2
0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Commit Graph

35 Commits

Author SHA1 Message Date
Lee Gibson
130f634da1 qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
Function qtnf_event_handle_external_auth calls memcpy without
checking the length.
A user could control that length and trigger a buffer overflow.
Fix by checking the length is within the maximum allowed size.

Signed-off-by: Lee Gibson <leegib@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210419145842.345787-1-leegib@gmail.com
2021-04-22 17:40:12 +03:00
Sergey Matyukevich
44d0976485 qtnfmac: support WPA3 OWE in AP mode
Enable WPA3 OWE support in AP mode. Driver currently supports cards that
offload OWE processing to userspace. This patch adds all the required
tools for such offloading. Firmware requests OWE processing sending new
UPDATE_OWE event to driver, which uses cfg80211_update_owe_info_event to
notify userspace software. After OWE processing is completed, userspace
sends calculated IEs to firmware using update_owe_info cfg80211 callback.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2020-03-12 15:38:56 +02:00
Sergey Matyukevich
b3860e7a3e qtnfmac: support WPA3 SAE in AP mode
Enable WPA3 SAE support in AP mode. Driver currently supports cards
that offload SAE authentication to userspace. So allow userspace
software to subscribe and to send AUTH frames. Besides, enable
AP mode support in external_auth cfg80211 callback.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2020-03-12 15:38:55 +02:00
Sergey Matyukevich
946d077a42 qtnfmac: fix potential Spectre vulnerabilities
Fix potential Spectre vulnerabilities and other warnings
reported by smatch:

drivers/net/wireless/quantenna/qtnfmac/core.c:49 qtnf_core_get_mac() warn: potential spectre issue 'bus->mac' [r] (local cap)
drivers/net/wireless/quantenna/qtnfmac/core.c:51 qtnf_core_get_mac() warn: possible spectre second half.  'mac'
drivers/net/wireless/quantenna/qtnfmac/event.c:671 qtnf_event_parse() warn: potential spectre issue 'mac->iflist' [r] (local cap)
drivers/net/wireless/quantenna/qtnfmac/pcie/pearl_pcie.c:912 qtnf_pcie_skb_send() warn: variable dereferenced before check 'skb' (see line 881)

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2020-02-12 18:16:49 +02:00
Igor Mitsyanko
8b0b5f1ba9 qtnfmac: cleanup alignment in firmware communication protocol
Make sure that all elements in QLINK protocol message are aligned to
4 bytes. For this purpose add necessary amount of padding bytes to
each message. Besides, add padding for non-aligned variable length
fields, e.g. SSID, so that the first byte of the next variable length
element is aligned. to 4 bytes. Finally, introduce TLV parsing helpers
to reduce boilerplate TLV parsing code.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2020-02-12 18:16:46 +02:00
Sergey Matyukevich
239ce8a797 qtnfmac: handle MIC failure event from firmware
Report MIC failure from firmware to cfg80211 subsystem
using dedicated callback cfg80211_michael_mic_failure.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-11-14 17:28:52 +02:00
Sergey Matyukevich
24227a9e95 qtnfmac: fix invalid channel information output
Do not attempt to print frequency for an invalid channel
provided by firmware. That channel may simply not exist.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-11-14 17:28:49 +02:00
Sergey Matyukevich
4f87d486fa qtnfmac: handle channel switch events for connected stations only
Channel switch events from firmware should be processed only when STA
is already connected to BSS. On connect this notification is not needed
since full BSS info will be supplied by cfg80211_connect_result.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-04-26 14:53:12 +03:00
Sergey Matyukevich
47b08e75a6 qtnfmac: enable WPA3 SAE support
In the case of SAE AP, drivers offload authentication to user-space
software, e.g. hostapd. For FullMAC drivers the procedure is as follows.
If auth_type is SAE and user space indicates external authentication
capability, then driver requests authentication offload to user-space
software using cfg80211_external_auth_request call. From that point,
auth frame exchange is performed transparently for driver: user-space
software sends/receives mgmt frames using mgmt_tx/mgmt_frame_register
cfg80211 callbacks. As soon as authenitcation is completed, user-space
software notifies driver about its status using external_auth cfg80211
callback.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-08 17:30:24 +02:00
Sergey Matyukevich
524d6323af qtnfmac: enable WPA3 OWE support
In the case of OWE, STA should be able to pass DH IEs from AP assoc
responses to wpa_s for processing. For this purpose DH IEs are
received from firmware in BSS_JOIN events and passed to wireless
core and then to wpa_s as additional optional rsp_ies parameter
for cfg80211_connect_result.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-08 17:30:23 +02:00
Sergey Matyukevich
23781af741 qtnfmac: add missing bss record to host scan cache
Make sure that valid BSS entry exists in wireless core record
even in the case of successful connect reported by firmware.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-01 14:12:05 +02:00
Sergey Matyukevich
ff233cb515 qtnfmac: convert to SPDX license identifiers
Replace textual license with SPDX-License-Identifier.
Add an SPDX-License-Identifier for the Makefile.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-02-01 14:12:02 +02:00
Sergey Matyukevich
263ee96b77 qtnfmac: do not track STA states in driver
Remove STA connection states tracking from driver.
Leave it wireless core on host and to firmware.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-10-05 14:01:14 +03:00
Sergey Matyukevich
480daa9cb6 qtnfmac: fix invalid STA state on EAPOL failure
Driver switches vif sta_state into QTNF_STA_CONNECTING when cfg80211
core initiates connect procedure. Further this state is changed either
to QTNF_STA_CONNECTED or to QTNF_STA_DISCONNECTED by BSS_JOIN and
BSS_LEAVE events from firmware. However it is possible that no such
events will be sent by firmware, e.g. if EAPOL timed out.

In this case vif sta_mode will remain in QTNF_STA_CONNECTING state and
all subsequent connection attempts will fail with -EBUSY error code.
Fix this by perfroming STA state transition from QTNF_STA_CONNECTING
to QTNF_STA_DISCONNECTED in cfg80211 disconnect callback.
No need to rely upon firmware events in this case.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-05-30 22:20:17 +03:00
Toke Høiland-Jørgensen
41bd3d585d wireless-drivers: Dynamically allocate struct station_info
Since the addition of the TXQ stats to cfg80211, the station_info struct
has grown to be quite large, which results in warnings when allocated on
the stack. Fix the affected places to do dynamic allocations instead.

Fixes: 52539ca89f ("cfg80211: Expose TXQ stats and parameters to userspace")
Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-05-12 11:51:14 +03:00
Dmitry Lebed
fbb93020b8 qtnfmac: add DFS offload support
DFS offload support implemented:
- DFS_OFFLOAD feature is advertised depending on HW capabilities
- CAC_STARTED event forwarding from HW implemented
- start_radar_detection() callback now returning -ENOTSUPP
  if DFS_OFFLOAD is enabled

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-04-24 20:22:42 +03:00
Igor Mitsyanko
237d29f6ce qtnfmac: do not use bus mutex for events processing
Events processing requires locking of bus mutex, which is also used by
cfg80211 layer before calling several of cfg80211 callbacks. Since all
cfg80211 callbacks in qtnfmac driver also lock bus mutex, this
potentially may lead to a deadlock.

Do not use bus lock for event processing. Use RTNL lock instead to
serialize events and commands processing threads.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-01-24 18:00:55 +02:00
Igor Mitsyanko
7a4d3a3bc8 qtnfmac: keeping track of "generation" for STA info
Keep generation in per-VIF data structure and increment it whenever STA
list is changed. Use generation value to fill struct station_info when
required.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-01-09 14:11:23 +02:00
Sergey Matyukevich
fbad963a28 qtnfmac: fix rssi data passed to wireless core
Fix RSSI values passed to wireless core by qtnfmac driver:
- fix RSSI values in scan results:
  driver registers wiphy with CFG80211_SIGNAL_TYPE_MBM signal type,
  so mBm should be passed using DBM_TO_MBM macro
- accompany firmware changes fixing RSSI values in received mgmt frames
  update qlink message format and pass correct signed values to core

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-01-09 14:11:21 +02:00
Igor Mitsyanko
b05ee456fd qtnfmac: add support for radar detection and CAC
Implement two parts of radar handling logic:
- cfg80211 .start_radar_detect callback to allow nl80211 to initiate CAC
- radar event to allow wlan device to advertize CAC and radar events

