Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
切换分支/标签
  1. 26 1月, 2019 5 次提交
  3. 10 1月, 2019 10 次提交
  5. 21 12月, 2018 13 次提交
    • B
      ath10k: add support to configure BB timing over wmi · 84758d4d
      Bhagavathi Perumal S 提交于 
      Add wmi configuration cmd to configure base band(BB) power amplifier(PA)
off timing values in hardware. The default PA off timings were fine tuned
to make proper DFS radar detection in QCA reference design. If ODM uses
different PA in their design, then the same default PA off timing values
cannot be used, it requires different settling time to detect radar pulses
very sooner and avoid radar detection problems. In that case it provides
provision to select proper PA off timing values based on the PA hardware used.
The PA component is part of FEM hardware and new device tree entry
"ext-fem-name" is used to indentify the FEM hardware. And this wmi configuration
cmd is enabled via wmi service flag "WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT".

Other way is to apply these values through calibration data, but recalibration
of all boards out there might not be feasible.

This change tested on firmware ver 10.2.4-1.0-00042 in QCA988X chipset.
Signed-off-by: NBhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      84758d4d
    • Z
      ath10k: fix tx_stats memory leak · 386f97e3
      Zhi Chen 提交于 
      Memory of tx_stats was allocated when a STA was added. But it's not freed
if the STA failed to be added to driver. This issue could be seen in MDK3
attack case when STA number reached the limit.

Tested: QCA9984 with firmware ver 10.4-3.9.0.1-00005
Signed-off-by: NZhi Chen <zhichen@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      386f97e3
    • Z
      ath10k: fix peer stats null pointer dereference · 2d3b5585
      Zhi Chen 提交于 
      There was a race condition in SMP that an ath10k_peer was created but its
member sta was null. Following are procedures of ath10k_peer creation and
member sta access in peer statistics path.

    1. Peer creation:
        ath10k_peer_create()
            =>ath10k_wmi_peer_create()
                =>ath10k_wait_for_peer_created()
                ...

        # another kernel path, RX from firmware
        ath10k_htt_t2h_msg_handler()
        =>ath10k_peer_map_event()
                =>wake_up()
                # ar->peer_map[id] = peer //add peer to map

        #wake up original path from waiting
                ...
                # peer->sta = sta //sta assignment

    2.  RX path of statistics
        ath10k_htt_t2h_msg_handler()
            =>ath10k_update_per_peer_tx_stats()
                =>ath10k_htt_fetch_peer_stats()
                # peer->sta //sta accessing

Any access of peer->sta after peer was added to peer_map but before sta was
assigned could cause a null pointer issue. And because these two steps are
asynchronous, no proper lock can protect them. So both peer and sta need to
be checked before access.

Tested: QCA9984 with firmware ver 10.4-3.9.0.1-00005
Signed-off-by: NZhi Chen <zhichen@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      2d3b5585
    • D
      ath10k: remove an unnecessary NULL check · 27120f2a
      Dan Carpenter 提交于 
      The "survey" pointer is the address of an array element.  We know that
it can't be NULL so this check can be removed.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      27120f2a
    • G
      ath10k: move non-fatal warn logs to dbg level · bd085be6
      Govind Singh 提交于 
      During driver load below warn logs are printed in the console.
Since driver may not implement all wmi events sent by fw and
all of them are non-fatal, move this log to debug level to
remove un-necessary warn message on console.

[  361.887230] ath10k_snoc a000000.wifi: Unknown eventid: 16393
[  361.907037] ath10k_snoc a000000.wifi: Unknown eventid: 237569
Signed-off-by: NGovind Singh <govinds@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      bd085be6
    • D
      ath10k: fix a NULL vs IS_ERR() check · c28dcbce
      Dan Carpenter 提交于 
      The devm_memremap() function doesn't return NULLs, it returns error
pointers.

Fixes: ba94c753 ("ath10k: add QMI message handshake for wcn3990 client")
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      c28dcbce
    • G
      ath10k: remove work in progress logs from snoc driver · 87659675
      Govind Singh 提交于 
      All the necessary patches to make wifi running (over SNOC)
are merged and tested on SDM845/QCS404 platform with WCN3990
wifi module, hence remove work in progress debug from snoc
driver and Kconfig.
Signed-off-by: NGovind Singh <govinds@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      87659675
    • B
      ath10k: fix warning due to msdu limit error · a2864772
      Bhagavathi Perumal S 提交于 
      Some hardwares variants (QCA99x0) are limiting msdu deaggregation with
some threshold value(default limit in QCA99x0 is 64 msdus), it was introduced to
avoid excessive MSDU-deaggregation in error cases. When number of sub frames
exceeds the limit, target hardware will send all msdus starting from present
msdu in RAW format as a single msdu packet and it will be indicated with
error status bit "RX_MSDU_END_INFO0_MSDU_LIMIT_ERR" set in rx descriptor.
This msdu frame is a partial raw MSDU and does't have first msdu and ieee80211
header. It caused below warning message.

