Nagarajan Maran [Fri, 14 Oct 2022 15:50:54 +0000 (21:20 +0530)]
wifi: ath11k: fix monitor vdev creation with firmware recovery
During firmware recovery, the monitor interface is not
getting created in the driver and firmware since
the respective flags are not updated properly.
So after firmware recovery is successful, when monitor
interface is brought down manually, firmware assertion
is observed, since we are trying to bring down the
interface which is not yet created in the firmware.
Fix this by updating the monitor flags properly per
phy#, during firmware recovery.
Youghandhar Chintala [Thu, 13 Oct 2022 06:34:59 +0000 (09:34 +0300)]
wifi: ath10k: Delay the unmapping of the buffer
On WCN3990, we are seeing a rare scenario where copy engine hardware is
sending a copy complete interrupt to the host driver while still
processing the buffer that the driver has sent, this is leading into an
SMMU fault triggering kernel panic. This is happening on copy engine
channel 3 (CE3) where the driver normally enqueues WMI commands to the
firmware. Upon receiving a copy complete interrupt, host driver will
immediately unmap and frees the buffer presuming that hardware has
processed the buffer. In the issue case, upon receiving copy complete
interrupt, host driver will unmap and free the buffer but since hardware
is still accessing the buffer (which in this case got unmapped in
parallel), SMMU hardware will trigger an SMMU fault resulting in a
kernel panic.
In order to avoid this, as a work around, add a delay before unmapping
the copy engine source DMA buffer. This is conditionally done for
WCN3990 and only for the CE3 channel where issue is seen.
Peter Kosyh [Mon, 3 Oct 2022 09:12:17 +0000 (12:12 +0300)]
wifi: ath10k: Check return value of ath10k_get_arvif() in ath10k_wmi_event_tdls_peer()
Return value of a function ath10k_get_arvif() is dereferenced without
checking for null in ath10k_wmi_event_tdls_peer(), but it is usually checked
for this function.
Make ath10k_wmi_event_tdls_peer() do check retval of ath10k_get_arvif().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
wifi: ath11k: Fix firmware crash on vdev delete race condition
Current code does not wait for vdev delete completion on vdev create
failures and tries to send another vdev create followed by vdev set
param to firmware with same vdev id. This causes firmware crash.
Fix this crash by waiting for vdev delete completion on vdev
create failures.
Manikanta Pubbisetty [Fri, 7 Oct 2022 05:11:30 +0000 (10:41 +0530)]
wifi: ath11k: add support to configure channel dwell time
Add support to configure channel dwell time during scan.
Dwell time help to stay on the channel for a specified duration
during scan and aid userspace in finding WiFi networks. Very
useful in passive scans where longer dwell times are needed
to find the WiFi networks.
Configure channel dwell time from duration of the scan request
received from mac80211 when the duration is non-zero. When the
scan request does not have duration value, use the default ones,
the current implementation.
Advertise corresponding feature flag NL80211_EXT_FEATURE_SET_SCAN_DWELL
to enable the feature.
Karthikeyan Periyasamy [Thu, 6 Oct 2022 00:58:42 +0000 (06:28 +0530)]
wifi: ath11k: suppress add interface error
In the VIF (other than monitor type) creation request, we should not
throw the error code when the monitor VIF creation fails, since the
actual VIF creation succeeds. If we throw the error code from driver
then the actual VIF creation get fail. So suppress the monitor VIF
creation error by throwing warning message instead of error code.
wifi: ath11k: fix firmware assert during bandwidth change for peer sta
Currently, ath11k sends peer assoc command for each peer to
firmware when bandwidth changes. Peer assoc command is a
bulky command and if many clients are connected, this could
lead to firmware buffer getting overflowed leading to a firmware
assert.
However, during bandwidth change, only phymode and bandwidth
also can be updated by WMI set peer param command. This makes
the overall command light when compared to peer assoc and for
multi-client cases, firmware buffer overflow also does not
occur.
Remove sending peer assoc command during sta bandwidth change
and instead add sending WMI set peer param command for phymode
and bandwidth.
If ar5523_cmd() timed out, then ar5523_host_available() failed and
ar5523_probe() freed the device structure. So, ar5523_cmd_tx_cb()
might touch the freed structure.
This patch fixes this issue by canceling in-flight tx cmd if submitted
urb timed out.
