- 13 May, 2022 39 commits
-
-
Peter Chiu authored
The minimum twt duration supported by mt7915 is 64 according to hardware design. Reply station with TWT_SETUP_CMD_DICTATE if min_twt_dur smaller than 64. Signed-off-by:
Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by:
Felix Fietkau <nbd@nbd.name>
-
Peter Chiu authored
Reject twt flows with the same parameters to prevent some potential issues causing by duplicated establishment. Reviewed-by:
Ryder Lee <ryder.lee@mediatek.com> Reviewed-by:
Shayne Chen <shayne.chen@mediatek.com> Signed-off-by:
-
Peter Chiu authored
mt7915 can support 16 twt stations so modify table_mask to u16. Fixes: 3782b69d ("mt76: mt7915: introduce mt7915_mac_add_twt_setup routine") Signed-off-by:
-
Peter Chiu authored
Update mt7976 adie patch for different adie version. Reviewed-by:
-
Sean Wang authored
use skb_put_data instead of open coding in mt76_connac_mcu_update_arp_filter. Signed-off-by:
Sean Wang <sean.wang@mediatek.com> Signed-off-by:
-
Lorenzo Bianconi authored
Configure mt7986 wmac soc clocks in mt7986_wmac_init routine. Tested-by:
Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by:
-
Felix Fietkau authored
There is a small race window where ongoing tx activity can lead to a skb getting added to the status tracking idr after that idr has already been cleaned up, which will keep the wcid linked in the status poll list. Fix this by only adding status skbs if the wcid pointer is still assigned in dev->wcid, which gets cleared early by mt76_sta_pre_rcu_remove Fixes: bd1e3e7b ("mt76: introduce packet_id idr") Tested-by:
Ben Greear <greearb@candelatech.com> Signed-off-by:
-
Felix Fietkau authored
The driver needs to check if the format is 802.2 vs 802.3 in order to set a tx descriptor flag. skb->protocol can't be used, since it may not be properly initialized for packets coming in from a packet socket. Fix misdetection by checking the ethertype from the skb data instead Reported-by:
Thibaut VARÈNE <hacks+kernel@slashdirt.org> Signed-off-by:
-
Felix Fietkau authored
Fixes potential latency / packet drop issues in cases where a BA session has not (yet) been established. Fixes: e195dad1 ("mt76: add support for 802.3 rx frames") Signed-off-by:
-
Bo Jiao authored
This patch disables RX_TRANS_SHORT to make MDP to do header translation when payload less than 8 bytes, hence the (QoS) null data can be encapsulated to 802.3 format. However, WDS requires (QoS) null data in 802.11 format to created vlan AP interfaces. Signed-off-by:
lian.chen <lian.chen@mediatek.com> Signed-off-by:
Sujuan Chen <sujuan.chen@mediatek.com> Signed-off-by:
Bo Jiao <Bo.Jiao@mediatek.com> Signed-off-by:
-
Yunbo Yu authored
It is unnecessary to call spin_lock_bh() within a tasklet. Signed-off-by:
Yunbo Yu <yuyunbo519@gmail.com> Signed-off-by:
-
Shayne Chen authored
Add RF registers read/write support for debugging RF issues, which should be processed by mcu commands. The index of rf registers use the generic regidx, and are combined with two parts: WF selection [31:28] and offset [27:0]. Reviewed-by:
-
Sean Wang authored
The crash log shown it is possible that mt7921_irq_handler is called while devm_free_irq is being handled so mt76_free_device need to be postponed until devm_free_irq is completed to solve the crash we free the mt76 device too early. [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: error_code(0x0000) - not-present page [ 9299.339768] PGD 0 P4D 0 [ 9299.339786] Oops: 0000 [#1] SMP PTI [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1 [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022 [ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e] [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082 [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5 [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020 [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011 [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080 [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228 [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000 [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0 [ 9299.340432] PKRU: 55555554 [ 9299.340449] Call Trace: [ 9299.340467] <TASK> [ 9299.340485] __free_irq+0x221/0x350 [ 9299.340527] free_irq+0x30/0x70 [ 9299.340553] devm_free_irq+0x55/0x80 [ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e] [ 9299.340616] pci_device_remove+0x3b/0xa0 [ 9299.340651] __device_release_driver+0x17a/0x240 [ 9299.340686] device_driver_detach+0x3c/0xa0 [ 9299.340714] unbind_store+0x113/0x130 [ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0 [ 9299.340775] new_sync_write+0x15c/0x1f0 [ 9299.340806] vfs_write+0x1d2/0x270 [ 9299.340831] ksys_write+0x67/0xe0 [ 9299.340857] do_syscall_64+0x3b/0x90 [ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: 5c14a5f9 ("mt76: mt7921: introduce mt7921e support") Reported-by:
ThinerLogoer <logoerthiner1@163.com> Signed-off-by:
Deren Wu <deren.wu@mediatek.com> Signed-off-by:
-
Colin Ian King authored
Don't populate the read-only array ppet16_ppet8_ru3_ru0 on the stack but instead make it static const. Also makes the object code a little smaller. Reviewed-by:
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Signed-off-by:
Colin Ian King <colin.i.king@gmail.com> Signed-off-by:
-
Colin Ian King authored
Don't populate the read-only array ppet16_ppet8_ru3_ru0 on the stack but instead make it static const. Also makes the object code a little smaller. Reviewed-by:
-
Ryder Lee authored
SCS is obsoleted and no longer used, so remove it. Signed-off-by:
-
Deren Wu authored
To make sure we have the proper antenna config in 6g cap, move IEEE80211_VHT_CAP_[T/R]X_ANTENNA_PATTERN to stream init. Fixes: edf9dab8 ("mt76: add 6GHz support") Signed-off-by:
-
Felix Fietkau authored
When the QoS ack policy was set to non explicit / psmp ack, frames are treated as not being part of a BA session, which causes extra latency on reordering. Fix this by only bypassing reordering for packets with no-ack policy Signed-off-by: -
Sean Wang authored
add AP mode support to mt7921 that can work for mt7921[e,s,u] with the common code. Tested-by:
-
Lorenzo Bianconi authored
Use 0xff (GENMASK(7,0)) in mt7915_init_bitrate_mask routine in order to initialize bitrate_mask structure in order to avoid truncating value in memset(). Signed-off-by:
-
Lorenzo Bianconi authored
Report rx mode in mt7915_mac_fill_rx_rate routine in order to properly add he radiotap if mode is at least HE_SU. Fixes: 1c9db0aa ("mt76: mt7915: update rx rate reporting for mt7916") Signed-off-by:
-
Lorenzo Bianconi authored
Fix typo in mt7915_muru_debug_set routine and pass muru_debug value to mt7915_mcu_muru_debug_set() instead of data pointer. Fixes: 1966a507 ("mt76: mt7915: add mu-mimo and ofdma debugfs knobs") Signed-off-by:
-
Lorenzo Bianconi authored
Fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector routine if the chip does not support dbdc and the hw reports band_idx set to 1. Fixes: 78fc30a2 ("mt76: mt7915: move testmode data from dev to phy") Signed-off-by:
-
Lorenzo Bianconi authored
Add default case for type switch in mt7986_wmac_gpio_setup routine in order to avoid a possible uninitialized pointer dereference. Fixes: 99ad32a4 ("mt76: mt7915: add support for MT7986") Signed-off-by:
-
Christophe JAILLET authored
In case of error, some resources must be freed, as already done above and below the devm_kmemdup() and __mt7921e_mcu_drv_pmctrl() calls added in the commit in Fixes:. Fixes: 602cc0c9 ("mt76: mt7921e: fix possible probe failure after reboot") Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
-
Lorenzo Bianconi authored
Fix the following smatch static checker warning: drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1872 mt7915_mcu_beacon_mbss() error: undefined (user controlled) shift '(((1))) << (data[2])' Rely on mac80211 definitions for ieee80211_bssid_index subelement. Fixes: 6b7f9aff ("mt76: mt7915: introduce 802.11ax multi-bss support") Signed-off-by:
-
Ryder Lee authored
Soft reboot might not clear certain condition, so always call mt7915_wfsys_reset() during init. Signed-off-by:
-
Lorenzo Bianconi authored
