iwlwifi: dbg_ini: fix iwl_dump_ini_dev_mem_iter memory base address
The driver is using range->start_addr before assigning it a value.
Set value into range->start_addr and then use it.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:57 +03:00
Shahar S Matityahu
bfa34c3329 iwlwifi: dbg_ini: enforce always on domain checking
Enforce domain checking before sending host commands and collecting
memory regions. Currently the driver supports always on domain only.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:56 +03:00
Shahar S Matityahu
4b1831e489 iwlwifi: dbg_ini: support HW error trigger
Differentiate between SW and HW error interrupts and support ini HW
error trigger.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:19:56 +03:00
Luca Coelho
debec2f239 iwlwifi: add support for quz firmwares
Add a new configuration with a new firmware name for quz devices.
And, since these devices have the same PCI device and subsystem IDs,
we need to add some code to switch from a normal qu firmware to the
quz firmware.

Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:13:06 +03:00
Johannes Berg
dcfe3b103d iwlwifi: mvm: update offloaded rate control on changes
With offloaded rate control, if the station parameters (rates, NSS,
bandwidth) change (sta_rc_update method), call iwl_mvm_rs_rate_init()
to propagate those change to the firmware.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:13:06 +03:00
Johannes Berg
f5ae2f932e iwlwifi: mvm: avoid possible deadlock in TX path
iwl_mvm_tx_mpdu() may run from iwl_mvm_add_new_dqa_stream_wk(), where
soft-IRQs aren't disabled. In this case, it may hold the station lock
and be interrupted by a soft-IRQ that also wants to acquire said lock,
leading to a deadlock.

Fix it by disabling soft-IRQs in iwl_mvm_add_new_dqa_stream_wk().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-04-03 11:13:05 +03:00
Kalle Valo
8db32fa400 First batch of patches intended for v5.2
* Send NO_DATA events so they can be captured in radiotap;
 * Some channel-switch changes;
 * Support for multiple BSSID;
 * Continued work and bugfixes for the new debugging infra;
 * Support for some new FW API versions;
 * Some work to support new hardware;
 * General bugfixes;
 * Other cleanups;
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAlyU0OwACgkQoUecoho8
 xfpOOQ/6A+gMe6x7+Mz1Cu6ipjc9ODmGKvDr/CpKUeG1XBedgEJpX9/iR5gFHJVw
 ho8ScEiN54pvktFJptjHIqY+6fPndygvnuYTKWoxN6GnQmairav7l83Vp7cI8P0s
 MHF42EVGvlBc+BwEFC747lgy29B3BFewq50nWFgycGYj+JaV18DxYFXV4+VPXXZ0
 CshNC1WbdX0jI+Qzbbm3oeYA/YrjlU7iIzrri8zD3DVPKwWeYMm/kJ6OkA7RyGcW
 LYSl28BXSZzEl5rtQ763vIoZMGtUmnhtLSLgrxNbzT5u40NGLipU51iApOY4NV9T
 nZUY3XjcBbWbWKhuMuv35wx0HzV6/346D0NPBDPCNmikJHXJFF0zhnZ3WY58ho8C
 8iKZXm8gQIaEl4oqucOIFeMHXjablvtabePinifMluXv8E4kHbjYpNzpFsnSDZyN
 2HNkyW4H7yn9R0GL0XxBt6d+NI5XYB/NkvgywzxGtouyLuav/M5X5lOaxJVDWe79
 8hdAPIlesu85cPTfoOPjtRSaHBpXpcyjnUq11XkznCbbO2PLgEc85cd3sQnhYF3t
 wmUxLgfUTy/PjmemEOau2bGpCYRAfjkfQE9aJFjqn2fsn5R65ADLyxgQ1fbUlLrq
 GvYN/WARDCeRudM5i2CMQwXGIcXKay3MKVCups0U2/xUb+DZWsM=
 =wFO2
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-next-for-kalle-2019-03-22' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next

First batch of patches intended for v5.2

* Send NO_DATA events so they can be captured in radiotap;
* Some channel-switch changes;
* Support for multiple BSSID;
* Continued work and bugfixes for the new debugging infra;
* Support for some new FW API versions;
* Some work to support new hardware;
* General bugfixes;
* Other cleanups;
2019-03-30 08:37:38 +02:00
David S. Miller
356d71e00d Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-27 17:37:58 -07:00
Johannes Berg
3b0f31f2b8 genetlink: make policy common to family
Since maxattr is common, the policy can't really differ sanely,
so make it common as well.

The only user that did in fact manage to make a non-common policy
is taskstats, which has to be really careful about it (since it's
still using a common maxattr!). This is no longer supported, but
we can fake it using pre_doit.

This reduces the size of e.g. nl80211.o (which has lots of commands):

   text	   data	    bss	    dec	    hex	filename
 398745	  14323	   2240	 415308	  6564c	net/wireless/nl80211.o (before)
 397913	  14331	   2240	 414484	  65314	net/wireless/nl80211.o (after)
--------------------------------
   -832      +8       0    -824

Which is obviously just 8 bytes for each command, and an added 8
bytes for the new policy pointer. I'm not sure why the ops list is
counted as .text though.

Most of the code transformations were done using the following spatch:
    @ops@
    identifier OPS;
    expression POLICY;
    @@
    struct genl_ops OPS[] = {
    ...,
     {
    -	.policy = POLICY,
     },
    ...
    };

    @@
    identifier ops.OPS;
    expression ops.POLICY;
    identifier fam;
    expression M;
    @@
    struct genl_family fam = {
            .ops = OPS,
            .maxattr = M,
    +       .policy = POLICY,
            ...
    };

This also gets rid of devlink_nl_cmd_region_read_dumpit() accessing
the cb->data as ops, which we want to change in a later genl patch.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-22 10:38:23 -04:00
Thomas Gleixner
77dcc6233e mac80211_hwsim: Replace hrtimer tasklet with softirq hrtimer
Switch the timer to HRTIMER_MODE_REL_SOFT, which executed the timer callback in
softirq context and remove the hrtimer_tasklet.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Anna-Maria Gleixner <anna-maria@linutronix.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: David S. Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Cc: linux-wireless@vger.kernel.org
Cc: Kalle Valo <kvalo@codeaurora.org>
Link: https://lkml.kernel.org/r/20190301224821.29843-2-bigeasy@linutronix.de
2019-03-22 14:35:30 +01:00
Shahar S Matityahu
fe63f21b20 iwlwifi: dbg_ini: align to FW api version 1
align to ini debug struct version 1 and enforce version checking.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:42 +02:00
Luca Coelho
a2a120a9cd iwlwifi: remove unnecessary goto out in iwl_parse_nvm_mcc_info()
This goto out was unnecessary because the out label was immediately
below it.  Remove it.

Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:42 +02:00
YueHaibing
78d722b1bd iwlwifi: Use struct_size() in kzalloc
Use struct_size() in kzalloc instead of the 'regd_to_copy'

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:42 +02:00
Shahar S Matityahu
4b49e34e58 iwlwifi: dbg_ini: separate between ini and legacy dump flows
Separate between ini and legacy dump flows to allow adding ini triggers
that are not supported in the legacy flow and to increase readabilty.

iwl_fw_dbg_ini_collect function is now called with legacy trigger id and
_iwl_fw_dbg_ini_collect is called with ini trigger id.

Also make the actual dumping function static so that any dump collection
will go through iwl_fw_dbg_collect_sync.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Shahar S Matityahu
c88580e1a9 iwlwifi: dbg: add DRAM monitor support for AX210 device family
Allows to perform monitor dumping on AX210 device family

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Mordechay Goodstein
a15d4f3b3c iwlwifi: mvm: set max amsdu for TLC offload
mac80211 sets max amsdu to min supported ht vs vht but TLC only works
with one mode so we can set to the exact mode used (vht/ht)
and enable larger amsdu sizes for vht.

Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Shaul Triebitz
5bd757a69b iwlwifi: for AX210 device support radio GF4
Add support for radio gf4 (CDB radio).

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Johannes Berg
f826faaa1f iwlwifi: pcie: switch to correct RBD/CD layout for 22560
The layout of the RBD (receive buffer descriptor) isn't quite right,
the hardware ended up being implemented differently. Switch to the
correct RBD layout. While at it, remove the now useless extra defines.

