summaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-06-17 18:55:34 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2019-06-17 18:55:34 -0400
commitda0f382029868806e88c046eb2560fdee7a9457c (patch)
treefe8c8248c5d2023430e2a129fe7dc0c424365aea /drivers/net/wireless
parenteb7c825bf74755a9ea975b7a463c6d13ffa7f447 (diff)
parent4fddbf8a99ee5a65bdd31b3ebbf5a84b9395d496 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: "Lots of bug fixes here: 1) Out of bounds access in __bpf_skc_lookup, from Lorenz Bauer. 2) Fix rate reporting in cfg80211_calculate_bitrate_he(), from John Crispin. 3) Use after free in psock backlog workqueue, from John Fastabend. 4) Fix source port matching in fdb peer flow rule of mlx5, from Raed Salem. 5) Use atomic_inc_not_zero() in fl6_sock_lookup(), from Eric Dumazet. 6) Network header needs to be set for packet redirect in nfp, from John Hurley. 7) Fix udp zerocopy refcnt, from Willem de Bruijn. 8) Don't assume linear buffers in vxlan and geneve error handlers, from Stefano Brivio. 9) Fix TOS matching in mlxsw, from Jiri Pirko. 10) More SCTP cookie memory leak fixes, from Neil Horman. 11) Fix VLAN filtering in rtl8366, from Linus Walluij. 12) Various TCP SACK payload size and fragmentation memory limit fixes from Eric Dumazet. 13) Use after free in pneigh_get_next(), also from Eric Dumazet. 14) LAPB control block leak fix from Jeremy Sowden" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (145 commits) lapb: fixed leak of control-blocks. tipc: purge deferredq list for each grp member in tipc_group_delete ax25: fix inconsistent lock state in ax25_destroy_timer neigh: fix use-after-free read in pneigh_get_next tcp: fix compile error if !CONFIG_SYSCTL hv_sock: Suppress bogus "may be used uninitialized" warnings be2net: Fix number of Rx queues used for flow hashing net: handle 802.1P vlan 0 packets properly tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() tcp: add tcp_min_snd_mss sysctl tcp: tcp_fragment() should apply sane memory limits tcp: limit payload size of sacked skbs Revert "net: phylink: set the autoneg state in phylink_phy_change" bpf: fix nested bpf tracepoints with per-cpu data bpf: Fix out of bounds memory access in bpf_sk_storage vsock/virtio: set SOCK_DONE on peer shutdown net: dsa: rtl8366: Fix up VLAN filtering net: phylink: set the autoneg state in phylink_phy_change net: add high_order_alloc_disable sysctl/static key tcp: add tcp_tx_skb_cache sysctl ...
Diffstat (limited to 'drivers/net/wireless')
-rw-r--r--drivers/net/wireless/intel/iwlwifi/fw/dbg.c39
-rw-r--r--drivers/net/wireless/intel/iwlwifi/fw/dbg.h2
-rw-r--r--drivers/net/wireless/intel/iwlwifi/iwl-drv.c1
-rw-r--r--drivers/net/wireless/intel/iwlwifi/iwl-prph.h22
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/d3.c22
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c57
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/fw.c23
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c2
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/mvm.h4
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/ops.c20
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c3
-rw-r--r--drivers/net/wireless/intel/iwlwifi/mvm/utils.c2
-rw-r--r--drivers/net/wireless/intel/iwlwifi/pcie/internal.h2
-rw-r--r--drivers/net/wireless/intel/iwlwifi/pcie/trans.c53
-rw-r--r--drivers/net/wireless/mac80211_hwsim.c1
-rw-r--r--drivers/net/wireless/marvell/mwifiex/ie.c47
-rw-r--r--drivers/net/wireless/marvell/mwifiex/scan.c19
-rw-r--r--drivers/net/wireless/realtek/rtw88/fw.c6
-rw-r--r--drivers/net/wireless/realtek/rtw88/main.c3
-rw-r--r--drivers/net/wireless/realtek/rtw88/phy.c22
-rw-r--r--drivers/net/wireless/rsi/rsi_91x_sdio.c21
21 files changed, 221 insertions, 150 deletions
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
index 5f52e40a2903..33d7bc5500db 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
@@ -2747,3 +2747,42 @@ void iwl_fw_dbg_periodic_trig_handler(struct timer_list *t)
2747 jiffies + msecs_to_jiffies(collect_interval)); 2747 jiffies + msecs_to_jiffies(collect_interval));
2748 } 2748 }
2749} 2749}
2750
2751#define FSEQ_REG(x) { .addr = (x), .str = #x, }
2752
2753void iwl_fw_error_print_fseq_regs(struct iwl_fw_runtime *fwrt)
2754{
2755 struct iwl_trans *trans = fwrt->trans;
2756 unsigned long flags;
2757 int i;
2758 struct {
2759 u32 addr;
2760 const char *str;
2761 } fseq_regs[] = {
2762 FSEQ_REG(FSEQ_ERROR_CODE),
2763 FSEQ_REG(FSEQ_TOP_INIT_VERSION),
2764 FSEQ_REG(FSEQ_CNVIO_INIT_VERSION),
2765 FSEQ_REG(FSEQ_OTP_VERSION),
2766 FSEQ_REG(FSEQ_TOP_CONTENT_VERSION),
2767 FSEQ_REG(FSEQ_ALIVE_TOKEN),
2768 FSEQ_REG(FSEQ_CNVI_ID),
2769 FSEQ_REG(FSEQ_CNVR_ID),
2770 FSEQ_REG(CNVI_AUX_MISC_CHIP),
2771 FSEQ_REG(CNVR_AUX_MISC_CHIP),
2772 FSEQ_REG(CNVR_SCU_SD_REGS_SD_REG_DIG_DCDC_VTRIM),
2773 FSEQ_REG(CNVR_SCU_SD_REGS_SD_REG_ACTIVE_VDIG_MIRROR),
2774 };
2775
2776 if (!iwl_trans_grab_nic_access(trans, &flags))
2777 return;
2778
2779 IWL_ERR(fwrt, "Fseq Registers:\n");
2780
2781 for (i = 0; i < ARRAY_SIZE(fseq_regs); i++)
2782 IWL_ERR(fwrt, "0x%08X | %s\n",
2783 iwl_read_prph_no_grab(trans, fseq_regs[i].addr),
2784 fseq_regs[i].str);
2785
2786 iwl_trans_release_nic_access(trans, &flags);
2787}
2788IWL_EXPORT_SYMBOL(iwl_fw_error_print_fseq_regs);
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.h b/drivers/net/wireless/intel/iwlwifi/fw/dbg.h