[  320.151332] ------------[ cut here ]------------
[  320.155006] WARNING: CPU: 0 PID: 3 at drivers/net/wireless/ath/ath10k/htt_rx.c:1188

In our issue case, MSDU limit error happened due to FCS error and generated
this warning message.

This fixes the warning by handling the MSDU limit error. If msdu limit error
happens, driver adds first MSDU's ieee80211 header and sets A-MSDU present bit
in QOS header so that upper layer processes this frame if it is valid or drop it
if FCS error set. And removed the warning message, hence partial msdus without
first msdu is expected in msdu limit error cases.

Tested on QCA9984, Firmware 10.4-3.6-00104
Signed-off-by: NBhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      a2864772
    • S
      ath10k: disable 4addr source port learning in 10.4 FW by default · 68c295f2
      Sathishkumar Muruganandam 提交于 
      Currently in 10.4 FW, all the received 4addr frames are processed for
source port learning which is enabled by default. This learning can't be
disabled by default in FW since it breaks backward compatibility.

Since ath10k uses mac80211 based 4addr mode, source port learning done in
10.4 FW is redundant and also causes issues when 3addr frames are
transmitted/received for a 4addr station.

One such visible functional impact is when GTK rekey frame from
hostapd based AP to 4addr STA is dropped in AP's 10.4 FW. This is since
GTK rekey EAPOL frame is 3addr frame on AP interface and STA enabled
with 4addr is already allowed for receiving 3addr EAPOL frames.

Source port learning implementation in 10.4 FW drops this 3addr GTK rekey
frame in AP destinated for 4addr STA causing disassociation and
re-association for every GTK rekey session. GTK rekey issue is not seen
when learning is disabled in FW.

To prevent such issues without breaking backward compatibility, FW
advertises new service bit making the source port learning configurable and
this learning is being currently disabled during ath10k vdev creation.

* Tested HW: QCA9984
* Tested FW: 10.4-3.6.0.1-00004
Signed-off-by: NSathishkumar Muruganandam <murugana@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      68c295f2
    • A
      ath10k: report tx rate using ieee80211_tx_rate_update() · 9a9cf0e6
      Anilkumar Kolli 提交于 
      Mesh path metric needs tx rate information from ieee80211_tx_status()
call but in ath10k there is no mechanism to report tx rate information
via ieee80211_tx_status(), the tx rate is only accessible via
sta_statiscs() op.

Per peer tx stats has tx rate info available, Tx rate is available
to ath10k driver after every 4 PPDU sent in the air. For each PPDU,
ath10k driver updates rate informattion to mac80211 using
ieee80211_tx_rate_update().

Per peer txrate information is updated through per peer statistics
and is available for QCA9888/QCA9984/QCA4019/QCA998X only

Tested on QCA9984 with firmware-5.bin_10.4-3.5.3-00053
Tested on QCA998X with firmware-5.bin_10.2.4-1.0-00036
Signed-off-by: NAnilkumar Kolli <akolli@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      9a9cf0e6
    • Y
      ath10k: add amsdu support for monitor mode · 85bd0107
      Yu Wang 提交于 
      When processing HTT_T2H_MSG_TYPE_RX_IN_ORD_PADDR_IND, if the length of a msdu
is larger than the tailroom of the rx skb, skb_over_panic issue will happen
when calling skb_put.  In monitor mode, amsdu will be handled in this path, and
msdu_len of the first msdu_desc is the length of the entire amsdu, which might
be larger than the maximum length of a skb, in such case, it will hit the issue
upon.

To fix this issue, process msdu list separately for monitor mode.

Successfully tested with:
QCA6174 (FW version: RM.4.4.1.c2-00057-QCARMSWP-1).
Signed-off-by: NYu Wang <yyuwang@codeaurora.org>
[kvalo@codeaurora.org: cosmetic cleanup]
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      85bd0107
    • K
      ath10k: fix kernel panic due to use after free · 553a7cca
      Karthikeyan Periyasamy 提交于 
      This issue arise in a race condition between ath10k_sta_state() and
ath10k_htt_fetch_peer_stats(), explained in below scenario

Steps:
1. In ath10k_sta_state(), arsta->tx_stats get deallocated before peer deletion
   when the station moves from IEEE80211_STA_NONE to IEEE80211_STA_NOTEXIST
   state.
2. Meanwhile ath10k receive HTT_T2H_MSG_TYPE_PEER_STATS message.
   In ath10k_htt_fetch_peer_stats(), arsta->tx_stats get accessed after
   the peer validation check.

