- 31 Aug, 2018 40 commits
-
-
Siva Rebbagondla authored
While running regressions, observed below kernel panic when sdio disconnect called. This is because of, kthread_stop() is taking care of wait_for_completion() by default. When wait_for_completion triggered in kthread_stop and as it was done already, giving kernel panic. Hence, removing redundant wait_for_completion() from rsi_kill_thread(). ... skipping ... BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffff810a63df>] exit_creds+0x1f/0x50 PGD 0 Oops: 0002 [#1] SMP CPU: 0 PID: 6502 Comm: rmmod Tainted: G OE 4.15.9-Generic #154-Ubuntu Hardware name: Dell Inc. Edge Gateway 3003/ , BIOS 01.00.00 04/17/2017 Stack: ffff88007392e600 ffff880075847dc0 ffffffff8108160a 0000000000000000 ffff88007392e600 ffff880075847de8 ffffffff810a484b ffff880076127000 ffff88003cd3a800 ffff880074f12a00 ffff880075847e28 ffffffffc09bed15 Call Trace: [<ffffffff8108160a>] __put_task_struct+0x5a/0x140 [<ffffffff810a484b>] kthread_stop+0x10b/0x110 [<ffffffffc09bed15>] rsi_disconnect+0x2f5/0x300 [ven_rsi_sdio] [<ffffffff81578bcb>] ? __pm_runtime_resume+0x5b/0x80 [<ffffffff816f0918>] sdio_bus_remove+0x38/0x100 [<ffffffff8156cc64>] __device_release_driver+0xa4/0x150 [<ffffffff8156d7a5>] driver_detach+0xb5/0xc0 [<ffffffff8156c6c5>] bus_remove_driver+0x55/0xd0 [<ffffffff8156dfbc>] driver_unregister+0x2c/0x50 [<ffffffff816f0b8a>] sdio_unregister_driver+0x1a/0x20 [<ffffffffc09bf0f5>] rsi_module_exit+0x15/0x30 [ven_rsi_sdio] [<ffffffff8110cad8>] SyS_delete_module+0x1b8/0x210 [<ffffffff81851dc8>] entry_SYSCALL_64_fastpath+0x1c/0xbb Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Siva Rebbagondla authored
During testing in ARM32 platforms, observed below kernel panic, as driver accessing data beyond the allocated memory while submitting URB to USB. Fix: Resolved this by specifying correct length by considering 64 bit alignment. so that, USB bus driver will access only allocated memory. Unit-test: Tested and confirm that driver bring up and scanning, connection and data transfer works fine with this fix. ...skipping... [ 25.389450] Unable to handle kernel paging request at virtual address 5aa11422 [ 25.403078] Internal error: Oops: 5 [#1] SMP ARM [ 25.407703] Modules linked in: rsi_usb [ 25.411473] CPU: 1 PID: 317 Comm: RX-Thread Not tainted 4.18.0-rc7 #1 [ 25.419221] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) [ 25.425764] PC is at skb_release_data+0x90/0x168 [ 25.430393] LR is at skb_release_all+0x28/0x2c [ 25.434842] pc : [<807435b0>] lr : [<80742ba0>] psr: 200e0013 5aa1141e [ 25.464633] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 25.477524] Process RX-Thread (pid: 317, stack limit = 0x(ptrval)) [ 25.483709] Stack: (0xedf69ed8 to 0xedf6a000) [ 25.569907] Backtrace: [ 25.572368] [<80743520>] (skb_release_data) from [<80742ba0>] (skb_release_all+0x28/0x2c) [ 25.580555] r9:7f00258c r8:00000001 r7:ee355000 r6:eddab0d0 r5:eddab000 r4:eddbb840 [ 25.588308] [<80742b78>] (skb_release_all) from [<807432cc>] (consume_skb+0x30/0x50) [ 25.596055] r5:eddab000 r4:eddbb840 [ 25.599648] [<8074329c>] (consume_skb) from [<7f00117c>] (rsi_usb_rx_thread+0x64/0x12c [rsi_usb]) [ 25.608524] r5:eddab000 r4:eddbb840 [ 25.612116] [<7f001118>] (rsi_usb_rx_thread [rsi_usb]) from [<80142750>] (kthread+0x11c/0x15c) [ 25.620735] r10:ee9ff9e0 r9:edcde3b8 r8:ee355000 r7:edf68000 r6:edd3a780 r5:00000000 [ 25.628567] r4:edcde380 [ 25.631110] [<80142634>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c) [ 25.638336] Exception stack(0xedf69fb0 to 0xedf69ff8) [ 25.682929] ---[ end trace 8236a5496f5b5d3b ]--- Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Rasmus Villemoes authored
strnchr takes arguments in the order of its name: string, max bytes to read, character to search for. Here we're passing '\n' aka 10 as the buffer size, and searching for sizeof(buf) aka BRCMF_DCMD_SMLEN aka 256 (aka '\0', since it's implicitly converted to char) within those 10 bytes. Just interchanging the last two arguments would still leave a bug, because if we've been successful once, there are not sizeof(buf) characters left after the new value of p. Since clmver is immediately afterwards passed as a %s argument, I assume that it is actually a properly nul-terminated string. For that case, we have strreplace(). Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Dan Carpenter authored
The problem with this copy_to_user() calls is that they don't ensure that "size" is less than the "length" which the user provided. Obviously, this is debugfs and "size" is normally going to be very small so it probably doesn't matter, but this is the correct thing to do. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Ganapathi Bhat authored
USB suspend handler will kill the presubmitted rx_cmd URB. This triggers a call to the corresponding URB complete handler, which will free the rx_cmd skb, associated with rx_cmd URB. Due to a possible race betwen suspend handler and main thread, depicted in 'commit bfcacac6c84b ("mwifiex: do no submit URB in suspended state")', it is possible that the rx_cmd skb will fail to get freed. This causes a memory leak, since the resume handler will always allocate a new rx_cmd skb. To fix this, free the rx_cmd skb in mwifiex_usb_submit_rx_urb, if the device is in suspended state. Signed-off-by: Vidya Dharmaraju <vidyad@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Ganapathi Bhat authored
