#
49a78b05 |
|
03-Jan-2024 |
Yajun Deng <yajun.deng@linux.dev> |
USB: core: Use device_driver directly in struct usb_driver and usb_device_driver There is usbdrv_wrap in struct usb_driver and usb_device_driver, it contains device_driver and for_devices. for_devices is used to distinguish between device drivers and interface drivers. Like the is_usb_device(), it tests the type of the device. We can test that if the probe of device_driver is equal to usb_probe_device in is_usb_device_driver(), and then the struct usbdrv_wrap is no longer needed. Clean up struct usbdrv_wrap, use device_driver directly in struct usb_driver and usb_device_driver. This makes the code cleaner. Signed-off-by: Yajun Deng <yajun.deng@linux.dev> Acked-by: Alan Stern <stern@rowland.harvard.edu> Link: https://lore.kernel.org/r/20240104032822.1896596-1-yajun.deng@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fbe7e185 |
|
04-Sep-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: mwifiex: fix endian annotations in casts These cause sparse warnings, and since the device generally works in little endian we can assume the code is correct, so just fix the casts accordingly. No binary changes on x86. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220904212910.3f72609a3825.If4048592701bf04981be1dab18eaaa339b2ea382@changeid
|
#
828c91f7 |
|
07-Jun-2022 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_391.RULE Based on the normalized pattern: this software file (the file ) is distributed by nxp under the terms of the gnu general public license version 2 june 1991 (the license ) you may use redistribute and/or modify this file in accordance with the terms and conditions of the license a copy of which is available by writing to the free software foundation inc 51 franklin street fifth floor boston ma 02110-1301 usa or on the worldwide web at http://www gnu org/licenses/old-licenses/gpl-2 0 txt the file is distributed as-is without warranty of any kind and the implied warranties of merchantability or fitness for a particular purpose are expressly disclaimed the license provides additional details about this warranty disclaimer extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference. Reviewed-by: Allison Randal <allison@lohutok.net> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
04d80663 |
|
30-Oct-2021 |
Zekun Shen <bruceshenzk@gmail.com> |
mwifiex: Fix skb_over_panic in mwifiex_usb_recv() Currently, with an unknown recv_type, mwifiex_usb_recv just return -1 without restoring the skb. Next time mwifiex_usb_rx_complete is invoked with the same skb, calling skb_put causes skb_over_panic. The bug is triggerable with a compromised/malfunctioning usb device. After applying the patch, skb_over_panic no longer shows up with the same input. Attached is the panic report from fuzzing. skbuff: skb_over_panic: text:000000003bf1b5fa len:2048 put:4 head:00000000dd6a115b data:000000000a9445d8 tail:0x844 end:0x840 dev:<NULL> kernel BUG at net/core/skbuff.c:109! invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 PID: 198 Comm: in:imklog Not tainted 5.6.0 #60 RIP: 0010:skb_panic+0x15f/0x161 Call Trace: <IRQ> ? mwifiex_usb_rx_complete+0x26b/0xfcd [mwifiex_usb] skb_put.cold+0x24/0x24 mwifiex_usb_rx_complete+0x26b/0xfcd [mwifiex_usb] __usb_hcd_giveback_urb+0x1e4/0x380 usb_giveback_urb_bh+0x241/0x4f0 ? __hrtimer_run_queues+0x316/0x740 ? __usb_hcd_giveback_urb+0x380/0x380 tasklet_action_common.isra.0+0x135/0x330 __do_softirq+0x18c/0x634 irq_exit+0x114/0x140 smp_apic_timer_interrupt+0xde/0x380 apic_timer_interrupt+0xf/0x20 </IRQ> Reported-by: Brendan Dolan-Gavitt <brendandg@nyu.edu> Signed-off-by: Zekun Shen <bruceshenzk@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home
|
#
89f8765a |
|
27-Oct-2021 |
Johan Hovold <johan@kernel.org> |
mwifiex: fix division by zero in fw download path Add the missing endpoint sanity checks to probe() to avoid division by zero in mwifiex_write_data_sync() in case a malicious device has broken descriptors (or when doing descriptor fuzz testing). Only add checks for the firmware-download boot stage, which require both command endpoints, for now. The driver looks like it will handle a missing endpoint during normal operation without oopsing, albeit not very gracefully as it will try to submit URBs to the default pipe and fail. Note that USB core will reject URBs submitted for endpoints with zero wMaxPacketSize but that drivers doing packet-size calculations still need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip endpoint descriptors with maxpacket=0")). Fixes: 4daffe354366 ("mwifiex: add support for Marvell USB8797 chipset") Cc: stable@vger.kernel.org # 3.5 Cc: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Johan Hovold <johan@kernel.org> Reviewed-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20211027080819.6675-4-johan@kernel.org
