- 22 Mar, 2023 10 commits
-
-
Miri Korenblit authored
We used to send a MAC CTXT cmd to ask the FW to not pass MCAST frames if we're associated but not authorized, because we don't have the keys in that stage, and after authorization - we sent the cmd again to ask the FW to pass MCAST, as we have the keys now. The patch linked below was changing this strategy to always allow MCAST frames, and if we're not authorized - the driver will drop them. But we're still sending the MAC CTXT cmd after deaouthorization even though we don't tell the FW to not pass MCAST frames anymore. Basically we don't tell the FW anything new with this cmd. Fix this by not sending MAC CTXT command after deauthorization. For authorization we're sending the cmd to configure other changes too, so keep it. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.11b3481bc497.I9672acff9cfc00e7e1a187e7178caa3a1911a1b5@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
This is another patch in the series adding all the ops for the new MLD ieee80211_ops. The callbacks added here use the new MLD FW API Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.42b0d4726b8d.I0755baace47c0ab1d9d70137448125d3140ef3af@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
This is another patch in the series adding all the ops for the new MLD ieee80211_ops. The callbacks added here use the new MLD FW API Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.3eb485c359fc.I28be198ea9389083d5a01f68c92763722613ba9b@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Avraham Stern authored
iwl_mvm_get_sync_time() reads the gp2 from the device and then reads the system clock. Since the two reads are not done atomically, unexpected delays may happen between the two reads (e.g. context switch) which make it inaccurate. In order to improve the accuracy of the cross timestamp, call iwl_mvm_get_sync_time() multiple times in a loop and take the result in which the difference between the two clock is the smallest. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.d9e6f8f8998a.I569939ec4ddf0c6c64c112e7d0c30583f5509d9a@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Avraham Stern authored
Implement the following PHC operations: 1. adjtime - for adding an offset to the PHC clock time. 2. adjfine - for adjusting the PHC clock frequency. 3. gettime64 - for getting the PHC clock time. This function returns the time as adjusted by adjtime and adjfine. The adjusted time will also be used for time sync frames timestamping. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.f59750deeee4.I110a7e3ac3c6d39d9dbe1fe77001e3f5bc3814eb@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
Check hardware/firmware support and enable TX beacon protection as well if supported, programming the key into the firmware as usual. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.6a90a4f4f469.Ia028dea75f9a8eed40786d876d51f97fb3142688@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Krishnanand Prabhu authored
Add support for timing measurement in extended capabilities, used for time synchronization. Signed-off-by: Krishnanand Prabhu <krishnanand.prabhu@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.001d2b459ece.I15ab8fc214edc35f1f362006a9e1a22b89e7ed8e@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Avraham Stern authored
For TM/FTM frames, report the hardware timestamps reported by the fw as part of the RX/TX status. Since the fw reports the timestamps in a dedicated notification (and not as part of the RX/TX status), hold the frame until the fw timestamps notification is received. Timestamping is enabled when a station is connected and disabled when disconnected. For AP interface, only the first station will have timestamping enabled since the fw only supports timestamping for one peer. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.e0392d498101.I9bf12c8ecfb3f17253a13dc48a48647ddd6e7855@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Avraham Stern authored
If the firmware supports reading synced GP2/ATRB timestamps, read the synced timestamps from firmware instead of reading the GP2 register and the system time separately. Reading the synced time from firmware should be more accurate. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.a6be5f0b5580.Idedb496a5943fa496143066ffbed08185a8c4582@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Krishnanand Prabhu authored
