- 04 Dec, 2020 10 commits
-
-
Felix Fietkau authored
Improves icache footprint Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Felix Fietkau authored
Enable MWDS mode in firmware as well and fix txp->rept_wds_wcid for wcid >= 255 Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Felix Fietkau authored
It is currently limited to 3-address mode AP and STA interfaces Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Lorenzo Bianconi authored
In order to improve driver throughput, convert status_work and net_work to mt76 worker APIs. Remove txrx_wq sdio workqueue since it is no longer used Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Lorenzo Bianconi authored
In order to reduce sdio bus contention, disable interrupts during txrx_worker processing Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Lorenzo Bianconi authored
In order to improve driver throughput, convert txrx_work to mt76 worker threads APIs. Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Lorenzo Bianconi authored
Move mt7663 tx and rx processing in the same workqueue in order to reduce jitter that can hit tcp performances. This is a preliminary patch to switch to mt76 workers APIs Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Chuanhong Guo authored
mt7615_load_patch in mt7615/mcu.c sometimes fails with: mt7622-wmac 18000000.wmac: Failed to get patch semaphore and returns -EAGAIN. But this error is returned all the way up to mt7615_init_work with no actual retrial performed, leaving a broken wireless phy. Wait a bit and retry for up to 10 times before giving up. Signed-off-by: Chuanhong Guo <gch981213@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Ryder Lee authored
The MCU field should contain a boolean 0/1, not the flag itself. Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
Ryder Lee authored
Read per-stream measurements every 100 ms and build a simple moving average. Tested-by: Shayne Chen <shayne.chen@mediatek.com> Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
-
- 02 Dec, 2020 30 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.gitKalle Valo authored
ath.git patches for v5.11. Major changes: ath11k * Fast Initial Link Setup (FILS) discovery and unsolicited broadcast probe response support * qcom,ath11k-calibration-variant Device Tree setting * cold boot calibration support * new DFS region: JP wnc36xx * enable connection monitoring and keepalive in firmware ath10k * firmware IRAM recovery feature mhi * merge mhi-ath11k-immutable branch to make MHI API change go smoothly
-
Tom Rix authored
The macro use will already have a semicolon. Signed-off-by: Tom Rix <trix@redhat.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201127180835.2769297-1-trix@redhat.com
-
Tom Rix authored
The macro use will already have a semicolon. Signed-off-by: Tom Rix <trix@redhat.com> Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201127175821.2756988-1-trix@redhat.com
-
Ajay Singh authored
Added multiple queues[BK,BE,VI,VO] to handle different priority data packets. Before adding a packet to the queue, checked its priority from the header, and then add to the suitable queue. The limit for each queue is maintained separately. Also while passing the packets to the firmware via VMM take care to select data packets based on priority and available space. Signed-off-by: Ajay Singh <ajay.kathat@microchip.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201125114059.10006-6-ajay.kathat@microchip.com
-
Ajay Singh authored
Added complete() call for failure case in wilc_wlan_txq_add_cfg_pkt(). Signed-off-by: Ajay Singh <ajay.kathat@microchip.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201125114059.10006-5-ajay.kathat@microchip.com
-
Ajay Singh authored
Before returing from wilc_wlan_txq_add_mgmt_pkt() invoke tx_complete_fn() callback to free up allocated memory for failure case. Signed-off-by: Ajay Singh <ajay.kathat@microchip.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201125114059.10006-4-ajay.kathat@microchip.com
