- 23 Apr, 2019 6 commits
-
-
Kalle Valo authored
With SDIO there's a use after free after a data frame is transfered, call stack below. This happens because ath10k_htt_tx_hl() directly transmits the skb provided by mac80211 using ath10k_htc_send(), all other HTT functions use separate skb created with ath10k_htc_alloc_skb() to transmit the HTC packet. After the packet is transmitted mac80211 frees the skb in ieee80211_tx_status() but HTT layer expects that it still owns the skb, and frees it in ath10k_htt_htc_tx_complete(). To fix this take a reference of skb before sending it to HTC layer to make sure we still own the skb. Tested on QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1. ath10k_htt_tx_hl() is only used by SDIO and USB so other busses (PCI, AHB and SNOC) should be unaffected. call stack of use-after-free: dump_backtrace+0x0/0x2d8 show_stack+0x20/0x2c __dump_stack+0x20/0x28 dump_stack+0xc8/0xec print_address_description+0x74/0x240 kasan_report+0x258/0x274 __asan_report_load4_noabort+0x20/0x28 skb_pull+0xbc/0x114 ath10k_htc_notify_tx_completion+0x190/0x2a4 [ath10k_core] ath10k_sdio_write_async_work+0x1e4/0x2c4 [ath10k_sdio] process_one_work+0x3d8/0x8b0 worker_thread+0x518/0x7e0 kthread+0x260/0x278 ret_from_fork+0x10/0x18 Allocated by one task: kasan_kmalloc+0xa0/0x13c kasan_slab_alloc+0x14/0x1c kmem_cache_alloc+0x144/0x208 __alloc_skb+0xec/0x394 alloc_skb_with_frags+0x8c/0x374 sock_alloc_send_pskb+0x520/0x5d4 sock_alloc_send_skb+0x40/0x50 __ip_append_data+0xf5c/0x1858 ip_make_skb+0x194/0x1d4 udp_sendmsg+0xf24/0x1ab8 inet_sendmsg+0x1b0/0x2e0 sock_sendmsg+0x88/0xa0 __sys_sendto+0x220/0x3a8 __arm64_sys_sendto+0x78/0x80 el0_svc_common+0x120/0x1e0 el0_svc_compat_handler+0x64/0x80 el0_svc_compat+0x8/0x18 Freed by another task: __kasan_slab_free+0x120/0x1d4 kasan_slab_free+0x10/0x1c kmem_cache_free+0x74/0x504 kfree_skbmem+0x88/0xc8 __kfree_skb+0x24/0x2c consume_skb+0x114/0x18c __ieee80211_tx_status+0xb7c/0xf60 [mac80211] ieee80211_tx_status+0x224/0x270 [mac80211] ath10k_txrx_tx_unref+0x564/0x950 [ath10k_core] ath10k_htt_t2h_msg_handler+0x178c/0x2a38 [ath10k_core] ath10k_htt_htc_t2h_msg_handler+0x20/0x30 [ath10k_core] ath10k_sdio_irq_handler+0xcc0/0x1654 [ath10k_sdio] process_sdio_pending_irqs+0xec/0x358 sdio_run_irqs+0x68/0xe4 sdio_irq_work+0x1c/0x28 process_one_work+0x3d8/0x8b0 worker_thread+0x518/0x7e0 kthread+0x260/0x278 ret_from_fork+0x10/0x18 Reported-by: Wen Gong <wgong@codeaurora.org> Tested-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Alagu Sankar authored
Transmit completion for SDIO is similar to PCIe, modify the high latency path to allow SDIO modules to use the msdu id. kvalo: the original patch from Alagu enabled this only for SDIO but I'm not sure should we also enable this with USB. I'll use bus params to enable this for so that it's easy to enable also for USB later. Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1. Co-developed-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Alagu Sankar <alagusankar@silex-india.com> Signed-off-by: Wen Gong <wgong@codeaurora.org>. Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Kalle Valo authored
This way we don't need to set every variable and give them to default, which is zero. This is also safer in case we forgot to initalise a new field in some of the bus modules. Compile tested only. Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Alagu Sankar authored
HTT High Latency (ATH10K_DEV_TYPE_HL) does not use txdone_fifo at all, we don't even initialise it by skipping ath10k_htt_tx_alloc_buf() in ath10k_htt_tx_start(). Because of this using QCA6174 SDIO ath10k_htt_rx_tx_compl_ind() will crash when it accesses unitialised txdone_fifo. So skip txdone_fifo when using High Latency mode. Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1. Co-developed-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Alagu Sankar <alagusankar@silex-india.com> Signed-off-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Wen Gong authored
Disabling interrupts this early meant WMI communication was not working anymore when the SDIO device was removed. But we call ath10k_core_unregister() that will eventually call ath10k_sdio_hif_stop(), which disables the interrupts. So there's actually no need to disable interrupts here. Also remove cancel_work_sync() as it's also called in ath10k_sdio_hif_stop(). Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1. Signed-off-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Wen Gong authored