index 2a9e560a906b..fd0ad220e961 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.h
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.h
@@ -471,4 +471,6 @@ static inline void iwl_fw_error_collect(struct iwl_fw_runtime *fwrt)
471} 471}
472 472
473void iwl_fw_dbg_periodic_trig_handler(struct timer_list *t); 473void iwl_fw_dbg_periodic_trig_handler(struct timer_list *t);
474
475void iwl_fw_error_print_fseq_regs(struct iwl_fw_runtime *fwrt);
474#endif /* __iwl_fw_dbg_h__ */ 476#endif /* __iwl_fw_dbg_h__ */
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
index 852d3cbfc719..fba242284507 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -1597,7 +1597,6 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
1597 goto free; 1597 goto free;
1598 1598
1599 out_free_fw: 1599 out_free_fw:
1600 iwl_dealloc_ucode(drv);
1601 release_firmware(ucode_raw); 1600 release_firmware(ucode_raw);
1602 out_unbind: 1601 out_unbind:
1603 complete(&drv->request_firmware_complete); 1602 complete(&drv->request_firmware_complete);
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-prph.h b/drivers/net/wireless/intel/iwlwifi/iwl-prph.h
index 8e6a0c363c0d..8d930bfe0727 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-prph.h
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-prph.h
@@ -395,7 +395,11 @@ enum {
395 WFPM_AUX_CTL_AUX_IF_MAC_OWNER_MSK = 0x80000000, 395 WFPM_AUX_CTL_AUX_IF_MAC_OWNER_MSK = 0x80000000,
396}; 396};
397 397
398#define AUX_MISC_REG 0xA200B0 398#define CNVI_AUX_MISC_CHIP 0xA200B0
399#define CNVR_AUX_MISC_CHIP 0xA2B800
400#define CNVR_SCU_SD_REGS_SD_REG_DIG_DCDC_VTRIM 0xA29890
401#define CNVR_SCU_SD_REGS_SD_REG_ACTIVE_VDIG_MIRROR 0xA29938
402
399enum { 403enum {
400 HW_STEP_LOCATION_BITS = 24, 404 HW_STEP_LOCATION_BITS = 24,
401}; 405};
@@ -408,7 +412,12 @@ enum aux_misc_master1_en {
408#define AUX_MISC_MASTER1_SMPHR_STATUS 0xA20800 412#define AUX_MISC_MASTER1_SMPHR_STATUS 0xA20800
409#define RSA_ENABLE 0xA24B08 413#define RSA_ENABLE 0xA24B08
410#define PREG_AUX_BUS_WPROT_0 0xA04CC0 414#define PREG_AUX_BUS_WPROT_0 0xA04CC0
411#define PREG_PRPH_WPROT_0 0xA04CE0 415
416/* device family 9000 WPROT register */
417#define PREG_PRPH_WPROT_9000 0xA04CE0
418/* device family 22000 WPROT register */
419#define PREG_PRPH_WPROT_22000 0xA04D00
420
412#define SB_CPU_1_STATUS 0xA01E30 421#define SB_CPU_1_STATUS 0xA01E30
413#define SB_CPU_2_STATUS 0xA01E34 422#define SB_CPU_2_STATUS 0xA01E34
414#define UMAG_SB_CPU_1_STATUS 0xA038C0 423#define UMAG_SB_CPU_1_STATUS 0xA038C0
@@ -442,4 +451,13 @@ enum {
442 451
443#define UREG_DOORBELL_TO_ISR6 0xA05C04 452#define UREG_DOORBELL_TO_ISR6 0xA05C04
444#define UREG_DOORBELL_TO_ISR6_NMI_BIT BIT(0) 453#define UREG_DOORBELL_TO_ISR6_NMI_BIT BIT(0)
454
455#define FSEQ_ERROR_CODE 0xA340C8
456#define FSEQ_TOP_INIT_VERSION 0xA34038
457#define FSEQ_CNVIO_INIT_VERSION 0xA3403C
458#define FSEQ_OTP_VERSION 0xA340FC
459#define FSEQ_TOP_CONTENT_VERSION 0xA340F4
460#define FSEQ_ALIVE_TOKEN 0xA340F0
461#define FSEQ_CNVI_ID 0xA3408C
462#define FSEQ_CNVR_ID 0xA34090
445#endif /* __iwl_prph_h__ */ 463#endif /* __iwl_prph_h__ */
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
index 60f5d337f16d..e7e68fb2bd29 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
@@ -1972,26 +1972,6 @@ out:
1972 } 1972 }
1973} 1973}
1974 1974
1975static void iwl_mvm_read_d3_sram(struct iwl_mvm *mvm)
1976{
1977#ifdef CONFIG_IWLWIFI_DEBUGFS
1978 const struct fw_img *img = &mvm->fw->img[IWL_UCODE_WOWLAN];
1979 u32 len = img->sec[IWL_UCODE_SECTION_DATA].len;
1980 u32 offs = img->sec[IWL_UCODE_SECTION_DATA].offset;
1981
1982 if (!mvm->store_d3_resume_sram)
1983 return;
1984
1985 if (!mvm->d3_resume_sram) {
1986 mvm->d3_resume_sram = kzalloc(len, GFP_KERNEL);
1987 if (!mvm->d3_resume_sram)
1988 return;
1989 }
1990
1991 iwl_trans_read_mem_bytes(mvm->trans, offs, mvm->d3_resume_sram, len);
1992#endif
1993}
1994
1995static void iwl_mvm_d3_disconnect_iter(void *data, u8 *mac, 1975static void iwl_mvm_d3_disconnect_iter(void *data, u8 *mac,
1996 struct ieee80211_vif *vif) 1976 struct ieee80211_vif *vif)
1997{ 1977{
@@ -2054,8 +2034,6 @@ static int __iwl_mvm_resume(struct iwl_mvm *mvm, bool test)
2054 } 2034 }
2055 2035
2056 iwl_fw_dbg_read_d3_debug_data(&mvm->fwrt); 2036 iwl_fw_dbg_read_d3_debug_data(&mvm->fwrt);
2057 /* query SRAM first in case we want event logging */
2058 iwl_mvm_read_d3_sram(mvm);
2059 2037
2060 if (iwl_mvm_check_rt_status(mvm, vif)) { 2038 if (iwl_mvm_check_rt_status(mvm, vif)) {
2061 set_bit(STATUS_FW_ERROR, &mvm->trans->status); 2039 set_bit(STATUS_FW_ERROR, &mvm->trans->status);
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
index d4ff6b44de2c..5b1bb76c5d28 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
@@ -1557,59 +1557,6 @@ static ssize_t iwl_dbgfs_bcast_filters_macs_write(struct iwl_mvm *mvm,
1557} 1557}
1558#endif 1558#endif
1559 1559
1560#ifdef CONFIG_PM_SLEEP
1561static ssize_t iwl_dbgfs_d3_sram_write(struct iwl_mvm *mvm, char *buf,
1562 size_t count, loff_t *ppos)
1563{
1564 int store;
1565
1566 if (sscanf(buf, "%d", &store) != 1)
1567 return -EINVAL;
1568
1569 mvm->store_d3_resume_sram = store;
1570
1571 return count;
1572}
1573
1574static ssize_t iwl_dbgfs_d3_sram_read(struct file *file, char __user *user_buf,
1575 size_t count, loff_t *ppos)
1576{
