platform/kernel/linux-rpi.git
2 years agoiwlwifi: mvm: use NULL instead of ERR_PTR when parsing wowlan status
Haim Dreyfuss [Tue, 17 May 2022 09:05:06 +0000 (12:05 +0300)]
iwlwifi: mvm: use NULL instead of ERR_PTR when parsing wowlan status

We anyway don't differentiate between the errors so it is pointless,
returning NULL will be simpler in this case.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20220517120044.78a7651327bb.I77480de7c26db850680f96a3440fb6a1b45dd9d2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agoiwlwifi: pcie: simplify MSI-X cause mapping
Johannes Berg [Tue, 17 May 2022 09:05:05 +0000 (12:05 +0300)]
iwlwifi: pcie: simplify MSI-X cause mapping

We're currently manually encoding a calculation here since the HW
just maps all the bits of specific registers to specific offsets,
which led to the bug fixed here previously with the Bz SW_ERROR
interrupt.

Clean up the code to only know about the mapping offset (-16 or
16 depending on the register) to avoid such issues in the future.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20220517120044.19abe9a4d171.I934356911277f9b2a955808763f317986f69a461@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agortw89: pci: only mask out INT indicator register for disable interrupt v1
Ping-Ke Shih [Mon, 16 May 2022 00:52:15 +0000 (08:52 +0800)]
rtw89: pci: only mask out INT indicator register for disable interrupt v1

The design of INT indicator register (R_AX_PCIE_HIMR00_V1) is to reduce IO
during frequent interrupts, because it can stop chip sending interrupt to
host if we just set this indicator to 0, not all IMR(s). This indicator
register looks like a root interrupt controller of wifi chip.

However, we can't set all other IMR(s) to 0 during we are running on
interrupt service routine, or the indicator register can't reflect the
status of certain interrupt happened during this period, and then miss
some interrupts especially SER interrupt events.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220516005215.5878-7-pkshih@realtek.com
2 years agortw89: convert rtw89_band to nl80211_band precisely
Zong-Zhe Yang [Mon, 16 May 2022 00:52:14 +0000 (08:52 +0800)]
rtw89: convert rtw89_band to nl80211_band precisely

Before 6 GHz band was supported, i.e. only 2 GHz and 5 GHz, they were the
same from the numerical point of view. However, after 6 GHz band support,
we need to do this conversion logically.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220516005215.5878-6-pkshih@realtek.com
2 years agortw89: 8852c: update txpwr tables to HALRF_027_00_052
Zong-Zhe Yang [Mon, 16 May 2022 00:52:13 +0000 (08:52 +0800)]
rtw89: 8852c: update txpwr tables to HALRF_027_00_052

Update notes:
update the following to HALRF_027_00_052
TX power by rate table
TX power limit table
TX power limit RU table
TX shape table doesn't seem to be changed on HALRF_027_00_052

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220516005215.5878-5-pkshih@realtek.com
2 years agortw89: cfo: check mac_id to avoid out-of-bounds
Ping-Ke Shih [Mon, 16 May 2022 00:52:12 +0000 (08:52 +0800)]
rtw89: cfo: check mac_id to avoid out-of-bounds

Somehow, hardware reports incorrect mac_id and pollute memory. Check index
before we access the array.

  UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23
  index 188 is out of range for type 's32 [64]'
  CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G           OE
  Call Trace:
   <IRQ>
   show_stack+0x52/0x58
   dump_stack_lvl+0x4c/0x63
   dump_stack+0x10/0x12
   ubsan_epilogue+0x9/0x45
   __ubsan_handle_out_of_bounds.cold+0x44/0x49
   ? __alloc_skb+0x92/0x1d0
   rtw89_phy_cfo_parse+0x44/0x7f [rtw89_core]
   rtw89_core_rx+0x261/0x871 [rtw89_core]
   ? __alloc_skb+0xee/0x1d0
   rtw89_pci_napi_poll+0x3fa/0x4ea [rtw89_pci]
   __napi_poll+0x33/0x1a0
   net_rx_action+0x126/0x260
   ? __queue_work+0x217/0x4c0
   __do_softirq+0xd9/0x315
   ? disable_irq_nosync+0x10/0x10
   do_softirq.part.0+0x6d/0x90
   </IRQ>
   <TASK>
   __local_bh_enable_ip+0x62/0x70
   rtw89_pci_interrupt_threadfn+0x182/0x1a6 [rtw89_pci]
   irq_thread_fn+0x28/0x60
   irq_thread+0xc8/0x190
   ? irq_thread_fn+0x60/0x60
   kthread+0x16b/0x190
   ? irq_thread_check_affinity+0xe0/0xe0
   ? set_kthread_struct+0x50/0x50
   ret_from_fork+0x22/0x30
   </TASK>

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220516005215.5878-4-pkshih@realtek.com
2 years agortw89: 8852c: set TX antenna path
Ping-Ke Shih [Mon, 16 May 2022 00:52:11 +0000 (08:52 +0800)]
rtw89: 8852c: set TX antenna path

To make user space can set TX antenna via iw command. Then, we can diagnose
antenna is connected properly or not, and measure TX power in single path.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220516005215.5878-3-pkshih@realtek.com
2 years agortw89: add ieee80211::sta_rc_update ops
Ping-Ke Shih [Mon, 16 May 2022 00:52:10 +0000 (08:52 +0800)]
rtw89: add ieee80211::sta_rc_update ops

When peer's NSS, rate or bandwidth is changed, we update RA(rate adaptive)
mask to ensure transmitting packets properly.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220516005215.5878-2-pkshih@realtek.com
2 years agowireless: Fix Makefile to be in alphabetical order
Srinivasan R [Fri, 13 May 2022 18:42:20 +0000 (19:42 +0100)]
wireless: Fix Makefile to be in alphabetical order

Fix quantenna to be in the right order

Signed-off-by: Srinivasan R <srinir@outlook.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/MA1PR01MB26992E104B006B340C3C3A84C1CA9@MA1PR01MB2699.INDPRD01.PROD.OUTLOOK.COM
2 years agomac80211: refactor freeing the next_beacon
Johannes Berg [Mon, 16 May 2022 10:57:32 +0000 (12:57 +0200)]
mac80211: refactor freeing the next_beacon

We have this code seven times, refactor it into a
separate function.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agocfg80211: fix kernel-doc for cfg80211_beacon_data
Johannes Berg [Tue, 17 May 2022 10:43:46 +0000 (12:43 +0200)]
cfg80211: fix kernel-doc for cfg80211_beacon_data

The kernel-doc comment is formatted badly, resulting
in a warning:

  include/net/cfg80211.h:1188: warning: bad line: [...]

