| Age | Commit message (Collapse) | Author |
|---|
|
Implement proper reconfiguration for interfaces that are
doing MLO, in order to be able to recover from HW restart
correctly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230504134511.828474-6-gregory.greenman@intel.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
When PNVM is obtained from UEFI, there's an additional memory
descriptor TLV that has to be handled. It is the same TLV that
holds data in the reduced power tables. Also, in this TLV, the
actual data is located after address and size, so add the
corresponding offset.
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.8c5f5ee8e30b.Id1893c9dec140b5ba4abe8a121c2e1a1d121d2d7@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Use efi.get_variable() with NULL pointer for data in order to
obtain entry size and then call it again with the correct size
to get the entry itself.
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.ef95a8055a50.Iae5389baaf0a9a3c89469f7502275ee119d378b6@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This code is a bit of a maze of gotos etc. Clean up the
code a bit to make the intent clearer.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.51fb5ee63f21.I20f270b2d47612e84643dc235c2940b8d9ed9930@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
It enables to better handle error cases. Also save the image till the
end of the loading and only then free it.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.71e3b3e0e794.Ifbe69ad99a7e805eb70e09280365821eb146b1c9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Replace the field reduce_power_dram with a struct that holds data about
the reduced-power tables drams regions. Generalize load_payloads_segments()
to work for both pnvm tables and reduction power tables.
Make required adjustments in the data structures.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.6fe66958f049.I85d80682229fc02fe354462cc9da40937558f30c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Generalize the parsing, loading, and setting of the power-reduce
tables, in order to support allocation of several DRAM payloads
in the future.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.564f1eead99b.Iaba653b21dc09aafc72b9bbb3928abddce0db50a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Take the part that copies the tables into DRAM, out of the method
that sets the prph_scratch to make the code cleaner. Each of the
operations will get more complex in the future when it will also
support larger power-reduce tables images.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.7695684dc848.I13626cd318e5d68efec9618b2045f52788bff114@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Save the pnvm payloads in several DRAM segments (not only in one as
used to). In addition, allocate a FW structure in DRAM that holds the
segments' addresses and forward its address to the FW. It's done when
FW has the capability to handle pnvm images this way (helps to process
large pnvm images).
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.dbdad8995ce1.I986213527982637042532de3851a1bd8a11be87a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Add support for fragmented pnvm images, depending on the FW capability.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.c49bfaf435a9.I0278312e7c3355b224cd870d4f8cf6578d12f03e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Change the field pnvm_dram to an array that describes many regions
and add a counter to the number of pnvm regions that were allocated
in DRAM.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.bb206d71bf45.I627640701757bb2f234f8e18a3afbd6af1206658@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Change iwl_pnvm_parse so it will only save the information into the
iwl_pnvm_image struct. This enables to use the parsing code for the
power reduce tables in the future.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.504b42fc1611.I4ddf6ad76d922d118fcbcc4f0e9ec003753d0b75@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Take the part that is copying the pnvm image into DRAM, out of the
the method that sets the prph_scratch. Makes the code cleaner since
those 2 operations don't always happen together (loading should happen
only once while setting can happen more than once).
In addition, each operation will get more complex in the future when
it will support also larger pnvm images.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.4c0728239fd6.Ibc30a9fbdb6123dadbe2dbb89318dbd5ec01080a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Generalize iwl_pnvm_parse(). This saves us from copying each payload
twice (first in the parsing and later when copying it to the dram).
Moreover, its more compatible for handling larger pnvm tables in
the future (in which payloads won't be concatenated).
The main changes are:
1. Take out the concatenating of the payloads from the parsing level
2. Start using iwl_pnvm_image structure that will hold pointers to
payloads that should be delivered to fw, their sizes and number.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230606103519.06c02f380b6f.I03a3030fca194aa0c4bc2ecd18531f8914e98cfd@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Some of the kernel-doc links are outdated due to other
changes, fix that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230601171633.85e2cf489893.Ie3889ea6f755b80c988543ccca56c67420c51b1f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Some commands are no longer used and have broken kernel-doc links,
so just remove them.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230601171633.3dad4ad9b53e.I018abd02d6925950b8748dfb7a59db87255fc670@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Even for reserved values we shouldn't use u16, that's just
error prone. Fix this to __le16.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230601171633.29ebf70aa64e.I1263f6724e1c70ff5541f447b9744f143ee736a3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This is clearer in kernel-doc than spelling out the prefix.
It also lets us generate better tracing data.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230601171633.e11ece794f60.I9874c7b0437071a2620d68ca5a16efed60da07a9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Indicate to the firmware for each station whether or not MFP
is used with this station. Note that we indicate MFP for it
before authorized since we don't know yet, and that will make
the firmware not handle should-be-protected management frames
without being able to check them.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230601095201.b1052f39af4c.I1b46b751d5808e65ea3d0e7b8b38209c5aecf042@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
If there's no peer configured then there's no point in sending
the command down to the firmware with an invalid peer address.
