Hans de Goede [Tue, 29 Jul 2014 12:23:23 +0000 (14:23 +0200)]
brcmfmac: Fix OOB interrupt not working for BCM43362
It has taken me a long long time to get the OOB interrupt working on the
AP6210 sdio wifi/bt module found on various Allwinner A20 boards. In the
end I found these magic register pokes in the cubietruck kernel tree:
https://github.com/cubieboard2/linux-sunxi/commit/7f08ba395617d17e7a711507503d89a50406fe7a
This is also done for the bcm43362 in broadcom's internal/proprietary driver.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Arend van Spriel <arend@broadcom.com>
[arend@broadcom.com: rebased changing BCM43362 chip id to fix compilation] Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Chen-Yu Tsai [Sun, 29 Jun 2014 14:16:59 +0000 (16:16 +0200)]
brcmfmac: add device tree support for SDIO devices
brcmfmac devices can use an out-of-band interrupt on a GPIO line.
Currently this is specified using platform data. Add support for
specifying out-of-band interrupt via device tree.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
[arend@broadcom.com: conditionalize more of-code, use driver debug routines] Signed-off-by: Arend van Spriel <arend@broadcom.com>
[hdegoede@redhat.com: drop clk / reg_on gpio handling, as there is no consensus
on how to handle this yet] Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Sun, 29 Jun 2014 14:16:58 +0000 (16:16 +0200)]
dt: bindings: add bindings for Broadcom bcm43xx sdio devices
The Broadcom bcm43xx sdio devices are fullmac devices that may be
integrated in ARM platforms. Currently, the brcmfmac driver for
these devices support use of platform data. This patch specifies
the bindings that allow this platform data to be expressed in the
devicetree.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com>
[hdegoede@redhat.com: drop clk / reg_on gpio handling, as there is no consensus
on how to handle this yet]
[hdegoede@redhat.com: move from bindings/staging to bindings] Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Mon, 28 Jul 2014 17:53:58 +0000 (20:53 +0300)]
Bluetooth: Fix incorrectly disabling page scan when toggling connectable
If we have entries in the whitelist we shouldn't disable page scanning
when disabling connectable mode. This patch adds the necessary check to
the Set Connectable command handler.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Mon, 28 Jul 2014 12:45:31 +0000 (15:45 +0300)]
Bluetooth: Fix clearing HCI_PSCAN flag
This patch fixes a typo in the hci_cc_write_scan_enable() function where
we want to clear the HCI_PSCAN flag if the SCAN_PAGE bit of the HCI
command parameter was not set.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Alexander Aring [Mon, 28 Jul 2014 13:16:30 +0000 (15:16 +0200)]
MAINTAINERS: add 6lowpan header file
Since commit 68d96dcfc6c09b565d57897c127b61afbab74c6f ("MAINTAINERS: add
net/6lowpan/ maintainer entry") we have a 6lowpan branch. This patch
adds a forgotten file which should also be maintained by this branch.
Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Bluetooth: Set Simultaneous LE and BR/EDR controller option to zero
With the Bluetooth 4.1 specification the Simultaneous LE and BR/EDR
controller option has been deprecated. It shall be set to zero and
ignored otherwise.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Georg Lukas [Sat, 26 Jul 2014 11:59:57 +0000 (13:59 +0200)]
Bluetooth: Provide defaults for LE advertising interval
Store the default values for minimum and maximum advertising interval
with all the other controller defaults. These vaules are sent to the
adapter whenever advertising is (re)enabled.
Signed-off-by: Georg Lukas <georg@op-co.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Bluetooth: Fix white list handling with resolvable private addresses
Devices using resolvable private addresses are required to provide
an identity resolving key. These devices can not be found using
the current controller white list support. This means if the kernel
knows about any devices with an identity resolving key, the white
list filtering must be disabled.
However so far the kernel kept identity resolving keys around even
for devices that are not using resolvable private addresses. The
notification to userspace clearly hints to not store the key and
so it is best to just remove the key from the kernel as well at
that point.
With this it easy now to detect when using the white list is
possible or when kernel side resolving of addresses is required.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Bluetooth: Add support for using controller white list filtering
The Bluetooth controller can use a white list filter when scanning
to avoid waking up the host for devices that are of no interest.
Devices marked as reporting, direct connection (incoming) or general
connection are now added to the controller white list. The update of
the white list happens just before enabling passive scanning.
In case the white list is full and can not hold all devices, the
white list is not used and the filter policy set to accept all
advertisements.
Using the white list for scanning allows for power saving with
controllers that do not handle the duplicate filtering correctly.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Janusz Dziedzic [Fri, 25 Jul 2014 08:28:50 +0000 (11:28 +0300)]
ath10k: handle attention flags correctly when using A-MSDU
In case of A-MSDU RX we should check attention flags
correctly to be sure we report correct FCS status for
A-MSDU subframes. Without a patch we could report A-MSDU
subframes with wrong FCS as a correct to the stack, next
get a lot of DUP ACK TCP packets. Finally TP drop is seen
and this drop depends on FCS errors ratio for A-MSDU frame.
Example test case when TP drop is seen:
- ath10k configured as an AP
- used ath10k station
- forced A-MSDU (7 frames) on STA
- other traffic on channel (often FCS errors)
- monitor iface added on AP
- TCP STA -> AP traffic (iperf)
Reported-by: Denton Gentry <denton.gentry@gmail.com> Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Michal Kazior [Wed, 23 Jul 2014 10:20:33 +0000 (12:20 +0200)]
ath10k: fix Rx aggregation reordering
Firmware doesn't perform Rx reordering so it is
left to the host driver to do that.
Use mac80211 to perform reordering instead of
re-inventing the wheel.
This fixes TCP throughput issues in some
environments.
Reported-by: Denton Gentry <denton.gentry@gmail.com> Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Bluetooth: Fix issue with ADV_IND reports and auto-connection handling
When adding remote devices to the kernel using the Add Device management
command, these devices are explicitly allowed to connect. This kind of
incoming connections are possible even when the controller itself is
not connectable.
For BR/EDR this distinction is pretty simple since there is only one
type of incoming connections. With LE this is not that simple anymore
since there are ADV_IND and ADV_DIRECT_IND advertising events.
The ADV_DIRECT_IND advertising events are send for incoming (slave
initiated) connections only. And this is the only thing the kernel
should allow when adding devices using action 0x01. This meaning
of incoming connections is coming from BR/EDR and needs to be
mapped to LE the same way.
Supporting the auto-connection of devices using ADV_IND advertising
events is an important feature as well. However it does not map to
incoming connections. So introduce a new action 0x02 that allows
the kernel to connect to devices using ADV_DIRECT_IND and in addition
ADV_IND advertising reports.
This difference is represented by the new HCI_AUTO_CONN_DIRECT value
for only connecting to ADV_DIRECT_IND. For connection to ADV_IND and
ADV_DIRECT_IND the old value HCI_AUTO_CONN_ALWAYS is used.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Bluetooth: Ignore ADV_DIRECT_IND attempts from unknown devices
Unconditionally connecting to devices sending ADV_DIRECT_IND when
the controller is in CONNECTABLE mode is a feature that is not
fully working. The background scanning trigger for this has been
removed, but the statement allowing it to happen in case some
other part triggers is still present. So remove that code part
as well to avoid unwanted connections.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This has been tested on 14e4:4328 (BCM4321), 14e4:432b (BCM4322),
14e4:4353 (BCM43224) and 14e4:4359 (BCM43228) which is an almost
complete list of 5 GHz capable device (only BCM43222 is missing).
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The dividend in do_div() is expected to be an unsigned 64-bit integer,
which leads to the following warning when building for 32-bit MIPS:
drivers/net/wireless/mac80211_hwsim.c: In function 'mac80211_hwsim_set_tsf':
drivers/net/wireless/mac80211_hwsim.c:664:98: warning: comparison of distinct pointer types lacks a cast [enabled by default]
data->bcn_delta = do_div(delta, bcn_int);
Since we care about the signedness of delta when adjusting tsf_offset
and bcm_delta, use the absolute value for the division and compare
the two timestamps to determine the sign.
Signed-off-by: Andrew Bresticker <abrestic@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Wed, 23 Jul 2014 13:40:54 +0000 (15:40 +0200)]
ath9k: fix aggregation session lockup
If an aggregation session fails, frames still end up in the driver queue
with IEEE80211_TX_CTL_AMPDU set.
This causes tx for the affected station/tid to stall, since
ath_tx_get_tid_subframe returning packets to send.
Fix this by clearing IEEE80211_TX_CTL_AMPDU as long as no aggregation
session is running.
Cc: stable@vger.kernel.org Reported-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mark A. Greer [Tue, 22 Jul 2014 04:24:39 +0000 (21:24 -0700)]
NFC: digital: Add 'tg_listen_md' and 'tg_get_rf_tech' driver hooks
The digital layer of the NFC subsystem currently
supports a 'tg_listen_mdaa' driver hook that supports
devices that can do mode detection and automatic
anticollision. However, there are some devices that
can do mode detection but not automatic anitcollision
so add the 'tg_listen_md' hook to support those devices.
