During write to some of debugfs in ath10k, few variables exposing stack
data when process user input. which leads to possible information leak.
This patch fix this issue by initializing buffer and checks
the return valure of 'simple_write_to_buffer'.
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
ath.git patches for 4.18. Major changes:
ath10k
* enable temperature reads for QCA6174 and QCA9377
* add firmware memory dump support for QCA9984
* continue adding WCN3990 support via SNOC bus
In case memory resources for fw were succesfully allocated, release
them before jumping to fw_load_fail.
Addresses-Coverity-ID: 1466092 ("Resource leak")
Fixes: c3b2f7ca41 ("qtnfmac: implement asynchronous firmware loading")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
RT5370G has hardware RX antenna diversity like RT5390R.
Based on DPO_RT5572_LinuxSTA_2.6.1.3_20121022.tar.bz2 manufacturer driver:
https://d86o2zu8ugzlg.cloudfront.net/mediatek-craft/drivers/DPO_RT5572_LinuxSTA_2.6.1.3_20121022.tar.bz2
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: Helmut Schaa <helmut.schaa@googlemail.com>
Cc: Gertjan van Wingerde <gwingerde@gmail.com>
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: wireless newbie <wnewbie72@gmail.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: linux wireless ml <linux-wireless@vger.kernel.org>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Remove and refactor some code in order to avoid having identical code
for different branches.
Notice that this piece of code hasn't been modified since 2011.
Addresses-Coverity-ID: 1226756 ("Identical code for different branches")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
BCM4366E is a wireless chipset with a BCM43664 ChipCommon. It's
supported by the same firmware as 4366c0.
Signed-off-by: Dan Haab <dan.haab@luxul.com>
[arend: rebase patch and remove unnecessary definition]
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
If "evt_len" is 1 then we try to memcpy() negative 3 bytes and it would
cause memory corruption.
Fixes: d930faee14 ("mwifiex: add support for Marvell pcie8766 chipset")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Firmware already support hidden ssid and keep ssid length,
Open the capability in driver.
Signed-off-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Firmware parse and attach ERP IE from bss configuration,
do not set again from tail IE.
Signed-off-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Despite this issue is not harmful since it is not actually used in
mt76 driver, fix DMA txinfo bitmask definition
Fixes: 7bc04215a6 ('mt76: add driver code for MT76x2e')
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When finishing scanning we switch to operational channel sill with
SCANNING flag. This mean that we never perform calibration works after
scanning. To fix the problem queue calibration works on
.sw_scan_complete() routine.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Jakub Kicinski <kubakici@wp.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
avr_rssi is not calculated correctly as we do not divide result
by 256 (mt76 sum avg_rssi1 and avg_rssi2 and divide by 512).
However dividing by 256 will make avg_rssi almost the same as
last rssi value - not really an average. So use EWMA to calculate
avg_rssi. I've chosen weight_rcp=4 to convergence quicker on signal
strength changes.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Jakub Kicinski <kubakici@wp.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Initialize default values for temperature compensation in TX_ALC_CFG_{1,2}
if tssi has been enabled
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fix mt76x2_temp_tx_alc_enabled routine since in order to enable tx_alc
temperature compensation it necessary to take into account BIT(15) of
MT_EE_TX_POWER_EXT_PA_5G eeprom info
Fixes: 7bc04215a6 ("mt76: add driver code for MT76x2e")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Remove unnecessary MT_TX_ALC_CFG_4 configuration since the register value
will be properly set according to the usage of an external power amplifier
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Do not attempt to reorder packets not part of a BA session
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Required for fast-rx and allows mac80211 to skip an unnnecessary check.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Use cancel_delayed_work instead of cancel_delayed_work_sync
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
There were a number of issues in the existing tx power handling code:
1. The EEPROM target power for chain 0 refers to the actual output power
after the channel and bandwidth delta have been added to the initial
channel gain. This means the delta values should not be added/subtracted
for the rate power calculation
2. When power is reduced significantly, the initial channel gain
underflows very quickly, while the per-rate power offsets are high.
This miscalculation causes effective tx power to be increased when it
should actually be lowered.
Fix this by trying to adjust the channel gain to the lowest power from
the rate table. In case of under- or overflow, compensate by adding an
appropriate delta to the rate power values.
This makes power configuration more accurate on a wider range of
configurable values
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Avoids race conditions from mac80211 enqueueing tx packets before the
tx-drop bit is cleared
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Allows the driver to control whether to send a BlockAckReq after waking
up. MT76x2 needs this set to true, for MT7603 (to be submitted later)
it needs to be false.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Add static qualifier to mt76x2_mac_reset routine and remove the
prototype from mt76x2_mac.h since it is used just in mt76x2_init.c
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Fix mcu initial configuration for tssi calibration on 5GHz band
Fixes: 7bc04215a6 ("mt76: add driver code for MT76x2e")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: Jakub Kicinski <kubakici@wp.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Since the statements are identical, we can safely remove the statements.
The commit 42e74946f0 ("rtlwifi: btcoexist: Fix if == else warnings in
halbtc8821a1ant.c") had fixed the statements, but the commit c6821613e6
("rtlwifi: btcoex: follow linux coding style") that converted coding style
and upgraded btcoex didn't include the fix.
Reported-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Currently 5GHz gets advertised even for the device which supports
only 2.4Ghz band. This patch fixes the issue
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Power save is by default enabled for WLAN and BT coex mode.
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Currently TID is extracted by checking at specific offset in data frame.
This approach doesn't work for some of the frames. This patch uses mac80211
API and do it correctly
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Maximum number of supported aggregation subframes has been increased
to 8. This is the optimal number for the driver.
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Power save request should be sent on station interface. Virtual
interface which is connected should be preferred. This patch
resolves device not entering power save problem in certain
situations
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Some device configuration flags need to be enabled while sending 'bootup
params' internal frame to firmware. This patch takes care of it.
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Firmware's watchdog timer should be disabled as a part of reset
sequence. This change fixes a firmware hang issue observed during
stress tests.
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The issue here is that we allocate "data" and then set
"data = PTR_ALIGN(data, 8);" and then we free the aligned pointer
instead of the original pointer.
kmalloc() pointers are already ARCH_SLAB_MINALIGN aligned which is 8 or
more on everything except certain Xtensa variants. We decided that if
the Xtensa people ever notice a bug here then we'll tell them the bug is
on their side. ;)
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
To support roaming below changes are done:
* Station notify frame is send to firmware after sending assoc
request. This will avoid dropping of first EAPOL frame due to
delay in creation of station control block in firmware.
* Data queues are unblocked after sending station notify in open
mode, after configuring key in WEP mode, and after receiving
EAPOL4 confirm in WPA mode.
* Initial EAPOL frames priority is chaged to MGMT, rekey EAPOL
frames priority changed to VO.
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
80MHz clock for device should be enabled by default in
TX command frame radio capabilities.
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Descriptors preparation is moved to core instead of HAL to
avoid synchronization issues in sending TX frames
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
All descriptor structures are in rsi_mgmt.h except this
extended descriptor structure. Hence moving it to rsi_mgmt.h
and also renaming to rsi_xtend_desc.
Signed-off-by: Prameela Rani Garnepudi <prameela.j04cs@gmail.com>
Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Trivial fix to spelling mistake in wiphy_warn warning message text
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
DFS offload support implemented:
- DFS_OFFLOAD feature is advertised depending on HW capabilities
- CAC_STARTED event forwarding from HW implemented
- start_radar_detection() callback now returning -ENOTSUPP
if DFS_OFFLOAD is enabled
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
* implement Traffic Condition Monitor;
* use TCM for scan and BT coex;
* use TCM to detect when the AP doesn't support UAPSD properly;
* some more work for the 22000 family of devices;
* introduce AMSDU rate control offload;
* a couple of clean-ups and bugfixes.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAlrZp0YACgkQoUecoho8
xfoAEBAApNLOyvo7jxKXIdpHz5eBakFs32JsBEMA3EouUCu5RJbNhNOimUKWK4Vy
C7NfKxx0MYxO2BlD9ncWRvFFwAWi2MIrMH1KV4X2nhrFOUGWOF9J7M6Lr5rD6/kt
/440TD2XjygpQamDRNcaKt/Jq1Y3aQAy3AMrHJWEX+QfW1xDAS/Y7S61GJpK7C56
ROwhGg6d3vPh9Wzs/sI+pbXz90St29aBTwSH8AMvNCA3YYDM4rVjepq97aVEc/MJ
cWjNh4Wy0dMyjkSip5eh8YlyTI5YSSL8SUcx3KrgMiI26TWVvP+6yvkI50HhvNUt
mCeO4PzYU1y3JM1lynxNoz+BSTrfloMbc0dEIbqSV41sP55xFM+eDQjd7Q4E8M8E
zHBTOcSXrV/FMTSC6+TGoAbKIaM1JaQOFE87diUKaEQCRazzEuzt3Er5Rt94N6ng
d5RPY5IuO87A51RXgFBoYG25Ocj/5oVwILG88uYQ4MjfvqidhyyjCRuOgw3LeMXd
2MIw3afw6JGvgk0vTB3MY1xw3YoocivPjjxR6psWtx3jHAjYJlevTLQOCd+cfC/U
JkKkyqN+gTOFpADphH6Yp9LM2yA54G1dxqkRoDB7GWTPldiSgT1DT32dIzt7/gAD
IsxHn2v3muP1mrCN4rpbZaqdpstCCUQbMU10UagM0KSpZeyViOk=
=AtBc
-----END PGP SIGNATURE-----
Merge tag 'iwlwifi-next-for-kalle-2018-04-20' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next
iwlwifi patches for 4.18
* implement Traffic Condition Monitor;
* use TCM for scan and BT coex;
* use TCM to detect when the AP doesn't support UAPSD properly;
* some more work for the 22000 family of devices;
* introduce AMSDU rate control offload;
* a couple of clean-ups and bugfixes.
When the wifi driver core passes IE elements in the scan request, append
them to the firmware message. The driver currently tells the core that
it is capable of attaching up to WCN36XX_MAX_SCAN_IE_LEN octets, but
doesn't actually pass them to the the hardware.
Note that this patch doesn't fix a bug that was observed. The change is
merely done for the sake of completeness as the hardware supports
appending IEs in scans. Tests show that network scans work fine with
this patch applied.
Some defines were moved around to avoid cyclic include dependencies.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Pass the bss_type of the currently configured BSS in the message for the
scan request. Therefore, that setting needs to be kept in struct
wcn36xx_vif.
This seems to be only interesting when scanning for a specific SSID
and doesn't matter for regular wildcard scans.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
For firmwares that don't have the SCAN_OFFLOAD feature bit set, do
not call into wcn36xx_smd_stop_hw_scan(). Instead, stop the asynchronous
work and call into ieee80211_scan_completed() immediately.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When the network interface goes down while a scan request is still
pending that can't be stopped due to firmware hickups, wcn->scan_req
remains set, even though the hardware is deinitialized. This results
in -EBUSY for all scan requests after the interface was brought up
again.
Fix this by explicitly completing pending scan requests in
wcn36xx_stop().
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
When the firmware sends a WCN36XX_HAL_SCAN_IND_DEQUEUED indication,
the request is apparently no longer valid. Attempts to stop the hardware
scan request subsequently will lead to the following error message, and
the hardware is no longer able to communicate with any AP:
[ 57.917186] wcn36xx: ERROR hal_stop_scan_offload response failed err=5
Interpreting this indicator message as scan abortion fixes this.
While at it, add a newline to a debug print.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Enable sta power save in fw for the targets that
supports idle power save. The idle ps enable command
will be ignored by the firmware which does not support
this feature.
Signed-off-by: Govind Singh <govinds@codeaurora.org>
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
SRRI/DRRI are not mapped in the HW Shadow block and can lead
to un-clocked access if common subsystem in the target is
powered down due to idle mode.
To mitigate this problem SRRI/DRRI can be read from
DDR instead of doing an actual hardware read.
Host allocates non cached memory on ddr and configures
the physical address of this memory to the CE hardware.
The hardware updates the RRI on this particular location.
Read SRRI/DRRI from DDR location instead of
direct target read.
Enable retention restore on ddr using hw params to enable
in specific targets.
Signed-off-by: Govind Singh <govinds@codeaurora.org>
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Venkateswara Naralasetty