Use %*ph format to print small buffer as hex string.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Use %*ph format to print small buffer as hex string.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When using single_open() for opening, single_release() should be
used instead of seq_release(), otherwise there is a memory leak.
This is detected by Coccinelle semantic patch.
Fixes: 610247f46f ("rtlwifi: Improve debugging by using debugfs")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When using single_open(), single_release() should be used instead
of seq_release(), otherwise there is a memory leak.
This is detected by Coccinelle semantic patch.
Fixes: e3037485c6 ("rtw88: new Realtek 802.11ac driver")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Obviously, variable 'copied' is initialized to zero. But it is not used.
hence just remove it.
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This is a trivial debugfs entry for triggering reset just like in case
of firmware crash. It works by writing 1 to it:
echo 1 > reset
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In case of compiling driver without DEBUG expose a stub function to make
writing debug code much simpler (no extra conditions). This will allow
e.g. using debugfs_create_file() without any magic if or #ifdef.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Use cancel_delayed_work_sync on the dump workers only in case of
unloading the op mode. In any other case use iwl_fw_flush_dumps or
iwl_fw_dbg_stop_sync (depends if the op mode mutex is held or not).
This way, the driver will wait until debug data is collected in all
cases but op mode unloading.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Remove periodic trigger functionality.
After moving to the new API we will add periodic trigger functionality
that matches the new API.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Fix the documentation of struct iwl_fw_ini_monitor_dump and
iwl_fw_ini_error_dump_range.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Add support code to be able to use the DRAM buffer allocation command,
which allows us to send information about a buffer to the firmware
to use it with the DBGC hardware.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Remove the "apply points" mechanism as preparation for the changed
debug API where this is now a "time point" instead. Use a new API
across the code at the trigger points ("time points"), but don't
yet implement it since that requires some more preparation.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Allows to easily calculate array length at the end of a TLV.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Sometimes the firmware won't be able to decrypt frames
because the keys were not installed yet or other scenarios.
The firmware will soon stop dropping multicast frames when
MAC_FILTER_ACCEPT_GRP is not set. The firmware will simply
always pass multicast frame in.
In order to avoid logging any such frame coming in when we
don't have the keys, drop the print.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
There are products which have a single chain with 2 antennas.
In these products, we need to inform the FW that the device has the
single antenna diversity(SAD) feature. In the future, we will read
the active antenna from a BIOS configuration. Currently, we use a
default configuration which means that the FW decides which antenna to use.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In prior hardware generations (e.g. 9000 series), we received the BAR
frame with fake NSSN information to handle releasing frames from the
reorder buffer for the default queue, the other queues were getting
the FRAME_RELEASE notification in this case.
With multi-TID block-ack, the firmware no longer sends us the BAR
frame because the fake RX is quite big (just the metadata is around
48 bytes or so). Instead, it now sends us one (or multiple) special
release notifications (0xc2). The hardware consumes these as well,
but only generates the FRAME_RELEASE (0xc3) for queues other than
the default queue. We thus need to handle them in the same way we
handle the normal FRAME_RELEASE.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Certain APs (I think a certain Broadcom model) interact badly with our
full state BA bitmap handling, and if triggered badly with many powersave
transitions they keep sending frames from before the window, which our
hardware then doesn't appear to ACK (to them) since it has moved on and
is sending ACKs for higher SNs now.
Try to detect this situation and if this keeps happening, disable the
aggregation session.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
WoWlan feature within the FW uses the station id for various of reasons.
Thus we need to add this information to the command.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The new device generation has a slightly different suspend resume flow
Currently, the way the driver instruct the device to move to D3 is by
sending D3_CONFIG_CMD.
Instead of using the host command the indication is by writing to the
doorbell interrupt.
The FW will respond with interrupt to indicate transition completion.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Remove duplicate inclusion of iwl-trans.h.
This issue was found by includecheck.
Signed-off-by: Hariprasad Kelam <hariprasad.kelam@gmail.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Stop accessing the trans configuration via the iwl_cfg structure and
always access it via the iwl_trans structure. This completes the
requirements to disassociate the trans-specific configuration from the
rest of the configuration.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
A few functions were receiving the iwl_cfg struct directly, but we
will also need other parts of the trans, so pass the trans (which
includes the cfg) to them.
Signed-off-by: Ido Yariv <idox.yariv@intel.com>
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Add a pointer to the iwl_trans structure and point it to the trans
part of the cfg. This is the first step in disassociating the trans
configuration from the rest of the configuration.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Instead of accessing the iwl_config_trans_params from the cfg that is
stored in the trans struct, pass this structure directly to functions
that need it during trans_alloc. This will be useful to isolate the
elements needed during allocation and pass them separately before the
actual cfg struct is known.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Instead of setting the cfg to iwl_trans already during allocation, set
it only later when we have had the time to decide which cfg to use.
This is part of the effort to be able to decide the cfg based on HW
revision and RF ID after iwl_trans_alloc() has been called.
For now, since we still have a bunch of code checking the HW revision
and the RF ID, we set iwl_trans->cfg early, even before we decided the
real cfg to use. We only use the trans configuration at this point,
so this is fine for now. In the future, the trans configuration will
be completely independent from the rest of the config structure, so
we'll be able to avoid this.
