| Age | Commit message (Collapse) | Author |
|---|
|
It is rather easy to add more entries to ath11k_skb_cb while forgetting the
size limit of ieee80211_tx_info->driver_data. So just check this during the
build to reduce the change of accidental buffer overflow in the skbuff->cb.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-3-sven@narfation.org
|
|
It was observed that the codepath for the ATH11K_SKB_HW_80211_ENCAP was
used even when the IEEE80211_TX_CTRL_HW_80211_ENCAP was not enabled for a
an skbuff. This became even more prominent when the QCAs wlan-open patchset
for ath11k [1] was applied and a sane looking fix just caused crashes when
injecting frames via a monitor interface (for example with ratechecker):
[ 86.963152] Unable to handle kernel NULL pointer dereference at virtual address 00000338
[ 86.963192] pgd = ffffffc0008f0000
[ 86.971034] [00000338] *pgd=0000000051706003, *pud=0000000051706003, *pmd=0000000051707003, *pte=00e800000b000707
[ 86.984292] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[...]
[ 87.713339] [<ffffffbffc802480>] ieee80211_tx_status_8023+0xf8/0x220 [mac80211]
[ 87.715654] [<ffffffbffc98bad4>] ath11k_dp_tx_completion_handler+0x42c/0xa10 [ath11k]
[ 87.722924] [<ffffffbffc989190>] ath11k_dp_service_srng+0x70/0x3c8 [ath11k]
[ 87.730831] [<ffffffbffca03460>] 0xffffffbffca03460
[ 87.737599] [<ffffffc00046ef58>] net_rx_action+0xf8/0x288
[ 87.742462] [<ffffffc000097554>] __do_softirq+0xfc/0x220
[ 87.748014] [<ffffffc000097900>] irq_exit+0x98/0xe8
[ 87.753396] [<ffffffc0000cf188>] __handle_domain_irq+0x90/0xb8
[ 87.757999] [<ffffffc000081ca4>] gic_handle_irq+0x6c/0xc8
[ 87.763899] Exception stack(0xffffffc00081bdc0 to 0xffffffc00081bef0)
Problem is that the state of ath11k_skb_cb->flags must be considered
unknown and could contain anything when it is not manually initialized. So
it could also contain ATH11K_SKB_HW_80211_ENCAP. And this can result in the
code to assume that the ath11k_skb_cb->vif is set - even when this is not
always the case for non ATH11K_SKB_HW_80211_ENCAP transmissions.
Tested-on: IPQ8074 hw2.0 WLAN.HK.2.4.0.1.r1-00026-QCAHKSWPL_SILICONZ-2
[1] https://source.codeaurora.org/quic/qsdk/oss/system/feeds/wlan-open/tree/mac80211/patches?h=NHSS.QSDK.11.4.r3
(162 patches at the moment which are often not upstreamed but essential
to get ath11k working)
Fixes: e7f33e0c52c0 ("ath11k: add tx hw 802.11 encapsulation offloading support")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-2-sven@narfation.org
|
|
The driver_data area of ieee80211_tx_info is used in ath11k for
ath11k_skb_cb. The first function in the TX patch which rewrites it to
ath11k_skb_cb is already ath11k_mac_op_tx. No one else in the code path
must use it for something else before it reinitializes it. Otherwise the
data has to be considered uninitialized or corrupt.
But the ieee80211_tx_info.control shares exactly the same area as
ieee80211_tx_info.driver_data and ath11k is still using it. This results in
best case in a
ath11k c000000.wifi1: no vif found for mgmt frame, flags 0x0
or (slightly worse) in a kernel oops.
Instead, the interesting data must be moved first into the ath11k_skb_cb
and ieee80211_tx_info.control must then not be used anymore.
Tested-on: IPQ8074 hw2.0 WLAN.HK.2.4.0.1.r1-00026-QCAHKSWPL_SILICONZ-2
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-1-sven@narfation.org
|
|
Unused structure ath11k_vdev_stop_status is removed.
'ath11k_mac_get_ar_vdev_stop_status' api has been replaced
with 'ath11k_mac_get_ar_by_vdev_id' inside vdev_stopped_event.
Signed-off-by: Ritesh Singh <ritesi@codeaurora.org>
Signed-off-by: Maharaja Kennadyrajan <mkenna@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605514143-17652-4-git-send-email-mkenna@codeaurora.org
|
|
Peer creation in firmware fails, if last peer deletion
is still in progress.
Hence, add wait for the event after deleting every peer
from host driver to synchronize with firmware.
