1. 27 11月, 2018 1 次提交
  2. 14 11月, 2018 15 次提交
    • L
      iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() · 3fa27214
      Luca Coelho 提交于
      commit 3d71c3f1f50cf309bd20659422af549bc784bfff upstream.
      
      The rs_rate_from_ucode_rate() function may return -EINVAL if the rate
      is invalid, but none of the callsites check for the error, potentially
      making us access arrays with index IWL_RATE_INVALID, which is larger
      than the arrays, causing an out-of-bounds access.  This will trigger
      KASAN warnings, such as the one reported in the bugzilla issue
      mentioned below.
      
      This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3fa27214
    • F
      mt76: mt76x2: fix multi-interface beacon configuration · 77f61e70
      Felix Fietkau 提交于
      commit 5289976ad887deb07c76df7eecf553c264aeebed upstream.
      
      If the first virtual interface is a station (or an AP with beacons
      temporarily disabled), the beacon of the second interface needs to
      occupy hardware beacon slot 0.
      For some reason the beacon index was incorrectly masked with the
      virtual interface beacon mask, which prevents the secondary
      interface from sending beacons unless the first one also does.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NFelix Fietkau <nbd@nbd.name>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      77f61e70
    • L
      libertas: don't set URB_ZERO_PACKET on IN USB transfer · f253f6de
      Lubomir Rintel 提交于
      commit 6528d88047801b80d2a5370ad46fb6eff2f509e0 upstream.
      
      The USB core gets rightfully upset:
      
        usb 1-1: BOGUS urb flags, 240 --> 200
        WARNING: CPU: 0 PID: 60 at drivers/usb/core/urb.c:503 usb_submit_urb+0x2f8/0x3ed
        Modules linked in:
        CPU: 0 PID: 60 Comm: kworker/0:3 Not tainted 4.19.0-rc6-00319-g5206d00a45c7 #39
        Hardware name: OLPC XO/XO, BIOS OLPC Ver 1.00.01 06/11/2014
        Workqueue: events request_firmware_work_func
        EIP: usb_submit_urb+0x2f8/0x3ed
        Code: 75 06 8b 8f 80 00 00 00 8d 47 78 89 4d e4 89 55 e8 e8 35 1c f6 ff 8b 55 e8 56 52 8b 4d e4 51 50 68 e3 ce c7 c0 e8 ed 18 c6 ff <0f> 0b 83 c4 14 80 7d ef 01 74 0a 80 7d ef 03 0f 85 b8 00 00 00 8b
        EAX: 00000025 EBX: ce7d4980 ECX: 00000000 EDX: 00000001
        ESI: 00000200 EDI: ce7d8800 EBP: ce7f5ea8 ESP: ce7f5e70
        DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00210292
        CR0: 80050033 CR2: 00000000 CR3: 00e80000 CR4: 00000090
        Call Trace:
         ? if_usb_fw_timeo+0x64/0x64
         __if_usb_submit_rx_urb+0x85/0xe6
         ? if_usb_fw_timeo+0x64/0x64
         if_usb_submit_rx_urb_fwload+0xd/0xf
         if_usb_prog_firmware+0xc0/0x3db
         ? _request_firmware+0x54/0x47b
         ? _request_firmware+0x89/0x47b
         ? if_usb_probe+0x412/0x412
         lbs_fw_loaded+0x55/0xa6
         ? debug_smp_processor_id+0x12/0x14
         helper_firmware_cb+0x3c/0x3f
         request_firmware_work_func+0x37/0x6f
         process_one_work+0x164/0x25a
         worker_thread+0x1c4/0x284
         kthread+0xec/0xf1
         ? cancel_delayed_work_sync+0xf/0xf
         ? kthread_create_on_node+0x1a/0x1a
         ret_from_fork+0x2e/0x38
        ---[ end trace 3ef1e3b2dd53852f ]---
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NLubomir Rintel <lkundrak@v3.sk>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f253f6de
    • M
      ath10k: schedule hardware restart if WMI command times out · 27baa32c
      Martin Willi 提交于
      [ Upstream commit a9911937e7d332761e8c4fcbc7ba0426bdc3956f ]
      
      When running in AP mode, ath10k sometimes suffers from TX credit
      starvation. The issue is hard to reproduce and shows up once in a
      few days, but has been repeatedly seen with QCA9882 and a large
      range of firmwares, including 10.2.4.70.67.
      
