Macro HTT_TX_DESC_PADDR() is unused. Furthermore, it references
tx_descs fields which do not exist. Since it couldn't possibly be
used in its current form, remove the macro.
Change-Id: I62b2d7bc3291ba6c2dc486196076827cfc22d8ec
CRs-Fixed: 2375421
The existing accessor macro NBUF_MAP_ID is obsoleted due to
restructuring of qdf_nbuf_cb.
Use new macro QDF_NBUF_CB_RX_MAP_IDX to access map_index.
Change-Id: I23650781cdd770f25b72a0a5fe55acc12d71cb64
CRs-Fixed: 2370724
Here rx_ring.refill_debt can become negative if filled count
returned from htt_rx_ring_fill_n() exceeds the rx_ring.refill_debt.
This is possible because inside htt_rx_ring_fill_n() we always refill
num = qdf_atomic_read(&pdev->rx_ring.refill_debt). Here we do not take
care of already served debt.
Taken care of above by subtracting debt_served from refill debt.
Change-Id: I0c154c978b711da2d8497c50f730619767787188
CRs-Fixed: 2365566
If FW supports new htt format include only payload length in
the header length.
Change-Id: Ia668d73dcae3eb4adc1a4cfb0498b34d8c38f522
CRs-Fixed: 2361564
Change Icdcfcdd10400aa2fad64441aa863087cc1c3766e use %llx to print
qdf_dma_addr_t. While qdf_dma_addr_t defined as 'unsigned long',
if without definition from kernel header.
Typecast DMA address to 'unsigned long long', before using %llx to
print DMA address directly.
Change-Id: Ic9527b494ac1aa2d47567a7dab5f0786913f4921
CRs-Fixed: 2355624
Compiler threw error as -Werror=int-to-pointer-cast when casting
DMA address to void pointer.
Use %llx to print DMA address directly.
Change-Id: Icdcfcdd10400aa2fad64441aa863087cc1c3766e
CRs-Fixed: 2350605
1. Remove error prints for qdf_mem_malloc APIs.
2. Remove unnecessary __func__ from data path prints.
Change-Id: I6c4b110f626d84da055821c5f210a3d000b6ff15
CRs-Fixed: 2317315
Some target which support sending mgmt frame based on htt would DMA
write this PMF tx frame buffer, it may cause smmu check permission
fault, set a flag to do special DMA map.
Change-Id: I3686be211374d2c316726fa3248dedce87c3faed
CRs-Fixed: 2332329
Unlock the rx_ring.rx_hash_lock spin-lock when returning due to
failure to do smmu map_unmap.
Change-Id: I1b905c0ad529c80f78807c030920121ee0909825
CRs-Fixed: 2299785
In low memory condition, RX ring may become empty when all
SKB buffers attached to the ring get consumed and kernel is
unable to allocate SKB buffer during replenish.
Create a pre-allocated pool of skbs during driver load time
and request the buffer from this pool in low memory case.
Change-Id: If8c6a4fe04f3c931dc60dcffe28e45166eab9835
CRs-Fixed: 2306861
cds_trigger_recovery() already checks for various conditions before
actually triggering recovery. One of these checks ensures that recovery
is enabled, but some callers are checking to see if recovery is enabled
before calling cds_trigger_recovery() as well. Because of this, some
important checks are skipped, and crashes can occur when they should
not. Remove the redundant checks at the call sites for
cds_trigger_recovery() so that all of the recovery conditions are
properly handled, and the wlan driver avoids crashing when it should
not.
Change-Id: I8c26a002b66496a1eb06263f3f8b91ead739e3ac
CRs-Fixed: 2296008
Do not required to print function and line number
for data path statistics function which is invoked
by ioctl.
Change data path statistics to info print so
that it can be printed in dmesg as well.
Change-Id: I4b5ea4202255ace71dbb6f9a4bbff6f93e496425
CRs-Fixed: 2278885
Add a conditional compilation QCA6390_HEADERS_DEF flag to compile
htt_rx_restitch_mpdu_from_msdus.
Change-Id: I6b526f2dd5d56338e520ec138512b7cf2d849d0c
CRs-Fixed: 2275699
In monitor mode, current implementation
uses the preample type, vht_sig_a_1 and vht_sig_a_1
values associated with each mpdu, instead of reusing
the values from the first mpdu, to calculate data rates.
