In Chrome OS, a large number of crashes is observed due to corrupted timer
lists. Steven Rostedt pointed out that this usually happens when a timer
is freed while still active, and that the problem is often triggered
by code calling del_timer() instead of del_timer_sync() just before
freeing.
Steven also identified the iwlwifi driver as one of the possible culprits
since it does exactly that.
Reported-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Gregory Greenman <gregory.greenman@intel.com>
Fixes: 60e8abd9d3 ("iwlwifi: dbg_ini: add periodic trigger new API support")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Gregory Greenman <gregory.greenman@intel.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # Linux v5.17.3-rc1 and Debian LLVM-14
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220411154210.1870008-1-linux@roeck-us.net
To avoid a run-time false positive in the stricter FORTIFY_SOURCE
memcpy() checks, split the memcpy() into the struct and the data.
Additionally switch the data member to a flexible array to follow
modern language conventions.
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210727205855.411487-64-keescook@chromium.org
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The config set TLV setting depend on dram allocation
and if allocation failed the data used in config set tlv
should not set this.
Adding the check if dram fragment is available or not.
Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Fixes: 1a5daead21 ("iwlwifi: yoyo: support for ROM usniffer")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20220204122220.44835d181528.I3e78ba29c13bbeada017fcb2a620f3552c1dfa30@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Most of this change is a continuation of commit 403ea939ea
("iwlwifi: dbg: Mark ucode tlv data as const") propagating the
(const) type qualifier for ucode based tlv data to avoid having
the impression that it is writeable.
The other part of the change preserves the (const) type qualifier
over casts and function calls where it was previously lost.
Both changes are needed to avoid compile time errors on system with
more strict error settings, in this case found with clang on FreeBSD.
Sponsored by: The FreeBSD Foundation
Signed-off-by: Bjoern A. Zeeb <bz@FreeBSD.ORG>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
[fix double word in commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20220128153014.3230c41312fc.I0032c597984834258d5a79b97052ed83dbe53b80@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Debug TLV parsing was missing size checks, so if a valid but
too short TLV was encountered, it would attempt to read it.
If the firmware file was arranged to be a multiple of pages
long with this happening just before the end, it could crash
reading out-of-bounds of a vmalloc area.
Fix this by adding the relevant size check.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211210110539.84848da8067f.Ifb4f80c95d283ec62e495a7928069af711b5fee2@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In next region tlv (3) region type is going to be split into bit mask
without affecting the ops for handling region type, so we just mask
the type independent of the version due to all versions having the
same bits usage.
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211204130722.083e4b47055e.If7483d854e3d07f81236d314b8155cd5996f306c@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
If a region is not active, it means that it was not defined as a region
TLV in the FW image. We should treat them as unsupported in that case.
This saves operational driver memory and run time when collecting debug
data by skipping unsupported regions.
Signed-off-by: Rotem Saado <rotem.saado@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211017165728.8025bd29d86a.I3ecb4e273bf714e426d82217e0590264cb763419@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
in case allocation tlv is missing for specific dbgc id,
treat it as allocation failure.
with this behavior we removing later the unsupported regions
relating to the failed dbgc allocation.
this saves operational driver memory and run time at collecting
debug data.
Signed-off-by: Rotem Saado <rotem.saado@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211017165728.4cd241abf1de.I8f6cf00a7266675dfebdc01a73c1ac6e001855b9@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Add new TLV for debug config set to read preset
based on TLV is set in context info.
This is needed to set the preset based on ucode in early
trigger point.
Add DRAM frag allocation info in first fragment of
DBGC1 with all details.
New capability from FW for DBGC frag debug support is
added and BUFFER_ALLOCATION_CMD is disabled in capability
is supported.
Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211017123741.cacf0babc521.If3704b5fda09b344e3e438252360898a3f2e90fa@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
We can send this even if initializing in RF-kill, thus
suppressing a bunch of error messages about it. In fact,
we _want_ to, since we might still want to debug the
firmware even if in RF-kill.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210819183728.bcdb076609e2.I2d177c00772510b5338d8aa45af7558138b08448@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Yoyo based debug is not applicable to old devices. As init debug is
enabled by default in the driver, it needs to be disabled to work the
old debug mechanism in old devices.
Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Fixes: b0d8d2c270 ("iwlwifi: yoyo: enable yoyo by default")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210411132130.805401a1b8ec.I30db38184a418cfc1c5ca1a305cc14a52501d415@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In case user requested to register an unsupported regions,
remove it from active list and trigger list, this saves operational
driver memory and run time at collecting debug data.
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210210142629.a0cc944040e8.I3ae37547452b39f8040428c21ed47bdc67ae8f71@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
The ucode TLV data may be read-only and should be treated as const
pointers, but currently a few code forcibly cast to the writable
pointer unnecessarily. This gave developers a wrong impression as if
it can be modified, resulting in crashing regressions already a couple
of times.
This patch adds the const prefix to those cast pointers, so that such
attempt can be caught more easily in future.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/20210112132449.22243-3-tiwai@suse.de
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
There's a bug in the lengths - the 'old length' needs to be calculated
using the 'old' pointer, of course, likely a copy/paste mistake. Fix
this.
