Fedor Pchelkin [Fri, 24 Feb 2023 10:28:05 +0000 (12:28 +0200)]
wifi: ath6kl: reduce WARN to dev_dbg() in callback
The warn is triggered on a known race condition, documented in the code above
the test, that is correctly handled. Using WARN() hinders automated testing.
Reducing severity.
Fixes: de2070fc4aa7 ("ath6kl: Fix kernel panic on continuous driver load/unload") Reported-and-tested-by: syzbot+555908813b2ea35dae9a@syzkaller.appspotmail.com Signed-off-by: Oliver Neukum <oneukum@suse.com> Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230126182431.867984-1-pchelkin@ispras.ru
In most (likely all) cases, INIT_HAL_MSG() is called before
PREPARE_HAL_BUF().
In such cases calling memset() is useless because:
msg_body.header.len = sizeof(msg_body)
So, instead of writing twice the memory, we just have a sanity check to
make sure that some potential trailing memory is zeroed.
It even gives the opportunity to see that by itself and optimize it away.
wifi: ath11k: fix SAC bug on peer addition with sta band migration
Fix sleep in atomic context warning detected by Smatch static checker
analyzer.
Following the locking pattern for peer_rhash_add lock tbl_mtx_lock mutex
always even if sta is not transitioning to another band.
This is peer_add function and a more secure locking should not cause
performance regression.
Fixes: d673cb6fe6c0 ("wifi: ath11k: fix peer addition/deletion error on sta band migration") Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230209222622.1751-1-ansuelsmth@gmail.com
Abhishek Kumar [Fri, 3 Feb 2023 00:01:40 +0000 (00:01 +0000)]
wifi: ath10k: snoc: enable threaded napi on WCN3990
NAPI poll can be done in threaded context along with soft irq
context. Threaded context can be scheduled efficiently, thus
creating less of bottleneck during Rx processing. This patch is
to enable threaded NAPI on ath10k driver.
Based on testing, it was observed that on WCN3990, the CPU0 reaches
100% utilization when napi runs in softirq context. At the same
time the other CPUs are at low consumption percentage. This
does not allow device to reach its maximum throughput potential.
After enabling threaded napi, CPU load is balanced across all CPUs
and following improvments were observed:
- UDP_RX increase by ~22-25%
- TCP_RX increase by ~15%
Here are some of the additional raw data with and without threaded napi:
==================================================
udp_rx(Without threaded NAPI)
435.98+-5.16 : Channel 44
439.06+-0.66 : Channel 157
Dan Carpenter [Mon, 6 Feb 2023 13:15:48 +0000 (16:15 +0300)]
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
This loop checks that i < max at the start of loop but then it does
i++ which could put it past the end of the array. It's harmless to
check again and prevent a potential out of bounds.
Fixes: 1048643ea94d ("ath5k: Clean up eeprom parsing and add missing calibration data") Signed-off-by: Dan Carpenter <error27@gmail.com> Reviewed-by: Luis Chamberlain <mcgrof@kernel.org> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/Y+D9hPQrHfWBJhXz@kili
wifi: ath5k: Use platform_get_irq() to get the interrupt
As of commit a1a2b7125e10 ("of/platform: Drop static setup of IRQ
resource from DT core"), we need to use platform_get_irq() instead of
platform_get_resource() to get our IRQs because
platform_get_resource() simply won't get them anymore.
This was already fixed in several other Atheros WiFi drivers,
apparently in response to Zeal Robot reports. An example of another
fix is commit 9503a1fc123d ("ath9k: Use platform_get_irq() to get the
interrupt"). ath5k seems to have been missed in this effort, though.
wifi: ath11k: Use platform_get_irq() to get the interrupt
As of commit a1a2b7125e10 ("of/platform: Drop static setup of IRQ
resource from DT core"), we need to use platform_get_irq() instead of
platform_get_resource() to get our IRQs because
platform_get_resource() simply won't get them anymore.
This was already fixed in several other Atheros WiFi drivers,
apparently in response to Zeal Robot reports. An example of another
fix is commit 9503a1fc123d ("ath9k: Use platform_get_irq() to get the
interrupt"). ath11k seems to have been missed in this effort, though.
Without this change, WiFi wasn't coming up on my Qualcomm sc7280-based
hardware. Specifically, "platform_get_resource(pdev, IORESOURCE_IRQ,
i)" was failing even for i=0.
Fixes: a1a2b7125e10 ("of/platform: Drop static setup of IRQ resource from DT core") Fixes: 00402f49d26f ("ath11k: Add support for WCN6750 device") Signed-off-by: Douglas Anderson <dianders@chromium.org> Tested-by: Jun Yu <junyuu@chromium.org> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230201084131.v2.1.I69cf3d56c97098287fe3a70084ee515098390b70@changeid
Ramya Gnanasekar [Mon, 23 Jan 2023 09:51:41 +0000 (15:21 +0530)]
wifi: ath12k: PCI ops for wakeup/release MHI
Wakeup/release MHI is not needed before pci_read/write for QCN9274.
Since wakeup & release MHI is enabled for all QCN9274 and
WCN7850, below MHI assert is seen in QCN9274
Adding function callbacks for MHI wakeup and release operations.
QCN9274 does not need wakeup/release, function callbacks are initialized
to NULL. In case of WCN7850, shadow registers are used to access rings.
Since, shadow register's offset is less than ACCESS_ALWAYS_OFF,
mhi_device_get_sync() or mhi_device_put() to wakeup
and release mhi will not be called during service ring accesses.