      Once the module is in this state, TX credits are never replenished,
      which results in "SWBA overrun" errors, as no beacons can be sent.
      Even worse, WMI commands run in a timeout while holding the conf
      mutex for three seconds each, making any further operations slow
      and the whole system unresponsive.
      
      The firmware/driver never recovers from that state automatically,
      and triggering TX flush or warm restarts won't work over WMI. So
      issue a hardware restart if a WMI command times out due to missing
      TX credits. This implies a connectivity outage of about 1.4s in AP
      mode, but brings back the interface and the whole system to a usable
      state. WMI command timeouts have not been seen in absent of this
      specific issue, so taking such drastic actions seems legitimate.
      Signed-off-by: NMartin Willi <martin@strongswan.org>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      27baa32c
    • M
      wil6210: fix RX buffers release and unmap · b8345244
      Maya Erez 提交于
      [ Upstream commit 84f16fbb62384fb209cd35741d94eb00b5ca2746 ]
      
      RX SKBs are released in both wil6210 rmmod and RX handle.
      As there is no lock to protect the buffers DMA unmap,
      the SKB pointer in buff_arr is used to check if the buffer
      memory was already released.
      Setting wil->rx_buff_mgmt.buff_arr[buff_id].skb to NULL before the DMA
      memory unmap will prevent duplicate unmapping of the same memory.
      Move the buffer ID to the free list also in case the SKB is NULL.
      Signed-off-by: NMaya Erez <merez@codeaurora.org>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b8345244
    • S
      iwlwifi: mvm: fix BAR seq ctrl reporting · 8ba36c16
      Sara Sharon 提交于
      [ Upstream commit 941ab4eb66c10bc5c7234e83a7a858b2806ed151 ]
      
      There is a bug in FW where the sequence control may be
      incorrect, and the driver overrides it with the value
      of the ieee80211 header.
      
      However, in BAR there is no sequence control in the header,
      which result with arbitrary sequence.
      
      This access to an unknown location is bad and it makes the
      logs very confusing - so fix it.
      Signed-off-by: NSara Sharon <sara.sharon@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8ba36c16
    • D
      libertas_tf: prevent underflow in process_cmdrequest() · 44e0f15b
      Dan Carpenter 提交于
      [ Upstream commit 3348ef6a6a126706d6a73ed40c18d8033df72783 ]
      
      If recvlength is less than MESSAGE_HEADER_LEN (4) we would end up
      corrupting memory.
      
      Fixes: c305a19a ("libertas_tf: usb specific functions")
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      44e0f15b
    • S
      rsi: fix memory alignment issue in ARM32 platforms · 14e0b9bb
      Siva Rebbagondla 提交于
      [ Upstream commit baa8caf4ab7af2d9e84b566b99fe919a4e9e7562 ]
      
      During testing in ARM32 platforms, observed below kernel panic, as driver
      accessing data beyond the allocated memory while submitting URB to USB.
      
      Fix: Resolved this by specifying correct length by considering 64 bit
      alignment. so that, USB bus driver will access only allocated memory.
      
      Unit-test: Tested and confirm that driver bring up and scanning,
      connection and data transfer works fine with this fix.
      
