Eyal Shapira [Fri, 22 Nov 2013 07:41:38 +0000 (09:41 +0200)]
iwlwifi: mvm: rs: increase stay in column timeout
Remain in the same Tx modulation (i.e. column) for a longer
time before starting a search cycle for a better modulation.
This has been shown to give better results.
Also change the name of the timeout define to better match its
description.
Eyal Shapira [Wed, 20 Nov 2013 23:12:11 +0000 (01:12 +0200)]
iwlwifi: mvm: rs: update expected TPT tables if aggregation changed
Expected TPT table was updated only when switching to a new
modulation. This is wrong as toggling aggregation changes
the expected TPT signficantly.
This leads to scenarios where turning aggregation on after
being in MIMO sends us back to SISO despite a perfect success
ratio.
This occurred because the TPT of the SISO mode was being
estimated based on aggregation while the MIMO one wasn't.
Also remove an error print which isn't an error anymore
since we might be updating the expected TPT table due
to aggregation changes.
Eyal Shapira [Sat, 9 Nov 2013 21:31:38 +0000 (23:31 +0200)]
iwlwifi: mvm: don't configure mimo rates if nss is limited to 1
Remote peer can publish a different number of supported nss via the
operating mode notification IE or action frame. If it limits to 1
then we don't want mimo rates configured in the rate table.
Eyal Shapira [Sat, 9 Nov 2013 21:25:06 +0000 (23:25 +0200)]
iwlwifi: mvm: don't enable VHT MCS9 in 20Mhz
MCS9 in NSS=1 or NSS=2 isn't valid for 20Mhz so don't enable
it in case we're dealing with a 20Mhz sta. Trying to configure an
MCS9 rate with 20Mhz in the LQ rate table would lead to a FW assert.
Eyal Shapira [Wed, 13 Nov 2013 14:46:19 +0000 (16:46 +0200)]
iwlwifi: mvm: stop using MIMO in case BT doesn't allow it
Switch to using the new btcoex decision api regarding MIMO and stop
accessing the internal btcoex structs.
In case MIMO should be disabled it would detect this upon the next
Tx and force a search. The search will switch to SISO on a antenna A
which isn't used by BT.
Johannes Berg [Tue, 19 Nov 2013 19:36:25 +0000 (20:36 +0100)]
iwlwifi: mvm: quota command max_duration should be zero
For now, the firmware doesn't really use the field, but
it should be set to zero if there's no specific request.
Setting it to the max quota doesn't make sense.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Haim Dreyfuss [Sun, 3 Nov 2013 21:02:59 +0000 (23:02 +0200)]
iwlwifi: mvm: Implement low-priority scan
Advertise driver's support for low priority scan.
Notice that this overwrites current setting by mac80211 which depends
only on hw scan support.
This scan priority can be configured by user space application
and it affects scan continuity, low priority scan
will be more fragmented scan.
Eliad Peller [Sun, 10 Nov 2013 10:59:46 +0000 (12:59 +0200)]
iwlwifi: mvm: fix scan offloading flag definition
Bit 0 in the scan offloading flags asks the filter
to pass all the results (instead of filtering them,
by default), rather than the other way around (like
it is defined and used today).
Fix the flag name appropriately, and fix its user.
This allows to see the content of the NVM the driver reads.
Note that the output is in binary, and requires some
external user space tool to display the data properly.
Luciano Coelho [Tue, 19 Nov 2013 20:53:41 +0000 (22:53 +0200)]
iwlwifi: mvm: don't restart HW if suspending fails before D3 image is loaded
If we haven't loaded the D3 image yet and a failure in the suspend
process occurs, we shouldn't restart the HW, because we're still
running the D0 image.
Eyal Shapira [Thu, 7 Nov 2013 17:38:04 +0000 (19:38 +0200)]
iwlwifi: fix check for a single rx antenna
valid_rx_ant is a bitmask of available antennas and not the number
of Rx antennas. Use num_of_ant and remove duplicate definitions
in both dvm and mvm.
inta is checked to be zero in a IRQ_NONE branch so afterwards it
cannot be zero as it is never modified.
Signed-off-by: Michal Nazarewicz <mina86@mina86.com>
[reword the patch title and fix comment] Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: BT Coex - fine tune the aggregation size
Latest tests have shown that when BT is active and has
connections but the traffic is low, the WiFi aggregation can
be large up to 4000us without noticeable impact on BT.
