Avinash Patil [Wed, 28 May 2014 04:39:32 +0000 (21:39 -0700)]
mwifiex: fix a crash in extended scan event processing
[113.967694] Unable to handle kernel NULL pointer dereference
at virtual address 00000020
............
[113.967859] PC is at mwifiex_update_rxreor_flags+0xfc/0x430
............
[113.968110] mwifiex_update_rxreor_flags+0xfc/0x430
[113.968129] mwifiex_handle_event_ext_scan_report+0x1e4/0x21c
[113.968148] mwifiex_process_sta_event+0x410/0x508
[113.968165] mwifiex_process_event+0x184/0x1e0
[113.968181] mwifiex_main_process+0x220/0x48c
[113.968197] mwifiex_sdio_interrupt+0xc8/0x1cc
[113.968210] sdio_irq_thread+0x11c/0x290
In case of legacy scan, adapter->curr_cmd is guranteed to be
non-NULL in check_next_scan_cmd. This may not be case in
extended scan where scan command response would come earlier and
set curr_cmd to NULL. Extended scan event comes later and while
trying to complete IOCTL for scan, driver would crash in
dereferencing adapter->curr_cmd->wait_q_enabled.
Avoid this by completing IOCTL in case of legacy scans only.
Internal scan would be completed while handling extended scan
command response.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Tue, 27 May 2014 20:07:31 +0000 (22:07 +0200)]
b43: PHY: allow init optimizations by tracking PHY state
PHY has to be often re-initialized (e.g. during band switching after PHY
reset), however some operations have to be performed only once (only
power reset affects them).
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
In case of receiving frame with sequence number far greater than current,
wil_release_reorder_frames() will iterate many times over empty buffer.
Optimize this case by checking buffer emptiness and simply update
head_seq_num without iterating.
Suggested-by: Vladimir Shulman <Vladimir.Shulman@Wilocity.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
If scan has not finished in some reasonable time (10sec), interpret it as
if firmware error occurs but was not reported. Firmware should report
scan completion for every scan request, so it is error condition indeed.
Perform firmware recovery procedure.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
In case there is something fundamentally wrong with the firmware
(example: RF cable disconnected), FW will always crash immediately
after reset. This leads to infinite fw error recovery loop.
Count consecutive unsuccessful error recovery attempts in a short period
of time, and stop doing recovery after some reasonable count.
It is still possible to manually reset fw doing
interface down/up sequence.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k: Fix deadlock while updating p2p beacon timer
pm_lock is taken twice while syncing HW TSF of p2p vif.
Fix this by taking the lock at caller side.
Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:28 +0000 (12:56 +0200)]
brcmfmac: remove firmware list from USB driver
The USB driver was using a list for firmware info that was
used in suspend/resume scenario. Now that brcmfmac is using
the asynchronous firmware request this is no longer needed.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Tue, 27 May 2014 10:56:27 +0000 (12:56 +0200)]
brcmfmac: Remove interrupt endpoint usage from USB driver.
The USB bus driver always configured an USB intr EP urb. The
driver did not use the result at all and with newer firmware it is
causing continues errors on this EP.
Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Kim [Tue, 27 May 2014 10:56:26 +0000 (12:56 +0200)]
brcmfmac: Increase max buffer size for receiving control message from dongle
The max buffer size for receiving control message from dongle needs to be
increased considering possible block padding. Otherwise some big control
message can't be received due to buffer overrun check.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Daniel Kim <dekim@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:25 +0000 (12:56 +0200)]
brcmutil: assure unused bits are cleared in 11n chanspec
The firmware channel specification is a bitfield using a
16-bit integer, but only 14 lsb are used. Upon encoding
this value assure all 16 bits are cleared.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:24 +0000 (12:56 +0200)]
brcmfmac: make brcmf_fw_nvram_strip() static
The function brcmf_fw_nvram_strip() is no longer called so
it does not need to be exposed.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:23 +0000 (12:56 +0200)]
brcmfmac: use asynchronous firmware request in USB
This patch adds use of asynchronous firmware request to
the driver USB layer.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:22 +0000 (12:56 +0200)]
brcmfmac: use asynchronous firmware request in SDIO
This patch adds use of asynchronous firmware request to
the driver SDIO layer.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:21 +0000 (12:56 +0200)]
brcmfmac: introduce asynchronous firmware loading
The driver needs firmware to be loaded to the device, which
is done through the firmware class API. The synchronous call
request_firmware() need root filesystem to be mounted and/or
user-mode helper. These may not be avaliable on the moment
it is called. Instead use request_firmware_nowait().
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:19 +0000 (12:56 +0200)]
brcmfmac: rework usb callback operations
The resume callbacks do partly the same a the probe callback
so put common code in separate function for use in the callbacks.
This also fixes suspend/resume regression introduced by
brcmfmac: remove .init() callback for internal bus interface
The .init() callback was the first function called by the common
bus function brcmf_bus_start(). Given that it is not really
necessary and the bus layer can call it before calling the
brcmf_bus_start() function.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:18 +0000 (12:56 +0200)]
brcmfmac: call brcmf_detach() unconditional in sdio .remove() callback
The function brcmf_detach() checks whether it needs to do his stuff
or can return immediately. No need to have the same check in the
calling code.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Franky Lin <frankyl@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:17 +0000 (12:56 +0200)]
brcmfmac: rename nvram.[ch] for upcoming firmware handling functions
The firmware processing will be modified to use asynchronous request
firmware api. In preparation this patch is simple rename of source
and header file to which the functionality will be added.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Franky Lin <frankyl@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:16 +0000 (12:56 +0200)]
brcmfmac: remove .init() callback for internal bus interface
The .init() callback was the first function called by the common
bus function brcmf_bus_start(). Given that it is not really
necessary and the bus layer can call it before calling the
brcmf_bus_start() function.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Franky Lin <frankyl@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:15 +0000 (12:56 +0200)]
brcmfmac: make chandef_to_chanspec() function static
The function chandef_to_chanspec() was added by
brcmfmac: determine chanspec from struct cfg80211_chan_def info
The struct cfg80211_chan_def contains additional info to derive the
bandwidth and side-band information of the chanspec. This patch adds
chandef_to_chanspec() function used in IBSS join and starting AP
operation.
However, it introduced a sparse warning because the function
is only called from within the source file wl_cfg80211.c.
Reported-by: Fengguang Wu <fengguang.wu@intel.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:14 +0000 (12:56 +0200)]
brcmfmac: restore mpc before passing scan status to cfg80211
Before informing cfg80211 about the scan status the device should
be put back in mpc state. If done after user-space may initiate
another (scheduled) scan and fail because scan is still busy as
shown in logging below:
[ 3301.367376] brcmfmac: brcmf_fweh_event_worker event ESCAN_RESULT (69)
[ 3301.377305] brcmfmac: brcmf_fweh_event_worker version 2 flags 0 status 0
[ 3301.384993] brcmutil: event payload, len=12
[ 3301.389208] 00000000: 0c 00 00 00 6d 00 00 00 34 12 00 00
[ 3301.389214] brcmfmac: brcmf_sdio_kso_control Enter: on=0
[ 3301.402196] brcmfmac: brcmf_inform_bss scanned AP count (0)
[ 3301.407808] brcmfmac: brcmf_notify_escan_complete Enter
[ 3301.413064] brcmfmac: brcmf_notify_escan_complete ESCAN Completed scan: Done
[ 3301.420137] brcmfmac: brcmf_sdio_bus_txctl Enter
[ 3301.420368] brcmfmac: brcmf_cfg80211_sched_scan_start Enter
[ 3301.420370] brcmfmac: brcmf_cfg80211_sched_scan_start:
Scanning already: status (1)
[ 3301.440190] brcmfmac: brcmf_sdio_kso_control Enter: on=1
[ 3301.448695] brcmfmac: brcmf_sdio_tx_ctrlframe Enter
[ 3301.453662] brcmfmac: brcmf_sdio_bus_rxctl Enter
[ 3301.458326] brcmfmac: brcmf_sdio_isr Enter
[ 3301.462523] brcmfmac: brcmf_sdio_dpc Enter
[ 3301.466632] brcmfmac: brcmf_sdio_readframes Enter
[ 3301.471431] brcmfmac: brcmf_sdio_read_control Enter
[ 3301.476340] brcmfmac: brcmf_set_mpc MPC : 1
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 27 May 2014 10:56:13 +0000 (12:56 +0200)]
brcmfmac: reduce log level for invalid scheduled scan request
When a regular scan does not return any networks user-space does
request a scheduled scan without any matchset or ssid. This can
not be handled by the firmware so we return -EINVAL. However, as
this request is done let us not add an error message to the log.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Manuel Schölling [Sun, 25 May 2014 17:59:36 +0000 (19:59 +0200)]
mwifiex: use time_after()
To be future-proof and for better readability the time comparisons are
modified to use time_after() instead of plain, error-prone math.