Add support to enable/disable PHC clock. The PHC clock includes support for fetching the cross timestamp i.e. a non-atomic snapshot of the current time from the hardware (WiFi device) clock and system clock (wall-clock) simultaneously. Signed-off-by: Krishnanand Prabhu <krishnanand.prabhu@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230320122330.ae1d64f513b9.Ib3b6ad61c9fa2fc5908f1e0d6f59f4af6eec1a77@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 20 Mar, 2023 2 commits
-
-
Bitterblue Smith authored
This chip is found in cheap "free driver" USB adapters from Aliexpress. Initially they pretend to be a CD-ROM containing the driver for Windows. "Ejecting" switches the device to wifi mode. Features: 2.4 GHz, b/g/n mode, 1T1R, 150 Mbps. This chip is more unique than other Realtek chips: * The registers at addresses 0x0-0xff, which all the other chips use, can't be used here. New registers at 0x8000-0x80ff must be used instead. And it's not a simple matter of adding 0x8000: 0x2 (REG_SYS_FUNC) became 0x8004, 0x80 (REG_MCU_FW_DL) became 0x8090, etc. * Also there are a few new registers which must be accessed indirectly because their addresses don't fit in 16 bits. No other chips seem to have these. * The vendor driver compiles to 8188gu.ko, but the code calls the chip RTL8710B(U) pretty much everywhere, including messages visible to the user. Another difference compared to the other chips supported by rtl8xxxu is that it has a new PHY status struct, or three of them actually, from which we extract the RSSI, among other things. This is not unique, though, just new. The chips supported by rtw88 also use it. Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com> Reviewed-by: Ping-Ke Shih <pkshih@realtek.com> Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150 Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/4edbe29f-00b9-8eef-9789-20bed0b141e2@gmail.com
-
Bitterblue Smith authored
Always run the entire init sequence (rtl8xxxu_init_device()) for RTL8192EU. It's what the vendor driver does too. This fixes a bug where the device is unable to connect after rebooting: wlp3s0f3u2: send auth to ... (try 1/3) wlp3s0f3u2: send auth to ... (try 2/3) wlp3s0f3u2: send auth to ... (try 3/3) wlp3s0f3u2: authentication with ... timed out Rebooting leaves the device powered on (partially? at least the firmware is still running), but not really in a working state. Cc: stable@vger.kernel.org Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com> Acked-by: Jes Sorensen <jes@trained-monkey.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/4eb111a9-d4c4-37d0-b376-4e202de7153c@gmail.com
-
- 16 Mar, 2023 1 commit
-
-
Nathan Chancellor authored
Clang errors: drivers/net/wireless/intel/iwlwifi/iwl-devtrace.c:15:32: error: unknown warning group '-Wsuggest-attribute=format', ignored [-Werror,-Wunknown-warning-option] #pragma GCC diagnostic ignored "-Wsuggest-attribute=format" ^ 1 error generated. The warning being disabled by this pragma is GCC specific. Guard its use with CONFIG_CC_IS_GCC so that it is not used with clang to clear up the error. Fixes: 4eca8cbf ("wifi: iwlwifi: suppress printf warnings in tracing") Link: https://github.com/ClangBuiltLinux/linux/issues/1818Signed-off-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/20230315-iwlwifi-fix-pragma-v1-1-ad23f92c4739@kernel.orgSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 15 Mar, 2023 24 commits
-
-
Johannes Berg authored
This can't really be fixed due to the macro layout of tracepoints (you'd need a special tracepoint macro for when this is needed), so just suppress the warnings. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
There are a number of issues here: * if trans->reduce_power_loaded is already true, we call iwl_trans_set_reduce_power() with an uninitialized len value * in this case we also clobber a previous load/setting * if iwl_uefi_get_reduced_power() returns an ERR_PTR() we try to kfree() it Move the iwl_trans_set_reduce_power() call into the success case only to fix these issues. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.aa2cf2281f5d.I33b4ab3427f1921c184c52fecd0f46781a89dc8a@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Mukesh Sisodiya authored
