- 16 Jan, 2023 34 commits
-
-
Martin Blumenstingl authored
USB and (upcoming) SDIO support may sleep in the read/write handlers. Use non-atomic rtw_iterate_stas() in rtw_ra_mask_info_update() because the iterator function rtw_ra_mask_info_update_iter() needs to read and write registers from within rtw_update_sta_info(). Using the non-atomic iterator ensures that we can sleep during USB and SDIO register reads and writes. This fixes "scheduling while atomic" or "Voluntary context switch within RCU read-side critical section!" warnings as seen by SDIO card users (but it also affects USB cards). Fixes: 78d5bf92 ("wifi: rtw88: iterate over vif/sta list non-atomically") Suggested-by:
Ping-Ke Shih <pkshih@realtek.com> Reviewed-by:
Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by:
Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by:
Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230108211324.442823-4-martin.blumenstingl@googlemail.com
-
Martin Blumenstingl authored
USB and (upcoming) SDIO support may sleep in the read/write handlers. Make rtw_watch_dog_work() use rtw_iterate_vifs() to prevent "scheduling while atomic" or "Voluntary context switch within RCU read-side critical section!" warnings when accessing the registers using an SDIO card (which is where this issue has been spotted in the real world but it also affects USB cards). Fixes: 78d5bf92 ("wifi: rtw88: iterate over vif/sta list non-atomically") Suggested-by:
-
Martin Blumenstingl authored
USB and (upcoming) SDIO support may sleep in the read/write handlers. Shrink the RCU critical section so it only cover the call to ieee80211_find_sta() and finding the ic_vht_cap/vht_cap based on the found station. This moves the chip's BFEE configuration outside the rcu_read_lock section and thus prevent "scheduling while atomic" or "Voluntary context switch within RCU read-side critical section!" warnings when accessing the registers using an SDIO card (which is where this issue has been spotted in the real world - but it also affects USB cards). Reviewed-by:
-
Bitterblue Smith authored
The Realtek rate control algorithm goes back and forth a lot between the highest and the lowest rate it's allowed to use. This is due to a lot of frames being dropped because the retry limits set by IEEE80211_CONF_CHANGE_RETRY_LIMITS are too low. (Experimentally, they are 4 for long frames and 7 for short frames.) The vendor drivers hardcode the value 48 for both retry limits (for station mode), which makes dropped frames very rare and thus the rate control is more stable. Because most Realtek chips handle the rate control in the firmware, which can't be modified, ignore the limits set by IEEE80211_CONF_CHANGE_RETRY_LIMITS and use the value 48 (set during chip initialisation), same as the vendor drivers. Cc: stable@vger.kernel.org Signed-off-by:
Bitterblue Smith <rtl8821cerfe2@gmail.com> Reviewed-by:
-
Bitterblue Smith authored
Or in the case of RTL8188EU, report the RSSI to the rate control code. The rate control code for RTL8188EU is less likely to switch to a lower rate when the RSSI is high. The firmware-based rate control in the other chips probably works the same way. This affects all the chips, but it was only tested with RTL8188EU, RTL8188FU, and RTL8192EU. Signed-off-by:
-
Jiapeng Chong authored
The assignment of the else and else if branches is the same, so the else if here is redundant, so we remove it. ./drivers/net/wireless/ralink/rt2x00/rt2800lib.c:8927:9-11: WARNING: possible condition with no effect (if == else). Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=3631Reported-by:
Abaci Robot <abaci@linux.alibaba.com> Signed-off-by:
Jiapeng Chong <jiapeng.chong@linux.alibaba.com> Acked-by:
Stanislaw Gruszka <stf_xl@wp.pl> Signed-off-by:
-
Jisoo Jang authored
