From 32a6794eb2d571988f43619b7a7c7441d7537574 Mon Sep 17 00:00:00 2001 From: Rajeev Kumar Date: Fri, 7 Feb 2014 17:23:32 -0800 Subject: qcacld: Fix of memory leak in LIM DEL BSS RSP handler Fixing limHandleDeleteBssRsp() to free pDelBss pointer object allocated by WMA when LIM fails to find session ID Change-Id: Iae865172dbea882254899c997ad11a1e03d31d51 CRs-Fixed: 613312 --- CORE/MAC/src/pe/lim/limSendSmeRspMessages.c | 1 + 1 file changed, 1 insertion(+) diff --git a/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c b/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c index 08a68e62a1db..6737ac995632 100644 --- a/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c +++ b/CORE/MAC/src/pe/lim/limSendSmeRspMessages.c @@ -2780,6 +2780,7 @@ void limHandleDeleteBssRsp(tpAniSirGlobal pMac,tpSirMsgQ MsgQ) tpDeleteBssParams pDelBss = (tpDeleteBssParams)(MsgQ->bodyptr); if((psessionEntry = peFindSessionBySessionId(pMac,pDelBss->sessionId))==NULL) { + vos_mem_free(pDelBss); limLog(pMac, LOGP,FL("Session Does not exist for given sessionID")); return; } -- cgit v1.2.3 From 06a06aa578a90d1baf3bdee09a07242e6972a8e6 Mon Sep 17 00:00:00 2001 From: Sanjay Devnani Date: Fri, 7 Feb 2014 16:20:47 -0800 Subject: wlan: fix format specifier in print statement Use correct format specifier to fix compiler warning Change-Id: I97babc66d12c2fe8d12e8a5658f7a5902df3bb7a CRs-fixed: 613262 --- CORE/SERVICES/HTC/htc_recv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CORE/SERVICES/HTC/htc_recv.c b/CORE/SERVICES/HTC/htc_recv.c index ec5aaf09b644..822d77284a3e 100644 --- a/CORE/SERVICES/HTC/htc_recv.c +++ b/CORE/SERVICES/HTC/htc_recv.c @@ -313,7 +313,7 @@ A_STATUS HTCRxCompletionHandler( netbuf = NULL; break; #else - AR_DEBUG_PRINTF(ATH_DEBUG_ERR,("HTC Rx: insufficient length, got:%d expected =%u\n", + AR_DEBUG_PRINTF(ATH_DEBUG_ERR,("HTC Rx: insufficient length, got:%d expected =%zu\n", netlen, payloadLen + HTC_HDR_LENGTH)); DebugDumpBytes((A_UINT8 *)HtcHdr,sizeof(HTC_FRAME_HDR),"BAD RX packet length"); status = A_ERROR; -- cgit v1.2.3 From f4c73438863c0c86b72221b688c19ac9ad9da134 Mon Sep 17 00:00:00 2001 From: Sameer Thalappil Date: Fri, 7 Feb 2014 13:35:55 -0800 Subject: qcacld: Featurize self recovery Featurize the self recovery; and it should be disabled in all internal builds. Change-Id: I98fe2d883b26a83369979c69e4fbe2433b42c504 CRs-Fixed: 613122 --- CORE/SERVICES/BMI/ol_fw.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CORE/SERVICES/BMI/ol_fw.c b/CORE/SERVICES/BMI/ol_fw.c index 515bdc81a3bf..e98a9dcf6959 100644 --- a/CORE/SERVICES/BMI/ol_fw.c +++ b/CORE/SERVICES/BMI/ol_fw.c @@ -576,7 +576,11 @@ static void ramdump_work_handler(struct work_struct *ramdump) out_fail: /* silent SSR on dump failure */ +#ifdef CNSS_SELF_RECOVERY cnss_device_self_recovery(); +#else + cnss_device_crashed(); +#endif return; } -- cgit v1.2.3 From 5b678c521b3f5b92a82a8ca9dad40763b5dc711d Mon Sep 17 00:00:00 2001 From: Sanjay Devnani Date: Fri, 7 Feb 2014 16:27:30 -0800 Subject: wlan: Fix format specifier in print Use correct format specifier to fix compiler warning for a 64 bit compiler Change-Id: If9f132a61781e4032e4ac43b777db3ba1f4b9c82 CRs-fixed: 613266 --- CORE/SERVICES/HIF/ath_procfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CORE/SERVICES/HIF/ath_procfs.c b/CORE/SERVICES/HIF/ath_procfs.c index 