Fixes: cf85123a210f ("wifi: iwlwifi: mvm: support enabling and disabling HW timestamping")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194630.0fb9f81f1852.Idcc41b67d1fbb421e5ed9bac2177b948b7b4d1c9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This warning is sometimes happening if we force a FW error
while disconnecting, which is annoying but harmless.
However, it's also pointless to throw a warning here, since
the stack and driver state doesn't really help, so just
remove that so the driver will ignore the error if any.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194630.29fe6990d372.I00ff5dc7bfb4025a609f380a0a3911d842b72449@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Remove the check for the IMR debug data size which
leads to dead code.
Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194630.58eec8d40729.Ifb7d64706eed45726db804f36e785283dff7adab@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Add 2 new entries for Dell in PPAG approved list.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194630.a2696f0538ef.I324e4a0cc4696c27830a490b79c42dfeff8ba074@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
When checking if the initiator is associated to the responder,
iterate over all active links.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.a0d86655e7d2.I8f140ca55094da1d73c387fc036394fb2c148c85@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
The 100ms shouldn't be needed, only 10ms. However after
reset we should have 10ms as well for these devices.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.9a5627c1ff18.Ifcfbccd5458bd9ebd496aa834284fb0facfcaaef@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
There are mainly two types of BTM (BSS Transition Management)
requests, recommendations and notifications. For the first type,
a response is needed otherwise, most probably the STA will be
disconnected.
Since we don't want to wake up the host on it, set the BTM to reject
offload flag (if the device supports it) and rely on the FW to take
care of it. The FW will reject the BTM request and in case the AP
sends DEAUTH the FW can wake up the host to let it decide on the
next steps.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.d95ae6f2804c.I9457acc55bc23ce715c714b5088058f52540c224@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
DRAM buffers that are not defined in the TLVs (or are unused in the
preset) would cause a log message. To avoid confusion, skip processing
buffers with an invalid (i.e. uninitialized) DRAM path.
This further reduces the noise of the message in cases where it is
unlikely to be helpful. Also update a related debug log string to better
describe what is happening.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.ecae60cf2d7f.Ib44a94d4aeb55dbb2e52edea8b69a09bc0f722c3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Add two new vendors to the PPAG approved vendor list
as Google OEMs.
Signed-off-by: Golan Ben Ami <golan.ben.ami@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.b89a3f9e3ae0.Iab1e13285c58ef1fee2a8bad8429eda4547b0b74@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Calling this IWL_RX_PHY_DATA1_EHT_B0 is just confusing,
it's the RU allocation bit 0. Also then align the name
for B1-B7 accordingly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.824edb28c0eb.Ia9f74573e3ac771911b679558984f1bfb36de674@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Supporting controlling the frame rate during injection,
HT/VHT are supported in addition to legacy rates.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.85a662792649.I0847b47dec0dfb0290d7b15ebc6bc0a575eed7b5@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Allows vendors to use the time average sar feature.
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531194629.845c205e4def.Iab5c849617ed7e13304e4dfc7def668659439946@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
The feature is still disabled (depends on BROKEN), but
the code had a compilation error after one of the merges.
Fix that.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230531085033.216028-1-gregory.greenman@intel.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Add support for the MCC update response version 8.
Versions 5-6 are already covered by the existing
flags conversion, and 7 isn't used.
The capabilities field in iwl_mcc_update_resp is 32 bits
wide now, and the flags moved, so some more changes are
needed.
While at it, convert the flags to bool (to avoid having
to deal with BIT(16) specially etc.) and use the
struct_size() macro for the memory allocation.
Signed-off-by: Abhishek Naik <abhishek.naik@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.fd9016f8f994.Ibddcb9fbfa74895f742c0ac20968720691c94853@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Allows the China bit in the ppag flags to turn on also when
FW cmd version is 1 (if FW has the capability).
Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.3cc19e799eeb.I9054b1d63fd7ae2b5f0e416825b4b1dc9f79cc80@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Setting the station to -EBUSY was originally done under
this lock, and the comment still refers to it. But this
no longer happens because that was removed when DQA was
removed. Remove the leftover code as well.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.30048b1cd0fd.Ie2c2ff6fd7c6e3ebf5b736de350dc15515970792@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Some devices, like step A0 of GL FM device doesn't support RX STBC
for VHT/HE. Add a workaround to remove it from capabilities in
this case.
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.65c3e09813e5.Iadfd8cdb0ea5a8088ae3daa555c780c423951894@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Add new oem/odm pair to ppag approved vendors list
when specified by platform.
Signed-off-by: Ariel Malamud <ariel.malamud@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.549a57a1cf11.I7392b1cd31f4f7ee60aafe2093f4e82b1d6fd3a7@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
In the following notifications and commands mac_id was replaced
with link_id:
* CANCEL_CHANNEL_SWITCH_CMD
* CHANNEL_SWITCH_START_NOTIF
* CHANNEL_SWITCH_ERROR_NOTIF
The logic around was not changed, so only adjust handling
mac/link id.
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.6aa6e394f5fe.Ie9e78918511ca901f9f3966d774fa74a71a186e3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
The firmware added new fields to be able to pass the link_id as the AP
knows it and the esr_transition_timeout.
For now, pass only the link_id since we don't have access to the
esr_transition_timeout yet.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.bf80ce717458.Icd4174911227c00cd12783fe1f517ae8097809b9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This function is MLO related, so it should iterate over all the links,
and not only on deflink.
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.56a9c709e987.I9716195ec288cce2c929338c254ee9add8cfcc1f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
In case the driver doesn't implement suspend or resume operations
on the transport layer, notify the driver's upper layer.
Otherwise, we might access d3_status uninitialized.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.0c55e0ca92f1.I6870fe1683215e65d3d036f9b576b03b7b7257be@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
When adding a PASN station, the non MLD API was used. This results
in assert when operating as MLD. Fix it to use the MLD API when
operating as MLD. For now, the default link is used for the added
station.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.7c35dccc8a12.I7bc78cd16d7c750f42fdd60e07e839a860d279d2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This wasn't really common anymore, so dissolve it, it has a
pretty strange calling convention that's confusing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.44320ab2e842.Ie1d6b9c28caca3b541ca383a4c0c8799b0e72fe0@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
There's no need for these to be writable, so they can
be const (and static).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.c41eb6687868.I2dac1158e5723187bda1973aa49fde8a794621c8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
This new version of missed beacon notification uses link_id
instead of mac_id. Also add an option to use link id for
retrieving vif.
Signed-off-by: Yedidya Benshimol <yedidya.ben.shimol@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.17fe1cc632f1.Id1fabb532e2174712fe17d4ad86a2c8c64ae84da@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
FW version is now frozen for 22500 devices. Don't
allow newer versions in the driver.
Signed-off-by: Golan Ben Ami <golan.ben.ami@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.8a25ebf9134c.I3f1454498322ce28cb687d28c091c7ee092cefca@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
kmemdup() at line 2735 is not duplicating enough memory for
notif->tid_tear_down and notif->station_id. As it only duplicates
612 bytes: up to offsetofend(struct iwl_wowlan_info_notif,
received_beacons), this is the range of [0, 612) bytes.
2735 notif = kmemdup(notif_v1,
2736 offsetofend(struct iwl_wowlan_info_notif,
2737 received_beacons),
2738 GFP_ATOMIC);
which evidently does not cover bytes 612 and 613 for members
tid_tear_down and station_id in struct iwl_wowlan_info_notif.
See below:
$ pahole -C iwl_wowlan_info_notif drivers/net/wireless/intel/iwlwifi/mvm/d3.o
struct iwl_wowlan_info_notif {
struct iwl_wowlan_gtk_status_v3 gtk[2]; /* 0 488 */
/* --- cacheline 7 boundary (448 bytes) was 40 bytes ago --- */
struct iwl_wowlan_igtk_status igtk[2]; /* 488 80 */
/* --- cacheline 8 boundary (512 bytes) was 56 bytes ago --- */
__le64 replay_ctr; /* 568 8 */
/* --- cacheline 9 boundary (576 bytes) --- */
__le16 pattern_number; /* 576 2 */
__le16 reserved1; /* 578 2 */
__le16 qos_seq_ctr[8]; /* 580 16 */
__le32 wakeup_reasons; /* 596 4 */
__le32 num_of_gtk_rekeys; /* 600 4 */
__le32 transmitted_ndps; /* 604 4 */
__le32 received_beacons; /* 608 4 */
u8 tid_tear_down; /* 612 1 */
u8 station_id; /* 613 1 */
u8 reserved2[2]; /* 614 2 */
/* size: 616, cachelines: 10, members: 13 */
/* last cacheline: 40 bytes */
};
Therefore, when the following assignments take place, actually no memory
has been allocated for those objects:
2743 notif->tid_tear_down = notif_v1->tid_tear_down;
2744 notif->station_id = notif_v1->station_id;
Fix this by allocating space for the whole notif object and zero out the
remaining space in memory after member station_id.
