1. 02 Oct, 2019 4 commits
    • Denis Efremov's avatar
      ar5523: check NULL before memcpy() in ar5523_cmd() · 315cee42
      Denis Efremov authored
      memcpy() call with "idata == NULL && ilen == 0" results in undefined
      behavior in ar5523_cmd(). For example, NULL is passed in callchain
      "ar5523_stat_work() -> ar5523_cmd_write() -> ar5523_cmd()". This patch
      adds ilen check before memcpy() call in ar5523_cmd() to prevent an
      undefined behavior.
      
      Cc: Pontus Fuchs <pontus.fuchs@gmail.com>
      Cc: Kalle Valo <kvalo@codeaurora.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: David Laight <David.Laight@ACULAB.COM>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDenis Efremov <efremov@linux.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      315cee42
    • Wen Gong's avatar
      ath10k: add support for hardware rfkill · 1382993f
      Wen Gong authored
      When hardware rfkill is enabled in the firmware it will report the
      capability via using WMI_TLV_SYS_CAP_INFO_RFKILL bit in the WMI_SERVICE_READY
      event to the host. ath10k will check the capability, and if it is enabled then
      ath10k will set the GPIO information to firmware using WMI_PDEV_SET_PARAM. When
      the firmware detects hardware rfkill is enabled by the user, it will report it
      via WMI_RFKILL_STATE_CHANGE_EVENTID. Once ath10k receives the event it will
      send wmi command WMI_PDEV_SET_PARAM to the firmware to enable/disable the radio
      and also notifies cfg80211.
      
      We can't power off the device when rfkill is enabled, as otherwise the
      firmware would not be able to detect GPIO changes and report them to the
      host. So when rfkill is enabled, we need to keep the firmware running.
      
      Tested with QCA6174 PCI with firmware
      WLAN.RM.4.4.1-00109-QCARMSWPZ-1.
      Signed-off-by: default avatarAlan Liu <alanliu@codeaurora.org>
      Signed-off-by: default avatarWen Gong <wgong@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      1382993f
    • Christian Lamparter's avatar
      ath10k: restore QCA9880-AR1A (v1) detection · f8914a14
      Christian Lamparter authored
      This patch restores the old behavior that read
      the chip_id on the QCA988x before resetting the
      chip. This needs to be done in this order since
      the unsupported QCA988x AR1A chips fall off the
      bus when resetted. Otherwise the next MMIO Op
      after the reset causes a BUS ERROR and panic.
      
      Cc: stable@vger.kernel.org
      Fixes: 1a7fecb7 ("ath10k: reset chip before reading chip_id in probe")
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      f8914a14
    • Ben Greear's avatar
      ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq · cc6df017
      Ben Greear authored
      Offchannel management frames were failing:
      
      [18099.253732] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e3780
      [18102.293686] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e3780
      [18105.333653] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e3780
      [18108.373712] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e3780
      [18111.413687] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e36c0
      [18114.453726] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e3f00
      [18117.493773] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e36c0
      [18120.533631] ath10k_pci 0000:01:00.0: timed out waiting for offchannel skb cf0e3f00
      
      This bug appears to have been added between 4.0 (which works for us),
      and 4.4, which does not work.
      
      I think this is because the tx-offchannel logic gets in a loop when
      ath10k_mac_tx_frm_has_freq(ar) is false, so pkt is never actually
      sent to the firmware for transmit.
      
      This patch fixes the problem on 4.9 for me, and now HS20 clients
      can work again with my firmware.
      
      Antonio: tested with 10.4-3.5.3-00057 on QCA4019 and QCA9888
      Signed-off-by: default avatarBen Greear <greearb@candelatech.com>
      Tested-by: default avatarAntonio Quartulli <antonio.quartulli@kaiwoo.ai>
      [kvalo@codeaurora.org: improve commit log, remove unneeded parenthesis]
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      cc6df017
  2. 01 Oct, 2019 11 commits
    • Masashi Honma's avatar
      ath9k_htc: Discard undersized packets · cd486e62
      Masashi Honma authored
      Sometimes the hardware will push small packets that trigger a WARN_ON
      in mac80211. Discard them early to avoid this issue.
      