94d1b1834b71..93b4a378fc2d 100644 --- a/CORE/SERVICES/HIF/ath_procfs.c +++ b/CORE/SERVICES/HIF/ath_procfs.c @@ -61,7 +61,7 @@ static ssize_t ath_procfs_diag_read(struct file *file, char __user *buf, #else scn = (struct hif_pci_softc *)(PDE(file->f_path.dentry->d_inode)->data); #endif - pr_debug("rd buff 0x%p cnt %d offset 0x%x buf 0x%p\n", + pr_debug("rd buff 0x%p cnt %zu offset 0x%x buf 0x%p\n", read_buffer,count, (int)*pos, buf); -- cgit v1.2.3 From 63e1a25ba66df487428c15304a300a0a6c2c557a Mon Sep 17 00:00:00 2001 From: Vasanthakumar Thiagarajan Date: Thu, 6 Feb 2014 15:18:30 +0530 Subject: qcacld/hif: Add debug log after potential hw_index corruption This issue happens when doing send complete of wmi command during the device suspend case. In normal condition, we should never run out of hif free buffers used for tx/rx completion. A potential issue here is that the hw_index might be wrong during suspend which leads to a busy loop trying to do bogus send completex . Add some debug information when we run out of hif send completion buffer, from this debug log we could find the signature and come up with a WAR in a separate patch when we see the issue next time. Change-Id: Ica78af10376156be5adde08523f13f08581df6bd CRs-Fixed: 612173 --- CORE/SERVICES/HIF/PCIe/copy_engine.c | 38 +++++++++++++++++++++++--------- CORE/SERVICES/HIF/PCIe/copy_engine_api.h | 8 +++++-- CORE/SERVICES/HIF/PCIe/hif_pci.c | 31 +++++++++++++++++++++----- 3 files changed, 59 insertions(+), 18 deletions(-) diff --git a/CORE/SERVICES/HIF/PCIe/copy_engine.c b/CORE/SERVICES/HIF/PCIe/copy_engine.c index f3b9c968f59f..55071bd40679 100644 --- a/CORE/SERVICES/HIF/PCIe/copy_engine.c +++ b/CORE/SERVICES/HIF/PCIe/copy_engine.c @@ -90,7 +90,9 @@ CE_completed_send_next_nolock(struct CE_state *CE_state, void **per_transfer_contextp, CE_addr_t *bufferp, unsigned int *nbytesp, - unsigned int *transfer_idp); + unsigned int *transfer_idp, + unsigned int *sw_idx, + unsigned int *hw_idx); void WAR_CE_SRC_RING_WRITE_IDX_SET(struct hif_pci_softc *sc, void __iomem *targid, @@ -648,7 +650,9 @@ CE_completed_send_next_nolock(struct CE_state *CE_state, void **per_transfer_contextp, CE_addr_t *bufferp, unsigned int *nbytesp, - unsigned int *transfer_idp) + unsigned int *transfer_idp, + unsigned int *sw_idx, + unsigned int *hw_idx) { int status = A_ERROR; struct CE_ring_state *src_ring = CE_state->src_ring; @@ -674,6 +678,12 @@ CE_completed_send_next_nolock(struct CE_state *CE_state, } read_index = src_ring->hw_index; + if (sw_idx) + *sw_idx = sw_index; + + if (hw_idx) + *hw_idx = read_index; + if ((read_index != sw_index) && (read_index != 0xffffffff)) { struct CE_src_desc *shadow_base = (struct CE_src_desc *)src_ring->shadow_base; struct CE_src_desc *shadow_src_desc = CE_SRC_RING_TO_DESC(shadow_base, sw_index); @@ -772,7 +782,9 @@ CE_completed_send_next(struct CE_handle *copyeng, void **per_transfer_contextp, CE_addr_t *bufferp, unsigned int *nbytesp, - unsigned int *transfer_idp) + unsigned int *transfer_idp, + unsigned int *sw_idx, + unsigned int *hw_idx) { struct CE_state *CE_state = (struct CE_state *)copyeng; struct hif_pci_softc *sc = CE_state->sc; @@ -781,7 +793,8 @@ CE_completed_send_next(struct CE_handle *copyeng, adf_os_spin_lock(&sc->target_lock); status = CE_completed_send_next_nolock(CE_state, per_CE_contextp, per_transfer_contextp, - bufferp, nbytesp, transfer_idp); + bufferp, nbytesp, transfer_idp, + sw_idx, hw_idx); adf_os_spin_unlock(&sc->target_lock); return status; @@ -807,6 +820,7 @@ CE_per_engine_servicereap(struct hif_pci_softc *sc, unsigned int CE_id) CE_addr_t buf; unsigned int nbytes; unsigned int id; + unsigned int sw_idx, hw_idx; A_TARGET_ACCESS_BEGIN(targid); @@ -817,11 +831,12 @@ CE_per_engine_servicereap(struct hif_pci_softc *sc, unsigned int CE_id) { /* Pop completed send buffers and call the registered send callback for each */ while (CE_completed_send_next_nolock(CE_state, &CE_context, &transfer_context, - &buf, &nbytes, &id) == A_OK) + &buf, &nbytes, &id, &sw_idx, &hw_idx) == A_OK) { if(CE_id != CE_HTT_H2T_MSG){ adf_os_spin_unlock(&sc->target_lock); - CE_state->send_cb((struct CE_handle *)CE_state, CE_context, transfer_context, buf, nbytes, id); + CE_state->send_cb((struct CE_handle *)CE_state, CE_context, transfer_context, buf, nbytes, id, + sw_idx, hw_idx); adf_os_spin_lock(&sc->target_lock); }else{ struct HIF_CE_pipe_info *pipe_info = (struct HIF_CE_pipe_info *)CE_context; @@ -870,6 +885,7 @@ CE_per_engine_service(struct hif_pci_softc *sc, unsigned int CE_id) unsigned int flags; u_int32_t CE_int_status; unsigned int more_comp_cnt = 0; + unsigned int sw_idx, hw_idx; A_TARGET_ACCESS_BEGIN(targid); @@ -918,11 +934,12 @@ more_completions: #ifdef ATH_11AC_TXCOMPACT while (CE_completed_send_next_nolock(CE_state, &CE_context, &transfer_context, - &buf, &nbytes, &id) == A_OK){ + &buf, &nbytes, &id, &sw_idx, &hw_idx) == A_OK){ if(CE_id != CE_HTT_H2T_MSG){ adf_os_spin_unlock(&sc->target_lock); - CE_state->send_cb((struct CE_handle *)CE_state, CE_context, transfer_context, buf, nbytes, id); + CE_state->send_cb((struct CE_handle *)CE_state, CE_context, transfer_context, buf, nbytes, id, + sw_idx, hw_idx); adf_os_spin_lock(&sc->target_lock); }else{ struct HIF_CE_pipe_info *pipe_info = (struct HIF_CE_pipe_info *)CE_context; @@ -934,9 +951,10 @@ more_completions: } #else /*ATH_11AC_TXCOMPACT*/ while (CE_completed_send_next_nolock(CE_state, &CE_context, &transfer_context, - &buf, &nbytes, &id) == A_OK){ + &buf, &nbytes, &id, &sw_idx, &hw_idx) == A_OK){ adf_os_spin_unlock(&sc->target_lock); - CE_state->send_cb((struct CE_handle *)CE_state, CE_context, transfer_context, buf, nbytes, id); + CE_state->send_cb((struct CE_handle *)CE_state, CE_context, transfer_context, buf, nbytes, id, + sw_idx, hw_idx); adf_os_spin_lock(&sc->target_lock); } #endif /*ATH_11AC_TXCOMPACT*/ diff --git a/CORE/SERVICES/HIF/PCIe/copy_engine_api.h b/CORE/SERVICES/HIF/PCIe/copy_engine_api.h index 4f3dddf63e83..c027f32f0465 100644 --- a/CORE/SERVICES/HIF/PCIe/copy_engine_api.h +++ b/CORE/SERVICES/HIF/PCIe/copy_engine_api.h @@ -74,7 +74,9 @@ typedef void (* CE_send_cb)(struct CE_handle *copyeng, void *per_transfer_send_context, CE_addr_t buffer, unsigned int nbytes, - unsigned int transfer_id); + unsigned int transfer_id, + unsigned int sw_index, + unsigned int hw_index); /* * "Buffer Received" callback type for Buffer Received Notification. @@ -318,7 +320,9 @@ int CE_completed_send_next(struct CE_handle *copyeng, void **per_transfer_contextp, CE_addr_t *bufferp, unsigned int *nbytesp, - unsigned int *transfer_idp); + unsigned int *transfer_idp, + unsigned int *sw_idx, + unsigned int *hw_idx); /*==================CE Engine Initialization==================================*/ diff --git a/CORE/SERVICES/HIF/PCIe/hif_pci.c b/CORE/SERVICES/HIF/PCIe/hif_pci.c index 8c8b5b8016e8..8551790af7d8 100644 --- a/CORE/SERVICES/HIF/PCIe/hif_pci.c +++ b/CORE/SERVICES/HIF/PCIe/hif_pci.c @@ -318,12 +318,14 @@ HIFGetFreeQueueNumber(HIF_DEVICE *hif_device, a_uint8_t pipe) /* Called by lower (CE) layer when a send to Target completes. */ void HIF_PCI_CE_send_done(struct CE_handle *copyeng, void *ce_context, void *transfer_context, - CE_addr_t CE_data, unsigned int nbytes, unsigned int transfer_id) + CE_addr_t CE_data, unsigned int nbytes, unsigned int transfer_id, + unsigned int sw_index, unsigned int hw_index) { struct HIF_CE_pipe_info *pipe_info = (struct HIF_CE_pipe_info *)ce_context; struct HIF_CE_state *hif_state = pipe_info->HIF_CE_state; struct HIF_CE_completion_state *compl_state; struct HIF_CE_completion_state *compl_queue_head, *compl_queue_tail; /* local queue */ + unsigned int sw_idx = sw_index, hw_idx = hw_index; compl_queue_head = compl_queue_tail = NULL; do { @@ -341,7 +343,16 @@ HIF_PCI_CE_send_done(struct CE_handle *copyeng, void *ce_context, void *transfer adf_os_spin_lock(&pipe_info->completion_freeq_lock); compl_state = pipe_info->completion_freeq_head; - ASSERT(compl_state != NULL); + if (!compl_state) { + adf_os_spin_unlock(&pipe_info->completion_freeq_lock); + AR_DEBUG_PRINTF(ATH_DEBUG_ERR, + ("Out of free buf in hif send completion list, potential hw_index corruption" + "pipe_num:%d num_send_allowed:%d pipe_info:0x%p sw_index:%d hw_index:%d nbytes:%d\n", + pipe_info->pipe_num, pipe_info->num_sends_allowed, + pipe_info, sw_idx, hw_idx, nbytes)); + ASSERT(0); + break; + } pipe_info->completion_freeq_head = compl_state->next; adf_os_spin_unlock(&pipe_info->completion_freeq_lock); @@ -363,7 +374,8 @@ HIF_PCI_CE_send_done(struct CE_handle *copyeng, void *ce_context, void *transfer } compl_queue_tail = compl_state; } while (CE_completed_send_next(copyeng, &ce_context, &transfer_context, - &CE_data, &nbytes, &transfer_id) == EOK); + &CE_data, &nbytes, &transfer_id, + &sw_idx, &hw_idx) == EOK); if (compl_queue_head == NULL) { /* @@ -508,6 +520,8 @@ hif_completion_thread_startup(struct HIF_CE_state *hif_state) attr = host_CE_config[pipe_num]; completions_needed = 0; if (attr.src_nentries) { /* pipe used to send to target */ + AR_DEBUG_PRINTF(ATH_DEBUG_INFO, ("pipe_num:%d pipe_info:0x%p\n", + pipe_num, pipe_info)); CE_send_cb_register(pipe_info->ce_hdl, HIF_PCI_CE_send_done, pipe_info, attr.flags & CE_ATTR_DISABLE_INTR); completions_needed += attr.src_nentries; pipe_info->num_sends_allowed = attr.src_nentries-1; @@ -973,7 +987,9 @@ HIFDiagReadMem(HIF_DEVICE *hif_device, A_UINT32 address, A_UINT8 *data, int nbyt } i=0; - while (CE_completed_send_next(ce_diag, NULL, NULL, &buf, &completed_nbytes, &id) != A_OK) { + while (CE_completed_send_next(ce_diag, NULL, NULL, &buf, + &completed_nbytes, &id, + NULL, NULL) != A_OK) { A_MDELAY(1); if (i++ > DIAG_ACCESS_CE_TIMEOUT_MS) { status = A_EBUSY; @@ -1141,7 +1157,9 @@ HIFDiagWriteMem(HIF_DEVICE *hif_device, A_UINT32 address, A_UINT8 *data, int nby } i=0; - while (CE_completed_send_next(ce_diag, NULL, NULL, &buf, &completed_nbytes, &id) != A_OK) { + while (CE_completed_send_next(ce_diag, NULL, NULL, &buf, + &completed_nbytes, &id, + NULL, NULL) != A_OK) { A_MDELAY(1); if (i++ > DIAG_ACCESS_CE_TIMEOUT_MS) { status = A_EBUSY; @@ -1599,7 +1617,8 @@ struct BMI_transaction { */ static void HIF_BMI_send_done(struct CE_handle *copyeng, void *ce_context, void *transfer_context, - CE_addr_t data, unsigned int nbytes, unsigned int transfer_id) + CE_addr_t data, unsigned int nbytes, unsigned int transfer_id, + unsigned int sw_index, unsigned int hw_index) { struct BMI_transaction *transaction = (struct BMI_transaction *)transfer_context; struct hif_pci_softc *sc = transaction->hif_state->sc; -- cgit v1.2.3 From 79ac9fe7133c88c24e5750f65d251233cde69c95 Mon Sep 17 00:00:00 2001 From: Sundar Subramaniyan Date: Mon, 10 Feb 2014 19:19:15 +0530 Subject: qcacld: Cleanup HIF PCI suspend/resume Remove the function calls from HIF suspend and resume functions to HDD suspend/resume functions that are no longer being called from PCI suspend/resume under the disabled flag - WLAN_LINK_UMAC_SUSPEND_WITH_BUS_SUSPEND. They are now called from cfg80211 suspend and resume functions respectively. Change-Id: I462a5cb3e2ce4d789a8df6fca0db73627439f3c0 CRs-Fixed: 613659 --- CORE/SERVICES/HIF/PCIe/if_pci.c | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/CORE/SERVICES/HIF/PCIe/if_pci.c b/CORE/SERVICES/HIF/PCIe/if_pci.c index 6c7429a294e0..cccd9f64221e 100644 --- a/CORE/SERVICES/HIF/PCIe/if_pci.c +++ b/CORE/SERVICES/HIF/PCIe/if_pci.c @@ -1385,11 +1385,6 @@ void hif_pci_shutdown(struct pci_dev *pdev) #define OL_ATH_PCI_PM_CONTROL 0x44 -#ifdef WLAN_LINK_UMAC_SUSPEND_WITH_BUS_SUSPEND -void hdd_suspend_wlan(void (*callback)(void *callbackContext), - void *callbackContext); -#endif - static int hif_pci_suspend(struct pci_dev *pdev, pm_message_t state) { @@ -1402,12 +1397,6 @@ hif_pci_suspend(struct pci_dev *pdev, pm_message_t state) u32 val; v_VOID_t * temp_module; -#ifdef WLAN_LINK_UMAC_SUSPEND_WITH_BUS_SUSPEND - hdd_suspend_wlan(NULL, NULL); - /* TODO: Wait until tx queue drains. Remove this hard coded delay */ - msleep(3*1000); /* 3 sec */ -#endif - A_TARGET_ACCESS_BEGIN(targid); A_PCI_WRITE32(sc->mem + FW_INDICATOR_ADDRESS, (state.event << 16)); A_TARGET_ACCESS_END(targid); @@ -1448,10 +1437,6 @@ hif_pci_suspend(struct pci_dev *pdev, pm_message_t state) return 0; } -#ifdef WLAN_LINK_UMAC_SUSPEND_WITH_BUS_SUSPEND -void hdd_resume_wlan(void); -#endif - static int hif_pci_resume(struct pci_dev *pdev) { @@ -1499,10 +1484,6 @@ hif_pci_resume(struct pci_dev *pdev) return wma_resume_target(temp_module); } -#ifdef WLAN_LINK_UMAC_SUSPEND_WITH_BUS_SUSPEND - hdd_resume_wlan(); -#endif - return 0; } -- cgit v1.2.3 From 132bdf07e90e43baec23acde61dd225f0671dfe9 Mon Sep 17 00:00:00 2001 From: Nandini Suresh Date: Mon, 10 Feb 2014 14:00:39 -0800 Subject: cafstaging release 1.0.0.33 cafstaging Release 1.0.0.33 Change-Id: Iebfa564b1b88b50002733cd4494de13ec56ab304 --- CORE/MAC/inc/qwlan_version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CORE/MAC/inc/qwlan_version.h b/CORE/MAC/inc/qwlan_version.h index 7edc56982efc..9bd1045f26e2 100644 --- a/CORE/MAC/inc/qwlan_version.h +++ b/CORE/MAC/inc/qwlan_version.h @@ -42,9 +42,9 @@ BRIEF DESCRIPTION: #define QWLAN_VERSION_MINOR 0 #define QWLAN_VERSION_PATCH 0 #define QWLAN_VERSION_EXTRA "" -#define QWLAN_VERSION_BUILD 32 +#define QWLAN_VERSION_BUILD 33 -#define QWLAN_VERSIONSTR "1.0.0.32" +#define QWLAN_VERSIONSTR "1.0.0.33" #ifdef QCA_WIFI_2_0 -- cgit v1.2.3