Hi,
I am using the ath.git (ea726a8d305a : was testing external Atheros
cards) + linux-firmware (bb2d42d) and the monitor mode stopped working
with iwlwifi. There is a warning from UBSAN: "UBSAN:
shift-out-of-bounds in
drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:657:22".
The root cause was this c6ce1c74ef292 which defaults the assignment to
0xFFFF and then that was being used for the shift.
I have tried to fix the warning with the below patch (just for an
experiment, not a proper one), the warning is gone, but no frames are
seen in Wireshark.
Below is the version information, any help is appreciated, monitor
mode is important for me.
lspci: Network controller: Intel Corporation Wi-Fi 6 AX201 (rev 20)
[ +0.003790] iwlwifi 0000:00:14.3: api flags index 2 larger than
supported by driver
[ +0.000046] iwlwifi 0000:00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version:
89.3.35.37
[ +0.001519] iwlwifi 0000:00:14.3: loaded firmware version
72.daa05125.0 QuZ-a0-hr-b0-72.ucode op_mode iwlmvm
[ +0.034887] iwlwifi 0000:00:14.3: Detected Intel(R) Wi-Fi 6 AX201
160MHz, REV=0x351
[ +0.000083] thermal thermal_zone7: failed to read out thermal zone (-61)
[ +0.122144] iwlwifi 0000:00:14.3: Detected RF HR B3, rfid=0x10a100
[ +0.065701] iwlwifi 0000:00:14.3: base HW address: 4c:79:6e:90:94:71
[ +0.019826] iwlwifi 0000:00:14.3 wlp0s20f3: renamed from wlan0
[ +14.210987] device mon0 entered promiscuous mode
[Jan24 18:20] device mon0 left promiscuous mode
---
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
index 83abfe996138..591f9fdd0ec4 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
@@ -654,9 +654,13 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct
iwl_mvm *mvm,
u32 action)
{
struct iwl_mac_ctx_cmd cmd = {};
- u32 tfd_queue_msk = BIT(mvm->snif_queue);
+ u32 tfd_queue_msk = 0;
int ret;
+ if (mvm->snif_queue != IWL_MVM_INVALID_QUEUE) {
+ tfd_queue_msk = BIT(mvm->snif_queue);
+ }
+
WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
iwl_mvm_mac_ctxt_cmd_common(mvm, vif, &cmd, NULL, action);
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index 515dd3e0730d..784a7f72b819 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -2084,6 +2084,7 @@ static int iwl_mvm_add_int_sta_with_queue(struct
iwl_mvm *mvm, int macidx,
}
*queue = txq;
+ sta->tfd_queue_msk = BIT(*queue);
}
return 0;
@@ -2092,11 +2093,15 @@ static int
iwl_mvm_add_int_sta_with_queue(struct iwl_mvm *mvm, int macidx,
int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm, u32 lmac_id)
{
int ret;
+ u32 tfd_queue_msk = 0;
lockdep_assert_held(&mvm->mutex);
+ if (mvm->aux_queue != IWL_MVM_INVALID_QUEUE) {
+ tfd_queue_msk = BIT(mvm->aux_queue);
+ }
/* Allocate aux station and assign to it the aux queue */
- ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue),
+ ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, tfd_queue_msk,
NL80211_IFTYPE_UNSPECIFIED,
IWL_STA_AUX_ACTIVITY);
if (ret)
Hi!
On Mon, 2023-01-23 at 14:07 +0530, Krishna Chaitanya wrote:
> Hi,
>
> I am using the ath.git (ea726a8d305a : was testing external Atheros
> cards) + linux-firmware (bb2d42d) and the monitor mode stopped working
> with iwlwifi. There is a warning from UBSAN: "UBSAN:
> shift-out-of-bounds in
> drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:657:22".
>
> The root cause was this c6ce1c74ef292 which defaults the assignment to
> 0xFFFF and then that was being used for the shift.
>
> I have tried to fix the warning with the below patch (just for an
> experiment, not a proper one), the warning is gone, but no frames are
> seen in Wireshark.
>
> Below is the version information, any help is appreciated, monitor
> mode is important for me.
>
> lspci: Network controller: Intel Corporation Wi-Fi 6 AX201 (rev 20)
>
> [ +0.003790] iwlwifi 0000:00:14.3: api flags index 2 larger than
> supported by driver
> [ +0.000046] iwlwifi 0000:00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version:
> 89.3.35.37
> [ +0.001519] iwlwifi 0000:00:14.3: loaded firmware version
> 72.daa05125.0 QuZ-a0-hr-b0-72.ucode op_mode iwlmvm
> [ +0.034887] iwlwifi 0000:00:14.3: Detected Intel(R) Wi-Fi 6 AX201
> 160MHz, REV=0x351
> [ +0.000083] thermal thermal_zone7: failed to read out thermal zone (-61)
> [ +0.122144] iwlwifi 0000:00:14.3: Detected RF HR B3, rfid=0x10a100
> [ +0.065701] iwlwifi 0000:00:14.3: base HW address: 4c:79:6e:90:94:71
> [ +0.019826] iwlwifi 0000:00:14.3 wlp0s20f3: renamed from wlan0
> [ +14.210987] device mon0 entered promiscuous mode
> [Jan24 18:20] device mon0 left promiscuous mode
>
> ---
> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> index 83abfe996138..591f9fdd0ec4 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> @@ -654,9 +654,13 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct
> iwl_mvm *mvm,
> u32 action)
> {
> struct iwl_mac_ctx_cmd cmd = {};
> - u32 tfd_queue_msk = BIT(mvm->snif_queue);
> + u32 tfd_queue_msk = 0;
> int ret;
>
> + if (mvm->snif_queue != IWL_MVM_INVALID_QUEUE) {
> + tfd_queue_msk = BIT(mvm->snif_queue);
> + }
> +
> WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
>
> iwl_mvm_mac_ctxt_cmd_common(mvm, vif, &cmd, NULL, action);
> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> index 515dd3e0730d..784a7f72b819 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> @@ -2084,6 +2084,7 @@ static int iwl_mvm_add_int_sta_with_queue(struct
> iwl_mvm *mvm, int macidx,
> }
>
> *queue = txq;
> + sta->tfd_queue_msk = BIT(*queue);
> }
>
> return 0;
> @@ -2092,11 +2093,15 @@ static int
> iwl_mvm_add_int_sta_with_queue(struct iwl_mvm *mvm, int macidx,
> int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm, u32 lmac_id)
> {
> int ret;
> + u32 tfd_queue_msk = 0;
>
> lockdep_assert_held(&mvm->mutex);
> + if (mvm->aux_queue != IWL_MVM_INVALID_QUEUE) {
> + tfd_queue_msk = BIT(mvm->aux_queue);
> + }
>
> /* Allocate aux station and assign to it the aux queue */
> - ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue),
> + ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, tfd_queue_msk,
> NL80211_IFTYPE_UNSPECIFIED,
> IWL_STA_AUX_ACTIVITY);
> if (ret)
This bug was already fixed in our internal repository. You can use the driver from [1]
until this fix will make it's way to the upstream (please use master branch).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git
On Mon, Jan 23, 2023 at 6:29 PM Greenman, Gregory
<[email protected]> wrote:
>
> Hi!
>
> On Mon, 2023-01-23 at 14:07 +0530, Krishna Chaitanya wrote:
> > Hi,
> >
> > I am using the ath.git (ea726a8d305a : was testing external Atheros
> > cards) + linux-firmware (bb2d42d) and the monitor mode stopped working
> > with iwlwifi. There is a warning from UBSAN: "UBSAN:
> > shift-out-of-bounds in
> > drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:657:22".
> >
> > The root cause was this c6ce1c74ef292 which defaults the assignment to
> > 0xFFFF and then that was being used for the shift.
> >
> > I have tried to fix the warning with the below patch (just for an
> > experiment, not a proper one), the warning is gone, but no frames are
> > seen in Wireshark.
> >
> > Below is the version information, any help is appreciated, monitor
> > mode is important for me.
> >
> > lspci: Network controller: Intel Corporation Wi-Fi 6 AX201 (rev 20)
> >
> > [ +0.003790] iwlwifi 0000:00:14.3: api flags index 2 larger than
> > supported by driver
> > [ +0.000046] iwlwifi 0000:00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version:
> > 89.3.35.37
> > [ +0.001519] iwlwifi 0000:00:14.3: loaded firmware version
> > 72.daa05125.0 QuZ-a0-hr-b0-72.ucode op_mode iwlmvm
> > [ +0.034887] iwlwifi 0000:00:14.3: Detected Intel(R) Wi-Fi 6 AX201
> > 160MHz, REV=0x351
> > [ +0.000083] thermal thermal_zone7: failed to read out thermal zone (-61)
> > [ +0.122144] iwlwifi 0000:00:14.3: Detected RF HR B3, rfid=0x10a100
> > [ +0.065701] iwlwifi 0000:00:14.3: base HW address: 4c:79:6e:90:94:71
> > [ +0.019826] iwlwifi 0000:00:14.3 wlp0s20f3: renamed from wlan0
> > [ +14.210987] device mon0 entered promiscuous mode
> > [Jan24 18:20] device mon0 left promiscuous mode
> >
> > ---
> > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > index 83abfe996138..591f9fdd0ec4 100644
> > --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > @@ -654,9 +654,13 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct
> > iwl_mvm *mvm,
> > u32 action)
> > {
> > struct iwl_mac_ctx_cmd cmd = {};
> > - u32 tfd_queue_msk = BIT(mvm->snif_queue);
> > + u32 tfd_queue_msk = 0;
> > int ret;
> >
> > + if (mvm->snif_queue != IWL_MVM_INVALID_QUEUE) {
> > + tfd_queue_msk = BIT(mvm->snif_queue);
> > + }
> > +
> > WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
> >
> > iwl_mvm_mac_ctxt_cmd_common(mvm, vif, &cmd, NULL, action);
> > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > index 515dd3e0730d..784a7f72b819 100644
> > --- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > @@ -2084,6 +2084,7 @@ static int iwl_mvm_add_int_sta_with_queue(struct
> > iwl_mvm *mvm, int macidx,
> > }
> >
> > *queue = txq;
> > + sta->tfd_queue_msk = BIT(*queue);
> > }
> >
> > return 0;
> > @@ -2092,11 +2093,15 @@ static int
> > iwl_mvm_add_int_sta_with_queue(struct iwl_mvm *mvm, int macidx,
> > int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm, u32 lmac_id)
> > {
> > int ret;
> > + u32 tfd_queue_msk = 0;
> >
> > lockdep_assert_held(&mvm->mutex);
> > + if (mvm->aux_queue != IWL_MVM_INVALID_QUEUE) {
> > + tfd_queue_msk = BIT(mvm->aux_queue);
> > + }
> >
> > /* Allocate aux station and assign to it the aux queue */
> > - ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue),
> > + ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, tfd_queue_msk,
> > NL80211_IFTYPE_UNSPECIFIED,
> > IWL_STA_AUX_ACTIVITY);
> > if (ret)
>
> This bug was already fixed in our internal repository. You can use the driver from [1]
> until this fix will make it's way to the upstream (please use master branch).
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git
Excellent, thanks for the reply.
The driver in [1] was not building due to 20b0b53aca436 but it was simple
to fix, after installation (and reboot) the warning is gone, but still
unable to sniff.
FW is now updated to:
loaded firmware version 77.2dda880d.0 QuZ-a0-hr-b0-77.ucode op_mode iwlmvm
On Mon, Jan 23, 2023 at 9:41 PM Krishna Chaitanya
<[email protected]> wrote:
>
> On Mon, Jan 23, 2023 at 6:29 PM Greenman, Gregory
> <[email protected]> wrote:
> >
> > Hi!
> >
> > On Mon, 2023-01-23 at 14:07 +0530, Krishna Chaitanya wrote:
> > > Hi,
> > >
> > > I am using the ath.git (ea726a8d305a : was testing external Atheros
> > > cards) + linux-firmware (bb2d42d) and the monitor mode stopped working
> > > with iwlwifi. There is a warning from UBSAN: "UBSAN:
> > > shift-out-of-bounds in
> > > drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:657:22".
> > >
> > > The root cause was this c6ce1c74ef292 which defaults the assignment to
> > > 0xFFFF and then that was being used for the shift.
> > >
> > > I have tried to fix the warning with the below patch (just for an
> > > experiment, not a proper one), the warning is gone, but no frames are
> > > seen in Wireshark.
> > >
> > > Below is the version information, any help is appreciated, monitor
> > > mode is important for me.
> > >
> > > lspci: Network controller: Intel Corporation Wi-Fi 6 AX201 (rev 20)
> > >
> > > [ +0.003790] iwlwifi 0000:00:14.3: api flags index 2 larger than
> > > supported by driver
> > > [ +0.000046] iwlwifi 0000:00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version:
> > > 89.3.35.37
> > > [ +0.001519] iwlwifi 0000:00:14.3: loaded firmware version
> > > 72.daa05125.0 QuZ-a0-hr-b0-72.ucode op_mode iwlmvm
> > > [ +0.034887] iwlwifi 0000:00:14.3: Detected Intel(R) Wi-Fi 6 AX201
> > > 160MHz, REV=0x351
> > > [ +0.000083] thermal thermal_zone7: failed to read out thermal zone (-61)
> > > [ +0.122144] iwlwifi 0000:00:14.3: Detected RF HR B3, rfid=0x10a100
> > > [ +0.065701] iwlwifi 0000:00:14.3: base HW address: 4c:79:6e:90:94:71
> > > [ +0.019826] iwlwifi 0000:00:14.3 wlp0s20f3: renamed from wlan0
> > > [ +14.210987] device mon0 entered promiscuous mode
> > > [Jan24 18:20] device mon0 left promiscuous mode
> > >
> > > ---
> > > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > index 83abfe996138..591f9fdd0ec4 100644
> > > --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > @@ -654,9 +654,13 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct
> > > iwl_mvm *mvm,
> > > u32 action)
> > > {
> > > struct iwl_mac_ctx_cmd cmd = {};
> > > - u32 tfd_queue_msk = BIT(mvm->snif_queue);
> > > + u32 tfd_queue_msk = 0;
> > > int ret;
> > >
> > > + if (mvm->snif_queue != IWL_MVM_INVALID_QUEUE) {
> > > + tfd_queue_msk = BIT(mvm->snif_queue);
> > > + }
> > > +
> > > WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
> > >
> > > iwl_mvm_mac_ctxt_cmd_common(mvm, vif, &cmd, NULL, action);
> > > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > index 515dd3e0730d..784a7f72b819 100644
> > > --- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > @@ -2084,6 +2084,7 @@ static int iwl_mvm_add_int_sta_with_queue(struct
> > > iwl_mvm *mvm, int macidx,
> > > }
> > >
> > > *queue = txq;
> > > + sta->tfd_queue_msk = BIT(*queue);
> > > }
> > >
> > > return 0;
> > > @@ -2092,11 +2093,15 @@ static int
> > > iwl_mvm_add_int_sta_with_queue(struct iwl_mvm *mvm, int macidx,
> > > int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm, u32 lmac_id)
> > > {
> > > int ret;
> > > + u32 tfd_queue_msk = 0;
> > >
> > > lockdep_assert_held(&mvm->mutex);
> > > + if (mvm->aux_queue != IWL_MVM_INVALID_QUEUE) {
> > > + tfd_queue_msk = BIT(mvm->aux_queue);
> > > + }
> > >
> > > /* Allocate aux station and assign to it the aux queue */
> > > - ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue),
> > > + ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, tfd_queue_msk,
> > > NL80211_IFTYPE_UNSPECIFIED,
> > > IWL_STA_AUX_ACTIVITY);
> > > if (ret)
> >
> > This bug was already fixed in our internal repository. You can use the driver from [1]
> > until this fix will make it's way to the upstream (please use master branch).
> >
> > [1] https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git
> Excellent, thanks for the reply.
>
> The driver in [1] was not building due to 20b0b53aca436 but it was simple
> to fix, after installation (and reboot) the warning is gone, but still
> unable to sniff.
>
> FW is now updated to:
> loaded firmware version 77.2dda880d.0 QuZ-a0-hr-b0-77.ucode op_mode iwlmvm
Any ideas why it still doesn't work? Should I try something else,
please suggest.
On Thu, 2023-02-09 at 20:21 +0530, Krishna Chaitanya wrote:
> On Mon, Jan 23, 2023 at 9:41 PM Krishna Chaitanya
> <[email protected]> wrote:
> >
> > On Mon, Jan 23, 2023 at 6:29 PM Greenman, Gregory
> > <[email protected]> wrote:
> > >
> > > Hi!
> > >
> > > On Mon, 2023-01-23 at 14:07 +0530, Krishna Chaitanya wrote:
> > > > Hi,
> > > >
> > > > I am using the ath.git (ea726a8d305a : was testing external Atheros
> > > > cards) + linux-firmware (bb2d42d) and the monitor mode stopped working
> > > > with iwlwifi. There is a warning from UBSAN: "UBSAN:
> > > > shift-out-of-bounds in
> > > > drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:657:22".
> > > >
> > > > The root cause was this c6ce1c74ef292 which defaults the assignment to
> > > > 0xFFFF and then that was being used for the shift.
> > > >
> > > > I have tried to fix the warning with the below patch (just for an
> > > > experiment, not a proper one), the warning is gone, but no frames are
> > > > seen in Wireshark.
> > > >
> > > > Below is the version information, any help is appreciated, monitor
> > > > mode is important for me.
> > > >
> > > > lspci: Network controller: Intel Corporation Wi-Fi 6 AX201 (rev 20)
> > > >
> > > > [ +0.003790] iwlwifi 0000:00:14.3: api flags index 2 larger than
> > > > supported by driver
> > > > [ +0.000046] iwlwifi 0000:00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version:
> > > > 89.3.35.37
> > > > [ +0.001519] iwlwifi 0000:00:14.3: loaded firmware version
> > > > 72.daa05125.0 QuZ-a0-hr-b0-72.ucode op_mode iwlmvm
> > > > [ +0.034887] iwlwifi 0000:00:14.3: Detected Intel(R) Wi-Fi 6 AX201
> > > > 160MHz, REV=0x351
> > > > [ +0.000083] thermal thermal_zone7: failed to read out thermal zone (-61)
> > > > [ +0.122144] iwlwifi 0000:00:14.3: Detected RF HR B3, rfid=0x10a100
> > > > [ +0.065701] iwlwifi 0000:00:14.3: base HW address: 4c:79:6e:90:94:71
> > > > [ +0.019826] iwlwifi 0000:00:14.3 wlp0s20f3: renamed from wlan0
> > > > [ +14.210987] device mon0 entered promiscuous mode
> > > > [Jan24 18:20] device mon0 left promiscuous mode
> > > >
> > > > ---
> > > > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > index 83abfe996138..591f9fdd0ec4 100644
> > > > --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > @@ -654,9 +654,13 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct
> > > > iwl_mvm *mvm,
> > > > u32 action)
> > > > {
> > > > struct iwl_mac_ctx_cmd cmd = {};
> > > > - u32 tfd_queue_msk = BIT(mvm->snif_queue);
> > > > + u32 tfd_queue_msk = 0;
> > > > int ret;
> > > >
> > > > + if (mvm->snif_queue != IWL_MVM_INVALID_QUEUE) {
> > > > + tfd_queue_msk = BIT(mvm->snif_queue);
> > > > + }
> > > > +
> > > > WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
> > > >
> > > > iwl_mvm_mac_ctxt_cmd_common(mvm, vif, &cmd, NULL, action);
> > > > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > index 515dd3e0730d..784a7f72b819 100644
> > > > --- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > @@ -2084,6 +2084,7 @@ static int iwl_mvm_add_int_sta_with_queue(struct
> > > > iwl_mvm *mvm, int macidx,
> > > > }
> > > >
> > > > *queue = txq;
> > > > + sta->tfd_queue_msk = BIT(*queue);
> > > > }
> > > >
> > > > return 0;
> > > > @@ -2092,11 +2093,15 @@ static int
> > > > iwl_mvm_add_int_sta_with_queue(struct iwl_mvm *mvm, int macidx,
> > > > int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm, u32 lmac_id)
> > > > {
> > > > int ret;
> > > > + u32 tfd_queue_msk = 0;
> > > >
> > > > lockdep_assert_held(&mvm->mutex);
> > > > + if (mvm->aux_queue != IWL_MVM_INVALID_QUEUE) {
> > > > + tfd_queue_msk = BIT(mvm->aux_queue);
> > > > + }
> > > >
> > > > /* Allocate aux station and assign to it the aux queue */
> > > > - ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue),
> > > > + ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, tfd_queue_msk,
> > > > NL80211_IFTYPE_UNSPECIFIED,
> > > > IWL_STA_AUX_ACTIVITY);
> > > > if (ret)
> > >
> > > This bug was already fixed in our internal repository. You can use the driver from [1]
> > > until this fix will make it's way to the upstream (please use master branch).
> > >
> > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git
> > Excellent, thanks for the reply.
> >
> > The driver in [1] was not building due to 20b0b53aca436 but it was simple
> > to fix, after installation (and reboot) the warning is gone, but still
> > unable to sniff.
> >
> > FW is now updated to:
> > loaded firmware version 77.2dda880d.0 QuZ-a0-hr-b0-77.ucode op_mode iwlmvm
> Any ideas why it still doesn't work? Should I try something else,
> please suggest.
We'll try to reproduce it internally, if it'll work for us, I'll ask for some debug data.
Can you please open a new ticket in bugzilla, so it'll be easier for us to track?
Here is the wiki page regarding bugzilla for iwlwifi:
https://wireless.wiki.kernel.org/en/users/drivers/iwlwifi/debugging
On Sun, Feb 12, 2023 at 3:35 PM Greenman, Gregory
<[email protected]> wrote:
>
> On Thu, 2023-02-09 at 20:21 +0530, Krishna Chaitanya wrote:
> > On Mon, Jan 23, 2023 at 9:41 PM Krishna Chaitanya
> > <[email protected]> wrote:
> > >
> > > On Mon, Jan 23, 2023 at 6:29 PM Greenman, Gregory
> > > <[email protected]> wrote:
> > > >
> > > > Hi!
> > > >
> > > > On Mon, 2023-01-23 at 14:07 +0530, Krishna Chaitanya wrote:
> > > > > Hi,
> > > > >
> > > > > I am using the ath.git (ea726a8d305a : was testing external Atheros
> > > > > cards) + linux-firmware (bb2d42d) and the monitor mode stopped working
> > > > > with iwlwifi. There is a warning from UBSAN: "UBSAN:
> > > > > shift-out-of-bounds in
> > > > > drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:657:22".
> > > > >
> > > > > The root cause was this c6ce1c74ef292 which defaults the assignment to
> > > > > 0xFFFF and then that was being used for the shift.
> > > > >
> > > > > I have tried to fix the warning with the below patch (just for an
> > > > > experiment, not a proper one), the warning is gone, but no frames are
> > > > > seen in Wireshark.
> > > > >
> > > > > Below is the version information, any help is appreciated, monitor
> > > > > mode is important for me.
