- 06 Apr, 2022 35 commits
-
-
Ping-Ke Shih authored
Configure L1 settings of enter and exit. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220325060055.58482-8-pkshih@realtek.com
-
Ping-Ke Shih authored
Add setting to support 8852ce. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220325060055.58482-7-pkshih@realtek.com
-
Ping-Ke Shih authored
Address info registers are used to configure size of DMA address info to point skb->data. With different size, it can support different number of scatters. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220325060055.58482-6-pkshih@realtek.com
-
Ping-Ke Shih authored
Add LTR handle to PCI deinit as well. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220325060055.58482-5-pkshih@realtek.com
-
Chia-Yuan Li authored
The pre_init is used to initialize partial PCI function during PCI probe. It doesn't need to initialize all functions, so probe can be faster. Signed-off-by: Chia-Yuan Li <leo.li@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220325060055.58482-4-pkshih@realtek.com
-
Ping-Ke Shih authored
Refine operating mode function to support variant chips. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220325060055.58482-3-pkshih@realtek.com
-
Ping-Ke Shih authored
The PCI code of 8852AE and 8852CE are different, but the flow and register names are similar. To reuse the code, add a struct to define register or value accordingly. We also use chip id to control the slightly different flow. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220325060055.58482-2-pkshih@realtek.com
-
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.gitKalle Valo authored
ath.git patches for v5.19. Major changes: ath11k * Wake-on-WLAN support for QCA6390 and WCN6855 * device recovery (firmware restart) support for QCA6390 and WCN6855 wcn36xx * support for transmit rate reporting to user space
-
Kalle Valo authored
No need to have goto for a return statement, so simplify the code. While at it, print warning messages if power up calls fail. No functional changes. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2 Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220401173042.17467-4-kvalo@kernel.org
-
Kalle Valo authored
While reviewing the mhi.c I noticed we were just ignoring the errors coming from MHI subsystem during suspend and resume. Add proper checks and warning messages. Also pass the error value to callers. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2 Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220401173042.17467-3-kvalo@kernel.org
-
Kalle Valo authored
State machines are difficult to understand and in this case it's just useless, which is shown by the diffstat. So remove it entirely to make the code simpler. No functional changes. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2 Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220401173042.17467-2-kvalo@kernel.org
-
Ping-Ke Shih authored
The smatch reports: rtw8852a.c:1857 rtw8852a_btc_set_wl_txpwr_ctrl() error: uninitialized symbol '_cur'. rtw8852a.c:1858 rtw8852a_btc_set_wl_txpwr_ctrl() error: uninitialized symbol '_cur'. This is because rtw89_mac_txpwr_read32() can possibly return before setting argument _cur, and the caller will use the uninitialized value. To fix this problem, check the return value of rtw89_mac_txpwr_read32(). Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318035202.42437-1-pkshih@realtek.com
-
Ping-Ke Shih authored
8852C uses different fields to represent RX bandwidth. Since other fields are the same, I check chip_id to get bandwidth instead of creating another v1 function. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-12-pkshih@realtek.com
-
Ping-Ke Shih authored
The newer chip will generate security header itself, so don't set IEEE80211_KEY_FLAG_GENERATE_IV in this kind of chip. But, it needs to fill key_index, PN and 802.11 header length to TX descriptor, and then hardware uses these to generate security header. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-11-pkshih@realtek.com
-
Ping-Ke Shih authored
The txdesc is descriptor related to skb->data. The v1 version contains 8 dwords txwd_body and 6 dwords txwd_info, and the format is also different from original one. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-10-pkshih@realtek.com
-
Ping-Ke Shih authored
The txaddr_info is used to fill the DMA address of skb->data. The v1 version can support up to 10 entries, but the maximum size of each entry is 2047, so it fill more than one entry for large packet, like 3000 bytes. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-9-pkshih@realtek.com
