- 19 May, 2017 12 commits
-
-
Brian Norris authored
These are already handled by mwifiex_shutdown_sw() and mwifiex_reinit_sw(). Ideally, we'll kill the flag entirely eventually, as I suspect it breeds race conditions. Signed-off-by:
Brian Norris <briannorris@chromium.org> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org>
-
Brian Norris authored
Signed-off-by:
-
Brian Norris authored
These pointers are retrieved via container_of(). There's no way they are NULL. Signed-off-by:
-
Brian Norris authored
We're using 'adapter' right before calling this. Stop being unnecessarily paranoid. Signed-off-by:
-
Brian Norris authored
If mwifiex_shutdown_drv() is racing with another mwifiex_shutdown_drv(), we *really* have problems. Kill the lock. Signed-off-by:
-
Brian Norris authored
When removing or resetting an mwifiex device, we don't remember to free the saved beacon buffer. Use the (somewhat misleadingly-named) mwifiex_free_priv() helper to handle this. Noticed by kmemleak during tests: echo 1 > /sys/bus/pci/devices/.../reset unreferenced object 0xffffffc09d034a00 (size 256): ... backtrace: [<ffffffc0003cdce4>] create_object+0x228/0x3c4 [<ffffffc000c0b9d8>] kmemleak_alloc+0x54/0x88 [<ffffffc0003c0848>] __kmalloc+0x1cc/0x2dc [<ffffffbffc1500c4>] mwifiex_save_curr_bcn+0x80/0x308 [mwifiex] [<ffffffbffc1516b8>] mwifiex_ret_802_11_associate+0x4ec/0x5fc [mwifiex] [<ffffffbffc15da90>] mwifiex_process_sta_cmdresp+0xaf8/0x1fa4 [mwifiex] [<ffffffbffc1411e0>] mwifiex_process_cmdresp+0x40c/0x510 [mwifiex] [<ffffffbffc13b8f4>] mwifiex_main_process+0x4a4/0xb00 [mwifiex] [<ffffffbffc13bf84>] mwifiex_main_work_queue+0x34/0x40 [mwifiex] Signed-off-by: -
Brian Norris authored
mwifiex_exec_next_cmd() seems to have a classic TOCTOU race, where we drop the list lock in between retrieving the next command and deleting it from the list. This potentially leaves room for someone else to also retrieve / steal this node from the list (e.g., mwifiex_cancel_all_pending_cmd()). Let's keep holding the lock while we do our 'ps_state' sanity checks. There should be no harm in continuing to hold this lock for a bit more. Noticed only by code inspection. Signed-off-by:
-
Douglas Anderson authored
The mwifiex_11n_delba() function walked the rx_reorder_tbl_ptr without holding the lock, which was an obvious violation. Grab the lock. NOTE: we hold the lock while calling mwifiex_send_delba(). There's also several callers in 11n_rxreorder.c that hold the lock and the comments in the struct sound just like very other list/lock pair -- as if the lock should definitely be help for all operations like this. Signed-off-by:
Douglas Anderson <dianders@chromium.org> Signed-off-by:
-
Douglas Anderson authored
Just like in the previous patch ("mwifiex: Don't release tx_ba_stream_tbl_lock while iterating"), in mwifiex_cancel_all_pending_cmd() we were itearting over a list protected by a spinlock. Again, it is not safe to release the spinlock while iterating. Don't do it. Luckily in this case there should be no need to release the spinlock. This is evidenced by: 1. The only function called while the spinlock was released was mwifiex_recycle_cmd_node() 2. Aside from atomic functions (which are safe to call), the only function called by mwifiex_recycle_cmd_node() was mwifiex_insert_cmd_to_free_q(). 3. It can be seen in mwifiex_cancel_pending_scan_cmd() that it's OK to call mwifiex_insert_cmd_to_free_q() while holding a different spinlock (scan_pending_q_lock), so in general holding a spinlock should be OK. 4. It doesn't appear that mwifiex_insert_cmd_to_free_q() has any interaction with the cmd_pending_q_lock No known bugs are fixed with this change, but as with other similar changes this could fix random list corruption. Signed-off-by: -
Douglas Anderson authored
Despite the macro list_for_each_entry_safe() having the word "safe" in the name, it's still not actually safe to release the list spinlock while iterating over the list. The "safe" in the macro name actually only means that it's safe to delete the current entry while iterating over the list. Releasing the spinlock while iterating over the list means that someone else could come in and adjust the list while we don't have the spinlock. If they do that it can totally mix up our iteration and fully corrupt the list. Later iterating over a corrupted list while holding a spinlock and having IRQs off can cause all sorts of hard to debug problems. As evidenced by the other call to mwifiex_11n_delete_tx_ba_stream_tbl_entry() in mwifiex_11n_delete_all_tx_ba_stream_tbl(), it's actually safe to skip the spinlock release. Let's do that. No known problems are fixed by this patch, but it could fix all sorts of weird problems and it should be very safe. Signed-off-by:
-
Brian Norris authored
If we fail to add an interface in mwifiex_add_virtual_intf(), we might hit a BUG_ON() in the networking code, because we didn't tear things down properly. Among the problems: (a) when failing to allocate workqueues, we fail to unregister the netdev before calling free_netdev() (b) even if we do try to unregister the netdev, we're still holding the rtnl lock, so the device never properly unregistered; we'll be at state NETREG_UNREGISTERING, and then hit free_netdev()'s: BUG_ON(dev->reg_state != NETREG_UNREGISTERED); (c) we're allocating some dependent resources (e.g., DFS workqueues) after we've registered the interface; this may or may not cause problems, but it's good practice to allocate these before registering (d) we're not even trying to unwind anything when mwifiex_send_cmd() or mwifiex_sta_init_cmd() fail To fix these issues, let's: * add a stacked set of error handling labels, to keep error handling consistent and properly ordered (resolving (a) and (d)) * move the workqueue allocations before the registration (to resolve (c); also resolves (b) by avoiding error cases where we have to unregister) [Incidentally, it's pretty easy to interrupt the alloc_workqueue() in, e.g., the following: iw phy phy0 interface add mlan0 type station by sending it SIGTERM.] This bugfix covers commits like commit 7d652034 ("mwifiex: channel switch support for mwifiex"), but parts of this bug exist all the way back to the introduction of dynamic interface handling in commit 93a1df48 ("mwifiex: add cfg80211 handlers add/del_virtual_intf"). Cc: <stable@vger.kernel.org> Signed-off-by: -
Brian Norris authored
This code was duplicated as part of the PCIe FLR code added to this driver. Let's de-duplicate it to: * make things easier to read (mwifiex_pcie_free_buffers() now has a corresponding mwifiex_pcie_alloc_buffers()) * reduce likelihood of bugs * make error logging equally verbose * save lines of code! Also drop some of the commentary that isn't really needed. Signed-off-by:
-
- 18 May, 2017 28 commits
-
-
Colin Ian King authored
Trivial fix to spelling mistake in RT_TRACE text Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Colin Ian King authored
trivial fixes to spelling mistakes in RT_TRACE messages. Signed-off-by:
-
Ping-Ke Shih authored
For time division multiple access, the wifi and bt take turns to transmit, but we need to let AP know that wifi is under standby mode by sending null data to "pretend" entering power saving state using lps rpwm. But, the fw does not know if it is the actual power saving mode or just a fake one to cheat to the AP. Hence, before fw setting the tdma duration, the fw needs the driver to check the power saving state first. Signed-off-by:
Ping-Ke Shih <pkshih@realtek.com> Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Cc: Yan-Hsuan Chuang <yhchuang@realtek.com> Cc: Birming Chiu <birming@realtek.com> Cc: Shaofu <shaofu@realtek.com> Cc: Steven Ting <steventing@realtek.com> Signed-off-by:
-
Ping-Ke Shih authored
Check BT's status, and record it in field bt_disabled. When BT is disabled, We do special action called wifi_only. Also, we move the field from 'struct btc_coexist' to 'struct coex_sta_8723b_1ant'. Signed-off-by:
-
Ping-Ke Shih authored
If there are BT high priority packets, we arrange more time to BT. To make user experience to be better, HID and SCO are also seen as high priority packet exist. Signed-off-by:
-
Ping-Ke Shih authored
In field debug, we check wifi and BT counter to analyze problems. Signed-off-by:
-
Ping-Ke Shih authored
BT ACL is a special case, so we create a routine to deal this case. Signed-off-by:
-
Ping-Ke Shih authored
Rename: * tdma_adj_type to ps_tdma_du_adj_type * wifiCentralChnl to wifi_central_chnl Coding style: * move constant from right to left side in if-statement Signed-off-by:
-
Larry Finger authored
Routine btc8723b1ant_tdma_dur_adj_for_acl() was removed in a set of Sparse fixes; however, this routine will be needed later. Signed-off-by:
-
Yan-Hsuan Chuang authored
Set rf register if the tx rx mask is switched. Signed-off-by:
Yan-Hsuan Chuang <yhchuang@realtek.com> Signed-off-by:
-
Yan-Hsuan Chuang authored
Fix alignment for coding style consistency. Signed-off-by:
-
Yan-Hsuan Chuang authored
We need to pay attention to ARP packets to correctly establish connection, and reset the ARP counter when disconnected. Signed-off-by:
-
Yan-Hsuan Chuang authored
Before entering IPS, set the PTA control to default value and re-init it after it leaves IPS to avoid running some redundant code in run_coexist_mechanism. Signed-off-by:
-
Yan-Hsuan Chuang authored
For newer coex mechanism, it is not necessary to set a critical value to avoid the power on instability, just use default value for PTA. Signed-off-by:
-
Yan-Hsuan Chuang authored
When the wifi notifies the coexistence it is going to scan, set the coex table to avoid issues when the scan result is empty. Signed-off-by:
-
Yan-Hsuan Chuang authored
When wifi is connected, use normal mode to set retry limit. Signed-off-by:
-
Yan-Hsuan Chuang authored
Adjust wifi slot time to tune the performance of coexistence Signed-off-by:
-
Yan-Hsuan Chuang authored
Monitor if the wifi is softap mode, and set the tdma and coex table accordingly. Signed-off-by:
-
Yan-Hsuan Chuang authored
If wifi is not scanning, there may have some special and important packets such as DHCP or EAPOL or ARP packets. Set tdma and coex table to take care of them. Signed-off-by:
-
Yan-Hsuan Chuang authored
If the wifi is scanning when connected, it is better if the slot is shortened and the priority is increased. Otherwise bt a2dp may have low quality. Signed-off-by:
-
Yan-Hsuan Chuang authored
Consider bt profiling is sco or hid to set coex table and tdma. Signed-off-by:
-
Yan-Hsuan Chuang authored
When wifi is idle, bt could have more resources to transmit, so set the tdma and coex table to achieve this. Signed-off-by:
-
Yan-Hsuan Chuang authored
PSD and LNA are for antenna detection, but we do not use them for 8821A. Remove them and the corresponding display messages. Signed-off-by:
-
Yan-Hsuan Chuang authored
In the hardware initialisation stage, the PTA circuits may be unstable, so we reset it after 6 secs to fix the problem. dis_ver_info_cnt is used to indicate the time after init, and we can set PTA according to it. Signed-off-by:
-
Yan-Hsuan Chuang authored
We add some profiling combinations when the bt notifies the coex mechanism to detect more situations and adjust the coex to fit to it. Also monitor if the wifi is under 5G mode, if so, the signals do net intefere each other, bt can just ignore it Signed-off-by:
-
Yan-Hsuan Chuang authored
If the wifi is leaving ips, re-init the coex mechanisms, and before it is going into ips, the bt can just ignore the wifi activities. Signed-off-by:
-
Yan-Hsuan Chuang authored
The driver will periodically ask the coex, and the coex only runs the mechanism when the status was changed or the auto adjust is set. Signed-off-by:
-
Yan-Hsuan Chuang authored
When driver is going to sleep, it does not leave LPS/IPS, thus the BTCoex may have mismatch when driver wakes up. To avoid that, BTCoex needs to clear the IPS/LPS state when it receives a pnp notify, then it can properly set up the hw when driver wakes up. Routine ex_btc8821a2ant_pnp_notify() restored. Signed-off-by:
-
