From f94ccb749f2582338f1c292e0b6bb48327b7a249 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 20 Apr 2020 13:25:07 +0200 Subject: [PATCH] 4.19-stable patches added patches: mm-vmalloc.c-move-area-pages-after-if-statement.patch wil6210-add-general-initialization-size-checks.patch wil6210-check-rx_buff_mgmt-before-accessing-it.patch wil6210-ignore-halp-icr-if-already-handled.patch wil6210-make-sure-rx-ring-sizes-are-correlated.patch wil6210-remove-reset-file-from-debugfs.patch --- ...c-move-area-pages-after-if-statement.patch | 64 +++++++++++++ queue-4.19/series | 6 ++ ...d-general-initialization-size-checks.patch | 44 +++++++++ ...eck-rx_buff_mgmt-before-accessing-it.patch | 33 +++++++ ...0-ignore-halp-icr-if-already-handled.patch | 83 ++++++++++++++++ ...ke-sure-rx-ring-sizes-are-correlated.patch | 96 +++++++++++++++++++ ...l6210-remove-reset-file-from-debugfs.patch | 65 +++++++++++++ 7 files changed, 391 insertions(+) create mode 100644 queue-4.19/mm-vmalloc.c-move-area-pages-after-if-statement.patch create mode 100644 queue-4.19/wil6210-add-general-initialization-size-checks.patch create mode 100644 queue-4.19/wil6210-check-rx_buff_mgmt-before-accessing-it.patch create mode 100644 queue-4.19/wil6210-ignore-halp-icr-if-already-handled.patch create mode 100644 queue-4.19/wil6210-make-sure-rx-ring-sizes-are-correlated.patch create mode 100644 queue-4.19/wil6210-remove-reset-file-from-debugfs.patch diff --git a/queue-4.19/mm-vmalloc.c-move-area-pages-after-if-statement.patch b/queue-4.19/mm-vmalloc.c-move-area-pages-after-if-statement.patch new file mode 100644 index 00000000000..973863badfe --- /dev/null +++ b/queue-4.19/mm-vmalloc.c-move-area-pages-after-if-statement.patch @@ -0,0 +1,64 @@ +From 7ea362427c170061b8822dd41bafaa72b3bcb9ad Mon Sep 17 00:00:00 2001 +From: Austin Kim +Date: Mon, 23 Sep 2019 15:36:42 -0700 +Subject: mm/vmalloc.c: move 'area->pages' after if statement + +From: Austin Kim + +commit 7ea362427c170061b8822dd41bafaa72b3bcb9ad upstream. + +If !area->pages statement is true where memory allocation fails, area is +freed. + +In this case 'area->pages = pages' should not executed. So move +'area->pages = pages' after if statement. + +[akpm@linux-foundation.org: give area->pages the same treatment] +Link: http://lkml.kernel.org/r/20190830035716.GA190684@LGEARND20B15 +Signed-off-by: Austin Kim +Acked-by: Michal Hocko +Reviewed-by: Andrew Morton +Cc: Uladzislau Rezki (Sony) +Cc: Roman Gushchin +Cc: Roman Penyaev +Cc: Rick Edgecombe +Cc: Mike Rapoport +Cc: Andrey Ryabinin +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + mm/vmalloc.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -1668,7 +1668,6 @@ static void *__vmalloc_area_node(struct + nr_pages = get_vm_area_size(area) >> PAGE_SHIFT; + array_size = (nr_pages * sizeof(struct page *)); + +- area->nr_pages = nr_pages; + /* Please note that the recursion is strictly bounded. */ + if (array_size > PAGE_SIZE) { + pages = __vmalloc_node(array_size, 1, nested_gfp|highmem_mask, +@@ -1676,13 +1675,16 @@ static void *__vmalloc_area_node(struct + } else { + pages = kmalloc_node(array_size, nested_gfp, node); + } +- area->pages = pages; +- if (!area->pages) { ++ ++ if (!pages) { + remove_vm_area(area->addr); + kfree(area); + return NULL; + } + ++ area->pages = pages; ++ area->nr_pages = nr_pages; ++ + for (i = 0; i < area->nr_pages; i++) { + struct page *page; + diff --git a/queue-4.19/series b/queue-4.19/series index 7f2ea525112..6070e417e7d 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -32,3 +32,9 @@ scsi-target-fix-hang-when-multiple-threads-try-to-de.patch x86-microcode-amd-increase-microcode-patch_max_size.patch x86-resctrl-preserve-cdp-enable-over-cpu-hotplug.patch x86-resctrl-fix-invalid-attempt-at-removing-the-default-resource-group.patch +wil6210-check-rx_buff_mgmt-before-accessing-it.patch +wil6210-ignore-halp-icr-if-already-handled.patch +wil6210-add-general-initialization-size-checks.patch +wil6210-make-sure-rx-ring-sizes-are-correlated.patch +wil6210-remove-reset-file-from-debugfs.patch +mm-vmalloc.c-move-area-pages-after-if-statement.patch diff --git a/queue-4.19/wil6210-add-general-initialization-size-checks.patch b/queue-4.19/wil6210-add-general-initialization-size-checks.patch new file mode 100644 index 00000000000..10dbc5fad10 --- /dev/null +++ b/queue-4.19/wil6210-add-general-initialization-size-checks.patch @@ -0,0 +1,44 @@ +From ac0e541ab2f2951845acee784ef487be40fb4c77 Mon Sep 17 00:00:00 2001 +From: Alexei Avshalom Lazar +Date: Wed, 31 Oct 2018 10:52:17 +0200 +Subject: wil6210: add general initialization/size checks + +From: Alexei Avshalom Lazar + +commit ac0e541ab2f2951845acee784ef487be40fb4c77 upstream. + +Initialize unset variable, and verify that mid is valid. + +Signed-off-by: Alexei Avshalom Lazar +Signed-off-by: Maya Erez +Signed-off-by: Kalle Valo +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/wil6210/debugfs.c | 2 ++ + drivers/net/wireless/ath/wil6210/wmi.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/ath/wil6210/debugfs.c ++++ b/drivers/net/wireless/ath/wil6210/debugfs.c +@@ -991,6 +991,8 @@ static ssize_t wil_write_file_txmgmt(str + int rc; + void *frame; + ++ memset(¶ms, 0, sizeof(params)); ++ + if (!len) + return -EINVAL; + +--- a/drivers/net/wireless/ath/wil6210/wmi.c ++++ b/drivers/net/wireless/ath/wil6210/wmi.c +@@ -2802,7 +2802,7 @@ static void wmi_event_handle(struct wil6 + + if (mid == MID_BROADCAST) + mid = 0; +- if (mid >= wil->max_vifs) { ++ if (mid >= ARRAY_SIZE(wil->vifs) || mid >= wil->max_vifs) { + wil_dbg_wmi(wil, "invalid mid %d, event skipped\n", + mid); + return; diff --git a/queue-4.19/wil6210-check-rx_buff_mgmt-before-accessing-it.patch b/queue-4.19/wil6210-check-rx_buff_mgmt-before-accessing-it.patch new file mode 100644 index 00000000000..7569bffa8cb --- /dev/null +++ b/queue-4.19/wil6210-check-rx_buff_mgmt-before-accessing-it.patch @@ -0,0 +1,33 @@ +From d6a553c0c61b0b0219764e4d4fc14e385085f374 Mon Sep 17 00:00:00 2001 +From: Dedy Lansky +Date: Fri, 26 Apr 2019 18:43:36 +0300 +Subject: wil6210: check rx_buff_mgmt before accessing it + +From: Dedy Lansky + +commit d6a553c0c61b0b0219764e4d4fc14e385085f374 upstream. + +Make sure rx_buff_mgmt is initialized before accessing it. + +Signed-off-by: Dedy Lansky +Signed-off-by: Maya Erez +Signed-off-by: Kalle Valo +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/wil6210/txrx_edma.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/wireless/ath/wil6210/txrx_edma.c ++++ b/drivers/net/wireless/ath/wil6210/txrx_edma.c +@@ -268,6 +268,9 @@ static void wil_move_all_rx_buff_to_free + struct list_head *active = &wil->rx_buff_mgmt.active; + dma_addr_t pa; + ++ if (!wil->rx_buff_mgmt.buff_arr) ++ return; ++ + while (!list_empty(active)) { + struct wil_rx_buff *rx_buff = + list_first_entry(active, struct wil_rx_buff, list); diff --git a/queue-4.19/wil6210-ignore-halp-icr-if-already-handled.patch b/queue-4.19/wil6210-ignore-halp-icr-if-already-handled.patch new file mode 100644 index 00000000000..b20515b479c --- /dev/null +++ b/queue-4.19/wil6210-ignore-halp-icr-if-already-handled.patch @@ -0,0 +1,83 @@ +From 979c9d8d01c482b1befb44dc639ecb907b5a37bd Mon Sep 17 00:00:00 2001 +From: Maya Erez +Date: Fri, 22 Feb 2019 16:21:04 +0200 +Subject: wil6210: ignore HALP ICR if already handled + +From: Maya Erez + +commit 979c9d8d01c482b1befb44dc639ecb907b5a37bd upstream. + +HALP ICR is set as long as the FW should stay awake. +To prevent its multiple handling the driver masks this IRQ bit. +However, if there is a different MISC ICR before the driver clears +this bit, there is a risk of race condition between HALP mask and +unmask. This race leads to HALP timeout, in case it is mistakenly +masked. +Add an atomic flag to indicate if HALP ICR should be handled. + +Signed-off-by: Maya Erez +Signed-off-by: Kalle Valo +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/wil6210/interrupt.c | 12 ++++++++---- + drivers/net/wireless/ath/wil6210/main.c | 3 +++ + drivers/net/wireless/ath/wil6210/wil6210.h | 1 + + 3 files changed, 12 insertions(+), 4 deletions(-) + +--- a/drivers/net/wireless/ath/wil6210/interrupt.c ++++ b/drivers/net/wireless/ath/wil6210/interrupt.c +@@ -1,6 +1,6 @@ + /* + * Copyright (c) 2012-2017 Qualcomm Atheros, Inc. +- * Copyright (c) 2018, The Linux Foundation. All rights reserved. ++ * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -590,10 +590,14 @@ static irqreturn_t wil6210_irq_misc(int + } + + if (isr & BIT_DMA_EP_MISC_ICR_HALP) { +- wil_dbg_irq(wil, "irq_misc: HALP IRQ invoked\n"); +- wil6210_mask_halp(wil); + isr &= ~BIT_DMA_EP_MISC_ICR_HALP; +- complete(&wil->halp.comp); ++ if (wil->halp.handle_icr) { ++ /* no need to handle HALP ICRs until next vote */ ++ wil->halp.handle_icr = false; ++ wil_dbg_irq(wil, "irq_misc: HALP IRQ invoked\n"); ++ wil6210_mask_halp(wil); ++ complete(&wil->halp.comp); ++ } + } + + wil->isr_misc = isr; +--- a/drivers/net/wireless/ath/wil6210/main.c ++++ b/drivers/net/wireless/ath/wil6210/main.c +@@ -1814,11 +1814,14 @@ void wil_halp_vote(struct wil6210_priv * + + if (++wil->halp.ref_cnt == 1) { + reinit_completion(&wil->halp.comp); ++ /* mark to IRQ context to handle HALP ICR */ ++ wil->halp.handle_icr = true; + wil6210_set_halp(wil); + rc = wait_for_completion_timeout(&wil->halp.comp, to_jiffies); + if (!rc) { + wil_err(wil, "HALP vote timed out\n"); + /* Mask HALP as done in case the interrupt is raised */ ++ wil->halp.handle_icr = false; + wil6210_mask_halp(wil); + } else { + wil_dbg_irq(wil, +--- a/drivers/net/wireless/ath/wil6210/wil6210.h ++++ b/drivers/net/wireless/ath/wil6210/wil6210.h +@@ -778,6 +778,7 @@ struct wil_halp { + struct mutex lock; /* protect halp ref_cnt */ + unsigned int ref_cnt; + struct completion comp; ++ u8 handle_icr; + }; + + struct wil_blob_wrapper { diff --git a/queue-4.19/wil6210-make-sure-rx-ring-sizes-are-correlated.patch b/queue-4.19/wil6210-make-sure-rx-ring-sizes-are-correlated.patch new file mode 100644 index 00000000000..b1b40c9db5f --- /dev/null +++ b/queue-4.19/wil6210-make-sure-rx-ring-sizes-are-correlated.patch @@ -0,0 +1,96 @@ +From 61e5ec044748486f06dec760a19dce78247b3ad8 Mon Sep 17 00:00:00 2001 +From: Dedy Lansky +Date: Wed, 31 Oct 2018 10:52:12 +0200 +Subject: wil6210: make sure Rx ring sizes are correlated + +From: Dedy Lansky + +commit 61e5ec044748486f06dec760a19dce78247b3ad8 upstream. + +When enlarging rx_ring_order module param, wil6210 fails to load +because there are not enough Rx buffers. +Fix this by enlarging number of Rx buffers at startup, if needed based +on rx_ring_order. + +Signed-off-by: Dedy Lansky +Signed-off-by: Maya Erez +Signed-off-by: Kalle Valo +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/ath/wil6210/main.c | 2 +- + drivers/net/wireless/ath/wil6210/txrx.c | 4 ++-- + drivers/net/wireless/ath/wil6210/txrx_edma.c | 11 ++++++++--- + drivers/net/wireless/ath/wil6210/wil6210.h | 2 +- + 4 files changed, 12 insertions(+), 7 deletions(-) + +--- a/drivers/net/wireless/ath/wil6210/main.c ++++ b/drivers/net/wireless/ath/wil6210/main.c +@@ -1687,7 +1687,7 @@ int __wil_up(struct wil6210_priv *wil) + return rc; + + /* Rx RING. After MAC and beacon */ +- rc = wil->txrx_ops.rx_init(wil, 1 << rx_ring_order); ++ rc = wil->txrx_ops.rx_init(wil, rx_ring_order); + if (rc) + return rc; + +--- a/drivers/net/wireless/ath/wil6210/txrx.c ++++ b/drivers/net/wireless/ath/wil6210/txrx.c +@@ -881,7 +881,7 @@ static void wil_rx_buf_len_init(struct w + } + } + +-static int wil_rx_init(struct wil6210_priv *wil, u16 size) ++static int wil_rx_init(struct wil6210_priv *wil, uint order) + { + struct wil_ring *vring = &wil->ring_rx; + int rc; +@@ -895,7 +895,7 @@ static int wil_rx_init(struct wil6210_pr + + wil_rx_buf_len_init(wil); + +- vring->size = size; ++ vring->size = 1 << order; + vring->is_rx = true; + rc = wil_vring_alloc(wil, vring); + if (rc) +--- a/drivers/net/wireless/ath/wil6210/txrx_edma.c ++++ b/drivers/net/wireless/ath/wil6210/txrx_edma.c +@@ -593,9 +593,9 @@ static void wil_rx_buf_len_init_edma(str + WIL_MAX_ETH_MTU : WIL_EDMA_RX_BUF_LEN_DEFAULT; + } + +-static int wil_rx_init_edma(struct wil6210_priv *wil, u16 desc_ring_size) ++static int wil_rx_init_edma(struct wil6210_priv *wil, uint desc_ring_order) + { +- u16 status_ring_size; ++ u16 status_ring_size, desc_ring_size = 1 << desc_ring_order; + struct wil_ring *ring = &wil->ring_rx; + int rc; + size_t elem_size = wil->use_compressed_rx_status ? +@@ -610,7 +610,12 @@ static int wil_rx_init_edma(struct wil62 + "compressed RX status cannot be used with SW reorder\n"); + return -EINVAL; + } +- ++ if (wil->rx_status_ring_order <= desc_ring_order) ++ /* make sure sring is larger than desc ring */ ++ wil->rx_status_ring_order = desc_ring_order + 1; ++ if (wil->rx_buff_id_count <= desc_ring_size) ++ /* make sure we will not run out of buff_ids */ ++ wil->rx_buff_id_count = desc_ring_size + 512; + if (wil->rx_status_ring_order < WIL_SRING_SIZE_ORDER_MIN || + wil->rx_status_ring_order > WIL_SRING_SIZE_ORDER_MAX) + wil->rx_status_ring_order = WIL_RX_SRING_SIZE_ORDER_DEFAULT; +--- a/drivers/net/wireless/ath/wil6210/wil6210.h ++++ b/drivers/net/wireless/ath/wil6210/wil6210.h +@@ -602,7 +602,7 @@ struct wil_txrx_ops { + struct wil_ring *ring, struct sk_buff *skb); + irqreturn_t (*irq_tx)(int irq, void *cookie); + /* RX ops */ +- int (*rx_init)(struct wil6210_priv *wil, u16 ring_size); ++ int (*rx_init)(struct wil6210_priv *wil, uint ring_order); + void (*rx_fini)(struct wil6210_priv *wil); + int (*wmi_addba_rx_resp)(struct wil6210_priv *wil, u8 mid, u8 cid, + u8 tid, u8 token, u16 status, bool amsdu, diff --git a/queue-4.19/wil6210-remove-reset-file-from-debugfs.patch b/queue-4.19/wil6210-remove-reset-file-from-debugfs.patch new file mode 100644 index 00000000000..ef77f530afd --- /dev/null +++ b/queue-4.19/wil6210-remove-reset-file-from-debugfs.patch @@ -0,0 +1,65 @@ +From 32dcfe8316cdbd885542967c0c85f5b9de78874b Mon Sep 17 00:00:00 2001 +From: Karthick Gopalasubramanian +Date: Thu, 23 Aug 2018 14:47:05 +0300 +Subject: wil6210: remove reset file from debugfs + +From: Karthick Gopalasubramanian + +commit 32dcfe8316cdbd885542967c0c85f5b9de78874b upstream. + +Reset file is not used and may cause race conditions +with operational driver if used. + +Signed-off-by: Karthick Gopalasubramanian +Signed-off-by: Maya Erez +Signed-off-by: Kalle Valo +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/wil6210/debugfs.c | 27 --------------------------- + 1 file changed, 27 deletions(-) + +--- a/drivers/net/wireless/ath/wil6210/debugfs.c ++++ b/drivers/net/wireless/ath/wil6210/debugfs.c +@@ -730,32 +730,6 @@ struct dentry *wil_debugfs_create_ioblob + return debugfs_create_file(name, mode, parent, wil_blob, &fops_ioblob); + } + +-/*---reset---*/ +-static ssize_t wil_write_file_reset(struct file *file, const char __user *buf, +- size_t len, loff_t *ppos) +-{ +- struct wil6210_priv *wil = file->private_data; +- struct net_device *ndev = wil->main_ndev; +- +- /** +- * BUG: +- * this code does NOT sync device state with the rest of system +- * use with care, debug only!!! +- */ +- rtnl_lock(); +- dev_close(ndev); +- ndev->flags &= ~IFF_UP; +- rtnl_unlock(); +- wil_reset(wil, true); +- +- return len; +-} +- +-static const struct file_operations fops_reset = { +- .write = wil_write_file_reset, +- .open = simple_open, +-}; +- + /*---write channel 1..4 to rxon for it, 0 to rxoff---*/ + static ssize_t wil_write_file_rxon(struct file *file, const char __user *buf, + size_t len, loff_t *ppos) +@@ -2461,7 +2435,6 @@ static const struct { + {"desc", 0444, &fops_txdesc}, + {"bf", 0444, &fops_bf}, + {"mem_val", 0644, &fops_memread}, +- {"reset", 0244, &fops_reset}, + {"rxon", 0244, &fops_rxon}, + {"tx_mgmt", 0244, &fops_txmgmt}, + {"wmi_send", 0244, &fops_wmi}, -- 2.47.3