aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/marvell/mwifiex (follow)
AgeCommit message (Collapse)AuthorFilesLines
2019-10-09mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ringNavid Emamdoost1-1/+4
In mwifiex_pcie_init_evt_ring, a new skb is allocated which should be released if mwifiex_map_pci_memory() fails. The release for skb and card->evtbd_ring_vbase is added. Fixes: 0732484b47b5 ("mwifiex: separate ring initialization and ring creation routines") Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Acked-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-10-09mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_bufNavid Emamdoost1-1/+3
In mwifiex_pcie_alloc_cmdrsp_buf, a new skb is allocated which should be released if mwifiex_map_pci_memory() fails. The release is added. Fixes: fc3314609047 ("mwifiex: use pci_alloc/free_consistent APIs for PCIe") Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Acked-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-10-01mwifiex: use 'total_ie_len' in mwifiex_update_bss_desc_with_ie()Brian Norris1-8/+6
This is clearer than copy/pasting the magic number '+ 2' around, and it even saves the need for one existing comment. Cc: Takashi Iwai <tiwai@suse.de> Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-09-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netDavid S. Miller2-1/+11
Minor overlapping changes in the btusb and ixgbe drivers. Signed-off-by: David S. Miller <davem@davemloft.net>
2019-09-03mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settingsWen Huang2-1/+11
mwifiex_update_vs_ie(),mwifiex_set_uap_rates() and mwifiex_set_wmm_params() call memcpy() without checking the destination size.Since the source is given from user-space, this may trigger a heap buffer overflow. Fix them by putting the length check before performing memcpy(). This fix addresses CVE-2019-14814,CVE-2019-14815,CVE-2019-14816. Signed-off-by: Wen Huang <huangwenabc@gmail.com> Acked-by: Ganapathi Bhat <gbhat@marvell.comg> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-08-19Merge tag 'wireless-drivers-next-for-davem-2019-08-19' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-nextDavid S. Miller4-10/+5
Kalle Valo says: ==================== wireless-drivers-next patches for 5.4 First set of patches for 5.4. Major changes: brcmfmac * enable 160 MHz channel support rt2x00 * add support for PLANEX GW-USMicroN USB device rtw88 * add Bluetooth coexistance support ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-08-06Revert "mwifiex: fix system hang problem after resume"Brian Norris1-1/+1
This reverts commit 437322ea2a36d112e20aa7282c869bf924b3a836. This above-mentioned "fix" does not actually do anything to prevent a race condition. It simply papers over it so that the issue doesn't appear. If this is a real problem, it should be explained better than the above commit does, and an alternative, non-racy solution should be found. For further reason to revert this: there's no reason we can't try resetting the card when it's *actually* stuck in host-sleep mode. So instead, this is unnecessarily creating scenarios where we can't recover Wifi (and in fact, I'm fielding reports of Chromebooks that can't recover after the aforementioned commit). Note that this was proposed in 2017 and Ack'ed then, but due to my marking as RFC, it never went anywhere: https://patchwork.kernel.org/patch/9657277/ [RFC] Revert "mwifiex: fix system hang problem after resume" Cc: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Acked-by: Amitkumar Karwar <amitkarwar@gmail.com> Tested-by: Matthias Kaehlcke <mka@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-08-06mwifiex: pcie: Use dev_get_drvdataChuhong Yuan1-6/+2
Instead of using to_pci_dev + pci_get_drvdata, use dev_get_drvdata to make code simpler. Signed-off-by: Chuhong Yuan <hslester96@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-08-06mwifiex: make error values consistent in mwifiex_update_bss_desc_with_ie()Pavel Machek1-1/+1
Surrounding code uses -ERRNO as a result, so don't pass plain -1. Signed-off-by: Pavel Machek <pavel@denx.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-07-30mwifiex: fix 802.11n/WPA detectionBrian Norris2-1/+3
