18 Jul, 2016
1 commit
-
is_suspending flag remains on when host sleep fails to enable. Data
path is unnecessarily blocked after this. This patch ensures to
reset the flag in failure path.Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
08 Jul, 2016
1 commit
-
Kasan reported slab-out-of-bounds access in btmrvl_sdio:
[ 33.055400] ==================================================================
[ 33.062585] BUG: KASAN: slab-out-of-bounds in memcpy+0x24/0x50 at addr ffffffc0d89b4a00
[ 33.070529] Read of size 256 by task btmrvl_main_ser/3576
[ 33.075885] =============================================================================
[ 33.084002] BUG kmalloc-256 (Tainted: G B ): kasan: bad access detected
[ 33.091511] -----------------------------------------------------------------------------[ 33.413498] Call trace:
[ 33.415928] [] dump_backtrace+0x0/0x190
[ 33.421288] [] show_stack+0x1c/0x28
[ 33.426305] [] dump_stack+0xa0/0xf8
[ 33.431320] [] print_trailer+0x158/0x16c
[ 33.436765] [] object_err+0x48/0x5c
[ 33.441780] [] kasan_report+0x344/0x510
[ 33.447141] [] __asan_loadN+0x20/0x150
[ 33.452413] [] memcpy+0x20/0x50
[ 33.457084] [] swiotlb_tbl_map_single+0x2ec/0x310
[ 33.463305] [] map_single+0x24/0x30
[ 33.468320] [] swiotlb_map_sg_attrs+0xec/0x21c
[ 33.474286] [] __swiotlb_map_sg_attrs+0x48/0xec
[ 33.480339] [] msdc_prepare_data.isra.11+0xf0/0x11c
[ 33.486733] [] msdc_ops_request+0x74/0xf0
[ 33.492266] [] __mmc_start_request+0x78/0x8c
[ 33.498057] [] mmc_start_request+0x220/0x240
[ 33.503848] [] mmc_wait_for_req+0x78/0x250
[ 33.509468] [] mmc_io_rw_extended+0x2ec/0x388
[ 33.515347] [] sdio_io_rw_ext_helper+0x160/0x268
[ 33.521483] [] sdio_writesb+0x40/0x50
[ 33.526677] [] btmrvl_sdio_host_to_card+0x124/0x1bc [btmrvl_sdio]
[ 33.534283] [] btmrvl_service_main_thread+0x384/0x428 [btmrvl]
[ 33.541626] [] kthread+0x140/0x158
[ 33.546550] Memory state around the buggy address:
[ 33.551305] ffffffc0d89b4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.558474] ffffffc0d89b4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.565643] >ffffffc0d89b4a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 33.572809] ^
[ 33.579889] ffffffc0d89b4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.587055] ffffffc0d89b4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 33.594221] ==================================================================The cause of this is that btmrvl_sdio_host_to_card can access memory region
out of its allocated space due to:1. the requested block size is smaller than SDIO_BLOCK_SIZE, and/or
2. the allocated memory is not BTSDIO_DMA_ALIGN-aligned.This patch fixes the issue by allocating a buffer which is big enough for
SDIO_BLOCK_SIZE transfer and/or BTSDIO_DMA_ALIGN address relocation.Signed-off-by: Ricky Liang
Signed-off-by: Marcel Holtmann
03 May, 2016
1 commit
-
On some arm-based platforms, we need to configure platform specific
parameters by device tree node and also define our node as a child
node of parent SDIO host controller.
This patch parses these parameters from device tree. It includes
calibration data download to firmware, wakeup pin configured to firmware,
and soc specific wake up gpio, which will be set as wakeup interrupt pin.Signed-off-by: Xinming Hu
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
11 Mar, 2016
1 commit
-
In some case, the btmrvl_sdio firmware would fail to active within the
polling time. Increase the polling interval to 100 msec to fix the
issue.Signed-off-by: Wei-Ning Huang
Signed-off-by: Wei-Ning Huang
Signed-off-by: Marcel Holtmann
06 Jan, 2016
1 commit
-
Usually when driver sends data to firmware it receives TX_DONE
(DN_LD_HOST_INT_STATUS) interrupt from firmware right away.
It's also observed that some times the fireware could delay
sending DN_LD_HOST_INT_STATUS interrupt. If driver sends data to
firmware during suspend processing and the TX_DONE interrupt is
delayed, it may come back at wrong time when SDIO host driver is
in the middle of suspending.Block any data from stack while suspending. Also skip sending
data that are already in driver tx_queue.Don't purge the skb queue on suspend to avoid intermittent music
after system resumes from S3.Signed-off-by: Chin-Ran Lo
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
05 Jan, 2016
1 commit
-
It's been observed that when bluetooth driver fails to
activate the firmware, below hung task warning dump is
displayed after 120 seconds.[ 36.461022] Bluetooth: vendor=0x2df, device=0x912e, class=255, fn=2
[ 56.512128] Bluetooth: FW failed to be active in time!
[ 56.517264] Bluetooth: Downloading firmware failed!
[ 240.252176] INFO: task kworker/3:2:129 blocked for more than 120 seconds.
[ 240.258931] Not tainted 3.18.0 #254
[ 240.262972] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 240.270751] kworker/3:2 D ffffffc000205760 0 129 2 0x00000000
[ 240.277825] Workqueue: events request_firmware_work_func
[ 240.283134] Call trace:
[ 240.285581] [] __switch_to+0x80/0x8c
[ 240.290693] [] __schedule+0x540/0x7b8
[ 240.295921] [] schedule+0x78/0x84
[ 240.300764] [] __mmc_claim_host+0xe8/0x1c8
[ 240.306395] [] sdio_claim_host+0x74/0x84
[ 240.311840] [] 0xffffffbffc163d08
[ 240.316685] [] 0xffffffbffc165104
[ 240.321524] [] mwifiex_dnld_fw+0x98/0x110 [mwifiex]
[ 240.327918] [] mwifiex_remove_card+0x2c4/0x5fc [mwifiex]
[ 240.334741] [] request_firmware_work_func+0x44/0x80
[ 240.341127] [] process_one_work+0x2ec/0x50c
[ 240.346831] [] worker_thread+0x350/0x470
[ 240.352272] [] kthread+0xf0/0xfc
[ 240.357019] 2 locks held by kworker/3:2/129:
[ 240.361248] #0: ("events"){.+.+.+}, at: [] process_one_work+0x1f8/0x50c
[ 240.369562] #1: ((&fw_work->work)){+.+.+.}, at: [] process_one_work+0x1f8/0x50c
[ 240.378589] task PC stack pid father
[ 240.384501] kworker/1:1 D ffffffc000205760 0 40 2 0x00000000
[ 240.391524] Workqueue: events mtk_atomic_work
[ 240.395884] Call trace:
[ 240.398317] [] __switch_to+0x80/0x8c
[ 240.403448] [] lock_acquire+0x128/0x164
[ 240.408821] kworker/3:2 D ffffffc000205760 0 129 2 0x00000000
[ 240.415867] Workqueue: events request_firmware_work_func
[ 240.421138] Call trace:
[ 240.423589] [] __switch_to+0x80/0x8c
[ 240.428688] [] __schedule+0x540/0x7b8
[ 240.433886] [] schedule+0x78/0x84
[ 240.438732] [] __mmc_claim_host+0xe8/0x1c8
[ 240.444361] [] sdio_claim_host+0x74/0x84
[ 240.449801] [] 0xffffffbffc163d08
[ 240.454649] [] 0xffffffbffc165104
[ 240.459486] [] mwifiex_dnld_fw+0x98/0x110 [mwifiex]
[ 240.465882] [] mwifiex_remove_card+0x2c4/0x5fc [mwifiex]
[ 240.472705] [] request_firmware_work_func+0x44/0x80
[ 240.479090] [] process_one_work+0x2ec/0x50c
[ 240.484794] [] worker_thread+0x350/0x470
[ 240.490231] [] kthread+0xf0/0xfcThis patch adds missing sdio_release_host() call so that wlan driver
thread can claim sdio host.Fixes: 4863e4cc31d647e1 ("Bluetooth: btmrvl: release sdio bus after firmware is up")
Signed-off-by: Chin-Ran Lo
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
20 Nov, 2015
1 commit
-
The new hci_skb_pkt_* wrappers are mainly intented for drivers to
require less knowledge about bt_cb(sbk) handling. So after converting
the core packet handling, convert all drivers.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg
26 Sep, 2015
1 commit
-
NOT NULL comparison modified to be readable, reported
by checkpatch.Signed-off-by: Prasanna Karthik
Signed-off-by: Marcel Holtmann
22 Sep, 2015
3 commits
-
This patch adds support for Marvell's new chipset SD8997.