> > > > >
> > > > > lspci: Network controller: Intel Corporation Wi-Fi 6 AX201 (rev 20)
> > > > >
> > > > > [ +0.003790] iwlwifi 0000:00:14.3: api flags index 2 larger than
> > > > > supported by driver
> > > > > [ +0.000046] iwlwifi 0000:00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version:
> > > > > 89.3.35.37
> > > > > [ +0.001519] iwlwifi 0000:00:14.3: loaded firmware version
> > > > > 72.daa05125.0 QuZ-a0-hr-b0-72.ucode op_mode iwlmvm
> > > > > [ +0.034887] iwlwifi 0000:00:14.3: Detected Intel(R) Wi-Fi 6 AX201
> > > > > 160MHz, REV=0x351
> > > > > [ +0.000083] thermal thermal_zone7: failed to read out thermal zone (-61)
> > > > > [ +0.122144] iwlwifi 0000:00:14.3: Detected RF HR B3, rfid=0x10a100
> > > > > [ +0.065701] iwlwifi 0000:00:14.3: base HW address: 4c:79:6e:90:94:71
> > > > > [ +0.019826] iwlwifi 0000:00:14.3 wlp0s20f3: renamed from wlan0
> > > > > [ +14.210987] device mon0 entered promiscuous mode
> > > > > [Jan24 18:20] device mon0 left promiscuous mode
> > > > >
> > > > > ---
> > > > > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > > b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > > index 83abfe996138..591f9fdd0ec4 100644
> > > > > --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
> > > > > @@ -654,9 +654,13 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct
> > > > > iwl_mvm *mvm,
> > > > > u32 action)
> > > > > {
> > > > > struct iwl_mac_ctx_cmd cmd = {};
> > > > > - u32 tfd_queue_msk = BIT(mvm->snif_queue);
> > > > > + u32 tfd_queue_msk = 0;
> > > > > int ret;
> > > > >
> > > > > + if (mvm->snif_queue != IWL_MVM_INVALID_QUEUE) {
> > > > > + tfd_queue_msk = BIT(mvm->snif_queue);
> > > > > + }
> > > > > +
> > > > > WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
> > > > >
> > > > > iwl_mvm_mac_ctxt_cmd_common(mvm, vif, &cmd, NULL, action);
> > > > > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > > b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > > index 515dd3e0730d..784a7f72b819 100644
> > > > > --- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
> > > > > @@ -2084,6 +2084,7 @@ static int iwl_mvm_add_int_sta_with_queue(struct
> > > > > iwl_mvm *mvm, int macidx,
> > > > > }
> > > > >
> > > > > *queue = txq;
> > > > > + sta->tfd_queue_msk = BIT(*queue);
> > > > > }
> > > > >
> > > > > return 0;
> > > > > @@ -2092,11 +2093,15 @@ static int
> > > > > iwl_mvm_add_int_sta_with_queue(struct iwl_mvm *mvm, int macidx,
> > > > > int iwl_mvm_add_aux_sta(struct iwl_mvm *mvm, u32 lmac_id)
> > > > > {
> > > > > int ret;
> > > > > + u32 tfd_queue_msk = 0;
> > > > >
> > > > > lockdep_assert_held(&mvm->mutex);
> > > > > + if (mvm->aux_queue != IWL_MVM_INVALID_QUEUE) {
> > > > > + tfd_queue_msk = BIT(mvm->aux_queue);
> > > > > + }
> > > > >
> > > > > /* Allocate aux station and assign to it the aux queue */
> > > > > - ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, BIT(mvm->aux_queue),
> > > > > + ret = iwl_mvm_allocate_int_sta(mvm, &mvm->aux_sta, tfd_queue_msk,
> > > > > NL80211_IFTYPE_UNSPECIFIED,
> > > > > IWL_STA_AUX_ACTIVITY);
> > > > > if (ret)
> > > >
> > > > This bug was already fixed in our internal repository. You can use the driver from [1]
> > > > until this fix will make it's way to the upstream (please use master branch).
> > > >
> > > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git
> > > Excellent, thanks for the reply.
> > >
> > > The driver in [1] was not building due to 20b0b53aca436 but it was simple
> > > to fix, after installation (and reboot) the warning is gone, but still
> > > unable to sniff.
> > >
> > > FW is now updated to:
> > > loaded firmware version 77.2dda880d.0 QuZ-a0-hr-b0-77.ucode op_mode iwlmvm
> > Any ideas why it still doesn't work? Should I try something else,
> > please suggest.
>
> We'll try to reproduce it internally, if it'll work for us, I'll ask for some debug data.
> Can you please open a new ticket in bugzilla, so it'll be easier for us to track?
> Here is the wiki page regarding bugzilla for iwlwifi:
> https://wireless.wiki.kernel.org/en/users/drivers/iwlwifi/debugging
FYI, https://bugzilla.kernel.org/show_bug.cgi?id=217051