From c81396f3da22aa8f1e8fbf7943616a0839c4d63d Mon Sep 17 00:00:00 2001 From: Cathy Luo Date: Thu, 21 Jul 2016 16:30:24 +0530 Subject: mwifiex: fix large amsdu packets causing firmware hang Sometimes host prepares and downloads a large amsdu packet to firmware which leads to a memory corruption in firmware. The reason is __dev_alloc_skb() may allocate larger buffer than required size. This patch solves the problem by checking "adapter->tx_buf_size" instead of relying on skb_tailroom(). Signed-off-by: Cathy Luo Signed-off-by: Amitkumar Karwar Signed-off-by: Kalle Valo --- drivers/net/wireless/marvell/mwifiex/11n_aggr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/marvell/mwifiex/11n_aggr.c b/drivers/net/wireless/marvell/mwifiex/11n_aggr.c index dc49c3de1f25..c47d6366875d 100644 --- a/drivers/net/wireless/marvell/mwifiex/11n_aggr.c +++ b/drivers/net/wireless/marvell/mwifiex/11n_aggr.c @@ -205,7 +205,8 @@ mwifiex_11n_aggregate_pkt(struct mwifiex_private *priv, do { /* Check if AMSDU can accommodate this MSDU */ - if (skb_tailroom(skb_aggr) < (skb_src->len + LLC_SNAP_LEN)) + if ((skb_aggr->len + skb_src->len + LLC_SNAP_LEN) > + adapter->tx_buf_size) break; skb_src = skb_dequeue(&pra_list->skb_head); -- cgit v1.2.3 From 05860bed491b114a9f2d7a4f6e09fb02c0b69056 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 19 Aug 2016 13:37:38 +0300 Subject: ath9k: fix client mode beacon configuration For pure station mode, iter_data.primary_beacon_vif was used and passed to ath_beacon_config, but not set to the station vif. This was causing the following warning: [ 100.310919] ------------[ cut here ]------------ [ 100.315683] WARNING: CPU: 0 PID: 7 at compat-wireless-2016-06-20/drivers/net/wireless/ath/ath9k/beacon.c:642 ath9k_calculate_summary_state+0x250/0x60c [ath9k]() [ 100.402028] CPU: 0 PID: 7 Comm: kworker/u2:1 Tainted: G W 4.4.15 #5 [ 100.409676] Workqueue: phy0 ieee80211_ibss_leave [mac80211] [ 100.415351] Stack : 8736e98c 870b4b20 87a25b54 800a6800 8782a080 80400d63 8039b96c 00000007 [ 100.415351] 803c5edc 87875914 80400000 800a47cc 87a25b54 800a6800 803a0fd8 80400000 [ 100.415351] 00000003 87875914 80400000 80094ae0 87a25b54 8787594c 00000000 801ef308 [ 100.415351] 803ffe70 801ef300 87193d58 87b3a400 87b3ad00 70687930 00000000 00000000 [ 100.415351] 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 100.415351] ... [ 100.451703] Call Trace: [ 100.454235] [<800a6800>] vprintk_default+0x24/0x30 [ 100.459110] [<800a47cc>] printk+0x2c/0x38 [ 100.463190] [<800a6800>] vprintk_default+0x24/0x30 [ 100.468072] [<80094ae0>] print_worker_info+0x148/0x174 [ 100.473378] [<801ef308>] serial8250_console_putchar+0x0/0x44 [ 100.479122] [<801ef300>] wait_for_xmitr+0xc4/0xcc [ 100.484014] [<87193d58>] ieee80211_ibss_leave+0xb90/0x1900 [mac80211] [ 100.490590] [<80081604>] warn_slowpath_common+0xa0/0xd0 [ 100.495922] [<801a359c>] dump_stack+0x14/0x28 [ 100.500350] [<80071a00>] show_stack+0x50/0x84 [ 100.504784] [<80081604>] warn_slowpath_common+0xa0/0xd0 [ 100.510106] [<87024c60>] ath9k_calculate_summary_state+0x250/0x60c [ath9k] [ 100.517105] [<800816b8>] warn_slowpath_null+0x18/0x24 [ 100.522256] [<87024c60>] ath9k_calculate_summary_state+0x250/0x60c [ath9k] [ 100.529273] [<87025418>] ath9k_set_txpower+0x148/0x498 [ath9k] [ 100.535302] [<871d2c64>] cleanup_module+0xa74/0xd4c [mac80211] [ 100.541237] [<801ef308>] serial8250_console_putchar+0x0/0x44 [ 100.547042] [<800a5d18>] wake_up_klogd+0x54/0x68 [ 100.551730] [<800a6650>] vprintk_emit+0x404/0x43c [ 100.556623] [<871b9db8>] ieee80211_sta_rx_notify+0x258/0x32c [mac80211] [ 100.563475] [<871ba6a4>] ieee80211_sta_rx_queued_mgmt+0x63c/0x734 [mac80211] [ 100.570693] [<871aa49c>] ieee80211_tx_prepare_skb+0x210/0x230 [mac80211] [ 100.577609] [<800af5d4>] mod_timer+0x15c/0x190 [ 100.582220] [<871ba8b8>] ieee80211_sta_work+0xfc/0xe1c [mac80211] [ 100.588539] [<871940b4>] ieee80211_ibss_leave+0xeec/0x1900 [mac80211] [ 100.595122] [<8009ec84>] dequeue_task_fair+0x44/0x130 [ 100.600281] [<80092a34>] process_one_work+0x1f8/0x334 [ 100.605454] [<80093830>] worker_thread+0x2b4/0x408 [ 100.610317] [<8009357c>] worker_thread+0x0/0x408 [ 100.615019] [<8009357c>] worker_thread+0x0/0x408 [ 100.619705] [<80097b68>] kthread+0xdc/0xe8 [ 100.623886] [<80097a8c>] kthread+0x0/0xe8 [ 100.627961] [<80060878>] ret_from_kernel_thread+0x14/0x1c [ 100.633448] [ 100.634956] ---[ end trace aafbe57e9ae6862f ]--- Fixes: cfda2d8e2314 ("ath9k: Fix beacon configuration for addition/removal of interfaces") Signed-off-by: Felix Fietkau Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath9k/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c index a394622c9022..098745dc683b 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c @@ -1154,6 +1154,7 @@ void ath9k_calculate_summary_state(struct ath_softc *sc, bool changed = (iter_data.primary_sta != ctx->primary_sta); if (iter_data.primary_sta) { + iter_data.primary_beacon_vif = iter_data.primary_sta; iter_data.beacons = true; ath9k_set_assoc_state(sc, iter_data.primary_sta, changed); -- cgit v1.2.3 From 7711aaf08ad3fc4d0e937eec1de0a63620444ce7 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 19 Aug 2016 13:37:46 +0300 Subject: ath9k: fix using sta->drv_priv before initializing it A station pointer can be passed to the driver on tx, before it has been marked as associated. Since ath9k_sta_state was initializing the entry too late, it resulted in some spurious crashes. Fixes: df3c6eb34da5 ("ath9k: Use sta_state() callback") Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath9k/main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c index 098745dc683b..6ca4337a98c4 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c @@ -1564,13 +1564,13 @@ static int ath9k_sta_state(struct ieee80211_hw *hw, struct ath_common *common = ath9k_hw_common(sc->sc_ah); int ret = 0; - if (old_state == IEEE80211_STA_AUTH && - new_state == IEEE80211_STA_ASSOC) { + if (old_state == IEEE80211_STA_NOTEXIST && + new_state == IEEE80211_STA_NONE) { ret = ath9k_sta_add(hw, vif, sta); ath_dbg(common, CONFIG, "Add station: %pM\n", sta->addr); - } else if (old_state == IEEE80211_STA_ASSOC && - new_state == IEEE80211_STA_AUTH) { + } else if (old_state == IEEE80211_STA_NONE && + new_state == IEEE80211_STA_NOTEXIST) { ret = ath9k_sta_remove(hw, vif, sta); ath_dbg(common, CONFIG, "Remove station: %pM\n", sta->addr); -- cgit v1.2.3 From 237e15dfd5d651868726111c3a9d828bec700490 Mon Sep 17 00:00:00 2001 From: Ashok Raj Nagarajan Date: Fri, 19 Aug 2016 13:37:37 +0300 Subject: ath10k: fix get rx_status from htt context On handling amsdu on rx path, get the rx_status from htt context. Without this fix, we are seeing warnings when running DBDC traffic like this. WARNING: CPU: 0 PID: 0 at net/mac80211/rx.c:4105 ieee80211_rx_napi+0x88/0x7d8 [mac80211]() [ 1715.878248] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.21 #1 [ 1715.878273] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 1715.878293] [] (show_stack) from [] (dump_stack+0x70/0xbc) [ 1715.878315] [] (dump_stack) from [] (warn_slowpath_common+0x64/0x88) [ 1715.878339] [] (warn_slowpath_common) from [] (warn_slowpath_null+0x18/0x20) [ 1715.878395] [] (warn_slowpath_null) from [] (ieee80211_rx_napi+0x88/0x7d8 [mac80211]) [ 1715.878474] [] (ieee80211_rx_napi [mac80211]) from [] (ath10k_htt_t2h_msg_handler+0xb48/0xbfc [ath10k_core]) [ 1715.878535] [] (ath10k_htt_t2h_msg_handler [ath10k_core]) from [] (ath10k_htt_t2h_msg_handler+0xbf8/0xbfc [ath10k_core]) [ 1715.878597] [] (ath10k_htt_t2h_msg_handler [ath10k_core]) from [] (ath10k_htt_txrx_compl_task+0xa54/0x1170 [ath10k_core]) [ 1715.878639] [] (ath10k_htt_txrx_compl_task [ath10k_core]) from [] (tasklet_action+0xb4/0x130) [ 1715.878659] [] (tasklet_action) from [] (__do_softirq+0xe0/0x210) [ 1715.878678] [] (__do_softirq) from [] (irq_exit+0x84/0xe0) [ 1715.878700] [] (irq_exit) from [] (__handle_domain_irq+0x98/0xd0) [ 1715.878722] [] (__handle_domain_irq) from [] (gic_handle_irq+0x38/0x5c) [ 1715.878741] [] (gic_handle_irq) from [] (__irq_svc+0x40/0x74) [ 1715.878753] Exception stack(0xc05f9f50 to 0xc05f9f98) [ 1715.878767] 9f40: ffffffed 00000000 00399e1e c000a220 [ 1715.878786] 9f60: 00000000 c05f6780 c05f8000 00000000 c05f5db8 ffffffed c05f8000 c04d1980 [ 1715.878802] 9f80: 00000000 c05f9f98 c0018110 c0018114 60000013 ffffffff [ 1715.878822] [] (__irq_svc) from [] (arch_cpu_idle+0x2c/0x50) [ 1715.878844] [] (arch_cpu_idle) from [] (cpu_startup_entry+0x108/0x234) [ 1715.878866] [] (cpu_startup_entry) from [] (start_kernel+0x33c/0x3b8) [ 1715.878879] ---[ end trace 6d5e1cc0fef8ed6a ]--- [ 1715.878899] ------------[ cut here ]------------ Fixes: 18235664e7f9 ("ath10k: cleanup amsdu processing for rx indication") Signed-off-by: Ashok Raj Nagarajan Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath10k/htt_rx.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c index 78db5d679f19..24c8d65bcf34 100644 --- a/drivers/net/wireless/ath/ath10k/htt_rx.c +++ b/drivers/net/wireless/ath/ath10k/htt_rx.c @@ -1525,7 +1525,7 @@ static void ath10k_htt_rx_h_filter(struct ath10k *ar, static int ath10k_htt_rx_handle_amsdu(struct ath10k_htt *htt) { struct ath10k *ar = htt->ar; - static struct ieee80211_rx_status rx_status; + struct ieee80211_rx_status *rx_status = &htt->rx_status; struct sk_buff_head amsdu; int ret; @@ -1549,11 +1549,11 @@ static int ath10k_htt_rx_handle_amsdu(struct ath10k_htt *htt) return ret; } - ath10k_htt_rx_h_ppdu(ar, &amsdu, &rx_status, 0xffff); + ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status, 0xffff); ath10k_htt_rx_h_unchain(ar, &amsdu, ret > 0); - ath10k_htt_rx_h_filter(ar, &amsdu, &rx_status); - ath10k_htt_rx_h_mpdu(ar, &amsdu, &rx_status); - ath10k_htt_rx_h_deliver(ar, &amsdu, &rx_status); + ath10k_htt_rx_h_filter(ar, &amsdu, rx_status); + ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status); + ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status); return 0; } -- cgit v1.2.3 From 4e80ffab0e722911842b59299dbf8033709673e5 Mon Sep 17 00:00:00 2001 From: Mohammed Shafi Shajakhan Date: Fri, 19 Aug 2016 13:37:37 +0300 Subject: ath10k: Remove driver log suggesting QCA9887 support is experimental Support for QCA9887 is no longer experimental and if there are any issues we need to address them Signed-off-by: Mohammed Shafi Shajakhan Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath10k/pci.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c index 9a22c478dd1b..07933c51a850 100644 --- a/drivers/net/wireless/ath/ath10k/pci.c +++ b/drivers/net/wireless/ath/ath10k/pci.c @@ -3162,7 +3162,6 @@ static int ath10k_pci_probe(struct pci_dev *pdev, pci_hard_reset = ath10k_pci_qca988x_chip_reset; break; case QCA9887_1_0_DEVICE_ID: - dev_warn(&pdev->dev, "QCA9887 support is still experimental, there are likely bugs. You have been warned.\n"); hw_rev = ATH10K_HW_QCA9887; pci_ps = false; pci_soft_reset = ath10k_pci_warm_reset; -- cgit v1.2.3 From db7b542e4a789156a4fb61278f2074795fe2eb9c Mon Sep 17 00:00:00 2001 From: Miaoqing Pan Date: Thu, 4 Aug 2016 15:48:34 +0800 Subject: ath9k: fix AR5416 access GPIO warning The warning was seen on AR5416 chip, which invoke ath9k_hw_gio_get() before the GPIO initialized correctly. WARNING: CPU: 1 PID: 1159 at ~/drivers/net/wireless/ath/ath9k/hw.c:2776 ath9k_hw_gpio_get+0x148/0x1a0 [ath9k_hw] ... CPU: 1 PID: 1159 Comm: systemd-udevd Not tainted 4.7.0-rc7-aptosid-amd64 #1 aptosid 4.7~rc7-1~git92.slh.3 Hardware name: /DH67CL, BIOS BLH6710H.86A.0160.2012.1204.1156 12/04/2012 0000000000000286 00000000f912d633 ffffffff81290fd3 0000000000000000 0000000000000000 ffffffff81063fd4 ffff88040c6dc018 0000000000000000 0000000000000002 0000000000000000 0000000000000100 ffff88040c6dc018 Call Trace: [] ? dump_stack+0x5c/0x79 [] ? __warn+0xb4/0xd0 [] ? ath9k_hw_gpio_get+0x148/0x1a0 [ath9k_hw] Signed-off-by: Miaoqing Pan Reported-by: Stefan Lippers-Hollmann Tested-by: Stefan Lippers-Hollmann Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath9k/hw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c index d1d0c06d627c..14b13f07cd1f 100644 --- a/drivers/net/wireless/ath/ath9k/hw.c +++ b/drivers/net/wireless/ath/ath9k/hw.c @@ -2482,6 +2482,8 @@ int ath9k_hw_fill_cap_info(struct ath_hw *ah) return -EINVAL; } + ath9k_gpio_cap_init(ah); + if (AR_SREV_9485(ah) || AR_SREV_9285(ah) || AR_SREV_9330(ah) || @@ -2531,8 +2533,6 @@ int ath9k_hw_fill_cap_info(struct ath_hw *ah) else pCap->hw_caps &= ~ATH9K_HW_CAP_HT; - ath9k_gpio_cap_init(ah); - if (AR_SREV_9160_10_OR_LATER(ah) || AR_SREV_9100(ah)) pCap->rts_aggr_limit = ATH_AMPDU_LIMIT_MAX; else -- cgit v1.2.3 From e34f2ff40e0339f6a379e1ecf49e8f2759056453 Mon Sep 17 00:00:00 2001 From: Giedrius Statkevičius Date: Thu, 1 Sep 2016 20:47:02 +0300 Subject: ath9k: bring back direction setting in ath9k_{start_stop} MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A regression was introduced in commit id 79d4db1214a ("ath9k: cleanup led_pin initial") that broken the WLAN status led on my laptop with AR9287 after suspending and resuming. Steps to reproduce: * Suspend (laptop) * Resume (laptop) * Observe that the WLAN led no longer turns ON/OFF depending on the status and is always red Even though for my case it only needs to be set to OUT in ath9k_start but for consistency bring back the IN direction setting as well. Fixes: 79d4db1214a0 ("ath9k: cleanup led_pin initial") Cc: Miaoqing Pan Cc: Kalle Valo Cc: # 4.7+ Link: https://bugzilla.kernel.org/show_bug.cgi?id=151711 Signed-off-by: Giedrius Statkevičius [kvalo@qca.qualcomm.com: improve commit log] Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath9k/main.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c index 6ca4337a98c4..7cb65c303f8d 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c @@ -718,9 +718,12 @@ static int ath9k_start(struct ieee80211_hw *hw) if (!ath_complete_reset(sc, false)) ah->reset_power_on = false; - if (ah->led_pin >= 0) + if (ah->led_pin >= 0) { ath9k_hw_set_gpio(ah, ah->led_pin, (ah->config.led_active_high) ? 1 : 0); + ath9k_hw_gpio_request_out(ah, ah->led_pin, NULL, + AR_GPIO_OUTPUT_MUX_AS_OUTPUT); + } /* * Reset key cache to sane defaults (all entries cleared) instead of @@ -864,9 +867,11 @@ static void ath9k_stop(struct ieee80211_hw *hw) spin_lock_bh(&sc->sc_pcu_lock); - if (ah->led_pin >= 0) + if (ah->led_pin >= 0) { ath9k_hw_set_gpio(ah, ah->led_pin, (ah->config.led_active_high) ? 0 : 1); + ath9k_hw_gpio_request_in(ah, ah->led_pin, NULL); + } ath_prepare_reset(sc); -- cgit v1.2.3