Fix an integer underflow that leads to a null pointer dereference in 'mt7601u_rx_skb_from_seg()'. The variable 'dma_len' in the URB packet could be manipulated, which could trigger an integer underflow of 'seg_len' in 'mt7601u_rx_process_seg()'. This underflow subsequently causes the 'bad_frame' checks in 'mt7601u_rx_skb_from_seg()' to be bypassed, eventually leading to a dereference of the pointer 'p', which is a null pointer. Ensure that 'dma_len' is greater than 'min_seg_len'. Found by a modified version of syzkaller. KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 12 Comm: ksoftirqd/0 Tainted: G W O 5.14.0+ #139 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 RIP: 0010:skb_add_rx_frag+0x143/0x370 Code: e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85 86 01 00 00 4c 8d 7d 08 44 89 68 08 48 b8 00 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cd 01 00 00 48 8b 45 08 a8 01 0f 85 3d 01 00 00 RSP: 0018:ffffc900000cfc90 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff888115520dc0 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8881118430c0 RDI: ffff8881118430f8 RBP: 0000000000000000 R08: 0000000000000e09 R09: 0000000000000010 R10: ffff888111843017 R11: ffffed1022308602 R12: 0000000000000000 R13: 0000000000000e09 R14: 0000000000000010 R15: 0000000000000008 FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000004035af40 CR3: 00000001157f2000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: mt7601u_rx_tasklet+0xc73/0x1270 ? mt7601u_submit_rx_buf.isra.0+0x510/0x510 ? tasklet_action_common.isra.0+0x79/0x2f0 tasklet_action_common.isra.0+0x206/0x2f0 __do_softirq+0x1b5/0x880 ? tasklet_unlock+0x30/0x30 run_ksoftirqd+0x26/0x50 smpboot_thread_fn+0x34f/0x7d0 ? smpboot_register_percpu_thread+0x370/0x370 kthread+0x3a1/0x480 ? set_kthread_struct+0x120/0x120 ret_from_fork+0x1f/0x30 Modules linked in: 88XXau(O) 88x2bu(O) ---[ end trace 57f34f93b4da0f9b ]--- RIP: 0010:skb_add_rx_frag+0x143/0x370 Code: e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85 86 01 00 00 4c 8d 7d 08 44 89 68 08 48 b8 00 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cd 01 00 00 48 8b 45 08 a8 01 0f 85 3d 01 00 00 RSP: 0018:ffffc900000cfc90 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff888115520dc0 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8881118430c0 RDI: ffff8881118430f8 RBP: 0000000000000000 R08: 0000000000000e09 R09: 0000000000000010 R10: ffff888111843017 R11: ffffed1022308602 R12: 0000000000000000 R13: 0000000000000e09 R14: 0000000000000010 R15: 0000000000000008 FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000004035af40 CR3: 00000001157f2000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Signed-off-by:
Jisoo Jang <jisoo.jang@yonsei.ac.kr> Acked-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
-
Alexey Kodanev authored
There is currently no return check for writing an authentication type (HERMES_AUTH_SHARED_KEY or HERMES_AUTH_OPEN). It looks like it was accidentally skipped. This patch adds a return check similar to the other checks in __orinoco_hw_setup_enc() for hermes_write_wordrec(). Detected using the static analysis tool - Svace. Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by:
Alexey Kodanev <aleksei.kodanev@bell-sw.com> Signed-off-by:
-
Konstantin Ryabitsev authored
This appears to be an obvious spelling error, initially identified in a codespell report and never addressed. Reported-by:
Jens Schleusener <Jens.Schleusener@fossies.org> Link: https://bugzilla.kernel.org/show_bug.cgi?id=205891Signed-off-by:
Konstantin Ryabitsev <icon@mricon.com> Acked-by:
-
Bitterblue Smith authored
The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?) when it's connected to a bluetooth audio device. The busy bluetooth traffic generates lots of C2H (card to host) messages, which are not freed correctly. To fix this, move the dev_kfree_skb() call in rtl8xxxu_c2hcmd_callback() inside the loop where skb_dequeue() is called. The RTL8192EU leaks memory because the C2H messages are added to the queue and left there forever. (This was fine in the past because it probably wasn't sending any C2H messages until commit e542e66b ("wifi: rtl8xxxu: gen2: Turn on the rate control"). Since that commit it sends a C2H message when the TX rate changes.) To fix this, delete the check for rf_paths > 1 and the goto. Let the function process the C2H messages from RTL8192EU like the ones from the other chips. Theoretically the RTL8188FU could also leak like RTL8723BU, but it most likely doesn't send C2H messages frequently enough. This change was tested with RTL8723BU by Erhard F. I tested it with RTL8188FU and RTL8192EU. Reported-by:
Erhard F. <erhard_f@mailbox.org> Tested-by:
-
Zong-Zhe Yang authored
The configurations, wde_qempty_acq_num and wde_qempty_mgq_sel, are used when MAC checks if TX queues are empty. Fill the corresponding setting for 8852B. Signed-off-by:
Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by:
-
Zong-Zhe Yang authored
TX BD's RAM table describes how HW allocates usable buffer section for each TX channel at fetch time. The total RAM size for TX BD is chip-dependent. For 8852BE, it has only half size (32) for TX channels of single band. Original table arrange total size (64) for dual band. It will overflow on 8852BE circuit and cause section conflicts between different TX channels. So, we do the changes below. * add another table for single band chip and export both kind of tables * point to the expected one in rtw89_pci_info by chip Signed-off-by:
-
Chih-Kang Chang authored
Some hardware modules don't have good RF characteristic as regular. It could get ADC abnormal in low temperature, and it causes bad RX performance and affects calibration result of DPK. Signed-off-by:
Chih-Kang Chang <gary.chang@realtek.com> Signed-off-by:
-
Eric Huang authored
This change fixes the precision of CFO and TX EVM, and it could imporve performance in some cases. Also, use the correctted definition for 8852A. Signed-off-by:
Eric Huang <echuang@realtek.com> Signed-off-by:
-
Kuan-Chung Chen authored
The mac_id of management frames should follow rtwvif->mac_id or rtwsta->mac_id. Add this patch to set the correct mac_id and prevent unexpected behavior. Signed-off-by:
Kuan-Chung Chen <damon.chen@realtek.com> Signed-off-by:
-
Kuan-Chung Chen authored
When transmitting a packet that gets from ieee80211_nullfunc_get(), the vif in tx_info->control was no assigned, which will cause dereferencing a null pointer. Signed-off-by:
-
Ching-Te Ku authored
The Wi-Fi role info structure will need to H2C to firmware, firmware need these information to do some multi-role operation. v1 add DBCC and NOA information in the structure. And driver side also need to put/get values at the corresponding version of structure. Signed-off-by:
Ching-Te Ku <ku920601@realtek.com> Signed-off-by:
-
Ching-Te Ku authored
RTL8852B support the new features like TDMA instant (Change TDMA mechanism immediately), Co-RX feature (Wi-Fi/Bluetooth can RX in the same time) and so on. The v1 TDMA policy will enable those newer mechanism. It will have a better coexistence performance. Signed-off-by:
-
Ching-Te Ku authored
Because the difference of the hardware design, RTL8852C can not get the PTA owner by the same method with RTL8852B, RTL8852A. Modify the get owner API and related logic. Signed-off-by:
-
Ching-Te Ku authored
Slot list is to list the WiFi/Bluetooth PTA hardware priority setting. Move the list parser to its function, not to append together with TDMA parser. Signed-off-by:
-
Ching-Te Ku authored
The report records the slots/events and their time cost about the code call flow at firmware, ver 3 assign a reserved variable to recognize the report is enabled or not. And add corresponding function to parsing the report. Signed-off-by:
-
Ching-Te Ku authored
Coexistence need to send Null data to stop AP keeps TX packet to DUT before DUT coexistence switch to Bluetooth time slot, or it will be an interference to DUT BT and because DUT will not RX packet from AP the packet retry may harmful to WL TP. Compare to v1 version, the newer firmware report will also report Null TX data counter. Signed-off-by:
-
Ching-Te Ku authored
The newer Wi-Fi firmware are all changed to "Not to send H2C to mention firmware how many call flow step should firmware trace". The structure had removed the member, and define the steps number at newer version firmware. Signed-off-by:
-
Jiasheng Jiang authored
Add check for the return value of alloc_workqueue since it may return NULL pointer. Moreover, add destroy_workqueue when rtw89_load_firmware fails. Fixes: e3ec7017 ("rtw89: add Realtek 802.11ax driver") Signed-off-by:
Jiasheng Jiang <jiasheng@iscas.ac.cn> Acked-by:
Leon Romanovsky <leonro@nvidia.com> Signed-off-by:
-
Zong-Zhe Yang authored
Do `kfree_skb(new)` before `goto out` to prevent potential leak. Fixes: 89590777 ("rtw89: 8852a: add ieee80211_ops::hw_scan") Signed-off-by:
-
Ching-Te Ku authored
Change style to feature version separate. And because there are different WiFi roles number in the firmware, it will make structure length longer or shorter, so update the length calculator to cover the difference. Signed-off-by:
-
Ching-Te Ku authored
Only when firmware control report version is 1, need to get the counter by reading the register. The other version will monitor the counter at firmware. And upstream branch only RTL8852A has this old version. Signed-off-by:
-
Ching-Te Ku authored
Comparing v5 control report to v4 version, v5 reduce some of variable's size to reduce firmware code size. And change the grant signal report format. Signed-off-by:
-
Ching-Te Ku authored
The rtw89 driver may support more than 1 version of Wi-Fi firmware for certain chips. In order to support all the firmware, change to select logic by firmware feature version code. Type control version 4 will monitor Bluetooth PTA hardware counters at firmware and C2H to driver, but version 1 will not do this. Signed-off-by:
-
Ching-Te Ku authored
To support v4 version firmware cycle report, apply the related structure and functions. v4 cycle report add a group of status to show how the free-run/TDMA training goes to. It is a firmware mechanism that can auto adjust coexistence mode between TDMA and free run mechanism at 3 antenna solution. Signed-off-by:
-
Ching-Te Ku authored
Because there are new report format in the upcoming patches, to make the logic more readable, rename the related structure by their version number. And to support the several version at the same time, add union definition to include all the versions. Signed-off-by:
-
Ching-Te Ku authored
There are at least 2 version of cycle report format. If the code keep translating the report to local variable, the numbers of variable in check btc report function will out of maximum variable numbers. And most of these variable are using only one time, it is not necessary to store at memory. Signed-off-by:
-
Masanari Iida authored
This patch fixes a spelling typo in debug message. Signed-off-by:
Masanari Iida <standby24x7@gmail.com> Acked-by:
-
Jisoo Jang authored
Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace() in brcmf_c_preinit_dcmds(). This buffer is filled with a CLM version string by memcpy() in brcmf_fil_iovar_data_get(). Ensure buf is null-terminated. Found by a modified version of syzkaller. [ 33.004414][ T1896] brcmfmac: brcmf_c_process_clm_blob: no clm_blob available (err=-2), device may have limited channels available [ 33.013486][ T1896] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43236/3 wl0: Nov 30 2011 17:33:42 version 5.90.188.22 [ 33.021554][ T1896] ================================================================== [ 33.022379][ T1896] BUG: KASAN: stack-out-of-bounds in strreplace+0xf2/0x110 [ 33.023122][ T1896] Read of size 1 at addr ffffc90001d6efc8 by task kworker/0:2/1896 [ 33.023852][ T1896] [ 33.024096][ T1896] CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G