platform/kernel/linux-rpi.git
20 months agowifi: iwlwifi: mvm: fix RFKILL report when driver is going down
Avraham Stern [Tue, 18 Apr 2023 09:28:14 +0000 (12:28 +0300)]
wifi: iwlwifi: mvm: fix RFKILL report when driver is going down

When CSME takes ownership, the driver sets RFKILL on, and this
triggers driver unload and sending the confirmation SAP message.
However, when IWL_MVM_MEI_REPORT_RFKILL is set, RFKILL was not
reported and as a result, the driver did not confirm the ownership
transition. Fix it.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.29ac3cd3df73.I96b32bc274bfe1e3871e54d3fa29c7ac4f40446f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mei: re-ask for ownership after it was taken by CSME
Avraham Stern [Tue, 18 Apr 2023 09:28:13 +0000 (12:28 +0300)]
wifi: iwlwifi: mei: re-ask for ownership after it was taken by CSME

When the host disconnects from the AP CSME takes ownership right away.
Since the driver never asks for ownership again wifi is left in rfkill
until CSME releases the NIC, although in many cases the host could
re-connect shortly after the disconnection. To allow the host to
recover from occasional disconnection, re-ask for ownership to let
the host connect again.
Allow one minute before re-asking for ownership to avoid too frequent
ownership transitions.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.a6c6ebc48f2d.I8a17003b86e71b3567521cc69864b9cbe9553ea9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mei: make mei filtered scan more aggressive
Avraham Stern [Tue, 18 Apr 2023 09:28:12 +0000 (12:28 +0300)]
wifi: iwlwifi: mei: make mei filtered scan more aggressive

When mei filtered scan is performed, it must find the AP on the first
scan, otherwise CSME will take the ownership of the NIC.
Make this scan more aggressive by scanning the channel the AP is
supposed to be on (as reported by CSME) several times.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.47e383b10b18.I14340a118acdb19ecb7214e7ff413054c77bd99c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: modify scan request and results when in link protection
Avraham Stern [Tue, 18 Apr 2023 09:28:11 +0000 (12:28 +0300)]
wifi: iwlwifi: modify scan request and results when in link protection

When CSME is connected and has link protection set, the driver must
connect to the same AP CSME is connected to.
When in link protection, modify scan request parameters to include
only the channel of the AP CSME is connected to and scan for the
same SSID. In addition, filter the scan results to include only
results from the same AP. This will make sure the driver will connect
to the same AP and will do it fast enough to keep the session alive.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.c1b55de3d704.I3895eebe18b3b672607695c887d728e113fc85ec@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: enable support for MLO APIs
Gregory Greenman [Tue, 18 Apr 2023 09:28:10 +0000 (12:28 +0300)]
wifi: iwlwifi: mvm: enable support for MLO APIs

Enable driver's support for MLO APIs to unlock this functionality.

Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20230418122405.0ae0dd6f0481.Iec993cf0f28eacb2483fb9d1e755b0b2fd62e163@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: prefer RCU_INIT_POINTER()
Johannes Berg [Tue, 18 Apr 2023 09:28:09 +0000 (12:28 +0300)]
wifi: iwlwifi: mvm: prefer RCU_INIT_POINTER()

For constant values we don't need rcu_assign_pointer(),
use RCU_INIT_POINTER() instead.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.7b400d21a27f.Iccdef9d777677390a9881c88b06c0ed13a83d978@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: fix potential memory leak
Johannes Berg [Tue, 18 Apr 2023 09:28:08 +0000 (12:28 +0300)]
wifi: iwlwifi: mvm: fix potential memory leak

If we do get multiple notifications from firmware, then
we might have allocated 'notif', but don't free it. Fix
that by checking for duplicates before allocation.

Fixes: 4da46a06d443 ("wifi: iwlwifi: mvm: Add support for wowlan info notification")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.116758321cc4.I8bdbcbb38c89ac637eaa20dda58fa9165b25893a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: fw: fix argument to efi.get_variable
Alon Giladi [Tue, 18 Apr 2023 09:28:07 +0000 (12:28 +0300)]
wifi: iwlwifi: fw: fix argument to efi.get_variable

We should pass the newly allocated data to fill.

Signed-off-by: Alon Giladi <alon.giladi@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.aaa6d8874442.I734841c71aad9564cb22c50f2737aaff489fadaf@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: fix MIC removal confusion
Johannes Berg [Tue, 18 Apr 2023 09:28:06 +0000 (12:28 +0300)]
wifi: iwlwifi: mvm: fix MIC removal confusion

The RADA/firmware collaborate on MIC stripping in the following
way:
 - the firmware fills the IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK
   value for how many words need to be removed at the end of
   the frame, CRC and, if decryption was done, MIC
 - if the RADA is active, it will
   - remove that much from the end of the frame
   - zero the value in IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK

As a consequence, the only thing the driver should need to do
is to
 - unconditionally tell mac80211 that the MIC was removed
   if decryption was already done
 - remove as much as IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK says
   at the end of the frame, since either RADA did it and then
   the value is 0, or RADA was disabled and then the value is
   whatever should be removed to strip both CRC & MIC

However, all this code was historically grown and getting a
bit confused. Originally, we were indicating that the MIC was
not stripped, which is the version of the code upstreamed in
commit 780e87c29e77 ("iwlwifi: mvm: add 9000 series RX processing")
which indicated RX_FLAG_DECRYPTED in iwl_mvm_rx_crypto().

We later had a commit to change that to also indicate that the
MIC was stripped, adding RX_FLAG_MIC_STRIPPED. However, this was
then "fixed" later to only do that conditionally on RADA being
enabled, since otherwise RADA didn't strip the MIC bytes yet.
At the time, we were also always including the FCS if the RADA
was not enabled, so that was still broken wrt. the FCS if the
RADA isn't enabled - but that's a pretty rare case. Notably
though, it does happen for management frames, where we do need
to remove the MIC and CRC but the RADA is disabled.

Later, in commit 40a0b38d7a7f ("iwlwifi: mvm: Fix calculation of
frame length"), we changed this again, upstream this was just a
single commit, but internally it was split into first the correct
commit and then an additional fix that reduced the number of bytes
that are removed by crypt_len. Note that this is clearly wrong
since crypt_len indicates the length of the PN header (always 8),
not the length of the MIC (8 or 16 depending on algorithm).
However, this additional fix mostly canceled the other bugs,
apart from the confusion about the size of the MIC.

To fix this correctly, remove all those additional workarounds.
We really should always indicate to mac80211 the MIC was stripped
(it cannot use it anyway if decryption was already done), and also
always actually remove it and the CRC regardless of the RADA being
enabled or not. That's simple though, the value indicated in the
metadata is zeroed by the RADA if it's enabled and used the value,
so there's no need to check if it's enabled or not.

Notably then, this fixes the MIC size confusion, letting us receive
GCMP-256 encrypted management frames correctly that would otherwise
be reported to mac80211 8 bytes too short since the RADA is turned
off for them, crypt_len is 8, but the MIC size is 16, so when we do
the adjustment based on IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK (which
indicates 20 bytes to remove) we remove 12 bytes but indicate then
to mac80211 the MIC is still present, so mac80211 again removes the
MIC of 16 bytes, for an overall removal of 28 rather than 20 bytes.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.81345b6ab0cd.Ibe0348defb6cce11c99929a1f049e60b5cfc150c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: fw: fix memory leak in debugfs
Johannes Berg [Tue, 18 Apr 2023 09:28:05 +0000 (12:28 +0300)]
wifi: iwlwifi: fw: fix memory leak in debugfs

Fix a memory leak that occurs when reading the fw_info
file all the way, since we return NULL indicating no
more data, but don't free the status tracking object.