-
Ajay Singh authored
Before returing from wilc_wlan_txq_add_net_pkt() invoke tx_complete_fn() callback to free up allocated memory for failure cases. Signed-off-by: Ajay Singh <ajay.kathat@microchip.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201125114059.10006-3-ajay.kathat@microchip.com
-
Ajay Singh authored
Added support for 'ndo_set_mac_address call' callback to allow change of interface MAC address. Signed-off-by: Ajay Singh <ajay.kathat@microchip.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201125114059.10006-2-ajay.kathat@microchip.com
-
Matthias Brugger authored
Apart from a firmware binary the chip needs a config file used by the FW. Add the config files to modinfo so that they can be read by userspace. Signed-off-by: Matthias Brugger <mbrugger@suse.com> Reviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201124120018.31358-1-matthias.bgg@kernel.org
-
Tian Tao authored
Switch to using the new API kobj_to_dev(). Signed-off-by: Tian Tao <tiantao6@hisilicon.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1606096062-32251-1-git-send-email-tiantao6@hisilicon.com
-
Ching-Te Ku authored
Add toggle table related function to enhance WL throughput when WL coexist with 4/18 HID. The toggle table feature will toggle WL/BT priority table during WL slot, it can decrease the impact from HID's frequently packets and prevent HID lag. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-11-pkshih@realtek.com
-
Ching-Te Ku authored
Add modifications for A2DP interoperability issue of TWS earphones. Some TWS earphones has low buffer size, so it's necessary to reduce the slot period to let it get data more frequently. (e.g. use 4-slot to replace the original 2-slot method). Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-10-pkshih@realtek.com
-
Ching-Te Ku authored
The original setting misses some necessary configuration. Make coexistence slot align to beacon and check the connection situation to know if we need to extend WLAN slot or not. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-9-pkshih@realtek.com
-
Ching-Te Ku authored
Some AP will not follow the power save request, or it cannot stop transmission until its queue is empty. It may bring the decreasing of data rate. WLAN firmware will count is the AP still leaked packet after power save handshake was done or not to enable WLAN slot extend mechanism. The extend WLAN slot mechanism will extend the WLAN slot after power save handshake, 5 ms per times, maximum is 5 times to received the leaked packet to avoid the rate lower down. And if the transmission was already locked at CCK rate. The extended WLAN slot can also increase the opportunity that we can received the CCK's long packet and be released from CCK rate. While BT multi-link status was finished, there is possible that it still has some packet remained for seconds. Add a timer to remain the multi-link mechanism to protect WLAN Rx. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-8-pkshih@realtek.com
-
Ching-Te Ku authored
Add a flag to make decision whether the mechanism should go into free-run mode or not. For now, it is always false, the flag assignment will be implemented later. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-7-pkshih@realtek.com
-
Ching-Te Ku authored
Add TDMA slot type setting for later usage. Since the transmission of HID profile is very frequently, it may bring a big impact to WLAN performance. To change slot type, it can make mechanism be more flexible. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-6-pkshih@realtek.com
-
Ching-Te Ku authored
In free run mode, this WLAN info updating is only related to AFH information, not related to the connection state, which is the current implementation. Always update WLAN info in free run mode now. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-5-pkshih@realtek.com
-
Ching-Te Ku authored