Commit 63d7ef36103d ("mwifiex: Don't abort on small, spec-compliant vendor IEs") adjusted the ieee_types_vendor_header struct, which inadvertently messed up the offsets used in mwifiex_is_wpa_oui_present(). Add that offset back in, mirroring mwifiex_is_rsn_oui_present(). As it stands, commit 63d7ef36103d breaks compatibility with WPA (not WPA2) 802.11n networks, since we hit the "info: Disable 11n if AES is not supported by AP" case in mwifiex_is_network_compatible(). Fixes: 63d7ef36103d ("mwifiex: Don't abort on small, spec-compliant vendor IEs") Cc: <stable@vger.kernel.org> Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-07-24mwifiex: use eth_broadcast_addr() to assign broadcast addressMao Wenan1-2/+1
This patch is to use eth_broadcast_addr() to assign broadcast address insetad of memcpy(). Signed-off-by: Mao Wenan <maowenan@huawei.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-07-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller4-13/+23
Two cases of overlapping changes, nothing fancy. Signed-off-by: David S. Miller <davem@davemloft.net>
2019-06-27mwifiex: don't disable hardirqs; just softirqsBrian Norris18-378/+256
main_proc_lock and int_lock (in mwifiex_adapter) are the only spinlocks used in hardirq contexts. The rest are only in task or softirq contexts. Convert every other lock from *_irq{save,restore}() variants to _bh() variants. This is a mechanical transformation of all spinlock usage in mwifiex using the following: Step 1: I ran this nasty sed script: sed -i -E '/spin_lock_irqsave|spin_unlock_irqrestore/ { /main_proc_lock|int_lock/! { s:(spin_(un|)lock)_irq(save|restore):\1_bh: ; # Join broken lines. :a /;$/! { N; s/\s*\n\s*//; ba } /,.*\);$/ s:,.*\):\): } }' drivers/net/wireless/marvell/mwifiex/* Step 2: Manually delete the flags / ra_list_flags args from: mwifiex_send_single_packet() mwifiex_11n_aggregate_pkt() mwifiex_send_processed_packet() which are now unused. Step 3: Apply this semantic patch (coccinelle) to remove the unused 'flags' variables: // <smpl> @@ type T; identifier i; @@ ( extern T i; | - T i; ... when != i ) // </smpl> (Usage is something like this: make coccicheck COCCI=./patch.cocci MODE=patch M=drivers/net/wireless/marvell/mwifiex/ although this skips *.h files for some reasons, so I had to massage stuff.) Testing: I've played with a variety of stress tests, including download stress tests on the same APs which caught regressions with commit 5188d5453bc9 ("mwifiex: restructure rx_reorder_tbl_lock usage"). I've primarily tested on Marvell 8997 / PCIe, although I've given 8897 / SDIO a quick spin as well. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-06-27mwifiex: dispatch/rotate from reorder table atomicallyBrian Norris1-19/+24
mwifiex_11n_scan_and_dispatch() and mwifiex_11n_dispatch_pkt_until_start_win() share similar patterns, where they perform a few different actions on the same table, using the same lock, but non-atomically. There have been other attempts to clean up this sort of behavior, but they have had problems (incomplete; introducing new deadlocks). We can improve these functions' atomicity by queueing up our RX packets in a list, to dispatch at the end of the function. This avoids problems of another operation modifying the table in between our dispatch and rotation operations. This was inspired by investigations around this: http://lkml.kernel.org/linux-wireless/20181130175957.167031-1-briannorris@chromium.org Subject: [4.20 PATCH] Revert "mwifiex: restructure rx_reorder_tbl_lock usage" While the original (now-reverted) patch had good intentions in restructuring some of the locking patterns in this driver, it missed an important detail: we cannot defer to softirq contexts while already in an atomic context. We can help avoid this sort of problem by separating the two steps of: (1) iterating / clearing the mwifiex reordering table (2) dispatching received packets to upper layers This makes it much harder to make lock recursion mistakes, as these two steps no longer need to hold the same locks. Testing: I've played with a variety of stress tests, including download stress tests on the same APs which caught regressions with commit 5188d5453bc9 ("mwifiex: restructure rx_reorder_tbl_lock usage"). I've primarily tested on Marvell 8997 / PCIe, although I've given 8897 / SDIO a quick spin as well. Signed-off-by: Brian Norris <briannorris@chromium.org> Acked-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-06-26Merge tag 'wireless-drivers-next-for-davem-2019-06-26' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-nextDavid S. Miller4-16/+24
Kalle Valu says: ==================== wireless-drivers-next patches for 5.3 First set of patches for 5.3, but not that many patches this time. This pull request fails to compile with the tip tree due to ktime_get_boot_ns() API changes there. It should be easy for Linus to fix it in p54 driver once he pulls this, an example resolution here: https://lkml.kernel.org/r/20190625160432.533aa140@canb.auug.org.au Major changes: airo * switch to use skcipher interface p54 * support boottime in scan results rtw88 * add fast xmit support * add random mac address on scan support rt2x00 * add software watchdog to detect hangs, it's disabled by default ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-06-25mwifiex: ignore processing invalid command responseSwati Kushwaha2-10/+19
Firmware can send invalid command response, the processing of which can attempt to modify unexpected context and cause issues. To fix this, driver should check that the command response ID is same as the one it downloaded, and ignore processing of invalid response. Signed-off-by: Swati Kushwaha <swatiuma@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-06-25mwifiex: update set_mac_address logicSharvari Harisangam1-3/+3
In set_mac_address, driver check for interfaces with same bss_type For first STA entry, this would return 3 interfaces since all priv's have bss_type as 0 due to kzalloc. Thus mac address gets changed for STA unexpected. This patch adds check for first STA and avoids mac address change. This patch also adds mac_address change for p2p based on bss_num type. Signed-off-by: Sharvari Harisangam <sharvari@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-06-25mwifiex: print PCI mmap with %pKBrian Norris1-1/+1
Unadorned '%p' has restrictive policies these days, such that it usually just prints garbage at early boot (see Documentation/core-api/printk-formats.rst, "kernel will print ``(ptrval)`` until it gathers enough entropy"). Annotating with %pK (for "kernel pointer") allows the kptr_restrict sysctl to control printing policy better. We might just as well drop this message entirely, but this fix was easy enough for now. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-06-25mwifiex: drop 'set_consistent_dma_mask' log messageBrian Norris1-2/+1
This message is pointless. While we're at it, include the error code in the error message, which is not pointless. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-06-24mwifiex: Don't abort on small, spec-compliant vendor IEsBrian Norris4-13/+23
Per the 802.11 specification, vendor IEs are (at minimum) only required to contain an OUI. A type field is also included in ieee80211.h (struct ieee80211_vendor_ie) but doesn't appear in the specification. The remaining fields (subtype, version) are a convention used in WMM headers. Thus, we should not reject vendor-specific IEs that have only the minimum length (3 bytes) -- we should skip over them (since we only want to match longer IEs, that match either WMM or WPA formats). We can reject elements that don't have the minimum-required 3 byte OUI. While we're at it, move the non-standard subtype and version fields into the WMM structs, to avoid this confusion in the future about generic "vendor header" attributes. Fixes: 685c9b7750bf ("mwifiex: Abort at too short BSS descriptor element") Cc: Takashi Iwai <tiwai@suse.de> Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-06-17Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2-16/+50
Honestly all the conflicts were simple overlapping changes, nothing really interesting to report. Signed-off-by: David S. Miller <davem@davemloft.net>
2019-06-02net: ipv4: provide __rcu annotation for ifa_listFlorian Westphal1-1/+1
ifa_list is protected by rcu, yet code doesn't reflect this. Add the __rcu annotations and fix up all places that are now reported by sparse. I've done this in the same commit to not add intermediate patches that result in new warnings. Reported-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-06-01mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()Takashi Iwai1-16/+31
A few places in mwifiex_uap_parse_tail_ies() perform memcpy() unconditionally, which may lead to either buffer overflow or read over boundary. This patch addresses the issues by checking the read size and the destination size at each place more properly. Along with the fixes, the patch cleans up the code slightly by introducing a temporary variable for the token size, and unifies the error path with the standard goto statement. Reported-by: huangwen <huangwen@venustech.com.cn> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-05-30mwifiex: Abort at too short BSS descriptor elementTakashi Iwai1-0/+15
