Re: [PATCH v3] mac80211: mesh: fix wrong mesh TTL offset calculation
Hi Peter, Thank you for the patch! Yet something to improve: [auto build test ERROR on mac80211-next/master] [also build test ERROR on v4.15-rc9 next-20180126] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/peter-oh-bowerswilkins-com/mac80211-mesh-fix-wrong-mesh-TTL-offset-calculation/20180128-042444 base: https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git master config: i386-randconfig-x070-201804 (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net//mac80211/mesh.c: In function 'mesh_fwd_csa_frame': >> net//mac80211/mesh.c:1271:40: error: decrement of member 'mesh_ttl' in >> read-only object elems->mesh_chansw_params_ie->mesh_ttl--; ^~ >> net//mac80211/mesh.c:1272:43: error: assignment of member 'mesh_flags' in >> read-only object elems->mesh_chansw_params_ie->mesh_flags &= ^~ vim +/mesh_ttl +1271 net//mac80211/mesh.c 1256 1257 static int mesh_fwd_csa_frame(struct ieee80211_sub_if_data *sdata, 1258 struct ieee80211_mgmt *mgmt, size_t len, 1259 struct ieee802_11_elems *elems) 1260 { 1261 struct ieee80211_mgmt *mgmt_fwd; 1262 struct sk_buff *skb; 1263 struct ieee80211_local *local = sdata->local; 1264 1265 skb = dev_alloc_skb(local->tx_headroom + len); 1266 if (!skb) 1267 return -ENOMEM; 1268 skb_reserve(skb, local->tx_headroom); 1269 mgmt_fwd = skb_put(skb, len); 1270 > 1271 elems->mesh_chansw_params_ie->mesh_ttl--; > 1272 elems->mesh_chansw_params_ie->mesh_flags &= 1273 ~WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR; 1274 1275 memcpy(mgmt_fwd, mgmt, len); 1276 eth_broadcast_addr(mgmt_fwd->da); 1277 memcpy(mgmt_fwd->sa, sdata->vif.addr, ETH_ALEN); 1278 memcpy(mgmt_fwd->bssid, sdata->vif.addr, ETH_ALEN); 1279 1280 ieee80211_tx_skb(sdata, skb); 1281 return 0; 1282 } 1283 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH 03/10] rtlwifi: Use 6 bits as sequence number of TX report
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihIn new design, SW_DEFINE[1:0] of tx desc are used by firmware, and the TX report only contains SW_DEFINE[7:0]. To satisfy with all cases, driver uses SW_DEFINE[7:2] as sequence number. Besides, the format of tx report have been changed, so a new flag RTL_SPEC_EXT_C2H is used to access report. Signed-off-by: Ping-Ke Shih This change was tested on an old design (RTL8188CE). No problems were observed. Acked-by: Larry Finger
Re: [PATCH 04/10] rtlwifi: Extend tx_power_by_rate_offset size for newer IC
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihIn older design, the TX power is grouped into rate section (smaller array size), but new design groups them into rate (larger array size). Thus, we extend the size for both cases, and add compile time assertion. Signed-off-by: Ping-Ke Shih --- I hate to see any arrays getting larger, but I can see that changes in rates make this inevitable. The BUILD_BUG_ON() is a good addition. Acked-by: Larry Finger
Re: [PATCH 05/10] rtlwifi: Add rate section and its related definition and comment
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihAdd comments to make it to be easier to understand, and add compile time assertions. Signed-off-by: Ping-Ke Shih This is a good improvement. Acked-by: Larry Finger
Re: [PATCH 06/10] rtlwifi: Fix VHT NSS in RC
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihNSS is a argument of highest rate in RC, and it occupies bit 4-7 so use ieee80211_rate_set_vht() to fill the values. Since it got correct rate index, we don't need to check chips to assign NSS in set function anymore. Signed-off-by: Ping-Ke Shih --- drivers/net/wireless/realtek/rtlwifi/rc.c | 49 +-- 1 file changed, 40 insertions(+), 9 deletions(-) diff --git a/drivers/net/wireless/realtek/rtlwifi/rc.c b/drivers/net/wireless/realtek/rtlwifi/rc.c index d1cb7d405618..396bed8d3d51 100644 --- a/drivers/net/wireless/realtek/rtlwifi/rc.c +++ b/drivers/net/wireless/realtek/rtlwifi/rc.c @@ -42,6 +42,17 @@ static u8 _rtl_rc_get_highest_rix(struct rtl_priv *rtlpriv, struct rtl_phy *rtlphy = &(rtlpriv->phy); struct rtl_sta_info *sta_entry = NULL; u16 wireless_mode = 0; + u8 nss; + struct ieee80211_tx_rate rate; + + if (get_rf_type(rtlphy) >= RF_4T4R) + nss = 4; + else if (get_rf_type(rtlphy) >= RF_3T3R) + nss = 3; + else if (get_rf_type(rtlphy) >= RF_2T2R) + nss = 2; + else + nss = 1; As a general rule, I think that if ... else if ... else if ... else ... constructions should be changed to switch statements. This one is simple enough that there will be no complications, but keep this in mind in the future. Acked-by: Larry Finger
Re: [PATCH 07/10] rtlwifi: add definition radio_mask for RF and maximum bandwidth
