- 28 Sep, 2023 10 commits
-
-
Sidhanta Sahu authored
Currently, firmware does not like when beacon mode is set as staggered mode for more than one beaconing vifs. Beacon mode for multiple beaconing (transmitted) vifs are expected to be in burst mode. So set beacon mode to burst mode by default. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Signed-off-by: Sidhanta Sahu <quic_sidhanta@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230905213943.12275-1-quic_sidhanta@quicinc.com
-
Aloka Dixit authored
Mac80211 does not set flags BSS_CHANGED_FILS_DISCOVERY and BSS_CHANGED_UNSOL_BCAST_PROBE_RESP if there are no updates to FILS discovery and unsolicited broadcast probe response transmission configurations respectively. For BSS change operations such as channel switch, this results in the transmissions getting stopped because the driver does not send WMI command to firmware if the flags are not set. Remove the checks for the flags to always send the existing configuration to firmware. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230905174324.25296-1-quic_alokad@quicinc.com
-
Wu Yunchuan authored
No need cast (void *) to (struct ath11k_base *), struct hal_rx_msdu_link *), (struct ath11k_buffer_addr *) or other types. Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230919045150.524304-1-yunchuan@nfschina.com
-
Wen Gong authored
Currently mac80211 will send 3 scan request for each scan of WCN7850, they are 2.4 GHz/5 GHz/6 GHz band scan. Firmware of WCN7850 will cache the RNR IE(Reduced Neighbor Report element) which exist in the beacon of 2.4 GHz/5 GHz of the AP which is co-located with 6 GHz, and then use the cache to scan in 6 GHz band scan if the 6 GHz scan is in the same scan with the 2.4 GHz/5 GHz band, this will helpful to search more AP of 6 GHz. Also it will decrease the time cost of scan because firmware will use dual-band scan for the 2.4 GHz/5 GHz, it means the 2.4 GHz and 5 GHz scans are doing simultaneously. Set the flag IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 since it supports 2.4 GHz/5 GHz/6 GHz in a single wiphy/ieee80211_hw. This does not impact QCN9274, because it is not single_phy, so does not have 2.4 GHz/5 GHz/6 GHz in the same wiphy, then it does not match the condition and then IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS will not set for QCN9274. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230913105507.17675-1-quic_wgong@quicinc.com
-
Wen Gong authored
Some firmware versions for WCN7850 report the default regdomain with alpha code "na" by default when load as a world wide regdomain, ath12k should treat it as a world wide alpha code. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230906090355.19181-1-quic_wgong@quicinc.com
-
Wen Gong authored
ath12k prints "Received scan event for unknown vdev" when doing the following test: 1. trigger scan 2. wait 0.2 second 3. iw reg set is issued or 11d scan complete event is sent from firmware Reason is: When iw reg set is issues or the 11d scan complete event is received, the new country code will be set to the firmware, and the new regdomain info indicated to ath12k, then the new channel list will be sent to the firmware. The firmware will cancel the current scan after receiving WMI_SCAN_CHAN_LIST_CMDID which is used for the new channel list, and the state of ath12k is ATH12K_SCAN_RUNNING, then ath12k_get_ar_on_scan_abort() returns NULL and ath12k_scan_event() returns at this point and does not indicate scan completion to mac80211. Indicate scan completion to mac80211 and get rid of the "Received scan event for unknown vdev" print for the above case. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230906085746.18968-1-quic_wgong@quicinc.com
-
Wen Gong authored
Scan failure can not be recovered from when running a loop of the following steps: 1. run scan: "iw wlan scan". 2. run command: echo assert > /sys/kernel/debug/ath12k/wcn7850\ hw2.0/simulate_fw_crash immediately after step 1. result: scan failed and can not recover even when wlan recovery succeeds: command failed: Device or resource busy (-16) reason: When scan arrives, WMI_START_SCAN_CMDID is sent to the firmware and function ath12k_mac_op_hw_scan() returns, then simulate_fw_crash arrives and the scan started event does not arrive, and then it starts to do recovery of wlan. __ath12k_mac_scan_finish() which is called from ath12k_core_halt() is one step of recovery, it will not call ieee80211_scan_completed() by logic currently because the scan state is ATH12K_SCAN_STARTING. Thus it leads the scan not being completed in mac80211, and leads all consecutive scans failing with -EBUSY in nl80211_trigger_scan even after wlan recovery success. Indicate scan complete with aborted flag to mac80211 for ATH12K_SCAN_STARTING to allow recovery from scan failed with "Device or resource busy (-16)" after wlan recovery. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230905105947.10369-1-quic_wgong@quicinc.com