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-01-09 14:11:18 +02:00
Sergey Matyukevich
5bf374ab91 qtnfmac: pass complete channel data between driver and firmware
Center frequency is not enough to describe the channel in HT and VHT
modes. For 40MHz and 80MHz channels both primary channel and center
frequency should be specified in order to qualify channel completely.
This change adds primary channel info into qlink_chandef structure.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-01-09 14:11:17 +02:00
Igor Mitsyanko
5face518d4 qtnfmac: SCAN results: retreive frame type information from "IE set" TLV
"IE set" TLV carries the same information as
qlink_event_scan_result::frame_type. Convert the event to make use of
TLV and drop frame_type member.
While at it, make qlink_event_scan_result structure alignement-safe.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-11-10 04:30:56 +02:00
Igor Mitsyanko
18b7470f92 qtnfmac: extend "IE set" TLV to include frame type info
Specifying frame type for "IE set" TLV will allow to use several
TLVs in a single message.
Modify users accordingly.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-11-10 04:30:56 +02:00
Kalle Valo
0fac9e2dff Merge git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git
Mark Brown reported that there are conflicts in iwlwifi between the two trees
so fix those now.
2017-10-16 17:09:24 +03:00
Igor Mitsyanko
ef81e8e9db qtnfmac: do not cache current channel info in driver's state
Linux Wireless device structure already has current channel
information that can be used when needed. Start using it.
Since driver's channel info is not used anymore, remove it.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-10-13 12:59:32 +03:00
Igor Mitsyanko
d7b80052fa qtnfmac: get rid of QTNF_STATE_AP_START flag
QTNF_STATE_AP_START usage is redundant and imposes additional state
synchronization maintenance. We may as well leave state checking
to network card and upper layers (cfg80211, nl80211 and userspace).

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-10-13 12:59:31 +03:00
Igor Mitsyanko
115af85123 qtnfmac: do not report channel changes until wiphy is registered
Wireless device may send "channel changed" event before driver
registered this device with wireless core, which will result in
warnings.
Once device is registered, higher layer will query channel info
manually using .get_channel callback.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-09-25 11:27:18 +03:00
Igor Mitsyanko
6bfe61d697 qtnfmac: remove unused mac::status field
There are no users of this field and it can safely be removed.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-09-25 11:27:17 +03:00
Igor Mitsyanko
9739763310 qtnfmac: do not cache CSA chandef info
It is never used for anything useful, and all logic is handled by
either WiFi card or higher layers.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-09-25 11:27:17 +03:00
Igor Mitsyanko
fac7f9bf14 qtnfmac: make "Channel change" event report full channel info
Specifically, it has to report center frequency, secondary center
frequency (for 80+80) and BW.
Introduce channel definition structure to qlink and modify channel
change event processing function accordingly.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-09-25 11:27:13 +03:00
Sergey Matyukevich
a715b3a0ef qtnfmac: cancel scans on wireless interface changes
Cancel active scans and deactivate firmware scan watchdog timer
when wireless interface configuration is changed. The usecases
include wireless interface mode change, interface down,
AP stop, virtual interface removal.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-09-20 15:35:33 +03:00
Sergey Matyukevich
c7ead2abd2 qtnfmac: implement scan timeout
Userspace tools may hang on scan in the case when scan completion event
is not returned by firmware. This patch implements the scan timeout
to avoid such situation.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Avinash Patil <avinashp@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-08-03 12:58:13 +03:00
Sergey Matyukevich
97883695d5 qtnfmac: implement cfg80211 channel_switch handler
This patch implements cfg80211 channel_switch handler enabling CSA
channel-switch procedure.

Driver performs only basic validation of the requested new channel
and then sends command to firmware. Beacon IEs are not sent since
beacon update is handled by firmware.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Avinash Patil <avinashp@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-08-03 12:58:13 +03:00
Sergey Matyukevich
fd19ecebe0 qtnfmac: fix station leave reason endianness
Use proper endianness conversion for client station leave reason.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Avinash Patil <avinashp@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-08-03 12:58:12 +03:00
Igor Mitsyanko
98f44cb065 qtnfmac: introduce new FullMAC driver for Quantenna chipsets
This patch adds support for new FullMAC WiFi driver for Quantenna
QSR10G chipsets.

QSR10G (aka Pearl) is Quantenna's 8x8, 160M, 11ac offering.
QSR10G supports 2 simultaneous WMACs - one 5G and one 2G.
5G WMAC supports 160M, 8x8 configuration. FW supports
up to 8 concurrent virtual interfaces on each WMAC.

Patch introduces 2 new drivers:
- qtnfmac.ko for interfacing with kernel wireless core
- qtnfmac_pearl_pcie.ko for interfacing with hardware over PCIe interface

Signed-off-by: Dmitrii Lebed <dlebed@quantenna.com>
Signed-off-by: Sergei Maksimenko <smaksimenko@quantenna.com>
Signed-off-by: Sergey Matyukevich <smatyukevich@quantenna.com>
Signed-off-by: Bindu Therthala <btherthala@quantenna.com>
Signed-off-by: Huizhao Wang <hwang@quantenna.com>
Signed-off-by: Kamlesh Rath <krath@quantenna.com>
Signed-off-by: Avinash Patil <avinashp@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2017-05-24 17:04:13 +03:00