1. 13 Dec, 2021 3 commits
  2. 09 Dec, 2021 8 commits
  3. 08 Dec, 2021 9 commits
    • Wen Gong's avatar
      ath10k: fix scan abort when duration is set for hw scan · 5a10537c
      Wen Gong authored
      When request scan with duration 120ms on channel 1, it failed with
      scan abort easily. Because scan_timeout is set to 130ms for the scan
      in ath10k_hw_scan(), and timed out before scan complete, so lead
      scan abort.
      
      failed log of ath10k:
      2021-04-14T14:43:29.936058Z DEBUG kernel: [67384.594846] ath10k_sdio mmc1:0001:1: wmi tlv start scan
      2021-04-14T14:43:29.937896Z DEBUG kernel: [67384.595820] ath10k_sdio mmc1:0001:1: scan event started type 1 reason 7 freq 2437 req_id 40961 scan_id 40960 vdev_id 0 state starting (1)
      2021-04-14T14:43:29.938357Z DEBUG kernel: [67384.596761] ath10k_sdio mmc1:0001:1: scan event bss channel type 4 reason 7 freq 2437 req_id 40961 scan_id 40960 vdev_id 0 state running (2)
      2021-04-14T14:43:29.992497Z DEBUG kernel: [67384.651013] ath10k_sdio mmc1:0001:1: scan event foreign channel type 8 reason 7 freq 2412 req_id 40961 scan_id 40960 vdev_id 0 state running (2)
      2021-04-14T14:43:30.063530Z DEBUG kernel: [67384.722139] ath10k_sdio mmc1:0001:1: wmi tlv stop scan
      2021-04-14T14:43:30.066592Z DEBUG kernel: [67384.724403] ath10k_sdio mmc1:0001:1: scan event completed [cancelled] type 2 reason 1 freq 2412 req_id 40961 scan_id 40960 vdev_id 0 state aborting (3)
      
      failed log of wpa_supplicant:
      2021-04-14T14:43:29.981842Z DEBUG wpa_supplicant[887]: wlan0: nl80211: scan request
      2021-04-14T14:43:29.981988Z DEBUG wpa_supplicant[887]: nl80211: Passive scan requested
      2021-04-14T14:43:29.982202Z DEBUG wpa_supplicant[887]: nl80211: Add NL80211_SCAN_FLAG_FLUSH
      2021-04-14T14:43:29.982339Z DEBUG wpa_supplicant[887]: Scan requested (ret=0) - scan timeout 30 seconds
      2021-04-14T14:43:29.982491Z DEBUG wpa_supplicant[887]: nl80211: Drv Event 33 (NL80211_CMD_TRIGGER_SCAN) received for wlan0
      2021-04-14T14:43:29.982629Z DEBUG wpa_supplicant[887]: wlan0: nl80211: Scan trigger
      2021-04-14T14:43:29.982779Z DEBUG wpa_supplicant[887]: wlan0: Event SCAN_STARTED (47) received
      2021-04-14T14:43:29.982920Z DEBUG wpa_supplicant[887]: wlan0: Own scan request started a scan in 0.000175 seconds
      2021-04-14T14:43:30.082401Z DEBUG wpa_supplicant[887]: nl80211: Drv Event 35 (NL80211_CMD_SCAN_ABORTED) received for wlan0
      2021-04-14T14:43:30.082704Z DEBUG wpa_supplicant[887]: wlan0: nl80211: Scan aborted
      2021-04-14T14:43:30.082905Z DEBUG wpa_supplicant[887]: nl80211: Scan included frequencies: 2412
      2021-04-14T14:43:30.083123Z DEBUG wpa_supplicant[887]: wlan0: Event SCAN_RESULTS (3) received
      2021-04-14T14:43:30.083310Z DEBUG wpa_supplicant[887]: wlan0: Scan completed in 0.128655 seconds
      
      This is to increase the scan_timeout with 200ms for this situation,
      then scan will not timed out for this situation.
      
      Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20211026025902.26621-1-quic_wgong@quicinc.com
      5a10537c
    • Sebastian Gottschall's avatar
      ath10k: Fix tx hanging · e8a91863
      Sebastian Gottschall authored
      While running stress tests in roaming scenarios (switching ap's every 5
      seconds, we discovered a issue which leads to tx hangings of exactly 5
      seconds while or after scanning for new accesspoints. We found out that
      this hanging is triggered by ath10k_mac_wait_tx_complete since the
      empty_tx_wq was not wake when the num_tx_pending counter reaches zero.
      To fix this, we simply move the wake_up call to htt_tx_dec_pending,
      since this call was missed on several locations within the ath10k code.
      Signed-off-by: default avatarSebastian Gottschall <s.gottschall@dd-wrt.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20210505085806.11474-1-s.gottschall@dd-wrt.com
      e8a91863
    • Peter Oh's avatar
      ath: regdom: extend South Korea regulatory domain support · dec05cdf
      Peter Oh authored
      South Korea manufacturer, Samsung, has extended South Korea
      regulatory domain pair with 0x5F and has used it for their
      devices such as Samsung Galaxy book. Hence add support
      0x5F as a regulatory domain pair along with extended country
      code, 413.
      Signed-off-by: default avatarPeter Oh <ebmajor.dev@gmail.com>
      Signed-off-by: default avatarAndreas Tepe <andreas.tepe@debitel.net>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20210915185611.6195-1-ebmajor.dev@gmail.com
      dec05cdf
    • Wen Gong's avatar
      ath11k: add wait operation for tx management packets for flush from mac80211 · dddaa64d
      Wen Gong authored
      In ath11k, tx of management packet is doing in a work queue. Sometimes
      the workqueue does not finish tx immediately, then it lead after the next
      step of vdev delete finished, it start to send the management packet to
      firmware and lead firmware crash.
      
      ieee80211_set_disassoc() have logic of ieee80211_flush_queues() after
      it send_deauth_disassoc() to ath11k, its purpose is make sure the
      deauth was actually sent, so it need to change ath11k to match the
      purpose of mac80211.
      
      To address these issue wait for tx mgmt as well as tx data packets.
      
      dmesg log of connect/disconnect to AP:
      [  307.522226] wls1: authenticate with 62:66:e4:e9:6a:a9
      [  307.586565] wls1: send auth to 62:66:e4:e9:6a:a9 (try 1/3)
      [  307.586581] ath11k_pci 0000:05:00.0: mac tx mgmt frame, buf id 0
      [  307.586922] ath11k_pci 0000:05:00.0: mac tx mgmt frame, vdev_id 0
      [  307.590179] ath11k_pci 0000:05:00.0: wmi mgmt tx comp pending 0 desc id 0
      [  307.590181] ath11k_pci 0000:05:00.0: mgmt tx compl ev pdev_id 2, desc_id 0, status 0
      [  307.598699] wls1: authenticated
      [  307.599483] wls1: associate with 62:66:e4:e9:6a:a9 (try 1/3)
      [  307.599506] ath11k_pci 0000:05:00.0: mac tx mgmt frame, buf id 0
      [  307.599519] ath11k_pci 0000:05:00.0: mac tx mgmt frame, vdev_id 0
      [  307.603059] ath11k_pci 0000:05:00.0: wmi mgmt tx comp pending 0 desc id 0
      [  307.603063] ath11k_pci 0000:05:00.0: mgmt tx compl ev pdev_id 2, desc_id 0, status 0
      [  307.637105] wls1: associated
      [  317.365239] wls1: deauthenticating from 62:66:e4:e9:6a:a9 by local choice (Reason: 3=DEAUTH_LEAVING)
      [  317.368104] ath11k_pci 0000:05:00.0: mac tx mgmt frame, buf id 0
      [  317.372622] ath11k_pci 0000:05:00.0: mac tx mgmt frame, vdev_id 0
      [  317.378320] ath11k_pci 0000:05:00.0: wmi mgmt tx comp pending 0 desc id 0
      [  317.378330] ath11k_pci 0000:05:00.0: mgmt tx compl ev pdev_id 2, desc_id 0, status 0
      [  317.378359] ath11k_pci 0000:05:00.0: mac mgmt tx flush mgmt pending 0
      [  317.421066] ath11k_pci 0000:05:00.0: mac mgmt tx flush mgmt pending 0
      [  317.421427] ath11k_pci 0000:05:00.0: mac remove interface (vdev 0)
      
      Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01230-QCAHSTSWPLZ_V2_TO_X86-1
      Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20211202063705.14321-1-quic_wgong@quicinc.com
      dddaa64d
    • Christophe JAILLET's avatar
      carl9170: Use the bitmap API when applicable · 6273c972
      Christophe JAILLET authored
      Use 'bitmap_zalloc()' to simplify code, improve the semantic and avoid some
      open-coded arithmetic in allocator arguments.
      
      Note, that this 'bitmap_zalloc()' divides by BITS_PER_LONG the amount of
      memory allocated.
      The 'roundup()' used to computed the number of needed long should have
      been a DIV_ROUND_UP.
      
      
      Also change the corresponding 'kfree()' into 'bitmap_free()' to keep
      consistency.
      
      Use 'bitmap_zero()' to avoid hand writing it.
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Acked-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/1fe18fb73f71d855043c40c83865ad539f326478.1638396221.git.christophe.jaillet@wanadoo.fr
      6273c972
    • Loic Poulain's avatar
      wcn36xx: Fix max channels retrieval · 09cab430
      Loic Poulain authored
      Kernel test robot reported:drivers/net/wireless/ath/wcn36xx/smd.c:943:33:
         sparse: sparse: cast truncates bits from constant value (780 becomes 80)
      
      The 'channels' field is not a simple u8 array but an array of
      channel_params. Using sizeof for retrieving the max number of
      channels is then wrong.
      
      In practice, it was not an issue, because the sizeof returned
      value is 780, which is truncated in min_t (u8) to 80, which is
      the value we expect...
      
      Fix that properly using ARRAY_SIZE instead of sizeof.
      
      Fixes: d707f812 ("wcn36xx: Channel list update before hardware scan")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarLoic Poulain <loic.poulain@linaro.org>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/1638435732-14657-1-git-send-email-loic.poulain@linaro.org
      09cab430
    • Wen Gong's avatar
      ath11k: add 11d scan offload support · 9dcf6808
      Wen Gong authored
      Add handler for WMI_11D_NEW_COUNTRY_EVENTID, WMI_11D_SCAN_START_CMDID,
      WMI_11D_SCAN_STOP_CMDID.
      
      After vdev create for STATION, send WMI_11D_SCAN_START_CMDID to firmware
      and wait firmware complete it, the scan from mac80211 also need to wait
      the 11d scan finished, and send WMI_11D_SCAN_STOP_CMDID to firmware
      before vdev delete for STATION.
      
      Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01230-QCAHSTSWPLZ_V2_TO_X86-1
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20211201071745.17746-4-quic_wgong@quicinc.com
      9dcf6808
    • Wen Gong's avatar
      ath11k: add configure country code for QCA6390 and WCN6855 · 0b05ddad
      Wen Gong authored
      Add handler to send WMI_SET_CURRENT_COUNTRY_CMDID to firmware which
      is used for QCA6390 and WCN6855.
      
      Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1
      Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20211201071745.17746-3-quic_wgong@quicinc.com
      0b05ddad
    • Wen Gong's avatar
      ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work · ed05c7cf
      Wen Gong authored
      When enable debug config, it print below warning while shut down wlan
      interface shuh as run "ifconfig wlan0 down".
      
      The reason is because ar->regd_update_work is ran once, and it is will
      call wiphy_lock(ar->hw->wiphy) in function ath11k_regd_update() which
      is running in workqueue of ieee80211_local queued by ieee80211_queue_work().
      Another thread from "ifconfig wlan0 down" will also accuqire the lock
      by wiphy_lock(sdata->local->hw.wiphy) in function ieee80211_stop(), and
      then it call ieee80211_stop_device() to flush_workqueue(local->workqueue),
      this will wait the workqueue of ieee80211_local finished. Then deadlock
      will happen easily if the two thread run meanwhile.
      
      Below warning disappeared after this change.
      
      [  914.088798] ath11k_pci 0000:05:00.0: mac remove interface (vdev 0)
      [  914.088806] ath11k_pci 0000:05:00.0: mac stop 11d scan
      [  914.088810] ath11k_pci 0000:05:00.0: mac stop 11d vdev id 0
      [  914.088827] ath11k_pci 0000:05:00.0: htc ep 2 consumed 1 credits (total 0)
      [  914.088841] ath11k_pci 0000:05:00.0: send 11d scan stop vdev id 0
      [  914.088849] ath11k_pci 0000:05:00.0: htc insufficient credits ep 2 required 1 available 0
      [  914.088856] ath11k_pci 0000:05:00.0: htc insufficient credits ep 2 required 1 available 0
      [  914.096434] ath11k_pci 0000:05:00.0: rx ce pipe 2 len 16
      [  914.096442] ath11k_pci 0000:05:00.0: htc ep 2 got 1 credits (total 1)
      [  914.096481] ath11k_pci 0000:05:00.0: htc ep 2 consumed 1 credits (total 0)
      [  914.096491] ath11k_pci 0000:05:00.0: WMI vdev delete id 0
      [  914.111598] ath11k_pci 0000:05:00.0: rx ce pipe 2 len 16
      [  914.111628] ath11k_pci 0000:05:00.0: htc ep 2 got 1 credits (total 1)
      [  914.114659] ath11k_pci 0000:05:00.0: rx ce pipe 2 len 20
      [  914.114742] ath11k_pci 0000:05:00.0: htc rx completion ep 2 skb         pK-error
      [  914.115977] ath11k_pci 0000:05:00.0: vdev delete resp for vdev id 0
      [  914.116685] ath11k_pci 0000:05:00.0: vdev 00:03:7f:29:61:11 deleted, vdev_id 0
      
      [  914.117583] ======================================================
      [  914.117592] WARNING: possible circular locking dependency detected
      [  914.117600] 5.16.0-rc1-wt-ath+ #1 Tainted: G           OE
      [  914.117611] ------------------------------------------------------
      [  914.117618] ifconfig/2805 is trying to acquire lock:
      [  914.117628] ffff9c00a62bb548 ((wq_completion)phy0){+.+.}-{0:0}, at: flush_workqueue+0x87/0x470
      [  914.117674]
                     but task is already holding lock:
      [  914.117682] ffff9c00baea07d0 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_stop+0x38/0x180 [mac80211]
      [  914.117872]
                     which lock already depends on the new lock.
      
      [  914.117880]
                     the existing dependency chain (in reverse order) is:
      [  914.117888]
                     -> #3 (&rdev->wiphy.mtx){+.+.}-{4:4}:
      [  914.117910]        __mutex_lock+0xa0/0x9c0
      [  914.117930]        mutex_lock_nested+0x1b/0x20
      [  914.117944]        reg_process_self_managed_hints+0x3a/0xb0 [cfg80211]
      [  914.118093]        wiphy_regulatory_register+0x47/0x80 [cfg80211]
      [  914.118229]        wiphy_register+0x84f/0x9c0 [cfg80211]
      [  914.118353]        ieee80211_register_hw+0x6b1/0xd90 [mac80211]
      [  914.118486]        ath11k_mac_register+0x6af/0xb60 [ath11k]
      [  914.118550]        ath11k_core_qmi_firmware_ready+0x383/0x4a0 [ath11k]
      [  914.118598]        ath11k_qmi_driver_event_work+0x347/0x4a0 [ath11k]
      [  914.118656]        process_one_work+0x228/0x670
      [  914.118669]        worker_thread+0x4d/0x440
      [  914.118680]        kthread+0x16d/0x1b0
      [  914.118697]        ret_from_fork+0x22/0x30
      [  914.118714]
                     -> #2 (rtnl_mutex){+.+.}-{4:4}:
      [  914.118736]        __mutex_lock+0xa0/0x9c0
      [  914.118751]        mutex_lock_nested+0x1b/0x20
      [  914.118767]        rtnl_lock+0x17/0x20
      [  914.118783]        ath11k_regd_update+0x15a/0x260 [ath11k]
      [  914.118841]        ath11k_regd_update_work+0x15/0x20 [ath11k]
      [  914.118897]        process_one_work+0x228/0x670
      [  914.118909]        worker_thread+0x4d/0x440
      [  914.118920]        kthread+0x16d/0x1b0
      [  914.118934]        ret_from_fork+0x22/0x30
      [  914.118948]
                     -> #1 ((work_completion)(&ar->regd_update_work)){+.+.}-{0:0}:
      [  914.118972]        process_one_work+0x1fa/0x670
      [  914.118984]        worker_thread+0x4d/0x440
      [  914.118996]        kthread+0x16d/0x1b0
      [  914.119010]        ret_from_fork+0x22/0x30
      [  914.119023]
                     -> #0 ((wq_completion)phy0){+.+.}-{0:0}:
      [  914.119045]        __lock_acquire+0x146d/0x1cf0
      [  914.119057]        lock_acquire+0x19b/0x360
      [  914.119067]        flush_workqueue+0xae/0x470
      [  914.119084]        ieee80211_stop_device+0x3b/0x50 [mac80211]
      [  914.119260]        ieee80211_do_stop+0x5d7/0x830 [mac80211]
      [  914.119409]        ieee80211_stop+0x45/0x180 [mac80211]
      [  914.119557]        __dev_close_many+0xb3/0x120
      [  914.119573]        __dev_change_flags+0xc3/0x1d0
      [  914.119590]        dev_change_flags+0x29/0x70
      [  914.119605]        devinet_ioctl+0x653/0x810
      [  914.119620]        inet_ioctl+0x193/0x1e0
      [  914.119631]        sock_do_ioctl+0x4d/0xf0
      [  914.119649]        sock_ioctl+0x262/0x340
      [  914.119665]        __x64_sys_ioctl+0x96/0xd0
      [  914.119678]        do_syscall_64+0x3d/0xd0
      [  914.119694]        entry_SYSCALL_64_after_hwframe+0x44/0xae
      [  914.119709]
                     other info that might help us debug this:
      
      [  914.119717] Chain exists of:
                       (wq_completion)phy0 --> rtnl_mutex --> &rdev->wiphy.mtx
      
      [  914.119745]  Possible unsafe locking scenario:
      
      [  914.119752]        CPU0                    CPU1
      [  914.119758]        ----                    ----
      [  914.119765]   lock(&rdev->wiphy.mtx);
      [  914.119778]                                lock(rtnl_mutex);
      [  914.119792]                                lock(&rdev->wiphy.mtx);
      [  914.119807]   lock((wq_completion)phy0);
      [  914.119819]
                      *** DEADLOCK ***
      
      [  914.119827] 2 locks held by ifconfig/2805:
      [  914.119837]  #0: ffffffffba3dc010 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x17/0x20
      [  914.119872]  #1: ffff9c00baea07d0 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_stop+0x38/0x180 [mac80211]
      [  914.120039]
                     stack backtrace:
      [  914.120048] CPU: 0 PID: 2805 Comm: ifconfig Tainted: G           OE     5.16.0-rc1-wt-ath+ #1
      [  914.120064] Hardware name: LENOVO 418065C/418065C, BIOS 83ET63WW (1.33 ) 07/29/2011
      [  914.120074] Call Trace:
      [  914.120084]  <TASK>
      [  914.120094]  dump_stack_lvl+0x73/0xa4
      [  914.120119]  dump_stack+0x10/0x12
      [  914.120135]  print_circular_bug.isra.44+0x221/0x2e0
      [  914.120165]  check_noncircular+0x106/0x150
      [  914.120203]  __lock_acquire+0x146d/0x1cf0
      [  914.120215]  ? __lock_acquire+0x146d/0x1cf0
      [  914.120245]  lock_acquire+0x19b/0x360
      [  914.120259]  ? flush_workqueue+0x87/0x470
      [  914.120286]  ? lockdep_init_map_type+0x6b/0x250
      [  914.120310]  flush_workqueue+0xae/0x470
      [  914.120327]  ? flush_workqueue+0x87/0x470
      [  914.120344]  ? lockdep_hardirqs_on+0xd7/0x150
      [  914.120391]  ieee80211_stop_device+0x3b/0x50 [mac80211]
      [  914.120565]  ? ieee80211_stop_device+0x3b/0x50 [mac80211]
      [  914.120736]  ieee80211_do_stop+0x5d7/0x830 [mac80211]
      [  914.120906]  ieee80211_stop+0x45/0x180 [mac80211]
      [  914.121060]  __dev_close_many+0xb3/0x120
      [  914.121081]  __dev_change_flags+0xc3/0x1d0
      [  914.121109]  dev_change_flags+0x29/0x70
      [  914.121131]  devinet_ioctl+0x653/0x810
      [  914.121149]  ? __might_fault+0x77/0x80
      [  914.121179]  inet_ioctl+0x193/0x1e0
      [  914.121194]  ? inet_ioctl+0x193/0x1e0
      [  914.121218]  ? __might_fault+0x77/0x80
      [  914.121238]  ? _copy_to_user+0x68/0x80
      [  914.121266]  sock_do_ioctl+0x4d/0xf0
      [  914.121283]  ? inet_stream_connect+0x60/0x60
      [  914.121297]  ? sock_do_ioctl+0x4d/0xf0
      [  914.121329]  sock_ioctl+0x262/0x340
      [  914.121347]  ? sock_ioctl+0x262/0x340
      [  914.121362]  ? exit_to_user_mode_prepare+0x13b/0x280
      [  914.121388]  ? syscall_enter_from_user_mode+0x20/0x50
      [  914.121416]  __x64_sys_ioctl+0x96/0xd0
      [  914.121430]  ? br_ioctl_call+0x90/0x90
      [  914.121445]  ? __x64_sys_ioctl+0x96/0xd0
      [  914.121465]  do_syscall_64+0x3d/0xd0
      [  914.121482]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [  914.121497] RIP: 0033:0x7f0ed051737b
      [  914.121513] Code: 0f 1e fa 48 8b 05 15 3b 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e5 3a 0d 00 f7 d8 64 89 01 48
      [  914.121527] RSP: 002b:00007fff7be38b98 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
      [  914.121544] RAX: ffffffffffffffda RBX: 00007fff7be38ba0 RCX: 00007f0ed051737b
      [  914.121555] RDX: 00007fff7be38ba0 RSI: 0000000000008914 RDI: 0000000000000004
      [  914.121566] RBP: 00007fff7be38c60 R08: 000000000000000a R09: 0000000000000001
      [  914.121576] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000fffffffe
      [  914.121586] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
      [  914.121620]  </TASK>
      
      Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20211201071745.17746-2-quic_wgong@quicinc.com
      ed05c7cf
  4. 07 Dec, 2021 5 commits
  5. 29 Nov, 2021 1 commit
    • Sriram R's avatar
      ath11k: Avoid NULL ptr access during mgmt tx cleanup · a93789ae
      Sriram R authored
      Currently 'ar' reference is not added in skb_cb during
      WMI mgmt tx. Though this is generally not used during tx completion
      callbacks, on interface removal the remaining idr cleanup callback
      uses the ar ptr from skb_cb from mgmt txmgmt_idr. Hence
      fill them during tx call for proper usage.
      
      Also free the skb which is missing currently in these
      callbacks.
      
      Crash_info:
      
      [19282.489476] Unable to handle kernel NULL pointer dereference at virtual address 00000000
      [19282.489515] pgd = 91eb8000
      [19282.496702] [00000000] *pgd=00000000
      [19282.502524] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
      [19282.783728] PC is at ath11k_mac_vif_txmgmt_idr_remove+0x28/0xd8 [ath11k]
      [19282.789170] LR is at idr_for_each+0xa0/0xc8
      
      Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-00729-QCAHKSWPL_SILICONZ-3 v2
      Signed-off-by: default avatarSriram R <quic_srirrama@quicinc.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Link: https://lore.kernel.org/r/1637832614-13831-1-git-send-email-quic_srirrama@quicinc.com
      a93789ae
  6. 26 Nov, 2021 2 commits
  7. 24 Nov, 2021 3 commits
  8. 22 Nov, 2021 9 commits