mt7615_load_patch in mt7615/mcu.c sometimes fails with:
mt7622-wmac 18000000.wmac: Failed to get patch semaphore
and returns -EAGAIN. But this error is returned all the way up to
mt7615_init_work with no actual retrial performed, leaving a
broken wireless phy.
Wait a bit and retry for up to 10 times before giving up.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The MCU field should contain a boolean 0/1, not the flag itself.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ath.git patches for v5.11. Major changes:
ath11k
* Fast Initial Link Setup (FILS) discovery and unsolicited broadcast
probe response support
* qcom,ath11k-calibration-variant Device Tree setting
* cold boot calibration support
* new DFS region: JP
wnc36xx
* enable connection monitoring and keepalive in firmware
ath10k
* firmware IRAM recovery feature
mhi
* merge mhi-ath11k-immutable branch to make MHI API change go smoothly
Added multiple queues[BK,BE,VI,VO] to handle different priority data
packets. Before adding a packet to the queue, checked its priority from
the header, and then add to the suitable queue. The limit for each queue
is maintained separately. Also while passing the packets to the firmware
via VMM take care to select data packets based on priority and available
space.
Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201125114059.10006-6-ajay.kathat@microchip.com
Some AP will not follow the power save request, or it cannot stop
transmission until its queue is empty. It may bring the decreasing of
data rate.
WLAN firmware will count is the AP still leaked packet after power save
handshake was done or not to enable WLAN slot extend mechanism.
The extend WLAN slot mechanism will extend the WLAN slot after power save
handshake, 5 ms per times, maximum is 5 times to received the leaked packet
to avoid the rate lower down.
And if the transmission was already locked at CCK rate.
The extended WLAN slot can also increase the opportunity that we can
received the CCK's long packet and be released from CCK rate.
While BT multi-link status was finished, there is possible that it still
has some packet remained for seconds. Add a timer to remain the multi-link
mechanism to protect WLAN Rx.
Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201126021059.11981-8-pkshih@realtek.com
This commit updates the BMPS exit path to be consistent with downstream in
terms of exiting BMPS mode. Downstream sets the flag to send a NULL data
frame to the host on exiting BMPS.
This will tell the AP to send any queued frames to the STA immediately.
Verified the relevant bit toggle in wireshark.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201120021403.2646574-2-bryan.odonoghue@linaro.org
The wmi service available event has been
extended to contain extra 128 bit for new services
to be indicated by firmware.
Currently the presence of any optional TLVs in
the wmi service available event leads to a parsing
error with the below error message:
ath10k_snoc 18800000.wifi: failed to parse svc_avail tlv: -71
The wmi service available event parsing should
not return error for the newly added optional TLV.
Fix this parsing for service available event message.
Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.2.2-00720-QCAHLSWMTPL-1
Fixes: cea19a6ce8 ("ath10k: add WMI_SERVICE_AVAILABLE_EVENT support")
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1605501291-23040-1-git-send-email-pillair@codeaurora.org
It was observed that the codepath for the ATH11K_SKB_HW_80211_ENCAP was
used even when the IEEE80211_TX_CTRL_HW_80211_ENCAP was not enabled for a
an skbuff. This became even more prominent when the QCAs wlan-open patchset
for ath11k [1] was applied and a sane looking fix just caused crashes when
injecting frames via a monitor interface (for example with ratechecker):
[ 86.963152] Unable to handle kernel NULL pointer dereference at virtual address 00000338
[ 86.963192] pgd = ffffffc0008f0000
[ 86.971034] [00000338] *pgd=0000000051706003, *pud=0000000051706003, *pmd=0000000051707003, *pte=00e800000b000707
[ 86.984292] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[...]
[ 87.713339] [<ffffffbffc802480>] ieee80211_tx_status_8023+0xf8/0x220 [mac80211]
[ 87.715654] [<ffffffbffc98bad4>] ath11k_dp_tx_completion_handler+0x42c/0xa10 [ath11k]
[ 87.722924] [<ffffffbffc989190>] ath11k_dp_service_srng+0x70/0x3c8 [ath11k]
[ 87.730831] [<ffffffbffca03460>] 0xffffffbffca03460
[ 87.737599] [<ffffffc00046ef58>] net_rx_action+0xf8/0x288
[ 87.742462] [<ffffffc000097554>] __do_softirq+0xfc/0x220
[ 87.748014] [<ffffffc000097900>] irq_exit+0x98/0xe8
[ 87.753396] [<ffffffc0000cf188>] __handle_domain_irq+0x90/0xb8
[ 87.757999] [<ffffffc000081ca4>] gic_handle_irq+0x6c/0xc8
[ 87.763899] Exception stack(0xffffffc00081bdc0 to 0xffffffc00081bef0)
Problem is that the state of ath11k_skb_cb->flags must be considered
unknown and could contain anything when it is not manually initialized. So
it could also contain ATH11K_SKB_HW_80211_ENCAP. And this can result in the
code to assume that the ath11k_skb_cb->vif is set - even when this is not
always the case for non ATH11K_SKB_HW_80211_ENCAP transmissions.
Tested-on: IPQ8074 hw2.0 WLAN.HK.2.4.0.1.r1-00026-QCAHKSWPL_SILICONZ-2
[1] https://source.codeaurora.org/quic/qsdk/oss/system/feeds/wlan-open/tree/mac80211/patches?h=NHSS.QSDK.11.4.r3
(162 patches at the moment which are often not upstreamed but essential
to get ath11k working)
Fixes: e7f33e0c52 ("ath11k: add tx hw 802.11 encapsulation offloading support")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-2-sven@narfation.org
The driver_data area of ieee80211_tx_info is used in ath11k for
ath11k_skb_cb. The first function in the TX patch which rewrites it to
ath11k_skb_cb is already ath11k_mac_op_tx. No one else in the code path
must use it for something else before it reinitializes it. Otherwise the
data has to be considered uninitialized or corrupt.
But the ieee80211_tx_info.control shares exactly the same area as
ieee80211_tx_info.driver_data and ath11k is still using it. This results in
best case in a
ath11k c000000.wifi1: no vif found for mgmt frame, flags 0x0
or (slightly worse) in a kernel oops.
Instead, the interesting data must be moved first into the ath11k_skb_cb
and ieee80211_tx_info.control must then not be used anymore.
Tested-on: IPQ8074 hw2.0 WLAN.HK.2.4.0.1.r1-00026-QCAHKSWPL_SILICONZ-2
Fixes: d5c65159f2 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119154235.263250-1-sven@narfation.org
Trivial conflict in CAN, keep the net-next + the byteswap wrapper.
Conflicts:
drivers/net/can/usb/gs_usb.c
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
In rtl8723e_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 531:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 534, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 535:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015218.12220-1-baijiaju1990@gmail.com
In rtl92de_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 667:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 669, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 670:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015205.12162-1-baijiaju1990@gmail.com
In rtl92ce_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 530:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 533, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
Then hdr->frame_control is accessed on line 534:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201119015151.12110-1-baijiaju1990@gmail.com