Fix that.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agoMerge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
Kalle Valo [Mon, 16 May 2022 10:16:34 +0000 (13:16 +0300)]
Merge ath-next from git://git./linux/kernel/git/kvalo/ath.git

ath.git patches for v5.19. Major changes:

ath11k

* enable keepalive during WoWLAN suspend

* implement remain-on-channel support

2 years agoMerge tag 'mt76-for-kvalo-2022-05-12' of https://github.com/nbd168/wireless
Kalle Valo [Mon, 16 May 2022 10:11:58 +0000 (13:11 +0300)]
Merge tag 'mt76-for-kvalo-2022-05-12' of https://github.com/nbd168/wireless

mt76 patches for 5.19

- tx locking improvements
- wireless ethernet dispatch support for flow offload
- non-standard VHT MCS10-11 support
- fixes
- runtime PM improvements
- mt7921 AP mode support
- mt7921 ipv6 NS offload support

2 years agomac80211: minstrel_ht: support ieee80211_rate_status
Jonas Jelonek [Mon, 9 May 2022 17:39:58 +0000 (19:39 +0200)]
mac80211: minstrel_ht: support ieee80211_rate_status

This patch adds support for the new struct ieee80211_rate_status and its
annotation in struct ieee80211_tx_status in minstrel_ht.

In minstrel_ht_tx_status, a check for the presence of instances of the
new struct in ieee80211_tx_status is added. Based on this, minstrel_ht
then gets and updates internal rate stats with either struct
ieee80211_rate_status or ieee80211_tx_info->status.rates.
Adjusted variants of minstrel_ht_txstat_valid, minstrel_ht_get_stats,
minstrel_{ht/vht}_get_group_idx are added which use struct
ieee80211_rate_status and struct rate_info instead of the legacy structs.

struct rate_info from cfg80211.h does not provide whether short preamble
was used for the transmission. So we retrieve this information from VIF
and STA configuration and cache it in a new flag in struct minstrel_ht_sta
per rate control instance.

Compile-Tested: current wireless-next tree with all flags on
Tested-on: Xiaomi 4A Gigabit (MediaTek MT7603E, MT7612E) with OpenWrt
                Linux 5.10.113

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Link: https://lore.kernel.org/r/20220509173958.1398201-3-jelonek.jonas@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: extend current rate control tx status API
Jonas Jelonek [Mon, 9 May 2022 17:39:57 +0000 (19:39 +0200)]
mac80211: extend current rate control tx status API

This patch adds the new struct ieee80211_rate_status and replaces
'struct rate_info *rate' in ieee80211_tx_status with pointer and length
annotation.

The struct ieee80211_rate_status allows to:
(1) receive tx power status feedback for transmit power control (TPC)
per packet or packet retry
(2) dynamic mapping of wifi chip specific multi-rate retry (mrr)
chains with different lengths
(3) increase the limit of annotatable rate indices to support
IEEE802.11ac rate sets and beyond

ieee80211_tx_info, control and status buffer, and ieee80211_tx_rate
cannot be used to achieve these goals due to fixed size limitations.

Our new struct contains a struct rate_info to annotate the rate that was
used, retry count of the rate and tx power. It is intended for all
information related to RC and TPC that needs to be passed from driver to
mac80211 and its RC/TPC algorithms like Minstrel_HT. It corresponds to
one stage in an mrr. Multiple subsequent instances of this struct can be
included in struct ieee80211_tx_status via a pointer and a length variable.
Those instances can be allocated on-stack. The former reference to a single
instance of struct rate_info is replaced with our new annotation.

An extension is introduced to struct ieee80211_hw. There are two new
members called 'tx_power_levels' and 'max_txpwr_levels_idx' acting as a
tx power level table. When a wifi device is registered, the driver shall
supply all supported power levels in this list. This allows to support
several quirks like differing power steps in power level ranges or
alike. TPC can use this for algorithm and thus be designed more abstract
instead of handling all possible step widths individually.

Further mandatory changes in status.c, mt76 and ath11k drivers due to the
removal of 'struct rate_info *rate' are also included.
status.c already uses the information in ieee80211_tx_status->rate in
radiotap, this is now changed to use ieee80211_rate_status->rate_idx.
mt76 driver already uses struct rate_info to pass the tx rate to status
path. The new members of the ieee80211_tx_status are set to NULL and 0
because the previously passed rate is not relevant to rate control and
accurate information is passed via tx_info->status.rates.
For ath11k, the txrate can be passed via this struct because ath11k uses
firmware RC and thus the information does not interfere with software RC.

Compile-Tested: current wireless-next tree with all flags on
Tested-on: Xiaomi 4A Gigabit (MediaTek MT7603E, MT7612E) with OpenWrt
Linux 5.10.113

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Link: https://lore.kernel.org/r/20220509173958.1398201-2-jelonek.jonas@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: minstrel_ht: fill all requested rates
Peter Seiderer [Sat, 2 Apr 2022 15:30:14 +0000 (17:30 +0200)]
mac80211: minstrel_ht: fill all requested rates

Fill all requested rates (in case of ath9k 4 rate slots are
available, so fill all 4 instead of only 3), improves throughput in
noisy environment.

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Link: https://lore.kernel.org/r/20220402153014.31332-2-ps.report@gmx.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: disable BSS color collision detection in case of no free colors
Lavanya Suresh [Wed, 13 Apr 2022 16:28:15 +0000 (21:58 +0530)]
mac80211: disable BSS color collision detection in case of no free colors

AP may run out of BSS color after color collision
detection event from driver.

Disable BSS color collision detection if no free colors are
available based on bss color disabled bit sent as a part of
NL80211_ATTR_HE_BSS_COLOR attribute sent in
NL80211_CMD_SET_BEACON.

It can be reenabled once new color is available.

Signed-off-by: Lavanya Suresh <lavaks@codeaurora.org>
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Link: https://lore.kernel.org/r/1649867295-7204-3-git-send-email-quic_ramess@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agonl80211: Parse NL80211_ATTR_HE_BSS_COLOR as a part of nl80211_parse_beacon
Rameshkumar Sundaram [Wed, 13 Apr 2022 16:28:14 +0000 (21:58 +0530)]
nl80211: Parse NL80211_ATTR_HE_BSS_COLOR as a part of nl80211_parse_beacon

NL80211_ATTR_HE_BSS_COLOR attribute can be included in both
NL80211_CMD_START_AP and NL80211_CMD_SET_BEACON commands.

Move he_bss_color from cfg80211_ap_settings to cfg80211_beacon_data
and parse NL80211_ATTR_HE_BSS_COLOR as a part of nl80211_parse_beacon()
to have bss color settings parsed for both start ap and set beacon
commands.
Add a new flag he_bss_color_valid to indicate whether
NL80211_ATTR_HE_BSS_COLOR attribute is included.

Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Link: https://lore.kernel.org/r/1649867295-7204-2-git-send-email-quic_ramess@quicinc.com
[fix build ...]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: mlme: track assoc_bss/associated separately
Johannes Berg [Fri, 13 May 2022 16:03:14 +0000 (18:03 +0200)]
mac80211: mlme: track assoc_bss/associated separately

We currently track whether we're associated and which the
BSS is in the same variable (ifmgd->associated), but for
MLD we'll need to move the BSS pointer to be per link,
while the question whether we're associated or not is for
the whole interface.

Add ifmgd->assoc_bss that stores the pointer and change
ifmgd->associated to be just a bool, so the question of
whether we're associated can continue working after MLD
rework, without requiring changes, while the BSS pointer
will have to be changed/used checked per link.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: remove useless bssid copy
Johannes Berg [Fri, 13 May 2022 15:46:24 +0000 (17:46 +0200)]
mac80211: remove useless bssid copy

We don't need to copy this locally, we now only use the
variable to print before doing other things.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: remove unused argument to ieee80211_sta_connection_lost()
Johannes Berg [Fri, 13 May 2022 15:46:23 +0000 (17:46 +0200)]
mac80211: remove unused argument to ieee80211_sta_connection_lost()

We never use the bssid argument to ieee80211_sta_connection_lost()
so we might as well just remove it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: mlme: use local SSID copy
Johannes Berg [Fri, 13 May 2022 13:48:06 +0000 (15:48 +0200)]
mac80211: mlme: use local SSID copy

There's no need to look it up from the ifmgd->associated
BSS configuration, we already maintain a local copy since
commit b0140fda626e ("mac80211: mlme: save ssid info to
ieee80211_bss_conf while assoc").

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: use ifmgd->bssid instead of ifmgd->associated->bssid
Johannes Berg [Fri, 13 May 2022 13:48:05 +0000 (15:48 +0200)]
mac80211: use ifmgd->bssid instead of ifmgd->associated->bssid

Since we always track the BSSID there when we get associated,
these are equivalent, but ifmgd->bssid saves a dereference and
thus makes the code a bit smaller, and more readable.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: mlme: move in RSSI reporting code
Johannes Berg [Fri, 13 May 2022 13:48:04 +0000 (15:48 +0200)]
mac80211: mlme: move in RSSI reporting code

This code is tightly coupled to the sdata->u.mgd data
structure, so there's no reason for it to be in utils.
Move it to mlme.c.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: remove stray multi_sta_back_32bit docs
Johannes Berg [Tue, 10 May 2022 14:38:19 +0000 (16:38 +0200)]
mac80211: remove stray multi_sta_back_32bit docs

This field doesn't exist, remove the docs for it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: fix typo in documentation
Johannes Berg [Tue, 10 May 2022 11:37:59 +0000 (13:37 +0200)]
mac80211: fix typo in documentation

This is called offload_flags, remove the extra 'a'.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomac80211: unify CCMP/GCMP AAD construction
Johannes Berg [Fri, 6 May 2022 08:51:52 +0000 (10:51 +0200)]
mac80211: unify CCMP/GCMP AAD construction

Ping-Ke's previous patch adjusted the CCMP AAD construction
to properly take the order bit into account, but failed to
update the (identical) GCMP AAD construction as well.

Unify the AAD construction between the two cases.

Reported-by: Jouni Malinen <j@w1.fi>
Link: https://lore.kernel.org/r/20220506105150.51d66e2a6f3c.I65f12be82c112365169e8a9f48c7a71300e814b9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2 years agomt76: mt7921: add ipv6 NS offload support
Deren Wu [Wed, 11 May 2022 23:06:36 +0000 (07:06 +0800)]
mt76: mt7921: add ipv6 NS offload support

Add ipv6 NS offload for WoWLAN state.

Tested in this way:
1. Put device-A into WoW state.
2. ping6 from device-B to device-A.
3. In sniffer, see Neighbour advertisement from device-A.

Reviewed-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: add gfp to mt76_mcu_msg_alloc signature
Lorenzo Bianconi [Wed, 11 May 2022 23:06:35 +0000 (07:06 +0800)]
mt76: add gfp to mt76_mcu_msg_alloc signature

Introduce __mt76_mcu_msg_alloc utility routine in order to specify gfp
flags for mcu message allocation.

Acked-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: add more statistics from fw_util debugfs knobs
Ryder Lee [Sun, 8 May 2022 05:24:54 +0000 (13:24 +0800)]
mt76: mt7915: add more statistics from fw_util debugfs knobs

Print out exception state and program counters of WA/WM MCUs.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: improve error handling for fw_debug knobs
Ryder Lee [Sun, 8 May 2022 05:24:53 +0000 (13:24 +0800)]
mt76: mt7915: improve error handling for fw_debug knobs

In case fw.debug_wm/wa might be unavailable.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7615/mt7915: do reset_work with mt76's work queue
Bo Jiao [Sat, 7 May 2022 01:21:21 +0000 (09:21 +0800)]
mt76: mt7615/mt7915: do reset_work with mt76's work queue

reset_work may be blocked when mcu message timeout occurs

Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: add support for 6G in-band discovery
MeiChia Chiu [Tue, 26 Apr 2022 02:23:35 +0000 (10:23 +0800)]
mt76: mt7915: add support for 6G in-band discovery

Add offloading FILS discovery and unsolicited broadcast probe response support.

Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: MeiChia Chiu <MeiChia.Chiu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: add Wireless Ethernet Dispatch support
Felix Fietkau [Mon, 6 Dec 2021 12:45:54 +0000 (13:45 +0100)]
mt76: mt7915: add Wireless Ethernet Dispatch support

This is used to support hardware flow offloading from Ethernet to WLAN

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: make number of tokens configurable dynamically
Felix Fietkau [Mon, 26 Apr 2021 15:45:06 +0000 (17:45 +0200)]
mt76: make number of tokens configurable dynamically

Preparation for adding Wireless Ethernet Dispatch support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: add support for overriding the device used for DMA mapping
Felix Fietkau [Thu, 6 Jan 2022 12:22:28 +0000 (13:22 +0100)]
mt76: add support for overriding the device used for DMA mapping

WED support requires using non-coherent DMA, whereas the PCI device might
be configured for coherent DMA.
The WED driver will take care of changing the PCI HIF coherent IO setting
on attach.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: dma: add wrapper macro for accessing queue registers
Felix Fietkau [Sun, 25 Apr 2021 06:22:45 +0000 (08:22 +0200)]
mt76: dma: add wrapper macro for accessing queue registers

Preparation for adding indirection used for Wireless Ethernet Dispatch support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: move MT_INT_MASK_CSR to init.c
Ryder Lee [Thu, 5 May 2022 07:08:36 +0000 (15:08 +0800)]
mt76: mt7915: move MT_INT_MASK_CSR to init.c

To avoid redundant MT_INT_MASK_CSR settings.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: introduce mt7915_mac_severe_check()
Ryder Lee [Thu, 5 May 2022 07:08:35 +0000 (15:08 +0800)]
mt76: mt7915: introduce mt7915_mac_severe_check()

In rare cases, TRB pointers might be out of sync leads to RMAC stopping
Rx that requires minimal recovery, so add this helper to periodically
check TRB status.

Tested-by: Chad Monroe <chad.monroe@smartrg.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: rework SER debugfs knob
Ryder Lee [Thu, 5 May 2022 07:08:34 +0000 (15:08 +0800)]
mt76: mt7915: rework SER debugfs knob

1. get status of system recovery from firmware.
2. add more recovery points.
3. make knob per phy.

Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: limit minimum twt duration
Peter Chiu [Thu, 5 May 2022 08:25:54 +0000 (16:25 +0800)]
mt76: mt7915: limit minimum twt duration

The minimum twt duration supported by mt7915 is 64 according to hardware
design. Reply station with TWT_SETUP_CMD_DICTATE if min_twt_dur smaller
than 64.

Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: reject duplicated twt flows
Peter Chiu [Thu, 5 May 2022 08:25:53 +0000 (16:25 +0800)]
mt76: mt7915: reject duplicated twt flows

Reject twt flows with the same parameters to prevent some potential issues
causing by duplicated establishment.

Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Reviewed-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: fix twt table_mask to u16 in mt7915_dev
Peter Chiu [Thu, 5 May 2022 08:25:52 +0000 (16:25 +0800)]
mt76: mt7915: fix twt table_mask to u16 in mt7915_dev

mt7915 can support 16 twt stations so modify table_mask to u16.

Fixes: 3782b69d03e7 ("mt76: mt7915: introduce mt7915_mac_add_twt_setup routine")
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: update mt7986 patch in mt7986_wmac_adie_patch_7976()
Peter Chiu [Thu, 5 May 2022 08:25:51 +0000 (16:25 +0800)]
mt76: mt7915: update mt7986 patch in mt7986_wmac_adie_patch_7976()

Update mt7976 adie patch for different adie version.

Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Reviewed-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: connac: use skb_put_data instead of open coding
Sean Wang [Mon, 2 May 2022 23:14:38 +0000 (07:14 +0800)]
mt76: connac: use skb_put_data instead of open coding

use skb_put_data instead of open coding in
mt76_connac_mcu_update_arp_filter.

Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: configure soc clocks in mt7986_wmac_init
Lorenzo Bianconi [Fri, 29 Apr 2022 11:55:56 +0000 (13:55 +0200)]
mt76: mt7915: configure soc clocks in mt7986_wmac_init

Configure mt7986 wmac soc clocks in mt7986_wmac_init routine.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: fix tx status related use-after-free race on station removal
Felix Fietkau [Sat, 23 Apr 2022 05:01:18 +0000 (07:01 +0200)]
mt76: fix tx status related use-after-free race on station removal

There is a small race window where ongoing tx activity can lead to a skb
getting added to the status tracking idr after that idr has already been
cleaned up, which will keep the wcid linked in the status poll list.
Fix this by only adding status skbs if the wcid pointer is still assigned
in dev->wcid, which gets cleared early by mt76_sta_pre_rcu_remove

Fixes: bd1e3e7b693c ("mt76: introduce packet_id idr")
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: fix encap offload ethernet type check
Felix Fietkau [Wed, 20 Apr 2022 12:29:00 +0000 (14:29 +0200)]
mt76: fix encap offload ethernet type check

The driver needs to check if the format is 802.2 vs 802.3 in order to set
a tx descriptor flag. skb->protocol can't be used, since it may not be properly
initialized for packets coming in from a packet socket.
Fix misdetection by checking the ethertype from the skb data instead

Reported-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: do not attempt to reorder received 802.3 packets without agg session
Felix Fietkau [Wed, 20 Apr 2022 11:20:23 +0000 (13:20 +0200)]
mt76: do not attempt to reorder received 802.3 packets without agg session

Fixes potential latency / packet drop issues in cases where a BA session has
not (yet) been established.

Fixes: e195dad14115 ("mt76: add support for 802.3 rx frames")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: disable RX_HDR_TRANS_SHORT
Bo Jiao [Wed, 20 Apr 2022 07:11:44 +0000 (15:11 +0800)]
mt76: mt7915: disable RX_HDR_TRANS_SHORT

This patch disables RX_TRANS_SHORT to make MDP to do header translation
when payload less than 8 bytes, hence the (QoS) null data can be encapsulated
to 802.3 format. However, WDS requires (QoS) null data in 802.11 format
to created vlan AP interfaces.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: lian.chen <lian.chen@mediatek.com>
Signed-off-by: Sujuan Chen <sujuan.chen@mediatek.com>
Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7603: move spin_lock_bh() to spin_lock()
Yunbo Yu [Mon, 18 Apr 2022 08:18:44 +0000 (16:18 +0800)]
mt76: mt7603: move spin_lock_bh() to spin_lock()

It is unnecessary to call spin_lock_bh() within a tasklet.

Signed-off-by: Yunbo Yu <yuyunbo519@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: add debugfs knob for RF registers read/write
Shayne Chen [Mon, 18 Apr 2022 08:03:30 +0000 (16:03 +0800)]
mt76: mt7915: add debugfs knob for RF registers read/write

Add RF registers read/write support for debugging RF issues, which
should be processed by mcu commands.
The index of rf registers use the generic regidx, and are combined
with two parts: WF selection [31:28] and offset [27:0].

Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921: fix kernel crash at mt7921_pci_remove
Sean Wang [Thu, 14 Apr 2022 22:56:05 +0000 (06:56 +0800)]
mt76: mt7921: fix kernel crash at mt7921_pci_remove

The crash log shown it is possible that mt7921_irq_handler is called while
devm_free_irq is being handled so mt76_free_device need to be postponed
until devm_free_irq is completed to solve the crash we free the mt76 device
too early.

[ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 9299.339705] #PF: supervisor read access in kernel mode
[ 9299.339735] #PF: error_code(0x0000) - not-present page
[ 9299.339768] PGD 0 P4D 0
[ 9299.339786] Oops: 0000 [#1] SMP PTI
[ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1
[ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022
[ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e]
[ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082
[ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5
[ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020
[ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011
[ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080
[ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228
[ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000
[ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0
[ 9299.340432] PKRU: 55555554
[ 9299.340449] Call Trace:
[ 9299.340467] <TASK>
[ 9299.340485] __free_irq+0x221/0x350
[ 9299.340527] free_irq+0x30/0x70
[ 9299.340553] devm_free_irq+0x55/0x80
[ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e]
[ 9299.340616] pci_device_remove+0x3b/0xa0
[ 9299.340651] __device_release_driver+0x17a/0x240
[ 9299.340686] device_driver_detach+0x3c/0xa0
[ 9299.340714] unbind_store+0x113/0x130
[ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0
[ 9299.340775] new_sync_write+0x15c/0x1f0
[ 9299.340806] vfs_write+0x1d2/0x270
[ 9299.340831] ksys_write+0x67/0xe0
[ 9299.340857] do_syscall_64+0x3b/0x90
[ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: 5c14a5f944b9 ("mt76: mt7921: introduce mt7921e support")
Reported-by: ThinerLogoer <logoerthiner1@163.com>
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921: make read-only array ppet16_ppet8_ru3_ru0 static const
Colin Ian King [Thu, 14 Apr 2022 09:54:38 +0000 (10:54 +0100)]
mt76: mt7921: make read-only array ppet16_ppet8_ru3_ru0 static const

Don't populate the read-only array ppet16_ppet8_ru3_ru0 on the stack but
instead make it static const. Also makes the object code a little smaller.

Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: make read-only array ppet16_ppet8_ru3_ru0 static const
Colin Ian King [Thu, 14 Apr 2022 09:50:07 +0000 (10:50 +0100)]
mt76: mt7915: make read-only array ppet16_ppet8_ru3_ru0 static const

Don't populate the read-only array ppet16_ppet8_ru3_ru0 on the stack but
instead make it static const. Also makes the object code a little smaller.

Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: remove SCS feature
Ryder Lee [Tue, 12 Apr 2022 22:27:24 +0000 (06:27 +0800)]
mt76: mt7915: remove SCS feature

SCS is obsoleted and no longer used, so remove it.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: fix antenna config missing in 6G cap
Deren Wu [Sat, 9 Apr 2022 13:44:07 +0000 (21:44 +0800)]
mt76: fix antenna config missing in 6G cap

To make sure we have the proper antenna config in 6g cap,
move IEEE80211_VHT_CAP_[T/R]X_ANTENNA_PATTERN to stream init.

Fixes: edf9dab8ba27 ("mt76: add 6GHz support")
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: fix rx reordering with non explicit / psmp ack policy
Felix Fietkau [Wed, 20 Apr 2022 10:27:18 +0000 (12:27 +0200)]
mt76: fix rx reordering with non explicit / psmp ack policy

When the QoS ack policy was set to non explicit / psmp ack, frames are treated
as not being part of a BA session, which causes extra latency on reordering.
Fix this by only bypassing reordering for packets with no-ack policy

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921: Add AP mode support
Sean Wang [Wed, 6 Apr 2022 18:29:14 +0000 (02:29 +0800)]
mt76: mt7921: Add AP mode support

add AP mode support to mt7921 that can work for mt7921[e,s,u]
with the common code.

Tested-by: Deren Wu <deren.wu@mediatek.com>
Tested-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: use 0xff to initialize bitrate_mask in mt7915_init_bitrate_mask
Lorenzo Bianconi [Mon, 4 Apr 2022 17:28:02 +0000 (19:28 +0200)]
mt76: mt7915: use 0xff to initialize bitrate_mask in mt7915_init_bitrate_mask

Use 0xff (GENMASK(7,0)) in mt7915_init_bitrate_mask routine in order to
initialize bitrate_mask structure in order to avoid truncating value in
memset().

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate
Lorenzo Bianconi [Mon, 4 Apr 2022 09:17:03 +0000 (11:17 +0200)]
mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate

Report rx mode in mt7915_mac_fill_rx_rate routine in order to properly
add he radiotap if mode is at least HE_SU.

Fixes: 1c9db0aa23fd1 ("mt76: mt7915: update rx rate reporting for mt7916")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set
Lorenzo Bianconi [Mon, 4 Apr 2022 08:35:39 +0000 (10:35 +0200)]
mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set

Fix typo in mt7915_muru_debug_set routine and pass muru_debug value to
mt7915_mcu_muru_debug_set() instead of data pointer.

Fixes: 1966a5078f2d ("mt76: mt7915: add mu-mimo and ofdma debugfs knobs")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
Lorenzo Bianconi [Mon, 4 Apr 2022 08:23:15 +0000 (10:23 +0200)]
mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector

Fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
routine if the chip does not support dbdc and the hw reports band_idx
set to 1.

Fixes: 78fc30a21cf11 ("mt76: mt7915: move testmode data from dev to phy")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup
Lorenzo Bianconi [Mon, 4 Apr 2022 08:08:10 +0000 (10:08 +0200)]
mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup

Add default case for type switch in mt7986_wmac_gpio_setup routine in
order to avoid a possible uninitialized pointer dereference.

Fixes: 99ad32a4ca3a2 ("mt76: mt7915: add support for MT7986")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921: Fix the error handling path of mt7921_pci_probe()
Christophe JAILLET [Sun, 3 Apr 2022 15:40:33 +0000 (17:40 +0200)]
mt76: mt7921: Fix the error handling path of mt7921_pci_probe()

In case of error, some resources must be freed, as already done above and
below the devm_kmemdup() and __mt7921e_mcu_drv_pmctrl() calls added in the
commit in Fixes:.

Fixes: 602cc0c9618a ("mt76: mt7921e: fix possible probe failure after reboot")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss
Lorenzo Bianconi [Sat, 19 Mar 2022 13:28:01 +0000 (14:28 +0100)]
mt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss

Fix the following smatch static checker warning:
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1872 mt7915_mcu_beacon_mbss()
error: undefined (user controlled) shift '(((1))) << (data[2])'

Rely on mac80211 definitions for ieee80211_bssid_index subelement.

Fixes: 6b7f9aff7c67 ("mt76: mt7915: introduce 802.11ax multi-bss support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: always call mt7915_wfsys_reset() during init
Ryder Lee [Sat, 19 Mar 2022 04:53:50 +0000 (12:53 +0800)]
mt76: mt7915: always call mt7915_wfsys_reset() during init

Soft reboot might not clear certain condition, so always call
mt7915_wfsys_reset() during init.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter
Lorenzo Bianconi [Thu, 17 Mar 2022 17:08:35 +0000 (18:08 +0100)]
mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter

Honor runtime-pm user configuration in mt7921_sniffer_interface_iter
routine if we do not have a monitor interface.

Fixes: 1f12fa34e5dc5 ("mt76: mt7921: don't enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921: rely on mt76_dev rxfilter in mt7921_configure_filter
Lorenzo Bianconi [Thu, 17 Mar 2022 17:02:22 +0000 (18:02 +0100)]
mt76: mt7921: rely on mt76_dev rxfilter in mt7921_configure_filter

mt7921 is currently using rxfilter defined in mt76_dev for rx filter
configuration. Fix mt7921_configure_filter implementation.

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921u: add suspend/resume support
Lorenzo Bianconi [Thu, 17 Mar 2022 16:55:59 +0000 (17:55 +0100)]
mt76: mt7921u: add suspend/resume support

Introduce suspend/resume callbacks for mt7921u driver.

Tested-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: fix MBSS index condition in DBDC mode
Evelyn Tsai [Thu, 17 Mar 2022 08:21:50 +0000 (16:21 +0800)]
mt76: fix MBSS index condition in DBDC mode

MT7915_MAX_INTERFACES is per-band declaration in MT7915/MT7986/MT7916.
Enlarge vif_mask to 64 bits wide, including the bit operation.

Reviewed-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Evelyn Tsai <evelyn.tsai@mediatek.com>
Signed-off-by: Bo Jiao <bo.jiao@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: fix use-after-free by removing a non-RCU wcid pointer
Felix Fietkau [Fri, 25 Mar 2022 21:01:43 +0000 (22:01 +0100)]
mt76: fix use-after-free by removing a non-RCU wcid pointer

Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule
by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and
sta_info_[alloc, free].

[18853.876689] ==================================================================
[18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76]
[18853.876773] Read of size 8 at addr ffffffaf989a2138 by task mt76-tx phy0/883
[18853.876786]
[18853.876810] CPU: 5 PID: 883 Comm: mt76-tx phy0 Not tainted 5.10.100-fix-510-56778d365941-kasan #5 0b01fbbcf41a530f52043508fec2e31a4215

[18853.876840] Call trace:
[18853.876861]  dump_backtrace+0x0/0x3ec
[18853.876878]  show_stack+0x20/0x2c
[18853.876899]  dump_stack+0x11c/0x1ac
[18853.876918]  print_address_description+0x74/0x514
[18853.876934]  kasan_report+0x134/0x174
[18853.876948]  __asan_report_load8_noabort+0x44/0x50
[18853.876976]  mt76_txq_schedule+0x204/0xaf8 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]
[18853.877002]  mt76_txq_schedule_all+0x2c/0x48 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]
[18853.877030]  mt7921_tx_worker+0xa0/0x1cc [mt7921_common f0875ebac9d7b4754e1010549e7db50fbd90a047]
[18853.877054]  __mt76_worker_fn+0x190/0x22c [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]
[18853.877071]  kthread+0x2f8/0x3b8
[18853.877087]  ret_from_fork+0x10/0x30
[18853.877098]
[18853.877112] Allocated by task 941:
[18853.877131]  kasan_save_stack+0x38/0x68
[18853.877147]  __kasan_kmalloc+0xd4/0xfc
[18853.877163]  kasan_kmalloc+0x10/0x1c
[18853.877177]  __kmalloc+0x264/0x3c4
[18853.877294]  sta_info_alloc+0x460/0xf88 [mac80211]
[18853.877410]  ieee80211_prep_connection+0x204/0x1ee0 [mac80211]
[18853.877523]  ieee80211_mgd_auth+0x6c4/0xa4c [mac80211]
[18853.877635]  ieee80211_auth+0x20/0x2c [mac80211]
[18853.877733]  rdev_auth+0x7c/0x438 [cfg80211]
[18853.877826]  cfg80211_mlme_auth+0x26c/0x390 [cfg80211]
[18853.877919]  nl80211_authenticate+0x6d4/0x904 [cfg80211]
[18853.877938]  genl_rcv_msg+0x748/0x93c
[18853.877954]  netlink_rcv_skb+0x160/0x2a8
[18853.877969]  genl_rcv+0x3c/0x54
[18853.877985]  netlink_unicast_kernel+0x104/0x1ec
[18853.877999]  netlink_unicast+0x178/0x268
[18853.878015]  netlink_sendmsg+0x3cc/0x5f0
[18853.878030]  sock_sendmsg+0xb4/0xd8
[18853.878043]  ____sys_sendmsg+0x2f8/0x53c
[18853.878058]  ___sys_sendmsg+0xe8/0x150
[18853.878071]  __sys_sendmsg+0xc4/0x1f4
[18853.878087]  __arm64_compat_sys_sendmsg+0x88/0x9c
[18853.878101]  el0_svc_common+0x1b4/0x390
[18853.878115]  do_el0_svc_compat+0x8c/0xdc
[18853.878131]  el0_svc_compat+0x10/0x1c
[18853.878146]  el0_sync_compat_handler+0xa8/0xcc
[18853.878161]  el0_sync_compat+0x188/0x1c0
[18853.878171]
[18853.878183] Freed by task 10927:
[18853.878200]  kasan_save_stack+0x38/0x68
[18853.878215]  kasan_set_track+0x28/0x3c
[18853.878228]  kasan_set_free_info+0x24/0x48
[18853.878244]  __kasan_slab_free+0x11c/0x154
[18853.878259]  kasan_slab_free+0x14/0x24
[18853.878273]  slab_free_freelist_hook+0xac/0x1b0
[18853.878287]  kfree+0x104/0x390
[18853.878402]  sta_info_free+0x198/0x210 [mac80211]
[18853.878515]  __sta_info_destroy_part2+0x230/0x2d4 [mac80211]
[18853.878628]  __sta_info_flush+0x300/0x37c [mac80211]
[18853.878740]  ieee80211_set_disassoc+0x2cc/0xa7c [mac80211]
[18853.878851]  ieee80211_mgd_deauth+0x4a4/0x10a0 [mac80211]
[18853.878962]  ieee80211_deauth+0x20/0x2c [mac80211]
[18853.879057]  rdev_deauth+0x7c/0x438 [cfg80211]
[18853.879150]  cfg80211_mlme_deauth+0x274/0x414 [cfg80211]
[18853.879243]  cfg80211_mlme_down+0xe4/0x118 [cfg80211]
[18853.879335]  cfg80211_disconnect+0x218/0x2d8 [cfg80211]
[18853.879427]  __cfg80211_leave+0x17c/0x240 [cfg80211]
[18853.879519]  cfg80211_leave+0x3c/0x58 [cfg80211]
[18853.879611]  wiphy_suspend+0xdc/0x200 [cfg80211]
[18853.879628]  dpm_run_callback+0x58/0x408
[18853.879642]  __device_suspend+0x4cc/0x864
[18853.879658]  async_suspend+0x34/0xf4
[18853.879673]  async_run_entry_fn+0xe0/0x37c
[18853.879689]  process_one_work+0x508/0xb98
[18853.879702]  worker_thread+0x7f4/0xcd4
[18853.879717]  kthread+0x2f8/0x3b8
[18853.879731]  ret_from_fork+0x10/0x30
[18853.879741]
[18853.879757] The buggy address belongs to the object at ffffffaf989a2000
[18853.879757]  which belongs to the cache kmalloc-8k of size 8192
[18853.879774] The buggy address is located 312 bytes inside of
[18853.879774]  8192-byte region [ffffffaf989a2000ffffffaf989a4000)
[18853.879787] The buggy address belongs to the page:
[18853.879807] page:000000004bda2a59 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d89a0
[18853.879823] head:000000004bda2a59 order:3 compound_mapcount:0 compound_pincount:0
[18853.879839] flags: 0x8000000000010200(slab|head)
[18853.879857] raw: 8000000000010200 ffffffffbc89e208 ffffffffb7fb5208 ffffffaec000cc80
[18853.879873] raw: 0000000000000000 0000000000010001 00000001ffffffff 0000000000000000
[18853.879885] page dumped because: kasan: bad access detected
[18853.879896]
[18853.879907] Memory state around the buggy address:
[18853.879922]  ffffffaf989a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[18853.879935]  ffffffaf989a2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[18853.879948] >ffffffaf989a2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[18853.879961]                                         ^
[18853.879973]  ffffffaf989a2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[18853.879986]  ffffffaf989a2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[18853.879998] ==================================================================

Cc: stable@vger.kernel.org
Reported-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7921: accept rx frames with non-standard VHT MCS10-11
Felix Fietkau [Fri, 25 Mar 2022 20:15:15 +0000 (21:15 +0100)]
mt76: mt7921: accept rx frames with non-standard VHT MCS10-11

The hardware receives them properly, they should not be dropped

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: accept rx frames with non-standard VHT MCS10-11
Felix Fietkau [Fri, 25 Mar 2022 20:14:26 +0000 (21:14 +0100)]
mt76: mt7915: accept rx frames with non-standard VHT MCS10-11

The hardware receives them properly, they should not be dropped

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: dma: use kzalloc instead of devm_kzalloc for txwi
Felix Fietkau [Sat, 19 Mar 2022 20:56:20 +0000 (21:56 +0100)]
mt76: dma: use kzalloc instead of devm_kzalloc for txwi

dma unmap is already needed for cleanup anyway, so we don't need the extra
tracking and can save a bit of memory here

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: reduce tx queue lock hold time
Felix Fietkau [Sat, 19 Mar 2022 20:40:14 +0000 (21:40 +0100)]
mt76: reduce tx queue lock hold time

- call txq dequeue without holding txq lock (locking handled by mac80211)
- disable bh around tx queue schedule

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: rework hardware/phy initialization
Felix Fietkau [Fri, 25 Mar 2022 13:20:06 +0000 (14:20 +0100)]
mt76: mt7915: rework hardware/phy initialization

Clean up and fix error paths in mt7915_register_device
Initialize second DBDC tx queue in mt7915_dma_init

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agomt76: mt7915: fix DBDC default band selection on MT7915D
Felix Fietkau [Sat, 19 Mar 2022 07:08:26 +0000 (08:08 +0100)]
mt76: mt7915: fix DBDC default band selection on MT7915D

This code was accidentally dropped while adding 6 GHz support

Fixes: b4d093e321bd ("mt76: mt7915: add 6 GHz support")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 years agortlwifi: Use pr_warn instead of WARN_ONCE
Dongliang Mu [Wed, 11 May 2022 01:44:52 +0000 (09:44 +0800)]
rtlwifi: Use pr_warn instead of WARN_ONCE

This memory allocation failure can be triggered by fault injection or
high pressure testing, resulting a WARN.

Fix this by replacing WARN with pr_warn.

Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220511014453.1621366-1-dzm91@hust.edu.cn
2 years agowfx: use container_of() to get vif
Jaehee Park [Fri, 6 May 2022 17:00:46 +0000 (13:00 -0400)]
wfx: use container_of() to get vif

Currently, upon virtual interface creation, wfx_add_interface() stores
a reference to the corresponding struct ieee80211_vif in private data,
for later usage. This is not needed when using the container_of
construct. This construct already has all the info it needs to retrieve
the reference to the corresponding struct from the offset that is
already available, inherent in container_of(), between its type and
member inputs (struct ieee80211_vif and drv_priv, respectively).
Remove vif (which was previously storing the reference to the struct
ieee80211_vif) from the struct wfx_vif, define a function
wvif_to_vif(wvif) for container_of(), and replace all wvif->vif with
the newly defined container_of construct.

Signed-off-by: Jaehee Park <jhpark1013@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506170046.GA1297231@jaehee-ThinkPad-X1-Extreme
2 years agortw89: add debug entry to dump BSSID CAM
Ping-Ke Shih [Fri, 6 May 2022 12:02:16 +0000 (20:02 +0800)]
rtw89: add debug entry to dump BSSID CAM

BSSID CAM is a kind of CAM that is used to determine if we receive a packet
or not. Add an entry to assist in debugging.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506120216.58567-6-pkshih@realtek.com
2 years agortw89: add debug select to dump MAC pages 0x30 to 0x33
Ping-Ke Shih [Fri, 6 May 2022 12:02:15 +0000 (20:02 +0800)]
rtw89: add debug select to dump MAC pages 0x30 to 0x33

Dump new region 0x3000 to 0x33ff to help debug.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506120216.58567-5-pkshih@realtek.com
2 years agortw89: correct CCA control
Ping-Ke Shih [Fri, 6 May 2022 12:02:14 +0000 (20:02 +0800)]
rtw89: correct CCA control

EDCCA signal can block transmitting in certain situation, so ignore this
signal and use others to decide transmitting time.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506120216.58567-4-pkshih@realtek.com
2 years agortw89: correct setting of RX MPDU length
Ping-Ke Shih [Fri, 6 May 2022 12:02:13 +0000 (20:02 +0800)]
rtw89: correct setting of RX MPDU length

Set proper setting according to RX quota, and then it doesn't break buffer
due to size of received packet exceeding buffer size.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506120216.58567-3-pkshih@realtek.com
2 years agortw89: 8852c: add settings to decrease the effect of DC
Hsuan Hung [Fri, 6 May 2022 12:02:12 +0000 (20:02 +0800)]
rtw89: 8852c: add settings to decrease the effect of DC

Modify NBI and PD boost settings according to different primary channels.
This setting can decrease the false alarm induced by DC.

Signed-off-by: Hsuan Hung <hsuan8331@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506120216.58567-2-pkshih@realtek.com
2 years agossb: remove unreachable code
Jiapeng Chong [Fri, 6 May 2022 07:58:14 +0000 (15:58 +0800)]
ssb: remove unreachable code

Clean up the following smatch warning:

drivers/ssb/pci.c:917 ssb_pci_sprom_get() warn: ignoring unreachable
code.

Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Acked-by: Michael Büsch <m@bues.ch>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506075814.115059-1-jiapeng.chong@linux.alibaba.com
2 years agobrcmfmac: allow setting wlan MAC address using device tree
Pavel Löbl [Fri, 6 May 2022 04:42:46 +0000 (06:42 +0200)]
brcmfmac: allow setting wlan MAC address using device tree

This allows firmware to provide MAC address using device tree. Like in
case there is no MAC burned in wlan NVRAM.

Signed-off-by: Pavel Löbl <pavel@loebl.cz>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220506044246.67146-1-pavel@loebl.cz
2 years agowilc1000: add valid vmm_entry check before fetching from TX queue
Ajay Singh [Wed, 4 May 2022 16:19:27 +0000 (16:19 +0000)]
wilc1000: add valid vmm_entry check before fetching from TX queue

'vmm_table' array contains the size of data buffer length including host
header length. In 'vmm_table' array, the Zero value means the end of
vmm_entries that needs to transfer to firmware which is calculated based on
VMM free size in firmware.

Use 'vmm_table' valid entry check before fetching the entry from TX queue to
only copy valid number of entries to avoid possible NULL pointer exception
observed sometimes during large file transfers.

Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220504161924.2146601-5-ajay.kathat@microchip.com
2 years agowilc1000: use 'u64' datatype for cookie variable
Ajay Singh [Wed, 4 May 2022 16:19:26 +0000 (16:19 +0000)]
wilc1000: use 'u64' datatype for cookie variable

Use 'u64' instead of 'u32' for the cookie variable as expected by cfg80211
callback function argument.

Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220504161924.2146601-4-ajay.kathat@microchip.com
2 years agowilc1000: fix crash observed in AP mode with cfg80211_register_netdevice()
Ajay Singh [Wed, 4 May 2022 16:19:26 +0000 (16:19 +0000)]
wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice()

Monitor(mon.) interface is used for handling the AP mode and 'ieee80211_ptr'
reference is not getting set for it. Like earlier implementation,
use register_netdevice() instead of cfg80211_register_netdevice() which
expects valid 'ieee80211_ptr' reference to avoid the possible crash.

Fixes: 2fe8ef106238 ("cfg80211: change netdev registration/unregistration semantics")
Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220504161924.2146601-3-ajay.kathat@microchip.com
2 years agowilc1000: use fixed function base register value to access SDIO_FBR_ENABLE_CSA
Ajay Singh [Wed, 4 May 2022 16:19:25 +0000 (16:19 +0000)]
wilc1000: use fixed function base register value to access SDIO_FBR_ENABLE_CSA

The function number was not correct(reset to 0) when host resumes from
suspend state. Use hardcoded value in function base information
register(FBR base address) to re-initialize correctly on host resume.

Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220504161924.2146601-2-ajay.kathat@microchip.com
2 years agowilc1000: increase firmware version array size
Ajay Singh [Wed, 4 May 2022 16:19:25 +0000 (16:19 +0000)]
wilc1000: increase firmware version array size

Increase firmware version array size to hold complete version information.
The firmware commit id(Build:) information is also part of the firmware
version string.

Firmware version format:
WILC_WIFI_FW_REL_XX_XX Build: XXXXX

e.g.
WILC_WIFI_FW_REL_15_6 Build: 12804

Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220504161924.2146601-1-ajay.kathat@microchip.com
2 years agoath11k: remove redundant assignment to variables vht_mcs and he_mcs
Colin Ian King [Mon, 9 May 2022 11:57:32 +0000 (14:57 +0300)]
ath11k: remove redundant assignment to variables vht_mcs and he_mcs

The variables vht_mcs and he_mcs are being initialized in the
start of for-loops however they are re-assigned new values in
the loop and not used outside the loop. The initializations
are redundant and can be removed.

Cleans up clang scan warnings:

warning: Although the value stored to 'vht_mcs' is used in the
enclosing expression, the value is never actually read from
'vht_mcs' [deadcode.DeadStores]

warning: Although the value stored to 'he_mcs' is used in the
enclosing expression, the value is never actually read from
'he_mcs' [deadcode.DeadStores]

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220507184155.26939-1-colin.i.king@gmail.com
2 years agoath11k: Reuse the available memory after firmware reload
Anilkumar Kolli [Mon, 9 May 2022 11:57:32 +0000 (14:57 +0300)]
ath11k: Reuse the available memory after firmware reload

Ath11k allocates memory when firmware requests memory in QMI.
Coldboot calibration and firmware recovery uses firmware reload.
On firmware reload, firmware sends memory request again. If Ath11k
allocates memory on first firmware boot, reuse the available
memory. Also check if the segment type and size is same
on the next firmware boot. Reuse if segment type/size is
same as previous firmware boot else free the segment and
allocate the segment with size/type.

Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.6.0.1-00752-QCAHKSWPL_SILICONZ-1

Signed-off-by: Anilkumar Kolli <quic_akolli@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220506141448.10340-1-quic_akolli@quicinc.com
2 years agowil6210: remove 'freq' debugfs
Johannes Berg [Mon, 9 May 2022 11:57:32 +0000 (14:57 +0300)]
wil6210: remove 'freq' debugfs

This is completely racy, remove it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220506095451.9852305a92c8.I05155824a1b9059eb59beccde81786dc69de354a@changeid
2 years agoath11k: Designating channel frequency when sending management frames
Baochen Qiang [Mon, 9 May 2022 11:57:32 +0000 (14:57 +0300)]
ath11k: Designating channel frequency when sending management frames

In case of Passpoint, the WLAN interface may be requested to
remain on a specific channel and then to send some management
frames on that channel. Now chanfreq of wmi_mgmt_send_cmd is set
as 0, as a result firmware may choose a default but wrong channel.
Fix it by assigning chanfreq field with the designated channel.

This change only applies to WCN6855 and QCA6390, other chips are
not affected.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1

Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220506013614.1580274-4-quic_bqiang@quicinc.com
2 years agoath11k: Don't check arvif->is_started before sending management frames
Baochen Qiang [Mon, 9 May 2022 11:57:31 +0000 (14:57 +0300)]
ath11k: Don't check arvif->is_started before sending management frames

Commit 66307ca04057 ("ath11k: fix mgmt_tx_wmi cmd sent to FW for
deleted vdev") wants both of below two conditions are true before
sending management frames:

1: ar->allocated_vdev_map & (1LL << arvif->vdev_id)
2: arvif->is_started

Actually the second one is not necessary because with the first one
we can make sure the vdev is present.

Also use ar->conf_mutex to synchronize vdev delete and mgmt. TX.

This issue is found in case of Passpoint scenario where ath11k
needs to send action frames before vdev is started.

Fix it by removing the second condition.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1

Fixes: 66307ca04057 ("ath11k: fix mgmt_tx_wmi cmd sent to FW for deleted vdev")
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220506013614.1580274-3-quic_bqiang@quicinc.com
2 years agoath11k: Implement remain-on-channel support
Baochen Qiang [Mon, 9 May 2022 11:57:31 +0000 (14:57 +0300)]
ath11k: Implement remain-on-channel support

Add remain on channel support, it is needed in several
scenarios such as Passpoint etc.

Currently this is supported by QCA6390, WCN6855, IPQ8074,
IPQ6018 and QCN9074.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1

Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220506013614.1580274-2-quic_bqiang@quicinc.com
2 years agoath11k: Handle keepalive during WoWLAN suspend and resume
Baochen Qiang [Mon, 9 May 2022 11:57:31 +0000 (14:57 +0300)]
ath11k: Handle keepalive during WoWLAN suspend and resume

With WoWLAN enabled and after sleeping for a rather long time,
we are seeing that with some APs, it is not able to wake up
the STA though the correct wake up pattern has been configured.
This is because the host doesn't send keepalive command to
firmware, thus firmware will not send any packet to the AP and
after a specific time the AP kicks out the STA.

Fix this issue by enabling keepalive before going to suspend
and disabling it after resume back.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1

Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220506012540.1579604-1-quic_bqiang@quicinc.com
2 years agoath11k: reset 11d state in process of recovery
Wen Gong [Thu, 5 May 2022 03:46:36 +0000 (23:46 -0400)]
ath11k: reset 11d state in process of recovery

When doing simulate_fw_crash operation periodically with a short interval
time such as 10 seconds, it is easy happened WMI command timed out for
WMI_SCAN_CHAN_LIST_CMDID in ath11k_reg_update_chan_list().

log:
[42287.610053] ath11k_pci 0000:01:00.0: wmi command 12291 timeout
[42287.610064] ath11k_pci 0000:01:00.0: failed to send WMI_SCAN_CHAN_LIST cmd
[42287.610073] ath11k_pci 0000:01:00.0: failed to perform regd update : -11

Note that this issue does not occur with a longer interval such as 20 seconds.

The reason the issue occurs with a shorter interval is the following steps:
1) Upon initial boot, or after device recovery, the initial hw scan plus
the 11d scan will run, and when 6 GHz support is present, these scans
can take up to 12 seconds to complete, so ath11k_reg_update_chan_list()
is still waiting the completion of ar->completed_11d_scan.
2) If a simulate_fw_crash operation is received during this time, those
scans do not complete, and ath11k_core_pre_reconfigure_recovery()
complete the ar->completed_11d_scan, then ath11k_reg_update_chan_list()
wakeup and start to send WMI_SCAN_CHAN_LIST_CMDID, but firmware is crashed
at this moment, so wmi timed out occur.

To address this issue, reset the 11d state during device recovery so that
WMI_SCAN_CHAN_LIST_CMDID does not timed out for short interval time such
as 10 seconds.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3

Fixes: 1f682dc9fb37 ("ath11k: reduce the wait time of 11d scan and hw scan while add interface")
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220505034636.29582-1-quic_wgong@quicinc.com