- 27 Apr, 2018 2 commits
-
-
Tamizh Chelvam authored
When attempt to read tpc_stats for the chipsets which support more than 3 tx chain will trigger kernel panic(kernel stack is corrupted) due to writing values on rate_code array out of range. This patch changes the array size depends on the WMI_TPC_TX_N_CHAIN and added check to avoid write values on the array if the num tx chain get in tpc config event is greater than WMI_TPC_TX_N_CHAIN. Tested on QCA9984 with firmware-5.bin_10.4-3.5.3-00057 Kernel panic log : [ 323.510944] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: bf90c654 [ 323.510944] [ 323.524390] CPU: 0 PID: 1908 Comm: cat Not tainted 3.14.77 #31 [ 323.530224] [<c021db48>] (unwind_backtrace) from [<c021ac08>] (show_stack+0x10/0x14) [ 323.537941] [<c021ac08>] (show_stack) from [<c03c53c0>] (dump_stack+0x80/0xa0) [ 323.545146] [<c03c53c0>] (dump_stack) from [<c022e4ac>] (panic+0x84/0x1e4) [ 323.552000] [<c022e4ac>] (panic) from [<c022e61c>] (__stack_chk_fail+0x10/0x14) [ 323.559350] [<c022e61c>] (__stack_chk_fail) from [<bf90c654>] (ath10k_wmi_event_pdev_tpc_config+0x424/0x438 [ath10k_core]) [ 323.570471] [<bf90c654>] (ath10k_wmi_event_pdev_tpc_config [ath10k_core]) from [<bf90d800>] (ath10k_wmi_10_4_op_rx+0x2f0/0x39c [ath10k_core]) [ 323.583047] [<bf90d800>] (ath10k_wmi_10_4_op_rx [ath10k_core]) from [<bf8fcc18>] (ath10k_htc_rx_completion_handler+0x170/0x1a0 [ath10k_core]) [ 323.595702] [<bf8fcc18>] (ath10k_htc_rx_completion_handler [ath10k_core]) from [<bf961f44>] (ath10k_pci_hif_send_complete_check+0x1f0/0x220 [ath10k_pci]) [ 323.609421] [<bf961f44>] (ath10k_pci_hif_send_complete_check [ath10k_pci]) from [<bf96562c>] (ath10k_ce_per_engine_service+0x74/0xc4 [ath10k_pci]) [ 323.622490] [<bf96562c>] (ath10k_ce_per_engine_service [ath10k_pci]) from [<bf9656f0>] (ath10k_ce_per_engine_service_any+0x74/0x80 [ath10k_pci]) [ 323.635423] [<bf9656f0>] (ath10k_ce_per_engine_service_any [ath10k_pci]) from [<bf96365c>] (ath10k_pci_napi_poll+0x44/0xe8 [ath10k_pci]) [ 323.647665] [<bf96365c>] (ath10k_pci_napi_poll [ath10k_pci]) from [<c0599994>] (net_rx_action+0xac/0x160) [ 323.657208] [<c0599994>] (net_rx_action) from [<c02324a4>] (__do_softirq+0x104/0x294) [ 323.665017] [<c02324a4>] (__do_softirq) from [<c0232920>] (irq_exit+0x9c/0x11c) [ 323.672314] [<c0232920>] (irq_exit) from [<c0217fc0>] (handle_IRQ+0x6c/0x90) [ 323.679341] [<c0217fc0>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/0x60) [ 323.686893] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0x70) [ 323.694349] Exception stack(0xdd489c58 to 0xdd489ca0) [ 323.699384] 9c40: 00000000 a0000013 [ 323.707547] 9c60: 00000000 dc4bce40 60000013 ddc1d800 dd488000 00000990 00000000 c085c800 [ 323.715707] 9c80: 00000000 dd489d44 0000092d dd489ca0 c026e664 c026e668 60000013 ffffffff [ 323.723877] [<c02095c0>] (__irq_svc) from [<c026e668>] (rcu_note_context_switch+0x170/0x184) [ 323.732298] [<c026e668>] (rcu_note_context_switch) from [<c020e928>] (__schedule+0x50/0x4d4) [ 323.740716] [<c020e928>] (__schedule) from [<c020e490>] (schedule_timeout+0x148/0x178) [ 323.748611] [<c020e490>] (schedule_timeout) from [<c020f804>] (wait_for_common+0x114/0x154) [ 323.756972] [<c020f804>] (wait_for_common) from [<bf8f6ef0>] (ath10k_tpc_stats_open+0xc8/0x340 [ath10k_core]) [ 323.766873] [<bf8f6ef0>] (ath10k_tpc_stats_open [ath10k_core]) from [<c02bb598>] (do_dentry_open+0x1ac/0x274) [ 323.776741] [<c02bb598>] (do_dentry_open) from [<c02c838c>] (do_last+0x8c0/0xb08) [ 323.784201] [<c02c838c>] (do_last) from [<c02c87e4>] (path_openat+0x210/0x598) [ 323.791408] [<c02c87e4>] (path_openat) from [<c02c9d1c>] (do_filp_open+0x2c/0x78) [ 323.798873] [<c02c9d1c>] (do_filp_open) from [<c02bc85c>] (do_sys_open+0x114/0x1b4) [ 323.806509] [<c02bc85c>] (do_sys_open) from [<c0208c80>] (ret_fast_syscall+0x0/0x44) [ 323.814241] CPU1: stopping [ 323.816927] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.77 #31 [ 323.823008] [<c021db48>] (unwind_backtrace) from [<c021ac08>] (show_stack+0x10/0x14) [ 323.830731] [<c021ac08>] (show_stack) from [<c03c53c0>] (dump_stack+0x80/0xa0) [ 323.837934] [<c03c53c0>] (dump_stack) from [<c021cfac>] (handle_IPI+0xb8/0x140) [ 323.845224] [<c021cfac>] (handle_IPI) from [<c02084fc>] (gic_handle_irq+0x58/0x60) [ 323.852774] [<c02084fc>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0x70) [ 323.860233] Exception stack(0xdd499fa0 to 0xdd499fe8) [ 323.865273] 9fa0: ffffffed 00000000 1d3c9000 00000000 dd498000 dd498030 10c0387d c08b62c8 [ 323.873432] 9fc0: 4220406a 512f04d0 00000000 00000000 00000001 dd499fe8 c021838c c0218390 [ 323.881588] 9fe0: 60000013 ffffffff [ 323.885070] [<c02095c0>] (__irq_svc) from [<c0218390>] (arch_cpu_idle+0x30/0x50) [ 323.892454] [<c0218390>] (arch_cpu_idle) from [<c026500c>] (cpu_startup_entry+0xa4/0x108) [ 323.900690] [<c026500c>] (cpu_startup_entry) from [<422085a4>] (0x422085a4) Signed-off-by:
Tamizh chelvam <tamizhr@codeaurora.org> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org>
-
Venkateswara Naralasetty authored
During write to some of debugfs in ath10k, few variables exposing stack data when process user input. which leads to possible information leak. This patch fix this issue by initializing buffer and checks the return valure of 'simple_write_to_buffer'. Signed-off-by:
Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by:
-
- 25 Apr, 2018 8 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.gitKalle Valo authored
ath.git patches for 4.18. Major changes: ath10k * enable temperature reads for QCA6174 and QCA9377 * add firmware memory dump support for QCA9984 * continue adding WCN3990 support via SNOC bus
-
Gustavo A. R. Silva authored
In case memory resources for fw were succesfully allocated, release them before jumping to fw_load_fail. Addresses-Coverity-ID: 1466092 ("Resource leak") Fixes: c3b2f7ca ("qtnfmac: implement asynchronous firmware loading") Signed-off-by:Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by:
Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Signed-off-by:
-
Xose Vazquez Perez authored
RT5370G has hardware RX antenna diversity like RT5390R. Based on DPO_RT5572_LinuxSTA_2.6.1.3_20121022.tar.bz2 manufacturer driver: https://d86o2zu8ugzlg.cloudfront.net/mediatek-craft/drivers/DPO_RT5572_LinuxSTA_2.6.1.3_20121022.tar.bz2 Cc: Stanislaw Gruszka <sgruszka@redhat.com> Cc: Helmut Schaa <helmut.schaa@googlemail.com> Cc: Gertjan van Wingerde <gwingerde@gmail.com> Cc: Jakub Kicinski <jakub.kicinski@netronome.com> Cc: wireless newbie <wnewbie72@gmail.com> Cc: Kalle Valo <kvalo@codeaurora.org> Cc: linux wireless ml <linux-wireless@vger.kernel.org> Signed-off-by:
Xose Vazquez Perez <xose.vazquez@gmail.com> Acked-by:
Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by:
-
Gustavo A. R. Silva authored
Remove and refactor some code in order to avoid having identical code for different branches. Notice that this piece of code hasn't been modified since 2011. Addresses-Coverity-ID: 1226756 ("Identical code for different branches") Signed-off-by: -
Dan Haab authored
BCM4366E is a wireless chipset with a BCM43664 ChipCommon. It's supported by the same firmware as 4366c0. Signed-off-by:
Dan Haab <dan.haab@luxul.com> [arend: rebase patch and remove unnecessary definition] Signed-off-by:
Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by:
-
Dan Carpenter authored
If "evt_len" is 1 then we try to memcpy() negative 3 bytes and it would cause memory corruption. Fixes: d930faee ("mwifiex: add support for Marvell pcie8766 chipset") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Xinming Hu authored
Firmware already support hidden ssid and keep ssid length, Open the capability in driver. Signed-off-by:
Xinming Hu <huxm@marvell.com> Signed-off-by:
-
Xinming Hu authored
Firmware parse and attach ERP IE from bss configuration, do not set again from tail IE. Signed-off-by:
-
- 24 Apr, 2018 30 commits
-
-
Lorenzo Bianconi authored
Despite this issue is not harmful since it is not actually used in mt76 driver, fix DMA txinfo bitmask definition Fixes: 7bc04215 ('mt76: add driver code for MT76x2e') Signed-off-by:
Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by:
-
Stanislaw Gruszka authored
When finishing scanning we switch to operational channel sill with SCANNING flag. This mean that we never perform calibration works after scanning. To fix the problem queue calibration works on .sw_scan_complete() routine. Signed-off-by:
Jakub Kicinski <kubakici@wp.pl> Signed-off-by:
-
Stanislaw Gruszka authored
avr_rssi is not calculated correctly as we do not divide result by 256 (mt76 sum avg_rssi1 and avg_rssi2 and divide by 512). However dividing by 256 will make avg_rssi almost the same as last rssi value - not really an average. So use EWMA to calculate avg_rssi. I've chosen weight_rcp=4 to convergence quicker on signal strength changes. Signed-off-by:
-
Lorenzo Bianconi authored
Initialize default values for temperature compensation in TX_ALC_CFG_{1,2} if tssi has been enabled Signed-off-by: -
Lorenzo Bianconi authored
Fix mt76x2_temp_tx_alc_enabled routine since in order to enable tx_alc temperature compensation it necessary to take into account BIT(15) of MT_EE_TX_POWER_EXT_PA_5G eeprom info Fixes: 7bc04215 ("mt76: add driver code for MT76x2e") Signed-off-by:
-
Lorenzo Bianconi authored
Remove unnecessary MT_TX_ALC_CFG_4 configuration since the register value will be properly set according to the usage of an external power amplifier Signed-off-by:
Felix Fietkau <nbd@nbd.name> Signed-off-by:
-
Felix Fietkau authored
Do not attempt to reorder packets not part of a BA session Signed-off-by:
-
Felix Fietkau authored
Required for fast-rx and allows mac80211 to skip an unnnecessary check. Signed-off-by:
-
Felix Fietkau authored
Use cancel_delayed_work instead of cancel_delayed_work_sync Signed-off-by:
-
Felix Fietkau authored
There were a number of issues in the existing tx power handling code: 1. The EEPROM target power for chain 0 refers to the actual output power after the channel and bandwidth delta have been added to the initial channel gain. This means the delta values should not be added/subtracted for the rate power calculation 2. When power is reduced significantly, the initial channel gain underflows very quickly, while the per-rate power offsets are high. This miscalculation causes effective tx power to be increased when it should actually be lowered. Fix this by trying to adjust the channel gain to the lowest power from the rate table. In case of under- or overflow, compensate by adding an appropriate delta to the rate power values. This makes power configuration more accurate on a wider range of configurable values Signed-off-by:
-
Felix Fietkau authored
Avoids race conditions from mac80211 enqueueing tx packets before the tx-drop bit is cleared Signed-off-by:
-
Felix Fietkau authored
Signficantly improves throughput with some clients Signed-off-by:
-
Felix Fietkau authored
Allows the driver to control whether to send a BlockAckReq after waking up. MT76x2 needs this set to true, for MT7603 (to be submitted later) it needs to be false. Signed-off-by:
-
Lorenzo Bianconi authored
Add static qualifier to mt76x2_mac_reset routine and remove the prototype from mt76x2_mac.h since it is used just in mt76x2_init.c Signed-off-by:
-
Lorenzo Bianconi authored
Fix mcu initial configuration for tssi calibration on 5GHz band Fixes: 7bc04215 ("mt76: add driver code for MT76x2e") Signed-off-by:
-
Gustavo A. R. Silva authored
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by:
-
Ping-Ke Shih authored
Since the statements are identical, we can safely remove the statements. The commit 42e74946 ("rtlwifi: btcoexist: Fix if == else warnings in halbtc8821a1ant.c") had fixed the statements, but the commit c6821613 ("rtlwifi: btcoex: follow linux coding style") that converted coding style and upgraded btcoex didn't include the fix. Reported-by:
Ping-Ke Shih <pkshih@realtek.com> Signed-off-by:
-
Siva Rebbagondla authored
While performing cleanup, driver is messing with card->ocr value by not masking rocr against ocr_avail. Below panic is observed with some of the SDIO host controllers due to this. Issue is resolved by reverting incorrect modifications to vdd. [ 927.423821] mmc1: Invalid vdd 0x1f [ 927.423925] Modules linked in: rsi_sdio(+) cmac bnep arc4 rsi_91x mac80211 cfg80211 btrsi rfcomm bluetooth ecdh_generic [ 927.424073] CPU: 0 PID: 1624 Comm: insmod Tainted: G W 4.15.0-1000-caracalla #1 [ 927.424075] Hardware name: Dell Inc. Edge Gateway 3003/ , BIOS 01.00.06 01/22/2018 [ 927.424082] RIP: 0010:sdhci_set_power_noreg+0xdd/0x190[sdhci] [ 927.424085] RSP: 0018:ffffac3fc064b930 EFLAGS: 00010282 [ 927.424107] Call Trace: [ 927.424118] sdhci_set_power+0x5a/0x60 [sdhci] [ 927.424125] sdhci_set_ios+0x360/0x3b0 [sdhci] [ 927.424133] mmc_set_initial_state+0x92/0x120 [ 927.424137] mmc_power_up.part.34+0x33/0x1d0 [ 927.424141] mmc_power_up+0x17/0x20 [ 927.424147] mmc_sdio_runtime_resume+0x2d/0x50 [ 927.424151] mmc_runtime_resume+0x17/0x20 [ 927.424156] __rpm_callback+0xc4/0x200 [ 927.424161] ? idr_alloc_cyclic+0x57/0xd0 [ 927.424165] ? mmc_runtime_suspend+0x20/0x20 [ 927.424169] rpm_callback+0x24/0x80 [ 927.424172] ? mmc_runtime_suspend+0x20/0x20 [ 927.424176] rpm_resume+0x4b3/0x6c0 [ 927.424181] __pm_runtime_resume+0x4e/0x80 [ 927.424188] driver_probe_device+0x41/0x490 [ 927.424192] __driver_attach+0xdf/0xf0 [ 927.424196] ? driver_probe_device+0x490/0x490 [ 927.424201] bus_for_each_dev+0x6c/0xc0 [ 927.424205] driver_attach+0x1e/0x20 [ 927.424209] bus_add_driver+0x1f4/0x270 [ 927.424217] ? rsi_sdio_ack_intr+0x50/0x50 [rsi_sdio] [ 927.424221] driver_register+0x60/0xe0 [ 927.424227] ? rsi_sdio_ack_intr+0x50/0x50 [rsi_sdio] [ 927.424231] sdio_register_driver+0x20/0x30 [ 927.424237] rsi_module_init+0x16/0x40 [rsi_sdio] Signed-off-by:
Siva Rebbagondla <siva.rebbagondla@redpinesignals.com> Signed-off-by:
Amitkumar Karwar <amit.karwar@redpinesignals.com> Signed-off-by:
-
Siva Rebbagondla authored
Following overflow kernel panic is observed on some platforms while loading the driver. It is fixed if dynamically allocated memory is passed to SDIO instead of static one [ 927.513963] nommu_map_sg: overflow 17d54064ba7c+20 of device mask ffffffff [ 927.517712] Modules linked in: rsi_sdio(+) cmac bnep arc4 rsi_91x mac80211 cfg80211 btrsi rfcomm bluetooth ecdh_generic snd_soc_sst_bytcr_rt5660 [ 927.517861] CPU: 0 PID: 1624 Comm: insmod Tainted: G W 4.15.0-1000 #1 [ 927.517870] RIP: 0010:sdhci_send_command+0x5f0/0xa90 [sdhci] [ 927.517873] RSP: 0000:ffffac3fc064b6d8 EFLAGS: 00010086 [ 927.517895] Call Trace: [ 927.517908] ? __schedule+0x3cd/0x890 [ 927.517915] ? mod_timer+0x17b/0x3c0 [ 927.517922] sdhci_request+0x7c/0xf0 [sdhci] [ 927.517928] __mmc_start_request+0x5a/0x170 [ 927.517932] mmc_start_request+0x74/0x90 [ 927.517936] mmc_wait_for_req+0x87/0xe0 [ 927.517940] mmc_io_rw_extended+0x2fd/0x330 [ 927.517946] ? mmc_wait_data_done+0x30/0x30 [ 927.517951] sdio_io_rw_ext_helper+0x160/0x210 [ 927.517956] sdio_writesb+0x1d/0x20 [ 927.517966] rsi_sdio_write_register_multiple+0x68/0x110 [rsi_sdio] [ 927.517976] rsi_hal_device_init+0x357/0x910 [rsi_91x] [ 927.517983] ? rsi_hal_device_init+0x357/0x910 [rsi_91x] [ 927.517990] rsi_probe+0x2c6/0x450 [rsi_sdio] [ 927.517995] sdio_bus_probe+0xfc/0x110 [ 927.518000] driver_probe_device+0x2b3/0x490 [ 927.518005] __driver_attach+0xdf/0xf0 [ 927.518008] ? driver_probe_device+0x490/0x490 [ 927.518014] bus_for_each_dev+0x6c/0xc0 [ 927.518018] driver_attach+0x1e/0x20 [ 927.518021] bus_add_driver+0x1f4/0x270 [ 927.518028] ? rsi_sdio_ack_intr+0x50/0x50 [rsi_sdio] [ 927.518031] driver_register+0x60/0xe0 [ 927.518038] ? rsi_sdio_ack_intr+0x50/0x50 [rsi_sdio] [ 927.518041] sdio_register_driver+0x20/0x30 [ 927.518047] rsi_module_init+0x16/0x40 [rsi_sdio] Signed-off-by:
-
Amitkumar Karwar authored
Currently 5GHz gets advertised even for the device which supports only 2.4Ghz band. This patch fixes the issue Signed-off-by:
-
Amitkumar Karwar authored
Power save is by default enabled for WLAN and BT coex mode. Signed-off-by:
-
Amitkumar Karwar authored
Currently TID is extracted by checking at specific offset in data frame. This approach doesn't work for some of the frames. This patch uses mac80211 API and do it correctly Signed-off-by:
-
Amitkumar Karwar authored
Maximum number of supported aggregation subframes has been increased to 8. This is the optimal number for the driver. Signed-off-by:
-
Amitkumar Karwar authored
Power save request should be sent on station interface. Virtual interface which is connected should be preferred. This patch resolves device not entering power save problem in certain situations Signed-off-by:
-
Amitkumar Karwar authored
Some device configuration flags need to be enabled while sending 'bootup params' internal frame to firmware. This patch takes care of it. Signed-off-by:
-
Amitkumar Karwar authored
Firmware's watchdog timer should be disabled as a part of reset sequence. This change fixes a firmware hang issue observed during stress tests. Signed-off-by:
-
Dan Carpenter authored
The issue here is that we allocate "data" and then set "data = PTR_ALIGN(data, 8);" and then we free the aligned pointer instead of the original pointer. kmalloc() pointers are already ARCH_SLAB_MINALIGN aligned which is 8 or more on everything except certain Xtensa variants. We decided that if the Xtensa people ever notice a bug here then we'll tell them the bug is on their side. ;) Signed-off-by:
-
Prameela Rani Garnepudi authored
To support roaming below changes are done: * Station notify frame is send to firmware after sending assoc request. This will avoid dropping of first EAPOL frame due to delay in creation of station control block in firmware. * Data queues are unblocked after sending station notify in open mode, after configuring key in WEP mode, and after receiving EAPOL4 confirm in WPA mode. * Initial EAPOL frames priority is chaged to MGMT, rekey EAPOL frames priority changed to VO. Signed-off-by:
Prameela Rani Garnepudi <prameela.j04cs@gmail.com> Signed-off-by:
-
Prameela Rani Garnepudi authored
80MHz clock for device should be enabled by default in TX command frame radio capabilities. Signed-off-by:
-
Prameela Rani Garnepudi authored
Descriptors preparation is moved to core instead of HAL to avoid synchronization issues in sending TX frames Signed-off-by:
-