Additionally, we can't access the PRPH registers in iwl_trans_alloc()
anymore, so move the HW REV C-step check for family 8000 code later to
the probe function as well. This step is probably not necessary, but
if that's the case it should be removed separately later on.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
There were a couple of special handling to find the correct cfg inside
iwl_trans_pcie_alloc(). Move them to iwl_pci_probe() so they're
together with the rest of the decisions.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Instead of using iwl_trans->cfg in iwl_trans_pcie_alloc(), use the
local argument that we received. This will allow us to not to set the
cfg during iwl_trans_alloc() so it can be decided later.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In order to be able to select the cfg depending on the HW revision or
on the RF ID, we need to set up the trans before selecting the cfg.
To do so, move the elements from cfg that are needed by
iwl_trans_alloc() to a separate struct at the top of the cfg, so it
can be used by other cfg types as well, before selecting the rest of
the configuration.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Make a static regions ops array and use it instead of switch case when
determining what op to use to collect a region.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Avoid iterating over dump TLVs twice for size calculation by using
linked list to store the dump TLVs.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
separate configuration flows and dump collection flows.
make ini configuration flows be in iwl-dbg-tlv.c and dump related flows
in dbg.c to better reflect their logical difference.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Can't rely that band 2.4 is always supported by the NIC and use the
first channel in this band for the phy ctxt.
Instead, look for the first channel in the first band that is supported
Signed-off-by: Tova Mussai <tova.mussai@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In case of Ultra-high-band (UHB), need to allocate nvm data structure in
size of UHB channels array.
Signed-off-by: Tova Mussai <tova.mussai@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Remove the IWL_DEVICE_AX200_COMMON definition, since it's only used
once and relies mostly on IWL_DEVICE_22000_COMMON anyway.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Align wrt log prints to the driver coding style
Remove the ext field from the log and print it at the beginning of the
apply point.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Debug flow TLV was removed from the FW. Remove the TLV from the driver
as well.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Reimplement debug TLV allocation flow. The driver will check the
validity of the debug TLVs prior allocating space for them.
Any malformed or unsupported TLV will be skipped.
The TLV specific checks will be added in later patches.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
use iwl_trans_dbg_ini_valid function instead of a boolean value check if
dbg_ini mode is on. It is needed for a future patch.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The string we define as IWL_22000_HR_B_F0_FW_PRE is duplicate with
IWL_22000_QU_B_HR_B_FW_PRE. Remove the former to avoid confusion.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The real name is struct iwl_tof_range_req_ext_cmd, fix that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
TX power limits as defined in the OTP assume the worst case scenario
in terms of the platform's atenna gain, but most platforms are below
that value so they can use more TX power without passing the regulatory
limit. If the platform indicates in the BIOS that it indeed has lower
gain, and the geographic location allows it, higher TX power can be
used. The driver reads the PPAG (Per-Platform Antenna Gain) data from
BIOS (if it exists), validates it and sends the appropriate command to
the FW. This flow happens once at FW init, in case of suspend/resume
there is no need to read again from BIOS as we save those values during
init, so just send the PPAG command again to FW.
Signed-off-by: Gil Adam <gil.adam@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The check is not necessary anymore, because now the struct is not
allocated separately, but is part of the mvmsta struct. Remove the
check, since it's dead code.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Any firmware that supports the new channel switch flow is
able to close / re-open the queues when needed. It takes
into account the channel switch mode etc...
Don't open / close the queues or enable / disable beacon
abort before and after the channel switch in case the
firmware is able to do this by itself.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
dma_alloc_coherent is not just the page allocator. The only valid
arguments to pass are either GFP_ATOMIC or GFP_ATOMIC with possible
modifiers of __GFP_NORETRY or __GFP_NOWARN.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
periphery phy and aux regions should not be collected like periphery mac
region. Remove their handling. The handling will be added in the future
once the FW will support it.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Fixes: 7a14c23dcd ("iwlwifi: dbg: dump data according to the new ini TLVs")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Use a linked list to maintain the debug TLVs instead of a single buffer.
This way, the driver does not need to iterate over the binary file twice
and allocates smaller chunks of memory. Also, in case one allocation
fails the driver will work with the partial configuration instead of
aborting the entire debug configuration.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Maintain DRAM debug buffer status in trans instead of keeping it as
part of the TLVs buffer to avoid allocating extra space for it.
Needed for future changes.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
regdb_ptrs is not in used anymore, remove it.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
align the naming to iwl_dbg_tlv_*
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Function iwl_mvm_scan_set_legacy_probe_req() second argument
size is too large to be passed by value.
Fix it to be passed by reference.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
This means:
1) stop calling pm_runtime_resume when starting the hardware
2) removing the unneeded low_power parameter to start / stop hw / fw
transport ops
3) squashing transport functions that are now the same
_iwl_trans_pcie_start_hw / iwl_trans_pcie_start_hw
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Remove the now unneeded functions that called those from the
transport layer.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
This is always set to IWL_PLAT_PM_MODE_DISABLED
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
During D3 state, FW may send packets.
As a result, "write" queue pointer will be incremented by FW.
Upon resume from D3, driver should adjust its shadows of "write" and "read"
pointers to the value reported by FW.