-
Ping-Ke Shih authored
8852A and 8852C use different H2C header and size, so add h2c_desc_size to allocate different header size and fill content by fill_txdesc_fwcmd. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-8-pkshih@realtek.com
-
Johnson Lin authored
Bypass IGI, known as Rx gain, adjustment flow for incompatible hardware architectures. Signed-off-by: Johnson Lin <johnson.lin@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-7-pkshih@realtek.com
-
Johnson Lin authored
Refinement of DIG flow, a mechanism to adjust Rx gain for better Rx performance, by packing IGI(initial gain index) configuration flow into one function. Signed-off-by: Johnson Lin <johnson.lin@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-6-pkshih@realtek.com
-
Zong-Zhe Yang authored
Update notes: Configure rtw89_regulatory for 6G band according to country. Adjust country GB to use RTW89_UK entry on all bands. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-5-pkshih@realtek.com
-
Zong-Zhe Yang authored
Wrap regd debug dump into a macro and add dump for 6G band field. Extend the macro used to configure regd table to account for multiple bands beyond 2G and 5G. And the follow-up commit will configure the corresponding values for 6G band into regd table. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-4-pkshih@realtek.com
-
Zong-Zhe Yang authored
Update notes: TX power by rate table is not changed. TX power limit table configures values for UK. TX power limit RU table configures values for UK. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-3-pkshih@realtek.com
-
Zong-Zhe Yang authored
Add RTW89_UK to enum rtw89_regulation_type. The follow-up commit will configure the corresponding values for it to TX power tables. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318023214.32411-2-pkshih@realtek.com
-
Ping-Ke Shih authored
An export symbol costs about 40 bytes (in x86 with gcc), so use a structure containing these small arrays to reduce code size. text data bss dec hex filename 34932 1410 0 36342 8df6 mac.o (before) 34276 1258 0 35534 8ace mac.o (after) Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220315015522.11366-1-pkshih@realtek.com
-
Zong-Zhe Yang authored
Originally, there is already a mechanism, SER (system error recover), to deal with HW/FW recovery. After FW v0.13.36.0, FW supports a H2C (host to chip) command to make a CPU exception. Then, SER is supposed to catch this FW crash and do L2 reset. This feature is a simulation to verify if flow of recovering from FW crash works. Usage of fw_crash debugfs is as the following. $ echo 1 > fw_crash // trigger FW crash and wait SER handling $ cat fw_crash // return 0 if restart has been done Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-9-pkshih@realtek.com
-
Zong-Zhe Yang authored
As the fw features gradually increase, it would be better that we have a set of methods to maintain fw features instead of using scattered bool variables. We reconstruct the way fw recognize features, and introduce RTW89_CHK_FW_FEATURE() / RTW89_SET_FW_FEATURE() to check / set fw features for uses. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-8-pkshih@realtek.com
-
Zong-Zhe Yang authored
Read FW backtrace entry through FW reserved payload engine, and then add FW backtrace dump during SER (system error recover) L2 reset process. It contains a list of RA (return address) and SP (stack pointer) which gives us a chance to trace back the call stack of FW. Moreover, if core dump might have wrong content due to error during dumping, we won't invoke device core dump framework. For this case, rtw89_ser_cd_free() is added to free buffer by ourselves. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-7-pkshih@realtek.com
-
Zong-Zhe Yang authored
When FW encounters exception or assertion, SER L2 reset process will start. It will dump some error information and re-download FW eventually. Since such errors are usually critical, we would like to keep more information about error to increase possibility of analysis and debugging FW. We first add FW payload engine (fw reserved playoad engine, fw_rsvd_ple) memory dump. FW will record things like CPU registers, backtrace entry, etc. in it for debugging. Moreover, device core dump framework is used and wrapped to collect kinds of dumps during SER L2 reset process. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-6-pkshih@realtek.com
-
Zong-Zhe Yang authored
While SER (system error recover) is processing, it's supposed to mean something is under recovery. So, disable interrupts (excluding the one of halt which could be used during SER) to avoid unexpected behavior. And then, enable interrupts after SER is done. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-5-pkshih@realtek.com
-
Zong-Zhe Yang authored
The raw error code might combine error scenario and error status. But, the error scenario isn't parsed previously. It makes us mishandle cpu exception and assertion. Now, we correct the error status for them. Besides, a few uses of error status are refined. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-4-pkshih@realtek.com
-
Zong-Zhe Yang authored
Previously, mac_mem_base_addr_table was declared in debug.c locally because it's only used via debugfs to dump mac memory. Now, we plan to refine SER (system error recover) flow which will also need to dump mac memory to somewhere as information for error which is catched. So, we move mac_mem_base_addr_table to mac.c rtw89_mac_mem_base_addrs earlier as common code. (no logic is changed) Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-3-pkshih@realtek.com
-
Zong-Zhe Yang authored
The CAM, meaning address CAM and bssid CAM here, will get leaks during SER (system error recover) L2 reset process and ieee80211_restart_hw() which is called by L2 reset process eventually. The normal flow would be like -> add interface (acquire 1) -> enter ips (release 1) -> leave ips (acquire 1) -> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection> The ieee80211_restart_hw() flow (under connection) -> ieee80211 reconfig -> add interface (acquire 1) -> leave ips (acquire 1) -> connection (occupy (A) + 2) <(B) 1 more leak> Originally, CAM is released before HW restart only if connection is under security. Now, release CAM whatever connection it is to fix leak in (A). OTOH, check if CAM is already valid to avoid acquiring multiple times to fix (B). Besides, if AP mode, release address CAM of all stations before HW restart. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220314071250.40292-2-pkshih@realtek.com
-
Po-Hao Huang authored
Previously we only consider single interface's status, idle mode behavior could be unexpected when multiple interfaces is active. Change to enter/leave idle mode by mac80211's configuration state. Signed-off-by: Po-Hao Huang <phhuang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220318034316.40720-1-pkshih@realtek.com
-
Gustavo A. R. Silva authored
There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.16/process/deprecated.html#zero-length-and-one-element-arrays Link: https://github.com/KSPP/linux/issues/78Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220216195030.GA904170@embeddedor
-
Gustavo A. R. Silva authored
There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.16/process/deprecated.html#zero-length-and-one-element-arrays Link: https://github.com/KSPP/linux/issues/78Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220216195015.GA904148@embeddedor
-
- 05 Apr, 2022 5 commits
-
-
Johannes Berg authored
In [1], Will raised a potential issue that the cfg80211 code, which does (from a locking perspective) rtnl_lock() wiphy_lock() rtnl_unlock() might be suspectible to ABBA deadlocks, because rtnl_unlock() calls netdev_run_todo(), which might end up calling rtnl_lock() again, which could then deadlock (see the comment in the code added here for the scenario). Some back and forth and thinking ensued, but clearly this can't happen if the net_todo_list is empty at the rtnl_unlock() here. Clearly, the code here cannot actually put an entry on it, and all other users of rtnl_unlock() will empty it since that will always go through netdev_run_todo(), emptying the list. So the only other way to get there would be to add to the list and then unlock the RTNL without going through rtnl_unlock(), which is only possible through __rtnl_unlock(). However, this isn't exported and not used in many places, and none of them seem to be able to unregister before using it. Therefore, add a WARN_ON() in the code to ensure this invariant won't be broken, so that the cfg80211 (or any similar) code stays safe. [1] https://lore.kernel.org/r/Yjzpo3TfZxtKPMAG@google.comSigned-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20220404113847.0ee02e4a70da.Ic73d206e217db20fd22dcec14fe5442ca732804b@changeidSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Tom Rix authored
The setting of i here err_nexthop6_group_get: i = nrt6; Is redundant, i is already nrt6. So remove this statement. The for loop for the unwinding err_rt6_create: for (i--; i >= 0; i--) { Is equivelent to for (; i > 0; i--) { Two consecutive labels can be reduced to one. Signed-off-by: Tom Rix <trix@redhat.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Link: https://lore.kernel.org/r/20220402121516.2750284-1-trix@redhat.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Nagarajan Maran authored
In the "ath11k_wow_init", error value "EINVAL" is returned when the check for firmware support of WoW feature fails, which in turn stops the driver initialization. Warning message: [ 31.040144] ------------[ cut here ]------------ [ 31.040185] WARNING: CPU: 1 PID: 51 at drivers/net/wireless/ath/ath11k/wow.c:813 ath11k_wow_init+0xc8/0x13a8 [ath11k] [ 31.043846] Modules linked in: ath11k_pci ath11k qmi_helpers [ 31.054341] CPU: 1 PID: 51 Comm: kworker/u8:1 Tainted: G W 5.17.0-wt-ath-594817-ga7f6aa925cf8-dirty #17 [ 31.060078] Hardware name: Qualcomm Technologies, Inc. IPQ8074/AP-HK10-C2 (DT) [ 31.070578] Workqueue: ath11k_qmi_driver_event ath11k_qmi_driver_event_work [ath11k] [ 31.077782] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 31.085676] pc : ath11k_wow_init+0xc8/0x13a8 [ath11k] [ 31.092359] lr : ath11k_mac_register+0x548/0xb98 [ath11k] [ 31.097567] sp : ffff80000aa13c40 [ 31.102944] x29: ffff80000aa13c40 x28: ffff800009184390 x27: ffff000002959f20 [ 31.106251] x26: ffff000002828000 x25: ffff000002830000 x24: ffff000002830000 [ 31.113369] x23: ffff000002820000 x22: ffff00000282854c x21: 0000000000000000 [ 31.120487] x20: ffff00000295cf20 x19: ffff000002828540 x18: 0000000000000031 [ 31.127605] x17: 0000000000000004 x16: ffff0000028285fc x15: ffff00000295b040 [ 31.134723] x14: 0000000000000067 x13: ffff00000282859c x12: 000000000000000d [ 31.141840] x11: 0000000000000018 x10: 0000000000000004 x9 : 0000000000000000 [ 31.148959] x8 : ffff00000289d680 x7 : 0000000000000000 x6 : 000000000000003f [ 31.156077] x5 : 0000000000000040 x4 : 0000000000000000 x3 : ffff000002820968 [ 31.163196] x2 : 0000000000000080 x1 : 0080008af9981779 x0 : ffff000002959f20 [ 31.170314] Call trace: [ 31.177421] ath11k_wow_init+0xc8/0x13a8 [ath11k] [ 31.179684] ath11k_core_qmi_firmware_ready+0x430/0x5e0 [ath11k] [ 31.184548] ath11k_qmi_driver_event_work+0x16c/0x4f8 [ath11k] [ 31.190623] process_one_work+0x134/0x350 [ 31.196262] worker_thread+0x12c/0x450 [ 31.200340] kthread+0xf4/0x110 [ 31.203986] ret_from_fork+0x10/0x20 [ 31.207026] ---[ end trace 0000000000000000 ]--- [ 31.210894] ath11k_pci 0000:01:00.0: failed to init wow: -22 [ 31.215467] ath11k_pci 0000:01:00.0: failed register the radio with mac80211: -22 [ 31.221117] ath11k_pci 0000:01:00.0: failed to create pdev core: -22 Fix this by returning value "0" when FW doesn't support WoW to allow driver to proceed with initialize sequence and also remove the unnecessary "WARN_ON". Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1 Fixes: ba9177fc ("ath11k: Add basic WoW functionalities") Signed-off-by: Nagarajan Maran <quic_nmaran@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220331073110.3846-1-quic_nmaran@quicinc.com
-
Baochen Qiang authored
The intended delay in ath11k_core_suspend is introduced in commit d1b0c338 ("ath11k: implement suspend for QCA6390 PCI devices"), now with ath11k_mac_wait_tx_complete added in commit ba9177fc ("ath11k: Add basic WoW functionalities"), that delay is not necessary now, so remove it. This is found in code review. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-02431-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1 Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220331002105.1162099-1-quic_bqiang@quicinc.com
-
Karthikeyan Kathirvel authored
The maximum number of SSIDs in a for active probe requests is currently reported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver. The scan_req_params structure only has the capacity to hold 10 SSIDs. This leads to a buffer overflow which can be triggered from wpa_supplicant in userspace. When copying the SSIDs into the scan_req_params structure in the ath11k_mac_op_hw_scan route, it can overwrite the extraie pointer. Firmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe request will be sent, so totally 64 probe requests supported. So set both max ssid and bssid to 16 and 4 respectively. Remove the redundant macros of ssid and bssid. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1 Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20220329150221.21907-1-quic_kathirve@quicinc.com
-