In order for the digital layer to get the RF technology
detected by the device from the driver, add the
'tg_get_rf_tech' hook. It is only valid to call this
hook immediately after a successful call to 'tg_listen_md'.
CC: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Mark A. Greer <mgreer@animalcreek.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Mark A. Greer [Tue, 22 Jul 2014 04:22:29 +0000 (21:22 -0700)]
NFC: digital: Remove extra blank line
Remove extra blank line that was inadvertently
added by a recent commit.
CC: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Mark A. Greer <mgreer@animalcreek.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Send DM_DISCONNECT command to disconnect Terminal Host from the HCI network.
- The persistent states of the terminal host pipes, including registry values,
are not modifies. Therefore, there is no NVRAM update to disconnect the
terminal host.
- The terminal host RF card gates are disabled which means that there will be no event
related to card RF gates until communication has been restored.
- The terminal host RF reader request is reset so the RF reader polling for terminal
host is disabled.
To restore the communication, the terminal host can send any HCI command or event.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
A start of frame is 7E 00 not only 7E. Make sure the first read sequence is
starting with 7E 00.
For example: 7E FF FF FF FF is as a correct crc but it is a bad frame.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
NFC: st21nfcb: Add driver for STMicroelectronics ST21NFCB NFC chip
Add driver for STMicroelectronics ST21NFCB NFC controller.
ST21NFCB is using NCI protocol and a proprietary low level transport
protocol called NDLC used on top.
NDLC:
The protocol defines 2 types of frame:
- One type carrying NCI data (referred as DATAFRAME frames).
- One type carrying protocol information used for flow control and error
control mechanisms (referred as SUPERVISOR frames).
After each frame transmission to the NFC controller, the device host
SHALL waitfor an ACK (SUPERVISOR frame) reception before sending a
new frame.
The NFC controller MAY send a frame at anytime to the device host.
The NFC controller MAY send a specific WAIT supervisor frame to indicate
to device host that a NCI data packet has been received but that it could
take significant time before the NFC controller sends an ACK and thus
allows next data reception.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Felix Fietkau [Tue, 22 Jul 2014 19:00:26 +0000 (21:00 +0200)]
mac80211: fix crash on getting sta info with uninitialized rate control
If the expected throughput is queried before rate control has been
initialized, the minstrel op for it will crash while trying to access
the rate table.
Check for WLAN_STA_RATE_CONTROL before attempting to use the rate
control op.
Reported-by: Jean-Pierre Tosoni <jp.tosoni@acksys.fr> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Arik Nemtsov [Sun, 15 Jun 2014 13:03:55 +0000 (16:03 +0300)]
iwlwifi: mvm: teardown TDLS peers during chan-switch and AP DCM
The DCM condition was not checked well for channel switch in both AP and
station scenarios. Teardown was also not done for AP/GO DCM. Add the
missing checks.
Michal Kazior [Mon, 21 Jul 2014 18:03:10 +0000 (21:03 +0300)]
ath10k: prevent endless pci rx loop
It was possible to enter an endless loop while
processing a single pci copy engine pipe. This
could effectively render ath10k incapable of
responding to any requests.
An example case when this could happen is when
firmware generates a lot of events, e.g. spectral
scan phyerr via WMI.
Reported-by: Janusz Dziedzic <janusz.dziedzic@tieto.com> Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Add some missing ops and prepare for new devices support. This patch is
a great stability improvement for BCM43217. Earlier Tenda W322E used to
disconnect every 2 minutes (16 times over 30 minutes). With this fix I
got it running for 4 hours (with iperf) without any disconnection.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwlwifi: mvm: reset beacon filtering and BT Coex data upon FW restart
When the firmware asserts, we restart the device and reset
the relevant data we hold in the driver. BT Coex data was
not reset and because of that, the driver wouldn't
reconfigure the firmware properly after firmware restart.
Same for beacon filtering. Fix that.
Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Eran Harary [Tue, 15 Jul 2014 11:04:23 +0000 (14:04 +0300)]
iwlwifi: mvm: update smart fifo / beacon filtering upon association
When we associate, we may have heard the beacon before the
association. In that case, BSS_CHANGED_BEACON_INFO will be
set along with BSS_CHANGED_ASSOC in changes in
bss_info_change.
In this case, we didn't update the smart fifo nor beacon
filtering leaving those two feature disabled.
Signed-off-by: Eran Harary <eran.harary@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: split fw-error-dump between transport and mvm
The mvm op_mode won't allocate the buffer for the transport
any more. The transport allocates its own buffer and mvm
is in charge of splicing the buffers in the debugfs hook.
This makes the repartition easier to handle.
Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
According to new requirements, the ACK / CTS kill mask is
not related to reduced TX power anymore. This allows to
remove the code that tracked reduced TX power enablement
across different interfaces.
The ACK / CTS kill mask is now fetch from a table. It
depends on the Activity grading (activity from BT) and on
the Look Up Table (LUT) type.
The Remain On Channel framework added to the firmare is
a bit like time events. It allows the driver to request
the firmware to be on a certain channel for a certain time.
Unlike the time events, the ROC infrastructure doesn't need
a MAC context in the firmware - it uses a generic context
called "auxiliary framework".
This is useful for any offchannel activity that is not bound
to a specific MAC.
The flow is synchronized much like with time events:
1) The driver receives an action frame from the wpa_supplicant
via nl80211 that requests to be sent offchannel.
2) The driver sends an Aux ROC command (0x53) to the firmware.
3) The firmware responds with the unique id of the time event.
4) When time event starts, the driver puts the frame in the
Aux queue.
Special care needs to be taken when the time events ends:
the queue needs to be cleaned-up.
Michal Kazior [Mon, 21 Jul 2014 18:03:10 +0000 (21:03 +0300)]
ath10k: workaround qos nullfunc bug
Apparently fw/hw generates a corrupted QoS Control
Field in Qos NullFunc frames. The only way to
workaround this is to downgrade frames to
NullFunc. This should be okay since powersave is
done by fw/hw and these frames are only used for
CQM purposes (e.g. from hostapd to check if
station is still connected).
This doesn't fix any user visible bug that I know
of. It just prevents from sending out funky frames
on the air.
Reported-by: Janusz Dziedzic <janusz.dziedzic@tieto.com> Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Michal Kazior [Mon, 21 Jul 2014 18:03:09 +0000 (21:03 +0300)]
ath10k: simplify tx helpers
It always bugged me how tid is computed and stored
in a temporary var before written to the control
buffer. It was confusing and it made it difficult
to work with tx helpers.
While at it rename the qos workaround function as
it was misleading - it's not a workaround but
preparation for nwifi tx mode.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Bluetooth: Avoid use of session socket after the session gets freed
The commits 08c30aca9e698faddebd34f81e1196295f9dc063 "Bluetooth: Remove
RFCOMM session refcnt" and 8ff52f7d04d9cc31f1e81dcf9a2ba6335ed34905
"Bluetooth: Return RFCOMM session ptrs to avoid freed session"
allow rfcomm_recv_ua and rfcomm_session_close to delete the session
(and free the corresponding socket) and propagate NULL session pointer
to the upper callers.
Additional fix is required to terminate the loop in rfcomm_process_rx
function to avoid use of freed 'sk' memory.
The issue is only reproducible with kernel option CONFIG_PAGE_POISONING
enabled making freed memory being changed and filled up with fixed char
value used to unmask use-after-free issues.
Michal Kazior [Mon, 21 Jul 2014 17:52:59 +0000 (20:52 +0300)]
ath10k: prevent some tx flushing failures
Firmware could request inspection of some
submitted tx requests. Since the callback wasn't
implemented it was possible to bleed tx msdu_ids
which could translate to tx flushing timeouts.
There's nothing ath10k can do to help firmware
with tx processing now so just report all tx
frames as already inspected to prevent firmware
from sending up inspection events and force it to
report regular tx completion indications with
discard status.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Michal Kazior [Wed, 16 Jul 2014 13:01:39 +0000 (15:01 +0200)]
ath10k: workaround boot issues with KVM/PCI-passthrough
Apparently iomap writes that unmask CE irqs aren't
propagated properly sometimes. Before failing try
to poll for the control response message as it may
have been delivered without an interrupt.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Michal Kazior [Wed, 16 Jul 2014 10:12:15 +0000 (12:12 +0200)]
mac80211: add support for Rx reordering offloading
Some drivers may be performing most of Tx/Rx
aggregation on their own (e.g. in firmware)
including AddBa/DelBa negotiations but may
otherwise require Rx reordering assistance.
