* [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read
@ 2021-05-05 16:32 Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 046/104] mac80211: Set priority and queue mapping for injected frames Sasha Levin
` (17 more replies)
0 siblings, 18 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:32 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Pradeep Kumar Chitrapu, Kalle Valo, Sasha Levin, ath11k,
linux-wireless, netdev
From: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
[ Upstream commit e3de5bb7ac1a4cb262f8768924fd3ef6182b10bb ]
Fix dangling pointer in thermal temperature event which causes
incorrect temperature read.
Tested-on: IPQ8074 AHB WLAN.HK.2.4.0.1-00041-QCAHKSWPL_SILICONZ-1
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210218182708.8844-1-pradeepc@codeaurora.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/wmi.c | 53 +++++++++++----------------
1 file changed, 21 insertions(+), 32 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index 73869d445c5b..f457a089b63c 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -5190,31 +5190,6 @@ int ath11k_wmi_pull_fw_stats(struct ath11k_base *ab, struct sk_buff *skb,
return 0;
}
-static int
-ath11k_pull_pdev_temp_ev(struct ath11k_base *ab, u8 *evt_buf,
- u32 len, const struct wmi_pdev_temperature_event *ev)
-{
- const void **tb;
- int ret;
-
- tb = ath11k_wmi_tlv_parse_alloc(ab, evt_buf, len, GFP_ATOMIC);
- if (IS_ERR(tb)) {
- ret = PTR_ERR(tb);
- ath11k_warn(ab, "failed to parse tlv: %d\n", ret);
- return ret;
- }
-
- ev = tb[WMI_TAG_PDEV_TEMPERATURE_EVENT];
- if (!ev) {
- ath11k_warn(ab, "failed to fetch pdev temp ev");
- kfree(tb);
- return -EPROTO;
- }
-
- kfree(tb);
- return 0;
-}
-
size_t ath11k_wmi_fw_stats_num_vdevs(struct list_head *head)
{
struct ath11k_fw_stats_vdev *i;
@@ -6622,23 +6597,37 @@ ath11k_wmi_pdev_temperature_event(struct ath11k_base *ab,
struct sk_buff *skb)
{
struct ath11k *ar;
- struct wmi_pdev_temperature_event ev = {0};
+ const void **tb;
+ const struct wmi_pdev_temperature_event *ev;
+ int ret;
+
+ tb = ath11k_wmi_tlv_parse_alloc(ab, skb->data, skb->len, GFP_ATOMIC);
+ if (IS_ERR(tb)) {
+ ret = PTR_ERR(tb);
+ ath11k_warn(ab, "failed to parse tlv: %d\n", ret);
+ return;
+ }
- if (ath11k_pull_pdev_temp_ev(ab, skb->data, skb->len, &ev) != 0) {
- ath11k_warn(ab, "failed to extract pdev temperature event");
+ ev = tb[WMI_TAG_PDEV_TEMPERATURE_EVENT];
+ if (!ev) {
+ ath11k_warn(ab, "failed to fetch pdev temp ev");
+ kfree(tb);
return;
}
ath11k_dbg(ab, ATH11K_DBG_WMI,
- "pdev temperature ev temp %d pdev_id %d\n", ev.temp, ev.pdev_id);
+ "pdev temperature ev temp %d pdev_id %d\n", ev->temp, ev->pdev_id);
- ar = ath11k_mac_get_ar_by_pdev_id(ab, ev.pdev_id);
+ ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id);
if (!ar) {
- ath11k_warn(ab, "invalid pdev id in pdev temperature ev %d", ev.pdev_id);
+ ath11k_warn(ab, "invalid pdev id in pdev temperature ev %d", ev->pdev_id);
+ kfree(tb);
return;
}
- ath11k_thermal_event_temperature(ar, ev.temp);
+ ath11k_thermal_event_temperature(ar, ev->temp);
+
+ kfree(tb);
}
static void ath11k_fils_discovery_event(struct ath11k_base *ab,
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 046/104] mac80211: Set priority and queue mapping for injected frames
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 047/104] mac80211: clear the beacon's CRC after channel switch Sasha Levin
` (16 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Johan Almbladh, Johannes Berg, Sasha Levin, linux-wireless, netdev
From: Johan Almbladh <johan.almbladh@anyfinetworks.com>
[ Upstream commit 96a7109a16665255b65d021e24141c2edae0e202 ]
Some drivers, for example mt76, use the skb priority field, and
expects that to be consistent with the skb queue mapping. On some
frame injection code paths that was not true, and it broke frame
injection. Now the skb queue mapping is set according to the skb
priority value when the frame is injected. The skb priority value
is also derived from the frame data for all frame types, as it
was done prior to commit dbd50a851c50 (only allocate one queue
when using iTXQs). Fixes frame injection with the mt76 driver on
MT7610E chipset.
Signed-off-by: Johan Almbladh <johan.almbladh@anyfinetworks.com>
Link: https://lore.kernel.org/r/20210401164455.978245-1-johan.almbladh@anyfinetworks.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/tx.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 64fae4f645f5..f6bfa0ce262c 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -2269,17 +2269,6 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
payload[7]);
}
- /* Initialize skb->priority for QoS frames. If the DONT_REORDER flag
- * is set, stick to the default value for skb->priority to assure
- * frames injected with this flag are not reordered relative to each
- * other.
- */
- if (ieee80211_is_data_qos(hdr->frame_control) &&
- !(info->control.flags & IEEE80211_TX_CTRL_DONT_REORDER)) {
- u8 *p = ieee80211_get_qos_ctl(hdr);
- skb->priority = *p & IEEE80211_QOS_CTL_TAG1D_MASK;
- }
-
rcu_read_lock();
/*
@@ -2343,6 +2332,15 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
info->band = chandef->chan->band;
+ /* Initialize skb->priority according to frame type and TID class,
+ * with respect to the sub interface that the frame will actually
+ * be transmitted on. If the DONT_REORDER flag is set, the original
+ * skb-priority is preserved to assure frames injected with this
+ * flag are not reordered relative to each other.
+ */
+ ieee80211_select_queue_80211(sdata, skb, hdr);
+ skb_set_queue_mapping(skb, ieee80211_ac_from_tid(skb->priority));
+
/* remove the injection radiotap header */
skb_pull(skb, len_rthdr);
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 047/104] mac80211: clear the beacon's CRC after channel switch
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 046/104] mac80211: Set priority and queue mapping for injected frames Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 050/104] rtw88: 8822c: add LC calibration for RTL8822C Sasha Levin
` (15 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Emmanuel Grumbach, Johannes Berg, Sasha Levin, linux-wireless, netdev
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit d6843d1ee283137723b4a8c76244607ce6db1951 ]
After channel switch, we should consider any beacon with a
CSA IE as a new switch. If the CSA IE is a leftover from
before the switch that the AP forgot to remove, we'll get
a CSA-to-Self.
This caused issues in iwlwifi where the firmware saw a beacon
with a CSA-to-Self with mode = 1 on the new channel after a
switch. The firmware considered this a new switch and closed
its queues. Since the beacon didn't change between before and
after the switch, we wouldn't handle it (the CRC is the same)
and we wouldn't let the firmware open its queues again or
disconnect if the CSA IE stays for too long.
Clear the CRC valid state after we switch to make sure that
we handle the beacon and handle the CSA IE as required.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Link: https://lore.kernel.org/r/20210408143124.b9e68aa98304.I465afb55ca2c7d59f7bf610c6046a1fd732b4c28@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b7155b078b19..c9eb75603576 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1295,6 +1295,11 @@ static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
sdata->vif.csa_active = false;
ifmgd->csa_waiting_bcn = false;
+ /*
+ * If the CSA IE is still present on the beacon after the switch,
+ * we need to consider it as a new CSA (possibly to self).
+ */
+ ifmgd->beacon_crc_valid = false;
ret = drv_post_channel_switch(sdata);
if (ret) {
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 050/104] rtw88: 8822c: add LC calibration for RTL8822C
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 046/104] mac80211: Set priority and queue mapping for injected frames Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 047/104] mac80211: clear the beacon's CRC after channel switch Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 051/104] mt76: mt7615: fix key set/delete issues Sasha Levin
` (14 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Po-Hao Huang, Ping-Ke Shih, Kalle Valo, Sasha Levin,
linux-wireless, netdev
From: Po-Hao Huang <phhuang@realtek.com>
[ Upstream commit 7ae7784ec2a812c07d2ca91a6538ef2470154fb6 ]
Fix power tracking issue by replacing unnecessary IQ calibration
with LC calibration.
