When interface stopped while running intensive Rx traffic, the following oops
observed:
[89846.734683] Call trace:
[89846.737117] [<ffffffc00083aa64>] dev_gro_receive+0xac/0x358
[89846.742674] [<ffffffc00083ae94>] napi_gro_receive+0x24/0xa4
[89846.748251] [<ffffffbffc1c2f88>] $x+0xec/0x1f8 [wil6210] wil_netif_rx_any
[89846.753547] [<ffffffbffc1c4830>] $x+0x34/0x54 [wil6210] wil_release_reorder_frame
[89846.758755] [<ffffffbffc1c48ac>] wil_release_reorder_frames+0x5c/0x78 [wil6210]
[89846.766044] [<ffffffbffc1c4bf8>] wil_tid_ampdu_rx_free+0x20/0x48 [wil6210]
[89846.772901] [<ffffffbffc1bedc8>] $x+0x190/0x1e8 [wil6210]
[89846.778285] [<ffffffbffc1c0ed4>] wmi_event_worker+0x230/0x2f8 [wil6210]
[89846.784865] [<ffffffc0000b0bc8>] process_one_work+0x278/0x3fc
[89846.790591] [<ffffffc0000b1218>] worker_thread+0x200/0x330
[89846.796060] [<ffffffc0000b6664>] kthread+0xac/0xb8
[89846.800836] Code: b940c661 f9406a62 8b010041 f9400026 (f8636882)
[89846.807008] ---[ end trace d6fdc17cd27d18f6 ]---
Reason is the following: when removing Rx vring
(wil_netdev_ops.ndo_stop -> wil_stop -> wil_down -> __wil_down -> wil_rx_fini),
Rx interrupt occurs. It trigger Rx NAPI, calling wil_rx_handle() that reaps
(already cleaned) buffer, causing skb referring to garbage memory being set into reorder buffer.
Then, network stack trying to access this buffer and fails.
Prevent Rx NAPI from being scheduled if device going to stop. Bit wil_status_napi_en reflects
NAPI enablement state, check it when triggering Rx NAPI.
Testing shows that check for wil_status_napi_en sometimes gets negative, and new error message
get printed - in this case kernel oops would be observed. Original oops is no more reproducible.
This change requires also changes in the AP flows.
Properly enable/disable NAPI for the AP. Make sure Rx VRING is disabled
when resetting target.
For this, promote __wil_up() and __wil_down() to the module scope, and use it
in the relevant flows.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
To better reflect real action performed, rename:
s/wil6210_disable_irq/wil_mask_irq/
s/wil6210_enable_irq/wil_unmask_irq/
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Expose firmware limit for the max_scan_ie_len;
also do actually set IE's for the probe request
max_scan_ie_len used to be 0, this blocks scan requests with non-zero IE's
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
re-use of wmi_ready for both FW ready event and for wmi_call was causing
false "FW not ready" indication in case wmi_call() was invoked while reset
took place.
add wmi_call completion variable instead of re-using wmi_ready.
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
HW supports upto 2304 packet size on the air.
HW is responsible for adding (Tx) or removing (Rx) the following headers:
802.11 hdr: 26B
SNAP: 8B
CRC: 4B
Security (optional): 24B
HW adds max 62B to the payload passed from driver. It means driver can use
max packet size of 2304-62 = 2242B
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This allows updating IEs (e.g. from hostapd) when AP is already started
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Driver is sending connect request IEs to FW only for secure connection and
ignores them for non-secure connection.
This is fixed by always sending the IEs to FW upon connect request
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
While handling Rx packet, BACK event arrives and frees tid_ampdu_rx array.
This causes kernel panic while accessing already freed spinlock
The fix is to remove tid_ampdu_rx[]'s spinlock and instead use single
sta's spinlock to guard the whole tid_ampdu_rx array.
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When WMI event received when driver not ready to accept it, the printed error
message is misleading and hints that HW is stuck. Modify the error message
to make it clearer
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This race condition was causing double free of tid_ampdu_rx structures
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When CONFIG_DYNAMIC_DEBUG is not defined, print_hex_dump_debug
is mapped directly to print_hex_dump which might cause
printout to exist all the time
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Driver disabled PCI master before making sure HW is idle.
This caused memory corruption in case HW access system memory after
PCI master got disabled.
The fix is to change uninit sequence. Make sure FW/HW is idle before
disabling PCI
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
After setting interrupt handler, driver enabled interrupts.
This caused stale (old) HW interrupts to fire before driver is
fully initialized.
The fix is to enable interrupts only when driver is fully initialized
and after FW/HW reset (to prevent any stale interrupts)
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
added misc printouts in some init/uninit functions for better traceability
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
New module (wil_platform) for handling platform specific tasks
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
- parentheses, indentation, typos
- seq_puts() instead of seq_printf() with single argument
- sizeof(var) vs. sizeof(type)
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Log worker thread start/stop; as well as every handler invocation
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
when connecting, print some info about BSS
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Firmware download implemented but is still experimental feature;
flag controlling it added, no_fw_load. It is true by default,
use no_fw_load=N to activate feature.
