1. 20 Dec, 2018 21 commits
    • Bhagavathi Perumal S's avatar
      dt-bindings: net: ath10k: add new dt entry to identify external FEM · f3f58799
      Bhagavathi Perumal S authored
      This adds new dt entry ext-fem-name, it is used by ath10k driver
      to select correct timing parameters and configure it in target wifi hardware.
      The Front End Module(FEM) normally includes tx power amplifier(PA) and
      rx low noise amplifier(LNA). The default timing parameters like tx end to
      PA off timing values were fine tuned for internal FEM used in reference
      design. And these timing values can not be same if ODM modifies hardware
      design with different external FEM. This DT entry helps to choose correct
      timing values in driver if different external FEM hardware used.
      Signed-off-by: default avatarBhagavathi Perumal S <bperumal@codeaurora.org>
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      f3f58799
    • Bhagavathi Perumal S's avatar
      dt-bindings: net: ath10k: fix node name and device type in qcom ath10k example · e5404969
      Bhagavathi Perumal S authored
      In qcom,ath10k documentation, ath10k is used as node name in the example of
      pci based device. Normally, node name should be class of device and not the
      model name, so fix it to node name "wifi". And remove the property device_type
      pci since only pci bridges should have this property.
      Signed-off-by: default avatarBhagavathi Perumal S <bperumal@codeaurora.org>
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      e5404969
    • Zhi Chen's avatar
      ath10k: fix tx_stats memory leak · 386f97e3
      Zhi Chen authored
      Memory of tx_stats was allocated when a STA was added. But it's not freed
      if the STA failed to be added to driver. This issue could be seen in MDK3
      attack case when STA number reached the limit.
      
      Tested: QCA9984 with firmware ver 10.4-3.9.0.1-00005
      Signed-off-by: default avatarZhi Chen <zhichen@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      386f97e3
    • Zhi Chen's avatar
      ath10k: fix peer stats null pointer dereference · 2d3b5585
      Zhi Chen authored
      There was a race condition in SMP that an ath10k_peer was created but its
      member sta was null. Following are procedures of ath10k_peer creation and
      member sta access in peer statistics path.
      
          1. Peer creation:
              ath10k_peer_create()
                  =>ath10k_wmi_peer_create()
                      =>ath10k_wait_for_peer_created()
                      ...
      
              # another kernel path, RX from firmware
              ath10k_htt_t2h_msg_handler()
              =>ath10k_peer_map_event()
                      =>wake_up()
                      # ar->peer_map[id] = peer //add peer to map
      
              #wake up original path from waiting
                      ...
                      # peer->sta = sta //sta assignment
      
          2.  RX path of statistics
              ath10k_htt_t2h_msg_handler()
                  =>ath10k_update_per_peer_tx_stats()
                      =>ath10k_htt_fetch_peer_stats()
                      # peer->sta //sta accessing
      
      Any access of peer->sta after peer was added to peer_map but before sta was
      assigned could cause a null pointer issue. And because these two steps are
      asynchronous, no proper lock can protect them. So both peer and sta need to
      be checked before access.
      
      Tested: QCA9984 with firmware ver 10.4-3.9.0.1-00005
      Signed-off-by: default avatarZhi Chen <zhichen@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      2d3b5585
    • Govind Singh's avatar
      dt: bindings: ath10k: add bindings for wifi iommu node · a3542d0c
      Govind Singh authored
      WCN3990 wifi module can optionally make use of the IOMMU.
      Add binding documentation for phandle to the IOMMU and
      the stream id of wifi iommu block.
      Signed-off-by: default avatarGovind Singh <govinds@codeaurora.org>
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Reviewed-by: default avatarBrian Norris <briannorris@chromium.org>
      Tested-by: default avatarBrian Norris <briannorris@chromium.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      a3542d0c
    • Govind Singh's avatar
      dt: bindings: ath10k: add missing dt properties for WCN3990 wifi node · 5fac78aa
      Govind Singh authored
      Add missing optional properties in WCN3990 wifi node.
      Signed-off-by: default avatarGovind Singh <govinds@codeaurora.org>
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Reviewed-by: default avatarBrian Norris <briannorris@chromium.org>
      Tested-by: default avatarBrian Norris <briannorris@chromium.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      5fac78aa
    • Dan Carpenter's avatar
      ath10k: remove an unnecessary NULL check · 27120f2a
      Dan Carpenter authored
      The "survey" pointer is the address of an array element.  We know that
      it can't be NULL so this check can be removed.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      27120f2a
    • Govind Singh's avatar
      ath10k: move non-fatal warn logs to dbg level · bd085be6
      Govind Singh authored
      During driver load below warn logs are printed in the console.
      Since driver may not implement all wmi events sent by fw and
      all of them are non-fatal, move this log to debug level to
      remove un-necessary warn message on console.
      