1. Keep TID used during wowlan configuration.
2. Upon resume, set driver's "write" and "read" queue pointers
to the value reported by FW.
Signed-off-by: Alex Malamud <alex.malamud@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
It doesn't make sense to use the FW thermal monitoring only if we
have CONFIG_THERMAL, because then we use the default thresholds
etc. which may be different from what the firmware implements, as
we don't maintain them in the driver now. Only the CTDP code needs
to actually be under CONFIG_THERMAL.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
It's hard to follow the numbers so rename it with enum
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Scan API was changed to support 6Ghz channels as well.
Support the new version.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
New FW versions introduces LTR feature enablement by default.
For such FW versions, driver (mvm/xvt) should not send
host command to enable LTR feature, also it should be possible to
override LTR configuration through the debugfs.
1. Send LTR feature enablement command only for FW versions
which does not advertises SET_LTR_GEN2 capability.
2. Implement ltr_config file in debugfs for LTR configuration override.
Signed-off-by: Alex Malamud <alex.malamud@intel.com>
This flag should never be set unless integration work with the
platform is done. We don't support any platforms officially and don't
plan to do so in the near future, so we can remove this option
entirely in order to avoid having it enabled by mistake.
This has been marked with "depends on EXPERT", so there shouldn't be
many systems running with it set. And, if there are systems, they
should not be using this flag.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
This flag is never set on any host command. Remove it.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
We're now left with a status bit that is never set and a few
other leftovers.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Also change the signature of the power functions that won't
receive d0i3=true anymore.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
This variable read, but never set. Remove it.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Now that d0i3 is dead, this function can't be called from d0i3
flows. Change its signature and make it static.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
For runtime PM to work with d0i3 code, a lot of integration work needs
to be done with the platform (e.g. the out-of-band wake up interrupt)
and we currently don't have any platforms where this integration
happened. So, this code has been pretty much stale for a while and
when someone enables it, it just breaks things.
Therefore, to simplify the code base and make sure no one enables this
by mistake, we will remove the whole code.
This is only the very start, much more work is needed.
Remove the places where we check iwl_mvm_is_d0i3_supported
but leave all the refs, those will be removed in a different
patch.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
When printing a TX, add to the print the length of the frame.
That will help with BSEP (buffer status report poll) tests.
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Use the actual length of channels array and not the max capable length.
Signed-off-by: Beker Ayala <ayala.beker@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
add support to print ldbg command in mvm and xvt mode
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Support the new DBGC_SUSPEND_RESUME command to change the recording state.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The op mode should stop the debug recording and not the transport layer.
Rename iwl_fwrt_stop_device into iwl_fw_dbg_stop_sync and move the debug
stop recording to it.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The recording functions are quite big to be inline and the driver should
expose only the stop and restart functions that are allowed to be used
rather then the internal helper functions. Move the functions from the
header file.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
These static functions are only used after their definition,
so we don't need the forward declarations.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In case that there are OBSS that do not know how to properly
interpret 26-tone RU OFDMA transmissions, instruct the FW not
to use such transmissions.
The check is currently only performed upon association.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
If mvm->fwrt.cur_fw_img != IWL_UCODE_INIT, then
rfkill_safe_init_done must be true since
rfkill_safe_init_done is set to true before we start to load
the runtime image.
Remove the redundant condition.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The newer targets don't support the DQA enablement command
and will return error status, while older targets need it.
The feature is defined by the corresponding TLV.
Send the command only if the TLV is enabled.
Signed-off-by: Ilia Lin <ilia.lin@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Introduce debugfs entry to read device temperature and related cmu
command. Introduce mt7615_mcu_parse_response to parse mcu response
messages and refactor mt7615_mcu_msg_send routine
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce mt7615_txwi_to_txp utility routine to convert mt76_txwi_cache
into mt7615_txp and remove duplicated code
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
We allways return 0 from mt76x0_phy_set_channel(), no need to pass
return value upward.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
We set dev->mt76.chandef in mt76_set_channel() already.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
mt76_rx_convert() not need to be exported any longer.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
tx queues are already disabled by mac80211 during scanning or other
off-channel activity. There is no need to repeat the check in mt76,
since scheduled queues are selected by mac80211 as well.
Signed-off-by: Balakrishna Bandi <b.balakrishna@globaledgesoft.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There is no need to send a BAR frame after stopping aggregation, and doing
so could lead to sending class 3 frames after deauthentication from an AP
Signed-off-by: Balakrishna Bandi <b.balakrishna@globaledgesoft.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes use-after-free issues on forced station removal during hardware restart
on MT76x02
Fixes: aee5b8cf24 ("mt76: implement A-MPDU rx reordering in the driver code")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MT7615 chips usually come pre-calibrated, even when used on embedded boards.
In that case, the on-flash EEPROM data needs to be merged with some data
from OTP ROM.
Run this merge if the external EEPROM data is valid and OTP has valid fields.