Johannes Berg [Wed, 13 Nov 2013 08:10:21 +0000 (09:10 +0100)]
iwlwifi: mvm: refactor debugfs copy_from_user()
Abstract the copy_from_user() pattern into the macros defining
debugfs files, reducing the code and making adding new files
safer by avoiding having deal with copy_from_user() directly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Johannes Berg [Tue, 12 Nov 2013 15:58:41 +0000 (16:58 +0100)]
iwlwifi: mvm: move interface-specific debugfs to a new file
The debugfs file is getting pretty large and mixed up between
code for the hardware and code for each interface (the two
aren't even clearly separated in the code). Make it easier to
handle by splitting the per-interface code into a separate
file called debugfs-vif.c.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Johannes Berg [Tue, 12 Nov 2013 15:48:03 +0000 (16:48 +0100)]
iwlwifi: mvm: small debugfs cleanups
Just clean up the code a bit, in particular
* make all the debugfs writes follow the same pattern
with respect to buf/buf_size variables
* get rid of useless comments
* check return values of all file creations
* drop unnecessary parentheses
* remove an unused struct definition
* fix some whitespace
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Eliad Peller [Thu, 7 Nov 2013 11:23:21 +0000 (13:23 +0200)]
iwlwifi: mvm: enable d3_test even if d3_test_pme_ptr is not available
Even if d3_test_pme_ptr is not available, d3_test can still
be useful, e.g. by manually triggering resume (with ctrl-c),
and reading the wakeup reasons.
Eyal Shapira [Sat, 9 Nov 2013 00:11:46 +0000 (02:11 +0200)]
iwlwifi: mvm: fix and improve printing of rate scale table
Info about VHT/HT rates wasn't printed properly when dumping
the rate scale table. Fix that and print more info. While at it
fix some other minor issues in the printing and prevent
overflowing the print buffer.
Johannes Berg [Thu, 31 Oct 2013 17:30:38 +0000 (18:30 +0100)]
iwlwifi: pcie: remove useless condition test
After wait_event_timeout(), the condition must still be
true if it returns >0, in fact almost the last thing in
it is checking the condition again. It's therefore not
useful to check yet again in our code, clean it up.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The transport layer doesn't need to know the TX_CMD id.
It can be set by the op_mode.
The transport layer still needs to know the layout of the
Tx command because of alignment issues and because of the
scratch pointer.
Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Marcel Holtmann [Sat, 7 Dec 2013 17:06:24 +0000 (09:06 -0800)]
Bluetooth: Increase minor version of core module
With the addition of L2CAP Connection Oriented Channels for Bluetooth
Low Energy connections, it makes sense to increase the minor version
of the Bluetooth core module.
The module version is not used anywhere, but it gives a nice extra
hint for debugging purposes.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
As it stands dynamic user regulatory domain support is
only possible for a few programmed regulatory domains as
a few countries do not allow for this.
The existing code however only would take advantage of
the feature if a custom world regulatory domain is used
though as that's when we clear beconing flags. We need
to lift this restriction as otherwise this feature is
pointless.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
freq_reg_info() expects KHz and not MHz, fix this. In
this case we'll now be getting the no-ir flags cleared
on channels for any channel when the country IE trusts
that channel.
Generated-by: Coccinelle SmPL Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Peter Senna Tschudin <peter.senna@gmail.com> Reported-by: Mihir Shete <smihir@qti.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath: move the channel for ath_reg_apply_beaconing_flags() into helper
While at it convert this into a switch statement, this
makes it easier and manage.
Cc: smihir@qti.qualcomm.com Cc: tushnimb@qca.qualcomm.com Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Simplify ath_reg_apply_beaconing_flags() by making use of
thew new no-ir helper.
Cc: smihir@qti.qualcomm.com Cc: tushnimb@qca.qualcomm.com Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath: rename ath_reg_apply_active_scan_flags() to ath_reg_apply_ir_flags()
This also applies the no-ibss flag to the channels or clears it.
The idea here is to clarify no initiated radiation should be
allowed on these channels.
Cc: smihir@qti.qualcomm.com Cc: tushnimb@qca.qualcomm.com Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The routine ath_reg_apply_active_scan_flags() can be a bit
hard to read, this cleans it up by adding helpers for the
two cases of clearing IR flags or adding them. This approach
also makes no assumptions on the index of channels 12 and 13
so it should be portable accross different drivers.
Cc: smihir@qti.qualcomm.com Cc: tushnimb@qca.qualcomm.com Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath: fix logic on ath_reg_apply_active_scan_flags()
The existing logic removes the passive scan flag from
channels 12 and 13 when a regulatory hint coming from
something other than a country IE has been passed. This
is incorrect, the original intention was to ensure we
always have passive scan enabled for these two channels
for a specific set of custom world regulatory domains.
Cc: smihir@qti.qualcomm.com Cc: tushnimb@qca.qualcomm.com Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Mon, 25 Nov 2013 16:45:28 +0000 (10:45 -0600)]
rtlwifi: rtl8188ee: Fix typo in code
The static analyser "cppcheck" shows the following typo:
drivers/net/wireless/rtlwifi/rtl8188ee/dm.c:1081]: (style) Same expression on both sides of '!='.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: David Binderman <dcb314@hotmail.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Stable <stable@vger.kernel.org> [3.10+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jingoo Han [Mon, 25 Nov 2013 03:37:24 +0000 (12:37 +0900)]
bcma: pci: remove unnecessary pci_set_drvdata()
The driver core clears the driver data to NULL after device_release
or on probe failure. Thus, it is not needed to manually clear the
device driver data to NULL.
Signed-off-by: Jingoo Han <jg1.han@samsung.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver core clears the driver data to NULL after device_release
or on probe failure. Thus, it is not needed to manually clear the
device driver data to NULL.
Signed-off-by: Jingoo Han <jg1.han@samsung.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver core clears the driver data to NULL after device_release
or on probe failure. Thus, it is not needed to manually clear the
device driver data to NULL.
Signed-off-by: Jingoo Han <jg1.han@samsung.com> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver core clears the driver data to NULL after device_release
or on probe failure. Thus, it is not needed to manually clear the
device driver data to NULL.
Signed-off-by: Jingoo Han <jg1.han@samsung.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver core clears the driver data to NULL after device_release
or on probe failure. Thus, it is not needed to manually clear the
device driver data to NULL.
Signed-off-by: Jingoo Han <jg1.han@samsung.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hauke Mehrtens [Sun, 24 Nov 2013 21:03:41 +0000 (22:03 +0100)]
brcmsmac: remove dependency on CRC8 and CRC_CCITT
There is no code in brcmsmac that uses a function from CRC8 or
CRC_CCITT any more. Building brcmsmac with these two disabled works
without any problems. This was probably only used by the bus code which
was replaced by bcma some time ago.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Lorenzo Bianconi [Sun, 24 Nov 2013 16:56:51 +0000 (17:56 +0100)]
ath9k: fix retry chain initialization in tx99 code
Initialize first chain attempt counter to 1 in ath9k_build_tx99_skb().
Otherwise multi-retry chain is initialized to {idx,count} = {-1, 0} in
rate_control_fill_sta_table() and tx99 transmission rate is not configured in
rate_control_apply_mask() since first chain idx is set to -1
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Chun-Yeow Yeoh [Wed, 20 Nov 2013 09:57:01 +0000 (17:57 +0800)]
wcn36xx: set self STA default HT parameters
These default HT parameters are required for self STA entry.
In example, set the HT capable of self STA entry for bss
configuration in mesh allows the MCS rate to be used. Otherwise,
only legacy rate will be used.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mark Cave-Ayland [Mon, 18 Nov 2013 19:06:57 +0000 (13:06 -0600)]
rtlwifi: rtl8192cu: Update table.c
The latest vendor driver has some new values.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mark Cave-Ayland [Mon, 18 Nov 2013 19:06:56 +0000 (13:06 -0600)]
rtlwifi: rtl8192cu: Bring rtl92cu_phy_bb_config() up to date
The latest vendor driver contains some changes not in the kernel version.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mark Cave-Ayland [Mon, 18 Nov 2013 19:06:55 +0000 (13:06 -0600)]
rtlwifi: Bring _rtl92c_phy_iq_calibrate() in line with the vendor driver
Bring _rtl92c_phy_iq_calibrate() in line with the vendor driver function _PHY_IQCalibrate().