      [  361.887230] ath10k_snoc a000000.wifi: Unknown eventid: 16393
      [  361.907037] ath10k_snoc a000000.wifi: Unknown eventid: 237569
      Signed-off-by: default avatarGovind Singh <govinds@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      bd085be6
    • Dan Carpenter's avatar
      ath10k: fix a NULL vs IS_ERR() check · c28dcbce
      Dan Carpenter authored
      The devm_memremap() function doesn't return NULLs, it returns error
      pointers.
      
      Fixes: ba94c753 ("ath10k: add QMI message handshake for wcn3990 client")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      c28dcbce
    • Govind Singh's avatar
      ath10k: remove work in progress logs from snoc driver · 87659675
      Govind Singh authored
      All the necessary patches to make wifi running (over SNOC)
      are merged and tested on SDM845/QCS404 platform with WCN3990
      wifi module, hence remove work in progress debug from snoc
      driver and Kconfig.
      Signed-off-by: default avatarGovind Singh <govinds@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      87659675
    • Bhagavathi Perumal S's avatar
      ath10k: fix warning due to msdu limit error · a2864772
      Bhagavathi Perumal S authored
      Some hardwares variants (QCA99x0) are limiting msdu deaggregation with
      some threshold value(default limit in QCA99x0 is 64 msdus), it was introduced to
      avoid excessive MSDU-deaggregation in error cases. When number of sub frames
      exceeds the limit, target hardware will send all msdus starting from present
      msdu in RAW format as a single msdu packet and it will be indicated with
      error status bit "RX_MSDU_END_INFO0_MSDU_LIMIT_ERR" set in rx descriptor.
      This msdu frame is a partial raw MSDU and does't have first msdu and ieee80211
      header. It caused below warning message.
      
      [  320.151332] ------------[ cut here ]------------
      [  320.155006] WARNING: CPU: 0 PID: 3 at drivers/net/wireless/ath/ath10k/htt_rx.c:1188
      
      In our issue case, MSDU limit error happened due to FCS error and generated
      this warning message.
      
      This fixes the warning by handling the MSDU limit error. If msdu limit error
      happens, driver adds first MSDU's ieee80211 header and sets A-MSDU present bit
      in QOS header so that upper layer processes this frame if it is valid or drop it
      if FCS error set. And removed the warning message, hence partial msdus without
      first msdu is expected in msdu limit error cases.
      
      Tested on QCA9984, Firmware 10.4-3.6-00104
      Signed-off-by: default avatarBhagavathi Perumal S <bperumal@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      a2864772
    • Sathishkumar Muruganandam's avatar
      ath10k: disable 4addr source port learning in 10.4 FW by default · 68c295f2
      Sathishkumar Muruganandam authored
      Currently in 10.4 FW, all the received 4addr frames are processed for
      source port learning which is enabled by default. This learning can't be
      disabled by default in FW since it breaks backward compatibility.
      
      Since ath10k uses mac80211 based 4addr mode, source port learning done in
      10.4 FW is redundant and also causes issues when 3addr frames are
      transmitted/received for a 4addr station.
      
      One such visible functional impact is when GTK rekey frame from
      hostapd based AP to 4addr STA is dropped in AP's 10.4 FW. This is since
      GTK rekey EAPOL frame is 3addr frame on AP interface and STA enabled
      with 4addr is already allowed for receiving 3addr EAPOL frames.
      
      Source port learning implementation in 10.4 FW drops this 3addr GTK rekey
      frame in AP destinated for 4addr STA causing disassociation and
      re-association for every GTK rekey session. GTK rekey issue is not seen
      when learning is disabled in FW.
      
      To prevent such issues without breaking backward compatibility, FW
      advertises new service bit making the source port learning configurable and
      this learning is being currently disabled during ath10k vdev creation.
      
      * Tested HW: QCA9984
      * Tested FW: 10.4-3.6.0.1-00004
      Signed-off-by: default avatarSathishkumar Muruganandam <murugana@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      68c295f2
    • Anilkumar Kolli's avatar
      ath10k: report tx rate using ieee80211_tx_rate_update() · 9a9cf0e6
      Anilkumar Kolli authored
      Mesh path metric needs tx rate information from ieee80211_tx_status()
      call but in ath10k there is no mechanism to report tx rate information
      via ieee80211_tx_status(), the tx rate is only accessible via
      sta_statiscs() op.
      
      Per peer tx stats has tx rate info available, Tx rate is available
      to ath10k driver after every 4 PPDU sent in the air. For each PPDU,
      ath10k driver updates rate informattion to mac80211 using
      ieee80211_tx_rate_update().
      
      Per peer txrate information is updated through per peer statistics
      and is available for QCA9888/QCA9984/QCA4019/QCA998X only
      
      Tested on QCA9984 with firmware-5.bin_10.4-3.5.3-00053
      Tested on QCA998X with firmware-5.bin_10.2.4-1.0-00036
      Signed-off-by: default avatarAnilkumar Kolli <akolli@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      9a9cf0e6
    • Yu Wang's avatar
      ath10k: add amsdu support for monitor mode · 85bd0107
      Yu Wang authored
      When processing HTT_T2H_MSG_TYPE_RX_IN_ORD_PADDR_IND, if the length of a msdu
      is larger than the tailroom of the rx skb, skb_over_panic issue will happen
      when calling skb_put.  In monitor mode, amsdu will be handled in this path, and
      msdu_len of the first msdu_desc is the length of the entire amsdu, which might
      be larger than the maximum length of a skb, in such case, it will hit the issue
      upon.
      
      To fix this issue, process msdu list separately for monitor mode.
      
      Successfully tested with:
      QCA6174 (FW version: RM.4.4.1.c2-00057-QCARMSWP-1).
      Signed-off-by: default avatarYu Wang <yyuwang@codeaurora.org>
      [kvalo@codeaurora.org: cosmetic cleanup]
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      85bd0107
    • Karthikeyan Periyasamy's avatar
      ath10k: fix kernel panic due to use after free · 553a7cca
      Karthikeyan Periyasamy authored
      This issue arise in a race condition between ath10k_sta_state() and
      ath10k_htt_fetch_peer_stats(), explained in below scenario
      
      Steps:
      1. In ath10k_sta_state(), arsta->tx_stats get deallocated before peer deletion
         when the station moves from IEEE80211_STA_NONE to IEEE80211_STA_NOTEXIST
         state.
      2. Meanwhile ath10k receive HTT_T2H_MSG_TYPE_PEER_STATS message.
         In ath10k_htt_fetch_peer_stats(), arsta->tx_stats get accessed after
         the peer validation check.
      
      Since arsta->tx_stats get freed before the peer deletion [1].
      ath10k_htt_fetch_peer_stats() ended up in "use after free" situation.
      
      Fixed this issue by moving the arsta->tx_stats free handling after the
      peer deletion. so that ath10k_htt_fetch_peer_stats() will not end up in
      "use after free" situation.
      
      Kernel Panic:
      
      Unable to handle kernel NULL pointer dereference at virtual address 00000286
      pgd = d8754000
      [00000286] *pgd=00000000
      Internal error: Oops: 5 [#1] PREEMPT SMP ARM
      ...
      CPU: 0 PID: 6245 Comm: hostapd Not tainted
      task: dc44cac0 ti: d4a38000 task.ti: d4a38000
      PC is at kmem_cache_alloc+0x7c/0x114
      LR is at ath10k_sta_state+0x190/0xd58 [ath10k_core]
      pc : [<c02bdc50>]    lr : [<bf916b78>]    psr: 20000013
      sp : d4a39b88  ip : 00000000  fp : 00000001
      r10: 00000000  r9 : 1d3bc000  r8 : 00000dc0
      r7 : 000080d0  r6 : d4a38000  r5 : dd401b00  r4 : 00000286
      r3 : 00000000  r2 : d4a39ba0  r1 : 000080d0  r0 : dd401b00
      Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
      Control: 10c5787d  Table: 5a75406a  DAC: 00000015
      Process hostapd (pid: 6245, stack limit = 0xd4a38238)
      Stack: (0xd4a39b88 to 0xd4a3a000)
      ...
      [<c02bdc50>] (kmem_cache_alloc) from [<bf916b78>] (ath10k_sta_state+0x190/0xd58 [ath10k_core])
      [<bf916b78>] (ath10k_sta_state [ath10k_core]) from [<bf870d4c>] (sta_info_insert_rcu+0x418/0x61c [mac80211])
      [<bf870d4c>] (sta_info_insert_rcu [mac80211]) from [<bf88634c>] (ieee80211_add_station+0xf0/0x134 [mac80211])
      [<bf88634c>] (ieee80211_add_station [mac80211]) from [<bf83f3c4>] (nl80211_new_station+0x330/0x36c [cfg80211])
      [<bf83f3c4>] (nl80211_new_station [cfg80211]) from [<bf6c4040>] (extack_doit+0x2c/0x74 [compat])
      [<bf6c4040>] (extack_doit [compat]) from [<c05c285c>] (genl_rcv_msg+0x274/0x30c)
      [<c05c285c>] (genl_rcv_msg) from [<c05c1d98>] (netlink_rcv_skb+0x58/0xac)
      [<c05c1d98>] (netlink_rcv_skb) from [<c05c25d4>] (genl_rcv+0x20/0x34)
      [<c05c25d4>] (genl_rcv) from [<c05c1750>] (netlink_unicast+0x11c/0x204)
      [<c05c1750>] (netlink_unicast) from [<c05c1be0>] (netlink_sendmsg+0x30c/0x370)
      [<c05c1be0>] (netlink_sendmsg) from [<c0587e90>] (sock_sendmsg+0x70/0x84)
      [<c0587e90>] (sock_sendmsg) from [<c058970c>] (___sys_sendmsg.part.3+0x188/0x228)
      [<c058970c>] (___sys_sendmsg.part.3) from [<c058a594>] (__sys_sendmsg+0x4c/0x70)
      [<c058a594>] (__sys_sendmsg) from [<c0208c80>] (ret_fast_syscall+0x0/0x44)
      Code: ebfffec1 e1a04000 ea00001b e5953014 (e7940003)
      ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon
      