Ramya Gnanasekar [Sun, 22 Jan 2023 01:49:36 +0000 (07:19 +0530)]
wifi: ath12k: Handle lock during peer_id find
ath12k_peer_find_by_id() requires that the caller hold the
ab->base_lock. Currently the WBM error path does not hold
the lock and calling that function, leads to the
following lockdep_assert()in QCN9274:
Fedor Pchelkin [Thu, 16 Feb 2023 19:23:01 +0000 (22:23 +0300)]
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
hif_dev->remain_skb is allocated and used exclusively in
ath9k_hif_usb_rx_stream(). It is implied that an allocated remain_skb is
processed and subsequently freed (in error paths) only during the next
call of ath9k_hif_usb_rx_stream().
So, if the urbs are deallocated between those two calls due to the device
deinitialization or suspend, it is possible that ath9k_hif_usb_rx_stream()
is not called next time and the allocated remain_skb is leaked. Our local
Syzkaller instance was able to trigger that.
remain_skb makes sense when receiving two consecutive urbs which are
logically linked together, i.e. a specific data field from the first skb
indicates a cached skb to be allocated, memcpy'd with some data and
subsequently processed in the next call to ath9k_hif_usb_rx_stream(). Urbs
deallocation supposedly makes that link irrelevant so we need to free the
cached skb in those cases.
Fix the leak by introducing a function to explicitly free remain_skb (if
it is not NULL) when the rx urbs have been deallocated. remain_skb is NULL
when it has not been allocated at all (hif_dev struct is kzalloced) or
when it has been processed in next call to ath9k_hif_usb_rx_stream().
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.") Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Acked-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230216192301.171225-1-pchelkin@ispras.ru
Dan Carpenter [Thu, 16 Feb 2023 12:16:14 +0000 (15:16 +0300)]
wifi: ath12k: use kfree_skb() instead of kfree()
Sk_buffs are supposed to be freed with kfree_skb().
Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/Y+4ejiYakhEvEw7c@kili
The memcpy() in ath_key_config() was attempting to write across
neighboring struct members in struct ath_keyval. Introduce a wrapping
struct_group, kv_values, to be the addressable target of the memcpy
without overflowing an individual member. Silences the false positive
run-time warning:
memcpy: detected field-spanning write (size 32) of single field "hk.kv_val" at drivers/net/wireless/ath/key.c:506 (size 16)
Link: https://bbs.archlinux.org/viewtopic.php?id=282254 Cc: Kalle Valo <kvalo@kernel.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> Link: https://lore.kernel.org/r/20230210054310.never.554-kees@kernel.org
Yang Li [Wed, 15 Feb 2023 18:31:38 +0000 (20:31 +0200)]
wifi: ath10k: Remove the unused function shadow_dst_wr_ind_addr() and ath10k_ce_error_intr_enable()
The function shadow_dst_wr_ind_addr() and ath10k_ce_error_intr_enable()
are defined in the ce.c file, the code calling them has been removed,
so remove these unused functions.
Eliminate the following warnings:
drivers/net/wireless/ath/ath10k/ce.c:80:19: warning: unused function 'shadow_dst_wr_ind_addr'
drivers/net/wireless/ath/ath10k/ce.c:441:20: warning: unused function 'ath10k_ce_error_intr_enable'
Yang Li [Wed, 15 Feb 2023 18:31:37 +0000 (20:31 +0200)]
wifi: ath12k: dp_mon: Fix unsigned comparison with less than zero
The return value from the call to idr_alloc() is int.
However, the return value is being assigned to an unsigned
int variable 'buf_id', so making 'buf_id' an int.
Eliminate the following warning:
./drivers/net/wireless/ath/ath12k/dp_mon.c:1300:15-21: WARNING: Unsigned expression compared with zero: buf_id < 0
wifi: ath11k: Set ext passive scan flag to adjust passive scan start time
Set the WMI_SCAN_FLAG_EXT_PASSIVE_SCAN_START_TIME_ENHANCE flag
while sending the scan command. If this flag is enabled when the
incoming scan request comes with a strict start time and its duration
overlaps with next TBTT, then target adjust the start time accordingly
for passive scan. Target supporting this feature will advertise
WMI_TLV_SERVICE_PASSIVE_SCAN_START_TIME_ENHANCE.
Johannes Berg [Wed, 15 Feb 2023 17:30:26 +0000 (18:30 +0100)]
wifi: mac80211: add documentation for amsdu_mesh_control
This documentation wasn't added in the original patch,
add it now.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Fixes: 6e4c0d0460bd ("wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 15 Feb 2023 09:40:41 +0000 (10:40 +0100)]
wifi: mac80211: always initialize link_sta with sta
When we have multiple interfaces receiving the same frame,
such as a multicast frame, one interface might have a sta
and the other not. In this case, link_sta would be set but
not cleared again.
Always set link_sta, so we keep an invariant that link_sta
and sta are either both set or both not set.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 15 Feb 2023 09:07:05 +0000 (10:07 +0100)]
wifi: mac80211: pass 'sta' to ieee80211_rx_data_set_sta()
There's at least one case in ieee80211_rx_for_interface()
where we might pass &((struct sta_info *)NULL)->sta to it
only to then do container_of(), and then checking the
result for NULL, but checking the result of container_of()
for NULL looks really odd.
Fix this by just passing the struct sta_info * instead.