Update A2DP+PAN+WL mechanism for CPT(Coexistence Performance Test) to enhance WL/BT performance at the environment that some specific AP are existing. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-4-pkshih@realtek.com
-
Ching-Te Ku authored
Add message for debugging usage and the program flow is no change. Add a variable reserved for WLAN firmware synchronize. Add a group of variable to save BT packet counter, it will be assigned as mechanism judgment in the future. Now it is just for debug usage. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-3-pkshih@realtek.com
-
Ching-Te Ku authored
When WLAN entering or leaving, it's necessary to run coexistence mechanism to ensure the setting matched current status. Without calling rtw_coex_run_coex(), WLAN poor throughput or bad A2DP quality may happen. Signed-off-by: Ching-Te Ku <ku920601@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201126021059.11981-2-pkshih@realtek.com
-
Tokunori Ikegami authored
This reverts commit 28606150. Since actually Buffalo WI-U3-866D is falied to power on with the change. The rtl8812au driver code to power on is same with the rtl8821a code. But the rtl8821ae included rtl8821a does not support USB interface. So seems that rtl8812au should be supported by rt1l8821a code with USB. Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com> Cc: linux-wireless@vger.kernel.org Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201121003411.9450-1-ikegami.t@gmail.com
-
Kalle Valo authored
After enabling CONFIG_DMA_API_DEBUG there was a warning about using dma_unmap_single() in wrong direction from ath11k_dp_rx_process_mon_status(). [ 140.279477] ------------[ cut here ]------------ [ 140.279908] DMA-API: ath11k_pci 0000:06:00.0: device driver syncs DMA memory with different direction [device address=0x00000000fac08a40] [size=2176 bytes] [mapped with DMA_FROM_DEVICE] [s [ 140.279925] WARNING: CPU: 7 PID: 97 at kernel/dma/debug.c:1120 check_sync+0x494/0x730 [ 140.279939] Modules linked in: ath11k_pci ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr ns nvme nvme_core [ 140.279958] CPU: 7 PID: 97 Comm: kworker/u16:1 Not tainted 5.10.0-rc4+ #262 [ 140.279968] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0049.2018.0801.1601 08/01/2018 [ 140.279995] Workqueue: phy0 ieee80211_scan_work [mac80211] [ 140.280009] RIP: 0010:check_sync+0x494/0x730 [ 140.280022] Code: 8b 4c 24 10 4c 8b 44 24 18 4c 8b 54 24 20 48 89 c6 4c 89 54 24 10 4c 89 f9 4c 89 ea 48 c7 c7 40 b9 74 9c 41 56 e8 2f a0 ab 00 <0f> 0b 48 89 ef e8 e5 17 ac 00 41 58 4c 8b [ 140.280033] RSP: 0018:ffff9f588024cbd8 EFLAGS: 00010086 [ 140.280046] RAX: 0000000000000000 RBX: ffff9f588024cc40 RCX: ffff8eed18dd9f98 [ 140.280057] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8eed18dd9f90 [ 140.280067] RBP: ffff8eebc1407800 R08: 00000000ffffffea R09: 0000000000000000 [ 140.280082] R10: 0000000000000003 R11: 3fffffffffffffff R12: ffffffff9e081060 [ 140.280093] R13: ffff8eebc43908b0 R14: ffffffff9c74c104 R15: 00000000fac08a40 [ 140.280104] FS: 0000000000000000(0000) GS:ffff8eed18c00000(0000) knlGS:0000000000000000 [ 140.280115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.280127] CR2: 00007f6feafb12a0 CR3: 00000001604ca001 CR4: 00000000003706e0 [ 140.280138] Call Trace: [ 140.280149] <IRQ> [ 140.280161] debug_dma_sync_single_for_cpu+0x79/0x80 [ 140.280173] ? mark_held_locks+0x50/0x80 [ 140.280185] ? lockdep_hardirqs_on_prepare.part.0+0x65/0x130 [ 140.280197] ? __local_bh_enable_ip+0x6f/0xb0 [ 140.280215] ? ath11k_dp_rx_reap_mon_status_ring+0x202/0x340 [ath11k] [ 140.280231] ath11k_dp_rx_reap_mon_status_ring+0x22c/0x340 [ath11k] [ 140.280249] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k] [ 140.280265] ath11k_dp_rx_process_mon_status+0x83/0x3c0 [ath11k] [ 140.280278] ? __lock_acquire+0x3bd/0x6d0 [ 140.280296] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k] [ 140.280311] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k] [ 140.280326] ? ath11k_hw_mac_id_to_srng_id_qca6390+0x10/0x10 [ath11k] [ 140.280341] ? ath11k_dp_rx_process_mon_rings+0x4a/0x1a0 [ath11k] [ 140.280353] ? timer_fixup_init+0x30/0x30 [ 140.280367] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k] [ 140.280385] ath11k_dp_service_mon_ring+0x2b/0x50 [ath11k] [ 140.280400] ? ath11k_dp_rx_process_mon_rings+0x1a0/0x1a0 [ath11k] [ 140.280413] call_timer_fn+0xb1/0x2d0 [ 140.280426] __run_timers.part.0+0x205/0x2f0 [ 140.280439] run_timer_softirq+0x21/0x50 [ 140.280450] __do_softirq+0xc2/0x454 [ 140.280463] asm_call_irq_on_stack+0x12/0x20 [ 140.280476] </IRQ> [ 140.280488] do_softirq_own_stack+0x56/0x60 [ 140.280500] irq_exit_rcu+0x9a/0xd0 [ 140.280511] sysvec_apic_timer_interrupt+0x43/0xa0 [ 140.280526] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 140.280540] RIP: 0010:_raw_spin_unlock_irqrestore+0x25/0x40 [ 140.280551] Code: 80 00 00 00 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 ca 8f 4b ff 48 89 ef e8 22 dc 4b ff f6 c7 02 75 0c 53 9d <65> ff 0d 04 51 20 64 5b 5d c3 e8 9c 08 56 [ 140.280563] RSP: 0018:ffff9f58802e7878 EFLAGS: 00000246 [ 140.280578] RAX: 00000000000435ef RBX: 0000000000000246 RCX: 0000000000000040 [ 140.280592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9be13e84 [ 140.280603] RBP: ffff8eed18dde480 R08: 0000000000000001 R09: ffff8eebc2292760 [ 140.280614] R10: 0000000000000005 R11: ffff8eebc2292760 R12: 0000000000000000 [ 140.280625] R13: ffff9f58802e7900 R14: ffff8eed18dde480 R15: ffff8eed18dde480 [ 140.280637] ? _raw_spin_unlock_irqrestore+0x34/0x40 [ 140.280649] __mod_timer+0x274/0x400 [ 140.280661] ? wait_for_completion_timeout+0x76/0x110 [ 140.280675] schedule_timeout+0xa8/0x140 [ 140.280687] ? __next_timer_interrupt+0x100/0x100 [ 140.280698] wait_for_completion_timeout+0xa2/0x110 [ 140.280714] ath11k_start_scan+0x4c/0xf0 [ath11k] [ 140.280730] ath11k_mac_op_hw_scan+0x1e9/0x2c0 [ath11k] [ 140.280763] drv_hw_scan+0x79/0x260 [mac80211] [ 140.280789] __ieee80211_scan_completed+0x379/0x440 [mac80211] [ 140.280816] ieee80211_scan_work+0x12f/0x330 [mac80211] [ 140.280830] process_one_work+0x279/0x5b0 [ 140.280842] worker_thread+0x49/0x300 [ 140.280854] ? process_one_work+0x5b0/0x5b0 [ 140.280868] kthread+0x135/0x150 [ 140.280880] ? __kthread_bind_mask+0x60/0x60 [ 140.280891] ret_from_fork+0x22/0x30 [ 140.280903] irq event stamp: 275961 [ 140.280918] hardirqs last enabled at (275960): [<ffffffff9b270f1f>] __local_bh_enable_ip+0x6f/0xb0 [ 140.280931] hardirqs last disabled at (275961): [<ffffffff9be13ca3>] _raw_spin_lock_irqsave+0x63/0x80 [ 140.280946] softirqs last enabled at (275944): [<ffffffffc055288d>] ath11k_ce_send+0x14d/0x260 [ath11k] [ 140.280958] softirqs last disabled at (275953): [<ffffffff9c000f72>] asm_call_irq_on_stack+0x12/0x20 [ 140.280971] ---[ end trace 31cb94e18d401398 ]--- Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1606156046-24764-1-git-send-email-kvalo@codeaurora.org
-
Bryan O'Donoghue authored
This commit updates the BMPS exit path to be consistent with downstream in terms of exiting BMPS mode. Downstream sets the flag to send a NULL data frame to the host on exiting BMPS. This will tell the AP to send any queued frames to the STA immediately. Verified the relevant bit toggle in wireshark. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201120021403.2646574-2-bryan.odonoghue@linaro.org
-
Rikard Falkeborn authored
qmi_msg_handler[] and ath10k_qmi_ops are only used as input arguments to qmi_handle_init() which accepts const pointers to both qmi_ops and qmi_msg_handler. Make them const to allow the compiler to put them in read-only memory. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201122234031.33432-3-rikard.falkeborn@gmail.com
-
Christophe JAILLET authored
Should an error occur after calling 'ath10k_usb_create()', it should be undone by a corresponding 'ath10k_usb_destroy()' call Fixes: 4db66499 ("ath10k: add initial USB support") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201122170358.1346065-1-christophe.jaillet@wanadoo.fr