      Hardware tested: QCA9984
      Firmware tested: 10.4-3.6.0.1-00004
      
      Fixes: a904417f ("ath10k: add extended per sta tx statistics support")
      Signed-off-by: default avatarKarthikeyan Periyasamy <periyasa@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      553a7cca
    • YueHaibing's avatar
      ath10k: remove set but not used variable 'num_tdls_vifs' · bff70e5f
      YueHaibing authored
      Fixes gcc '-Wunused-but-set-variable' warning:
      
      drivers/net/wireless/ath/ath10k/mac.c: In function 'ath10k_sta_state':
      drivers/net/wireless/ath/ath10k/mac.c:6238:7: warning:
       variable 'num_tdls_vifs' set but not used [-Wunused-but-set-variable]
      
      'num_tdls_vifs' not used any more after
        9a993cc1 ("ath10k: fix the logic of limiting tdls peer counts")
      
      Also, remove the single called function ath10k_mac_tdls_vifs_count
      and ath10k_mac_tdls_vifs_count_iter.
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      bff70e5f
    • YueHaibing's avatar
      wil6210: remove set but not used variable 'wdev' · 3fe970e7
      YueHaibing authored
      Fixes gcc '-Wunused-but-set-variable' warning:
      
      drivers/net/wireless/ath/wil6210/main.c: In function '_wil6210_disconnect':
      drivers/net/wireless/ath/wil6210/main.c:407:23: warning:
       variable 'wdev' set but not used [-Wunused-but-set-variable]
      
      It never used since commit ("e1b43407 wil6210: refactor disconnect flow")
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Reviewed-by: default avatarMaya Erez <merez@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      3fe970e7
    • Yangtao Li's avatar
      wil6210: convert to DEFINE_SHOW_ATTRIBUTE · 986b8348
      Yangtao Li authored
      Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code.
      Signed-off-by: default avatarYangtao Li <tiny.windzz@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      986b8348
    • Kyle Roeschley's avatar
      ath6kl: Use debug instead of error message when disabled · 192a986d
      Kyle Roeschley authored
      This is not an unexpected condition, so we don't need to be shouting to the
      world about it.
      Signed-off-by: default avatarKyle Roeschley <kyle.roeschley@ni.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      192a986d
    • Kyle Roeschley's avatar
      ath6kl: Fix off by one error in scan completion · 5803c128
      Kyle Roeschley authored
      When ath6kl was reworked to share code between regular and scheduled scans
      in commit 3b8ffc6a ("ath6kl: Configure probed SSID list consistently"),
      probed SSID entry changed from 1-index to 0-indexed. However,
      ath6kl_cfg80211_scan_complete_event() was missed in that change. Fix its
      indexing so that we correctly clear out the probed SSID list.
      Signed-off-by: default avatarKyle Roeschley <kyle.roeschley@ni.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      5803c128
    • Kyle Roeschley's avatar
      ath6kl: Only use match sets when firmware supports it · fb376a49
      Kyle Roeschley authored
      Commit dd45b759 ("ath6kl: Include match ssid list in scheduled scan")
      merged the probed and matched SSID lists before sending them to the
      firmware. In the process, it assumed match set support is always available
      in ath6kl_set_probed_ssids, which breaks scans for hidden SSIDs. Now, check
      that the firmware supports matching SSIDs in scheduled scans before setting
      MATCH_SSID_FLAG.
      
      Fixes: dd45b759 ("ath6kl: Include match ssid list in scheduled scan")
      Signed-off-by: default avatarKyle Roeschley <kyle.roeschley@ni.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      fb376a49
  2. 04 Dec, 2018 19 commits