platform/kernel/linux-rpi.git
18 months agowifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities
Ping-Ke Shih [Fri, 21 Apr 2023 02:45:45 +0000 (10:45 +0800)]
wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities

Add PCI entry to 8851BE with its device ID 10ec:b851, also fill PCI info
according to its capabilities.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230421024551.29994-3-pkshih@realtek.com
18 months agowifi: rtw89: 8851b: add 8851B basic chip_info
Ping-Ke Shih [Fri, 21 Apr 2023 02:45:44 +0000 (10:45 +0800)]
wifi: rtw89: 8851b: add 8851B basic chip_info

8851B is a 1x1 80 MHz bandwidth chip working on 2/5 GHz. Add these basic
information, and more settings will be added by functions.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230421024551.29994-2-pkshih@realtek.com
18 months agowifi: rtw89: scan offload wait for FW done ACK
Zong-Zhe Yang [Wed, 19 Apr 2023 11:46:03 +0000 (11:46 +0000)]
wifi: rtw89: scan offload wait for FW done ACK

The following are scan offload related H2C (host to chip) function types.
* H2C_FUNC_ADD_SCANOFLD_CH
* H2C_FUNC_SCANOFLD
Before doing FW scan, we will continuously send multiple H2Cs with above
types which are used to tell FW the scan configuration of this time. But,
if FW doesn't handle one of these H2Cs well, the FW scan process might
not run as expected and driver should notice it early.

So, this commits makes scan offload related H2Cs wait for FW done ACK via
rtw89_wait_for_cond() and rtw89_complete_cond(). And, we check the return
code of these H2Cs from FW.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/a15f4bd594f71d7602ea67698b035805143700c9.camel@realtek.com
18 months agowifi: rtw89: mac: handle C2H receive/done ACK in interrupt context
Zong-Zhe Yang [Wed, 19 Apr 2023 11:46:01 +0000 (11:46 +0000)]
wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context

We have some MAC H2Cs (host to chip packets), which have no clear
individual C2Hs (chip to host packets) to indicate FW execution
response, but they are going to require to wait for FW completion.
So, we have to deal with this via common MAC C2H receive/done ACKs.

This commit changes the context, where common MAC C2H receive/done
ACK handlers are executed, to interrupt context. And, code comments
are added to prevent future commits from using it incorrectly.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/c4d766885e00b9f9dcf7954a80096c8b9d21149b.camel@realtek.com
18 months agowifi: rtw89: packet offload wait for FW response
Zong-Zhe Yang [Wed, 19 Apr 2023 11:45:58 +0000 (11:45 +0000)]
wifi: rtw89: packet offload wait for FW response

The H2Cs (host to chip packets) related to packet offload functions
need to wait for FW responses in case FW state machine gets wrong
and makes driver status no longer able to align FW one. In flow,
driver may continuously send multiple H2Cs of packet offload series.
If somehow FW doesn't deal with the former yet but the latter has
gotten in, it might cause the problem mentioned above.

So, we block these H2Cs by rtw89_wait_for_cond(). And then, when
the corresponding C2Hs (chip to host packets) is received, we call
rtw89_complete_cond(). Besides, RTW89_MAC_C2H_FUNC_PKT_OFLD_RSP's
C2H handler should be executed in interrupt context to make our
wait/complete process work as expected.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/9ae8c1f105901c65e3171276a9fd6c99ae51803f.camel@realtek.com
18 months agowifi: rtw89: refine packet offload delete flow of 6 GHz probe
Zong-Zhe Yang [Wed, 19 Apr 2023 11:45:55 +0000 (11:45 +0000)]
wifi: rtw89: refine packet offload delete flow of 6 GHz probe

There are two places where offload packets of 6 GHz probe would be deleted
from FW, i.e. calling rtw89_fw_h2c_del_pkt_offload().
* rtw89_core_cancel_6ghz_probe_tx()
* rtw89_release_pkt_list()
It is possible that we try to delete the same one from FW twice. Although
it might not be a big problem for now, it will depend on the runtime chip
firmware. So, we add a check to avoid it. In case things becomes complex
due to racing problem, we don't choose to do list_del(info->list) and
kfree(info) in both sides.

Besides, rtw89_fw_h2c_del_pkt_offload() will needs to wait for completion
after the follow-up commit. However, rtw89_core_cancel_6ghz_probe_tx()
was called in interrupt context. So, we move the stuffs of calling
rtw89_fw_h2c_del_pkt_offload() from rtw89_core_cancel_6ghz_probe_tx()
into a work. Then, we also need a check there before we call it.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/091966e5709cd7caecf9b81f7fd6388ae2b70a7e.camel@realtek.com
18 months agowifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload()
Zong-Zhe Yang [Wed, 19 Apr 2023 11:45:51 +0000 (11:45 +0000)]
wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload()

We have a pair of FW functions, rtw89_fw_h2c_add_pkt_offload() and
rtw89_fw_h2c_del_pkt_offload(). The rtw89_fw_h2c_add_pkt_offload()
acquires the bit itself, but the bit needs to be released by the
caller of rtw89_fw_h2c_del_pkt_offload(). This looks asymmetrical
and is not friendly to callers.

Second, if callers always releases the bits, it might make driver
unaligned to bitmap status of FW after some failures of calling
rtw89_fw_h2c_del_pkt_offload(). So, this commit move bit release
into rtw89_fw_h2c_del_pkt_offload().

In general, driver will call rtw89_fw_h2c_add_pkt_offload() and
rtw89_fw_h2c_del_pkt_offload(), and then, SW bitmap can align
with FW one. There is one exception when notify_fw is false.
It happens when driver detects FW problems and is going to
reset FW. Only in this case, driver needs to release bits
outside rtw89_fw_h2c_del_pkt_offload().

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/8cf5d45c5b04e7b680d4eb9dda62056cdce14cec.camel@realtek.com
18 months agowifi: rtw89: add EVM for antenna diversity
Eric Huang [Tue, 18 Apr 2023 01:28:20 +0000 (09:28 +0800)]
wifi: rtw89: add EVM for antenna diversity

Take EVM into consideration when doing antenna diversity, and the priority
is higher than RSSI. Since EVM is more relevant to performance than RSSI,
especially in OTA environment.

Signed-off-by: Eric Huang <echuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230418012820.5139-8-pkshih@realtek.com
18 months agowifi: rtw89: add RSSI based antenna diversity
Eric Huang [Tue, 18 Apr 2023 01:28:19 +0000 (09:28 +0800)]
wifi: rtw89: add RSSI based antenna diversity

RSSI statistics are grouped by CCK, OFDM or non-legacy rate. These
statistics will be collected in training state for both (main/aux)
antenna. There is a time period (ANTDIV_DELAY) for rate adaptive
settle down before start collect statistics when switch antenna.

Antenna diversity checks packet count from training state for each
group and use the most one as the final RSSI for comparison, and
then choose the better one as target antenna.

Signed-off-by: Eric Huang <echuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230418012820.5139-7-pkshih@realtek.com
18 months agowifi: rtw89: initialize antenna for antenna diversity
Eric Huang [Tue, 18 Apr 2023 01:28:18 +0000 (09:28 +0800)]
wifi: rtw89: initialize antenna for antenna diversity

Initialize basic antenna switch settings according to hardware module
design, and set to default antenna A. The set antenna function will be
called dynamically to switch antenna according to EVM and RSSI.

Signed-off-by: Eric Huang <echuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230418012820.5139-6-pkshih@realtek.com
18 months agowifi: rtw89: add EVM and SNR statistics to debugfs
Ping-Ke Shih [Tue, 18 Apr 2023 01:28:17 +0000 (09:28 +0800)]
wifi: rtw89: add EVM and SNR statistics to debugfs

To help debug performance problem, add EVM and SNR statistics to debugfs
that shows

  EVM: [(26.75, 26.75) (25.75, 25.75)]    SNR: 40

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230418012820.5139-5-pkshih@realtek.com
18 months agowifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs
Ping-Ke Shih [Tue, 18 Apr 2023 01:28:16 +0000 (09:28 +0800)]
wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs

RSSI strength is only from PHY path A, but there are two antenna for the
module which supports antenna diversity. So, set RSSI value to index 1 of
RSSI array if current antenna is on antenna B. Then, debugfs can show
two RSSI values with a asterisk mark on selected antenna.

