Some firmware revisions don't wait for beacon tx
completion before sending another SWBA event. This
could lead to hardware using old (freed) beacon
data in some cases, e.g. tx credit starvation
combined with missed TBTT. This is very very rare.
On non-IOMMU-enabled hosts this could be a
possible security issue because hw could beacon
some random data on the air. On IOMMU-enabled
hosts DMAR faults would occur in most cases and
target device would crash.
Since there are no beacon tx completions (implicit
nor explicit) propagated to host the only
workaround for this is to allocate a DMA-coherent
buffer for a lifetime of a vif and use it for all
beacon tx commands. Worst case for this approach
is some beacons may become corrupted, e.g. garbled
IEs or out-of-date TIM bitmap.
Keep the original beacon-related code as-is in
case future firmware revisions solve this problem
so that the old path can be easily re-enabled with
a fw_feature flag.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
As suggeested by checkpatch:
WARNING: Prefer ether_addr_copy() over memcpy() if the Ethernet addresses are __aligned(2)
In wmi.c I had to change due to sparse warnings copying of struct wmi_mac_addr
from form &cmd->peer_macaddr.addr to cmd->peer_macaddr.addr. In
ath10k_wmi_set_ap_ps_param() I also added the missing ".addr" to the copy
command.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Makes it more readable and fixes checkpatch warnings:
drivers/net/wireless/ath/ath10k/debug.c:593: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:594: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:595: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:596: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:597: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:599: WARNING: quoted string split across lines
drivers/net/wireless/ath/ath10k/debug.c:600: WARNING: quoted string split across lines
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fixes checkpatch warnings:
ath10k/htc.c:49: WARNING: Possible unnecessary 'out of memory' message
ath10k/htc.c:810: WARNING: Possible unnecessary 'out of memory' message
ath10k/htt.h:1034: CHECK: Please use a blank line after function/struct/union/enum declarations
ath10k/htt_rx.c:135: CHECK: Unnecessary parentheses around htt->rx_ring.alloc_idx.vaddr
ath10k/htt_rx.c:173: CHECK: Unnecessary parentheses around htt->rx_ring.alloc_idx.vaddr
ath10k/pci.c:633: WARNING: macros should not use a trailing semicolon
ath10k/wmi.c:3594: WARNING: quoted string split across lines
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fixes checkpatch warnings:
WARNING: Missing a blank line after declarations
Please note that some of the cases I fixed by moving the variable declarations
to the beginning of the function, which is the preferred style in ath10k.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The function may return an -ENODEV if debugfs is
disabled in kernel. This should originally be
guarded by ath10k's Kconfig but it still makes
sense to check for the non-NULL errno return
value.
Reported-by: Matteo Croce <matteo@openwrt.org>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
10.1 firmware does not have an official way to
cause assert on purpose, but it can be done with
carefully crafted WMI command. This is a different
kind of crash from the 'hard' crash, which is
a bad memory dereference.
Different crashes decode in different manners, so
this will help the crash-report testing as well as
offer better ways to test firmware failure and
recovery.
kvalo: move the wmi command creation to debug.c, modify
the info print
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Add testmode interface for starting and using UTF firmware which is used to run
factory tests. This is implemented by adding new state ATH10K_STATE_UTF and user
space can enable this state with ATH10K_TM_CMD_UTF_START command. To go back to
normal mode user space can send ATH10K_TM_CMD_UTF_STOP.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
ATH10K_DEBUGFS must depend on DEBUG_FS, otherwise
ath10k will generate an invalid pointer on module load.
Signed-off-by: Matteo Croce <matteo@openwrt.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
On 32bit systems the bitmap was too small and it
was overwritten partially by the stat completion
structure. This was visible with 10.2 firmware
only due to it using a few of the last service
ids.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Nothing important was being overwritten so it
didn't yield any bugs yet.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This makes it easier to log and debug via tracing
with more than 1 ath10k device on a system.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Remove the ugly _access functions. Being explicit
is a good thing.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This prevents some fw revisions from crashing in
many cases when user is trying to run a
promiscuous station interface (e.g. sniffing,
4addr bridge).
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fix some cases where monitor start failure left
the driver in a confused state.
This also makes the monitor code simpler.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Commit 5c771e7454
introduced a regression. On some systems spurious
interrupts could schedule a tasklet while tearing
down leading to, e.g.:
BUG: unable to handle kernel paging request at fe589030
IP: [<c1316fb0>] ioread32+0x30/0x40
...
Call Trace:
[<fe576c1b>] ath10k_pci_tasklet+0x1b/0x60 [ath10k_pci]
[<c1053fbe>] tasklet_action+0x9e/0xb0
[<c10534f1>] __do_softirq+0xf1/0x3f0
[<c1053400>] ? ftrace_raw_event_irq_handler_entry+0xa0/0xa0
[<c1004999>] do_softirq_own_stack+0x29/0x40
<IRQ>
[<c1053a76>] irq_exit+0x86/0xb0
...