|
#
621a3a8b |
|
21-Aug-2020 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
mwifiex: don't call del_timer_sync() on uninitialized timer syzbot is reporting that del_timer_sync() is called from mwifiex_usb_cleanup_tx_aggr() from mwifiex_unregister_dev() without checking timer_setup() from mwifiex_usb_tx_init() was called [1]. Ganapathi Bhat proposed a possibly cleaner fix, but it seems that that fix was forgotten [2]. "grep -FrB1 'del_timer' drivers/ | grep -FA1 '.function)'" says that currently there are 28 locations which call del_timer[_sync]() only if that timer's function field was initialized (because timer_setup() sets that timer's function field). Therefore, let's use same approach here. [1] https://syzkaller.appspot.com/bug?id=26525f643f454dd7be0078423e3cdb0d57744959 [2] https://lkml.kernel.org/r/CA+ASDXMHt2gq9Hy+iP_BYkWXsSreWdp3_bAfMkNcuqJ3K+-jbQ@mail.gmail.com Reported-by: syzbot <syzbot+dc4127f950da51639216@syzkaller.appspotmail.com> Cc: Ganapathi Bhat <ganapathi.bhat@nxp.com> Cc: Brian Norris <briannorris@chromium.org> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Brian Norris <briannorris@chromium.org> Acked-by: Ganapathi Bhat <ganapathi.bhat@nxp.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200821082720.7716-1-penguin-kernel@I-love.SAKURA.ne.jp
|
#
932183aa |
|
12-Feb-2020 |
Ganapathi Bhat <ganapathi.bhat@nxp.com> |
mwifiex: change license text from MARVELL to NXP As of 6-DEC-2019, NXP has acquired Marvell’s Wireless business unit. This change is to update the license text accordingly. Signed-off-by: James Cao <zheng.cao@nxp.com> Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com> Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
8a7f9fd8 |
|
25-Jun-2019 |
Brian Norris <briannorris@chromium.org> |
mwifiex: don't disable hardirqs; just softirqs main_proc_lock and int_lock (in mwifiex_adapter) are the only spinlocks used in hardirq contexts. The rest are only in task or softirq contexts. Convert every other lock from *_irq{save,restore}() variants to _bh() variants. This is a mechanical transformation of all spinlock usage in mwifiex using the following: Step 1: I ran this nasty sed script: sed -i -E '/spin_lock_irqsave|spin_unlock_irqrestore/ { /main_proc_lock|int_lock/! { s:(spin_(un|)lock)_irq(save|restore):\1_bh: ; # Join broken lines. :a /;$/! { N; s/\s*\n\s*//; ba } /,.*\);$/ s:,.*\):\): } }' drivers/net/wireless/marvell/mwifiex/* Step 2: Manually delete the flags / ra_list_flags args from: mwifiex_send_single_packet() mwifiex_11n_aggregate_pkt() mwifiex_send_processed_packet() which are now unused. Step 3: Apply this semantic patch (coccinelle) to remove the unused 'flags' variables: // <smpl> @@ type T; identifier i; @@ ( extern T i; | - T i; ... when != i ) // </smpl> (Usage is something like this: make coccicheck COCCI=./patch.cocci MODE=patch M=drivers/net/wireless/marvell/mwifiex/ although this skips *.h files for some reasons, so I had to massage stuff.) Testing: I've played with a variety of stress tests, including download stress tests on the same APs which caught regressions with commit 5188d5453bc9 ("mwifiex: restructure rx_reorder_tbl_lock usage"). I've primarily tested on Marvell 8997 / PCIe, although I've given 8897 / SDIO a quick spin as well. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
33a164fa |
|
21-Aug-2018 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifex: free rx_cmd skb in suspended state USB suspend handler will kill the presubmitted rx_cmd URB. This triggers a call to the corresponding URB complete handler, which will free the rx_cmd skb, associated with rx_cmd URB. Due to a possible race betwen suspend handler and main thread, depicted in 'commit bfcacac6c84b ("mwifiex: do no submit URB in suspended state")', it is possible that the rx_cmd skb will fail to get freed. This causes a memory leak, since the resume handler will always allocate a new rx_cmd skb. To fix this, free the rx_cmd skb in mwifiex_usb_submit_rx_urb, if the device is in suspended state. Signed-off-by: Vidya Dharmaraju <vidyad@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7bd4628c |
|