      ...skipping...
      [   25.389450] Unable to handle kernel paging request at virtual
      	       address 5aa11422
      [   25.403078] Internal error: Oops: 5 [#1] SMP ARM
      [   25.407703] Modules linked in: rsi_usb
      [   25.411473] CPU: 1 PID: 317 Comm: RX-Thread Not tainted 4.18.0-rc7 #1
      [   25.419221] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
      [   25.425764] PC is at skb_release_data+0x90/0x168
      [   25.430393] LR is at skb_release_all+0x28/0x2c
      [   25.434842] pc : [<807435b0>] lr : [<80742ba0>] psr: 200e0013 5aa1141e
      [   25.464633] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32 ISA ARM Segment none
      [   25.477524] Process RX-Thread (pid: 317, stack limit = 0x(ptrval))
      [   25.483709] Stack: (0xedf69ed8 to 0xedf6a000)
      [   25.569907] Backtrace:
      [   25.572368] [<80743520>] (skb_release_data) from [<80742ba0>]
      	       (skb_release_all+0x28/0x2c)
      [   25.580555] r9:7f00258c r8:00000001 r7:ee355000 r6:eddab0d0
      	       r5:eddab000 r4:eddbb840
      [   25.588308] [<80742b78>] (skb_release_all) from [<807432cc>]
      	       (consume_skb+0x30/0x50)
      [   25.596055] r5:eddab000 r4:eddbb840
      [   25.599648] [<8074329c>] (consume_skb) from [<7f00117c>]
      	       (rsi_usb_rx_thread+0x64/0x12c [rsi_usb])
      [   25.608524] r5:eddab000 r4:eddbb840
      [   25.612116] [<7f001118>] (rsi_usb_rx_thread [rsi_usb]) from
      	       [<80142750>] (kthread+0x11c/0x15c)
      [   25.620735] r10:ee9ff9e0 r9:edcde3b8 r8:ee355000 r7:edf68000
      	       r6:edd3a780 r5:00000000
      [   25.628567] r4:edcde380
      [   25.631110] [<80142634>] (kthread) from [<801010e8>]
      	       (ret_from_fork+0x14/0x2c)
      [   25.638336] Exception stack(0xedf69fb0 to 0xedf69ff8)
      [   25.682929] ---[ end trace 8236a5496f5b5d3b ]---
      Signed-off-by: NSiva Rebbagondla <siva.rebbagondla@redpinesignals.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      14e0b9bb
    • L
      mt76x2u: run device cleanup routine if resume fails · 3041b096
      Lorenzo Bianconi 提交于
      [ Upstream commit 9b2fd48d36e25b9be9ddb8be8cc1eb263a1d1843 ]
      
      Cleanup {tx,rx} and mcu queues if resume operation fails
      
      Fixes: ee676cd5 ("mt76: add driver code for MT76x2u based devices")
      Signed-off-by: NLorenzo Bianconi <lorenzo.bianconi@redhat.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3041b096
    • A
      brcmfmac: fix for proper support of 160MHz bandwidth · 2234cb98
      Arend van Spriel 提交于
      [ Upstream commit 330994e8e8ec5d0b269a5265e6032b37e29aa336 ]
      
      Decoding of firmware channel information was not complete for 160MHz
      support. This resulted in the following warning:
      
        WARNING: CPU: 2 PID: 2222 at .../broadcom/brcm80211/brcmutil/d11.c:196
      	brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil]
        Modules linked in: brcmfmac(O) brcmutil(O) sha256_generic cfg80211 ...
        CPU: 2 PID: 2222 Comm: kworker/2:0 Tainted: G           O
        4.17.0-wt-testing-x64-00002-gf1bed50 #1
        Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
        Workqueue: events request_firmware_work_func
        RIP: 0010:brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil]
        RSP: 0018:ffffc90000047bd0 EFLAGS: 00010206
        RAX: 000000000000e832 RBX: ffff8801146fe910 RCX: ffff8801146fd3c0
        RDX: 0000000000002800 RSI: 0000000000000070 RDI: ffffc90000047c30
        RBP: ffffc90000047bd0 R08: 0000000000000000 R09: ffffffffa0798c80
        R10: ffff88012bca55e0 R11: ffff880110a4ea00 R12: ffff8801146f8000
        R13: ffffc90000047c30 R14: ffff8801146fe930 R15: ffff8801138e02e0
        FS:  0000000000000000(0000) GS:ffff88012bc80000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 00007f18ce8b8070 CR3: 000000000200a003 CR4: 00000000000206e0
        Call Trace:
         brcmf_setup_wiphybands+0x212/0x780 [brcmfmac]
         brcmf_cfg80211_attach+0xae2/0x11a0 [brcmfmac]
         brcmf_attach+0x1fc/0x4b0 [brcmfmac]
         ? __kmalloc+0x13c/0x1c0
         brcmf_pcie_setup+0x99b/0xe00 [brcmfmac]
         brcmf_fw_request_done+0x16a/0x1f0 [brcmfmac]
         request_firmware_work_func+0x36/0x60
         process_one_work+0x146/0x350
         worker_thread+0x4a/0x3b0
         kthread+0x102/0x140
         ? process_one_work+0x350/0x350
         ? kthread_bind+0x20/0x20
         ret_from_fork+0x35/0x40
        Code: 66 90 0f b7 07 55 48 89 e5 89 c2 88 47 02 88 47 03 66 81 e2 00 38
      	66 81 fa 00 18 74 6e 66 81 fa 00 20 74 39 66 81 fa 00 10 74 14 <0f>
      	0b 66 25 00 c0 74 20 66 3d 00 c0 75 20 c6 47 04 01 5d c3 66
        ---[ end trace 550c46682415b26d ]---
        brcmfmac: brcmf_construct_chaninfo: Ignoring unexpected firmware channel 50
      