  RSSI: -23 dBm (raw=174, prev=173) [-26, -23*]

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230418012820.5139-4-pkshih@realtek.com
18 months agowifi: rtw89: set capability of TX antenna diversity
Ping-Ke Shih [Tue, 18 Apr 2023 01:28:15 +0000 (09:28 +0800)]
wifi: rtw89: set capability of TX antenna diversity

TX antenna diversity is a mechanism to select a proper antenna from two
antenna for single one hardware PHY chip. It chooses antenna with better
EVM or RSSI, and use GPIO to control SPDT to switch selected antenna.

RFE type from efuse is used to define if a module can support TX antenna
diversity when (type % 3) is 2.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230418012820.5139-3-pkshih@realtek.com
18 months agowifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status
Ping-Ke Shih [Tue, 18 Apr 2023 01:28:14 +0000 (09:28 +0800)]
wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status

To be more clear to know where it gets information from PHY IE0 data,
change to use struct and standard le32_get_bits() to access. This doesn't
change logic at all.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230418012820.5139-2-pkshih@realtek.com
18 months agowifi: rtw88: fix incorrect error codes in rtw_debugfs_set_*
Zhang Shurong [Wed, 26 Apr 2023 17:02:21 +0000 (01:02 +0800)]
wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_*

If there is a failure during copy_from_user or user-provided data
buffer is invalid, rtw_debugfs_set_* should return negative
error code instead of a positive value count.

Fix this bug by returning correct error code.

Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/tencent_53140CC2A3468101955F02EB66AA96780B05@qq.com
18 months agowifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user
Zhang Shurong [Wed, 26 Apr 2023 17:02:20 +0000 (01:02 +0800)]
wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user

If there is a failure during copy_from_user or user-provided data
buffer is invalid, rtw_debugfs_copy_from_user should return negative
error code instead of a positive value count.

Fix this bug by returning correct error code. Moreover, the check
of buffer against null is removed since it will be handled by
copy_from_user.

Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/tencent_D2EB102CC7435C0110154E62ECA6A7D67505@qq.com
18 months agowifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return
Martin Kaiser [Thu, 27 Apr 2023 18:59:36 +0000 (20:59 +0200)]
wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return

Remove a return statement at the end of a void function.

This fixes a checkpatch warning.

WARNING: void function return statements are not generally useful
6206: FILE: ./drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c:6206:
+  return;
+}

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230427185936.923777-1-martin@kaiser.cx
18 months agowifi: rtl8xxxu: Support USB RX aggregation for the newer chips
Bitterblue Smith [Tue, 25 Apr 2023 13:01:00 +0000 (16:01 +0300)]
wifi: rtl8xxxu: Support USB RX aggregation for the newer chips

The driver can receive several frames in the same USB transfer.
Add the code to handle this in rtl8xxxu_parse_rxdesc24(), even though
currently all the relevant chips send only one frame per USB transfer
(RTL8723BU, RTL8192EU, RTL8188FU, RTL8710BU).

This was tested with RTL8188FU, RTL8192EU, RTL8710BU, and RTL8192FU.

Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/16d2d1ff-6438-10c9-347f-6e14dd358ccf@gmail.com
18 months agowifi: rtl8xxxu: Set maximum number of supported stations
Martin Kaistra [Fri, 28 Apr 2023 15:08:33 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Set maximum number of supported stations

Set maximum number of associated stations supported in AP mode. For
8188f, the maximum number of supported macids is 16, reserve one for
broadcast/multicast frames.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-19-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Declare AP mode support for 8188f
Martin Kaistra [Fri, 28 Apr 2023 15:08:32 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Declare AP mode support for 8188f

Everything is in place now for AP mode, we can tell the system that we
support it. Put the feature behind a flag in priv->fops, because it is
not (yet) implemented for all chips.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-18-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags
Martin Kaistra [Fri, 28 Apr 2023 15:08:31 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags

As this driver uses HAS_RATE_CONTROL, rate_flags will not be provided by
mac80211.

Stop using tx_info->control.rates[0].flags and ieee80211_get_rts_cts_rate()
and use rts_threshold and bss_conf.use_cts_prot instead to determine
when to use RTS and CTS.

Send RTS with 24M rate like the vendor drivers. Also set this RTS rate
for ampdu_enable = true, because we also enable RTS for these frames.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-17-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate()
Martin Kaistra [Fri, 28 Apr 2023 15:08:30 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate()

As this driver uses HAS_RATE_CONTROL, tx_rates will not be provided by
mac80211.

For some frames c->control.rates[0].idx is negative, which means
ieee80211_get_tx_rate() will print a warning and return NULL.

Only management frames have USE_DRIVER_RATE set, so for all others the
rate info of txdesc is ignored anyway.

Remove call to ieee80211_get_tx_rate() and send management frames with
1M (rate info = 0).

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-16-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Clean up filter configuration
Martin Kaistra [Fri, 28 Apr 2023 15:08:29 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Clean up filter configuration

When RCR_CHECK_BSSID_MATCH is set in AP mode, we don't receive any data
frames. Rearrange RCR bits to filter flags to match other realtek drivers
and remove RCR_CHECK_BSSID_MATCH in AP mode.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-15-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames
Martin Kaistra [Fri, 28 Apr 2023 15:08:28 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames

Beacon frames are generated by the HW and therefore contain a HW
generated seq number. Enable HW sequence number for other frames to
match that.
mac80211 will tell us via IEEE80211_TX_CTL_ASSIGN_SEQ when that is
necessary.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-14-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Add parameter macid to update_rate_mask
Martin Kaistra [Fri, 28 Apr 2023 15:08:27 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Add parameter macid to update_rate_mask

The HW maintains a rate_mask for each connection, referenced by the
macid. Add a parameter to update_rate_mask and add the macid to the
h2c call in the gen2 implementation.

Also extend refresh_rate_mask to get the macid from sta_info.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-13-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Put the macid in txdesc
Martin Kaistra [Fri, 28 Apr 2023 15:08:26 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Put the macid in txdesc

Add a parameter macid to fill_txdesc(), implement setting it for the
gen2 version.
This is used to tell the HW who the recipient of the packet is, so that
the appropriate data rate can be selected.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-12-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks
Martin Kaistra [Fri, 28 Apr 2023 15:08:25 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks

In AP mode, sta_add() gets called when a new STA gets associated to
us. Call rtl8xxxu_refresh_rate_mask() to set a rate mask for the newly
connected STA (referenced by the macid) and then send a media connnect
report. Ignore the call to sta_add() in station mode.

Reserve one macid for broadcast/multicast packets in init.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-11-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask
Martin Kaistra [Fri, 28 Apr 2023 15:08:24 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask

In AP mode, when multiple STAs connect to us, we need to set an initial
rate mask for each of them. This initialisation should happen regardless
of the rssi_level saved in the priv struct.

Add a parameter called force to rtl8xxxu_refresh_rate_mask() which will
be used for this initialisation.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-10-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Add parameter role to report_connect
Martin Kaistra [Fri, 28 Apr 2023 15:08:23 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Add parameter role to report_connect

This allows to tell the HW if a connection is made to a STA or an AP.
Add the implementation for the gen2 version.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-9-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect
Martin Kaistra [Fri, 28 Apr 2023 15:08:22 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect

The report_connect function has had a macid parameter from the
beginning, but it has not been used, because in STA mode, the value was
always zero.
As it can now have different values in AP mode, actually wire it up to
the H2C command.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-8-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Allow creating interface in AP mode
Martin Kaistra [Fri, 28 Apr 2023 15:08:21 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Allow creating interface in AP mode

Use the sequence from the vendor driver for setting up the beacon
related registers.
Also set the MAC address register here, in case the MAC address for the
new interface should be different from what was set in
rtl8xxxu_init_device(). This happens for example with the hostapd config
option "bssid".

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-7-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Allow setting rts threshold to -1
Martin Kaistra [Fri, 28 Apr 2023 15:08:20 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Allow setting rts threshold to -1

The default setting in hostapd.conf for rts threshold is -1, which means
disabled. Allow to set it.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-6-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Add set_tim() callback
Martin Kaistra [Fri, 28 Apr 2023 15:08:19 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Add set_tim() callback

Update beacon content if TIM bitmap maintained by mac80211 is changed.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-5-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Add beacon functions
Martin Kaistra [Fri, 28 Apr 2023 15:08:18 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Add beacon functions

Add a workqueue to update the beacon contents asynchronously and
implement downloading the beacon to the HW and starting beacon tx like
the vendor driver.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-4-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Select correct queue for beacon frames
Martin Kaistra [Fri, 28 Apr 2023 15:08:17 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Select correct queue for beacon frames

Use the special beacon queue for beacon frames instead of the management
frame queue. They will be put in a special area called reserved page and
send out periodically when in AP mode.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-3-martin.kaistra@linutronix.de
18 months agowifi: rtl8xxxu: Add start_ap() callback
Martin Kaistra [Fri, 28 Apr 2023 15:08:16 +0000 (17:08 +0200)]
wifi: rtl8xxxu: Add start_ap() callback

This gets called at the start of AP mode operation. Set bssid, beacon
interval and send a connect report to the HW.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230428150833.218605-2-martin.kaistra@linutronix.de
18 months agonet: phy: marvell-88x2222: remove unnecessary (void*) conversions
wuych [Tue, 25 Apr 2023 05:15:32 +0000 (13:15 +0800)]
net: phy: marvell-88x2222: remove unnecessary (void*) conversions

Pointer variables of void * type do not require type cast.