The patch exports 2 new functions for establishing
Rx aggregation sessions in assumption device
driver has taken care of the necessary
negotiations.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
[fix endian bug] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Michal Kazior [Wed, 16 Jul 2014 10:09:31 +0000 (12:09 +0200)]
mac80211: fix Rx reordering with RX_FLAG_AMSDU_MORE
Some drivers (e.g. ath10k) report A-MSDU subframes
individually with identical seqno. The A-MPDU Rx
reorder code did not account for that which made
it practically unusable with drivers using
RX_FLAG_AMSDU_MORE because it would end up
dropping a lot of frames resulting in confusion in
upper network transport layers.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
sdata can't be NULL, and key being NULL is really not possible
unless the code is modified.
The sdata check made a static analyze (klocwork) unhappy because
we would get pointer to local (sdata->local) and only then check
if sdata is non-NULL.
Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[remove !key check as well] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bluetooth: Add support for Broadcom device of Asus Z97-DELUXE motherboard
The Asus Z97-DELUXE motherboard contains a Broadcom based Bluetooth
controller on the USB bus. However vendor and product ID are listed
as ASUSTek Computer.
Johan Hedberg [Mon, 21 Jul 2014 07:50:06 +0000 (10:50 +0300)]
Bluetooth: Prefer sizeof(*ptr) when allocating memory
It's safer practice to use sizeof(*ptr) instead of sizeof(ptr_type) when
allocating memory in case the type changes. This also fixes the
following style of warnings from static analyzers:
Max Stepanov [Wed, 9 Jul 2014 13:55:32 +0000 (16:55 +0300)]
mac80211: fix a potential NULL access in ieee80211_crypto_hw_decrypt
The NULL pointer access could happen when ieee80211_crypto_hw_decrypt
is called from ieee80211_rx_h_decrypt with the following condition:
1. rx->key->conf.cipher is not WEP, CCMP, TKIP or AES_CMAC
2. rx->sta is NULL
When ieee80211_crypto_hw_decrypt is called, it verifies
rx->sta->cipher_scheme and it will cause Oops if rx->sta is NULL.
This path adds an addirional rx->sta == NULL verification in
ieee80211_crypto_hw_decrypt for this case.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
wireless: fixup genregdb.awk for remove of antenna gain from wireless-regd
Since "wireless-regdb: remove antenna gain" was merged in the
wireless-regdb tree, the awk script parser has been incompatible
with the 'official' regulatory database. This fixes that up.
Without this change the max EIRP is set to 0 making 802.11 devices
useless.
The fragile nature of the awk parser must be replaced, but ideas
over how to do that in the most scalable way are being reviewed.
In the meantime update the documentation for CFG80211_INTERNAL_REGDB
so folks are aware of expectations for now.
Reported-by: John Walker <john@x109.net> Reported-by: Krishna Chaitanya <chaitanya.mgit@gmail.com> Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: remove redundant IEEE80211_STA_CSA_RECEIVED flag
The csa_active flag was added in sdata a while ago and made
IEEE80211_STA_CSA_RECEIVED redundant. The new flag is also used to
mark when CSA is ongoing on other iftypes and took over the old one as
the preferred method for checking whether we're in the middle of a
channel switch. Remove the old, redundant flag.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: make sure TDLS teardown packet is sent on time
Since the teardown packet is created while the queues are
stopped, it isn't sent immediately, but rather is pending.
To be sure that when we flush the queues prior to destroying
the station we also send this packet - the tasklet handling
pending packets is invoked to flush the packets.
Signed-off-by: Liad Kaufman <liad.kaufman@intel.com> Reviewed-by: ArikX Nemtsov <arik@wizery.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: ignore frames between TDLS peers when operating as AP
If the AP receives actions frames destined for other peers, it may
mistakenly toggle BA-sessions from itself to a peer.
Ignore TDLS data packets as well - the AP should not handle them.
Some VHT TDLS peers (Google Nexus 5) include the VHT-AID IE in their
TDLS setup request/response. Usermode passes this aid as the station
aid, causing it to fail verifiction, since this happens in the
"set_station" stage. Make an exception for the TDLS use-case.
TDLS VHT support requires some more information elements during setup.
While these are not there, mask out the peer's VHT capabilities so that
VHT rates are not mistakenly used.
We can only be a station for TDLS connections. Also fix a bug where
a delayed work could be left scheduled if the station interface was
brought down during TDLS setup.
When TDLS QoS is supported by the the peer and the local card, add
the WMM parameter IE to the setup-confirm frame. Take the QoS settings
from the current AP, or if unsupported, use the default values from
the specification. This behavior is mandated by IEEE802.11-2012 section
10.22.4.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Reviewed-by: Liad Kaufman <liad.kaufman@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
projects / linux-beck.git / log