Also, switch the CD (completion descriptor) to the right format, which
is basically just a code cleanup because the only field we really used
(rbid) is still in the same place. We may need fragmentation later if
we ever want to use it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Shahar S Matityahu
fd1190b68a iwlwifi: mvm: use dump worker during restart instead of sync dump
In restart flow, the driver requests HW restart from mac80211
and then mac80211 uses a worker to do the restart flow. In that flow a
sync dump is performed. Instead, schedule the dump worker before
requesting HW restart from mac80211. This approach simplifies the
restart flow.
Also, it is neeeded in order to differentiate between the handling of SW
and HW errors in a future commit.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Shahar S Matityahu
8672aad310 iwlwifi: dbg: use dump mask for tx command dumping length
Only add the size of the tx command to the dump file size if it is set
in the dump_mask.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Ilan Peer
e4fe5d4b10 iwlwifi: mvm: Support new format of SCAN_OFFLOAD_PROFILES_QUERY_RSP
Newer FWs use a new format of the SCAN_OFFLOAD_PROFILES_QUERY_RSP,
which now supports indicating match on an higher number of channels.

Modify the code to support both the old format and the newer one,
based on a FW TLV.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:41 +02:00
Shaul Triebitz
2785ce008e iwlwifi: support new NVM response API
Support REGULATORY_NVM_GET_INFO_RSP_API_S_VER_4.
This API adds the new 6-7GHz channels.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Shaul Triebitz
b15ef67c0e iwlwifi: add support for 6-7 GHz channels
Add UHB (ultra high band) channels and use 16 bit variables
to fit the new channels.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Shaul Triebitz
8636ca769c iwlwifi: mvm: be more forgiving if num of channels is too big
If number of channels in the driver is greater than
number of scan channels given by firmware TLV, do not
fail scan config, but adjust to firmware's number of channels.
This is helpful for supporting in driver new channels before
it being supported by firmware scan.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Johannes Berg
e47df5bd51 iwlwifi: mvm: enable HT/VHT IBSS
For some reason we never enabled it, but it appears to work fine.
Enable it now.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Sara Sharon
918cbf39ac iwlwifi: mvm: support multiple BSSID
Set the capabilities flags and inform firmware

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Sara Sharon
81b4e44e41 iwlwifi: mvm: track changes in beacon count during channel switch
There are some buggy APs that keeps changing the count while forcing
us to block TX. This eventually results in queue hang, assert, and
disconnection. Detect such APs and disconnect gracefully in advance.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Sara Sharon
f678061402 iwlwifi: mvm: disconnect in case of bad channel switch parameters
In case we receive channel switch announcement with immediate
quiet and unknown switching time, we will switch when FW identifies
AP left channel. However, if AP remains on channel, we will
eventually get TX queue hang. Init a work to disconnect if
switch doesn't occur within 1500 milliseconds. Do it also
for a too long channel switch.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Sara Sharon
77738865eb iwlwifi: mvm: notify FW on quiet mode in CSA
Let FW know if quiet mode is on or not. This is needed
in order to disable it in FW when CSA is complete.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:40 +02:00
Sara Sharon
c37763d22d iwlwifi: mvm: track CSA beacons
Send to FW modify command for every beacon we receive during channel
switch. FW will track the count, and make sure the event is scheduled
in time even if AP changed count.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:39 +02:00
Johannes Berg
d47cdb884a iwlwifi: mvm: report all NO_DATA events to mac80211
Report all NO_DATA events to mac80211 so they get captured
in radiotap for usage in sniffer scenarios; map the info
type to a reasonable radiotap type for this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:39 +02:00
Sara Sharon
7922112663 iwlwifi: mvm: implement CSA abort
In case we receive abort operation for CSA, clean up
our state.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:39 +02:00
Sara Sharon
9cfcf71ce6 iwlwifi: mvm: report delayed beacon count to FW
Support passing to FW delayed beacon count. This
represents the delay the AP can have when moving to
the new channel.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:59:39 +02:00
Ihab Zhaika
972d8e1377 iwlwifi: add new 0x2723/0x2080 card for 22000
add new PCI ID 0x2723/0x2080 for 22000 series

Signed-off-by: Ihab Zhaika <ihab.zhaika@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:49:05 +02:00
Ihab Zhaika
0d5bad1422 iwlwifi: rename structs to fit the new names
rename few structs to fit the new marketing names

Signed-off-by: Ihab Zhaika <ihab.zhaika@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:49:04 +02:00
Shahar S Matityahu
07d35b4270 iwlwifi: use sync nmi in case of init flow failure
In case of alive interrupt timeout or any failure in the init flow
the driver generates FW nmi. The driver assumes that the nmi will
generate SW interrupt. This assumption does not hold and leads to faulty
behavior in the recovery flow.

Solve this by using sync nmi, this way, even if the driver does not
receive SW interrupt, it still starts the recovery flow.

Also remove the wait queue from iwl_fwrt_stop_device since the driver is
handling the SW interrupt synchronously.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:49:04 +02:00
Shahar S Matityahu
b05d57c9b6 iwlwifi: dbg_ini: fix bad dump size calculation
The driver initiates the size value with the size of the struct and then
adds the size of the data and checks if the size is zero so size can not
be equal to zero.

Solve this by getting the data size, check that it is not equal to zero
and only then add the struct size.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Fixes: 7a14c23dcd ("iwlwifi: dbg: dump data according to the new ini TLVs")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:49:04 +02:00
Shahar S Matityahu
8625794e36 iwlwifi: dbg_ini: in case of region dump failure set memory to 0
In case the driver fails to dump a memory region, and this is the last
region, then partial region would be extracted.

Solve this by setting the data to zero in case of failure.
This will cause dump to be a list of consecutive successful memory
regions and trailing zeros with no partial memories extracted.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:49:03 +02:00
Shahar S Matityahu
d1967ce641 iwlwifi: add sync_nmi to trans ops
Allow modules from outside pcie to call sync_nmi.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:49:03 +02:00
Johannes Berg
475c6bde72 iwlwifi: mvm: fix TX crypto on 22560+ devices
In the old days, we could transmit with HW crypto with an arbitrary
key by filling it into TX_CMD. This was broken first with the advent
of CCMP/GCMP-256 keys which don't fit there.

This was broken *again* with the newer TX_CMD format on 22560+,
where we simply cannot pass key material anymore. However, we forgot
to update all the cases when we get a key from mac80211 and don't
program it into the hardware but still return 0 for HW crypto on TX.

In AP mode with WEP, we tried to fix this by programming the keys
separately for each station later, but this ultimately turns out to
be buggy, for example now it leaks memory when we have more than one
WEP key.

Fix this by simply using only SW crypto for WEP in newer devices by
returning -EOPNOTSUPP instead of trying to program WEP keys later.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-03-22 12:49:03 +02:00
Paolo Abeni
a350eccee5 net: remove 'fallback' argument from dev->ndo_select_queue()
After the previous patch, all the callers of ndo_select_queue()
provide as a 'fallback' argument netdev_pick_tx.
The only exceptions are nested calls to ndo_select_queue(),
which pass down the 'fallback' available in the current scope
- still netdev_pick_tx.

We can drop such argument and replace fallback() invocation with
netdev_pick_tx(). This avoids an indirect call per xmit packet
in some scenarios (TCP syn, UDP unconnected, XDP generic, pktgen)
with device drivers implementing such ndo. It also clean the code
a bit.

Tested with ixgbe and CONFIG_FCOE=m

With pktgen using queue xmit:
threads		vanilla 	patched
		(kpps)		(kpps)
1		2334		2428
2		4166		4278
4		7895		8100

 v1 -> v2:
 - rebased after helper's name change

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-20 11:18:55 -07:00
Stanislaw Gruszka
7dfc45e628 mt76x02: do not enable RTS/CTS by default
My commit 26a7b54731 ("mt76x02: set protection according to ht
operation element") enabled by default RTS/CTS protection for OFDM
and CCK traffic, because MT_TX_RTS_CFG_THRESH is configured to non
0xffff by initvals and .set_rts_threshold callback is not called by
mac80211 on initialization, only on user request or during
ieee80211_reconfig() (suspend/resuem or restart_hw).

Enabling RTS/CTS cause some problems when sending probe request
frames by hcxdumptool penetration tool, but I expect it can cause
other issues on different scenarios.

Restore previous setting of RTS/CTS being disabled by default for
OFDM/CCK by changing MT_TX_RTS_CFG_THRESH initvals to 0xffff.

