- 14 Apr, 2023 34 commits
-
-
Po-Hao Huang authored
Use POWER_ON flag to make sure power on/off is symmetric. Since both remain_on_channel and hw_scan both alter the power state, this makes sure that we don't enter/leave IPS mode twice. Also, replace IPS related functions with inline function that does similar logic so we can track it more easily. Signed-off-by:
Po-Hao Huang <phhuang@realtek.com> Signed-off-by:
Ping-Ke Shih <pkshih@realtek.com> Signed-off-by:
Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230411124832.14965-5-pkshih@realtek.com
-
Po-Hao Huang authored
Add support of remain on channel ops. Since channel context is required to enable multi-channel concurrent(MCC) and the current ROC in mac80211 don't support more than 1 channel context, add this to let P2P and other protocols relying on this work as expected. The off-channel duration and cancel timing is purely controlled by upper layers. Signed-off-by:
-
Po-Hao Huang authored
Allocate a per-skb completion to track those skbs we are interested in and wait for them to complete transmission with TX status. Normally, the completion object is freed by wait side, but it could be timeout result that complete side should free the object instead. Add a owner field with RCU to determine which side should free the object. Signed-off-by:
Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by:
-
Po-Hao Huang authored
Adding this supports beacon filter and connection quality monitor. To make host CPU wake up less, let firmware perform signal monitoring and beacon processing, then notify driver upon signal changes or beacon loss. This feature needs firmware 0.27.56 or newer to support it. Signed-off-by:
-
Johannes Berg authored
The if statement here is misleading, we return zero anyway since we just checked the 'ret' variable, simplify the code to remove the condition entirely. Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230414130637.57c1eb58e655.I1b47a7771cd66306931089c150c6b5b240bdcba5@changeidSigned-off-by:
-
Ilan Peer authored
The setting of the rate used for non station cases did not take into consideration the interface type etc., thus when probe responses are transmitted on P2P Device interface etc. CCK rates were used which is not allowed. Modify the code so the non station case would consider the interface type etc. For HWs/FWs that do not support rate control, preserve the previous behavior, i.e., take the rate from the skb metadata and adjust as needed. Signed-off-by:
Ilan Peer <ilan.peer@intel.com> Signed-off-by:
-
Johannes Berg authored
If we have MLO, then the deflink.ap_sta_id cannot be used. However, we can use the new mvmvif->ap_sta pointer for the validation instead. Also don't do it multiple times for different FW instances of the same AP STA (TDLS STAs are only on a single link). Note that this isn't really working right yet since the underlying flush code hasn't been updated yet to know of multiple link STAs. Signed-off-by:
-
Johannes Berg authored
Implement the full STA mask and selecting the correct link for key installation. While at it, catch errors if this function returns a bad zero station mask, rather than waiting for the firmware to crash on it. Signed-off-by:
-
Johannes Berg authored
If adding a key to firmware fails we leak the allocated ptk_pn. This shouldn't happen in practice, but we should still fix it. Signed-off-by:
-
Johannes Berg authored
We never needed this to be non-static, that was just an artifact of the development process. Make it static. Signed-off-by:
-
Johannes Berg authored
Instead of relying on the AP STA ID and dereferencing our firmware -> mac80211 STA array when we really only need the STA, not the per-link information (and might not have it, e.g. for a pairwise key installation where this is relevant), keep track of the AP STA as a pointer to the mac80211 STA, protected by the mutex. Then use it here in the key code instead. Signed-off-by:
-
Hyunwoo Kim authored
