The problem is fixed by making certain that the ucode pointer is not NULL
before deregistering the driver in mac80211.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> [v 3.3.0+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Wed, 26 Sep 2012 07:21:48 +0000 (10:21 +0300)]
brcmfmac: use kcalloc() to prevent integer overflow
The multiplication here looks like it could overflow. I've changed it
to use kcalloc() to prevent that.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Force chain 1 to be used for CCK rates since the target power
table stored in EEPROM is too high to transmit with both chains.
This is needed to avoid regulatory violation.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Kevin Gan [Wed, 26 Sep 2012 03:23:45 +0000 (20:23 -0700)]
mwifiex: add inactivity deauth support for ap
The firmware has support for this feature, so we offload it to
firmware. In start_ap, driver passes the inactivity timeout
value to firmware via TLVs and firmware will report STA_DEAUTH
event to driver when inactivity timer is fired.
Signed-off-by: Kevin Gan <ganhy@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Nishant Sarmukadam <nishants@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stone Piao [Wed, 26 Sep 2012 03:23:44 +0000 (20:23 -0700)]
mwifiex: set txpd when send a mgmt frame for AP and GO mode
Set packet type and packet offset in txpd when send a mgmt frame
in AP and GO mode.
Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Kevin Gan <ganhy@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver will send some commands to firmware during the
initialization. Currently these commands are sent asynchronously,
which means that we firstly insert all of them to a pre-allocated
command queue, and then start to process them one by one. The
command queue will soon be exhausted if we keep adding new
initialization commands.
This issue can be resolved by sending initialization commands
synchronously because each command is consumed and the buffer is
recycled before queuing next command.
Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stone Piao [Wed, 26 Sep 2012 03:23:35 +0000 (20:23 -0700)]
mwifiex: report received management frames to cfg80211
Process the management frames received from firmware and report
them to cfg80211.
Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Kiran Divekar <dkiran@marvell.com> Signed-off-by: Kevin Gan <ganhy@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Thomas Wagner [Tue, 25 Sep 2012 16:02:55 +0000 (21:32 +0530)]
ath9k: Fix rx filtering issue for older chips
We need to have the promiscuous mode enabled for older
chipsets so that the olderchips hardware does not
filters out some valid/necessary frames that need
to be sent to mac80211. Fix this by enabling promiscus
mode for all the chipsets whose macversion <= AR9160
chipsets. This should fix
https://bugzilla.kernel.org/show_bug.cgi?id=45591
shafi: made the fix generic by having the frame filtering
disabled for chipsets older than AR9280.
Cc: Javier Cardona <javier@cozybit.com> Signed-off-by: Thomas Wagner <Thomas.Wagner@hs-rm.de> Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Fri, 28 Sep 2012 14:55:00 +0000 (10:55 -0400)]
Merge tag 'nfc-next-3.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-3.0
So says Samuel Ortiz <sameo@linux.intel.com>:
The 2nd NFC pull request for 3.7.
- A couple of wrong context sleep fixes.
- An LLCP rwlock intizialisation fix.
- A missing mutex unlocking for pn533.
- LLCP raw sockets support. This is going to be used for NFC sniffing.
- A build fix for llc_shdlc. It fixes a build error triggered by code that's
living in wireless-next.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
wlcore_op_set_key() calls wl18xx_set_key(),
which in turn executes some of his function
calls without acquiring wl->mutex and making
sure the fw is awake.
Adding mutex_lock()/ps_elp_wakeup() calls is
not enough, as wl18xx_set_key() calls
wl1271_tx_flush() which can't be called while
the mutex is taken.
Add the required calls to wlcore_op_set_key,
but limit the queues_stop and flushing
to the only encryption types in which
a spare block might be needed (GEM and TKIP).
The current elp timeout (the same as the dynamic
ps timeout - 1500ms) is too high. Usually,
wl1271_ps_elp_sleep() get called right after tx/rx,
which is fine, but some command might get sent
even when there is no traffic (e.g. ht changes
triggered by beacon frames), and leaving the
device awake for 1500ms in this case is redundant.
Use a timeout of 30ms.
The fw won't enter elp anyway before the dynamic-ps
timeout was expired as well (and it entered ps
successfully).
The NVS file is loaded by the device's probe callback with the help of
request_firmware(). Since request_firmware() relies on udevd, the
modules cannot be loaded before hotplug events are handled.
Fix this by loading the NVS file asynchronously and continue
initialization only after the firmware request is over.