Tested-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce a default implementation for mt76_sw_scan and
mt76_sw_scan_complete in mt76 module and remove duplicated code
since most of the drivers share the same implementation
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the following checkpatch warnings:
CHECK: Alignment should match open parenthesis
CHECK: No space is necessary after a cast
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Refactor mt7615_mac_wtbl_set_key and introduce
the following routines in order to configure wtbl entries
and properly add hw support to BIP_CMAC_128 cipher:
- mt7615_mac_wtbl_update_cipher
- mt7615_mac_wtbl_update_pk
- mt7615_mac_wtbl_update_key
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Remove unnecessary mcu queue initialization in mt7603_dma_init since it
has been already done in mt76_mmio_init
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move mt76{15,03}_tx_tasklet in mt76_alloc_device in order to be used as
default tx_tasklet initialization. Remove duplicated code in
mt7603/mt7615 drivers
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move survey_time field in mt76_dev in order to be reused adding survey
support to mt7615 driver
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce channel survey support for mt76x2u and mt76x0u drivers
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Enable multi-interface support for mt76x02u driver. For the moment
allow max two concurrent interfaces in order to preserve enough room
for ps traffic since we are using beacon slots for it.
I have successfully tested the following configuration:
- AP + STA
- AP0 + AP1
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Tested-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Do not copy beacon skb in mt76x02_mac_set_beacon_enable for usb devices
since it will be done in mt76x02_update_beacon_iter. Moreover squash
mt76x02_mac_set_beacon_enable and __mt76x02_mac_set_beacon_enable since
the latter is run just by mt76x02_mac_set_beacon_enable
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce Smart Carrier Sense support in order to tune device
sensitivity according to RTS error rate and False CCA reported by the
radio
Tested-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
As already done for mt7603 driver, move mt76.mutex lock inside
mt7615_set_channel since we need to grab mt76.mutex in mt7615_mac_work.
This is a preliminary patch to add Smart Carrier Sense (SCS) support
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
No functional change intended.
Add SPDX identifiers to all remaining files in /mt76.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the following checkpatch warnings:
ERROR: code indent should use tabs where possible
CHECK: Alignment should match open parenthesis
CHECK: No space is necessary after a cast
CHECK: Please don't use multiple blank lines
CHECK: Avoid precedence issues in macro
WARNING: Statements should start on a tabstop
WARNING: Unnecessary space before function pointer arguments
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the following checkpatch warnings:
WARNING: Improper SPDX comment style
Fix blank lines.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the following checkpatch warnings:
WARNING: Improper SPDX comment style
CHECK: No space is necessary after a cast
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update the help text to fix a checkpatch warning:
WARNING: please write a paragraph that describes the config symbol fully
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add default values of cw_min/max and use fls() for configuration.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hardware supports 4 sets of WMM that should be put to good use.
And fix incorrect queue mapping in mt7615_conf_tx().
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Convert MT7603_WATCHDOG_TIME in jiffies rescheduling watchdog delayed
work
Fixes: c8846e1015 ("mt76: add driver for MT7603E and MT7628/7688")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Express watchdog timeout in jiffies since it is used directly in
ieee80211_queue_delayed_work
Fixes: 04b8e65922 ("mt76: add mac80211 driver for MT7615 PCIe-based chipsets")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add mt76_mmio_read_copy routine and the related function pointer in
mt76_bus_ops data structure. mt76_mmio_read_copy will be used to add
BIP_CMAC_128 cipher hw support to mt7615 driver
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce set_key_cmd and mt76_wcid pointer to mt7615_mac_wtbl_set_key
signature and do not set key to NULL if cmd is DISABLE_KEY.
This is a preliminary patch to add BIP_CMAC_128 hw support to mt7615
driver
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Get rid of wtbl_sec_key definition since it is no longer used
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add mt7615_mac_wtbl_set_key routine to configure wtbl key parameter
directly from host cpu. This is a preliminary patch to add BIP_CMAC_128
hw support. Moreover add static qualifier to mt7615_mac_get_key_info
routine
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce mt7615_mac_wtbl_addr rouinte to compute sta wtbl address.
This is a preliminary patch to update wtbl key directly from host
processor
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is a preliminary patch to update wtbl key directly from host
processor
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- initialize CCA signal source
- initialize clock for band 1 (7615D)
- initialize BAR rate
Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce support to TP-Link T2UHP
https://wikidevi.com/wiki/TP-LINK_Archer_T2UHP
Tested-by: Sid Hayn <sidhayn@gmail.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Compiler give us guarantees on variables alignment, so use
an variable as buffer when read/write registers and remove
unneeded {put,get}_unaligned.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In contrast to mt76_wr() which we use to program registers,
on mt76_wr_copy() we should not change endian of the data.
Fixes: b40b15e152 ("mt76: add usb support to mt76 layer")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bufferable management frames need to be put in the data queue, otherwise
they will not be buffered when the receiver is asleep.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The hardware expects MT_TX_RATE_NSS to be filled with the number of
space/time streams. For non-STBC rates, this is equal to nss.
For 1-stream STBC, this needs to be set to 2.
This is relevant for VHT rates only, on HT, the value is derived from MCS
internally.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fix typo setting urb->transfer_buffer_length in mt76u_fill_rx_sg
Fixes: b40b15e152 ("mt76: add usb support to mt76 layer")
Fixes: f8f527b16d ("mt76: usb: use EP max packet aligned buffer sizes for rx")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- Store the previous and current rate set in the driver + the TSF value
at the time of the switch.
- Use the tx status TSF value to determine which rate set needs to be used
as reference.
- Report only short or long GI rates for a single status event, not a mix.