      This patch adds the missing stuff to properly handle this.
      Reviewed-by: NHante Meuleman <hante.meuleman@broadcom.com>
      Reviewed-by: NPieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
      Reviewed-by: NFranky Lin <franky.lin@broadcom.com>
      Signed-off-by: NArend van Spriel <arend.vanspriel@broadcom.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2234cb98
    • R
      ath10k: fix tx status flag setting for management frames · aea35bd4
      Rakesh Pillai 提交于
      [ Upstream commit 058a7eab9d9ee12f57282eb0b606668dada70d7a ]
      
      The tx_status for management frames is being filled
      incorrectly in the flags of skb_cb. This incorrect
      flag setting causes the upper layers to consider that
      the particular frame was not transmitted properly,
      leading to improper behavior.
      
      Set the IEEE80211_TX_STAT_ACK flag in the info flags
      of skb_cb, to indicate the successful transmission of
      the management frame.
      
      Tested HW: WCN3990
      Tested FW: WLAN.HL.2.0-01188-QCAHLSWMTPLZ-1
      
      Fixes: dc405152Signed-off-by: NRakesh Pillai <pillair@codeaurora.org>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      aea35bd4
    • T
      wlcore: Fix BUG with clear completion on timeout · a0a9e306
      Tony Lindgren 提交于
      [ Upstream commit 4e651bad848955d88b29a568bfbfb4b831270e16 ]
      
      We do not currently clear wl->elp_compl on ELP timeout and we have bogus
      lingering pointer that wlcore_irq then will try to access after recovery
      is done:
      
      BUG: spinlock bad magic on CPU#1, irq/255-wl12xx/580
      ...
      (spin_dump) from [<c01b9344>] (do_raw_spin_lock+0xc8/0x124)
      (do_raw_spin_lock) from [<c09b3970>] (_raw_spin_lock_irqsave+0x68/0x74)
      (_raw_spin_lock_irqsave) from [<c01a02f0>] (complete+0x24/0x58)
      (complete) from [<bf572610>] (wlcore_irq+0x48/0x17c [wlcore])
      (wlcore_irq [wlcore]) from [<c01c5efc>] (irq_thread_fn+0x2c/0x64)
      (irq_thread_fn) from [<c01c623c>] (irq_thread+0x148/0x290)
      (irq_thread) from [<c016b4b0>] (kthread+0x160/0x17c)
      (kthread) from [<c01010b4>] (ret_from_fork+0x14/0x20)
      ...
      
      After that the system will hang. Let's fix this by adding a flag for
      recovery and moving the recovery work call to to the error handling
      section.
      
      And we want to set WL1271_FLAG_INTENDED_FW_RECOVERY and actually clear
      it too in wl1271_recovery_work() and just downgrade the error to a
      warning to prevent overly verbose output.
      
      Cc: Eyal Reizer <eyalr@ti.com>
      Signed-off-by: NTony Lindgren <tony@atomide.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a0a9e306
    • L
      iwlwifi: mvm: check for n_profiles validity in EWRD ACPI · a2abae52
      Luca Coelho 提交于
      [ Upstream commit 2e1976bb75263fbad918e82184b16a23bd721546 ]
      
      When reading the profiles from the EWRD table in ACPI, we loop over
      the data and set it into our internal table.  We use the number of
      profiles specified in ACPI without checking its validity, so if the
      ACPI table is corrupted and the number is larger than our array size,
      we will try to make an out-of-bounds access.
      
      Fix this by making sure the value specified in the ACPI table is
      valid.
      
      Fixes: 69964905 ("iwlwifi: mvm: add support for EWRD (Dynamic SAR) ACPI table")
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a2abae52
    • E
      iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface · b325d550
      Emmanuel Grumbach 提交于
      [ Upstream commit 155f7e0441cd121b1e673d465a35e99f4b9b2f0b ]
      
      Fix a bug that happens in the following scenario:
      1) suspend without WoWLAN
      2) mac80211 calls drv_stop because of the suspend
      3) __iwl_mvm_mac_stop deallocates the aux station
      4) during drv_stop the firmware crashes
      5) iwlmvm:
      	* sets IWL_MVM_STATUS_HW_RESTART_REQUESTED
      	* asks mac80211 to kick the restart flow
      6) mac80211 puts the restart worker into a freezable
         queue which means that the worker will not run for now
         since the workqueue is already frozen
      7) ...
      8) resume
      9) mac80211 runs ieee80211_reconfig as part of the resume
      10) mac80211 detects that a restart flow has been requested
          and that we are now resuming from suspend and cancels
          the restart worker
      11) mac80211 calls drv_start()
      12) __iwl_mvm_mac_start checks that IWL_MVM_STATUS_HW_RESTART_REQUESTED
          clears it, sets IWL_MVM_STATUS_IN_HW_RESTART and calls
          iwl_mvm_restart_cleanup()
      13) iwl_fw_error_dump gets called and accesses the device
          to get debug data
      14) iwl_mvm_up adds the aux station
      15) iwl_mvm_add_aux_sta() allocates an internal station for
          the aux station
      16) iwl_mvm_allocate_int_sta() tests IWL_MVM_STATUS_IN_HW_RESTART
          and doesn't really allocate a station ID for the aux
          station
      17) a new queue is added for the aux station
      
      Note that steps from 5 to 9 aren't really part of the
      problem but were described for the sake of completeness.
      
      Once the iwl_mvm_mac_stop() is called, the device is not
      accessible, meaning that step 12) can't succeed and we'll
      see the following:
      
      drivers/net/wireless/intel/iwlwifi/pcie/trans.c:2122 iwl_trans_pcie_grab_nic_access+0xc0/0x1d6 [iwlwifi]()
      Timeout waiting for hardware access (CSR_GP_CNTRL 0x080403d8)
      Call Trace:
      [<ffffffffc03e6ad3>] iwl_trans_pcie_grab_nic_access+0xc0/0x1d6 [iwlwifi]
      [<ffffffffc03e6a13>] iwl_trans_pcie_dump_regs+0x3fd/0x3fd [iwlwifi]
      [<ffffffffc03dad42>] iwl_fw_error_dump+0x4f5/0xe8b [iwlwifi]
      [<ffffffffc04bd43e>] __iwl_mvm_mac_start+0x5a/0x21a [iwlmvm]
      [<ffffffffc04bd6d2>] iwl_mvm_mac_start+0xd4/0x103 [iwlmvm]
      [<ffffffffc042d378>] drv_start+0xa1/0xc5 [iwl7000_mac80211]
      [<ffffffffc045a339>] ieee80211_reconfig+0x145/0xf50 [mac80211]
      [<ffffffffc044788b>] ieee80211_resume+0x62/0x66 [mac80211]
      [<ffffffffc0366c5b>] wiphy_resume+0xa9/0xc6 [cfg80211]
      
      The station id of the aux station is set to 0xff in step 3
      and because we don't really allocate a new station id for
      the auxliary station (as explained in 16), we end up sending
      a command to the firmware asking to connect the queue
      to station id 0xff. This makes the firmware crash with the
      following information:
      
