Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.
Dan Carpenter [Thu, 13 Aug 2020 14:12:53 +0000 (17:12 +0300)]
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
The value of "htc_hdr->endpoint_id" comes from skb->data so Smatch marks
it as untrusted so we have to check it before using it as an array
offset.
This is similar to a bug that syzkaller found in commit e4ff08a4d727
("ath9k: Fix use-after-free Write in ath9k_htc_rx_msg") so it is
probably a real issue.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200813141253.GA457408@mwanda
ath9k: add NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 support
The ath9k driver was so far only able to rekey PTK0 keys correctly due
to the best effort queue flush added with commit 62872a9b9a10
("mac80211: Fix PTK rekey freezes and clear text leak").
Add the needed queue flush and set NL80211_EXT_FEATURE_CAN_REPLACE_PTK0
to tell mac80211 that the driver can now rekey PTK0 keys correctly and
no longer needs the best effort flush.
Effectively this prevents mac80211 to warn when rekeying a PTK0 key
only.
Dan Carpenter [Thu, 13 Aug 2020 14:13:15 +0000 (17:13 +0300)]
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
The value for "aid" comes from skb->data so Smatch marks it as
untrusted. If it's invalid then it can result in an out of bounds array
access in ath6kl_add_new_sta().
Fixes: 572e27c00c9d ("ath6kl: Fix AP mode connect event parsing and TIM updates") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200813141315.GB457408@mwanda
Lee Jones [Fri, 14 Aug 2020 11:39:23 +0000 (12:39 +0100)]
ath5k: Fix kerneldoc formatting issue
Kerneldoc expects attributes/parameters to be in '@*.: ' format and
gets confused if the variable does not follow the type/attribute
definitions.
Fixes the following W=1 kernel build warning(s):
drivers/net/wireless/ath/ath5k/base.c:1111: warning: Function parameter or member 'ah' not described in 'ath5k_drain_tx_buffs'
Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Kalle Valo <kvalo@codeaurora.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Jesper Dangaard Brouer <hawk@kernel.org> Cc: John Fastabend <john.fastabend@gmail.com> Cc: "Luis R. Rodriguez" <mcgrof@winlab.rutgers.edu> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Cc: bpf@vger.kernel.org Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200814113933.1903438-21-lee.jones@linaro.org
Lee Jones [Fri, 14 Aug 2020 11:39:16 +0000 (12:39 +0100)]
wil6210: Demote non-kerneldoc headers to standard comment blocks
No effort has been made to document any of the function parameters here.
Fixes the following W=1 kernel build warning(s):
drivers/net/wireless/ath/wil6210/cfg80211.c:1749: warning: Function parameter or member 'ies' not described in '_wil_cfg80211_find_ie'
drivers/net/wireless/ath/wil6210/cfg80211.c:1749: warning: Function parameter or member 'ies_len' not described in '_wil_cfg80211_find_ie'
drivers/net/wireless/ath/wil6210/cfg80211.c:1749: warning: Function parameter or member 'ie' not described in '_wil_cfg80211_find_ie'
drivers/net/wireless/ath/wil6210/cfg80211.c:1749: warning: Function parameter or member 'ie_len' not described in '_wil_cfg80211_find_ie'
drivers/net/wireless/ath/wil6210/cfg80211.c:1780: warning: Function parameter or member 'ies1' not described in '_wil_cfg80211_merge_extra_ies'
drivers/net/wireless/ath/wil6210/cfg80211.c:1780: warning: Function parameter or member 'ies1_len' not described in '_wil_cfg80211_merge_extra_ies'
drivers/net/wireless/ath/wil6210/cfg80211.c:1780: warning: Function parameter or member 'ies2' not described in '_wil_cfg80211_merge_extra_ies'
drivers/net/wireless/ath/wil6210/cfg80211.c:1780: warning: Function parameter or member 'ies2_len' not described in '_wil_cfg80211_merge_extra_ies'
drivers/net/wireless/ath/wil6210/cfg80211.c:1780: warning: Function parameter or member 'merged_ies' not described in '_wil_cfg80211_merge_extra_ies'
drivers/net/wireless/ath/wil6210/cfg80211.c:1780: warning: Function parameter or member 'merged_len' not described in '_wil_cfg80211_merge_extra_ies'
Cc: Maya Erez <merez@codeaurora.org> Cc: Kalle Valo <kvalo@codeaurora.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: linux-wireless@vger.kernel.org Cc: wil6210@qti.qualcomm.com Cc: netdev@vger.kernel.org Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200814113933.1903438-14-lee.jones@linaro.org
Lee Jones [Fri, 14 Aug 2020 11:39:12 +0000 (12:39 +0100)]
ath5k: pcu: Add a description for 'band' remove one for 'mode'
Fixes the following W=1 kernel build warning(s):
drivers/net/wireless/ath/ath5k/pcu.c:115: warning: Function parameter or member 'band' not described in 'ath5k_hw_get_frame_duration'
drivers/net/wireless/ath/ath5k/pcu.c:955: warning: Excess function parameter 'mode' description in 'ath5k_hw_pcu_init'
Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Kalle Valo <kvalo@codeaurora.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Reyk Floeter <reyk@openbsd.org> Cc: "W. S. Bell" <mentor@madwifi.org> Cc: Luis Rodriguez <mcgrof@winlab.rutgers.edu> Cc: Pavel Roskin <proski@gnu.org> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200814113933.1903438-10-lee.jones@linaro.org
Kalle Valo [Fri, 14 Aug 2020 07:10:30 +0000 (10:10 +0300)]
ath11k: hal: create hw_srng_config dynamically
On QCA6390 reg_start and reg_size values are different from IPQ8074 so we need
to change the values runtime. As we can't modify a static const variable
hw_srng_config directly, instead use it as a template, copy it and modify the
copy with correct values.