Signed-off-by: wuych <yunchuan@nfschina.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
18 months agonet: phy: marvell: Fix inconsistent indenting in led_blink_set
Christian Marangi [Sun, 23 Apr 2023 17:28:00 +0000 (19:28 +0200)]
net: phy: marvell: Fix inconsistent indenting in led_blink_set

Fix inconsistent indeinting in m88e1318_led_blink_set reported by kernel
test robot, probably done by the presence of an if condition dropped in
later revision of the same code.

Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202304240007.0VEX8QYG-lkp@intel.com/
Fixes: ea9e86485dec ("net: phy: marvell: Implement led_blink_set()")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20230423172800.3470-1-ansuelsmth@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agolan966x: Don't use xdp_frame when action is XDP_TX
Horatiu Vultur [Sat, 22 Apr 2023 14:23:44 +0000 (16:23 +0200)]
lan966x: Don't use xdp_frame when action is XDP_TX

When the action of an xdp program was XDP_TX, lan966x was creating
a xdp_frame and use this one to send the frame back. But it is also
possible to send back the frame without needing a xdp_frame, because
it is possible to send it back using the page.
And then once the frame is transmitted is possible to use directly
page_pool_recycle_direct as lan966x is using page pools.
This would save some CPU usage on this path, which results in higher
number of transmitted frames. Bellow are the statistics:
Frame size:    Improvement:
64                ~8%
256              ~11%
512               ~8%
1000              ~0%
1500              ~0%

Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>
Link: https://lore.kernel.org/r/20230422142344.3630602-1-horatiu.vultur@microchip.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agoMerge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf...
Jakub Kicinski [Tue, 25 Apr 2023 01:45:11 +0000 (18:45 -0700)]
Merge tag 'for-netdev' of https://git./linux/kernel/git/bpf/bpf-next

Alexei Starovoitov says:

====================
pull-request: bpf-next 2023-04-24

We've added 5 non-merge commits during the last 3 day(s) which contain
a total of 7 files changed, 87 insertions(+), 44 deletions(-).

The main changes are:

1) Workaround for bpf iter selftest due to lack of subprog support
   in precision tracking, from Andrii.

2) Disable bpf_refcount_acquire kfunc until races are fixed, from Dave.

3) One more test_verifier test converted from asm macro to asm in C,
   from Eduard.

4) Fix build with NETFILTER=y INET=n config, from Florian.

5) Add __rcu_read_{lock,unlock} into deny list, from Yafang.

* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next:
  selftests/bpf: avoid mark_all_scalars_precise() trigger in one of iter tests
  bpf: Add __rcu_read_{lock,unlock} into btf id deny list
  bpf: Disable bpf_refcount_acquire kfunc calls until race conditions are fixed
  selftests/bpf: verifier/prevent_map_lookup converted to inline assembly
  bpf: fix link failure with NETFILTER=y INET=n
====================

Link: https://lore.kernel.org/r/20230425005648.86714-1-alexei.starovoitov@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agoMerge branch 'tsnep-xdp-socket-zero-copy-support'
Jakub Kicinski [Tue, 25 Apr 2023 01:22:39 +0000 (18:22 -0700)]
Merge branch 'tsnep-xdp-socket-zero-copy-support'

Gerhard Engleder says:

====================
tsnep: XDP socket zero-copy support

Implement XDP socket zero-copy support for tsnep driver. I tried to
follow existing drivers like igc as far as possible. But one main
difference is that tsnep does not need any reconfiguration for XDP BPF
program setup. So I decided to keep this behavior no matter if a XSK
pool is used or not. As a result, tsnep starts using the XSK pool even
if no XDP BPF program is available.

Another difference is that I tried to prevent potentially failing
allocations during XSK pool setup. E.g. both memory models for page pool
and XSK pool are registered all the time. Thus, XSK pool setup cannot
end up with not working queues.

Some prework is done to reduce the last two XSK commits to actual XSK
changes.
====================

Link: https://lore.kernel.org/r/20230421194656.48063-1-gerhard@engleder-embedded.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agotsnep: Add XDP socket zero-copy TX support
Gerhard Engleder [Fri, 21 Apr 2023 19:46:56 +0000 (21:46 +0200)]
tsnep: Add XDP socket zero-copy TX support

Send and complete XSK pool frames within TX NAPI context. NAPI context
is triggered by ndo_xsk_wakeup.

Test results with A53 1.2GHz:

xdpsock txonly copy mode, 64 byte frames:
                   pps            pkts           1.00
tx                 284,409        11,398,144
Two CPUs with 100% and 10% utilization.

xdpsock txonly zero-copy mode, 64 byte frames:
                   pps            pkts           1.00
tx                 511,929        5,890,368
Two CPUs with 100% and 1% utilization.

xdpsock l2fwd copy mode, 64 byte frames:
                   pps            pkts           1.00
rx                 248,985        7,315,885
tx                 248,921        7,315,885
Two CPUs with 100% and 10% utilization.

xdpsock l2fwd zero-copy mode, 64 byte frames:
                   pps            pkts           1.00
rx                 254,735        3,039,456
tx                 254,735        3,039,456
Two CPUs with 100% and 4% utilization.

Packet rate increases and CPU utilization is reduced in both cases.

Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agotsnep: Add XDP socket zero-copy RX support
Gerhard Engleder [Fri, 21 Apr 2023 19:46:55 +0000 (21:46 +0200)]
tsnep: Add XDP socket zero-copy RX support

Add support for XSK zero-copy to RX path. The setup of the XSK pool can
be done at runtime. If the netdev is running, then the queue must be
disabled and enabled during reconfiguration. This can be done easily
with functions introduced in previous commits.

A more important property is that, if the netdev is running, then the
setup of the XSK pool shall not stop the netdev in case of errors. A
broken netdev after a failed XSK pool setup is bad behavior. Therefore,
the allocation and setup of resources during XSK pool setup is done only
before any queue is disabled. Additionally, freeing and later allocation
of resources is eliminated in some cases. Page pool entries are kept for
later use. Two memory models are registered in parallel. As a result,
the XSK pool setup cannot fail during queue reconfiguration.

In contrast to other drivers, XSK pool setup and XDP BPF program setup
are separate actions. XSK pool setup can be done without any XDP BPF
program. The XDP BPF program can be added, removed or changed without
any reconfiguration of the XSK pool.

Test results with A53 1.2GHz:

xdpsock rxdrop copy mode, 64 byte frames:
                   pps            pkts           1.00
rx                 856,054        10,625,775
Two CPUs with both 100% utilization.

xdpsock rxdrop zero-copy mode, 64 byte frames:
                   pps            pkts           1.00
rx                 889,388        4,615,284
Two CPUs with 100% and 20% utilization.

Packet rate increases and CPU utilization is reduced.

100% CPU load seems to the base load. This load is consumed by ksoftirqd
just for dropping the generated packets without xdpsock running.

Using batch API reduced CPU utilization slightly, but measurements are
not stable enough to provide meaningful numbers.

Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agotsnep: Move skb receive action to separate function
Gerhard Engleder [Fri, 21 Apr 2023 19:46:54 +0000 (21:46 +0200)]
tsnep: Move skb receive action to separate function

The function tsnep_rx_poll() is already pretty long and the skb receive
action can be reused for XSK zero-copy support. Move page based skb
receive to separate function.

Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agotsnep: Add functions for queue enable/disable
Gerhard Engleder [Fri, 21 Apr 2023 19:46:53 +0000 (21:46 +0200)]
tsnep: Add functions for queue enable/disable

Move queue enable and disable code to separate functions. This way the
activation and deactivation of the queues are defined actions, which can
be used in future execution paths.

This functions will be used for the queue reconfiguration at runtime,
which is necessary for XSK zero-copy support.

Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agotsnep: Rework TX/RX queue initialization
Gerhard Engleder [Fri, 21 Apr 2023 19:46:52 +0000 (21:46 +0200)]
tsnep: Rework TX/RX queue initialization

Make initialization of TX and RX queues less dynamic by moving some
initialization from netdev open/close to device probing.

Additionally, move some initialization code to separate functions to
enable future use in other execution paths.

This is done as preparation for queue reconfigure at runtime, which is
necessary for XSK zero-copy support.

Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agotsnep: Replace modulo operation with mask
Gerhard Engleder [Fri, 21 Apr 2023 19:46:51 +0000 (21:46 +0200)]
tsnep: Replace modulo operation with mask

TX/RX ring size is static and power of 2 to enable compiler to optimize
modulo operation to mask operation. Make this optimization already in
the code and don't rely on the compiler.

CPU utilisation during high packet rate has not changed. So no
performance improvement has been measured. But it is best practice to
prevent modulo operations.

Suggested-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: phy: dp83867: Add led_brightness_set support
Alexander Stein [Mon, 24 Apr 2023 13:46:25 +0000 (15:46 +0200)]
net: phy: dp83867: Add led_brightness_set support

Up to 4 LEDs can be attached to the PHY, add support for setting
brightness manually.

Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20230424134625.303957-1-alexander.stein@ew.tq-group.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: phy: Fix reading LED reg property
Alexander Stein [Mon, 24 Apr 2023 14:16:48 +0000 (16:16 +0200)]
net: phy: Fix reading LED reg property

'reg' is always encoded in 32 bits, thus it has to be read using the
function with the corresponding bit width.

Fixes: 01e5b728e9e4 ("net: phy: Add a binding for PHY LEDs")
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20230424141648.317944-1-alexander.stein@ew.tq-group.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agodrivers: nfc: nfcsim: remove return value check of `dev_dir`
Jianuo Kuang [Mon, 24 Apr 2023 02:41:40 +0000 (10:41 +0800)]
drivers: nfc: nfcsim: remove return value check of `dev_dir`

Smatch complains that:
nfcsim_debugfs_init_dev() warn: 'dev_dir' is an error pointer or valid

According to the documentation of the debugfs_create_dir() function,
there is no need to check the return value of this function.
Just delete the dead code.

Signed-off-by: Jianuo Kuang <u202110722@hust.edu.cn>
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20230424024140.34607-1-u202110722@hust.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: phy: dp83867: Remove unnecessary (void*) conversions
wuych [Mon, 24 Apr 2023 10:15:50 +0000 (18:15 +0800)]
net: phy: dp83867: Remove unnecessary (void*) conversions

Pointer variables of void * type do not require type cast.

Signed-off-by: wuych <yunchuan@nfschina.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20230424101550.664319-1-yunchuan@nfschina.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: ethtool: coalesce: try to make user settings stick twice
Jakub Kicinski [Thu, 20 Apr 2023 23:33:02 +0000 (16:33 -0700)]
net: ethtool: coalesce: try to make user settings stick twice

SET_COALESCE may change operation mode and parameters in one call.
Changing operation mode may cause the driver to reset the parameter
values to what is a reasonable default for new operation mode.

Since driver does not know which parameters come from user and which
are echoed back from ->get, driver may ignore the parameters when
switching operation modes.

This used to be inevitable for ioctl() but in netlink we know which
parameters are actually specified by the user.

We could inform which parameters were set by the user but this would
lead to a lot of code duplication in the drivers. Instead try to call
the drivers twice if both mode and params are changed. The set method
already checks if any params need updating so in case the driver did
the right thing the first time around - there will be no second call
to it's ->set method (only an extra call to ->get()).

For mlx5 for example before this patch we'd see:

 # ethtool -C eth0 adaptive-rx on  adaptive-tx on
 # ethtool -C eth0 adaptive-rx off adaptive-tx off \
   tx-usecs 123 rx-usecs 123
 Adaptive RX: off  TX: off
 rx-usecs: 3
 rx-frames: 32
 tx-usecs: 16
 tx-frames: 32
 [...]

After the change:

 # ethtool -C eth0 adaptive-rx on  adaptive-tx on
 # ethtool -C eth0 adaptive-rx off adaptive-tx off \
   tx-usecs 123 rx-usecs 123
 Adaptive RX: off  TX: off
 rx-usecs: 123
 rx-frames: 32
 tx-usecs: 123
 tx-frames: 32
 [...]

This only works for netlink, so it's a small discrepancy between
netlink and ioctl(). Since we anticipate most users to move to
netlink I believe it's worth making their lives easier.

Link: https://lore.kernel.org/r/20230420233302.944382-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agoMerge branch 'update-coding-style-and-check-alloc_frag'
Jakub Kicinski [Tue, 25 Apr 2023 01:08:54 +0000 (18:08 -0700)]
Merge branch 'update-coding-style-and-check-alloc_frag'

Haiyang Zhang says:

====================
Update coding style and check alloc_frag

Follow up patches for the jumbo frame support.

As suggested by Jakub Kicinski, update coding style, and check napi_alloc_frag
for possible fallback to single pages.
====================

Link: https://lore.kernel.org/r/1682096818-30056-1-git-send-email-haiyangz@microsoft.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: mana: Check if netdev/napi_alloc_frag returns single page
Haiyang Zhang [Fri, 21 Apr 2023 17:06:58 +0000 (10:06 -0700)]
net: mana: Check if netdev/napi_alloc_frag returns single page

netdev/napi_alloc_frag() may fall back to single page which is smaller
than the requested size.
Add error checking to avoid memory overwritten.

Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: mana: Rename mana_refill_rxoob and remove some empty lines
Haiyang Zhang [Fri, 21 Apr 2023 17:06:57 +0000 (10:06 -0700)]
net: mana: Rename mana_refill_rxoob and remove some empty lines

Rename mana_refill_rxoob for naming consistency.
And remove some empty lines between function call and error
checking.

Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agoMerge branch 'add-page_pool-support-for-page-recycling-in-veth-driver'
Jakub Kicinski [Tue, 25 Apr 2023 01:07:09 +0000 (18:07 -0700)]
Merge branch 'add-page_pool-support-for-page-recycling-in-veth-driver'

Lorenzo Bianconi says:

====================
add page_pool support for page recycling in veth driver

Introduce page_pool support in veth driver in order to recycle pages in
veth_convert_skb_to_xdp_buff routine and avoid reallocating the skb through
the page allocator when we run a xdp program on the device and we receive
skbs from the stack.
====================

Link: https://lore.kernel.org/r/cover.1682188837.git.lorenzo@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: veth: add page_pool stats
Lorenzo Bianconi [Sat, 22 Apr 2023 18:54:33 +0000 (20:54 +0200)]
net: veth: add page_pool stats

Introduce page_pool stats support to report info about local page_pool
through ethtool

Tested-by: Maryam Tahhan <mtahhan@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agonet: veth: add page_pool for page recycling
Lorenzo Bianconi [Sat, 22 Apr 2023 18:54:32 +0000 (20:54 +0200)]
net: veth: add page_pool for page recycling

Introduce page_pool support in veth driver in order to recycle pages
in veth_convert_skb_to_xdp_buff routine and avoid reallocating the skb
through the page allocator.
The patch has been tested sending tcp traffic to a veth pair where the
remote peer is running a simple xdp program just returning xdp_pass:

veth upstream codebase:
MTU 1500B: ~ 8Gbps
MTU 8000B: ~ 13.9Gbps

veth upstream codebase + pp support:
MTU 1500B: ~ 9.2Gbps
MTU 8000B: ~ 16.2Gbps

Tested-by: Maryam Tahhan <mtahhan@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agoselftests/bpf: avoid mark_all_scalars_precise() trigger in one of iter tests
Andrii Nakryiko [Mon, 24 Apr 2023 23:51:28 +0000 (16:51 -0700)]
selftests/bpf: avoid mark_all_scalars_precise() trigger in one of iter tests

iter_pass_iter_ptr_to_subprog subtest is relying on actual array size
being passed as subprog parameter. This combined with recent fixes to
precision tracking in conditional jumps ([0]) is now causing verifier to
backtrack all the way to the point where sum() and fill() subprogs are
called, at which point precision backtrack bails out and forces all the
states to have precise SCALAR registers. This in turn causes each
possible value of i within fill() and sum() subprogs to cause
a different non-equivalent state, preventing iterator code to converge.

For now, change the test to assume fixed size of passed in array. Once
BPF verifier supports precision tracking across subprogram calls, these
changes will be reverted as unnecessary.