      This patch ports 2 patches from ath9k to ath9k_htc.
      commit 3c0efb74 "ath9k: discard
      undersized packets".
      commit df5c4150 "ath9k: correctly
      handle short radar pulses".
      
      [  112.835889] ------------[ cut here ]------------
      [  112.835971] WARNING: CPU: 5 PID: 0 at net/mac80211/rx.c:804 ieee80211_rx_napi+0xaac/0xb40 [mac80211]
      [  112.835973] Modules linked in: ath9k_htc ath9k_common ath9k_hw ath mac80211 cfg80211 libarc4 nouveau snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_hda_codec video snd_hda_core ttm snd_hwdep drm_kms_helper snd_pcm crct10dif_pclmul snd_seq_midi drm snd_seq_midi_event crc32_pclmul snd_rawmidi ghash_clmulni_intel snd_seq aesni_intel aes_x86_64 crypto_simd cryptd snd_seq_device glue_helper snd_timer sch_fq_codel i2c_algo_bit fb_sys_fops snd input_leds syscopyarea sysfillrect sysimgblt intel_cstate mei_me intel_rapl_perf soundcore mxm_wmi lpc_ich mei kvm_intel kvm mac_hid irqbypass parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear e1000e ahci libahci wmi
      [  112.836022] CPU: 5 PID: 0 Comm: swapper/5 Not tainted 5.3.0-wt #1
      [  112.836023] Hardware name: MouseComputer Co.,Ltd. X99-S01/X99-S01, BIOS 1.0C-W7 04/01/2015
      [  112.836056] RIP: 0010:ieee80211_rx_napi+0xaac/0xb40 [mac80211]
      [  112.836059] Code: 00 00 66 41 89 86 b0 00 00 00 e9 c8 fa ff ff 4c 89 b5 40 ff ff ff 49 89 c6 e9 c9 fa ff ff 48 c7 c7 e0 a2 a5 c0 e8 47 41 b0 e9 <0f> 0b 48 89 df e8 5a 94 2d ea e9 02 f9 ff ff 41 39 c1 44 89 85 60
      [  112.836060] RSP: 0018:ffffaa6180220da8 EFLAGS: 00010286
      [  112.836062] RAX: 0000000000000024 RBX: ffff909a20eeda00 RCX: 0000000000000000
      [  112.836064] RDX: 0000000000000000 RSI: ffff909a2f957448 RDI: ffff909a2f957448
      [  112.836065] RBP: ffffaa6180220e78 R08: 00000000000006e9 R09: 0000000000000004
      [  112.836066] R10: 000000000000000a R11: 0000000000000001 R12: 0000000000000000
      [  112.836068] R13: ffff909a261a47a0 R14: 0000000000000000 R15: 0000000000000004
      [  112.836070] FS:  0000000000000000(0000) GS:ffff909a2f940000(0000) knlGS:0000000000000000
      [  112.836071] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  112.836073] CR2: 00007f4e3ffffa08 CR3: 00000001afc0a006 CR4: 00000000001606e0
      [  112.836074] Call Trace:
      [  112.836076]  <IRQ>
      [  112.836083]  ? finish_td+0xb3/0xf0
      [  112.836092]  ? ath9k_rx_prepare.isra.11+0x22f/0x2a0 [ath9k_htc]
      [  112.836099]  ath9k_rx_tasklet+0x10b/0x1d0 [ath9k_htc]
      [  112.836105]  tasklet_action_common.isra.22+0x63/0x110
      [  112.836108]  tasklet_action+0x22/0x30
      [  112.836115]  __do_softirq+0xe4/0x2da
      [  112.836118]  irq_exit+0xae/0xb0
      [  112.836121]  do_IRQ+0x86/0xe0
      [  112.836125]  common_interrupt+0xf/0xf
      [  112.836126]  </IRQ>
      [  112.836130] RIP: 0010:cpuidle_enter_state+0xa9/0x440
      [  112.836133] Code: 3d bc 20 38 55 e8 f7 1d 84 ff 49 89 c7 0f 1f 44 00 00 31 ff e8 28 29 84 ff 80 7d d3 00 0f 85 e6 01 00 00 fb 66 0f 1f 44 00 00 <45> 85 ed 0f 89 ff 01 00 00 41 c7 44 24 10 00 00 00 00 48 83 c4 18
      [  112.836134] RSP: 0018:ffffaa61800e3e48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde
      [  112.836136] RAX: ffff909a2f96b340 RBX: ffffffffabb58200 RCX: 000000000000001f
      [  112.836137] RDX: 0000001a458adc5d RSI: 0000000026c9b581 RDI: 0000000000000000
      [  112.836139] RBP: ffffaa61800e3e88 R08: 0000000000000002 R09: 000000000002abc0
      [  112.836140] R10: ffffaa61800e3e18 R11: 000000000000002d R12: ffffca617fb40b00
      [  112.836141] R13: 0000000000000002 R14: ffffffffabb582d8 R15: 0000001a458adc5d
      [  112.836145]  ? cpuidle_enter_state+0x98/0x440
      [  112.836149]  ? menu_select+0x370/0x600
      [  112.836151]  cpuidle_enter+0x2e/0x40
      [  112.836154]  call_cpuidle+0x23/0x40
      [  112.836156]  do_idle+0x204/0x280
      [  112.836159]  cpu_startup_entry+0x1d/0x20
      [  112.836164]  start_secondary+0x167/0x1c0
      [  112.836169]  secondary_startup_64+0xa4/0xb0
      [  112.836173] ---[ end trace 9f4cd18479cc5ae5 ]---
      Signed-off-by: default avatarMasashi Honma <masashi.honma@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      cd486e62
    • Masashi Honma's avatar
      ath9k_htc: Modify byte order for an error message · e01fddc1
      Masashi Honma authored
      rs_datalen is be16 so we need to convert it before printing.
      Signed-off-by: default avatarMasashi Honma <masashi.honma@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      e01fddc1
    • Denis Efremov's avatar
      ath9k_hw: fix uninitialized variable data · 80e84f36
      Denis Efremov authored
      Currently, data variable in ar9003_hw_thermo_cal_apply() could be
      uninitialized if ar9300_otp_read_word() will fail to read the value.
      Initialize data variable with 0 to prevent an undefined behavior. This
      will be enough to handle error case when ar9300_otp_read_word() fails.
      
