diff mbox series

[3/3] wifi: ath12k: fix firmware crash during reo reinject

Message ID 20240520070045.631029-4-quic_ppranees@quicinc.com
State New
Headers show
Series wifi: ath12k: fix issues in rx fragmentation path | expand

Commit Message

Praneesh P May 20, 2024, 7 a.m. UTC
When handling fragmented packets, the ath12k driver reassembles each
fragment into a normal packet and then reinjects it into the HW ring.
However, a firmware crash occurs during this reinjection process.
The issue arises because the driver populates peer metadata in
reo_ent_ring->queue_addr_lo, while the firmware expects the physical
address obtained from the corresponding peer’s queue descriptor. Fix it
by filling peer's queue descriptor's physical address in queue_addr_lo.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1

Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: P Praneesh <quic_ppranees@quicinc.com>
---
 drivers/net/wireless/ath/ath12k/dp_rx.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

Comments

Jeff Johnson May 20, 2024, 11:38 p.m. UTC | #1
On 5/20/2024 12:00 AM, P Praneesh wrote:
> When handling fragmented packets, the ath12k driver reassembles each
> fragment into a normal packet and then reinjects it into the HW ring.
> However, a firmware crash occurs during this reinjection process.
> The issue arises because the driver populates peer metadata in
> reo_ent_ring->queue_addr_lo, while the firmware expects the physical
> address obtained from the corresponding peer’s queue descriptor. Fix it
> by filling peer's queue descriptor's physical address in queue_addr_lo.
> 
> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
> 
> Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
> Signed-off-by: P Praneesh <quic_ppranees@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Nicolas Escande May 21, 2024, 8:50 a.m. UTC | #2
On Mon May 20, 2024 at 9:00 AM CEST, P Praneesh wrote:
> When handling fragmented packets, the ath12k driver reassembles each
> fragment into a normal packet and then reinjects it into the HW ring.
> However, a firmware crash occurs during this reinjection process.
> The issue arises because the driver populates peer metadata in
> reo_ent_ring->queue_addr_lo, while the firmware expects the physical
> address obtained from the corresponding peer’s queue descriptor. Fix it
> by filling peer's queue descriptor's physical address in queue_addr_lo.
>
> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
>
> Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
> Signed-off-by: P Praneesh <quic_ppranees@quicinc.com>
> ---
>  drivers/net/wireless/ath/ath12k/dp_rx.c | 14 ++++++--------
>  1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c
> index 2bfcc19d15ea..2adb6c7d4a42 100644
> --- a/drivers/net/wireless/ath/ath12k/dp_rx.c
> +++ b/drivers/net/wireless/ath/ath12k/dp_rx.c
> @@ -2967,7 +2967,7 @@ static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
>  	struct hal_srng *srng;
>  	dma_addr_t link_paddr, buf_paddr;
>  	u32 desc_bank, msdu_info, msdu_ext_info, mpdu_info;
> -	u32 cookie, hal_rx_desc_sz, dest_ring_info0;
> +	u32 cookie, hal_rx_desc_sz, dest_ring_info0, queue_addr_hi;
>  	int ret;
>  	struct ath12k_rx_desc_info *desc_info;
>  	enum hal_rx_buf_return_buf_manager idle_link_rbm = dp->idle_link_rbm;
> @@ -3060,13 +3060,11 @@ static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
>  	reo_ent_ring->rx_mpdu_info.peer_meta_data =
>  		reo_dest_ring->rx_mpdu_info.peer_meta_data;
>  
> -	/* Firmware expects physical address to be filled in queue_addr_lo in
> -	 * the MLO scenario and in case of non MLO peer meta data needs to be
> -	 * filled.
> -	 * TODO: Need to handle for MLO scenario.
> -	 */
> -	reo_ent_ring->queue_addr_lo = reo_dest_ring->rx_mpdu_info.peer_meta_data;
> -	reo_ent_ring->info0 = le32_encode_bits(dst_ind,
> +	reo_ent_ring->queue_addr_lo = cpu_to_le32(lower_32_bits(rx_tid->paddr));
> +	queue_addr_hi = upper_32_bits(rx_tid->paddr);
Shouldn't there be a cpu_to_le32 somewhere here ? It just seems asymetrical
between the two values extracted from rx_tid->paddr
> +	reo_ent_ring->info0 = le32_encode_bits(queue_addr_hi,
> +					       HAL_REO_ENTR_RING_INFO0_QUEUE_ADDR_HI) |
> +			      le32_encode_bits(dst_ind,
>  					       HAL_REO_ENTR_RING_INFO0_DEST_IND);
>  
>  	reo_ent_ring->info1 = le32_encode_bits(rx_tid->cur_sn,
Ping-Ke Shih May 22, 2024, 6:59 a.m. UTC | #3
Nicolas Escande <nico.escande@gmail.com> wrote:

[...]