Fixes: 36dfe9ac6e8b ("iwlwifi: dump api version in yaml format")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.239e501b3b8d.I4268f87809ef91209cbcd748eee0863195e70fa2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: Update support for b0 version
Mukesh Sisodiya [Tue, 18 Apr 2023 09:28:04 +0000 (12:28 +0300)]
wifi: iwlwifi: Update support for b0 version

Add support for B0 version of MAC of MR device

Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230418122405.5dca1ea7a0cf.I87932e1e216a1940eeae8824071ecb777f4c034f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
Hans de Goede [Tue, 18 Apr 2023 13:25:46 +0000 (15:25 +0200)]
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace

A received TKIP key may be up to 32 bytes because it may contain
MIC rx/tx keys too. These are not used by iwl and copying these
over overflows the iwl_keyinfo.key field.

Add a check to not copy more data to iwl_keyinfo.key then will fit.

This fixes backtraces like this one:

 memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16)
 WARNING: CPU: 1 PID: 946 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x375/0x390 [iwldvm]
 <snip>
 Hardware name: Dell Inc. Latitude E6430/0H3MT5, BIOS A21 05/08/2017
 RIP: 0010:iwlagn_send_sta_key+0x375/0x390 [iwldvm]
 <snip>
 Call Trace:
  <TASK>
  iwl_set_dynamic_key+0x1f0/0x220 [iwldvm]
  iwlagn_mac_set_key+0x1e4/0x280 [iwldvm]
  drv_set_key+0xa4/0x1b0 [mac80211]
  ieee80211_key_enable_hw_accel+0xa8/0x2d0 [mac80211]
  ieee80211_key_replace+0x22d/0x8e0 [mac80211]
 <snip>

Link: https://www.alionet.org/index.php?topic=1469.0
Link: https://lore.kernel.org/linux-wireless/20230218191056.never.374-kees@kernel.org/
Link: https://lore.kernel.org/linux-wireless/68760035-7f75-1b23-e355-bfb758a87d83@redhat.com/
Cc: Kees Cook <keescook@chromium.org>
Suggested-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: mac80211: remove ieee80211_tx_status_8023
Felix Fietkau [Mon, 17 Apr 2023 13:37:51 +0000 (15:37 +0200)]
wifi: mac80211: remove ieee80211_tx_status_8023

It is unused and should not be used. In order to avoid limitations in
4-address mode, the driver should always use ieee80211_tx_status_ext for
802.3 frames with a valid sta pointer.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20230417133751.79160-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: bump FW API to 78 for AX devices
Gregory Greenman [Mon, 17 Apr 2023 08:41:34 +0000 (11:41 +0300)]
wifi: iwlwifi: bump FW API to 78 for AX devices

Start supporting API version 78 for AX devices.

Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.5a4dcbf5a2c1.I125808566fe892ee0865e392bf1b1872daafe8ad@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: check firmware response size
Johannes Berg [Mon, 17 Apr 2023 08:41:33 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: check firmware response size

Check the firmware response size for responses to the
memory read/write command in debugfs before using it.

Fixes: 2b55f43f8e47 ("iwlwifi: mvm: Add mem debugfs entry")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.0d56fcaf68ee.I70e9571f3ed7263929b04f8fabad23c9b999e4ea@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: add MLO support to SF - use sta pointer
Johannes Berg [Mon, 17 Apr 2023 08:41:32 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: add MLO support to SF - use sta pointer

For MLO support, use the pointer to the peer MLD instead of the default
link station id, since the default link is only used for non-MLO cases.
Using the default link sta id is meaningless for MLO. Also remove the
rcu protected section since we now avoid the lookup based on sta id.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.40cef48c0592.I8dd666d603d6e1854033e5369c70e78d9303d236@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: configure TLC on link activation
Johannes Berg [Mon, 17 Apr 2023 08:41:31 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: configure TLC on link activation

If the AP station already exists on link activation (which
means we're during link switch), configure the TLC in FW so
we can immediately transmit once the link is activated.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.1a93de9b7c1f.I42022f24bbe3572f5a082da8c99794ae14281875@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO
Johannes Berg [Mon, 17 Apr 2023 08:41:30 +0000 (11:41 +0300)]
wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO

For MLO, we cannot use vif->bss_conf.chandef.chan->band, since
that will lead to a NULL-ptr dereference as bss_conf isn't used.
However, in case of real MLO, we also need to take both LMACs
into account if they exist, since the station might be active
on both LMACs at the same time.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.3588afc85d79.I11592893bbc191b9548518b8bd782de568a9f848@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: remove RS rate init update argument
Johannes Berg [Mon, 17 Apr 2023 08:41:29 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: remove RS rate init update argument

Track instead whether or not the station was authorized, that's
clearer than trying to indicate in the code whether or not the
full bandwidth should be used via an 'update' argument.

While at it, give rs_fw_rate_init() the iwl_mvm_ prefix.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.92bd8d36e311.I1877a109104d5ffeaaad6a623e89f0c44decc38e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: initialize per-link STA ratescale data
Johannes Berg [Mon, 17 Apr 2023 08:41:28 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: initialize per-link STA ratescale data

When allocating a new link station, initialize the ratescaling
data for it. To do that, refactor the initialization code out
into a new iwl_mvm_rs_add_sta_link() function.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.441b6a8c60fd.I34f1b3555c25aaa22cc34d1112fc3b6393a20b7c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: rs-fw: properly access sband->iftype_data
Johannes Berg [Mon, 17 Apr 2023 08:41:27 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: rs-fw: properly access sband->iftype_data

We need to look up the correct version of this struct depending
on the interface type, rather than just checking if the pointer
is non-NULL. Fix that.

Fixes: befebbb30af0 ("iwlwifi: rs: consider LDPC capability in case of HE")
Fixes: b009cf71a982 ("iwlwifi: mvm: only enable HE DCM if we also support TX")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.1fd54368a02c.Ie4db5e8ae224d9a4a63b528da5d63e1b957b9cef@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: only clients can be 20MHz-only
Johannes Berg [Mon, 17 Apr 2023 08:41:26 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: only clients can be 20MHz-only

Since only clients to an AP can be 20MHz-only STAs, adjust the
code to not make the use of EHT capabilities depend on only the
bandwidth, but also the type of interface.

Fixes: 701404f1091d ("wifi: iwlwifi: rs: add support for parsing max MCS per NSS/BW in 11be")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.a3a4c931e4a3.I693a07f4d88044c889eee04793883a83bc5ee362@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: fix iwl_mvm_sta_rc_update for MLO
Johannes Berg [Mon, 17 Apr 2023 08:41:25 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: fix iwl_mvm_sta_rc_update for MLO

When this is called it might crash due to the use of
deflink's phy context, update all links instead. It
really shouldn't be called right now though, but it's
better to have safer code until we update this to be
with a link parameter.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.fd47d0de8319.I87c5e5bcb2fadd70acc32021eed394fc1eea12a4@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: remove per-STA MFP setting
Johannes Berg [Mon, 17 Apr 2023 08:41:24 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: remove per-STA MFP setting

When we first add the STA before sending an authentication
frame this is false. However, in some cases such as FT or
certainly in MLO link switch scenarios, it will be true.

