1. 14 Jun, 2016 2 commits
    • Miaoqing Pan's avatar
      ath9k: fix GPIO mask for AR9462 and AR9565 · e024111f
      Miaoqing Pan authored
      The incorrect GPIO mask cause kernel warning, when AR9462 access GPIO11.
      Also fix the mask for AR9565.
      
      WARNING: CPU: 1 PID: 199 at ../drivers/net/wireless/ath/ath9k/hw.c:2778 ath9k_hw_gpio_get+0x1a9/0x1b0 [ath9k_hw]
      CPU: 1 PID: 199 Comm: kworker/u16:9 Not tainted 4.7.0-rc1-next-20160530+ #5
      Hardware name: Acer TravelMate P243/BA40_HC, BIOS V1.01 04/20/2012
      Workqueue: events_power_efficient rfkill_poll
       0000000000000000 ffff88002cf73d28 ffffffff813b8ddc 0000000000000000
       0000000000000000 ffff88002cf73d68 ffffffff8107a331 00000ada00000086
       ffff880148d9c018 000000000000000b ffff880147e68720 0000000000000200
      Call Trace:
       [<ffffffff813b8ddc>] dump_stack+0x63/0x87
       [<ffffffff8107a331>] __warn+0xd1/0xf0
       [<ffffffff8107a41d>] warn_slowpath_null+0x1d/0x20
       [<ffffffffc0775b19>] ath9k_hw_gpio_get+0x1a9/0x1b0 [ath9k_hw]
       [<ffffffffc047f3e4>] ath9k_rfkill_poll_state+0x34/0x60 [ath9k]
       [<ffffffffc06dbb53>] ieee80211_rfkill_poll+0x33/0x40 [mac80211]
       [<ffffffffc03ad65a>] cfg80211_rfkill_poll+0x2a/0xc0 [cfg80211]
       [<ffffffff817c5514>] rfkill_poll+0x24/0x50
       [<ffffffff81093183>] process_one_work+0x153/0x3f0
       [<ffffffff8109393b>] worker_thread+0x12b/0x4b0
       [<ffffffff81093810>] ? rescuer_thread+0x340/0x340
       [<ffffffff81099129>] kthread+0xc9/0xe0
       [<ffffffff817d8f1f>] ret_from_fork+0x1f/0x40
       [<ffffffff81099060>] ? kthread_park+0x60/0x60
      
      Fixes: a01ab81b ("ath9k: define correct GPIO numbers and bits mask")
      Reported-by: default avatarSudip Mukherjee <sudip.mukherjee@codethink.co.uk>
      Tested-by: default avatarSudip Mukherjee <sudip.mukherjee@codethink.co.uk>
      Signed-off-by: default avatarMiaoqing Pan <miaoqing@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      e024111f
    • Rajkumar Manoharan's avatar
      ath10k: fix deadlock while processing rx_in_ord_ind · e50525be
      Rajkumar Manoharan authored
      commit 5c86d97b ("ath10k: combine txrx and replenish task")
      introduced deadlock while processing rx in order indication message
      for qca6174 based devices. While merging replenish and txrx tasklets,
      replenish task should be called out of htt rx ring locking since it
      is also try to acquire the same lock.
      
      Unfortunately this issue is not exposed by other solutions (qca988x,
      qca99x0 & qca4019), as rx_in_ord_ind message is specific to qca6174
      based devices. This patch fixes
      
      =============================================
      [ INFO: possible recursive locking detected ]
      4.7.0-rc2-wt-ath+ #1353 Tainted: G            E
      ---------------------------------------------
      swapper/3/0 is trying to acquire lock:
       (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d7ef19>]
      ath10k_htt_rx_msdu_buff_replenish+0x29/0x90 [ath10k_core]
      
      but task is already holding lock:
       (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>]
      ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&htt->rx_ring.lock)->rlock);
        lock(&(&htt->rx_ring.lock)->rlock);
      
       *** DEADLOCK ***
      
       May be due to missing lock nesting notation
      
      1 lock held by swapper/3/0:
       #0:  (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>]
      ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=119151
      Fixes: 5c86d97b ("ath10k: combine txrx and replenish task")
      Reported-by: default avatarMike Lothian <mike@fireburn.co.uk>
      Signed-off-by: default avatarRajkumar Manoharan <rmanohar@qti.qualcomm.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      e50525be
  2. 07 Jun, 2016 1 commit
  3. 06 Jun, 2016 1 commit
    • Ben Greear's avatar
      ath10k: fix deadlock when peer cannot be created · fee48cf8
      Ben Greear authored
      We must not attempt to send WMI packets while holding the data-lock,
      as it may deadlock:
      
      BUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath10k/wmi.c:1824
      in_atomic(): 1, irqs_disabled(): 0, pid: 2878, name: wpa_supplicant
      
      =============================================
      [ INFO: possible recursive locking detected ]
      4.4.6+ #21 Tainted: G        W  O
      ---------------------------------------------
      wpa_supplicant/2878 is trying to acquire lock:
       (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa0721511>] ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
      
      but task is already holding lock:
       (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>] ath10k_peer_create+0x122/0x1ae [ath10k_core]
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&ar->data_lock)->rlock);
        lock(&(&ar->data_lock)->rlock);
      
