linux_dsm_epyc7002/drivers/net/wireless/mwifiex
Avinash Patil 2144504983 mwifiex: fix a crash in extended scan event processing
[113.967694] Unable to handle kernel NULL pointer dereference
               at virtual address 00000020
............
[113.967859] PC is at mwifiex_update_rxreor_flags+0xfc/0x430
............
[113.968110] mwifiex_update_rxreor_flags+0xfc/0x430
[113.968129] mwifiex_handle_event_ext_scan_report+0x1e4/0x21c
[113.968148] mwifiex_process_sta_event+0x410/0x508
[113.968165] mwifiex_process_event+0x184/0x1e0
[113.968181] mwifiex_main_process+0x220/0x48c
[113.968197] mwifiex_sdio_interrupt+0xc8/0x1cc
[113.968210] sdio_irq_thread+0x11c/0x290

In case of legacy scan, adapter->curr_cmd is guranteed to be
non-NULL in check_next_scan_cmd. This may not be case in
extended scan where scan command response would come earlier and
set curr_cmd to NULL. Extended scan event comes later and while
trying to complete IOCTL for scan, driver would crash in
dereferencing adapter->curr_cmd->wait_q_enabled.

Avoid this by completing IOCTL in case of legacy scans only.
Internal scan would be completed while handling extended scan
command response.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-05-29 13:10:35 -04:00
..
11ac.c mwifiex: fix IE parsing issues 2014-04-22 15:06:30 -04:00
11ac.h mwifiex: add VHT support for TDLS 2014-02-12 15:36:24 -05:00
11h.c mwifiex: remove global variable cmd_wait_q_required 2014-02-28 14:33:40 -05:00
11n_aggr.c mwifiex: set TDLS flags for AMSDU packets 2014-05-22 14:04:37 -04:00
11n_aggr.h mwifiex: fix hang issue for USB chipsets 2013-09-26 14:02:32 -04:00
11n_rxreorder.c mwifiex: add AMSDU inside AMPDU support 2014-03-14 14:49:14 -04:00
11n_rxreorder.h mwifiex: Track BA sequence number reset 2014-02-28 14:33:23 -05:00
11n.c mwifiex: add HT operation IE in TDLS setup confirm 2014-05-07 16:08:08 -04:00
11n.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2014-05-22 13:58:36 -04:00
cfg80211.c cfg80211: constify MAC addresses in cfg80211 ops 2014-05-19 17:34:42 +02:00
cfg80211.h mwifiex: support for creation of AP interface 2012-05-16 12:46:34 -04:00
cfp.c mwifiex: update MCS information as per antenna settings 2014-02-28 14:33:48 -05:00
cmdevt.c Revert "mwifiex: add firmware dump feature for PCIe" 2014-04-24 21:33:55 -04:00
debugfs.c mwifiex: add fw_dump debugfs file 2014-04-22 15:06:31 -04:00
decl.h mwifiex: increase tx/rx AMPDU window sizes for STA 11ac mode 2014-04-22 15:06:31 -04:00
ethtool.c mwifiex: add "ethtool wol" command support 2013-03-06 16:29:15 -05:00
fw.h mwifiex: update seq number correctly for packets from TDLS peer 2014-05-22 14:04:38 -04:00
ie.c mwifiex: remove global variable cmd_wait_q_required 2014-02-28 14:33:40 -05:00
init.c mwifiex: change transmit buffer size for 8897 2014-02-28 14:33:40 -05:00
ioctl.h mwifiex: increase the number of nodes in command pool 2014-04-22 15:06:29 -04:00
join.c mwifiex: stop AP at shutdown time 2014-02-28 14:33:43 -05:00
Kconfig mwifiex: add USB8897 support 2014-01-13 14:46:59 -05:00
main.c Revert "mwifiex: add firmware dump feature for PCIe" 2014-04-24 21:33:55 -04:00
main.h mwifiex: use time_after() 2014-05-29 13:08:11 -04:00
Makefile mwifiex: add tdls_mgmt handler support 2014-02-12 15:36:19 -05:00
pcie.c mwifiex: set valid tx_param during mwifiex_send_null_packet 2014-05-16 14:26:53 -04:00
pcie.h Revert "mwifiex: add firmware dump feature for PCIe" 2014-04-24 21:33:55 -04:00
README mwifiex: add fw_dump debugfs file 2014-04-22 15:06:31 -04:00
scan.c mwifiex: fix a crash in extended scan event processing 2014-05-29 13:10:35 -04:00
sdio.c mwifiex: restore current SDIO write port in failure cases 2014-05-16 14:26:53 -04:00
sdio.h mwifiex: increase SDIO multiport aggregation buffer sizes 2014-04-22 15:06:29 -04:00
sta_cmd.c mwifiex: configure inactivity timeout for TDLS link 2014-05-07 16:08:07 -04:00
sta_cmdresp.c mwifiex: silence TDLS link delete failure for nonexistent link 2014-05-22 14:04:37 -04:00
sta_event.c mwifiex: delete TDLS link upon Teardown event 2014-05-22 14:04:37 -04:00
sta_ioctl.c mwifiex: fix hung task on command timeout 2014-04-15 13:27:05 -04:00
sta_rx.c mwifiex: update seq number correctly for packets from TDLS peer 2014-05-22 14:04:38 -04:00
sta_tx.c mwifiex: set valid tx_param during mwifiex_send_null_packet 2014-05-16 14:26:53 -04:00
tdls.c mwifiex: use 'const' qualifier for 2nd arg of mwifiex_tdls_add_ht_oper 2014-05-22 14:21:12 -04:00
txrx.c mwifiex: do not flood kmsg/dmesg with USB debug messages 2013-12-09 15:37:54 -05:00
uap_cmd.c mwifiex: change memset to simple assignment for ht_cap.mcs.rx_mask 2014-04-22 15:06:29 -04:00
uap_event.c mwifiex: handle extended scan event for AP interface 2014-03-19 15:15:47 -04:00
uap_txrx.c mwifiex: add AMSDU inside AMPDU support 2014-03-14 14:49:14 -04:00
usb.c mwifiex: remove redundant 'fw_load' completion structure 2014-04-22 15:06:30 -04:00
usb.h mwifiex: add USB8897 support 2014-01-13 14:46:59 -05:00
util.c cfg80211: constify MAC addresses in cfg80211 ops 2014-05-19 17:34:42 +02:00
util.h mwifiex: balance dma map/unmap sizes 2014-02-12 15:36:14 -05:00
wmm.c mwifiex: avoid TDLS check for packets destined to AP 2014-05-22 14:04:37 -04:00
wmm.h cfg80211: constify MAC addresses in cfg80211 ops 2014-05-19 17:34:42 +02:00

# Copyright (C) 2011, Marvell International Ltd.
#
# This software file (the "File") is distributed by Marvell International
# Ltd. under the terms of the GNU General Public License Version 2, June 1991
# (the "License").  You may use, redistribute and/or modify this File in
# accordance with the terms and conditions of the License, a copy of which
# is available by writing to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
# worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
#
# THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
# IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
# ARE EXPRESSLY DISCLAIMED.  The License provides additional details about
# this warranty disclaimer.


===============================================================================
			U S E R  M A N U A L

1) FOR DRIVER INSTALL

	a) Copy sd8787.bin to /lib/firmware/mrvl/ directory,
	   create the directory if it doesn't exist.
	b) Install WLAN driver,
		insmod mwifiex.ko
	c) Uninstall WLAN driver,
		ifconfig mlanX down
		rmmod mwifiex


2) FOR DRIVER CONFIGURATION AND INFO
	The configurations can be done either using the 'iw' user space
	utility or debugfs.

	a) 'iw' utility commands

	Following are some useful iw commands:-

iw dev mlan0 scan

	This command will trigger a scan.
	The command will then display the scan table entries

iw dev mlan0 connect -w <SSID> [<freq in MHz>] [<bssid>] [key 0:abcde d:1123456789a]
	The above command can be used to connect to an AP with a particular SSID.
	Ap's operating frequency can be specified or even the bssid. If the AP is using
	WEP encryption, wep keys can be specified in the command.
	Note: Every time before connecting to an AP scan command (iw dev mlan0 scan) should be used by user.

iw dev mlan0 disconnect
	This command will be used to disconnect from an AP.


iw dev mlan0 ibss join <SSID> <freq in MHz> [fixed-freq] [fixed-bssid] [key 0:abcde]
	The command will be used to join or create an ibss. Optionally, operating frequency,
	bssid and the security related parameters can be specified while joining/creating
	and ibss.

iw dev mlan0 ibss leave
	The command will be used to leave an ibss network.

iw dev mlan0 link
	The command will be used to get the connection status. The command will return parameters
	such as SSID, operating frequency, rx/tx packets, signal strength, tx bitrate.

	Apart from the iw utility all standard configurations using the 'iwconfig' utility are also supported.

	b) Debugfs interface

	The debugfs interface can be used for configurations and for getting
	some useful information from the driver.
	The section below explains the configurations that can be
	done.

	Mount debugfs to /debugfs mount point:

		mkdir /debugfs
		mount -t debugfs debugfs /debugfs

	The information is provided in /debugfs/mwifiex/mlanX/:

iw reg set <country code>
	The command will be used to change the regulatory domain.

iw reg get
	The command will be used to get current regulatory domain.

info
	This command is used to get driver info.

	Usage:
		cat info

	driver_name = "mwifiex"
	driver_version = <driver_name, driver_version, (firmware_version)>
	interface_name = "mlanX"
	bss_mode = "Ad-hoc" | "Managed" | "Auto" | "Unknown"
	media_state = "Disconnected" | "Connected"
	mac_address = <6-byte adapter MAC address>
	multicase_count = <multicast address count>
	essid = <current SSID>
	bssid = <current BSSID>
	channel = <current channel>
	region_code = <current region code>
	multicasr_address[n] = <multicast address>
	num_tx_bytes = <number of bytes sent to device>
	num_rx_bytes = <number of bytes received from device and sent to kernel>
	num_tx_pkts = <number of packets sent to device>
	num_rx_pkts = <number of packets received from device and sent to kernel>
	num_tx_pkts_dropped = <number of Tx packets dropped by driver>
	num_rx_pkts_dropped = <number of Rx packets dropped by driver>
	num_tx_pkts_err = <number of Tx packets failed to send to device>
	num_rx_pkts_err = <number of Rx packets failed to receive from device>
	carrier "on" | "off"
	tx queue "stopped" | "started"

	The following debug info are provided in /debugfs/mwifiex/mlanX/debug:

	int_counter = <interrupt count, cleared when interrupt handled>
	wmm_ac_vo = <number of packets sent to device from WMM AcVo queue>
	wmm_ac_vi = <number of packets sent to device from WMM AcVi queue>
	wmm_ac_be = <number of packets sent to device from WMM AcBE queue>
	wmm_ac_bk = <number of packets sent to device from WMM AcBK queue>
	tx_buf_size = <current Tx buffer size>
	curr_tx_buf_size = <current Tx buffer size>
	ps_mode = <0/1, CAM mode/PS mode>
	ps_state = <0/1/2/3, full power state/awake state/pre-sleep state/sleep state>
	is_deep_sleep = <0/1, not deep sleep state/deep sleep state>
	wakeup_dev_req = <0/1, wakeup device not required/required>
	wakeup_tries = <wakeup device count, cleared when device awake>
	hs_configured = <0/1, host sleep not configured/configured>
	hs_activated = <0/1, extended host sleep not activated/activated>
	num_tx_timeout = <number of Tx timeout>
	is_cmd_timedout = <0/1 command timeout not occurred/occurred>
	timeout_cmd_id = <command id of the last timeout command>
	timeout_cmd_act = <command action of the last timeout command>
	last_cmd_id = <command id of the last several commands sent to device>
	last_cmd_act = <command action of the last several commands sent to device>
	last_cmd_index = <0 based last command index>
	last_cmd_resp_id = <command id of the last several command responses received from device>
	last_cmd_resp_index = <0 based last command response index>
	last_event = <event id of the last several events received from device>
	last_event_index = <0 based last event index>
	num_cmd_h2c_fail = <number of commands failed to send to device>
	num_cmd_sleep_cfm_fail = <number of sleep confirm failed to send to device>
	num_tx_h2c_fail = <number of data packets failed to send to device>
	num_evt_deauth = <number of deauthenticated events received from device>
	num_evt_disassoc = <number of disassociated events received from device>
	num_evt_link_lost = <number of link lost events received from device>
	num_cmd_deauth = <number of deauthenticate commands sent to device>
	num_cmd_assoc_ok = <number of associate commands with success return>
	num_cmd_assoc_fail = <number of associate commands with failure return>
	cmd_sent = <0/1, send command resources available/sending command to device>
	data_sent = <0/1, send data resources available/sending data to device>
	mp_rd_bitmap = <SDIO multi-port read bitmap>
	mp_wr_bitmap = <SDIO multi-port write bitmap>
	cmd_resp_received = <0/1, no cmd response to process/response received and yet to process>
	event_received = <0/1, no event to process/event received and yet to process>
	cmd_pending = <number of cmd pending>
	tx_pending = <number of Tx packet pending>
	rx_pending = <number of Rx packet pending>


3) FOR DRIVER CONFIGURATION

regrdwr
	This command is used to read/write the adapter register.

	Usage:
		echo " <type> <offset> [value]" > regrdwr
		cat regrdwr

	where the parameters are,
		<type>:     1:MAC/SOC, 2:BBP, 3:RF, 4:PMIC, 5:CAU
		<offset>:   offset of register
		[value]:    value to be written

	Examples:
		echo "1 0xa060" > regrdwr           : Read the MAC register
		echo "1 0xa060 0x12" > regrdwr      : Write the MAC register
		echo "1 0xa794 0x80000000" > regrdwr
		                                    : Write 0x80000000 to MAC register
rdeeprom
	This command is used to read the EEPROM contents of the card.

	Usage:
		echo "<offset> <length>" > rdeeprom
		cat rdeeprom

	where the parameters are,
		<offset>:   multiples of 4
		<length>:   4-20, multiples of 4

	Example:
		echo "0 20" > rdeeprom      : Read 20 bytes of EEPROM data from offset 0

getlog
        This command is used to get the statistics available in the station.
	Usage:

	cat getlog

fw_dump
	This command is used to dump firmware memory into files.
	Separate file will be created for each memory segment.
	Usage:

	cat fw_dump

===============================================================================