      Fixes: 80fe43f2 ("ath9k_hw: Read and configure thermocal for AR9462")
      Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
      Cc: John W. Linville <linville@tuxdriver.com>
      Cc: Kalle Valo <kvalo@codeaurora.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDenis Efremov <efremov@linux.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      80e84f36
    • Anilkumar Kolli's avatar
      ath10k: fix backtrace on coredump · d98ddae8
      Anilkumar Kolli authored
      In a multiradio board with one QCA9984 and one AR9987
      after enabling the crashdump with module parameter
      coredump_mask=7, below backtrace is seen.
      
      vmalloc: allocation failure: 0 bytes
       kworker/u4:0: page allocation failure: order:0, mode:0x80d2
       CPU: 0 PID: 6 Comm: kworker/u4:0 Not tainted 3.14.77 #130
       Workqueue: ath10k_wq ath10k_core_register_work [ath10k_core]
       (unwind_backtrace) from [<c021abf8>] (show_stack+0x10/0x14)
       (dump_stack+0x80/0xa0)
       (warn_alloc_failed+0xd0/0xfc)
       (__vmalloc_node_range+0x1b4/0x1d8)
       (__vmalloc_node+0x34/0x40)
       (vzalloc+0x24/0x30)
       (ath10k_coredump_register+0x6c/0x88 [ath10k_core])
       (ath10k_core_register_work+0x350/0xb34 [ath10k_core])
       (process_one_work+0x20c/0x32c)
       (worker_thread+0x228/0x360)
      
      This is due to ath10k_hw_mem_layout is not defined for AR9987.
      For coredump undefined hw ramdump_size is 0.
      Check for the ramdump_size before allocation memory.
      
      Tested on: AR9987, QCA9984
      FW version: 10.4-3.9.0.2-00044
      Signed-off-by: default avatarAnilkumar Kolli <akolli@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      d98ddae8
    • Anilkumar Kolli's avatar
      ath10k: coredump: fix IRAM addr for QCA9984, QCA4019, QCA9888 and QCA99x0 · 93f9fefc
      Anilkumar Kolli authored
      The IRAM start address in coredump was wrong for QCA9984, QCA4019, QCA9888 and
      QCA99x0.
      
