On 1/3/2023 1:41 PM, Arend van Spriel wrote:
> When dealing with a device for 2GHz band only the wiphy->bands for
> 5GHz will be NULL. This would result in a NULL-deref in the
> brcmf_cfg80211_dump_survey() function. Rework the code with a
> for-loop to make it easier to add another band.
Forgot the Fixes tag here:
Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for HostApd
AutoChannelSelection")
> Signed-off-by: Arend van Spriel <[email protected]>
> ---
> .../broadcom/brcm80211/brcmfmac/cfg80211.c | 23 +++++++++++--------
> 1 file changed, 13 insertions(+), 10 deletions(-)
Hi Arend,
hi Kalle,
Am 03.01.23 um 13:41 schrieb Arend van Spriel:
> An issue was reported in which periodically error messages are
> printed in the kernel log:
>
> [ 26.303445] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
> [ 26.303554] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.bin failed with error -2
> [ 26.516752] brcmfmac_wcc: brcmf_wcc_attach: executing
regardless of this patch the commit d6a5c562214f ("wifi: brcmfmac: add
support for vendor-specific firmware api") introduced this error message
wcc/core.c, but i guess this should be trace or info message?
> [ 26.528264] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Jan 4 2021 19:56:29 version 7.45.229 (617f1f5 CY) FWID 01-2dbd9d2e
> [ 27.076829] Bluetooth: hci0: BCM: features 0x2f
> [ 27.078592] Bluetooth: hci0: BCM43455 37.4MHz Raspberry Pi 3+
> [ 27.078601] Bluetooth: hci0: BCM4345C0 (003.001.025) build 0342
> [ 30.142104] Adding 102396k swap on /var/swap. Priority:-2 extents:1 across:102396k SS
> [ 30.590017] Bluetooth: MGMT ver 1.22
> [ 104.897615] brcmfmac: cfg80211_set_channel: set chanspec 0x100e fail, reason -52
> [ 104.897992] brcmfmac: cfg80211_set_channel: set chanspec 0xd022 fail, reason -52
> [ 105.007672] brcmfmac: cfg80211_set_channel: set chanspec 0xd026 fail, reason -52
> [ 105.117654] brcmfmac: cfg80211_set_channel: set chanspec 0xd02a fail, reason -52
> [ 105.227636] brcmfmac: cfg80211_set_channel: set chanspec 0xd02e fail, reason -52
> [ 106.987552] brcmfmac: cfg80211_set_channel: set chanspec 0xd090 fail, reason -52
> [ 106.987911] brcmfmac: cfg80211_set_channel: set chanspec 0xd095 fail, reason -52
> [ 106.988233] brcmfmac: cfg80211_set_channel: set chanspec 0xd099 fail, reason -52
> [ 106.988565] brcmfmac: cfg80211_set_channel: set chanspec 0xd09d fail, reason -52
> [ 106.988909] brcmfmac: cfg80211_set_channel: set chanspec 0xd0a1 fail, reason -52
>
> This happens in brcmf_cfg80211_dump_survey() because we try a disabled
> channel. When channel is marked as disabled we do not need to fill any
> other info so bail out.
>
> Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for HostApd AutoChannelSelection")
> Reported-by: Stefan Wahren <[email protected]>
> Signed-off-by: Arend van Spriel <[email protected]>
this patch is:
Tested-by: Stefan Wahren <[email protected]>
Thanks
> ---
> .../broadcom/brcm80211/brcmfmac/cfg80211.c | 16 +++++++---------
> 1 file changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> index bff3128c2f26..478ca3848c64 100644
> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> @@ -7937,6 +7937,9 @@ cfg80211_set_channel(struct wiphy *wiphy, struct net_device *dev,
> struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
> struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
>
> + if (chan->flags & IEEE80211_CHAN_DISABLED)
> + return -EINVAL;
> +
> /* set_channel */
> chspec = channel_to_chanspec(&cfg->d11inf, chan);
> if (chspec != INVCHANSPEC) {
> @@ -7961,7 +7964,6 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev,
> struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
> struct brcmf_dump_survey survey = {};
> struct ieee80211_supported_band *band;
> - struct ieee80211_channel *chan;
> struct cca_msrmnt_query req;
> u32 noise;
> int err;
> @@ -7987,13 +7989,10 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev,
> }
>
> /* Setting current channel to the requested channel */
> - chan = &band->channels[idx];
> - err = cfg80211_set_channel(wiphy, ndev, chan, NL80211_CHAN_HT20);
> - if (err) {
> - info->channel = chan;
> - info->filled = 0;
> + info->filled = 0;
> + info->channel = &band->channels[idx];
> + if (cfg80211_set_channel(wiphy, ndev, info->channel, NL80211_CHAN_HT20))
> return 0;
> - }
>
> /* Disable mpc */
> brcmf_set_mpc(ifp, 0);
> @@ -8028,7 +8027,6 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev,
> if (err)
> goto exit;
>
> - info->channel = chan;
> info->noise = noise;
> info->time = ACS_MSRMNT_DELAY;
