First set of fixes for v5.6. Buffer overflow fixes to mwifiex, quite a
few functionality fixes to iwlwifi and smaller fixes to other drivers.
mwifiex
* fix an unlock from a previous security fix
* fix two buffer overflows
libertas
* fix two bugs from previous security fixes
iwlwifi
* fix module removal with multiple NICs
* don't treat IGTK removal failure as an error
* avoid FW crashes due to DTS measurement races
* fix a potential use after free in FTM code
* prevent a NULL pointer dereference in iwl_mvm_cfg_he_sta()
* fix TDLS discovery
* check all CPUs when trying to detect an error during resume
rtw88
* fix clang warning
mt76
* fix reading of max_nss value from a register
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJePoxJAAoJEG4XJFUm622b7a4H/2t/K/AmDv+j2mGos+2oVlSh
RFIXBjYs4GY5NGdLQx56qfiQzlgn8NAWwQqwhtoyVxnJTZjhmQkfMpJIw14tbFB1
OwHd+q7y7jXY9v7YBPlyqCxkzQL3u+GrzFIb04cXrSdzqh+5qWk4Zn7F6ZYJ1vwb
xRDOJfOE/a9GGzzY5+iwxyZ6Y1E+OjbgT4Ps5YUaotH1iMGza7NPu6s+UkULkyRo
ylbiOR9u6jOiwUkSxUz+GGiXKJ9BQTLKm5kLM7lO5I49AcZb5UOIKJaJxHN0hMwj
uprqUsqtbO+bv8SKAjKLR/yQf2gmB+pSSeAmmfJ8ov5igg2g12sNfdy8ScWLks8=
=FiiT
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-2020-02-08' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for v5.6
First set of fixes for v5.6. Buffer overflow fixes to mwifiex, quite a
few functionality fixes to iwlwifi and smaller fixes to other drivers.
mwifiex
* fix an unlock from a previous security fix
* fix two buffer overflows
libertas
* fix two bugs from previous security fixes
iwlwifi
* fix module removal with multiple NICs
* don't treat IGTK removal failure as an error
* avoid FW crashes due to DTS measurement races
* fix a potential use after free in FTM code
* prevent a NULL pointer dereference in iwl_mvm_cfg_he_sta()
* fix TDLS discovery
* check all CPUs when trying to detect an error during resume
rtw88
* fix clang warning
mt76
* fix reading of max_nss value from a register
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix u8 cast reading max_nss from MT_TOP_STRAP_STA register in
mt7615_eeprom_parse_hw_cap routine
Fixes: acf5457fd9 ("mt76: mt7615: read {tx,rx} mask from eeprom")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Pull RCU updates from Ingo Molnar:
"The RCU changes in this cycle were:
- Expedited grace-period updates
- kfree_rcu() updates
- RCU list updates
- Preemptible RCU updates
- Torture-test updates
- Miscellaneous fixes
- Documentation updates"
* 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (69 commits)
rcu: Remove unused stop-machine #include
powerpc: Remove comment about read_barrier_depends()
.mailmap: Add entries for old paulmck@kernel.org addresses
srcu: Apply *_ONCE() to ->srcu_last_gp_end
rcu: Switch force_qs_rnp() to for_each_leaf_node_cpu_mask()
rcu: Move rcu_{expedited,normal} definitions into rcupdate.h
rcu: Move gp_state_names[] and gp_state_getname() to tree_stall.h
rcu: Remove the declaration of call_rcu() in tree.h
rcu: Fix tracepoint tracking RCU CPU kthread utilization
rcu: Fix harmless omission of "CONFIG_" from #if condition
rcu: Avoid tick_dep_set_cpu() misordering
rcu: Provide wrappers for uses of ->rcu_read_lock_nesting
rcu: Use READ_ONCE() for ->expmask in rcu_read_unlock_special()
rcu: Clear ->rcu_read_unlock_special only once
rcu: Clear .exp_hint only when deferred quiescent state has been reported
rcu: Rename some instance of CONFIG_PREEMPTION to CONFIG_PREEMPT_RCU
rcu: Remove kfree_call_rcu_nobatch()
rcu: Remove kfree_rcu() special casing and lazy-callback handling
rcu: Add support for debug_objects debugging for kfree_rcu()
rcu: Add multiple in-flight batches of kfree_rcu() work
...