  [0] 71b547f56124 ("bpf: Fix incorrect verifier pruning due to missing register precision taints")

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20230424235128.1941726-1-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
18 months agoMerge tag 'nf-next-23-04-22' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilt...
Jakub Kicinski [Mon, 24 Apr 2023 22:37:35 +0000 (15:37 -0700)]
Merge tag 'nf-next-23-04-22' of git://git./linux/kernel/git/netfilter/nf-next

Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

1) Reduce jumpstack footprint: Stash chain in last rule marker in blob for
   tracing. Remove last rule and chain from jumpstack. From Florian Westphal.

2) nf_tables validates all tables before committing the new rules.
   Unfortunately, this has two drawbacks:

   - Since addition of the transaction mutex pernet state gets written to
     outside of the locked section from the cleanup callback, this is
     wrong so do this cleanup directly after table has passed all checks.

   - Revalidate tables that saw no changes. This can be avoided by
     keeping the validation state per table, not per netns.

   From Florian Westphal.

3) Get rid of a few redundant pointers in the traceinfo structure.
   The three removed pointers are used in the expression evaluation loop,
   so gcc keeps them in registers. Passing them to the (inlined) helpers
   thus doesn't increase nft_do_chain text size, while stack is reduced
   by another 24 bytes on 64bit arches. From Florian Westphal.

4) IPVS cleanups in several ways without implementing any functional
   changes, aside from removing some debugging output:

   - Update width of source for ip_vs_sync_conn_options
     The operation is safe, use an annotation to describe it properly.

   - Consistently use array_size() in ip_vs_conn_init()
     It seems better to use helpers consistently.

   - Remove {Enter,Leave}Function. These seem to be well past their
     use-by date.

   - Correct spelling in comments.

   From Simon Horman.

5) Extended netlink error report for netdevice in flowtables and
   netdev/chains. Allow for incrementally add/delete devices to netdev
   basechain. Allow to create netdev chain without device.

* tag 'nf-next-23-04-22' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next:
  netfilter: nf_tables: allow to create netdev chain without device
  netfilter: nf_tables: support for deleting devices in an existing netdev chain
  netfilter: nf_tables: support for adding new devices to an existing netdev chain
  netfilter: nf_tables: rename function to destroy hook list
  netfilter: nf_tables: do not send complete notification of deletions
  netfilter: nf_tables: extended netlink error reporting for netdevice
  ipvs: Correct spelling in comments
  ipvs: Remove {Enter,Leave}Function
  ipvs: Consistently use array_size() in ip_vs_conn_init()
  ipvs: Update width of source for ip_vs_sync_conn_options
  netfilter: nf_tables: do not store rule in traceinfo structure
  netfilter: nf_tables: do not store verdict in traceinfo structure
  netfilter: nf_tables: do not store pktinfo in traceinfo structure
  netfilter: nf_tables: remove unneeded conditional
  netfilter: nf_tables: make validation state per table
  netfilter: nf_tables: don't write table validation state without mutex
  netfilter: nf_tables: don't store chain address on jump
  netfilter: nf_tables: don't store address of last rule on jump
  netfilter: nf_tables: merge nft_rules_old structure and end of ruleblob marker
====================

Link: https://lore.kernel.org/r/20230421235021.216950-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
18 months agobpf: Add __rcu_read_{lock,unlock} into btf id deny list
Yafang Shao [Mon, 24 Apr 2023 16:11:03 +0000 (16:11 +0000)]
bpf: Add __rcu_read_{lock,unlock} into btf id deny list

The tracing recursion prevention mechanism must be protected by rcu, that
leaves __rcu_read_{lock,unlock} unprotected by this mechanism. If we trace
them, the recursion will happen. Let's add them into the btf id deny list.

When CONFIG_PREEMPT_RCU is enabled, it can be reproduced with a simple bpf
program as such:
  SEC("fentry/__rcu_read_lock")
  int fentry_run()
  {
      return 0;
  }

Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Link: https://lore.kernel.org/r/20230424161104.3737-2-laoar.shao@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
18 months agobpf: Disable bpf_refcount_acquire kfunc calls until race conditions are fixed
Dave Marchevsky [Mon, 24 Apr 2023 20:43:21 +0000 (13:43 -0700)]
bpf: Disable bpf_refcount_acquire kfunc calls until race conditions are fixed

As reported by Kumar in [0], the shared ownership implementation for BPF
programs has some race conditions which need to be addressed before it
can safely be used. This patch does so in a minimal way instead of
ripping out shared ownership entirely, as proper fixes for the issues
raised will follow ASAP, at which point this patch's commit can be
reverted to re-enable shared ownership.

The patch removes the ability to call bpf_refcount_acquire_impl from BPF
programs. Programs can only bump refcount and obtain a new owning
reference using this kfunc, so removing the ability to call it
effectively disables shared ownership.

Instead of changing success / failure expectations for
bpf_refcount-related selftests, this patch just disables them from
running for now.

  [0]: https://lore.kernel.org/bpf/d7hyspcow5wtjcmw4fugdgyp3fwhljwuscp3xyut5qnwivyeru@ysdq543otzv2/

Reported-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Link: https://lore.kernel.org/r/20230424204321.2680232-1-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
18 months agoMerge tag 'for-net-next-2023-04-23' of git://git.kernel.org/pub/scm/linux/kernel...
David S. Miller [Mon, 24 Apr 2023 10:07:20 +0000 (11:07 +0100)]
Merge tag 'for-net-next-2023-04-23' of git://git./linux/kernel/git/bluetooth/bluetooth-next

bluetooth-next pull request for net-next:

 - Introduce devcoredump support
 - Add support for Realtek RTL8821CS, RTL8851B, RTL8852BS
 - Add support for Mediatek MT7663, MT7922
 - Add support for NXP w8997
 - Add support for Actions Semi ATS2851
 - Add support for QTI WCN6855
 - Add support for Marvell 88W8997

18 months agoBluetooth: hci_sync: Only allow hci_cmd_sync_queue if running
Luiz Augusto von Dentz [Fri, 21 Apr 2023 18:37:55 +0000 (11:37 -0700)]
Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running

This makes sure hci_cmd_sync_queue only queue new work if HCI_RUNNING
has been set otherwise there is a risk of commands being sent while
turning off.

Because hci_cmd_sync_queue can no longer queue work while HCI_RUNNING is
not set it cannot be used to power on adapters so instead
hci_cmd_sync_submit is introduced which bypass the HCI_RUNNING check, so
it behaves like the old implementation.

Link: https://lore.kernel.org/all/CAB4PzUpDMvdc8j2MdeSAy1KkAE-D3woprCwAdYWeOc-3v3c9Sw@mail.gmail.com/
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btusb: Add WCN6855 devcoredump support
Tim Jiang [Wed, 19 Apr 2023 03:38:05 +0000 (11:38 +0800)]
Bluetooth: btusb: Add WCN6855 devcoredump support

WCN6855 will report memdump via ACL data or HCI event when
it get crashed, so we collect memdump to debug firmware.

Signed-off-by: Tim Jiang <quic_tjiang@quicinc.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btnxpuart: Enable flow control before checking boot signature
Neeraj Sanjay Kale [Wed, 19 Apr 2023 15:24:13 +0000 (20:54 +0530)]
Bluetooth: btnxpuart: Enable flow control before checking boot signature

This enables flow control before checking for bootloader signature and
deciding whether FW download is needed or not. In case of V1 bootloader
chips w8987 and w8997, it is observed that if WLAN FW is downloaded first
and power save is enabled in wlan core, bootloader signatures are not
emitted by the BT core when the chip is put to sleep. As a result, the
driver skips FW download and subsequent HCI commands get timeout errors
in dmesg as shown below:

[  112.898867] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  114.914865] Bluetooth: hci0: Setting baudrate failed (-110)
[  116.930856] Bluetooth: hci0: Setting wake-up method failed (-110)

By enabling the flow control, the host enables its RTS pin, and an
interrupt in chip's UART peripheral causes the bootloader to wake up,
enabling the bootloader signatures, which then helps in downloading
the bluetooth FW file.

This changes all instances of 0/1 for serdev_device_set_flow_control()
to false/true.

Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: Cancel sync command before suspend and power off
Archie Pusaka [Thu, 20 Apr 2023 12:23:36 +0000 (20:23 +0800)]
Bluetooth: Cancel sync command before suspend and power off

Some of the sync commands might take a long time to complete, e.g.
LE Create Connection when the peer device isn't responding might take
20 seconds before it times out. If suspend command is issued during
this time, it will need to wait for completion since both commands are
using the same sync lock.

This patch cancel any running sync commands before attempting to
suspend or adapter power off.

Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Ying Hsu <yinghsu@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btrtl: Add the support for RTL8851B
Max Chou [Tue, 18 Apr 2023 05:43:54 +0000 (13:43 +0800)]
Bluetooth: btrtl: Add the support for RTL8851B

Add the support for RTL8851B BT controller on USB interface.
The necessary firmware will be submitted to linux-firmware project.

Note that the Bluetooth devices WITH the VID=0x0bda would be set the
feature quirk in btrtl_setup_realtek(). It's able to ignore the
feature flag set for the specific VID and PID in blacklist_table[] of
btusb.c. (check [1])

If Realtek Bluetooth chips WITHOUT the VID=0x0bda, it shall be added
the feature flag for the specific VID and PID in blacklist_table[] of
btusb.c. (check [2])

[1] '9ab9235fe5cf ("Bluetooth: btrtl: Enable WBS for the specific
    Realtek devices")'
[2] '73280f13c9bb ("Bluetooth: btusb: Add the more support IDs for
    Realtek RTL8822CE")'

The device info from /sys/kernel/debug/usb/devices as below.

T:  Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 33 Spd=480  MxCh= 0
D:  Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0bda ProdID=b851 Rev= 0.00
S:  Manufacturer=Realtek
S:  Product=802.11ax WLAN Adapter
S:  SerialNumber=00E04C885A01
C:* #Ifs= 3 Cfg#= 1 Atr=80 MxPwr=500mA
A:  FirstIf#= 0 IfCount= 2 Cls=e0(wlcon) Sub=01 Prot=01
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
I:* If#= 2 Alt= 0 #EPs= 8 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=09(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=0a(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=0b(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=0c(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms

Signed-off-by: Max Chou <max.chou@realtek.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btnxpuart: Fix sparse warnings
Luiz Augusto von Dentz [Tue, 18 Apr 2023 00:01:16 +0000 (17:01 -0700)]
Bluetooth: btnxpuart: Fix sparse warnings

This fixes the following sparse warnings:

   drivers/bluetooth/btnxpuart.c:681:23: sparse: sparse:
   restricted __le16 degrades to integer
   drivers/bluetooth/btnxpuart.c:690:82: sparse:
   sparse: incorrect type in argument 2 (different base types)
   @@     expected unsigned short [usertype] req_len
   @@     got restricted __le16 [usertype] len @@
   drivers/bluetooth/btnxpuart.c:690:82: sparse:
   expected unsigned short [usertype] req_len
   drivers/bluetooth/btnxpuart.c:690:82: sparse:
   got restricted __le16 [usertype] len
   drivers/bluetooth/btnxpuart.c:694:84: sparse:
   sparse: incorrect type in argument 2 (different base types)
   @@     expected unsigned short [usertype] req_len
   @@     got restricted __le16 [usertype] len @@
   drivers/bluetooth/btnxpuart.c:694:84: sparse:
   expected unsigned short [usertype] req_len
   drivers/bluetooth/btnxpuart.c:694:84: sparse:
   got restricted __le16 [usertype] len
   drivers/bluetooth/btnxpuart.c:708:23: sparse:
   sparse: incorrect type in assignment (different base types)
   @@     expected unsigned int [usertype] requested_len
   @@     got restricted __le16 [usertype] len @@
   drivers/bluetooth/btnxpuart.c:708:23: sparse:
   expected unsigned int [usertype] requested_len
   drivers/bluetooth/btnxpuart.c:708:23: sparse:
   got restricted __le16 [usertype] len
   drivers/bluetooth/btnxpuart.c:787:78: sparse:
   sparse: incorrect type in argument 2 (different base types)
   @@     expected unsigned short [usertype] chipid
   @@     got restricted __le16 [usertype] chip_id @@
   drivers/bluetooth/btnxpuart.c:787:78: sparse:
   expected unsigned short [usertype] chipid
   drivers/bluetooth/btnxpuart.c:787:78: sparse:
   got restricted __le16 [usertype] chip_id
   drivers/bluetooth/btnxpuart.c:810:74: sparse:
   sparse: incorrect type in argument 2 (different base types)
   @@     expected unsigned short [usertype] req_len
   @@     got restricted __le16 [usertype] len @@
   drivers/bluetooth/btnxpuart.c:810:74: sparse:
   expected unsigned short [usertype] req_len
   drivers/bluetooth/btnxpuart.c:810:74: sparse:
   got restricted __le16 [usertype] len
   drivers/bluetooth/btnxpuart.c:815:76: sparse:
   sparse: incorrect type in argument 2 (different base types)
   @@     expected unsigned short [usertype] req_len
   @@     got restricted __le16 [usertype] len @@
   drivers/bluetooth/btnxpuart.c:815:76: sparse:
   expected unsigned short [usertype] req_len
   drivers/bluetooth/btnxpuart.c:815:76: sparse:
   got restricted __le16 [usertype] len
   drivers/bluetooth/btnxpuart.c:834:16: sparse:
   sparse: restricted __le32 degrades to integer
   drivers/bluetooth/btnxpuart.c:843:55: sparse:
   sparse: restricted __le32 degrades to integer
   drivers/bluetooth/btnxpuart.c:844:36: sparse:
   sparse: incorrect type in argument 3 (different base types)
   @@     expected unsigned long [usertype]
   @@     got restricted __le16 [usertype] len @@
   drivers/bluetooth/btnxpuart.c:844:36: sparse:
   expected unsigned long [usertype]
   drivers/bluetooth/btnxpuart.c:844:36: sparse:
   got restricted __le16 [usertype] len

Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202304160736.Tsa0zTBU-lkp@intel.com/
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btrtl: Firmware format v2 support
Max Chou [Mon, 17 Apr 2023 02:33:58 +0000 (10:33 +0800)]
Bluetooth: btrtl: Firmware format v2 support

Realtek changed the format of the firmware file as v2. The driver
should implement the patch to extract the firmware data from the
firmware file. The future chips must apply this patch for firmware loading.
This patch is compatible with the both previous format and v2 as well.

Signed-off-by: Allen Chen <allen_chen@realsil.com.cn>
Signed-off-by: Alex Lu <alex_lu@realsil.com.cn>
Tested-by: Hilda Wu <hildawu@realtek.com>
Signed-off-by: Max Chou <max.chou@realtek.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: Devcoredump: Fix storing u32 without specifying byte order issue
Zijun Hu [Mon, 17 Apr 2023 09:39:59 +0000 (17:39 +0800)]
Bluetooth: Devcoredump: Fix storing u32 without specifying byte order issue

API hci_devcd_init() stores its u32 type parameter @dump_size into
skb, but it does not specify which byte order is used to store the
integer, let us take little endian to store and parse the integer.

Fixes: f5cc609d09d4 ("Bluetooth: Add support for hci devcoredump")
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agobluetooth: Perform careful capability checks in hci_sock_ioctl()
Ruihan Li [Sun, 16 Apr 2023 08:14:04 +0000 (16:14 +0800)]
bluetooth: Perform careful capability checks in hci_sock_ioctl()

Previously, capability was checked using capable(), which verified that the
caller of the ioctl system call had the required capability. In addition,
the result of the check would be stored in the HCI_SOCK_TRUSTED flag,
making it persistent for the socket.

However, malicious programs can abuse this approach by deliberately sharing
an HCI socket with a privileged task. The HCI socket will be marked as
trusted when the privileged task occasionally makes an ioctl call.

This problem can be solved by using sk_capable() to check capability, which
ensures that not only the current task but also the socket opener has the
specified capability, thus reducing the risk of privilege escalation
through the previously identified vulnerability.

Cc: stable@vger.kernel.org
Fixes: f81f5b2db869 ("Bluetooth: Send control open and close messages for HCI raw sockets")
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
Min Li [Mon, 17 Apr 2023 02:27:54 +0000 (10:27 +0800)]
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp

conn->chan_lock isn't acquired before l2cap_get_chan_by_scid,
if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance'
is triggered.

Reported-by: syzbot+9519d6b5b79cf7787cf3@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/000000000000894f5f05f95e9f4d@google.com/
Signed-off-by: Min Li <lm0963hack@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agobluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
Ruihan Li [Sun, 16 Apr 2023 08:02:51 +0000 (16:02 +0800)]
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()

Previously, channel open messages were always sent to monitors on the first
ioctl() call for unbound HCI sockets, even if the command and arguments
were completely invalid. This can leave an exploitable hole with the abuse
of invalid ioctl calls.

This commit hardens the ioctl processing logic by first checking if the
command is valid, and immediately returning with an ENOIOCTLCMD error code
if it is not. This ensures that ioctl calls with invalid commands are free
of side effects, and increases the difficulty of further exploitation by
forcing exploitation to find a way to pass a valid command first.

Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Co-developed-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoRevert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished...
Liu Jian [Fri, 14 Apr 2023 10:30:06 +0000 (18:30 +0800)]
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"

This reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f.

This patch introduces a possible null-ptr-def problem. Revert it. And the
fixed bug by this patch have resolved by commit 73f7b171b7c0 ("Bluetooth:
btsdio: fix use after free bug in btsdio_remove due to race condition").

Fixes: 1e9ac114c442 ("Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: Add new quirk for broken set random RPA timeout for ATS2851
Raul Cheleguini [Thu, 23 Mar 2023 13:45:39 +0000 (10:45 -0300)]
Bluetooth: Add new quirk for broken set random RPA timeout for ATS2851

The ATS2851 based controller advertises support for command "LE Set Random
Private Address Timeout" but does not actually implement it, impeding the
controller initialization.

Add the quirk HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT to unblock the controller
initialization.

< HCI Command: LE Set Resolvable Private... (0x08|0x002e) plen 2
        Timeout: 900 seconds
> HCI Event: Command Status (0x0f) plen 4
      LE Set Resolvable Private Address Timeout (0x08|0x002e) ncmd 1
        Status: Unknown HCI Command (0x01)

Co-developed-by: imoc <wzj9912@gmail.com>
Signed-off-by: imoc <wzj9912@gmail.com>
Signed-off-by: Raul Cheleguini <raul.cheleguini@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_conn: Fix not waiting for HCI_EVT_LE_CIS_ESTABLISHED
Luiz Augusto von Dentz [Thu, 13 Apr 2023 00:45:51 +0000 (17:45 -0700)]
Bluetooth: hci_conn: Fix not waiting for HCI_EVT_LE_CIS_ESTABLISHED

When submitting HCI_OP_LE_CREATE_CIS the code shall wait for
HCI_EVT_LE_CIS_ESTABLISHED thus enforcing the serialization of
HCI_OP_LE_CREATE_CIS as the Core spec does not allow to send them in
parallel:

  BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E page 2566:

  If the Host issues this command before all the HCI_LE_CIS_Established
  events from the previous use of the command have been generated, the
  Controller shall return the error code Command Disallowed (0x0C).

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_conn: Fix not matching by CIS ID
Luiz Augusto von Dentz [Tue, 11 Apr 2023 23:14:25 +0000 (16:14 -0700)]
Bluetooth: hci_conn: Fix not matching by CIS ID

This fixes only matching CIS by address which prevents creating new hcon
if upper layer is requesting a specific CIS ID.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_conn: Add support for linking multiple hcon
Luiz Augusto von Dentz [Tue, 11 Apr 2023 23:02:22 +0000 (16:02 -0700)]
Bluetooth: hci_conn: Add support for linking multiple hcon

Since it is required for some configurations to have multiple CIS with
the same peer which is now covered by iso-tester in the following test
cases:

    ISO AC 6(i) - Success
    ISO AC 7(i) - Success
    ISO AC 8(i) - Success
    ISO AC 9(i) - Success
    ISO AC 11(i) - Success

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: vhci: Fix info leak in force_devcd_write()
Dan Carpenter [Thu, 6 Apr 2023 08:55:17 +0000 (11:55 +0300)]
Bluetooth: vhci: Fix info leak in force_devcd_write()

There are a number of bugs here:

1) If "count" is less than sizeof(dump_data.data) then it copies
   uninitialized data.
2) If simple_write_to_buffer() returns -EFAULT then we run into a
   problem "ret < count" comparison.  "count" is an unsigned long so the
   comparison is type promoted to unsigned long and the negative returns
   become high positive values.  That also results in copying
   uninitialized data.
3) If "*ppos" is non-zero then the first part of the dump_data
   buffer is uninitialized.  Using copy_from_user() instead of
   simple_write_to_buffer() is more appropriate here.

Fixes: d5d5df6da0aa ("Bluetooth: Add vhci devcoredump support")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_qca: mark OF related data as maybe unused
Steev Klimaszewski [Wed, 12 Apr 2023 23:58:17 +0000 (18:58 -0500)]
Bluetooth: hci_qca: mark OF related data as maybe unused

The driver can be compile tested with !CONFIG_OF making certain data
unused.

Signed-off-by: Steev Klimaszewski <steev@kali.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_conn: remove extra line in hci_le_big_create_sync
Iulia Tanasescu [Tue, 11 Apr 2023 07:41:35 +0000 (10:41 +0300)]
Bluetooth: hci_conn: remove extra line in hci_le_big_create_sync

Remove extra line setting the broadcast code parameter of the
hci_cp_le_create_big struct to 0. The broadcast code is copied
from the QoS struct.

Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: fix inconsistent indenting
Lanzhe Li [Sun, 9 Apr 2023 13:02:29 +0000 (21:02 +0800)]
Bluetooth: fix inconsistent indenting

Fixed a wrong indentation before "return".This line uses a 7 space
indent instead of a tab.

Signed-off-by: Lanzhe Li <u202212060@hust.edu.cn>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btnxpuart: No need to check the received bootloader signature
Neeraj Sanjay Kale [Mon, 3 Apr 2023 12:24:30 +0000 (17:54 +0530)]
Bluetooth: btnxpuart: No need to check the received bootloader signature

We can never assume the uart will deliver a complete packet to the BT
layer at once, the expected packet may be divided into several parts by
uart as uart doesn't know the received packet size, the received data
count may mismatch with the expected packet size, so here
is_valid_bootloader_signature() check may always return false.

Even we remove the count check in is_valid_bootloader_signature(), then
the first part of the data which includes the packet type can pass the
is_valid_bootloader_signature() check, but the remaining parts don't
have the packet type data still cannot pass the check, here return
directly will cause the data loss.

So need to remove the received bootloader signature check here, the
h4_recv_buf() can help us combine the different data received into one
packet. If any out-of-sync or incomplete bootloader signature is received,
it is safe to ignore and discard it, and process the next bootloader
signature.

Co-developed-by: Sherry Sun <sherry.sun@nxp.com>
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btnxpuart: Disable Power Save feature on startup
Neeraj Sanjay Kale [Mon, 3 Apr 2023 12:24:29 +0000 (17:54 +0530)]
Bluetooth: btnxpuart: Disable Power Save feature on startup

This sets the default power save mode setting to disabled.
With this setting, this driver will behave like a normal h4 driver.
If user needs to use the power save feature, it can be enabled
using the following vendor command:
hcitool cmd 3f 23 02 00 00 (HCI_NXP_AUTO_SLEEP_MODE)

Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btnxpuart: Deasset UART break before closing serdev device
Neeraj Sanjay Kale [Mon, 3 Apr 2023 12:24:28 +0000 (17:54 +0530)]
Bluetooth: btnxpuart: Deasset UART break before closing serdev device

This adds a call to ps_wakeup() before closing the serdev device, to
de-assert UART break.

Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btnxpuart: Add support to download helper FW file for w8997
Neeraj Sanjay Kale [Mon, 3 Apr 2023 12:24:27 +0000 (17:54 +0530)]
Bluetooth: btnxpuart: Add support to download helper FW file for w8997

This adds support to download helper FW file for the legacy NXP chipset
88w8997 for the btnxpuart driver. This helper FW file is necessary to
set the bootloader baudrate to 3000000 after which the actual BT FW file
can be downloaded. This change helps bring the FW download time from
around 10 sec to less than 2 sec for 88w8997 chip. For newer chipsets,
both V1 and V3 bootloader, driver sends the cmd5 and cmd7 to the chip
bootloader, and does not need a helper FW file.

Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_bcm: Add Acer Iconia One 7 B1-750 to the bcm_broken_irq_dmi_table
Hans de Goede [Fri, 31 Mar 2023 21:11:24 +0000 (23:11 +0200)]
Bluetooth: hci_bcm: Add Acer Iconia One 7 B1-750 to the bcm_broken_irq_dmi_table

The DSDT for the Acer Iconia One 7 B1-750 models (which share
the same mainboard) specifies a IOAPIC IRQ for the HCI -> host IRQ but
this is not correct.