> info->time_busy = ACS_MSRMNT_DELAY - survey.idle;
> @@ -8040,7 +8038,7 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy, struct net_device *ndev,
> SURVEY_INFO_TIME_TX;
>
> brcmf_dbg(INFO, "OBSS dump: channel %d: survey duration %d\n",
> - ieee80211_frequency_to_channel(chan->center_freq),
> + ieee80211_frequency_to_channel(info->channel->center_freq),
> ACS_MSRMNT_DELAY);
> brcmf_dbg(INFO, "noise(%d) busy(%llu) rx(%llu) tx(%llu)\n",
> info->noise, info->time_busy, info->time_rx, info->time_tx);
On 1/3/2023 8:15 PM, Stefan Wahren wrote:
> Hi Arend,
> hi Kalle,
>
> Am 03.01.23 um 13:41 schrieb Arend van Spriel:
>> An issue was reported in which periodically error messages are
>> printed in the kernel log:
>>
>> [ 26.303445] brcmfmac: brcmf_fw_alloc_request: using
>> brcm/brcmfmac43455-sdio for chip BCM4345/6
>> [ 26.303554] brcmfmac mmc1:0001:1: Direct firmware load for
>> brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.bin failed with
>> error -2
>> [ 26.516752] brcmfmac_wcc: brcmf_wcc_attach: executing
> regardless of this patch the commit d6a5c562214f ("wifi: brcmfmac: add
> support for vendor-specific firmware api") introduced this error message
> wcc/core.c, but i guess this should be trace or info message?
Ah, yes. I will change that for the next release. Thanks for pointing at
that.
>> [ 26.528264] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6
>> wl0: Jan 4 2021 19:56:29 version 7.45.229 (617f1f5 CY) FWID 01-2dbd9d2e
>> [ 27.076829] Bluetooth: hci0: BCM: features 0x2f
>> [ 27.078592] Bluetooth: hci0: BCM43455 37.4MHz Raspberry Pi 3+
>> [ 27.078601] Bluetooth: hci0: BCM4345C0 (003.001.025) build 0342
[...]
>> Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for
>> HostApd AutoChannelSelection")
>> Reported-by: Stefan Wahren <[email protected]>
>> Signed-off-by: Arend van Spriel <[email protected]>
>
> this patch is:
>
> Tested-by: Stefan Wahren <[email protected]>
Appreciated.
Regards,
Arend
> Thanks
>> ---
>> .../broadcom/brcm80211/brcmfmac/cfg80211.c | 16 +++++++---------
>> 1 file changed, 7 insertions(+), 9 deletions(-)
>>
>> diff --git
>> a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> index bff3128c2f26..478ca3848c64 100644
>> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> @@ -7937,6 +7937,9 @@ cfg80211_set_channel(struct wiphy *wiphy, struct
>> net_device *dev,
>> struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
>> struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
>> + if (chan->flags & IEEE80211_CHAN_DISABLED)
>> + return -EINVAL;
>> +
>> /* set_channel */
>> chspec = channel_to_chanspec(&cfg->d11inf, chan);
>> if (chspec != INVCHANSPEC) {
>> @@ -7961,7 +7964,6 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy,
>> struct net_device *ndev,
>> struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
>> struct brcmf_dump_survey survey = {};
>> struct ieee80211_supported_band *band;
>> - struct ieee80211_channel *chan;
>> struct cca_msrmnt_query req;
>> u32 noise;
>> int err;
>> @@ -7987,13 +7989,10 @@ brcmf_cfg80211_dump_survey(struct wiphy
>> *wiphy, struct net_device *ndev,
>> }
>> /* Setting current channel to the requested channel */
>> - chan = &band->channels[idx];
>> - err = cfg80211_set_channel(wiphy, ndev, chan, NL80211_CHAN_HT20);
>> - if (err) {
>> - info->channel = chan;
>> - info->filled = 0;
>> + info->filled = 0;
>> + info->channel = &band->channels[idx];
>> + if (cfg80211_set_channel(wiphy, ndev, info->channel,
>> NL80211_CHAN_HT20))
>> return 0;
>> - }
>> /* Disable mpc */
>> brcmf_set_mpc(ifp, 0);
>> @@ -8028,7 +8027,6 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy,
>> struct net_device *ndev,
>> if (err)
>> goto exit;
>> - info->channel = chan;
>> info->noise = noise;
>> info->time = ACS_MSRMNT_DELAY;
>> info->time_busy = ACS_MSRMNT_DELAY - survey.idle;
>> @@ -8040,7 +8038,7 @@ brcmf_cfg80211_dump_survey(struct wiphy *wiphy,
>> struct net_device *ndev,
>> SURVEY_INFO_TIME_TX;
>> brcmf_dbg(INFO, "OBSS dump: channel %d: survey duration %d\n",
>> - ieee80211_frequency_to_channel(chan->center_freq),
>> + ieee80211_frequency_to_channel(info->channel->center_freq),
>> ACS_MSRMNT_DELAY);
>> brcmf_dbg(INFO, "noise(%d) busy(%llu) rx(%llu) tx(%llu)\n",
>> info->noise, info->time_busy, info->time_rx, info->time_tx);
Arend van Spriel <[email protected]> writes:
> The function cfg80211_set_channel() is an static function in brcmfmac
> but the name is misleading. Hence rename it with 'brcmf' prefix. Also
> changing the parameters to avoid additional conversions.
