- 18 Apr, 2021 11 commits
-
-
Christophe JAILLET authored
'get_tid_h()' is the same as 'ieee80211_get_tid()'. So this function can be removed to save a few lines of code. Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Acked-by:
Christian Lamparter <chunkeey@gmail.com> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/68efad7a597159e22771d37fc8b4a8a613866d60.1617399010.git.christophe.jaillet@wanadoo.fr
-
Lv Yunlong authored
In mwl8k_probe_hw, hw->priv->txq is freed at the first time by dma_free_coherent() in the call chain: if(!priv->ap_fw)->mwl8k_init_txqs(hw)->mwl8k_txq_init(hw, i). Then in err_free_queues of mwl8k_probe_hw, hw->priv->txq is freed at the second time by mwl8k_txq_deinit(hw, i)->dma_free_coherent(). My patch set txq->txd to NULL after the first free to avoid the double free. Fixes: a66098da ("mwl8k: Marvell TOPDOG wireless driver") Signed-off-by:
Lv Yunlong <lyl2019@mail.ustc.edu.cn> Signed-off-by:
-
Ping-Ke Shih authored
Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the following array overrun is logged: ================================================================================ UBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34 index 5 is out of range for type 'u8 [5]' CPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: G O 5.12.0-rc5-00086-gd88bba47038e-dirty #651 Hardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014 Workqueue: phy0 ieee80211_scan_work [mac80211] Call Trace: dump_stack+0x64/0x7c ubsan_epilogue+0x5/0x40 __ubsan_handle_out_of_bounds.cold+0x43/0x48 rtw_get_tx_power_params+0x83a/drivers/net/wireless/realtek/rtw88/0xad0 [rtw_core] ? rtw_pci_read16+0x20/0x20 [rtw_pci] ? check_hw_ready+0x50/0x90 [rtw_core] rtw_phy_get_tx_power_index+0x4d/0xd0 [rtw_core] rtw_phy_set_tx_power_level+0xee/0x1b0 [rtw_core] rtw_set_channel+0xab/0x110 [rtw_core] rtw_ops_config+0x87/0xc0 [rtw_core] ieee80211_hw_config+0x9d/0x130 [mac80211] ieee80211_scan_state_set_channel+0x81/0x170 [mac80211] ieee80211_scan_work+0x19f/0x2a0 [mac80211] process_one_work+0x1dd/0x3a0 worker_thread+0x49/0x330 ? rescuer_thread+0x3a0/0x3a0 kthread+0x134/0x150 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x22/0x30 ================================================================================ The statement where an array is being overrun is shown in the following snippet: if (rate <= DESC_RATE11M) tx_power = pwr_idx_2g->cck_base[group]; else ====> tx_power = pwr_idx_2g->bw40_base[group]; The associated arrays are defined in main.h as follows: struct rtw_2g_txpwr_idx { u8 cck_base[6]; u8 bw40_base[5]; struct rtw_2g_1s_pwr_idx_diff ht_1s_diff; struct rtw_2g_ns_pwr_idx_diff ht_2s_diff; struct rtw_2g_ns_pwr_idx_diff ht_3s_diff; struct rtw_2g_ns_pwr_idx_diff ht_4s_diff; }; The problem arises because the value of group is 5 for channel 14. The trivial increase in the dimension of bw40_base fails as this struct must match the layout of efuse. The fix is to add the rate as an argument to rtw_get_channel_group() and set the group for channel 14 to 4 if rate <= DESC_RATE11M. This patch fixes commit fa6dfe6b ("rtw88: resolve order of tx power setting routines") Fixes: fa6dfe6b ("rtw88: resolve order of tx power setting routines") Reported-by:Богдан Пилипенко <bogdan.pylypenko107@gmail.com> Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
Ping-Ke Shih <pkshih@realtek.com> Cc: Stable <stable@vger.kernel.org> Signed-off-by:
-
Wan Jiabing authored
struct wilc is declared twice. One has been declared at 352nd line. Remove the duplicate. Signed-off-by:
Wan Jiabing <wanjiabing@vivo.com> Signed-off-by:
-
Wan Jiabing authored
struct brcmf_bus is declared twice. One has been declared at 37th line. Remove the duplicate. Signed-off-by:
-
Eric Lin authored
Signed-off-by:
Eric Lin <dslin1010@gmail.com> Reported-by:
Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by:
-
Marek Vasut authored
The rsi_resume() does access the bus to enable interrupts on the RSI SDIO WiFi card, however when calling sdio_claim_host() in the resume path, it is possible the bus is already claimed and sdio_claim_host() spins indefinitelly. Enable the SDIO card interrupts in resume_noirq instead to prevent anything else from claiming the SDIO bus first. Fixes: 20db0733 ("rsi: sdio suspend and resume support") Signed-off-by:
Marek Vasut <marex@denx.de> Cc: Amitkumar Karwar <amit.karwar@redpinesignals.com> Cc: Angus Ainslie <angus@akkea.ca> Cc: David S. Miller <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Kalle Valo <kvalo@codeaurora.org> Cc: Karun Eagalapati <karun256@gmail.com> Cc: Martin Kepplinger <martink@posteo.de> Cc: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm> Cc: Siva Rebbagondla <siva8118@gmail.com> Cc: netdev@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by:
-
Po-Hao Huang authored
Since firmware can't have proper statistics, driver update the statistics periodically to firmware to assist in tuning performance. Signed-off-by:
Po-Hao Huang <phhuang@realtek.com> Signed-off-by:
-
Wan Jiabing authored
struct lbs_private has been declared at 22nd line. Remove the duplicate. Signed-off-by:
-
Bhaskar Chowdhury authored
s/revsion/revision/ Signed-off-by:
Bhaskar Chowdhury <unixbhaskar@gmail.com> Signed-off-by:
-
Aditya Srivastava authored
The opening comment mark '/**' is used for highlighting the beginning of kernel-doc comments. There are some files in drivers/net/wireless/rsi which follow this syntax in their file headers, i.e. start with '/**' like comments, which causes unexpected warnings from kernel-doc. E.g., running scripts/kernel-doc -none on drivers/net/wireless/rsi/rsi_coex.h causes this warning: "warning: wrong kernel-doc identifier on line: * Copyright (c) 2018 Redpine Signals Inc." Similarly for other files too. Provide a simple fix by replacing such occurrences with general comment format, i.e., "/*", to prevent kernel-doc from parsing it. Signed-off-by:
Aditya Srivastava <yashsri421@gmail.com> Reviewed-by:
Randy Dunlap <rdunlap@infradead.org> Signed-off-by:
-
- 17 Apr, 2021 27 commits
-
-
Arnd Bergmann authored
gcc-11 with KASAN on 32-bit arm produces a warning about a function that needs a lot of stack space: drivers/net/wireless/cisco/airo.c: In function 'setup_card.constprop': drivers/net/wireless/cisco/airo.c:3960:1: error: the frame size of 1512 bytes is larger than 1400 bytes [-Werror=frame-larger-than=] Most of this is from a single large structure that could be dynamically allocated or moved into the per-device structure. However, as the callers all seem to have a fairly well bounded call chain, the easiest change is to pull out the part of the function that needs the large variables into a separate function and mark that as noinline_for_stack. This does not reduce the total stack usage, but it gets rid of the warning and requires minimal changes otherwise. Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Signed-off-by:
-
Arnd Bergmann authored
gcc complains about undefined behavior in calling snprintf() with the same buffer as input and output: drivers/net/wireless/ti/wl18xx/debugfs.c: In function 'diversity_num_of_packets_per_ant_read': drivers/net/wireless/ti/wl18xx/../wlcore/debugfs.h:86:3: error: 'snprintf' argument 4 overlaps destination object 'buf' [-Werror=restrict] 86 | snprintf(buf, sizeof(buf), "%s[%d] = %d\n", \ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 87 | buf, i, stats->sub.name[i]); \ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/wireless/ti/wl18xx/debugfs.c:24:2: note: in expansion of macro 'DEBUGFS_FWSTATS_FILE_ARRAY' 24 | DEBUGFS_FWSTATS_FILE_ARRAY(a, b, c, wl18xx_acx_statistics) | ^~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/wireless/ti/wl18xx/debugfs.c:159:1: note: in expansion of macro 'WL18XX_DEBUGFS_FWSTATS_FILE_ARRAY' 159 | WL18XX_DEBUGFS_FWSTATS_FILE_ARRAY(diversity, num_of_packets_per_ant, There are probably other ways of handling the debugfs file, without using on-stack buffers, but a simple workaround here is to remember the current position in the buffer and just keep printing in there. Fixes: bcca1bbd ("wlcore: add debugfs macro to help print fw statistics arrays") Signed-off-by: -
Arnd Bergmann authored
Building without mesh supports shows a couple of warnings with 'make W=1': drivers/net/wireless/marvell/libertas/main.c: In function 'lbs_start_card': drivers/net/wireless/marvell/libertas/main.c:1068:37: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body] 1068 | lbs_start_mesh(priv); Change the macros to use the usual "do { } while (0)" instead to shut up the warnings and make the code a litte more robust. Signed-off-by: -
Christophe JAILLET authored
The 'c2hcmd_lock' spinlock is only used to protect some __skb_queue_tail() and __skb_dequeue() calls. Use the lock provided in the skb itself and call skb_queue_tail() and skb_dequeue(). These functions already include the correct locking. Signed-off-by:
-
Dan Carpenter authored
If the loop fails, the "while(trials--) {" loop will exit with "trials" set to -1. The test for that expects it to end with "trials" set to 0 so the warning message will not be printed. Fix this by changing from a post-op to a pre-op. This does mean that we only make 99 attempts instead of 100 but that's okay. Fixes: f135a157 ("wilc1000: Support chip sleep over SPI") Signed-off-by:Dan Carpenter <dan.carpenter@oracle.com> Acked-by:
Ajay Singh <ajay.kathat@microchip.com> Signed-off-by:
-
zuoqilin authored
Remove unneeded variable: "ret" Signed-off-by:
zuoqilin <zuoqilin@yulong.com> Signed-off-by:
-
Gustavo A. R. Silva authored
In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple warnings by replacing /* fall through */ comments with the new pseudo-keyword macro fallthrough; instead of letting the code fall through to the next case. Notice that Clang doesn't recognize /* fall through */ comments as implicit fall-through markings. Link: https://github.com/KSPP/linux/issues/115Signed-off-by:
-
David Mosberger-Tang authored
Linux network drivers normally disallow changing the MAC address when the interface is up. This driver has been different in that it allows to change the MAC address *only* when it's up. This patch brings wilc1000 behavior more in line with other network drivers. We could have replaced wilc_set_mac_addr() with eth_mac_addr() but that would break existing documentation on how to change the MAC address. Likewise, return -EADDRNOTAVAIL (not -EINVAL) when the specified MAC address is invalid or unavailable. Signed-off-by:
David Mosberger-Tang <davidm@egauge.net> Signed-off-by:
-
David Mosberger-Tang authored
The driver so far has always disabled CRC protection. This means any data corruption that occurrs during the SPI transfers could go undetected. This patch adds module parameters enable_crc7 and enable_crc16 to selectively turn on CRC7 (for command transfers) and CRC16 (for data transfers), respectively. The default configuration remains unchanged, with both CRC7 and CRC16 off. The performance impact of CRC was measured by running ttcp -t four times in a row on a SAMA5 device: CRC7 CRC16 Throughput: Standard deviation: ---- ----- ----------- ------------------- off off 1720 +/- 48 KB/s on off 1658 +/- 58 KB/s on on 1579 +/- 84 KB/s Signed-off-by:
-
David Mosberger-Tang authored
After a DMA write to the WILC chip, check for and report any errors. This is based on code from the wilc driver in the linux-at91 repository. Signed-off-by:
-
David Mosberger-Tang authored
The WILC1000 protocol control register has bits for enabling the CRCs (CRC7 for commands and CRC16 for data) and to set the data packet size. Define symbolic names for those so the code is more easily understood. Signed-off-by:
-
David Mosberger-Tang authored
For CMD_SINGLE_READ and CMD_INTERNAL_READ, WILC may insert one or more zero bytes between the command response and the DATA Start tag (0xf3). This behavior appears to be undocumented in "ATWILC1000 USER GUIDE" (https://tinyurl.com/4hhshdts) but we have observed 1-4 zero bytes when the SPI bus operates at 48MHz and none when it operates at 1MHz. This code is derived from the equivalent code of the wilc driver in the linux-at91 repository. Signed-off-by:
-
Brian Norris authored
There are a few reasons not to dump SSIDs as-is in kernel logs: 1) they're not guaranteed to be any particular text encoding (UTF-8, ASCII, ...) in general 2) it's somewhat redundant; the BSSID should be enough to uniquely identify the AP/STA to which we're connecting 3) BSSIDs have an easily-recognized format, whereas SSIDs do not (they are free-form) 4) other common drivers (e.g., everything based on mac80211) get along just fine by only including BSSIDs when logging state transitions Additional notes on reason #3: this is important for the privacy-conscious, especially when providing tools that convey kernel logs on behalf of a user -- e.g., when reporting bugs. So for example, it's easy to automatically filter logs for MAC addresses, but it's much harder to filter SSIDs out of unstructured text. Signed-off-by:
Brian Norris <briannorris@chromium.org> Signed-off-by:
-
Dan Carpenter authored
The "ext->key_len" is a u16 that comes from the user. If it's over SCM_KEY_LEN (32) that could lead to memory corruption. Fixes: e0d369d1 ("[PATCH] ieee82011: Added WE-18 support to default wireless extension handler") Cc: stable@vger.kernel.org Signed-off-by:
Stanislav Yakovlev <stas.yakovlev@gmail.com> Signed-off-by:
-
Guobin Huang authored
spinlock can be initialized automatically with DEFINE_SPINLOCK() rather than explicitly calling spin_lock_init(). Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
Guobin Huang <huangguobin4@huawei.com> Signed-off-by:
-
wengjianfeng authored
some function's label meaningless, the label statement follows the goto statement, no other statements, so just remove it. Reported-by:
kernel test robot <lkp@intel.com> Signed-off-by:
wengjianfeng <wengjianfeng@yulong.com> Signed-off-by:
-
Christophe JAILLET authored
The 'c2hcmd_lock' spinlock is only used to protect some __skb_queue_tail() and __skb_dequeue() calls. Use the lock provided in the skb itself and call skb_queue_tail() and skb_dequeue(). These functions already include the correct locking. Signed-off-by:
-
Christophe JAILLET authored
'rtl_get_tid_h()' is the same as 'ieee80211_get_tid()'. So this function can be removed to save a line of code. Signed-off-by:
-
Yang Li authored
Assigning value "3" to "rtlpriv->btcoexist.reg_bt_sco" here, but that stored value is overwritten before it can be used. Coverity reports this problem as CWE563: A value assigned to a variable is never used. drivers/net/wireless/realtek/rtlwifi/rtl8188ee/hw.c: rtl8188ee_bt_reg_init Reported-by:
Abaci Robot <abaci@linux.alibaba.com> Signed-off-by:
Yang Li <yang.lee@linux.alibaba.com> Signed-off-by:
-
Colin Ian King authored
Variable err is assigned -ENODEV followed by an error return path via label error_out that does not access the variable and returns with the -ENODEV error return code. The assignment to err is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by:Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Bhaskar Chowdhury authored
s/resovle/resolve/ s/broadcase/broadcast/ s/sytem/system/ Signed-off-by:
-
wengjianfeng authored
some function's label meaningless, the return statement follows the goto statement, so just remove it. Signed-off-by:
Sergey Matyukevich <geomatsi@gmail.com> Signed-off-by:
-
Ping-Ke Shih authored
The signal strength of 5G is quite low, so user can't connect to an AP far away. New parameters with new format and its parser are updated by the commit 84d26fda ("rtlwifi: Update 8821ae new phy parameters and its parser."), but some parameters are missing. Use this commit to update to the novel parameters that use new format. Fixes: 84d26fda ("rtlwifi: Update 8821ae new phy parameters and its parser") Signed-off-by:
Kai-Heng Feng <kai.heng.feng@canonical.com> Signed-off-by:
-
Chen Lin authored
Remove the 'wsm_*' typedef as it is not used. Signed-off-by:
Chen Lin <chen.lin5@zte.com.cn> Signed-off-by:
-
Chen Lin authored
Remove the 'cw1200_wsm_handler' typedef as it is not used. Signed-off-by:
-
Kalle Valo authored
Merge tag 'iwlwifi-next-for-kalle-2021-04-12-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next iwlwifi patches for v5.13 * Add support for new FTM FW APIs; * Some CSA fixes; * Support for new HW family and other HW detection fixes; * Robustness improvement in the HW detection code; * One fix in PMF; * Some new regulatory features; * Support for passive scan in 6GHz; * Some improvements in the sync queue implementation; * Support for new devices; * Support for a new FW API command version; * Some locking fixes; * Bump the FW API version support for AX devices; * Some other small fixes, clean-ups and improvements. # gpg: Signature made Wed 14 Apr 2021 12:33:29 PM EEST using RSA key ID 1A3CC5FA # gpg: Good signature from "Luciano Roth Coelho (Luca) <luca@coelho.fi>" # gpg: aka "Luciano Roth Coelho (Intel) <luciano.coelho@intel.com>"
-
https://github.com/nbd168/wirelessKalle Valo authored
mt76 patches for 5.13 * code cleanup * mt7915/mt7615 decap offload support * driver fixes * mt7613 eeprom support * MCU code unification * threaded NAPI support * new device IDs * mt7921 device reset support * rx timestamp support # gpg: Signature made Tue 13 Apr 2021 12:11:25 AM EEST using DSA key ID 02A76EF5 # gpg: Good signature from "Felix Fietkau <nbd@nbd.name>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 75D1 1A7D 91A7 710F 4900 42EF D77D 141D 02A7 6EF5
-
- 14 Apr, 2021 2 commits
-
-
David S. Miller authored
Merge tag 'linux-can-next-for-5.13-20210414' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next Marc Kleine-Budde says: ==================== pull-request: can-next 2021-04-14 this is a pull request of a single patch for net-next/master. Vincent Mailhol's patch fixes a NULL pointer dereference when handling error frames in the etas_es58x driver, which has been added in the previous PR. ==================== Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
af_packet fanout uses RCU rules to ensure f->arr elements are not dismantled before RCU grace period. However, it lacks rcu accessors to make sure KCSAN and other tools wont detect data races. Stupid compilers could also play games. Fixes: dc99f600 ("packet: Add fanout support.") Signed-off-by:
Eric Dumazet <edumazet@google.com> Reported-by:
"Gong, Sishuai" <sishuai@purdue.edu> Cc: Willem de Bruijn <willemb@google.com> Signed-off-by:
-