> > -     reo_ent_ring->queue_addr_lo = reo_dest_ring->rx_mpdu_info.peer_meta_data;
> > -     reo_ent_ring->info0 = le32_encode_bits(dst_ind,
> > +     reo_ent_ring->queue_addr_lo = cpu_to_le32(lower_32_bits(rx_tid->paddr));
> > +     queue_addr_hi = upper_32_bits(rx_tid->paddr);
> Shouldn't there be a cpu_to_le32 somewhere here ? It just seems asymetrical
> between the two values extracted from rx_tid->paddr
> > +     reo_ent_ring->info0 = le32_encode_bits(queue_addr_hi,

le32_encode_bits() will convert queue_addr_hi from cpu-order to le-order.

> > +                                            HAL_REO_ENTR_RING_INFO0_QUEUE_ADDR_HI) |
> > +                           le32_encode_bits(dst_ind,
> >                                              HAL_REO_ENTR_RING_INFO0_DEST_IND);
> >
> >       reo_ent_ring->info1 = le32_encode_bits(rx_tid->cur_sn,
>
Praneesh P May 22, 2024, 7:15 a.m. UTC | #4
On 5/21/2024 2:20 PM, Nicolas Escande wrote:
> On Mon May 20, 2024 at 9:00 AM CEST, P Praneesh wrote:
>> When handling fragmented packets, the ath12k driver reassembles each
>> fragment into a normal packet and then reinjects it into the HW ring.
>> However, a firmware crash occurs during this reinjection process.
>> The issue arises because the driver populates peer metadata in
>> reo_ent_ring->queue_addr_lo, while the firmware expects the physical
>> address obtained from the corresponding peer’s queue descriptor. Fix it
>> by filling peer's queue descriptor's physical address in queue_addr_lo.
>>
>> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
>>
>> Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
>> Signed-off-by: P Praneesh <quic_ppranees@quicinc.com>
>> ---
>>   drivers/net/wireless/ath/ath12k/dp_rx.c | 14 ++++++--------
>>   1 file changed, 6 insertions(+), 8 deletions(-)
>>
>> diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c
>> index 2bfcc19d15ea..2adb6c7d4a42 100644
>> --- a/drivers/net/wireless/ath/ath12k/dp_rx.c
>> +++ b/drivers/net/wireless/ath/ath12k/dp_rx.c
>> @@ -2967,7 +2967,7 @@ static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
>>   	struct hal_srng *srng;
>>   	dma_addr_t link_paddr, buf_paddr;
>>   	u32 desc_bank, msdu_info, msdu_ext_info, mpdu_info;
>> -	u32 cookie, hal_rx_desc_sz, dest_ring_info0;
>> +	u32 cookie, hal_rx_desc_sz, dest_ring_info0, queue_addr_hi;
>>   	int ret;
>>   	struct ath12k_rx_desc_info *desc_info;
>>   	enum hal_rx_buf_return_buf_manager idle_link_rbm = dp->idle_link_rbm;
>> @@ -3060,13 +3060,11 @@ static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
>>   	reo_ent_ring->rx_mpdu_info.peer_meta_data =
>>   		reo_dest_ring->rx_mpdu_info.peer_meta_data;
>>   
>> -	/* Firmware expects physical address to be filled in queue_addr_lo in
>> -	 * the MLO scenario and in case of non MLO peer meta data needs to be
>> -	 * filled.
>> -	 * TODO: Need to handle for MLO scenario.
>> -	 */
>> -	reo_ent_ring->queue_addr_lo = reo_dest_ring->rx_mpdu_info.peer_meta_data;
>> -	reo_ent_ring->info0 = le32_encode_bits(dst_ind,
>> +	reo_ent_ring->queue_addr_lo = cpu_to_le32(lower_32_bits(rx_tid->paddr));
>> +	queue_addr_hi = upper_32_bits(rx_tid->paddr);
> Shouldn't there be a cpu_to_le32 somewhere here ? It just seems asymetrical
> between the two values extracted from rx_tid->paddr
le32_encode_bits of queue_addr_hi does that conversion, so there is no 
need to explicitly convert cpu_to_le32 while fetching rx_tid->paddr's 
upper 32 bits.
>> +	reo_ent_ring->info0 = le32_encode_bits(queue_addr_hi,
>> +					       HAL_REO_ENTR_RING_INFO0_QUEUE_ADDR_HI) |
>> +			      le32_encode_bits(dst_ind,
>>   					       HAL_REO_ENTR_RING_INFO0_DEST_IND);
>>   
>>   	reo_ent_ring->info1 = le32_encode_bits(rx_tid->cur_sn,
>
Nicolas Escande May 22, 2024, 7:28 a.m. UTC | #5
On Wed May 22, 2024 at 9:15 AM CEST, Praneesh P wrote:
>
>
> On 5/21/2024 2:20 PM, Nicolas Escande wrote:
> > On Mon May 20, 2024 at 9:00 AM CEST, P Praneesh wrote:
> >> When handling fragmented packets, the ath12k driver reassembles each
> >> fragment into a normal packet and then reinjects it into the HW ring.
> >> However, a firmware crash occurs during this reinjection process.