This is causing incorrect rates to be recorded in monitor mode logs
Reuse preample type, vht_sig_a_1 and vht_sig_a_1 of first
mpdu till the last mpdu is reached.
Change-Id: Ia6e5c1b3b0cc8d8b27f16cdfbd469fdba5c4a8f2
CRs-Fixed: 2276766
Separate out HL and LL Rx Data Path in different files
to compile out features cleanly
Change-Id: Ifc0e2d7e740142f0115d1fcd53db2936f7a30979
CRs-Fixed: 2287351
The kernel address is used as cookie to keep track
of stats request. This address can be disclosed to
target leading to a security vulnerability.
Implement a FW stats descriptor pool, and use a
descriptor ID to keep track of stats requests,
instead of the kernel address, to prevent
kernel address leak.
Change-Id: Ib49150da899c0b9314f614868a90867f4aa92d3d
CRs-Fixed: 2246110
1) Genoa FW by default enables HI_ACS_FLAGS_SDIO_REDUCE_TX_COMPL_SET.
When this flag is enabled, credits are reported through
HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND and not through
HTT_T2H_MSG_TYPE_TX_COMPL_IND.
However when TSF and PTP features are enabled we need to get TX
Completions from FW.
Since credits can also be updated through TX Completions
we need to disable updation of credits through TX Completion for Genoa.
2) Enable flag : cfg_ctx->tx_free_at_download to free ol tx descriptors at
download.
Change-Id: I176dc8391ded9fc57f8be2b465effd8ae84eda49
CRs-fixed: 2268757
Add support for HTT_T2H_MSG_TYPE_FLOW_POOL_RESIZE
command from firmware to resize flow pool and call appropriate
function to handle it.
Change-Id: I7d2ca6ed459383ec5c456b15a71290264d5d2408
CRs-Fixed: 2261265
IPA SMMU mapping for RX buffers is needed only when IPA offload
and IPA pipes are enabled. Currently in STA only case where IPA
is not enabled SMMU map/unmap is done for RX buffers. So enable
SMMU mapping only when IPA pipes are enabled.
Change-Id: I88db2cc8606bdf4586644a7ffccd0415f85c8241
CRs-Fixed: 2213795
Introducing integer overflow checks in htt_t2h_tx_ppdu_log_print()
contained use of %p which violates security guidelines.
Change %p to %pK.
Change-Id: I9e886e9b065ea6902aeedc3d9c25aac76a07d6de
CRs-Fixed: 2252217
Currently in htt_t2h_msg_handler_fast, msg_len, which is in number of
bytes, is directly compared with pdev->rx_mpdu_range_offset_words,
which is in number of words. Thus their comparison becomes invalid.
In htt_t2h_msg_handler, in addition to similar issue as above, the
checks for message offset validations do not consider integer overflows
occurring.
In htt_t2h_msg_handler_fast, the check condition involving
pdev_rx_mpdu_range_offset_words were corrected to work with bytes,
and in htt_t2h_msg_handler checks for integer overflow were also
added.
Change-Id: I9ec7d30cc24d288ddcabd3bb30674a2ca21f2251
CRs-Fixed: 2248069
Currently, the message type HTT_T2H_MSG_TYPE_RX_ADDBA and
HTT_T2H_MSG_TYPE_RX_DELBA is not supported as firmware is
no more sending this message to host.
Clean up the unreachable code for HTT_T2H_MSG_TYPE_RX_ADDBA
and HTT_T2H_MSG_TYPE_RX_DELBA message type.
Change-Id: I7a32fb53fec00e0507ef32d29494968188c98bfd
CRs-Fixed: 2226328
Currently SMMU mem map table allocation size is very high and may
lead to allocation failure if system memory is fragmented or in low
memory cases. Do not allocate SMMU mem table buffer instead update
for each rx nbuff.
Change-Id: Ib48199387abc942980cef1ef57a00e44c729e95f
CRs-Fixed: 2238629
mpdu_bytes_array_len, mpdu_msdus_array_len, and msdu_bytes_array_len
are used to calculate the record size, as well as used as
buffer offset, without any verification. This can cause to multiple
overflows and underflow leading to OOB reads.
Add checks for each arithmetic operation with these variables.
Change-Id: Ib6ec6ac6932eb8c541bc2357d45d3feaf39fdb7d
CRs-Fixed: 2226125
Address the following issues in the core/dp folder:
CHECK: 'accomodate' may be misspelled - perhaps 'accommodate'?
