1. 23 Nov, 2016 13 commits
    • Lior David's avatar
      wil6210: align to latest auto generated wmi.h · cbf795c1
      Lior David authored
      Align to latest version of the auto generated wmi file
      describing the interface with FW.
      Signed-off-by: default avatarLior David <qca_liord@qca.qualcomm.com>
      Signed-off-by: default avatarMaya Erez <qca_merez@qca.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      cbf795c1
    • Maya Erez's avatar
      wil6210: add support for abort scan · 035859a5
      Maya Erez authored
      Implement cfg80211 abort_scan op to allow the upper layer to
      abort an ongoing scan request.
      In addition, notify wil6210 device on scan abort request instead
      of just ignoring the scan response.
      Signed-off-by: default avatarMaya Erez <qca_merez@qca.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      035859a5
    • Lior David's avatar
      wil6210: fix deadlock when using fw_no_recovery option · dfb5b098
      Lior David authored
      When FW crashes with no_fw_recovery option, driver
      waits for manual recovery with wil->mutex held, this
      can easily create deadlocks.
      Fix the problem by moving the wait outside the lock.
      Signed-off-by: default avatarLior David <qca_liord@qca.qualcomm.com>
      Signed-off-by: default avatarMaya Erez <qca_merez@qca.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      dfb5b098
    • Maya Erez's avatar
      wil6210: add support for power save enable / disable · 2c207eb8
      Maya Erez authored
      New power management wmi commands provide the ability to change
      the device power save profile (enable / disable power save).
      Signed-off-by: default avatarMaya Erez <qca_merez@qca.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      2c207eb8
    • Dedy Lansky's avatar
      wil6210: fix net queue stop/wake · f9e3033f
      Dedy Lansky authored
      Driver calls to netif_tx_stop_all_queues/netif_tx_wake_all_queues are
      inconsistent. In several cases, driver can get to a situation where net
      queues are stopped forever and data cannot be sent.
      
      The fix is to stop net queues if there is at least one vring which is
      "full" and to wake net queues if all vrings are not "full".
      Signed-off-by: default avatarDedy Lansky <qca_dlansky@qca.qualcomm.com>
      Signed-off-by: default avatarMaya Erez <qca_merez@qca.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      f9e3033f
    • Miaoqing Pan's avatar
      ath9k: fix NULL pointer dereference · 40bea976
      Miaoqing Pan authored
      relay_open() may return NULL, check the return value to avoid the crash.
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
      IP: [<ffffffffa01a95c5>] ath_cmn_process_fft+0xd5/0x700 [ath9k_common]
      PGD 41cf28067 PUD 41be92067 PMD 0
      Oops: 0000 [#1] SMP
      CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.8.6+ #35
      Hardware name: Hewlett-Packard h8-1080t/2A86, BIOS 6.15    07/04/2011
      task: ffffffff81e0c4c0 task.stack: ffffffff81e00000
      RIP: 0010:[<ffffffffa01a95c5>] [<ffffffffa01a95c5>] ath_cmn_process_fft+0xd5/0x700 [ath9k_common]
      RSP: 0018:ffff88041f203ca0 EFLAGS: 00010293
      RAX: 0000000000000000 RBX: 000000000000059f RCX: 0000000000000000
      RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffffffff81f0ca98
      RBP: ffff88041f203dc8 R08: ffffffffffffffff R09: 00000000000000ff
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      R13: ffffffff81f0ca98 R14: 0000000000000000 R15: 0000000000000000
      FS:  0000000000000000(0000) GS:ffff88041f200000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000040 CR3: 000000041b6ec000 CR4: 00000000000006f0
      Stack:
      0000000000000363 00000000000003f3 00000000000003f3 00000000000001f9
      000000000000049a 0000000001252c04 ffff88041f203e44 ffff880417b4bfd0
      0000000000000008 ffff88041785b9c0 0000000000000002 ffff88041613dc60
      
      Call Trace:
      <IRQ>
      [<ffffffffa01b6441>] ath9k_tasklet+0x1b1/0x220 [ath9k]
      [<ffffffff8105d8dd>] tasklet_action+0x4d/0xf0
      [<ffffffff8105dde2>] __do_softirq+0x92/0x2a0
      Reported-by: default avatarDevin Tuchsen <devin.tuchsen@gmail.com>
      Tested-by: default avatarDevin Tuchsen <devin.tuchsen@gmail.com>
      Signed-off-by: default avatarMiaoqing Pan <miaoqing@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      40bea976
    • Matthias Schiffer's avatar
      ath9k: fix ath9k_hw_gpio_get() to return 0 or 1 on success · 91851cc7
      Matthias Schiffer authored
      Commit b2d70d49 ("ath9k: make GPIO API to support both of WMAC and
      SOC") refactored ath9k_hw_gpio_get() to support both WMAC and SOC GPIOs,
      changing the return on success from 1 to BIT(gpio). This broke some callers
      like ath_is_rfkill_set(). This doesn't fix any known bug in mainline at the
      moment, but should be fixed anyway.
      