Reset flows also got some adjustment for the fw download to work
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This reverts commit 09ebb81092.
ath9k_hw_set_sta_beacon_timers() configures AR_TIM_PERIOD with
the beacon interval. Before this commit, the sleepduration was
never greater than the beacon interval. But now, the behavior
has changed. For example, with an AP that uses a beacon interval of 100:
ath: phy9: next beacon 61128704
ath: phy9: beacon period 204800
ath: phy9: DTIM period 204800
If the sleepduration is calculated based on the listen time, then
the bmiss threshold should also be changed since the HW would
be in sleep state for a longer time, but that is not done currently.
To avoid configuring a higher beacon interval based on the sleepduration,
revert to the original behavior. Power consumption is not a
problem since PS is disabled in ath9k anyway.
Cc: stable@vger.kernel.org
Cc: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Use the new static_smps / dynamic_smps feature bits
instead of mac80211-internal hw flags.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
ATH10K_DEBUGFS must depend on DEBUG_FS, otherwise
ath10k will generate an invalid pointer on module load.
Signed-off-by: Matteo Croce <matteo@openwrt.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
On 32bit systems the bitmap was too small and it
was overwritten partially by the stat completion
structure. This was visible with 10.2 firmware
only due to it using a few of the last service
ids.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
After merging the wireless-next tree, today's linux-next build (powerpc
allyesconfig) failed like this:
drivers/net/wireless/ath/ath5k/debug.c: In function 'open_file_eeprom':
drivers/net/wireless/ath/ath5k/debug.c:933:2: error: implicit declaration of function 'vmalloc' [-Werror=implicit-function-declaration]
buf = vmalloc(eesize);
^
drivers/net/wireless/ath/ath5k/debug.c:933:6: warning: assignment makes pointer from integer without a cast
buf = vmalloc(eesize);
^
drivers/net/wireless/ath/ath5k/debug.c:960:2: error: implicit declaration of function 'vfree' [-Werror=implicit-function-declaration]
vfree(buf);
^
Caused by commit db906eb210 ("ath5k: added debugfs file for dumping
eeprom"). Also reported by Guenter Roeck.
I have used Geert Uytterhoeven's suggested fix of including vmalloc.h
and so added this patch for today:
From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Mon, 8 Sep 2014 18:39:23 +1000
Subject: [PATCH] ath5k: fix debugfs addition
Reported-by: Guenter Roeck <linux@roeck-us.net>
Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Scanning is curently broken when two channel contexts
are active. For example in a P2P-GO/STA setup, the
offchannel timer allows HZ / 10 to elapse before initiating
a switch to the next scan channel from the current operating
channel, which in this case would be the P2P-GO context.
But, the channel context timer might decide to switch
to the STA context when an SWBA comes early and a beacon
is sent out. Since pending offchannel requests are processed
in EVENT_BEACON_PREPARE, this causes inconsistent scanning.
Fix this by making sure that a context switch happens
before processing the pending offchannel request. This
also makes sure that active channel contexts will always
have higher priority than offchannel operations and the
scan sequence looks like this:
p2p-go, sta, p2p-go, offchannel, p2p-go, sta, p2p-go, offchannel,.....
The oper-channel is p2p-go, so the STA context has to
switch to p2p-go again before switching offchannel.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When multiple channel contexts are active, an offchannel
request will not be handled immediately, but will be
queued to be handled later. But, currently, the channel definition
is not copied to the local offchannel state. This
breaks operation like scanning when MCC is active.
Fix this by storing the offchannel parameters properly.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently, the interface count is maintained globally,
but this causes problems in RX filter calculation.
Make the interface count a per-channel-context variable
to fix this.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Maintain the RX filter on a per-channel-context
basis and not globally. Not doing so was resulting
in incorrect filter calculation.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ATH9K_RX_FILTER_COMP_BAR is used to receive BAR
completion frames and is set if the current channel
is HT. When channel contexts are enabled, instead of using
the mac80211 helpers, check if the current channel
definition is HT.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since ath_startrecv() doesn't return an error value,
cleanup the callsites.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If multiple channel contexts are active, then the opmode
can be different in each context. Since the RX filter is
calculated in ath_startrecv() before switching to the
new opmode, the wrong filters are chosen.
Fix this by calling ath9k_calculate_summary_state() before
the RX module is started.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since CTWindow can be used for improving discoverability,
fill this field in the NoA Attribute properly.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently, different units are used for handling
sc->offchannel.duration. In scan mode, it contains jiffies and in RoC
mode, milliseconds is used. This causes confusion since in
ath_chanctx_switch(), TU_TO_USEC is used to determine the offchannel
duration, resulting in incorrect values. Fix this by using jiffies in
both modes.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The start time field in the NoA attribute needs to be
updated based on the TSF timer when an absence notification
is sent by the P2P GO. When two channel contexts are active,
continuous, cyclic NoA is announced by setting the count value to 255,
but the start time is updated only once, for one beacon and
the same value is sent in all subsequent beacons, even
though the timestamp keeps moving.
Fix this by removing the check for 'periodic_noa_duration'
and assign the interface's start_time/duration values directly
when there is more than one active context.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If a station interface is already assigned to a context
and is active and a second interface of type AP is added,
then beaconing on the new interface has to be begin only
after the BSS_CHANGED_BEACON_ENABLED flag is sent by mac80211
to the driver.
But, since we issue ATH_CHANCTX_EVENT_ENABLE_MULTICHANNEL as soon
as a new channel context is added, a switch occurs almost immediately
before BSS_CHANGED_BEACON_ENABLED is received. When a HW reset
is done for the new context, beacons are enabled for the
interface since "enable_beacon" in the BSS config maintained
in mac80211 is true - but the driver hasn't been notified yet.
This causes a panic, since the beacon interval is zero for this
interface and ath9k_cmn_beacon_config_ap() doesn't have a safety check.
Fix this panic by checking if the beacon params has been cached
for this context and use the "enable_beacon" flag maintained
locally in the driver. Also, recalculate the summary data
after the beacon params have been cached when BSS_CHANGED_BEACON_ENABLED
is received.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If the current opmode is managed, the ATH_OP_BEACONS flag
needs to be set only when there is a primary station interface
and it is associated/active.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In channel context mode, when a new context is added,
mac80211 issues a bss_info_changed() notfication when
preparing the connection for the new interface/context.
But, this is done prior to the mgd_prepare_tx() call which
is where we switch to the new context. Since the current
context will be different when the earlier bss_info_changed()
is handled, the beacon information for the VIF is not
updated, but discarded since the rules for the current context
disallows it.
In the subsequent association process for the new context/vif,
this becomes a problem because the beacon parameters are invalid.
This causes problems with the TSF timer, causing large jumps.
To fix this, check if the beacon info is being updated for a
different context and if so, allow it without any checks since
we limit the max. interfaces to two anyway.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Extend mac80211 set_coverage_class API in order to enable ACK timeout
estimation algorithm (dynack) passing coverage class equals to -1
to lower drivers. Synchronize set_coverage_class routine signature with
mac80211 function pointer for p54, ath9k, ath9k_htc and ath5k drivers.
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
performance improvements, and various patches all over,
rather than listing them one might as well look into the
git log instead.
-----BEGIN PGP SIGNATURE-----
iQIcBAABCAAGBQJUAIx4AAoJEDBSmw7B7bqrUYcP/3t4qdFxm0bd4j2AEkl3mPwB
Qu7obTicOTfBRoJNEgS+8AU2u3PfztU6+ErZs4ETLUuqaZwXisqmwBiMo86+Wtdf
gx9KonwEW051g7YmB0+6EMwuy04MGzTEk8VavQwqM4g9LIPJ4Buo/kj7MNJ51m11
XyRmJqZJnKKeiiQ4eC0gPf8e44qiQqaDuYZ0r1UDnNRg2KrbAHlGTBKYI3VRl2u4
xRpPGVnHwT0qkWb1Zw9fk0VfPr9m1ETthzcZvnhk6uMnJ28D+1B1FjZR1GJU6BW7
Zx2FbevbZTjDoNT1GQpLGMXBuW0lsZFetXVFiJCr/StaPBtHmtdu28fuNVm8yJYz
euDlEgrE8F4npdec2F5R2zh7Ue2U7eMEL2uxxjciNSJOipHgx5EXH12Y/5QtrChy
4OHPbNHgpmqFB7TmkvHDgP/0A7XdyqKVc+NtIV+eECIwE4tHcJ6A+bQ+ZCoRV2Vw
zmsNuNeNeDW7NEAw9veRXissLZMy/EjUnsOrnW29BpO/yG+2YjqpyQ6JQpcXeCPD
WQgl2FHpk6ap3jpVjxminxw2HkDnQ0oTKusGLcezalhUlWMo7VYNN59aLzcphxX5
Fotp/8v1sbDTF46uc/QJ38N5TqflwWeFpxvGkdNGuAT4llP03NaXV0ORBecFmMW2
esb+PLwlByCDeVFu53q+
=Qth6
-----END PGP SIGNATURE-----
Merge tag 'mac80211-next-for-john-2014-08-29' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
Johannes Berg <johannes@sipsolutions.net> says:
"Not that much content this time. Some RCU cleanups, crypto
performance improvements, and various patches all over,
rather than listing them one might as well look into the
git log instead."
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Conflicts:
drivers/net/wireless/ath/wil6210/wmi.c
Nothing important was being overwritten so it
didn't yield any bugs yet.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This makes it easier to log and debug via tracing
with more than 1 ath10k device on a system.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Remove the ugly _access functions. Being explicit
is a good thing.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This prevents some fw revisions from crashing in
many cases when user is trying to run a
promiscuous station interface (e.g. sniffing,
4addr bridge).
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fix some cases where monitor start failure left
the driver in a confused state.
This also makes the monitor code simpler.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