- The hardware reports the last used rate index. Use it along with the
retry count to figure out what rate was used for the first attempt.
- Use the same retry count value for all rate slots to make this calculation
work.
- Derive the probe rate from the current rateset instead of the skb cb
- Do not wait for a status report for the probe frame before removing the
probe rate from the rate table. Do it immediately after it was referenced
in a tx status report.
- Use the first half of the first rate retry budget for the probe rate
in order to avoid using too many retries on that rate
- Switch from lower rates to higher rates more conservatively
- enable hardware rate up/down selection
Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
These values must be initialized to zero, otherwise the hardware could
reuse previous values, especially the rate index
Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
It bypasses the MCU, so it does not belong in mcu.c
Also make mt7615_mac_tx_rate_val static
Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add mt7615_mcu_send_ram_firmware routine since mt7615_load_ram runs the
same code to send ram firmware to cr4 and n9 mcus. Moreover rename
gen_dl_mode in mt7615_mcu_gen_dl_mode.
This patch does not introduce any behaviour change, it is just code
refactor.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Release patch semaphore even if request_firmware fails in
mt7615_load_patch
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since we don't clean that tx queue from the tx tasklet, we need to do it
after the firmware upload is done. This patch also adds a cleanup step during
the upload, to help reclaim memory faster.
Fixes unprocessed queued frames eating up memory long after the firmware
upload has already completed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce mt7615_mcu_rdd_send_pattern routine to trigger a radar pattern
detection. Moreover move debugfs related routines in a dedicated source
file.
Suggested-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add Channel Switch Announcement support to mt7615 driver updating beacon
template with CSA IE received from mac80211
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Delay channel calibration after Channel Availability Check. Add some
code cleanup to mt7615_mcu_set_channel
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add hw radar detection support to mt7615 driver in order to
unlock dfs channels on 5GHz band
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce mt7615_regd_notifier callback. This is a preliminary patch to
add radar detection support to mt7615 driver
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fix the following sparse warning in __mt7615_mcu_msg_send:
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c:78:15: sparse: warning:
restricted __le16 degrades to integer
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c:78:15: sparse: warning:
cast from restricted __le16
Fixes: 04b8e65922 ("mt76: add mac80211 driver for MT7615 PCIe-based chipsets")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When beacon length is not a multiple of 4, the beacon could be sent with
the last 1-3 bytes corrupted. The skb data is guaranteed to have enough
room for reading beyond the end, because it is always followed by
skb_shared_info, so rounding up is safe.
All other callers of mt76_wr_copy have multiple-of-4 length already.
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The `ar_usb` field of `ath6kl_usb_pipe_usb_pipe` objects
are initialized to point to the containing `ath6kl_usb` object
according to endpoint descriptors read from the device side, as shown
below in `ath6kl_usb_setup_pipe_resources`:
for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
endpoint = &iface_desc->endpoint[i].desc;
// get the address from endpoint descriptor
pipe_num = ath6kl_usb_get_logical_pipe_num(ar_usb,
endpoint->bEndpointAddress,
&urbcount);
......
// select the pipe object
pipe = &ar_usb->pipes[pipe_num];
// initialize the ar_usb field
pipe->ar_usb = ar_usb;
}
The driver assumes that the addresses reported in endpoint
descriptors from device side to be complete. If a device is
malicious and does not report complete addresses, it may trigger
NULL-ptr-deref `ath6kl_usb_alloc_urb_from_pipe` and
`ath6kl_usb_free_urb_to_pipe`.
This patch fixes the bug by preventing potential NULL-ptr-deref
(CVE-2019-15098).
Signed-off-by: Hui Peng <benquike@gmail.com>
Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
clang triggers a warning about oversized stack frames that gcc does not
notice because of slightly different inlining decisions:
ath/wcn36xx/smd.c:1409:5: error: stack frame size of 1040 bytes in function 'wcn36xx_smd_config_bss' [-Werror,-Wframe-larger-than=]
ath/wcn36xx/smd.c:640:5: error: stack frame size of 1032 bytes in function 'wcn36xx_smd_start_hw_scan' [-Werror,-Wframe-larger-than=]
Basically the wcn36xx_hal_start_scan_offload_req_msg,
wcn36xx_hal_config_bss_req_msg_v1, and wcn36xx_hal_config_bss_req_msg
structures are too large to be put on the kernel stack, but small
enough that gcc does not warn about them.
Use kzalloc() to allocate them all. There are similar structures in other
parts of this driver, but they are all smaller, with the next largest
stack frame at 480 bytes for wcn36xx_smd_send_beacon.
Fixes: 8e84c25821 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In ath6kl_htc_mbox_create(), when kzalloc() on line 2855 fails,
target->dev is assigned to NULL, and ath6kl_htc_mbox_cleanup(target) is
called on line 2885.
In ath6kl_htc_mbox_cleanup(), target->dev is used on line 2895:
ath6kl_hif_cleanup_scatter(target->dev->ar);
Thus, a null-pointer dereference may occur.