Kees Cook [Thu, 6 Oct 2022 19:20:51 +0000 (12:20 -0700)]
wifi: carl9170: Remove -Warray-bounds exception
GCC-12 emits false positive -Warray-bounds warnings with
CONFIG_UBSAN_SHIFT (-fsanitize=shift). This is fixed in GCC 13[1],
and there is top-level Makefile logic to remove -Warray-bounds for
known-bad GCC versions staring with commit f0be87c42cbd ("gcc-12: disable
'-Warray-bounds' universally for now").
Fedor Pchelkin [Sat, 8 Oct 2022 21:15:32 +0000 (00:15 +0300)]
wifi: ath9k: verify the expected usb_endpoints are present
The bug arises when a USB device claims to be an ATH9K but doesn't
have the expected endpoints. (In this case there was an interrupt
endpoint where the driver expected a bulk endpoint.) The kernel
needs to be able to handle such devices without getting an internal error.
Fedor Pchelkin [Sat, 8 Oct 2022 11:49:17 +0000 (14:49 +0300)]
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
It is possible that skb is freed in ath9k_htc_rx_msg(), then
usb_submit_urb() fails and we try to free skb again. It causes
use-after-free bug. Moreover, if alloc_skb() fails, urb->context becomes
NULL but rx_buf is not freed and there can be a memory leak.
The patch removes unnecessary nskb and makes skb processing more clear: it
is supposed that ath9k_htc_rx_msg() either frees old skb or passes its
managing to another callback function.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 3deff76095c4 ("ath9k_htc: Increase URB count for REG_IN pipe") Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Acked-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20221008114917.21404-1-pchelkin@ispras.ru
Kees Cook [Thu, 6 Oct 2022 19:20:54 +0000 (12:20 -0700)]
wifi: ath9k: Remove -Warray-bounds exception
GCC-12 emits false positive -Warray-bounds warnings with
CONFIG_UBSAN_SHIFT (-fsanitize=shift). This is fixed in GCC 13[1],
and there is top-level Makefile logic to remove -Warray-bounds for
known-bad GCC versions staring with commit f0be87c42cbd ("gcc-12: disable
'-Warray-bounds' universally for now").
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
Syzkaller reports a long-known leak of urbs in
ath9k_hif_usb_dealloc_tx_urbs().
The cause of the leak is that usb_get_urb() is called but usb_free_urb()
(or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or
urb->ep fields have not been initialized and usb_kill_urb() returns
immediately.
The patch removes trying to kill urbs located in hif_dev->tx.tx_buf
because hif_dev->tx.tx_buf is not supposed to contain urbs which are in
pending state (the pending urbs are stored in hif_dev->tx.tx_pending).
The tx.tx_lock is acquired so there should not be any changes in the list.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 03fb92a432ea ("ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()") Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Acked-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220725151359.283704-1-pchelkin@ispras.ru
Colin Ian King [Wed, 5 Oct 2022 15:55:58 +0000 (16:55 +0100)]
wifi: ath9k: Make arrays prof_prio and channelmap static const
Don't populate the read-only arrays prof_prio and channelmap
on the stack but instead make them static const. Also makes the
object code a little smaller.
2. Thread A starts to run and calls rtnl_lock() from within
ath11k_regd_update_work(), then enters wait state because the lock is owned by
thread B.
3. Thread B continues to run and tries to call
cancel_work_sync(&ar->regd_update_work), but thread A is in
ath11k_regd_update_work() waiting for rtnl_lock(). So cancel_work_sync()
forever waits for ath11k_regd_update_work() to finish and we have a deadlock.
Fix this by switching from using regulatory_set_wiphy_regd_sync() to
regulatory_set_wiphy_regd(). Now cfg80211 will schedule another workqueue which
handles the locking on it's own. So the ath11k workqueue can simply exit without
taking any locks, avoiding the deadlock.
Wen Gong [Wed, 28 Sep 2022 07:38:32 +0000 (03:38 -0400)]
wifi: ath11k: fix warning in dma_free_coherent() of memory chunks while recovery
Commit 26f3a021b37c ("ath11k: allocate smaller chunks of memory for
firmware") and commit f6f92968e1e5 ("ath11k: qmi: try to allocate a
big block of DMA memory first") change ath11k to allocate the memory
chunks for target twice while wlan load. It fails for the 1st time
because of large memory and then changed to allocate many small chunks
for the 2nd time sometimes as below log.