21-Aug-2018 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifiex: do no submit URB in suspended state There is a possible race between USB suspend and main thread: 1. After processing the command response, main thread will submit rx_cmd URB back so as to process next command response, by calling mwifiex_usb_submit_rx_urb. 2. During USB suspend, the suspend handler will check if rx_cmd URB is pending(submitted) and if true, kill this URB. There is a possible race between #1 and #2, where rx_cmd URB will be submitted by main thread(#1) after the suspend handler check in #2. To fix this, check if device is already suspended in mwifiex_usb_submit_rx_urb, in which case do not submit the URB. Signed-off-by: Vidya Dharmaraju <vidyad@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
fc3a2fca |
|
13-Jul-2018 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifiex: use atomic bitops to represent adapter status variables Driver is using boolean variables to maintain vairous status information of adapter. These status variables are accessed by multiple threads and there is a possibility of a race. To avoid this, convert these variables to a set of bitops flags, to be operated atomically. Below variables of mwifiex_adapter are converted to bitop flags: surprise_removed is_cmd_timedout is_suspended is_hs_configured hs_enabling Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
f8c095f6 |
|
01-Jun-2018 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifiex: handle race during mwifiex_usb_disconnect Race condition is observed during rmmod of mwifiex_usb: 1. The rmmod thread will call mwifiex_usb_disconnect(), download SHUTDOWN command and do wait_event_interruptible_timeout(), waiting for response. 2. The main thread will handle the response and will do a wake_up_interruptible(), unblocking rmmod thread. 3. On getting unblocked, rmmod thread will make rx_cmd.urb = NULL in mwifiex_usb_free(). 4. The main thread will try to resubmit rx_cmd.urb in mwifiex_usb_submit_rx_urb(), which is NULL. To fix this, move mwifiex_usb_free() from mwifiex_usb_disconnect to mwifiex_unregister_dev(). Function mwifiex_unregister_dev() is called after flushing the command and RX work queues. Suggested-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Reviewed-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7e58e741 |
|
01-Jun-2018 |
Ganapathi Bhat <gbhat@marvell.com> |
Revert "mwifiex: handle race during mwifiex_usb_disconnect" This reverts commit b817047ae70c0bd67b677b65d0d69d72cd6e9728. We have a better fix for this issue, which will be sent on top of this revert. Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b817047a |
|
24-May-2018 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifiex: handle race during mwifiex_usb_disconnect Race condition is observed during rmmod of mwifiex_usb: 1. The rmmod thread will call mwifiex_usb_disconnect(), download SHUTDOWN command and do wait_event_interruptible_timeout(), waiting for response. 2. The main thread will handle the response and will do a wake_up_interruptible(), unblocking rmmod thread. 3. On getting unblocked, rmmod thread will make rx_cmd.urb = NULL in mwifiex_usb_free(). 4. The main thread will try to resubmit rx_cmd.urb in mwifiex_usb_submit_rx_urb(), which is NULL. To fix, wait for main thread to complete before calling mwifiex_usb_free(). Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
618fd1ed |
|
24-May-2018 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifiex: avoid exporting mwifiex_send_cmd This is a follow-up patch for commit 21c5c83ce833 ("mwifiex: support sysfs initiated device coredump"). Let us avoid exporting mwifiex_send_cmd and instead use a utility function mwifiex_fw_dump_event to achive the work. Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
21c5c83c |
|
16-May-2018 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
mwifiex: support sysfs initiated device coredump Since commit 3c47d19ff4dc ("drivers: base: add coredump driver ops") it is possible to initiate a device coredump from user-space. This patch adds support for it adding the .coredump() driver callback. As there is no longer a need to initiate it through debugfs remove that code. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
08c2eb8e |
|
24-Oct-2017 |
Kees Cook <keescook@chromium.org> |
mwifiex: Convert timers to use timer_setup() In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Cc: Kalle Valo <kvalo@codeaurora.org> Cc: Amitkumar Karwar <amitkarwar@gmail.com> Cc: Nishant Sarmukadam <nishants@marvell.com> Cc: Ganapathi Bhat <gbhat@marvell.com> Cc: Xinming Hu <huxm@marvell.com> Cc: Arvind Yadav <arvind.yadav.cs@gmail.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Johannes Berg <johannes.berg@intel.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Andrew Zaborowski <andrew.zaborowski@intel.com> Cc: libertas-dev@lists.infradead.org Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7516dbd4 |
