- 20 Dec, 2018 7 commits
-
-
Karthikeyan Periyasamy authored
This issue arise in a race condition between ath10k_sta_state() and ath10k_htt_fetch_peer_stats(), explained in below scenario Steps: 1. In ath10k_sta_state(), arsta->tx_stats get deallocated before peer deletion when the station moves from IEEE80211_STA_NONE to IEEE80211_STA_NOTEXIST state. 2. Meanwhile ath10k receive HTT_T2H_MSG_TYPE_PEER_STATS message. In ath10k_htt_fetch_peer_stats(), arsta->tx_stats get accessed after the peer validation check. Since arsta->tx_stats get freed before the peer deletion [1]. ath10k_htt_fetch_peer_stats() ended up in "use after free" situation. Fixed this issue by moving the arsta->tx_stats free handling after the peer deletion. so that ath10k_htt_fetch_peer_stats() will not end up in "use after free" situation. Kernel Panic: Unable to handle kernel NULL pointer dereference at virtual address 00000286 pgd = d8754000 [00000286] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM ... CPU: 0 PID: 6245 Comm: hostapd Not tainted task: dc44cac0 ti: d4a38000 task.ti: d4a38000 PC is at kmem_cache_alloc+0x7c/0x114 LR is at ath10k_sta_state+0x190/0xd58 [ath10k_core] pc : [<c02bdc50>] lr : [<bf916b78>] psr: 20000013 sp : d4a39b88 ip : 00000000 fp : 00000001 r10: 00000000 r9 : 1d3bc000 r8 : 00000dc0 r7 : 000080d0 r6 : d4a38000 r5 : dd401b00 r4 : 00000286 r3 : 00000000 r2 : d4a39ba0 r1 : 000080d0 r0 : dd401b00 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5787d Table: 5a75406a DAC: 00000015 Process hostapd (pid: 6245, stack limit = 0xd4a38238) Stack: (0xd4a39b88 to 0xd4a3a000) ... [<c02bdc50>] (kmem_cache_alloc) from [<bf916b78>] (ath10k_sta_state+0x190/0xd58 [ath10k_core]) [<bf916b78>] (ath10k_sta_state [ath10k_core]) from [<bf870d4c>] (sta_info_insert_rcu+0x418/0x61c [mac80211]) [<bf870d4c>] (sta_info_insert_rcu [mac80211]) from [<bf88634c>] (ieee80211_add_station+0xf0/0x134 [mac80211]) [<bf88634c>] (ieee80211_add_station [mac80211]) from [<bf83f3c4>] (nl80211_new_station+0x330/0x36c [cfg80211]) [<bf83f3c4>] (nl80211_new_station [cfg80211]) from [<bf6c4040>] (extack_doit+0x2c/0x74 [compat]) [<bf6c4040>] (extack_doit [compat]) from [<c05c285c>] (genl_rcv_msg+0x274/0x30c) [<c05c285c>] (genl_rcv_msg) from [<c05c1d98>] (netlink_rcv_skb+0x58/0xac) [<c05c1d98>] (netlink_rcv_skb) from [<c05c25d4>] (genl_rcv+0x20/0x34) [<c05c25d4>] (genl_rcv) from [<c05c1750>] (netlink_unicast+0x11c/0x204) [<c05c1750>] (netlink_unicast) from [<c05c1be0>] (netlink_sendmsg+0x30c/0x370) [<c05c1be0>] (netlink_sendmsg) from [<c0587e90>] (sock_sendmsg+0x70/0x84) [<c0587e90>] (sock_sendmsg) from [<c058970c>] (___sys_sendmsg.part.3+0x188/0x228) [<c058970c>] (___sys_sendmsg.part.3) from [<c058a594>] (__sys_sendmsg+0x4c/0x70) [<c058a594>] (__sys_sendmsg) from [<c0208c80>] (ret_fast_syscall+0x0/0x44) Code: ebfffec1 e1a04000 ea00001b e5953014 (e7940003) ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon Hardware tested: QCA9984 Firmware tested: 10.4-3.6.0.1-00004 Fixes: a904417f ("ath10k: add extended per sta tx statistics support") Signed-off-by:
Karthikeyan Periyasamy <periyasa@codeaurora.org> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org>
-
YueHaibing authored
Fixes gcc '-Wunused-but-set-variable' warning: drivers/net/wireless/ath/ath10k/mac.c: In function 'ath10k_sta_state': drivers/net/wireless/ath/ath10k/mac.c:6238:7: warning: variable 'num_tdls_vifs' set but not used [-Wunused-but-set-variable] 'num_tdls_vifs' not used any more after 9a993cc1 ("ath10k: fix the logic of limiting tdls peer counts") Also, remove the single called function ath10k_mac_tdls_vifs_count and ath10k_mac_tdls_vifs_count_iter. Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Signed-off-by:
-
YueHaibing authored
Fixes gcc '-Wunused-but-set-variable' warning: drivers/net/wireless/ath/wil6210/main.c: In function '_wil6210_disconnect': drivers/net/wireless/ath/wil6210/main.c:407:23: warning: variable 'wdev' set but not used [-Wunused-but-set-variable] It never used since commit ("e1b43407 wil6210: refactor disconnect flow") Signed-off-by:Maya Erez <merez@codeaurora.org> Signed-off-by:
-
Yangtao Li authored
Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code. Signed-off-by:
Yangtao Li <tiny.windzz@gmail.com> Signed-off-by:
-
Kyle Roeschley authored
This is not an unexpected condition, so we don't need to be shouting to the world about it. Signed-off-by:
Kyle Roeschley <kyle.roeschley@ni.com> Signed-off-by:
-
Kyle Roeschley authored
When ath6kl was reworked to share code between regular and scheduled scans in commit 3b8ffc6a ("ath6kl: Configure probed SSID list consistently"), probed SSID entry changed from 1-index to 0-indexed. However, ath6kl_cfg80211_scan_complete_event() was missed in that change. Fix its indexing so that we correctly clear out the probed SSID list. Signed-off-by:
-
Kyle Roeschley authored
Commit dd45b759 ("ath6kl: Include match ssid list in scheduled scan") merged the probed and matched SSID lists before sending them to the firmware. In the process, it assumed match set support is always available in ath6kl_set_probed_ssids, which breaks scans for hidden SSIDs. Now, check that the firmware supports matching SSIDs in scheduled scans before setting MATCH_SSID_FLAG. Fixes: dd45b759 ("ath6kl: Include match ssid list in scheduled scan") Signed-off-by:
-
- 04 Dec, 2018 23 commits
-
-
Yangtao Li authored
Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code. Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Yangtao Li authored
Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code. Signed-off-by:
Stefan Wahren <stefan.wahren@i2se.com> Signed-off-by:
-
Yangtao Li authored
Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code. Signed-off-by:
-
Yangtao Li authored
Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code. Signed-off-by:
Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by:
-
David S. Miller authored
Tariq Toukan says: ==================== mlx4_core cleanups This patchset by Erez contains cleanups to the mlx4_core driver. Patch 1 replaces -EINVAL with -EOPNOTSUPP for unsupported operations. Patch 2 fixes some coding style issues. Series generated against net-next commit: 97e6c858 net: usb: aqc111: Initialize wol_cfg with memset in aqc111_suspend ==================== Signed-off-by:
-
Erez Alfasi authored
Fix 3 checkpatch errors within mlx4/main.c: - Unnecessary mlx4_debug_level global variable initialization to 0. - Prohibited space before comma. - Whitespaces instead of tab. Signed-off-by:
Erez Alfasi <ereza@mellanox.com> Signed-off-by:
Tariq Toukan <tariqt@mellanox.com> Signed-off-by:
-
Erez Alfasi authored
Functions __set_port_type and mlx4_check_port_params returned -EINVAL while the proper return code is -EOPNOTSUPP as a result of an unsupported operation. All drivers should generate this and all users should check for it when detecting an unsupported functionality. Signed-off-by:
-
Jose Abreu authored
Logic of phy_device_create() requests PHY modules according to PHY ID but for C45 PHYs we use different field for the IDs. Let's also request the modules for these IDs. Changes from v1: - Only request C22 modules if C45 are not present (Andrew) Signed-off-by:
Jose Abreu <joabreu@synopsys.com> Cc: Andrew Lunn <andrew@lunn.ch> Cc: Florian Fainelli <f.fainelli@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Joao Pinto <joao.pinto@synopsys.com> Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
