- 25 Oct, 2023 18 commits
-
-
Wu Yunchuan authored
No need cast (void *) to (struct net_device *). Signed-off-by:
Wu Yunchuan <yunchuan@nfschina.com> Signed-off-by:
Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20231020093432.214001-1-yunchuan@nfschina.com
-
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.gitKalle Valo authored
ath.git patches for v6.7. Major changes: ath12k * QCN9274: mesh support ath11k * firmware-2.bin support
-
Kalle Valo authored
This reverts commit e149353e. The commit caused QCA6390 hw2.0 firmware WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1 to crash during disconnect: [71990.787525] ath11k_pci 0000:72:00.0: firmware crashed: MHI_CB_EE_RDDM Closes: https://lore.kernel.org/all/87edhu3550.fsf@kernel.org/Signed-off-by:
Kalle Valo <quic_kvalo@quicinc.com> Reviewed-by:
Jeff Johnson <quic_jjohnson@quicinc.com> Link: https://lore.kernel.org/r/20231023164120.651151-1-kvalo@kernel.org
-
Jeff Johnson authored
Currently, the logic to return an ath12k_sta pointer, given a ieee80211_sta pointer, uses typecasting throughout the driver. In general, conversion functions are preferable to typecasting since using a conversion function allows the compiler to validate the types of both the input and output parameters. ath12k already defines a conversion function ath12k_vif_to_arvif() for a similar conversion. So introduce ath12k_sta_to_arsta() for this use case, and convert all of the existing typecasting to use this function. Signed-off-by:
-
Johan Hovold authored
The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. Fixes: d8899132 ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable@vger.kernel.org # v6.2 Signed-off-by:
Johan Hovold <johan+linaro@kernel.org> Acked-by:
-
Johan Hovold authored
The ath12k active pdevs are protected by RCU but the DFS-radar and temperature event handling code calling ath12k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as RCU read-side critical sections to avoid any potential use-after-free issues. Note that the temperature event handler looks like a place holder currently but would still trigger an RCU lockdep splat. Compile tested only. Fixes: d8899132 ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable@vger.kernel.org # v6.2 Signed-off-by:
-
Johan Hovold authored
The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11k_mac_get_arvif_by_vdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. Fixes: a16d9b50 ("ath11k: support GTK rekey offload") Cc: stable@vger.kernel.org # 5.18 Cc: Carl Huang <quic_cjhuang@quicinc.com> Signed-off-by:
-
Johan Hovold authored
The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. Fixes: d5c65159 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable@vger.kernel.org # 5.6 Signed-off-by:
-
Johan Hovold authored
The ath11k active pdevs are protected by RCU but the DFS radar event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. Fixes: d5c65159 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable@vger.kernel.org # 5.6 Acked-by:
-
Johan Hovold authored
The ath11k active pdevs are protected by RCU but the temperature event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section as reported by RCU lockdep: ============================= WARNING: suspicious RCU usage 6.6.0-rc6 #7 Not tainted ----------------------------- drivers/net/wireless/ath/ath11k/mac.c:638 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 no locks held by swapper/0/0. ... Call trace: ... lockdep_rcu_suspicious+0x16c/0x22c ath11k_mac_get_ar_by_pdev_id+0x194/0x1b0 [ath11k] ath11k_wmi_tlv_op_rx+0xa84/0x2c1c [ath11k] ath11k_htc_rx_completion_handler+0x388/0x510 [ath11k] Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 Fixes: a41d1034 ("ath11k: add thermal sensor device support") Cc: stable@vger.kernel.org # 5.7 Signed-off-by:
-
Karthikeyan Periyasamy authored
In PCI and HAL interface layer module, the identifier sc is used to represent an instance of ath12k_base structure. However, within ath12k, the convention is to use "ab" to represent an SoC "base" struct. So change the all instances of sc to ab. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00125-QCAHKSWPL_SILICONZ-1 Signed-off-by:
Karthikeyan Periyasamy <quic_periyasa@quicinc.com> Acked-by:
-
Karthikeyan Periyasamy authored
In WMI layer module, the identifier wmi_sc is used to represent an instance of ath12k_wmi_base structure. However, within ath12k, the convention is to use "ab" to represent an SoC "base" struct. So change the all instances of wmi_sc to wmi_ab. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00125-QCAHKSWPL_SILICONZ-1 Signed-off-by:
-
Anilkumar Kolli authored
Firmware IE containers can dynamically provide various information what firmware supports. Also it can embed more than one image so updating firmware is easy, user just needs to update one file in /lib/firmware/. The firmware API 2 or higher will use the IE container format, the current API 1 will not use the new format but it still is supported for some time. Firmware API 2 files are named as firmware-2.bin (which contains both amss.bin and m3.bin images) and API 1 files are amss.bin and m3.bin. Currently ath11k PCI driver provides firmware binary (amss.bin) path to MHI driver, MHI driver reads firmware from filesystem and boots it. Add provision to read firmware files from ath11k driver and provide the amss.bin firmware data and size to MHI using a pointer. Currently enum ath11k_fw_features is empty, the patches adding features will add the flags. With AHB devices there's no amss.bin or m3.bin, so no changes in how AHB firmware files are used. But AHB devices can use future additions to the meta data, for example in enum ath11k_fw_features. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.9 Co-developed-by:
P Praneesh <quic_ppranees@quicinc.com> Signed-off-by:
Anilkumar Kolli <quic_akolli@quicinc.com> Co-developed-by:
-
Kalle Valo authored
Simple refactoring to make it easier to add firmware-2.bin support in the following patch. Earlier ath11k_qmi_m3_load() supported changing m3.bin contents while ath11k is running. But that's not going to actually work, m3.bin is supposed to be the same during the lifetime of ath11k, for example we don't support changing the firmware capabilities on the fly. Due to this ath11k requests m3.bin firmware file first and only then checks m3_mem->vaddr, so we are basically requesting the firmware file even if it's not needed. Reverse the code so that m3_mem buffer is checked first, and only if it doesn't exist, then m3.bin is requested from user space. Checking for m3_mem->size is redundant when m3_mem->vaddr is NULL, we would not be able to use the buffer in that case. So remove the check for size. Simplify the exit handling and use 'goto out'. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.9 Signed-off-by:
-
Dmitry Antipov authored
When compiling with clang-18, I've noticed the following: drivers/net/wireless/realtek/rtw89/fw.c:389:28: warning: cast to smaller integer type 'enum rtw89_fw_type' from 'const void *' [-Wvoid-pointer-to-enum-cast] 389 | enum rtw89_fw_type type = (enum rtw89_fw_type)data; | ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/wireless/realtek/rtw89/fw.c:569:13: warning: cast to smaller integer type 'enum rtw89_rf_path' from 'const void *' [-Wvoid-pointer-to-enum-cast] 569 | rf_path = (enum rtw89_rf_path)data; | ^~~~~~~~~~~~~~~~~~~~~~~~ So avoid brutal everything-to-const-void-and-back casts, introduce 'union rtw89_fw_element_arg' to pass parameters to element handler callbacks, and adjust all of the related bits accordingly. Compile tested only. Signed-off-by:Dmitry Antipov <dmantipov@yandex.ru> Signed-off-by:
-
Shiji Yang authored
1. Move MT7620 PA/LNA calibration code to dedicated functions. 2. For external PA/LNA devices, restore RF and BBP registers before R-Calibration. 3. Do Rx DCOC calibration again before RXIQ calibration. 4. Add some missing LNA related registers' initialization. Signed-off-by:
Shiji Yang <yangshiji66@outlook.com> Acked-by:
Stanislaw Gruszka <stf_xl@wp.pl> Signed-off-by:
-
Shiji Yang authored
1. Move the channel configuration code from rt2800_vco_calibration() to the rt2800_config_channel(). 2. Use MT7620 SoC specific AGC initial LNA value instead of the RT5592's value. 3. BBP{195,196} pairing write has been replaced with rt2800_bbp_glrt_write() to reduce redundant code. Signed-off-by: -
Shiji Yang authored
1. Do not hard reset the BBP. We can use soft reset instead. This change has some help to the calibration failure issue. 2. Enable falling back to legacy rate from the HT/RTS rate by setting the HT_FBK_TO_LEGACY register. 3. Implement MCS rate specific maximum PSDU size. It can improve the transmission quality under the low RSSI condition. 4. Set BBP_84 register value to 0x19. This is used for extension channel overlapping IOT. Signed-off-by:
-
- 23 Oct, 2023 22 commits
-
-
Stanislaw Gruszka authored
Helmut hasn't been responding to rt2x00 related emails since 2016, remove him from rt2x00 mainterner list. Signed-off-by:
-
Justin Stitt authored
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. We expect fw_version strings to be NUL-terminated based on other similar assignments: wireless/broadcom/brcm80211/brcmsmac/main.c 7867: snprintf(wlc->wiphy->fw_version, 7868: sizeof(wlc->wiphy->fw_version), "%u.%u", rev, patch); wireless/broadcom/b43legacy/main.c 1765: snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u", wireless/broadcom/b43/main.c 2730: snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u", wireless/intel/iwlwifi/dvm/main.c 1465: snprintf(priv->hw->wiphy->fw_version, 1466: sizeof(priv->hw->wiphy->fw_version), wireless/intel/ipw2x00/ipw2100.c 5905: snprintf(info->fw_version, sizeof(info->fw_version), "%s:%d:%s", Based on this, NUL-padding is not required. A suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by:
Justin Stitt <justinstitt@google.com> Reviewed-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
-
Justin Stitt authored
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. We expect wl->chip.fw_ver_str to be NUL-terminated based on its usage with DRIVER_STATE_PRINT_STR() in debugfs.c: 491 | DRIVER_STATE_PRINT_STR(chip.fw_ver_str); ... which uses DRIVER_STATE_PRINT(): 444 | #define DRIVER_STATE_PRINT_STR(x) DRIVER_STATE_PRINT(x, "%s") ... which relies on scnprintf: 434 | #define DRIVER_STATE_PRINT(x, fmt) \ 435 | (res += scnprintf(buf + res, DRIVER_STATE_BUF_LEN - res,\ 436 | #x " = " fmt "\n", wl->x)) Moreover, NUL-padding is not required. Considering the above, a suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Similar-to: https://lore.kernel.org/all/20231018-strncpy-drivers-net-wireless-ti-wl18xx-main-c-v2-1-ab828a491ce5@google.com/Signed-off-by:
-
Justin Stitt authored
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. wl->chip.phy_fw_ver_str is obviously intended to be NUL-terminated by the deliberate comment telling us as much. Furthermore, its only use is drivers/net/wireless/ti/wlcore/debugfs.c shows us it should be NUL-terminated since its used in scnprintf: 492 | DRIVER_STATE_PRINT_STR(chip.phy_fw_ver_str); which is defined as: | #define DRIVER_STATE_PRINT_STR(x) DRIVER_STATE_PRINT(x, "%s") ... | #define DRIVER_STATE_PRINT(x, fmt) \ | (res += scnprintf(buf + res, DRIVER_STATE_BUF_LEN - res,\ | #x " = " fmt "\n", wl->x)) We can also see that NUL-padding is not required. Considering the above, a suitable replacement is `strscpy` [2] due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. The very fact that a plain-english comment had to be made alongside a manual NUL-byte assignment for such a simple purpose shows why strncpy is faulty. It has non-obvious behavior that has to be clarified every time it is used (and if it isn't then the reader suffers). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by:
-
Justin Stitt authored
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. Based on other assignments of similar fw_version fields we can see that NUL-termination is required but not NUL-padding: ethernet/intel/ixgbe/ixgbe_ethtool.c 1111: strscpy(drvinfo->fw_version, adapter->eeprom_id, 1112: sizeof(drvinfo->fw_version)); ethernet/intel/igc/igc_ethtool.c 147: scnprintf(adapter->fw_version, 148: sizeof(adapter->fw_version), 153: strscpy(drvinfo->fw_version, adapter->fw_version, 154: sizeof(drvinfo->fw_version)); wireless/broadcom/brcm80211/brcmfmac/core.c 569: strscpy(info->fw_version, drvr->fwver, sizeof(info->fw_version)); wireless/broadcom/brcm80211/brcmsmac/main.c 7867: snprintf(wlc->wiphy->fw_version, 7868: sizeof(wlc->wiphy->fw_version), "%u.%u", rev, patch); wireless/broadcom/b43legacy/main.c 1765: snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u", wireless/broadcom/b43/main.c 2730: snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u", wireless/intel/iwlwifi/dvm/main.c 1465: snprintf(priv->hw->wiphy->fw_version, 1466: sizeof(priv->hw->wiphy->fw_version), wireless/intel/ipw2x00/ipw2100.c 5905: snprintf(info->fw_version, sizeof(info->fw_version), "%s:%d:%s", A suitable replacement is `strscpy` due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by:
-
Ming Yen Hsieh authored
When the chip not support 6GHz capability, the channels of 6GHz information should not be updated. This caused a crash: [ 19.442078] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000014 [ 19.457535] Mem abort info: [ 19.465329] ESR = 0x0000000096000004 [ 19.473295] EC = 0x25: DABT (current EL), IL = 32 bits [ 19.482354] SET = 0, FnV = 0 [ 19.489143] EA = 0, S1PTW = 0 [ 19.495991] FSC = 0x04: level 0 translation fault [ 19.504554] Data abort info: [ 19.511111] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 19.520269] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 19.528988] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 19.537960] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001027a9000 [ 19.548014] [0000000000000014] pgd=0000000000000000, p4d=000000000000 [ 19.558429] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.568270] Modules linked in: mt7921e mt7921_common mt792x_lib mt76_connac_lib mt76 mac80211 btusb btintel cfg80211 btmtk snd_sof_ipc_msg_ btrtl snd_sof_ipc_flood_test btbcm bluetooth snd_sof_mt8195 uvcvideo mtk_adsp_common snd_sof_xtensa_dsp uvc snd_sof_of snd_sof videobuf2_vmalloc ecdh_generic ecc snd_sof_utils cros_ec_lid_angle cros_ec_sensors crct10dif_ cros_ec_sensors_core cros_usbpd_logger crypto_user fuse ip_tables ipv6 [ 19.614237] CPU: 1 PID: 105 Comm: kworker/1:1 Not tainted 6.6.0-rc6-next-20231017+ #324 [ 19.625957] Hardware name: Acer Tomato (rev2) board (DT) [ 19.634970] Workqueue: events mt7921_init_work [mt7921_common] [ 19.644522] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTY [ 19.655182] pc : mt7921_regd_notifier+0x180/0x290 [mt7921_common] [ 19.664983] lr : mt7921_regd_notifier+0xd4/0x290 [mt7921_common] [ 19.674679] sp : ffff800080acba80 [ 19.681649] x29: ffff800080acba80 x28: 0000000000000000 x27: ffff4faf [ 19.692483] x26: 0000000000000000 x25: 0000000000000000 x24: ffff4faf [ 19.703294] x23: 00000000ffffe926 x22: ffff4faf16031fa0 x21: 00000000 [ 19.714108] x20: 000000000000001c x19: ffff4faf16ba6f40 x18: 00000000 [ 19.724928] x17: 0000000000000000 x16: ffffac6b891c2750 x15: ffff8000 [ 19.735722] x14: 0000000000000180 x13: 0000000000000000 x12: 00000000 [ 19.746478] x11: 0000000000000002 x10: ffff4faf01c21780 x9 : ffffac6b [ 19.757214] x8 : 00000000006c0000 x7 : ffffac6b6b020cf0 x6 : ffffac6b [ 19.767945] x5 : ffffac6b6b020d00 x4 : ffffac6b6b020cf8 x3 : ffff4faf [ 19.778648] x2 : 0000000000000000 x1 : 000000000000001c x0 : 00000000 [ 19.789366] Call trace: [ 19.795381] mt7921_regd_notifier+0x180/0x290 [mt7921_common] [ 19.804675] wiphy_update_regulatory+0x2bc/0xa08 [cfg80211] [ 19.813864] wiphy_regulatory_register+0x4c/0x88 [cfg80211] [ 19.823029] wiphy_register+0x75c/0x8d0 [cfg80211] [ 19.831446] ieee80211_register_hw+0x70c/0xc10 [mac80211] [ 19.840479] mt76_register_device+0x168/0x2e8 [mt76] [ 19.849008] mt7921_init_work+0xdc/0x250 [mt7921_common] [ 19.857817] process_one_work+0x148/0x3c0 [ 19.865292] worker_thread+0x32c/0x450 [ 19.872489] kthread+0x11c/0x128 [ 19.879173] ret_from_fork+0x10/0x20 [ 19.886153] Code: f0000041 9100a021 94000aef aa0003f9 (b9401780) [ 19.895634] ---[ end trace 0000000000000000 ]--- Reported-by:
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Closes: https://lore.kernel.org/all/927e7d50-826d-4c92-9931-3c59b18c6945@collabora.com/ Fixes: 09382d8f ("wifi: mt76: mt7921: update the channel usage when the regd domain changed") Signed-off-by:
Ming Yen Hsieh <mingyen.hsieh@mediatek.com> Signed-off-by:
Deren Wu <deren.wu@mediatek.com> Tested-by:
-
Justin Stitt authored
strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. `extra` is intended to be NUL-terminated which is evident by the manual assignment of a NUL-byte as well as its immediate usage with strlen(). Moreover, many of these getters and setters are NUL-padding buffers with memset(): 2439 | memset(&tx_power, 0, sizeof(tx_power)); 9998 | memset(sys_config, 0, sizeof(struct ipw_sys_config)); 10084 | memset(tfd, 0, sizeof(*tfd)); 10261 | memset(&dummystats, 0, sizeof(dummystats)); ... let's maintain this behavior and NUL-pad our destination buffer. Considering the above, a suitable replacement is `strscpy_pad` due to the fact that it guarantees both NUL-termination and NUL-padding on the destination buffer. To be clear, there is no bug in the current implementation as MAX_WX_STRING is much larger than the size of the string literals being copied from. Also, strncpy() does NUL-pad the destination buffer and using strscpy_pad() simply matches that behavior. All in all, there should be no functional change but we are one step closer to eliminating usage of strncpy(). Do note that we cannot use the more idiomatic strscpy invocation of (dest, src, sizeof(dest)) as the destination buffer cannot have its size determined at compile time. So, let's stick with (dest, src, LEN). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by:
-
Shiji Yang authored
The watchdog function is broken on rt2800 series SoCs. This patch fixes the incorrect watchdog logic to make it work again. 1. Update current wdt queue index if it's not equal to the previous index. Watchdog compares the current and previous queue index to judge if the queue hung. 2. Make sure hung_{rx,tx} 'true' status won't be override by the normal queue. Any queue hangs should trigger a reset action. 3. Clear the watchdog counter of all queues before resetting the hardware. This change may help to avoid the reset loop. 4. Change hang check function return type to bool as we only need to return two status, yes or no. Signed-off-by: -
Kalle Valo authored
On v6.6-rc4 with GCC 13.2 I see: drivers/net/wireless/ath/ath9k/hif_usb.c:1223:42: warning: '.0.fw' directive output may be truncated writing 5 bytes into a region of size between 4 and 11 [-Wformat-truncation=] drivers/net/wireless/ath/ath9k/hif_usb.c:1222:17: note: 'snprintf' output between 27 and 34 bytes into a destination of size 32 Fix it by increasing the size of the fw_name field to 64 bytes. Compile tested only. Signed-off-by:
-
Kalle Valo authored
On v6.6-rc4 with GCC 13.2 I see: drivers/net/wireless/intel/ipw2x00/ipw2100.c:5905:63: warning: '%s' directive output may be truncated writing up to 63 bytes into a region of size 32 [-Wformat-truncation=] drivers/net/wireless/intel/ipw2x00/ipw2100.c:5905:9: note: 'snprintf' output between 4 and 140 bytes into a destination of size 32 drivers/net/wireless/intel/ipw2x00/ipw2200.c:10392:63: warning: '%s' directive output may be truncated writing up to 63 bytes into a region of size 32 [-Wformat-truncation=] drivers/net/wireless/intel/ipw2x00/ipw2200.c:10392:9: note: 'snprintf' output between 4 and 98 bytes into a destination of size 32 Fix this by copying only the firmware version and not providing any extra information via ethtool. This is an ancient driver anyway and most likely removed soon so it doesn't really matter. Compile tested only. Signed-off-by:
-
Kalle Valo authored
On v6.6-rc4 with GCC 13.2 I see: drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:262:52: warning: '%d' directive output may be truncated writing between 1 and 5 bytes into a region of size 4 [-Wformat-truncation=] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:262:46: note: directive argument in the range [0, 65535] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:262:46: note: directive argument in the range [0, 65535] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:262:9: note: 'snprintf' output between 9 and 17 bytes into a destination of size 9 drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:265:55: warning: '%d' directive output may be truncated writing between 1 and 5 bytes into a region of size 4 [-Wformat-truncation=] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:265:48: note: directive argument in the range [0, 65535] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:265:48: note: directive argument in the range [0, 65535] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:265:9: note: 'snprintf' output between 10 and 18 bytes into a destination of size 10 drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:342:50: warning: '/' directive output may be truncated writing 1 byte into a region of size between 0 and 4 [-Wformat-truncation=] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:342:42: note: directive argument in the range [0, 65535] drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c:342:9: note: 'snprintf' output between 10 and 18 bytes into a destination of size 10 Fix these by increasing the buffer sizes to 20 bytes to make sure there's enough space. Compile tested only. Signed-off-by:
-
Johannes Berg authored
To be able to more easily understand the code, drop robust action frames before being associated, even if there's no MFP in the end, as they are Class 3 Frames and shouldn't be transmitted in the first place. Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20231001125722.b2fd37083371.Ie9f4906e2f6c698989bce6681956ed2f9454f27c@changeidSigned-off-by:
-
Vinayak Yadawad authored
In 4way handshake offload, cfg80211_port_authorized enables driver to indicate successful 4way handshake to cfg80211 layer. Currently this path of port authorization is restricted to interface type NL80211_IFTYPE_STATION and NL80211_IFTYPE_P2P_CLIENT. This patch extends the support for NL80211_IFTYPE_AP and NL80211_IFTYPE_P2P_GO interfaces to authorize peer STA/P2P_CLIENT, whenever authentication is offloaded on the AP/P2P_GO interface. Signed-off-by:
Vinayak Yadawad <vinayak.yadawad@broadcom.com> Link: https://lore.kernel.org/r/dee3b0a2b4f617e932c90bff4504a89389273632.1695721435.git.vinayak.yadawad@broadcom.comSigned-off-by:
-
Dmitry Antipov authored
Since 'tz_device' is an in-place member of 'struct iwl_mvm', it can't be NULL and so relevant check may be dropped. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by:
-
Gregory Greenman authored
Start supporting API version 86 for new devices. Signed-off-by:
-
Daniel Gabay authored
By definition, this DSM func is valid only for HR/JF RF types. Until now firmware ignored this bit (if set) on other than the above types, but in future firmware versions sending this bit will lead to firmware 0x3426 assert. Avoid that by verifying the HW in driver first. Signed-off-by:
Daniel Gabay <daniel.gabay@intel.com> Signed-off-by:
-
Johannes Berg authored
Worst case it's extra (garbage) data, best case we see why things failed ... Seems the trade-off is better if we print it. Signed-off-by:
-
Johannes Berg authored
When the vif is in MLD mode, we'll get a vif links change from non-zero to zero on disassociation, which removes all links in the firmware and adds the 'deflink' the driver/mac80211 has. This causes the firmware to clear some internal state. However, in non-MLD mode, this doesn't happen, and causes some state to be left around in firmware, which can particularly cause trouble with the ref-BSSID in multi-BSSID, leading to an assert later if immediately making a new multi-BSSID connection with a different ref-BSSID. Fix this by removing/re-adding the link in the non-MLD case when the channel is removed from the vif. This way, all of the state will get cleared out, even if we need the deflink, which is more for software architecture purposes than otherwise. Signed-off-by:
-
Johannes Berg authored
If upper layers requested a TX status, then the frames are more important, so trace frames in that case. Signed-off-by:
-
Miri Korenblit authored
If a TX queue has no space for new TX frames, the driver will keep these frames in the overflow queue, and during reclaim flow it will retry to send the frames from that queue. But if the reclaim flow was invoked from TX queue flush, we will also TX these frames, which is wrong as we don't want to TX anything after flush. This might also cause assert 0x125F when removing the queue, saying that the driver removes a non-empty queue Fix this by TXing the overflow queue's frames only if we are not in flush queue flow. Fixes: a4450980 ("iwlwifi: move reclaim flows to the queue file") Signed-off-by:
Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by:
-
Mukesh Sisodiya authored
Driver need to provide details of VLP, AFC AP type supported for the specific MCC to firmware. Driver will read the UATS (UHB AP type support) table from BIOS and sent to firmware using UATS_TABLE_CMD. Add the support for the same in the driver. Signed-off-by:
Mukesh Sisodiya <mukesh.sisodiya@intel.com> Signed-off-by:
-
Miri Korenblit authored
Expand RLC logging to simplify the debug. Signed-off-by:
-