Fixes: 26a7b54731 ("mt76x02: set protection according to ht operation element")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-03-19 17:37:25 +02:00
Lorenzo Bianconi
13f61dfc52 mt76: fix schedule while atomic in mt76x02_reset_state
Fix following schedule while atomic in mt76x02_reset_state
since synchronize_rcu is run inside a RCU section

[44036.944222] mt76x2e 0000:06:00.0: MCU message 31 (seq 3) timed out
[44036.944281] BUG: sleeping function called from invalid context at kernel/rcu/tree_exp.h:818
[44036.944284] in_atomic(): 1, irqs_disabled(): 0, pid: 28066, name: kworker/u4:1
[44036.944287] INFO: lockdep is turned off.
[44036.944292] CPU: 1 PID: 28066 Comm: kworker/u4:1 Tainted: G        W         5.0.0-rc7-wdn-t1+ #7
[44036.944294] Hardware name: Dell Inc. Studio XPS 1340/0K183D, BIOS A11 09/08/2009
[44036.944305] Workqueue: phy1 mt76x02_wdt_work [mt76x02_lib]
[44036.944308] Call Trace:
[44036.944317]  dump_stack+0x67/0x90
[44036.944322]  ___might_sleep.cold.88+0x9f/0xaf
[44036.944327]  rcu_blocking_is_gp+0x13/0x50
[44036.944330]  synchronize_rcu+0x17/0x80
[44036.944337]  mt76_sta_state+0x138/0x1d0 [mt76]
[44036.944349]  mt76x02_wdt_work+0x1c9/0x610 [mt76x02_lib]
[44036.944355]  process_one_work+0x2a5/0x620
[44036.944361]  worker_thread+0x35/0x3e0
[44036.944368]  kthread+0x11c/0x140
[44036.944376]  ret_from_fork+0x3a/0x50
[44036.944384] BUG: scheduling while atomic: kworker/u4:1/28066/0x00000002
[44036.944387] INFO: lockdep is turned off.
[44036.944389] Modules linked in: cmac ctr ccm af_packet snd_hda_codec_hdmi

Introduce __mt76_sta_remove in order to run sta_remove without holding dev->mutex.
Move __mt76_sta_remove outside of RCU section in mt76x02_reset_state

Fixes: e4ebb8b403d1 ("mt76: mt76x2: implement full device restart on watchdog reset")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-03-19 17:36:41 +02:00
Felix Fietkau
f2a00a821a mt76: mt7603: use the correct hweight8() function
__sw_hweight8() is only defined if CONFIG_GENERIC_HWEIGHT is enabled.
The function that works on all architectures is hweight8().

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-03-19 17:35:37 +02:00
Stanislaw Gruszka
40b941611b mt76x02u: check chip version on probe
Since some USB device IDs are duplicated between mt76x0u, mt7601u
and mt76x2u device, check chip version on probe and return error if
not match the driver.

Don't think this is serious issue, probe most likely will fail at
some other point for wrong device, but we do not have to configure
it if we know is not our device.

Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-03-19 17:33:33 +02:00
Stanislaw Gruszka
c031647068 mt7601u: check chip version on probe
Since some USB device IDs are duplicated between mt7601u and mt76x0u
devices, check chip version on probe and return error if not match
0x7601.

Don't think this is serious issue, probe most likely will fail at
some other point for wrong device, but we do not have to configure
it if we know is not mt7601u device.

Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Jakub Kicinski <kubakici@wp.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-03-19 17:31:03 +02:00
Arnd Bergmann
688cd8bd2c iwlwifi: fix 64-bit division
do_div() expects unsigned operands and otherwise triggers a warning like:

drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c:465:2: error: comparison of distinct pointer types ('typeof ((rtt_avg)) *' (aka 'long long *') and 'uint64_t *' (aka 'unsigned long long *')) [-Werror,-Wcompare-distinct-pointer-types]
        do_div(rtt_avg, 6666);
        ^~~~~~~~~~~~~~~~~~~~~
include/asm-generic/div64.h:222:28: note: expanded from macro 'do_div'
        (void)(((typeof((n)) *)0) == ((uint64_t *)0));  \
               ~~~~~~~~~~~~~~~~~~ ^  ~~~~~~~~~~~~~~~
1 error generated.

Change the do_div() to the simpler div_s64() that can handle
negative inputs correctly.

Fixes: 937b10c0de ("iwlwifi: mvm: add debug prints for FTM")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-03-07 19:15:06 +02:00
Lorenzo Bianconi
411e05f4e8 mt76x2u: remove duplicated entry in mt76x2u_device_table
Remove duplicated entry in mt76x2u_device_table since Alfa AWUS036ACM
and Aukey USB-AC1200 have the same ids

Fixes: 62a25dc569 ("mt76x2u: Add support for Alfa AWUS036ACM")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:55:30 +01:00
Wei Yongjun
7c1b998d34 mt76: fix return value check in mt76_wmac_probe()
In case of error, the function devm_ioremap_resource() returns ERR_PTR()
and never returns NULL. The NULL test in the return value check should
be replaced with IS_ERR().

Fixes: c8846e1015 ("mt76: add driver for MT7603E and MT7628/7688")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
b126c88974 mt76: mt7603: set moredata flag when queueing ps-filtered packets
Clients should poll for more packets afterwards

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
643749d4a8 mt76: mt76x02: disable ED/CCA by default
This feature has been reported to cause stability issues on several systems.
Disable it until it has been fixed and verified. It can still be enabled
through debugfs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
ffc9a7ff59 mt76: when releasing PS frames, end the service period if no frame was found
Fixes a rare corner case if the txq dequeue attempt fails, but mac80211
still has PS buffered packets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
b7001f4608 mt76: mt7603: clear the service period on releasing PS filtered packets
These packets have no txwi entry in the ring, so tracking via tx status does
not work. To prevent PS poll requests from being unanswered, end the service
period right away

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
e004b70066 mt76: mt7603: notify mac80211 about buffered frames in ps queue
Also fix the size check for filtered powersave frames
Fixes a corner case with waking up clients

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
fca9615f1a mt76: mt7603: fix up hardware queue index for PS filtered packets
Make the queue index match the hardware queue on which they get sent out

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
f25e813bf4 mt76: mt7603: clear ps filtering mode before releasing buffered frames
Fixes sending them, otherwise they loop back right into the buffer

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
b8cfd87ac2 mt76: mt76x2: fix 2.4 GHz channel gain settings
AGC register 35, 37 override for the low gain setting should only be done
on 5 GHz. Also, 2.4 GHz needs a different value for register 35

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
45a042e302 mt76: mt76x2: fix external LNA gain settings
Devices with external LNA need different values for AGC registers 8 and 9

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
7635276989 mt76: mt7603: fix tx status HT rate validation
Use the correct variable in the check. Fixes an uninitialized variable warning

Reported-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Fixes: c8846e1015 ("mt76: add driver for MT7603E and MT7628/7688")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
a0ac806109 mt76: mt76x02: reduce false positives in ED/CCA tx blocking
Full tx blocking (as opposed to CCA blocking) should only happen if there
is a continuous non-802.11 signal above the energy detect threshold.
Unfortunately the ED/CCA counter can't detect that, as it also counts 802.11
signals as busy.

Similar to the vendor code, implement a learning mode that waits until the AGC
gain has already been adjusted to the lowest value (due to false CCA events),
and the number of false CCA events still remains high, and the blocking
threshold is exceeded for more than 5 seconds.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
3fd0824a2f mt76: mt76x02: only update the base mac address if necessary
Also update the mask first before calculating the vif index.
Fixes an issue where adding back the same interfaces in a different order
fails because of duplicate vif index use

Fixes: 06662264ce ("mt76x02: use mask for vifs")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Stanislaw Gruszka
7b25d3b8e4 mt76x02: fix hdr pointer in write txwi for USB
Since we add txwi at the begining of skb->data, it no longer point
to ieee80211_hdr. This breaks settings TS bit for probe response and
beacons.

Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
004960423f mt76: mt76x2: implement full device restart on watchdog reset
Restart the firmware and re-initialize the MAC to be able to recover
from more kinds of hang states

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
de3c2af15f mt76: mt76x02: when setting a key, use PN from mac80211
Preparation for full device restart support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Felix Fietkau
fc78010217 mt76: rewrite dma descriptor base and ring size on queue reset
Useful in case the hardware reset clobbers these values

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Lorenzo Bianconi
cd44bc40a1 mt76: introduce q->stopped parameter
Introduce mt76_queue stopped parameter in order to run
ieee80211_wake_queue only when mac80211 queues have been
previously stopped and avoid to disable interrupts when
it is not necessary

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 12:50:23 +01:00
Kalle Valo
501faf7102 Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
ath.git patches for 5.1. Major changes:

ath10k

* more preparation for SDIO support

wil6210

* support up to 20 stations in AP mode
2019-02-28 11:50:40 +02:00
Alexei Avshalom Lazar
de77a53c2d wil6210: check null pointer in _wil_cfg80211_merge_extra_ies
ies1 or ies2 might be null when code inside
_wil_cfg80211_merge_extra_ies access them.
Add explicit check for null and make sure ies1/ies2 are not
accessed in such a case.

spos might be null and be accessed inside
_wil_cfg80211_merge_extra_ies.
Add explicit check for null in the while condition statement
and make sure spos is not accessed in such a case.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 11:25:09 +02:00
Maya Erez
979c9d8d01 wil6210: ignore HALP ICR if already handled
HALP ICR is set as long as the FW should stay awake.
To prevent its multiple handling the driver masks this IRQ bit.
However, if there is a different MISC ICR before the driver clears
this bit, there is a risk of race condition between HALP mask and
unmask. This race leads to HALP timeout, in case it is mistakenly
masked.
Add an atomic flag to indicate if HALP ICR should be handled.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 11:24:59 +02:00
Dedy Lansky
a380eb5736 wil6210: fix invalid sta statistics update
Upon status ring handling, in case there are both unicast and
multicast (cid == max) status messages to handle, wrong sta statistics
might get updated.
Fix this by setting stats to NULL upon invalid cid
(e.g. == max_assoc_sta).