O 5.14.0+ #132 [ 33.024927][ T1896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 33.026065][ T1896] Workqueue: usb_hub_wq hub_event [ 33.026581][ T1896] Call Trace: [ 33.026896][ T1896] dump_stack_lvl+0x57/0x7d [ 33.027372][ T1896] print_address_description.constprop.0.cold+0xf/0x334 [ 33.028037][ T1896] ? strreplace+0xf2/0x110 [ 33.028403][ T1896] ? strreplace+0xf2/0x110 [ 33.028807][ T1896] kasan_report.cold+0x83/0xdf [ 33.029283][ T1896] ? strreplace+0xf2/0x110 [ 33.029666][ T1896] strreplace+0xf2/0x110 [ 33.029966][ T1896] brcmf_c_preinit_dcmds+0xab1/0xc40 [ 33.030351][ T1896] ? brcmf_c_set_joinpref_default+0x100/0x100 [ 33.030787][ T1896] ? rcu_read_lock_sched_held+0xa1/0xd0 [ 33.031223][ T1896] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 33.031661][ T1896] ? lock_acquire+0x19d/0x4e0 [ 33.032091][ T1896] ? find_held_lock+0x2d/0x110 [ 33.032605][ T1896] ? brcmf_usb_deq+0x1a7/0x260 [ 33.033087][ T1896] ? brcmf_usb_rx_fill_all+0x5a/0xf0 [ 33.033582][ T1896] brcmf_attach+0x246/0xd40 [ 33.034022][ T1896] ? wiphy_new_nm+0x1476/0x1d50 [ 33.034383][ T1896] ? kmemdup+0x30/0x40 [ 33.034722][ T1896] brcmf_usb_probe+0x12de/0x1690 [ 33.035223][ T1896] ? brcmf_usbdev_qinit.constprop.0+0x470/0x470 [ 33.035833][ T1896] usb_probe_interface+0x25f/0x710 [ 33.036315][ T1896] really_probe+0x1be/0xa90 [ 33.036656][ T1896] __driver_probe_device+0x2ab/0x460 [ 33.037026][ T1896] ? usb_match_id.part.0+0x88/0xc0 [ 33.037383][ T1896] driver_probe_device+0x49/0x120 [ 33.037790][ T1896] __device_attach_driver+0x18a/0x250 [ 33.038300][ T1896] ? driver_allows_async_probing+0x120/0x120 [ 33.038986][ T1896] bus_for_each_drv+0x123/0x1a0 [ 33.039906][ T1896] ? bus_rescan_devices+0x20/0x20 [ 33.041412][ T1896] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.041861][ T1896] ? trace_hardirqs_on+0x1c/0x120 [ 33.042330][ T1896] __device_attach+0x207/0x330 [ 33.042664][ T1896] ? device_bind_driver+0xb0/0xb0 [ 33.043026][ T1896] ? kobject_uevent_env+0x230/0x12c0 [ 33.043515][ T1896] bus_probe_device+0x1a2/0x260 [ 33.043914][ T1896] device_add+0xa61/0x1ce0 [ 33.044227][ T1896] ? __mutex_unlock_slowpath+0xe7/0x660 [ 33.044891][ T1896] ? __fw_devlink_link_to_suppliers+0x550/0x550 [ 33.045531][ T1896] usb_set_configuration+0x984/0x1770 [ 33.046051][ T1896] ? kernfs_create_link+0x175/0x230 [ 33.046548][ T1896] usb_generic_driver_probe+0x69/0x90 [ 33.046931][ T1896] usb_probe_device+0x9c/0x220 [ 33.047434][ T1896] really_probe+0x1be/0xa90 [ 33.047760][ T1896] __driver_probe_device+0x2ab/0x460 [ 33.048134][ T1896] driver_probe_device+0x49/0x120 [ 33.048516][ T1896] __device_attach_driver+0x18a/0x250 [ 33.048910][ T1896] ? driver_allows_async_probing+0x120/0x120 [ 33.049437][ T1896] bus_for_each_drv+0x123/0x1a0 [ 33.049814][ T1896] ? bus_rescan_devices+0x20/0x20 [ 33.050164][ T1896] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.050579][ T1896] ? trace_hardirqs_on+0x1c/0x120 [ 33.050936][ T1896] __device_attach+0x207/0x330 [ 33.051399][ T1896] ? device_bind_driver+0xb0/0xb0 [ 33.051888][ T1896] ? kobject_uevent_env+0x230/0x12c0 [ 33.052314][ T1896] bus_probe_device+0x1a2/0x260 [ 33.052688][ T1896] device_add+0xa61/0x1ce0 [ 33.053121][ T1896] ? __fw_devlink_link_to_suppliers+0x550/0x550 [ 33.053568][ T1896] usb_new_device.cold+0x463/0xf66 [ 33.053953][ T1896] ? hub_disconnect+0x400/0x400 [ 33.054313][ T1896] ? rwlock_bug.part.0+0x90/0x90 [ 33.054661][ T1896] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.055094][ T1896] hub_event+0x10d5/0x3330 [ 33.055530][ T1896] ? hub_port_debounce+0x280/0x280 [ 33.055934][ T1896] ? __lock_acquire+0x1671/0x5790 [ 33.056387][ T1896] ? wq_calc_node_cpumask+0x170/0x2a0 [ 33.056924][ T1896] ? lock_release+0x640/0x640 [ 33.057383][ T1896] ? rcu_read_lock_sched_held+0xa1/0xd0 [ 33.057916][ T1896] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 33.058402][ T1896] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.059019][ T1896] process_one_work+0x873/0x13e0 [ 33.059488][ T1896] ? lock_release+0x640/0x640 [ 33.059932][ T1896] ? pwq_dec_nr_in_flight+0x320/0x320 [ 33.060446][ T1896] ? rwlock_bug.part.0+0x90/0x90 [ 33.060898][ T1896] worker_thread+0x8b/0xd10 [ 33.061348][ T1896] ? __kthread_parkme+0xd9/0x1d0 [ 33.061810][ T1896] ? process_one_work+0x13e0/0x13e0 [ 33.062288][ T1896] kthread+0x379/0x450 [ 33.062660][ T1896] ? _raw_spin_unlock_irq+0x24/0x30 [ 33.063148][ T1896] ? set_kthread_struct+0x100/0x100 [ 33.063606][ T1896] ret_from_fork+0x1f/0x30 [ 33.064070][ T1896] [ 33.064313][ T1896] [ 33.064545][ T1896] addr ffffc90001d6efc8 is located in stack of task kworker/0:2/1896 at offset 512 in frame: [ 33.065478][ T1896] brcmf_c_preinit_dcmds+0x0/0xc40 [ 33.065973][ T1896] [ 33.066191][ T1896] this frame has 4 objects: [ 33.066614][ T1896] [48, 56) 'ptr' [ 33.066618][ T1896] [80, 148) 'revinfo' [ 33.066957][ T1896] [192, 210) 'eventmask' [ 33.067338][ T1896] [256, 512) 'buf' [ 33.067742][ T1896] [ 33.068304][ T1896] Memory state around the buggy address: [ 33.068838][ T1896] ffffc90001d6ee80: f2 00 00 02 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 [ 33.069545][ T1896] ffffc90001d6ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.070626][ T1896] >ffffc90001d6ef80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 [ 33.072052][ T1896] ^ [ 33.073043][ T1896] ffffc90001d6f000: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.074230][ T1896] ffffc90001d6f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.074914][ T1896] ================================================================== [ 33.075713][ T1896] Disabling lock debugging due to kernel taint Reviewed-by: Arend van Spriel<arend.vanspriel@broadcom.com> Signed-off-by:
-
- 12 Jan, 2023 4 commits
-
-
Philipp Zabel authored
Allow probing rfkill-gpio via device tree. This hooks up the already existing support that was started in commit 262c91ee ("net: rfkill: gpio: prepare for DT and ACPI support") via the "rfkill-gpio" compatible, with the "name" and "type" properties renamed to "label" and "radio-type", respectively, in the device tree case. Signed-off-by:
Philipp Zabel <p.zabel@pengutronix.de> Link: https://lore.kernel.org/r/20230102-rfkill-gpio-dt-v2-2-d1b83758c16d@pengutronix.deSigned-off-by:
Johannes Berg <johannes.berg@intel.com>
-
Philipp Zabel authored
Add a device tree binding document for GPIO controlled rfkill switches. The label and radio-type properties correspond to the name and type properties used for ACPI, respectively. The shutdown-gpios property is the same as defined for ACPI. Signed-off-by:
Rob Herring <robh@kernel.org> Link: https://lore.kernel.org/r/20230102-rfkill-gpio-dt-v2-1-d1b83758c16d@pengutronix.deSigned-off-by:
-
Nick Hainke authored
Remove a space in "the frames". Signed-off-by:
Nick Hainke <vincent@systemli.org> Link: https://lore.kernel.org/r/20221222092957.870790-1-vincent@systemli.orgSigned-off-by:
-
Martin Blumenstingl authored
This reverts commit acb99b9b ("mac80211: Add stations iterator where the iterator function may sleep"). A different approach was found for the rtw88 driver where most of the problematic locks were converted to a driver-local mutex. Drop ieee80211_iterate_stations() because there are no users of that function. Signed-off-by:
-
- 22 Dec, 2022 2 commits
-
-
Yang Yingliang authored
It is not allowed to call kfree_skb() from hardware interrupt context or with interrupts being disabled. So replace kfree_skb() with dev_kfree_skb_irq() under spin_lock_irqsave(). Compile tested only. Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Signed-off-by:
-
Yang Yingliang authored
It is not allowed to call kfree_skb() from hardware interrupt context or with interrupts being disabled. So replace kfree_skb() with dev_kfree_skb_irq() under spin_lock_irqsave(). Compile tested only. Fixes: f52b041a ("libertas: Add spinlock to avoid race condition") Signed-off-by:
-