      Instead of fixing all callers, change ath9k_hw_gpio_get() back to only
      return 0 or 1.
      
      Fixes: b2d70d49 ("ath9k: make GPIO API to support both of WMAC and SOC")
      Cc: <stable@vger.kernel.org> # v4.7+
      Signed-off-by: default avatarMatthias Schiffer <mschiffer@universe-factory.net>
      [kvalo@qca.qualcomm.com: mention that doesn't fix any known bug]
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      91851cc7
    • Michal Kazior's avatar
      ath10k: add spectral scan support to wmi-tlv · 5a401f36
      Michal Kazior authored
      Command structure and event flow doesn't seem to
      be any different compared to existing
      implementation for other firmware branches.
      
      This patch effectively adds in-driver support for
      spectral scanning on QCA61x4 and QCA9377.
      
      Tested QCA9377 w/ WLAN.TF.1.0-00267-1.
      Signed-off-by: default avatarMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      5a401f36
    • Michal Kazior's avatar
      ath10k: fix null deref on wmi-tlv when trying spectral scan · 18ae68ff
      Michal Kazior authored
      WMI ops wrappers did not properly check for null
      function pointers for spectral scan. This caused
      null dereference crash with WMI-TLV based firmware
      which doesn't implement spectral scan.
      
      The crash could be triggered with:
      
        ip link set dev wlan0 up
        echo background > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl
      
      The crash looked like this:
      
        [  168.031989] BUG: unable to handle kernel NULL pointer dereference at           (null)
        [  168.037406] IP: [<          (null)>]           (null)
        [  168.040395] PGD cdd4067 PUD fa0f067 PMD 0
        [  168.043303] Oops: 0010 [#1] SMP
        [  168.045377] Modules linked in: ath10k_pci(O) ath10k_core(O) ath mac80211 cfg80211 [last unloaded: cfg80211]
        [  168.051560] CPU: 1 PID: 1380 Comm: bash Tainted: G        W  O    4.8.0 #78
        [  168.054336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
        [  168.059183] task: ffff88000c460c00 task.stack: ffff88000d4bc000
        [  168.061736] RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
        ...
        [  168.100620] Call Trace:
        [  168.101910]  [<ffffffffa03b9566>] ? ath10k_spectral_scan_config+0x96/0x200 [ath10k_core]
        [  168.104871]  [<ffffffff811386e2>] ? filemap_fault+0xb2/0x4a0
        [  168.106696]  [<ffffffffa03b97e6>] write_file_spec_scan_ctl+0x116/0x280 [ath10k_core]
        [  168.109618]  [<ffffffff812da3a1>] full_proxy_write+0x51/0x80
        [  168.111443]  [<ffffffff811957b8>] __vfs_write+0x28/0x120
        [  168.113090]  [<ffffffff812f1a2d>] ? security_file_permission+0x3d/0xc0
        [  168.114932]  [<ffffffff8109b912>] ? percpu_down_read+0x12/0x60
        [  168.116680]  [<ffffffff811965f8>] vfs_write+0xb8/0x1a0
        [  168.118293]  [<ffffffff81197966>] SyS_write+0x46/0xa0
        [  168.119912]  [<ffffffff818f2972>] entry_SYSCALL_64_fastpath+0x1a/0xa4
        [  168.121737] Code:  Bad RIP value.
        [  168.123318] RIP  [<          (null)>]           (null)
      Signed-off-by: default avatarMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      18ae68ff
    • Pedersen, Thomas's avatar
      ath10k: remove set/get_tsf ieee80211_ops · f6f64cfb
      Pedersen, Thomas authored
      Neither of these did the right thing:
      
      - get_tsf just returned 0
      - set_tsf assumed a simple offset was applied against
        get_tsf(), which works, except in the case of
        calculating TSF from rx_mactime (actual TSF).
      
      Just remove them for now. We can reimplement set_tsf in
      terms of TSF increment/decrement in the future if get_tsf
      is ever supported by FW.
      Signed-off-by: default avatarThomas Pedersen <twp@qca.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      f6f64cfb
    • Pedersen, Thomas's avatar
      ath10k: implement offset_tsf ieee80211_op · 973324ff
      Pedersen, Thomas authored
      Current set_tsf is implemented in terms of TSF_INCREMENT
      only. Instead support new WMI command TSF_DECREMENT and
      export these through offset_tsf. Advantage is we get
      more accurate TSF adjustments, and don't calculate wrong
      offset in case absolute TSF was calculated from rx_mactime
      (actual TSF).
      