Register offsets and supported feature flags are updated.Signed-off-by: Zhaoyang Liu
Signed-off-by: Cathy Luo
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann -
Coding style fix, extra spaces are removed to make casting
consistent.Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann -
First firmware dump attempt from user works fine, but firmware goes
into bad state after this. Subsequent attempts fails.As required by the firmware dump implementation, this change writes
FW_DUMP_READ_DONE value to dump ctrl register to address this issue.Signed-off-by: Nachiket Kukade
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
29 Aug, 2015
1 commit
-
This change ensures we will get driver name as 'btmrvl_sdio'
in udev event.Signed-off-by: Shengzhen Li
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
11 Aug, 2015
1 commit
-
We will not release sdio bus until firmware is completely
downloaded and becomes ready. Our 8887 A2 chip can have
separate firmware images for WLAN and bluetooth. This
patch fixes an issue observed when both drivers
simultaneously try to download respective firmwares.Signed-off-by: Aniket Nagarnaik
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
14 May, 2015
1 commit
-
This patch fixes a compile warnning "dump_num maybe used uninitialized in
this function".Signed-off-by: Xinming Hu
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
06 Jan, 2015
2 commits
-
When driver is loaded, it is important to know if FW was already
active or it is freshly downloaded. This patch increases the
priority of the message.Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann -
This flag will be set in unload path to make sure that we skip
sending further commands, ignore interrupts and stop main thread
when unload starts.Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
04 Dec, 2014
2 commits
-
This patch adds firmware dump support for marvell
bluetooth chipset. Currently only SD8897 is supported.
This is implemented based on dev_coredump, a new mechnism
introduced in kernel 3.18rc3Firmware dump can be trigger by
echo 1 > /sys/kernel/debug/bluetooth/hci*/config/fw_dump
and when the dump operation is completed, data can be read by
cat /sys/class/devcoredump/devcd*/dataWe have prepared following script to divide fw memory
dump data into multiple files based on memory type.[root]# cat btmrvl_split_dump_data.sh
#!/bin/bash
# usage: ./btmrvl_split_dump_data.sh dump_datafw_dump_data=$1
mem_type="ITCM DTCM SQRAM APU CIU ICU MAC EXT7 EXT8 EXT9 EXT10 EXT11 EXT12 EXT13 EXTLAST"
for name in ${mem_type[@]}
do
sed -n "/Start dump $name/,/End dump/p" $fw_dump_data > tmp.$name.log
if [ ! -s tmp.$name.log ]
then
rm -rf tmp.$name.log
else
# Remove the describle info "Start dump" and "End dump"
sed '1d' tmp.$name.log | sed '$d' > /data/$name.log
if [ -s /data/$name.log ]
then
echo "generate /data/$name.log"
else
sed '1d' tmp.$name.log | sed '$d' > /var/$name.log
echo "generate /var/$name.log"
fi
rm -rf tmp.$name.log
fi
doneSigned-off-by: Xinming Hu
Signed-off-by: Cathy Luo
Signed-off-by: Avinash Patil
Reviewed-by: Johannes Berg
Reviewed-by: Marcel Holtmann
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann -
BT_INFO/BT_DBG etc. already takes care of adding a newline
An extra newline character inside message is removed in this
patch.Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
30 Sep, 2014
2 commits
-
This patch adds driver support for marvell SD8887 chip.
Signed-off-by: Xinming Hu
Signed-off-by: Kevin Gan
Signed-off-by: Cathy Luo
Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann -
Register offsets are different for SD8897 and newer chip SD8887.
