The service bitmap can be used to determine
firmware capabilities.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This shouldn't really happen but take into account
the original service bitmap length when mapping
service ids.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The dump print uses sizeof() but since service_map
was a mere pointer the dump was too short.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The number of peers isn't directly translatable to
the number of stations because ath10k needs to
reserve a few extra peers for special cases like
multi-vif concurrency.
The previous limit was 126 and 15 stations in AP
mode for 10.x and main firmware branches
respectively. The limit is now 128 and 16 which
was the original intention.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
When static keys are used in shared WEP, when a
station is associated, message 3 is sent with an
encrypted payload. But, for subsequent
authentications that are triggered without a
deauth, the auth frame is decrypted by the HW.
To handle this, check if the WEP keys have already
been set for the peer and if so, mark the
frame as decrypted. This scenario can happen
when a station changes its default TX key and initiates
a new authentication sequence.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Some firmware revisions don't seem to deilver
management frames with FCS error via WMI so narrow
down the HTT rule to not drop corrupted management
frames.
This basically increases number of frames ath10k
reports while sniffing.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
There are not many of these messages producted by the
firmware, but they are generally fairly useful, so make it easy to print them
with a separate debug level.
kvalo: fix commit log, rename debug level
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fix to use v10.2 wmi call for firmware v10.2.
It turned out that peer association function was using
v10.1 wmi call for v10.2 firmware during code review.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
For packet log, the transmitted frame 802.11 header alone is sufficient.
Recording entire packet is also consuming lot of disk space. To optimize
this, tx and rx data tracepoints are splitted into header and payload
tracepoints.
To record tx ieee80211 headers
trace-cmd record -e ath10k_tx_hdr
To record complete packets
trace-cmd record -e ath10k_tx_hdr -e ath10k_tx_payload
Cc: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
In some cases hw recovery was taking an absurdly
long time due to ath10k waiting for things that
would never really complete.
Instead of waiting for inevitable timeouts poke
all completions and wakequeues and check if it's
still worth waiting.
Reading/writing ar->state requires conf_mutex.
Since waiters might be holding it introduce a new
flag CRASH_FLUSH so it's possible to tell waiters
to abort whatever they were waiting for.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Using global channel won't work with chanctx. Try
to determine the channel from the information
provided in the wmi event itself alone. This
should be sufficient.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Add tracing support to forward management and data frames to
user space for packet inspection.
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Add support to configure packet log filters (tx, rx, rate control)
via debugfs. To disable htt pktlog events set the filters to 0.
ex:
To enable pktlog for all filters
echo 0x1f > /sys/kernel/debug/ieee80211/phy*/ath10k/pktlog_filter
To disable pktlog
echo 0 > /sys/kernel/debug/ieee80211/phy*/ath10k/pktlog_filter
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
If stat data exceeds wmi-htc buffer limits
firmware splits it into many wmi stats update
events which are delivered in a ping-pong fashion
triggered by wmi stats request command.
Since there's only an implicit start-of-data and
no end-of-data indications the driver has to
perform some trickery to get complete stat data.
kvalo: use %zu to fix a compiler warning and fix a typo in a comment
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The parsing function was rather complex. Simplify
by splitting it up into firmware branch specific
implementations.
While at it move the parsing code into wmi.c where
it belongs.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This gets rid of the ugly scan structure building
and uses a saner way to do it.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Make all wmi event functions match the same naming
style, i.e. ath10k_wmi_event_<name>.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Make the phyerr structures more compact and easier
to understand. Also add constness.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The logic responsible for processing the event is
no different across different firmware binaries.
The difference that needs to be dealt with is the
ABI of data structures.
The intermediate structure uses __le32 to avoid
extra memory allocations to byteswap
variable-length substructures (i.e. host mem
chunks).
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Init functions should be placed at the end of
files in most cases to avoid forward declarations
for static functions.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Simplify the code by deduplicating structure
definitions and code.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The structure is being set up in 2 places.
Deduplicate the code by creating a helper.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This command is not used anymore and most firmware
revisions do not seem to handle it well. Channel
switching is done via vdev restarting.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Firmware reports the number of RF chains so use
that for initialization of supp_{tx,rx}_chainmask
instead of using a macro for 3x3 chips.
This should make tx/rx chainmask reports correct
for chips other than 3x3.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Some firmware revisions don't wait for beacon tx
completion before sending another SWBA event. This
could lead to hardware using old (freed) beacon
data in some cases, e.g. tx credit starvation
combined with missed TBTT. This is very very rare.
On non-IOMMU-enabled hosts this could be a
possible security issue because hw could beacon
some random data on the air. On IOMMU-enabled
hosts DMAR faults would occur in most cases and
target device would crash.
Since there are no beacon tx completions (implicit
nor explicit) propagated to host the only
workaround for this is to allocate a DMA-coherent
buffer for a lifetime of a vif and use it for all
beacon tx commands. Worst case for this approach
is some beacons may become corrupted, e.g. garbled
IEs or out-of-date TIM bitmap.