Currently mwifiex_update_bss_desc_with_ie() implicitly assumes that the source descriptor entries contain the enough size for each type and performs copying without checking the source size. This may lead to read over boundary. Fix this by putting the source size check in appropriate places. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-05-30mwifiex: Fix possible buffer overflows at parsing bss descriptorTakashi Iwai1-0/+4
mwifiex_update_bss_desc_with_ie() calls memcpy() unconditionally in a couple places without checking the destination size. Since the source is given from user-space, this may trigger a heap buffer overflow. Fix it by putting the length check before performing memcpy(). This fix addresses CVE-2019-3846. Reported-by: huangwen <huangwen@venustech.com.cn> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-05-21treewide: Add SPDX license identifier - Makefile/KconfigThomas Gleixner1-0/+1
Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-05Merge tag 'wireless-drivers-next-for-davem-2019-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-nextDavid S. Miller7-17/+91
Kalle Valo says: ==================== wireless-drivers-next patches for 5.2 Most likely the last patchset of new feature for 5.2, and this time we have quite a lot of new features. Most obvious being rtw88 from Realtek which supports RTL8822BE and RTL8822CE 802.11ac devices. We have also new hardware support for existing drivers and improvements. There's one conflict in iwlwifi, my example conflict resolution below. Major changes: iwlwifi * bump the 20000-series FW API version * work on new hardware continues * RTT confidence indication support for Fine Timing Measurement (FTM) * an improvement in HE (802.11ax) rate-scaling * add command version parsing from the fimware TLVs * add support for a new WoWLAN patterns firmware API rsi * add support for rs9116 mwifiex * add support for SD8987 brcmfmac * add quirk for ACEPC T8 and T11 mini PCs rt2x00 * add RT3883 support qtnfmac * fix debugfs interface to support multiple cards rtw88 * new driver mt76 * share more code across drivers * add support for MT7615 chipset * rework DMA API * tx/rx performance optimizations * use NAPI for tx cleanup on mt76x02 * AP mode support for USB devices * USB stability fixes * tx power handling fixes for 76x2 * endian fixes Conflicts: There's a trivial conflict in drivers/net/wireless/intel/iwlwifi/fw/file.h, just leave IWL_UCODE_TLV_FW_FSEQ_VERSION to the file. 'git diff' output should be just empty: diff --cc drivers/net/wireless/intel/iwlwifi/fw/file.h index cd622af90077,b0671e16e1ce..000000000000 --- a/drivers/net/wireless/intel/iwlwifi/fw/file.h +++ b/drivers/net/wireless/intel/iwlwifi/fw/file.h ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-05-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller1-1/+1
Three trivial overlapping conflicts. Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-27netlink: make validation more configurable for future strictnessJohannes Berg1-2/+2
We currently have two levels of strict validation: 1) liberal (default) - undefined (type >= max) & NLA_UNSPEC attributes accepted - attribute length >= expected accepted - garbage at end of message accepted 2) strict (opt-in) - NLA_UNSPEC attributes accepted - attribute length >= expected accepted Split out parsing strictness into four different options: * TRAILING - check that there's no trailing data after parsing attributes (in message or nested) * MAXTYPE - reject attrs > max known type * UNSPEC - reject attributes with NLA_UNSPEC policy entries * STRICT_ATTRS - strictly validate attribute size The default for future things should be *everything*. The current *_strict() is a combination of TRAILING and MAXTYPE, and is renamed to _deprecated_strict(). The current regular parsing has none of this, and is renamed to *_parse_deprecated(). Additionally it allows us to selectively set one of the new flags even on old policies. Notably, the UNSPEC flag could be useful in this case, since it can be arranged (by filling in the policy) to not be an incompatible userspace ABI change, but would then going forward prevent forgetting attribute entries. Similar can apply to the POLICY flag. We end up with the following renames: * nla_parse -> nla_parse_deprecated * nla_parse_strict -> nla_parse_deprecated_strict * nlmsg_parse -> nlmsg_parse_deprecated * nlmsg_parse_strict -> nlmsg_parse_deprecated_strict * nla_parse_nested -> nla_parse_nested_deprecated * nla_validate_nested -> nla_validate_nested_deprecated Using spatch, of course: @@ expression TB, MAX, HEAD, LEN, POL, EXT; @@ -nla_parse(TB, MAX, HEAD, LEN, POL, EXT) +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT) @@ expression NLH, HDRLEN, TB, MAX, POL, EXT; @@ -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT) +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT) @@ expression NLH, HDRLEN, TB, MAX, POL, EXT; @@ -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT) +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT) @@ expression TB, MAX, NLA, POL, EXT; @@ -nla_parse_nested(TB, MAX, NLA, POL, EXT) +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT) @@ expression START, MAX, POL, EXT; @@ -nla_validate_nested(START, MAX, POL, EXT) +nla_validate_nested_deprecated(START, MAX, POL, EXT) @@ expression NLH, HDRLEN, MAX, POL, EXT; @@ -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT) +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT) For this patch, don't actually add the strict, non-renamed versions yet so that it breaks compile if I get it wrong. Also, while at it, make nla_validate and nla_parse go down to a common __nla_validate_parse() function to avoid code duplication. Ultimately, this allows us to have very strict validation for every new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the next patch, while existing things will continue to work as is. In effect then, this adds fully strict validation for any new command. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-25mwifiex: fix spelling mistake "capabilties" -> "capabilities"Colin Ian King2-10/+10
There various spelling mistakes in function names and in message text. Fix these. Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Mukesh Ojha <mojha@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25mwifiex: add support for SD8987 chipsetTamás Szűcs3-2/+76
This patch adds support for Marvell 88W8987 chipset with SDIO interface. Register offsets and supported feature flags are updated. The corresponding firmware image file shall be "mrvl/sd8987_uapsta.bin". Signed-off-by: Tamás Szűcs <tszucs@protonmail.ch> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25mwifiex: prevent an array overflowDan Carpenter1-0/+3
The "rate_index" is only used as an index into the phist_data->rx_rate[] array in the mwifiex_hist_data_set() function. That array has MWIFIEX_MAX_AC_RX_RATES (74) elements and it's used to generate some debugfs information. The "rate_index" variable comes from the network skb->data[] and it is a u8 so it's in the 0-255 range. We need to cap it to prevent an array overflow. Fixes: cbf6e05527a7 ("mwifiex: add rx histogram statistics support") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25mwifiex: use struct_size() in kzalloc()Gustavo A. R. Silva1-5/+2
One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; struct boo entry[]; }; size = sizeof(struct foo) + count * sizeof(struct boo); instance = kzalloc(size, GFP_KERNEL) Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL) Notice that, in this case, variable regd_size is not necessary, hence it is removed. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-25mwifiex: Make resume actually do something useful again on SDIO cardsDouglas Anderson1-1/+1
The commit fc3a2fcaa1ba ("mwifiex: use atomic bitops to represent adapter status variables") had a fairly straightforward bug in it. It contained this bit of diff: - if (!adapter->is_suspended) { + if (test_bit(MWIFIEX_IS_SUSPENDED, &adapter->work_flags)) { As you can see the patch missed the "!" when converting to the atomic bitops. This meant that the resume hasn't done anything at all since that commit landed and suspend/resume for mwifiex SDIO cards has been totally broken. After fixing this mwifiex suspend/resume appears to work again, at least with the simple testing I've done. Fixes: fc3a2fcaa1ba ("mwifiex: use atomic bitops to represent adapter status variables") Cc: <stable@vger.kernel.org> Signed-off-by: Douglas Anderson <dianders@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04mwifiex: add a bounds check in mwifiex_process_sta_rx_packet()Dan Carpenter1-1/+2
Smatch complains that "local_rx_pd->priority" can't be trusted because it comes from skb->data and it can go up to 255 instead of being capped in the 0-7 range. A few lines earlier, on the other side of the if statement, we cap priority so it seems harmless to add a bounds check here as well. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04mwifiex: Fix mem leak in mwifiex_tm_cmdYueHaibing1-1/+5
'hostcmd' is alloced by kzalloc, should be freed before leaving from the error handling cases, otherwise it will cause mem leak. Fixes: 3935ccc14d2c ("mwifiex: add cfg80211 testmode support") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-04net: mwifiex: fix a NULL pointer dereferenceKangjie Lu1-0/+6
In case dev_alloc_skb fails, the fix returns -ENOMEM to avoid NULL pointer dereference. Signed-off-by: Kangjie Lu <kjlu@umn.edu> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-03-20net: remove 'fallback' argument from dev->ndo_select_queue()Paolo Abeni1-2/+1
After the previous patch, all the callers of ndo_select_queue() provide as a 'fallback' argument netdev_pick_tx. The only exceptions are nested calls to ndo_select_queue(), which pass down the 'fallback' available in the current scope - still netdev_pick_tx. We can drop such argument and replace fallback() invocation with netdev_pick_tx(). This avoids an indirect call per xmit packet in some scenarios (TCP syn, UDP unconnected, XDP generic, pktgen) with device drivers implementing such ndo. It also clean the code a bit. Tested with ixgbe and CONFIG_FCOE=m With pktgen using queue xmit: threads vanilla patched (kpps) (kpps) 1 2334 2428 2 4166 4278 4 7895 8100 v1 -> v2: - rebased after helper's name change Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-19mwifiex: don't advertise IBSS features without FW supportBrian Norris1-3/+7
As it is, doing something like # iw phy phy0 interface add foobar type ibss on a firmware that doesn't have ad-hoc support just yields failures of HostCmd_CMD_SET_BSS_MODE, which happened to return a '-1' error code (-EPERM? not really right...) and sometimes may even crash the firmware along the way. Let's parse the firmware capability flag while registering the wiphy, so we don't allow attempting IBSS at all, and we get a proper -EOPNOTSUPP from nl80211 instead. Fixes: e267e71e68ae ("mwifiex: Disable adhoc feature based on firmware capability") Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-19mwifiex: Fix NL80211_TX_POWER_LIMITEDAdrian Bunk3-6/+19
NL80211_TX_POWER_LIMITED was treated as NL80211_TX_POWER_AUTOMATIC, which is the opposite of what should happen and can cause nasty regulatory problems. if/else converted to a switch without default to make gcc warn on unhandled enum values. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-08mwifiex: don't print error message on coex eventStefan Agner1-1/+1
The BT coex event is not an error condition. Don't print an error message in this case. The same even in sta_event.c prints a message using the debug level already. Signed-off-by: Stefan Agner <stefan@agner.ch> Reviewed-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-01mwifiex: no need to check return value of debugfs_create functionsGreg Kroah-Hartman1-3/+2
When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Amitkumar Karwar <amitkarwar@gmail.com> Cc: Nishant Sarmukadam <nishants@marvell.com> Cc: Ganapathi Bhat <gbhat@marvell.com> Cc: Xinming Hu <huxinming820@gmail.com> Cc: Kalle Valo <kvalo@codeaurora.org> Cc: linux-wireless@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-01mwifiex: add support for sd8977 chipsetHemantkumar Suthar3-1/+76
This patch adds support for 8977 chipset to mwifiex with SDIO interface. Register offsets and supported feature flags are updated. Firmware image used will be mrvl/sd8977_uapsta.bin. Signed-off-by: Hemantkumar Suthar <shemant@marvell.com> Signed-off-by: Rakesh Parmar <rakeshp@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-12-20Merge tag 'wireless-drivers-next-for-davem-2018-12-20' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-nextDavid S. Miller4-38/+69
Kalle Valo says: ==================== wireless-drivers-next patches for 4.21 Last set of patches for 4.21. mt76 is still in very active development and having some refactoring as well as new features. But also other drivers got few new features and fixes. Major changes: ath10k * add amsdu support for QCA6174 monitor mode * report tx rate using the new ieee80211_tx_rate_update() API * wcn3990 support is not experimental anymore iwlwifi * support for FW version 43 for 9000 and 22000 series brcmfmac * add support for CYW43012 SDIO chipset * add the raw 4354 PCIe device ID for unprogrammed Cypress boards mwifiex * add NL80211_STA_INFO_RX_BITRATE support mt76 * use the same firmware for mt76x2e and mt76x2u * mt76x0e survey support * more unification between mt76x2 and mt76x0 * mt76x0e AP mode support * mt76x0e DFS support * rework and fix tx status handling for mt76x0 and mt76x2 ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2018-12-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller3-53/+51
Lots of conflicts, by happily all cases of overlapping changes, parallel adds, things of that nature. Thanks to Stephen Rothwell, Saeed Mahameed, and others for their guidance in these resolutions. Signed-off-by: David S. Miller <davem@davemloft.net>
2018-12-13mwifiex: add NL80211_STA_INFO_RX_BITRATE supportBrian Norris2-5/+34
Comparing the existing TX_BITRATE parsing code (in mwifiex_parse_htinfo()) with the RX bitrate histograms in debugfs.c, it appears that the rxpd_rate and rxpd_htinfo fields have the same format. At least, they give reasonable results when I parse them this way. So this patch adds support for RX_BITRATE to our station info dump. Along the way, I add legacy bitrate parsing into the same function, using the debugfs code (mwifiex_histogram_read() and mwifiex_adjust_data_rate()) as reference. Additionally, to satisfy the requirements of NL80211_STA_INFO_RX_BITRATE, I skip logging the bitrate of multicast packets. This shouldn't add a lot of overhead to the RX path, as there are already several similar 802.3 header checks in this same codepath. We can also bias the branch behavior to favor unicast, as that's the common performance-sensitive case. I'd consider this support somewhat experimental, as I have zero documentation from Marvell. But the existing driver code gives me good reason to think this is correct. I've tested this on a few different 802.11{a,b,g,n,ac} networks, and the reported bitrates look good to me. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-12-13mwifiex: refactor mwifiex_parse_htinfo() for reuseBrian Norris1-17/+19
This function converts some firmware-specific parameters into cfg80211 'rate_info' structures. It currently assumes it's dealing only with TX bitrate, but the RX bitrate looks to be the same, so refactor this function to be reusable. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-12-13mwifiex: debugfs: correct histogram spacing, formattingBrian Norris1-8/+6
Currently, snippets of this file look like: rx rates (in Mbps): 0=1M 1=2M2=5.5M 3=11M 4=6M 5=9M 6=12M 7=18M 8=24M 9=36M 10=48M 11=54M12-27=MCS0-15(BW20) 28-43=MCS0-15(BW40) 44-53=MCS0-9(VHT:BW20)54-63=MCS0-9(VHT:BW40)64-73=MCS0-9(VHT:BW80) ... noise_flr[--96dBm] = 22 noise_flr[--95dBm] = 149 noise_flr[--94dBm] = 9 noise_flr[--93dBm] = 2 We're missing some spaces, and we're adding a minus sign ('-') on values that are already negative signed integers. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-12-13mwifiex: fix potential NULL dereference and use after freePan Bian1-8/+10
There are two defects: (1) passing a NULL bss to mwifiex_save_hidden_ssid_channels will result in NULL dereference, (2) using bss after dropping the reference to it via cfg80211_put_bss. To fix them, the patch moves the buggy code to the branch that bss is not NULL and puts it before cfg80211_put_bss. Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-12-13Revert "mwifiex: restructure rx_reorder_tbl_lock usage"Brian Norris3-53/+51
This reverts commit 5188d5453bc9380ccd4ae1086138dd485d13aef2, because it introduced lock recursion: BUG: spinlock recursion on CPU#2, kworker/u13:1/395 lock: 0xffffffc0e28a47f0, .magic: dead4ead, .owner: kworker/u13:1/395, .owner_cpu: 2 CPU: 2 PID: 395 Comm: kworker/u13:1 Not tainted 4.20.0-rc4+ #2 Hardware name: Google Kevin (DT) Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex] Call trace: dump_backtrace+0x0/0x140 show_stack+0x20/0x28 dump_stack+0x84/0xa4 spin_bug+0x98/0xa4 do_raw_spin_lock+0x5c/0xdc _raw_spin_lock_irqsave+0x38/0x48 mwifiex_flush_data+0x2c/0xa4 [mwifiex] call_timer_fn+0xcc/0x1c4 run_timer_softirq+0x264/0x4f0 __do_softirq+0x1a8/0x35c do_softirq+0x54/0x64 netif_rx_ni+0xe8/0x120 mwifiex_recv_packet+0xfc/0x10c [mwifiex] mwifiex_process_rx_packet+0x1d4/0x238 [mwifiex] mwifiex_11n_dispatch_pkt+0x190/0x1ac [mwifiex] mwifiex_11n_rx_reorder_pkt+0x28c/0x354 [mwifiex] mwifiex_process_sta_rx_packet+0x204/0x26c [mwifiex] mwifiex_handle_rx_packet+0x15c/0x16c [mwifiex] mwifiex_rx_work_queue+0x104/0x134 [mwifiex] worker_thread+0x4cc/0x72c kthread+0x134/0x13c ret_from_fork+0x10/0x18 This was clearly not tested well at all. I simply performed 'wget' in a loop and it fell over within a few seconds. Fixes: 5188d5453bc9 ("mwifiex: restructure rx_reorder_tbl_lock usage") Cc: <stable@vger.kernel.org> Cc: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>