Fixes: e66b7920aa5a ("wifi: mac80211: fix initialization of rx->link and rx->link_sta") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Marc Bornand [Wed, 15 Feb 2023 08:47:53 +0000 (08:47 +0000)]
wifi: cfg80211: Set SSID if it is not already set
When a connection was established without going through
NL80211_CMD_CONNECT, the ssid was never set in the wireless_dev struct.
Now we set it in __cfg80211_connect_result() when it is not already set.
When using a userspace configuration that does not call
cfg80211_connect() (can be checked with breakpoints in the kernel),
this patch should allow `networkctl status device_name` to output the
SSID instead of null.
Cc: stable@vger.kernel.org Reported-by: Yohan Prod'homme <kernel@zoddo.fr> Fixes: 7b0a0e3c3a88 (wifi: cfg80211: do some rework towards MLO link APIs) Link: https://bugzilla.kernel.org/show_bug.cgi?id=216711 Signed-off-by: Marc Bornand <dev.mbornand@systemb.ch> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ping-Ke Shih [Mon, 13 Feb 2023 09:13:28 +0000 (17:13 +0800)]
wifi: rtw89: use readable return 0 in rtw89_mac_cfg_ppdu_status()
For normal (successful) flow, it must return 0. The original code uses
'return ret', and then we need to backward reference to initial value to
know 'ret = 0'. Changing them to 'return 0', because it will be more
readable and intuitive. This patch doesn't change logic at all.
Sascha Hauer [Fri, 10 Feb 2023 11:16:32 +0000 (12:16 +0100)]
wifi: rtw88: usb: drop now unnecessary URB size check
Now that we send URBs with the URB_ZERO_PACKET flag set we no longer
need to make sure that the URB sizes are not multiple of the
bulkout_size. Drop the check.
Johannes Berg [Tue, 14 Feb 2023 19:08:15 +0000 (20:08 +0100)]
wifi: mac80211: fix off-by-one link setting
The convention for find_first_bit() is 0-based, while ffs()
is 1-based, so this is now off-by-one. I cannot reproduce the
gcc-9 problem, but since the -1 is now removed, I'm hoping it
will still avoid the original issue.
Reported-by: Alexander Lobakin <alexandr.lobakin@intel.com> Fixes: 1d8d4af43474 ("wifi: mac80211: avoid u32_encode_bits() warning") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Gilad Itzkovitch [Thu, 24 Nov 2022 00:53:36 +0000 (13:53 +1300)]
wifi: mac80211: Fix for Rx fragmented action frames
The ieee80211_accept_frame() function performs a number of early checks
to decide whether or not further processing needs to be done on a frame.
One of those checks is the ieee80211_is_robust_mgmt_frame() function.
It requires to peek into the frame payload, but because defragmentation
does not occur until later on in the receive path, this peek is invalid
for any fragment other than the first one. Also, in this scenario there
is no STA and so the fragmented frame will be dropped later on in the
process and will not reach the upper stack. This can happen with large
action frames at low rates, for example, we see issues with DPP on S1G.
This change will only check if the frame is robust if it's the first
fragment. Invalid fragmented packets will be discarded later after
defragmentation is completed.
Arnd Bergmann [Tue, 14 Feb 2023 13:20:21 +0000 (14:20 +0100)]
wifi: mac80211: avoid u32_encode_bits() warning
gcc-9 triggers a false-postive warning in ieee80211_mlo_multicast_tx()
for u32_encode_bits(ffs(links) - 1, ...), since ffs() can return zero
on an empty bitmask, and the negative argument to u32_encode_bits()
is then out of range:
In file included from include/linux/ieee80211.h:21,
from include/net/cfg80211.h:23,
from net/mac80211/tx.c:23:
In function 'u32_encode_bits',
inlined from 'ieee80211_mlo_multicast_tx' at net/mac80211/tx.c:4437:17,
inlined from 'ieee80211_subif_start_xmit' at net/mac80211/tx.c:4485:3:
include/linux/bitfield.h:177:3: error: call to '__field_overflow' declared with attribute error: value doesn't fit into mask
177 | __field_overflow(); \
| ^~~~~~~~~~~~~~~~~~
include/linux/bitfield.h:197:2: note: in expansion of macro '____MAKE_OP'
197 | ____MAKE_OP(u##size,u##size,,)
| ^~~~~~~~~~~
include/linux/bitfield.h:200:1: note: in expansion of macro '__MAKE_OP'
200 | __MAKE_OP(32)
| ^~~~~~~~~
Newer compiler versions do not cause problems with the zero argument
because they do not consider this a __builtin_constant_p().
It's also harmless since the hweight16() check already guarantees
that this cannot be 0.
Replace the ffs() with an equivalent find_first_bit() check that
matches the later for_each_set_bit() style and avoids the warning.
wifi: mac80211: Don't translate MLD addresses for multicast
MLD address translation should be done only for individually addressed
frames. Otherwise, AAD calculation would be wrong and the decryption
would fail.