1st time failed:
[10411.640620] ath11k_pci 0000:05:00.0: qmi firmware request memory request
[10411.640625] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 6881280
[10411.640630] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 3784704
[10411.640658] ath11k_pci 0000:05:00.0: qmi dma allocation failed (6881280 B type 1), will try later with small size
[10411.640671] ath11k_pci 0000:05:00.0: qmi delays mem_request 2
[10411.640677] ath11k_pci 0000:05:00.0: qmi respond memory request delayed 1
2nd time success:
[10411.642004] ath11k_pci 0000:05:00.0: qmi firmware request memory request
[10411.642008] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642012] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642014] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642016] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642018] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642020] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642022] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642024] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642027] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642029] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
[10411.642031] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 458752
[10411.642033] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 131072
[10411.642035] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
[10411.642037] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
[10411.642039] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
[10411.642041] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
[10411.642043] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
[10411.642045] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
[10411.642047] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 491520
[10411.642049] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
And then commit 5962f370ce41 ("ath11k: Reuse the available memory after
firmware reload") skip the ath11k_qmi_free_resource() which frees the
memory chunks while recovery, after that, when run recovery test on
WCN6855, a warning happened every time as below and finally leads fail
for recovery.
The reason is because when wlan start to recovery, the type, size and
count is not same for the 1st and 2nd QMI_WLFW_REQUEST_MEM_IND message,
Then it leads the parameter size is not correct for the dma_free_coherent().
For the chunk[1], the actual dma size is 524288 which allocate in the
2nd time of the initial wlan load phase, and the size which pass to
dma_free_coherent() is 3784704 which is got in the 1st time of recovery
phase, then warning above happened.
Change to use prev_size of struct target_mem_chunk for the paramter of
dma_free_coherent() since prev_size is the real size of last load/recovery.
Also change to check both type and size of struct target_mem_chunk to
reuse the memory to avoid mismatch buffer size for target. Then the
warning disappear and recovery success. When the 1st QMI_WLFW_REQUEST_MEM_IND
for recovery arrived, the trunk[0] is freed in ath11k_qmi_alloc_target_mem_chunk()
and then dma_alloc_coherent() failed caused by large size, and then
trunk[1] is freed in ath11k_qmi_free_target_mem_chunk(), the left 18
trunks will be reuse for the 2nd QMI_WLFW_REQUEST_MEM_IND message.
Currently, ath11k_pcic_read() returns an error if wakeup()
fails, this makes firmware crash debug quite hard because we can
get nothing.
Change to go ahead on wakeup failure, in that case we still may
get something valid to check. There should be no mislead due
to incorrect content because we are aware of the failure with the
log printed.
Gustavo A. R. Silva [Mon, 26 Sep 2022 21:44:57 +0000 (16:44 -0500)]
carl9170: Replace zero-length array with DECLARE_FLEX_ARRAY() helper
Zero-length arrays are deprecated and we are moving towards adopting
C99 flexible-array members, instead. So, replace zero-length arrays
declarations in anonymous union with the new DECLARE_FLEX_ARRAY()
helper macro.
This helper allows for flexible-array members in unions.
Gustavo A. R. Silva [Tue, 27 Sep 2022 06:18:55 +0000 (09:18 +0300)]
wifi: ath10k: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper
Zero-length arrays are deprecated and we are moving towards adopting
C99 flexible-array members, instead. So, replace zero-length arrays
declarations in anonymous union with the new DECLARE_FLEX_ARRAY()
helper macro.
This helper allows for flexible-array members in unions.
wifi: ath11k: stop tx queues immediately upon firmware exit
Currently, recovery flag is set immediately upon firmware
exit but tx queues are stopped once firmware arrives back
and is ready which is during ath11k_core_restart. Once
ieee80211 hw restart is completed, tx queues are resumed.
If during the time delta between firmware exit and firmware
ready, mac80211 send packets, currently ath11k will drop it
since recovery flag will be set. But warning prints will
come -
"ath11k c000000.wifi: failed to transmit frame -108"
If more tx packets are there, this could lead to flooding
of above print.
However, actually tx queues should be stopped immediately
when firmware leaves. This will prevent packets to get
dropped when firmware is recovering.
Add fix to stop tx queues immediately after firmware exit.
When STA roams from one AP to another, after roam is complete, host
driver tries to get TIM information from firmware. This is no longer
supported in the firmware & hence, this call will always fail.
This failure results in the below message being displayed on the
console all the time when roam is done.
Changes ensure that the host driver will no longer try to get TIM
information from firmware.