David S. Miller authored
Jerin Jacob says: ==================== octeontx2-af: NIX and NPC enhancements This patchset is a continuation to earlier submitted four patch series to add a new driver for Marvell's OcteonTX2 SOC's Resource virtualization unit (RVU) admin function driver. 1. octeontx2-af: Add RVU Admin Function driver https://www.spinics.net/lists/netdev/msg528272.html 2. octeontx2-af: NPA and NIX blocks initialization https://www.spinics.net/lists/netdev/msg529163.html 3. octeontx2-af: NPC parser and NIX blocks initialization https://www.spinics.net/lists/netdev/msg530252.html 4. octeontx2-af: NPC MCAM support and FLR handling https://www.spinics.net/lists/netdev/msg534392.html This patch series adds support for below NPC block: - Add NPC(mkex) profile support for various Key extraction configurations NIX block: - Enable dynamic RSS flow key algorithm configuration - Enhancements on Rx checksum and error checks - Add support for Tx packet marking support - TL1 schedule queue allocation enhancements - Add LSO format configuration mbox - VLAN TPID configuration - Skip multicast entry init for broadcast tables v2: - Rename FLOW_* to NIX_FLOW_* to avoid serious global namespace collisions, as we have various FLOW_* definitions coming from include/uapi/linux/pkt_cls.h for example.(David Miller) - Pack the arguments of rvu_get_tl1_schqs() function as 80 columns allows.(David Miller) ==================== Signed-off-by:
-
Vamsi Attunuru authored
The following set of NPC registers allow the driver to configure NPC to generate different key value schemes to compare against packet payload in MCAM search. NPC_AF_INTF(0..1)_KEX_CFG NPC_AF_KEX_LDATA(0..1)_FLAGS_CFG NPC_AF_INTF(0..1)_LID(0..7)_LT(0..15)_LD(0..1)_CFG NPC_AF_INTF(0..1)_LDATA(0..1)_FLAGS(0..15)_CFG Currently, the AF driver populates these registers to configure the default values to address the most common use cases such as key generation for channel number + DMAC. The secure firmware stores different configuration value of these registers to enable different NPC use case along with the name for the lookup. Patch loads profile binary from secure firmware over the exiting CGX mailbox interface and apply the profile. AF driver shall fall back to the default configuration in case of any errors. The AF consumer driver can know the selected profile on response to NPC_GET_KEX_CFG mailbox by introducing mkex_pfl_name in the struct npc_get_kex_cfg_rsp. Signed-off-by:
Vamsi Attunuru <vamsi.attunuru@marvell.com> Signed-off-by:
Jerin Jacob <jerinj@marvell.com> Signed-off-by:
-
Nithin Dabilpuram authored
NIX_AF_LSO_FORMAT(0..31)_FIELD(0..7) register enables an SW defined means to define LSO packet modification formats. 0..31 works as an index to choose the algorithm, On success, the mailbox returns the index to the client of chosen LSO algorithm selection. This index will be used in configuring the transmit descriptors. Add mailbox interface to dynamically reserve and configure LSO format. This commit also fixes 'sizem1' for NIX_LSOALG_TCP_FLAGS to '1' i.e 2 Bytes. Signed-off-by:
Nithin Dabilpuram <ndabilpuram@marvell.com> Signed-off-by:
Sunil Goutham <sgoutham@marvell.com> Signed-off-by:
-
Vidhya Raman authored
Adds mailbox support for L4 checksum verification and L3 and L4 length verification configuration. Signed-off-by:
Vidhya Raman <vraman@marvell.com> Signed-off-by:
-
Nithin Dabilpuram authored
Setup TPID's for vlan0 and vlan1 for Tx VLAN insertion offloads. Signed-off-by:
-
Krzysztof Kanas authored
NIX_AF_MARK_FORMAT(0..127)_CTL register enables an SW defined means to mark/insert various data in the packet based on final packet color from traffic shaping HW. 0..127 works as an index to choose the algorithm. On success, the mailbox returns the index to the client. Add NIX_MARK_FORMAT_CFG mailbox which reserves mark format based on tuple (offset, y_mask, y_val, r_mask, r_val) If the tuple is requested again for mark format that was already reserved, then it will be reused. If not it will reserve a new entry if space is available. Also on AF init commonly used marker format such as VLAN DEI, IPv4 ECN, IPv4 DSCP are reserved for AF consumers. Signed-off-by:
Krzysztof Kanas <kkanas@marvell.com> Signed-off-by:
-
Vamsi Attunuru authored
This patch adds support for enabling RSS in promiscuous mode if RSS is already requested by the AF client. Signed-off-by:
-
Jerin Jacob authored
In order to support all NIX specific valid length errors and checksum errors on Rx, Update all NIX_AF_RX_DEF_* registers. Also sorted all registers in HRM definition order. Signed-off-by:
-
Jerin Jacob authored
This patch enables the inner IPv4 checksum and defines the error code for Rx inner and outer checksum errors. Setting ERRCODE as 1 so that CQE descriptor can be embedded valid checksum error code and the driver can interpret checksum error as ERRLEV = LID + 1 and ERRCODE = 1. Signed-off-by:
-
Nithin Dabilpuram authored
The default behavior was to free all the TLx Tx schedule queues. This patch adds support for freeing a single Tx schedule queue if TXSCHQ_FREE_ALL flag is not set. Signed-off-by:
-
Nithin Dabilpuram authored
TL1 is the root node in the scheduling hierarchy and it is a global resource with a limited number. This patch introduces restriction and validation on the allocation of the TL1 nodes for the effective resource sharing across the AF consumers. - Limit TL1 allocation to 2 per lmac. One could be for the normal link and one for IEEE802.3br express link (Express Send DMA). Effectively all the VF's of an RVU PF(lmac) share the two TL1 schqs. - TL1 cannot be freed once allocated. - Allow VF's to only apply default config to TL1 if not already applied. PF's can always overwrite the TL1 config. - Consider NIX_AQ_INSTOP_WRITE while validating txschq when sq.ena is set. Signed-off-by:
-
Jerin Jacob authored
Introduced reserve_flowkey_alg_idx()to reserve RSS algorithm index, it would internally use set_flowkey_fields() to generate fields based on the flow key dynamically. On AF driver init, it would reserve a predefined set RSS algo indexes, which will be available all the time for all the AF driver consumers. The leftover algo indexes can be reserved at runtime through exiting nix_rss_flowkey_cfg mailbox message. The NIX_FLOW_KEY_TYPE_PORT is removed from predefined a set of RSS flow type as it is not used by any consumer. Signed-off-by:
-
Jerin Jacob authored
Introduce state-based algorithm to convert the flow_key value to RSS algo field used by NIX_AF_RX_FLOW_KEY_ALGX_FIELDX register. The outer `for loop` goes over _all_ protocol field and the following variables depict the state machine forward progress logic. a) keyoff_marker - Enabled when hash byte length needs to be accounted in field->key_offset update. b) field_marker - Enabled when a new field needs to be selected. c) group_member - Enabled when a protocol is part of a group. This would remove the existing hard coding and enable to add new protocol support seamlessly. Signed-off-by:
-
Jerin Jacob authored
Added response for nix_rss_flowkey_cfg message to return selected RSS algorithm index. The FLOW_KEY_TYPE* definition is part of the mbox message and it will be used by the other consumers of AF driver hence moving to mbox.h. Also renamed FLOW_* definitions to NIX_FLOW_* to avoid global name space collisions, as we have various coming from include/uapi/linux/pkt_cls.h for example. Signed-off-by:
-
Sunil Goutham authored
At the time of initial broadcast packet replication table init, NIXLFs are not yet attached to PF_FUNCs. Hence skipped checking NIXLF while submitting MCE entry init instruction to NIX admin queue. Also did a minor cleanup while installing bcast match entry in packet parser unit i.e NPC. Signed-off-by:
-
- 03 Dec, 2018 10 commits
-
-
David S. Miller authored
Willem de Bruijn says: ==================== udp msg_zerocopy Enable MSG_ZEROCOPY for udp sockets Patch 1/3 is the main patch, a rework of RFC patch http://patchwork.ozlabs.org/patch/899630/ more details in the patch commit message Patch 2/3 is an optimization to remove a branch from the UDP hot path and refcount_inc/refcount_dec_and_test pair when zerocopy is used. This used to be included in the first patch in v2. Patch 3/3 runs the already existing udp zerocopy tests as part of kselftest See also recent Linux Plumbers presentation https://linuxplumbersconf.org/event/2/contributions/106/attachments/104/128/willemdebruijn-lpc2018-udpgso-presentation-20181113.pdf Changes: v1 -> v2 - Fixup reverse christmas tree violation v2 -> v3 - Split refcount avoidance optimization into separate patch - Fix refcount leak on error in fragmented case (thanks to Paolo Abeni for pointing this one out!) - Fix refcount inc on zero v3 -> v4 - Move skb_zcopy_set below the only kfree_skb that might cause a premature uarg destroy before skb_zerocopy_put_abort - Move the entire skb_shinfo assignment block, to keep that cacheline access in one place ==================== Signed-off-by:
-
Willem de Bruijn authored
Both msg_zerocopy and udpgso_bench have udp zerocopy variants. Exercise these as part of the standard kselftest run. With udp, msg_zerocopy has no control channel. Ensure that the receiver exits after the sender by accounting for the initial delay in starting them (in msg_zerocopy.sh). Signed-off-by:
Willem de Bruijn <willemb@google.com> Signed-off-by:
-
Willem de Bruijn authored
With MSG_ZEROCOPY, each skb holds a reference to a struct ubuf_info. Release of its last reference triggers a completion notification. The TCP stack in tcp_sendmsg_locked holds an extra ref independent of the skbs, because it can build, send and free skbs within its loop, possibly reaching refcount zero and freeing the ubuf_info too soon. The UDP stack currently also takes this extra ref, but does not need it as all skbs are sent after return from __ip(6)_append_data. Avoid the extra refcount_inc and refcount_dec_and_test, and generally the sock_zerocopy_put in the common path, by passing the initial reference to the first skb. This approach is taken instead of initializing the refcount to 0, as that would generate error "refcount_t: increment on 0" on the next skb_zcopy_set. Changes v3 -> v4 - Move skb_zcopy_set below the only kfree_skb that might cause a premature uarg destroy before skb_zerocopy_put_abort - Move the entire skb_shinfo assignment block, to keep that cacheline access in one place Signed-off-by:Paolo Abeni <pabeni@redhat.com> Signed-off-by:
-
Willem de Bruijn authored