There is a possible race between USB suspend and main thread: 1. After processing the command response, main thread will submit rx_cmd URB back so as to process next command response, by calling mwifiex_usb_submit_rx_urb. 2. During USB suspend, the suspend handler will check if rx_cmd URB is pending(submitted) and if true, kill this URB. There is a possible race between #1 and #2, where rx_cmd URB will be submitted by main thread(#1) after the suspend handler check in #2. To fix this, check if device is already suspended in mwifiex_usb_submit_rx_urb, in which case do not submit the URB. Signed-off-by: Vidya Dharmaraju <vidyad@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Larry Finger authored
In gcc8, when the 3rd argument (size) of a call to strncpy() matches the length of the first argument, the compiler warns of the possibility of an unterminated string. Using strlcpy() forces a null at the end. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Colin Ian King authored
Array encaps_hdr and macro ENCAPS_OVERHEAD are declared but are not being used, hence they are redundant and can be removed. Cleans up clang warning: warning: 'encaps_hdr' defined but not used [-Wunused-const-variable=] Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Chung-Hsien Hsu authored
Add 4-way handshake offload detection for FT with EAP authentication. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Chung-Hsien Hsu authored
Add WLAN_AKM_SUITE_FT_8021X and WLAN_AKM_SUITE_FT_PSK in brcmf_set_key_mgmt() for FT support. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Jia-Shyr Chuang authored
CYW89342 is a 2x2 MIMO, 802.11a/b/g/n/ac for WLAN. It is a member of 4355/4359 family. Signed-off-by: Jia-Shyr Chuang <saint.chuang@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Dan Carpenter authored
If recvlength is less than MESSAGE_HEADER_LEN (4) we would end up corrupting memory. Fixes: c305a19a ("libertas_tf: usb specific functions") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Rosen Penev authored
A 2x2 unit with a USB dock for optimal placement. Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Varsha Rao authored
Remove unnecessary parentheses to fix the extraneous parentheses clang warning. Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Varsha Rao authored
Remove the unnecessary parentheses to fix the clang warning of extraneous parentheses. Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Kalle Valo authored
Merge tag 'iwlwifi-next-for-kalle-2018-08-31' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next iwlwifi patches for 4.20 * One fix for channel-switch handling; * Some improvements in the HE code; * New FW API handling; * Improvements in the debugging code; * Some improvements in the PCI recovery mechanism; * Support for a few FW API changes; * Enable a new scanning feature; * Continued work on HE (mostly radiotap); * Some fixes in the FW rate-scaling implementation; * Other clean-ups and small fixes and improvements;
-
Luca Coelho authored
The devices with PCI device ID 0x34F0 are part of the SoC and can be combined with some different external RF modules. The configuration for these devices should reflect that, but are currently mixed up. To avoid confusion with discrete devices, add part of the firmware to be used and the official name of the device to the cfg structs. This is least reorganization possible (without messing things even more) that could be done as a bugfix for this SoC. Further reorganization of this code will be done separately. Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Johannes Berg authored
This reverts the addition of memory type in the memory debug TLV as the firmware never ended up implementing it, and now the PRPH dump is added as a different TLV. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Ayala Beker authored
In case of fragmented scan on the HB channels, configure EBS to be fragmented as well. Signed-off-by: Ayala Beker <ayala.beker@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Golan Ben Ami authored
Support more txq_alloc command types by moving the command declaration to the gen specific area. While at it, move some of the code segments to a common place for re-use. Signed-off-by: Golan Ben Ami <golan.ben.ami@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Johannes Berg authored
Decode the HE TB PPDU data that we get in sniffer mode and use it to populate the HE radiotap information. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Naftali Goldstein authored
Add flags to the tlc_cfg_cmd for signaling peer support for receiving Dual Carrier Modulation at BPSK (MCS 0), and set them according to peer capabilities. Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Naftali Goldstein authored
In the HE phy capabilities IE there are 2 bits to signal support for STBC in bandwidths of 80Mhz or less, and of 160Mhz. Use these bits to determine STBC support if this IE exists. Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Shahar S Matityahu authored
Make all FW debug data stop recording flows to use iwl_fw_dbg_stop_recording function instead of writing to FW registers directly. Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Shahar S Matityahu authored
Allow access to the memory by the host and the device simultaneously. This will be needed in some future patches. Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Naftali Goldstein authored
As with the non-offloaded rs case, during assoc on the ap side the phy context is set to 20MHz until authorization of a client that supports wider channel-widths. Support this by sending the initial tlc_config_cmd with max supported channel width of 20MHz until authorization succeeds. Fixes: 6b7a5aea ("iwlwifi: mvm: always init rs with 20mhz bandwidth rates") Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Emmanuel Grumbach authored
Probe responses were sent to the multicast station while they should be routed to the broadcast station. This has no negative effect since the frame was still routed to the right queue, but it looked very fishy to send a frame to a (queue, station) tuple where 'queue' is not mapped to 'station'. Fixes: 7c305de2 ("iwlwifi: mvm: Direct multicast frames to the correct station") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Ido Yariv authored
In the new method of parsing the NVM the disable_11n module parameter isn't consulted when setting up HT capabilities. Fix this. Signed-off-by: Ido Yariv <idox.yariv@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Johannes Berg authored
If the bandwidth is only 20 MHz, then the second channel doesn't exist, but the hardware reports the CRC was OK. Suppress the data of the second channel in the HE radiotap in this case, by marking it as not known. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Johannes Berg authored
This is the same as for SU PPDUs, so it's easy to do. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Johannes Berg authored
The GI duration depends on the frame type in some cases, take that into account when decoding for radiotap. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Johannes Berg authored
I evidently completely confused "number of LTF symbols" and "LTF size". Radiotap was reporting the former, while I thought it was the latter, and we really need both. Add the LTF symbol size into the newly defined field in radiotap. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Johannes Berg authored
Implement the extended HE-MU info type decoding to show the HE-SIG-B common contents in the HE-MU radiotap field. The DW4 data is partially overwritten by the hardware in all cases, so only the higher 16 bits can be used. To be able to use it for the HE SIG-B common data anyway, move the bits around in the following way: SIG-B common 0: DW 4 -> DW 7 SIG-B common 1: DW 7 -> DW 8 SIG-B common 2: DW 8 -> DW 4 (upper half) Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Luca Coelho authored
The Free Software Foundation address is superfluous and causes checkpatch to issue a warning when present. Remove all paragraphs with FSF's address to prevent that. Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Sara Sharon authored
We offloaded all the RX configuration of init to firmware. However, the configuration of interrupt coalescing was left hanging - it wasn't offloaded nor was it written by host. This write to the CSR is allowed in gen2, so the host can do it. Without it we have various issues with RX fullness. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Avraham Stern authored
The parameter that indicated whether the LQ command should be sent as sync or async was removed, causing the LQ command to be sent as sync from interrupt context (e.g. from the RX path). This resulted in a kernel warning: "scheduling while atomic" and failing to send the LQ command, which ultimately leads to a queue hang. Fix it by adding back the required parameter to send the command as sync only when it is allowed. Fixes: d94c5a82 ("iwlwifi: mvm: open BA session only when sta is authorized") Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Sara Sharon authored
When we receive TX response, we may release a few packets due to a hole that was closed in the transmission window. However, if that frame failed, we will mark all the released frames as failed and will send multiple BARs. This affects statistics badly, and cause unnecessary frames transmission. Instead, mark all the following packets as success, with the desired result of sending a bar for the failed frame only. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Sara Sharon authored
There is a bug in FW where the sequence control may be incorrect, and the driver overrides it with the value of the ieee80211 header. However, in BAR there is no sequence control in the header, which result with arbitrary sequence. This access to an unknown location is bad and it makes the logs very confusing - so fix it. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Emmanuel Grumbach authored
When the NIC is disconnected, we just can't do anything besides seeking for help from the bus driver. Dumping the device's memory is not necessary and just bloats the logs with unusable data. Moreover, asking mac80211 to restart the hardware is also useless. Bypass all this. Also, use the STATUS_TRANS_DEAD status bit instead of a bool inside the transport layer. The advantage of this is that now, the transport and the op_mode can know what is the situation and bypass the useless recovery steps mentioned above. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-
Erel Geron authored
The new coex schema requires moving to SISO only when BT AG is 4. Adjust the SISO criteria according to the coex schema version reported by firmware. Signed-off-by: Erel Geron <erelx.geron@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
-