Reported-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fixes: cf29c5b66b ("iwlwifi: dbg_ini: implement time point handling")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20201209231352.c0105ddffa74.I1ddb243053ff763c91b663748b6a593ecc3b5634@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Every time we call init_cfg driver appends the enabled triggers
to the active triggers while this should be done only once per
driver load.
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Fixes: 14124b2578 ("iwlwifi: dbg_ini: implement monitor allocation flow")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200930161256.79bd622e604a.Ie0f79d2ea90ca5cdf363f56194ead81b0a2c6202@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Currently if group-id and command-id values are zero we
trigger and collect every RX frame,
this is not the right behavior and zero value
should be handled like any other filter.
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Fixes: 3ed34fbf9d ("iwlwifi: dbg_ini: support FW response/notification region type")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200930161256.6a0aae2c0507.I7bd72968279d586af420472707d53106b35efc08@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
mt76 driver had major conflicts within mt7615 directory. To make it easier for
every merge wireless-drivers to wireless-drivers-next and solve those
conflicts.
Missing this firmware is not fatal, my wifi card still works. Even more,
I couldn't find any documentation what it is or where to get it. So, I
don't think the users should be notified if it is missing. If you browse
the net, you see the message is present is in quite some logs. Better
remove it.
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200625165210.14904-1-wsa@kernel.org
Add a new region type that allows us to dump the PCI config space.
This is mostly the same as dumping a memory region, but reading from
the device's config space instead.
In order to make this generic and independent of the trans type, we
make a function called iwl_dump_ini_config_iter() that calls a new op
in the transport to read its config space.
Change-Id: I15151bddf589f13b0e0a45c28b96bbcd73bcfdeb
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Second set of patches for v5.6. Nothing special standing out, smaller
new features and fixes allover.
Major changes:
ar5523
* add support for SMCWUSBT-G2 USB device
iwlwifi
* support new versions of the FTM FW APIs
* support new version of the beacon template FW API
* print some extra information when the driver is loaded
rtw88
* support wowlan feature for 8822c
* add support for WIPHY_WOWLAN_NET_DETECT
brcmfmac
* add initial support for monitor mode
qtnfmac
* add module parameter to enable DFS offloading in firmware
* add support for STA HE rates
* add support for TWT responder and spatial reuse
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJeLcWsAAoJEG4XJFUm622bDGUIAJuhM4LiDAzOGnDjH5cMosOC
/qwDpGD19cEeVAhNSMKUn7Uo9+qbQYIleiO7XXxzCuJceYbxbT5s3Vb/fWsRUPjS
cBDmGuK8/giqMQJshXvfCTsoF83CyirCjY/MJvomK2BRlXM8hQ3s6hAcfU0zQ96e
OU1akcfZzUwjaBKaDYLncxLuGbeUXMy8AZwFdgQlQRMoObpen/IIwx6jDK/A+3l6
VCOJF+JTkDytfNWmTpZ65uJrYEXoLe6G4028FjOI4BDFmEgvdHC5vTm7VOBhrkuB
9tsKcYNvECCNn2WI96V+etD8kaZPscQIW8hgOrYyGxw43lJg5zH4Z9eWAmHojxE=
=UOhb
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-next-2020-01-26' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
Kalle Valo says:
====================
wireless-drivers-next patches for v5.6
Second set of patches for v5.6. Nothing special standing out, smaller
new features and fixes allover.
Major changes:
ar5523
* add support for SMCWUSBT-G2 USB device
iwlwifi
* support new versions of the FTM FW APIs
* support new version of the beacon template FW API
* print some extra information when the driver is loaded
rtw88
* support wowlan feature for 8822c
* add support for WIPHY_WOWLAN_NET_DETECT
brcmfmac
* add initial support for monitor mode
qtnfmac
* add module parameter to enable DFS offloading in firmware
* add support for STA HE rates
* add support for TWT responder and spatial reuse
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Now that we don't have dynamically changing domains anymore, we can
simply skip all the TLVs with domains that are not enabled. To do so,
remove the checks from the functions that handle the TLVs when a
timepoint is reached to the top allocation function.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
We only call this function from a single place and it's very
very small and self-contained anyway, so remove the function and move
the code into the caller.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Now that we can't change the domain at runtime anymore, we don't have
to protect the active trigger status. Remove it. Additionally, we
don't need to flush the dumps at this point anymore, since this only
runs during initialization and there shouldn't be any dumps running.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
We don't want to allow changing the domain via debugfs so that we can
apply the domain to all TLV types more easily (doing some at runtime
is difficult due to buffer allocations etc.). Change the
fw_dbg_domain debugfs file to be read-only and remove the write
function.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
In the allocation loop, "pages" will never become zero (because of the
DIV_ROUND_UP), so if we can't allocate any size and pages becomes 1,
we will keep trying to allocate 1 page until it succeeds. And in that
case, as coverity reported, block will never be NULL.
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487402 ("Control flow issues")
Fixes: 14124b2578 ("iwlwifi: dbg_ini: implement monitor allocation flow")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Fixes: 14124b2578 ("iwlwifi: dbg_ini: implement monitor allocation flow")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Pass the FW notification packet to the dump collection flow to allow
the driver to include it in the dump file if requested.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Rename the external configuration file to align to the debug SAS.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Allow the driver to collect FW response/notification region type
during dump and allow triggering dump collection for a given FW
response/notification.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Enable periodic trigger.
Allows the driver to trigger dump collection in constant intervals.
Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