An integer overflow occurs in the iwl_write_to_user_buf() function, which is called by the iwl_dbgfs_monitor_data_read() function. static bool iwl_write_to_user_buf(char __user *user_buf, ssize_t count, void *buf, ssize_t *size, ssize_t *bytes_copied) { int buf_size_left = count - *bytes_copied; buf_size_left = buf_size_left - (buf_size_left % sizeof(u32)); if (*size > buf_size_left) *size = buf_size_left; If the user passes a SIZE_MAX value to the "ssize_t count" parameter, the ssize_t count parameter is assigned to "int buf_size_left". Then compare "*size" with "buf_size_left" . Here, "buf_size_left" is a negative number, so "*size" is assigned "buf_size_left" and goes into the third argument of the copy_to_user function, causing a heap overflow. This is not a security vulnerability because iwl_dbgfs_monitor_data_read() is a debugfs operation with 0400 privileges. Signed-off-by:Hyunwoo Kim <imv4bel@gmail.com> Signed-off-by:
-
Tom Rix authored
Clang static analysis reports this representative issue dbg.c:1455:6: warning: Branch condition evaluates to a garbage value if (!rxf_data.size) ^~~~~~~~~~~~~~ This check depends on iwl_ini_get_rxf_data() to clear rxf_data but the function can return early without doing the clear. So move the memset before the early return. Fixes: cc9b6012 ("iwlwifi: yoyo: use hweight_long instead of bit manipulating") Signed-off-by:Tom Rix <trix@redhat.com> Signed-off-by:
-
Tom Rix authored
Clang static analysis reports this issue d3.c:567:22: warning: The left operand of '>' is a garbage value if (seq.tkip.iv32 > cur_rx_iv32) ~~~~~~~~~~~~~ ^ seq is never initialized. Call ieee80211_get_key_rx_seq() to initialize seq. Fixes: 0419e5e6 ("iwlwifi: mvm: d3: separate TKIP data from key iteration") Signed-off-by:Nick Desaulniers <ndesaulniers@google.com> Signed-off-by:
-
Colin Ian King authored
There is a spelling mistake in a IWL_DEBUG_SCAN debug message. Fix it. Signed-off-by:
Colin Ian King <colin.i.king@gmail.com> Signed-off-by:
-
Colin Ian King authored
There is a spelling mistake in a IWL_ERR error message. Fix it. Signed-off-by:
-
Miri Korenblit authored
Enable the new FW API with MLD based on FW TLV. Signed-off-by:
Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by:
-
Mukesh Sisodiya authored
Add support for a new PCI device ID 0x272b once registering with PCIe. Signed-off-by:
Mukesh Sisodiya <mukesh.sisodiya@intel.com> Signed-off-by:
-
Mukesh Sisodiya authored
Add RF step id handling and handle for BZ device. Read CNV Aux register and uses for no OTP case. Add missing rf support for Bz/Bnj device and correct/add the mapping for rf-type if OTP not present. Signed-off-by:
-
Ayala Beker authored
In case of UHB scan that follows a scan on legacy bands, consider both scan commands as part of the same scan cycle, and thus configure them to use the same antenna configuration. Signed-off-by:
Ayala Beker <ayala.beker@intel.com> Signed-off-by:
-
Daniel Gabay authored
Don't allow buffer allocation TLV with zero req_size since it leads later to division by zero in iwl_dbg_tlv_alloc_fragments(). Also, NPK/SRAM locations are allowed to have zero buffer req_size, don't discard them. Fixes: a9248de4 ("iwlwifi: dbg_ini: add TLV allocation new API support") Signed-off-by:
Daniel Gabay <daniel.gabay@intel.com> Signed-off-by:
-
Daniel Gabay authored
When NIC is in a bad state, reading data will return 28 bits as 0xa5a5a5a and the lowest 4 bits are not fixed value. Mask these bits in a few places to skip the dump correctly. Fixes: 89639e06 ("iwlwifi: yoyo: support for new DBGI_SRAM region") Signed-off-by:
-
Daniel Gabay authored
It is possible that iwl_pci_probe() will fail and free the trans, then afterwards iwl_pci_remove() will be called and crash by trying to access trans which is already freed, fix it. iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2 wfpm id 0xa5a5a5a2 iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2 ... BUG: kernel NULL pointer dereference, address: 0000000000000028 ... RIP: 0010:iwl_pci_remove+0x12/0x30 [iwlwifi] pci_device_remove+0x3e/0xb0 device_release_driver_internal+0x103/0x1f0 driver_detach+0x4c/0x90 bus_remove_driver+0x5c/0xd0 driver_unregister+0x31/0x50 pci_unregister_driver+0x40/0x90 iwl_pci_unregister_driver+0x15/0x20 [iwlwifi] __exit_compat+0x9/0x98 [iwlwifi] __x64_sys_delete_module+0x147/0x260 Signed-off-by:
-
Mukesh Sisodiya authored
Driver is using the dump name generated first time in all generated dump in case of NMI. The validity of dump name should be with each dump created and need to reset after each use. Fixes: 834f920e ("wifi: iwlwifi: yoyo: Add driver defined dump file name") Signed-off-by:
-
Johannes Berg authored
On 22000 and AX210 devices, there's a ROM bug that causes it to set invalid LTR settings. On 22000 and AX210 non-integrated we can fix up these settings from the driver (as done in the code here), but on AX210 integrated these registers are not available to the driver. Attempt to work around the issue by spinning while the IML is being loaded, the IML will then reprogram the LTR values itself after it's loaded, so only the brief IML load (which the ROM is doing) is affected. Signed-off-by:
-
Johannes Berg authored
In order to simplify checking that this value was set up correctly, add it to debugfs. Signed-off-by:
-
Miri Korenblit authored
beacon_inject_active turns true and false via debugfs when we inject a beacon. During the time of the beacon injection we can't configure the FW with a beacon cmd. If we have a hw restart during the beacon injection then in the recovery flow we will not be able to configure the beacon cmd to the FW. Fix this by cleaning up this variable after an hw restart. Signed-off-by:
-
Haim Dreyfuss authored
As part of version 2 we don't need to have wake_packet_bufsize and wake_packet_length. The first one is already calculated by the driver, the latter is sent as part of the wake packet notification. Signed-off-by:
Haim Dreyfuss <haim.dreyfuss@intel.com> Signed-off-by:
-
Avraham Stern authored
When secure LTF is not used, the HLTK is not derived during the PASN authentication. Make the HLTK optional when adding a PASN station. Signed-off-by:
Avraham Stern <avraham.stern@intel.com> Signed-off-by:
-
Johannes Berg authored
Due to hardware limitations when splitting up A-MSDUs, it cannot handle an arbitrary number of MSDUs per A-MSDU. Set the bits to ask transmitters to send only 8 MSDUs in one A-MSDU. Signed-off-by:
-
Avraham Stern authored
The aux queue is initialized to IWL_MVM_INVALID_QUEUE. This is later used for a bitmask of the queue, which results in a shift-out-of-bounds. Fix it. Fixes: b85f7ebb ("wifi: iwlwifi: mvm: avoid UB shift of snif_queue") Signed-off-by:
-
Alon Giladi authored
Starting from version 4 of ANT_GAIN_CMD verification of ppag table values is done by the FW. Driver has to send the complete table as it appears in the BIOS. Make this change. Signed-off-by:
Alon Giladi <alon.giladi@intel.com> Signed-off-by:
-
Ayala Beker authored
MCAST frames are filtered out by the driver if we are not authorized yet. Fix it to filter out only protected frames. Fixes: 147eb05f ("iwlwifi: mvm: always tell the firmware to accept MCAST frames in BSS") Signed-off-by:
-
Mukesh Sisodiya authored
Add debug print for different FW program counter details of different CPU. Program counter pc details will be read from TLV during init. Signed-off-by:
-
- 13 Apr, 2023 6 commits
-
-
Johannes Berg authored
Some drivers like iwlwifi might have per-STA queues, so we may want to flush/drop just those queues rather than all when removing a station. Add a separate method for that. Signed-off-by: -
Johannes Berg authored
When we remove a station, we first make it unreachable, then we (must) remove its keys, and then remove the station itself. Depending on the hardware design, if we have hardware crypto at all, frames still sitting on hardware queues may then be transmitted without a valid key, possibly unencrypted or with a fixed key. Fix this by flushing the queues when removing stations so this cannot happen. Signed-off-by: -
Johannes Berg authored
The checks of whether or not a frame is bufferable were not taking into account that some action frames aren't, such as FTM. Check this, which requires some changes to the function ieee80211_is_bufferable_mmpdu() since we need the whole skb for the checks now. Reviewed-by:
-
Johannes Berg authored
WLAN_PUBLIC_ACTION_FTM_RESPONSE is duplicated with WLAN_PUB_ACTION_FTM, but that might better be called WLAN_PUB_ACTION_FTM_RESPONSE; clean up here. Signed-off-by: -
Avraham Stern authored
On Bz devices, CHECKSUM_COMPLETE was set for unsupported protocols which results in a warning. Fix it. Fixes: b6f5b647 ("iwlwifi: mvm: handle RX checksum on Bz devices") Signed-off-by:
-
Avraham Stern authored
When the IPC registers are used for sleep control, setting the IPC sleep bit already triggers an interrupt to the fw, so there is no need to also set the doorbell. Setting also the doorbell triggers the sleep interrupt twice which lead to an assert. Fixes: af08571d ("iwlwifi: pcie: support Bz suspend/resume trigger") Signed-off-by:
-
