These are coming from the FW and are used to access arrays.
Bad values can cause an out of bounds access so discard
such ba_notifs and warn.
CC: <stable@vger.kernel.org> [3.10+]
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Some further updates for net-next:
* fix network-manager which was broken by the previous changes
* fix delete-station events, which were broken by me making the
genlmsg_end() mistake
* fix a timer left running during suspend in some race conditions
that would cause an annoying (but harmless) warning
* (less important, but in the tree already) remove 80+80 MHz rate
reporting since the spec doesn't distinguish it from 160 MHz;
as the bitrate they're both 160 MHz bandwidth
Signed-off-by: David S. Miller <davem@davemloft.net>
To fix invalid hardware accesses, the commit 872b5d814f ("ath9k: do not
access hardware on IRQs during reset") made the irq handler ignore interrupts
emitted after queueing a hardware reset (which disables the IRQ). This left a
small time window for the IRQ to get re-enabled by the tasklet, which caused
IRQ storms. Instead of returning IRQ_NONE when ATH_OP_HW_RESET is set, disable
the IRQ entirely for the duration of the reset.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
* one fix for rfkill while scheduled scan is running.
Linus's system hit this issue. WiFi would be unavailable
after this has happpened because of bad state in cfg80211.
When we have an active scheduled scan, and the RFKILL
interrupt kicks in, the stack will cancel the scheduled
scan as part of the down flow. But cancelling scheduled
scan usually implies sending a command to the firwmare
which has been killed as part of the RFKILL interrupt
handling.
Because of that, we returned an error to mac80211 when
it asked to stop the scheduled scan and didn't notify the
end of the scheduled scan. Besides a fat warning, this led
to a situation in which cfg80211 would refuse any new scan
request.
To disentangle this, fake that the scheduled scan has been
stopped without sending the command to the firwmare, return
0 after having properly let cfg80211 know that the scan
has been cancelled.
This is basically the same as:
commit 9b520d8495
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Tue Nov 4 15:54:11 2014 +0200
iwlwifi: mvm: abort scan upon RFKILL
This code existed but not for all the different FW APIs
we support.
Fix this.
but for the scheduled scan case.
Link: http://permalink.gmane.org/gmane.linux.kernel.wireless.general/133232
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Contrary to common expectations for an "int" return, these functions
return only a positive value -- if used correctly they cannot even
return 0 because the message header will necessarily be in the skb.
This makes the very common pattern of
if (genlmsg_end(...) < 0) { ... }
be a whole bunch of dead code. Many places also simply do
return nlmsg_end(...);
and the caller is expected to deal with it.
This also commonly (at least for me) causes errors, because it is very
common to write
if (my_function(...))
/* error condition */
and if my_function() does "return nlmsg_end()" this is of course wrong.
Additionally, there's not a single place in the kernel that actually
needs the message length returned, and if anyone needs it later then
it'll be very easy to just use skb->len there.
Remove this, and make the functions void. This removes a bunch of dead
code as described above. The patch adds lines because I did
- return nlmsg_end(...);
+ nlmsg_end(...);
+ return 0;
I could have preserved all the function's return values by returning
skb->len, but instead I've audited all the places calling the affected
functions and found that none cared. A few places actually compared
the return value with <= 0 in dump functionality, but that could just
be changed to < 0 with no change in behaviour, so I opted for the more
efficient version.
One instance of the error I've made numerous times now is also present
in net/phonet/pn_netlink.c in the route_dumpit() function - it didn't
check for <0 or <=0 and thus broke out of the loop every single time.
I've preserved this since it will (I think) have caused the messages to
userspace to be formatted differently with just a single message for
every SKB returned to userspace. It's possible that this isn't needed
for the tools that actually use this, but I don't even know what they
are so couldn't test that changing this behaviour would be acceptable.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Here's a big pile of changes for this round.
We have
* a lot of regulatory code changes to deal with the
way newer Intel devices handle this
* a change to drop packets while disconnecting from
an AP instead of trying to wait for them
* a new attempt at improving the tailroom accounting
to not kick in too much for performance reasons
* improvements in wireless link statistics
* many other small improvements and small fixes that
didn't seem necessary for 3.19 (e.g. in hwsim which
is testing only code)
Conflicts:
drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c
Minor overlapping changes.
Signed-off-by: David S. Miller <davem@davemloft.net>
For some reason, we made the bandwidth separate flags, which
is rather confusing - a single rate cannot have different
bandwidths at the same time.
Change this to no longer be flags but use a separate field
for the bandwidth ('bw') instead.
While at it, add support for 5 and 10 MHz rates - these are
reported as regular legacy rates with their real bitrate,
but tagged as 5/10 now to make it easier to distinguish them.
In the nl80211 API, the flags are preserved, but the code
now can also clearly only set a single one of the flags.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
It makes no sense to require the user to find and enable
CFG80211_WEXT before the driver can be selected, make the
driver select the needed Kconfig symbol itself.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add TPC capability to TX descriptor path for AR9002 based chips. Scale
per-packet TX power according to eeprom power bias, power adjustments for
HT40 mode and open loop CCK rates. Cap per-packet TX power according to
TX power per-rate tables
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add TX power per-rate tables for MIMO/legacy modes for AR9002 based chips
in order to cap the maximum TX power value per-rate in the TX descriptor path.
Add TX power adjustments for HT40 mode, open loop CCK rates and eeprom power
bias for AR9280 and later chips
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Return a negative error code on failure.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
identifier ret; expression e1,e2;
@@
(
if (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Use the helper to get rid of the file operations per debugfs file. The
device driver data contains struct ieee80211_hw pointer and the
struct ath9k_softc pointer is assigned to ieee80211_hw::priv so it can
be accessed in the seq_file read operation.
Cc: ath9k-devel@lists.ath9k.org
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In the Rx reorder mechanism, nothing is done in the interrupt
context, so there is no need to use 'irq' flavors of spinlock.
Rx done in NAPI context (tasklet), other manipulations - in the
thread context.
Having interrupts enabled makes it better for the OS in general.
Besides, if enslaved under bonding, bridge or team driver, Rx
won't work with interrupts disabled.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When establishing BACK, WMI may be handled earlier then Rx, in this case
late Rx will be mis-handled.
Detect early Rx and pass it to the stack, bypass reordering
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Sync documentation for the Tx/Rx descriptors with the
firmware/hardware documentation.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In the reordering block, Ethernet DA was checked for MCAST, this is wrong.
Check instead MCAST indication from 802.11 MAC header. Hardware saves
this into Rx descriptor.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Rx high threshold interrupt is reported by the hardware in case
when number of not utilized by the HW descriptors in the Rx ring
becomes low.
Introduce module parameter for RX high threshold.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add advanced interrupt moderation support available since "Sparrow B0".
Legacy interrupt moderation used only one counter to moderate tx, rx,
and misc interrupts.
Advanced interrupt moderation bypasses misc, and handles separately tx
and rx interrupts. In addition it has two timers for each interrupt type.
Max burst duration timer which defines how long to postpone interrupt after
first event (receive event for rx and tx complete event for tx), and
interframe timeout which defines how to determine the end of the burst and
issue interrupt even if the first timer still pending.
Capabilities flags in wil_priv is set on initialization according to
HW. The rest of the code checks for advanced interrupt capability bit
in capabilities flags field.
Debugfs is split accordingly: "legacy" interrupt moderation remains
unchanged, new debugs files added for advanced interrupt moderation
support.
Module params are aligned to support advanced interrupt moderation
(tx & rx). When not available (for legacy interrupt moderation) will
use only rx configuration; Tx configuration will be ignored in this
case.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Use the proper reset follow based on HW capabilities
detection instead of chip ID.
Remove old hw ID mechanism which was used only for reset flow.
Remove support for Marlon A0.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Read relevant information (HW ID for now) once on init
and set capabilities accordingly.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Enable more flexible control over block ack:
- allow addba for any Tx vring
- allow to specify block ack timeout
- allow to delba for Tx or Rx side of any agreement; with reason
Renamed "addba" entry to "back"; it prints short help when read;
write:
- "add <ringid> <agg_size> <timeout>" to trigger ADDBA
If missing, <timeout> defaults to 0
- "del_tx <ringid> <reason>" to trigger DELBA for Tx side
- "del_rx <CID> <TID> <reason>" to trigger DELBA for Rx side
If missing, <reason> set to "STA_LEAVING" (36)
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In STA mode, all Tx should be directed to the same VRING towards the AP.
Thus, look up for the 1-st eligible VRING and use it.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When encapsulating 802.3 frames into the 802.11 ones,
8-byte SNAP header added to save ethtype. SNAP is part of
the frame body, thus should be counted in MSDU. So,
MTU = MSDU - SNAP
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When configuring Tx/Rx VRING's, driver need to specify max. MPDU size
It should take into account all overhead introduced by 802.3->208.11
transformation.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When establishing Block Ack as originator (Tx), control
AMSDU flag when sending ADDBA and update status upon
establishment flow completion. To be used in AMSDU flows
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When printing VRING on debugfs (file "vrings"),
software head & tail indexes were printed in decimal format
while hardware tail in hexadecimal only.
It is not comfortable to compare indexes in different formats;
on the other hand, hexadecimal output useful to see hardware
glitches.
To serve all purposes, print hardware tail in both decimal and
hexadecimal formats.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When disconnecting single STA in AP, it might be that STA
in question is already disconnected. In this case, need to do nothing.
Previously, it was mis-interpreted as "disconnect all"
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When printing debugfs for the reorder buffer, include BACK
parameters: window size and timeout
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
For manual ADDBA configuration, allow to set desired window size or
disable automatic mechanism.
Introduce module parameter (int) agg_wsize. It can be changed on run time,
will be taken into account on the next connect. Interpretation:
- <0 - disable automatic ADDBA; intended for manual testing through debugfs
- 0 - use automatically calculated window size
- >0 - use this for window size. Clipped by maximum supported by the hardware
with current environment.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Upon Tx vring creation, initiate BACK establishment
with maximum possible window size.
When establishing secure connection, there is EAPOL data exchange
between connection itself and "data port open", where security
is done and non-EAPOL data may be transferred. It is better to
send EAPOL frames using normal ACK because of firmware considerations.
send ADDBA only is 2 conditions met:
- data port open for the corresponded STA
- vring created
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Introduce BACK establishment procedures; decision logic is not implemented
yet; debugfs entry 'addba' used to manually trigger addba/delba for ringid 0.
debugfs usage:
to establish BACK with agg_wsize 16:
echo 16 > /sys/kernel/debug/ieee80211/phy0/wil6210/addba
to delete BACK:
echo 0 > /sys/kernel/debug/ieee80211/phy0/wil6210/addba
to change agg_wsize, one need to delete BACK and establish it anew
ADDBA flow for:
- originator
Tx side (initiator) sends WMI_VRING_BA_EN_CMDID providing
agg_wsize and timeout parameters.
Eventually, it gets event confirming BACK agreement - WMI_BA_STATUS_EVENTID
with negotiated parameters. On this event, update Tx vring data
(struct vring_tx_data) and display BACK parameters on debugfs
- recipient
Rx side (recipient) firmware informs driver about ADDBA with
WMI_RCP_ADDBA_REQ_EVENTID, driver process it in service work
queue wq_service. It adjusts parameters and sends response
with WMI_RCP_ADDBA_RESP_CMDID, and final confirmation provided
by firmware with WMI_ADDBA_RESP_SENT_EVENTID. In case of success,
driver updates Rx BACK reorder buffer.
policy for BACK parameters:
- aggregation size (agg_wsize * MPDUsize)) to not exceed 64Kbytes
DELBA flow for:
- originator
driver decides to terminate BACK, it sends WMI_VRING_BA_DIS_CMDID
and updates struct vring_tx_data associated with vring; ignore
WMI_DELBA_EVENTID.
- recipient
firmware informs driver with WMI_DELBA_EVENTID,
driver deletes correspondent reorder buffer
ADDBA request processing requires sending WMI command, therefore
it is processed in work queue context. Same work queue used as for
connect, it get renamed to wq_service
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
* A fix for scan that fixes a firmware assertion
* A fix that improves roaming behavior. Same fix has been tested for
a while in iwldvm. This is a bit of a work around, but the real fix
should be in mac80211 and will come later.
* A fix for BARs that avoids a WARNING.
To be compliant with the hwmon interface the unit needs to be
millidegree Celsius. Fix that.
Reported-by: Matthias Kaehlcke <mka@google.com>
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Add a comment for indicating that the ATH10K_SCAN_RUNNING case falls
through to the ATH10K_SCAN_ABORTING case in __ath10k_scan_finish. This
will document that the lack of a break is intentional.
Coverity: CID 1260017
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Originally the explicit fw register dump was added
to wait_for_target_init because interrupts are
masked early during power_up.
Due to some changes in power_up/reset sequences
sometimes when fw crashed ath10k would print the
dump more than once via hif_stop -> warm_reset ->
wait_for_target_init, possibly with different
values each.
Prevent this by doing the explicit fw register
dump only during power_up instead of
wait_for_target_init.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The duty cycle (% of quiet duration) is used to put the device
in quiet mode for the given period. Currently the quiet duration
is wrongly calculated which results in not enabling quiet mode.
Fix the calculation as below
duration = (period * duty cycle) / 100
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
New firmware revisions support beacon and probe
response templates instead. This means SWBA events
are no longer delivered for these firmware
revisions.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Along beacon template host is expected to setup
p2p information elements as well. Implement wmi
interface for it.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
New firmware revisions with beacon templates need
probe templates as well because they don't forward
probe requests to host at all.
This is required for new firmware to work with
direct probe requests (notably required by hidden
ssid AP).
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