When thermal difference exceeds limitation, let RF circuit adjsut
its characteristic to fit in current environment.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210319054218.3319-6-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/main.h | 2 ++
drivers/net/wireless/realtek/rtw88/phy.c | 14 ++++++++++
drivers/net/wireless/realtek/rtw88/phy.h | 1 +
drivers/net/wireless/realtek/rtw88/reg.h | 5 ++++
drivers/net/wireless/realtek/rtw88/rtw8822c.c | 27 +++++++++++++++++--
5 files changed, 47 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/main.h b/drivers/net/wireless/realtek/rtw88/main.h
index 9a318dfd04f9..3d51394edb4a 100644
--- a/drivers/net/wireless/realtek/rtw88/main.h
+++ b/drivers/net/wireless/realtek/rtw88/main.h
@@ -1157,6 +1157,7 @@ struct rtw_chip_info {
bool en_dis_dpd;
u16 dpd_ratemask;
u8 iqk_threshold;
+ u8 lck_threshold;
const struct rtw_pwr_track_tbl *pwr_track_tbl;
u8 bfer_su_max_num;
@@ -1520,6 +1521,7 @@ struct rtw_dm_info {
u8 tx_rate;
u8 thermal_avg[RTW_RF_PATH_MAX];
u8 thermal_meter_k;
+ u8 thermal_meter_lck;
s8 delta_power_index[RTW_RF_PATH_MAX];
s8 delta_power_index_last[RTW_RF_PATH_MAX];
u8 default_ofdm_index;
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
index d44960cd940c..0793f08b4fea 100644
--- a/drivers/net/wireless/realtek/rtw88/phy.c
+++ b/drivers/net/wireless/realtek/rtw88/phy.c
@@ -2159,6 +2159,20 @@ s8 rtw_phy_pwrtrack_get_pwridx(struct rtw_dev *rtwdev,
}
EXPORT_SYMBOL(rtw_phy_pwrtrack_get_pwridx);
+bool rtw_phy_pwrtrack_need_lck(struct rtw_dev *rtwdev)
+{
+ struct rtw_dm_info *dm_info = &rtwdev->dm_info;
+ u8 delta_lck;
+
+ delta_lck = abs(dm_info->thermal_avg[0] - dm_info->thermal_meter_lck);
+ if (delta_lck >= rtwdev->chip->lck_threshold) {
+ dm_info->thermal_meter_lck = dm_info->thermal_avg[0];
+ return true;
+ }
+ return false;
+}
+EXPORT_SYMBOL(rtw_phy_pwrtrack_need_lck);
+
bool rtw_phy_pwrtrack_need_iqk(struct rtw_dev *rtwdev)
{
struct rtw_dm_info *dm_info = &rtwdev->dm_info;
diff --git a/drivers/net/wireless/realtek/rtw88/phy.h b/drivers/net/wireless/realtek/rtw88/phy.h
index b924ed07630a..9623248c9466 100644
--- a/drivers/net/wireless/realtek/rtw88/phy.h
+++ b/drivers/net/wireless/realtek/rtw88/phy.h
@@ -55,6 +55,7 @@ u8 rtw_phy_pwrtrack_get_delta(struct rtw_dev *rtwdev, u8 path);
s8 rtw_phy_pwrtrack_get_pwridx(struct rtw_dev *rtwdev,
struct rtw_swing_table *swing_table,
u8 tbl_path, u8 therm_path, u8 delta);
+bool rtw_phy_pwrtrack_need_lck(struct rtw_dev *rtwdev);
bool rtw_phy_pwrtrack_need_iqk(struct rtw_dev *rtwdev);
void rtw_phy_config_swing_table(struct rtw_dev *rtwdev,
struct rtw_swing_table *swing_table);
diff --git a/drivers/net/wireless/realtek/rtw88/reg.h b/drivers/net/wireless/realtek/rtw88/reg.h
index cf9a3b674d30..767f7777d409 100644
--- a/drivers/net/wireless/realtek/rtw88/reg.h
+++ b/drivers/net/wireless/realtek/rtw88/reg.h
@@ -650,8 +650,13 @@
#define RF_TXATANK 0x64
#define RF_TRXIQ 0x66
#define RF_RXIQGEN 0x8d
+#define RF_SYN_PFD 0xb0
#define RF_XTALX2 0xb8
+#define RF_SYN_CTRL 0xbb
#define RF_MALSEL 0xbe
+#define RF_SYN_AAC 0xc9
+#define RF_AAC_CTRL 0xca
+#define RF_FAST_LCK 0xcc
#define RF_RCKD 0xde
#define RF_TXADBG 0xde
#define RF_LUTDBG 0xdf
diff --git a/drivers/net/wireless/realtek/rtw88/rtw8822c.c b/drivers/net/wireless/realtek/rtw88/rtw8822c.c
index dd560c28abb2..448922cb2e63 100644
--- a/drivers/net/wireless/realtek/rtw88/rtw8822c.c
+++ b/drivers/net/wireless/realtek/rtw88/rtw8822c.c
@@ -1126,6 +1126,7 @@ static void rtw8822c_pwrtrack_init(struct rtw_dev *rtwdev)
dm_info->pwr_trk_triggered = false;
dm_info->thermal_meter_k = rtwdev->efuse.thermal_meter_k;
+ dm_info->thermal_meter_lck = rtwdev->efuse.thermal_meter_k;
}
static void rtw8822c_phy_set_param(struct rtw_dev *rtwdev)
@@ -2108,6 +2109,26 @@ static void rtw8822c_false_alarm_statistics(struct rtw_dev *rtwdev)
rtw_write32_set(rtwdev, REG_RX_BREAK, BIT_COM_RX_GCK_EN);
}
+static void rtw8822c_do_lck(struct rtw_dev *rtwdev)
+{
+ u32 val;
+
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_CTRL, RFREG_MASK, 0x80010);
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_PFD, RFREG_MASK, 0x1F0FA);
+ fsleep(1);
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_AAC_CTRL, RFREG_MASK, 0x80000);
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_AAC, RFREG_MASK, 0x80001);
+ read_poll_timeout(rtw_read_rf, val, val != 0x1, 1000, 100000,
+ true, rtwdev, RF_PATH_A, RF_AAC_CTRL, 0x1000);
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_SYN_PFD, RFREG_MASK, 0x1F0F8);
+ rtw_write_rf(rtwdev, RF_PATH_B, RF_SYN_CTRL, RFREG_MASK, 0x80010);
+
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_FAST_LCK, RFREG_MASK, 0x0f000);
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_FAST_LCK, RFREG_MASK, 0x4f000);
+ fsleep(1);
+ rtw_write_rf(rtwdev, RF_PATH_A, RF_FAST_LCK, RFREG_MASK, 0x0f000);
+}
+
static void rtw8822c_do_iqk(struct rtw_dev *rtwdev)
{
struct rtw_iqk_para para = {0};
@@ -3538,11 +3559,12 @@ static void __rtw8822c_pwr_track(struct rtw_dev *rtwdev)
rtw_phy_config_swing_table(rtwdev, &swing_table);
+ if (rtw_phy_pwrtrack_need_lck(rtwdev))
+ rtw8822c_do_lck(rtwdev);
+
for (i = 0; i < rtwdev->hal.rf_path_num; i++)
rtw8822c_pwr_track_path(rtwdev, &swing_table, i);
- if (rtw_phy_pwrtrack_need_iqk(rtwdev))
- rtw8822c_do_iqk(rtwdev);
}
static void rtw8822c_pwr_track(struct rtw_dev *rtwdev)
@@ -4351,6 +4373,7 @@ struct rtw_chip_info rtw8822c_hw_spec = {
.dpd_ratemask = DIS_DPD_RATEALL,
.pwr_track_tbl = &rtw8822c_rtw_pwr_track_tbl,
.iqk_threshold = 8,
+ .lck_threshold = 8,
.bfer_su_max_num = 2,
.bfer_mu_max_num = 1,
.rx_ldpc = true,
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 051/104] mt76: mt7615: fix key set/delete issues
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (2 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 050/104] rtw88: 8822c: add LC calibration for RTL8822C Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 052/104] mt76: mt7615: support loading EEPROM for MT7613BE Sasha Levin
` (13 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Felix Fietkau, Sasha Levin, linux-wireless, netdev,
linux-arm-kernel, linux-mediatek
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 730d6d0da8d8f5905faafe645a5b3c08ac3f5a8f ]
There were multiple issues in the current key set/remove code:
- deleting a key with the previous key index deletes the current key
- BIP key would only be uploaded correctly initially and corrupted on rekey
Rework the code to better keep track of multiple keys and check for the
key index before deleting the current key
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt76.h | 1 +
.../net/wireless/mediatek/mt76/mt7615/mac.c | 97 ++++++++++---------
.../net/wireless/mediatek/mt76/mt7615/main.c | 18 ++--
3 files changed, 65 insertions(+), 51 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h b/drivers/net/wireless/mediatek/mt76/mt76.h
index 3e496a188bf0..deaeff3713f5 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -221,6 +221,7 @@ struct mt76_wcid {
u16 idx;
u8 hw_key_idx;
+ u8 hw_key_idx2;
u8 sta:1;
u8 ext_phy:1;
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
index fb10a6497ed0..ea17bbeb10f7 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
@@ -1031,7 +1031,7 @@ EXPORT_SYMBOL_GPL(mt7615_mac_set_rates);
static int
mt7615_mac_wtbl_update_key(struct mt7615_dev *dev, struct mt76_wcid *wcid,
struct ieee80211_key_conf *key,
- enum mt7615_cipher_type cipher,
+ enum mt7615_cipher_type cipher, u16 cipher_mask,
enum set_key_cmd cmd)
{
u32 addr = mt7615_mac_wtbl_addr(dev, wcid->idx) + 30 * 4;
@@ -1048,22 +1048,22 @@ mt7615_mac_wtbl_update_key(struct mt7615_dev *dev, struct mt76_wcid *wcid,
memcpy(data + 16, key->key + 24, 8);
memcpy(data + 24, key->key + 16, 8);
} else {
- if (cipher != MT_CIPHER_BIP_CMAC_128 && wcid->cipher)
- memmove(data + 16, data, 16);
- if (cipher != MT_CIPHER_BIP_CMAC_128 || !wcid->cipher)
+ if (cipher_mask == BIT(cipher))
memcpy(data, key->key, key->keylen);
- else if (cipher == MT_CIPHER_BIP_CMAC_128)
+ else if (cipher != MT_CIPHER_BIP_CMAC_128)
+ memcpy(data, key->key, 16);
+ if (cipher == MT_CIPHER_BIP_CMAC_128)