1577 struct iwl_mvm *mvm = file->private_data;
1578 const struct fw_img *img;
1579 int ofs, len, pos = 0;
1580 size_t bufsz, ret;
1581 char *buf;
1582 u8 *ptr = mvm->d3_resume_sram;
1583
1584 img = &mvm->fw->img[IWL_UCODE_WOWLAN];
1585 len = img->sec[IWL_UCODE_SECTION_DATA].len;
1586
1587 bufsz = len * 4 + 256;
1588 buf = kzalloc(bufsz, GFP_KERNEL);
1589 if (!buf)
1590 return -ENOMEM;
1591
1592 pos += scnprintf(buf, bufsz, "D3 SRAM capture: %sabled\n",
1593 mvm->store_d3_resume_sram ? "en" : "dis");
1594
1595 if (ptr) {
1596 for (ofs = 0; ofs < len; ofs += 16) {
1597 pos += scnprintf(buf + pos, bufsz - pos,
1598 "0x%.4x %16ph\n", ofs, ptr + ofs);
1599 }
1600 } else {
1601 pos += scnprintf(buf + pos, bufsz - pos,
1602 "(no data captured)\n");
1603 }
1604
1605 ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
1606
1607 kfree(buf);
1608
1609 return ret;
1610}
1611#endif
1612
1613#define PRINT_MVM_REF(ref) do { \ 1560#define PRINT_MVM_REF(ref) do { \
1614 if (mvm->refs[ref]) \ 1561 if (mvm->refs[ref]) \
1615 pos += scnprintf(buf + pos, bufsz - pos, \ 1562 pos += scnprintf(buf + pos, bufsz - pos, \
@@ -1940,9 +1887,6 @@ MVM_DEBUGFS_READ_WRITE_FILE_OPS(bcast_filters, 256);
1940MVM_DEBUGFS_READ_WRITE_FILE_OPS(bcast_filters_macs, 256); 1887MVM_DEBUGFS_READ_WRITE_FILE_OPS(bcast_filters_macs, 256);
1941#endif 1888#endif
1942 1889
1943#ifdef CONFIG_PM_SLEEP
1944MVM_DEBUGFS_READ_WRITE_FILE_OPS(d3_sram, 8);
1945#endif
1946#ifdef CONFIG_ACPI 1890#ifdef CONFIG_ACPI
1947MVM_DEBUGFS_READ_FILE_OPS(sar_geo_profile); 1891MVM_DEBUGFS_READ_FILE_OPS(sar_geo_profile);
1948#endif 1892#endif
@@ -2159,7 +2103,6 @@ void iwl_mvm_dbgfs_register(struct iwl_mvm *mvm, struct dentry *dbgfs_dir)
2159#endif 2103#endif
2160 2104
2161#ifdef CONFIG_PM_SLEEP 2105#ifdef CONFIG_PM_SLEEP
2162 MVM_DEBUGFS_ADD_FILE(d3_sram, mvm->debugfs_dir, 0600);
2163 MVM_DEBUGFS_ADD_FILE(d3_test, mvm->debugfs_dir, 0400); 2106 MVM_DEBUGFS_ADD_FILE(d3_test, mvm->debugfs_dir, 0400);
2164 debugfs_create_bool("d3_wake_sysassert", 0600, mvm->debugfs_dir, 2107 debugfs_create_bool("d3_wake_sysassert", 0600, mvm->debugfs_dir,
2165 &mvm->d3_wake_sysassert); 2108 &mvm->d3_wake_sysassert);
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
index ab68b5d53ec9..153717587aeb 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
@@ -311,6 +311,8 @@ static int iwl_mvm_load_ucode_wait_alive(struct iwl_mvm *mvm,
311 int ret; 311 int ret;
312 enum iwl_ucode_type old_type = mvm->fwrt.cur_fw_img; 312 enum iwl_ucode_type old_type = mvm->fwrt.cur_fw_img;
313 static const u16 alive_cmd[] = { MVM_ALIVE }; 313 static const u16 alive_cmd[] = { MVM_ALIVE };
314 bool run_in_rfkill =
315 ucode_type == IWL_UCODE_INIT || iwl_mvm_has_unified_ucode(mvm);
314 316
315 if (ucode_type == IWL_UCODE_REGULAR && 317 if (ucode_type == IWL_UCODE_REGULAR &&
316 iwl_fw_dbg_conf_usniffer(mvm->fw, FW_DBG_START_FROM_ALIVE) && 318 iwl_fw_dbg_conf_usniffer(mvm->fw, FW_DBG_START_FROM_ALIVE) &&
@@ -328,7 +330,12 @@ static int iwl_mvm_load_ucode_wait_alive(struct iwl_mvm *mvm,
328 alive_cmd, ARRAY_SIZE(alive_cmd), 330 alive_cmd, ARRAY_SIZE(alive_cmd),
329 iwl_alive_fn, &alive_data); 331 iwl_alive_fn, &alive_data);
330 332
331 ret = iwl_trans_start_fw(mvm->trans, fw, ucode_type == IWL_UCODE_INIT); 333 /*
334 * We want to load the INIT firmware even in RFKILL
335 * For the unified firmware case, the ucode_type is not
336 * INIT, but we still need to run it.
337 */
338 ret = iwl_trans_start_fw(mvm->trans, fw, run_in_rfkill);
332 if (ret) { 339 if (ret) {
333 iwl_fw_set_current_image(&mvm->fwrt, old_type); 340 iwl_fw_set_current_image(&mvm->fwrt, old_type);
334 iwl_remove_notification(&mvm->notif_wait, &alive_wait); 341 iwl_remove_notification(&mvm->notif_wait, &alive_wait);
@@ -433,7 +440,8 @@ static int iwl_run_unified_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm)
433 * commands 440 * commands
434 */ 441 */
435 ret = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(SYSTEM_GROUP, 442 ret = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(SYSTEM_GROUP,
436 INIT_EXTENDED_CFG_CMD), 0, 443 INIT_EXTENDED_CFG_CMD),
444 CMD_SEND_IN_RFKILL,
437 sizeof(init_cfg), &init_cfg); 445 sizeof(init_cfg), &init_cfg);
438 if (ret) { 446 if (ret) {
439 IWL_ERR(mvm, "Failed to run init config command: %d\n", 447 IWL_ERR(mvm, "Failed to run init config command: %d\n",
@@ -457,7 +465,8 @@ static int iwl_run_unified_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm)
457 } 465 }
458 466
459 ret = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(REGULATORY_AND_NVM_GROUP, 467 ret = iwl_mvm_send_cmd_pdu(mvm, WIDE_ID(REGULATORY_AND_NVM_GROUP,
460 NVM_ACCESS_COMPLETE), 0, 468 NVM_ACCESS_COMPLETE),
469 CMD_SEND_IN_RFKILL,
461 sizeof(nvm_complete), &nvm_complete); 470 sizeof(nvm_complete), &nvm_complete);
462 if (ret) { 471 if (ret) {
463 IWL_ERR(mvm, "Failed to run complete NVM access: %d\n", 472 IWL_ERR(mvm, "Failed to run complete NVM access: %d\n",
@@ -482,6 +491,8 @@ static int iwl_run_unified_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm)
482 } 491 }
483 } 492 }
484 493
494 mvm->rfkill_safe_init_done = true;
495
485 return 0; 496 return 0;
486 497
487error: 498error:
@@ -526,7 +537,7 @@ int iwl_run_init_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm)
526 537
527 lockdep_assert_held(&mvm->mutex); 538 lockdep_assert_held(&mvm->mutex);
528 539
529 if (WARN_ON_ONCE(mvm->calibrating)) 540 if (WARN_ON_ONCE(mvm->rfkill_safe_init_done))
530 return 0; 541 return 0;
531 542
532 iwl_init_notification_wait(&mvm->notif_wait, 543 iwl_init_notification_wait(&mvm->notif_wait,
@@ -576,7 +587,7 @@ int iwl_run_init_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm)
576 goto remove_notif; 587 goto remove_notif;
577 } 588 }
578 589
579 mvm->calibrating = true; 590 mvm->rfkill_safe_init_done = true;
580 591
581 /* Send TX valid antennas before triggering calibrations */ 592 /* Send TX valid antennas before triggering calibrations */
582 ret = iwl_send_tx_ant_cfg(mvm, iwl_mvm_get_valid_tx_ant(mvm)); 593 ret = iwl_send_tx_ant_cfg(mvm, iwl_mvm_get_valid_tx_ant(mvm));
@@ -612,7 +623,7 @@ int iwl_run_init_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm)
612remove_notif: 623remove_notif:
613 iwl_remove_notification(&mvm->notif_wait, &calib_wait); 624 iwl_remove_notification(&mvm->notif_wait, &calib_wait);
614out: 625out:
615 mvm->calibrating = false; 626 mvm->rfkill_safe_init_done = false;
616 if (iwlmvm_mod_params.init_dbg && !mvm->nvm_data) { 627 if (iwlmvm_mod_params.init_dbg && !mvm->nvm_data) {
617 /* we want to debug INIT and we have no NVM - fake */ 628 /* we want to debug INIT and we have no NVM - fake */
618 mvm->nvm_data = kzalloc(sizeof(struct iwl_nvm_data) + 629 mvm->nvm_data = kzalloc(sizeof(struct iwl_nvm_data) +
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index 5c52469288be..fdbabca0280e 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1209,7 +1209,7 @@ static void iwl_mvm_restart_cleanup(struct iwl_mvm *mvm)
1209 1209
1210 mvm->scan_status = 0; 1210 mvm->scan_status = 0;
1211 mvm->ps_disabled = false; 1211 mvm->ps_disabled = false;
1212 mvm->calibrating = false; 1212 mvm->rfkill_safe_init_done = false;
1213 1213
1214 /* just in case one was running */ 1214 /* just in case one was running */
1215 iwl_mvm_cleanup_roc_te(mvm); 1215 iwl_mvm_cleanup_roc_te(mvm);
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
index 8dc2a9850bc5..02efcf2189c4 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
@@ -880,7 +880,7 @@ struct iwl_mvm {
880 struct iwl_mvm_vif *bf_allowed_vif; 880 struct iwl_mvm_vif *bf_allowed_vif;
881 881
882 bool hw_registered; 882 bool hw_registered;
883 bool calibrating; 883 bool rfkill_safe_init_done;
884 bool support_umac_log; 884 bool support_umac_log;
885 885
886 u32 ampdu_ref; 886 u32 ampdu_ref;
@@ -1039,8 +1039,6 @@ struct iwl_mvm {
1039#ifdef CONFIG_IWLWIFI_DEBUGFS 1039#ifdef CONFIG_IWLWIFI_DEBUGFS
1040 bool d3_wake_sysassert; 1040 bool d3_wake_sysassert;
1041 bool d3_test_active; 1041 bool d3_test_active;
1042 bool store_d3_resume_sram;
1043 void *d3_resume_sram;
1044 u32 d3_test_pme_ptr; 1042 u32 d3_test_pme_ptr;
1045 struct ieee80211_vif *keep_vif; 1043 struct ieee80211_vif *keep_vif;
1046 u32 last_netdetect_scans; /* no. of scans in the last net-detect wake */ 1044 u32 last_netdetect_scans; /* no. of scans in the last net-detect wake */
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/ops.c b/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
index acd2fda12466..fad3bf563712 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
@@ -918,9 +918,6 @@ static void iwl_op_mode_mvm_stop(struct iwl_op_mode *op_mode)
918 kfree(mvm->error_recovery_buf); 918 kfree(mvm->error_recovery_buf);
919 mvm->error_recovery_buf = NULL; 919 mvm->error_recovery_buf = NULL;
920 920
921#if defined(CONFIG_PM_SLEEP) && defined(CONFIG_IWLWIFI_DEBUGFS)
922 kfree(mvm->d3_resume_sram);
923#endif
924 iwl_trans_op_mode_leave(mvm->trans); 921 iwl_trans_op_mode_leave(mvm->trans);
925 922
926 iwl_phy_db_free(mvm->phy_db); 923 iwl_phy_db_free(mvm->phy_db);
@@ -1212,7 +1209,8 @@ void iwl_mvm_set_hw_ctkill_state(struct iwl_mvm *mvm, bool state)
1212static bool iwl_mvm_set_hw_rfkill_state(struct iwl_op_mode *op_mode, bool state) 1209static bool iwl_mvm_set_hw_rfkill_state(struct iwl_op_mode *op_mode, bool state)
1213{ 1210{
1214 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode); 1211 struct iwl_mvm *mvm = IWL_OP_MODE_GET_MVM(op_mode);
1215 bool calibrating = READ_ONCE(mvm->calibrating); 1212 bool rfkill_safe_init_done = READ_ONCE(mvm->rfkill_safe_init_done);
1213 bool unified = iwl_mvm_has_unified_ucode(mvm);
1216 1214
1217 if (state) 1215 if (state)
1218 set_bit(IWL_MVM_STATUS_HW_RFKILL, &mvm->status); 1216 set_bit(IWL_MVM_STATUS_HW_RFKILL, &mvm->status);
@@ -1221,15 +1219,23 @@ static bool iwl_mvm_set_hw_rfkill_state(struct iwl_op_mode *op_mode, bool state)
1221 1219
1222 iwl_mvm_set_rfkill_state(mvm); 1220 iwl_mvm_set_rfkill_state(mvm);
1223 1221
1224 /* iwl_run_init_mvm_ucode is waiting for results, abort it */ 1222 /* iwl_run_init_mvm_ucode is waiting for results, abort it. */
1225 if (calibrating) 1223 if (rfkill_safe_init_done)
1226 iwl_abort_notification_waits(&mvm->notif_wait); 1224 iwl_abort_notification_waits(&mvm->notif_wait);
1227 1225
1228 /* 1226 /*
1227 * Don't ask the transport to stop the firmware. We'll do it
1228 * after cfg80211 takes us down.
1229 */
1230 if (unified)
1231 return false;
1232
1233 /*
1229 * Stop the device if we run OPERATIONAL firmware or if we are in the 1234 * Stop the device if we run OPERATIONAL firmware or if we are in the
1230 * middle of the calibrations. 1235 * middle of the calibrations.
