mbox series

[for-6.2,0/3] wifi: brcmfmac: regression fixes

Message ID 20230103124117.271988-1-arend.vanspriel@broadcom.com
Headers show
Series wifi: brcmfmac: regression fixes | expand

Message

Arend van Spriel Jan. 3, 2023, 12:41 p.m. UTC 
Stefan Wahren reported a minor issue where the kernel log was filled
with error messages at regular interval. This happens in new functionality
added in 6.2 merge window. Found a potential NULL-deref which will happen
when device does not have 5GHz band. The last patch is really a cosmetic
one for wireless-next, but I added it here for reference. I can resend that
later when the other patches are distributed into wireless-next whenever that
happens.

This series applies to the main branch of the wireless repository.

Arend van Spriel (3):
  wifi: brcmfmac: avoid handling disabled channels for survey dump
  wifi: brcmfmac: avoid NULL-deref in survey dump for 2G only device
  wifi: brcmfmac: change cfg80211_set_channel() name and signature

 .../broadcom/brcm80211/brcmfmac/cfg80211.c    | 42 +++++++++----------
 1 file changed, 20 insertions(+), 22 deletions(-)

--
2.32.0

Comments

Arend van Spriel Jan. 3, 2023, 7:44 p.m. UTC | #1 
On 1/3/2023 8:15 PM, Stefan Wahren wrote:
> Hi Arend,
> hi Kalle,
> 
> Am 03.01.23 um 13:41 schrieb Arend van Spriel:
>> An issue was reported in which periodically error messages are
>> printed in the kernel log:
>>
>> [   26.303445] brcmfmac: brcmf_fw_alloc_request: using 
>> brcm/brcmfmac43455-sdio for chip BCM4345/6
>> [   26.303554] brcmfmac mmc1:0001:1: Direct firmware load for 
>> brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.bin failed with 
>> error -2
>> [   26.516752] brcmfmac_wcc: brcmf_wcc_attach: executing
> regardless of this patch the commit d6a5c562214f ("wifi: brcmfmac: add 
> support for vendor-specific firmware api") introduced this error message 
> wcc/core.c, but i guess this should be trace or info message?

Ah, yes. I will change that for the next release. Thanks for pointing at 
that.

>> [   26.528264] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 
>> wl0: Jan  4 2021 19:56:29 version 7.45.229 (617f1f5 CY) FWID 01-2dbd9d2e
>> [   27.076829] Bluetooth: hci0: BCM: features 0x2f
>> [   27.078592] Bluetooth: hci0: BCM43455 37.4MHz Raspberry Pi 3+
>> [   27.078601] Bluetooth: hci0: BCM4345C0 (003.001.025) build 0342

[...]

>> Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for 
>> HostApd AutoChannelSelection")
>> Reported-by: Stefan Wahren <stefan.wahren@i2se.com>
>> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
> 
> this patch is:
> 
> Tested-by: Stefan Wahren <stefan.wahren@i2se.com>

Appreciated.

Regards,
Arend

> Thanks
>> ---
>>   .../broadcom/brcm80211/brcmfmac/cfg80211.c       | 16 +++++++---------
>>   1 file changed, 7 insertions(+), 9 deletions(-)
>>
>> diff --git 
>> a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c 
>> b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> index bff3128c2f26..478ca3848c64 100644
>> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> @@ -7937,6 +7937,9 @@ cfg80211_set_channel(struct wiphy *wiphy, struct 
>> net_device *dev,
>>       struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
>>       struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
>> +    if (chan->flags & IEEE80211_CHAN_DISABLED)
>> +        return -EINVAL;
>> +
>>       /* set_channel */
>>       chspec = channel_to_chanspec(&cfg->d11inf, chan);
>>       if (chspec != INVCHANSPEC) {
>> @@ -7961,7 +7964,6 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, 
>> struct net_device *ndev,
>>       struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
>>       struct brcmf_dump_survey survey = {};
>>       struct ieee80211_supported_band *band;
>> -    struct ieee80211_channel *chan;
>>       struct cca_msrmnt_query req;
>>       u32 noise;
>>       int err;
>> @@ -7987,13 +7989,10 @@ brcmf_cfg80211_dump_survey(struct wiphy 
>> *wiphy, struct net_device *ndev,
>>       }
>>       /* Setting current channel to the requested channel */
>> -    chan = &band->channels[idx];
>> -    err = cfg80211_set_channel(wiphy, ndev, chan, NL80211_CHAN_HT20);
>> -    if (err) {
>> -        info->channel = chan;
>> -        info->filled = 0;
>> +    info->filled = 0;
>> +    info->channel = &band->channels[idx];
>> +    if (cfg80211_set_channel(wiphy, ndev, info->channel, 
>> NL80211_CHAN_HT20))
>>           return 0;
>> -    }
>>       /* Disable mpc */
>>       brcmf_set_mpc(ifp, 0);
>> @@ -8028,7 +8027,6 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, 
>> struct net_device *ndev,
>>       if (err)
>>           goto exit;
>> -    info->channel = chan;
>>       info->noise = noise;
>>       info->time = ACS_MSRMNT_DELAY;
>>       info->time_busy = ACS_MSRMNT_DELAY - survey.idle;
>> @@ -8040,7 +8038,7 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, 
>> struct net_device *ndev,
>>           SURVEY_INFO_TIME_TX;
>>       brcmf_dbg(INFO, "OBSS dump: channel %d: survey duration %d\n",
>> -          ieee80211_frequency_to_channel(chan->center_freq),
>> +          ieee80211_frequency_to_channel(info->channel->center_freq),
>>             ACS_MSRMNT_DELAY);
>>       brcmf_dbg(INFO, "noise(%d) busy(%llu) rx(%llu) tx(%llu)\n",
>>             info->noise, info->time_busy, info->time_rx, info->time_tx);