Signed-off-by: Manuel Schölling <manuel.schoelling@gmx.de> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Andrea Merello [Sat, 24 May 2014 15:16:18 +0000 (17:16 +0200)]
at76c50x-usb: Make WEP encryption working.
Currently the driver uses HW encryption.
Whenever mac80211 calls the set_key() callback the driver restarts the
whole HW configuration procedure, in order to set (also) the new
WEP key.
However, by doing this, it causes the card to loose association information,
and the HW becomes unable to communicate with the BSS.
This patch adds support for sending another HW command, that sets only
the wep key, instead of resetting all.
Mac80211 key-set requests are thus handled via this new command.
Tested on my at76c503
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Fri, 23 May 2014 17:21:34 +0000 (19:21 +0200)]
ath9k: avoid passing buffers to the hardware during flush
The commit "ath9k: fix possible hang on flush" changed the receive code
to always link rx descriptors of processed frames, even when flushing.
In some cases, this leads to flushed rx buffers being passed to the
hardware while rx is already stopped.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Kees Cook [Thu, 22 May 2014 18:48:41 +0000 (11:48 -0700)]
rsi: avoid format string leak to thread name
Since the rsi_create_kthread interface does not include any format
string arguments, make sure that the resulting thread name can never
accidentally process the name as a format string.
Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avraham Stern [Thu, 22 May 2014 09:17:47 +0000 (12:17 +0300)]
mac80211: set new interfaces as idle upon init
Mark new interfaces as idle to allow operations that require that
interfaces are idle to take place. Interface types that are always
not idle (like AP interfaces) will be set as not idle when they are
assigned a channel context.
Felix Fietkau [Fri, 23 May 2014 18:05:28 +0000 (20:05 +0200)]
mac80211: reduce packet loss notifications under load
During strong signal fluctuations under high throughput, few consecutive
failed A-MPDU transmissions can easily trigger packet loss notification,
and thus (in AP mode) client disconnection.
Reduce the number of false positives by checking the A-MPDU status flag
and treating a failed A-MPDU as a single packet.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Generalize the power conversion from mW to dBm
using log. This should fix the below compilation
error for country NO which adds a new power value
2000mW which is not handled earlier.
CC [M] net/wireless/wext-sme.o
CC [M] net/wireless/regdb.o
net/wireless/regdb.c:1130:1: error: Unknown undeclared here (not in
a function)
net/wireless/regdb.c:1130:9: error: expected } before power
make[2]: *** [net/wireless/regdb.o] Error 1
make[1]: *** [net/wireless] Error 2
make: *** [net] Error 2
Reported-By: John Walker <john@x109.net> Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com> Acked-by: John W. Linville <linville@tuxdriver.com>
[remove unneeded parentheses, fix rounding by using %.0f] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Krzysztof Hałasa [Mon, 26 May 2014 12:14:46 +0000 (14:14 +0200)]
mac80211: fix IBSS join by initializing last_scan_completed
Without this fix, freshly rebooted Linux creates a new IBSS
instead of joining an existing one. Only when jiffies counter
overflows after 5 minutes the IBSS can be successfully joined.
Signed-off-by: Krzysztof Hałasa <khalasa@piap.pl>
[edit commit message slightly] Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 26 May 2014 11:52:25 +0000 (13:52 +0200)]
cfg80211: send events when devices are added/removed
We're currently sending NEW_WIPHY events for renames (which
is a bit odd, but now can't be changed), but also send them
for really new devices that register.
Also send DEL_WIPHY events when a device is removed, the
event ID for this was already reserved.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the commit below, cfg80211_chandef_dfs_required()
will warn if it gets a an NL80211_IFTYPE_UNSPECIFIED iftype
as explicitely written in the commit log.
When an virtual monitor interface is added, its type is set
in ieee80211_sub_if_data.vif.type, but not in
ieee80211_sub_if_data.wdev.iftype which is passed to
cfg80211_chandef_dfs_required() hence resulting in the
following warning:
Luciano Coelho [Fri, 23 May 2014 11:33:12 +0000 (14:33 +0300)]
mac80211: add a single-transaction driver op to switch contexts
In some cases, when the driver is already using all the channel
contexts it can handle at once, we have to do an in-place switch
(ie. we cannot afford using an extra context temporarily for the
transaction). But some drivers may not support switching the channel
context assigned to a vif on the fly (ie. without unassigning and
assigning it) while others may only work if the context is changed on
the fly, without unassigning it first.
To allow these different scenarios, add a new driver operation that
let's the driver decide how to handle an in-place switch.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johan Hedberg [Fri, 23 May 2014 10:19:53 +0000 (13:19 +0300)]
Bluetooth: Clearly distinguish mgmt LTK type from authenticated property
On the mgmt level we have a key type parameter which currently accepts
two possible values: 0x00 for unauthenticated and 0x01 for
authenticated. However, in the internal struct smp_ltk representation we
have an explicit "authenticated" boolean value.
To make this distinction clear, add defines for the possible mgmt values
and do conversion to and from the internal authenticated value.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
John W. Linville [Thu, 22 May 2014 18:21:12 +0000 (14:21 -0400)]
mwifiex: use 'const' qualifier for 2nd arg of mwifiex_tdls_add_ht_oper
Fixes the following warning:
CC drivers/net/wireless/mwifiex/tdls.o
drivers/net/wireless/mwifiex/tdls.c: In function ‘mwifiex_prep_tdls_encap_data’:
drivers/net/wireless/mwifiex/tdls.c:475:4: warning: passing argument 2 of ‘mwifiex_tdls_add_ht_oper’ discards ‘const’ qualifier from pointer target type [enabled by
default]
ret = mwifiex_tdls_add_ht_oper(priv, peer, 1, skb);
^
drivers/net/wireless/mwifiex/tdls.c:190:1: note: expected ‘u8 *’ but argument is of type ‘const u8 *’
mwifiex_tdls_add_ht_oper(struct mwifiex_private *priv, u8 *mac,
^
drivers/net/wireless/mwifiex/tdls.c:481:4: warning: passing argument 2 of ‘mwifiex_tdls_add_ht_oper’ discards ‘const’ qualifier from pointer target type [enabled by
default]
ret = mwifiex_tdls_add_ht_oper(priv, peer, 0, skb);
^
drivers/net/wireless/mwifiex/tdls.c:190:1: note: expected ‘u8 *’ but argument is of type ‘const u8 *’
mwifiex_tdls_add_ht_oper(struct mwifiex_private *priv, u8 *mac,
^
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On idle state, sleep timer is scheduled to put the chip into fullsleep.
But during suspend, this timer is scheduled after the chip is moved to
fullsleep forcibily. This is causing below unnecessary error messages
in kernel log during suspend.
ath: phy2: timeout (100000 us) on reg 0x806c: 0xdeadbeef & 0x01f00000
!= 0x00000000
ath: phy2: RX failed to go idle in 10 ms RXSM=0xdeadbeef
ath: phy2: DMA failed to stop in 10 ms AR_CR=0xdeadbeef AR_DIAG_SW=0xdeadbeef
DMADBG_7=0xdeadbeef
Reported-by: Arkh4mKn1ght <arkh4mkn1ght@gmail.com> Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k: Handle multiple keys while setting tx filters
The keycache index is used to abort transmission for given station
when it goes to sleep state. But the commit "ath9k_hw: Abort transmission
for sleeping station" is not handling multi-key station. Fix that.
Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Thu, 22 May 2014 05:02:31 +0000 (22:02 -0700)]
mwifiex: update seq number correctly for packets from TDLS peer
This patch adds handling of updating rx sequence number for
packets received from TDLS peer. Current implementation of
mwifiex_queueing_ra_based assumes station would always receive
packets from AP which is not true in case of TDLS.
Fix this by adding this case.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Thu, 22 May 2014 05:02:30 +0000 (22:02 -0700)]
mwifiex: set TDLS flags for AMSDU packets
This patch fixes an issue where AMSDU packets for TDLS link
would flow over infra link. This happened because we were
missing setting TDLS flag in TxPD on AMSDU packets.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Thu, 22 May 2014 05:02:29 +0000 (22:02 -0700)]
mwifiex: delete TDLS link upon Teardown event
If userspace application does not take care of TDLS teardown
event, TDLS link would be present in driver database and thus
driver would send such packets on direct link while peer has
already severed link causing data traffic failure. Disable TDLS
link upon teardown event so as to ensure this does not happen.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Thu, 22 May 2014 05:02:28 +0000 (22:02 -0700)]
mwifiex: silence TDLS link delete failure for nonexistent link
If TDLS link delete command fails because of non-existent peer
or TDLS peer is absent from driver's entry, it means link was
already deleted. In such case print debug messages with lower
severity.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Thu, 22 May 2014 05:02:27 +0000 (22:02 -0700)]
mwifiex: avoid TDLS check for packets destined to AP
In station role if TDLS is supported, we traverse TDLS peer list
to see if packet's destination address matches with TDLS peer.
Packets destined to AP are not sent over TDLS link and hence
avoid this list traversal for such packets.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Wed, 21 May 2014 06:44:20 +0000 (08:44 +0200)]
b43: fix list of 5 GHz channels for 802.11n cards
Broadcom hardware uses a bit tricky hw_value-s for 5 GHz channels,
values 184-228 are used for 4920-5140 MHz center frequencies. Normally
you expect channels 7-16 (e.g. 5060 MHz is channel 12, not 212). We never
meant to register hw_value 228 with freq 6140 MHz (5000 + 228 * 5).
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Williams [Thu, 22 May 2014 12:32:41 +0000 (07:32 -0500)]
libertas: fix return value when processing invalid packet
Nothing actually uses the return value yet, but we might as well
make it correct, like process_rxed_802_11_packet() does for the
same case. Also ensure that if monitor mode is enabled (and
thus process_rxed_802_11_packet() is called) that the debugging
enter/leave functions are balanced.
Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Richard Genoud [Thu, 3 Apr 2014 14:48:56 +0000 (16:48 +0200)]
rt2x00: Endless loop on hub port power down
I've met an endless (or at least very long) loop if I power down the usb
port on witch a usb wifi key is plugged.
(Ok, it's not very smart to power down a usb port when a usb key is in
used... but still, I think that should not lead to an endless loop).
I have a lot of:
ieee80211 phy1: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x0438 with error -71
(-71==-EPROTO)
How to reproduce:
- plug an usb wifi key
- ip link set wlan0 up
- hub-ctrl -b usb_bus -d usb_device -P usb_port -p 0
carl9170: fix leaks at failure path in carl9170_usb_probe()
carl9170_usb_probe() does not handle request_firmware_nowait() failure
that leads to several leaks in this case.
The patch adds all required deallocations.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Thu, 22 May 2014 17:56:46 +0000 (13:56 -0400)]
Merge tag 'nfc-next-3.16-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz <sameo@linux.intel.com> says:
"NFC: 3.16: First pull request
This is the NFC pull request for 3.16. We have:
- STMicroeectronics st21nfca support. The st21nfca is an HCI chipset and
thus relies on the HCI stack. This submission provides support for tag
redaer/writer mode (including Type 5) and device tree bindings.
- PM runtime support and a bunch of bug fixes for TI's trf7970a.
- Device tree support for NXP's pn544. Legacy platform data support is
obviously kept intact.
- NFC Tag type 4B support to the NFC Digital stack.
- SOCK_RAW type support to the raw NFC socket, and allow NCI
sniffing from that. This can be extended to report HCI frames and also
proprietarry ones like e.g. the pn533 ones."
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Channels in 2.4GHz band overlap, this means that if we
send a probe request on channel 1 and then move to channel
2, we will hear the probe response on channel 2. In this
case, the RSSI will be lower than if we had heard it on
the channel on which it was sent (1 in this case).
The firmware / low level driver can parse the channel in
the DS IE or HT IE and compensate the RSSI so that it will
still have a valid value even if we heard the frame on an
adjacent channel. This can be done up to a certain offset.
Add this offset as a configuration for the low level driver.
A low level driver that can compensate the low RSSI in this
case should assign the maximal offset for which the RSSI
value is still valid.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Arik Nemtsov [Thu, 15 May 2014 14:31:51 +0000 (17:31 +0300)]
iwlwifi: mvm: remove vif argument from power_update_mac
The power update function looks at all current vifs to determine the power
policy. It doesn't use the current vif. Instead the value was overwritten
and used internally.
Luciano Coelho [Tue, 13 May 2014 14:33:38 +0000 (17:33 +0300)]
iwlwifi: mvm: pass force_assoc_off all the way down to avoid hacks
In some cases, we need to force the association to be off in the
MAC_CONTEXT_CMD command we send to the firmware. Instead of having to
hack the vif->bss_conf.assoc value, pass it all the way down the call
chain.
Additionally, for the iwl_mvm_mac_ctxt_add() case, we *always* set
forced_assoc_off to true, so we can remove the hack in the d3 code
that was forcing it to off by hacking the bss_conf.assoc value.
Avri Altman [Tue, 20 May 2014 05:03:24 +0000 (08:03 +0300)]
iwlwifi: mvm: don't filter out the first beacon
Enabling beacon filtering should be done only after a beacon
has been received. Doing that too early will cause
disconnections.
This has already been fixed, but the fix didn't take care
about the case where the beacon is received after the
association, it waited only for association which is not
enough.
cfg80211: implement cfg80211_get_station cfg80211 API
Implement and export the new cfg80211_get_station() API.
This utility can be used by other kernel modules to obtain
detailed information about a given wireless station.
It will be in particular useful to batman-adv which will
implement a wireless rate based metric.
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add get_expected_throughput() API to mac80211 so that each
driver can implement its own version based on the RC
algorithm they are using (might be using an HW RC algo).
The API returns a value expressed in Kbps.
Also, add the new get_expected_throughput() member
to the rate_control_ops structure in order to be
able to query the RC algorithm (this patch provides an
implementation of this API for both minstrel and
minstrel_ht).
The related member in the station_info object is now
filled accordingly when dumping a station.
Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johan Hedberg [Tue, 20 May 2014 06:45:52 +0000 (09:45 +0300)]
Bluetooth: Update smp_confirm to return a response code
Now that smp_confirm() is called "inline" we can have it return a
response code and have the sending of it be done in the shared place for
command handlers. One exception is when we're entering smp.c from mgmt.c
when user space responds to authentication, in which case we still need
our own code to call smp_failure().
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 20 May 2014 06:45:49 +0000 (09:45 +0300)]
Bluetooth: Remove unnecessary work structs from SMP code
When the SMP code was initially created (mid-2011) parts of the
Bluetooth subsystem were still not converted to use workqueues. This
meant that the crypto calls, which could sleep, couldn't be called
directly. Because of this the "confirm" and "random" work structs were
introduced.
These days the entire Bluetooth subsystem runs through workqueues which
makes these structs unnecessary. This patch removes them and converts
the calls to queue them to use direct function calls instead.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 20 May 2014 06:45:48 +0000 (09:45 +0300)]
Bluetooth: Fix setting initial local auth_req value
There is no reason to have the initial local value conditional to
whether the remote value has bonding set or not. We can either way start
off with the value we received.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 20 May 2014 06:45:47 +0000 (09:45 +0300)]
Bluetooth: Make SMP context private to smp.c
There are no users of the smp_chan struct outside of smp.c so move it
away from smp.h. The addition of the l2cap.h include to hci_core.c,
hci_conn.c and mgmt.c is something that should have been there already
previously to avoid warnings of undeclared struct l2cap_conn, but the
compiler warning was apparently shadowed away by the mention of
l2cap_conn in the struct smp_chan definition.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Oleksij Rempel [Mon, 19 May 2014 22:02:03 +0000 (00:02 +0200)]
ath9k_htc: fix build with disabled debug
CC [M] drivers/net/wireless/ath/ath9k/htc_drv_txrx.o
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c: In function ‘ath9k_rx_prepare’:
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:1006:2: warning: passing argument 2 of ‘ath9k_htc_err_stat_rx’ from incompatible pointer type [enabled by default]
ath9k_htc_err_stat_rx(priv, &rx_stats);
^
In file included from drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:17:0:
drivers/net/wireless/ath/ath9k/htc.h:380:20: note: expected ‘struct ath_htc_rx_status *’ but argument is of type ‘struct ath_rx_status *’
static inline void ath9k_htc_err_stat_rx(struct ath9k_htc_priv *priv,
Signed-off-by: Oleksij Rempel <linux@rempel-privat.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
cfg80211: export expected throughput through get_station()
Users may need information about the expected throughput
towards a given peer.
This value is supposed to consider the size overhead
generated by the 802.11 header.
This value is exported in kbps through the get_station() API
by including it into the station_info object.
Moreover, it is sent to user space when replying to the
nl80211 GET_STATION command.
This information will be useful to the batman-adv module
which will use it for its new metric computation.
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In case anybody uses previous patchset with the CLF, add a check to make sure
missing pipe are created.
st21nfca returns its pipe list in the creation order (most recent latest).
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Hiren Tandel [Mon, 5 May 2014 10:52:27 +0000 (19:52 +0900)]
NFC: NCI: Send all NCI frames to raw sockets
So that anyone listening on SOCKPROTO_RAW for raw frames will get all
NCI frames, in both directions. This actually implements userspace NFC
NCI sniffing.
It's now up to userspace to decode those frames.
Signed-off-by: Hiren Tandel <hirent@marvell.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Hiren Tandel [Mon, 5 May 2014 10:43:31 +0000 (19:43 +0900)]
NFC: Add RAW socket type support for SOCKPROTO_RAW
This allows for a more generic NFC sniffing by using SOCKPROTO_RAW
SOCK_RAW to read RAW NFC frames. This is for sniffing anything but LLCP
(HCI, NCI, etc...).
Signed-off-by: Hiren Tandel <hirent@marvell.com> Signed-off-by: Rahul Tank <rahult@marvell.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Hiren Tandel [Tue, 6 May 2014 06:51:50 +0000 (15:51 +0900)]
NFC: NCI: No need to reverse ATR_RES Response
ATR_RES response received within Activation Parameters is already
in correct order. Reversing it fails LLCP magic number check and
so P2P functionality fails.
Signed-off-by: Hiren Tandel <hirent@marvell.com> Signed-off-by: Rahul Tank <rahult@marvell.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Mark A. Greer [Wed, 23 Apr 2014 18:00:56 +0000 (11:00 -0700)]
NFC: digital: Handle multiple SENSF_REQ frames
According to section 5.15.1.3 of the NFC Activity
Specification, multiple SENSF_REQ commands can be
received by a target before it receives an ATR_REQ
command. To handle this, add a routine that checks
whether a SENSF_REQ or ATR_REQ has been recieved.
If its a SENSF_REQ, respond appropriately and
continue waiting for a ATR_REQ. If its an ATR_REQ,
handle it as before.
CC: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Mark A. Greer <mgreer@animalcreek.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Mark A. Greer [Wed, 23 Apr 2014 18:00:55 +0000 (11:00 -0700)]
NFC: digital: SENSF_RES excludes RD when SENSF_REQ RC is zero
The check in digital_tg_send_sensf_res() that excludes
the 'RD' field from the SENSF_RES is inverted. The 'RD'
field should be excluded when the SENSF_REQ 'RC' field
is equal to DIGITAL_SENSF_REQ_RC_NONE instead of when
its not equal. This is described in section 6.6.2.11
of the NFC Digital Specification.
CC: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Mark A. Greer <mgreer@animalcreek.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>