|
09-Aug-2017 |
Arvind Yadav <arvind.yadav.cs@gmail.com> |
mwifiex: constify usb_device_id usb_device_id are not supposed to change at runtime. All functions working with usb_device_id provided by <linux/usb.h> work with const usb_device_id. So mark the non-const structs as const. Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
fe0c94be |
|
10-Jul-2017 |
Dan Carpenter <dan.carpenter@oracle.com> |
mwifiex: usb: unlock on error in mwifiex_usb_tx_aggr_tmo() We need to unlock if mwifiex_usb_prepare_tx_aggr_skb() fails. Fixes: a2ca85ad721d ("mwifiex: usb: add timer to flush aggregation packets") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a2ca85ad |
|
23-May-2017 |
Xinming Hu <huxm@marvell.com> |
mwifiex: usb: add timer to flush aggregation packets Aggregation will wait for next packet until limit aggr size/number reach. Packet might be drop and also packet dequeue will be stop in some cases. This patch add timer to flush packets in aggregation list to avoid long time waiting. Signed-off-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
c5994293 |
|
23-May-2017 |
Xinming Hu <huxm@marvell.com> |
mwifiex: usb: transmit aggregation packets Instead of using 4KB packet buffer for data transfer, new chipset have more device memory. This patch try to aggregation packets in an 16KB buffer. In this way, totally usb transaction cost will be reduced. Thoughput test on usb 2.0 show both TCP TX and UPD TX promote ~40M, from ~240M to ~280M. This feature is default disabled, and can be enabled by module parameter, like: insmod mwifiex.ko aggr_ctrl=1 Signed-off-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
42d1abb5 |
|
23-May-2017 |
Xinming Hu <huxm@marvell.com> |
mwifiex: usb: kill urb before free its memory we have observed host system hang when device firmware crash, stack trace show it was an use-after-free case: previous submitted urb will be holding in usbcore, and given back to device driver when device disconnected, while the urb have been freed in usb device disconnect handler. This patch kill the holding urb before free its memory. Signed-off-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a1ad7198 |
|
11-May-2017 |
Johan Hovold <johan@kernel.org> |
mwifiex: add missing USB-descriptor endianness conversion Add the missing endianness conversions to a debug statement printing the USB device-descriptor bcdUSB field during probe. Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
182f5696 |
|
27-Mar-2017 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifiex: Support USB interrupt endpoint for command response/event USB firmware added support for sending command response/event through interrupt endpoint, to enhance RX throughput. Added corresponding changes required to support this feature. This change takes care of backward compatibility with older firmware. Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
c0e6aa42 |
|
01-Dec-2016 |
Amitkumar Karwar <akarwar@marvell.com> |
mwifiex: use module_*_driver helper macros After user_rmmod global flag removal, *_init_module() and *_cleanup_module() have become just a wrapper functions. We will get rid of them with the help of module_*_driver() macros. For pcie, existing ".init_if" handler has same name as what module_pcie_driver() macro will create. Let's rename it to avoid conflict. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
045f0c1b |
|
30-Nov-2016 |
Xinming Hu <huxm@marvell.com> |
mwifiex: get rid of global user_rmmod flag bus.remove() callback function is called when user removes this module from kernel space or ejects the card from the slot. The driver handles these 2 cases differently. Few commands (FUNC_SHUTDOWN etc.) are sent to the firmware only for module unload case. The variable 'user_rmmod' is used to distinguish between these two scenarios. This patch checks hardware status and get rid of global variable user_rmmod. Signed-off-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
4133828c |
|
23-Nov-2016 |
Kirtika Ruchandani <kirtika.ruchandani@gmail.com> |
mwifiex: Remove unused 'bcd_usb' variable mwifiex_usb_probe() defines and sets bcd_usb but does not use it, Compiling with W=1 gives the following warning, fix it. mwifiex/usb.c: In function ‘mwifiex_usb_probe’: mwifiex/usb.c:383:41: warning: variable ‘bcd_usb’ set but not used [-Wunused-but-set-variable] The unused variable seems to be present since 4daffe354366 which introduced mwifiex_usb_probe(). Fixes: 4daffe354366 ("mwifiex: add support for Marvell USB8797 chipset") Cc: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kirtika Ruchandani <kirtika@google.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
e98fb11f |
|
18-Nov-2016 |
Brian Norris <briannorris@chromium.org> |
mwifiex: stop checking for NULL drvata/intfdata These are never NULL, so stop making people think they might be. I don't change this for SDIO because SDIO has a racy card-reset handler that reallocates this struct. I'd rather not touch that mess right now. Signed-off-by: Brian Norris <briannorris@chromium.org> Tested-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
58b70335 |
|
18-Nov-2016 |
Brian Norris <briannorris@chromium.org> |
mwifiex: usb: handle HS failures SDIO and PCIe drivers handle this. Let's imitate it. Signed-off-by: Brian Norris <briannorris@chromium.org> Tested-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b42dbb27 |
|
18-Nov-2016 |
Brian Norris <briannorris@chromium.org> |
mwifiex: resolve suspend() race with async FW init failure Signed-off-by: Brian Norris <briannorris@chromium.org> Tested-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7ccdf72f |
|
18-Nov-2016 |
Brian Norris <briannorris@chromium.org> |
mwifiex: don't pretend to resume while remove()'ing The device core will not allow suspend() to race with remove(). Signed-off-by: Brian Norris <briannorris@chromium.org> Tested-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
4a79aa17 |
|
18-Nov-2016 |
Brian Norris <briannorris@chromium.org> |
mwifiex: resolve races between async FW init (failure) and device removal It's possible for the FW init sequence to fail, which will trigger a device cleanup sequence in mwifiex_fw_dpc(). This sequence can race with device suspend() or remove() (e.g., reboot or unbind), and can trigger use-after-free issues. Currently, this driver attempts (poorly) to synchronize remove() using a semaphore, but it doesn't protect some of the critical sections properly. Particularly, we grab a pointer to the adapter struct (card->adapter) without checking if it's being freed or not. We later do a NULL check on the adapter, but that doesn't work if the adapter was freed. Also note that the PCIe interface driver doesn't ever set card->adapter to NULL, so even if we get the synchronization right, we still might try to redo the cleanup in ->remove(), even if the FW init failure sequence already did it. This patch replaces the static semaphore with a per-device completion struct, and uses that completion to synchronize the remove() thread with the mwifiex_fw_dpc(). A future patch will utilize this completion to synchronize the suspend() thread as well. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
2e02b581 |
|
15-Nov-2016 |
Rajat Jain <rajatja@google.com> |
mwifiex: Allow mwifiex early access to device structure Today all the interface drivers (usb/pcie/sdio) assign the adapter->dev in the register_dev() callback, although they have this piece of info well before hand. This patch makes the device structure available for mwifiex right at the beginning, so that it can be used for early initialization if needed. This is needed for subsequent patches in this patchset that intend to unify and consolidate some of the code that would otherwise have to be duplicated among the interface drivers (sdio, pcie, usb). Signed-off-by: Rajat Jain <rajatja@google.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
66b9c182 |
|
26-Oct-2016 |
Brian Norris <briannorris@chromium.org> |
mwifiex: don't do unbalanced free()'ing in cleanup_if() The cleanup_if() callback is the inverse of init_if(). We allocate our 'card' interface structure in the probe() function, but we free it in cleanup_if(). That gives a few problems: (a) we leak this memory if probe() fails before we reach init_if() (b) we can't safely utilize 'card' after cleanup_if() -- namely, in remove() or suspend(), both of which might race with the cleanup paths in our asynchronous FW initialization path Solution: just use devm_kzalloc(), which will free this structure properly when the device is removed -- and drop the set_drvdata(..., NULL), since the driver core does this for us. This also removes the temptation to use drvdata == NULL as a hack for checking if the device has been "cleaned up." I *do* leave the set_drvdata(..., NULL) for the hacky SDIO mwifiex_recreate_adapter(), since the device core won't be able to clear that one for us. Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ac3b5617 |