      Tested on: QCA9984, QCA4019
      FW version: 10.4-3.9.0.2-00044
      Signed-off-by: default avatarAnilkumar Kolli <akolli@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      93f9fefc
    • Erik Stromdahl's avatar
      ath10k: switch to ieee80211_tx_dequeue_ni · 30654760
      Erik Stromdahl authored
      Since ath10k_mac_tx_push_txq() can be called from process context, we
      must explicitly disable softirqs before the call into mac80211.
      
      By calling ieee80211_tx_dequeue_ni() instead of ieee80211_tx_dequeue()
      we make sure softirqs are always disabled even in the case when
      ath10k_mac_tx_push_txq() is called from process context.
      
      Calling ieee80211_tx_dequeue_ni() with softirq's already disabled
      (e.g., from softirq context) should be safe as the local_bh_disable()
      and local_bh_enable() functions (called from ieee80211_tx_dequeue_ni)
      are fully reentrant.
      Signed-off-by: default avatarErik Stromdahl <erik.stromdahl@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      30654760
    • Tomislav Požega's avatar
      ath10k: change sw version print format to hex · 7b308732
      Tomislav Požega authored
      Software version within WMI event ready message was displayed
      in a not very useful decimal format. Change this info to be shown
      in a hexadecimal format instead.
      Signed-off-by: default avatarTomislav Požega <pozega.tomislav@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      7b308732
    • Tomislav Požega's avatar
      ath10k: print supported MCS rates within service ready event · 73690c48
      Tomislav Požega authored
      Add vht_supp_mcs argument to service ready structure and print
      supported MCS rates in WMI service ready debug message.
      Signed-off-by: default avatarTomislav Požega <pozega.tomislav@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      73690c48
    • Tomislav Požega's avatar
      ath10k: print service ready returned channel range · 275ea1b2
      Tomislav Požega authored
      Displays lowest/highest supported channels for both 2ghz and 5ghz
      bands as they're fetched within WMI service ready event.
      These are shown in a frequency format.
      Signed-off-by: default avatarTomislav Požega <pozega.tomislav@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      275ea1b2
    • Tomislav Požega's avatar
      ath10k: add 2ghz channel arguments to service ready structure · fa879490
      Tomislav Požega authored
      Add lowest/highest 2ghz channel arguments for use within WMI service
      ready structure.
      Signed-off-by: default avatarTomislav Požega <pozega.tomislav@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      fa879490
    • YueHaibing's avatar
      ath9k: remove unused including <linux/version.h> · 6aff90c5
      YueHaibing authored
      Remove including <linux/version.h> that don't need it.
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      6aff90c5
  3. 23 Sep, 2019 7 commits
  4. 21 Sep, 2019 3 commits
  5. 17 Sep, 2019 12 commits
    • Colin Ian King's avatar
      ath10k: fix spelling mistake "eanble" -> "enable" · 09764659
      Colin Ian King authored
      There is a spelling mistake in a ath10k_warn warning message. Fix it.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      09764659
    • Miaoqing Pan's avatar
      ath10k: fix latency issue for QCA988x · 1340cc63
      Miaoqing Pan authored
      Bad latency is found on QCA988x, the issue was introduced by
      commit 4504f0e5 ("ath10k: sdio: workaround firmware UART
      pin configuration bug"). If uart_pin_workaround is false, this
      change will set uart pin even if uart_print is false.
      