       *** DEADLOCK ***
      
       May be due to missing lock nesting notation
      
      4 locks held by wpa_supplicant/2878:
       #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff816493ca>] rtnl_lock+0x12/0x14
       #1:  (&ar->conf_mutex){+.+.+.}, at: [<ffffffffa0706932>] ath10k_add_interface+0x3b/0xbda [ath10k_core]
       #2:  (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>] ath10k_peer_create+0x122/0x1ae [ath10k_core]
       #3:  (rcu_read_lock){......}, at: [<ffffffffa062f304>] rcu_read_lock+0x0/0x66 [mac80211]
      
      stack backtrace:
      CPU: 3 PID: 2878 Comm: wpa_supplicant Tainted: G        W  O    4.4.6+ #21
      Hardware name: To be filled by O.E.M. To be filled by O.E.M./ChiefRiver, BIOS 4.6.5 06/07/2013
       0000000000000000 ffff8801fcadf8f0 ffffffff8137086d ffffffff82681720
       ffffffff82681720 ffff8801fcadf9b0 ffffffff8112e3be ffff8801fcadf920
       0000000100000000 ffffffff82681720 ffffffffa0721500 ffff8801fcb8d348
      Call Trace:
       [<ffffffff8137086d>] dump_stack+0x81/0xb6
       [<ffffffff8112e3be>] __lock_acquire+0xc5b/0xde7
       [<ffffffffa0721500>] ? ath10k_wmi_tx_beacons_iter+0x15/0x11a [ath10k_core]
       [<ffffffff8112d0d0>] ? mark_lock+0x24/0x201
       [<ffffffff8112e908>] lock_acquire+0x132/0x1cb
       [<ffffffff8112e908>] ? lock_acquire+0x132/0x1cb
       [<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
       [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
       [<ffffffff816f9e2b>] _raw_spin_lock_bh+0x31/0x40
       [<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
       [<ffffffffa0721511>] ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
       [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
       [<ffffffffa062eb18>] __iterate_interfaces+0x9d/0x13d [mac80211]
       [<ffffffffa062f609>] ieee80211_iterate_active_interfaces_atomic+0x32/0x3e [mac80211]
       [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
       [<ffffffffa071fa9f>] ath10k_wmi_tx_beacons_nowait.isra.13+0x14/0x16 [ath10k_core]
       [<ffffffffa0721676>] ath10k_wmi_cmd_send+0x71/0x242 [ath10k_core]
       [<ffffffffa07023f6>] ath10k_wmi_peer_delete+0x3f/0x42 [ath10k_core]
       [<ffffffffa0702557>] ath10k_peer_create+0x15e/0x1ae [ath10k_core]
       [<ffffffffa0707004>] ath10k_add_interface+0x70d/0xbda [ath10k_core]
       [<ffffffffa05fffcc>] drv_add_interface+0x123/0x1a5 [mac80211]
       [<ffffffffa061554b>] ieee80211_do_open+0x351/0x667 [mac80211]
       [<ffffffffa06158aa>] ieee80211_open+0x49/0x4c [mac80211]
       [<ffffffff8163ecf9>] __dev_open+0x88/0xde
       [<ffffffff8163ef6e>] __dev_change_flags+0xa4/0x13a
       [<ffffffff8163f023>] dev_change_flags+0x1f/0x54
       [<ffffffff816a5532>] devinet_ioctl+0x2b9/0x5c9
       [<ffffffff816514dd>] ? copy_to_user+0x32/0x38
       [<ffffffff816a6115>] inet_ioctl+0x81/0x9d
       [<ffffffff816a6115>] ? inet_ioctl+0x81/0x9d
       [<ffffffff81621cf8>] sock_do_ioctl+0x20/0x3d
       [<ffffffff816223c4>] sock_ioctl+0x222/0x22e
       [<ffffffff8121cf95>] do_vfs_ioctl+0x453/0x4d7
       [<ffffffff81625603>] ? __sys_recvmsg+0x4c/0x5b
       [<ffffffff81225af1>] ? __fget_light+0x48/0x6c
       [<ffffffff8121d06b>] SyS_ioctl+0x52/0x74
       [<ffffffff816fa736>] entry_SYSCALL_64_fastpath+0x16/0x7a
      Signed-off-by: default avatarBen Greear <greearb@candelatech.com>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      fee48cf8
  4. 04 Jun, 2016 1 commit
  5. 03 Jun, 2016 1 commit
    • Franky Lin's avatar
      brcmfmac: add eth_type_trans back for PCIe full dongle · 31143e29
      Franky Lin authored
      A regression was introduced in commit 9c349892 ("brcmfmac: revise
      handling events in receive path") which moves eth_type_trans() call
      to brcmf_rx_frame(). Msgbuf layer doesn't use brcmf_rx_frame() but invokes
      brcmf_netif_rx() directly. In such case the Ethernet header was not