Also fix incorrect initialisation for rtl8192cu.
Signed-of-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Mon, 18 Nov 2013 17:11:36 +0000 (11:11 -0600)]
rtlwifi: rtl8192c: Update dynamic gain calculations
The vendor driver contained a number of improvements in the gain settings
for the rtl8192c{e,u} devices. This patch implements them in the kernel
driver.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Mon, 18 Nov 2013 17:11:27 +0000 (11:11 -0600)]
rtlwifi: Redo register save locations
The initial USB driver did not use some register save locations in the
private data storage. To save some memory, a union was used to overlay these
variables with USB I/O components. In an update of the gain-control code,
these register save locations are now needed for USB drivers.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Mon, 18 Nov 2013 17:11:26 +0000 (11:11 -0600)]
rtlwifi: rtl8192cu: Add new firmware
Vendor driver rtl8188C_8192C_8192D_usb_linux_v3.4.2_3727.20120404 introduced
new firmware for these chips. The code try for the new file, and fall back to
the original firmware if the new file is not available.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Mon, 18 Nov 2013 17:11:25 +0000 (11:11 -0600)]
rtlwifi: rtl8192c: Prevent reconnect attempts if not connected
This driver has a watchdog timer that attempts to reconnect when beacon frames
are not seen for 6 seconds. This patch disables that reconnect whenever the
device has never been connected.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Kevin Lo [Thu, 14 Nov 2013 05:53:44 +0000 (13:53 +0800)]
rt2x00: rt2800lib: no need to write RF register 3 twice for RT5592
In rt2800_init_rfcsr_5592(), there's no need to write RF register 3 twice.
Signed-off-by: Kevin Lo <kevlo@kevlo.org> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Tue, 12 Nov 2013 17:02:20 +0000 (11:02 -0600)]
rtlwifi: Remove unused calls to rtl_is_special_data()
When routine rtl_is_special_data() is called with false as its last argument,
and the returned value is not tested, the call is essentially an extended
no-op. Accordingly, these calls may be removed.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wcn36xx: Fix logging macro with unnecessary semicolon
The wcn36xx_err macro should not end in a semicolon as
there are 2 consecutive semicolons in the preprocessed
output.
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Eugene Krasnikov <k.eugene.e@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Tue, 29 Oct 2013 22:06:41 +0000 (17:06 -0500)]
rtl8187: Increase RX queue depth
Under heavy load, the relatively small number of RX queue entries are
completely filled. With an increase from 16 to 32 entries, this condition
rarely happens.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
freq_reg_info() expects KHz and not MHz, fix this. In
this case we'll now be getting the no-ir flags cleared
on channels for any channel when the country IE trusts
that channel.
Generated-by: Coccinelle SmPL Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Peter Senna Tschudin <peter.senna@gmail.com> Cc: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: Mihir Shete <smihir@qti.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
freq_reg_info() expects KHz and not MHz, fix this. In
this case we'll now be getting the no-ir flags cleared
on channels for any channel when the country IE trusts
that channel.
Generated-by: Coccinelle SmPL Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Peter Senna Tschudin <peter.senna@gmail.com> Cc: Seth Forshee <seth.forshee@canonical.com> Cc: Arend van Spriel <arend@broadcom.com> Reported-by: Mihir Shete <smihir@qti.qualcomm.com> Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Solomon Peachy [Fri, 25 Oct 2013 22:15:43 +0000 (18:15 -0400)]
wireless: cw1200: Use consistent internal locking conventions
The cw1200_irq_handler() function expects the hwbus lock to be held when
it is called. On the SDIO platform, this lock is implemented in terms
of sdio_claim_host/sdio_release_host.
This trivial patch makes it explicit that we are performing the hwbus
lock rather than something SDIO-specific.
Signed-off-by: Solomon Peachy <pizza@shaftnet.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
We can mess logs if user space try to open device again and again if
RFKILL switch is on. Do not print message and return ERFKILL error
instead to indicate where the problem is.
Note that iwl4965 handle this problem differently, it allows to open
device when radio is disabled.
Reported-by: Dietmar Rudolph <dietmar@crlf.de> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
NeilBrown [Thu, 24 Oct 2013 07:33:33 +0000 (18:33 +1100)]
libertas/sdio: make sure card enters power-off when firmware is loaded.