Signed-off-by: Ritesh Singh <ritesi@codeaurora.org>
Signed-off-by: Maharaja Kennadyrajan <mkenna@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605514143-17652-3-git-send-email-mkenna@codeaurora.org
|
|
When the interface is added immediately after removing the
interface, vdev deletion in firmware might not have been
completed.
Hence, add vdev_delete_resp_event and wait_event_timeout
to synchronize with firmware.
Signed-off-by: Ritesh Singh <ritesi@codeaurora.org>
Signed-off-by: Maharaja Kennadyrajan <mkenna@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605514143-17652-2-git-send-email-mkenna@codeaurora.org
|
|
This is an immutable branch from mhi tree for handling an API change in MHI
subsystem and minimise conflicts between ath and mhi trees.
|
|
Add the missing destroy_workqueue() before return from
cw1200_init_common in the error handling case.
Fixes: a910e4a94f69 ("cw1200: add driver for the ST-E CW1100 & CW1200 WLAN chipsets")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119070842.1011-1-miaoqinglang@huawei.com
|
|
The REG_PORT is defined twice, so remove one of them.
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119101204.72fd5f0a@xhacker.debian
|
|
In rtl8723e_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 531:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 534, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 535:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015218.12220-1-baijiaju1990@gmail.com
|
|
In rtl92de_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 667:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 669, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 670:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015205.12162-1-baijiaju1990@gmail.com
|
|
In rtl92ce_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 530:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 533, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 534:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015151.12110-1-baijiaju1990@gmail.com
|
|
In rtl88ee_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 677:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 680, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 681:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015127.12033-1-baijiaju1990@gmail.com
|
|
In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple
warnings by explicitly adding multiple break statements instead of
letting the code fall through to the next case.
Link: https://github.com/KSPP/linux/issues/115
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201117160958.GA18807@embeddedor
|
|
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: 17ff2c794f39 ("rsi: reset device changes for 9116")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605582454-39649-1-git-send-email-zhangchangzhong@huawei.com
|
|
bindex can be out of BA window (64):
tid 0 seq 2983, start_seq 2915, bindex 68, index 39
tid 0 seq 2984, start_seq 2915, bindex 69, index 40
tid 0 seq 2985, start_seq 2915, bindex 70, index 41
tid 0 seq 2986, start_seq 2915, bindex 71, index 42
tid 0 seq 2879, start_seq 2915, bindex 4060, index 63
tid 0 seq 2854, start_seq 2915, bindex 4035, index 38
tid 0 seq 2795, start_seq 2915, bindex 3976, index 43
tid 0 seq 2989, start_seq 2924, bindex 65, index 45
tid 0 seq 2992, start_seq 2924, bindex 68, index 48
tid 0 seq 2993, start_seq 2924, bindex 69, index 49
tid 0 seq 2994, start_seq 2924, bindex 70, index 50
tid 0 seq 2997, start_seq 2924, bindex 73, index 53
tid 0 seq 2795, start_seq 2941, bindex 3950, index 43
tid 0 seq 2921, start_seq 2941, bindex 4076, index 41
tid 0 seq 2929, start_seq 2941, bindex 4084, index 49
tid 0 seq 3011, start_seq 2946, bindex 65, index 3
tid 0 seq 3012, start_seq 2946, bindex 66, index 4
tid 0 seq 3013, start_seq 2946, bindex 67, index 5
In result isset() will try to dereference something on the stack,
causing panics:
BUG: unable to handle page fault for address: ffffa742800ed01f
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 6a4e9067 P4D 6a4e9067 PUD 6a4ec067 PMD 6a4ed067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Not tainted 5.8.5-arch1-1-kdump #1
Hardware name: Apple Inc. MacBookAir3,1/Mac-942452F5819B1C1B, BIOS MBA31.88Z.0061.B07.1201241641 01/24/12
RIP: 0010:brcms_c_ampdu_dotxstatus+0x343/0x9f0 [brcmsmac]
Code: 54 24 20 66 81 e2 ff 0f 41 83 e4 07 89 d1 0f b7 d2 66 c1 e9 03 0f b7 c9 4c 8d 5c 0c 48 49 8b 4d 10 48 8b 79 68 41 57 44 89 e1 <41> 0f b6 33 41 d3 e0 48 c7 c1 38 e0 ea c0 48 83 c7 10 44 21 c6 4c
RSP: 0018:ffffa742800ecdd0 EFLAGS: 00010207
RAX: 0000000000000019 RBX: 000000000000000b RCX: 0000000000000006
RDX: 0000000000000ffe RSI: 0000000000000004 RDI: ffff8fc6ad776800
RBP: ffff8fc6855acb00 R08: 0000000000000001 R09: 00000000000005d9
R10: 00000000fffffffe R11: ffffa742800ed01f R12: 0000000000000006
R13: ffff8fc68d75a000 R14: 00000000000005db R15: 0000000000000019
FS: 0000000000000000(0000) GS:ffff8fc6aad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffa742800ed01f CR3: 000000002480a000 CR4: 00000000000406e0
Call Trace:
<IRQ>
brcms_c_dpc+0xb46/0x1020 [brcmsmac]
? wlc_intstatus+0xc8/0x180 [brcmsmac]
? __raise_softirq_irqoff+0x1a/0x80
brcms_dpc+0x37/0xd0 [brcmsmac]
tasklet_action_common.constprop.0+0x51/0xb0
__do_softirq+0xff/0x340
? handle_level_irq+0x1a0/0x1a0
asm_call_on_stack+0x12/0x20
</IRQ>
do_softirq_own_stack+0x5f/0x80
irq_exit_rcu+0xcb/0x120
common_interrupt+0xd1/0x200
asm_common_interrupt+0x1e/0x40
RIP: 0010:cpuidle_enter_state+0xb3/0x420
Check if the block is within BA window and only then check block's
status. Otherwise as Behan wrote: "When I came back to Dublin I
was courtmartialed in my absence and sentenced to death in my absence,
so I said they could shoot me in my absence."
Also reported:
https://bbs.archlinux.org/viewtopic.php?id=258428
https://lore.kernel.org/linux-wireless/87tuwgi92n.fsf@yujinakao.com/
Reported-by: Yuji Nakao <contact@yujinakao.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201116030635.645811-1-dima@arista.com
|
|
The left-hand side of the assignment from cpu_to_le32() should be of
type __le32. This commit clears the warning reported by sparse when
building with C=1 CF="-D__CHECK_ENDIAN__".
Fixes: d56fd83cf99c ("brcmfmac: fix SDIO access for big-endian host")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Remi Depommier <rde@setrix.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201116001639.31958-1-rde@setrix.com
|
|
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: b7da53cd6cd1 ("qtnfmac_pcie: use single PCIe driver for all platforms")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201114123347.29632-1-wanghai38@huawei.com
|
|
The variable u4tmp is overwritten by the following call and the assignment
is useless, so remove it.
Reported-by: Tosk Robot <tencent_os_robot@tencent.com>
Signed-off-by: Kaixu Xia <kaixuxia@tencent.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605332735-9648-1-git-send-email-kaixuxia@tencent.com
|
|
ezusb_read_ltv() is always invoked via the ->read_ltv() callback. This
callback is mostly invoked under orinoco_lock() which disables BH.
There are a few invocations during probe which occur in preemptible
context via:
ezusb_probe() -> orinoco_init() -> determine_fw_capabilities()
Extend `hermes_ops' with the ->read_ltv_pr callback which is implemented
with the same callback like ->read_ltv on `hermes_ops_local'.
On `ezusb_ops' ->read_ltv is used for callbacks under the lock which
need to poll.
The new ->read_ltv_pr() is used in the preemptible context in which it
is possible to wait for the completion. Provide HERMES_READ_RECORD_PR()
and hermes_read_wordrec_pr() which behave like their non _pr equivalents
and invoke ->read_ltv_pr().
This removes the last user of ezusb_req_ctx_wait() and can now be
removed.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-11-bigeasy@linutronix.de
|
|
All invocations of ezusb_docmd_wait() happen via ->cmd_wait(). This
callback is always invoked under the orinoco_lock() which disables BH.
Use ezusb_req_ctx_wait_poll() for ezusb_docmd_wait() because it must not
sleep.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-10-bigeasy@linutronix.de
|
|
ezusb_doicmd_wait() is invoked via ->init_cmd_wait() callback.
This callback is only invoked hermesi_program_init() and
hermesi_program_end() which are the ->program_init() and ->program_end()
callbacks as assigned by `hermes_ops_local'. They are never used by the
USB interface since the USB interface provides its own set of callbacks
by `ezusb_ops'.
Replace ezusb_doicmd_wait() with a warning in case I missed the obvious.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-9-bigeasy@linutronix.de
|
|
All invocation of ezusb_write_ltv() happen via ->write_ltv() and are
performed under the orinoco_lock() which disables BH.
Use ezusb_req_ctx_wait_poll() for ezusb_write_ltv() because it must not
sleep.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-8-bigeasy@linutronix.de
|
|
ezusb_read_pda() is invoked via ->read_pda() while firmware is loaded in
preemtible context.
Use ezusb_req_ctx_wait_compl() in ezusb_read_pda().
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-7-bigeasy@linutronix.de
|
|
The ezusb_program() is invoked via ->program() in preemptible
context during firmware loading. This is also true for the
->program_init() and ->program_end() callback.
Use ezusb_req_ctx_wait_compl() in ezusb_program_init(),
ezusb_program_bytes(), ezusb_program_end() which are part of firmware
loading during device probe.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-6-bigeasy@linutronix.de
|
|
ezusb_init() is always invoked in preemptible context during device
probe. Only orinoco_up() -> orinoco_reinit_firmware() may invoke the
function from atomic context but this is never used for the USB
interface.
Use ezusb_req_ctx_wait_compl() for the ezusb_write_ltv() and
ezusb_docmd_wait() invocations from within ezusb_init().
Preserve the generic versions which have still other user via the
callback.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-5-bigeasy@linutronix.de
|
|
ezusb_xmit() sets ->in_rid in its request which means it does not wait
for an answer.
Use the ezusb_req_ctx_wait_skip() to denote that an answer is not
expected.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-4-bigeasy@linutronix.de
|
|
ezusb_access_ltv() sends the prepared request to the USB device.
Requests which have ->in_rid set expect an answer from the USB device
and the function has to wait until the URB with the answer arrives.
The function uses in_interrupt() to determine if it can simply sleep on
the completion and be woken up once the answer arrives or if it needs to
poll on the completion.
The usage of in_interrupt() in drivers is phased out and Linus clearly
requested that code which changes behaviour depending on context should
either be separated or the context be conveyed in an argument passed by the
caller, which usually knows the context.
Aside of that in_interrupt() is not correct as it does not catch preempt
disabled regions in which sleeping is also not allowed.
Provide stubs which can be used as a replacement. The current default is
the current behaviour which sleeps/polls depending on in_interrupt().
The goal is to audit all callers and use either the poll or sleep
version.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-3-bigeasy@linutronix.de
|
|
ezusb_xmit() allocates a context which is leaked if
orinoco_process_xmit_skb() returns an error.
Move ezusb_alloc_ctx() after the invocation of
orinoco_process_xmit_skb() because the context is not needed so early.
ezusb_access_ltv() will cleanup the context in case of an error.
Fixes: bac6fafd4d6a0 ("orinoco: refactor xmit path")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201113212252.2243570-2-bigeasy@linutronix.de
|
|
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: 3b1e0a7bdfee ("brcmfmac: add support for SAE authentication offload")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Reviewed-by: Chi-hsien Lin <chi-hsien.lin@infineon.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605248896-16812-1-git-send-email-zhangchangzhong@huawei.com
|
|
a set of atomic_inc() looks more readable
Signed-off-by: Yejune Deng <yejune.deng@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1604991491-27908-1-git-send-email-yejune.deng@gmail.com
|
|
It's much easier to spot what went wrong when you print out the
unhandled key type.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112181432.2958021-1-briannorris@chromium.org
|
|
Fix sometimes FW information will be parsed as wrong value,
do a correction of sign bit to show the correct information.
(Ex, Value should be 20, but it shows 236.)
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-12-pkshih@realtek.com
|
|
Remove extend 5 ms related operation at WLAN media status notify.
The mechanism should be enable only while DUT connect to a AP that it
doesn't follow our power save control or its rate is decreasing unusually
sensitive. So we extend a extra slot to save the transmission rate.
The original logic will always extend WLAN slot.
It will lead to BT slot always decrease 5 ms.
Remove write scoreboard action at WLAN media status notify.
It has already done in WLAN info notify.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-11-pkshih@realtek.com
|
|
Remove some action which were writing scan bit to scoreboard,
since these behaviors are redundant.
It is already done in WLAN info notify.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-10-pkshih@realtek.com
|
|
Force set the coexistence to BT high priority during
WLAN initial/power-on step. Since the duration the related setting
may be not ready yet.
The score board is not related to scan when initialing, remove the scan
parameter.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-9-pkshih@realtek.com
|
|
While the mechanism goes to 2G_free_run or WL5G_BT2G,
set BT to hardware PTA mode to get a more efficiently performance.
Add a flag to indicate antenna switch is supported or not so
that the IC serials which has different antenna structure can
set antenna correctly.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-8-pkshih@realtek.com
|
|
The updated parameter and original parameter all means TDMA-OFF.