Extend zerocopy to udp sockets. Allow setting sockopt SO_ZEROCOPY and interpret flag MSG_ZEROCOPY. This patch was previously part of the zerocopy RFC patchsets. Zerocopy is not effective at small MTU. With segmentation offload building larger datagrams, the benefit of page flipping outweights the cost of generating a completion notification. tools/testing/selftests/net/msg_zerocopy.sh after applying follow-on test patch and making skb_orphan_frags_rx same as skb_orphan_frags: ipv4 udp -t 1 tx=191312 (11938 MB) txc=0 zc=n rx=191312 (11938 MB) ipv4 udp -z -t 1 tx=304507 (19002 MB) txc=304507 zc=y rx=304507 (19002 MB) ok ipv6 udp -t 1 tx=174485 (10888 MB) txc=0 zc=n rx=174485 (10888 MB) ipv6 udp -z -t 1 tx=294801 (18396 MB) txc=294801 zc=y rx=294801 (18396 MB) ok Changes v1 -> v2 - Fixup reverse christmas tree violation v2 -> v3 - Split refcount avoidance optimization into separate patch - Fix refcount leak on error in fragmented case (thanks to Paolo Abeni for pointing this one out!) - Fix refcount inc on zero - Test sock_flag SOCK_ZEROCOPY directly in __ip_append_data. This is needed since commit 5cf4a853 ("tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY") did the same for tcp. Signed-off-by: -
David S. Miller authored
Merge tag 'wireless-drivers-next-for-davem-2018-11-30' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== wireless-drivers-next patches for 4.21 First set of patches for 4.21. Most notable here is support for Quantenna's QSR1000/QSR2000 chipsets and more flexible ways to provide nvram files for brcmfmac. Major changes: brcmfmac * add support for first trying to get a board specific nvram file * add support for getting nvram contents from EFI variables qtnfmac * use single PCIe driver for all platforms and rename Kconfig option CONFIG_QTNFMAC_PEARL_PCIE to CONFIG_QTNFMAC_PCIE * add support for QSR1000/QSR2000 (Topaz) family of chipsets ath10k * add support for WCN3990 firmware crash recovery * add firmware memory dump support for QCA4019 wil6210 * add firmware error recovery while in AP mode ath9k * remove experimental notice from dynack feature iwlwifi * PCI IDs for some new 9000-series cards * improve antenna usage on connection problems * new firmware debugging infrastructure * some more work on 802.11ax * improve support for multiple RF modules with 22000 devices cordic * move cordic macros and defines to a public header file * convert brcmsmac and b43 to fully use cordic library ==================== Signed-off-by:
-
David S. Miller authored
Bartosz Golaszewski says: ==================== davinci_emac: read the MAC address from nvmem This series is part of a bigger series that aims at removing the platform data structure from the at24 EEPROM driver[1]. We provide a generalized version of of_get_nvmem_mac_address(), switch the only user of the of_ variant to using it, remove the previous implementation and use the new routine in the davinci_emac driver. [1] https://lkml.org/lkml/2018/11/13/884 ==================== Signed-off-by:
-
Bartosz Golaszewski authored
All DaVinci boards still supported in board files now define nvmem cells containing the MAC address. We want to stop using the setup callback from at24 so the MAC address for those users will no longer be provided over platform data. If we didn't get a valid MAC in pdata, try nvmem before resorting to a random MAC. Signed-off-by:
Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by:
-
Bartosz Golaszewski authored
We've switched all users to nvmem_get_mac_address(). Remove the now dead code. Signed-off-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Bartosz Golaszewski authored
We now have a generalized helper routine to read the MAC address from nvmem which takes struct device as argument. The nvmem subsystem will then try device tree first before all other potential providers. Signed-off-by:
Nicolas Ferre <nicolas.ferre@microchip.com> Signed-off-by:
-
Bartosz Golaszewski authored
We already have of_get_nvmem_mac_address() but some non-DT systems want to read the MAC address from NVMEM too. Implement a generalized routine that takes struct device as argument. Signed-off-by:
-