memcpy(data + 16, key->key, 16);
}
} else {
- if (wcid->cipher & ~BIT(cipher)) {
- if (cipher != MT_CIPHER_BIP_CMAC_128)
- memmove(data, data + 16, 16);
+ if (cipher == MT_CIPHER_BIP_CMAC_128)
memset(data + 16, 0, 16);
- } else {
+ else if (cipher_mask)
+ memset(data, 0, 16);
+ if (!cipher_mask)
memset(data, 0, sizeof(data));
- }
}
+
mt76_wr_copy(dev, addr, data, sizeof(data));
return 0;
@@ -1071,7 +1071,7 @@ mt7615_mac_wtbl_update_key(struct mt7615_dev *dev, struct mt76_wcid *wcid,
static int
mt7615_mac_wtbl_update_pk(struct mt7615_dev *dev, struct mt76_wcid *wcid,
- enum mt7615_cipher_type cipher,
+ enum mt7615_cipher_type cipher, u16 cipher_mask,
int keyidx, enum set_key_cmd cmd)
{
u32 addr = mt7615_mac_wtbl_addr(dev, wcid->idx), w0, w1;
@@ -1081,20 +1081,23 @@ mt7615_mac_wtbl_update_pk(struct mt7615_dev *dev, struct mt76_wcid *wcid,
w0 = mt76_rr(dev, addr);
w1 = mt76_rr(dev, addr + 4);
- if (cmd == SET_KEY) {
- w0 |= MT_WTBL_W0_RX_KEY_VALID |
- FIELD_PREP(MT_WTBL_W0_RX_IK_VALID,
- cipher == MT_CIPHER_BIP_CMAC_128);
- if (cipher != MT_CIPHER_BIP_CMAC_128 ||
- !wcid->cipher)
- w0 |= FIELD_PREP(MT_WTBL_W0_KEY_IDX, keyidx);
- } else {
- if (!(wcid->cipher & ~BIT(cipher)))
- w0 &= ~(MT_WTBL_W0_RX_KEY_VALID |
- MT_WTBL_W0_KEY_IDX);
- if (cipher == MT_CIPHER_BIP_CMAC_128)
- w0 &= ~MT_WTBL_W0_RX_IK_VALID;
+
+ if (cipher_mask)
+ w0 |= MT_WTBL_W0_RX_KEY_VALID;
+ else
+ w0 &= ~(MT_WTBL_W0_RX_KEY_VALID | MT_WTBL_W0_KEY_IDX);
+ if (cipher_mask & BIT(MT_CIPHER_BIP_CMAC_128))
+ w0 |= MT_WTBL_W0_RX_IK_VALID;
+ else
+ w0 &= ~MT_WTBL_W0_RX_IK_VALID;
+
+ if (cmd == SET_KEY &&
+ (cipher != MT_CIPHER_BIP_CMAC_128 ||
+ cipher_mask == BIT(cipher))) {
+ w0 &= ~MT_WTBL_W0_KEY_IDX;
+ w0 |= FIELD_PREP(MT_WTBL_W0_KEY_IDX, keyidx);
}
+
mt76_wr(dev, MT_WTBL_RICR0, w0);
mt76_wr(dev, MT_WTBL_RICR1, w1);
@@ -1107,24 +1110,25 @@ mt7615_mac_wtbl_update_pk(struct mt7615_dev *dev, struct mt76_wcid *wcid,
static void
mt7615_mac_wtbl_update_cipher(struct mt7615_dev *dev, struct mt76_wcid *wcid,
- enum mt7615_cipher_type cipher,
+ enum mt7615_cipher_type cipher, u16 cipher_mask,
enum set_key_cmd cmd)
{
u32 addr = mt7615_mac_wtbl_addr(dev, wcid->idx);
- if (cmd == SET_KEY) {
- if (cipher != MT_CIPHER_BIP_CMAC_128 || !wcid->cipher)
- mt76_rmw(dev, addr + 2 * 4, MT_WTBL_W2_KEY_TYPE,
- FIELD_PREP(MT_WTBL_W2_KEY_TYPE, cipher));
- } else {
- if (cipher != MT_CIPHER_BIP_CMAC_128 &&
- wcid->cipher & BIT(MT_CIPHER_BIP_CMAC_128))
- mt76_rmw(dev, addr + 2 * 4, MT_WTBL_W2_KEY_TYPE,
- FIELD_PREP(MT_WTBL_W2_KEY_TYPE,
- MT_CIPHER_BIP_CMAC_128));
- else if (!(wcid->cipher & ~BIT(cipher)))
- mt76_clear(dev, addr + 2 * 4, MT_WTBL_W2_KEY_TYPE);
+ if (!cipher_mask) {
+ mt76_clear(dev, addr + 2 * 4, MT_WTBL_W2_KEY_TYPE);
+ return;
}
+
+ if (cmd != SET_KEY)
+ return;
+
+ if (cipher == MT_CIPHER_BIP_CMAC_128 &&
+ cipher_mask & ~BIT(MT_CIPHER_BIP_CMAC_128))
+ return;
+
+ mt76_rmw(dev, addr + 2 * 4, MT_WTBL_W2_KEY_TYPE,
+ FIELD_PREP(MT_WTBL_W2_KEY_TYPE, cipher));
}
int __mt7615_mac_wtbl_set_key(struct mt7615_dev *dev,
@@ -1133,25 +1137,30 @@ int __mt7615_mac_wtbl_set_key(struct mt7615_dev *dev,
enum set_key_cmd cmd)
{
enum mt7615_cipher_type cipher;
+ u16 cipher_mask = wcid->cipher;
int err;
cipher = mt7615_mac_get_cipher(key->cipher);
if (cipher == MT_CIPHER_NONE)
return -EOPNOTSUPP;
- mt7615_mac_wtbl_update_cipher(dev, wcid, cipher, cmd);
- err = mt7615_mac_wtbl_update_key(dev, wcid, key, cipher, cmd);
+ if (cmd == SET_KEY)
+ cipher_mask |= BIT(cipher);
+ else
+ cipher_mask &= ~BIT(cipher);
+
+ mt7615_mac_wtbl_update_cipher(dev, wcid, cipher, cipher_mask, cmd);
+ err = mt7615_mac_wtbl_update_key(dev, wcid, key, cipher, cipher_mask,
+ cmd);
if (err < 0)
return err;
- err = mt7615_mac_wtbl_update_pk(dev, wcid, cipher, key->keyidx, cmd);
+ err = mt7615_mac_wtbl_update_pk(dev, wcid, cipher, cipher_mask,
+ key->keyidx, cmd);
if (err < 0)
return err;
- if (cmd == SET_KEY)
- wcid->cipher |= BIT(cipher);
- else
- wcid->cipher &= ~BIT(cipher);
+ wcid->cipher = cipher_mask;
return 0;
}
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/main.c b/drivers/net/wireless/mediatek/mt76/mt7615/main.c
index 56dd0b4e4460..7c631520e8f4 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/main.c
@@ -350,7 +350,8 @@ static int mt7615_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
struct mt7615_sta *msta = sta ? (struct mt7615_sta *)sta->drv_priv :
&mvif->sta;
struct mt76_wcid *wcid = &msta->wcid;
- int idx = key->keyidx, err;
+ int idx = key->keyidx, err = 0;
+ u8 *wcid_keyidx = &wcid->hw_key_idx;
/* The hardware does not support per-STA RX GTK, fallback
* to software mode for these.
@@ -365,6 +366,7 @@ static int mt7615_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
/* fall back to sw encryption for unsupported ciphers */
switch (key->cipher) {
case WLAN_CIPHER_SUITE_AES_CMAC:
+ wcid_keyidx = &wcid->hw_key_idx2;
key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIE;
break;
case WLAN_CIPHER_SUITE_TKIP:
@@ -382,12 +384,13 @@ static int mt7615_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
mt7615_mutex_acquire(dev);
- if (cmd == SET_KEY) {
- key->hw_key_idx = wcid->idx;
- wcid->hw_key_idx = idx;
- } else if (idx == wcid->hw_key_idx) {
- wcid->hw_key_idx = -1;
- }
+ if (cmd == SET_KEY)
+ *wcid_keyidx = idx;
+ else if (idx == *wcid_keyidx)
+ *wcid_keyidx = -1;
+ else
+ goto out;
+
mt76_wcid_key_setup(&dev->mt76, wcid,
cmd == SET_KEY ? key : NULL);
@@ -396,6 +399,7 @@ static int mt7615_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
else
err = __mt7615_mac_wtbl_set_key(dev, wcid, key, cmd);
+out:
mt7615_mutex_release(dev);
return err;
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 052/104] mt76: mt7615: support loading EEPROM for MT7613BE
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (3 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 051/104] mt76: mt7615: fix key set/delete issues Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 053/104] mt76: mt76x0: disable GTK offloading Sasha Levin
` (12 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sander Vanheule, Georgi Vlaev, Stijn Segers, Felix Fietkau,
Sasha Levin, linux-wireless, netdev, linux-arm-kernel,
linux-mediatek
From: Sander Vanheule <sander@svanheule.net>
[ Upstream commit 858ebf446bee7d5077bd99488aae617908c3f4fe ]
EEPROM blobs for MT7613BE radios start with (little endian) 0x7663,
which is also the PCI device ID for this device. The EEPROM is required
for the radio to work at useful power levels, otherwise only the lowest
power level is available.
Suggested-by: Georgi Vlaev <georgi.vlaev@konsulko.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c b/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c
index 3232ebd5eda6..a31fa2017f52 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c
@@ -86,6 +86,7 @@ static int mt7615_check_eeprom(struct mt76_dev *dev)
switch (val) {
case 0x7615:
case 0x7622:
+ case 0x7663:
return 0;
default:
return -EINVAL;
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 053/104] mt76: mt76x0: disable GTK offloading
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (4 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 052/104] mt76: mt7615: support loading EEPROM for MT7613BE Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 054/104] mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req Sasha Levin
` (11 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: David Bauer, Felix Fietkau, Sasha Levin, linux-wireless, netdev,
linux-arm-kernel, linux-mediatek
From: David Bauer <mail@david-bauer.net>
[ Upstream commit 4b36cc6b390f18dbc59a45fb4141f90d7dfe2b23 ]
When operating two VAP on a MT7610 with encryption (PSK2, SAE, OWE),
only the first one to be created will transmit properly encrypteded
frames.
All subsequently created VAPs will sent out frames with the payload left
unencrypted, breaking multicast traffic (ICMP6 NDP) and potentially
disclosing information to a third party.
Disable GTK offloading and encrypt these frames in software to
circumvent this issue. THis only seems to be necessary on MT7610 chips,
as MT7612 is not affected from our testing.