-
Wen Gong authored
When firmware crashed while channel switch running, recovery starts in ath12k. Then ieee80211_sta_connection_lost() will be called by function ieee80211_restart_work() in mac80211. And then many WMI command timeout because firmware is crashed. Each WMI command cost 3 seconds, then the total time will be large and leads recovery fail. Hence change to set value ATH12K_FLAG_CRASH_FLUSH early and then ath12k_wmi_cmd_send() will not wait 3 seconds, then recovery will be started quickly and success. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230905105229.10090-1-quic_wgong@quicinc.com
-
Lingbo Kong authored
When hardware rfkill is enabled in the firmware, it will report the capability using WMI_SYS_CAP_INFO_RFKILL bit in the WMI_SERVICE_READY event to the host. Currently ath12k does not process this service capability. In order to support this, update ath12k to check if the capability is enabled, if so, send the GPIO information to firmware. When the firmware detects hardware rfkill is enabled by the user, it will report it using WMI_RFKILL_STATE_CHANGE_EVENTID. When ath12k receive the event, it will set the value of rfkill_radio_on based on whether radio_state is equal to WMI_RFKILL_RADIO_STATE_ON, then send WMI_PDEV_PARAM_RFKILL_ENABLE to firmware. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Lingbo Kong <quic_lingbok@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230906110412.182176-1-quic_lingbok@quicinc.com
-
Dmitry Antipov authored
Use 'kstrtoul_from_user()' in 'ath11k_write_file_spectral_count()' and 'ath11k_write_file_spectral_bins()' Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230824075121.121144-4-dmantipov@yandex.ru
-
- 21 Sep, 2023 16 commits
-
-
Dmitry Antipov authored
Remove set but otherwise unused 'wlan_init_status' and 'wmi_ready' members of 'struct ath11k_base', adjust 'ath11k_wmi_tlv_rdy_parse()' accordingly. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230824075121.121144-2-dmantipov@yandex.ru
-
Dmitry Antipov authored
In 'ath11k_dp_rx_mon_dest_process()', 'mon_dst_srng' points to a member of 'srng_list', which is a fixed-size array inside 'struct ath11k_hal'. This way, if 'ring_id' is valid (i. e. between 0 and HAL_SRNG_RING_ID_MAX - 1 inclusive), 'mon_dst_srng' can't be NULL and so relevant check may be dropped. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230824075121.121144-1-dmantipov@yandex.ru
-
Dmitry Antipov authored
Since 'user_stats' is a fixed-size array of 'struct htt_ppdu_user_stats' in 'struct htt_ppdu_stats', any of its member can't be NULL and so relevant check may be dropped. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230906093704.14001-1-dmantipov@yandex.ru
-
Baochen Qiang authored
Commit 5b32b6dd ("ath11k: Remove core PCI references from PCI common code") breaks with one MSI vector because it moves affinity setting after IRQ request, see below log: [ 1417.278835] ath11k_pci 0000:02:00.0: failed to receive control response completion, polling.. [ 1418.302829] ath11k_pci 0000:02:00.0: Service connect timeout [ 1418.302833] ath11k_pci 0000:02:00.0: failed to connect to HTT: -110 [ 1418.303669] ath11k_pci 0000:02:00.0: failed to start core: -110 The detail is, if do affinity request after IRQ activated, which is done in request_irq(), kernel caches that request and returns success directly. Later when a subsequent MHI interrupt is fired, kernel will do the real affinity setting work, as a result, changs the MSI vector. However at that time host has configured old vector to hardware, so host never receives CE or DP interrupts. Fix it by setting affinity before registering MHI controller where host is, for the first time, doing IRQ request. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1 Fixes: 5b32b6dd ("ath11k: Remove core PCI references from PCI common code") Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230907015606.16297-1-quic_bqiang@quicinc.com
-
Dmitry Antipov authored
According to Jeff, 'HTT_DATA_TX_STATUS_DOWNLOAD_FAIL' from 'enum htt_data_tx_status' is never actually used by the firmware code and so may be dropped, with the related adjustment to 'ath10k_htt_rx_tx_compl_ind()'. Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Found by Linux Verification Center (linuxtesting.org) with SVACE. Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230914160744.155903-1-dmantipov@yandex.ru
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct ath10k_ce_ring. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Kalle Valo <kvalo@kernel.org> Cc: Jeff Johnson <quic_jjohnson@quicinc.com> Cc: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230915200636.never.762-kees@kernel.org