If it happens to be true, it causes a firmware assert (in
LMAC, 0x2528), because the same bit is used by the firmware
for tracking this setting as well as for tracking if the
management key has been installed, and then we get this
assert from the firmware when installing the MFP key as it
thinks it has already been installed.

Remove the setting for now, until the firmware disentangles
the two. We should be able to set it, in fact we should be
setting it speculatively before authentication/association,
to avoid processing management frames that should have been
protected/encrypted before the key is set.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.adbeb0e0bfed.I400d0ee3721dc4f294313be992d277ba4d9c88d9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: allow NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT
Johannes Berg [Mon, 17 Apr 2023 08:41:23 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: allow NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT

We can allow NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT since we
just use the elements from mac80211.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.88b1a70365fd.If5030437707ab67e2146291c1517a9b0e31d01ab@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: use BSSID when building probe requests
Johannes Berg [Mon, 17 Apr 2023 08:41:22 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: use BSSID when building probe requests

A long time, ago in commit 818965d39177 ("cfg80211: Allow a
scan request for a specific BSSID"), the stack started passing
the BSSID that should be scanned for. Use it in iwlwifi for the
intended optimisation, and to also allow the use of this for an
implementation sending multi-link probe requests.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.0be90360cad7.If279c28079a1db34280a824cee7c3f6545fd8b9e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: update mac id management
Gregory Greenman [Mon, 17 Apr 2023 08:41:21 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: update mac id management

The restriction where MAC ID 0 could be used only for the
managed/IBSS vif is not required when using the new MLO FW API.
Update the driver.

Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.e4355615da92.Iba934ccf8589c3c27a25a390dc5e938312889b45@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: adopt the latest firmware API
Emmanuel Grumbach [Mon, 17 Apr 2023 08:41:20 +0000 (11:41 +0300)]
wifi: iwlwifi: mvm: adopt the latest firmware API

The firmware no longer wants the beacon template inside the MAC command.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230417113648.92aed4180a06.I277efa343c88081cb3fc890dcbeae3161cdffe16@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: rtw89: add support of concurrent mode
Po-Hao Huang [Sat, 15 Apr 2023 03:50:16 +0000 (11:50 +0800)]
wifi: rtw89: add support of concurrent mode

Add iface_combination declaration to enable concurrent mode. Only two
interfaces under same frequency is supported currently. We limit the
role combination to be STA + P2P or STA + AP only for now until new
feature is requested.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230415035016.15788-2-pkshih@realtek.com
20 months agowifi: rtw89: Disallow power save with multiple stations
Po-Hao Huang [Sat, 15 Apr 2023 03:50:15 +0000 (11:50 +0800)]
wifi: rtw89: Disallow power save with multiple stations

Power saving for more than one station is not supported currently.
Disallow entering PS mode when we have more than one associated
stations.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230415035016.15788-1-pkshih@realtek.com
20 months agowifi: rtw89: update statistics to FW for fine-tuning performance
Po-Hao Huang [Sat, 15 Apr 2023 03:48:58 +0000 (11:48 +0800)]
wifi: rtw89: update statistics to FW for fine-tuning performance

Since firmware can't have proper statistics, driver update the
statistics periodically to firmware to assist in tuning performance.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230415034900.15679-5-pkshih@realtek.com
20 months agowifi: rtw89: use struct instead of macros to set H2C command of hardware scan
Ping-Ke Shih [Sat, 15 Apr 2023 03:48:57 +0000 (11:48 +0800)]
wifi: rtw89: use struct instead of macros to set H2C command of hardware scan

Remove macros that set H2C data. Instead, use struct and
le32_encode_bits() with mask definition to make it clean.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230415034900.15679-4-pkshih@realtek.com
20 months agowifi: rtw89: refine scan function after chanctx
Po-Hao Huang [Sat, 15 Apr 2023 03:48:56 +0000 (11:48 +0800)]
wifi: rtw89: refine scan function after chanctx

Since we can get the current channel definition each interface maps to,
remove store_op function that is no longer required to make things simple.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230415034900.15679-3-pkshih@realtek.com
20 months agowifi: rtw89: prohibit enter IPS during HW scan
Chih-Kang Chang [Sat, 15 Apr 2023 03:48:55 +0000 (11:48 +0800)]
wifi: rtw89: prohibit enter IPS during HW scan

Mac80211 core may ask driver to change to idle mode during HW scan,
then H2C command for HW scan will send failed since chip is in idle
mode. Therefore, We check the SCANNING flag before entering IPS to
prevent this behavior.

Signed-off-by: Chih-Kang Chang <gary.chang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230415034900.15679-2-pkshih@realtek.com
20 months agowifi: rtw89: coex: send more hardware module info to firmware for 8851B
Ping-Ke Shih [Wed, 12 Apr 2023 01:28:31 +0000 (09:28 +0800)]
wifi: rtw89: coex: send more hardware module info to firmware for 8851B

8851B has various hardware module types, so BT coexistence in firmware
needs these information to make decision. Add them to make 8851B work
well.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230412012831.10519-5-pkshih@realtek.com
20 months agowifi: rtw89: coex: Update function to get BT RSSI and hardware counter
Ching-Te Ku [Wed, 12 Apr 2023 01:28:30 +0000 (09:28 +0800)]
wifi: rtw89: coex: Update function to get BT RSSI and hardware counter

Correct Bluetooth RSSI count method. The 6dB is the gap between hardware
packet sampled value and real RSSI value.

Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230412012831.10519-4-pkshih@realtek.com
20 months agowifi: rtw89: coex: Add path control register to monitor list
Ching-Te Ku [Wed, 12 Apr 2023 01:28:29 +0000 (09:28 +0800)]
wifi: rtw89: coex: Add path control register to monitor list

Chips use similar hardware for path control, but could different
path/antenna configuration. Add these register to monitor, if there are
wrong settings, these register can help to debug.

Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230412012831.10519-3-pkshih@realtek.com
20 months agowifi: rtw89: coex: Enable Wi-Fi RX gain control for free run solution
Ching-Te Ku [Wed, 12 Apr 2023 01:28:28 +0000 (09:28 +0800)]
wifi: rtw89: coex: Enable Wi-Fi RX gain control for free run solution

When Wi-Fi & Bluetooth are both busy at the same time, Wi-Fi need to
enable RX gain to protect Wi-Fi RX RF ability. Without this configure
the interference from Bluetooth will bring a big impact to Wi-Fi RX.

Signed-off-by: Ching-Te Ku <ku920601@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230412012831.10519-2-pkshih@realtek.com
20 months agowifi: rtw89: fix power save function in WoWLAN mode
Chih-Kang Chang [Mon, 10 Apr 2023 05:34:38 +0000 (13:34 +0800)]
wifi: rtw89: fix power save function in WoWLAN mode

In WoWLAN Mode, it's expected that WiFi chip could enter power save mode
only after all setting is finished, but current wow_enter_lps function
break the rule and may lead to WoWLAN function fail in low probability,
so fix it.