The sband->bitrates[] array has "sband->n_bitrates" elements so this
check needs to be >= instead of > or we could read beyond the end of the
array.
These values come from when we call mt76_register_device():
ret = mt76_register_device(&dev->mt76, true, mt7603_rates,
ARRAY_SIZE(mt7603_rates));
Here sband->bitrates[] is mt7603_rates[] and ->n_bitrates is the
ARRAY_SIZE()
Fixes: 5ce09c1a79 ("mt76: track rx airtime for airtime fairness and survey")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The mt76_led_cleanup() function is called unconditionally, which
leads to a link error when CONFIG_LEDS is a loadable module or
disabled but mt76 is built-in:
drivers/net/wireless/mediatek/mt76/mac80211.o: In function `mt76_unregister_device':
mac80211.c:(.text+0x2ac): undefined reference to `led_classdev_unregister'
Use the same trick that is guarding the registration, using an
IS_ENABLED() check for the CONFIG_MT76_LEDS symbol that indicates
whether LEDs can be used or not.
Fixes: 36f7e2b2bb ("mt76: do not use devm API for led classdev")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This commit replaces the use of rcu_swap_protected() with the more
intuitively appealing rcu_replace_pointer() as a step towards removing
rcu_swap_protected().
Link: https://lore.kernel.org/lkml/CAHk-=wiAsJLw1egFEE=Z7-GGtM6wcvtyytXZA1+BHqta4gg6Hw@mail.gmail.com/
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: "Martin K. Petersen" <martin.petersen@oracle.com>
[ paulmck: Apply Matthias Brugger feedback. ]
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Reviewed-by: "Martin K. Petersen" <martin.petersen@oracle.com>
Acked-by: Kalle Valo <kvalo@codeaurora.org>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Cc: Ryder Lee <ryder.lee@mediatek.com>
Cc: Roy Luo <royluo@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: <linux-wireless@vger.kernel.org>
Cc: <netdev@vger.kernel.org>
Cc: <linux-arm-kernel@lists.infradead.org>
Cc: <linux-mediatek@lists.infradead.org>
Current implementation always use default eeprom mac address to
configure device registers even if it is updated using
mt76_eeprom_override. Fix it initializing macaddr filed of mt76_dev data
structure with eeprom mac address and running mt76_eeprom_override
before mt76x02_mac_setaddr
Fixes: d1bc9bf207 ("mt76: mt76x0: eeprom: add support for MAC address from OF")
Tested-by: Kevin Schmidt <kevin.patrick.schmidt@googlemail.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The current ampdu locking code does not unlock its mutex in the early
return case. This patch fixes it.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Even if they are not currently used fix BK/BE endpoint definition order.
Fixes: b40b15e152 ("mt76: add usb support to mt76 layer")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Parse configured {tx,rx} mask from eeprom data instead of just setting it
to four tx-rx streams
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move mt76_get_antenna in mac80211.c in order to be reused by all
drivers. Initialize .get_antenna function pointer for mt76x0, mt7603,
mt7615 and mt76x2u drivers
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fix possible out-of-bound access of status rates array in
mt7615_fill_txs/mt7603_fill_txs routines
Fixes: c5211e997e ("mt76: mt7603: rework and fix tx status reporting")
Fixes: 4af81f02b4 ("mt76: mt7615: sync with mt7603 rate control changes")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 34b0e9b767.
Since commit 7bd0650be6 ("mt76: dma: fix buffer unmap with non-linear skbs")
is no longer necessary to disable HW encryption for MT7630E.
Disabling HW encryption helped previously because somehow fragmented
skb's are not created if mac80211 encrypt frames, so buffer unmap bug
of non-linear skbs was not triggered. Now since this bug is properly
fixed by commit 7bd0650be6 ("mt76: dma: fix buffer unmap with
non-linear skbs") , we can enable HW encryption back.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Set switch_reason to CH_SWITCH_SCAN_BYPASS_DPD during frequency scanning
in order to disable radar pattern detector
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move interface modes declaration in common code since now mt76
chipsets support all modes (NL80211_IFTYPE_STATION, NL80211_IFTYPE_AP,
NL80211_IFTYPE_MESH_POINT and NL80211_IFTYPE_ADHOC)
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Enable IFTYPE_ADHOC support on 7615 devices. The feature has been tested
using a mt76x2 device as wireless peer.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move SUPPORTS_REORDERING_BUFFER hw property configuration from chip
specific code to mt76_register_device since it is supported by all mt76
drivers
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Convert mt76_is_mmio and mt76_is_usb to rely on mt76_dev instead of
mt76x02_dev since this is a property not strictly related to hw chipset
and it will be more reusable
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/net/wireless/mediatek/mt76/dma.c: In function mt76_dma_rx_fill:
drivers/net/wireless/mediatek/mt76/dma.c:377:6: warning: variable idx set but not used [-Wunused-but-set-variable]
It is not used since commit 17f1de56df ("mt76:
add common code shared between multiple chipsets")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
rate controller and throughput are very sensitive to tx status timing.
In order to improve performances when the system is heavily loaded,
substitute stat_work delayed_work with a regular work_struct and create
a mt76u dedicated workqueue for tx status reporting
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
usb drivers are supposed to communicate using usb_interface instead
mt76x{0,2}u is now registering through usb_device. Fix it by passing
usb_intf device to mt76_alloc_device routine.
Fixes: 112f980ac8 ("mt76usb: use usb_dev private data")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Tested-By: Zero_Chaos <sidhayn@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
remove unneeded semicolon.
This is detected by coccinelle.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since mt76x0 does not save the phy calibration data it is not necessary
to wait 350ms in mt76x0_phy_calibrate
Tested-by: Sid Hayn <sidhayn@gmail.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update ewma packet length in mt76x02u_tx_prepare_skb as it is
done for pci counterpart in order to properly estimate tx time on
current channel
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
mt76x0e driver only supports MAC addresses from
calibration data eeprom. Many routers however do not
have a valid stock address set in this field.
This patch makes it possible to take a MAC address
from OF (e.g. from mtd).
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[adjusted for kernel submission]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
if napi_complete() returns false, it means that polling is still pending.
Interrupts should not fire until the polling is no longer scheduled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Cancel the workqueue after the tid has been cleaned up, in order to
avoid a possible rescheduling from within the work function.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
A rcu read locked section is not allowed to sleep, and the rcu lock here
isn't actually necessary, because we're holding dev->mutex.
Fixes an issue when the tid work item is still running while freeing
a station or stopping the aggregation session
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With the devm API, the unregister happens after the device cleanup is done,
after which the struct mt76_dev which contains the led_cdev has already been
freed. This leads to a use-after-free bug that can crash the system.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Poll per-station hardware counters available in WTBL after tx/rx
status events in order to report tx/rx airtime to mac80211 layer
Co-developed-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce mt7615_mac_wtbl_update utility routine in order to update
WTBL update register
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Like on mt7603, MIB status register 16 tracks CCA time, but does not
include tx time. Switch to status register 9 to includ NAV and tx
time as well.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Report tx time/rx time and obss time from hw mib counters to fill survey
info requested by mac80211
Co-developed-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Host time is used to calculate the channel active time on mt7603 and mt7615.
Use the same on mt76x02 and move the lock to core code to get rid of some
duplicated code.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MT_MIB_STAT_PSCCA only counts rx CCA busy time, which does not include
tx time. MT_MIB_STAT_CCA counts full busy time, including Rx, Tx and NAV
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Report total rx airtime for valid stations as BSS rx time in survey
mt7615 is left out for now, it will be supported later by reading
hardware counters instead of calculating airtime in software
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Move mt76_channel_state() from mt76.h to mac80211.c
Preparation for updating channel state from more places in the drivers/core
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce ampdu_stat entry in mt7603 debugfs in order to dump 802.11
aggr cumulative statistics
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>