Carl Huang [Fri, 14 Aug 2020 07:10:29 +0000 (10:10 +0300)]
ath11k: enable internal sleep clock
On x86 and other non-qcom platforms, host needs to explicitly tell the firmware
to use the internal sleep clock. Some QCA6390 modules have OTP burnt with
external sleep clock selected, and these modules can't work expectedly unless
firmware selects internal sleep clock.
Add a field to hw_params to support this difference.
Carl Huang [Fri, 14 Aug 2020 07:10:27 +0000 (10:10 +0300)]
ath11k: fix memory OOB access in qmi_decode
The decoded_size is wrongly assigned in ath11k_qmi_msg_handlers and it results
in out of boundary access in qmi_decode. The correct decoded_size should be
calculated from the related ind_msg structure.
This issue is exposed with QCA6390 because it needs 11 small memory chunks
which are stored in qmi_wlanfw_request_mem_ind_msg_v01 and hence the
decoded_size exceeds the wrongly assigend decoded_size.
Carl Huang [Fri, 14 Aug 2020 07:10:26 +0000 (10:10 +0300)]
ath11k: allocate smaller chunks of memory for firmware
On x86 it's sometimes difficult to allocate a large contigous DMA
memory, so instead allocate blocks of small chunk memory.
In ath11k_qmi_msg_mem_request_cb() the error handling was cleaned up to avoid
an unused variable warning. Also changed the test from (ret < 0) to just (ret)
as the functions don't return any positive values.
Govind Singh [Fri, 14 Aug 2020 07:10:25 +0000 (10:10 +0300)]
ath11k: setup ce tasklet for control path
CE srng is used for control path and CE srng processing is done using tasklet
bottom half. Setup ce tasklet initialization and scheduling for control path.
Govind Singh [Fri, 14 Aug 2020 07:10:22 +0000 (10:10 +0300)]
ath11k: fill appropriate QMI service instance id for QCA6390
QMI service instance id is used for qmi service lookup, IPQ8074 and QCA6390
uses different instance id for service lookup. Fill appropriate QMI service
instance id for respective targets.
Govind Singh [Fri, 14 Aug 2020 07:10:21 +0000 (10:10 +0300)]
ath11k: add board file support for PCI devices
PCI devices like QCA6390 load the board file differently, add support for that
and the method is chosen using bus_params variables.
Add support to create board name for different targets. This board name is
used to parse the board data from board-2.bin for ahb/pci based targets.
As struct target_mem_chunk::vaddr was changed from 'u32' to 'u32 *' in
ath11k_qmi_assign_target_mem_chunk() vaddr assignments were changed to NULL to
avoid a compilation warning. IPQ8074 does not use the vaddr field for anything
so that change does not affect functionality.
At the moment this only supports board files with BIN type. Support for ELF
type, which seems to be more popular on QCA6390 devices, needs to be added later.
Govind Singh [Thu, 13 Aug 2020 09:04:24 +0000 (12:04 +0300)]
ath11k: register MHI controller device for QCA6390
Modem Host Interface (MHI) is a communication protocol to communicate with
external Qualcomm modems and Wi-Fi chipsets over high speed peripheral buses.
Even though MHI doesn’t dictate underlying physical layer, protocol and MHI
stack is structured for PCI based devices.
Register directly with MHI subsystem as a MHI device driver for firmware
download to QCA6390.
Carl Huang [Thu, 13 Aug 2020 09:04:17 +0000 (12:04 +0300)]
ath11k: do not depend on ARCH_QCOM for ath11k
With only IPQ8074 supported ath11k was only usable on Qualcomm architectures.
But now that we are adding QCA6390 PCI support to ath11k that's not the case
anymore and it can be used on any architecture supporting PCI. So remove the
dependency on ARCH_QCOM. After that there is also no need to depend on
COMPILE_TEST.
Wen Gong [Fri, 14 Aug 2020 08:04:54 +0000 (16:04 +0800)]
ath10k: correct the array index from mcs index for HT mode for QCA6174
The mcs index of HT mode is 0 to 31, please refer http://mcsindex.com/.
Its spatial stream(Nss) number is from 1 to 4, mcs index is 0~7 for
Nss=1, 8~15 for Nss=2, 16~23 for Nss=3 and 24~31 is for Nss=4.
The mcs is reported from firmware in wmi_tlv_peer_stats_info of
event WMI_TLV_PEER_STATS_INFO_EVENTID, its range is from 0~15 for
QCA6174 SDIO and PCIe. It is for both Nss=1 and Nss=2, and it has 2
rate table supported_ht_mcs_rate_nss1 and supported_ht_mcs_rate_nss2
in ath10k, they are for Nss=1 and Nss=2, each table has 8 rates.
It need to find the matched row number with the mcs index, for example,
mcs index is 2, it is <=7, so it is Nss=1, and match row 2 in table of
Nss=1. If mcs index is 12, it is >= 8 and <= 15, so it is Nss=2, it
match row 4(12-8) in table of Nss=2. If mcs index is >=16, it is for
Nss=3/4, it need to add rate table, so it is not support in current
ath10k.
This patch is to find the row number in rate table of Nss=1 or Nss=2
with the mcs index reported from firmware.
This patch only effect the chips which supports_peer_stats_info of its
hw_params is true, it is true only for QCA6174 currently.
Wen Gong [Fri, 14 Aug 2020 15:55:51 +0000 (18:55 +0300)]
ath10k: enable supports_peer_stats_info for QCA6174 PCI devices
When using QCA6174 PCI devices working in station mode, after connected
to AP, tx bitrate is always '1.0 MBit/s' in output of command 'iw wlan0
station dump'. (QCA6174 SDIO devices are working fine.)
Wen Gong [Fri, 14 Aug 2020 15:55:50 +0000 (18:55 +0300)]
ath10k: remove return for NL80211_STA_INFO_TX_BITRATE
ath10k_sta_statistics is used to report many info to iw wlan0 link,
if it return for empty legacy and nss of arsta->txrate, then the other
stats after it will not be set.
It has 4 bit to set after the return:
NL80211_STA_INFO_TX_FAILED
NL80211_STA_INFO_RX_BITRATE
NL80211_STA_INFO_TX_BITRATE
NL80211_STA_INFO_TX_RETRIES
This patch not effect the info of above 4 bit for all hardware, reason
as below:
NL80211_STA_INFO_TX_FAILED is only for htt.disable_tx_comp is true, it
is for QCA6174 SDIO.
NL80211_STA_INFO_RX_BITRATE and NL80211_STA_INFO_TX_BITRATE are both
set in ath10k_mac_sta_get_peer_stats_info, it is only enabled for chips
which supports_peer_stats_info is true in hw_params, recently only for
QCA6174 SDIO, NL80211_STA_INFO_TX_BITRATE is set again in function
ath10k_mac_sta_get_peer_stats_info because the value which parsed from
arsta->tx_rate_code and arsta->tx_bitrate_kbps is correct for QCA6174
SDIO and PCIe, and the value arsta->txrate is not correct for QCA6174
SDIO and PCIe, so it need to set again with the correct value.
NL80211_STA_INFO_TX_RETRIES is use value of arsta->tx_retries, it is set
in ath10k_update_per_peer_tx_stats, which accumulate the retry_pkts in
HTT message from firmware, if the chips not support this feature, then
it is always 0 after accumulate, then iw wlan0 station dump always show
0 for retry count. If not set NL80211_STA_INFO_TX_RETRIES here, then it
is still 0, so the result is same, then set NL80211_STA_INFO_TX_RETRIES
has no effect.
Wen Gong [Fri, 14 Aug 2020 15:55:50 +0000 (18:55 +0300)]
ath10k: add wmi service peer stat info for wmi tlv
ath10k_sta_statistics is used to report info for iw wlan0 link,
it check ath10k_peer_stats_enabled, and ath10k_peer_stats_enabled
check WMI_SERVICE_PEER_STATS bit of ar->wmi.svc_map. SVCMAP() for
WMI_SERVICE_PEER_STATS was defined only for wmi_10x_svc_map and
wmi_10_4_svc_map interfaces, it missed in wmi_tlv_svc_map, so it is
not usable for iw wlan0 link for wmi tlv interface.
If firmware report WMI_TLV_SERVICE_PEER_STATS_INFO for wmi tlv, then
enable the WMI_SERVICE_PEER_STATS bit in ath10k, and then it pass check
in ath10k_peer_stats_enabled and ath10k_sta_statistics pass check.
Wen Gong [Fri, 14 Aug 2020 15:17:08 +0000 (18:17 +0300)]
ath10k: start recovery process when payload length exceeds max htc length for sdio
When simulate random transfer fail for sdio write and read, it happened
"payload length exceeds max htc length" and recovery later sometimes.
Test steps:
1. Add config and update kernel:
CONFIG_FAIL_MMC_REQUEST=y
CONFIG_FAULT_INJECTION=y
CONFIG_FAULT_INJECTION_DEBUG_FS=y
2. Run simulate fail:
cd /sys/kernel/debug/mmc1/fail_mmc_request
echo 10 > probability
echo 10 > times # repeat until hitting issues
3. It happened payload length exceeds max htc length.
[ 199.935506] ath10k_sdio mmc1:0001:1: payload length 57005 exceeds max htc length: 4088
....
[ 264.990191] ath10k_sdio mmc1:0001:1: payload length 57005 exceeds max htc length: 4088
4. after some time, such as 60 seconds, it start recovery which triggered
by wmi command timeout for periodic scan.
[ 269.229232] ieee80211 phy0: Hardware restart was requested
[ 269.734693] ath10k_sdio mmc1:0001:1: device successfully recovered
The simulate fail of sdio is not a real sdio transter fail, it only
set an error status in mmc_should_fail_request after the transfer end,
actually the transfer is success, then sdio_io_rw_ext_helper will
return error status and stop transfer the left data. For example,
the really RX len is 286 bytes, then it will split to 2 blocks in
sdio_io_rw_ext_helper, one is 256 bytes, left is 30 bytes, if the
first 256 bytes get an error status by mmc_should_fail_request,then
the left 30 bytes will not read in this RX operation. Then when the
next RX arrive, the left 30 bytes will be considered as the header
of the read, the top 4 bytes of the 30 bytes will be considered as
lookaheads, but actually the 4 bytes is not the lookaheads, so the len
from this lookaheads is not correct, it exceeds max htc length 4088
sometimes. When happened exceeds, the buffer chain is not matched between
firmware and ath10k, then it need to start recovery ASAP. Recently then
recovery will be started by wmi command timeout, but it will be long time
later, for example, it is 60+ seconds later from the periodic scan, if
it does not have periodic scan, it will be longer.
Start recovery when it happened "payload length exceeds max htc length"
will be reasonable.
This patch only effect sdio chips.
Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00029.
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Julia Lawall [Sun, 26 Jul 2020 10:58:32 +0000 (12:58 +0200)]
ath: drop unnecessary list_empty
list_for_each_entry{_safe} is able to handle an empty list.
The only effect of avoiding the loop is not initializing the
index variable.
Drop list_empty tests in cases where these variables are not
used.
Note that list_for_each_entry{_safe} is defined in terms of
list_first_entry, which indicates that it should not be used on an
empty list. But in list_for_each_entry{_safe}, the element obtained
by list_first_entry is not really accessed, only the address of its
list_head field is compared to the address of the list head, so the
list_first_entry is safe.
The semantic patch that makes this change for the list_for_each_entry
case is as follows: (http://coccinelle.lip6.fr/)
wcn36xx: Use sequence number allocated by mac80211
Instead of using the firmware generated sequence number, use the one
already allocated by the mac80211 layer. This allows better control
of the sequence numbers and avoid to rely on same sequence for Data,
QOS Data and QOS Null Data packets.
Increase the short/long retry limit to 15 in order to impove TX
robustness in noisy/busy environment. 15 is the default value
defined in the downstream driver. Observed number of ack timeout
is reduced with this change.
The controller is capable of reporting TX indication which can be used
to report TX ack when IEEE80211_TX_CTL_REQ_TX_STATUS is set.
The support was only partially implemented.
The firmware can be configured for reporting event when a packet is
acked, without specifying which packet though. In order to send a
packet flagged with TX status callback, we need to stop the queue,
submit the packet and wait for the firmware ack event. Then the queue
can be restarted and mac80211 status callback called.
In case the packet is not acked, no ack event will be received,
therefore a timeout mechanism is introduced to restart the queue
and call the status cb in case no event is received after a 100ms.
Several AMPDU sessions can be started, e.g. for different TIDs.
Currently the driver does not take care of the session ID when
requesting block-ack (statically set to 0), which leads to never
block-acked packet with sessions other than 0.
Fix this by saving the session id when creating the ba session and
use it in subsequent ba operations.
This issue can be reproduced with iperf in two steps (tid 0 strem
then tid 6 stream).
1.0 iperf -s # wcn36xx side
1.1 iperf -c ${IP_ADDR} # host side
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Zekun Shen [Tue, 23 Jun 2020 22:11:05 +0000 (18:11 -0400)]
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
The idx in __ath10k_htt_rx_ring_fill_n function lives in
consistent dma region writable by the device. Malfunctional
or malicious device could manipulate such idx to have a OOB
write. Either by
htt->rx_ring.netbufs_ring[idx] = skb;
or by
ath10k_htt_set_paddrs_ring(htt, paddr, idx);
The idx can also be negative as it's signed, giving a large
memory space to write to.
It's possibly exploitable by corruptting a legit pointer with
a skb pointer. And then fill skb with payload as rougue object.
Part of the log here. Sometimes it appears as UAF when writing
to a freed memory by chance.
ath9k: Check the return value of pcie_capability_read_*()
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 & x).
This bug can be avoided without changing the function's behaviour if the
return value of pcie_capability_read_dword is checked to confirm success.
Check the return value of pcie_capability_read_dword() to ensure success.
Kalle Valo [Tue, 16 Jun 2020 14:00:50 +0000 (17:00 +0300)]
ath11k: don't use defines for hw specific firmware directories
The downside of using defines in struct ath11k_hw_params.fw.dir is that it's
easy to get it wrong as the full path is not visible. So drop the use of
defines and instead create the patch runtime using a static inline function
ath11k_core_create_firmware_path(). Hopefully this reduces the chances of using
incorrect firmware path.
Kalle Valo [Tue, 16 Jun 2020 14:00:49 +0000 (17:00 +0300)]
ath11k: create a common function to request all firmware files
To avoid duplicating the logic how the full firmware path is created create a
common function ath11k_core_firmware_request() and convert also qmi.c to use it.
Also remove a useless info print, it's more like a debug message anyway.
Zekun Shen [Tue, 16 Jun 2020 13:25:43 +0000 (09:25 -0400)]
ath10k: pci: fix memcpy size of bmi response
A compromized ath10k peripheral is able to control the size argument
of memcpy in ath10k_pci_hif_exchange_bmi_msg.
The min result from previous line is not used as the size argument
for memcpy. Instead, xfer.resp_len comes from untrusted stream dma
input. The value comes from "nbytes" in ath10k_pci_bmi_recv_data,
which is set inside _ath10k_ce_completed_recv_next_nolock with the line
nbytes = __le16_to_cpu(sdesc.nbytes);
sdesc is a stream dma region which device can write to.
It is expected that the returned counters by .get_survey are monotonic
increasing. But the data from ath10k gets reset to zero regularly. Channel
active/busy time are then showing incorrect values (less than previous or
sometimes zero) for the currently active channel during successive survey
dump commands.
example:
$ iw dev wlan0 survey dump
Survey data from wlan0
frequency: 5180 MHz [in use]
channel active time: 54995 ms
channel busy time: 432 ms
channel receive time: 0 ms
channel transmit time: 59 ms
...
$ iw dev wlan0 survey dump
Survey data from wlan0
frequency: 5180 MHz [in use]
channel active time: 32592 ms
channel busy time: 254 ms
channel receive time: 0 ms
channel transmit time: 0 ms
...
The correct way to handle this is to use the non-clearing
WMI_BSS_SURVEY_REQ_TYPE_READ wmi_bss_survey_req_type. The firmware will
then accumulate the survey data and handle wrap arounds.
When tx status enabled, retry count is updated from tx completion status.
which is not working as expected due to firmware limitation where
firmware can not provide per MSDU rate statistics from tx completion
status. Due to this tx retry count is always 0 in station dump.
Fix this issue by updating the retry packet count from per peer
statistics. This patch will not break on SDIO devices since, this retry
count is already updating from peer statistics for SDIO devices.
Douglas Anderson [Mon, 15 Jun 2020 17:28:59 +0000 (20:28 +0300)]
ath10k: Wait until copy complete is actually done before completing
On wcn3990 we have "per_ce_irq = true". That makes the
ath10k_ce_interrupt_summary() function always return 0xfff. The
ath10k_ce_per_engine_service_any() function will see this and think
that _all_ copy engines have an interrupt. Without checking, the
ath10k_ce_per_engine_service() assumes that if it's called that the
"copy complete" (cc) interrupt fired. This combination seems bad.
Let's add a check to make sure that the "copy complete" interrupt
actually fired in ath10k_ce_per_engine_service().
This might fix a hard-to-reproduce failure where it appears that the
copy complete handlers run before the copy is really complete.
Specifically a symptom was that we were seeing this on a Qualcomm
sc7180 board:
arm-smmu 15000000.iommu: Unhandled context fault:
fsr=0x402, iova=0x7fdd45780, fsynr=0x30003, cbfrsynra=0xc1, cb=10
Even on platforms that don't have wcn3990 this still seems like it
would be a sane thing to do. Specifically the current IRQ handler
comments indicate that there might be other misc interrupt sources
firing that need to be cleared. If one of those sources was the one
that caused the IRQ handler to be called it would also be important to
double-check that the interrupt we cared about actually fired.
Kalle Valo [Mon, 15 Jun 2020 17:23:23 +0000 (20:23 +0300)]
Merge tag 'iwlwifi-next-for-kalle-2020-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next
First set of patches intended for v5.9
* Fix links to wiki;
* Some preparations for gcc-10;
* Make FW reconfiguration quieter by not using warn level;
* Some other small fixes and clean-up;
# gpg: Signature made Thu 11 Jun 2020 12:03:51 PM EEST using RSA key ID 1A3CC5FA
# gpg: Good signature from "Luciano Roth Coelho (Luca) <luca@coelho.fi>"
# gpg: aka "Luciano Roth Coelho (Intel) <luciano.coelho@intel.com>"
Currently need ptk/gtk wmi peer flags in wmi peer assoc cmd
are set based on the rsnie and wpaie of the bss from the bss list.
Since this bss list is not updated with current BSSID for AP mode,
we may not find bss from the bss list. Which results in ptk/gtk peer
flags are not set in the wmi peer assoc cmd. Due to this EAPOL frames
are going in data rates instead of management rates.
Sriram R [Thu, 11 Jun 2020 05:09:54 +0000 (08:09 +0300)]
ath11k: Add dp tx err stats
Add support for dp tx error stats which logs tx failure reasons due
to ring full condition, etc. This stats is added in soc_dp_stats
which was earlier used as soc_rx_stats so that all dp related info
are logged in same file.
spectral scan control interface is exposed through debugfs eentry.
Relayfs is used to collect the spectral data. These interfaces are
similar to ath10k spectral.
Add direct buffer ring (dbring) with helper API, which is used by the
spectral scan. Initialise the direct buffer ring based on the dma ring
capability, which get announced in the wmi service ready extended event.
This ring is slightly changed from data path rings. Compare to data path
ring this ring shares the hp and tp address to firmware though WMI commands.
Also the replenish buffer size is derived from firmware announcement.
driver receive indication through WMI event
WMI_PDEV_DMA_RING_BUF_RELEASE_EVENTID.
Linus Torvalds [Sun, 14 Jun 2020 18:39:31 +0000 (11:39 -0700)]
Merge tag 'LSM-add-setgid-hook-5.8-author-fix' of git://github.com/micah-morton/linux
Pull SafeSetID update from Micah Morton:
"Add additional LSM hooks for SafeSetID
SafeSetID is capable of making allow/deny decisions for set*uid calls
on a system, and we want to add similar functionality for set*gid
calls.
The work to do that is not yet complete, so probably won't make it in
for v5.8, but we are looking to get this simple patch in for v5.8
since we have it ready.
We are planning on the rest of the work for extending the SafeSetID
LSM being merged during the v5.9 merge window"
* tag 'LSM-add-setgid-hook-5.8-author-fix' of git://github.com/micah-morton/linux:
security: Add LSM hooks to set*gid syscalls
Thomas Cedeno [Tue, 9 Jun 2020 17:22:13 +0000 (10:22 -0700)]
security: Add LSM hooks to set*gid syscalls
The SafeSetID LSM uses the security_task_fix_setuid hook to filter
set*uid() syscalls according to its configured security policy. In
preparation for adding analagous support in the LSM for set*gid()
syscalls, we add the requisite hook here. Tested by putting print
statements in the security_task_fix_setgid hook and seeing them get hit
during kernel boot.
Signed-off-by: Thomas Cedeno <thomascedeno@google.com> Signed-off-by: Micah Morton <mortonm@chromium.org>
Linus Torvalds [Sun, 14 Jun 2020 16:47:25 +0000 (09:47 -0700)]
Merge tag 'for-5.8-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
Pull btrfs updates from David Sterba:
"This reverts the direct io port to iomap infrastructure of btrfs
merged in the first pull request. We found problems in invalidate page
that don't seem to be fixable as regressions or without changing iomap
code that would not affect other filesystems.
There are four reverts in total, but three of them are followup
cleanups needed to revert a43a67a2d715 cleanly. The result is the
buffer head based implementation of direct io.
Reverts are not great, but under current circumstances I don't see
better options"
* tag 'for-5.8-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
Revert "btrfs: switch to iomap_dio_rw() for dio"
Revert "fs: remove dio_end_io()"
Revert "btrfs: remove BTRFS_INODE_READDIO_NEED_LOCK"
Revert "btrfs: split btrfs_direct_IO to read and write part"
2) RXRPC fails to send norigications, from David Howells.
3) MPTCP RM_ADDR parsing has an off by one pointer error, fix from
Geliang Tang.
4) Fix crash when using MSG_PEEK with sockmap, from Anny Hu.
5) The ucc_geth driver needs __netdev_watchdog_up exported, from
Valentin Longchamp.
6) Fix hashtable memory leak in dccp, from Wang Hai.
7) Fix how nexthops are marked as FDB nexthops, from David Ahern.
8) Fix mptcp races between shutdown and recvmsg, from Paolo Abeni.
9) Fix crashes in tipc_disc_rcv(), from Tuong Lien.
10) Fix link speed reporting in iavf driver, from Brett Creeley.
11) When a channel is used for XSK and then reused again later for XSK,
we forget to clear out the relevant data structures in mlx5 which
causes all kinds of problems. Fix from Maxim Mikityanskiy.
12) Fix memory leak in genetlink, from Cong Wang.
13) Disallow sockmap attachments to UDP sockets, it simply won't work.
From Lorenz Bauer.
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (83 commits)
net: ethernet: ti: ale: fix allmulti for nu type ale
net: ethernet: ti: am65-cpsw-nuss: fix ale parameters init
net: atm: Remove the error message according to the atomic context
bpf: Undo internal BPF_PROBE_MEM in BPF insns dump
libbpf: Support pre-initializing .bss global variables
tools/bpftool: Fix skeleton codegen
bpf: Fix memlock accounting for sock_hash
bpf: sockmap: Don't attach programs to UDP sockets
bpf: tcp: Recv() should return 0 when the peer socket is closed
ibmvnic: Flush existing work items before device removal
genetlink: clean up family attributes allocations
net: ipa: header pad field only valid for AP->modem endpoint
net: ipa: program upper nibbles of sequencer type
net: ipa: fix modem LAN RX endpoint id
net: ipa: program metadata mask differently
ionic: add pcie_print_link_status
rxrpc: Fix race between incoming ACK parser and retransmitter
net/mlx5: E-Switch, Fix some error pointer dereferences
net/mlx5: Don't fail driver on failure to create debugfs
net/mlx5e: CT: Fix ipv6 nat header rewrite actions
...
This patch reverts the main part of switching direct io implementation
to iomap infrastructure. There's a problem in invalidate page that
couldn't be solved as regression in this development cycle.
The problem occurs when buffered and direct io are mixed, and the ranges
overlap. Although this is not recommended, filesystems implement
measures or fallbacks to make it somehow work. In this case, fallback to
buffered IO would be an option for btrfs (this already happens when
direct io is done on compressed data), but the change would be needed in
the iomap code, bringing new semantics to other filesystems.
Another problem arises when again the buffered and direct ios are mixed,
invalidation fails, then -EIO is set on the mapping and fsync will fail,
though there's no real error.
There have been discussions how to fix that, but revert seems to be the
least intrusive option.
net: ethernet: ti: ale: fix allmulti for nu type ale
On AM65xx MCU CPSW2G NUSS and 66AK2E/L NUSS allmulti setting does not allow
unregistered mcast packets to pass.
This happens, because ALE VLAN entries on these SoCs do not contain port
masks for reg/unreg mcast packets, but instead store indexes of
ALE_VLAN_MASK_MUXx_REG registers which intended for store port masks for
reg/unreg mcast packets.
This path was missed by commit 9d1f6447274f ("net: ethernet: ti: ale: fix
seeing unreg mcast packets with promisc and allmulti disabled").
Hence, fix it by taking into account ALE type in cpsw_ale_set_allmulti().
Fixes: 9d1f6447274f ("net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled") Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
net: ethernet: ti: am65-cpsw-nuss: fix ale parameters init
The ALE parameters structure is created on stack, so it has to be reset
before passing to cpsw_ale_create() to avoid garbage values.
Fixes: 93a76530316a ("net: ethernet: ti: introduce am65x/j721e gigabit eth subsystem driver") Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sat, 13 Jun 2020 20:43:56 +0000 (13:43 -0700)]
Merge tag '5.8-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6
Pull more cifs updates from Steve French:
"12 cifs/smb3 fixes, 2 for stable.
- add support for idsfromsid on create and chgrp/chown allowing
ability to save owner information more naturally for some workloads
- improve query info (getattr) when SMB3.1.1 posix extensions are
negotiated by using new query info level"
* tag '5.8-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
smb3: Add debug message for new file creation with idsfromsid mount option
cifs: fix chown and chgrp when idsfromsid mount option enabled
smb3: allow uid and gid owners to be set on create with idsfromsid mount option
smb311: Add tracepoints for new compound posix query info
smb311: add support for using info level for posix extensions query
smb311: Add support for lookup with posix extensions query info
smb311: Add support for SMB311 query info (non-compounded)
SMB311: Add support for query info using posix extensions (level 100)
smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl
smb3: fix typo in mount options displayed in /proc/mounts
cifs: Add get_security_type_str function to return sec type.
smb3: extend fscache mount volume coherency check
Linus Torvalds [Sat, 13 Jun 2020 20:32:40 +0000 (13:32 -0700)]
doc: don't use deprecated "---help---" markers in target docs
I'm not convinced the script makes useful automaed help lines anyway,
but since we're trying to deprecate the use of "---help---" in Kconfig
files, let's fix the doc example code too.
See commit a7f7f6248d97 ("treewide: replace '---help---' in Kconfig
files with 'help'")
Linus Torvalds [Sat, 13 Jun 2020 20:29:16 +0000 (13:29 -0700)]
Merge tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull more Kbuild updates from Masahiro Yamada:
- fix build rules in binderfs sample
- fix build errors when Kbuild recurses to the top Makefile
- covert '---help---' in Kconfig to 'help'
* tag 'kbuild-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
treewide: replace '---help---' in Kconfig files with 'help'
kbuild: fix broken builds because of GZIP,BZIP2,LZOP variables
samples: binderfs: really compile this sample and fix build issues
Linus Torvalds [Sat, 13 Jun 2020 20:17:49 +0000 (13:17 -0700)]
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull more SCSI updates from James Bottomley:
"This is the set of changes collected since just before the merge
window opened. It's mostly minor fixes in drivers.
The one non-driver set is the three optical disk (sr) changes where
two are error path fixes and one is a helper conversion.
The big driver change is the hpsa compat_alloc_userspace rework by Al
so he can kill the remaining user. This has been tested and acked by
the maintainer"
* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (21 commits)
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
scsi: storvsc: Remove memset before memory freeing in storvsc_suspend()
scsi: cxlflash: Remove an unnecessary NULL check
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
scsi: sr: Fix sr_probe() missing deallocate of device minor
scsi: sr: Fix sr_probe() missing mutex_destroy
scsi: st: Convert convert get_user_pages() --> pin_user_pages()
scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb()
scsi: target: Fix NULL pointer dereference
scsi: target: Initialize LUN in transport_init_se_cmd()
scsi: target: Factor out a new helper, target_cmd_init_cdb()
scsi: hpsa: hpsa_ioctl(): Tidy up a bit
scsi: hpsa: Get rid of compat_alloc_user_space()
scsi: hpsa: Don't bother with vmalloc for BIG_IOCTL_Command_struct
scsi: hpsa: Lift {BIG_,}IOCTL_Command_struct copy{in,out} into hpsa_ioctl()
scsi: ufs: Remove redundant urgent_bkop_lvl initialization
scsi: ufs: Don't update urgent bkops level when toggling auto bkops
scsi: qedf: Remove redundant initialization of variable rc
scsi: mpt3sas: Fix memset() in non-RDPQ mode
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
...
Linus Torvalds [Sat, 13 Jun 2020 20:12:38 +0000 (13:12 -0700)]
Merge branch 'i2c/for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
"I2C has quite some patches for you this time. I hope it is the move to
per-driver-maintainers which is now showing results. We will see.
The big news is two new drivers (Nuvoton NPCM and Qualcomm CCI),
larger refactoring of the Designware, Tegra, and PXA drivers, the
Cadence driver supports being a slave now, and there is support to
instanciate SPD eeproms for well-known cases (which will be
user-visible because the i801 driver supports it), and some
devm_platform_ioremap_resource() conversions which blow up the
diffstat.
Note that I applied the Nuvoton driver quite late, so some minor fixup
patches arrived during the merge window. I chose to apply them right
away because they were trivial"
* 'i2c/for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (109 commits)
i2c: Drop stray comma in MODULE_AUTHOR statements
i2c: npcm7xx: npcm_i2caddr[] can be static
MAINTAINERS: npcm7xx: Add maintainer for Nuvoton NPCM BMC
i2c: npcm7xx: Fix a couple of error codes in probe
i2c: icy: Fix build with CONFIG_AMIGA_PCMCIA=n
i2c: npcm7xx: Remove unnecessary parentheses
i2c: npcm7xx: Add support for slave mode for Nuvoton
i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver
dt-bindings: i2c: npcm7xx: add NPCM I2C controller
i2c: pxa: don't error out if there's no pinctrl
i2c: add 'single-master' property to generic bindings
i2c: designware: Add Baikal-T1 System I2C support
i2c: designware: Move reg-space remapping into a dedicated function
i2c: designware: Retrieve quirk flags as early as possible
i2c: designware: Convert driver to using regmap API
i2c: designware: Discard Cherry Trail model flag
i2c: designware: Add Baytrail sem config DW I2C platform dependency
i2c: designware: slave: Set DW I2C core module dependency
i2c: designware: Use `-y` to build multi-object modules
dt-bindings: i2c: dw: Add Baikal-T1 SoC I2C controller
...
Linus Torvalds [Sat, 13 Jun 2020 20:09:38 +0000 (13:09 -0700)]
Merge tag 'media/v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull more media updates from Mauro Carvalho Chehab:
- a set of atomisp patches. They remove several abstraction layers, and
fixes clang and gcc warnings (that were hidden via some macros that
were disabling 4 or 5 types of warnings there). There are also some
important fixes and sensor auto-detection on newer BIOSes via ACPI
_DCM tables.
- some fixes
* tag 'media/v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (95 commits)
media: rkvdec: Fix H264 scaling list order
media: v4l2-ctrls: Unset correct HEVC loop filter flag
media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size
media: v4l2-subdev.rst: correct information about v4l2 events
media: s5p-mfc: Properly handle dma_parms for the allocated devices
media: medium: cec: Make MEDIA_CEC_SUPPORT default to n if !MEDIA_SUPPORT
media: cedrus: Implement runtime PM
media: cedrus: Program output format during each run
media: atomisp: improve ACPI/DMI detection logs
media: Revert "media: atomisp: add Asus Transform T101HA ACPI vars"
media: Revert "media: atomisp: Add some ACPI detection info"
media: atomisp: improve sensor detection code to use _DSM table
media: atomisp: get rid of an iomem abstraction layer
media: atomisp: get rid of a string_support.h abstraction layer
media: atomisp: use strscpy() instead of less secure variants
media: atomisp: set DFS to MAX if sensor doesn't report fps
media: atomisp: use different dfs failed messages
media: atomisp: change the detection of ISP2401 at runtime
media: atomisp: use macros from intel-family.h
media: atomisp: don't set hpll_freq twice with different values
...
Linus Torvalds [Sat, 13 Jun 2020 20:04:36 +0000 (13:04 -0700)]
Merge tag 'libnvdimm-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull libnvdimm updates from Dan Williams:
"Small collection of cleanups to rework usage of ->queuedata and the
GUID api"
* tag 'libnvdimm-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
nvdimm/pmem: stop using ->queuedata
nvdimm/btt: stop using ->queuedata
nvdimm/blk: stop using ->queuedata
libnvdimm: Replace guid_copy() with import_guid() where it makes sense
Linus Torvalds [Sat, 13 Jun 2020 19:44:30 +0000 (12:44 -0700)]
Merge tag 'iomap-5.8-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull iomap fix from Darrick Wong:
"A single iomap bug fix for a variable type mistake on 32-bit
architectures, fixing an integer overflow problem in the unshare
actor"
* tag 'iomap-5.8-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
iomap: Fix unsharing of an extent >2GB on a 32-bit machine
projects / mirror_ubuntu-jammy-kernel.git / log