Signed-off-by: Chih-Kang Chang <gary.chang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230410053438.10682-2-pkshih@realtek.com
20 months agowifi: rtw89: support WoWLAN mode for 8852be
Chin-Yen Lee [Mon, 10 Apr 2023 05:34:37 +0000 (13:34 +0800)]
wifi: rtw89: support WoWLAN mode for 8852be

To support WoWLAN mode for 8852be, we add one PLE quota setting and
WoWLAN stub, which shows that supported WLAN events include receiving
magic packet, rekey packet and deauth packet, and disconnecting from AP.

Signed-off-by: Chin-Yen Lee <timlee@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230410053438.10682-1-pkshih@realtek.com
20 months agowifi: iwlwifi: move debug buffer allocation failure to info verbosity
Golan Ben Ami [Sun, 16 Apr 2023 12:47:39 +0000 (15:47 +0300)]
wifi: iwlwifi: move debug buffer allocation failure to info verbosity

This is noising the kernel log and customers asked to hush it down.
We can live with this message in "info" verbosity.

Signed-off-by: Golan Ben Ami <golan.ben.ami@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.0a7f557aa2a0.If9db474b63242b1bfaed659aa174b678ae8dc196@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: make the loop for card preparation effective
Emmanuel Grumbach [Sun, 16 Apr 2023 12:47:38 +0000 (15:47 +0300)]
wifi: iwlwifi: make the loop for card preparation effective

Since we didn't reset t to 0, only the first iteration of the loop
did checked the ready bit several times.
From the second iteration and on, we just tested the bit once and
continued to the next iteration.

Reported-and-tested-by: Lorenzo Zolfanelli <lorenzo@zolfa.nl>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216452
Fixes: 289e5501c314 ("iwlwifi: fix the preparation of the card")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.615b683ab9c8.Ic52c3229d3345b0064fa34263293db095d88daf8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: allow number of beacons from FW
Johannes Berg [Sun, 16 Apr 2023 12:47:37 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: allow number of beacons from FW

Newer firmware images have a TLV advertising how many
beacons they support, use that to permit adding more
links in AP mode (FW needs to support at least as many
links as beacons).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.0d7522533557.Ic6b5992e94446c35cb0f3add019defa6e7aded2a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: implement key link switching
Johannes Berg [Sun, 16 Apr 2023 12:47:36 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: implement key link switching

Implement switching keys from one set of firmware station IDs
to another set, during link switch.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.c6a777dd5e47.I693f7fd7c52fe8b51a58af69d45488511367f49e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: implement BAID link switching
Johannes Berg [Sun, 16 Apr 2023 12:47:35 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: implement BAID link switching

When we switch station links, also add the code to switch
BAIDs from one station mask to the new one.

To do so, refactor the switching code a bit to have common
code for all the needed switches; will add keys next.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.40654afce24f.I0e35151f69e7513be53ddb8f008e9ab48278c352@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: track station mask for BAIDs
Johannes Berg [Sun, 16 Apr 2023 12:47:34 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: track station mask for BAIDs

When we have MLO connections, a BAID applies to multiple
firmware stations. Track the station mask instead of the
station ID, getting rid of a few more deflink cases and
preparing for handling link switching for BAIDs.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.c08523808c34.I719b7bba499648d1495ed3e3a90889d4732ef15d@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: bump FW API to 77 for AX devices
Gregory Greenman [Sun, 16 Apr 2023 12:47:33 +0000 (15:47 +0300)]
wifi: iwlwifi: bump FW API to 77 for AX devices

Start supporting API version 77 for AX devices.

Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.e522ccefe354.If7628363fafeb7687163103e734206915c445197@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: use correct sta mask to remove queue
Johannes Berg [Sun, 16 Apr 2023 12:47:32 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: use correct sta mask to remove queue

When we remove a queue we need to use the currently active
firmware stations in the mask, not the deflink one. Fix that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.01cdd2153418.I176d54f2d869f51b3707d056adb96455cf885f93@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: avoid iterating over an un-initialized list
Avraham Stern [Sun, 16 Apr 2023 12:47:31 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: avoid iterating over an un-initialized list

The initiator smooth list is initialized only in iwl_mvm_up(), but is
cleared in iwl_mvm_mac_stop. This may result in iterating over the
list before it was initialized in case iwl_mvm_up() failed early.
Fix it by moving the list initialization to an earlier stage.

Fixes: b68bd2e3143a ("iwlwifi: mvm: Add FTM initiator RTT smoothing logic")
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.b50b1fe9a576.Ie348ffae110612d2e252ac120a3ba0aea063b1b6@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: factor out iwl_mvm_sta_fw_id_mask()
Johannes Berg [Sun, 16 Apr 2023 12:47:30 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: factor out iwl_mvm_sta_fw_id_mask()

We are going to need this in more places than just the
key code, so factor out the functionality of getting
the FW station ID mask (filtered to a specific link if
needed) to a separate function that can now be called
both under RCU and mvm->mutex protection.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.eff92b93025d.I2c50290a0537d5db3d3460f4d57c78a4712ffb75@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: properly implement HE AP support
Johannes Berg [Sun, 16 Apr 2023 12:47:29 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: properly implement HE AP support

The firmware split the HE support field into HE and "pseudo HE",
the latter is really for AP and doesn't implement trigger frame
handling for example.

Use the new field for AP mode.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.34dbfefe2a49.I0e39cd35dbe03ff9209b26733746479eae1c8966@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: Fix _iwl_mvm_get_scan_type()
Ilan Peer [Sun, 16 Apr 2023 12:47:28 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: Fix _iwl_mvm_get_scan_type()

The usage of the 'dtim_period' value was wrong, as it is only
a multiplier of the beacon interval, and thus, beacon interval should
also be considered. Fix it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.e08293d6cace.I25f8cea3189472bd714676ca38b121d7c60fb9d9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: mvm: fix getting lowest TX rate for MLO
Johannes Berg [Sun, 16 Apr 2023 12:47:27 +0000 (15:47 +0300)]
wifi: iwlwifi: mvm: fix getting lowest TX rate for MLO

In iwl_mvm_mac_ctxt_get_lowest_rate() we were still accessing
vif->bss_conf without any multi-link provisions, and also the
info->band, both of which isn't valid in MLO.

Fix the code to look at the correct link. In case of EAPOL
transmissions for the initial 4-way-HS, look up the correct
link here as well, and warn if multiple are active.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.d892f68d3bcd.I7d6927abeea5c3899db225391dbc6a5c77805e80@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues
Gregory Greenman [Sun, 16 Apr 2023 12:47:26 +0000 (15:47 +0300)]
wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues

When rx/tx queues are being freed, on a different CPU there could be
still rx flow running. Call napi_synchronize() to prevent such a race.

Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Co-developed-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Link: https://lore.kernel.org/r/20230416154301.5171ee44dcc1.Iff18718540da412e084e7d8266447d40730600ed@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
20 months agowifi: iwlwifi: nvm-parse: add full BW UL MU-MIMO support
Johannes Berg [Sun, 16 Apr 2023 12:47:25 +0000 (15:47 +0300)]
wifi: iwlwifi: nvm-parse: add full BW UL MU-MIMO support

For some devices, in client mode, we support full bandwidth
uplink multi-user MIMO. Add the necessary capability.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.88b6aac6c876.Ibf2a7a38d7a172c371c347c9d4441e8c656cefe3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agobcma: Add explicit of_device.h include
Rob Herring [Mon, 10 Apr 2023 23:27:01 +0000 (18:27 -0500)]
bcma: Add explicit of_device.h include

bcma/main.c uses of_dma_configure() which is declared in of_device.h.
of_device.h gets implicitly included by of_platform.h, but that is going
to be removed soon.

Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230410232701.1561613-1-robh@kernel.org
21 months agowifi: rtl8xxxu: Support devices with 5-6 out endpoints
Bitterblue Smith [Mon, 10 Apr 2023 15:36:48 +0000 (18:36 +0300)]
wifi: rtl8xxxu: Support devices with 5-6 out endpoints

Handle them the same way as the devices with 3-4 USB out endpoints.
This is needed for the RTL8192FU.

Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/ef4bc66d-84f5-4021-efd7-1787d097519c@gmail.com
21 months agowifi: rtl8xxxu: Clean up some messy ifs
Bitterblue Smith [Mon, 10 Apr 2023 15:35:45 +0000 (18:35 +0300)]
wifi: rtl8xxxu: Clean up some messy ifs

Add some new members to rtl8xxxu_fileops and use them instead of
checking priv->rtl_chip.

Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/e24a5534-6e33-cfb9-0634-0caf4646513f@gmail.com
21 months agowifi: brcmfmac: add Cypress 43439 SDIO ids
Marek Vasut [Fri, 7 Apr 2023 20:37:52 +0000 (22:37 +0200)]
wifi: brcmfmac: add Cypress 43439 SDIO ids

Add SDIO ids for use with the muRata 1YN (Cypress CYW43439).
The odd thing about this is that the previous 1YN populated
on M.2 card for evaluation purposes had BRCM SDIO vendor ID,
while the chip populated on real hardware has a Cypress one.
The device ID also differs between the two devices. But they
are both 43439 otherwise, so add the IDs for both.

On-device 1YN (43439), the new one, chip label reads "1YN":
```
/sys/.../mmc_host/mmc2/mmc2:0001 # cat vendor device
0x04b4
0xbd3d
```

EA M.2 evaluation board 1YN (43439), the old one, chip label reads "1YN ES1.4":
```
/sys/.../mmc_host/mmc0/mmc0:0001/# cat vendor device
0x02d0
0xa9a6
```

Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230407203752.128539-1-marex@denx.de
21 months agowifi: rtw89: fix crash due to null pointer of sta in AP mode
Ping-Ke Shih [Thu, 6 Apr 2023 09:30:09 +0000 (17:30 +0800)]
wifi: rtw89: fix crash due to null pointer of sta in AP mode

In AP mode, 'sta' could be NULL if sending broadcast/multicast packets,
so we should check before accessing, or it causes crash:

  BUG: kernel NULL pointer dereference, address: 0000000000000004
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: 0000 [#1] PREEMPT SMP PTI
  CPU: 2 PID: 92 Comm: kworker/u33:0 Tainted: G           OE
  Workqueue: rtw89_tx_wq rtw89_core_txq_work [rtw89_core]
  RIP: 0010:rtw89_core_tx_update_desc_info+0x2cc/0x7d0 [rtw89_core]
  Code: e2 01 41 be 04 00 00 00 41 8b 84 c4 0c 01 00 00 75 0d 45 31 f6 ...
  RSP: 0018:ffffb4cf807afce0 EFLAGS: 00010297
  RAX: 0000000000000001 RBX: ffffb4cf807afd48 RCX: 0000000000000000
  RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
  RBP: ffffb4cf807afd30 R08: ffff9b28c1e59808 R09: ffff9b28c0297100
  R10: 00000000052cf7c4 R11: 00000000052cf7c4 R12: ffff9b28c1602040
  R13: ffff9b28c07b3000 R14: 0000000000000004 R15: 0000000000000000
  FS:  0000000000000000(0000) GS:ffff9b2a73280000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000004 CR3: 00000001ca410003 CR4: 00000000000606e0
  Call Trace:
   <TASK>
   rtw89_core_tx_write+0x7c/0x100 [rtw89_core]
   rtw89_core_txq_work+0x1b4/0x530 [rtw89_core]
   process_one_work+0x222/0x3f0
   worker_thread+0x50/0x3f0
   kthread+0x16b/0x190
   ? rescuer_thread+0x3a0/0x3a0
   ? set_kthread_struct+0x50/0x50
   ret_from_fork+0x22/0x30
   </TASK>

Fixes: e5307c9cd7ee ("wifi: rtw89: set data lowest rate according to AP supported rate")
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230406093009.5869-1-pkshih@realtek.com
21 months agowifi: rtw89: correct 5 MHz mask setting
Eric Huang [Thu, 6 Apr 2023 07:28:41 +0000 (15:28 +0800)]
wifi: rtw89: correct 5 MHz mask setting

Use primary channel index to determine which 5 MHz mask should be enable.
This mask is used to prevent noise from channel edge to effect CCA
threshold in wide bandwidth (>= 40 MHZ).

Fixes: 1b00e9236a71 ("rtw89: 8852c: add set channel of BB part")
Fixes: 6b0698984eb0 ("wifi: rtw89: 8852b: add chip_ops::set_channel")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Huang <echuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230406072841.8308-1-pkshih@realtek.com
21 months agowifi: rtw89: 8851b: add tables for RFK
Ping-Ke Shih [Sat, 1 Apr 2023 14:25:48 +0000 (22:25 +0800)]
wifi: rtw89: 8851b: add tables for RFK

These tables are used by RF calibrations to assist to configure PHY and
RF registers.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230401142548.55466-4-pkshih@realtek.com
21 months agowifi: rtw89: 8851b: add BB and RF tables (2 of 2)
Ping-Ke Shih [Sat, 1 Apr 2023 14:25:47 +0000 (22:25 +0800)]
wifi: rtw89: 8851b: add BB and RF tables (2 of 2)

These tables contain BB and RF parameters that driver will load them into
registers. It also contains TX power according to country, band, rate and
so on. Increasing thermal can cause TX power degraded, so power tracking
tables are defined to compensate TX power.

Internal version of these tables:
 - HALBB_029_106_15 (V17)
 - HALRF_029_00_089
   * Radio A 0x22
   * NCTL 0x5

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230401142548.55466-3-pkshih@realtek.com
21 months agowifi: rtw89: 8851b: add BB and RF tables (1 of 2)
Ping-Ke Shih [Sat, 1 Apr 2023 14:25:46 +0000 (22:25 +0800)]
wifi: rtw89: 8851b: add BB and RF tables (1 of 2)

These tables contain BB and RF parameters that driver will load them into
registers. It also contains TX power according to country, band, rate and
so on. Increasing thermal can cause TX power degraded, so power tracking
tables are defined to compensate TX power.