[<c132d522>] do_pci_disable_device+0x52/0x60
[<c132d57f>] pci_disable_device+0x4f/0xb0
[<c132a961>] ? __pci_set_master+0x51/0x80
[<fe5740b3>] ath10k_pci_release+0x33/0x40 [ath10k_pci]
[<fe575d4b>] ath10k_pci_remove+0x7b/0x90 [ath10k_pci]
Reported-by: Kalle Valo <kvalo@qca.qualcomm.com>
Tested-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
If a station was reassociated, i.e. due to change
of supported rates update via sta_rc_update() the
num_legacy_stations would be (incorrectly) bumped
up leading to unbalanced usage of the var. This in
turn could lock rtscts protection up as enabled.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Recent changes done to start/restart sequences
broke hw recovery in some hw configurations. The
pci transport was stopped twice however due to a
workaround in the pci disabling code the
disable/enable for first msi interrupt was not
balanced. This ended up with irqs not being
properly re-enabled and the following print out
during recovery:
ath10k: failed to receive control response completion, polling..
ath10k: Service connect timeout: -110
ath10k: Could not init core: -110
Legacy interrupt mode was unaffected while msi
ranged mode would be partially crippled (it would
miss fw indication interrupts but otherwise it
worked fine).
This fixes completely broken fw recovery for a
single msi interrupt mode and fixes subsequent fw
crash reports for msi range interrupt mode.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
According to RCU_INIT_POINTER()'s block comment 3.a, it can be used if
"3. The referenced data structure has already been exposed to readers either
at compile time or via rcu_assign_pointer() -and-
a. You have not made -any- reader-visible changes to this structure since
then".
This case fulfills the conditions above because between the rcu_dereference()
call (cvif = rcu_dereference(ar->beacon_iter);) and the rcu_assign_pointer()
call there is no update of the "cvif" variable.
Therefore, this patch makes the replacement.
The following Coccinelle semantic patch was used:
@@
identifier v;
@@
v = rcu_dereference(...);
... when != rcu_dereference(...);
when != v = ...;
when != (<+...v...+>)++;
when != \(memcpy\|memset\)(...);
(
- rcu_assign_pointer
+ RCU_INIT_POINTER
(..., v);
|
if(...) {
... when != v = ...;
- rcu_assign_pointer
+ RCU_INIT_POINTER
(..., v);
... when any
}
)
Because there are cases where between a “rcu_dereference()” call and a
“rcu_assign_pointer()” call might be updates of the value that interests us,
the Coccinelle semantic patch ignores them and replaces with
"RCU_INIT_POINTER()" only when the update is not happening.
Signed-off-by: Andreea-Cristina Bernat <bernat.ada@gmail.com>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Setup the channel context correctly. Not doing this was
causing beacon loss in a P2P-GO/STA concurrent setup.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If a new context is being added in addition to the current one,
then send the ASSIGN event to abort a running scan since
the addition of a context is usually followed by VIF
assignment and further operations.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
There is no reason why managed/p2p interfaces have to
be limited to one. IBSS is the only type that needs
a restriction.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This will be useful in handling addition/change of new
channel contexts.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Move it inside a CONFIG_ATH9K_CHANNEL_CONTEXT ifdef
since it is not needed otherwise.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This was introduced in an earlier patch to handle
a compilation warning, but since the channel context
code has been mostly isolated, this is not required now.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
chanctx_work and next_chan are required only when
CONFIG_ATH9K_CHANNEL_CONTEXT is enabled.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Finally move the 'offchannel' instance in ath_softc
inside a CONFIG_ATH9K_CHANNEL_CONTEXT cage. The offchannel
usage in ath9k_calculate_iter_data() is closed off with
an ifdef for now, since the state/opmode calculation is
common for both the channel context mode and the normal mode.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k_vif_iter() was earlier used as an iterator
routine when calling a mac80211 utility. This is no
longer the case and hence we can mention the argument
type explicitly.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath_chanctx_check_active() is required only when channel contexts
are used. Make sure that it is not called in normal usage.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch adds a routine to setup the offchannel
instance in ath_softc.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Introduce a function that handles queues in channel
context mode.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Using these wrappers allows us to move the 'sched'
variable in ath_softc inside CONFIG_ATH9K_CHANNEL_CONTEXT.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
These routines are required only when
CONFIG_ATH9K_CHANNEL_CONTEXT is enabled.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Check if channel context usage is enabled before
calling ath_chanctx_event() from various parts of the
driver. Also, make sure that ath_chanctx_event() is
compiled only when CONFIG_ATH9K_CHANNEL_CONTEXT is
enabled.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