CHECK: 'acess' may be misspelled - perhaps 'access'?
CHECK: 'bahavior' may be misspelled - perhaps 'behavior'?
CHECK: 'catagory' may be misspelled - perhaps 'category'?
CHECK: 'continous' may be misspelled - perhaps 'continuous'?
CHECK: 'controler' may be misspelled - perhaps 'controller'?
CHECK: 'curently' may be misspelled - perhaps 'currently'?
CHECK: 'defintion' may be misspelled - perhaps 'definition'?
CHECK: 'Defintions' may be misspelled - perhaps 'Definitions'?
CHECK: 'desriptor' may be misspelled - perhaps 'descriptor'?
CHECK: 'extention' may be misspelled - perhaps 'extension'?
CHECK: 'informations' may be misspelled - perhaps 'information'?
CHECK: 'lenght' may be misspelled - perhaps 'length'?
CHECK: 'managment' may be misspelled - perhaps 'management'?
CHECK: 'messsage' may be misspelled - perhaps 'message'?
CHECK: 'neccessary' may be misspelled - perhaps 'necessary'?
CHECK: 'recieved' may be misspelled - perhaps 'received'?
CHECK: 'Recieve' may be misspelled - perhaps 'Receive'?
Change-Id: Ib8c1b94b5bb3bb5798e41dbb4c1461be80fd1398
CRs-Fixed: 2241941
Currently, "channel_freq" is declared as uint16_t. But
htt_get_channel_freq returns "int" which is assigned to
"channel_freq". So, channel_freq != -1 is always true
regardless of the values of its operands.
Declare "channel_freq" as int and add the check if
channel_freq is positive.
Change-Id: I13ae35c1bee3cdf293227e320ede8d8cd2e968fe
CRs-Fixed: 2233556
Apparently netbufs_ring is initialized only when reordering is not fully
offloaded. When a message of type HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND
is sent, the driver does not check if reordering is offloaded.
Add a check, if reordering is offloaded, when a message of type
HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND is sent.
Change-Id: I303b52182d97aa8185c23ccd99c37a97fb75a3d2
CRs-Fixed: 2213216
To avoid out-of-bounds access of mem_map_table from htt_rx_hash_deinit
, allocate mem_map_table size the same as maximum number of hash
entries, which is RX_NUM_HASH_BUCKETS * RX_ENTRIES_SIZE.
Change-Id: If25f97b47350196ceb2e8c60e7d5430a1484a01d
CRs-Fixed: 2214158
Add GRO support and make it configurable through INI(GROEnable).
GRO and LRO are mutually exclusive. Only one of them can be enabled.
And disable GRO during following conditions
1) Low TPUT scenario
2) Concurrency cases
3) For Rx packets when Peer is not connected
Change-Id: I15535827a03953231670d4138235c4876b16e045
CRs-Fixed: 2098772
Currently variable "num_mpdu_ranges" is from message, which is used
directly without any validation which causes buffer over-write.
To avoid buffer over-write add check for the valid num_mpdu_ranges
Change-Id: I54e138d4bd63cbe7a0ae4faf0fe9d8e59ca92c71
CRs-Fixed: 2213655
Some of the platforms delivers the msdu with skb head and skb data
pointing to same address, in such cases do skb pull to create a room
for radiotap hdr and let qdf_nbuf_update_radiotap() API handle creating
room for radiotap header.
Note: When skb head and skb data pointer points to same
address, it indicates that radiotap size is already considered in
headroom.
CRs-Fixed: 2230412
Change-Id: Ide49544873554ae38a49af1511fd5bafd0d25102
While handling a multi-segment TSO packet, there is a race condition
where, if tx complete arrives fast enough, the un-sent TSO segments
may be lost forever and a previously sent segment would be attempted
to be sent over.
Fix the race condition. Dont use the segment after send to go to the
next one.
Change-Id: I4abd9d26f50c749141925894a8845cf82df4d222
CRs-Fixed: 2168778
Several packets are sent to firmware in htt_htc_attach_all(), back to
back. However, if one of the latter packets fails to send for some
reason, the previous packets are not flushed. This leads to a number of
leaks under error conditions.
If a packet fails to send in htt_htc_attach_all(), flush the endpoint
before returning failure to the upper layers.
Change-Id: If9b33a645f7bcc77442e18566525ae57b544f1a0
CRs-Fixed: 2219137