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c
index 7ac20d3c16d7..aaa597b941cd 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c
@@ -447,6 +447,10 @@ int mt76x02_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
return -EOPNOTSUPP;
+ /* MT76x0 GTK offloading does not work with more than one VIF */
+ if (is_mt76x0(dev) && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
+ return -EOPNOTSUPP;
+
msta = sta ? (struct mt76x02_sta *)sta->drv_priv : NULL;
wcid = msta ? &msta->wcid : &mvif->group_wcid;
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 054/104] mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (5 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 053/104] mt76: mt76x0: disable GTK offloading Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 055/104] mt76: mt7915: fix key set/delete issue Sasha Levin
` (10 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Lorenzo Bianconi, Felix Fietkau, Sasha Levin, linux-wireless,
netdev, linux-arm-kernel, linux-mediatek
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 45f93e368211fbbd247e1ece254ffb121e20fa10 ]
As done for mt76_connac_mcu_alloc_wtbl_req, even if this is not a real
bug since mt7915_mcu_alloc_wtbl_req routine can fails just if nskb is NULL,
always check return value from mt7915_mcu_alloc_wtbl_req in order to avoid
possible future mistake.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
index e211a2bd4d3c..1cbae0eacfe9 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
@@ -1170,6 +1170,9 @@ mt7915_mcu_sta_ba(struct mt7915_dev *dev,
wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
&skb);
+ if (IS_ERR(wtbl_hdr))
+ return PTR_ERR(wtbl_hdr);
+
mt7915_mcu_wtbl_ba_tlv(skb, params, enable, tx, sta_wtbl, wtbl_hdr);
ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
@@ -1686,6 +1689,9 @@ int mt7915_mcu_sta_update_hdr_trans(struct mt7915_dev *dev,
return -ENOMEM;
wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, NULL, &skb);
+ if (IS_ERR(wtbl_hdr))
+ return PTR_ERR(wtbl_hdr);
+
mt7915_mcu_wtbl_hdr_trans_tlv(skb, vif, sta, NULL, wtbl_hdr);
return mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_EXT_CMD_WTBL_UPDATE,
@@ -1710,6 +1716,9 @@ int mt7915_mcu_add_smps(struct mt7915_dev *dev, struct ieee80211_vif *vif,
wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
&skb);
+ if (IS_ERR(wtbl_hdr))
+ return PTR_ERR(wtbl_hdr);
+
mt7915_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_hdr);
return mt76_mcu_skb_send_msg(&dev->mt76, skb,
@@ -2279,6 +2288,9 @@ int mt7915_mcu_add_sta(struct mt7915_dev *dev, struct ieee80211_vif *vif,
wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_RESET_AND_SET,
sta_wtbl, &skb);
+ if (IS_ERR(wtbl_hdr))
+ return PTR_ERR(wtbl_hdr);
+
if (enable) {
mt7915_mcu_wtbl_generic_tlv(skb, vif, sta, sta_wtbl, wtbl_hdr);
mt7915_mcu_wtbl_hdr_trans_tlv(skb, vif, sta, sta_wtbl, wtbl_hdr);
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 055/104] mt76: mt7915: fix key set/delete issue
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (6 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 054/104] mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 056/104] mt76: mt7915: fix txpower init for TSSI off chips Sasha Levin
` (9 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Felix Fietkau, Sasha Levin, linux-wireless, netdev,
linux-arm-kernel, linux-mediatek
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 1da4fd48d28436f8b690cdc2879603dede6d8355 ]
Deleting a key with the previous key index deletes the current key
Rework the code to better keep track of multiple keys and check for the
key index before deleting the current key
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7915/main.c | 25 +++++++++++++------
1 file changed, 18 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/main.c b/drivers/net/wireless/mediatek/mt76/mt7915/main.c
index 0c82aa2ef219..2c75a5987544 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/main.c
@@ -314,7 +314,9 @@ static int mt7915_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
struct mt7915_sta *msta = sta ? (struct mt7915_sta *)sta->drv_priv :
&mvif->sta;
struct mt76_wcid *wcid = &msta->wcid;
+ u8 *wcid_keyidx = &wcid->hw_key_idx;
int idx = key->keyidx;
+ int err = 0;
/* The hardware does not support per-STA RX GTK, fallback
* to software mode for these.
@@ -329,6 +331,7 @@ static int mt7915_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
/* fall back to sw encryption for unsupported ciphers */
switch (key->cipher) {
case WLAN_CIPHER_SUITE_AES_CMAC:
+ wcid_keyidx = &wcid->hw_key_idx2;
key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIE;
break;
case WLAN_CIPHER_SUITE_TKIP:
@@ -344,16 +347,24 @@ static int mt7915_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
return -EOPNOTSUPP;
}
- if (cmd == SET_KEY) {
- key->hw_key_idx = wcid->idx;
- wcid->hw_key_idx = idx;
- } else if (idx == wcid->hw_key_idx) {
- wcid->hw_key_idx = -1;
- }
+ mutex_lock(&dev->mt76.mutex);
+
+ if (cmd == SET_KEY)
+ *wcid_keyidx = idx;
+ else if (idx == *wcid_keyidx)
+ *wcid_keyidx = -1;
+ else
+ goto out;
+
mt76_wcid_key_setup(&dev->mt76, wcid,
cmd == SET_KEY ? key : NULL);
- return mt7915_mcu_add_key(dev, vif, msta, key, cmd);
+ err = mt7915_mcu_add_key(dev, vif, msta, key, cmd);
+
+out:
+ mutex_unlock(&dev->mt76.mutex);
+
+ return err;
}
static int mt7915_config(struct ieee80211_hw *hw, u32 changed)
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 056/104] mt76: mt7915: fix txpower init for TSSI off chips
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (7 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 055/104] mt76: mt7915: fix key set/delete issue Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 057/104] mt76: mt7915: add wifi subsystem reset Sasha Levin
` (8 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Shayne Chen, Felix Fietkau, Sasha Levin, linux-wireless, netdev,
linux-arm-kernel, linux-mediatek
From: Shayne Chen <shayne.chen@mediatek.com>
[ Upstream commit a226ccd04c479ccd23d6927c64bad1b441707f70 ]
Fix incorrect txpower init value for TSSI off chips which causes
too small txpower.
Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../wireless/mediatek/mt76/mt7915/eeprom.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
index 7a2be3f61398..c3e32555cf24 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
@@ -114,7 +114,7 @@ int mt7915_eeprom_get_target_power(struct mt7915_dev *dev,
struct ieee80211_channel *chan,
u8 chain_idx)
{
- int index;
+ int index, target_power;
bool tssi_on;
if (chain_idx > 3)
@@ -123,15 +123,22 @@ int mt7915_eeprom_get_target_power(struct mt7915_dev *dev,
tssi_on = mt7915_tssi_enabled(dev, chan->band);
if (chan->band == NL80211_BAND_2GHZ) {
- index = MT_EE_TX0_POWER_2G + chain_idx * 3 + !tssi_on;
+ index = MT_EE_TX0_POWER_2G + chain_idx * 3;
+ target_power = mt7915_eeprom_read(dev, index);
+
+ if (!tssi_on)
+ target_power += mt7915_eeprom_read(dev, index + 1);
} else {
- int group = tssi_on ?
- mt7915_get_channel_group(chan->hw_value) : 8;
+ int group = mt7915_get_channel_group(chan->hw_value);
+
+ index = MT_EE_TX0_POWER_5G + chain_idx * 12;
+ target_power = mt7915_eeprom_read(dev, index + group);
- index = MT_EE_TX0_POWER_5G + chain_idx * 12 + group;
+ if (!tssi_on)
+ target_power += mt7915_eeprom_read(dev, index + 8);
}
- return mt7915_eeprom_read(dev, index);
+ return target_power;
}
static const u8 sku_cck_delta_map[] = {
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 057/104] mt76: mt7915: add wifi subsystem reset
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (8 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 056/104] mt76: mt7915: fix txpower init for TSSI off chips Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 062/104] iwlwifi: pcie: make cfg vs. trans_cfg more robust Sasha Levin
` (7 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Ryder Lee, Felix Fietkau, Sasha Levin, linux-wireless, netdev,
linux-arm-kernel, linux-mediatek
From: Ryder Lee <ryder.lee@mediatek.com>
[ Upstream commit e07419a7dca97dd9bddfe5d099380857c19535f3 ]
Reset wifi subsystem when MCU is already running.
Fixes firmware download failure after soft reboot on systems where the PCIe
reset could not be performed properly.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Co-developed-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7915/init.c | 58 ++++++++++++++++++-
.../net/wireless/mediatek/mt76/mt7915/mcu.c | 15 +----
.../net/wireless/mediatek/mt76/mt7915/regs.h | 13 +++++
3 files changed, 70 insertions(+), 16 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/init.c b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
index 2ec18aaa8280..aaa8006e0950 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
@@ -4,6 +4,7 @@
#include <linux/etherdevice.h>
#include "mt7915.h"
#include "mac.h"
+#include "mcu.h"
#include "eeprom.h"
#define CCK_RATE(_idx, _rate) { \
@@ -282,9 +283,50 @@ static void mt7915_init_work(struct work_struct *work)
mt7915_register_ext_phy(dev);
}
+static void mt7915_wfsys_reset(struct mt7915_dev *dev)
+{
+ u32 val = MT_TOP_PWR_KEY | MT_TOP_PWR_SW_PWR_ON | MT_TOP_PWR_PWR_ON;
+ u32 reg = mt7915_reg_map_l1(dev, MT_TOP_MISC);
+
+#define MT_MCU_DUMMY_RANDOM GENMASK(15, 0)
+#define MT_MCU_DUMMY_DEFAULT GENMASK(31, 16)
+
+ mt76_wr(dev, MT_MCU_WFDMA0_DUMMY_CR, MT_MCU_DUMMY_RANDOM);
+
+ /* change to software control */
+ val |= MT_TOP_PWR_SW_RST;
+ mt76_wr(dev, MT_TOP_PWR_CTRL, val);
+
+ /* reset wfsys */
+ val &= ~MT_TOP_PWR_SW_RST;
+ mt76_wr(dev, MT_TOP_PWR_CTRL, val);
+
+ /* release wfsys then mcu re-excutes romcode */
+ val |= MT_TOP_PWR_SW_RST;
+ mt76_wr(dev, MT_TOP_PWR_CTRL, val);
+
+ /* switch to hw control */
+ val &= ~MT_TOP_PWR_SW_RST;
+ val |= MT_TOP_PWR_HW_CTRL;
+ mt76_wr(dev, MT_TOP_PWR_CTRL, val);
+
+ /* check whether mcu resets to default */
+ if (!mt76_poll_msec(dev, MT_MCU_WFDMA0_DUMMY_CR, MT_MCU_DUMMY_DEFAULT,
+ MT_MCU_DUMMY_DEFAULT, 1000)) {
+ dev_err(dev->mt76.dev, "wifi subsystem reset failure\n");
+ return;
+ }
+
+ /* wfsys reset won't clear host registers */
+ mt76_clear(dev, reg, MT_TOP_MISC_FW_STATE);
+
+ msleep(100);
+}
+
static int mt7915_init_hardware(struct mt7915_dev *dev)
{
int ret, idx;
+ u32 val;
mt76_wr(dev, MT_INT_SOURCE_CSR, ~0);
@@ -294,6 +336,12 @@ static int mt7915_init_hardware(struct mt7915_dev *dev)
dev->dbdc_support = !!(mt7915_l1_rr(dev, MT_HW_BOUND) & BIT(5));
+ val = mt76_rr(dev, mt7915_reg_map_l1(dev, MT_TOP_MISC));
+
+ /* If MCU was already running, it is likely in a bad state */
+ if (FIELD_GET(MT_TOP_MISC_FW_STATE, val) > FW_STATE_FW_DOWNLOAD)
+ mt7915_wfsys_reset(dev);
+
ret = mt7915_dma_init(dev);
if (ret)
return ret;
@@ -307,8 +355,14 @@ static int mt7915_init_hardware(struct mt7915_dev *dev)
mt76_wr(dev, MT_SWDEF_MODE, MT_SWDEF_NORMAL_MODE);
ret = mt7915_mcu_init(dev);
- if (ret)
- return ret;
+ if (ret) {
+ /* Reset and try again */
+ mt7915_wfsys_reset(dev);
+
+ ret = mt7915_mcu_init(dev);
+ if (ret)
+ return ret;
+ }
ret = mt7915_eeprom_init(dev);
if (ret < 0)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
index 1cbae0eacfe9..a0aa76ac16b9 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
@@ -2780,21 +2780,8 @@ static int mt7915_load_ram(struct mt7915_dev *dev)
static int mt7915_load_firmware(struct mt7915_dev *dev)
{
+ u32 reg = mt7915_reg_map_l1(dev, MT_TOP_MISC);
int ret;
- u32 val, reg = mt7915_reg_map_l1(dev, MT_TOP_MISC);
-
- val = FIELD_PREP(MT_TOP_MISC_FW_STATE, FW_STATE_FW_DOWNLOAD);
-
- if (!mt76_poll_msec(dev, reg, MT_TOP_MISC_FW_STATE, val, 1000)) {
- /* restart firmware once */
- __mt76_mcu_restart(&dev->mt76);
- if (!mt76_poll_msec(dev, reg, MT_TOP_MISC_FW_STATE,
- val, 1000)) {
- dev_err(dev->mt76.dev,
- "Firmware is not ready for download\n");
- return -EIO;
- }
- }
ret = mt7915_load_patch(dev);
if (ret)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/regs.h b/drivers/net/wireless/mediatek/mt76/mt7915/regs.h
index 848703e6eb7c..8a0ceb30392c 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/regs.h
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/regs.h
@@ -4,6 +4,11 @@
#ifndef __MT7915_REGS_H
#define __MT7915_REGS_H
+/* MCU WFDMA0 */
+#define MT_MCU_WFDMA0_BASE 0x2000
+#define MT_MCU_WFDMA0(ofs) (MT_MCU_WFDMA0_BASE + (ofs))
+#define MT_MCU_WFDMA0_DUMMY_CR MT_MCU_WFDMA0(0x120)
+
/* MCU WFDMA1 */
#define MT_MCU_WFDMA1_BASE 0x3000
#define MT_MCU_WFDMA1(ofs) (MT_MCU_WFDMA1_BASE + (ofs))
@@ -375,6 +380,14 @@
#define MT_WFDMA1_PCIE1_BUSY_ENA_TX_FIFO1 BIT(1)
#define MT_WFDMA1_PCIE1_BUSY_ENA_RX_FIFO BIT(2)
+#define MT_TOP_RGU_BASE 0xf0000
+#define MT_TOP_PWR_CTRL (MT_TOP_RGU_BASE + (0x0))
+#define MT_TOP_PWR_KEY (0x5746 << 16)
+#define MT_TOP_PWR_SW_RST BIT(0)
+#define MT_TOP_PWR_SW_PWR_ON GENMASK(3, 2)
+#define MT_TOP_PWR_HW_CTRL BIT(4)
+#define MT_TOP_PWR_PWR_ON BIT(7)
+
#define MT_INFRA_CFG_BASE 0xf1000
#define MT_INFRA(ofs) (MT_INFRA_CFG_BASE + (ofs))
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 062/104] iwlwifi: pcie: make cfg vs. trans_cfg more robust
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (9 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 057/104] mt76: mt7915: add wifi subsystem reset Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 063/104] iwlwifi: queue: avoid memory leak in reset flow Sasha Levin
` (6 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Johannes Berg, Luca Coelho, Sasha Levin, linux-wireless, netdev
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 48a5494d6a4cb5812f0640d9515f1876ffc7a013 ]
If we (for example) have a trans_cfg entry in the PCI IDs table,
but then don't find a full cfg entry for it in the info table,
we fall through to the code that treats the PCI ID table entry
as a full cfg entry. This obviously causes crashes later, e.g.
when trying to build the firmware name string.
Avoid such crashes by using the low bit of the pointer as a tag
for trans_cfg entries (automatically using a macro that checks
the type when assigning) and then checking that before trying to
use the data as a full entry - if it's just a partial entry at
that point, fail.
Since we're adding some macro magic, also check that the type is
in fact either struct iwl_cfg_trans_params or struct iwl_cfg,
failing compilation ("initializer element is not constant") if
it isn't.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210330162204.6f69fe6e4128.I921d4ae20ef5276716baeeeda0b001cf25b9b968@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 35 +++++++++++++++----
1 file changed, 28 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
index 018daa84ddd2..70752f0c67b0 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
@@ -17,10 +17,20 @@
#include "iwl-prph.h"
#include "internal.h"
+#define TRANS_CFG_MARKER BIT(0)
+#define _IS_A(cfg, _struct) __builtin_types_compatible_p(typeof(cfg), \
+ struct _struct)
+extern int _invalid_type;
+#define _TRANS_CFG_MARKER(cfg) \
+ (__builtin_choose_expr(_IS_A(cfg, iwl_cfg_trans_params), \
+ TRANS_CFG_MARKER, \
+ __builtin_choose_expr(_IS_A(cfg, iwl_cfg), 0, _invalid_type)))
+#define _ASSIGN_CFG(cfg) (_TRANS_CFG_MARKER(cfg) + (kernel_ulong_t)&(cfg))
+
#define IWL_PCI_DEVICE(dev, subdev, cfg) \
.vendor = PCI_VENDOR_ID_INTEL, .device = (dev), \
.subvendor = PCI_ANY_ID, .subdevice = (subdev), \
- .driver_data = (kernel_ulong_t)&(cfg)
+ .driver_data = _ASSIGN_CFG(cfg)
/* Hardware specific file defines the PCI IDs table for that hardware module */
static const struct pci_device_id iwl_hw_card_ids[] = {
@@ -988,19 +998,22 @@ static const struct iwl_dev_info iwl_dev_info_table[] = {
static int iwl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
- const struct iwl_cfg_trans_params *trans =
- (struct iwl_cfg_trans_params *)(ent->driver_data);
+ const struct iwl_cfg_trans_params *trans;
const struct iwl_cfg *cfg_7265d __maybe_unused = NULL;
struct iwl_trans *iwl_trans;
struct iwl_trans_pcie *trans_pcie;
int i, ret;
+ const struct iwl_cfg *cfg;
+
+ trans = (void *)(ent->driver_data & ~TRANS_CFG_MARKER);
+
/*
* This is needed for backwards compatibility with the old
* tables, so we don't need to change all the config structs
* at the same time. The cfg is used to compare with the old
* full cfg structs.
*/
- const struct iwl_cfg *cfg = (struct iwl_cfg *)(ent->driver_data);
+ cfg = (void *)(ent->driver_data & ~TRANS_CFG_MARKER);
/* make sure trans is the first element in iwl_cfg */
BUILD_BUG_ON(offsetof(struct iwl_cfg, trans));
@@ -1102,11 +1115,19 @@ static int iwl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
#endif
/*
- * If we didn't set the cfg yet, assume the trans is actually
- * a full cfg from the old tables.
+ * If we didn't set the cfg yet, the PCI ID table entry should have
+ * been a full config - if yes, use it, otherwise fail.
*/
- if (!iwl_trans->cfg)
+ if (!iwl_trans->cfg) {
+ if (ent->driver_data & TRANS_CFG_MARKER) {
+ pr_err("No config found for PCI dev %04x/%04x, rev=0x%x, rfid=0x%x\n",
+ pdev->device, pdev->subsystem_device,
+ iwl_trans->hw_rev, iwl_trans->hw_rf_id);
+ ret = -EINVAL;
+ goto out_free_trans;
+ }
iwl_trans->cfg = cfg;
+ }
/* if we don't have a name yet, copy name from the old cfg */
if (!iwl_trans->name)
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 063/104] iwlwifi: queue: avoid memory leak in reset flow
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (10 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 062/104] iwlwifi: pcie: make cfg vs. trans_cfg more robust Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 078/104] wilc1000: Bring MAC address setting in line with typical Linux behavior Sasha Levin
` (5 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Mordechay Goodstein, Luca Coelho, Sasha Levin, linux-wireless, netdev
From: Mordechay Goodstein <mordechay.goodstein@intel.com>
[ Upstream commit 4cf2f5904d971a461f67825434ae3c31900ff84b ]
In case the device is stopped any usage of hw queues needs to be
reallocated in fw due to fw reset after device stop, so all driver
internal queue should also be freed, and if we don't free the next usage
would leak the old memory and get in recover flows
"iwlwifi 0000:00:03.0: dma_pool_destroy iwlwifi:bc" warning.
Also warn about trying to reuse an internal allocated queue.
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210411124417.c72d2f0355c4.Ia3baff633b9b9109f88ab379ef0303aa152c16bf@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../wireless/intel/iwlwifi/pcie/trans-gen2.c | 4 +--
drivers/net/wireless/intel/iwlwifi/queue/tx.c | 30 ++++---------------
drivers/net/wireless/intel/iwlwifi/queue/tx.h | 3 +-
3 files changed, 9 insertions(+), 28 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
index 08788bc90683..fd7398daaf65 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
@@ -1,7 +1,7 @@
// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
/*
* Copyright (C) 2017 Intel Deutschland GmbH
- * Copyright (C) 2018-2020 Intel Corporation
+ * Copyright (C) 2018-2021 Intel Corporation
*/
#include "iwl-trans.h"
#include "iwl-prph.h"
@@ -141,7 +141,7 @@ void _iwl_trans_pcie_gen2_stop_device(struct iwl_trans *trans)
if (test_and_clear_bit(STATUS_DEVICE_ENABLED, &trans->status)) {
IWL_DEBUG_INFO(trans,
"DEVICE_ENABLED bit was set and is now cleared\n");
- iwl_txq_gen2_tx_stop(trans);
+ iwl_txq_gen2_tx_free(trans);
iwl_pcie_rx_stop(trans);
}
diff --git a/drivers/net/wireless/intel/iwlwifi/queue/tx.c b/drivers/net/wireless/intel/iwlwifi/queue/tx.c
index 7ff1bb0ccc9c..cd5b06ce3e9c 100644
--- a/drivers/net/wireless/intel/iwlwifi/queue/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/queue/tx.c
@@ -13,30 +13,6 @@
#include "iwl-scd.h"
#include <linux/dmapool.h>
-/*
- * iwl_txq_gen2_tx_stop - Stop all Tx DMA channels
- */
-void iwl_txq_gen2_tx_stop(struct iwl_trans *trans)
-{
- int txq_id;
-
- /*
- * This function can be called before the op_mode disabled the
- * queues. This happens when we have an rfkill interrupt.
- * Since we stop Tx altogether - mark the queues as stopped.
- */
- memset(trans->txqs.queue_stopped, 0,
- sizeof(trans->txqs.queue_stopped));
- memset(trans->txqs.queue_used, 0, sizeof(trans->txqs.queue_used));
-
- /* Unmap DMA from host system and free skb's */
- for (txq_id = 0; txq_id < ARRAY_SIZE(trans->txqs.txq); txq_id++) {
- if (!trans->txqs.txq[txq_id])
- continue;
- iwl_txq_gen2_unmap(trans, txq_id);
- }
-}
-
/*
* iwl_txq_update_byte_tbl - Set up entry in Tx byte-count array
*/
@@ -1189,6 +1165,12 @@ static int iwl_txq_alloc_response(struct iwl_trans *trans, struct iwl_txq *txq,
goto error_free_resp;
}
+ if (WARN_ONCE(trans->txqs.txq[qid],
+ "queue %d already allocated\n", qid)) {
+ ret = -EIO;
+ goto error_free_resp;
+ }
+
txq->id = qid;
trans->txqs.txq[qid] = txq;
wr_ptr &= (trans->trans_cfg->base_params->max_tfd_queue_size - 1);
diff --git a/drivers/net/wireless/intel/iwlwifi/queue/tx.h b/drivers/net/wireless/intel/iwlwifi/queue/tx.h
index cff694c25ccc..d32256d78917 100644
--- a/drivers/net/wireless/intel/iwlwifi/queue/tx.h
+++ b/drivers/net/wireless/intel/iwlwifi/queue/tx.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
/*
- * Copyright (C) 2020 Intel Corporation
+ * Copyright (C) 2020-2021 Intel Corporation
*/
#ifndef __iwl_trans_queue_tx_h__
#define __iwl_trans_queue_tx_h__
@@ -123,7 +123,6 @@ int iwl_txq_gen2_tx(struct iwl_trans *trans, struct sk_buff *skb,
void iwl_txq_dyn_free(struct iwl_trans *trans, int queue);
void iwl_txq_gen2_free_tfd(struct iwl_trans *trans, struct iwl_txq *txq);
void iwl_txq_inc_wr_ptr(struct iwl_trans *trans, struct iwl_txq *txq);
-void iwl_txq_gen2_tx_stop(struct iwl_trans *trans);
void iwl_txq_gen2_tx_free(struct iwl_trans *trans);
int iwl_txq_init(struct iwl_trans *trans, struct iwl_txq *txq, int slots_num,
bool cmd_queue);
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 078/104] wilc1000: Bring MAC address setting in line with typical Linux behavior
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (11 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 063/104] iwlwifi: queue: avoid memory leak in reset flow Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 079/104] mac80211: properly drop the connection in case of invalid CSA IE Sasha Levin
` (4 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: David Mosberger-Tang, Kalle Valo, Sasha Levin, linux-wireless, netdev
From: David Mosberger-Tang <davidm@egauge.net>
[ Upstream commit a381b78a1598dde34a6e40dae2842024308a6ef2 ]
Linux network drivers normally disallow changing the MAC address when
the interface is up. This driver has been different in that it allows
to change the MAC address *only* when it's up. This patch brings
wilc1000 behavior more in line with other network drivers. We could
have replaced wilc_set_mac_addr() with eth_mac_addr() but that would
break existing documentation on how to change the MAC address.
Likewise, return -EADDRNOTAVAIL (not -EINVAL) when the specified MAC
address is invalid or unavailable.
Signed-off-by: David Mosberger-Tang <davidm@egauge.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210303194846.1823596-1-davidm@egauge.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/microchip/wilc1000/netdev.c | 25 ++++++++++++-------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/drivers/net/wireless/microchip/wilc1000/netdev.c b/drivers/net/wireless/microchip/wilc1000/netdev.c
index 0c188310919e..acf7ed4bfe57 100644
--- a/drivers/net/wireless/microchip/wilc1000/netdev.c
+++ b/drivers/net/wireless/microchip/wilc1000/netdev.c
@@ -575,7 +575,6 @@ static int wilc_mac_open(struct net_device *ndev)
{
struct wilc_vif *vif = netdev_priv(ndev);
struct wilc *wl = vif->wilc;
- unsigned char mac_add[ETH_ALEN] = {0};
int ret = 0;
struct mgmt_frame_regs mgmt_regs = {};
@@ -598,9 +597,12 @@ static int wilc_mac_open(struct net_device *ndev)
wilc_set_operation_mode(vif, wilc_get_vif_idx(vif), vif->iftype,
vif->idx);
- wilc_get_mac_address(vif, mac_add);
- netdev_dbg(ndev, "Mac address: %pM\n", mac_add);
- ether_addr_copy(ndev->dev_addr, mac_add);
+
+ if (is_valid_ether_addr(ndev->dev_addr))
+ wilc_set_mac_address(vif, ndev->dev_addr);
+ else
+ wilc_get_mac_address(vif, ndev->dev_addr);
+ netdev_dbg(ndev, "Mac address: %pM\n", ndev->dev_addr);
if (!is_valid_ether_addr(ndev->dev_addr)) {
netdev_err(ndev, "Wrong MAC address\n");
@@ -639,7 +641,14 @@ static int wilc_set_mac_addr(struct net_device *dev, void *p)
int srcu_idx;
if (!is_valid_ether_addr(addr->sa_data))
- return -EINVAL;
+ return -EADDRNOTAVAIL;
+
+ if (!vif->mac_opened) {
+ eth_commit_mac_addr_change(dev, p);
+ return 0;
+ }
+
+ /* Verify MAC Address is not already in use: */
srcu_idx = srcu_read_lock(&wilc->srcu);
list_for_each_entry_rcu(tmp_vif, &wilc->vif_list, list) {
@@ -647,7 +656,7 @@ static int wilc_set_mac_addr(struct net_device *dev, void *p)
if (ether_addr_equal(addr->sa_data, mac_addr)) {
if (vif != tmp_vif) {
srcu_read_unlock(&wilc->srcu, srcu_idx);
- return -EINVAL;
+ return -EADDRNOTAVAIL;
}
srcu_read_unlock(&wilc->srcu, srcu_idx);
return 0;
@@ -659,9 +668,7 @@ static int wilc_set_mac_addr(struct net_device *dev, void *p)
if (result)
return result;
- ether_addr_copy(vif->bssid, addr->sa_data);
- ether_addr_copy(vif->ndev->dev_addr, addr->sa_data);
-
+ eth_commit_mac_addr_change(dev, p);
return result;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 079/104] mac80211: properly drop the connection in case of invalid CSA IE
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (12 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 078/104] wilc1000: Bring MAC address setting in line with typical Linux behavior Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 088/104] mt76: mt7615: fix entering driver-own state on mt7663 Sasha Levin
` (3 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Emmanuel Grumbach, Luca Coelho, Johannes Berg, Sasha Levin,
linux-wireless, netdev
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit 253907ab8bc0818639af382f6398810fa1f022b3 ]
In case the frequency is invalid, ieee80211_parse_ch_switch_ie
will fail and we may not even reach the check in
ieee80211_sta_process_chanswitch. Drop the connection
in case ieee80211_parse_ch_switch_ie failed, but still
take into account the CSA mode to remember not to send
a deauth frame in case if it is forbidden to.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210409123755.34712ef96a0a.I75d7ad7f1d654e8b0aa01cd7189ff00a510512b3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index c9eb75603576..fe71c1ca984a 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1405,11 +1405,8 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
ch_switch.delay = csa_ie.max_switch_time;
}
- if (res < 0) {
- ieee80211_queue_work(&local->hw,
- &ifmgd->csa_connection_drop_work);
- return;
- }
+ if (res < 0)
+ goto lock_and_drop_connection;
if (beacon && sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) {
if (res)
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 088/104] mt76: mt7615: fix entering driver-own state on mt7663
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (13 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 079/104] mac80211: properly drop the connection in case of invalid CSA IE Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 090/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Sasha Levin
` (2 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Felix Fietkau, Sasha Levin, linux-wireless, netdev,
linux-arm-kernel, linux-mediatek
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 5c7d374444afdeb9dd534a37c4f6c13af032da0c ]
Fixes hardware wakeup issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
index c13547841a4e..4c7083d17418 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
@@ -291,12 +291,20 @@ static int mt7615_mcu_drv_pmctrl(struct mt7615_dev *dev)
u32 addr;
int err;
- addr = is_mt7663(mdev) ? MT_PCIE_DOORBELL_PUSH : MT_CFG_LPCR_HOST;
+ if (is_mt7663(mdev)) {
+ /* Clear firmware own via N9 eint */
+ mt76_wr(dev, MT_PCIE_DOORBELL_PUSH, MT_CFG_LPCR_HOST_DRV_OWN);
+ mt76_poll(dev, MT_CONN_ON_MISC, MT_CFG_LPCR_HOST_FW_OWN, 0, 3000);
+
+ addr = MT_CONN_HIF_ON_LPCTL;
+ } else {
+ addr = MT_CFG_LPCR_HOST;
+ }
+
mt76_wr(dev, addr, MT_CFG_LPCR_HOST_DRV_OWN);
mt7622_trigger_hif_int(dev, true);
- addr = is_mt7663(mdev) ? MT_CONN_HIF_ON_LPCTL : MT_CFG_LPCR_HOST;
err = !mt76_poll_msec(dev, addr, MT_CFG_LPCR_HOST_FW_OWN, 0, 3000);
mt7622_trigger_hif_int(dev, false);
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 090/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (14 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 088/104] mt76: mt7615: fix entering driver-own state on mt7663 Sasha Levin
@ 2021-05-05 16:33 ` Sasha Levin
2021-05-05 16:34 ` [PATCH AUTOSEL 5.11 091/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Sasha Levin
2021-05-05 16:34 ` [PATCH AUTOSEL 5.11 092/104] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth Sasha Levin
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:33 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Gustavo A. R. Silva, kernel test robot, Kees Cook, Kalle Valo,
Sasha Levin, linux-wireless, netdev
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
[ Upstream commit 820aa37638a252b57967bdf4038a514b1ab85d45 ]
Fix the following out-of-bounds warnings by enclosing structure members
daddr and saddr into new struct addr, in structures wl3501_md_req and
wl3501_md_ind:
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds]
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds]
Refactor the code, accordingly:
$ pahole -C wl3501_md_req drivers/net/wireless/wl3501_cs.o
struct wl3501_md_req {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 routing; /* 3 1 */
u16 data; /* 4 2 */
u16 size; /* 6 2 */
u8 pri; /* 8 1 */
u8 service_class; /* 9 1 */
struct {
u8 daddr[6]; /* 10 6 */
u8 saddr[6]; /* 16 6 */
} addr; /* 10 12 */
/* size: 22, cachelines: 1, members: 8 */
/* last cacheline: 22 bytes */
};
$ pahole -C wl3501_md_ind drivers/net/wireless/wl3501_cs.o
struct wl3501_md_ind {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 routing; /* 3 1 */
u16 data; /* 4 2 */
u16 size; /* 6 2 */
u8 reception; /* 8 1 */
u8 pri; /* 9 1 */
u8 service_class; /* 10 1 */
struct {
u8 daddr[6]; /* 11 6 */
u8 saddr[6]; /* 17 6 */
} addr; /* 11 12 */
/* size: 24, cachelines: 1, members: 9 */
/* padding: 1 */
/* last cacheline: 24 bytes */
};
The problem is that the original code is trying to copy data into a
couple of arrays adjacent to each other in a single call to memcpy().
Now that a new struct _addr_ enclosing those two adjacent arrays
is introduced, memcpy() doesn't overrun the length of &sig.daddr[0]
and &sig.daddr, because the address of the new struct object _addr_
is used, instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/d260fe56aed7112bff2be5b4d152d03ad7b78e78.1618442265.git.gustavoars@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501.h | 12 ++++++++----
drivers/net/wireless/wl3501_cs.c | 10 ++++++----
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index b446cb369557..31ebef3e7ed4 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -471,8 +471,10 @@ struct wl3501_md_req {
u16 size;
u8 pri;
u8 service_class;
- u8 daddr[ETH_ALEN];
- u8 saddr[ETH_ALEN];
+ struct {
+ u8 daddr[ETH_ALEN];
+ u8 saddr[ETH_ALEN];
+ } addr;
};
struct wl3501_md_ind {
@@ -484,8 +486,10 @@ struct wl3501_md_ind {
u8 reception;
u8 pri;
u8 service_class;
- u8 daddr[ETH_ALEN];
- u8 saddr[ETH_ALEN];
+ struct {
+ u8 daddr[ETH_ALEN];
+ u8 saddr[ETH_ALEN];
+ } addr;
};
struct wl3501_md_confirm {
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index 8ca5789c7b37..70307308635f 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -469,6 +469,7 @@ static int wl3501_send_pkt(struct wl3501_card *this, u8 *data, u16 len)
struct wl3501_md_req sig = {
.sig_id = WL3501_SIG_MD_REQ,
};
+ size_t sig_addr_len = sizeof(sig.addr);
u8 *pdata = (char *)data;
int rc = -EIO;
@@ -484,9 +485,9 @@ static int wl3501_send_pkt(struct wl3501_card *this, u8 *data, u16 len)
goto out;
}
rc = 0;
- memcpy(&sig.daddr[0], pdata, 12);
- pktlen = len - 12;
- pdata += 12;
+ memcpy(&sig.addr, pdata, sig_addr_len);
+ pktlen = len - sig_addr_len;
+ pdata += sig_addr_len;
sig.data = bf;
if (((*pdata) * 256 + (*(pdata + 1))) > 1500) {
u8 addr4[ETH_ALEN] = {
@@ -980,7 +981,8 @@ static inline void wl3501_md_ind_interrupt(struct net_device *dev,
} else {
skb->dev = dev;
skb_reserve(skb, 2); /* IP headers on 16 bytes boundaries */
- skb_copy_to_linear_data(skb, (unsigned char *)&sig.daddr, 12);
+ skb_copy_to_linear_data(skb, (unsigned char *)&sig.addr,
+ sizeof(sig.addr));
wl3501_receive(this, skb->data, pkt_len);
skb_put(skb, pkt_len);
skb->protocol = eth_type_trans(skb, dev);
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 091/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (15 preceding siblings ...)
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 090/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Sasha Levin
@ 2021-05-05 16:34 ` Sasha Levin
2021-05-05 16:34 ` [PATCH AUTOSEL 5.11 092/104] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth Sasha Levin
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:34 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Gustavo A. R. Silva, kernel test robot, Kees Cook, Kalle Valo,
Sasha Levin, linux-wireless, netdev
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
[ Upstream commit bb43e5718d8f1b46e7a77e7b39be3c691f293050 ]
Fix the following out-of-bounds warnings by adding a new structure
wl3501_req instead of duplicating the same members in structure
wl3501_join_req and wl3501_scan_confirm:
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [39, 108] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 36 [-Warray-bounds]
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [25, 95] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 22 [-Warray-bounds]
Refactor the code, accordingly:
$ pahole -C wl3501_req drivers/net/wireless/wl3501_cs.o
struct wl3501_req {
u16 beacon_period; /* 0 2 */
u16 dtim_period; /* 2 2 */
u16 cap_info; /* 4 2 */
u8 bss_type; /* 6 1 */
u8 bssid[6]; /* 7 6 */
struct iw_mgmt_essid_pset ssid; /* 13 34 */
struct iw_mgmt_ds_pset ds_pset; /* 47 3 */
struct iw_mgmt_cf_pset cf_pset; /* 50 8 */
struct iw_mgmt_ibss_pset ibss_pset; /* 58 4 */
struct iw_mgmt_data_rset bss_basic_rset; /* 62 10 */
/* size: 72, cachelines: 2, members: 10 */
/* last cacheline: 8 bytes */
};
$ pahole -C wl3501_join_req drivers/net/wireless/wl3501_cs.o
struct wl3501_join_req {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 reserved; /* 3 1 */
struct iw_mgmt_data_rset operational_rset; /* 4 10 */
u16 reserved2; /* 14 2 */
u16 timeout; /* 16 2 */
u16 probe_delay; /* 18 2 */
u8 timestamp[8]; /* 20 8 */
u8 local_time[8]; /* 28 8 */
struct wl3501_req req; /* 36 72 */
/* size: 108, cachelines: 2, members: 10 */
/* last cacheline: 44 bytes */
};
$ pahole -C wl3501_scan_confirm drivers/net/wireless/wl3501_cs.o
struct wl3501_scan_confirm {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 reserved; /* 3 1 */
u16 status; /* 4 2 */
char timestamp[8]; /* 6 8 */
char localtime[8]; /* 14 8 */
struct wl3501_req req; /* 22 72 */
/* --- cacheline 1 boundary (64 bytes) was 30 bytes ago --- */
u8 rssi; /* 94 1 */
/* size: 96, cachelines: 2, members: 8 */
/* padding: 1 */
/* last cacheline: 32 bytes */
};
The problem is that the original code is trying to copy data into a
bunch of struct members adjacent to each other in a single call to
memcpy(). Now that a new struct wl3501_req enclosing all those adjacent
members is introduced, memcpy() doesn't overrun the length of
&sig.beacon_period and &this->bss_set[i].beacon_period, because the
address of the new struct object _req_ is used as the destination,
instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1fbaf516da763b50edac47d792a9145aa4482e29.1618442265.git.gustavoars@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501.h | 35 +++++++++++--------------
drivers/net/wireless/wl3501_cs.c | 44 +++++++++++++++++---------------
2 files changed, 38 insertions(+), 41 deletions(-)
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index 31ebef3e7ed4..87195c1dadf2 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -379,16 +379,7 @@ struct wl3501_get_confirm {
u8 mib_value[100];
};
-struct wl3501_join_req {
- u16 next_blk;
- u8 sig_id;
- u8 reserved;
- struct iw_mgmt_data_rset operational_rset;
- u16 reserved2;
- u16 timeout;
- u16 probe_delay;
- u8 timestamp[8];
- u8 local_time[8];
+struct wl3501_req {
u16 beacon_period;
u16 dtim_period;
u16 cap_info;
@@ -401,6 +392,19 @@ struct wl3501_join_req {
struct iw_mgmt_data_rset bss_basic_rset;
};
+struct wl3501_join_req {
+ u16 next_blk;
+ u8 sig_id;
+ u8 reserved;
+ struct iw_mgmt_data_rset operational_rset;
+ u16 reserved2;
+ u16 timeout;
+ u16 probe_delay;
+ u8 timestamp[8];
+ u8 local_time[8];
+ struct wl3501_req req;
+};
+
struct wl3501_join_confirm {
u16 next_blk;
u8 sig_id;
@@ -443,16 +447,7 @@ struct wl3501_scan_confirm {
u16 status;
char timestamp[8];
char localtime[8];
- u16 beacon_period;
- u16 dtim_period;
- u16 cap_info;
- u8 bss_type;
- u8 bssid[ETH_ALEN];
- struct iw_mgmt_essid_pset ssid;
- struct iw_mgmt_ds_pset ds_pset;
- struct iw_mgmt_cf_pset cf_pset;
- struct iw_mgmt_ibss_pset ibss_pset;
- struct iw_mgmt_data_rset bss_basic_rset;
+ struct wl3501_req req;
u8 rssi;
};
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index 70307308635f..672f5d5f3f2c 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -590,7 +590,7 @@ static int wl3501_mgmt_join(struct wl3501_card *this, u16 stas)
struct wl3501_join_req sig = {
.sig_id = WL3501_SIG_JOIN_REQ,
.timeout = 10,
- .ds_pset = {
+ .req.ds_pset = {
.el = {
.id = IW_MGMT_INFO_ELEMENT_DS_PARAMETER_SET,
.len = 1,
@@ -599,7 +599,7 @@ static int wl3501_mgmt_join(struct wl3501_card *this, u16 stas)
},
};
- memcpy(&sig.beacon_period, &this->bss_set[stas].beacon_period, 72);
+ memcpy(&sig.req, &this->bss_set[stas].req, sizeof(sig.req));
return wl3501_esbq_exec(this, &sig, sizeof(sig));
}
@@ -667,35 +667,37 @@ static void wl3501_mgmt_scan_confirm(struct wl3501_card *this, u16 addr)
if (sig.status == WL3501_STATUS_SUCCESS) {
pr_debug("success");
if ((this->net_type == IW_MODE_INFRA &&
- (sig.cap_info & WL3501_MGMT_CAPABILITY_ESS)) ||
+ (sig.req.cap_info & WL3501_MGMT_CAPABILITY_ESS)) ||
(this->net_type == IW_MODE_ADHOC &&
- (sig.cap_info & WL3501_MGMT_CAPABILITY_IBSS)) ||
+ (sig.req.cap_info & WL3501_MGMT_CAPABILITY_IBSS)) ||
this->net_type == IW_MODE_AUTO) {
if (!this->essid.el.len)
matchflag = 1;
else if (this->essid.el.len == 3 &&
!memcmp(this->essid.essid, "ANY", 3))
matchflag = 1;
- else if (this->essid.el.len != sig.ssid.el.len)
+ else if (this->essid.el.len != sig.req.ssid.el.len)
matchflag = 0;
- else if (memcmp(this->essid.essid, sig.ssid.essid,
+ else if (memcmp(this->essid.essid, sig.req.ssid.essid,
this->essid.el.len))
matchflag = 0;
else
matchflag = 1;
if (matchflag) {
for (i = 0; i < this->bss_cnt; i++) {
- if (ether_addr_equal_unaligned(this->bss_set[i].bssid, sig.bssid)) {
+ if (ether_addr_equal_unaligned(this->bss_set[i].req.bssid,
+ sig.req.bssid)) {
matchflag = 0;
break;
}
}
}
if (matchflag && (i < 20)) {
- memcpy(&this->bss_set[i].beacon_period,
- &sig.beacon_period, 73);
+ memcpy(&this->bss_set[i].req,
+ &sig.req, sizeof(sig.req));
this->bss_cnt++;
this->rssi = sig.rssi;
+ this->bss_set[i].rssi = sig.rssi;
}
}
} else if (sig.status == WL3501_STATUS_TIMEOUT) {
@@ -887,19 +889,19 @@ static void wl3501_mgmt_join_confirm(struct net_device *dev, u16 addr)
if (this->join_sta_bss < this->bss_cnt) {
const int i = this->join_sta_bss;
memcpy(this->bssid,
- this->bss_set[i].bssid, ETH_ALEN);
- this->chan = this->bss_set[i].ds_pset.chan;
+ this->bss_set[i].req.bssid, ETH_ALEN);
+ this->chan = this->bss_set[i].req.ds_pset.chan;
iw_copy_mgmt_info_element(&this->keep_essid.el,
- &this->bss_set[i].ssid.el);
+ &this->bss_set[i].req.ssid.el);
wl3501_mgmt_auth(this);
}
} else {
const int i = this->join_sta_bss;
- memcpy(&this->bssid, &this->bss_set[i].bssid, ETH_ALEN);
- this->chan = this->bss_set[i].ds_pset.chan;
+ memcpy(&this->bssid, &this->bss_set[i].req.bssid, ETH_ALEN);
+ this->chan = this->bss_set[i].req.ds_pset.chan;
iw_copy_mgmt_info_element(&this->keep_essid.el,
- &this->bss_set[i].ssid.el);
+ &this->bss_set[i].req.ssid.el);
wl3501_online(dev);
}
} else {
@@ -1573,30 +1575,30 @@ static int wl3501_get_scan(struct net_device *dev, struct iw_request_info *info,
for (i = 0; i < this->bss_cnt; ++i) {
iwe.cmd = SIOCGIWAP;
iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
- memcpy(iwe.u.ap_addr.sa_data, this->bss_set[i].bssid, ETH_ALEN);
+ memcpy(iwe.u.ap_addr.sa_data, this->bss_set[i].req.bssid, ETH_ALEN);
current_ev = iwe_stream_add_event(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe, IW_EV_ADDR_LEN);
iwe.cmd = SIOCGIWESSID;
iwe.u.data.flags = 1;
- iwe.u.data.length = this->bss_set[i].ssid.el.len;
+ iwe.u.data.length = this->bss_set[i].req.ssid.el.len;
current_ev = iwe_stream_add_point(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe,
- this->bss_set[i].ssid.essid);
+ this->bss_set[i].req.ssid.essid);
iwe.cmd = SIOCGIWMODE;
- iwe.u.mode = this->bss_set[i].bss_type;
+ iwe.u.mode = this->bss_set[i].req.bss_type;
current_ev = iwe_stream_add_event(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe, IW_EV_UINT_LEN);
iwe.cmd = SIOCGIWFREQ;
- iwe.u.freq.m = this->bss_set[i].ds_pset.chan;
+ iwe.u.freq.m = this->bss_set[i].req.ds_pset.chan;
iwe.u.freq.e = 0;
current_ev = iwe_stream_add_event(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe, IW_EV_FREQ_LEN);
iwe.cmd = SIOCGIWENCODE;
- if (this->bss_set[i].cap_info & WL3501_MGMT_CAPABILITY_PRIVACY)
+ if (this->bss_set[i].req.cap_info & WL3501_MGMT_CAPABILITY_PRIVACY)
iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
else
iwe.u.data.flags = IW_ENCODE_DISABLED;
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH AUTOSEL 5.11 092/104] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
` (16 preceding siblings ...)
2021-05-05 16:34 ` [PATCH AUTOSEL 5.11 091/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Sasha Levin
@ 2021-05-05 16:34 ` Sasha Levin
17 siblings, 0 replies; 19+ messages in thread
From: Sasha Levin @ 2021-05-05 16:34 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Lee Gibson, Kalle Valo, Sasha Levin, linux-wireless, netdev
From: Lee Gibson <leegib@gmail.com>
[ Upstream commit 130f634da1af649205f4a3dd86cbe5c126b57914 ]
Function qtnf_event_handle_external_auth calls memcpy without
checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.
Signed-off-by: Lee Gibson <leegib@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210419145842.345787-1-leegib@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/quantenna/qtnfmac/event.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/quantenna/qtnfmac/event.c b/drivers/net/wireless/quantenna/qtnfmac/event.c
index c775c177933b..8dc80574d08d 100644
--- a/drivers/net/wireless/quantenna/qtnfmac/event.c
+++ b/drivers/net/wireless/quantenna/qtnfmac/event.c
@@ -570,8 +570,10 @@ qtnf_event_handle_external_auth(struct qtnf_vif *vif,
return 0;
if (ev->ssid_len) {
- memcpy(auth.ssid.ssid, ev->ssid, ev->ssid_len);
- auth.ssid.ssid_len = ev->ssid_len;
+ int len = clamp_val(ev->ssid_len, 0, IEEE80211_MAX_SSID_LEN);
+
+ memcpy(auth.ssid.ssid, ev->ssid, len);
+ auth.ssid.ssid_len = len;
}
auth.key_mgmt_suite = le32_to_cpu(ev->akm_suite);
--
2.30.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
end of thread, other threads:[~2021-05-05 16:47 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-05 16:32 [PATCH AUTOSEL 5.11 001/104] ath11k: fix thermal temperature read Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 046/104] mac80211: Set priority and queue mapping for injected frames Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 047/104] mac80211: clear the beacon's CRC after channel switch Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 050/104] rtw88: 8822c: add LC calibration for RTL8822C Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 051/104] mt76: mt7615: fix key set/delete issues Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 052/104] mt76: mt7615: support loading EEPROM for MT7613BE Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 053/104] mt76: mt76x0: disable GTK offloading Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 054/104] mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 055/104] mt76: mt7915: fix key set/delete issue Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 056/104] mt76: mt7915: fix txpower init for TSSI off chips Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 057/104] mt76: mt7915: add wifi subsystem reset Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 062/104] iwlwifi: pcie: make cfg vs. trans_cfg more robust Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 063/104] iwlwifi: queue: avoid memory leak in reset flow Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 078/104] wilc1000: Bring MAC address setting in line with typical Linux behavior Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 079/104] mac80211: properly drop the connection in case of invalid CSA IE Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 088/104] mt76: mt7615: fix entering driver-own state on mt7663 Sasha Levin
2021-05-05 16:33 ` [PATCH AUTOSEL 5.11 090/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Sasha Levin
2021-05-05 16:34 ` [PATCH AUTOSEL 5.11 091/104] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Sasha Levin
2021-05-05 16:34 ` [PATCH AUTOSEL 5.11 092/104] qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).