To fix this bug, kfree(target) is called and NULL is returned when
kzalloc() on line 2855 fails.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Initialize acktimeout to the maximum configurable value in
ath_dynack_reset in order to not disconnect long distance static links
enabling dynack and even to take care of possible errors configuring
a static timeout. Moreover initialize station timeout value to the current
acktimeout value
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Compute maximum configurable ackimeout/ctstimeout according to channel
width (clockrate)
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add compute timeout to last computation timestamp in
ath_dynack_reset in order to not run ath_dynack_compute_ackto
immediately
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Introduce ath_dynack_set_timeout routine to configure slottime/ack/cts
timeouts and remove duplicated code
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Atheros cards with a AR92XX generation (and older) chip usually
store their pci(e) initialization vectors on an external eeprom chip.
However these chips technically don't need the eeprom chip attached,
the AR9280 Datasheet in section "6.1.2 DEVICE_ID" describes that
"... if the EEPROM content is not valid, a value of 0xFF1C returns
when read from the register". So, they will show up on the system's
pci bus. However in that state, ath9k can't load, since it relies
on having the correct pci-id, otherwise it doesn't know what chip it
actually is. This happens on many embedded devices like routers
and accesspoint since they want to keep the BOM low and store the
pci(e) initialization vectors together with the calibration data
on the system's FLASH, which is out of reach of the ath9k chip.
Furthermore, Some devices (like the Cisco Meraki Z1 Cloud Managed
Teleworker Gateway) need to be able to initialize the PCIe wifi device.
Normally, this should be done as a pci quirk during the early stages of
booting linux. However, this isn't possible for devices which have the
init code for the Atheros chip stored on NAND in an UBI volume.
Hence, this module can be used to initialize the chip when the
user-space is ready to extract the init code.
Martin Blumenstingl prodived the following fixes:
owl-loader: add support for OWL emulation PCI devices
owl-loader: don't re-scan the bus when ath9k_pci_fixup failed
owl-loader: use dev_* instead of pr_* logging functions
owl-loader: auto-generate the eeprom filename as fallback
owl-loader: add a debug message when swapping the eeprom data
owl-loader: add missing newlines in log messages
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/net/wireless/ath/carl9170/usb.c: In function carl9170_usb_disconnect:
drivers/net/wireless/ath/carl9170/usb.c:1110:21:
warning: variable udev set but not used [-Wunused-but-set-variable]
It is not use since commit feb09b2933 ("carl9170:
fix misuse of device driver API")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
A null pointer would be passed to a call of the function “kfree”
directly after a call of the function “kcalloc” failed at one place.
Remove this superfluous function call.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Reviewed-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add support for Enhanced Directional Multi-Gigabit (EDMG) channels 9-11.
wil6210 reports it's EDMG capabilities (that are also based on FW
capability) to cfg80211 by filling
wiphy->bands[NL80211_BAND_60GHZ]->edmg_cap.
wil6210 handles edmg.channels and edmg.bw_config requested in connect
and start_ap operations.
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
There are several occasions where a negative cid value is passed
into wil_cid_valid and this is converted into a u8 causing the
range check of cid >= 0 to always succeed. Fix this by making
the cid argument an int to handle any -ve error value of cid.
An example of this behaviour is in wil_cfg80211_dump_station,
where cid is assigned -ENOENT if the call to wil_find_cid_by_idx
fails, and this -ve value is passed to wil_cid_valid. I believe
that the conversion of -ENOENT to the u8 value 254 which is
greater than wil->max_assoc_sta causes wil_find_cid_by_idx to
currently work fine, but I think is by luck and not the
intended behaviour.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
`dev` (struct rsi_91x_usbdev *) field of adapter
(struct rsi_91x_usbdev *) is allocated and initialized in
`rsi_init_usb_interface`. If any error is detected in information
read from the device side, `rsi_init_usb_interface` will be
freed. However, in the higher level error handling code in
`rsi_probe`, if error is detected, `rsi_91x_deinit` is called
again, in which `dev` will be freed again, resulting double free.
This patch fixes the double free by removing the free operation on
`dev` in `rsi_init_usb_interface`, because `rsi_91x_deinit` is also
used in `rsi_disconnect`, in that code path, the `dev` field is not
(and thus needs to be) freed.
This bug was found in v4.19, but is also present in the latest version
of kernel. Fixes CVE-2019-15504.
Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Hui Peng <benquike@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This reverts commit 9ad3b55654.
As reported by Sergey:
"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client stopped to see AP.
Some tests with 1metre distance between client-AP: 2.4Ghz -22dBm, for
5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not
visible."
It was identified that rx signal level degradation was caused by
9ad3b55654 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band").
So revert this commit.
Cc: <stable@vger.kernel.org> # v5.1+
Reported-and-tested-by: Sergey Maranchuk <slav0nic0@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
After looking at code I realized that my previous fix
9584412438 ("rt2x00: clear IV's on start to fix AP mode regression")
was incomplete. We can still have wrong IV's after re-keyring.
To fix that, clear up IV's also on key removal.
Fixes: 710e6cc159 ("rt2800: do not nullify initialization vector data")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
tested-by: Emil Karlson <jekarl@iki.fi>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
We were erroneously assigning the new configuration to a local
variable cfg, but that was not being assigned to anything, so the
change was getting lost. Assign directly to iwl_trans->cfg instead.
Fixes: 5a8c31aa63 ("iwlwifi: pcie: fix recognition of QuZ devices")
Cc: stable@vger.kernel.org # 5.2
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
mwifiex_update_vs_ie(),mwifiex_set_uap_rates() and
mwifiex_set_wmm_params() call memcpy() without checking
the destination size.Since the source is given from
user-space, this may trigger a heap buffer overflow.
Fix them by putting the length check before performing memcpy().
This fix addresses CVE-2019-14814,CVE-2019-14815,CVE-2019-14816.
Signed-off-by: Wen Huang <huangwenabc@gmail.com>
Acked-by: Ganapathi Bhat <gbhat@marvell.comg>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
MT7630E hardware does support 5GHz, but we do not properly configure phy
for 5GHz channels. Scanning at this band not only do not show any APs
but also can hang the firmware.
Since vendor reference driver do not support 5GHz we don't know how
properly configure 5GHz channels. So disable this band for MT7630E .
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Since 41634aa8d6 ("mt76: only schedule txqs from the tx tasklet")
I can observe firmware hangs on MT7630E on station mode: tx stop
functioning after minor activity (rx keep working) and on module
unload device fail to stop with messages:
[ 5446.141413] mt76x0e 0000:06:00.0: TX DMA did not stop
[ 5449.176764] mt76x0e 0000:06:00.0: TX DMA did not stop
Loading module again results in failure to associate with AP.
Only machine power off / power on cycle can make device work again.
It's unclear why commit 41634aa8d6 causes the problem, but it is
related to HW encryption. Since issue is a firmware hang, that is super
hard to debug, just disable HW encryption as fix for the issue.
Fixes: 41634aa8d6 ("mt76: only schedule txqs from the tx tasklet")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct usb_int_regs {
...
struct reg_data regs[0];
} __packed;
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes.
So, replace the following function:
static int usb_int_regs_length(unsigned int count)
{
return sizeof(struct usb_int_regs) + count * sizeof(struct reg_data);
}
with:
struct_size(regs, regs, count)
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Getting RAM info just once per driver's lifetime (during chip
recognition) is not enough as it may get adjusted later (depending on
the used firmware). Subsequent inits may load different firmwares so a
full RAM recognition is required on every PCIe setup. This is especially
important since implementing hardware reset on a firmware crash.
Moreover calling brcmf_chip_get_raminfo() makes sure that RAM core is
up. It's important as having BCMA_CORE_SYS_MEM down on BCM4366 was
resulting in firmware failing to initialize and following error:
[ 65.657546] brcmfmac 0000:01:00.0: brcmf_pcie_download_fw_nvram: Invalid shared RAM address 0x04000001
This change makes brcmf_chip_get_raminfo() call during chip recognition
redundant for PCIe devices but SDIO and USB still need it and it's a
very small overhead anyway.
Fixes: 4684997d9e ("brcmfmac: reset PCIe bus on a firmware crash")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The strncpy() may truncate the copied string,
replace it by the safer strscpy().
To avoid below compile warning with gcc 8.2:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:In function 'brcmf_vndr_ie':
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:4227:2:
warning: 'strncpy' output truncated before terminating nul copying 3 bytes from a string of the same length [-Wstringop-truncation]
strncpy(iebuf, add_del_cmd, VNDR_IE_CMD_LEN - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Xulin Sun <xulin.sun@windriver.com>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
According to documentation IEEE80211_TX_STAT_AMPDU_NO_BACK is suppose
to be used when we do not recive BA (BlockAck). However on rt2x00 we
use it when remote station fail to decode one or more subframes within
AMPDU (some bits are not set in BlockAck bitmap). Setting the flag result
in sent of BAR (BlockAck Request) frame and this might result of abuse
of BA session, since remote station can sent BA with incorrect
sequence numbers after receiving BAR. This problem is visible especially
when connecting two rt2800 devices.
Previously I observed some performance benefits when using the flag
when connecting with iwlwifi devices. But currently possibly due
to reacent changes in rt2x00 removing the flag has no effect on
those test cases.
So remove the IEEE80211_TX_STAT_AMPDU_NO_BACK.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
There is a spelling mistake in an IPW_DEBUG_INFO message. Fix it.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In proc_BSSList_open(), 'file->private_data' is allocated through kzalloc()
and 'data->rbuffer' is allocated through kmalloc(). In the following
execution, if an error occurs, they are not deallocated, leading to memory
leaks. To fix this issue, free the allocated memory regions before
returning the error.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The function is called before the lock which is asserted was ever used.
Just remove it.
Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The pointer hash is being initialized with a value that is never read
and is being re-assigned a little later on. The assignment is
redundant and hence can be removed.
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In wlc_phy_radio_init_2056(), regs_SYN_2056_ptr, regs_TX_2056_ptr and
regs_RX_2056_ptr may be not assigned, and thus they are still NULL.
Then, they are used on lines 20042-20050:
wlc_phy_init_radio_regs(pi, regs_SYN_2056_ptr, (u16) RADIO_2056_SYN);
wlc_phy_init_radio_regs(pi, regs_TX_2056_ptr, (u16) RADIO_2056_TX0);
wlc_phy_init_radio_regs(pi, regs_TX_2056_ptr, (u16) RADIO_2056_TX1);
wlc_phy_init_radio_regs(pi, regs_RX_2056_ptr, (u16) RADIO_2056_RX0);
wlc_phy_init_radio_regs(pi, regs_RX_2056_ptr, (u16) RADIO_2056_RX1);
Thus, possible null-pointer dereferences may occur.
To avoid these bugs, when these variables are not assigned,
wlc_phy_radio_init_2056() directly returns.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
MSI interrupt should be enabled on certain platform.
Add a module parameter disable_msi to disable MSI interrupt,
driver will then use legacy interrupt instead.
One could rebind the PCI device, probe() will pick up the
new value of the module parameter. Such as:
echo '0000:01:00.0' > /sys/bus/pci/drivers/rtw_pci/unbind
echo '0000:01:00.0' > /sys/bus/pci/drivers/rtw_pci/bind
Tested-by: Ján Veselý <jano.vesely@gmail.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Daniel Drake <drake@endlessm.com>
Signed-off-by: Yu-Yen Ting <steventing@realtek.com>
Signed-off-by: Yan-Hsuan Chuang <yhchuang@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
There is a mass of jobs between spin lock and unlock in the hardware
IRQ which will occupy much time originally. To make system work more
efficiently, this patch moves the jobs to the soft IRQ (bottom half) to
reduce the time in hardware IRQ.
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Signed-off-by: Yan-Hsuan Chuang <yhchuang@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Pointer debugfs_topdir is initialized to a value that is never read
and it is re-assigned later. The initialization is redundant and can
be removed.
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
0day reports:
sparse warnings:
drivers/net/wireless/realtek/rtw88/coex.c:2457:6: sparse:
symbol 'rtw_coex_coex_dm_reset' was not declared. Should it be static?
rtw_coex_coex_dm_reset() is not called. Remove it.
Fixes: 4136214f7c ("rtw88: add BT co-existence support")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The WARN_ON() macro takes a condition, not a warning message. I've
changed this to use WARN() instead.
Fixes: 4136214f7c ("rtw88: add BT co-existence support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In commit 98fd8db59a ("rtlwifi: rtl8192ce: Convert macros that set
descriptor"), all the routines that get fields from a descriptor
were changed to return signed integer values. This is incorrect for the
routines that get the entire 32-bit word. In this case, an unsigned
quantity is required.
Fixes: 98fd8db59a ("rtlwifi: rtl8192ce: Convert macros that set descriptor")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In commit 36eda7568f ("rtlwifi: rtl8188ee: Convert macros that set
descriptor"), all the routines that get fields from a descriptor were
changed to return signed integer values. This is incorrect for the
routines that get the entire 32-bit word. In this case, an unsigned
quantity is required.
Fixes: 36eda7568f ("rtlwifi: rtl8188ee: Convert macros that set descriptor")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In commit bd421dab75 ("rtlwifi: rtl8821ae: Convert macros that set
descriptor"), all the routines that get fields from a descriptor
were changed to return signed integer values. This is incorrect for the
routines that get the entire 32-bit word. In this case, an unsigned
quantity is required.
Fixes: bd421dab75 ("rtlwifi: rtl8821ae: Convert macros that set descriptor")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In this step, the read/write routines for the descriptors are converted
to use __le32 quantities, thus a lot of casts can be removed. Callback
routines still use the 8-bit arrays, but these are changed within the
specified routine.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
As a first step in the conversion, the macros that set the RX and TX
descriptors are converted to static inline routines, and the names are
changed from upper to lower case. To minimize the changes in a given
step, the input descriptor information is left as as a byte array
(u8 *), even though it should be a little-endian word array (__le32 *).
That will be changed in the next patch.
Several places where checkpatch.pl complains about a space after a cast
and other warnings are fixed.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This driver uses a set of local macros to manipulate the TX and RX
descriptors, which are all little-endian quantities. These macros
are replaced by the bitfield macros le32p_replace_bits() and
le32_get_bits(). In several places, the macros operated on an entire
32-bit word. In these cases, a direct read or replacement is used.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
As the first step in converting from macros that get/set information
in the RX and TX descriptors, unused macros are being removed.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
A number of variables are initialized when declared that set later in the
routine, thus the initialization can be removed.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In this step, the read/write routines for the descriptors are converted
to use __le32 quantities, thus a lot of casts can be removed. Callback
routines still use the 8-bit arrays, but these are changed within the
specified routine.
The macro that cleared a descriptor has now been converted into an inline
routine.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
As a first step in the conversion, the macros that set the RX and TX
descriptors are converted to static inline routines, and the names are
changed from upper to lower case. To minimize the changes in a given
step, the input descriptor information is left as as a byte array
(u8 *), even though it should be a little-endian word array (__le32 *).
That will be changed in the next patch.
Several places where checkpatch.pl reports lines too long are fixed.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This driver uses a set of local macros to manipulate the RX and TX
descriptors, which are all little-endian quantities. These macros
are replaced by the bitfield macros le32p_replace_bits() and
le32_get_bits(). In several places, the macros operated on an entire
32-bit word. In these cases, a direct read or replacement is used.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
As the first step in converting from macros that get/set information
in the RX and TX descriptors, unused macros are being removed.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
If the call to hw_init() fails for any of the drivers, the driver will
leak memory that was allocated in BT coexistence setup. Technically, each
of the drivers should have done this free; however placing it in rtl_pci
fixes all the drivers with only a single patch.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>