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 11:24:50 +02:00
Ahmad Masri
6d1ba32c80 wil6210: accessing 802.3 addresses via utility functions
Rearrange the code by having functions to access 802.3 header
members, source and destination addresses.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 11:24:39 +02:00
Ahmad Masri
bf0353a674 wil6210: support up to 20 stations in AP mode
New FW added support for upto 20 clients in AP mode. Change the driver
to support this as well. FW reports it's max supported associations in
WMI_READY_EVENT. Some WMI commands/events use cidxtid field which is
limited to 16 cids. Use new cid/tid fields instead.

For Rx packets cid from rx descriptor is limited to 3 bits (0..7),
to find the real cid, compare transmitter address with the stored
stations mac address in the driver sta array.

EDMA FW still supports 8 stations. Extending the support to 20
stations will come later.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 11:24:29 +02:00
Dedy Lansky
0439a5e035 wil6210: add option to drop Tx packets when Tx ring is full
In AP mode with multiple clients, driver stops net queue
(netif_tx_stop_queue) upon first ring (serving specific client)
becoming full. This can have negative effect on transmission to
other clients which may still have room in their corresponding rings.

Implement new policy in which stop/wake net queue are not used. In
case there is no room in the ring for a transmitted packet, drop the
packet.

New policy can be helpful to debug performance issues, to guarantee
maximum utilization of net queues.
New policy is disabled by default and can be enabled by debugfs:
echo 1 > drop_if_ring_full

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 11:24:19 +02:00
Maya Erez
387f3794b8 wil6210: remove rtap_include_phy_info module param
Due to a HW issue in PHY info collection rtap_include_phy_info is not
in use, hence can be removed.

Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 11:24:09 +02:00
Surabhi Vishnoi
f40a307eb9 ath10k: Fill rx duration for each peer in fw_stats for WCN3990
Currently, rx_duration for each peer is not getting populated in
fw_stats debugfs entry for WCN3990.

WCN3990 firmware sends rx duration for each peer as part of
peer_extd_stats in WMI_UPDATE_STATS_EVENT. To enable peer_extd_stats,
firmware expects host to send fw_stats_req_mask with flag
WMI_TLV_PEER_STATS_EXTD set in WMI_REQUEST_STATS_CMD.

Send fw_stats_req_mask with flag WMI_TLV_PEER_STATS_EXTD set in
WMI_REQUEST_STATS_CMD and parse the peer_extd_stats in
WMI_UPDATE_STATS_EVENT to populate the rx_duration of each peer
in fw_stats debugfs entry.

Currently the driver handles 32-bit rx_duration, but the rx_duration
for WCN3990 can be upto 63 bit. The firmware sends rx_duration split
into two 32-bit fields, with the upper 32-bits being valid only if its
MSB is set. This change handles the 63-bit rx_duration obtained from
WCN3990 and maintain the backward compatibility.

To get the rx_duration of each connected peer :
cat /sys/kernel/debug/ieee80211/phyX/ath10k/fw_stats

Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Signed-off-by: Surabhi Vishnoi <svishnoi@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:48:19 +02:00
Surabhi Vishnoi
d23c2cdaa0 ath10k: Fix the wrong calculation ht_idx and idx of rate table for tx_stats
ht_idx (ht rate index) and idx (rate table index) are calculated based on
mcs index. This mcs index used in the above calculation should be 0-9 for
getting the correct ht_idx and idx.

Currently the mcs index used for the above calculations is mcs index which
can be 0-31 (in case of HT), leading to incorrect rate index and ht index values.

Fix the issue by obtaining mcs value from the ratecode reported by firmware
and use it for calculating ht_idx and idx (rate-table index).

Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Fixes: e88975ca37 ("ath10k: dump tx stats in rate table format")
Signed-off-by: Surabhi Vishnoi <svishnoi@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:46:26 +02:00
Surabhi Vishnoi
8e55fdaa8e ath10k: Fix the wrong updation of SGI in tx_stats debugfs
The SGI is updated wrongly in tx stats table in debugfs per sta
entry. To know whether the packets/bytes are sent with SHORT GI,
test whether the SGI bit(ATH10K_RATE_INFO_FLAGS_SGI_BIT) is set or
not in the txrate flags.

Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Fixes: a904417fc8 ("ath10k: add extended per sta tx statistics support")
Signed-off-by: Surabhi Vishnoi <svishnoi@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:46:16 +02:00
Surabhi Vishnoi
ef9051c72a ath10k: Fix the wrong updation of BW in tx_stats debugfs entry
Currently, the bandwidth is updated wrongly in BW table in tx_stats
debugfs per sta as there is difference in number of bandwidth type
in mac80211 and driver stats table. This leads to bandwidth getting
updated at wrong index in bandwidth table in tx_stats.

Fix this index mismatch between mac80211 and driver stats table (BW table)
by making the number of bandwidth type in driver compatible with mac80211.

Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Fixes: a904417fc8 ("ath10k: add extended per sta tx statistics support")
Signed-off-by: Surabhi Vishnoi <svishnoi@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:46:06 +02:00
Surabhi Vishnoi
3a08ac3e79 ath10k: Fix the incorrect updation of NSS data in tx stats
The NSS data is updated incorrectly in the tx stats as the array
indexing starts from zero.

Fix the incorrect updation of NSS data in tx_stats by taking into
consideration the array index starting from zero.

Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Fixes: a904417fc8 ("ath10k: add extended per sta tx statistics support")
Signed-off-by: Surabhi Vishnoi <svishnoi@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:45:56 +02:00
YueHaibing
037e0c5df6 rtlwifi: rtl8192se: Remove set but not used variable 'seg_ptr'
Fixes gcc '-Wunused-but-set-variable' warning:

drivers/net/wireless/realtek/rtlwifi/rtl8192se/fw.c: In function '_rtl92s_firmware_downloadcode':
drivers/net/wireless/realtek/rtlwifi/rtl8192se/fw.c:139:17: warning:
 variable 'seg_ptr' set but not used [-Wunused-but-set-variable]

It's not used after commit 59ae1d127a ("networking: introduce and use
skb_put_data()")

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:40:39 +02:00
YueHaibing
85c6ac33c8 rtlwifi: rtl8723ae: Remove set but not used variable 'bt_retry_cnt'
Fixes gcc '-Wunused-but-set-variable' warning:

drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hal_btc.c: In function '_rtl8723e_dm_bt_coexist_2_ant':
drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hal_btc.c:1408:5: warning:
 variable 'bt_retry_cnt' set but not used [-Wunused-but-set-variable]

It's never used and can be removed.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:39:46 +02:00
YueHaibing
f321505656 rtlwifi: rtl8723be: Remove set but not used variable 'b_last_is_cur_rdlstate'
Fixes gcc '-Wunused-but-set-variable' warning:

drivers/net/wireless/realtek/rtlwifi/rtl8723be/dm.c: In function 'rtl8723be_dm_check_edca_turbo':
drivers/net/wireless/realtek/rtlwifi/rtl8723be/dm.c:998:7: warning:
 variable 'b_last_is_cur_rdlstate' set but not used [-Wunused-but-set-variable]

It's never used and can be removed.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:39:20 +02:00
Wen Yang
34e022d8b7 mt76: fix a leaked reference by adding a missing of_node_put
The call to of_find_node_by_phandle returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.

Detected by coccinelle with the following warnings:
./drivers/net/wireless/mediatek/mt76/eeprom.c:58:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 48, but without a corresponding object release within this function.
./drivers/net/wireless/mediatek/mt76/eeprom.c:61:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 48, but without a corresponding object release within this function.
./drivers/net/wireless/mediatek/mt76/eeprom.c:67:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 48, but without a corresponding object release within this function.
./drivers/net/wireless/mediatek/mt76/eeprom.c:70:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 48, but without a corresponding object release within this function.
./drivers/net/wireless/mediatek/mt76/eeprom.c:72:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 48, but without a corresponding object release within this function.

Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mediatek@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:38:44 +02:00
Larry Finger
52f8865712 rtlwifi: rtl8192com: Fix blank line problems
The following types of blank line problems are reported:

WARNING: Missing a blank line after declarations
CHECK: Please don't use multiple blank lines

There are no code changes.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:30:05 +02:00
Larry Finger
6d255202a2 rtlwifi: rtl8192cu: Fix problems with blank lines
The following problems were found:

WARNING: Missing a blank line after declarations
CHECK: Please don't use multiple blank lines
CHECK: Please use a blank line after function/struct/union/enum declarations

There are no code changes.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:30:04 +02:00
Larry Finger
2973af748d rtlwifi: rtl8192ce: Fix missing blank lines
The problems filed include the following:

WARNING: Missing a blank line after declarations
CHECK: Please don't use multiple blank lines

There are no code changes.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:30:03 +02:00
Larry Finger
b16abaafea rtlwifi: Fix all blank line irregularities in main code files
The types of problems fixed are as follows:

WARNING: Missing a blank line after declarations
CHECK: Please use a blank line after function/struct/union/enum declarations
CHECK: Please don't use multiple blank lines

There are no code changes.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:30:02 +02:00
Larry Finger
93665097ea rtlwifi: Fix blank line errors in main header files
The errors consist of multiple blank lines, and a missing blank line
after the declarations.

There are no code changes.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:30:01 +02:00
Larry Finger
1dc89bb93c rtlwifi: Fix alignment errors in wifi.h
The instances where statement continuations are improperly aligned have
been fixed.

There are no changes to generated code.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:30:00 +02:00
Larry Finger
d3da329c1d rtlwifi: Fix problems with block comments in wifi.h
Checkpatch.pl reports a number of problems with block comments.

These changes do not affect the generated code.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:30:00 +02:00
Larry Finger
6e5d904152 rtlwifi: Fix errors in spacing in wifi.h
Checkpatch.pl report problems in wifi.h where spaces are missing, as well
as extraneous spaces.

There are no changes in the generated code.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:29:59 +02:00
Colin Ian King
74ee436f95 rsi: fix missing null pointer check from a failed ieee80211_probereq_get call
The call to ieee80211_probereq_get can return NULL if a skb allocation
fails, so add a null pointer check and free an earlier skb on the error
exit return path.

Fixes: 7fdcb8e126 ("rsi: add support for hardware scan offload")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:28:36 +02:00
Rafał Miłecki
c913774951 brcmfmac: print firmware reported general status errors
Firmware may report general errors using a special message type. Add
basic support for it by simply decoding & printing an error number.

A sample situation in which firmware reports a buf error:
CONSOLE: 027084.733 no host response IOCTL buffer available..so fail the request
will now produce a "Firmware reported general error: 9" on the host.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:27:59 +02:00
Rafał Miłecki
0c7051610c brcmfmac: fix size of the struct msgbuf_ring_status
This updates host struct to match the in-firmawre definition. It's a
cosmetic change as it only applies to the reserved struct space.

Fixes: c988b78244 ("brcmfmac: print firmware reported ring status errors")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-28 10:27:58 +02:00
YueHaibing
03af21d6ba ath9k: remove set but not used variable 'acq'
Fixes gcc '-Wunused-but-set-variable' warning:

drivers/net/wireless/ath/ath9k/recv.c: In function 'ath_rx_count_airtime':
drivers/net/wireless/ath/ath9k/recv.c:1010:18: warning:
 variable 'acq' set but not used [-Wunused-but-set-variable]

It's not used after 89cea7493a ("ath9k: Switch to mac80211 TXQ scheduling
and airtime APIs"). Also remove related variables.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:09:00 +02:00
Andrea Greco
d0480d4326 ath9k: debugfs: Fix SPUR-DOWN field
SPUR DOWN field returns spurup instead of spurdown.

Signed-off-by: Andrea Greco <a.greco@4sigma.it>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:08:16 +02:00
Toke Høiland-Jørgensen
cc591d77ab ath9k: Make sure to zero status.tx_time before reporting TX status
Since ath9k reports airtime usage directly using the
ieee80211_report_airtime() callback, it shouldn't also report it using the
tx_time in status. Make sure the field is zeroed before TX status is
reported to avoid spurious airtime being accounted by bits being left over
from earlier uses of the cb.

Fixes: 89cea7493a ("ath9k: Switch to mac80211 TXQ scheduling and airtime APIs")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:07:28 +02:00
Abhishek Ambure
15493239ea ath10k: update the max num of peers supported for WCN3990
WCN3990 firmware versions WLAN.HL.2.0-01617-QCAHLSWMTPLZ-1 & onwards
supports maximum 33 peers including self peer. To support maximum peers,
send updated peer param to firmware during initialization.

Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Signed-off-by: Abhishek Ambure <aambure@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:06:38 +02:00
Wen Gong
6566abea0b ath10k: remove the calibration data fetch for sdio
The calibration data fetch will trigger sdio error, then sdio will
become fail untill reboot system.

If happens when run ifconfig wlan down, then ifconfig wlan up will
fail untill reboot system.Remove it fix the ifconfig wlan issue.

Tested with QCA6174 SDIO with firmware
WLAN.RMH.4.4.1-00005-QCARMSWP-1.

Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:05:26 +02:00
Surabhi Vishnoi
761156ff57 ath10k: Fix length of wmi tlv command for protected mgmt frames
The length of wmi tlv command for management tx send is calculated
incorrectly in case of protected management frames as there is addition
of IEEE80211_CCMP_MIC_LEN twice. This leads to improper behaviour of
firmware as the wmi tlv mgmt tx send command for protected mgmt frames
is formed wrongly.

Fix the length calculation of wmi tlv command for mgmt tx send in case
of protected management frames by adding the IEEE80211_CCMP_MIC_LEN only
once.

Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Fixes: 1807da4973 "ath10k: wmi: add management tx by reference support over wmi"
Signed-off-by: Surabhi Vishnoi <svishnoi@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:03:54 +02:00
Alagu Sankar
7d44452230 ath10k: don't report unset rssi values to mac80211
The SDIO firmware does not provide RSSI value to the host, it's only set to
zero. In that case don't report the value to mac80211. One risk here is that
value zero might be a valid value with other firmware, currently there's no way
to detect that.

Without the fix, the rssi value indicated by iw changes between the actual
value and -95.

Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00005-QCARMSWP-1.

Co-developed-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:02:18 +02:00
Wen Gong
55545b0870 ath10k: sdio: reset chip on power_down()
The target device needs to be reset during power_down(), otherwise only the
first power_up() will work. And as ath10k calls power_up() during driver
initialisation the driver would be otherwise unusable.

Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00005-QCARMSWP-1.

Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:02:08 +02:00
Alagu Sankar
6cd70c6564 ath10k: sdio: disable fwlog prints
The SDIO firmware may turn it on based on scratch registers so disable the
firmware log to avoid that.

Co-developed-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:01:58 +02:00
Alagu Sankar
bf1f0a1a4d ath10k: sdio: set hi_acs_flags
The SDIO firmware does not allow transmitting packets with the
reduced tx completion HI_ACS option. SDIO firmware uses 1544 as
alternate credit size, which is not big enough for the maximum sized
mac80211 frames. Disable both these HI_ACS flags for SDIO.

Co-developed-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:01:49 +02:00
Yu Wang
d961284df2 ath10k: correct the format of host memory chunks in wmi init command
This is a theoretical fix, the issue is found in code review.
When adding the host memory chunks into wmi-tlv init command,
there is no separate tlv header for each host memory chunk
in the struct array, which breaches the convention between
host and firmware, will result in mismatch between the two.

To fix this issue, add separate tlv headers for the host
memory chunks in wmi-tlv init command.

Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 15:00:08 +02:00
Rakesh Pillai
1c136e41fb ath10k: enhance logging for vdev pdev & peer set param
Currently after enabling the WMI debug logging,
there is no detail printed about the param id
and the param value for the pdev, vdev and
peer params which are set.

Enhance the WMI logging to print the param id
and the param value for pdev, vdev and peer set
param wmi commands.

Tested HW: WCN3990
Tested FW: WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
		WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1

Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 14:59:15 +02:00
Abhishek Ambure
6ddc3860a5 ath10k: add support for ack rssi value of data tx packets
In WCN3990, WMI_TLV_SERVICE_TX_DATA_MGMT_ACK_RSSI service Indicates that
the firmware has the capability to send the RSSI value of the ACK for all
data and management packets transmitted.

If WMI_RSRC_CFG_FLAG_TX_ACK_RSSI is set in host capability then firmware
sends RSSI value in "data" tx completion event. Host extracts ack rssi
values of data packets from their tx completion event.

Tested HW: WCN3990
Tested FW: WLAN.HL.2.0-01617-QCAHLSWMTPLZ-1

Signed-off-by: Abhishek Ambure <aambure@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 14:58:06 +02:00
Abhishek Ambure
4b816f170b ath10k: add support for ack rssi value of management tx packets
In WCN3990, WMI_TLV_SERVICE_TX_DATA_MGMT_ACK_RSSI service Indicates that
the firmware has the capability to send the RSSI value of the ACK for all
data and management packets transmitted.