Move most of the device-specific probe functionality into setup(), a new
op. By doing this, wlcore_probe will be the first to request a firmware
from userspace, making it easier to load the NVS file asynchronously.
Ido Yariv [Tue, 21 Aug 2012 14:17:13 +0000 (17:17 +0300)]
wlcore: Allow memory access when the FW crashes
When the no_recovery flag is used, the recovery work will not restart
the FW and the state will not be set to 'on'. To enable post-mortem
analysis, allow memory access in the 'restarting' state.
Also, since the FW might not be operational, don't fail the read/write
operations if elp_wakeup fails.
Eliad Peller [Thu, 16 Aug 2012 10:32:32 +0000 (13:32 +0300)]
wlcore: invalidate keep-alive template on disconnection
Previously, invalidation of the keep-alive template was
done when going idle. However, while removing the
idle-handling we didn't move the keep-alive template
invalidation to another place.
This finally resulted in fw error when trying to use
the keep-alive template by another role.
(Note that we still have an error here - each role
should have its unique keep-alive template id, while
currently they all use CMD_TEMPL_KLV_IDX_NULL_DATA (0).
This only works now because we don't support concurrent
connected stations yet)
Ido Yariv [Wed, 15 Aug 2012 12:09:30 +0000 (15:09 +0300)]
wlcore: Don't recover during boot
While recursive recovery is avoided during shutdown, a new recovery may
be queued when the FW boots. The recovery work will then try to stop an
already stopped hardware, which will most likely result in a kernel
panic.
Fix this by verifying that wl->state is on before queueing a new
recovery.
Enable device roles just before starting it.
This way, a single device role should be enough
for all vifs, as we can't use concurrent device
roles (which require ROC) anyway.
Arik Nemtsov [Thu, 2 Aug 2012 17:37:21 +0000 (20:37 +0300)]
wlcore/wl18xx/wl12xx: allow up to 3 mac addresses
Allow 3 native mac addresses on 18xx. On 12xx allow 2 native mac
addresses and set the LAA bit to create a third mac address. This
enabled operation with a separate group interface.
Eliad Peller [Wed, 1 Aug 2012 15:44:22 +0000 (18:44 +0300)]
wlcore: resume() only if sta is associated
mac80211's resume() callback might get called even if
the sta is not associated (but only up). The
resume sequence in this case results in configuring
the wake-up conditions of a non-started role, which
causes fw assertion.
Fix it by bailing out if the STA is not connected
(like we do on suspend()).
Eyal Shapira [Thu, 2 Aug 2012 04:15:19 +0000 (07:15 +0300)]
wlcore: configure wowlan regardless of wakeup conditions
wowlan filters should be configured in any case in suspend/resume.
This shouldn't be dependent on whether wakeup conditions are the
same for suspend and resume states. Only the FW command to
reconfigure wakeup conditions should be avoided in such a case.
Aggregation buffer size is set separately per 18xx/12xx chip family.
For 18xx aggragation buffer is set to 13 pages to utilize all
the available tx/rx descriptors for aggregation.
wlcore: tx_flush - optimize flow and force Tx during the flush
Force Tx during the flush if there are packets pending in the driver.
This actually solves a bug where we would get called from the mac80211
wq context, which would prevent tx_work from getting queued, even when
the mutex is unlocked.
Don't stop the queues needlessly if there's nothing to flush. Use a
larger delay when sleeping to give the driver a chance to flush and
avoid cpu busy looping. Re-arrange the loop so the last iteration is
not wasted.
wlcore: allow only the lowest OFDM rate for p2p setup frames
The IEEE80211_TX_CTL_NO_CCK_RATE flag is only set for mgmt packets
transmitted during p2p connection setup. Make sure to use the lowest
OFDM rate guarantee the peer always hears us.
Change the p2p rate policy to contain only the 6mpbs rate to acheive
this effect.
wlcore: AP mode - send non-data packets with basic rates
This solves interoperability issues with peer that don't seem to "hear"
management packets transmitted in higher rates. Based on a previous
patch by Igal Chernobelsky.
wlcore: Prevent interaction with HW after recovery is queued
When a function requests to recover, it would normally abort and will
not send any additional commands to the HW. However, other threads may
not be aware of the failure and could try to communicate with the HW
after a recovery was queued, but before the recovery work began.
Fix this by introducing an intermediate state which is set when recovery
is queued, and modify all state checks accordingly.