We can not have common btmrvl_sdio_card_reg map for them.Signed-off-by: Amitkumar Karwar
Signed-off-by: Marcel Holtmann
15 Jul, 2014
1 commit
-
We should suspend hci device and purge remaining data in tx queue
before enabling host sleep in firmware. If any data is sent to
firmware after host sleep is activated, firmware may end up
sending a TX_DONE interrupt to driver. If this interrupt gets
delivered to host while the SDIO host controller is suspending,
it may crash the system.Conversely, in resume handler, we should resume hci device after
host sleep is de-activated.Signed-off-by: Chin-Ran Lo
Signed-off-by: Bing Zhao
Signed-off-by: Marcel Holtmann
03 Jul, 2014
1 commit
-
A vendor specific command is sent to firmware during
initialization to enable this feature. This command is for
SD8897 only.Signed-off-by: Bing Zhao
Signed-off-by: Marcel Holtmann
29 Mar, 2014
1 commit
-
For SD8897, CMD52 write_to_clear may have missing interrupts
under certain corner case condition. Use CMD53 read-to-clear
to fix the problem.Signed-off-by: Bing Zhao
Signed-off-by: Marcel Holtmann
28 Mar, 2014
1 commit
-
This patch improves readability and makes future changes easier.
Signed-off-by: Bing Zhao
Signed-off-by: Marcel Holtmann
04 Dec, 2013
1 commit
-
Some ARM versions of Chromebook need to download a new calibration
data from host driver to firmware. They do have EEPROM but still
need a piece of new calibration data in test mode.The cal-data is platform dependent. It's simpler and more feasible
to use device tree based cal-data instead of configuration file
based cal-data.This patch remove configuration file based cal-data downloading
and replace it using cal-data from device tree.When CONFIG_OF is not selected, or the specific property is not
present in the device tree, the calibration downloading will not
happen.Cc: Mike Frysinger
Cc: Amitkumar Karwar
Signed-off-by: Bing Zhao
Signed-off-by: Hyuckjoo Lee
Signed-off-by: Marcel Holtmann
11 Oct, 2013
1 commit
-
To avoid casting skb->dev into hdev, just let the drivers provide
the hdev directly when calling hci_recv_frame() function.This patch also fixes up all drivers to provide the hdev.
Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg
02 Oct, 2013
2 commits
-
A text file containing calibration data in hex format can
be provided at following path:/lib/firmware/mrvl/sd8797_caldata.conf
The data will be downloaded to firmware during initialization.
Reviewed-by: Mike Frysinger
Signed-off-by: Amitkumar Karwar
Signed-off-by: Bing Zhao
Signed-off-by: Hyuckjoo Lee
Signed-off-by: Marcel Holtmann -
Move initialization code to hdev's setup handler.
Signed-off-by: Amitkumar Karwar
Signed-off-by: Bing Zhao
Signed-off-by: Marcel Holtmann
21 Aug, 2013
1 commit
-
There are two places where DIV_ROUND_UP may be used. It makes code a bit
clearer.Signed-off-by: Andy Shevchenko
Signed-off-by: Gustavo Padovan
14 Jun, 2013
1 commit
-
Fix to return -ENOMEM in the skb alloc error handling case
instead of 0, as done elsewhere in this function.Signed-off-by: Wei Yongjun
Signed-off-by: Gustavo Padovan
Signed-off-by: John W. Linville
12 Jun, 2013
1 commit
-
The register offsets have been changed in SD8897 and newer chips.
Define a new btmrvl_sdio_card_reg map for SD88xx.Signed-off-by: Bing Zhao
Signed-off-by: Frank Huang
Signed-off-by: Gustavo Padovan
Signed-off-by: John W. Linville
24 Apr, 2013
2 commits
-
FW does the synchronization of the different modules during init.
It will report different modules, that it is ready at different times.
The fw download 'winner' will be reported fw ready first. Without this
patch, btmrvl was already continuing before the FW told it too. Probably
on behalf of the 'winner' which then never sees FW ready and times out.Signed-off-by: Andreas Fenkart
Signed-off-by: Gustavo Padovan -
If not winner, driver must release the sdio host lock, so the fw
download can progress. While holding the lock fw download is stalled
and the following error is produced:[ 235.746015] Bluetooth: FW failed to be active in time!
[ 235.752799] Bluetooth: Downloading firmware failed!Signed-off-by: Andreas Fenkart
Signed-off-by: Gustavo Padovan
19 Apr, 2013
1 commit
-
There is no need to init ret to zero in btmrvl_sdio_download_fw().