Keep the original beacon-related code as-is in
case future firmware revisions solve this problem
so that the old path can be easily re-enabled with
a fw_feature flag.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
As suggeested by checkpatch:
WARNING: Prefer ether_addr_copy() over memcpy() if the Ethernet addresses are __aligned(2)
In wmi.c I had to change due to sparse warnings copying of struct wmi_mac_addr
from form &cmd->peer_macaddr.addr to cmd->peer_macaddr.addr. In
ath10k_wmi_set_ap_ps_param() I also added the missing ".addr" to the copy
command.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fixes checkpatch warnings:
ath10k/htc.c:49: WARNING: Possible unnecessary 'out of memory' message
ath10k/htc.c:810: WARNING: Possible unnecessary 'out of memory' message
ath10k/htt.h:1034: CHECK: Please use a blank line after function/struct/union/enum declarations
ath10k/htt_rx.c:135: CHECK: Unnecessary parentheses around htt->rx_ring.alloc_idx.vaddr
ath10k/htt_rx.c:173: CHECK: Unnecessary parentheses around htt->rx_ring.alloc_idx.vaddr
ath10k/pci.c:633: WARNING: macros should not use a trailing semicolon
ath10k/wmi.c:3594: WARNING: quoted string split across lines
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fixes checkpatch warnings:
WARNING: Missing a blank line after declarations
Please note that some of the cases I fixed by moving the variable declarations
to the beginning of the function, which is the preferred style in ath10k.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Add testmode interface for starting and using UTF firmware which is used to run
factory tests. This is implemented by adding new state ATH10K_STATE_UTF and user
space can enable this state with ATH10K_TM_CMD_UTF_START command. To go back to
normal mode user space can send ATH10K_TM_CMD_UTF_STOP.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
On 32bit systems the bitmap was too small and it
was overwritten partially by the stat completion
structure. This was visible with 10.2 firmware
only due to it using a few of the last service
ids.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This makes it easier to log and debug via tracing
with more than 1 ath10k device on a system.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This makes it a lot easier to log and debug
messages if there's more than 1 ath10k device on a
system.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Service mapping for main firmware branch was incorrectly used for 10.x firmware
and vice-versa. This caused wmi_services in debugfs to print wrong values.
This fixes commit cff990ce7d ("ath10k: fix wmi service bitmap debug") where
for some reason there was either a conflict that wasn't resolved properly or
git had a bad day.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This aims at fixing some rare scan bugs related to
firmware reporting unexpected scan event
sequences.
One such bug was if spectral scan phyerr reporting
prevented firmware from properly propagating scan
events to host. This led to scan timeout. After
that next scan would trigger scan completed event
first (before scan started event) leading to
ar->scan.in_progress and timeout timer states to
be overwritten incorrectly and making the very
next scan to hang forever.
Reported-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This also reduces the cruft of printing scan event
names in capitals.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The 10.x and main firmware branches have
conflicting WMI service bitmap definitions.
This also fixes WMI services parsing on big-endian
hosts and changes debugfs output to be more human
friendly.
kvalo: remove braces and the last semicolon from SVCSTR()
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Adds the spectral scan feature for ath10k. The spectral scan is triggered by
configuring a mode through a debugfs control file. Samples can be gathered via
another relay debugfs file.
Essentially, to try it out:
ip link set dev wlan0 up
echo background > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl
echo trigger > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl
iw dev wlan0 scan
echo disable > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl
cat /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan0 > samples
This feature is still experimental. Based on the original RFC patch of
Sven Eckelmann.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The 10.2 firmware is a successor of 10.1 firmware
(formerly identified as 10.x). Both share a lot
but have some slight ABI differences that need to
be taken care of.
The 10.2 firmware introduces some new features but
those can be added in subsequent patches. This
patch makes ath10k boot and work with 10.2 with
comparable functionality to 10.1.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
It always bugged me how tid is computed and stored
in a temporary var before written to the control
buffer. It was confusing and it made it difficult
to work with tx helpers.
While at it rename the qos workaround function as
it was misleading - it's not a workaround but
preparation for nwifi tx mode.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
It was possible to call hif_stop() 2 times through
ath10k_htc_connect_init() timeout failpath which
could lead to double free_irq() kernel splat for
multiple MSI interrupt case.
Re-order init sequence to avoid this problem. The
HTC stop shouldn't stop HIF implicitly since it
doesn't implicitly start it. Since the re-ordering
required some functions to be split/removed/renamed
rename a few functions to make more sense while at
it.
Reported-By: Ben Greear <greearb@candelatech.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Fix sending and receiveing protected managment frames.
Lack of protected flag for received protected action frames
causes report these frames as unprotected robust action frames.
If the driver in AP mode sent frame with protected flag and
CCMP header using IEEE80211_KEY_FLAG_SW_MGMT_TX flag,
the FW encrypted frames once again. From user side all
received SA Query Requests and Responses were skipped and
all protected action frames were sent as malformed packets.
Signed-off-by: Marek Kwaczynski <marek.kwaczynski@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
If DMA mapping of next beacon failed ath10k leaked
the beacon.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
If DMA mapping of next beacon failed it was
possible for next SWBA to access a pointer that
was already unmapped and freed. This could cause
memory corruption.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
They were just too superfluous and made it harder to read logs. Change them to
follow the normal style used in ath10k.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