-
Christophe JAILLET authored
If 'ath10k_usb_create()' fails, we should release some resources and report an error instead of silently continuing. Fixes: 4db66499 ("ath10k: add initial USB support") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201122170342.1346011-1-christophe.jaillet@wanadoo.fr
-
Rakesh Pillai authored
The wmi service available event has been extended to contain extra 128 bit for new services to be indicated by firmware. Currently the presence of any optional TLVs in the wmi service available event leads to a parsing error with the below error message: ath10k_snoc 18800000.wifi: failed to parse svc_avail tlv: -71 The wmi service available event parsing should not return error for the newly added optional TLV. Fix this parsing for service available event message. Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.2.2-00720-QCAHLSWMTPL-1 Fixes: cea19a6c ("ath10k: add WMI_SERVICE_AVAILABLE_EVENT support") Signed-off-by: Rakesh Pillai <pillair@codeaurora.org> Reviewed-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1605501291-23040-1-git-send-email-pillair@codeaurora.org
-
Christophe JAILLET authored
If 'kzalloc' fails, we must return an error code. While at it, remove a useless initialization of 'err' which could hide the issue. Fixes: d5c65159 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201122173943.1366167-1-christophe.jaillet@wanadoo.fr
-
Sven Eckelmann authored
It is rather easy to add more entries to ath11k_skb_cb while forgetting the size limit of ieee80211_tx_info->driver_data. So just check this during the build to reduce the change of accidental buffer overflow in the skbuff->cb. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201119154235.263250-3-sven@narfation.org
-
Sven Eckelmann authored
It was observed that the codepath for the ATH11K_SKB_HW_80211_ENCAP was used even when the IEEE80211_TX_CTRL_HW_80211_ENCAP was not enabled for a an skbuff. This became even more prominent when the QCAs wlan-open patchset for ath11k [1] was applied and a sane looking fix just caused crashes when injecting frames via a monitor interface (for example with ratechecker): [ 86.963152] Unable to handle kernel NULL pointer dereference at virtual address 00000338 [ 86.963192] pgd = ffffffc0008f0000 [ 86.971034] [00000338] *pgd=0000000051706003, *pud=0000000051706003, *pmd=0000000051707003, *pte=00e800000b000707 [ 86.984292] Internal error: Oops: 96000006 [#1] PREEMPT SMP [...] [ 87.713339] [<ffffffbffc802480>] ieee80211_tx_status_8023+0xf8/0x220 [mac80211] [ 87.715654] [<ffffffbffc98bad4>] ath11k_dp_tx_completion_handler+0x42c/0xa10 [ath11k] [ 87.722924] [<ffffffbffc989190>] ath11k_dp_service_srng+0x70/0x3c8 [ath11k] [ 87.730831] [<ffffffbffca03460>] 0xffffffbffca03460 [ 87.737599] [<ffffffc00046ef58>] net_rx_action+0xf8/0x288 [ 87.742462] [<ffffffc000097554>] __do_softirq+0xfc/0x220 [ 87.748014] [<ffffffc000097900>] irq_exit+0x98/0xe8 [ 87.753396] [<ffffffc0000cf188>] __handle_domain_irq+0x90/0xb8 [ 87.757999] [<ffffffc000081ca4>] gic_handle_irq+0x6c/0xc8 [ 87.763899] Exception stack(0xffffffc00081bdc0 to 0xffffffc00081bef0) Problem is that the state of ath11k_skb_cb->flags must be considered unknown and could contain anything when it is not manually initialized. So it could also contain ATH11K_SKB_HW_80211_ENCAP. And this can result in the code to assume that the ath11k_skb_cb->vif is set - even when this is not always the case for non ATH11K_SKB_HW_80211_ENCAP transmissions. Tested-on: IPQ8074 hw2.0 WLAN.HK.2.4.0.1.r1-00026-QCAHKSWPL_SILICONZ-2 [1] https://source.codeaurora.org/quic/qsdk/oss/system/feeds/wlan-open/tree/mac80211/patches?h=NHSS.QSDK.11.4.r3 (162 patches at the moment which are often not upstreamed but essential to get ath11k working) Fixes: e7f33e0c ("ath11k: add tx hw 802.11 encapsulation offloading support") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20201119154235.263250-2-sven@narfation.org
-