When a single fw is being used for both single-role
and multi-role cases (e.g. 18xx), wl->mr_fw_name is
NULL, which results in NULL dereference while trying
to load the multi-role fw.
In this case, always use the single-role fw, and avoid
redundant fw switch by checking for this case in
wl12xx_need_fw_change() as well.
Ido Reis [Thu, 12 Jul 2012 21:12:08 +0000 (00:12 +0300)]
wl18xx: update default phy configuration for pg2
default switch configuration set to pg2 chips (rdl 1/2/3/4).
removed hacks for specific board types.
pg1.x boards are now supported only using module params
or specific conf files.
Signed-off-by: Ido Reis <idor@ti.com> Signed-off-by: Luciano Coelho <luca@coelho.fi>
Tim Gardner [Wed, 29 Aug 2012 19:09:33 +0000 (13:09 -0600)]
wlcore: Declare MODULE_FIRMWARE usage
Declare any firmware that might be used by this driver.
If all drivers declare their firmware usage, then a sufficiently
complete list of firmware files can then be used to pare down
the external linux-firmware package to just the files in actual use.
NFC: Fix sleeping in invalid context when netlink socket is closed
netlink_register_notifier requires notify functions to not sleep.
nfc_stop_poll locks device mutex and must not be called from notifier.
Create workqueue that will handle this for all devices.
John W. Linville [Wed, 26 Sep 2012 17:39:10 +0000 (13:39 -0400)]
NFC: Add dummy nfc_llc_shdlc_register definition
This is used when CONFIG_NFC_SHDLC is disabled.
Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This adds support for socket of type SOCK_RAW to LLCP.
sk_buff are copied and sent to raw sockets with a 2 bytes extra header:
The first byte header contains the nfc adapter index.
The second one contains flags:
- 0x01 - Direction (0=RX, 1=TX)
- 0x02-0x80 - Reserved
A raw socket has to be explicitly bound to a nfc adapter. This is achieved
by specifying the adapter index to be bound to in the dev_idx field of the
sockaddr_nfc_llcp struct passed to bind().
Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Devendra Naga [Wed, 29 Aug 2012 17:33:01 +0000 (23:03 +0530)]
wl18xx: use module_platform_driver
the driver's init and exit routines can be implemented with the
module_platform_driver, as the init and exit code is same as
that of the module_platform_driver
Whenever both WLAN and BT in/out sleep mode, sometimes WLAN
is not able to take back the shared LNA control after resumes
from sleep mode. The idea is that for WLAN to check if BT owns
LNA control and BT is in sleep mode when WLAN just resumes from
sleep mode. If the condition is true, do a BTCOEX_RC_WARM_RESET
for WLAN to take back the control of shared LNA.
Now the issue is the BT sleep value read from MCI register is
overlooked by assigning u32 into u8. Hence the above condition never
be met so that WLAN used to report beacon losses and frequent
connection drops.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Tested-by: Paul Stewart <pstew@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00: Replace open coded interface checking with interface combinations.
Mac80211 has formal infrastructure to specify which interface combinations
are supported. Make use of this facility in favor of open coding it
ourselves.
So far we only have to specify we can support multiple AP interfaces,
no other combinations are supported.
Inspired by an earlier patch from Paul Fertser.
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com> Cc: Paul Fertser <fercerpav@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00: Deprecate max_sta_intf field of struct rt2x00_ops.
All drivers set this value to 1, so there is no need (currently) to let
drivers set this.
Therefor, remove the field; we can always add it back when it is needed.
Inspired by an earlier patch from Paul Fertser.
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com> Cc: Paul Fertser <fercerpav@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Sun, 23 Sep 2012 16:33:00 +0000 (19:33 +0300)]
mwifiex: potential corruption in mwifiex_update_uap_custom_ie()
ap_custom_ie is a struct mwifiex_ie_list which is quite different and
also larger than struct mwifiex_ie. It's a difference between 4196
bytes and 262.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Tested-by: Stone Piao <piaoyun@marvell.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently, ASPM is disabled for all WLAN+BT combo chipsets
when BTCOEX is enabled. This is incorrect since the workaround
is required only for WB195, which is a AR9285+AR3011 combo
solution. Fix this by checking for the HW version when enabling
the workaround.
Cc: stable@vger.kernel.org Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Tested-by: Paul Stewart <pstew@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Tue, 25 Sep 2012 19:50:56 +0000 (15:50 -0400)]
Merge tag 'nfc-next-3.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-3.0
So says Samuel Ortiz <sameo@linux.intel.com>:
This is the first NFC pull request for the 3.7 merge window.