      Tested HW: QCA9880
      Tested FW: 10.2.4-1.0-00037
      
      Fixes: 4504f0e5 ("ath10k: sdio: workaround firmware UART pin configuration bug")
      Signed-off-by: default avatarMiaoqing Pan <miaoqing@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      1340cc63
    • Wenwen Wang's avatar
      ath10k: add cleanup in ath10k_sta_state() · 334f5b61
      Wenwen Wang authored
      If 'sta->tdls' is false, no cleanup is executed, leading to memory/resource
      leaks, e.g., 'arsta->tx_stats'. To fix this issue, perform cleanup before
      go to the 'exit' label.
      Signed-off-by: default avatarWenwen Wang <wenwen@cs.uga.edu>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      334f5b61
    • Govind Singh's avatar
      ath10k: revalidate the msa region coming from firmware · c4130599
      Govind Singh authored
      driver sends QMI_WLFW_MSA_INFO_REQ_V01 QMI request to firmware
      and in response expects range of addresses and size to be mapped.
      Add condition to check whether addresses in response falls
      under valid range otherwise return failure.
      
      Testing: Tested on WCN3990 HW
      Tested FW: WLAN.HL.3.1-01040-QCAHLSWMTPLZ-1
      Signed-off-by: default avatarGovind Singh <govinds@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      c4130599
    • Tomislav Požega's avatar
      ath10k: use ath10k_pci_soc_ functions for all warm_reset instances · 9c44bf4c
      Tomislav Požega authored
      Use ath10k_pci_soc_read32 / ath10k_pci_soc_write32 functions for
      the rest of warm_reset functions. Until now these have been used
      only for ath10k_pci_warm_reset_si0, but since they already exist
      it makes sense to simplify code a bit.
      Runtime tested with QCA9862.
      Signed-off-by: default avatarTomislav Požega <pozega.tomislav@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      9c44bf4c
    • Vasyl Gomonovych's avatar
      ath10k: Use ARRAY_SIZE · 7921ae09
      Vasyl Gomonovych authored
      fix coccinelle warning, use ARRAY_SIZE
      Signed-off-by: default avatarVasyl Gomonovych <gomonovych@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      7921ae09
    • Sven Eckelmann's avatar
      ath10k: avoid leaving .bss_info_changed prematurely · 0227ff36
      Sven Eckelmann authored
      ath10k_bss_info_changed() handles various events from the upper layers. It
      parses the changed bitfield and then configures the driver/firmware
      accordingly. Each detected event is handled in a separate scope which is
      independent of each other - but in the same function.
      
      The commit f279294e ("ath10k: add support for configuring management
      packet rate") changed this behavior by returning from this function
      prematurely when some precondition was not fulfilled. All new event
      handlers added after the BSS_CHANGED_BASIC_RATES event handler would then
      also be skipped.
      Signed-off-by: default avatarSven Eckelmann <seckelmann@datto.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      0227ff36
    • Bjorn Andersson's avatar
      ath10k: Use standard bulk clock API in snoc · f93bcf0c
      Bjorn Andersson authored
      No frequency is currently specified for the single clock defined in the
      snoc driver, so the clock wrappers reimplements the standard bulk API
      provided by the clock framework. Change to this.
      
      The single clock defined is marked as optional so this version of the
      get API is used, but might need to be reconsidered in the future.
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      f93bcf0c
    • Bjorn Andersson's avatar
      ath10k: Use standard regulator bulk API in snoc · c56c7f24
      Bjorn Andersson authored
      The regulator_get_optional() exists for cases where the driver needs do
      behave differently depending on some regulator supply being present or
      not, as we don't use this we can use the standard regulator_get() and
      rely on its handling of unspecified regulators.
      
      While the driver currently doesn't specify any loads the regulator
      framework was updated last year to only account for load of enabled
      regulators, so should the need appear it's better to apply load numbers
      during initialization that dynamically.
      
      With this the regulator wrappers have been reduced the become identical
      to the standard bulk API provided by the regulator framework, so use
      these instead of rolling our own.
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      c56c7f24
    • Bjorn Andersson's avatar
      ath10k: snoc: skip regulator operations · b003e7f1
      Bjorn Andersson authored
      The regulator operations is trying to set a voltage to a fixed value, by
      giving some wiggle room. But some board designs specifies regulator
      voltages outside this limited range. One such example is the Lenovo Yoga
      C630, with vdd-3.3-ch0 in particular specified at 3.1V.
      
      But consumers with fixed voltage requirements should just rely on the
      board configuration to provide the power at the required level, so this
      code should be removed.
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      b003e7f1
    • Bjorn Andersson's avatar
      ath10k: Fix HOST capability QMI incompatibility · 7165ef89
      Bjorn Andersson authored
      The introduction of 768ec4c0 ("ath10k: update HOST capability QMI
      message") served the purpose of supporting the new and extended HOST
      capability QMI message.
      