The original setting write 0x8 to firmware, but it only works for
some old IC series.
To avoid the confusing, update a proper parameter.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-7-pkshih@realtek.com
|
|
Add the related coexistence mechanism about RF4CE and WLAN connected
flag to decide control packet is whether higher or normal priority.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-6-pkshih@realtek.com
|
|
Because sometimes hardware action may be unpredictable.
(Ex: after WLAN LPS...etc)
Add a check mechanism if the action is triggered by
some concerned case, it can force to write the table again.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-5-pkshih@realtek.com
|
|
When WLAN in critical procedure, such as connecting, scan and so on,
coexistence will notify BT by scoreboard.
While BT firmware received the scoreboard interrupt, it will adjust
BT page priority lower to avoid WLAN critical procedure suffering impact.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-4-pkshih@realtek.com
|
|
Because the WLAN RSSI report feature had been implemented at WLAN link info
update function, it is redundant to update WLAN RSSI while BT is updating
link info, so remove the update WLAN RSSI part.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-3-pkshih@realtek.com
|
|
Add considering for different WLAN beacon interval in coexistence
mechanism.
Because the WLAN beacon period may be not 100 ms, so it's necessary
to consider any beacon period and set timer according to the interval.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201112031430.4846-2-pkshih@realtek.com
|
|
In order to help debugging in field, we add some log messages.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201109090123.9254-2-pkshih@realtek.com
|
|
CCK PD can reduce the number of false alarm of the CCK rates.
It dynamically adjusts the power threshold and CS ratio.
The values are compared to the values of the previous level, if
the level is changed, set new values of power threshold and CS
ratio.
Implement rtw_chip_ops::cck_pd_set() for 8723d.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201109090123.9254-1-pkshih@realtek.com
|
|
Set the rx_filter in ath11k_mac_config_mon_status_default(),
only when the rx_filter value exists in ath11k_debug_rx_filter().
Without this change, rx_filter gets set to 0 and peer rssi stats
aren't updating properly from firmware.
Tested-on: IPQ8074 WLAN.HK.2.1.0.1-01230-QCAHKSWPL_SILICONZ-4
Fixes: ec48d28ba291 ("ath11k: Fix rx_filter flags setting for per peer rx_stats")
Signed-off-by: Maharaja Kennadyrajan <mkenna@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605091117-11005-1-git-send-email-mkenna@codeaurora.org
|
|
This target IRAM recovery feature support is to copy target
IRAM contents available at ATH10K_MEM_REGION_TYPE_REG to host
memory for back up after firmware loaded. Target IRAM contents
are copied to wmi memory chunks allocated for the
WMI_IRAM_RECOVERY_HOST_MEM_REQ_ID and provide the wmi chunks
address to the firmware through wmi init command.
If firmware detects andy IRAM corruption through periodic
checksum validation, It will download the IRAM contents back
from the provided wmi memory chunks address using hif_memcpy.
This IRAM recovery feature prevent target assert in case of
unexpected target IRAM corruptions.
This patch also introduce a new feature flag 'iram-recovery' for
backward compatibility.
Tested-on: QCA9888 10.4-3.9.0.2-00094
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1604657442-23674-1-git-send-email-vnaralas@codeaurora.org
|
|
STS Beamformee capability sent from firmware is overwritten as
num_tx_chains - 1.
When num_tx_chains is 2, then STS is set to invalid value 1.
Since STS is not limited by number of TX chain, not overwriting the
capability received from firmware.
Tested on: IPQ6018 WLAN.HK.2.4.0.1-00303-QCAHKSWPL_SILICONZ-1
Signed-off-by: Ramya Gnanasekar <rgnanase@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1604933229-15815-1-git-send-email-rgnanase@codeaurora.org
|
|
Current ring selector logic follows round-robin scheduling,
when a process switch from one processor to another each time,
the data in the cache would have to be invalidated
and re-loaded from RAM leads to poor cache utilization.
Therefore smp_processor_id() attempt to keep processes
on the same processor via processor affinity which improves
cache utilization. Also, ring selection could be chosen round
robin when the processor_id based ring selection does not
have the resources.
Tested-on : IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-00874-QCAHKSWPL_SILICONZ-1
Signed-off-by: P Praneesh <ppranees@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1604914915-12831-1-git-send-email-ppranees@codeaurora.org
|
|
Reset MHI device channels when driver remove is called due to
module unload or any crash scenario. This will make sure that
MHI channels no longer remain enabled for transfers since the
MHI stack does not take care of this anymore after the auto-start
channels feature was removed.
Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
|