Like the Asus TF103C these tablets use pin 17 of the INT33FC:02 GPIO
controller for the IRQ and this pin is _not_ configured in direct IRQ
mode by the firmware.

Add a DMI match for this, re-using the Asus TF103C gpiod_lookup_table,
to fix bluetooth not working on these tablets.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_bcm: Add Lenovo Yoga Tablet 2 830 / 1050 to the bcm_broken_irq_dmi_table
Hans de Goede [Fri, 31 Mar 2023 21:11:23 +0000 (23:11 +0200)]
Bluetooth: hci_bcm: Add Lenovo Yoga Tablet 2 830 / 1050 to the bcm_broken_irq_dmi_table

The DSDT for the Lenovo Yoga Tablet 2 830 / 1050 models (which share
the same mainboard) specifies a IOAPIC IRQ for the HCI -> host IRQ but
this is not correct.

Like the Asus TF103C these tablets use pin 17 of the INT33FC:02 GPIO
controller for the IRQ and this pin is _not_ configured in direct IRQ
mode by the firmware.

Add a DMI match for this, re-using the Asus TF103C gpiod_lookup_table,
to fix bluetooth not working on these tablets.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_bcm: Limit bcm43430a0 / bcm43430a1 baudrate to 2000000
Hans de Goede [Fri, 31 Mar 2023 21:11:22 +0000 (23:11 +0200)]
Bluetooth: hci_bcm: Limit bcm43430a0 / bcm43430a1 baudrate to 2000000

The bcm43430a0 and bcm43430a1 BT does not support the 0xfc45 command
to set the UART clock to 48 MHz and it also does not work at 4000000
baud without this command as some newer models do.

These chips are found on ACPI/x86 devices where the operating baudrate
does not come from the firmware but is hardcoded at 4000000, which does
not work.

Add a max_baudrate value to struct bcm_device_data and set this
to 2000000 on all known ACPI hardware-ids for the bcm43430a0
and the bcm43430a1.

Note this also adds the BCM2E9F ACPI HID which was missing until now.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
Hans de Goede [Fri, 31 Mar 2023 21:11:21 +0000 (23:11 +0200)]
Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set

On some devices the BCM Bluetooth adapter does not have a valid bdaddr set.

btbcm.c currently sets HCI_QUIRK_INVALID_BDADDR to indicate when this is
the case. But this requires users to manual setup a btaddr, by doing e.g.:

btmgmt -i hci0 public-addr 'B0:F1:EC:82:1D:B3'

Which means that Bluetooth will not work out of the box on such devices.
To avoid this (where possible) hci_bcm sets: HCI_QUIRK_USE_BDADDR_PROPERTY
which tries to get the bdaddr from devicetree.

But this only works on devicetree platforms. On UEFI based platforms
there is a special Broadcom UEFI variable which when present contains
the devices bdaddr, just like how there is another UEFI variable which
contains wifi nvram contents including the wifi MAC address.

Add support for getting the bdaddr from this Broadcom UEFI variable,
so that Bluetooth will work OOTB for users on devices where this
UEFI variable is present.

This fixes Bluetooth not working on for example Asus T100HA 2-in-1s.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_h5: Complements reliable packet processing logic
Qiqi Zhang [Tue, 4 Apr 2023 02:27:11 +0000 (10:27 +0800)]
Bluetooth: hci_h5: Complements reliable packet processing logic

As shown in the schematic diagram below.There may be a critical
scenario in the current code. If the device does not receive an
pure ack sent by the host due to insufficient receive buffer or
other reasons and triggers a retransmission, the host will always
be in an 'out-of-order' state.The state machine will get stuck.

       host                 device
     SEQ3,ACK4 --------->
               <--------- SEQ4,ACK4
     pure ACK  ---------> (not received)
(out-of-order) <--------- SEQ4,ACK4(retransmission)
                ........
(out-of-order) <--------- SEQ4,ACK4(retransmission)

According to the description in the core specification: "whenever
a reliable packet is received, an acknowledgment shall be generated."
So set H5_TX_ACK_REQ bit to trigger retransmission of pure ack packet
when "out-of-order" occurs.

Signed-off-by: Qiqi Zhang <eddy.zhang@rock-chips.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: Enable all supported LE PHY by default
Luiz Augusto von Dentz [Mon, 19 Dec 2022 21:37:02 +0000 (13:37 -0800)]
Bluetooth: Enable all supported LE PHY by default

This enables 2M and Coded PHY by default if they are marked as supported
in the LE features bits.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: Split bt_iso_qos into dedicated structures
Iulia Tanasescu [Fri, 31 Mar 2023 15:38:01 +0000 (18:38 +0300)]
Bluetooth: Split bt_iso_qos into dedicated structures

Split bt_iso_qos into dedicated unicast and broadcast
structures and add additional broadcast parameters.

Fixes: eca0ae4aea66 ("Bluetooth: Add initial implementation of BIS connections")
Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btintel: Add Intel devcoredump support
Abhishek Pandit-Subedi [Thu, 30 Mar 2023 16:58:26 +0000 (09:58 -0700)]
Bluetooth: btintel: Add Intel devcoredump support

Intercept debug exception events from the controller and put them into
a devcoredump using hci devcoredump APIs. The debug exception contains
data in a TLV format and it will be parsed in userspace.

Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Signed-off-by: Manish Mandlik <mmandlik@google.com>
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Reviewed-by: Chethan Tumkur Narayan <chethan.tumkur.narayan@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btusb: Add btusb devcoredump support
Manish Mandlik [Thu, 30 Mar 2023 16:58:25 +0000 (09:58 -0700)]
Bluetooth: btusb: Add btusb devcoredump support

This patch implements the btusb driver side .coredump() callback to
trigger a devcoredump via sysfs.

Signed-off-by: Manish Mandlik <mmandlik@google.com>
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: Add vhci devcoredump support
Manish Mandlik [Thu, 30 Mar 2023 16:58:24 +0000 (09:58 -0700)]
Bluetooth: Add vhci devcoredump support

Add devcoredump support for vhci that creates forcce_devcoredump debugfs
entry. This is used for mgmt-tester tests.

Signed-off-by: Manish Mandlik <mmandlik@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: Add support for hci devcoredump
Abhishek Pandit-Subedi [Thu, 30 Mar 2023 16:58:23 +0000 (09:58 -0700)]
Bluetooth: Add support for hci devcoredump

Add devcoredump APIs to hci core so that drivers only have to provide
the dump skbs instead of managing the synchronization and timeouts.

The devcoredump APIs should be used in the following manner:
 - hci_devcoredump_init is called to allocate the dump.
 - hci_devcoredump_append is called to append any skbs with dump data
   OR hci_devcoredump_append_pattern is called to insert a pattern.
 - hci_devcoredump_complete is called when all dump packets have been
   sent OR hci_devcoredump_abort is called to indicate an error and
   cancel an ongoing dump collection.

The high level APIs just prepare some skbs with the appropriate data and
queue it for the dump to process. Packets part of the crashdump can be
intercepted in the driver in interrupt context and forwarded directly to
the devcoredump APIs.

Internally, there are 5 states for the dump: idle, active, complete,
abort and timeout. A devcoredump will only be in active state after it
has been initialized. Once active, it accepts data to be appended,
patterns to be inserted (i.e. memset) and a completion event or an abort
event to generate a devcoredump. The timeout is initialized at the same
time the dump is initialized (defaulting to 10s) and will be cleared
either when the timeout occurs or the dump is complete or aborted.

Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Signed-off-by: Manish Mandlik <mmandlik@google.com>
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: btintel: Add LE States quirk support
Chethan T N [Tue, 21 Mar 2023 04:33:10 +0000 (10:03 +0530)]
Bluetooth: btintel: Add LE States quirk support

Basically all Intel controllers support both Central/Peripheral
LE states.

This patch enables the LE States quirk by default on all
Solar and Magnertor Intel controllers.

Signed-off-by: Chethan T N <chethan.tumkur.narayan@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
18 months agoBluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
Steev Klimaszewski [Sun, 26 Mar 2023 23:38:10 +0000 (18:38 -0500)]
Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855

Add regulators, GPIOs and changes required to power on/off wcn6855.
Add support for firmware download for wcn6855 which is in the
linux-firmware repository as hpbtfw21.tlv and hpnv21.bin.

Based on the assumption that this is similar to the wcn6750

Tested-on: BTFW.HSP.2.1.0-00538-VER_PATCHZ-1

Signed-off-by: Steev Klimaszewski <steev@kali.org>
Reviewed-by: Bjorn Andersson <andersson@kernel.org>
Tested-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>