>
> Signed-off-by: Arend van Spriel <[email protected]>
If I understood correctly this patch 3 is for wireless-next. So adding a
reminder for myself to _not_ take this to wireless tree :)
(I wish patchwork would have a support for offline notes so I would not
need to send emails like this)
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
On January 9, 2023 4:51:03 PM Kalle Valo <[email protected]> wrote:
> Arend van Spriel <[email protected]> writes:
>
>> The function cfg80211_set_channel() is an static function in brcmfmac
>> but the name is misleading. Hence rename it with 'brcmf' prefix. Also
>> changing the parameters to avoid additional conversions.
>>
>> Signed-off-by: Arend van Spriel <[email protected]>
>
> If I understood correctly this patch 3 is for wireless-next. So adding a
> reminder for myself to _not_ take this to wireless tree :)
FWIW you understood correctly.
Gr. AvS
Arend van Spriel <[email protected]> wrote:
> An issue was reported in which periodically error messages are
> printed in the kernel log:
>
> [ 26.303445] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
> [ 26.303554] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.bin failed with error -2
> [ 26.516752] brcmfmac_wcc: brcmf_wcc_attach: executing
> [ 26.528264] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Jan 4 2021 19:56:29 version 7.45.229 (617f1f5 CY) FWID 01-2dbd9d2e
> [ 27.076829] Bluetooth: hci0: BCM: features 0x2f
> [ 27.078592] Bluetooth: hci0: BCM43455 37.4MHz Raspberry Pi 3+
> [ 27.078601] Bluetooth: hci0: BCM4345C0 (003.001.025) build 0342
> [ 30.142104] Adding 102396k swap on /var/swap. Priority:-2 extents:1 across:102396k SS
> [ 30.590017] Bluetooth: MGMT ver 1.22
> [ 104.897615] brcmfmac: cfg80211_set_channel: set chanspec 0x100e fail, reason -52
> [ 104.897992] brcmfmac: cfg80211_set_channel: set chanspec 0xd022 fail, reason -52
> [ 105.007672] brcmfmac: cfg80211_set_channel: set chanspec 0xd026 fail, reason -52
> [ 105.117654] brcmfmac: cfg80211_set_channel: set chanspec 0xd02a fail, reason -52
> [ 105.227636] brcmfmac: cfg80211_set_channel: set chanspec 0xd02e fail, reason -52
> [ 106.987552] brcmfmac: cfg80211_set_channel: set chanspec 0xd090 fail, reason -52
> [ 106.987911] brcmfmac: cfg80211_set_channel: set chanspec 0xd095 fail, reason -52
> [ 106.988233] brcmfmac: cfg80211_set_channel: set chanspec 0xd099 fail, reason -52
> [ 106.988565] brcmfmac: cfg80211_set_channel: set chanspec 0xd09d fail, reason -52
> [ 106.988909] brcmfmac: cfg80211_set_channel: set chanspec 0xd0a1 fail, reason -52
>
> This happens in brcmf_cfg80211_dump_survey() because we try a disabled
> channel. When channel is marked as disabled we do not need to fill any
> other info so bail out.
>
> Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for HostApd AutoChannelSelection")
> Reported-by: Stefan Wahren <[email protected]>
> Signed-off-by: Arend van Spriel <[email protected]>
> Tested-by: Stefan Wahren <[email protected]>
2 patches applied to wireless.git, thanks.
e5d1ab1a73ad wifi: brcmfmac: avoid handling disabled channels for survey dump
aadb50d15712 wifi: brcmfmac: avoid NULL-deref in survey dump for 2G only device
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Arend van Spriel <[email protected]> wrote:
> The function cfg80211_set_channel() is an static function in brcmfmac
> but the name is misleading. Hence rename it with 'brcmf' prefix. Also
> changing the parameters to avoid additional conversions.
>
> Signed-off-by: Arend van Spriel <[email protected]>
Patch applied to wireless-next.git, thanks.
5fac18583a00 wifi: brcmfmac: change cfg80211_set_channel() name and signature
--
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches