Johannes Berg [Tue, 17 May 2022 09:05:08 +0000 (12:05 +0300)]
iwlwifi: fw: init SAR GEO table only if data is present
When no table data was read from ACPI, then filling the data
and returning success here will fill zero values, which means
transmit power will be limited to 0 dBm. This is clearly not
intended.
Return an error from iwl_sar_geo_init() if there's no data to
fill into the command structure.
Johannes Berg [Tue, 17 May 2022 09:05:07 +0000 (12:05 +0300)]
iwlwifi: mvm: clean up authorized condition
We track in mvmvif->authorized when the AP STA becomes authorized
and no longer authorized, so we don't need the complex condition
with station lookup. Simplify the code.
Johannes Berg [Tue, 17 May 2022 09:05:05 +0000 (12:05 +0300)]
iwlwifi: pcie: simplify MSI-X cause mapping
We're currently manually encoding a calculation here since the HW
just maps all the bits of specific registers to specific offsets,
which led to the bug fixed here previously with the Bz SW_ERROR
interrupt.
Clean up the code to only know about the mapping offset (-16 or
16 depending on the register) to avoid such issues in the future.
Ping-Ke Shih [Mon, 16 May 2022 00:52:15 +0000 (08:52 +0800)]
rtw89: pci: only mask out INT indicator register for disable interrupt v1
The design of INT indicator register (R_AX_PCIE_HIMR00_V1) is to reduce IO
during frequent interrupts, because it can stop chip sending interrupt to
host if we just set this indicator to 0, not all IMR(s). This indicator
register looks like a root interrupt controller of wifi chip.
However, we can't set all other IMR(s) to 0 during we are running on
interrupt service routine, or the indicator register can't reflect the
status of certain interrupt happened during this period, and then miss
some interrupts especially SER interrupt events.
Zong-Zhe Yang [Mon, 16 May 2022 00:52:14 +0000 (08:52 +0800)]
rtw89: convert rtw89_band to nl80211_band precisely
Before 6 GHz band was supported, i.e. only 2 GHz and 5 GHz, they were the
same from the numerical point of view. However, after 6 GHz band support,
we need to do this conversion logically.
Zong-Zhe Yang [Mon, 16 May 2022 00:52:13 +0000 (08:52 +0800)]
rtw89: 8852c: update txpwr tables to HALRF_027_00_052
Update notes:
update the following to HALRF_027_00_052
TX power by rate table
TX power limit table
TX power limit RU table
TX shape table doesn't seem to be changed on HALRF_027_00_052
Jonas Jelonek [Mon, 9 May 2022 17:39:58 +0000 (19:39 +0200)]
mac80211: minstrel_ht: support ieee80211_rate_status
This patch adds support for the new struct ieee80211_rate_status and its
annotation in struct ieee80211_tx_status in minstrel_ht.
In minstrel_ht_tx_status, a check for the presence of instances of the
new struct in ieee80211_tx_status is added. Based on this, minstrel_ht
then gets and updates internal rate stats with either struct
ieee80211_rate_status or ieee80211_tx_info->status.rates.
Adjusted variants of minstrel_ht_txstat_valid, minstrel_ht_get_stats,
minstrel_{ht/vht}_get_group_idx are added which use struct
ieee80211_rate_status and struct rate_info instead of the legacy structs.
struct rate_info from cfg80211.h does not provide whether short preamble
was used for the transmission. So we retrieve this information from VIF
and STA configuration and cache it in a new flag in struct minstrel_ht_sta
per rate control instance.
Compile-Tested: current wireless-next tree with all flags on
Tested-on: Xiaomi 4A Gigabit (MediaTek MT7603E, MT7612E) with OpenWrt
Linux 5.10.113
Jonas Jelonek [Mon, 9 May 2022 17:39:57 +0000 (19:39 +0200)]
mac80211: extend current rate control tx status API
This patch adds the new struct ieee80211_rate_status and replaces
'struct rate_info *rate' in ieee80211_tx_status with pointer and length
annotation.
The struct ieee80211_rate_status allows to:
(1) receive tx power status feedback for transmit power control (TPC)
per packet or packet retry
(2) dynamic mapping of wifi chip specific multi-rate retry (mrr)
chains with different lengths
(3) increase the limit of annotatable rate indices to support
IEEE802.11ac rate sets and beyond
ieee80211_tx_info, control and status buffer, and ieee80211_tx_rate
cannot be used to achieve these goals due to fixed size limitations.
Our new struct contains a struct rate_info to annotate the rate that was
used, retry count of the rate and tx power. It is intended for all
information related to RC and TPC that needs to be passed from driver to
mac80211 and its RC/TPC algorithms like Minstrel_HT. It corresponds to
one stage in an mrr. Multiple subsequent instances of this struct can be
included in struct ieee80211_tx_status via a pointer and a length variable.
Those instances can be allocated on-stack. The former reference to a single
instance of struct rate_info is replaced with our new annotation.
An extension is introduced to struct ieee80211_hw. There are two new
members called 'tx_power_levels' and 'max_txpwr_levels_idx' acting as a
tx power level table. When a wifi device is registered, the driver shall
supply all supported power levels in this list. This allows to support
several quirks like differing power steps in power level ranges or
alike. TPC can use this for algorithm and thus be designed more abstract
instead of handling all possible step widths individually.
Further mandatory changes in status.c, mt76 and ath11k drivers due to the
removal of 'struct rate_info *rate' are also included.
status.c already uses the information in ieee80211_tx_status->rate in
radiotap, this is now changed to use ieee80211_rate_status->rate_idx.
mt76 driver already uses struct rate_info to pass the tx rate to status
path. The new members of the ieee80211_tx_status are set to NULL and 0
because the previously passed rate is not relevant to rate control and
accurate information is passed via tx_info->status.rates.
For ath11k, the txrate can be passed via this struct because ath11k uses
firmware RC and thus the information does not interfere with software RC.
Compile-Tested: current wireless-next tree with all flags on
Tested-on: Xiaomi 4A Gigabit (MediaTek MT7603E, MT7612E) with OpenWrt
Linux 5.10.113
mac80211: disable BSS color collision detection in case of no free colors
AP may run out of BSS color after color collision
detection event from driver.
Disable BSS color collision detection if no free colors are
available based on bss color disabled bit sent as a part of
NL80211_ATTR_HE_BSS_COLOR attribute sent in
NL80211_CMD_SET_BEACON.
nl80211: Parse NL80211_ATTR_HE_BSS_COLOR as a part of nl80211_parse_beacon
NL80211_ATTR_HE_BSS_COLOR attribute can be included in both
NL80211_CMD_START_AP and NL80211_CMD_SET_BEACON commands.
Move he_bss_color from cfg80211_ap_settings to cfg80211_beacon_data
and parse NL80211_ATTR_HE_BSS_COLOR as a part of nl80211_parse_beacon()
to have bss color settings parsed for both start ap and set beacon
commands.
Add a new flag he_bss_color_valid to indicate whether
NL80211_ATTR_HE_BSS_COLOR attribute is included.
We currently track whether we're associated and which the
BSS is in the same variable (ifmgd->associated), but for
MLD we'll need to move the BSS pointer to be per link,
while the question whether we're associated or not is for
the whole interface.
Add ifmgd->assoc_bss that stores the pointer and change
ifmgd->associated to be just a bool, so the question of
whether we're associated can continue working after MLD
rework, without requiring changes, while the BSS pointer
will have to be changed/used checked per link.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 13 May 2022 13:48:06 +0000 (15:48 +0200)]
mac80211: mlme: use local SSID copy
There's no need to look it up from the ifmgd->associated
BSS configuration, we already maintain a local copy since
commit b0140fda626e ("mac80211: mlme: save ssid info to
ieee80211_bss_conf while assoc").
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 13 May 2022 13:48:05 +0000 (15:48 +0200)]
mac80211: use ifmgd->bssid instead of ifmgd->associated->bssid
Since we always track the BSSID there when we get associated,
these are equivalent, but ifmgd->bssid saves a dereference and
thus makes the code a bit smaller, and more readable.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 6 May 2022 08:51:52 +0000 (10:51 +0200)]
mac80211: unify CCMP/GCMP AAD construction
Ping-Ke's previous patch adjusted the CCMP AAD construction
to properly take the order bit into account, but failed to
update the (identical) GCMP AAD construction as well.
Deren Wu [Wed, 11 May 2022 23:06:36 +0000 (07:06 +0800)]
mt76: mt7921: add ipv6 NS offload support
Add ipv6 NS offload for WoWLAN state.
Tested in this way:
1. Put device-A into WoW state.
2. ping6 from device-B to device-A.
3. In sniffer, see Neighbour advertisement from device-A.
Reviewed-by: Sean Wang <sean.wang@mediatek.com> Signed-off-by: Deren Wu <deren.wu@mediatek.com> Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 6 Jan 2022 12:22:28 +0000 (13:22 +0100)]
mt76: add support for overriding the device used for DMA mapping
WED support requires using non-coherent DMA, whereas the PCI device might
be configured for coherent DMA.
The WED driver will take care of changing the PCI HIF coherent IO setting
on attach.
Ryder Lee [Thu, 5 May 2022 07:08:35 +0000 (15:08 +0800)]
mt76: mt7915: introduce mt7915_mac_severe_check()
In rare cases, TRB pointers might be out of sync leads to RMAC stopping
Rx that requires minimal recovery, so add this helper to periodically
check TRB status.
Tested-by: Chad Monroe <chad.monroe@smartrg.com> Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Peter Chiu [Thu, 5 May 2022 08:25:54 +0000 (16:25 +0800)]
mt76: mt7915: limit minimum twt duration
The minimum twt duration supported by mt7915 is 64 according to hardware
design. Reply station with TWT_SETUP_CMD_DICTATE if min_twt_dur smaller
than 64.
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Lorenzo Bianconi [Fri, 29 Apr 2022 11:55:56 +0000 (13:55 +0200)]
mt76: mt7915: configure soc clocks in mt7986_wmac_init
Configure mt7986 wmac soc clocks in mt7986_wmac_init routine.
Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com> Co-developed-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 23 Apr 2022 05:01:18 +0000 (07:01 +0200)]
mt76: fix tx status related use-after-free race on station removal
There is a small race window where ongoing tx activity can lead to a skb
getting added to the status tracking idr after that idr has already been
cleaned up, which will keep the wcid linked in the status poll list.
Fix this by only adding status skbs if the wcid pointer is still assigned
in dev->wcid, which gets cleared early by mt76_sta_pre_rcu_remove
Fixes: bd1e3e7b693c ("mt76: introduce packet_id idr") Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 20 Apr 2022 12:29:00 +0000 (14:29 +0200)]
mt76: fix encap offload ethernet type check
The driver needs to check if the format is 802.2 vs 802.3 in order to set
a tx descriptor flag. skb->protocol can't be used, since it may not be properly
initialized for packets coming in from a packet socket.
Fix misdetection by checking the ethertype from the skb data instead
Reported-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bo Jiao [Wed, 20 Apr 2022 07:11:44 +0000 (15:11 +0800)]
mt76: mt7915: disable RX_HDR_TRANS_SHORT
This patch disables RX_TRANS_SHORT to make MDP to do header translation
when payload less than 8 bytes, hence the (QoS) null data can be encapsulated
to 802.3 format. However, WDS requires (QoS) null data in 802.11 format
to created vlan AP interfaces.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: lian.chen <lian.chen@mediatek.com> Signed-off-by: Sujuan Chen <sujuan.chen@mediatek.com> Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
mt76: mt7915: add debugfs knob for RF registers read/write
Add RF registers read/write support for debugging RF issues, which
should be processed by mcu commands.
The index of rf registers use the generic regidx, and are combined
with two parts: WF selection [31:28] and offset [27:0].
Reviewed-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Sean Wang [Thu, 14 Apr 2022 22:56:05 +0000 (06:56 +0800)]
mt76: mt7921: fix kernel crash at mt7921_pci_remove
The crash log shown it is possible that mt7921_irq_handler is called while
devm_free_irq is being handled so mt76_free_device need to be postponed
until devm_free_irq is completed to solve the crash we free the mt76 device
too early.
Colin Ian King [Thu, 14 Apr 2022 09:54:38 +0000 (10:54 +0100)]
mt76: mt7921: make read-only array ppet16_ppet8_ru3_ru0 static const
Don't populate the read-only array ppet16_ppet8_ru3_ru0 on the stack but
instead make it static const. Also makes the object code a little smaller.
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Colin Ian King [Thu, 14 Apr 2022 09:50:07 +0000 (10:50 +0100)]
mt76: mt7915: make read-only array ppet16_ppet8_ru3_ru0 static const
Don't populate the read-only array ppet16_ppet8_ru3_ru0 on the stack but
instead make it static const. Also makes the object code a little smaller.
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 20 Apr 2022 10:27:18 +0000 (12:27 +0200)]
mt76: fix rx reordering with non explicit / psmp ack policy
When the QoS ack policy was set to non explicit / psmp ack, frames are treated
as not being part of a BA session, which causes extra latency on reordering.
Fix this by only bypassing reordering for packets with no-ack policy
Sean Wang [Wed, 6 Apr 2022 18:29:14 +0000 (02:29 +0800)]
mt76: mt7921: Add AP mode support
add AP mode support to mt7921 that can work for mt7921[e,s,u]
with the common code.
Tested-by: Deren Wu <deren.wu@mediatek.com> Tested-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Sean Wang <sean.wang@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
mt76: mt7915: use 0xff to initialize bitrate_mask in mt7915_init_bitrate_mask
Use 0xff (GENMASK(7,0)) in mt7915_init_bitrate_mask routine in order to
initialize bitrate_mask structure in order to avoid truncating value in
memset().
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
Fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
routine if the chip does not support dbdc and the hw reports band_idx
set to 1.
Fixes: 78fc30a21cf11 ("mt76: mt7915: move testmode data from dev to phy") Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup
Add default case for type switch in mt7986_wmac_gpio_setup routine in
order to avoid a possible uninitialized pointer dereference.
Fixes: 99ad32a4ca3a2 ("mt76: mt7915: add support for MT7986") Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
mt76: mt7921: Fix the error handling path of mt7921_pci_probe()
In case of error, some resources must be freed, as already done above and
below the devm_kmemdup() and __mt7921e_mcu_drv_pmctrl() calls added in the
commit in Fixes:.
Fixes: 602cc0c9618a ("mt76: mt7921e: fix possible probe failure after reboot") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Lorenzo Bianconi [Thu, 17 Mar 2022 17:08:35 +0000 (18:08 +0100)]
mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter
Honor runtime-pm user configuration in mt7921_sniffer_interface_iter
routine if we do not have a monitor interface.
Fixes: 1f12fa34e5dc5 ("mt76: mt7921: don't enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set") Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 25 Mar 2022 21:01:43 +0000 (22:01 +0100)]
mt76: fix use-after-free by removing a non-RCU wcid pointer
Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule
by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and
sta_info_[alloc, free].
[18853.876689] ==================================================================
[18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76]
[18853.876773] Read of size 8 at addr ffffffaf989a2138 by task mt76-tx phy0/883
[18853.876786]
[18853.876810] CPU: 5 PID: 883 Comm: mt76-tx phy0 Not tainted 5.10.100-fix-510-56778d365941-kasan #5 0b01fbbcf41a530f52043508fec2e31a4215
Jaehee Park [Fri, 6 May 2022 17:00:46 +0000 (13:00 -0400)]
wfx: use container_of() to get vif
Currently, upon virtual interface creation, wfx_add_interface() stores
a reference to the corresponding struct ieee80211_vif in private data,
for later usage. This is not needed when using the container_of
construct. This construct already has all the info it needs to retrieve
the reference to the corresponding struct from the offset that is
already available, inherent in container_of(), between its type and
member inputs (struct ieee80211_vif and drv_priv, respectively).
Remove vif (which was previously storing the reference to the struct
ieee80211_vif) from the struct wfx_vif, define a function
wvif_to_vif(wvif) for container_of(), and replace all wvif->vif with
the newly defined container_of construct.
Ajay Singh [Wed, 4 May 2022 16:19:27 +0000 (16:19 +0000)]
wilc1000: add valid vmm_entry check before fetching from TX queue
'vmm_table' array contains the size of data buffer length including host
header length. In 'vmm_table' array, the Zero value means the end of
vmm_entries that needs to transfer to firmware which is calculated based on
VMM free size in firmware.
Use 'vmm_table' valid entry check before fetching the entry from TX queue to
only copy valid number of entries to avoid possible NULL pointer exception
observed sometimes during large file transfers.
Ajay Singh [Wed, 4 May 2022 16:19:26 +0000 (16:19 +0000)]
wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice()
Monitor(mon.) interface is used for handling the AP mode and 'ieee80211_ptr'
reference is not getting set for it. Like earlier implementation,
use register_netdevice() instead of cfg80211_register_netdevice() which
expects valid 'ieee80211_ptr' reference to avoid the possible crash.
Ajay Singh [Wed, 4 May 2022 16:19:25 +0000 (16:19 +0000)]
wilc1000: use fixed function base register value to access SDIO_FBR_ENABLE_CSA
The function number was not correct(reset to 0) when host resumes from
suspend state. Use hardcoded value in function base information
register(FBR base address) to re-initialize correctly on host resume.
Ajay Singh [Wed, 4 May 2022 16:19:25 +0000 (16:19 +0000)]
wilc1000: increase firmware version array size
Increase firmware version array size to hold complete version information.
The firmware commit id(Build:) information is also part of the firmware
version string.
Firmware version format:
WILC_WIFI_FW_REL_XX_XX Build: XXXXX
Colin Ian King [Mon, 9 May 2022 11:57:32 +0000 (14:57 +0300)]
ath11k: remove redundant assignment to variables vht_mcs and he_mcs
The variables vht_mcs and he_mcs are being initialized in the
start of for-loops however they are re-assigned new values in
the loop and not used outside the loop. The initializations
are redundant and can be removed.
Cleans up clang scan warnings:
warning: Although the value stored to 'vht_mcs' is used in the
enclosing expression, the value is never actually read from
'vht_mcs' [deadcode.DeadStores]
warning: Although the value stored to 'he_mcs' is used in the
enclosing expression, the value is never actually read from
'he_mcs' [deadcode.DeadStores]
Anilkumar Kolli [Mon, 9 May 2022 11:57:32 +0000 (14:57 +0300)]
ath11k: Reuse the available memory after firmware reload
Ath11k allocates memory when firmware requests memory in QMI.
Coldboot calibration and firmware recovery uses firmware reload.
On firmware reload, firmware sends memory request again. If Ath11k
allocates memory on first firmware boot, reuse the available
memory. Also check if the segment type and size is same
on the next firmware boot. Reuse if segment type/size is
same as previous firmware boot else free the segment and
allocate the segment with size/type.
Baochen Qiang [Mon, 9 May 2022 11:57:32 +0000 (14:57 +0300)]
ath11k: Designating channel frequency when sending management frames
In case of Passpoint, the WLAN interface may be requested to
remain on a specific channel and then to send some management
frames on that channel. Now chanfreq of wmi_mgmt_send_cmd is set
as 0, as a result firmware may choose a default but wrong channel.
Fix it by assigning chanfreq field with the designated channel.
This change only applies to WCN6855 and QCA6390, other chips are
not affected.
Baochen Qiang [Mon, 9 May 2022 11:57:31 +0000 (14:57 +0300)]
ath11k: Don't check arvif->is_started before sending management frames
Commit 66307ca04057 ("ath11k: fix mgmt_tx_wmi cmd sent to FW for
deleted vdev") wants both of below two conditions are true before
sending management frames:
projects / kernel.git / log