Add missing rf support for Bz device and B-Step for BnJ device Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.14c373dcfe15.I96b96a8b149ac181e962f4b82e0d15b172823d0f@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
If there's a rate->index that maps inside the range but to an uninitialized value, then that's also a bad rate, avoid printing "(nil)" in that case and rather print the "BAD_RATE" string instead as in the else branch. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.06b38d160fc5.I45a9254d3658b1ce796aa4c427193d3cbf638d7e@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Solomon Tan authored
This patch addresses the checkpatch.pl warning that code indent should use tabs. Signed-off-by: Solomon Tan <solomonbstoner@protonmail.ch> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.eaca2a9b08f2.Ic81d60185c13cfc750bf93fbabac57314cb5de13@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Solomon Tan authored
This patch addresses the error from checkpatch.pl that a space is required before an open parenthesis. Signed-off-by: Solomon Tan <solomonbstoner@protonmail.ch> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.a21ba1967d94.Iaa52fc6517ea9efb3efc7b1b98f4df2a288de1c3@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Solomon Tan authored
This patch addresses the error from checkpatch.pl regarding the presence of prohibited spaces. Signed-off-by: Solomon Tan <solomonbstoner@protonmail.ch> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.557d6841a166.I0957923fe9ea20c1ec9140477033548ccfe93e9a@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Julia Lawall authored
Spelling mistakes (triple letters) in comment. Detected with the help of Coccinelle. Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.fb2fc470e949.I1f3a347b533bcdb6bcd310f752ab3349800efb49@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Tom Rix authored
cppcheck reports [drivers/net/wireless/intel/iwlwifi/mvm/rs.c:2686]: (warning) Assignment of function parameter has no effect outside the function. Did you forget dereferencing it? The setting of the 'sta' parameter is not needed. In the if-check that sets it to NULL, mvm_sta is also set to NULL. Then the next statement checks if mvm_sta is NULL and does an early return. So remove setting sta. Signed-off-by: Tom Rix <trix@redhat.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.711fe28cfdd6.I2f723f9d44f65720baaf3e84b72109759350a8f5@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
This is another patch in the series adding all the ops for the new MLD ieee80211_ops. The callback added here uses the new MLD FW API Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.5d4bcd384425.I263eef3aad8efe23a597843fe7c56924038c8fdc@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
Since parts of the functionality of this function is going to be used also by the MLD version of it, put in a separate function the parts that are common for both MLD and non-MLD modes. The common function will later be used in the MLD ops. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.fa05929badb9.I2222dc86cf7d7a7bb58c6a2f2529c8089bfe58b4@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
This is another patch in the series adding all the ops for the new MLD ieee80211_ops. The callback added here uses the new MLD FW API. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.d3753975e720.I45f89cc81370d2cf8d4f51748ccb3ec675eff1bd@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
Since parts of the functionality of this function is going to be used also by the MLD version of it, put in a separate function the parts that are common for both MLD and non-MLD modes. The common function will later be used in the MLD ops. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.844755701cac.I1c650718ad2381eabc38f4103c1aac67936a1ffc@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
As the MLD mode and its new APIs are introduced, we've decided to add a new ieee80211_ops dedicated for MLD callbacks. Add the MLD remove_interface() callback which uses the new MLD APIs. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.b87c5c0a4b6b.I631173a73d6ffd7232aa539ea8b356a222fac398@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
As the MLD mode and its new APIs are introduced, we've decided to add a new ieee80211_ops dedicated for MLD callbacks. Add the MLD add_interface() callback which uses the new MLD APIs added the previous patches. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.6adc29bff39b.I97ed469028009be9392dcc6f7b5ffbe45f4b2c43@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
As a part of the new MLD FW API changes, we have new commands for STA related operations (add/remove/aux/disable tx). Add structures and enum definitions, along with part of the functions that sends this commands. This functions will be in used and more will be added in the next patches. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.132873ce015c.I7b12a77e5be066730762e6ceeeaa7190293c3df1@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
As a part of the new MLD FW API changes, we have a new LINK command to add/remove/configure a link. Add structures and enum definitions, along with the functions that sends this command (i.e. add, remove and change mac ctxt). These functions will be in used in the next patches. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.d7808329effb.I13bea2db206b78540bc866bc3ab755ad5be78c53@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
As a part of the new MLD FW API changes, we have a new MAC CTXT command. Add structures and enum definitions, along with the functions that sends this command (i.e. add, remove and change mac ctxt). This functions will be in used in the next patches. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.99a41a5bc55f.I310312c829f5f2f69b64fcddce487b1eab80165b@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
Refactor MAC_CONTEXT_CMD sending flow: 1. As the new MLD API is introduced, there are some common fields in both the old and new APIs. The MAC_CONTEXT_CMD of the non-MLD API has common fields with the link and mac commands of the new MLD API. Put this common parts in functions so it can be used later by the new MLD API. 2. Use iwl_mvm_mac_ctxt_send_cmd when removing a mac instead of implementing the same functionality once again. 3. Change the debug print when sending the command to be more specific, so it will be easy to distinguish later if the old or new mac command was sent. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.3ab62700db4e.I2e353b308667c215aa456c160e0d90de2b9b85cc@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Miri Korenblit authored
Refactor STA_HE_CTXT_CMD sending flow: 1. As the new MLD API is introduced, there are some common fields in both the old and new APIs. The STA_HE_CTXT_CMD of the non-MLD API has common fields with the link and mac commands of the new MLD API. Put this common parts in functions so it can be used later by the new MLD API. 2. The HE capability which indicates whether the NIC is ack-enabled or not is the same for all bands. No need to take it from the specific band which is currently in use. Take it from the low band - this simplifies the code and doesn't require a phy_ctxt. Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.7ca960596953.Ifc3e816461abbd69c6fd87752342afcedfebc293@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Mukesh Sisodiya authored
Add driver defined dump file name extension for beacon loss and FW Assert case. Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.2a2ee92995e9.I38fff588e32276796cd757309fc811241f827c7a@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Mukesh Sisodiya authored
Add tlv in dump file for dump file name extension. Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com> Signed-off-by: Greenman, Gregory <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.ffc28212994e.Ie5f10709548497061f95c1634d942dd2facf72ec@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
In FW restart scenarios, we allocate the queues from the iwl_mvm_realloc_queues_after_restart() function, but that is called before we insert the station ID into our map (mvm->fw_id_to_mac_id). However, in all cases where we're actually allocating a queue for a "real" (not bcast, aux, ...) station we have the sta pointer already, so just pass it along to use it instead of looking it up. This fixes an issue where after restart we only allocated a queue of size 16 (due to the ordering issue described above), and thus never got good throughput again since no aggregates could be formed on transmit. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230314194113.4d70868003e8.I3476fee5c12f5b1af2be5e2f38a9df7d66d02b62@changeidSigned-off-by: Johannes Berg <johannes.berg@intel.com>
-
Lukas Bulwahn authored
Commit f79cbc77 ("wifi: move mac80211_hwsim and virt_wifi to virtual directory") and commit 298e50ad ("wifi: move raycs, wl3501 and rndis_wlan to legacy directory") move remaining wireless drivers into subdirectories, but does not adjust the entries in MAINTAINERS. Hence, ./scripts/get_maintainer.pl --self-test=patterns complains about broken references. Repair these file references in those wireless driver sections. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230314041848.5120-1-lukas.bulwahn@gmail.com
-
- 13 Mar, 2023 3 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.gitKalle Valo authored
ath.git patches for v6.4. Major changes: ath10k * enable threaded napi on WCN3990 ath11k * push MU-MIMO params from hostapd to hardware * tx ack signal support for management packets
-
Jisoo Jang authored
Fix a slab-out-of-bounds read that occurs in kmemdup() called from brcmf_get_assoc_ies(). The bug could occur when assoc_info->req_len, data from a URB provided by a USB device, is bigger than the size of buffer which is defined as WL_EXTRA_BUF_MAX. Add the size check for req_len/resp_len of assoc_info. Found by a modified version of syzkaller. [ 46.592467][ T7] ================================================================== [ 46.594687][ T7] BUG: KASAN: slab-out-of-bounds in kmemdup+0x3e/0x50 [ 46.596572][ T7] Read of size 3014656 at addr ffff888019442000 by task kworker/0:1/7 [ 46.598575][ T7] [ 46.599157][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G O 5.14.0+ #145 [ 46.601333][ T7] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 46.604360][ T7] Workqueue: events brcmf_fweh_event_worker [ 46.605943][ T7] Call Trace: [ 46.606584][ T7] dump_stack_lvl+0x8e/0xd1 [ 46.607446][ T7] print_address_description.constprop.0.cold+0x93/0x334 [ 46.608610][ T7] ? kmemdup+0x3e/0x50 [ 46.609341][ T7] kasan_report.cold+0x79/0xd5 [ 46.610151][ T7] ? kmemdup+0x3e/0x50 [ 46.610796][ T7] kasan_check_range+0x14e/0x1b0 [ 46.611691][ T7] memcpy+0x20/0x60 [ 46.612323][ T7] kmemdup+0x3e/0x50 [ 46.612987][ T7] brcmf_get_assoc_ies+0x967/0xf60 [ 46.613904][ T7] ? brcmf_notify_vif_event+0x3d0/0x3d0 [ 46.614831][ T7] ? lock_chain_count+0x20/0x20 [ 46.615683][ T7] ? mark_lock.part.0+0xfc/0x2770 [ 46.616552][ T7] ? lock_chain_count+0x20/0x20 [ 46.617409][ T7] ? mark_lock.part.0+0xfc/0x2770 [ 46.618244][ T7] ? lock_chain_count+0x20/0x20 [ 46.619024][ T7] brcmf_bss_connect_done.constprop.0+0x241/0x2e0 [ 46.620019][ T7] ? brcmf_parse_configure_security.isra.0+0x2a0/0x2a0 [ 46.620818][ T7] ? __lock_acquire+0x181f/0x5790 [ 46.621462][ T7] brcmf_notify_connect_status+0x448/0x1950 [ 46.622134][ T7] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 46.622736][ T7] ? brcmf_cfg80211_join_ibss+0x7b0/0x7b0 [ 46.623390][ T7] ? find_held_lock+0x2d/0x110 [ 46.623962][ T7] ? brcmf_fweh_event_worker+0x19f/0xc60 [ 46.624603][ T7] ? mark_held_locks+0x9f/0xe0 [ 46.625145][ T7] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 46.625871][ T7] ? brcmf_cfg80211_join_ibss+0x7b0/0x7b0 [ 46.626545][ T7] brcmf_fweh_call_event_handler.isra.0+0x90/0x100 [ 46.627338][ T7] brcmf_fweh_event_worker+0x557/0xc60 [ 46.627962][ T7] ? brcmf_fweh_call_event_handler.isra.0+0x100/0x100 [ 46.628736][ T7] ? rcu_read_lock_sched_held+0xa1/0xd0 [ 46.629396][ T7] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 46.629970][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 46.630649][ T7] process_one_work+0x92b/0x1460 [ 46.631205][ T7] ? pwq_dec_nr_in_flight+0x330/0x330 [ 46.631821][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 46.632347][ T7] worker_thread+0x95/0xe00 [ 46.632832][ T7] ? __kthread_parkme+0x115/0x1e0 [ 46.633393][ T7] ? process_one_work+0x1460/0x1460 [ 46.633957][ T7] kthread+0x3a1/0x480 [ 46.634369][ T7] ? set_kthread_struct+0x120/0x120 [ 46.634933][ T7] ret_from_fork+0x1f/0x30 [ 46.635431][ T7] [ 46.635687][ T7] Allocated by task 7: [ 46.636151][ T7] kasan_save_stack+0x1b/0x40 [ 46.636628][ T7] __kasan_kmalloc+0x7c/0x90 [ 46.637108][ T7] kmem_cache_alloc_trace+0x19e/0x330 [ 46.637696][ T7] brcmf_cfg80211_attach+0x4a0/0x4040 [ 46.638275][ T7] brcmf_attach+0x389/0xd40 [ 46.638739][ T7] brcmf_usb_probe+0x12de/0x1690 [ 46.639279][ T7] usb_probe_interface+0x2aa/0x760 [ 46.639820][ T7] really_probe+0x205/0xb70 [ 46.640342][ T7] __driver_probe_device+0x311/0x4b0 [ 46.640876][ T7] driver_probe_device+0x4e/0x150 [ 46.641445][ T7] __device_attach_driver+0x1cc/0x2a0 [ 46.642000][ T7] bus_for_each_drv+0x156/0x1d0 [ 46.642543][ T7] __device_attach+0x23f/0x3a0 [ 46.643065][ T7] bus_probe_device+0x1da/0x290 [ 46.643644][ T7] device_add+0xb7b/0x1eb0 [ 46.644130][ T7] usb_set_configuration+0xf59/0x16f0 [ 46.644720][ T7] usb_generic_driver_probe+0x82/0xa0 [ 46.645295][ T7] usb_probe_device+0xbb/0x250 [ 46.645786][ T7] really_probe+0x205/0xb70 [ 46.646258][ T7] __driver_probe_device+0x311/0x4b0 [ 46.646804][ T7] driver_probe_device+0x4e/0x150 [ 46.647387][ T7] __device_attach_driver+0x1cc/0x2a0 [ 46.647926][ T7] bus_for_each_drv+0x156/0x1d0 [ 46.648454][ T7] __device_attach+0x23f/0x3a0 [ 46.648939][ T7] bus_probe_device+0x1da/0x290 [ 46.649478][ T7] device_add+0xb7b/0x1eb0 [ 46.649936][ T7] usb_new_device.cold+0x49c/0x1029 [ 46.650526][ T7] hub_event+0x1c98/0x3950 [ 46.650975][ T7] process_one_work+0x92b/0x1460 [ 46.651535][ T7] worker_thread+0x95/0xe00 [ 46.651991][ T7] kthread+0x3a1/0x480 [ 46.652413][ T7] ret_from_fork+0x1f/0x30 [ 46.652885][ T7] [ 46.653131][ T7] The buggy address belongs to the object at ffff888019442000 [ 46.653131][ T7] which belongs to the cache kmalloc-2k of size 2048 [ 46.654669][ T7] The buggy address is located 0 bytes inside of [ 46.654669][ T7] 2048-byte region [ffff888019442000, ffff888019442800) [ 46.656137][ T7] The buggy address belongs to the page: [ 46.656720][ T7] page:ffffea0000651000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19440 [ 46.657792][ T7] head:ffffea0000651000 order:3 compound_mapcount:0 compound_pincount:0 [ 46.658673][ T7] flags: 0x100000000010200(slab|head|node=0|zone=1) [ 46.659422][ T7] raw: 0100000000010200 0000000000000000 dead000000000122 ffff888100042000 [ 46.660363][ T7] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 46.661236][ T7] page dumped because: kasan: bad access detected [ 46.661956][ T7] page_owner tracks the page as allocated [ 46.662588][ T7] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7, ts 31136961085, free_ts 0 [ 46.664271][ T7] prep_new_page+0x1aa/0x240 [ 46.664763][ T7] get_page_from_freelist+0x159a/0x27c0 [ 46.665340][ T7] __alloc_pages+0x2da/0x6a0 [ 46.665847][ T7] alloc_pages+0xec/0x1e0 [ 46.666308][ T7] allocate_slab+0x380/0x4e0 [ 46.666770][ T7] ___slab_alloc+0x5bc/0x940 [ 46.667264][ T7] __slab_alloc+0x6d/0x80 [ 46.667712][ T7] kmem_cache_alloc_trace+0x30a/0x330 [ 46.668299][ T7] brcmf_usbdev_qinit.constprop.0+0x50/0x470 [ 46.668885][ T7] brcmf_usb_probe+0xc97/0x1690 [ 46.669438][ T7] usb_probe_interface+0x2aa/0x760 [ 46.669988][ T7] really_probe+0x205/0xb70 [ 46.670487][ T7] __driver_probe_device+0x311/0x4b0 [ 46.671031][ T7] driver_probe_device+0x4e/0x150 [ 46.671604][ T7] __device_attach_driver+0x1cc/0x2a0 [ 46.672192][ T7] bus_for_each_drv+0x156/0x1d0 [ 46.672739][ T7] page_owner free stack trace missing [ 46.673335][ T7] [ 46.673620][ T7] Memory state around the buggy address: [ 46.674213][ T7] ffff888019442700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.675083][ T7] ffff888019442780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.675994][ T7] >ffff888019442800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.676875][ T7] ^ [ 46.677323][ T7] ffff888019442880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.678190][ T7] ffff888019442900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.679052][ T7] ================================================================== [ 46.679945][ T7] Disabling lock debugging due to kernel taint [ 46.680725][ T7] Kernel panic - not syncing: Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Jisoo Jang <jisoo.jang@yonsei.ac.kr> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr
-
Dongliang Mu authored
drivers/net/wireless/realtek/rtw88/usb.c:876 rtw_usb_probe() warn: 'hw' from ieee80211_alloc_hw() not released on lines: 811 Fix this by modifying return to a goto statement. Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn> Reviewed-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230309021636.528601-1-dzm91@hust.edu.cn
-