Signed-off-by: Ramesh Rangavittal <ramesh.rangavittal@infineon.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220922104140.11889-5-ian.lin@infineon.com
Lo(Double)Hsiang Lo [Thu, 22 Sep 2022 10:41:39 +0000 (05:41 -0500)]
brcmfmac: increase dcmd maximum buffer size
Increase dcmd maximum buffer size to match firmware
configuration for new chips.
Signed-off-by: Lo(Double)Hsiang Lo <double.lo@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220922104140.11889-4-ian.lin@infineon.com
Alexander Prutskov [Thu, 22 Sep 2022 10:41:38 +0000 (05:41 -0500)]
brcmfmac: Support 89459 pcie
Adds support of 89459 chip pcie device and save restore support.
Signed-off-by: Alexander Prutskov <alep@cypress.com> Signed-off-by: Joseph chuang <jiac@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220922104140.11889-3-ian.lin@infineon.com
brcmfmac: increase default max WOWL patterns to 16
4373 has support of 16 WOWL patterns thus increasing the default value
Signed-off-by: Ryohei Kondo <ryohei.kondo@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220922104140.11889-2-ian.lin@infineon.com
cw1200: fix incorrect check to determine if no element is found in list
The bug is here: "} else if (item) {".
The list iterator value will *always* be set and non-NULL by
list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element is found in list.
Use a new value 'iter' as the list iterator, while use the old value
'item' as a dedicated pointer to point to the found element, which
1. can fix this bug, due to now 'item' is NULL only if it's not found.
2. do not need to change all the uses of 'item' after the loop.
3. can also limit the scope of the list iterator 'iter' *only inside*
the traversal loop by simply declaring 'iter' inside the loop in the
future, as usage of the iterator outside of the list_for_each_entry
is considered harmful. https://lkml.org/lkml/2022/2/17/1032
From the first stack, ath11k_mac_drain_tx calls
cancel_work_sync(&ar->wmi_mgmt_tx_work) and waits all packets to be sent
out or dropped. However, we find from Stack2 that this work item is blocked
because ar->conf_mutex is already held by ath11k_wow_op_suspend.
Fix this issue by moving ath11k_mac_wait_tx_complete to the start of
ath11k_wow_op_suspend where ar->conf_mutex has not been acquired. And
this change also makes the logic in ath11k_wow_op_suspend match the
logic in ath11k_mac_op_start and ath11k_mac_op_stop.
wifi: ath11k: Add spectral scan support for 160 MHz
There are two types of 160 MHz spectral scan support mentioned below
1. Fragmented approach
2. Single event approach
In this fragmented approach, single 160 MHz will be split as two
80 MHz buffer. First fft sample buffer will contain spectral scan
result of primary 80 MHz and the second fft sample buffer will contain
secondary 80 MHz and here cfreq1 and cfreq2 will be mentioned.
In case of 160 MHz on 36th channel will contain cfreq1 as 5210 and
cfreq2 as 5290. Chipsets which support this approach are IPQ8074/IPQ6018.
Replacing freq1 with freq2 in every secondary sepctral scan event to
distinguish between two different 80 MHz spectral event data.
In the 2nd approach each fft sample buffer will contain spectral scan
result for whole 160 MHz by mentioning cfreq1 as 5250 which is center
frequency of whole 160 MHz. Chipset which support this approach is QCN9074.
Host will receive spectral event from target for every 5 fft samples.
wifi: ath11k: fix peer addition/deletion error on sta band migration
This patch try to fix the following error.
Wed Jun 1 22:19:30 2022 kern.warn kernel: [ 119.561227] ath11k c000000.wifi: peer already added vdev id 0 req, vdev id 1 present
Wed Jun 1 22:19:30 2022 kern.warn kernel: [ 119.561282] ath11k c000000.wifi: Failed to add peer: 28:c2:1f:xx:xx:xx for VDEV: 0
Wed Jun 1 22:19:30 2022 kern.warn kernel: [ 119.568053] ath11k c000000.wifi: Failed to add station: 28:c2:1f:xx:xx:xx for VDEV: 0
Wed Jun 1 22:19:31 2022 daemon.notice hostapd: wlan2: STA 28:c2:1f:xx:xx:xx IEEE 802.11: Could not add STA to kernel driver
Wed Jun 1 22:19:31 2022 daemon.notice hostapd: wlan2: STA 28:c2:1f:xx:xx:xx IEEE 802.11: did not acknowledge authentication response
Wed Jun 1 22:19:31 2022 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED 28:c2:1f:xx:xx:xx
Wed Jun 1 22:19:31 2022 daemon.info hostapd: wlan1: STA 28:c2:1f:xx:xx:xx IEEE 802.11: disassociated due to inactivity
Wed Jun 1 22:19:32 2022 daemon.info hostapd: wlan1: STA 28:c2:1f:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
To repro this:
- Have 2 Wifi with the same bssid and pass on different band (2.4 and
5GHz)
- Enable 802.11r Fast Transaction with same mobility domain
- FT Protocol: FT over the Air
From a openwrt system issue the command (with the correct mac)
ubus call hostapd.wlan1 wnm_disassoc_imminent '{"addr":"28:C2:1F:xx:xx:xx"}'
Notice the log printing the errors.
The cause of this error has been investigated and we found that this is
related to the WiFi Fast Transaction feature. We observed that this is
triggered when the router tells the device to change band. In this case
the device first auth to the other band and then the disconnect path
from the prev band is triggered.
This is problematic with the current rhash implementation since the
addrs is used as key and the logic of "adding first, delete later"
conflicts with the rhash logic.
In fact peer addition will fail since the peer is already added and with
that fixed a peer deletion will cause unitended effect by removing the
peer just added.
Current solution to this is to add additional logic to the peer delete,
make sure we are deleting the correct peer taken from the rhash
table (and fallback to the peer list) and for the peer add logic delete
the peer entry for the rhash list before adding the new one (counting as
an error only when a peer with the same vlan_id is asked to be added).
With this change, a sta can correctly transition from 2.4GHz and 5GHZ
with no drop and no error are printed.
wifi: rtw89: disable 26-tone RU HE TB PPDU transmissions
Align with the spec of 802.11ax, follow the conditions for not responding
with an HE TB PPDU. When there are OBSS that cannot interpret 26-tone RU
transmissions, we should disable such transmissions.
Dian-Syuan Yang [Thu, 22 Sep 2022 01:04:35 +0000 (09:04 +0800)]
wifi: rtw89: support for processing P2P power saving
Support P2P client to process Notice of Absence (NoA) mechanism when it
connects with P2P GO applying an NoA schedule. We define some action
types including init, update, remove and terminate in h2c function to
enable/disable NoA schedule.
Consider vif->p2p to set wifi_role to let firmware know current vif is
running as GC or GO. And, allow GC to enter PS mode, but disallow to enter
deep PS for now.
Dian-Syuan Yang [Thu, 22 Sep 2022 01:04:32 +0000 (09:04 +0800)]
wifi: rtw89: send OFDM rate only in P2P mode
Check IEEE80211_TX_CTL_NO_CCK_RATE flag to avoid sending frames with
CCK rates in 2GHz band.
In TX flow, add IEEE80211_TX_CTL_NO_CCK_RATE flag to check and get its
lowest rate without CCK rates if the TX type is mgmt frames or data frames.
Besides, the decision of phy rate and retry rate in P2P mode are also
be handled.
In P2P GO mode, it should send beacon of no CCK rates in its frame rate.
Therefore, We add a condition to decide which rate is added to beacon
content.
Moreover, we avoid setting a mask of rates to be used for rate control
selection before and after connection in P2P mode.
To support P2P in driver, we set P2P interface mode to the wiphy
allocated for 802.11 PHY and add a change interface function to
switch the interface type to P2P.
Signed-off-by: Po Hao Huang <phhuang@realtek.com> Signed-off-by: Dian-Syuan Yang <dian_syuan0116@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220922010435.12167-2-pkshih@realtek.com
Daniel Golle [Sat, 17 Sep 2022 20:29:55 +0000 (21:29 +0100)]
wifi: rt2x00: set SoC wmac clock register
Instead of using the default value 33 (pci), set US_CYC_CNT init based
on Programming guide:
If available, set chipset bus clock with fallback to cpu clock/3.
Daniel Golle [Sat, 17 Sep 2022 20:27:10 +0000 (21:27 +0100)]
wifi: rt2x00: move up and reuse busy wait functions
Move bbp_ready and rf_ready busy wait functions up in the code so they
can more easily be used. Allow specifying register mask in rf_ready
function which is useful for calibration routines which will be added
in follow-up commits.
David Bauer [Sat, 17 Sep 2022 20:26:40 +0000 (21:26 +0100)]
wifi: rt2x00: add throughput LED trigger
This adds a (currently missing) throughput LED trigger for the rt2x00
driver. Previously, LED triggers had to be assigned to the netdev, which
was limited to a single VAP.
wifi: ath11k: fix number of VHT beamformee spatial streams
The number of spatial streams used when acting as a beamformee in VHT
mode are reported by the firmware as 7 (8 sts - 1) both in IPQ6018 and
IPQ8074 which respectively have 2 and 4 sts each. So the firmware should
report 1 (2 - 1) and 3 (4 - 1).
Fix this by checking that the number of VHT beamformee sts reported by
the firmware is not greater than the number of receiving antennas - 1.
The fix is based on the same approach used in this same function for
sanitizing the number of sounding dimensions reported by the firmware.
Without this change, acting as a beamformee in VHT mode is not working
properly.
Jun Yu [Tue, 20 Sep 2022 00:31:17 +0000 (00:31 +0000)]
wifi: ath11k: retrieve MAC address from system firmware if provided
Devices may provide their own MAC address via system firmware (e.g.,
device tree), especially in the case where the device doesn't have a
useful EEPROM on which to store its MAC address (e.g., for integrated
ahb WCN6750).
Use the generic device helper to retrieve the MAC address, and (if
present) honor it above the MAC address advertised by the card.
Driver does not support get_txpower mac ops because of which
cfg80211 returns vif->bss_conf.txpower to user space. bss_conf.txpower
gets its value from ieee80211_channel->max_reg_power. However, the final
txpower is dependent on few other parameters apart from max regulatory
supported power. It is the firmware which knows about all these
parameters and considers the minimum for each packet transmission.
All ath11k firmware reports the final tx power in firmware pdev stats
which falls under fw_stats.
Add get_txpower mac ops to get the tx power from firmware leveraging
fw_stats and return it accordingly.
Currently, firmware stats, comprising pdev, vdev and beacon stats are
part of debugfs. In firmware pdev stats, firmware reports the final
Tx power used to transmit each packet. If driver wants to know the
final Tx power being used at firmware level, it can leverage from
firmware pdev stats.
Move firmware stats out of debugfs context in order to leverage
the final Tx power reported in it even when debugfs is disabled.
Wen Gong [Tue, 20 Sep 2022 15:23:54 +0000 (18:23 +0300)]
wifi: ath10k: reset pointer after memory free to avoid potential use-after-free
When running suspend test, kernel crash happened in ath10k, and it is
fixed by commit b72a4aff947b ("ath10k: skip ath10k_halt during suspend
for driver state RESTARTING").
Currently the crash is fixed, but as a common code style, it is better
to set the pointer to NULL after memory is free.
This is to address the code style and it will avoid potential bug of
use-after-free.
Wen Gong [Tue, 20 Sep 2022 15:23:41 +0000 (18:23 +0300)]
wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected
It has a fail log which is ath11k_dbg in ath11k_dp_rx_process_mon_status(),
as below, it will not print when debug_mask is not set ATH11K_DBG_DATA.
ath11k_dbg(ab, ATH11K_DBG_DATA,
"failed to find the peer with peer_id %d\n",
ppdu_info.peer_id);
When run scan with station disconnected, the peer_id is 0 for case
HAL_RX_MPDU_START in ath11k_hal_rx_parse_mon_status_tlv() which called
from ath11k_dp_rx_process_mon_status(), and the peer_id of ppdu_info is
reset to 0 in the while loop, so it does not match condition of the
check "if (ppdu_info->peer_id == HAL_INVALID_PEERID" in the loop, and
then the log "failed to find the peer with peer_id 0" print after the
check in the loop, it is below call stack when debug_mask is set
ATH11K_DBG_DATA.
The reason is this commit 01d2f285e3e5 ("ath11k: decode HE status tlv")
add "memset(ppdu_info, 0, sizeof(struct hal_rx_mon_ppdu_info))" in
ath11k_dp_rx_process_mon_status(), but the commit does not initialize
the peer_id to HAL_INVALID_PEERID, then lead the check mis-match.
Reset the default value to HAL_INVALID_PEERID each time after memset
of ppdu_info as well as others memset which existed in function
ath11k_dp_rx_process_mon_status(), then the failed log disappeared.
Wen Gong [Mon, 19 Sep 2022 13:06:03 +0000 (16:06 +0300)]
wifi: ath11k: change complete() to complete_all() for scan.completed
Currently commit 1f682dc9fb37 ("ath11k: reduce the wait time of 11d scan
and hw scan while add interface") introduced a wait_for_completion_timeout
operation for ar->scan.completed, another one is existed in ath11k_scan_stop(),
then ath11k has two places to wait for the ar->scan.completed and they
run in different thread, thus it is possible to happend that the two
thread both enter wait status. To handle this scenario, ath11k should
change the complete() to complete_all() for the ar->scan.completed. This
also work well when it is only one thread wait for ar->scan.completed.
Ching-Te Ku [Tue, 20 Sep 2022 01:09:38 +0000 (09:09 +0800)]
wifi: rtw89: coex: add logic to control BT scan priority
Add control logic to operate Wi-Fi to BT scoreboard to control BT scan
priority. And patch mechanism parameter to enhance Wi-Fi throughput while
coexisting with BT profile & BT scan. Set PTA priority let Wi-Fi BT can RX
at the same time.
Ching-Te Ku [Tue, 20 Sep 2022 01:09:37 +0000 (09:09 +0800)]
wifi: rtw89: coex: summarize Wi-Fi to BT scoreboard and inform BT one time a cycle
If Wi-Fi driver send Wi-Fi status to BT via scoreboard too frequent in a
short moment, BT will loss some of them because of hardware response time.
To avoid this issue, change the code flow. Summarize the scoreboard changes
and if the value have changed, send the scoreboard to BT only once in
a coexistence processing cycle. It also can help to reduce driver I/O.
To prevent LNA2 change its gain during a Wi-Fi aggregation packet while
GNT_BT pull high. Otherwise, changes of this gain will destroy the whole
aggregation when Wi-Fi RX.
Ching-Te Ku [Tue, 20 Sep 2022 01:09:35 +0000 (09:09 +0800)]
wifi: rtw89: coex: add WL_S0 hardware TX/RX mask to allow WL_S0 TX/RX during GNT_BT
WiFi/BT combo module could only have two antenna, namely WL_S0 and WL_S1.
WiFi can use two antenna to TX/RX 2SS data, and BT can share one of the
antenna. This patch is to allow WiFi to TX/RX 1SS data like ACK/RTS/CTS to
improve Wi-Fi performance while coexisting with Bluetooth.
This report is to record firmware call flow like notify events, and take
actions. This can help to address if firmware flow is in expectation.
Implement v1 parser to support 8852CE firmware report.
Ching-Te Ku [Tue, 20 Sep 2022 01:09:33 +0000 (09:09 +0800)]
wifi: rtw89: coex: add v1 summary info to parse the traffic status from firmware
This debug entry is to summarize important messages to quickly address
problem types, such as firmware hang, C2H/H2C stuck, or too much
occupation of BT A2DP. If unexpected something is addressed, we can dig
the problem via other debug messages that provide more detail information.
Ching-Te Ku [Tue, 20 Sep 2022 01:09:31 +0000 (09:09 +0800)]
wifi: rtw89: coex: add v1 cycle report to parsing Bluetooth A2DP status
'cysta' is short for statistics for cycles. That is a circular buffer to
record snapshot status including beacon count, RX count, TX count etc.
Since 8852CE Wi-Fi firmware report this statistics in different format,
add v1 parser by this patch.
Duoming Zhou [Tue, 23 Aug 2022 11:21:27 +0000 (19:21 +0800)]
mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
There are sleep in atomic context bugs when uploading device dump
data in mwifiex. The root cause is that dev_coredumpv could not
be used in atomic contexts, because it calls dev_set_name which
include operations that may sleep. The call tree shows execution
paths that could lead to bugs:
This patch uses delayed work to replace timer and moves the operations
that may sleep into a delayed work in order to mitigate bugs, it was
tested on Marvell 88W8801 chip whose port is usb and the firmware is
usb8801_uapsta.bin. The following is the result after using delayed
work to replace timer.
[ 134.936453] usb 1-1: == mwifiex dump information to /sys/class/devcoredump start
[ 135.043344] usb 1-1: == mwifiex dump information to /sys/class/devcoredump end
Unlike other chips where WoW exit happens after sending WoW wakeup
WMI command, exit from WoW suspend in the case of WCN6750 happens
upon sending a WoW exit SMP2P (Shared memory point to point) message
to the firmware.
wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default
In current code STA_KEEPALIVE_ARP_RESPONSE TLV header is included only
when ARP method is used, this causes firmware always to crash when wowlan
is enabled because firmware needs it to be present no matter ARP method
is used or not.
Fix this issue by including STA_KEEPALIVE_ARP_RESPONSE TLV header by
default.
