archive mirror
 help / color / mirror / Atom feed
From: Francesco Magliocca <>
Subject: Bug in Memory Layout of rx_desc for QCA6174
Date: Fri, 18 Jun 2021 09:28:51 +0200	[thread overview]
Message-ID: <> (raw)

Hello everyone,
I have a QCA6174 PCIe board, I am using linux kernel 5.12.10.
The firmware loaded is:
> [    4.483131] ath10k_pci 0000:02:00.0: qca6174 hw3.2 target 0x05030000 chip_id 0x00340aff sub 1a56:143a
> [    4.483136] ath10k_pci 0000:02:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 0 testmode 0
> [    4.483567] ath10k_pci 0000:02:00.0: firmware ver WLAN.RM.4.4.1-00157-QCARMSWPZ-1 api 6 features wowlan,ignore-otp,mfp crc32 90eebefb
> [    4.572730] ath10k_pci 0000:02:00.0: board_file api 2 bmi_id N/A crc32 318825bf
> [    4.665592] ath10k_pci 0000:02:00.0: htt-ver 3.60 wmi-op 4 htt-op 3 cal otp max-sta 32 raw 0 hwcrypto 1

around six months ago I reported a bug which is still haunting me:
When I am connected to my home's Wi-Fi network and my father's Huawei
smartphone is connected too
my Wi-Fi card hangs and gets stuck, I have to force restart of the device.

Note that this problem does not happen if my pc and the smartphone are
connected to different networks (for example
I tried connecting my pc to the 2.4GHz network and the smartphone to
the 5GHz network, and the bug does not appear).

Now, I tried bisecting driver changes, and I found the faulty one,
it is the commit: e3def6f7ddf88636febb12e1e3e86387a4ce5452

It adds some fields to structures like rx_msdu_start, rx_frag_info, etc..
The changes modify the size of these structures!

If I revert this commit changes, the bug does not happen
(I tested it for two weeks, while the bug happens at least once in 2-3 hours
from when the smartphone is connected to the wifi network).

Also, if I selectively remove some of the changes introduced by the
faulty commit,
the bug does not go away, so it looks like the problem is in the
change of size of the
data structures.

Now, I'd like to ask you what we can do to fix this problem...
Is there something I am doing wrong?
Or is there a bug in the firmware?

If the firmware can't be easily fixed, I was thinking that we can
abstract the htt_rx_desc
(in the same way we do with ops in other parts of the driver) to have
two versions:
one for 32-bit descriptors (like my QCA6174)
and one for 64-bit descriptors (i.e. WCN3990, which was the cause of
this change).

I'd be really happy to help, but I am not sure I fully understand what
is going on,
so what do you think is happening and what should we do?

Thanks in advance.
Francesco Magliocca

ath10k mailing list

             reply	other threads:[~2021-06-18  7:29 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-18  7:28 Francesco Magliocca [this message]
2021-09-21  9:21 ` Bug in Memory Layout of rx_desc for QCA6174 Kalle Valo
2021-10-29  9:07   ` Thorsten Leemhuis
2021-10-29 14:43 Francesco Magliocca

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).