Wen Gong [Wed, 1 Feb 2023 06:53:13 +0000 (01:53 -0500)]
wifi: cfg80211: call reg_notifier for self managed wiphy from driver hint
Currently the regulatory driver does not call the regulatory callback
reg_notifier for self managed wiphys. Sometimes driver needs cfg80211
to calculate the info of ieee80211_channel such as flags and power,
and driver needs to get the info of ieee80211_channel after hint of
driver, but driver does not know when calculation of the info of
ieee80211_channel become finished, so add notify to driver in
reg_process_self_managed_hint() from cfg80211 is a good way, then
driver could get the correct info in callback of reg_notifier.
wifi: cfg80211: get rid of gfp in cfg80211_bss_color_notify
Since cfg80211_bss_color_notify() is now always run in non-atomic
context, get rid of gfp_t flags in the routine signature and always use
GFP_KERNEL for netlink message allocation.
wifi: nl80211: Allow authentication frames and set keys on NAN interface
Wi-Fi Aware R4 specification defines NAN Pairing which uses PASN handshake
to authenticate the peer and generate keys. Hence allow to register and transmit
the PASN authentication frames on NAN interface and set the keys to driver or
underlying modules on NAN interface.
The driver needs to configure the feature flag NL80211_EXT_FEATURE_SECURE_NAN,
which also helps userspace modules to know if the driver supports secure NAN.
Non-MLO station frames are dropped in Rx path due to the condition
check in ieee80211_rx_is_valid_sta_link_id(). In multi-link AP scenario,
non-MLO stations try to connect in any of the valid links in the ML AP,
where the station valid_links and link_id params are valid in the
ieee80211_sta object. But ieee80211_rx_is_valid_sta_link_id() always
return false for the non-MLO stations by the assumption taken is
valid_links and link_id are not valid in non-MLO stations object
(ieee80211_sta), this assumption is wrong. Due to this assumption,
non-MLO station frames are dropped which leads to failure in association.
Fix it by removing the condition check and allow the link validation
check for the non-MLO stations.
wifi: mac80211: Allow NSS change only up to capability
Stations can update bandwidth/NSS change in
VHT action frame with action type Operating Mode Notification.
(IEEE Std 802.11-2020 - 9.4.1.53 Operating Mode field)
For Operating Mode Notification, an RX NSS change to a value
greater than AP's maximum NSS should not be allowed.
During fuzz testing, by forcefully sending VHT Op. mode notif.
frames from STA with random rx_nss values, it is found that AP
accepts rx_nss values greater that APs maximum NSS instead of
discarding such NSS change.
Hence allow NSS change only up to maximum NSS that is negotiated
and capped to AP's capability during association.
Felix Fietkau [Mon, 13 Feb 2023 10:08:55 +0000 (11:08 +0100)]
wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU
At least ath10k and ath11k supported hardware (maybe more) does not implement
mesh A-MSDU aggregation in a standard compliant way.
802.11-2020 9.3.2.2.2 declares that the Mesh Control field is part of the
A-MSDU header (and little-endian).
As such, its length must not be included in the subframe length field.
Hardware affected by this bug treats the mesh control field as part of the
MSDU data and sets the length accordingly.
In order to avoid packet loss, keep track of which stations are affected
by this and take it into account when converting A-MSDU to 802.3 + mesh control
packets.
Felix Fietkau [Mon, 13 Feb 2023 10:08:54 +0000 (11:08 +0100)]
wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces
The current mac80211 mesh A-MSDU receive path fails to parse A-MSDU packets
on mesh interfaces, because it assumes that the Mesh Control field is always
directly after the 802.11 header.
802.11-2020 9.3.2.2.2 Figure 9-70 shows that the Mesh Control field is
actually part of the A-MSDU subframe header.
This makes more sense, since it allows packets for multiple different
destinations to be included in the same A-MSDU, as long as RA and TID are
still the same.
Another issue is the fact that the A-MSDU subframe length field was apparently
accidentally defined as little-endian in the standard.
In order to fix this, the mesh forwarding path needs happen at a different
point in the receive path.
ieee80211_data_to_8023_exthdr is changed to ignore the mesh control field
and leave it in after the ethernet header. This also affects the source/dest
MAC address fields, which now in the case of mesh point to the mesh SA/DA.
ieee80211_amsdu_to_8023s is changed to deal with the endian difference and
to add the Mesh Control length to the subframe length, since it's not covered
by the MSDU length field.
With these changes, the mac80211 will get the same packet structure for
converted regular data packets and unpacked A-MSDU subframes.
The mesh forwarding checks are now only performed after the A-MSDU decap.
For locally received packets, the Mesh Control header is stripped away.
For forwarded packets, a new 802.11 header gets added.
Now that all drivers use iTXQ, it does not make sense to check to drop
tx forwarding packets when the driver has stopped the queues.
fq_codel will take care of dropping packets when the queues fill up
Shayne Chen [Thu, 9 Feb 2023 11:06:59 +0000 (19:06 +0800)]
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
The value of last_rate in ieee80211_sta_rx_stats is degraded from u32 to
u16 after being assigned to rate variable, which causes information loss
in STA_STATS_FIELD_TYPE and later bitfields.
Bo Liu [Mon, 6 Feb 2023 08:16:41 +0000 (03:16 -0500)]
rfkill: Use sysfs_emit() to instead of sprintf()
Follow the advice of the Documentation/filesystems/sysfs.rst and show()
should only use sysfs_emit() or sysfs_emit_at() when formatting the
value to be returned to user space.
wifi: cfg80211: Allow action frames to be transmitted with link BSS in MLD
Currently action frames TX only with ML address as A3(BSSID) are
allowed in an ML AP, but TX for a non-ML Station can happen in any
link of an ML BSS with link BSS address as A3.
In case of an MLD, if User-space has provided a valid link_id in
action frame TX request, allow transmission of the frame in that link.