Also fix below typo:
s/WMI_TAG_STA_KEEPALVE_ARP_RESPONSE/WMI_TAG_STA_KEEPALIVE_ARP_RESPONSE/
wifi: wcn36xx: Add RX frame SNR as a source of system entropy
The signal-to-noise-ratio SNR is returned by the wcn36xx firmware for each
received frame. SNR represents all of the unwanted interference signal
after filtering out the fundamental frequency and harmonics of the
frequency.
Noise can come from various electromagnetic sources, from temperature
affecting the performance hardware components or quantization effects
converting from analog to digital domains.
The SNR value returned by the WiFi firmware then is a good source of
entropy.
Other WiFi drivers offer up the noise component of the FFT as an entropy
source for the random pool e.g.
commit 2aa56cca3571 ("ath9k: Mix the received FFT bins to the random pool")
I attended Jason's talk on sources of randomness at Plumbers and it
occurred to me that SNR is a reasonable candidate to add.
Dan Carpenter [Thu, 15 Sep 2022 14:13:34 +0000 (17:13 +0300)]
wifi: rtw89: uninitialized variable on error in rtw89_early_fw_feature_recognize()
If request_partial_firmware_into_buf() fails then "firmware" is not
initialized and the release_firmware(firmware) will crash.
Fixes: deebea35d699 ("wifi: rtw89: early recognize FW feature to decide if chanctx") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/YyMzDtX/3fUBnonC@kili
Hans de Goede [Thu, 8 Sep 2022 17:36:18 +0000 (19:36 +0200)]
wifi: rt2x00: Fix "Error - Attempt to send packet over invalid queue 2"
Even though ieee80211_hw.queues is set to 2, the ralink rt2x00 driver
is seeing tx skbs submitted to it with the queue-id set to 2 / set to
IEEE80211_AC_BE on a rt2500 card when associating with an access-point.
This causes rt2x00queue_get_tx_queue() to return NULL and the following
error to be logged: "ieee80211 phy0: rt2x00mac_tx: Error - Attempt to
send packet over invalid queue 2", after which association with the AP
fails.
This patch works around this by mapping QID_AC_BE and QID_AC_BK
to QID_AC_VI when there are only 2 tx_queues.
wifi: rtw89: 8852c: add multi-port ID to TX descriptor
Update tx descriptor settings so broadcast packets on other ports can be
issued properly when DTIM count is 0. Before this, all broadcast packets
are sent via port 0 and won't be transmitted correctly.
In monitor mode we should be able to received all packets even if it's not
destined to us. But after scan, the configuration was wrongly set, so we
fix it.
NAV upper register is to limit the maximum NAV value to prevent
unexpected NAV, but the old setting is too small to reflect NAV from
AP transmiting big MPDU at once.
Zong-Zhe Yang [Wed, 14 Sep 2022 03:50:34 +0000 (11:50 +0800)]
wifi: rtw89: support SER L1 simulation
SER (system error recovery) can deal with different crash types by
different levels of processes. Previous FW crash simulation triggers
a CPU exception which is one kind of SER L2 type. It can verify SER L2
flow which includes HW/FW restart.
Now, we want to increase crash simulation types. A debug function is added
to trigger control error in purpose for SER L1 simulation/verification.
And, debugfs fw_crash is extended to accept different parameters.
echo 1 > fw_crash:
simulate CPU exception as before
(keep 1 for compatibility with previous)
It will be catched and handled by SER L2.
(this requires HW/FW restart)
echo 2 > fw_crash:
simulate control error
It will be catched and handled by SER L1.
(driver and FW cooperate to recover this)
Besides, in order to apply to the above two cases,
rename RTW89_FLAG_RESTART_TRIGGER to RTW89_FLAG_CRASH_SIMULATING
and adjust where SER flow clears this bit for both L1 and L2.
Zong-Zhe Yang [Wed, 14 Sep 2022 03:50:33 +0000 (11:50 +0800)]
wifi: rtw89: 8852c: support fw crash simulation
With FW >= v0.27.40.0, 8852C FW has feature to handle crash simulation.
Besides, use RTW89_WCPU_BASE_MASK to replace use of RTW89_WCPU_BASE_ADDR
and work for both 8852A and 8852C.
Zong-Zhe Yang [Wed, 14 Sep 2022 03:50:32 +0000 (11:50 +0800)]
wifi: rtw89: introudce functions to drop packets
Introudce a H2C feature to drop packets according to given parameters.
And, we implement instances to drop packets from BE, BK, VI, VO queues
by vif or sta. Then, we refine our callback of ieee80211_ops::flush to
deal with the case of drop=true via this feature.
projects / users / jedix / linux-maple.git / log