Driver switches vif sta_state into QTNF_STA_CONNECTING when cfg80211
core initiates connect procedure. Further this state is changed either
to QTNF_STA_CONNECTED or to QTNF_STA_DISCONNECTED by BSS_JOIN and
BSS_LEAVE events from firmware. However it is possible that no such
events will be sent by firmware, e.g. if EAPOL timed out.
In this case vif sta_mode will remain in QTNF_STA_CONNECTING state and
all subsequent connection attempts will fail with -EBUSY error code.
Fix this by perfroming STA state transition from QTNF_STA_CONNECTING
to QTNF_STA_DISCONNECTED in cfg80211 disconnect callback.
No need to rely upon firmware events in this case.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Do not process bg_scan_period parameter in qtnfmac driver.
Pass correct values as is. In the case of invalid values
pass default value. Leave further processing to firmware.
Signed-off-by: Andrey Shevchenko <ashevchenko@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Free command skb if bus state is not QTNF_FW_STATE_ACTIVE.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Control path will not be operational after firmware failure. Change bus
state to QTNF_FW_STATE_EP_DEAD after the control path timeout.
Don't wait for timeout if control path is already dead.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Driver uses statically allocated wdev structures for each virtual
interface. However wdev structure is not properly cleaned up between
its uses. As a result, various bugs appear when userspace tools
like hostapd were not gracefully stopped.
In particular, this commit fixes the following issue:
- start hostapd with more than 2 mBSS
- kill hostapd using SIGKILL
- start again hostapd with more than 2 mBSS
However only two mBSS entities will be started: primary
and the last BSS listed in hostapd config.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Introduce a function that will map an error code reported in reply
to a firmware command, into one of standard errno codes.
Use additional error codes to improve error reporting
for MAC address changes.
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Shorten line lengths using a more compact notation to access mac info.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Functions qtnf_cmd_resp_parse and qtnf_cmd_resp_check have
been removed. Remove their declarations as well.
Signed-off-by: Andrey Shevchenko <ashevchenko@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
* Some bugzilla fixes;
* Some kernel warning fixes;
* Fix for an (ETSI) WMM limits bug;
* Fix for a Bluetooth coexistence problem on 9000 devices;
* Fix for an interoperability bug related to block-ack sessions;
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAlsOp44ACgkQoUecoho8
xfpvKw/8D269aA5C+n8R5wWjWr9S0TDaS+ohb7ydExI3BzsEc+PFpNc+IWpBCpeC
4CFyl9hzg39hVveiv/usPI4ARbrKmY+EoKulPBpcZGYdRRWsm2hK91kJ1qyfNwbU
IR4jn2aqdGEmC3HfjNBWn6kqqv36NOvVj96mjytcOvWGDL7RFSRwPXcVnWhRq4nn
zIge4MsYNhaDP6tatSOo0AvCSKpuxysL57B2yFtCcpYdWdfCLNIK9oCk+G4fc8fg
WOsERKebBU4unWmRdat8JtbW/hKNpj5GdqiR45aVz5q/vkveQyFeJnNp6i+wpWOh
GDf/VxMqeHSM5DWeXy1gHJdNybYP/9c5SQ+hWE03dTyzs3sPfjvvlG/1fVAYHRvt
VYS8r8eseymGiNNexEjuiDvsQaLBlHtu7prY0cSBZPZf/oE0SrjHrAAFngFud8Ue
E9OiHS6YVUpFSpu4K7Gl4Q99f/IrqiMrG1u87XoLTBUaqWaubuRr2tKhWal2TfXa
ycOrnh2YX73NvfcCEntWEC0LRaZ6x+g189EChp++/bxKt20SBbBWTopNhscQAGZa
skrKcPK7jxvQLeP370UYtviV+cCvMliPml8NQyHm0JTepsiqUY+8W5mOi4Bygk5B
h9yQs0IHjFyw8Qlp9y2DL4EkyClqA2aNhRA9VM5mj0QPnaEeq8A=
=oIAR
-----END PGP SIGNATURE-----
Merge tag 'iwlwifi-next-for-kalle-2018-05-30' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next
Final batch of iwlwifi patches for 4.18
* Some bugzilla fixes;
* Some kernel warning fixes;
* Fix for an (ETSI) WMM limits bug;
* Fix for a Bluetooth coexistence problem on 9000 devices;
* Fix for an interoperability bug related to block-ack sessions;
The non-shared antenna was wrong for 9000 device series. Fix it to
ANT_B for correct antenna preference by coex in MVM driver.
Fixes: 89374fe60b ("iwlwifi: Add new PCI IDs for 9260 and 5165 series")
Signed-off-by: Erel Geron <erelx.geron@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Initially in this code, the race didn't matter since it didn't
do anything. Latest with the commit I marked this as fixing it
started to matter as something got done here that needed other
data that got freed as soon as the queue notification wait was
returning.
In the scenario we saw, apparently the IWL_MVM_RXQ_NOTIF_DEL_BA
event was sent to all queues, but processing the last event we
returned from iwl_mvm_sync_rx_queues_internal() and then from
iwl_mvm_free_reorder() and continued some processing before
wl_mvm_del_ba() was even invoked on the other CPU. Thus, when
the latter finally ran, it found that mvm->baid_map[baid] was
no longer valid.
Correct the race by moving the counter decrement and wake_up()
to be done only after all the per-event processing completed.
Note that in the commit I marked as being fixed the wake_up()
didn't exist yet (and the code was otherwise problematic) but
this particular problem already existed in a way.
Fixes: b915c10174 ("iwlwifi: mvm: add reorder buffer per queue")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
A peer can limit the number of subframes it can handle in a
single A-MSDU. Honor this limit.
Note that the smallest limit is 8, and we are very unlikely to reach
that limit. So this isn't really a big deal.
Fixes: a6d5e32f24 ("iwlwifi: mvm: send large SKBs to the transport")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Currently, a BA session is opened when the tx traffic exceeds
10 frames per second. As a result of inter-op problems with some
APs, add a condition to open BA session only when station is
already authorized.
Fixes: 482e48440a ("iwlwifi: mvm: change open and close criteria of a BA session")
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The subtraction of two struct ieee80211_wmm_rule pointers leaves a result
that is automatically scaled down by the size of the size of pointed-to
type, hence the division by sizeof(struct ieee80211_wmm_rule) is
bogus and should be removed.
Detected by CoverityScan, CID#1467777 ("Extra sizeof expression")
Fixes: 77e30e10ee ("iwlwifi: mvm: query regdb for wmm rule if needed")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Make sure the rx_allocator worker is canceled before running the
rx_init routine. rx_init frees and re-allocates all rxb's pages. The
rx_allocator worker also allocates pages for the used rxb's. Running
rx_init and rx_allocator simultaniously causes a kernel panic. Fix
that by canceling the work in rx_init.
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Our hardware has a limited amount of buffer descriptors
for each Tx packet. Because of that, there is a short
piece of code that makes sure that that we don't push too
many subframes in an A-MSDU because of subframes needs 2
buffer descriptors. This code also takes into account the
number of fragment of the skb since we also need a buffer
descriptor for each fragment in the skb.
This piece of code though didn't check that the resulting
number of subframes wasn't 0.
A user reported that using NFS client, he could get skbs
that are so fragmented that the code mentioned above
returned 0 for the number of subframes making
skb_gso_segment fail and subconsequently iwlwifi would WARN.
Fix this by make sure that num_subframes is at least 1.
This fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=199209
Fixes: a6d5e32f24 ("iwlwifi: mvm: send large SKBs to the transport")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Some versions of the FW don't support channel switch in TDLS.
Add a condition that checks it.
Fixes: 307e47235a ("iwlwifi: mvm: configure TDLS peers to FW")
Signed-off-by: Aviya Erenfeld <aviya.erenfeld@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In some cases we may get from FW errored frames with
UNKNOWN security type.
This may happen in unsecured aggregation flow, where
the first packet had a CRC error in the WEP bit, which
was followed by a failure to decrypt and was dropped.
The next frames in the aggregation "inherit" the bad metadata
of the first packet.
Make sure to drop such frames since RADA and other offloads
will not operate correctly which may have unexpected results.
In case of AP it also causes to TX AMSDU frames to the peers,
resulting with assert 0x104B.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Recently we have switched the csr addresses and values configuration
from a single configuration to all devices to a per-device configuration.
Doing that, the configuration for 6300 devices wasn't set.
This missing definition introduced a kernel panic once trying to access
the csr's.
Add the missing 6300 csr configuration.
While at it, add a checker that the csr values were indeed
configured, and bail out more gracefully if not.
Fixes: a8cbb46f83 ("iwlwifi: allow different csr flags for different device families")
Signed-off-by: Golan Ben Ami <golan.ben.ami@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Remove and refactor some code in order to avoid having identical code
for different branches.
Notice that the logic has been there since 2014.
Addresses-Coverity-ID: 1426199 ("Identical code for different branches")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Active scan is not allowed on radar channel, instead
using passvie scan with more time.
Signed-off-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
If firmware does not support embedded supplicant, then it in turn
will not support GT rekey offloading. If this is the case, then
driver must not advertise WOWLAN flags related to GTK rekey and
it must also skip sending the GT_REKEY_OFFLOAD_CFG command.
Signed-off-by: Shrenik Shikhare <shrenik@marvell.com>
Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Race condition is observed during rmmod of mwifiex_usb:
1. The rmmod thread will call mwifiex_usb_disconnect(), download
SHUTDOWN command and do wait_event_interruptible_timeout(),
waiting for response.
2. The main thread will handle the response and will do a
wake_up_interruptible(), unblocking rmmod thread.
3. On getting unblocked, rmmod thread will make rx_cmd.urb = NULL in
mwifiex_usb_free().
4. The main thread will try to resubmit rx_cmd.urb in
mwifiex_usb_submit_rx_urb(), which is NULL.
To fix, wait for main thread to complete before calling
mwifiex_usb_free().
Signed-off-by: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This is a follow-up patch for commit 21c5c83ce8
("mwifiex: support sysfs initiated device coredump").
Let us avoid exporting mwifiex_send_cmd and instead use a utility
function mwifiex_fw_dump_event to achive the work.
Signed-off-by: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Trivial fix to spelling mistake in rsi_dbg message text
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
the wl pointer can be null In case only wlcore_sdio is probed while
no WiLink module is successfully probed, as in the case of mounting a
wl12xx module while using a device tree file configured with wl18xx
related settings.
In this case the system was crashing in wl1271_suspend() as platform
device data is not set.
Make sure wl the pointer is valid before using it.
Signed-off-by: Eyal Reizer <eyalr@ti.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
add pci_disable_device in error handling while init_atmel_card failed.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In former patch, I enqueu all C2H commands and processed by a workqueue.
In case C2H_BT_INFO will issue a H2C command to set BT reg, and wait for
a C2H ack. But it is totally impossible that C2H workqueue waits for a
C2H command, so kernel log warn
rtlwifi: :<0> btmpinfo wait (req_num=0) timeout
Since the C2H ack command C2H_BT_MP can be safely processed in interrupt
context, add a fast command path to deal with the command.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The format of C2H data is ID(1 byte) + Length(1 byte) + value, and it is
more readable to use macros to access C2H data.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
We use 'struct rtl_c2hcmd' to store C2H commands originally, and the code
is slightly complex to enqueue and dequeue and also wastes time to
allocate and memcpy data. Since C2H commands are asynchronous events,
they can be processed in work queue, so RX ISR enqueues C2H result in
removal of rtl_c2h_packet_handler().
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Similar to rx_command_packet, we can call rtl_c2h_content_parsing so the
hal_op isn't necessary.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Because the hal_op rx_command_packet does C2H handler if rx packet type
is C2H, and the handler have been moved to base.c so we can call the
handler directly.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Merge duplicate C2H handler and implement the handler in base.c.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
We're going to merge C2H handler into one, but one special case is to
handle RA_REPORT that implements in individual IC folder. So this commit
adds a hal_op for caller in common code.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The caller of hal_op rx_command_packet will assert function pointer
before calling, so we can remove dummy functions safely.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The IDs are defined by driver and map to the fw C2H IDs, but they aren't
used now result in removal.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Move C2H definition to wifi.h, because the definitions of 8192ee, 8723be
and 8821ae are the same.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Current chips use packet-based C2H commands whose IDs differ from old
ones, so this commit simply gives C2H_V0_ as prefix of command IDs.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Move duplicate definitions from def.h of ic folder to wifi.h
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
To use keep-alive mechanism in mac80211 stack, since driver supports
reporting accurate nullfunc frame tx ack now.
Signed-off-by: Tzu-En Huang <tehuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In order to realize the keep-alive mechanism in mac80211 stack, reporting
accurate tx ack status for nullfunc frame is added in this commit.
If current frame is nullfunc frame, we ask firmware to report by filling
TX report bit in TX descriptor. After this frame DMA done, TX interrupt is
triggered but TX status is unknown at this moment, so enqueue this skb
into tx_report->queue. Finally, C2H report will be received if the frame
is transmitted successfully or retried over, and then we report to mac80211
with IEEE80211_TX_STAT_ACK flag only if it's successful. Otherwise, if
failure or timeout (one second), we report to mac80211 without this flag.
Signed-off-by: Tzu-En Huang <tehuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
We can have pm_runtime_get_sync() return 1, and we can have
pm_runtime_put_sync() return -EBUSY. See rpm_suspend() and
rpm_resume() for more information.
Fix the issue by returning 0 from wl12xx_sdio_power_on() on success.
And use pm_runtime_put() instead of pm_runtime_put_sync() for
wl12xx_sdio_power_off(), then the MMC subsystem will idle the bus
when suitable.
Otherwise wlcore can sometimes get confused and may report bogus
errors and WLAN connection can fail.
Note that while wlcore checks the return value for wl1271_power_on(),
the return value is ignored for wl1271_power_off(). Let's fix them
both though to avoid further confusion in the future.
Fixes: 60f36637bb ("wlcore: sdio: allow pm to handle sdio power")
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Attempt to dump dongle memory for debug upon receiving firmware halt
message through dongle to host mail box interrupt.
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
PCIe dongle firmware signals a halt/trap through mailbox interrupt.
Trigger a memory dump upon receiving such signal could help to provide
useful information for issue debug.
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
In patch "brcmfmac: add support for sysfs initiated coredump", a new
scenario of brcmf_debug_create_memdump was added in which the user of
the function might not necessarily provide prefix data. Hence the
function should not assume the data is always valid and should perform a
check before copying.
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Since commit 3c47d19ff4 ("drivers: base: add coredump driver ops")
it is possible to initiate a device coredump from user-space. This
patch adds support for it adding the .coredump() driver callback.
As there is no longer a need to initiate it through debugfs remove
that code.
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
The driver already supports device coredump initiated by firmware
event. Since commit 3c47d19ff4 ("drivers: base: add coredump driver
ops") it is also possible to initiate it from user-space through
sysfs. This patch adds support for SDIO and PCIe devices.
Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Reviewed-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>