      stripped out resulting in null pointer dereference in the networking
      stack.
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
      IP: [<ffffffff814c3ce6>] enqueue_to_backlog+0x56/0x260
      PGD 0
      Oops: 0000 [#1] PREEMPT SMP
      Modules linked in: fuse ipt_MASQUERADE nf_nat_masquerade_ipv4
      iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype
      [...]
      rtsx_pci scsi_mod usbcore usb_common i8042 serio nvme nvme_core
      CPU: 7 PID: 1340 Comm: irq/136-brcmf_p Not tainted 4.7.0-rc1-mainline #1
      Hardware name: Dell Inc. XPS 15 9550/0N7TVV, BIOS 01.02.00 04/07/2016
      task: ffff8804a0c5bd00 ti: ffff88049e124000 task.ti: ffff88049e124000
      RIP: 0010:[<ffffffff814c3ce6>] [<ffffffff814c3ce6>]
      enqueue_to_backlog+0x56/0x260
      RSP: 0018:ffff88049e127ca0 EFLAGS: 00010046
      RAX: 0000000000000000 RBX: ffff8804bddd7c40 RCX: 000000000000002f
      RDX: 0000000000000000 RSI: 0000000000000007 RDI: ffff8804bddd7d4c
      RBP: ffff88049e127ce8 R08: 0000000000000000 R09: 0000000000000000
      R10: ffff8804bddd12c0 R11: 000000000000149e R12: 0000000000017c40
      R13: ffff88049e127d08 R14: ffff8804a9bd6d00 R15: ffff8804bddd7d4c
      FS: 0000000000000000(0000) GS:ffff8804bddc0000(0000) knlGS:0000000000000000
      CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000048 CR3: 0000000001806000 CR4: 00000000003406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Stack:
      ffff8804bdddad00 ffff8804ad089e00 0000000000000000 0000000000000282
      0000000000000000 ffff8804a9bd6d00 ffff8804a1b27e00 ffff8804a9bd6d00
      ffff88002ee88000 ffff88049e127d28 ffffffff814c3f3b ffffffff81311fc3
      Call Trace:
      [<ffffffff814c3f3b>] netif_rx_internal+0x4b/0x170
      [<ffffffff81311fc3>] ? swiotlb_tbl_unmap_single+0xf3/0x120
      [<ffffffff814c5467>] netif_rx_ni+0x27/0xc0
      [<ffffffffa08519e9>] brcmf_netif_rx+0x49/0x70 [brcmfmac]
      [<ffffffffa08564d4>] brcmf_msgbuf_process_rx+0x2b4/0x570 [brcmfmac]
      [<ffffffff81020017>] ? __xen_set_pgd_hyper+0x57/0xd0
      [<ffffffff810d60b0>] ? irq_forced_thread_fn+0x70/0x70
      [<ffffffffa0857381>] brcmf_proto_msgbuf_rx_trigger+0x31/0xe0 [brcmfmac]
      [<ffffffffa0861e8f>] brcmf_pcie_isr_thread+0x7f/0x110 [brcmfmac]
      [<ffffffff810d60d0>] irq_thread_fn+0x20/0x50
      [<ffffffff810d63ad>] irq_thread+0x12d/0x1c0
      [<ffffffff815d07d5>] ? __schedule+0x2f5/0x7a0
      [<ffffffff810d61d0>] ? wake_threads_waitq+0x30/0x30
      [<ffffffff810d6280>] ? irq_thread_dtor+0xb0/0xb0
      [<ffffffff81098ea8>] kthread+0xd8/0xf0
      [<ffffffff815d4b7f>] ret_from_fork+0x1f/0x40
      [<ffffffff81098dd0>] ? kthread_worker_fn+0x170/0x170
      Code: 1c f5 60 9a 8e 81 9c 58 0f 1f 44 00 00 48 89 45 d0 fa 66 0f 1f
      44 00 00 4c 8d bb 0c 01 00 00 4c 89 ff e8 5e 08 11 00 49 8b 56 20 <48>
      8b 52 48 83 e2 01 74 10 8b 8b 08 01 00 00 8b 15 59 c5 42 00
      RIP [<ffffffff814c3ce6>] enqueue_to_backlog+0x56/0x260
      RSP <ffff88049e127ca0>
      CR2: 0000000000000048
      
      Fixes: 9c349892 ("brcmfmac: revise handling events in receive path")
      Reported-by: default avatarRafal Milecki <zajec5@gmail.com>
      Reported-by: default avatarGrey Christoforo <grey@christoforo.net>
      Reviewed-by: default avatarPieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
      Reviewed-by: default avatarArend Van Spriel <arend@broadcom.com>
      Reviewed-by: default avatarHante Meuleman <hante.meuleman@broadcom.com>
      Signed-off-by: default avatarFranky Lin <franky.lin@broadcom.com>
      [arend@broadcom.com: rephrased the commit message]
      Signed-off-by: default avatarArend van Spriel <arend@broadcom.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      31143e29
  6. 27 May, 2016 2 commits
  7. 26 May, 2016 17 commits
  8. 25 May, 2016 13 commits
  9. 24 May, 2016 2 commits