Some iwlwifi fixes for 4.13:

* A few NULL pointer dereferences in the recovery flow;
 * A small but important fix for IBSS;
 * A one-liner fix for tracing, which was including too much data;
 * Some of these are bugzilla bug fixes;
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAllxyWoACgkQoUecoho8
 xfrhMg//bEcqv53NYfsGlAMXeE6whufA+tHX+0mLIwTZ4wLRt/mU0eU2fBiAKKXz
 T+q60jQ5GbKJiE3YXg8MsesBPy/ekeo7ZDriS1g/KScMnzrVChiDu5V6nN9dANuM
 v9dPc2rm7phnaWSTHeZm5mZVCMdjMeRsdO8MzYwkz8dFEE4ZXPGJjIWy0yvYEuX0
 FnOt7/ZNVEjBglvXn5nL77xZOOajm4G8kX7x5586leflk8uNsjdht/7DbcEMJU36
 +ezel7opK922Eaua40GLCJdzEgxai8Cci+aNPbNeMLj2+Ld8YSyniOOmsnPbLf5B
 20KkuAUQuWqRcPcoIQPnDj0dpfEILDvpC0HPPq2FVXX2CLhIwngUyPwoeBIVGxvG
 IU6gN+MP1qYjktnkjkuxHAlPoTiAiBUo+ZIoJIHMtV2E3JtGzYs4uvtEx4zvgwqp
 XFlhsIA2rWu4MGO7FovGMlgkVRleeIhFKTR60+lkqpXAaXlwq4w8sprDH5O9BgeP
 84F+GyV9TGlE7yPJblAnbKAba7Z7qTQMd6RSpkEbBnGx15F3zGyyvkEaDGKHJC2b
 z6VtFgq0zOCuTg/L8N7l98LkqCqm+PXDsUVcBgEFG8M211zfPtn7MQxXzRSulTt1
 tiGxh9JM58sn2yX1umZRILhgbreqrS1phMwiEKcIHI+Bq98EtWk=
 =qJJ7
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-for-kalle-2017-07-21' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes

Some iwlwifi fixes for 4.13:

* A few NULL pointer dereferences in the recovery flow;
* A small but important fix for IBSS;
* A one-liner fix for tracing, which was including too much data;
* Some of these are bugzilla bug fixes;
This commit is contained in:
Kalle Valo 2017-07-21 14:33:27 +03:00
commit d755cbc26e
8 changed files with 34 additions and 9 deletions

View File

@ -1189,11 +1189,11 @@ void iwlagn_rx_reply_tx(struct iwl_priv *priv, struct iwl_rx_cmd_buffer *rxb)
next_reclaimed;
IWL_DEBUG_TX_REPLY(priv, "Next reclaimed packet:%d\n",
next_reclaimed);
iwlagn_check_ratid_empty(priv, sta_id, tid);
}
iwl_trans_reclaim(priv->trans, txq_id, ssn, &skbs);
iwlagn_check_ratid_empty(priv, sta_id, tid);
freed = 0;
/* process frames */

View File

@ -55,8 +55,8 @@ static inline bool iwl_trace_data(struct sk_buff *skb)
/* also account for the RFC 1042 header, of course */
offs += 6;
return skb->len > offs + 2 &&
*(__be16 *)(skb->data + offs) == cpu_to_be16(ETH_P_PAE);
return skb->len <= offs + 2 ||
*(__be16 *)(skb->data + offs) != cpu_to_be16(ETH_P_PAE);
}
static inline size_t iwl_rx_trace_len(const struct iwl_trans *trans,

View File

@ -1084,7 +1084,13 @@ int __iwl_mvm_mac_start(struct iwl_mvm *mvm)
lockdep_assert_held(&mvm->mutex);
if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) {
if (test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED, &mvm->status)) {
/*
* Now convert the HW_RESTART_REQUESTED flag to IN_HW_RESTART
* so later code will - from now on - see that we're doing it.
*/
set_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status);
clear_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED, &mvm->status);
/* Clean up some internal and mac80211 state on restart */
iwl_mvm_restart_cleanup(mvm);
} else {

View File

@ -1090,6 +1090,7 @@ struct iwl_mvm {
* @IWL_MVM_STATUS_HW_RFKILL: HW RF-kill is asserted
* @IWL_MVM_STATUS_HW_CTKILL: CT-kill is active
* @IWL_MVM_STATUS_ROC_RUNNING: remain-on-channel is running
* @IWL_MVM_STATUS_HW_RESTART_REQUESTED: HW restart was requested
* @IWL_MVM_STATUS_IN_HW_RESTART: HW restart is active
* @IWL_MVM_STATUS_IN_D0I3: NIC is in D0i3
* @IWL_MVM_STATUS_ROC_AUX_RUNNING: AUX remain-on-channel is running
@ -1101,6 +1102,7 @@ enum iwl_mvm_status {
IWL_MVM_STATUS_HW_RFKILL,
IWL_MVM_STATUS_HW_CTKILL,
IWL_MVM_STATUS_ROC_RUNNING,
IWL_MVM_STATUS_HW_RESTART_REQUESTED,
IWL_MVM_STATUS_IN_HW_RESTART,
IWL_MVM_STATUS_IN_D0I3,
IWL_MVM_STATUS_ROC_AUX_RUNNING,

View File

@ -1235,9 +1235,8 @@ void iwl_mvm_nic_restart(struct iwl_mvm *mvm, bool fw_error)
*/
if (!mvm->fw_restart && fw_error) {
iwl_mvm_fw_dbg_collect_desc(mvm, &iwl_mvm_dump_desc_assert,
NULL);
} else if (test_and_set_bit(IWL_MVM_STATUS_IN_HW_RESTART,
&mvm->status)) {
NULL);
} else if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) {
struct iwl_mvm_reprobe *reprobe;
IWL_ERR(mvm,
@ -1268,6 +1267,7 @@ void iwl_mvm_nic_restart(struct iwl_mvm *mvm, bool fw_error)
if (fw_error && mvm->fw_restart > 0)
mvm->fw_restart--;
set_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED, &mvm->status);
ieee80211_restart_hw(mvm->hw);
}
}

View File

@ -277,6 +277,18 @@ static void iwl_mvm_rx_agg_session_expired(unsigned long data)
/* Timer expired */
sta = rcu_dereference(ba_data->mvm->fw_id_to_mac_id[ba_data->sta_id]);
/*
* sta should be valid unless the following happens:
* The firmware asserts which triggers a reconfig flow, but
* the reconfig fails before we set the pointer to sta into
* the fw_id_to_mac_id pointer table. Mac80211 can't stop
* A-MDPU and hence the timer continues to run. Then, the
* timer expires and sta is NULL.
*/
if (!sta)
goto unlock;
mvm_sta = iwl_mvm_sta_from_mac80211(sta);
ieee80211_stop_rx_ba_session_offl(mvm_sta->vif,
sta->addr, ba_data->tid);
@ -2015,7 +2027,8 @@ int iwl_mvm_send_add_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
IWL_MAX_TID_COUNT,
wdg_timeout);
if (vif->type == NL80211_IFTYPE_AP)
if (vif->type == NL80211_IFTYPE_AP ||
vif->type == NL80211_IFTYPE_ADHOC)
mvm->probe_queue = queue;
else if (vif->type == NL80211_IFTYPE_P2P_DEVICE)
mvm->p2p_dev_queue = queue;

View File

@ -3150,7 +3150,8 @@ struct iwl_trans *iwl_trans_pcie_alloc(struct pci_dev *pdev,
init_waitqueue_head(&trans_pcie->d0i3_waitq);
if (trans_pcie->msix_enabled) {
if (iwl_pcie_init_msix_handler(pdev, trans_pcie))
ret = iwl_pcie_init_msix_handler(pdev, trans_pcie);
if (ret)
goto out_no_pci;
} else {
ret = iwl_pcie_alloc_ict(trans);

View File

@ -298,6 +298,9 @@ void iwl_pcie_txq_check_wrptrs(struct iwl_trans *trans)
for (i = 0; i < trans->cfg->base_params->num_of_queues; i++) {
struct iwl_txq *txq = trans_pcie->txq[i];
if (!test_bit(i, trans_pcie->queue_used))
continue;
spin_lock_bh(&txq->lock);
if (txq->need_update) {
iwl_pcie_txq_inc_wr_ptr(trans, txq);