Since arsta->tx_stats get freed before the peer deletion [1].
ath10k_htt_fetch_peer_stats() ended up in "use after free" situation.

Fixed this issue by moving the arsta->tx_stats free handling after the
peer deletion. so that ath10k_htt_fetch_peer_stats() will not end up in
"use after free" situation.

Kernel Panic:

Unable to handle kernel NULL pointer dereference at virtual address 00000286
pgd = d8754000
[00000286] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT SMP ARM
...
CPU: 0 PID: 6245 Comm: hostapd Not tainted
task: dc44cac0 ti: d4a38000 task.ti: d4a38000
PC is at kmem_cache_alloc+0x7c/0x114
LR is at ath10k_sta_state+0x190/0xd58 [ath10k_core]
pc : [<c02bdc50>]    lr : [<bf916b78>]    psr: 20000013
sp : d4a39b88  ip : 00000000  fp : 00000001
r10: 00000000  r9 : 1d3bc000  r8 : 00000dc0
r7 : 000080d0  r6 : d4a38000  r5 : dd401b00  r4 : 00000286
r3 : 00000000  r2 : d4a39ba0  r1 : 000080d0  r0 : dd401b00
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c5787d  Table: 5a75406a  DAC: 00000015
Process hostapd (pid: 6245, stack limit = 0xd4a38238)
Stack: (0xd4a39b88 to 0xd4a3a000)
...
[<c02bdc50>] (kmem_cache_alloc) from [<bf916b78>] (ath10k_sta_state+0x190/0xd58 [ath10k_core])
[<bf916b78>] (ath10k_sta_state [ath10k_core]) from [<bf870d4c>] (sta_info_insert_rcu+0x418/0x61c [mac80211])
[<bf870d4c>] (sta_info_insert_rcu [mac80211]) from [<bf88634c>] (ieee80211_add_station+0xf0/0x134 [mac80211])
[<bf88634c>] (ieee80211_add_station [mac80211]) from [<bf83f3c4>] (nl80211_new_station+0x330/0x36c [cfg80211])
[<bf83f3c4>] (nl80211_new_station [cfg80211]) from [<bf6c4040>] (extack_doit+0x2c/0x74 [compat])
[<bf6c4040>] (extack_doit [compat]) from [<c05c285c>] (genl_rcv_msg+0x274/0x30c)
[<c05c285c>] (genl_rcv_msg) from [<c05c1d98>] (netlink_rcv_skb+0x58/0xac)
[<c05c1d98>] (netlink_rcv_skb) from [<c05c25d4>] (genl_rcv+0x20/0x34)
[<c05c25d4>] (genl_rcv) from [<c05c1750>] (netlink_unicast+0x11c/0x204)
[<c05c1750>] (netlink_unicast) from [<c05c1be0>] (netlink_sendmsg+0x30c/0x370)
[<c05c1be0>] (netlink_sendmsg) from [<c0587e90>] (sock_sendmsg+0x70/0x84)
[<c0587e90>] (sock_sendmsg) from [<c058970c>] (___sys_sendmsg.part.3+0x188/0x228)
[<c058970c>] (___sys_sendmsg.part.3) from [<c058a594>] (__sys_sendmsg+0x4c/0x70)
[<c058a594>] (__sys_sendmsg) from [<c0208c80>] (ret_fast_syscall+0x0/0x44)
Code: ebfffec1 e1a04000 ea00001b e5953014 (e7940003)
ath10k_pci 0000:01:00.0: SWBA overrun on vdev 0, skipped old beacon

Hardware tested: QCA9984
Firmware tested: 10.4-3.6.0.1-00004

Fixes: a904417f ("ath10k: add extended per sta tx statistics support")
Signed-off-by: NKarthikeyan Periyasamy <periyasa@codeaurora.org>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      553a7cca
    • Y
      ath10k: remove set but not used variable 'num_tdls_vifs' · bff70e5f
      YueHaibing 提交于 
      Fixes gcc '-Wunused-but-set-variable' warning:

drivers/net/wireless/ath/ath10k/mac.c: In function 'ath10k_sta_state':
drivers/net/wireless/ath/ath10k/mac.c:6238:7: warning:
 variable 'num_tdls_vifs' set but not used [-Wunused-but-set-variable]

'num_tdls_vifs' not used any more after
  9a993cc1 ("ath10k: fix the logic of limiting tdls peer counts")

Also, remove the single called function ath10k_mac_tdls_vifs_count
and ath10k_mac_tdls_vifs_count_iter.
Signed-off-by: NYueHaibing <yuehaibing@huawei.com>
Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      bff70e5f
  7. 20 12月, 2018 12 次提交