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct wcn36xx_hal_ind_msg. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Loic Poulain <loic.poulain@linaro.org> Cc: Kalle Valo <kvalo@kernel.org> Cc: wcn36xx@lists.infradead.org Cc: linux-wireless@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230915200622.never.820-kees@kernel.org
-
Wu Yunchuan authored
No need cast (void*) to (struct hal_rx_ppdu_end_user_stats *), (struct ath12k_rx_desc_info *) or (struct hal_tx_msdu_ext_desc *). Change the prototype to remove the local variable. Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com> Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230919045142.524226-1-yunchuan@nfschina.com
-
Wu Yunchuan authored
No need cast (void*) to (struct htt_rx_ring_setup_ring32 *), (struct htt_rx_ring_setup_ring64 *). Change the prototype to remove the local variable. Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com> Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230919045056.523958-1-yunchuan@nfschina.com
-
Wu Yunchuan authored
No need cast (void *) to (struct ath6kl *) or (struct ath6kl_cookie *). Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230919045008.523730-1-yunchuan@nfschina.com
-
Wu Yunchuan authored
No need cast (void *) to (struct ath5k_hw *). Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com> Reviewed-by: Jiri Slaby <jirislaby@kernel.org> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230919044959.523576-1-yunchuan@nfschina.com
-
Wu Yunchuan authored
No need cast (void *) to other types such as (struct wcn36xx *), (struct wcn36xx_hal_update_scan_params_resp *), etc. Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230919044925.523403-1-yunchuan@nfschina.com
-
Wu Yunchuan authored
No need cast (void*) to (struct ar5523_cmd_hdr *). Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230919044906.523189-1-yunchuan@nfschina.com
-
Dongliang Mu authored
In ath9k_hif_usb_resume, the error handling code calls ath9k_hif_usb_dealloc_urbs twice in different paths. To unify the error handling code, we move the else branch before the if branch and drop one level of indentation of the if branch. In addition, move the ret variable at the end of variable declarations to be reverse x-mas tree order. Note that this patch does not incur any functionability change. Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn> Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org> Acked-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230905013556.2595854-1-dzm91@hust.edu.cn
-
Baochen Qiang authored
In ath12k_dp_tx(), if we reach fail_dma_unmap due to some errors, current code does DMA unmap unconditionally on skb_cb->paddr_ext_desc. However, skb_cb->paddr_ext_desc may be NULL and thus we get below warning: kernel: [ 8887.076212] WARNING: CPU: 3 PID: 0 at drivers/iommu/dma-iommu.c:1077 iommu_dma_unmap_page+0x79/0x90 Fix it by checking skb_cb->paddr_ext_desc before unmap it. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Fixes: d8899132 ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230830021131.5610-1-quic_bqiang@quicinc.com
-
Baochen Qiang authored
reg_cap.phy_id is extracted from WMI event and could be an unexpected value in case some errors happen. As a result out-of-bound write may occur to soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it. This is found during code review. Compile tested only. Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230830020716.5420-1-quic_bqiang@quicinc.com
-
- 20 Sep, 2023 10 commits
-
-
Dmitry Antipov authored
When compiling with clang 16.0.6 and CONFIG_FORTIFY_SOURCE=y, I've noticed the following (somewhat confusing due to absence of an actual source code location): In file included from drivers/net/wireless/ath/ath10k/debug.c:8: In file included from ./include/linux/module.h:13: In file included from ./include/linux/stat.h:19: In file included from ./include/linux/time.h:60: In file included from ./include/linux/time32.h:13: In file included from ./include/linux/timex.h:67: In file included from ./arch/x86/include/asm/timex.h:5: In file included from ./arch/x86/include/asm/processor.h:23: In file included from ./arch/x86/include/asm/msr.h:11: In file included from ./arch/x86/include/asm/cpumask.h:5: In file included from ./include/linux/cpumask.h:12: In file included from ./include/linux/bitmap.h:11: In file included from ./include/linux/string.h:254: ./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Wattribute-warning] __read_overflow2_field(q_size_field, size); The compiler actually complains on 'ath10k_debug_get_et_strings()' where fortification logic inteprets call to 'memcpy()' as an attempt to copy the whole 'ath10k_gstrings_stats' array from it's first member and so issues an overread warning. This warning may be silenced by passing an address of the whole array and not the first member to 'memcpy()'. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230829093652.234537-1-dmantipov@yandex.ru