Signed-off-by: Gustavo Padovan
16 Mar, 2013
1 commit
-
The firmware images are shared with libertas_sdio WiFi chip and used to be
in libertas/ subtree in linux-firmware. As btmrvl_sdio used to look into
the linux-firmware root, it ended up being unsuccessful. Since the
firmware files are not specific to the libertas hardware, they're being
moved into mrvl/ now.Signed-off-by: Lubomir Rintel
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan
11 Oct, 2012
1 commit
-
Use standard print specifier and remove print_hex_dump_bytes call.
Makes output more sensible:...
[18809.401218] 00000000: 0b 00 00 fe 5b fc 01 f2 00 00 00 ....[......
...would be changed to
...
[18809.401218] Bluetooth: hex: 0b 00 00 fe 5b fc 01 f2 00 00 00
...Signed-off-by: Andrei Emeltchenko
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan
28 Sep, 2012
3 commits
-
Add extra check to avoid skb buffer overflow. Fixes crash below:
[ 101.030427] ------------[ cut here ]------------
[ 101.030459] kernel BUG at net/core/skbuff.c:127!
[ 101.030486] invalid opcode: 0000 [#1] SMP
...
[ 101.030806] Pid: 2010, comm: btmrvl_main_ser Not tainted 3.5.0+ #80 Laptop
[ 101.030859] EIP: 0060:[] EFLAGS: 00010282 CPU: 0
[ 101.030894] EIP is at skb_put+0x99/0xa0
[ 101.030919] EAX: 00000080 EBX: f129380b ECX: ef923540 EDX: 00000001
[ 101.030956] ESI: f00a4000 EDI: 00001003 EBP: ed4a5efc ESP: ed4a5ecc
[ 101.030992] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 101.031024] CR0: 8005003b CR2: 08fca014 CR3: 30960000 CR4: 000407f0
[ 101.031062] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 101.031100] DR6: ffff0ff0 DR7: 00000400
[ 101.031125] Process btmrvl_main_ser (pid: 2010, ti=ed4a4000 task=ef923540 task.ti=ed4a4000)
[ 101.031174] Stack:
[ 101.031188] c18126f8 c1651938 f853f8d2 00001003 00001003 f1292800 f1292808 f129380b
[ 101.031250] f1292940 f00a4000 eddb1280 efc0f9c0 ed4a5f44 f853f8d2 00000040 00000000
[ 101.031312] ef923540 c15ee096 ef923540 eddb12d4 00000004 f00a4000 00000040 00000000
[ 101.031376] Call Trace:
[ 101.031396] [] ? btmrvl_sdio_process_int_status+0x272/0x3d0 [btmrvl_sdio]
[ 101.031444] [] btmrvl_sdio_process_int_status+0x272/0x3d0 [btmrvl_sdio]
[ 101.031488] [] ? _raw_spin_unlock_irqrestore+0x36/0x70
[ 101.031526] [] btmrvl_service_main_thread+0x244/0x300 [btmrvl]
[ 101.031568] [] ? btmrvl_sdio_poll_card_status.isra.6.constprop.7+0x90/0x90 [btmrvl_sdio]
[ 101.031619] [] ? try_to_wake_up+0x270/0x270
[ 101.031648] [] ? btmrvl_process_event+0x3b0/0x3b0 [btmrvl]
[ 101.031686] [] kthread+0x7d/0x90
[ 101.031713] [] ? flush_kthread_work+0x150/0x150
[ 101.031745] [] kernel_thread_helper+0x6/0x10
...
[ 101.032008] EIP: [] skb_put+0x99/0xa0 SS:ESP 0068:ed4a5ecc
[ 101.056125] ---[ end trace a0bd01d1a9a796c8 ]---Signed-off-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan -
The kernel.h macro DIV_ROUND_UP performs the computation
(((n) + (d) - 1) / (d))Signed-off-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan -
Make code readable by correcting name from buf_block_len to num_blocks
since it represent number of blocks; NOT a length of a block buffer.Signed-off-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan
09 Sep, 2012
1 commit
-
Remove pointless conditional before kfree_skb().
Signed-off-by: Wei Yongjun
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan