1. 28 Aug, 2018 3 commits
    • Gustavo A. R. Silva's avatar
      ath10k: use struct_size() in kzalloc() · 06ae8dc0
      Gustavo A. R. Silva authored
      One of the more common cases of allocation size calculations is finding
      the size of a structure that has a zero-sized array at the end, along
      with memory for some number of elements for that array. For example:
      
      struct foo {
      	int stuff;
              void *entry[];
      };
      
      instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
      
      Instead of leaving these open-coded and prone to type mistakes, we can
      now use the new struct_size() helper:
      
      instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
      
      This issue was detected with the help of Coccinelle.
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      06ae8dc0
    • Martin Willi's avatar
      ath10k: schedule hardware restart if WMI command times out · a9911937
      Martin Willi authored
      When running in AP mode, ath10k sometimes suffers from TX credit
      starvation. The issue is hard to reproduce and shows up once in a
      few days, but has been repeatedly seen with QCA9882 and a large
      range of firmwares, including 10.2.4.70.67.
      
      Once the module is in this state, TX credits are never replenished,
      which results in "SWBA overrun" errors, as no beacons can be sent.
      Even worse, WMI commands run in a timeout while holding the conf
      mutex for three seconds each, making any further operations slow
      and the whole system unresponsive.
      
      The firmware/driver never recovers from that state automatically,
      and triggering TX flush or warm restarts won't work over WMI. So
      issue a hardware restart if a WMI command times out due to missing
      TX credits. This implies a connectivity outage of about 1.4s in AP
      mode, but brings back the interface and the whole system to a usable
      state. WMI command timeouts have not been seen in absent of this
      specific issue, so taking such drastic actions seems legitimate.
      Signed-off-by: default avatarMartin Willi <martin@strongswan.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      a9911937
    • Rakesh Pillai's avatar
      ath10k: skip resetting rx filter for WCN3990 · 58da3b42
      Rakesh Pillai authored
      WCN3990 has the MAC_PCU_ADDR1 configured properly
      and hence it will not send spurious ack frames
      during boot up.
      
      Hence the reset_rx_filter workaround is not needed
      for WCN3990. Add a hw_param to indicate if hardware rx
      filter reset is needed and skip the reset_rx_filter for
      WCN3990.
      
      Tested HW: WCN3990
      Tested FW: WLAN.HL.2.0-01188-QCAHLSWMTPLZ-1
      Signed-off-by: default avatarRakesh Pillai <pillair@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      58da3b42
  2. 24 Aug, 2018 3 commits
    • YueHaibing's avatar
      wcn36xx: use dma_zalloc_coherent instead of allocator/memset · d410e28f
      YueHaibing authored
      Use dma_zalloc_coherent instead of dma_alloc_coherent
      followed by memset 0.
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      d410e28f
    • YueHaibing's avatar
      wcn36xx: Use kmemdup instead of duplicating it in wcn36xx_smd_process_ptt_msg_rsp · 3f96556f
      YueHaibing authored
      Replace calls to kmalloc followed by a memcpy with a direct call to
      kmemdup.
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      3f96556f
    • Tamizh chelvam's avatar
      ath10k: fix kernel panic by moving pci flush after napi_disable · bd1d3950
      Tamizh chelvam authored
      When continuously running wifi up/down sequence, the napi poll
      can be scheduled after the CE buffers being freed by ath10k_pci_flush
      
      Steps:
        In a certain condition, during wifi down below scenario might occur.
      
      ath10k_stop->ath10k_hif_stop->napi_schedule->ath10k_pci_flush->napi_poll(napi_synchronize).
      
      In the above scenario, CE buffer entries will be freed up and become NULL in
      ath10k_pci_flush. And the napi_poll has been invoked after the flush process
      and it will try to get the skb from the CE buffer entry and perform some action on that.
      Since the CE buffer already cleaned by pci flush this action will create NULL
      pointer dereference and trigger below kernel panic.
      
      Unable to handle kernel NULL pointer dereference at virtual address 0000005c
      PC is at ath10k_pci_htt_rx_cb+0x64/0x3ec [ath10k_pci]
      ath10k_pci_htt_rx_cb [ath10k_pci]
      ath10k_ce_per_engine_service+0x74/0xc4 [ath10k_pci]
      ath10k_ce_per_engine_service [ath10k_pci]
      ath10k_ce_per_engine_service_any+0x74/0x80 [ath10k_pci]
      ath10k_ce_per_engine_service_any [ath10k_pci]
      ath10k_pci_napi_poll+0x48/0xec [ath10k_pci]
      ath10k_pci_napi_poll [ath10k_pci]
      net_rx_action+0xac/0x160
      net_rx_action
      __do_softirq+0xdc/0x208
      __do_softirq
      irq_exit+0x84/0xe0
      irq_exit
      __handle_domain_irq+0x80/0xa0
      __handle_domain_irq
      gic_handle_irq+0x38/0x5c
      gic_handle_irq
      __irq_usr+0x44/0x60
      
      Tested on QCA4019 and firmware version 10.4.3.2.1.1-00010
      Signed-off-by: default avatarTamizh chelvam <tamizhr@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      bd1d3950
  3. 06 Aug, 2018 34 commits