1231 */ 1236 */
1232 return state && (mvm->fwrt.cur_fw_img != IWL_UCODE_INIT || calibrating); 1237 return state && (mvm->fwrt.cur_fw_img != IWL_UCODE_INIT ||
1238 rfkill_safe_init_done);
1233} 1239}
1234 1240
1235static void iwl_mvm_free_skb(struct iwl_op_mode *op_mode, struct sk_buff *skb) 1241static void iwl_mvm_free_skb(struct iwl_op_mode *op_mode, struct sk_buff *skb)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c
index 659e21b2d4e7..be62f499c595 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c
@@ -441,7 +441,8 @@ void rs_fw_rate_init(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
441 */ 441 */
442 sta->max_amsdu_len = max_amsdu_len; 442 sta->max_amsdu_len = max_amsdu_len;
443 443
444 ret = iwl_mvm_send_cmd_pdu(mvm, cmd_id, 0, sizeof(cfg_cmd), &cfg_cmd); 444 ret = iwl_mvm_send_cmd_pdu(mvm, cmd_id, CMD_ASYNC, sizeof(cfg_cmd),
445 &cfg_cmd);
445 if (ret) 446 if (ret)
446 IWL_ERR(mvm, "Failed to send rate scale config (%d)\n", ret); 447 IWL_ERR(mvm, "Failed to send rate scale config (%d)\n", ret);
447} 448}
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/utils.c b/drivers/net/wireless/intel/iwlwifi/mvm/utils.c
index b9914efc55c4..cc56ab88fb43 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/utils.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/utils.c
@@ -596,6 +596,8 @@ void iwl_mvm_dump_nic_error_log(struct iwl_mvm *mvm)
596 iwl_mvm_dump_lmac_error_log(mvm, 1); 596 iwl_mvm_dump_lmac_error_log(mvm, 1);
597 597
598 iwl_mvm_dump_umac_error_log(mvm); 598 iwl_mvm_dump_umac_error_log(mvm);
599
600 iwl_fw_error_print_fseq_regs(&mvm->fwrt);
599} 601}
600 602
601int iwl_mvm_reconfig_scd(struct iwl_mvm *mvm, int queue, int fifo, int sta_id, 603int iwl_mvm_reconfig_scd(struct iwl_mvm *mvm, int queue, int fifo, int sta_id,
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
index b513037dc066..85973dd57234 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
@@ -928,7 +928,7 @@ static inline void iwl_enable_rfkill_int(struct iwl_trans *trans)
928 MSIX_HW_INT_CAUSES_REG_RF_KILL); 928 MSIX_HW_INT_CAUSES_REG_RF_KILL);
929 } 929 }
930 930
931 if (trans->cfg->device_family == IWL_DEVICE_FAMILY_9000) { 931 if (trans->cfg->device_family >= IWL_DEVICE_FAMILY_9000) {
932 /* 932 /*
933 * On 9000-series devices this bit isn't enabled by default, so 933 * On 9000-series devices this bit isn't enabled by default, so
934 * when we power down the device we need set the bit to allow it 934 * when we power down the device we need set the bit to allow it
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
index 803fcbac4152..dfa1bed124aa 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
@@ -1698,26 +1698,26 @@ static int iwl_pcie_init_msix_handler(struct pci_dev *pdev,
1698 return 0; 1698 return 0;
1699} 1699}
1700 1700
1701static int _iwl_trans_pcie_start_hw(struct iwl_trans *trans, bool low_power) 1701static int iwl_trans_pcie_clear_persistence_bit(struct iwl_trans *trans)
1702{ 1702{
1703 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); 1703 u32 hpm, wprot;
1704 u32 hpm;
1705 int err;
1706
1707 lockdep_assert_held(&trans_pcie->mutex);
1708 1704
1709 err = iwl_pcie_prepare_card_hw(trans); 1705 switch (trans->cfg->device_family) {
1710 if (err) { 1706 case IWL_DEVICE_FAMILY_9000:
1711 IWL_ERR(trans, "Error while preparing HW: %d\n", err); 1707 wprot = PREG_PRPH_WPROT_9000;
1712 return err; 1708 break;
1709 case IWL_DEVICE_FAMILY_22000:
1710 wprot = PREG_PRPH_WPROT_22000;
1711 break;
1712 default:
1713 return 0;
1713 } 1714 }
1714 1715
1715 hpm = iwl_read_umac_prph_no_grab(trans, HPM_DEBUG); 1716 hpm = iwl_read_umac_prph_no_grab(trans, HPM_DEBUG);
1716 if (hpm != 0xa5a5a5a0 && (hpm & PERSISTENCE_BIT)) { 1717 if (hpm != 0xa5a5a5a0 && (hpm & PERSISTENCE_BIT)) {
1717 int wfpm_val = iwl_read_umac_prph_no_grab(trans, 1718 u32 wprot_val = iwl_read_umac_prph_no_grab(trans, wprot);
1718 PREG_PRPH_WPROT_0);
1719 1719
1720 if (wfpm_val & PREG_WFPM_ACCESS) { 1720 if (wprot_val & PREG_WFPM_ACCESS) {
1721 IWL_ERR(trans, 1721 IWL_ERR(trans,
1722 "Error, can not clear persistence bit\n"); 1722 "Error, can not clear persistence bit\n");
1723 return -EPERM; 1723 return -EPERM;
@@ -1726,6 +1726,26 @@ static int _iwl_trans_pcie_start_hw(struct iwl_trans *trans, bool low_power)
1726 hpm & ~PERSISTENCE_BIT); 1726 hpm & ~PERSISTENCE_BIT);
1727 } 1727 }
1728 1728
1729 return 0;
1730}
1731
1732static int _iwl_trans_pcie_start_hw(struct iwl_trans *trans, bool low_power)
1733{
1734 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
1735 int err;
1736
1737 lockdep_assert_held(&trans_pcie->mutex);
1738
1739 err = iwl_pcie_prepare_card_hw(trans);
1740 if (err) {
1741 IWL_ERR(trans, "Error while preparing HW: %d\n", err);
1742 return err;
1743 }
1744
1745 err = iwl_trans_pcie_clear_persistence_bit(trans);
1746 if (err)
1747 return err;
1748
1729 iwl_trans_pcie_sw_reset(trans); 1749 iwl_trans_pcie_sw_reset(trans);
1730 1750
1731 err = iwl_pcie_apm_init(trans); 1751 err = iwl_pcie_apm_init(trans);
@@ -3526,7 +3546,8 @@ struct iwl_trans *iwl_trans_pcie_alloc(struct pci_dev *pdev,
3526 hw_step |= ENABLE_WFPM; 3546 hw_step |= ENABLE_WFPM;
3527 iwl_write_umac_prph_no_grab(trans, WFPM_CTRL_REG, 3547 iwl_write_umac_prph_no_grab(trans, WFPM_CTRL_REG,
3528 hw_step); 3548 hw_step);
3529 hw_step = iwl_read_prph_no_grab(trans, AUX_MISC_REG); 3549 hw_step = iwl_read_prph_no_grab(trans,
3550 CNVI_AUX_MISC_CHIP);
3530 hw_step = (hw_step >> HW_STEP_LOCATION_BITS) & 0xF; 3551 hw_step = (hw_step >> HW_STEP_LOCATION_BITS) & 0xF;
3531 if (hw_step == 0x3) 3552 if (hw_step == 0x3)
3532 trans->hw_rev = (trans->hw_rev & 0xFFFFFFF3) | 3553 trans->hw_rev = (trans->hw_rev & 0xFFFFFFF3) |