If WMI_RSRC_CFG_FLAG_TX_ACK_RSSI is set in host capability then firmware
sends RSSI value in "management" tx completion event. Host extracts ack
rssi values of management packets from their tx completion event.

Tested HW: WCN3990
Tested FW: WLAN.HL.2.0-01617-QCAHLSWMTPLZ-1

Signed-off-by: Abhishek Ambure <aambure@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 14:57:56 +02:00
Rakesh Pillai
02f73d3a9b ath10k: fix descriptor size in ce tx completion for WCN3990
When the driver receives the tx completion of the
descriptor over ce, it clears the nbytes configured
for that particular descriptor. WCN3990 uses ce
descriptors with 64-bit address.

Currently during handling the tx completion of the
descriptors, the nbytes are accessed from the descriptors
using ce_desc for 32-bit targets. This will lead to clearing
of memory at incorrect offset if DMA MASK is set to greater
than 32 bits.

Attach different ce tx copy completed handler for targets
using address above 32-bit address.

Tested HW: WCN3990
Tested FW: WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1

Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-26 14:56:19 +02:00
Felix Fietkau
c8846e1015 mt76: add driver for MT7603E and MT7628/7688
This driver is for a newer generation of 2x2 MediaTek 802.11n chipsets.
MT7603E is a PCIe chip.
MT7628 and MT7688 are MIPS SoC devices with built-in WLAN.
MT7688 is limited to 1x1

This driver fully supports AP, station, mesh, ad-hoc and monitor mode.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:29:56 +01:00
Felix Fietkau
9c193de548 mt76: add driver callback for when a sta is associated
MT7603 needs this to update the HT/VHT capabilities

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:29:56 +01:00
Lorenzo Bianconi
6cad8240a5 mt76: remove no longer used routine declarations
Remove following routine declarations that are no longer used
after commit cfca5f693c5d ("mt76usb: remove usb_mcu.c"):

- mt76u_mcu_complete_urb
- mt76u_deinit
- mt76u_buf_free
- mt76u_submit_urb

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:29:56 +01:00
Lorenzo Bianconi
200abe6a96 mt76: usb: check urb->num_sgs limit in mt76u_process_rx_entry
check nsgs value is less than urb->num_sgs in mt76u_process_rx_entry
in order to avoid an out-of-bound access of urb->sg array

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:29:56 +01:00
Lorenzo Bianconi
04eb16fc70 mt76: usb: simplify mt76u_tx_build_sg routine
Use skb_to_sgvec instad of skb_to_sgvec_nomark in mt76u_tx_build_sg.
Remove nsgs check in mt76u_tx_build_sg since it is already performed
by skb_to_sgvec

Suggested-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:25:18 +01:00
Lorenzo Bianconi
888199b892 mt76: usb: simplify rx buffer allocation
Squash mt76u_buf_alloc_sg and mt76u_buf_alloc and remove duplicated
code. Reuse mt76u_refill_rx in mt76u_buf_alloc

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:25:18 +01:00
Lorenzo Bianconi
4de92bf10c mt76: usb: introduce mt76u_fill_bulk_urb routine
Add mt76u_fill_bulk_urb to initialize tx/rx urbs and
remove duplicate code

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:25:18 +01:00
Lorenzo Bianconi
cb1847cce0 mt76: usb: fix warning in mt76u_buf_free
Fix following static checker warning in mt76u_buf_free:
  drivers/net/wireless/mediatek/mt76/usb.c:372 mt76u_buf_free()
  warn: address of 'urb->sg[i]' is non-NULL

There is no need to check sg page pointer since urb->num_sgs
has been already validated in mt76u_fill_rx_sg

Fixes: cb83585e11 ("mt76: usb: fix possible memory leak in mt76u_buf_free")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:25:18 +01:00
Stanislaw Gruszka
fc994dbbd9 mt76usb: remove usb_mcu.c
Don't need separate file just for kmalloc/kfree.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:25:18 +01:00
Stanislaw Gruszka
a18a494f90 mt76usb: use synchronous msg for mcu command responses
Use usb_bulk_msg for reading MCU command responses. This simplify code
a lot.

Together with 97a3005759c ("mt76usb: allow mt76u_bulk_msg be used
for reads") it also fix possible problems with rx data buffers
not being aligned and contained within single page. After doing
page_frag_alloc(1024) consecutive page_frag_alloc(PAGE_SIZE) will
alloc PAGE_SIZE buffer at PAGE_SIZE - 1024 offset.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:25:18 +01:00
Stanislaw Gruszka
b63aa031b0 mt76usb: allow mt76u_bulk_msg be used for reads
Extend mt76u_bulk_msg() such it can be used for synchronous bulk reads.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 12:25:18 +01:00
Felix Fietkau
5c8b0a3312 mt76: mt76x02: set MT_TXOP_HLDR_TX40M_BLK_EN for mt76x2
It needs to be always enabled for 76x2 and conditionally enabled/disabled
for 76x0. Since mt76x2_mac_stop clears this bit, ensure that it is enabled
in mt76x02_edcca_init

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:19 +01:00
Felix Fietkau
2858f60a16 mt76: mt76x2: unify mt76x2[u]_mac_resume
They are now the same and short enough to be turned into an inline function

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:19 +01:00
Felix Fietkau
4606a26c0c mt76: mt76x02: fix ED/CCA enabling/disabling
ED/CCA needs to be disable before stopping the MAC to avoid hangs from tx
being blocked. It must only be enabled again after the MAC has been started
again.
In many places this wasn't done properly, so fix this by always clearing
the relevant ED/CCA bits in mt76x2_mac_stop and set it up again after
channel change or calibration is done

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:19 +01:00
Felix Fietkau
72e5d479b8 mt76: mt76x02: issue watchdog reset on MCU request timeout
MCU request timeout usually indicates that the device is no longer responsive,
and it usually does not recover without a reset

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:19 +01:00
Felix Fietkau
90f42f2d76 mt76: mt76x02: only reset beacon drift counter when enabling beacons
When the timer is already running, there is no need to reset the counter,
because the drift will remain the same.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:19 +01:00
Felix Fietkau
ed55c9b9c1 mt76: mt76x02: fix beacon timer issue
When mt76x0 and mt76x2 beacon code was unified, it changed the order in which
beacon enable and beacon interval are configured.
Configuring beacon enable before beacon interval can in some cases cause
problems with the beacon timer, leading to clients not waking up properly
from powersave mode.
Fix this by changing the order back to interval first, then enable.

Fixes: cc726268e4 ("mt76: move mt76x02_bss_info_changed in mt76x02-lib module")
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:18 +01:00
Felix Fietkau
b3f09304ba mt76: mt76x02: fix beacon timer drift adjustment
Check the count before incrementing it to match vendor code behavior.
This defers the adjustment by one more tick, which should improve accuracy

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:18 +01:00
Felix Fietkau
a6982fcdc3 mt76: mt76x02: fix TSF sync mode
MT_BEACON_TIME_CFG_SYNC_MODE needs to be set for AP mode, according to the
documentation. For other modes it should be irrelevant in this case.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 10:28:18 +01:00
David S. Miller
70f3522614 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Three conflicts, one of which, for marvell10g.c is non-trivial and
requires some follow-up from Heiner or someone else.

The issue is that Heiner converted the marvell10g driver over to
use the generic c45 code as much as possible.

However, in 'net' a bug fix appeared which makes sure that a new
local mask (MDIO_AN_10GBT_CTRL_ADV_NBT_MASK) with value 0x01e0
is cleared.

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-24 12:06:19 -08:00
David S. Miller
1a25660856 wireless-drivers-next patches for 5.1
Most likely the last set of patches for 5.1. WPA3 support to ath10k
 and qtnfmac. FTM support to iwlwifi and ath10k. And of course other
 new features and bugfixes.
 
 wireless-drivers was merged due to dependency in mt76.
 