Honor runtime-pm user configuration in mt7921_sniffer_interface_iter routine if we do not have a monitor interface. Fixes: 1f12fa34 ("mt76: mt7921: don't enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set") Signed-off-by:
-
Lorenzo Bianconi authored
mt7921 is currently using rxfilter defined in mt76_dev for rx filter configuration. Fix mt7921_configure_filter implementation. Signed-off-by:
-
Lorenzo Bianconi authored
Introduce suspend/resume callbacks for mt7921u driver. Tested-by:
-
Evelyn Tsai authored
MT7915_MAX_INTERFACES is per-band declaration in MT7915/MT7986/MT7916. Enlarge vif_mask to 64 bits wide, including the bit operation. Reviewed-by:
Evelyn Tsai <evelyn.tsai@mediatek.com> Signed-off-by:
-
Felix Fietkau authored
Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and sta_info_[alloc, free]. [18853.876689] ================================================================== [18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76] [18853.876773] Read of size 8 at addr ffffffaf989a2138 by task mt76-tx phy0/883 [18853.876786] [18853.876810] CPU: 5 PID: 883 Comm: mt76-tx phy0 Not tainted 5.10.100-fix-510-56778d365941-kasan #5 0b01fbbcf41a530f52043508fec2e31a4215 [18853.876840] Call trace: [18853.876861] dump_backtrace+0x0/0x3ec [18853.876878] show_stack+0x20/0x2c [18853.876899] dump_stack+0x11c/0x1ac [18853.876918] print_address_description+0x74/0x514 [18853.876934] kasan_report+0x134/0x174 [18853.876948] __asan_report_load8_noabort+0x44/0x50 [18853.876976] mt76_txq_schedule+0x204/0xaf8 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2] [18853.877002] mt76_txq_schedule_all+0x2c/0x48 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2] [18853.877030] mt7921_tx_worker+0xa0/0x1cc [mt7921_common f0875ebac9d7b4754e1010549e7db50fbd90a047] [18853.877054] __mt76_worker_fn+0x190/0x22c [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2] [18853.877071] kthread+0x2f8/0x3b8 [18853.877087] ret_from_fork+0x10/0x30 [18853.877098] [18853.877112] Allocated by task 941: [18853.877131] kasan_save_stack+0x38/0x68 [18853.877147] __kasan_kmalloc+0xd4/0xfc [18853.877163] kasan_kmalloc+0x10/0x1c [18853.877177] __kmalloc+0x264/0x3c4 [18853.877294] sta_info_alloc+0x460/0xf88 [mac80211] [18853.877410] ieee80211_prep_connection+0x204/0x1ee0 [mac80211] [18853.877523] ieee80211_mgd_auth+0x6c4/0xa4c [mac80211] [18853.877635] ieee80211_auth+0x20/0x2c [mac80211] [18853.877733] rdev_auth+0x7c/0x438 [cfg80211] [18853.877826] cfg80211_mlme_auth+0x26c/0x390 [cfg80211] [18853.877919] nl80211_authenticate+0x6d4/0x904 [cfg80211] [18853.877938] genl_rcv_msg+0x748/0x93c [18853.877954] netlink_rcv_skb+0x160/0x2a8 [18853.877969] genl_rcv+0x3c/0x54 [18853.877985] netlink_unicast_kernel+0x104/0x1ec [18853.877999] netlink_unicast+0x178/0x268 [18853.878015] netlink_sendmsg+0x3cc/0x5f0 [18853.878030] sock_sendmsg+0xb4/0xd8 [18853.878043] ____sys_sendmsg+0x2f8/0x53c [18853.878058] ___sys_sendmsg+0xe8/0x150 [18853.878071] __sys_sendmsg+0xc4/0x1f4 [18853.878087] __arm64_compat_sys_sendmsg+0x88/0x9c [18853.878101] el0_svc_common+0x1b4/0x390 [18853.878115] do_el0_svc_compat+0x8c/0xdc [18853.878131] el0_svc_compat+0x10/0x1c [18853.878146] el0_sync_compat_handler+0xa8/0xcc [18853.878161] el0_sync_compat+0x188/0x1c0 [18853.878171] [18853.878183] Freed by task 10927: [18853.878200] kasan_save_stack+0x38/0x68 [18853.878215] kasan_set_track+0x28/0x3c [18853.878228] kasan_set_free_info+0x24/0x48 [18853.878244] __kasan_slab_free+0x11c/0x154 [18853.878259] kasan_slab_free+0x14/0x24 [18853.878273] slab_free_freelist_hook+0xac/0x1b0 [18853.878287] kfree+0x104/0x390 [18853.878402] sta_info_free+0x198/0x210 [mac80211] [18853.878515] __sta_info_destroy_part2+0x230/0x2d4 [mac80211] [18853.878628] __sta_info_flush+0x300/0x37c [mac80211] [18853.878740] ieee80211_set_disassoc+0x2cc/0xa7c [mac80211] [18853.878851] ieee80211_mgd_deauth+0x4a4/0x10a0 [mac80211] [18853.878962] ieee80211_deauth+0x20/0x2c [mac80211] [18853.879057] rdev_deauth+0x7c/0x438 [cfg80211] [18853.879150] cfg80211_mlme_deauth+0x274/0x414 [cfg80211] [18853.879243] cfg80211_mlme_down+0xe4/0x118 [cfg80211] [18853.879335] cfg80211_disconnect+0x218/0x2d8 [cfg80211] [18853.879427] __cfg80211_leave+0x17c/0x240 [cfg80211] [18853.879519] cfg80211_leave+0x3c/0x58 [cfg80211] [18853.879611] wiphy_suspend+0xdc/0x200 [cfg80211] [18853.879628] dpm_run_callback+0x58/0x408 [18853.879642] __device_suspend+0x4cc/0x864 [18853.879658] async_suspend+0x34/0xf4 [18853.879673] async_run_entry_fn+0xe0/0x37c [18853.879689] process_one_work+0x508/0xb98 [18853.879702] worker_thread+0x7f4/0xcd4 [18853.879717] kthread+0x2f8/0x3b8 [18853.879731] ret_from_fork+0x10/0x30 [18853.879741] [18853.879757] The buggy address belongs to the object at ffffffaf989a2000 [18853.879757] which belongs to the cache kmalloc-8k of size 8192 [18853.879774] The buggy address is located 312 bytes inside of [18853.879774] 8192-byte region [ffffffaf989a2000, ffffffaf989a4000) [18853.879787] The buggy address belongs to the page: [18853.879807] page:000000004bda2a59 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d89a0 [18853.879823] head:000000004bda2a59 order:3 compound_mapcount:0 compound_pincount:0 [18853.879839] flags: 0x8000000000010200(slab|head) [18853.879857] raw: 8000000000010200 ffffffffbc89e208 ffffffffb7fb5208 ffffffaec000cc80 [18853.879873] raw: 0000000000000000 0000000000010001 00000001ffffffff 0000000000000000 [18853.879885] page dumped because: kasan: bad access detected [18853.879896] [18853.879907] Memory state around the buggy address: [18853.879922] ffffffaf989a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [18853.879935] ffffffaf989a2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [18853.879948] >ffffffaf989a2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [18853.879961] ^ [18853.879973] ffffffaf989a2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [18853.879986] ffffffaf989a2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [18853.879998] ================================================================== Cc: stable@vger.kernel.org Reported-by:
-
Felix Fietkau authored
The hardware receives them properly, they should not be dropped Signed-off-by: -
Felix Fietkau authored
The hardware receives them properly, they should not be dropped Signed-off-by: -
Felix Fietkau authored
dma unmap is already needed for cleanup anyway, so we don't need the extra tracking and can save a bit of memory here Signed-off-by: -
Felix Fietkau authored
- call txq dequeue without holding txq lock (locking handled by mac80211) - disable bh around tx queue schedule Signed-off-by: -
Felix Fietkau authored
Clean up and fix error paths in mt7915_register_device Initialize second DBDC tx queue in mt7915_dma_init Signed-off-by: -
Felix Fietkau authored
This code was accidentally dropped while adding 6 GHz support Fixes: b4d093e3 ("mt76: mt7915: add 6 GHz support") Signed-off-by:
-
Dongliang Mu authored
This memory allocation failure can be triggered by fault injection or high pressure testing, resulting a WARN. Fix this by replacing WARN with pr_warn. Reported-by:
syzkaller <syzkaller@googlegroups.com> Signed-off-by:
Dongliang Mu <mudongliangabcd@gmail.com> Signed-off-by:
Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220511014453.1621366-1-dzm91@hust.edu.cn
-
- 11 May, 2022 1 commit
-
-
Jaehee Park authored
Currently, upon virtual interface creation, wfx_add_interface() stores a reference to the corresponding struct ieee80211_vif in private data, for later usage. This is not needed when using the container_of construct. This construct already has all the info it needs to retrieve the reference to the corresponding struct from the offset that is already available, inherent in container_of(), between its type and member inputs (struct ieee80211_vif and drv_priv, respectively). Remove vif (which was previously storing the reference to the struct ieee80211_vif) from the struct wfx_vif, define a function wvif_to_vif(wvif) for container_of(), and replace all wvif->vif with the newly defined container_of construct. Signed-off-by:
Jaehee Park <jhpark1013@gmail.com> Signed-off-by:
-