Since firmware loading became async it is possible that if_sdio_finish_power_of
is called with only one remaining runtime_pm reference, so it isn't safe
to call pm_runtime_put_noidle. We must call pm_runtime_put().
Diagnosed-by: "Dr. H. Nikolaus Schaller" <hns@goldelico.com> Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Amitkumar Karwar [Tue, 22 Oct 2013 22:24:47 +0000 (15:24 -0700)]
mwifiex: improvements in mwifiex_ret_tx_power_cfg()
1) Move common code out of switch case handling
2) Return from the function if number of bytes left in response buffer
are less than tlv size
3) Pass pg_tlv_hdr directly instead of txp_cfg to mwifiex_get_power_level()
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This fixes a regression introduced by my patch "mac80211: don't cancel
csa finalize work within stop_ap", which added sdata locks to
ieee80211_csa_finalize_work() without removing the locking for
ieee80211_ibss_finish_csa(), which is called by the former, resulting
in a deadlock due to nested locking.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Eliad Peller [Thu, 5 Dec 2013 16:30:17 +0000 (18:30 +0200)]
cfg80211: don't "leak" uncompleted scans
___cfg80211_scan_done() can be called in some cases
(e.g. on NETDEV_DOWN) before the low level driver
notified scan completion (which is indicated by
passing leak=true).
Clearing rdev->scan_req in this case is buggy, as
scan_done_wk might have already being queued/running
(and can't be flushed as it takes rtnl()).
If a new scan will be requested at this stage, the
scan_done_wk will try freeing it (instead of the
previous scan), and this will later result in
a use after free.
Simply remove the "leak" option, and replace it with
a standard WARN_ON.
An example backtrace after such crash:
Unable to handle kernel paging request at virtual address fffffee5
pgd = c0004000
[fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] SMP ARM
PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211]
LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211]
[<bf0077b0>] (cfg80211_scan_done+0x28/0xc4 [cfg80211])
[<bf0973d4>] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211])
[<bf0982cc>] (ieee80211_scan_work+0x94/0x4f0 [mac80211])
[<c005fd10>] (process_one_work+0x1b0/0x4a8)
[<c0060404>] (worker_thread+0x138/0x37c)
[<c0066d70>] (kthread+0xa4/0xb0)
Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Barak Bercovitz [Thu, 5 Dec 2013 09:21:26 +0000 (11:21 +0200)]
cfg80211: stop sched scan only when needed
cfg80211_leave stops sched scan when any station vif
is leaving. Add an explicit check and call it only
when the relevant vif (the one we scan on) is leaving.
Signed-off-by: Barak Bercovitz <barak@wizery.com>
[Eliad - changed the commit message a bit] Signed-off-by: Eliad Peller <eliad@wizery.com>
[Johannes - add ASSERT_RTNL since that protects the pointer] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johan Hedberg [Thu, 5 Dec 2013 12:55:33 +0000 (14:55 +0200)]
Bluetooth: Simplify l2cap_chan initialization for LE CoC
The values in l2cap_chan that are used for actually transmitting data
only need to be initialized right after we've received an L2CAP Connect
Request or just before we send one. The only thing that we need to
initialize though bind() and connect() is the chan->mode value. This way
all other initializations can be done in the l2cap_le_flowctl_init
function (which now becomes private to l2cap_core.c) and the
l2cap_le_flowctl_start function can be completely removed.
Also, since the l2cap_sock_init function initializes the imtu and omtu
to adequate values these do not need to be part of l2cap_le_flowctl_init.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 8 Oct 2013 11:55:46 +0000 (13:55 +0200)]
Bluetooth: Fix validating LE PSM values
LE PSM values have different ranges than those for BR/EDR. The valid
ranges for fixed, SIG assigned values is 0x0001-0x007f and for dynamic
PSM values 0x0080-0x00ff. We need to ensure that bind() and connect()
calls conform to these ranges when operating on LE CoC sockets.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 8 Oct 2013 08:31:00 +0000 (10:31 +0200)]
Bluetooth: Fix CID ranges for LE CoC CID allocations
LE CoC used differend CIC ranges than BR/EDR L2CAP. The start of the
range is the same (0x0040) but the range ends at 0x007f (unlike BR/EDR
where it goes all the way to 0xffff).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>