Internal version of these tables:
 - HALBB_029_106_15 (V17)
 - HALRF_029_00_089
   * Radio A 0x22
   * NCTL 0x5

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230401142548.55466-2-pkshih@realtek.com
21 months agowifi: rtw89: pci: update PCI related settings to support 8851B
Ping-Ke Shih [Thu, 30 Mar 2023 13:33:24 +0000 (21:33 +0800)]
wifi: rtw89: pci: update PCI related settings to support 8851B

Many settings of 8851B are like 8852A or 8852B. Change them to proper
settings as hardware design.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230330133324.19538-5-pkshih@realtek.com
21 months agowifi: rtw89: mac: update MAC settings to support 8851b
Ping-Ke Shih [Thu, 30 Mar 2023 13:33:23 +0000 (21:33 +0800)]
wifi: rtw89: mac: update MAC settings to support 8851b

Many settings of 8851B are the same as 8852B or 8852A, like DLE (Data link
engine), security engine and so on. Update them according to hardware
design.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230330133324.19538-4-pkshih@realtek.com
21 months agowifi: rtw89: 8851b: fix TX path to path A for one RF path chip
Ping-Ke Shih [Thu, 30 Mar 2023 13:33:22 +0000 (21:33 +0800)]
wifi: rtw89: 8851b: fix TX path to path A for one RF path chip

For two RF paths chips, we normally set path B as main path by default.
8851B has single one RF path, so set TX path to A and set mapping of
path B to 0.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230330133324.19538-3-pkshih@realtek.com
21 months agowifi: rtw89: read version of analog hardware
Ping-Ke Shih [Thu, 30 Mar 2023 13:33:21 +0000 (21:33 +0800)]
wifi: rtw89: read version of analog hardware

The chip contains digital and analog parts, and each of them has its own
version number. This is used by BT coexistence mechanism to make strategy
decision for different analog version.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230330133324.19538-2-pkshih@realtek.com
21 months agowifi: rtw89: use hardware CFO to improve performance
Eric Huang [Thu, 30 Mar 2023 13:23:52 +0000 (21:23 +0800)]
wifi: rtw89: use hardware CFO to improve performance

Turn on hardware CFO (central frequency offset) compensation based on IC
capability, and improve digital CFO compensation accuracy by using
more fixed points number.

Signed-off-by: Eric Huang <echuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230330132352.13647-1-pkshih@realtek.com
21 months agowifi: rtw89: support parameter tables by RFE type
Zong-Zhe Yang [Thu, 30 Mar 2023 08:03:31 +0000 (16:03 +0800)]
wifi: rtw89: support parameter tables by RFE type

One chip can have different RFE (RF front end) types which we will judge
at runtime. And, different RFE types may use different RF parameter tables.
Though we didn't really meet this case previously, we are going to meet it
on upcoming chip RTL8851B. So, this commit handles parameter tables for
runtime RFE type.

We now encapsulate rtw89_txpwr_rule_<2/5/6>ghz tables into rtw89_rfe_parms.
Then, each chip defines its default parameter tables, and if needed, it can
configure extra parameter tables by RFE type. Finally we determine runtime
parameter tables by RFE type if one is configured. Otherwise, we use the
default parameter tables.

For now, we just move all settings under default parameter tables. We will
configure parameter tables by RFE types in separate commits afterwards.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230330080331.37155-1-pkshih@realtek.com
21 months agowifi: rtw89: add firmware format version to backward compatible with older drivers
Ping-Ke Shih [Mon, 20 Mar 2023 13:06:06 +0000 (21:06 +0800)]
wifi: rtw89: add firmware format version to backward compatible with older drivers

In the discuss threads [1] [2], new firmware format break user space
because older drivers can't recognize new firmware format. To avoid this,
the new format will be named rtw89/rtw8852b_fw-1.bin and only new driver
try to load it. Old drivers only load original and understandable firmware
rtw89/rtw8852b_fw.bin.

More, new driver will be still backward compatible with old firmware, so
original firmware can be used by new driver.

If there is newer firmware format is introduced, rtw89/rtw8852b_fw-2.bin
will be given. The same rules will be applied like above. So, we will have
firmware like below in linux-firmware in the future.

  rtw89/rtw8852b_fw-2.bin
  rtw89/rtw8852b_fw-1.bin
  rtw89/rtw8852b_fw.bin

After this patch, MODULE_FIRMWARE() of 8852A/B/C become
  rtw89/rtw8852a_fw.bin
  rtw89/rtw8852b_fw-1.bin
  rtw89/rtw8852c_fw.bin

[1] https://lore.kernel.org/linux-wireless/df1ce994-3368-a57e-7078-8bdcccf4a1fd@gmail.com/T/#m24cb43be31a762d0ea70bf07f27ae96c59f6931b
[2] https://bugzilla.kernel.org/show_bug.cgi?id=217207

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230320130606.20777-4-pkshih@realtek.com
21 months agowifi: rtw89: use schedule_work to request firmware
Ping-Ke Shih [Mon, 20 Mar 2023 13:06:05 +0000 (21:06 +0800)]
wifi: rtw89: use schedule_work to request firmware

Since we are going to load more than one firmware and some are not
presented or optional, using asynchronous API request_firmware_nowait()
will become complicated. Also, we want to use firmware_request_nowarn()
to avoid warning messages when loading optional files. So, use
schedule_work to be simpler.

To abstract loading a firmware or file, define a struct rtw89_fw_req_info
containing a struct firmware and a completion to ensure this firmware is
loaded completely.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230320130606.20777-3-pkshih@realtek.com
21 months agowifi: rtw89: fw: use generic flow to set/check features
Zong-Zhe Yang [Mon, 20 Mar 2023 13:06:04 +0000 (21:06 +0800)]
wifi: rtw89: fw: use generic flow to set/check features

In early feature bitmap obtained from rtw89_early_fw_feature_recognize(),
the bits needed to check get increased. It's more friendly to work with
RTW89_CHK_FW_FEATURE(). So, we concentrate the flow of iterating FW feature
configures and calling RTW89_SET_FW_FEATURE() for various uses. And then,
we adjust rtw89_early_fw_feature_recognize() for RTW89_CHK_FW_FEATURE().

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230320130606.20777-2-pkshih@realtek.com
21 months agowifi: rtw89: fix authentication fail during scan
Po-Hao Huang [Tue, 11 Apr 2023 12:48:32 +0000 (20:48 +0800)]
wifi: rtw89: fix authentication fail during scan

We used to store operating channel info after associated. However, scan
might happen before that. Without switching back to operating channel,
authentication or association might fail. Therefore, we switch back to
operating channel when the scanning vif's BSSID is non-zero, which
implies connected or during attempt to connect.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230411124832.14965-6-pkshih@realtek.com
21 months agowifi: rtw89: add flag check for power state
Po-Hao Huang [Tue, 11 Apr 2023 12:48:31 +0000 (20:48 +0800)]
wifi: rtw89: add flag check for power state

Use POWER_ON flag to make sure power on/off is symmetric. Since both
remain_on_channel and hw_scan both alter the power state, this makes
sure that we don't enter/leave IPS mode twice.
Also, replace IPS related functions with inline function that does
similar logic so we can track it more easily.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230411124832.14965-5-pkshih@realtek.com
21 months agowifi: rtw89: add ieee80211::remain_on_channel ops
Po-Hao Huang [Tue, 11 Apr 2023 12:48:30 +0000 (20:48 +0800)]
wifi: rtw89: add ieee80211::remain_on_channel ops

Add support of remain on channel ops. Since channel context is
required to enable multi-channel concurrent(MCC) and the current
ROC in mac80211 don't support more than 1 channel context, add this
to let P2P and other protocols relying on this work as expected.
The off-channel duration and cancel timing is purely controlled by
upper layers.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230411124832.14965-4-pkshih@realtek.com
21 months agowifi: rtw89: add function to wait for completion of TX skbs
Po-Hao Huang [Tue, 11 Apr 2023 12:48:29 +0000 (20:48 +0800)]
wifi: rtw89: add function to wait for completion of TX skbs

Allocate a per-skb completion to track those skbs we are interested in
and wait for them to complete transmission with TX status.

Normally, the completion object is freed by wait side, but it could be
timeout result that complete side should free the object instead. Add a
owner field with RCU to determine which side should free the object.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230411124832.14965-3-pkshih@realtek.com
21 months agowifi: rtw89: 8852c: add beacon filter and CQM support
Po-Hao Huang [Tue, 11 Apr 2023 12:48:28 +0000 (20:48 +0800)]
wifi: rtw89: 8852c: add beacon filter and CQM support

Adding this supports beacon filter and connection quality monitor.
To make host CPU wake up less, let firmware perform signal
monitoring and beacon processing, then notify driver upon signal
changes or beacon loss.

This feature needs firmware 0.27.56 or newer to support it.

Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230411124832.14965-2-pkshih@realtek.com
21 months agowifi: iwlwifi: mvm: tx: remove misleading if statement
Johannes Berg [Fri, 14 Apr 2023 10:12:06 +0000 (13:12 +0300)]
wifi: iwlwifi: mvm: tx: remove misleading if statement

The if statement here is misleading, we return zero anyway
since we just checked the 'ret' variable, simplify the code
to remove the condition entirely.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.57c1eb58e655.I1b47a7771cd66306931089c150c6b5b240bdcba5@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: Fix setting the rate for non station cases
Ilan Peer [Fri, 14 Apr 2023 10:12:05 +0000 (13:12 +0300)]
wifi: iwlwifi: mvm: Fix setting the rate for non station cases

The setting of the rate used for non station cases did not take into
consideration the interface type etc., thus when probe responses
are transmitted on P2P Device interface etc. CCK rates were used
which is not allowed.

Modify the code so the non station case would consider the
interface type etc. For HWs/FWs that do not support rate control,
preserve the previous behavior, i.e., take the rate from the
skb metadata and adjust as needed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.fa0e4d42205d.Iab4784560c77b965fec070d4d0a1ec84171d94ff@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: validate station properly in flush
Johannes Berg [Fri, 14 Apr 2023 10:12:04 +0000 (13:12 +0300)]
wifi: iwlwifi: mvm: validate station properly in flush

If we have MLO, then the deflink.ap_sta_id cannot be used.
However, we can use the new mvmvif->ap_sta pointer for the
validation instead.

Also don't do it multiple times for different FW instances
of the same AP STA (TDLS STAs are only on a single link).

Note that this isn't really working right yet since the
underlying flush code hasn't been updated yet to know of
multiple link STAs.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.7d747df44d65.Ie5392859fab4cfb73c20b49bfee2caadef5fd8ec@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: set STA mask for keys in MLO
Johannes Berg [Fri, 14 Apr 2023 10:12:03 +0000 (13:12 +0300)]
wifi: iwlwifi: mvm: set STA mask for keys in MLO

Implement the full STA mask and selecting the correct link
for key installation.

While at it, catch errors if this function returns a bad
zero station mask, rather than waiting for the firmware to
crash on it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.cedae2f21829.Iae07b736c3109d085ad5b74ec8282ce45020da39@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: fix ptk_pn memory leak
Johannes Berg [Fri, 14 Apr 2023 10:12:02 +0000 (13:12 +0300)]
wifi: iwlwifi: mvm: fix ptk_pn memory leak

If adding a key to firmware fails we leak the allocated ptk_pn.
This shouldn't happen in practice, but we should still fix it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.99446ffd02bc.I82a2ad6ec1395f188e0a1677cc619e3fcb1feac9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: make iwl_mvm_mac_ctxt_send_beacon() static
Johannes Berg [Fri, 14 Apr 2023 10:12:01 +0000 (13:12 +0300)]
wifi: iwlwifi: mvm: make iwl_mvm_mac_ctxt_send_beacon() static

We never needed this to be non-static, that was just an
artifact of the development process. Make it static.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.3c018c15f948.I87fd1aee288f33312a7206492608002d4e8e213e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: track AP STA pointer and use it for MFP
Johannes Berg [Fri, 14 Apr 2023 10:12:00 +0000 (13:12 +0300)]
wifi: iwlwifi: mvm: track AP STA pointer and use it for MFP

Instead of relying on the AP STA ID and dereferencing our
firmware -> mac80211 STA array when we really only need
the STA, not the per-link information (and might not have
it, e.g. for a pairwise key installation where this is
relevant), keep track of the AP STA as a pointer to the
mac80211 STA, protected by the mutex. Then use it here in
the key code instead.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.7db01b1508de.I88e6d252cdb0a6e4581d7c5fd7cbc037b4fd40ae@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
Hyunwoo Kim [Fri, 14 Apr 2023 10:11:59 +0000 (13:11 +0300)]
wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf

An integer overflow occurs in the iwl_write_to_user_buf() function,
which is called by the iwl_dbgfs_monitor_data_read() function.

static bool iwl_write_to_user_buf(char __user *user_buf, ssize_t count,
  void *buf, ssize_t *size,
  ssize_t *bytes_copied)
{
int buf_size_left = count - *bytes_copied;

buf_size_left = buf_size_left - (buf_size_left % sizeof(u32));
if (*size > buf_size_left)
*size = buf_size_left;

If the user passes a SIZE_MAX value to the "ssize_t count" parameter,
the ssize_t count parameter is assigned to "int buf_size_left".
Then compare "*size" with "buf_size_left" . Here, "buf_size_left" is a
negative number, so "*size" is assigned "buf_size_left" and goes into
the third argument of the copy_to_user function, causing a heap overflow.

This is not a security vulnerability because iwl_dbgfs_monitor_data_read()
is a debugfs operation with 0400 privileges.

Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.2d80ace81532.Iecfba549e0e0be21bbb0324675392e42e75bd5ad@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: fw: move memset before early return
Tom Rix [Fri, 14 Apr 2023 10:11:58 +0000 (13:11 +0300)]
wifi: iwlwifi: fw: move memset before early return

Clang static analysis reports this representative issue
dbg.c:1455:6: warning: Branch condition evaluates to
a garbage value
  if (!rxf_data.size)
       ^~~~~~~~~~~~~~

This check depends on iwl_ini_get_rxf_data() to clear
rxf_data but the function can return early without
doing the clear.  So move the memset before the early
return.

Fixes: cc9b6012d34b ("iwlwifi: yoyo: use hweight_long instead of bit manipulating")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.872a7175f1ff.I33802a77a91998276992b088fbe25f61c87c33ac@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: initialize seq variable
Tom Rix [Fri, 14 Apr 2023 10:11:57 +0000 (13:11 +0300)]
wifi: iwlwifi: mvm: initialize seq variable

Clang static analysis reports this issue
d3.c:567:22: warning: The left operand of '>' is
  a garbage value
  if (seq.tkip.iv32 > cur_rx_iv32)
      ~~~~~~~~~~~~~ ^

seq is never initialized. Call ieee80211_get_key_rx_seq() to
initialize seq.

Fixes: 0419e5e672d6 ("iwlwifi: mvm: d3: separate TKIP data from key iteration")
Signed-off-by: Tom Rix <trix@redhat.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.6dd372f84f93.If1f708c90e6424a935b4eba3917dfb7582e0dd0a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: Fix spelling mistake "Gerenal" -> "General"
Colin Ian King [Fri, 14 Apr 2023 10:11:56 +0000 (13:11 +0300)]
wifi: iwlwifi: mvm: Fix spelling mistake "Gerenal" -> "General"

There is a spelling mistake in a IWL_DEBUG_SCAN debug message. Fix it.

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.eac55cbef8f1.I15cc5d3f1489759bf915bfb3cbbb72b67b18f8b6@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: Fix spelling mistake "upto" -> "up to"
Colin Ian King [Fri, 14 Apr 2023 10:11:55 +0000 (13:11 +0300)]
wifi: iwlwifi: Fix spelling mistake "upto" -> "up to"

There is a spelling mistake in a IWL_ERR error message. Fix it.

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.a00965734d02.I760cb43829b3d7a0f567f0958059f2fae0aa8a93@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: enable new MLD FW API
Miri Korenblit [Fri, 14 Apr 2023 10:11:54 +0000 (13:11 +0300)]
wifi: iwlwifi: mvm: enable new MLD FW API

Enable the new FW API with MLD based on FW TLV.

Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.5dc66b08539e.I1c65024c879346b0349e1e431d36ec2b5fd85dd7@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: add a new PCI device ID for BZ device
Mukesh Sisodiya [Fri, 14 Apr 2023 10:11:53 +0000 (13:11 +0300)]
wifi: iwlwifi: add a new PCI device ID for BZ device

Add support for a new PCI device ID 0x272b once registering with PCIe.

Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.56342664110d.I5aa6f2858fdcf69fdea4f1a873115a48bd43764e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: Add RF Step Type for BZ device
Mukesh Sisodiya [Fri, 14 Apr 2023 10:11:52 +0000 (13:11 +0300)]
wifi: iwlwifi: Add RF Step Type for BZ device

Add RF step id handling and handle for BZ device.
Read CNV Aux register and uses for no OTP case.
Add missing rf support for Bz/Bnj device and correct/add
the mapping for rf-type if OTP not present.

Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.8f2e2fff7bbc.Iee5554178bc5f134dcc28591db0968e619afbdca@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: scan legacy bands and UHB channels with same antenna
Ayala Beker [Thu, 13 Apr 2023 18:40:35 +0000 (21:40 +0300)]
wifi: iwlwifi: mvm: scan legacy bands and UHB channels with same antenna

In case of UHB scan that follows a scan on legacy bands,
consider both scan commands as part of the same scan cycle,
and thus configure them to use the same antenna configuration.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.fd582c423ad8.I35239f94cb3ee1642d16936199c336a07ec2df8f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: yoyo: Fix possible division by zero
Daniel Gabay [Thu, 13 Apr 2023 18:40:34 +0000 (21:40 +0300)]
wifi: iwlwifi: yoyo: Fix possible division by zero

Don't allow buffer allocation TLV with zero req_size since it
leads later to division by zero in iwl_dbg_tlv_alloc_fragments().
Also, NPK/SRAM locations are allowed to have zero buffer req_size,
don't discard them.

Fixes: a9248de42464 ("iwlwifi: dbg_ini: add TLV allocation new API support")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.5d6688ed74d8.I5c2f3a882b50698b708d54f4524dc5bdf11e3d32@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: yoyo: skip dump correctly on hw error
Daniel Gabay [Thu, 13 Apr 2023 18:40:33 +0000 (21:40 +0300)]
wifi: iwlwifi: yoyo: skip dump correctly on hw error

When NIC is in a bad state, reading data will return 28 bits as
0xa5a5a5a and the lowest 4 bits are not fixed value.

Mask these bits in a few places to skip the dump correctly.

Fixes: 89639e06d0f3 ("iwlwifi: yoyo: support for new DBGI_SRAM region")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.df6c0663179d.I36d8487b2419c6fefa65e5514855d94327c3b1eb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: pcie: fix possible NULL pointer dereference
Daniel Gabay [Thu, 13 Apr 2023 18:40:32 +0000 (21:40 +0300)]
wifi: iwlwifi: pcie: fix possible NULL pointer dereference

It is possible that iwl_pci_probe() will fail and free the trans,
then afterwards iwl_pci_remove() will be called and crash by trying
to access trans which is already freed, fix it.

iwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2
      wfpm id 0xa5a5a5a2
iwlwifi 0000:01:00.0: Can't find a correct rfid for crf id 0x5a2
...
BUG: kernel NULL pointer dereference, address: 0000000000000028
...
RIP: 0010:iwl_pci_remove+0x12/0x30 [iwlwifi]
pci_device_remove+0x3e/0xb0
device_release_driver_internal+0x103/0x1f0
driver_detach+0x4c/0x90
bus_remove_driver+0x5c/0xd0
driver_unregister+0x31/0x50
pci_unregister_driver+0x40/0x90
iwl_pci_unregister_driver+0x15/0x20 [iwlwifi]
__exit_compat+0x9/0x98 [iwlwifi]
__x64_sys_delete_module+0x147/0x260

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.082f6e21341b.I0db21d7fa9a828d571ca886713bd0b5d0b6e1e5c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: Fix the duplicate dump name
Mukesh Sisodiya [Thu, 13 Apr 2023 18:40:31 +0000 (21:40 +0300)]
wifi: iwlwifi: Fix the duplicate dump name

Driver is using the dump name generated first time in all
generated dump in case of NMI.
The validity of dump name should be with each dump created
and need to reset after each use.

Fixes: 834f920ef34b ("wifi: iwlwifi: yoyo: Add driver defined dump file name")
Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.6c987f820557.I924f2eae1eef2fe82c7a23be566551653d46f729@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: pcie: work around ROM bug on AX210 integrated
Johannes Berg [Thu, 13 Apr 2023 18:40:30 +0000 (21:40 +0300)]
wifi: iwlwifi: pcie: work around ROM bug on AX210 integrated

On 22000 and AX210 devices, there's a ROM bug that causes it to
set invalid LTR settings. On 22000 and AX210 non-integrated we
can fix up these settings from the driver (as done in the code
here), but on AX210 integrated these registers are not available
to the driver.

Attempt to work around the issue by spinning while the IML is
being loaded, the IML will then reprogram the LTR values itself
after it's loaded, so only the brief IML load (which the ROM is
doing) is affected.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.aaa0a4339984.If08da23e960b6236f8c05c06fc8b26041ac89f1e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
21 months agowifi: iwlwifi: mvm: add DSM_FUNC_ENABLE_6E value to debugfs
Johannes Berg [Thu, 13 Apr 2023 18:40:29 +0000 (21:40 +0300)]
wifi: iwlwifi: mvm: add DSM_FUNC_ENABLE_6E value to debugfs

In order to simplify checking that this value was set up
correctly, add it to debugfs.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230413213309.c9a787710e1e.If509b2e510e22d62f3eefb2c54ff1645e331dc23@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>