      But while the new message adds a slew of optional members it changes the
      data type of the "daemon_support" member, which means that older
      versions of the firmware will fail to decode the incoming request
      message.
      
      There is no way to detect this breakage from Linux and there's no way to
      recover from sending the wrong message (i.e. we can't just try one
      format and then fallback to the other), so a quirk is introduced in
      DeviceTree to indicate to the driver that the firmware requires the 8bit
      version of this message.
      
      Cc: stable@vger.kernel.org
      Fixes: 768ec4c0 ("ath10k: update HOST capability qmi message")
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Acked-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      7165ef89
    • Hauke Mehrtens's avatar
      ath10k: Check if station exists before forwarding tx airtime report · b10f3267
      Hauke Mehrtens authored
      It looks like the FW on QCA9984 already reports the tx airtimes before
      the station is added to the peer entry. The peer entry is created in
      ath10k_peer_map_event() just with the vdev_id and the ethaddr, but
      not with a station entry, this is added later in ath10k_peer_create() in
      callbacks from mac80211.
      
      When there is no sta added to the peer entry, this function fails
      because it calls ieee80211_sta_register_airtime() with NULL.
      
      This was reported in OpenWrt some time ago:
      https://bugs.openwrt.org/index.php?do=details&task_id=2414
      
      This commit should fix this crash:
      [   75.991714] Unable to handle kernel paging request at virtual address fffff9e8
      [   75.991756] pgd = c0204000
      [   75.997955] [fffff9e8] *pgd=5fdfd861, *pte=00000000, *ppte=00000000
      [   76.000537] Internal error: Oops: 37 [#1] SMP ARM
      [   76.006686] Modules linked in: pppoe ppp_async ath10k_pci ath10k_core ath pptp pppox ppp_mppe ppp_generic mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY usbserial slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack_netlink iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables crc_ccitt compat chaoskey fuse sch_cake sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32
      [   76.059974]  cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6t_NPT ip6t_MASQUERADE nf_nat_masquerade_ipv6 nf_nat nf_conntrack nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 msdos ip_gre gre ifb sit tunnel4 ip_tunnel tun vfat fat hfsplus cifs nls_utf8 nls_iso8859_15 nls_iso8859_1 nls_cp850 nls_cp437 nls_cp1250 sha1_generic md5 md4
      [   76.130634]  usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_of_simple ohci_platform ohci_hcd phy_qcom_dwc3 ahci ehci_platform sd_mod ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug ext4 mbcache jbd2 exfat crc32c_generic
      [   76.154772] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.132 #0
      [   76.177001] Hardware name: Generic DT based system
      [   76.182990] task: c0b06d80 task.stack: c0b00000
      [   76.187832] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
      [   76.192211] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]
      [   76.199052] pc : [<bf75bfac>]    lr : [<bf83e8b0>]    psr: a0000113
      [   76.205820] sp : c0b01d54  ip : 00000002  fp : bf869c0c
      [   76.211981] r10: 0000003c  r9 : dbdca138  r8 : 00060002
      [   76.217192] r7 : 00000000  r6 : dabe1150  r5 : 00000000  r4 : dbdc95c0
      [   76.222401] r3 : 00000000  r2 : 00060002  r1 : 00000000  r0 : 00000000
      [   76.229003] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      [   76.235509] Control: 10c5787d  Table: 5c94006a  DAC: 00000051
      [   76.242716] Process swapper/0 (pid: 0, stack limit = 0xc0b00210)
      [   76.248446] Stack: (0xc0b01d54 to 0xc0b02000)
      [   76.254532] 1d40:                                              dbdc95c0 00000000 dabe1150