      The new WMI command is available in firmware
      10.4-3.2.1-00033 for QCA4019 chips. Old drivers on new
      firmware or vice versa shouldn't  be a problem since
      get/set tsf logic was already broken.
      Signed-off-by: default avatarThomas Pedersen <twp@qca.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      973324ff
    • Rajkumar Manoharan's avatar
      ath10k: advertize hardware packet loss mechanism · ff32eeb8
      Rajkumar Manoharan authored
      Indicate hardware (or firmware) supports that CQM packet-loss report
      will be generated based on station kickout algorithm. As of now mac80211
      tracks connection loss by missing msdu counts (50) whereas ath10k
      firmware tracks them by missing ppdus (+ BAR tries). While firmware is
      trying to adapt its rate table, mac80211 might send out low_ack event to
      hostapd. This is causing frequent connect and disconnect iteration under
      noisy environment or when station is roaming around.
      Signed-off-by: default avatarRajkumar Manoharan <rmanohar@qti.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      ff32eeb8
    • Kalle Valo's avatar
      Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git · e644b88e
      Kalle Valo authored
      ath.git patches for 4.10. Major changes:
      
      ath9k
      
      * add device tree bindings
      * switch to use mac80211 intermediate software queues to reduce
        latency and fix bufferbloat
      e644b88e
  2. 19 Nov, 2016 15 commits
  3. 18 Nov, 2016 3 commits
  4. 17 Nov, 2016 9 commits
    • Ricky Liang's avatar
      mwifiex: fix memory leak in mwifiex_save_hidden_ssid_channels() · 5ff26222
      Ricky Liang authored
      kmemleak reports memory leak in mwifiex_save_hidden_ssid_channels():
      
      unreferenced object 0xffffffc0a2914780 (size 192):
        comm "ksdioirqd/mmc2", pid 2004, jiffies 4307182506 (age 820.684s)
        hex dump (first 32 bytes):
          00 06 47 49 4e 2d 32 67 01 03 c8 60 6c 03 01 40  ..GIN-2g...`l..@
          07 10 54 57 20 34 04 1e 64 05 24 84 03 24 95 04  ..TW 4..d.$..$..
        backtrace:
          [<ffffffc0003375f4>] create_object+0x164/0x2b4
          [<ffffffc0008e3530>] kmemleak_alloc+0x50/0x88
          [<ffffffc000335120>] __kmalloc_track_caller+0x1bc/0x264
          [<ffffffc00030899c>] kmemdup+0x38/0x64
          [<ffffffbffc2311cc>] mwifiex_fill_new_bss_desc+0x3c/0x130 [mwifiex]
          [<ffffffbffc22ee9c>] mwifiex_save_curr_bcn+0x4ec/0x640 [mwifiex]
          [<ffffffbffc22f45c>] mwifiex_handle_event_ext_scan_report+0x1d4/0x268 [mwifiex]
          [<ffffffbffc2375d0>] mwifiex_process_sta_event+0x378/0x898 [mwifiex]
          [<ffffffbffc224dc8>] mwifiex_process_event+0x1a8/0x1e8 [mwifiex]
          [<ffffffbffc2228f0>] mwifiex_main_process+0x258/0x534 [mwifiex]
          [<ffffffbffc258858>] 0xffffffbffc258858
          [<ffffffc00071ee90>] process_sdio_pending_irqs+0xf8/0x160
          [<ffffffc00071efdc>] sdio_irq_thread+0x9c/0x1a4
          [<ffffffc000240d08>] kthread+0xf4/0x100
          [<ffffffc0002043fc>] ret_from_fork+0xc/0x50
          [<ffffffffffffffff>] 0xffffffffffffffff
      Signed-off-by: default avatarRicky Liang <jcliang@chromium.org>
      Acked-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
      Reviewed-by: default avatarBrian Norris <briannorris@chromium.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      5ff26222
    • Larry Finger's avatar
      ssb: Fix error routine when fallback SPROM fails · 8052d724
      Larry Finger authored
      When there is a CRC error in the SPROM read from the device, the code
      attempts to handle a fallback SPROM. When this also fails, the driver
      returns zero rather than an error code.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Cc: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      8052d724
    • Wei Yongjun's avatar
      rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb · e4965614
      Wei Yongjun authored
      It is not allowed to call kfree_skb() from hardware interrupt
      context or with interrupts being disabled, spin_lock_irqsave()
      make sure always in irq disable context. So the kfree_skb()
      should be replaced with dev_kfree_skb_irq().
      
      This is detected by Coccinelle semantic patch.
      Signed-off-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      e4965614
    • Arnd Bergmann's avatar
      cw1200: fix bogus maybe-uninitialized warning · 7fc1503c
      Arnd Bergmann authored
      On x86, the cw1200 driver produces a rather silly warning about the
      possible use of the 'ret' variable without an initialization
      presumably after being confused by the architecture specific definition
      of WARN_ON:
      
      drivers/net/wireless/st/cw1200/wsm.c: In function ‘wsm_handle_rx’:
      drivers/net/wireless/st/cw1200/wsm.c:1457:9: error: ‘ret’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      
      We have already checked that 'count' is larger than 0 here, so
      we know that 'ret' is initialized. Changing the 'for' loop
      into do/while also makes this clear to the compiler.
      Suggested-by: default avatarDavid Laight <David.Laight@ACULAB.COM>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      7fc1503c
    • Arnd Bergmann's avatar
      wireless: fix bogus maybe-uninitialized warning · 10f3366b
      Arnd Bergmann authored
      The hostap_80211_rx() function is supposed to set up the mac addresses
      for four possible cases, based on two bits of input data. For
      some reason, gcc decides that it's possible that none of the these
      four cases apply and the addresses remain uninitialized:
      
      drivers/net/wireless/intersil/hostap/hostap_80211_rx.c: In function ‘hostap_80211_rx’:
      arch/x86/include/asm/string_32.h:77:14: warning: ‘src’ may be used uninitialized in this function [-Wmaybe-uninitialized]
      drivers/net/wireless/intel/ipw2x00/libipw_rx.c: In function ‘libipw_rx’:
      arch/x86/include/asm/string_32.h:77:14: error: ‘dst’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      arch/x86/include/asm/string_32.h:78:22: error: ‘*((void *)&dst+4)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      
      This warning is clearly nonsense, but changing the last case into
      'default' makes it obvious to the compiler too, which avoids the
      warning and probably leads to better object code too.
      
      The same code is duplicated several times in the kernel, so this
      patch uses the same workaround for all copies. The exact configuration
      was hit only very rarely in randconfig builds and I only saw it
      in three drivers, but I assume that all of them are potentially
      affected, and it's better to keep the code consistent.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      10f3366b
    • Jiri Slaby's avatar
      p54: memset(0) whole array · 6f175817
      Jiri Slaby authored
      gcc 7 complains:
      drivers/net/wireless/intersil/p54/fwio.c: In function 'p54_scan':
      drivers/net/wireless/intersil/p54/fwio.c:491:4: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
      
      Fix that by passing the correct size to memset.
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Cc: Christian Lamparter <chunkeey@googlemail.com>
      Cc: Kalle Valo <kvalo@codeaurora.org>
      Cc: linux-wireless@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Acked-by: default avatarChristian Lamparter <chunkeey@googlemail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      6f175817
    • Rafał Miłecki's avatar
      brcmfmac: print name of connect status event · e1c122d5
      Rafał Miłecki authored
      This simplifies debugging. Format %s (%u) comes from similar debugging
      message in brcmf_fweh_event_worker.
      Signed-off-by: default avatarRafał Miłecki <rafal@milecki.pl>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      e1c122d5
    • Prameela Rani Garnepudi's avatar
      rsi: Host to device command frame vap_capabilites modified with new field vap status · 77364aae
      Prameela Rani Garnepudi authored
      * Command frame vap_capabilites is modified to use for vap add, vap delete
        and vap update in firmware, hence new filed vap status is added.
      * When interface is down this frame needs to be send with vap status delete.
        Otherwise it is considered as wrong frame for the same interface in firmware.
      * vap_update status is reserved for future.
      Signed-off-by: default avatarPrameela Rani Garnepudi <prameela.j04cs@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      77364aae
    • Prameela Rani Garnepudi's avatar
      rsi: Fix memory leak in module unload · b022539d
      Prameela Rani Garnepudi authored
      Observed crash when module is unloaded if CONFIG_RSI_DEBUGSFS is not set.
      	Fix: Debugfs entry removal moved inside CONFIG_RSI_DEBUGSFS flag in
                   function rsi_mac80211_detach()
      Memory leak found and fixed for below structures in function rsi_mac80211_detach()
      	* channel list for each supported band
      	* rsi debugfs info
      Signed-off-by: default avatarPrameela Rani Garnepudi <prameela.j04cs@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      b022539d