@@ -3577,7 +3598,9 @@ struct iwl_trans *iwl_trans_pcie_alloc(struct pci_dev *pdev,
3577 } 3598 }
3578 } else if (CSR_HW_RF_ID_TYPE_CHIP_ID(trans->hw_rf_id) == 3599 } else if (CSR_HW_RF_ID_TYPE_CHIP_ID(trans->hw_rf_id) ==
3579 CSR_HW_RF_ID_TYPE_CHIP_ID(CSR_HW_RF_ID_TYPE_HR) && 3600 CSR_HW_RF_ID_TYPE_CHIP_ID(CSR_HW_RF_ID_TYPE_HR) &&
3580 (trans->cfg != &iwl_ax200_cfg_cc || 3601 ((trans->cfg != &iwl_ax200_cfg_cc &&
3602 trans->cfg != &killer1650x_2ax_cfg &&
3603 trans->cfg != &killer1650w_2ax_cfg) ||
3581 trans->hw_rev == CSR_HW_REV_TYPE_QNJ_B0)) { 3604 trans->hw_rev == CSR_HW_REV_TYPE_QNJ_B0)) {
3582 u32 hw_status; 3605 u32 hw_status;
3583 3606
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 60ca13e0f15b..b5274d1f30fa 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3851,6 +3851,7 @@ static int __init init_mac80211_hwsim(void)
3851 break; 3851 break;
3852 case HWSIM_REGTEST_STRICT_ALL: 3852 case HWSIM_REGTEST_STRICT_ALL:
3853 param.reg_strict = true; 3853 param.reg_strict = true;
3854 /* fall through */
3854 case HWSIM_REGTEST_DRIVER_REG_ALL: 3855 case HWSIM_REGTEST_DRIVER_REG_ALL:
3855 param.reg_alpha2 = hwsim_alpha2s[0]; 3856 param.reg_alpha2 = hwsim_alpha2s[0];
3856 break; 3857 break;
diff --git a/drivers/net/wireless/marvell/mwifiex/ie.c b/drivers/net/wireless/marvell/mwifiex/ie.c
index 6845eb57b39a..653d347a9a19 100644
--- a/drivers/net/wireless/marvell/mwifiex/ie.c
+++ b/drivers/net/wireless/marvell/mwifiex/ie.c
@@ -329,6 +329,8 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv,
329 struct ieee80211_vendor_ie *vendorhdr; 329 struct ieee80211_vendor_ie *vendorhdr;
330 u16 gen_idx = MWIFIEX_AUTO_IDX_MASK, ie_len = 0; 330 u16 gen_idx = MWIFIEX_AUTO_IDX_MASK, ie_len = 0;
331 int left_len, parsed_len = 0; 331 int left_len, parsed_len = 0;
332 unsigned int token_len;
333 int err = 0;
332 334
333 if (!info->tail || !info->tail_len) 335 if (!info->tail || !info->tail_len)
334 return 0; 336 return 0;
@@ -344,6 +346,12 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv,
344 */ 346 */
345 while (left_len > sizeof(struct ieee_types_header)) { 347 while (left_len > sizeof(struct ieee_types_header)) {
346 hdr = (void *)(info->tail + parsed_len); 348 hdr = (void *)(info->tail + parsed_len);
349 token_len = hdr->len + sizeof(struct ieee_types_header);
350 if (token_len > left_len) {
351 err = -EINVAL;
352 goto out;
353 }
354
347 switch (hdr->element_id) { 355 switch (hdr->element_id) {
348 case WLAN_EID_SSID: 356 case WLAN_EID_SSID:
349 case WLAN_EID_SUPP_RATES: 357 case WLAN_EID_SUPP_RATES:
@@ -361,17 +369,20 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv,
361 if (cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT, 369 if (cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
362 WLAN_OUI_TYPE_MICROSOFT_WMM, 370 WLAN_OUI_TYPE_MICROSOFT_WMM,
363 (const u8 *)hdr, 371 (const u8 *)hdr,
364 hdr->len + sizeof(struct ieee_types_header))) 372 token_len))
365 break; 373 break;
366 /* fall through */ 374 /* fall through */
367 default: 375 default:
368 memcpy(gen_ie->ie_buffer + ie_len, hdr, 376 if (ie_len + token_len > IEEE_MAX_IE_SIZE) {
369 hdr->len + sizeof(struct ieee_types_header)); 377 err = -EINVAL;
370 ie_len += hdr->len + sizeof(struct ieee_types_header); 378 goto out;
379 }
380 memcpy(gen_ie->ie_buffer + ie_len, hdr, token_len);
381 ie_len += token_len;
371 break; 382 break;
372 } 383 }
373 left_len -= hdr->len + sizeof(struct ieee_types_header); 384 left_len -= token_len;
374 parsed_len += hdr->len + sizeof(struct ieee_types_header); 385 parsed_len += token_len;
375 } 386 }
376 387
377 /* parse only WPA vendor IE from tail, WMM IE is configured by 388 /* parse only WPA vendor IE from tail, WMM IE is configured by
@@ -381,15 +392,17 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv,
381 WLAN_OUI_TYPE_MICROSOFT_WPA, 392 WLAN_OUI_TYPE_MICROSOFT_WPA,
382 info->tail, info->tail_len); 393 info->tail, info->tail_len);
383 if (vendorhdr) { 394 if (vendorhdr) {
384 memcpy(gen_ie->ie_buffer + ie_len, vendorhdr, 395 token_len = vendorhdr->len + sizeof(struct ieee_types_header);
385 vendorhdr->len + sizeof(struct ieee_types_header)); 396 if (ie_len + token_len > IEEE_MAX_IE_SIZE) {
386 ie_len += vendorhdr->len + sizeof(struct ieee_types_header); 397 err = -EINVAL;
398 goto out;
399 }
400 memcpy(gen_ie->ie_buffer + ie_len, vendorhdr, token_len);
401 ie_len += token_len;
387 } 402 }
388 403
389 if (!ie_len) { 404 if (!ie_len)
390 kfree(gen_ie); 405 goto out;
391 return 0;
392 }
393 406
394 gen_ie->ie_index = cpu_to_le16(gen_idx); 407 gen_ie->ie_index = cpu_to_le16(gen_idx);
395 gen_ie->mgmt_subtype_mask = cpu_to_le16(MGMT_MASK_BEACON | 408 gen_ie->mgmt_subtype_mask = cpu_to_le16(MGMT_MASK_BEACON |
@@ -399,13 +412,15 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv,
399 412
400 if (mwifiex_update_uap_custom_ie(priv, gen_ie, &gen_idx, NULL, NULL, 413 if (mwifiex_update_uap_custom_ie(priv, gen_ie, &gen_idx, NULL, NULL,
401 NULL, NULL)) { 414 NULL, NULL)) {
402 kfree(gen_ie); 415 err = -EINVAL;
403 return -1; 416 goto out;
404 } 417 }
405 418
406 priv->gen_idx = gen_idx; 419 priv->gen_idx = gen_idx;
420
421 out:
407 kfree(gen_ie); 422 kfree(gen_ie);
408 return 0; 423 return err;
409} 424}
410 425
411/* This function parses different IEs-head & tail IEs, beacon IEs, 426/* This function parses different IEs-head & tail IEs, beacon IEs,
diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index 935778ec9a1b..c269a0de9413 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -1247,6 +1247,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1247 } 1247 }
1248 switch (element_id) { 1248 switch (element_id) {
1249 case WLAN_EID_SSID: 1249 case WLAN_EID_SSID:
1250 if (element_len > IEEE80211_MAX_SSID_LEN)
1251 return -EINVAL;
1250 bss_entry->ssid.ssid_len = element_len; 1252 bss_entry->ssid.ssid_len = element_len;
1251 memcpy(bss_entry->ssid.ssid, (current_ptr + 2), 1253 memcpy(bss_entry->ssid.ssid, (current_ptr + 2),
1252 element_len); 1254 element_len);
@@ -1256,6 +1258,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1256 break; 1258 break;
1257 1259
1258 case WLAN_EID_SUPP_RATES: 1260 case WLAN_EID_SUPP_RATES:
1261 if (element_len > MWIFIEX_SUPPORTED_RATES)
1262 return -EINVAL;
1259 memcpy(bss_entry->data_rates, current_ptr + 2, 1263 memcpy(bss_entry->data_rates, current_ptr + 2,
1260 element_len); 1264 element_len);
1261 memcpy(bss_entry->supported_rates, current_ptr + 2, 1265 memcpy(bss_entry->supported_rates, current_ptr + 2,
@@ -1265,6 +1269,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1265 break; 1269 break;
1266 1270
1267 case WLAN_EID_FH_PARAMS: 1271 case WLAN_EID_FH_PARAMS:
1272 if (element_len + 2 < sizeof(*fh_param_set))
1273 return -EINVAL;
1268 fh_param_set = 1274 fh_param_set =
1269 (struct ieee_types_fh_param_set *) current_ptr; 1275 (struct ieee_types_fh_param_set *) current_ptr;
1270 memcpy(&bss_entry->phy_param_set.fh_param_set, 1276 memcpy(&bss_entry->phy_param_set.fh_param_set,
@@ -1273,6 +1279,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1273 break; 1279 break;
1274 1280
1275 case WLAN_EID_DS_PARAMS: 1281 case WLAN_EID_DS_PARAMS:
1282 if (element_len + 2 < sizeof(*ds_param_set))
1283 return -EINVAL;
1276 ds_param_set = 1284 ds_param_set =
1277 (struct ieee_types_ds_param_set *) current_ptr; 1285 (struct ieee_types_ds_param_set *) current_ptr;
1278 1286
@@ -1284,6 +1292,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1284 break; 1292 break;
1285 1293
1286 case WLAN_EID_CF_PARAMS: 1294 case WLAN_EID_CF_PARAMS:
1295 if (element_len + 2 < sizeof(*cf_param_set))
1296 return -EINVAL;
1287 cf_param_set = 1297 cf_param_set =
1288 (struct ieee_types_cf_param_set *) current_ptr; 1298 (struct ieee_types_cf_param_set *) current_ptr;
1289 memcpy(&bss_entry->ss_param_set.cf_param_set, 1299 memcpy(&bss_entry->ss_param_set.cf_param_set,
@@ -1292,6 +1302,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1292 break; 1302 break;
1293 1303
1294 case WLAN_EID_IBSS_PARAMS: 1304 case WLAN_EID_IBSS_PARAMS:
1305 if (element_len + 2 < sizeof(*ibss_param_set))
1306 return -EINVAL;
1295 ibss_param_set = 1307 ibss_param_set =
1296 (struct ieee_types_ibss_param_set *) 1308 (struct ieee_types_ibss_param_set *)
1297 current_ptr; 1309 current_ptr;
@@ -1301,10 +1313,14 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1301 break; 1313 break;
1302 1314
1303 case WLAN_EID_ERP_INFO: 1315 case WLAN_EID_ERP_INFO:
1316 if (!element_len)
1317 return -EINVAL;
1304 bss_entry->erp_flags = *(current_ptr + 2); 1318 bss_entry->erp_flags = *(current_ptr + 2);
1305 break; 1319 break;
1306 1320
1307 case WLAN_EID_PWR_CONSTRAINT: 1321 case WLAN_EID_PWR_CONSTRAINT:
1322 if (!element_len)
1323 return -EINVAL;
1308 bss_entry->local_constraint = *(current_ptr + 2); 1324 bss_entry->local_constraint = *(current_ptr + 2);
1309 bss_entry->sensed_11h = true; 1325 bss_entry->sensed_11h = true;
1310 break; 1326 break;
@@ -1345,6 +1361,9 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1345 break; 1361 break;
1346 1362
1347 case WLAN_EID_VENDOR_SPECIFIC: 1363 case WLAN_EID_VENDOR_SPECIFIC:
1364 if (element_len + 2 < sizeof(vendor_ie->vend_hdr))
1365 return -EINVAL;
1366
1348 vendor_ie = (struct ieee_types_vendor_specific *) 1367 vendor_ie = (struct ieee_types_vendor_specific *)
1349 current_ptr; 1368 current_ptr;
1350 1369
diff --git a/drivers/net/wireless/realtek/rtw88/fw.c b/drivers/net/wireless/realtek/rtw88/fw.c
index cf4265cda224..628477971213 100644
--- a/drivers/net/wireless/realtek/rtw88/fw.c
+++ b/drivers/net/wireless/realtek/rtw88/fw.c
@@ -8,7 +8,8 @@
8#include "reg.h" 8#include "reg.h"
9#include "debug.h" 9#include "debug.h"
10 10
11void rtw_fw_c2h_cmd_handle_ext(struct rtw_dev *rtwdev, struct sk_buff *skb) 11static void rtw_fw_c2h_cmd_handle_ext(struct rtw_dev *rtwdev,
12 struct sk_buff *skb)
12{ 13{
13 struct rtw_c2h_cmd *c2h; 14 struct rtw_c2h_cmd *c2h;
14 u8 sub_cmd_id; 15 u8 sub_cmd_id;
@@ -47,7 +48,8 @@ void rtw_fw_c2h_cmd_handle(struct rtw_dev *rtwdev, struct sk_buff *skb)
47 } 48 }
48} 49}
49 50
50void rtw_fw_send_h2c_command(struct rtw_dev *rtwdev, u8 *h2c) 51static void rtw_fw_send_h2c_command(struct rtw_dev *rtwdev,
52 u8 *h2c)
51{ 53{
52 u8 box; 54 u8 box;
53 u8 box_state; 55 u8 box_state;
diff --git a/drivers/net/wireless/realtek/rtw88/main.c b/drivers/net/wireless/realtek/rtw88/main.c
index f447361f7573..b2dac4609138 100644
--- a/drivers/net/wireless/realtek/rtw88/main.c
+++ b/drivers/net/wireless/realtek/rtw88/main.c
@@ -162,7 +162,8 @@ static void rtw_watch_dog_work(struct work_struct *work)
162 rtwdev->stats.tx_cnt = 0; 162 rtwdev->stats.tx_cnt = 0;
163 rtwdev->stats.rx_cnt = 0; 163 rtwdev->stats.rx_cnt = 0;
164 164
165 rtw_iterate_vifs(rtwdev, rtw_vif_watch_dog_iter, &data); 165 /* use atomic version to avoid taking local->iflist_mtx mutex */
166 rtw_iterate_vifs_atomic(rtwdev, rtw_vif_watch_dog_iter, &data);
166 167
167 /* fw supports only one station associated to enter lps, if there are 168 /* fw supports only one station associated to enter lps, if there are
168 * more than two stations associated to the AP, then we can not enter 169 * more than two stations associated to the AP, then we can not enter
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
index 4381b360b5b5..404d89432c96 100644
--- a/drivers/net/wireless/realtek/rtw88/phy.c
+++ b/drivers/net/wireless/realtek/rtw88/phy.c