 Major changes:
 
 iwlwifi
 
 * HE radiotap
 
 * FTM (Fine Timing Measurement) initiator and responder implementation
 
 * bump supported firmware API to 46
 
 * VHT extended NSS support
 
 * new PCI IDs for 9260 and 22000 series
 
 ath10k
 
 * change QMI interface to support the new (and backwards incompatible)
   interface from HL3.1 and used in recent HL2.0 branch firmware
   releases
 
 * support WPA3 with WCN3990
 
 * support for mac80211 airtime fairness based on transmit rate
   estimation, the firmware needs to support WMI_SERVICE_PEER_STATS to
   enable this
 
 * report transmit airtime to mac80211 with firmwares having
   WMI_SERVICE_REPORT_AIRTIME feature, this to have more accurate
   airtime fairness based on real transmit time (instead of just
   estimated from transmit rate)
 
 * support Fine Timing Measurement (FTM) responder role
 
 * add dynamic VLAN support with firmware having WMI_SERVICE_PER_PACKET_SW_ENCRYPT
 
 * switch to use SPDX license identifiers
 
 ath
 
 * add new country codes for US
 
 brcmfmac
 
 * support monitor frames with the hardware/ucode header
 
 qtnfmac
 
 * enable WPA3 SAE and OWE support
 
 mt76
 
 * beacon support for USB devices (mesh+ad-hoc only)
 
 rtlwifi
 
 * convert to use SPDX license identifiers
 
 libertas_tf
 
 * get the MAC address before registering the device
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJccAnlAAoJEG4XJFUm622bxxMH/2cz2GEuDQXOwfYLnCUwFES8
 vqTdMWnlfqGQvsTyvtSp91KqsL3hE2FB1Cu3n6/vzND3C7afT0V2/QlU7Pmgr8sR
 1gnJnu0NJT5SZfzcTsqwt8rFw9lQZ3HcvEcfNo6T5KUyyY7FGCNGR5H27nvoKOP3
 ea1h7U80loPV40sGTI8jj963wa9LNHUrjHTK4wY+KMWECgZuD/fHeE9YPB9MTdff
 lJ5bWCoQmuJddvTtC+X0tOAsCkxgdbbw6ieKqzep8H4gtUjerZD+V8uUdbtpr7IL
 sWPoaqrrADMv9cZtDVj+pEtNIJ3mpfuHYFKSON9jy/uxygeFTfVzLu43RFreDp8=
 =D15/
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-next-for-davem-2019-02-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next

Kalle Valo says:

====================
wireless-drivers-next patches for 5.1

Most likely the last set of patches for 5.1. WPA3 support to ath10k
and qtnfmac. FTM support to iwlwifi and ath10k. And of course other
new features and bugfixes.

wireless-drivers was merged due to dependency in mt76.

Major changes:

iwlwifi

* HE radiotap

* FTM (Fine Timing Measurement) initiator and responder implementation

* bump supported firmware API to 46

* VHT extended NSS support

* new PCI IDs for 9260 and 22000 series

ath10k

* change QMI interface to support the new (and backwards incompatible)
  interface from HL3.1 and used in recent HL2.0 branch firmware
  releases

* support WPA3 with WCN3990

* support for mac80211 airtime fairness based on transmit rate
  estimation, the firmware needs to support WMI_SERVICE_PEER_STATS to
  enable this

* report transmit airtime to mac80211 with firmwares having
  WMI_SERVICE_REPORT_AIRTIME feature, this to have more accurate
  airtime fairness based on real transmit time (instead of just
  estimated from transmit rate)

* support Fine Timing Measurement (FTM) responder role

* add dynamic VLAN support with firmware having WMI_SERVICE_PER_PACKET_SW_ENCRYPT

* switch to use SPDX license identifiers

ath

* add new country codes for US

brcmfmac

* support monitor frames with the hardware/ucode header

qtnfmac

* enable WPA3 SAE and OWE support

mt76

* beacon support for USB devices (mesh+ad-hoc only)

rtlwifi

* convert to use SPDX license identifiers

libertas_tf

* get the MAC address before registering the device
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-22 12:56:24 -08:00
Johannes Berg
b7b14ec1eb Merge remote-tracking branch 'net-next/master' into mac80211-next
Merge net-next to resolve a conflict and to get the mac80211
rhashtable fixes so further patches can be applied on top.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-22 13:48:13 +01:00
Liad Kaufman
77ff2c6b49 mac80211: update HE IEs to D3.3
Update element names and new fields according to D3.3 of
the HE spec.

Signed-off-by: Liad Kaufman <liad.kaufman@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-22 13:46:55 +01:00
Li RongQing
1740771524 mac80211_hwsim: propagate genlmsg_reply return code
genlmsg_reply can fail, so propagate its return code

Signed-off-by: Li RongQing <lirongqing@baidu.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-22 13:27:22 +01:00
Ihab Zhaika
085486de83 iwlwifi: add new cards for 22000 and killer series and change the market name
Add a few PCI ID'S for 22000 and killer series in addition to
chainging the marketing name.

Signed-off-by: Ihab Zhaika <ihab.zhaika@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:48:01 +02:00
Ihab Zhaika
3941310cf6 iwlwifi: add new card for 9260 series
Add one PCI ID for 9260 series.

CC: <stable@vger.kernel.org> # 4.14+
Signed-off-by: Ihab Zhaika <ihab.zhaika@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:48:01 +02:00
Shahar S Matityahu
8d7dea25ad iwlwifi: dbg_ini: implement Rx fifos dump
Implement Rx fifos dump in the new dump mechanism.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:48:01 +02:00
Shahar S Matityahu
1b64d58bd4 iwlwifi: dbg_ini: implement Tx fifos dump
Implement Tx fifos dump in the new dump mechanism.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:48:01 +02:00
Shahar S Matityahu
2dbf3aea79 iwlwifi: dbg_ini: add region to fill_header handler
Add iwl_fw_ini_region_cfg region struct to fill_header handler of
iwl_dump_ini_mem_ops. it is needed for future support in fifos dumping.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:48:01 +02:00
Shahar S Matityahu
1a6c8bb7f8 iwlwifi: dbg_ini: make fill_range handler accept generic range pointer
Make fill_range handler of iwl_dump_ini_mem_ops accept a generic range
pointer. It is needed for future support in fifos dumping.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:48:00 +02:00
Shahar S Matityahu
01e591c9f4 iwlwifi: dbg_ini: make memory dump get_size handler include headers
Make the get size handler of iwl_dump_ini_mem_ops include the total
size of the region. It is needed for fifos dumping.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:59 +02:00
Shahar S Matityahu
05841faa85 iwlwifi: dbg_ini: add print to iwl_dump_ini_mem in case of invalid range
Add informative print in case the range is not available.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:59 +02:00
Shahar S Matityahu
0027672219 iwlwifi: dbg_ini: fix infinite time ignore consecutive dumps
The driver sets ignore_consec to -1 which is 0xffffffff in u32
so when iwl_fw_ini_trigger_on is called, it will always return false
and each trigger could be used only once.

Solve this by removing the assignment to -1.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Fixes: fe1b7d6c28 ("iwlwifi: add support for triggering ini triggers")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:59 +02:00
Sara Sharon
f50d693b9f iwlwifi: mvm: add some debug data to TX path
This helps debugging when things go wrong.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:59 +02:00
Shahar S Matityahu
714afd3506 iwlwifi: remove redundant condition from prior alive dump flow
After the FW image was loaded for the first time,
fwrt->smem_cfg.num_lmacs value will no longer be zero since we don't
clean it when we stop the device. So if we load the image once and then
we fail on a consecutive attempt, the driver will abort any dumping.

Solve this by removing the condition. It is safe to remove since
when we do the actual dumping in iwl_fw_dbg_collect_sync we check
that STATUS_DEVICE_ENABLED bit is still active.

Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:59 +02:00
Johannes Berg
a53b2a0b12 iwlwifi: mvm: implement VHT extended NSS support in rs.c
For non-offloaded rate control, implement VHT extended NSS
support by just ignoring 160 MHz on transmit if the peer
doesn't support the full NSS (2). This is pretty unlikely
and gets us 160 MHz RX as well as TX in most cases, since
the typical case for this workaround is 4x4 AP only doing
2x2 on 160 MHz.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:59 +02:00
Ilan Peer
8c739d8d79 iwlwifi: mvm: Allow retries for probe responses
When hostapd sends a probe response, it does not request an
acknowledgment on the probe response. This setting is propagated
to the driver and FW from mac80211, and as a result probe responses
are transmitted only once without retries. In congested
environments, this reduces the likelihood for finding the AP.

To overcome this, enable acknowledgment and retries for probe
responses, even in case no acknowledgment is requested. In such
a case the retry limit is set to 3.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:58 +02:00
Johannes Berg
cad7eb754d iwlwifi: mvm: remove IWL_MVM_INIT_STATUS_REG_HW_INIT_COMPLETE
There's no point in this, we already do everything in a nested
fashion, and if we didn't we'd already crash in iwl_mvm_leds_exit()
etc. Just remove the bit.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:57 +02:00
Andrei Otcheretianski
a371bb646f iwlwifi: mvm: Set TX_CMD_FLG_PROT_REQUIRE correctly
Previously the protection flag wasn't set on multicast frames even if
the RA is unicast. Fix this by checking addr1 instead.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:57 +02:00
Sara Sharon
503863055d iwlwifi: mvm: support non-transmitting AP
Add an option to not send beacons and probe responses. This is
used for testing multiple-bssid.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:57 +02:00
Liad Kaufman
8bf52e0ab3 iwlwifi: mvm: add read debugfs for he_sniffer_params
Return the AID currently set when reading this debugfs entry.