|
20-Sep-2016 |
Amitkumar Karwar <akarwar@marvell.com> |
mwifiex: code rearrangement in mwifiex_usb_host_to_card() This patch helps get rid of goto statement and improves readability. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
5476f803 |
|
20-Sep-2016 |
Cathy Luo <cluo@marvell.com> |
mwifiex: fix race condition causing tx timeout It's been observed that in a corner case mwifiex_usb_tx_complete() gets called before we exit from mwifiex_usb_host_to_card() after submitting the urb. 'data_sent' flag remains set in this case. It blocks further Tx packets and triggers watchdog timeout. The problem is fixed by setting data_sent and port_block flag at correct place. Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Shengzhen Li <szli@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
1afac196 |
|
20-Sep-2016 |
Cathy Luo <cluo@marvell.com> |
mwifiex: fix kernel crash for USB chipsets Following crash issue is observed during TCP traffic stress test [ 2253.625439] NMI watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [kworker/u17:1:5191] [ 2253.625520] Call Trace: [ 2253.625527] [<ffffffffc0b47030>] ? moal_spin_lock+0x30/0x30 [usb8xxx] [ 2253.625533] [<ffffffffc0ac3ceb>] ? wlan_wmm_lists_empty+0xb/0xf0 [mlan] [ 2253.625537] [<ffffffffc0ab0ea3>] mlan_main_process+0x1b3/0x720 [mlan] [ 2253.625540] [<ffffffffc0b337f5>] woal_main_work_queue+0x45/0x80 [usb8xxx] [ 2253.625543] [<ffffffff8108aaf0>] process_one_work+0x150/0x3f0 [ 2253.625545] [<ffffffff8108b1e1>] worker_thread+0x121/0x520 [ 2253.625547] [<ffffffff8108b0c0>] ? rescuer_thread+0x330/0x330 [ 2253.625549] [<ffffffff81090222>] kthread+0xd2/0xf0 [ 2253.625551] [<ffffffff81090150>] ? kthread_create_on_node+0x1c0/0x1c0 [ 2253.625553] [<ffffffff8179423c>] ret_from_fork+0x7c/0xb0 [ 2253.625555] [<ffffffff81090150>] ? kthread_create_on_node+0x1c0/0x1c0 In mwifiex_usb_tx_complete(), we are updating port->block_status first and then freeing the skb attached to that URB. We may end up attaching new skb to URB in a corner case and same will be freed. This results in the kernel crash. The problem is solved by changing the sequence. Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Shengzhen Li <szli@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
78776467 |
|
12-Sep-2016 |
Ganapathi Bhat <gbhat@marvell.com> |
mwifiex: Command 7 handling for USB chipsets Firmware image for newer USB chipsets starts with a command 7 block (special command). It doesn't contain data length field. This patch adds necessary handling. Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
cf5383b0 |
|
02-Sep-2016 |
Xinming Hu <huxm@marvell.com> |
mwifiex: add manufacturing mode support By default normal mode is chosen when driver is loaded. This patch adds a provision to choose manufacturing mode via module parameters. Below command loads driver in manufacturing mode insmod mwifiex.ko mfg_mode=1. Tested-by: chunfan chen <jeffc@marvell.com> Signed-off-by: Xinming Hu <huxm@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
dbea99d6 |
|
11-Aug-2016 |
Wolfram Sang <wsa-dev@sang-engineering.com> |
net: wireless: marvell: mwifiex: usb: don't print error when allocating urb fails kmalloc will print enough information in case of failure. Signed-off-by: Wolfram Sang <wsa-dev@sang-engineering.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
394f0ed5 |
|
19-Apr-2016 |
Dan Carpenter <dan.carpenter@oracle.com> |
mwifiex: fix loop timeout in mwifiex_prog_fw_w_helper() USB8XXX_FW_MAX_RETRY is 3. We were using a post-op loop "while (retries--) {" but then the lines after that assume the loop exits with retries set to zero. I've fixed this by changing to a pre-op loop. I started with retries set to 4 instead of 3 so that we still go through the loop the same number of times. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
e0bdef0f |
|
19-Apr-2016 |
Dan Carpenter <dan.carpenter@oracle.com> |
mwifiex: missing error code on allocation failure We accidentally return success instead of -ENOMEM. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
354a1947 |
|
24-Feb-2016 |
Ujjal Roy <royujjal@gmail.com> |
mwifiex: Added missing spaces around brackets This patch fixes the missing spaces issue in coding style. Signed-off-by: Ujjal Roy <royujjal@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
277b024e |
|
17-Nov-2015 |
Kalle Valo <kvalo@codeaurora.org> |
mwifiex: move under marvell vendor directory Part of reorganising wireless drivers directory and Kconfig. Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|