      0x00002093 | ADVANCED_SYSASSERT
      0x000002F0 | trm_hw_status0
      0x00000000 | trm_hw_status1
      0x00000B38 | branchlink2
      0x0001978C | interruptlink1
      0x00000000 | interruptlink2
      0xFF080501 | data1
      0xDEADBEEF | data2
      0xDEADBEEF | data3
      Firmware error during reconfiguration - reprobe!
      FW error in SYNC CMD SCD_QUEUE_CFG
      
      Fix this by clearing IWL_MVM_STATUS_HW_RESTART_REQUESTED
      in iwl_mvm_mac_stop(). We won't be able to collect debug
      data anyway and when we will brought up again, we will
      have a clean state from the firmware perspective.
      Since we won't have IWL_MVM_STATUS_IN_HW_RESTART set in
      step 12) we won't get to the 2093 ASSERT either.
      
      Fixes: bf8b286f ("iwlwifi: mvm: defer setting IWL_MVM_STATUS_IN_HW_RESTART")
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b325d550
    • S
      iwlwifi: pcie: avoid empty free RB queue · 0ba5fac2
      Shaul Triebitz 提交于
      [ Upstream commit 868a1e863f95183f00809363fefba6d4f5bcd116 ]
      
      If all free RB queues are empty, the driver will never restock the
      free RB queue.  That's because the restocking happens in the Rx flow,
      and if the free queue is empty there will be no Rx.
      
      Although there's a background worker (a.k.a. allocator) allocating
      memory for RBs so that the Rx handler can restock them, the worker may
      run only after the free queue has become empty (and then it is too
      late for restocking as explained above).
      
      There is a solution for that called 'emergency': If the number of used
      RB's reaches half the amount of all RB's, the Rx handler will not wait
      for the allocator but immediately allocate memory for the used RB's
      and restock the free queue.
      
      But, since the used RB's is per queue, it may happen that the used
      RB's are spread between the queues such that the emergency check will
      fail for each of the queues
      (and still run out of RBs, causing the above symptom).
      
      To fix it, move to emergency mode if the sum of *all* used RBs (for
      all Rx queues) reaches half the amount of all RB's
      Signed-off-by: NShaul Triebitz <shaul.triebitz@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0ba5fac2
  3. 10 10月, 2018 1 次提交
  4. 06 10月, 2018 1 次提交
    • K
      treewide: Replace more open-coded allocation size multiplications · 329e0989
      Kees Cook 提交于
      As done treewide earlier, this catches several more open-coded
      allocation size calculations that were added to the kernel during the
      merge window. This performs the following mechanical transformations
      using Coccinelle:
      
      	kvmalloc(a * b, ...) -> kvmalloc_array(a, b, ...)
      	kvzalloc(a * b, ...) -> kvcalloc(a, b, ...)
      	devm_kzalloc(..., a * b, ...) -> devm_kcalloc(..., a, b, ...)
      Signed-off-by: NKees Cook <keescook@chromium.org>
      329e0989
  5. 28 9月, 2018 1 次提交
  6. 26 9月, 2018 3 次提交
  7. 20 9月, 2018 1 次提交
  8. 17 9月, 2018 1 次提交
  9. 28 8月, 2018 3 次提交
  10. 16 8月, 2018 1 次提交
  11. 15 8月, 2018 1 次提交
    • A
      PCI: Add PCI_DEVICE_DATA() macro to fully describe device ID entry · b72ae8ca
      Andy Shevchenko 提交于
      There are a lot of examples in the kernel where PCI_VDEVICE() is used and
      still looks not so convenient due to additional driver_data field attached.
      
      Introduce PCI_DEVICE_DATA() macro to fully describe device ID entry in
      shortest possible form. For example,
      
        before:
      
          { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_MRFLD),
            (kernel_ulong_t) &dwc3_pci_mrfld_properties, },
      
        after:
      
          { PCI_DEVICE_DATA(INTEL, MRFLD, &dwc3_pci_mrfld_properties) },
      
      Drivers can be converted later on in independent way.
      
      While here, remove the unused macro with the same name from Ralink wireless
      driver.
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NBjorn Helgaas <bhelgaas@google.com>
      Acked-by: Kalle Valo <kvalo@codeaurora.org>	# for rt2x00
      b72ae8ca
  12. 09 8月, 2018 10 次提交
  13. 07 8月, 2018 1 次提交