-
Wen Gong authored
Sometimes board-2.bin does not have the board data which matched the parameters such as bus type, vendor, device, subsystem-vendor, subsystem-device, qmi-chip-id and qmi-board-id, then wlan will load fail. Hence add another type which only matches the bus type and qmi-chip-id, then the ratio of missing board data reduced. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230830060226.18664-1-quic_wgong@quicinc.com
-
Baochen Qiang authored
len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read in the following message iteration and parsing. The same issue also applies to ppdu_info->ppdu_stats.common.num_users, so validate it before using too. These are found during code review. Compile test only. Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230901015602.45112-1-quic_bqiang@quicinc.com
-
Wen Gong authored
Sometimes device recovery fail with this operation. Run test command for many times: echo assert > /sys/kernel/debug/ath12k/wcn7850\ hw2.0_0000\:03\:00.0/simulate_fw_crash While recovery start, ath12k_core_post_reconfigure_recovery() will call ieee80211_restart_hw(), and the restart_work which queued by ieee80211_restart_hw() is running in another thread, it will call into ath12k_mac_op_start() and ath12k_mac_wait_reconfigure(), and the variables ab->recovery_start_count and ab->recovery_start is used in ath12k_mac_wait_reconfigure(), so ath12k need to initialize the variables before queue the restart_work, otherwise ath12k_mac_wait_reconfigure() maybe use the un-initialized variables. Change to initialize the 2 variables earlier and then recovery process become correct. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230830060850.18881-1-quic_wgong@quicinc.com
-
Wen Gong authored
320 MHz bandwidth is reported only for single PHY mode for WCN7850, get it from WMI_HOST_HW_MODE_SINGLE ath12k_wmi_caps_ext_params and report it for 6 GHz band. After this patch, "iw list" shows 320 MHz support for WCN7850: EHT Iftypes: managed EHT PHY Capabilities: (0xe26f090010768800): 320MHz in 6GHz Supported EHT bw=320 MHz, max NSS for MCS 8-9: Rx=0, Tx=0 EHT bw=320 MHz, max NSS for MCS 10-11: Rx=0, Tx=0 EHT bw=320 MHz, max NSS for MCS 12-13: Rx=0, Tx=0 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong <quic_wgong@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230828040420.2165-1-quic_wgong@quicinc.com
-
Dmitry Antipov authored
When compiling with clang 16.0.6 and CONFIG_FORTIFY_SOURCE=y, I've noticed the following (somewhat confusing due to absence of an actual source code location): In file included from drivers/net/wireless/ath/ath9k/debug.c:17: In file included from ./include/linux/slab.h:16: In file included from ./include/linux/gfp.h:7: In file included from ./include/linux/mmzone.h:8: In file included from ./include/linux/spinlock.h:56: In file included from ./include/linux/preempt.h:79: In file included from ./arch/x86/include/asm/preempt.h:9: In file included from ./include/linux/thread_info.h:60: In file included from ./arch/x86/include/asm/thread_info.h:53: In file included from ./arch/x86/include/asm/cpufeature.h:5: In file included from ./arch/x86/include/asm/processor.h:23: In file included from ./arch/x86/include/asm/msr.h:11: In file included from ./arch/x86/include/asm/cpumask.h:5: In file included from ./include/linux/cpumask.h:12: In file included from ./include/linux/bitmap.h:11: In file included from ./include/linux/string.h:254: ./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Wattribute-warning] __read_overflow2_field(q_size_field, size); In file included from drivers/net/wireless/ath/ath9k/htc_drv_debug.c:17: In file included from drivers/net/wireless/ath/ath9k/htc.h:20: In file included from ./include/linux/module.h:13: In file included from ./include/linux/stat.h:19: In file included from ./include/linux/time.h:60: In file included from ./include/linux/time32.h:13: In file included from ./include/linux/timex.h:67: In file included from ./arch/x86/include/asm/timex.h:5: In file included from ./arch/x86/include/asm/processor.h:23: In file included from ./arch/x86/include/asm/msr.h:11: In file included from ./arch/x86/include/asm/cpumask.h:5: In file included from ./include/linux/cpumask.h:12: In file included from ./include/linux/bitmap.h:11: In file included from ./include/linux/string.h:254: ./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Wattribute-warning] __read_overflow2_field(q_size_field, size); The compiler actually complains on 'ath9k_get_et_strings()' and 'ath9k_htc_get_et_strings()' due to the same reason: fortification logic inteprets call to 'memcpy()' as an attempt to copy the whole array from it's first member and so issues an overread warning. These warnings may be silenced by passing an address of the whole array and not the first member to 'memcpy()'. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230829093856.234584-1-dmantipov@yandex.ru
-
Dmitry Antipov authored
Since both 'ar9550_hw_get_modes_txgain_index()' and 'ar9561_hw_get_modes_txgain_index()' never returns negative values, prefer 'u32' over 'int' and adjust 'ar9003_hw_process_ini()' accordingly. Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com> Acked-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230823182401.196270-2-dmantipov@yandex.ru
-
Dmitry Antipov authored
Since commit 8896934c ("ath9k_hw: remove direct accesses to channel mode flags") changes 'ar9550_hw_get_modes_txgain_index()' so it never returns -EINVAL, and 'ar9561_hw_get_modes_txgain_index()' never returns negative value too, an extra check in 'ar9003_hw_process_ini()' may be dropped. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com> Acked-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230823182401.196270-1-dmantipov@yandex.ru
-
Manish Dharanenthiran authored
Radar detection fails in the secondary 80 MHz when the the AP's primary 80 MHz is in non-DFS region in 160 MHz. This is due to WMI channel flag WMI_CHAN_INFO_DFS_FREQ2 is not set properly in case of the primary 80 MHz is in non-DFS region. HALPHY detects the radar pulses in the secondary 80 MHz only when WMI_CHAN_INFO_DFS_FREQ2 is set. Fix this issue by setting WMI channel flag WMI_CHAN_INFO_DFS_FREQ2 based on the radar_enabled flag from the channel context. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230802085852.19821-3-quic_mdharane@quicinc.com
-
Manish Dharanenthiran authored
Fix WARN_ON() from ath12k_mac_update_vif_chan() if vdev is not up. Since change_chanctx can be called even before vdev_up. Do vdev stop followed by a vdev start in case of vdev is down. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0-02903-QCAHKSWPL_SILICONZ-1 Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230802085852.19821-2-quic_mdharane@quicinc.com
-
- 05 Sep, 2023 4 commits
-
-
Muna Sinada authored
Correct parsing of reading offset for rx tid 16 bit bitmap. Incorrect offset caused peer rx mu stats tid bitmap to always be zero. This correction is in the software context and does not affect the firmware interface. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-00356-QCAHKSWPL_SILICONZ-1 Signed-off-by: Muna Sinada <quic_msinada@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/1692827868-15667-2-git-send-email-quic_msinada@quicinc.com
-
Muna Sinada authored
Remove references to reserved fields and add new info fields for struct hal_rx_ppdu_end_user_stats. Reserved fields should not be accessed, therefore existing references to it are to be changed to referencing specific info fields. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-00356-QCAHKSWPL_SILICONZ-1 Signed-off-by: Muna Sinada <quic_msinada@quicinc.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/1692827868-15667-1-git-send-email-quic_msinada@quicinc.com
-
Harshitha Prem authored
When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times because of handling the uninitialized peer fragments with fragment id of packet as 0. "__fls" would have an undefined behavior if the argument is passed as "0". Hence, added changes to handle the same. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Fixes: d8899132 ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230821130343.29495-3-quic_hprem@quicinc.com
-
Harshitha Prem authored
When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In the above scenario, a fragmented packet is received for self peer, for which rx_tid and rx_frags are not initialized in datapath. While handling this fragment, crash is observed as the rx_frag list is uninitialized and when we walk in ath12k_dp_rx_h_sort_frags, skb null leads to exception. To address this, before processing received fragments we check dp_setup_done flag is set to ensure that peer has completed its dp peer setup for fragment queue, else ignore processing the fragments. Call trace: PC points to "ath12k_dp_process_rx_err+0x4e8/0xfcc [ath12k]" LR points to "ath12k_dp_process_rx_err+0x480/0xfcc [ath12k]". The Backtrace obtained is as follows: ath12k_dp_process_rx_err+0x4e8/0xfcc [ath12k] ath12k_dp_service_srng+0x78/0x260 [ath12k] ath12k_pci_write32+0x990/0xb0c [ath12k] __napi_poll+0x30/0xa4 net_rx_action+0x118/0x270 __do_softirq+0x10c/0x244 irq_exit+0x64/0xb4 __handle_domain_irq+0x88/0xac gic_handle_irq+0x74/0xbc el1_irq+0xf0/0x1c0 arch_cpu_idle+0x10/0x18 do_idle+0x104/0x248 cpu_startup_entry+0x20/0x64 rest_init+0xd0/0xdc arch_call_rest_init+0xc/0x14 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230821130343.29495-2-quic_hprem@quicinc.com
-