With this one we get:
- HCI and LLC layers separation. We now can support various LLC
protocols for HCI drivers, SHDLC being one of them. This will be needed as
we're planning to support raw HCI chipsets that do the SHDLC encapsulation
in firmware. So for now we have an SHDLC and a NOP LLC layers.
- pn533 command queueing implementation. This simplifies the pn533 locking
logic and fixes a kernel warning.
- NCI p2p initiator mode implementation.
- Replace custom workqueues with system ones, for HCI and LLCP.
- Raw pn544 driver removal, as scheduled on the features-removal.txt file.
- A few HCI, SHDLC and LLCP fixes.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
cfg80211: Fix regulatory check for 60GHz band frequencies
The current regulatory code on cfg80211 performs a check to
see if a regulatory rule belongs to an IEEE band so that if
a Country IE is received and no rules are specified for a
band (which is allowed by IEEE) those bands are left intact.
The current band check assumes a rule is bound to a band
if the rule's start or end frequency is less than 2 GHz
apart from the center of frequency being inspected.
In order to support 60 GHz for 802.11ad we need to increase
this to account for the channel spacing of 2160 MHz whereby
a channel somewhere in the middle of a regulatory rule may
be more than 2 GHz apart from either the beginning or
end of the frequency rule.
Without a fix for this even though channels 1-3 are allowed world
wide on the rule (57240 - 63720 @ 2160), channel 2 at 60480 MHz
will end up getting disabled given that it is 3240 MHz from
both the frequency rule start and end frequency. Fix this by
using 2 GHz separation assumption for the 2.4 and 5 GHz bands
but for 60 GHz use a 10 GHz separation before assuming a rule
is not part of the band.
Since we have no 802.11ad drivers yet merged this change has
no impact to existing Linux upstream device drivers.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Acked-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
During processing incoming RSET frame chip, possibly due to
its internal timout, can retrnasmit an another RSET which
is next queued for processing in shdlc layer.
In case when we accept processed RSET skip those remaining on
the rcv queue until chip will send it's first S or I frame.
This will mean the chip completed connection as well.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
As queue_work() does not guarantee immediate execution of sm_work it
can happen in crossover RSET usecase that connect timer will constantly
change the shdlc state from NEGOTIATING to CONNECTING before shdlc has
chance to handle incoming frame.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> Acked-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
xmit callback provided by a driver encapsulates upper layers
data and sends it to the hardware. So, HCI does not know the
exact amount of data being sent and thus can't handle partially
sent frames properly.
Therefore, the driver must return 0 for completely sent frame or
negative for failure.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> Acked-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Eric Lapuyade [Tue, 18 Sep 2012 17:45:48 +0000 (19:45 +0200)]
NFC: Changed HCI and PN544 HCI driver to use the new HCI LLC Core
The previous shdlc HCI driver and its header are removed from the tree.
PN544 now registers directly with HCI and passes the name of the llc it
requires (shdlc).
HCI instantiation now allocates the required llc instance. The llc is
started when the HCI device is brought up.
Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Eric Lapuyade [Thu, 13 Sep 2012 15:10:48 +0000 (17:10 +0200)]
NFC: Add a nop (passthrough) llc module to llc core
This is a passthrough llc. It can be used by HCI drivers that don't
need link layer control. HCI will then write directly to the driver, and
driver will deliver incoming frames directly to HCI without any
processing.
Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Eric Lapuyade [Thu, 13 Sep 2012 15:10:00 +0000 (17:10 +0200)]
NFC: Add an LLC Core layer to HCI
The LLC layer manages modules that control the link layer protocol (such
as shdlc) between HCI and an HCI driver. The driver must simply specify
the required llc when it registers with HCI.
Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Eric Lapuyade [Tue, 11 Sep 2012 08:43:50 +0000 (10:43 +0200)]
NFC: Modified hci_transceive to become an asynchronous operation
This enables the completion callback to be called from a different
context, preventing a possible deadlock if the callback resulted in the
invocation of a nested call to the currently locked nfc_dev.
This is also more in line with the im_transceive nfc_ops for NFC Core or
NCI drivers which already behave asynchronously.
Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
nfc_llcp_build_tlv() malloced the memory and should be free in
nfc_llcp_build_gb() after used, and the same in the error handling
case, otherwise it will cause memory leak.
spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>