This also fixes the following -Warray-bounds issues:
CC drivers/net/wireless/intel/iwlwifi/mvm/d3.o
drivers/net/wireless/intel/iwlwifi/mvm/d3.c: In function ‘iwl_mvm_wait_d3_notif’:
drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2743:30: warning: array subscript ‘struct iwl_wowlan_info_notif[0]’ is partly outside array bounds of ‘unsigned char[612]’ [-Warray-bounds=]
2743 | notif->tid_tear_down = notif_v1->tid_tear_down;
|
from drivers/net/wireless/intel/iwlwifi/mvm/d3.c:7:
In function ‘kmemdup’,
inlined from ‘iwl_mvm_wait_d3_notif’ at drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2735:12:
include/linux/fortify-string.h:765:16: note: object of size 612 allocated by ‘__real_kmemdup’
765 | return __real_kmemdup(p, size, gfp);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/intel/iwlwifi/mvm/d3.c: In function ‘iwl_mvm_wait_d3_notif’:
drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2744:30: warning: array subscript ‘struct iwl_wowlan_info_notif[0]’ is partly outside array bounds of ‘unsigned char[612]’ [-Warray-bounds=]
2744 | notif->station_id = notif_v1->station_id;
| ^~
In function ‘kmemdup’,
inlined from ‘iwl_mvm_wait_d3_notif’ at drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2735:12:
include/linux/fortify-string.h:765:16: note: object of size 612 allocated by ‘__real_kmemdup’
765 | return __real_kmemdup(p, size, gfp);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link: https://github.com/KSPP/linux/issues/306
Fixes: 905d50ddbc83 ("wifi: iwlwifi: mvm: support wowlan info notification version 2")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Acked-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/ZHpGN555FwAKGduH@work
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Currently, whenever an EMA beacon is formed, due to is_template
argument being false from the caller, the switch count is always
decremented once which is wrong.
Also if switch count is equal to profile periodicity, this makes
the switch count to reach till zero which triggers a WARN_ON_ONCE.
[ 261.593915] CPU: 1 PID: 800 Comm: kworker/u8:3 Not tainted 5.4.213 #0
[ 261.616143] Hardware name: Qualcomm Technologies, Inc. IPQ9574
[ 261.622666] Workqueue: phy0 ath12k_get_link_bss_conf [ath12k]
[ 261.629771] pstate: 60400005 (nZCv daif +PAN -UAO)
[ 261.635595] pc : ieee80211_next_txq+0x1ac/0x1b8 [mac80211]
[ 261.640282] lr : ieee80211_beacon_update_cntdwn+0x64/0xb4 [mac80211]
[...]
[ 261.729683] Call trace:
[ 261.734986] ieee80211_next_txq+0x1ac/0x1b8 [mac80211]
[ 261.737156] ieee80211_beacon_cntdwn_is_complete+0xa28/0x1194 [mac80211]
[ 261.742365] ieee80211_beacon_cntdwn_is_complete+0xef4/0x1194 [mac80211]
[ 261.749224] ieee80211_beacon_get_template_ema_list+0x38/0x5c [mac80211]
[ 261.755908] ath12k_get_link_bss_conf+0xf8/0x33b4 [ath12k]
[ 261.762590] ath12k_get_link_bss_conf+0x390/0x33b4 [ath12k]
[ 261.767881] process_one_work+0x194/0x270
[ 261.773346] worker_thread+0x200/0x314
[ 261.777514] kthread+0x140/0x150
[ 261.781158] ret_from_fork+0x10/0x18
Fix this issue by making the is_template argument as true when fetching
the EMA beacons.
Fixes: bd54f3c29077 ("wifi: mac80211: generate EMA beacons in AP mode")
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Link: https://lore.kernel.org/r/20230531062012.4537-1-quic_adisi@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Don't do link address translation for beacons and probe responses,
this leads to reporting multiple scan list entries for the same AP
(one with the MLD address) which just breaks things.
We might need to extend this in the future for some other (action)
frames that aren't MLD addressed.
Fixes: 42fb9148c078 ("wifi: mac80211: do link->MLD address translation on RX")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230604120651.62adead1b43a.Ifc25eed26ebf3b269f60b1ec10060156d0e7ec0d@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
There were two bugs when creating the non-inheritence
element:
1) 'at_extension' needs to be declared outside the loop,
otherwise the value resets every iteration and we
can never really switch properly
2) 'added' never got set to true, so we always cut off
the extension element again at the end of the function
This shows another issue that we might add a list but no
extension list, but we need to make the extension list a
zero-length one in that case.
Fix all these issues. While at it, add a comment explaining
the trim.
Fixes: 81151ce462e5 ("wifi: mac80211: support MLO authentication/association with one link")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230604120651.3addaa5c4782.If3a78f9305997ad7ef4ba7ffc17a8234c956f613@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
