mac80211: brcmfmac: backport important changes from the 4.15

Two more patches that may be worth backporting in the future: fdd0bd88ceae brcmfmac: add CLM download support cc124d5cc8d8 brcmfmac: fix CLM load error for legacy chips when user helper is enabled Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
author: Rafał Miłecki <rafal@milecki.pl> 2018-08-16 10:48:54 +0200
committer: Rafał Miłecki <rafal@milecki.pl> 2018-08-16 13:15:05 +0200
commit: 57102f6c0633e08c96c868fde69c5a095c5d1102 (patch)
tree: 956fabf860189e82e30346ec9c4ba48288551a1e
parent: 6805e44004b7e310743a638ce826010744ad9ff6 (diff)
download: openwrt-57102f6c0633e08c96c868fde69c5a095c5d1102.tar.gz
openwrt-57102f6c0633e08c96c868fde69c5a095c5d1102.tar.bz2
openwrt-57102f6c0633e08c96c868fde69c5a095c5d1102.zip
5 files changed, 100 insertions, 1 deletions
diff --git a/package/kernel/mac80211/Makefile b/package/kernel/mac80211/Makefile
index 03354289ac..c3bbac1633 100644
--- a/package/kernel/mac80211/Makefile
+++ b/package/kernel/mac80211/Makefile
@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=mac80211
 
 PKG_VERSION:=2017-01-31
-PKG_RELEASE:=9
+PKG_RELEASE:=10
 PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources
 PKG_BACKPORT_VERSION:=
 PKG_HASH:=75e6d39e34cf156212a2509172a4a62b673b69eb4a1d9aaa565f7fa719fa2317
diff --git a/package/kernel/mac80211/patches/328-v4.15-0001-brcmfmac-Avoid-possible-out-of-bounds-read.patch b/package/kernel/mac80211/patches/328-v4.15-0001-brcmfmac-Avoid-possible-out-of-bounds-read.patch
new file mode 100644
index 0000000000..f46c0abb61
--- /dev/null
+++ b/package/kernel/mac80211/patches/328-v4.15-0001-brcmfmac-Avoid-possible-out-of-bounds-read.patch
@@ -0,0 +1,39 @@
+From 73f2c8e933b1dcf432ac8c6965a6e67af630077f Mon Sep 17 00:00:00 2001
+From: Kevin Cernekee <cernekee@chromium.org>
+Date: Sat, 16 Sep 2017 21:08:22 -0700
+Subject: [PATCH] brcmfmac: Avoid possible out-of-bounds read
+
+In brcmf_p2p_notify_rx_mgmt_p2p_probereq(), chanspec is assigned before
+the length of rxframe is validated.  This could lead to uninitialized
+data being accessed (but not printed).  Since we already have a
+perfectly good endian-swapped copy of rxframe->chanspec in ch.chspec,
+and ch.chspec is not modified by decchspec(), avoid the extra
+assignment and use ch.chspec in the debug print.
+
+Suggested-by: Mattias Nissler <mnissler@chromium.org>
+Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
+Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
+@@ -1853,7 +1853,6 @@ s32 brcmf_p2p_notify_rx_mgmt_p2p_probere
+ 	struct afx_hdl *afx_hdl = &p2p->afx_hdl;
+ 	struct brcmf_cfg80211_vif *vif = ifp->vif;
+ 	struct brcmf_rx_mgmt_data *rxframe = (struct brcmf_rx_mgmt_data *)data;
+-	u16 chanspec = be16_to_cpu(rxframe->chanspec);
+ 	struct brcmu_chan ch;
+ 	u8 *mgmt_frame;
+ 	u32 mgmt_frame_len;
+@@ -1906,7 +1905,7 @@ s32 brcmf_p2p_notify_rx_mgmt_p2p_probere
+ 	cfg80211_rx_mgmt(&vif->wdev, freq, 0, mgmt_frame, mgmt_frame_len, 0);
+ 
+ 	brcmf_dbg(INFO, "mgmt_frame_len (%d) , e->datalen (%d), chanspec (%04x), freq (%d)\n",
+-		  mgmt_frame_len, e->datalen, chanspec, freq);
++		  mgmt_frame_len, e->datalen, ch.chspec, freq);
+ 
+ 	return 0;
+ }
diff --git a/package/kernel/mac80211/patches/328-v4.15-0002-brcmfmac-handle-FWHALT-mailbox-indication.patch b/package/kernel/mac80211/patches/328-v4.15-0002-brcmfmac-handle-FWHALT-mailbox-indication.patch
new file mode 100644
index 0000000000..4ca696fb48
--- /dev/null
+++ b/package/kernel/mac80211/patches/328-v4.15-0002-brcmfmac-handle-FWHALT-mailbox-indication.patch
@@ -0,0 +1,60 @@
+From 2fd3877b5bb7d39782c3205a1dcda02023b8514a Mon Sep 17 00:00:00 2001
+From: Arend Van Spriel <arend.vanspriel@broadcom.com>
+Date: Wed, 8 Nov 2017 14:36:31 +0100
+Subject: [PATCH] brcmfmac: handle FWHALT mailbox indication
+
+The firmware uses a mailbox to communicate to the host what is going
+on. In the driver we validate the bit received. Various people seen
+the following message:
+
+ brcmfmac: brcmf_sdio_hostmail: Unknown mailbox data content: 0x40012
+
+Bit 4 is cause of this message, but this actually indicates the firmware
+has halted. Handle this bit by giving a more meaningful error message.
+
+Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
+Reviewed-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+@@ -259,10 +259,11 @@ struct rte_console {
+ #define I_HMB_HOST_INT	I_HMB_SW3	/* Miscellaneous Interrupt */
+ 
+ /* tohostmailboxdata */
+-#define HMB_DATA_NAKHANDLED	1	/* retransmit NAK'd frame */
+-#define HMB_DATA_DEVREADY	2	/* talk to host after enable */
+-#define HMB_DATA_FC		4	/* per prio flowcontrol update flag */
+-#define HMB_DATA_FWREADY	8	/* fw ready for protocol activity */
++#define HMB_DATA_NAKHANDLED	0x0001	/* retransmit NAK'd frame */
++#define HMB_DATA_DEVREADY	0x0002	/* talk to host after enable */
++#define HMB_DATA_FC		0x0004	/* per prio flowcontrol update flag */
++#define HMB_DATA_FWREADY	0x0008	/* fw ready for protocol activity */
++#define HMB_DATA_FWHALT		0x0010	/* firmware halted */
+ 
+ #define HMB_DATA_FCDATA_MASK	0xff000000
+ #define HMB_DATA_FCDATA_SHIFT	24
+@@ -1093,6 +1094,10 @@ static u32 brcmf_sdio_hostmail(struct br
+ 			  offsetof(struct sdpcmd_regs, tosbmailbox));
+ 	bus->sdcnt.f1regdata += 2;
+ 
++	/* dongle indicates the firmware has halted/crashed */
++	if (hmb_data & HMB_DATA_FWHALT)
++		brcmf_err("mailbox indicates firmware halted\n");
++
+ 	/* Dongle recomposed rx frames, accept them again */
+ 	if (hmb_data & HMB_DATA_NAKHANDLED) {
+ 		brcmf_dbg(SDIO, "Dongle reports NAK handled, expect rtx of %d\n",
+@@ -1150,6 +1155,7 @@ static u32 brcmf_sdio_hostmail(struct br
+ 			 HMB_DATA_NAKHANDLED |
+ 			 HMB_DATA_FC |
+ 			 HMB_DATA_FWREADY |
++			 HMB_DATA_FWHALT |
+ 			 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK))
+ 		brcmf_err("Unknown mailbox data content: 0x%02x\n",
+ 			  hmb_data);
diff --git a/package/kernel/mac80211/patches/328-v4.16-0001-brcmfmac-drop-Inter-Access-Point-Protocol-packets-by.patch b/package/kernel/mac80211/patches/329-v4.16-0002-brcmfmac-drop-Inter-Access-Point-Protocol-packets-by.patch
index f05e23da05..f05e23da05 100644
--- a/package/kernel/mac80211/patches/328-v4.16-0001-brcmfmac-drop-Inter-Access-Point-Protocol-packets-by.patch
+++ b/package/kernel/mac80211/patches/329-v4.16-0002-brcmfmac-drop-Inter-Access-Point-Protocol-packets-by.patch
diff --git a/package/kernel/mac80211/patches/329-brcmfmac-add-support-for-BCM4366E-chipset.patch b/package/kernel/mac80211/patches/330-v4.18-0001-brcmfmac-add-support-for-BCM4366E-chipset.patch
index ddbff07839..ddbff07839 100644
--- a/package/kernel/mac80211/patches/329-brcmfmac-add-support-for-BCM4366E-chipset.patch
+++ b/package/kernel/mac80211/patches/330-v4.18-0001-brcmfmac-add-support-for-BCM4366E-chipset.patch
author	Rafał Miłecki <rafal@milecki.pl>	2018-08-16 10:48:54 +0200
committer	Rafał Miłecki <rafal@milecki.pl>	2018-08-16 13:15:05 +0200
commit	57102f6c0633e08c96c868fde69c5a095c5d1102 (patch)
tree	956fabf860189e82e30346ec9c4ba48288551a1e
parent	6805e44004b7e310743a638ce826010744ad9ff6 (diff)
download	openwrt-57102f6c0633e08c96c868fde69c5a095c5d1102.tar.gz openwrt-57102f6c0633e08c96c868fde69c5a095c5d1102.tar.bz2 openwrt-57102f6c0633e08c96c868fde69c5a095c5d1102.zip