Aloka Dixit [Tue, 31 Jan 2023 00:12:27 +0000 (16:12 -0800)]
wifi: mac80211: configure puncturing bitmap
- Configure the bitmap in link_conf and notify the driver.
- Modify 'change' in ieee80211_start_ap() from u32 to u64 to support
BSS_CHANGED_EHT_PUNCTURING.
- Propagate the bitmap in channel switch events to userspace.
Aloka Dixit [Tue, 31 Jan 2023 00:12:25 +0000 (16:12 -0800)]
wifi: nl80211: validate and configure puncturing bitmap
- New feature flag, NL80211_EXT_FEATURE_PUNCT, to advertise
driver support for preamble puncturing in AP mode.
- New attribute, NL80211_ATTR_PUNCT_BITMAP, to receive a puncturing
bitmap from the userspace during AP bring up (NL80211_CMD_START_AP)
and channel switch (NL80211_CMD_CHANNEL_SWITCH) operations. Each bit
corresponds to a 20 MHz channel in the operating bandwidth, lowest
bit for the lowest channel. Bit set to 1 indicates that the channel
is punctured. Higher 16 bits are reserved.
- New members added to structures cfg80211_ap_settings and
cfg80211_csa_settings to propagate the bitmap to the driver after
validation.
Aloka Dixit [Tue, 31 Jan 2023 00:12:24 +0000 (16:12 -0800)]
wifi: cfg80211: move puncturing bitmap validation from mac80211
- Move ieee80211_valid_disable_subchannel_bitmap() from mlme.c to
chan.c, rename it as cfg80211_valid_disable_subchannel_bitmap()
and export it.
- Modify the prototype to include struct cfg80211_chan_def instead
of only bandwidth to support a check which returns false if the
primary channel is punctured.
Jaewan Kim [Mon, 30 Jan 2023 02:22:52 +0000 (02:22 +0000)]
wifi: mac80211_hwsim: Rename pid to portid to avoid confusion
It is a frequent mistake to confuse the netlink port identifier with a
process identifier. Try to reduce this confusion by renaming
that hold port identifiers portid instead of pid.
This change replicates following commit:
commit 15e473046cb6 ("netlink: Rename pid to portid to avoid confusion")
Alvin Šipraga [Sat, 28 Jan 2023 12:58:44 +0000 (13:58 +0100)]
wifi: nl80211: add MLO_LINK_ID to CMD_STOP_AP event
nl80211_send_ap_stopped() can be called multiple times on the same
netdev for each link when using Multi-Link Operation. Add the
MLO_LINK_ID attribute to the event to allow userspace to distinguish
which link the event is for.
Alvin Šipraga [Sat, 28 Jan 2023 12:58:43 +0000 (13:58 +0100)]
wifi: nl80211: emit CMD_START_AP on multicast group when an AP is started
Userspace processes such as network daemons may wish to be informed when
any AP interface is brought up on the system, for example to initiate a
(re)configuration of IP settings or to start a DHCP server.
Currently nl80211 does not broadcast any such event on its multicast
groups, leaving userspace only two options:
1. the process must be the one that actually issued the
NL80211_CMD_START_AP request, so that it can react on the response to
that request;
2. the process must react to RTM_NEWLINK events indicating a change in
carrier state, and may query for further information about the AP and
react accordingly.
Option (1) is robust, but it does not cover all scenarios. It is easy to
imagine a situation where this is not the case (e.g. hostapd +
systemd-networkd).
Option (2) is not robust, because RTM_NEWLINK events may be silently
discarded by the linkwatch logic (cf. linkwatch_fire_event()).
Concretely, consider a scenario in which the carrier state flip-flops in
the following way:
^ carrier state (high/low = carrier/no carrier)
|
| _______ _______ ...
| | | |
| ______| "foo" |____| "bar" (SSID in "quotes")
|
+-------A-------B----C---------> time
If the time interval between (A) and (C) is less than 1 second, then
linkwatch may emit only a single RTM_NEWLINK event indicating carrier
gain.
This is problematic because it is possible that the network
configuration that should be applied is a function of the AP's
properties such as SSID (cf. SSID= in systemd.network(5)). As
illustrated in the above diagram, it may be that the AP with SSID "bar"
ends up being configured as though it had SSID "foo".
Address the above issue by having nl80211 emit an NL80211_CMD_START_AP
message on the MLME nl80211 multicast group. This allows for arbitrary
processes to be reliably informed.
wifi: cfg80211: Extend cfg80211_update_owe_info_event() for MLD AP
Add support to offload OWE processing to user space for MLD AP when
driver's SME in use.
Add new parameters in struct cfg80211_update_owe_info to provide below
information in cfg80211_update_owe_info_event() call:
- MLO link ID of the AP, with which station requested (re)association.
This is applicable for both MLO and non-MLO station connections when
the AP affiliated with an MLD.
- Station's MLD address if the connection is MLO capable.
wifi: cfg80211: Extend cfg80211_new_sta() for MLD AP
Add support for drivers to indicate STA connection(MLO/non-MLO) when
user space SME (e.g., hostapd) is not used for MLD AP.
Add new parameters in struct station_info to provide below information
in cfg80211_new_sta() call:
- MLO link ID of the AP, with which station completed (re)association.
This is applicable for both MLO and non-MLO station connections when
the AP affiliated with an MLD.
- Station's MLD address if the connection is MLO capable.
- (Re)Association Response IEs sent to the station. User space needs
this to determine rejected and accepted affiliated links information
of the connected station if the connection is MLO capable.
Lorenzo Bianconi [Wed, 25 Jan 2023 11:01:02 +0000 (12:01 +0100)]
wifi: mac80211: move color collision detection report in a delayed work
Move color collision report in a dedicated delayed work and do not run
it in interrupt context in order to rate-limit the number of events
reported to userspace. Moreover grab wdev mutex in
ieee80211_color_collision_detection_work routine since it is required
by cfg80211_obss_color_collision_notify().
wifi: cfg80211: Authentication offload to user space for MLO connection in STA mode
Currently authentication request event interface doesn't have support to
indicate the user space whether it should enable MLO or not during the
authentication with the specified AP. But driver needs such capability
since the connection is MLO or not decided by the driver in case of SME
offload to the driver.
Add support for driver to indicate MLD address of the AP in
authentication offload request to inform user space to enable MLO during
authentication process. Driver shall look at NL80211_ATTR_MLO_SUPPORT
flag capability in NL80211_CMD_CONNECT to know whether the user space
supports enabling MLO during the authentication offload.
User space should enable MLO during the authentication only when it
receives the AP MLD address in authentication offload request. User
space shouldn't enable MLO if the authentication offload request doesn't
indicate the AP MLD address even if the AP is MLO capable.
When MLO is enabled, user space should use the MAC address of the
interface (on which driver sent request) as self MLD address. User space
and driver to use MLD addresses in RA, TA and BSSID fields of the frames
between them, and driver translates the MLD addresses to/from link
addresses based on the link chosen for the authentication.
Tom Rix [Sat, 4 Feb 2023 20:09:02 +0000 (12:09 -0800)]
wifi: zd1211rw: remove redundant decls
building with W=2 has these errors
redundant redeclaration of ‘zd_rf_generic_patch_6m’ [-Werror=redundant-decls]
redundant redeclaration of ‘zd_rf_patch_6m_band_edge’ [-Werror=redundant-decls]
Ping-Ke Shih [Thu, 19 Jan 2023 11:31:46 +0000 (19:31 +0800)]
wifi: rtl8xxxu: fix txdw7 assignment of TX DESC v3
Type of txdw7 is __le16, so assign __le32 is wrong. Also, the
TXDESC_ANTENNA_SELECT_C is defined for __le32, so shift 16 bits to fit
the value. Compile test only.
sparse warnings: (new ones prefixed by >>)
>> rtl8xxxu_core.c:5198:24: sparse: sparse: invalid assignment: |=
>> rtl8xxxu_core.c:5198:24: sparse: left side has type restricted __le16
>> rtl8xxxu_core.c:5198:24: sparse: right side has type restricted __le32
Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Tested-by: Bitterblue Smith <rtl8821cerfe2@gmail.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230119113146.9640-1-pkshih@realtek.com
Bitterblue Smith [Fri, 20 Jan 2023 15:51:21 +0000 (17:51 +0200)]
wifi: rtl8xxxu: Register the LED and make it blink
If the chip can have an LED, register a struct led_classdev and enable
hardware-controlled blinking. When the chip is not transmitting or
receiving anything the LED is off. Otherwise the LED will blink
faster or slower according to the throughput.
The LED can be controlled from userspace by writing 0, 1, or 2 to
/sys/class/leds/rtl8xxxu-usbX-Y/brightness:
0 - solid off.
1 - solid on.
2 - hardware-controlled blinking.
In this patch none of the chips advertise having an LED. That will be
added in the next patches.
Peter Lafreniere [Wed, 18 Jan 2023 18:53:53 +0000 (13:53 -0500)]
wifi: rsi: Avoid defines prefixed with CONFIG
Macros prefixed with CONFIG_ are intended to be defined only by
Kconfig scripts. Here we remove the prefix from the
CONFIG_AUTO_READ_MODE define to avoid confusion when reading the code.
Zong-Zhe Yang [Fri, 3 Feb 2023 06:51:57 +0000 (14:51 +0800)]
wifi: rtw89: phy: set TX power according to RF path number by chip
Previously, all supported chips had two RF paths. Therefore, these
codes used static number for TX power setting. Now, we are planning
to support a new chip which has only one RF path. So, we refine the
setting codes to refer to chip's RF path number at runtime.
Ping-Ke Shih [Fri, 3 Feb 2023 06:49:07 +0000 (14:49 +0800)]
wifi: rtw89: 8852b: correct register mask name of TX power offset
For a packet with 1SS rate, it can also transmit via 2 antenna, called
2T mode. For 2T TX power offset, mask should be 2T as well. Fortunately,
the mask of 2T and 1T are the same, so it can still work well without
this fix.
Zong-Zhe Yang [Wed, 1 Feb 2023 03:20:57 +0000 (11:20 +0800)]
wifi: rtw89: use passed channel in set_tx_shape_dfir()
In path of setting channel and setting TX power, the rtw89_chan instance
to be used is controlled by top and passed down. The set_tx_shape_dfir()
is in path of setting TX power, so it should use the passed rtw89_chan
instead of querying it itself. Otherwise, it might encounter mismatch
between parameters if multi-channel.
For example,
rtw89_8852ce 0000:04:00.0: set tx shape dfir by unknown ch: 155 on 2GHz
Ping-Ke Shih [Mon, 23 Jan 2023 06:54:01 +0000 (14:54 +0800)]
wifi: rtw89: 8852b: try to use NORMAL_CE type firmware first
New firmware type NORMAL_CE is introduced to support P2P-PS and hardware
scan, but no LPS-PG mode. After this patch, old firmware with NORMAL type
can still work well.
The use of this new type is the same as before, so we add new type to
avoid taking wrong firmware. Then, driver log can also give clear
information about this change:
rtw89_8852be 0000:03:00.0: Firmware version 0.29.26.0, cmd version 0, type 5
rtw89_8852be 0000:03:00.0: Firmware version 0.29.26.0, cmd version 0, type 3
Ping-Ke Shih [Mon, 23 Jan 2023 06:54:00 +0000 (14:54 +0800)]
wifi: rtw89: 8852b: don't support LPS-PG mode after firmware 0.29.26.0
Due to firmware size limit of 8852b, LPS-PG mode isn't supported after
0.29.26.0, and then we have more space to support other features, such as
P2P-PS, hardware scan and so on.
Ping-Ke Shih [Mon, 23 Jan 2023 06:53:59 +0000 (14:53 +0800)]
wifi: rtw89: 8852b: reset IDMEM mode to default value
For different firmware type, it could use different IDMEM mode, so reset
it to default to avoid encountering error during we bisect firmware
version, like
rtw89_8852be 0000:03:00.0: Firmware version 0.29.26.0, cmd version 0, type 5
rtw89_8852be 0000:03:00.0: Firmware version 0.29.26.0, cmd version 0, type 3
rtw89_8852be 0000:03:00.0: fw security fail
rtw89_8852be 0000:03:00.0: download firmware fail
rtw89_8852be 0000:03:00.0: [ERR]fwdl 0x1E0 = 0x62
rtw89_8852be 0000:03:00.0: [ERR]fwdl 0x83F2 = 0x8
rtw89_8852be 0000:03:00.0: [ERR]fw PC = 0xb8931154
rtw89_8852be 0000:03:00.0: [ERR]fw PC = 0xb8931154
rtw89_8852be 0000:03:00.0: [ERR]fw PC = 0xb8931150
rtw89_8852be 0000:03:00.0: [ERR]fw PC = 0xb8931154
Ping-Ke Shih [Mon, 23 Jan 2023 06:53:58 +0000 (14:53 +0800)]
wifi: rtw89: add use of pkt_list offload to debug entry
Driver can prepare pkt_list for firmware that only uses them to send out
the packets in specific situations. To understand the usage of current
status, and to check if there is leakage problem, dump bitmap and the
indices used by certain function.
Chin-Yen Lee [Mon, 23 Jan 2023 06:53:57 +0000 (14:53 +0800)]
wifi: rtw89: refine packet offload flow
For upcoming firmware, driver needs to do packet offload to firmware to
ensure LPS protocol work properly, so we update current connection and
disconnect flow to maintain packet offload flow, and integrate with
current WoWLAN flow which also needs packet offload.
Chin-Yen Lee [Mon, 23 Jan 2023 06:53:56 +0000 (14:53 +0800)]
wifi: rtw89: fix potential wrong mapping for pkt-offload
When driver fails to send H2C to firmware for pkt-offload, we should not
update the pkt_list of driver, and need to release allocated pkt index to
avoid wrong mapping between driver and firmware.
Zong-Zhe Yang [Thu, 19 Jan 2023 06:43:42 +0000 (14:43 +0800)]
wifi: rtw89: refine MCC C2H debug logs
To debug channel concurrency more centrally, we add a new debug flag,
RTW89_DBG_CHAN, for channel related things, especially channel concurrency.
Then, we change MCC (multi-channel concurrency) C2H (chip to host packets)
debug flag to it.
Besides, refine debug logs to show TSF in u64 directly.
Zong-Zhe Yang [Thu, 19 Jan 2023 06:43:41 +0000 (14:43 +0800)]
wifi: rtw89: fix parsing offset for MCC C2H
A 8-byte offset is missed during parsing C2Hs (chip to host packets)
of MCC (multi-channel concurrent) series.
So, we fix it.
Fixes: ef9dff4cb491 ("wifi: rtw89: mac: process MCC related C2H") Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230119064342.65391-1-pkshih@realtek.com
Zong-Zhe Yang [Thu, 19 Jan 2023 06:35:29 +0000 (14:35 +0800)]
wifi: rtw89: deal with RXI300 error
RXI300 is a HW design to maintain stuffs across BUS, e.g. AXI, AHB, APB.
It will feedback an error when host does an invalid BUS operation.
For example,
* BUS master request without power/clock on.
* host reads/writes/accesses an invalid address.
They might lead to problems such as BUS timeout, platform hang, etc. So,
once if RXI300 feedback an error, it notifies that driver need a L2 SER
(system error recovery) to reset things.
Previously, driver did not parse the error scenario for RXI300. We add
it and assign a corresponding error code which will make SER flow do L2
reset.
Zong-Zhe Yang [Thu, 19 Jan 2023 06:35:28 +0000 (14:35 +0800)]
wifi: rtw89: debug: avoid invalid access on RTW89_DBG_SEL_MAC_30
Only 8852C chip has valid pages on RTW89_DBG_SEL_MAC_30. To other chips,
this section is an address hole. It will lead to crash if trying to access
this section on chips except for 8852C. So, we avoid that.
Zong-Zhe Yang [Thu, 19 Jan 2023 06:24:52 +0000 (14:24 +0800)]
wifi: rtw89: split out generic part of rtw89_mac_port_tsf_sync()
Originally, rtw89_mac_port_tsf_sync() contains randomization logic
internally. However, not all situation, we need the randomization.
So, split out the generic part from it. And, make the full logic of
original one contained in rtw89_mac_port_tsf_sync_rand(). It will
still be used by its original caller as before. Then, the generic
one will be used in MCC (multi-channel concurrency) management flow.
MCC will implement its logic to decide the offset for TSF sync.
Zong-Zhe Yang [Thu, 19 Jan 2023 06:24:51 +0000 (14:24 +0800)]
wifi: rtw89: correct unit for port offset and refine macro
Strictly speaking, the unit of the offset should be TU instead of ms.
So, correct it and the macro for calculation. Then, to make the macro
generic, the factor n is moved outside.
Ching-Te Ku [Tue, 17 Jan 2023 11:41:09 +0000 (19:41 +0800)]
wifi: rtw89: coex: Update Wi-Fi Bluetooth coexistence version to 7.0.0
Should update the driver with the supported firmware version of the
below item.
Bluetooth firmware BT_Coex_Ver: 0x07
Wi-Fi firmware version: RTL8852C->v0.27.56.10, RTL8852A->v0.24.36
Ching-Te Ku [Tue, 17 Jan 2023 11:41:08 +0000 (19:41 +0800)]
wifi: rtw89: coex: Fix test fail when coexist with raspberryPI A2DP idle
The origin code will enable TDMA WL:BT = 50:50 to prevent Wi-Fi
throughput suddenly drop to 0 in the moment while A2DP pause.
And this protection just a short moment, and will turn to Bluetooth
idle case when A2DP turn into sniff mode. But the raspberryPI simulated
A2DP device will not turn into sniff mode. So the protection will bring
the throughput drop.
When Wi-Fi enter and leave LPS, coexistence driver need to know
is there A2DP exist or not. And when Wi-Fi sleep in deep power save
state will not able to receive mailbox sent from Bluetooth. So update
the A2DP exist information from reading register.
Ching-Te Ku [Tue, 17 Jan 2023 11:41:06 +0000 (19:41 +0800)]
wifi: rtw89: coex: Set Bluetooth background scan PTA request priority
When Wi-Fi is RX, set Bluetooth background scan to low-priority and
not to break Wi-Fi packet. Bluetooth can RX depend on hardware ability
even RX request has been rejected. This way can improve Wi-Fi RX
throughput performance.
Ching-Te Ku [Tue, 17 Jan 2023 11:41:04 +0000 (19:41 +0800)]
wifi: rtw89: coex: Force to update TDMA parameter when radio state change
Force firmware to update TDMA parameter when enter/exit power saving.
The TDMA instant feature will make firmware force update TDMA parameter
immediately when the TDMA parameter H2C to firmware. Without this feature,
it will have a low fail rate trigger Bluetooth audio sound glitch when
Wi-Fi is under power saving. Or Wi-Fi fail to turn in to power save state.
Ching-Te Ku [Tue, 17 Jan 2023 11:41:03 +0000 (19:41 +0800)]
wifi: rtw89: coex: Clear Bluetooth HW PTA counter when radio state change
Reset the counter no matter Wi-Fi is notified turning into power save or
not. With rest the counter coexistence will recognize Bluetooth is hanged
easily.
Ching-Te Ku [Tue, 17 Jan 2023 11:41:02 +0000 (19:41 +0800)]
wifi: rtw89: coex: Update Wi-Fi external control TDMA parameters/tables
This patch update the external control (Wi-Fi firmware control) type of
TDMA related parameters, almost all of these case were related to Wi-Fi
multi-role situations & AP mode.
wifi: brcmfmac: change cfg80211_set_channel() name and signature
The function cfg80211_set_channel() is an static function in brcmfmac
but the name is misleading. Hence rename it with 'brcmf' prefix. Also
changing the parameters to avoid additional conversions.
Dan Carpenter [Mon, 6 Feb 2023 14:41:33 +0000 (17:41 +0300)]
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
This code re-uses "i" to be the iterator for both the inside and outside
loops. It means the outside loop will exit earlier than intended.
Fixes: d219b7eb3792 ("mwifiex: handle BT coex event to adjust Rx BA window size") Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/Y+ERnaDaZD7RtLvX@kili
wifi: mwifiex: Replace one-element array with flexible-array member
One-element arrays are deprecated, and we are replacing them with flexible
array members instead. So, replace one-element array with flexible-array
member in struct mwifiex_ie_types_rates_param_set.
These are the only binary differences I see after the change:
Notice that MAX_SCAN_CFG_ALLOC is defined in terms of
sizeof(struct mwifiex_ie_types_rates_param_set), see:
26 /* Memory needed to store supported rate */
27 #define RATE_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_rates_param_set) \
28 + HOSTCMD_SUPPORTED_RATES)
37 /* Maximum memory needed for a mwifiex_scan_cmd_config with all TLVs at max */
38 #define MAX_SCAN_CFG_ALLOC (sizeof(struct mwifiex_scan_cmd_config) \
39 + sizeof(struct mwifiex_ie_types_num_probes) \
40 + sizeof(struct mwifiex_ie_types_htcap) \
41 + CHAN_TLV_MAX_SIZE \
42 + RATE_TLV_MAX_SIZE \
43 + WILDCARD_SSID_TLV_MAX_SIZE)
This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
routines on memcpy() and help us make progress towards globally
enabling -fstrict-flex-arrays=3 [1].
projects / thirdparty / kernel / linux.git / log