      [   76.258808] 1d60: 00000001 dabe1150 dbdca138 0000003c bf869c0c bf83e8b0 00000002 c0314b10
      [   76.266969] 1d80: dbdc9c70 00000001 00000001 dabe114c 00010000 00000000 dbdcd724 bf88f3d8
      [   76.275126] 1da0: c0310d28 db393c00 dbdc95c0 00000000 c0b01dd0 c07fb4c4 dbdcd724 00000001
      [   76.283286] 1dc0: 00000022 bf88b09c db393c00 00000022 c0b01dd0 c0b01dd0 00000000 dbdcc5c0
      [   76.291445] 1de0: bf88f04c dbdcd654 dbdcd71c dbdc95c0 00000014 dbdcd724 dbdcc5c0 00000005
      [   76.299605] 1e00: 0004b400 bf85c360 00000000 bf87101c c0b01e24 00000006 00000000 dbdc95c0
      [   76.307764] 1e20: 00000001 00000040 0000012c c0b01e80 1cf51000 bf85c448 dbdcd440 dbdc95c0
      [   76.315925] 1e40: dbdca440 ffffa880 00000040 bf88cb68 dbdcd440 00000001 00000040 ffffa880
      [   76.324084] 1e60: c0b02d00 c06d72e0 dd990080 c0a3f080 c0b255dc c0b047e4 c090afac c090e80c
      [   76.332244] 1e80: c0b01e80 c0b01e80 c0b01e88 c0b01e88 dd4cc200 00000000 00000003 c0b0208c
      [   76.340405] 1ea0: c0b02080 40000003 ffffe000 00000100 c0b02080 c03015c8 00000000 00000001
      [   76.348564] 1ec0: dd408000 c0a38210 c0b2c7c0 0000000a ffffa880 c0b02d00 c07fb764 00200102
      [   76.356723] 1ee0: dd4cc268 c0a3e414 00000000 00000000 00000001 dd408000 de803000 00000000
      [   76.364883] 1f00: 00000000 c03247cc c0a3e414 c0368f1c c0b03f60 c0b153cc de80200c de802000
      [   76.373042] 1f20: c0b01f48 c0301488 c0308630 60000013 ffffffff c0b01f7c 00000000 c0b00000
      [   76.381204] 1f40: 00000000 c030c08c 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0
      [   76.389363] 1f60: c0b03c70 00000000 00000000 c0a2da28 00000000 00000000 c0b01f90 c0b01f98
      [   76.397522] 1f80: c030862c c0308630 60000013 ffffffff 00000051 00000000 ffffe000 c035dd18
      [   76.405681] 1fa0: 000000bf c0b03c40 00000000 c0b2c000 dddfce80 c035e060 c0b2c040 c0a00cf4
      [   76.413842] 1fc0: ffffffff ffffffff 00000000 c0a0067c c0a2da28 00000000 00000000 c0b2c1d4
      [   76.422001] 1fe0: c0b03c5c c0a2da24 c0b07ee0 4220406a 512f04d0 4220807c 00000000 00000000
      [   76.430335] [<bf75bfac>] (ieee80211_sta_register_airtime [mac80211]) from [<00000002>] (0x2)
      [   76.438314] Code: e1cd81f0 e1a08002 e1cda1f8 e58de020 (e5102618)
      [   76.446965] ---[ end trace 227a38ade964d642 ]---
      
      Fixes: bb31b7cb ("ath10k: report tx airtime provided by fw")
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      b10f3267
  6. 15 Sep, 2019 1 commit
  7. 14 Sep, 2019 2 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 1609d760
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "The main change here is a revert of reverts. We recently simplified
        some code that was thought unnecessary; however, since then KVM has
        grown quite a few cond_resched()s and for that reason the simplified
        code is prone to livelocks---one CPUs tries to empty a list of guest
        page tables while the others keep adding to them. This adds back the
        generation-based zapping of guest page tables, which was not
        unnecessary after all.
      
        On top of this, there is a fix for a kernel memory leak and a couple
        of s390 fixlets as well"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot
        KVM: x86: work around leak of uninitialized stack contents
        KVM: nVMX: handle page fault in vmread
        KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
        KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset()
      1609d760
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 1f9c632c
      Linus Torvalds authored
      Pull virtio fix from Michael Tsirkin:
       "A last minute revert
      
        The 32-bit build got broken by the latest defence in depth patch.
        Revert and we'll try again in the next cycle"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        Revert "vhost: block speculation of translated descriptors"
      1f9c632c