On QCA6174 SDIO devices the SDIO interrupt will fail if UART is disabled from ath10k. SDIO firmware enables UART printouts by default. If ath10k will try to enable UART again the firmware will configure it's GPIO line incorrectly and SDIO interrupts won't work anymore. The workaround is to set UART pin again (19 for QCA6174 SDIO) if uart_print is 0. Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1. Signed-off-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
- 19 Apr, 2019 11 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.gitKalle Valo authored
ath.git patches for 5.2. No major changes.
-
David S. Miller authored
David Bauer says: ==================== net: add reset-controller driven PHY reset This patchset adds support for a PHY reset driven by a reset-controller. Currently, only GPIO driven resets are supported by the PHY subsystem. It also renames the reset-gpio from 'reset' to 'reset_gpio' to better differentiate between resets wired to a GPIO and resets wired to a reset-controller driven pin. Some systems have the PHY reset-line wired to a pin controlled by a reset-controller (eg. some Atheros AR9132 based boards). In case the bootloader asserts reset before loading the kernel, we currently do not have a clean way of deasserting reset to probe the PHY. v3: - add missing newline in mdio_bus.c v2: - fixed missed rename of "reset" in at803x.c - move initial reset to mdio_device_reset ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Bauer authored
This renames the GPIO reset of mdio devices from 'reset' to 'reset_gpio' to better differentiate between GPIO and reset-controller driven reset line. Signed-off-by: David Bauer <mail@david-bauer.net> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Bauer authored
This commit adds support for PHY reset pins handled by a reset controller. Signed-off-by: David Bauer <mail@david-bauer.net> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Bauer authored
Add the documentation for PHY reset lines controlled by a reset controller. Signed-off-by: David Bauer <mail@david-bauer.net> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Jakub Kicinski says: ==================== net: some build fixes and other improvements A few unrelated improvements here, mostly trying to make random configs build and W=1 produce a little less warnings under net/ and drivers net/. First two patches fix set but not used warnings with W=1. Next patch fixes 64bit division in sch_taprio.c. Last two patches are getting rid of some (almost) unused asserts in skbuff.h. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
We are discouraging the use of BUG() these days, remove the unused ASSERT macros from skbuff.h. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
The driver does not advertize NETIF_F_FRAGLIST, the stack can't pass skbs with frags lists to the xmit function. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Recent changes to taprio did not use the correct div64 helpers, leading to: net/sched/sch_taprio.o: In function `taprio_dequeue': sch_taprio.c:(.text+0x34a): undefined reference to `__divdi3' net/sched/sch_taprio.o: In function `advance_sched': sch_taprio.c:(.text+0xa0b): undefined reference to `__divdi3' net/sched/sch_taprio.o: In function `taprio_init': sch_taprio.c:(.text+0x1450): undefined reference to `__divdi3' /home/jkicinski/devel/linux/Makefile:1032: recipe for target 'vmlinux' failed Use math64 helpers. Fixes: 7b9eba7b ("net/sched: taprio: fix picos_per_byte miscalculation") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
GCC 8 complains: drivers/net/sb1000.c: In function ‘card_send_command’: drivers/net/sb1000.c:319:14: warning: variable ‘x’ set but not used [-Wunused-but-set-variable] int status, x; ^ drivers/net/sb1000.c: In function ‘sb1000_check_CRC’: drivers/net/sb1000.c:493:6: warning: variable ‘crc’ set but not used [-Wunused-but-set-variable] int crc, status; ^~~ Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
GCC complains: net/l2tp/l2tp_ppp.c: In function ‘pppol2tp_ioctl’: net/l2tp/l2tp_ppp.c:1073:6: warning: variable ‘val’ set but not used [-Wunused-but-set-variable] int val; ^~~ Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 18 Apr, 2019 23 commits
-
-
Stephen Suryaputra authored
To make ICMPv6 closer to ICMPv4, add ratemask parameter. Since the ICMP message types use larger numeric values, a simple bitmask doesn't fit. I use large bitmap. The input and output are the in form of list of ranges. Set the default to rate limit all error messages but Packet Too Big. For Packet Too Big, use ratemask instead of hard-coded. There are functions where icmpv6_xrlim_allow() and icmpv6_global_allow() aren't called. This patch only adds them to icmpv6_echo_reply(). Rate limiting error messages is mandated by RFC 4443 but RFC 4890 says that it is also acceptable to rate limit informational messages. Thus, I removed the current hard-coded behavior of icmpv6_mask_allow() that doesn't rate limit informational messages. v2: Add dummy function proc_do_large_bitmap() if CONFIG_PROC_SYSCTL isn't defined, expand the description in ip-sysctl.txt and remove unnecessary conditional before kfree(). v3: Inline the bitmap instead of dynamically allocated. Still is a pointer to it is needed because of the way proc_do_large_bitmap work. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Heiner Kallweit authored
phy_sanitize_settings() is called from phy_start_aneg() only, and only if phydev->autoneg isn't set. Therefore the removed code does nothing. Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Heiner Kallweit authored
In phy_device_create() we set phydev->autoneg = 1. This isn't changed even if the PHY doesn't support autoneg. This seems to affect very few PHY's, and they disable phydev->autoneg in their config_init callback. So it's more of an improvement, therefore net-next. The patch also wouldn't apply to older kernel versions because the link mode bitmaps have been introduced recently. Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queueDavid S. Miller authored
Jeff Kirsher says: ==================== 100GbE Intel Wired LAN Driver Updates 2019-04-18 This series contains updates to the ice driver only. Anirudh fixes up code comments which had typos. Added support for DCB into the ice driver, which required a bit of refactoring of the existing code. Also fixed a potential race condition between closing and opening the VSI for a MIB change event, so resolved this by grabbing the rtnl_lock prior to closing. Added support to process LLDP MIB change notifications. Added support for reporting DCB stats via ethtool. Brett updates the calculation to increment ITR to use a direct calculation instead of using estimations. This provides a more accurate value. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Merge tag 'wireless-drivers-next-for-davem-2019-04-18' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== wireless-drivers-next patches for 5.2 Nothing really special standing out this time, iwlwifi being the most active driver. Major changes: iwlwifi * send NO_DATA events so they can be captured in radiotap * support for multiple BSSID * support for some new FW API versions * support new hardware * debugfs cleanups by Greg-KH qtnfmac * allow each MAC to specify its own regulatory rules ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Brett Creeley authored
Currently when calculating how much to increment ITR by inside of ice_update_itr() we do some estimations and intermediate calculations. Instead of doing estimations, just do the calculation directly. This allows for a more accurate value and it makes it easier for the next person to understand and update. Also, remove the dividing the ITR value by 2 when latency driven because the ITR values are already so low for 100Gbps speed. This should help get to the desired ITR value faster. Signed-off-by: Brett Creeley <brett.creeley@intel.com> Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
Update driver version to 0.7.4 Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch adds code to start or stop LLDP and DCBX in firmware through use of ethtool private flags. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch introduces a new function ice_dcb_rebuild which reinitializes DCB after a reset. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch adds a new function ice_update_dcb_stats to get DCB stats from the hardware and ethtool support for displaying these stats. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch introduces a new function ice_tx_prepare_vlan_flags_dcb to insert 802.1p priority information into the VLAN header Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch adds a new function ice_vsi_cfg_dcb_rings which updates a VSI's rings based on DCB traffic class information. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch adds support to process LLDP MIB change notifications sent by the firmware. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
When the firmware doesn't support LLDP or DCBX, the driver should switch to "software LLDP mode". This patch adds support for the same. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch adds a new function ice_pf_dcb_cfg (and related helpers) which applies the DCB configuration obtained from the firmware. As part of this, VSIs/netdevs are updated with traffic class information. This patch requires a bit of a refactor of existing code. 1. For a MIB change event, the associated VSI is closed and brought up again. The gap between closing and opening the VSI can cause a race condition. Fix this by grabbing the rtnl_lock prior to closing the VSI and then only free it after re-opening the VSI during a MIB change event. 2. ice_sched_query_elem is used in ice_sched.c and with this patch, in ice_dcb.c as well. However, ice_dcb.c is not built when CONFIG_DCB is unset. This results in namespace warnings (ice_sched.o: Externally defined symbols with no external references) when CONFIG_DCB is unset. To avoid this move ice_sched_query_elem from ice_sched.c to ice_common.c. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch introduces a new top level function ice_init_dcb (and related lower level helper functions) which continues the DCB init flow. This function uses ice_get_dcb_cfg to get, parse and store the DCB configuration. Once this is done, it sets itself up to be notified by the firmware on LLDP MIB change events. Reviewed-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch introduces a skeleton for ice_init_pf_dcb, the top level function for DCB initialization. Subsequent patches will add to this DCB init flow. In this patch, ice_init_pf_dcb checks if DCB is a supported capability. If so, an admin queue call to start the LLDP and DCBx in firmware is issued. If not, an error is reported. Note that we don't fail the driver init if DCB init fails. Reviewed-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
Bump driver version to 0.7.3 Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
Capitalize abbreviations and spell out some that aren't obvious. Reviewed-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Anirudh Venkataramanan authored
This patch fixes typos in code comments. Reviewed-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Larry Finger authored
Somehow file drivers/net/wireless/realtek/rtlwifi/rtl8188ee/trx.c.rej was incorporated into the sources. Obviously, it can be removed. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: Andrew Morton <akpm@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
David Ahern authored
Disabling IPv6 on an interface removes existing entries but nothing prevents new entries from being manually added. To that end, add a new neigh_table operation, allow_add, that is called on RTM_NEWNEIGH to see if neighbor entries are allowed on a given device. If IPv6 is disabled on the device, allow_add returns false and passes a message back to the user via extack. $ echo 1 > /proc/sys/net/ipv6/conf/eth1/disable_ipv6 $ ip -6 neigh add fe80::4c88:bff:fe21:2704 dev eth1 lladdr de:ad:be:ef:01:01 Error: IPv6 is disabled on this device. Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
David Ahern says: ==================== ipv6: Use fib6_result for fib_lookups Add fib6_result as a single data structure to hold results from a fib lookup. IPv6 currently has everything in 1 data structure - a fib6_info, but with nexthop objects the fib6_nh can be in a nexthop or a nexthop can be a blackhole which affects the fib6_type and flags (REJECT). v2 - fixed 2 bugs in patch12: i. checking return from fib6_table_lookup in fib6_lookup ii. call to fib6_rule_saddr in fib6_rule_action_alt should use res->nh ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-