@@ -144,10 +144,10 @@ static void rtw_phy_stat_rssi_iter(void *data, struct ieee80211_sta *sta)
144 struct rtw_phy_stat_iter_data *iter_data = data; 144 struct rtw_phy_stat_iter_data *iter_data = data;
145 struct rtw_dev *rtwdev = iter_data->rtwdev; 145 struct rtw_dev *rtwdev = iter_data->rtwdev;
146 struct rtw_sta_info *si = (struct rtw_sta_info *)sta->drv_priv; 146 struct rtw_sta_info *si = (struct rtw_sta_info *)sta->drv_priv;
147 u8 rssi, rssi_level; 147 u8 rssi;
148 148
149 rssi = ewma_rssi_read(&si->avg_rssi); 149 rssi = ewma_rssi_read(&si->avg_rssi);
150 rssi_level = rtw_phy_get_rssi_level(si->rssi_level, rssi); 150 si->rssi_level = rtw_phy_get_rssi_level(si->rssi_level, rssi);
151 151
152 rtw_fw_send_rssi_info(rtwdev, si); 152 rtw_fw_send_rssi_info(rtwdev, si);
153 153
@@ -423,6 +423,11 @@ static u64 rtw_phy_db_2_linear(u8 power_db)
423 u8 i, j; 423 u8 i, j;
424 u64 linear; 424 u64 linear;
425 425
426 if (power_db > 96)
427 power_db = 96;
428 else if (power_db < 1)
429 return 1;
430
426 /* 1dB ~ 96dB */ 431 /* 1dB ~ 96dB */
427 i = (power_db - 1) >> 3; 432 i = (power_db - 1) >> 3;
428 j = (power_db - 1) - (i << 3); 433 j = (power_db - 1) - (i << 3);
@@ -848,12 +853,13 @@ u8 rtw_vht_2s_rates[] = {
848 DESC_RATEVHT2SS_MCS6, DESC_RATEVHT2SS_MCS7, 853 DESC_RATEVHT2SS_MCS6, DESC_RATEVHT2SS_MCS7,
849 DESC_RATEVHT2SS_MCS8, DESC_RATEVHT2SS_MCS9 854 DESC_RATEVHT2SS_MCS8, DESC_RATEVHT2SS_MCS9
850}; 855};
851u8 rtw_cck_size = ARRAY_SIZE(rtw_cck_rates); 856
852u8 rtw_ofdm_size = ARRAY_SIZE(rtw_ofdm_rates); 857static u8 rtw_cck_size = ARRAY_SIZE(rtw_cck_rates);
853u8 rtw_ht_1s_size = ARRAY_SIZE(rtw_ht_1s_rates); 858static u8 rtw_ofdm_size = ARRAY_SIZE(rtw_ofdm_rates);
854u8 rtw_ht_2s_size = ARRAY_SIZE(rtw_ht_2s_rates); 859static u8 rtw_ht_1s_size = ARRAY_SIZE(rtw_ht_1s_rates);
855u8 rtw_vht_1s_size = ARRAY_SIZE(rtw_vht_1s_rates); 860static u8 rtw_ht_2s_size = ARRAY_SIZE(rtw_ht_2s_rates);
856u8 rtw_vht_2s_size = ARRAY_SIZE(rtw_vht_2s_rates); 861static u8 rtw_vht_1s_size = ARRAY_SIZE(rtw_vht_1s_rates);
862static u8 rtw_vht_2s_size = ARRAY_SIZE(rtw_vht_2s_rates);
857u8 *rtw_rate_section[RTW_RATE_SECTION_MAX] = { 863u8 *rtw_rate_section[RTW_RATE_SECTION_MAX] = {
858 rtw_cck_rates, rtw_ofdm_rates, 864 rtw_cck_rates, rtw_ofdm_rates,
859 rtw_ht_1s_rates, rtw_ht_2s_rates, 865 rtw_ht_1s_rates, rtw_ht_2s_rates,
diff --git a/drivers/net/wireless/rsi/rsi_91x_sdio.c b/drivers/net/wireless/rsi/rsi_91x_sdio.c
index f9c67ed473d1..b42cd50b837e 100644
--- a/drivers/net/wireless/rsi/rsi_91x_sdio.c
+++ b/drivers/net/wireless/rsi/rsi_91x_sdio.c
@@ -929,11 +929,15 @@ static int rsi_sdio_ta_reset(struct rsi_hw *adapter)
929 u32 addr; 929 u32 addr;
930 u8 *data; 930 u8 *data;
931 931
932 data = kzalloc(RSI_9116_REG_SIZE, GFP_KERNEL);
933 if (!data)
934 return -ENOMEM;
935
932 status = rsi_sdio_master_access_msword(adapter, TA_BASE_ADDR); 936 status = rsi_sdio_master_access_msword(adapter, TA_BASE_ADDR);
933 if (status < 0) { 937 if (status < 0) {
934 rsi_dbg(ERR_ZONE, 938 rsi_dbg(ERR_ZONE,
935 "Unable to set ms word to common reg\n"); 939 "Unable to set ms word to common reg\n");
936 return status; 940 goto err;
937 } 941 }
938 942
939 rsi_dbg(INIT_ZONE, "%s: Bring TA out of reset\n", __func__); 943 rsi_dbg(INIT_ZONE, "%s: Bring TA out of reset\n", __func__);
@@ -944,7 +948,7 @@ static int rsi_sdio_ta_reset(struct rsi_hw *adapter)
944 RSI_9116_REG_SIZE); 948 RSI_9116_REG_SIZE);
945 if (status < 0) { 949 if (status < 0) {
946 rsi_dbg(ERR_ZONE, "Unable to hold TA threads\n"); 950 rsi_dbg(ERR_ZONE, "Unable to hold TA threads\n");
947 return status; 951 goto err;
948 } 952 }
949 953
950 put_unaligned_le32(TA_SOFT_RST_CLR, data); 954 put_unaligned_le32(TA_SOFT_RST_CLR, data);
@@ -954,7 +958,7 @@ static int rsi_sdio_ta_reset(struct rsi_hw *adapter)
954 RSI_9116_REG_SIZE); 958 RSI_9116_REG_SIZE);
955 if (status < 0) { 959 if (status < 0) {
956 rsi_dbg(ERR_ZONE, "Unable to get TA out of reset\n"); 960 rsi_dbg(ERR_ZONE, "Unable to get TA out of reset\n");
957 return status; 961 goto err;
958 } 962 }
959 963
960 put_unaligned_le32(TA_PC_ZERO, data); 964 put_unaligned_le32(TA_PC_ZERO, data);
@@ -964,7 +968,8 @@ static int rsi_sdio_ta_reset(struct rsi_hw *adapter)
964 RSI_9116_REG_SIZE); 968 RSI_9116_REG_SIZE);
965 if (status < 0) { 969 if (status < 0) {
966 rsi_dbg(ERR_ZONE, "Unable to Reset TA PC value\n"); 970 rsi_dbg(ERR_ZONE, "Unable to Reset TA PC value\n");
967 return -EINVAL; 971 status = -EINVAL;
972 goto err;
968 } 973 }
969 974
970 put_unaligned_le32(TA_RELEASE_THREAD_VALUE, data); 975 put_unaligned_le32(TA_RELEASE_THREAD_VALUE, data);
@@ -974,17 +979,19 @@ static int rsi_sdio_ta_reset(struct rsi_hw *adapter)
974 RSI_9116_REG_SIZE); 979 RSI_9116_REG_SIZE);
975 if (status < 0) { 980 if (status < 0) {
976 rsi_dbg(ERR_ZONE, "Unable to release TA threads\n"); 981 rsi_dbg(ERR_ZONE, "Unable to release TA threads\n");
977 return status; 982 goto err;
978 } 983 }
979 984
980 status = rsi_sdio_master_access_msword(adapter, MISC_CFG_BASE_ADDR); 985 status = rsi_sdio_master_access_msword(adapter, MISC_CFG_BASE_ADDR);
981 if (status < 0) { 986 if (status < 0) {
982 rsi_dbg(ERR_ZONE, "Unable to set ms word to common reg\n"); 987 rsi_dbg(ERR_ZONE, "Unable to set ms word to common reg\n");
983 return status; 988 goto err;
984 } 989 }
985 rsi_dbg(INIT_ZONE, "***** TA Reset done *****\n"); 990 rsi_dbg(INIT_ZONE, "***** TA Reset done *****\n");
986 991
987 return 0; 992err:
993 kfree(data);
994 return status;
988} 995}
989 996
990static struct rsi_host_intf_ops sdio_host_intf_ops = { 997static struct rsi_host_intf_ops sdio_host_intf_ops = {
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-14 14:51:18 -0500