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihAdd rf mask definition (BIT 0, BIT 1, BIT 2, ...) that is different from rf path definition (0, 1, 2, ...), and then combinations of rf path are possible. Signed-off-by: Ping-Ke Shih I agree that an rf path mask is useful. Acked-by: Larry Finger --- drivers/net/wireless/realtek/rtlwifi/wifi.h | 8 1 file changed, 8 insertions(+) diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h index 4de2ab1d5416..2e9a20273a2d 100644 --- a/drivers/net/wireless/realtek/rtlwifi/wifi.h +++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h @@ -286,6 +286,13 @@ enum radio_path { RF90_PATH_D = 3, }; +enum radio_mask { + RF_MASK_A = BIT(0), + RF_MASK_B = BIT(1), + RF_MASK_C = BIT(2), + RF_MASK_D = BIT(3), +}; + enum regulation_txpwr_lmt { TXPWR_LMT_FCC = 0, TXPWR_LMT_MKK = 1, @@ -579,6 +586,7 @@ enum ht_channel_width { HT_CHANNEL_WIDTH_20 = 0, HT_CHANNEL_WIDTH_20_40 = 1, HT_CHANNEL_WIDTH_80 = 2, + HT_CHANNEL_WIDTH_MAX, }; /* Ref: 802.11i sepc D10.0 7.3.2.25.1
Re: [PATCH 08/10] rtlwifi: add efuse ops for other components
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihThe new component phydm need to access efuse content, so we prepare ops for reference. Signed-off-by: Tsang-Shian Lin Signed-off-by: Ping-Ke Shih Acked-by: Larry Finger
Re: [PATCH v5 00/12] spectre variant1 mitigations for tip/x86/pti
[ adding lkml ] I had inadvertently dropped lkml when sending this to Thomas. Archive here: https://marc.info/?l=linux-wireless=151704026325010=2 https://marc.info/?l=linux-arch=151704027225013=2 https://marc.info/?l=linux-arch=151704027225014=2 https://marc.info/?l=linux-arch=151704027625015=2 https://marc.info/?l=linux-arch=151704028225016=2 https://marc.info/?l=linux-arch=151704028725019=2 https://marc.info/?l=linux-arch=151704086725186=2 https://marc.info/?l=linux-arch=151704030025025=2 https://marc.info/?l=linux-arch=151704030525028=2 https://marc.info/?l=linux-arch=151704031125029=2 https://marc.info/?l=linux-arch=151704032225034=2 https://marc.info/?l=linux-arch=151704032625035=2 https://marc.info/?l=linux-arch=151704032725037=2 On Fri, Jan 26, 2018 at 11:55 PM, Dan Williamswrote: > Hi Thomas, > > Here's another spin of the spectre-v1 mitigations for 4.16. > > Changes since v4.1: [1] > * Tweak the sanitization scheme yet again to make it even simpler. Now, > instead of 'array_ptr' to get a sanitized pointer to an array element, > just provide an array index sanitization helper 'array_idx' to be called > after successfully validating the index is in bounds. I.e. in the > exact same location one would otherwise put an lfence, place this > sanitizer: > > if (idx < sz) { > idx = array_idx(idx, sz); > val = array[idx]; > } > > This lets the implementation include more sanity checking that the > compiler can usually compile out. It otherwise appears to produce > better assembly. This also cleans up the concern about comparing the > value returned from array_ptr to create another speculation point. > (Russell, Linus, Cyril) > > * Drop the syscall_64_fastpath. This is the straightforward patch from > Linus that might also be in flight from Andy, but I went ahead and > included it since I did not see it on LKML yet. > > * Kill the MASK_NOSPEC macro and just open code it. (Andy) > > * Add system-call-number sanitization to the slow path syscall table > lookups. > > * Redo the array_ptr conversions with array_idx. > > * Update /sys/devices/system/cpu/vulnerabilities/spectre_v1 to indicate > the new protections. It now reports "Vulnerable: Minimal user pointer > sanitization". (Jiri) > > --- > > Dan Williams (11): > array_idx: sanitize speculative array de-references > x86: implement array_idx_mask > x86: introduce __uaccess_begin_nospec and ifence > x86, __get_user: use __uaccess_begin_nospec > x86, get_user: use pointer masking to limit speculation > x86: remove the syscall_64 fast-path > x86: sanitize sycall table de-references under speculation > vfs, fdtable: prevent bounds-check bypass via speculative execution > kvm, x86: update spectre-v1 mitigation > nl80211: sanitize array index in parse_txq_params > x86/spectre: report get_user mitigation for spectre_v1 > > Mark Rutland (1): > Documentation: document array_idx > > > Documentation/speculation.txt | 87 > arch/x86/entry/common.c |3 + > arch/x86/entry/entry_64.S | 116 > - > arch/x86/entry/syscall_64.c |7 +- > arch/x86/include/asm/barrier.h| 26 > arch/x86/include/asm/msr.h|3 - > arch/x86/include/asm/uaccess.h| 15 - > arch/x86/include/asm/uaccess_32.h |6 +- > arch/x86/include/asm/uaccess_64.h | 12 ++-- > arch/x86/kernel/cpu/bugs.c|2 - > arch/x86/kvm/vmx.c| 14 +++- > arch/x86/lib/getuser.S| 10 +++ > arch/x86/lib/usercopy_32.c|8 +-- > include/linux/fdtable.h |5 +- > include/linux/nospec.h| 64 > net/wireless/nl80211.c|9 ++- > 16 files changed, 239 insertions(+), 148 deletions(-) > create mode 100644 Documentation/speculation.txt > create mode 100644 include/linux/nospec.h
Re: [PATCH 10/10] rtlwifi: btcoex: Add 8822be btcoex supported files for wifi only
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihThe wifi only btcoex is used to solo card (without BT), and it is also useful to exclude the interference with BT to make debug easier. There are only four ops for wifi only btcoex to initialze antenna and switch the settings while band is changed. Signed-off-by: Ping-Ke Shih Acked-by: Larry Finger
Re: [PATCH 09/10] rtlwifi: btcoex: add routine to set default port id
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihTell wifi and BT firmware the default port ID to set multiports' state properly, but only 8822be needs this function currently. Signed-off-by: Ping-Ke Shih --- This patch results in the following compiler warnings: CC [M] drivers/net/wireless/realtek/rtlwifi/rtl8723be/dm.o drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c:1052:13: warning: ‘halbtc_set_default_port_id_cmd’ defined but not used [-Wunused-function] static void halbtc_set_default_port_id_cmd(void *bt_context) ^~ drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c:1042:13: warning: ‘halbtc_send_wifi_port_id_cmd’ defined but not used [-Wunused-function] static void halbtc_send_wifi_port_id_cmd(void *bt_context) ^~ Something seems to be wrong. As these routines will likely be needed later, you need to remove the static notation and put their prototypes in a header to quiet Sparse. Larry .../realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 22 ++ drivers/net/wireless/realtek/rtlwifi/wifi.h| 5 + 2 files changed, 27 insertions(+) diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c index 1404729441a2..5e41b204f7c0 100644 --- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c +++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c @@ -1039,6 +1039,28 @@ static void halbtc_fill_h2c_cmd(void *bt_context, u8 element_id, cmd_len, cmd_buf); } +static void halbtc_send_wifi_port_id_cmd(void *bt_context) +{ + struct btc_coexist *btcoexist = (struct btc_coexist *)bt_context; + struct rtl_priv *rtlpriv = btcoexist->adapter; + u8 cmd_buf[1] = {0};/* port id [2:0] = 0 */ + + rtlpriv->cfg->ops->fill_h2c_cmd(rtlpriv->mac80211.hw, H2C_BT_PORT_ID, + 1, cmd_buf); +} + +static void halbtc_set_default_port_id_cmd(void *bt_context) +{ + struct btc_coexist *btcoexist = (struct btc_coexist *)bt_context; + struct rtl_priv *rtlpriv = btcoexist->adapter; + struct ieee80211_hw *hw = rtlpriv->mac80211.hw; + + if (!rtlpriv->cfg->ops->set_default_port_id_cmd) + return; + + rtlpriv->cfg->ops->set_default_port_id_cmd(hw); +} + static void halbtc_set_bt_reg(void *btc_context, u8 reg_type, u32 offset, u32 set_val) { diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h index 0e8aae0c05c1..1c9ed28b42da 100644 --- a/drivers/net/wireless/realtek/rtlwifi/wifi.h +++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h @@ -153,6 +153,10 @@ enum rtl8192c_h2c_cmd { MAX_H2CCMD }; +enum { + H2C_BT_PORT_ID = 0x71, +}; + #define GET_TX_REPORT_SN_V1(c2h) (c2h[6]) #define GET_TX_REPORT_ST_V1(c2h) (c2h[0] & 0xC0) #define GET_TX_REPORT_RETRY_V1(c2h) (c2h[2] & 0x3F) @@ -2256,6 +2260,7 @@ struct rtl_hal_ops { void (*bt_coex_off_before_lps) (struct ieee80211_hw *hw); void (*fill_h2c_cmd) (struct ieee80211_hw *hw, u8 element_id, u32 cmd_len, u8 *p_cmdbuffer); + void (*set_default_port_id_cmd)(struct ieee80211_hw *hw); bool (*get_btc_status) (void); bool (*is_fw_header)(struct rtlwifi_firmware_header *hdr); u32 (*rx_command_packet)(struct ieee80211_hw *hw,
Re: [PATCH v5 00/12] spectre variant1 mitigations for tip/x86/pti
On Fri, Jan 26, 2018 at 11:55 PM, Dan Williamswrote: > > Here's another spin of the spectre-v1 mitigations for 4.16. I see nothing really objectionable here. And unlike Spectre-v2 and Meltdown, I expect Spectre-v1 to be with us for a long time. It's not a "CPU did a bad job with checking the cached information it had" (whether it be from the TLB, BTB or RSB), it's pretty fundamental to just regular conditional branch prediction. So ack from me, and I don't expect this to be behind any config options. I still haven't really seen any numbers for this, but I _assume_ it's basically not measurable. Linus
Re: [PATCH 01/10] rtlwifi: enable mac80211 fast-tx support
On 01/26/2018 01:46 AM, pks...@realtek.com wrote: From: Ping-Ke ShihEnable the mac80211 fast-tx feature, since our driver already support hw_flags required by fast-tx and is able to let mac80211 stack to transmit packet through fast-xmit path. Signed-off-by: Yan-Hsuan Chuang Signed-off-by: Ping-Ke Shih Acked-by: Larry Finger
Re: [PATCH] ath9k: Print has_queued in debugfs.
Ben Greearwrites: > On 01/27/2018 05:29 AM, Toke Høiland-Jørgensen wrote: >> gree...@candelatech.com writes: >> >>> From: Ben Greear >>> >>> The PAUSED field was never printed per tid. Replace that >>> with has_queued, which might help someone track down strange >>> bugs related to aqm. >>> >>> And, make tx-queue debug info show peer BSSID as well as vdev >>> MAC to aid debugging with multiple stations connected to the >>> same peer. >>> >>> Signed-off-by: Ben Greear >>> --- >>> drivers/net/wireless/ath/ath9k/debug_sta.c | 10 ++ >>> drivers/net/wireless/ath/ath9k/xmit.c | 5 +++-- >>> 2 files changed, 9 insertions(+), 6 deletions(-) >>> >>> diff --git a/drivers/net/wireless/ath/ath9k/debug_sta.c >>> b/drivers/net/wireless/ath/ath9k/debug_sta.c >>> index efc692e..a45f1f5 100644 >>> --- a/drivers/net/wireless/ath/ath9k/debug_sta.c >>> +++ b/drivers/net/wireless/ath/ath9k/debug_sta.c >>> @@ -48,9 +48,10 @@ static ssize_t read_file_node_aggr(struct file *file, >>> char __user *user_buf, >>> an->mpdudensity); >>> >>> len += scnprintf(buf + len, size - len, >>> -"\n%3s%11s%10s%10s%10s%10s%9s%6s%8s\n", >>> +"\n%3s%11s%10s%10s%10s%10s%9s%6s%9s\n", >>> "TID", "SEQ_START", "SEQ_NEXT", "BAW_SIZE", >>> -"BAW_HEAD", "BAW_TAIL", "BAR_IDX", "SCHED", "PAUSED"); >>> +"BAW_HEAD", "BAW_TAIL", "BAR_IDX", "SCHED", >>> +"HAS-QUED"); >>> >>> for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) { >>> tid = ath_node_to_tid(an, tidno); >>> @@ -58,7 +59,7 @@ static ssize_t read_file_node_aggr(struct file *file, >>> char __user *user_buf, >>> ath_txq_lock(sc, txq); >>> if (tid->active) { >>> len += scnprintf(buf + len, size - len, >>> -"%3d%11d%10d%10d%10d%10d%9d%6d\n", >>> +"%3d%11d%10d%10d%10d%10d%9d%6d%9d\n", >>> tid->tidno, >>> tid->seq_start, >>> tid->seq_next, >>> @@ -66,7 +67,8 @@ static ssize_t read_file_node_aggr(struct file *file, >>> char __user *user_buf, >>> tid->baw_head, >>> tid->baw_tail, >>> tid->bar_index, >>> -!list_empty(>list)); >>> +!list_empty(>list), >>> +tid->has_queued); >> >> Would it perhaps be useful to print the length of tid->retry_q instead >> of / in addition to has_queued? Planning to get rid of the has_queued >> variable entirely... > > I'm just getting started looking at this. 4.9 kernel works fine, so it > seems to be a regression in the aqm stuff since that is the big change > between 4.9 and 4.13. > > From a brief look yesterday, it seems that has_queued is not > adequately protected by locks, but also, it was '1', which indicates > it wants to send pkts (?), so I guess it was not hitting a locking > race. It's only ever accessed under ath_txq_lock(), so I don't think it's a locking issue. > Can you point me at the scheduler code (method name?). I'll be looking > at that as soon as I get time. ath_txq_schedule() is the main scheduler (in xmit.c). As I said it may be the airtime fairness scheduler that's throttling stations; did you look at the airtime debugfs file? -Toke
Re: [PATCH] ath9k: Print has_queued in debugfs.
On 01/27/2018 05:29 AM, Toke Høiland-Jørgensen wrote: gree...@candelatech.com writes: From: Ben GreearThe PAUSED field was never printed per tid. Replace that with has_queued, which might help someone track down strange bugs related to aqm. And, make tx-queue debug info show peer BSSID as well as vdev MAC to aid debugging with multiple stations connected to the same peer. Signed-off-by: Ben Greear --- drivers/net/wireless/ath/ath9k/debug_sta.c | 10 ++ drivers/net/wireless/ath/ath9k/xmit.c | 5 +++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/debug_sta.c b/drivers/net/wireless/ath/ath9k/debug_sta.c index efc692e..a45f1f5 100644 --- a/drivers/net/wireless/ath/ath9k/debug_sta.c +++ b/drivers/net/wireless/ath/ath9k/debug_sta.c @@ -48,9 +48,10 @@ static ssize_t read_file_node_aggr(struct file *file, char __user *user_buf, an->mpdudensity); len += scnprintf(buf + len, size - len, -"\n%3s%11s%10s%10s%10s%10s%9s%6s%8s\n", +"\n%3s%11s%10s%10s%10s%10s%9s%6s%9s\n", "TID", "SEQ_START", "SEQ_NEXT", "BAW_SIZE", -"BAW_HEAD", "BAW_TAIL", "BAR_IDX", "SCHED", "PAUSED"); +"BAW_HEAD", "BAW_TAIL", "BAR_IDX", "SCHED", +"HAS-QUED"); for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) { tid = ath_node_to_tid(an, tidno); @@ -58,7 +59,7 @@ static ssize_t read_file_node_aggr(struct file *file, char __user *user_buf, ath_txq_lock(sc, txq); if (tid->active) { len += scnprintf(buf + len, size - len, -"%3d%11d%10d%10d%10d%10d%9d%6d\n", +"%3d%11d%10d%10d%10d%10d%9d%6d%9d\n", tid->tidno, tid->seq_start, tid->seq_next, @@ -66,7 +67,8 @@ static ssize_t read_file_node_aggr(struct file *file, char __user *user_buf, tid->baw_head, tid->baw_tail, tid->bar_index, -!list_empty(>list)); +!list_empty(>list), +tid->has_queued); Would it perhaps be useful to print the length of tid->retry_q instead of / in addition to has_queued? Planning to get rid of the has_queued variable entirely... I'm just getting started looking at this. 4.9 kernel works fine, so it seems to be a regression in the aqm stuff since that is the big change between 4.9 and 4.13. From a brief look yesterday, it seems that has_queued is not adequately protected by locks, but also, it was '1', which indicates it wants to send pkts (?), so I guess it was not hitting a locking race. Can you point me at the scheduler code (method name?). I'll be looking at that as soon as I get time. Thanks, Ben -Toke -- Ben Greear Candela Technologies Inc http://www.candelatech.com
[PATCH 4.16 3/4] mt76: avoid re-queueing A-MPDU rx reorder work if no frames are pending
Fixes: aee5b8cf2477 ("mt76: implement A-MPDU rx reordering in the driver code") Signed-off-by: Felix Fietkau--- drivers/net/wireless/mediatek/mt76/agg-rx.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/agg-rx.c b/drivers/net/wireless/mediatek/mt76/agg-rx.c index e9784b50e2af..fcb208d1f276 100644 --- a/drivers/net/wireless/mediatek/mt76/agg-rx.c +++ b/drivers/net/wireless/mediatek/mt76/agg-rx.c @@ -98,6 +98,7 @@ mt76_rx_aggr_reorder_work(struct work_struct *work) reorder_work.work); struct mt76_dev *dev = tid->dev; struct sk_buff_head frames; + int nframes; __skb_queue_head_init(); @@ -105,9 +106,12 @@ mt76_rx_aggr_reorder_work(struct work_struct *work) spin_lock(>lock); mt76_rx_aggr_check_release(tid, ); + nframes = tid->nframes; spin_unlock(>lock); - ieee80211_queue_delayed_work(tid->dev->hw, >reorder_work, REORDER_TIMEOUT); + if (nframes) + ieee80211_queue_delayed_work(tid->dev->hw, >reorder_work, +REORDER_TIMEOUT); mt76_rx_complete(dev, , -1); local_bh_enable(); -- 2.14.2
[PATCH 4.16 2/4] mt76: implement processing of BlockAckReq frames
Avoids timeouts on reordered A-MPDU rx frames Fixes: aee5b8cf2477 ("mt76: implement A-MPDU rx reordering in the driver code") Signed-off-by: Felix Fietkau--- drivers/net/wireless/mediatek/mt76/agg-rx.c | 34 - 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/agg-rx.c b/drivers/net/wireless/mediatek/mt76/agg-rx.c index 8027bb7c03c2..e9784b50e2af 100644 --- a/drivers/net/wireless/mediatek/mt76/agg-rx.c +++ b/drivers/net/wireless/mediatek/mt76/agg-rx.c @@ -113,6 +113,33 @@ mt76_rx_aggr_reorder_work(struct work_struct *work) local_bh_enable(); } +static void +mt76_rx_aggr_check_ctl(struct sk_buff *skb, struct sk_buff_head *frames) +{ + struct mt76_rx_status *status = (struct mt76_rx_status *) skb->cb; + struct ieee80211_bar *bar = (struct ieee80211_bar *) skb->data; + struct mt76_wcid *wcid = status->wcid; + struct mt76_rx_tid *tid; + u16 seqno; + + if (!ieee80211_is_ctl(bar->frame_control)) + return; + + if (!ieee80211_is_back_req(bar->frame_control)) + return; + + status->tid = le16_to_cpu(bar->control) >> 12; + seqno = le16_to_cpu(bar->start_seq_num) >> 4; + tid = rcu_dereference(wcid->aggr[status->tid]); + if (!tid) + return; + + spin_lock_bh(>lock); + mt76_rx_aggr_release_frames(tid, frames, seqno); + mt76_rx_aggr_release_head(tid, frames); + spin_unlock_bh(>lock); +} + void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames) { struct mt76_rx_status *status = (struct mt76_rx_status *) skb->cb; @@ -126,9 +153,14 @@ void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames) __skb_queue_tail(frames, skb); sta = wcid_to_sta(wcid); - if (!sta || !status->aggr) + if (!sta) return; + if (!status->aggr) { + mt76_rx_aggr_check_ctl(skb, frames); + return; + } + tid = rcu_dereference(wcid->aggr[status->tid]); if (!tid) return; -- 2.14.2
[PATCH 4.16 1/4] mt76: implement AP_LINK_PS
With software A-MPDU reordering in place, frames that notify mac80211 of powersave changes are reordered as well, which can cause connection stalls. Fix this by implementing powersave state processing in the driver. Fixes: aee5b8cf2477 ("mt76: implement A-MPDU rx reordering in the driver code") Signed-off-by: Felix Fietkau--- drivers/net/wireless/mediatek/mt76/mac80211.c| 52 +++- drivers/net/wireless/mediatek/mt76/mt76.h| 10 + drivers/net/wireless/mediatek/mt76/mt76x2.h | 2 + drivers/net/wireless/mediatek/mt76/mt76x2_init.c | 1 + drivers/net/wireless/mediatek/mt76/mt76x2_main.c | 28 ++--- 5 files changed, 78 insertions(+), 15 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mac80211.c b/drivers/net/wireless/mediatek/mt76/mac80211.c index 5fcb2deb89a2..85f8d324ebf8 100644 --- a/drivers/net/wireless/mediatek/mt76/mac80211.c +++ b/drivers/net/wireless/mediatek/mt76/mac80211.c @@ -276,6 +276,7 @@ int mt76_register_device(struct mt76_dev *dev, bool vht, ieee80211_hw_set(hw, TX_AMSDU); ieee80211_hw_set(hw, TX_FRAG_LIST); ieee80211_hw_set(hw, MFP_CAPABLE); + ieee80211_hw_set(hw, AP_LINK_PS); wiphy->flags |= WIPHY_FLAG_IBSS_RSN; @@ -470,6 +471,53 @@ mt76_check_ccmp_pn(struct sk_buff *skb) return 0; } +static void +mt76_check_ps(struct mt76_dev *dev, struct sk_buff *skb) +{ + struct mt76_rx_status *status = (struct mt76_rx_status *) skb->cb; + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; + struct ieee80211_sta *sta; + struct mt76_wcid *wcid = status->wcid; + bool ps; + + if (!wcid || !wcid->sta) + return; + + sta = container_of((void *) wcid, struct ieee80211_sta, drv_priv); + + if (!test_bit(MT_WCID_FLAG_CHECK_PS, >flags)) + return; + + if (ieee80211_is_pspoll(hdr->frame_control)) { + ieee80211_sta_pspoll(sta); + return; + } + + if (ieee80211_has_morefrags(hdr->frame_control) || + !(ieee80211_is_mgmt(hdr->frame_control) || + ieee80211_is_data(hdr->frame_control))) + return; + + ps = ieee80211_has_pm(hdr->frame_control); + + if (ps && (ieee80211_is_data_qos(hdr->frame_control) || + ieee80211_is_qos_nullfunc(hdr->frame_control))) + ieee80211_sta_uapsd_trigger(sta, status->tid); + + if (!!test_bit(MT_WCID_FLAG_PS, >flags) == ps) + return; + + if (ps) { + set_bit(MT_WCID_FLAG_PS, >flags); + mt76_stop_tx_queues(dev, sta, true); + } else { + clear_bit(MT_WCID_FLAG_PS, >flags); + } + + ieee80211_sta_ps_transition(sta, ps); + dev->drv->sta_ps(dev, sta, ps); +} + void mt76_rx_complete(struct mt76_dev *dev, struct sk_buff_head *frames, int queue) { @@ -498,8 +546,10 @@ void mt76_rx_poll_complete(struct mt76_dev *dev, enum mt76_rxq_id q) __skb_queue_head_init(); - while ((skb = __skb_dequeue(>rx_skb[q])) != NULL) + while ((skb = __skb_dequeue(>rx_skb[q])) != NULL) { + mt76_check_ps(dev, skb); mt76_rx_aggr_reorder(skb, ); + } mt76_rx_complete(dev, , q); } diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h b/drivers/net/wireless/mediatek/mt76/mt76.h index 129015c9d116..d2ce15093edd 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76.h +++ b/drivers/net/wireless/mediatek/mt76/mt76.h @@ -121,11 +121,18 @@ struct mt76_queue_ops { void (*kick)(struct mt76_dev *dev, struct mt76_queue *q); }; +enum mt76_wcid_flags { + MT_WCID_FLAG_CHECK_PS, + MT_WCID_FLAG_PS, +}; + struct mt76_wcid { struct mt76_rx_tid __rcu *aggr[IEEE80211_NUM_TIDS]; struct work_struct aggr_work; + unsigned long flags; + u8 idx; u8 hw_key_idx; @@ -206,6 +213,9 @@ struct mt76_driver_ops { struct sk_buff *skb); void (*rx_poll_complete)(struct mt76_dev *dev, enum mt76_rxq_id q); + + void (*sta_ps)(struct mt76_dev *dev, struct ieee80211_sta *sta, + bool ps); }; struct mt76_channel_state { diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2.h b/drivers/net/wireless/mediatek/mt76/mt76x2.h index 17df17afd9bf..e62131b88102 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76x2.h +++ b/drivers/net/wireless/mediatek/mt76/mt76x2.h @@ -218,6 +218,8 @@ void mt76x2_rx_poll_complete(struct mt76_dev *mdev, enum mt76_rxq_id q); void mt76x2_queue_rx_skb(struct mt76_dev *mdev, enum mt76_rxq_id q, struct sk_buff *skb); +void mt76x2_sta_ps(struct mt76_dev *dev, struct ieee80211_sta *sta, bool ps); + void mt76x2_update_channel(struct mt76_dev *mdev); s8 mt76x2_tx_get_max_txpwr_adj(struct mt76x2_dev *dev, diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2_init.c
[PATCH 4.16 4/4] mt76: do not set status->aggr for NULL data frames
Avoids data connection stalls when the client toggles powersave mode Fixes: aee5b8cf2477 ("mt76: implement A-MPDU rx reordering in the driver code") Signed-off-by: Felix Fietkau--- drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2_mac.c b/drivers/net/wireless/mediatek/mt76/mt76x2_mac.c index 6c30b5eaa9ca..7ea3d841918e 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76x2_mac.c +++ b/drivers/net/wireless/mediatek/mt76/mt76x2_mac.c @@ -341,7 +341,7 @@ int mt76x2_mac_process_rx(struct mt76x2_dev *dev, struct sk_buff *skb, mt76x2_remove_hdr_pad(skb, pad_len); - if (rxinfo & MT_RXINFO_BA) + if ((rxinfo & MT_RXINFO_BA) && !(rxinfo & MT_RXINFO_NULL)) status->aggr = true; if (WARN_ON_ONCE(len > skb->len)) -- 2.14.2
Re: [PATCH v2 0/6] wl1251: Fix MAC address for Nokia N900
On Friday 05 January 2018 02:45:10 Luis R. Rodriguez wrote: > On Tue, Jan 02, 2018 at 08:23:45PM +0100, Pali Rohár wrote: > > On Friday 10 November 2017 00:38:22 Pali Rohár wrote: > > > This patch series fix processing MAC address for wl1251 chip found in > > > Nokia N900. > > > > > > Changes since v1: > > > * Added Acked-by for Pavel Machek > > > * Fixed grammar > > > * Magic numbers for NVS offsets are replaced by defines > > > * Check for validity of mac address NVS data is moved into function > > > * Changed order of patches as Pavel requested > > > > > > Pali Rohár (6): > > > wl1251: Update wl->nvs_len after wl->nvs is valid > > > wl1251: Generate random MAC address only if driver does not have > > > valid > > > wl1251: Parse and use MAC address from supplied NVS data > > > wl1251: Set generated MAC address back to NVS data > > > firmware: Add request_firmware_prefer_user() function > > > wl1251: Use request_firmware_prefer_user() for loading NVS > > > calibration data > > > > > > drivers/base/firmware_class.c | 45 +- > > > drivers/net/wireless/ti/wl1251/Kconfig |1 + > > > drivers/net/wireless/ti/wl1251/main.c | 104 > > > ++-- > > > include/linux/firmware.h |9 +++ > > > 4 files changed, 138 insertions(+), 21 deletions(-) > > > > Hi! Are there any comments for first 4 patches? If not, could they be > > accepted and merged? > > Since the first 4 patches do not touch the firmware API they seem fine to me > so > long as the maintainer accepts them. Maybe resend and clarify you have dropped > the other ones and amend with the new tags. According to get_maintainer.pl, Kalle Valo is maintainer. Kalle Valo, if you do not have any other comments, can you accept first 4 patches? Or do you really need to resent first 4 patches again? -- Pali Rohár pali.ro...@gmail.com signature.asc Description: PGP signature
Re: [PATCH] ath9k: Print has_queued in debugfs.
gree...@candelatech.com writes: > From: Ben Greear> > The PAUSED field was never printed per tid. Replace that > with has_queued, which might help someone track down strange > bugs related to aqm. > > And, make tx-queue debug info show peer BSSID as well as vdev > MAC to aid debugging with multiple stations connected to the > same peer. > > Signed-off-by: Ben Greear > --- > drivers/net/wireless/ath/ath9k/debug_sta.c | 10 ++ > drivers/net/wireless/ath/ath9k/xmit.c | 5 +++-- > 2 files changed, 9 insertions(+), 6 deletions(-) > > diff --git a/drivers/net/wireless/ath/ath9k/debug_sta.c > b/drivers/net/wireless/ath/ath9k/debug_sta.c > index efc692e..a45f1f5 100644 > --- a/drivers/net/wireless/ath/ath9k/debug_sta.c > +++ b/drivers/net/wireless/ath/ath9k/debug_sta.c > @@ -48,9 +48,10 @@ static ssize_t read_file_node_aggr(struct file *file, char > __user *user_buf, >an->mpdudensity); > > len += scnprintf(buf + len, size - len, > - "\n%3s%11s%10s%10s%10s%10s%9s%6s%8s\n", > + "\n%3s%11s%10s%10s%10s%10s%9s%6s%9s\n", >"TID", "SEQ_START", "SEQ_NEXT", "BAW_SIZE", > - "BAW_HEAD", "BAW_TAIL", "BAR_IDX", "SCHED", "PAUSED"); > + "BAW_HEAD", "BAW_TAIL", "BAR_IDX", "SCHED", > + "HAS-QUED"); > > for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) { > tid = ath_node_to_tid(an, tidno); > @@ -58,7 +59,7 @@ static ssize_t read_file_node_aggr(struct file *file, char > __user *user_buf, > ath_txq_lock(sc, txq); > if (tid->active) { > len += scnprintf(buf + len, size - len, > - "%3d%11d%10d%10d%10d%10d%9d%6d\n", > + "%3d%11d%10d%10d%10d%10d%9d%6d%9d\n", >tid->tidno, >tid->seq_start, >tid->seq_next, > @@ -66,7 +67,8 @@ static ssize_t read_file_node_aggr(struct file *file, char > __user *user_buf, >tid->baw_head, >tid->baw_tail, >tid->bar_index, > - !list_empty(>list)); > + !list_empty(>list), > + tid->has_queued); Would it perhaps be useful to print the length of tid->retry_q instead of / in addition to has_queued? Planning to get rid of the has_queued variable entirely... -Toke
Re: ath9k will not tx packets sometimes.
Ben Greearwrites: > I'm doing a test with 200 virtual stations on each of 6 ath9k radios. > > When I configure stations for DHCP, I see cases where stations on a particular > radio will not transmit anything sometimes. I see no 'XMIT' logs that show > indication of > frames being received in the driver from the upper stack, but if I use > 'tshark' on > a station interface, it shows frames being 'transmitted'. > > I do, however, see this, which looks like it might show > an issue. It looks like whatever 'aqm' is, it has an ever expanding number > of backlog packets: The aqm is the intermediate queues in mac80211. So this indicates that the driver is not pulling packets for transmission. With that many stations, I wonder whether it is due to the airtime fairness scheduler throttling the station? What is the contents of debug/ieee80211/wiphy2/netdev\:sta30194/stations/00\:0e\:8e\:69\:b8\:f7/airtime while the station is not transmitting? And is it all stations on that particular radio, or only some of them? -Toke
Re: [for-4.15] ssb: Disable PCI host for PCI_DRIVERS_GENERIC
On Sat, Jan 27, 2018 at 10:08:56AM +0100, Andreas Schwab wrote: > On Jan 16 2018, Kalle Valowrote: > > > 58eae1416b80 ssb: Disable PCI host for PCI_DRIVERS_GENERIC > > That breaks wireless on PowerMac! There is nothing MIPS-specific about > SSB. Yes, really sorry about that. There is a patch here: https://patchwork.kernel.org/patch/10185397/ Cheers James
Re: [for-4.15] ssb: Disable PCI host for PCI_DRIVERS_GENERIC
On Jan 16 2018, Kalle Valowrote: > 58eae1416b80 ssb: Disable PCI host for PCI_DRIVERS_GENERIC That breaks wireless on PowerMac! There is nothing MIPS-specific about SSB. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
rtl8723bs: rtnl_is_locked() misuse
Hi, I'm reporting you about misuse of rtnl_is_locked() in rtw_change_ifname() function. Note, that rtnl_is_locked() *does not mean* rtnl is locked on the *current cpu*. This primitive returns true in case of rtnl is locked somewhere in the system. So, it can't be used in the below code: if (!rtnl_is_locked()) unregister_netdev(cur_pnetdev); else unregister_netdevice(cur_pnetdev); Kirill
wilc1000: rtnl_is_locked() misuse
Hi, I'm reporting you about misuse of rtnl_is_locked() in WILC_WFI_deinit_mon_interface() function. Note, that rtnl_is_locked() *does not mean* rtnl is locked on the *current cpu*. This primitive returns true in case of rtnl is locked somewhere in the system. So, it can't be used in the below code: int WILC_WFI_deinit_mon_interface(void) { bool rollback_lock = false; if (wilc_wfi_mon) { if (rtnl_is_locked()) { <--Mistake rtnl_unlock(); rollback_lock = true; } unregister_netdev(wilc_wfi_mon); if (rollback_lock) { rtnl_lock(); rollback_lock = false; } wilc_wfi_mon = NULL; } return 0; } Kirill
[PATCH v5 11/12] nl80211: sanitize array index in parse_txq_params
Wireless drivers rely on parse_txq_params to validate that txq_params->ac is less than NL80211_NUM_ACS by the time the low-level driver's ->conf_tx() handler is called. Use a new helper, 'array_idx', to sanitize txq_params->ac with respect to speculation. I.e. ensure that any speculation into ->conf_tx() handlers is done with a value of txq_params->ac that is within the bounds of [0, NL80211_NUM_ACS). Reported-by: Christian LamparterReported-by: Elena Reshetova Acked-by: Johannes Berg Cc: "David S. Miller" Cc: linux-wireless@vger.kernel.org Signed-off-by: Dan Williams --- net/wireless/nl80211.c |9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d396cb61a280..1479a1c7819c 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -2056,20 +2057,22 @@ static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { static int parse_txq_params(struct nlattr *tb[], struct ieee80211_txq_params *txq_params) { + u8 ac; + if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || !tb[NL80211_TXQ_ATTR_AIFS]) return -EINVAL; - txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); + ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); - if (txq_params->ac >= NL80211_NUM_ACS) + if (ac >= NL80211_NUM_ACS) return -EINVAL; - + txq_params->ac = array_idx(ac, NL80211_NUM_ACS); return 0; }
[PATCH v5 00/12] spectre variant1 mitigations for tip/x86/pti
Hi Thomas, Here's another spin of the spectre-v1 mitigations for 4.16. Changes since v4.1: [1] * Tweak the sanitization scheme yet again to make it even simpler. Now, instead of 'array_ptr' to get a sanitized pointer to an array element, just provide an array index sanitization helper 'array_idx' to be called after successfully validating the index is in bounds. I.e. in the exact same location one would otherwise put an lfence, place this sanitizer: if (idx < sz) { idx = array_idx(idx, sz); val = array[idx]; } This lets the implementation include more sanity checking that the compiler can usually compile out. It otherwise appears to produce better assembly. This also cleans up the concern about comparing the value returned from array_ptr to create another speculation point. (Russell, Linus, Cyril) * Drop the syscall_64_fastpath. This is the straightforward patch from Linus that might also be in flight from Andy, but I went ahead and included it since I did not see it on LKML yet. * Kill the MASK_NOSPEC macro and just open code it. (Andy) * Add system-call-number sanitization to the slow path syscall table lookups. * Redo the array_ptr conversions with array_idx. * Update /sys/devices/system/cpu/vulnerabilities/spectre_v1 to indicate the new protections. It now reports "Vulnerable: Minimal user pointer sanitization". (Jiri) --- Dan Williams (11): array_idx: sanitize speculative array de-references x86: implement array_idx_mask x86: introduce __uaccess_begin_nospec and ifence x86, __get_user: use __uaccess_begin_nospec x86, get_user: use pointer masking to limit speculation x86: remove the syscall_64 fast-path x86: sanitize sycall table de-references under speculation vfs, fdtable: prevent bounds-check bypass via speculative execution kvm, x86: update spectre-v1 mitigation nl80211: sanitize array index in parse_txq_params x86/spectre: report get_user mitigation for spectre_v1 Mark Rutland (1): Documentation: document array_idx Documentation/speculation.txt | 87 arch/x86/entry/common.c |3 + arch/x86/entry/entry_64.S | 116 - arch/x86/entry/syscall_64.c |7 +- arch/x86/include/asm/barrier.h| 26 arch/x86/include/asm/msr.h|3 - arch/x86/include/asm/uaccess.h| 15 - arch/x86/include/asm/uaccess_32.h |6 +- arch/x86/include/asm/uaccess_64.h | 12 ++-- arch/x86/kernel/cpu/bugs.c|2 - arch/x86/kvm/vmx.c| 14 +++- arch/x86/lib/getuser.S| 10 +++ arch/x86/lib/usercopy_32.c|8 +-- include/linux/fdtable.h |5 +- include/linux/nospec.h| 64 net/wireless/nl80211.c|9 ++- 16 files changed, 239 insertions(+), 148 deletions(-) create mode 100644 Documentation/speculation.txt create mode 100644 include/linux/nospec.h