Signed-off-by: Liad Kaufman <liad.kaufman@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:57 +02:00
Sara Sharon
90a128291d iwlwifi: mvm: reject new beacons when in inject mode
Verify we do not accept new beacon templates while beacon
injection is active.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:56 +02:00
Greg Kroah-Hartman
dc475ae9c0 iwlwifi: iwl-drv: no need to check return value of debugfs_create functions
When calling debugfs functions, there is no need to ever check the
return value.  The function can work or not, but the code logic should
never do something different based on this.

Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Luca Coelho <luciano.coelho@intel.com>
Cc: Intel Linux Wireless <linuxwifi@intel.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:56 +02:00
Greg Kroah-Hartman
5987dfde6f iwlwifi: fw: no need to check return value of debugfs_create functions
When calling debugfs functions, there is no need to ever check the
return value.  The function can work or not, but the code logic should
never do something different based on this.

Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Luca Coelho <luciano.coelho@intel.com>
Cc: Intel Linux Wireless <linuxwifi@intel.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:56 +02:00
Greg Kroah-Hartman
84caa1dd00 iwlwifi: dvm: no need to check return value of debugfs_create functions
When calling debugfs functions, there is no need to ever check the
return value.  The function can work or not, but the code logic should
never do something different based on this.

Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Luca Coelho <luciano.coelho@intel.com>
Cc: Intel Linux Wireless <linuxwifi@intel.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:56 +02:00
Johannes Berg
7691fa6947 iwlwifi: nvm-parse: advertise IEEE80211_VHT_EXT_NSS_BW_CAPABLE in VHT
We support this, so we should advertise it. In fact, if we don't,
mac80211 will do it for us (as we advertise SUPPORTS_VHT_EXT_NSS_BW
to it), but that requires a memory reallocation which is wasteful:

  ieee80211 phy0: copying sband (band 1) due to VHT EXT NSS BW flag

Set the flag here to avoid that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:55 +02:00
Johannes Berg
de645e8992 iwlwifi: mvm: fix error path in iwl_mvm_mac_setup_register()
The IWL_MVM_INIT_STATUS_REG_HW_INIT_COMPLETE bit shouldn't be set,
and realistically we should complete all setup before we call the
ieee80211_register_hw() function. Fix this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:55 +02:00
Gustavo A. R. Silva
6b367c9f88 iwlwifi: nvm-parse: use struct_size() in kzalloc()
One of the more common cases of allocation size calculations is finding the
size of a structure that has a zero-sized array at the end, along with memory
for some number of elements for that array. For example:

struct foo {
    int stuff;
    void *entry[];
};

instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);

Instead of leaving these open-coded and prone to type mistakes, we can now
use the new struct_size() helper:

instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:55 +02:00
Gustavo A. R. Silva
9178aa7c46 iwlwifi: eeprom-parse: use struct_size() in kzalloc()
One of the more common cases of allocation size calculations is finding the
size of a structure that has a zero-sized array at the end, along with memory
for some number of elements for that array. For example:

struct foo {
    int stuff;
    void *entry[];
};

instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);

Instead of leaving these open-coded and prone to type mistakes, we can now
use the new struct_size() helper:

instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:54 +02:00
Arnd Bergmann
e8698301f2 iwlwifi: fix false-positive maybe-uninitialized warning
With CONFIG_NO_AUTO_INLINE, we run into a silly warning when
gcc fails to remember that n_profiles is constant across
the function call to iwl_mvm_sar_set_profile:

drivers/net/wireless/intel/iwlwifi/mvm/fw.c: In function 'iwl_mvm_sar_get_ewrd_table':
drivers/net/wireless/intel/iwlwifi/mvm/fw.c:746:9: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]

Marking that function 'inline' avoids the warning.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:54 +02:00
Ilan Peer
1e78e759be iwlwifi: mvm: Don't request HW restart if already requested
In case mac80211 was requested to perform an HW restart, but the HW
restart has not started yet, there is no need to request another one.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:54 +02:00
Triebitz
6cc6ba3a0d iwlwifi: pcie: allocate rb_stts's for all queues in one place
AX210 devices assume that the (DRAM) addresses of the rb_stts's for
the different queues are continuous.
So allocate the rb_stts's for all the Rx queues in one place.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
2019-02-20 20:47:54 +02:00
Kalle Valo
6c88e0ce5e Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
ath.git patches for 5.1. Major changes:

ath10k

* support WPA3 with WCN3990

* support for mac80211 airtime fairness based on transmit rate
  estimation, the firmware needs to support WMI_SERVICE_PEER_STATS to
  enable this

* report transmit airtime to mac80211 with firmwares having
  WMI_SERVICE_REPORT_AIRTIME feature, this to have more accurate
  airtime fairness based on real transmit time (instead of just
  estimated from transmit rate)

* support Fine Timing Measurement (FTM) responder role

* add dynamic VLAN support with firmware having
  WMI_SERVICE_PER_PACKET_SW_ENCRYPT

* switch to use SPDX license identifiers
2019-02-20 20:01:27 +02:00
Lubomir Rintel
5d04b22b88 libertas_tf: get the MAC address before registering the device
The start() callback is too late for this: NetworkManager would already
have seen the hardware, thinking 00:00:00:00:00:00 is its permanent
address.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Reviewed-by: Steve deRosier <derosier@cal-sierra.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 19:55:54 +02:00
Lubomir Rintel
baa0280f08 libertas_tf: don't defer firmware loading until start()
In order to be able to get a MAC address before we register the device
with ieee80211 we'll need to load the firmware way earlier.

There seems to be one problem with this: the device seems to start
with radio enabled and starts sending in frames right after the firmware
load finishes. Disable the radio as soon as possible.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Reviewed-by: Steve deRosier <derosier@cal-sierra.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 19:55:54 +02:00
Lubomir Rintel
be9d0d3fe1 libertas_tf: move hardware callbacks to a separate structure
We'll need to talk to the firmware to get a hardware address before
device is registered with ieee80211 subsystem at the end of
lbtf_add_card(). Hooking the callbacks after that is too late.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 19:55:53 +02:00
Rafał Miłecki
e0a8ef4d7b brcmfmac: add basic validation of shared RAM address
While experimenting with firmware loading I ended up in a state of
firmware reporting shared RAM address 0x04000001. It was causing:
[   94.448015] Unable to handle kernel paging request at virtual address cd680001
due to reading out of the mapped memory.

This patch adds some basic validation to avoid kernel crashes due to the
unexpected firmware behavior.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 19:55:22 +02:00
Colin Ian King
0421dd4167 rtlwifi: rtl8192ce: fix typo, "PairwiseENcAlgorithm" -> "PairwiseEncAlgorithm"
There is an uppercase 'N' that should be a lowercase 'n', fix this.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 19:54:53 +02:00
Rafał Miłecki
dcb1471bc6 brcmfmac: use bphy_err() in all wiphy-related code
This recently added macro provides more meaningful error messages thanks
to identifying a specific wiphy. It's especially important on systems
with few cards supported by the same (brcmfmac) driver.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 19:54:17 +02:00
David S. Miller
375ca548f7 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Two easily resolvable overlapping change conflicts, one in
TCP and one in the eBPF verifier.

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-20 00:34:07 -08:00
Kalle Valo
f0553ca9ce ath10k: switch to use SPDX license identifiers
Use SPDX identifiers everywhere in ath10k.

Makefile was incorrectly marked in commit b24413180f ("License cleanup: add
SPDX GPL-2.0 license identifier to files with no license"), fix that as well.

Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 10:33:00 +02:00
Kalle Valo
28bbe23740 ath10k: change 'unsigned long int' to 'unsigned long'
Fixes checkpatch warnings:

Prefer 'unsigned long' over 'unsigned long int' as the int is unnecessary

Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-20 10:29:22 +02:00
Stanislaw Gruszka
c7ff1bfeaf rt2800: comment and simplify AGC init for RT6352
We do not need separate lines for calculating register values.
Also add comment that value is different than in vendor driver.

Suggested-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-19 17:18:57 +02:00
Stanislaw Gruszka
7aca14885e rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
The TX_PIN_CFG_RFRX_EN bit was not set on other devices than MT7620,
restore old behavaviour since setting this bit maight not be
correct for older devices.

Fixes: 41977e86c9 ("rt2x00: add support for MT7620")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-19 17:18:53 +02:00
Stanislaw Gruszka
9ad3b55654 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
Do not enable TX_PIN_CFG_LNA_PE_A* bits for 2.4GHz band and
vice versa TX_PIN_CFG_LNA_PE_G* bits for 5GHz.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-19 17:18:49 +02:00