> >> The issue arises because the driver populates peer metadata in
> >> reo_ent_ring->queue_addr_lo, while the firmware expects the physical
> >> address obtained from the corresponding peer’s queue descriptor. Fix it
> >> by filling peer's queue descriptor's physical address in queue_addr_lo.
> >>
> >> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
> >>
> >> Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
> >> Signed-off-by: P Praneesh <quic_ppranees@quicinc.com>
> >> ---
> >>   drivers/net/wireless/ath/ath12k/dp_rx.c | 14 ++++++--------
> >>   1 file changed, 6 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c
> >> index 2bfcc19d15ea..2adb6c7d4a42 100644
> >> --- a/drivers/net/wireless/ath/ath12k/dp_rx.c
> >> +++ b/drivers/net/wireless/ath/ath12k/dp_rx.c
> >> @@ -2967,7 +2967,7 @@ static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
> >>   	struct hal_srng *srng;
> >>   	dma_addr_t link_paddr, buf_paddr;
> >>   	u32 desc_bank, msdu_info, msdu_ext_info, mpdu_info;
> >> -	u32 cookie, hal_rx_desc_sz, dest_ring_info0;
> >> +	u32 cookie, hal_rx_desc_sz, dest_ring_info0, queue_addr_hi;
> >>   	int ret;
> >>   	struct ath12k_rx_desc_info *desc_info;
> >>   	enum hal_rx_buf_return_buf_manager idle_link_rbm = dp->idle_link_rbm;
> >> @@ -3060,13 +3060,11 @@ static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
> >>   	reo_ent_ring->rx_mpdu_info.peer_meta_data =
> >>   		reo_dest_ring->rx_mpdu_info.peer_meta_data;
> >>   
> >> -	/* Firmware expects physical address to be filled in queue_addr_lo in
> >> -	 * the MLO scenario and in case of non MLO peer meta data needs to be
> >> -	 * filled.
> >> -	 * TODO: Need to handle for MLO scenario.
> >> -	 */
> >> -	reo_ent_ring->queue_addr_lo = reo_dest_ring->rx_mpdu_info.peer_meta_data;
> >> -	reo_ent_ring->info0 = le32_encode_bits(dst_ind,
> >> +	reo_ent_ring->queue_addr_lo = cpu_to_le32(lower_32_bits(rx_tid->paddr));
> >> +	queue_addr_hi = upper_32_bits(rx_tid->paddr);
> > Shouldn't there be a cpu_to_le32 somewhere here ? It just seems asymetrical
> > between the two values extracted from rx_tid->paddr
> le32_encode_bits of queue_addr_hi does that conversion, so there is no 
> need to explicitly convert cpu_to_le32 while fetching rx_tid->paddr's 
> upper 32 bits.
OK, got it,
> >> +	reo_ent_ring->info0 = le32_encode_bits(queue_addr_hi,
> >> +					       HAL_REO_ENTR_RING_INFO0_QUEUE_ADDR_HI) |
> >> +			      le32_encode_bits(dst_ind,
> >>   					       HAL_REO_ENTR_RING_INFO0_DEST_IND);
> >>   
> >>   	reo_ent_ring->info1 = le32_encode_bits(rx_tid->cur_sn,
> > 
Thanks
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c
index 2bfcc19d15ea..2adb6c7d4a42 100644
--- a/drivers/net/wireless/ath/ath12k/dp_rx.c
+++ b/drivers/net/wireless/ath/ath12k/dp_rx.c
@@ -2967,7 +2967,7 @@  static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
 	struct hal_srng *srng;
 	dma_addr_t link_paddr, buf_paddr;
 	u32 desc_bank, msdu_info, msdu_ext_info, mpdu_info;
-	u32 cookie, hal_rx_desc_sz, dest_ring_info0;
+	u32 cookie, hal_rx_desc_sz, dest_ring_info0, queue_addr_hi;
 	int ret;
 	struct ath12k_rx_desc_info *desc_info;
 	enum hal_rx_buf_return_buf_manager idle_link_rbm = dp->idle_link_rbm;
@@ -3060,13 +3060,11 @@  static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
 	reo_ent_ring->rx_mpdu_info.peer_meta_data =
 		reo_dest_ring->rx_mpdu_info.peer_meta_data;
 
-	/* Firmware expects physical address to be filled in queue_addr_lo in
-	 * the MLO scenario and in case of non MLO peer meta data needs to be
-	 * filled.
-	 * TODO: Need to handle for MLO scenario.
-	 */
-	reo_ent_ring->queue_addr_lo = reo_dest_ring->rx_mpdu_info.peer_meta_data;
-	reo_ent_ring->info0 = le32_encode_bits(dst_ind,
+	reo_ent_ring->queue_addr_lo = cpu_to_le32(lower_32_bits(rx_tid->paddr));
+	queue_addr_hi = upper_32_bits(rx_tid->paddr);
+	reo_ent_ring->info0 = le32_encode_bits(queue_addr_hi,
+					       HAL_REO_ENTR_RING_INFO0_QUEUE_ADDR_HI) |
+			      le32_encode_bits(dst_ind,
 					       HAL_REO_ENTR_RING_INFO0_DEST_IND);
 
 	reo_ent_ring->info1 = le32_encode_bits(rx_tid->cur_sn,