In this routine, kzalloc allocates a memory block. This allocation is
freed in the error paths, but not in the normal exit, thus the allocation
is leaked.
The kmemleak facility was used to find the leak.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Cc: Intel Linux Wireless <ilw@linux.intel.com>
The firmware frequently manages to trigger this, and there's
no known driver workaround, so stop warning.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
When the driver callback returns that it's out of space for new
stations, the mac80211 IBSS code still keeps the station so it
doesn't try to add it over and over again.
Since the rate scaling algorithm is separate in mac80211, it also
invokes the rate scaling algorithm for such stations. It doesn't
know that our rate scaling algorithm is tightly integrated with
the MVM code and relies on those data structures, and it cannot
as the abstraction doesn't allow for it.
This leads to crashes when the rate scaling algorithm tries to
use uninitialized data, notably the mvmsta->vif pointer.
Protect against this in the rate scaling algorithm. We cannot get
good rates with such peers anyway since the firmware cannot do
anything with them.
This should fix https://bugzilla.kernel.org/show_bug.cgi?id=93461
CC: <stable@vger.kernel.org>
Reported-by: Richard Taylor <rjt-kernel@thegrindstone.me.uk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The assumption before this patch was that we don't need to
run again the INIT firmware after the system booted. The
INIT firmware runs calibrations which impact the physical
layer's behavior.
Users reported that it may be helpful to run these
calibrations again every time the interface is brought up.
The penatly is minimal, since the calibrations run fast.
This fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=94341
CC: <stable@vger.kernel.org>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
If this situation ever happens, the mac80211 state machine gets
confused because it never clears csa_active. There was a separate
bug that lead to this happening with a working connection, but it
isn't very robust to try to keep the connection up in this case.
When removing the time event the CSA essentially procedure stops,
so the safest thing to do is to disconnect in this case.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
mac80211 now informs the driver when to drop the packets
upon flush(). This will happen before disconnecting, or
before we shut down the interface. We can now rely on this
to drop all the packets including the VO queues.
When mac80211 sets drop to false, wait for all the queues
to be empty.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The commit below introduced an unsafe dereference of
mvmvif->phy_ctxt. It can be NULL even if we hold the mutex.
We can be handling a BT Coex notification while the vif has
already been unassigned. This can happen since the BT Coex
notification is hanled asynchronuously: we can have started
to handle the BT Coex notification trying to acquire the
mutex while the unassign flow already got it. The BT Coex
notification handling will wait for the mutext. I'll get it
later, but then mvmvif->phy_ctxt will be NULL.
Panic log:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f985180d>] iwl_mvm_bt_notif_iterator+0x9d/0x340 [iwlmvm]
*pdpt = 0000000000000000 *pde = f000eef300000007
Oops: 0000 [#1] SMP
Workqueue: events iwl_mvm_async_handlers_wk [iwlmvm]
task: ed719b20 ti: ec03e000 task.ti: ec03e000
EIP: 0060:[<f985180d>] EFLAGS: 00010202 CPU: 2
EIP is at iwl_mvm_bt_notif_iterator+0x9d/0x340 [iwlmvm]
EAX: 00000000 EBX: f6d3cb70 ECX: f6d3cb70 EDX: 00000000
ESI: ec03fe40 EDI: efeb8810 EBP: ec03fdf0 ESP: ec03fdac
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 80050033 CR2: 00000000 CR3: 01a1a000 CR4: 001407f0
Stack:
f743ca80 f744a404 ec03fdcc c10e3952 00003aba f743ca80 00000246 f743ca80
00000246 00000000 00000001 00000000 ebd45ff6 ebd458a4 f6d3c500 ebd45578
ebd44b01 ec03fe18 f99e1bc2 00000002 ebd44bc0 f9851770 00000000 f6d3c500
Call Trace:
[<c10e3952>] ? ring_buffer_unlock_commit+0xa2/0xd0
[<f99e1bc2>] __iterate_interfaces+0x82/0x110 [mac80211]
[<f9851770>] ? iwl_mvm_bt_coex_reduced_txp+0x140/0x140 [iwlmvm]
[<f99e1c6a>] ieee80211_iterate_active_interfaces_atomic+0x1a/0x20 [mac80211]
[<f9851427>] iwl_mvm_bt_coex_notif_handle+0x77/0x280 [iwlmvm]
[<f9852161>] iwl_mvm_rx_bt_coex_notif_old+0x211/0x220 [iwlmvm]
[<f9850b8b>] iwl_mvm_rx_bt_coex_notif+0x19b/0x1b0 [iwlmvm]
[<f983944f>] iwl_mvm_async_handlers_wk+0x7f/0xe0 [iwlmvm]
CC: <stable@vger.kernel.org> [3.19+]
Fixes: 123f515635 ("iwlwifi: mvm: BT Coex - add support for TTC / RRC")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The commit below didn't update the max_ht_ampdu_exponent
for the devices listed in iwl-[1-6]000.c which, in result,
became 0 instead of 8K. This reduced the size of the Rx
AMPDU from 64K to 8K which had an impact in the Rx
throughput. One user reported that because of this, his
downstream throughput droppped by a half.
CC: <stable@vger.kernel.org> [3.19]
Fixes: c064ddf318 ("iwlwifi: change max HT and VHT A-MPDU exponent")
Reported-and-tested-by: Valentin Manea <linux-wireless@mrs.ro>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Current FW is declaring support for BFER in ucode_capa.capa
but it doesn't really support it unless the new LQ_SS_PARAMS API
is supported as well. Avoid publishing BFER in our VHT caps
if FW doesn't support.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwl_mvm_stop_roc removes TE only if running flag is set. This is not correct
since this flag is only set when the TE is started.
This resulted in a TE not being removed, when mac80211 believes that there are
no active ROCs.
Fixes: bf5da87f60 ("iwlwifi: mvm: add remove flow for AUX ROC time events")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Matti Gottlieb <matti.gottlieb@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
In certain conditions, mac80211 may ask us to stop a scan (scheduled
or normal) that is not running anymore. This can also happen when we
are doing a different type of scan, for instance, mac80211 can ask us
to stop a scheduled scan when we are running a normal scan, due to
some race conditions. In this case, we would stop the wrong type of
scan and leave everything everything in a wrong state.
To fix this, simply ignore scan stop requests for scans types that are
not running.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The check to avoid the shared antenna was passed the wrong
antenna parameter. It should have checked whether the antenna of
the next column we're considering is allowed and instead it was
passed the current antenna.
This could lead to a wrong choice of the next column in the rs
algorithm and non optimal performance.
Fixes: commit 219fb66b49 ("iwlwifi: mvm: rs - don't use the shared antenna when BT load is high")
CC: <stable@vger.kernel.org> [3.19]
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
A scan abort command failure is not that unusual, since we may try to
send it after the scan has actually completed but before we received
the completed notification from the firmware. The scan abort can also
fail for other reasons, such as a timeout. In such cases, we should
clear things up so the next scans will work again. To do so, don't
return immediately in case of failures, but call
ieee80211_scan_completed() and clear the scan_status flags.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The quota threshold should be reduced to 4 to update the
firmware more frequently.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Use the chanel hw_value and not the center frequency when
building channel array for scan_config_cmd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Enable EBS on one shot scans if supported by FW.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Reviewed-by: Alexander Bondar <alexander.bondar@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
When iwl_mvm_power_update_mac() is called, we have already added the
mac context, so if this call fails we should remove the mac.
CC: <stable@vger.kernel.org> [3.15+]
Fixes: commit e5e7aa8e25 ('iwlwifi: mvm: refactor power code')
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Last EBS status wasn't set to success in the initialization, which
caused the first scan to be without EBS. Fix that.
When EBS is not enabled by the driver, the FW still sends ebs_status success,
which can override EBS failure state. Consider only EBS failures, to avoid
such override. Last_ebs_success is set back to true upon disconnection.
Last_ebs_success wasn't set in umac scan abort flow, fix that too.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Reviewed-by: Alexander Bondar <alexander.bondar@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Different queue can have different behavior. While it can be
unacceptable for a certain queue to be stuck for 2 seconds
(e.g. the command queue), it can happen that another queue
will stay stuck for even longer (a queue servicing a power
saving client in GO).
The op_mode can even make the timeout be a function of the
listen interval.
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This watchdog allows to monitor the transmit queues. When a
queue doesn't progress for a too long time, a timer fires
and then, debug data can be collected.
This watchdog has never been enabled on dvm controlled
devices, so don't enable it there.
In order to have it running on mvm controlled devices, we
need to fix a small issue in the transport layer: mvm
controlled devices use the shadow registers optimization.
In this case, the watchdog wasn't running at all, even if
enabled by the module parameter. Fix that on the way.
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
During out-of-channel activities (e.g. scan) TDLS ch-switch responses from
a peer are kept in FW. These packets arrive only after the out-of-channel
activity is complete, which can be in the order of several seconds.
Since TDLS ch-sw has no dialog-token-like mechanism for distinguishing
sessions, use the GP2 time of the incoming ch-switch response to discern
validity. For this purpose record the GP2 time of an outgoing TDLS ch-sw
request and compare to the Rx time of the ch-sw response.
The methods works in practice since the GP2 time of FW-deferred Rx is
accurate and contains the real Rx timestamp.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Add a response-received state and add more limits on allowed requests
in each state of the connection. Previously ch-switch requests from
other peers could interrupt an outgoing active ch-switch. Also stale
packets from the current peer could disrupt the channel switch state.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The base address of the scheduler in the device's memory
(SRAM) comes from two different sources. The periphery
register and the alive notification from the firmware.
We have a check in iwl_pcie_tx_start that ensures that
they are the same.
When we resume from WoWLAN, the firmware may have crashed
for whatever reason. In that case, the whole device may be
reset which means that the periphery register will hold a
meaningless value. When we come to compare
trans_pcie->scd_base_addr (which really holds the value we
had when we loaded the WoWLAN firmware upon suspend) and
the current value of the register, we don't see a match
unsurprisingly.
Trick the check to avoid a loud yet harmless WARN.
Note that when the WoWLAN has crashed, we will see that
in iwl_trans_pcie_d3_resume which will let the op_mode
know. Once the op_mode is informed that the WowLAN firmware
has crashed, it can't do much besides resetting the whole
device.
CC: <stable@vger.kernel.org>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Some devices have 31 TFD queues. Don't enable it yet since
there are still issues with it, but at least prepare the
code for it. There was a bug in the read pointer assignment,
fix that. Also, move the inline functions to iwl-scd.h which
is the right place.
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
In certain testing scenarios we'd like to force a decision
between STBC/BFER/SISO. In the normal scenario this decision
is done by the FW. Enable this option vis debugfs.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
VHT Beamformer (BFER) will be used if the peer supports it
and there's a benefit to use it vs. STBC or SISO.
The driver now tells the FW whether BFER and/or STBC are
allowed but the FW will make the decision to use either
or stick to SISO on its own.
BFER is limited to a single remote peer. The driver takes
care of ensuring this to the FW and prioritizes with which
peer BFER will be used.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Printing all the scratch data of the TFDs of that queue is
useless and stuffed the kernel log with data. Remove that.
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
We don't really need to use different mac colors when adding mac
contexts, because they're not used anywhere. In fact, the firmware
doesn't accept 255 as a valid color, so we get into a SYSASSERT 0x3401
when we reach that.
Remove the color increment to use always zero and avoid reaching 255.
CC: <stable@vger.kernel.org> [3.10+]
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
There's really no reason to pad out the field with spaces at the
end of the line - they're practically invisible there anyway.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
If we don't want to restart the firmware, don't reprobe either in case
of a failure during reconfiguration. This allows us to debug failures
in the reconfig flow as well.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
IWL_UCODE_TLV_API_SCD_CFG is a new API and hence, check if
enabled in the correct field.
Fixes: 0294d9eece ("iwlwifi: mvm: let the firmware configure the scheduler")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
In the PHY_CTXT command sent to the FW the TX chains were
indeed configured by the values of both FW TLVs and of NVM,
but the RX chains were left out and configured only by FW
TLV.
This causes problems in 4165 HW, where there are 1x1
antennas, and the wrong configuration denies the driver
from connecting to the AP.
Signed-off-by: Liad Kaufman <liad.kaufman@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The driver loads the 2 CPU sections, then it needs to let
the firmware know to start the authentication of the
sections. This is done by writing the relevants bits to
FH_UCODE_LOAD_STATUS.
For CPU1, the driver sets the lower 16 bits. For both CPUs,
the driver sets all the 32 bits.
Signed-off-by: Eran Harary <eran.harary@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The stats argument is always only passed as &mvm->drv_rx_stats, so
there's no point in passing it when the mvm pointer is passed.
Remove the argument entirely.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The new API tells the FW that it's allowed to use STBC
but the FW will decide on its own whether to use STBC
or SISO (and in the future Beamformer).
Keep support for the old API which sets STBC explicitly
in the rates in the LQ table while we still support old
FW revisions.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Prepare to add some more code there so refactor to
separate functions.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
for_each_set_bit expect the size in number of bits and not
in bytes.
Fixes: a0f6bf2a5b ("iwlwifi: mvm: use private TFD queues for TDLS stations")
Reviewed-by: Arik Nemtsov <arik@wizery.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The iwl_mvm_mac_get_queues_mask() added vif->hw_queue[ac] to the
queue mask although it might be set to IEEE80211_INVAL_HW_QUEUE.
Fix it.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
With this value, we de-facto disable the feature. Since it
is not working yet, disable it completely.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
C step functionality in the driver is exactly the same as
B step besides the ucode name that present as iwlwifi-8000C-xx.ucode
instead of iwlwifi-8000B-xx.ucode
Signed-off-by: Eran Harary <eran.harary@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The ref_lock that was recently added is missing initialization
which makes lockdep unhappy and is generally a bad idea.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Add a comment indicating that the WLAN_CIPHER_SUITE_WEP104 case falls
through to the WLAN_CIPHER_SUITE_WEP40 case in iwl_mvm_send_sta_key.
This will document that the lack of a break is intentional.
Coverity: CID 1260023
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Tx STBC was used only when in CAM mode or if powersave is disabled.
Effectively this meant we never used STBC as these modes aren't
used on most platforms by default. Change that.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This is now implemented by mac80211 (commit below).
mac80211 will flush/drop the frames on the queues before
suspending / disconnecting.
It will then send the deauth and wait until the queues are
empty.
commit 3b24f4c653
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Wed Jan 7 15:42:39 2015 +0200
mac80211: let flush() drop packets when possible
This reverts commit 4e6c48e098.
In order to change the usage of U-APSD on the fly later,
move the enabling condition into a new function that is
called when authenticated.
This allows the module parameter to become writable, it
won't take effect immediately but at least on the next
association the new value will be used.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>