Michal Kazior [Wed, 16 Jul 2014 10:12:15 +0000 (12:12 +0200)]
mac80211: add support for Rx reordering offloading
Some drivers may be performing most of Tx/Rx
aggregation on their own (e.g. in firmware)
including AddBa/DelBa negotiations but may
otherwise require Rx reordering assistance.
The patch exports 2 new functions for establishing
Rx aggregation sessions in assumption device
driver has taken care of the necessary
negotiations.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
[fix endian bug] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Michal Kazior [Wed, 16 Jul 2014 10:09:31 +0000 (12:09 +0200)]
mac80211: fix Rx reordering with RX_FLAG_AMSDU_MORE
Some drivers (e.g. ath10k) report A-MSDU subframes
individually with identical seqno. The A-MPDU Rx
reorder code did not account for that which made
it practically unusable with drivers using
RX_FLAG_AMSDU_MORE because it would end up
dropping a lot of frames resulting in confusion in
upper network transport layers.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
sdata can't be NULL, and key being NULL is really not possible
unless the code is modified.
The sdata check made a static analyze (klocwork) unhappy because
we would get pointer to local (sdata->local) and only then check
if sdata is non-NULL.
Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[remove !key check as well] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Max Stepanov [Wed, 9 Jul 2014 13:55:32 +0000 (16:55 +0300)]
mac80211: fix a potential NULL access in ieee80211_crypto_hw_decrypt
The NULL pointer access could happen when ieee80211_crypto_hw_decrypt
is called from ieee80211_rx_h_decrypt with the following condition:
1. rx->key->conf.cipher is not WEP, CCMP, TKIP or AES_CMAC
2. rx->sta is NULL
When ieee80211_crypto_hw_decrypt is called, it verifies
rx->sta->cipher_scheme and it will cause Oops if rx->sta is NULL.
This path adds an addirional rx->sta == NULL verification in
ieee80211_crypto_hw_decrypt for this case.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
wireless: fixup genregdb.awk for remove of antenna gain from wireless-regd
Since "wireless-regdb: remove antenna gain" was merged in the
wireless-regdb tree, the awk script parser has been incompatible
with the 'official' regulatory database. This fixes that up.
Without this change the max EIRP is set to 0 making 802.11 devices
useless.
The fragile nature of the awk parser must be replaced, but ideas
over how to do that in the most scalable way are being reviewed.
In the meantime update the documentation for CFG80211_INTERNAL_REGDB
so folks are aware of expectations for now.
Reported-by: John Walker <john@x109.net> Reported-by: Krishna Chaitanya <chaitanya.mgit@gmail.com> Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: remove redundant IEEE80211_STA_CSA_RECEIVED flag
The csa_active flag was added in sdata a while ago and made
IEEE80211_STA_CSA_RECEIVED redundant. The new flag is also used to
mark when CSA is ongoing on other iftypes and took over the old one as
the preferred method for checking whether we're in the middle of a
channel switch. Remove the old, redundant flag.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: make sure TDLS teardown packet is sent on time
Since the teardown packet is created while the queues are
stopped, it isn't sent immediately, but rather is pending.
To be sure that when we flush the queues prior to destroying
the station we also send this packet - the tasklet handling
pending packets is invoked to flush the packets.
Signed-off-by: Liad Kaufman <liad.kaufman@intel.com> Reviewed-by: ArikX Nemtsov <arik@wizery.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: ignore frames between TDLS peers when operating as AP
If the AP receives actions frames destined for other peers, it may
mistakenly toggle BA-sessions from itself to a peer.
Ignore TDLS data packets as well - the AP should not handle them.
Some VHT TDLS peers (Google Nexus 5) include the VHT-AID IE in their
TDLS setup request/response. Usermode passes this aid as the station
aid, causing it to fail verifiction, since this happens in the
"set_station" stage. Make an exception for the TDLS use-case.
TDLS VHT support requires some more information elements during setup.
While these are not there, mask out the peer's VHT capabilities so that
VHT rates are not mistakenly used.
We can only be a station for TDLS connections. Also fix a bug where
a delayed work could be left scheduled if the station interface was
brought down during TDLS setup.
When TDLS QoS is supported by the the peer and the local card, add
the WMM parameter IE to the setup-confirm frame. Take the QoS settings
from the current AP, or if unsupported, use the default values from
the specification. This behavior is mandated by IEEE802.11-2012 section
10.22.4.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Reviewed-by: Liad Kaufman <liad.kaufman@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The patch "8f02e6b mac80211: make sure TDLS peer STA exists during
setup" broke TDLS error paths where the STA doesn't exist when sending
the error.
Fix it by only testing for STA existence during a non-error flow.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Infer the TDLS initiator and track it in mac80211 via a STA flag. This
avoids breaking old userspace that doesn't pass it via nl80211 APIs.
The only case where userspace will need to pass the initiator is when the
STA is removed due to unreachability before a teardown packet is sent.
Support for unreachability was only recently added to wpa_supplicant, so
it won't be a problem in practice.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ujjal Roy [Thu, 17 Jul 2014 18:49:55 +0000 (11:49 -0700)]
mwifiex: do not re-associate when already connected
In managed mode if the driver is getting a re-associate command
from cfg80211, driver deauthenticates with the AP internally and
sends a disconnected event to cfg80211 before completion of its
association process. The disconnected event then modifies the
SSID length as wdev->ssid_len = 0. So, upon receiving the connect
result event from driver, cfg80211 is unable to get that BSS from
the device's BSS list and generates the following WARN_ON message.
WARNING: CPU: 0 PID: 857 at net/wireless/sme.c:658
__cfg80211_connect_result+0x3a6/0x3e0 [cfg80211]()
Avoid re-association while the device is already associated to a
network. Also remove the internal deauthentication from the
association path.
Signed-off-by: Ujjal Roy <royujjal@gmail.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Wed, 16 Jul 2014 18:26:05 +0000 (20:26 +0200)]
ath9k: fix pending tx frames accounting
Packets originally buffered for the regular hardware tx queues can end
up being transmitted through the U-APSD queue (via PS-Poll or U-APSD).
When packets are dropped due to retransmit failures, the pending frames
counter is not always updated properly.
Fix this by keeping track of the queue that a frame was accounted for in
the ath_frame_info struct, and using that on completion to decide
whether the counter should be updated.
This fixes some spurious transmit queue hangs.
Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wil6210: use same mapping table for FW addr translation and debugfs
Use single data source for all information regarding the firmware
memory map. With this change "ucode_xxx" regions disappears since
they are in fact part of larger "upper area" region
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
New hardware release appears; it require some changes to properly support it.
Introduce struct wil_board and "board" attribute in wil6210_priv;
keep hardware variant information in this structure.
fill it on probe(). Used in the reset flow.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The unwanted frame types are already handled in 'default' case
of the switch/case below.
The str_ptr is allocated but it can be leaked if the length check
fails in the REQUEST/RESP cases. Fix it by allocating sta_ptr
after the length checks.
Reported-by: Paul Stewart <pstew@chromium.org> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Paul Stewart <pstew@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wireless: zd1211rw: new url for fw, remove experimental
Cc: Daniel Drake <dsd@laptop.org> Cc: Ulrich Kunitz <kune@deine-taler.de> Cc: John W. Linville <linville@tuxdriver.com> Cc: linux-wireless@vger.kernel.org Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
brcmfmac: add brcmf_p2p_detach() call in brcmf_cfg80211_detach()
The function brcmf_p2p_detach() was only called in error flow of the
brcmf_cfg80211_attach() routine, but it also needs to be called
upon brcmf_cfg80211_detach().
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Instead of waiting for IFF_UP of the primary net device to determine
the band and channel information of the wiphy structure, this is now
done during driver initialization in brcmf_cfg80211_attach(). The
channel information is obtained from the device and the 2G band is
updated when 40MHz bandwidth is enabled for that band. Before this
change the band and channel objects were common between multiple
brcmfmac devices in the system, which make that information rather
unreliable. That is also fixed with this reworked implementation.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Introducing a new source module that will be responsible for
identifying features and quirks related to the device being
handled.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
brcmfmac: move attach and detach functions in wl_cfg80211.c
Preparing for another patch move the functions in separate commit.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Kim [Sat, 12 Jul 2014 06:49:37 +0000 (08:49 +0200)]
brcmfmac: Make firmware path a module parameter
This patch makes firmware path a module parameter so that firmware and
nvram files can be loaded from the specified path.
Signed-off-by: Daniel Kim <dekim@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Reworked the debugfs functions in the driver making it easier for
other driver parts to add a debugfs entry and keeping the information
they want to expose in debugfs private, ie. not in a header.
This is accomplished by providing the function brcmf_debugfs_add_entry()
in which the caller provides a read function in which they provide the
content. The debugfs function will take care of creating the debugfs
entry and cleaning up upon removal.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch cleans up used broadcom IDs, device IDs for all the
bus layers and uses consistent naming for all IDs.
Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Reported-by: Paul Stewart <pstew@chromium.org> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
sta_ptr is used only in an 'if' branch in this function.
Move it to the smaller scope where it is used.
Reported-by: Paul Stewart <pstew@chromium.org> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: define TDLS idle timeout macro with units
The unit of this timeout is in seconds.
Reported-by: Paul Stewart <pstew@chromium.org> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sometimes pending internal scan commands are delayed to give
preference to Tx traffic. 'scan_processing' flag has been
checked at the beginning of delay timer routine to know if in the
meantime scan operation has been cancelled.
There is a corner case where pending scan commands are emptied
after scan_processing flag check is passed. In this case
wrong pointer returned by list_first_entry() is passed to
list_del() which causes system hang.
This patch fixes the issue by adding list_empty() check.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
0x0b05 0x17e8 RT5372 USB 2.0 bgn 2x2 ASUS USB-N14
0x0411 0x0253 RT5572 USB 2.0 abgn 2x2 BUFFALO WLP-U2-300D
0x0df6 0x0078 RT???? Sitecom N300
Cc: Ivo van Doorn <IvDoorn@gmail.com> Cc: Helmut Schaa <helmut.schaa@googlemail.com> Cc: John W. Linville <linville@tuxdriver.com> Cc: users@rt2x00.serialmonkey.com Cc: linux-wireless@vger.kernel.org Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wl18xx: make sure fw_status->priv exists before deref
In some corner cases with specific timings, we might
try dequeueing tx before we got information about
the link status (e.g. due to recovery during tx).
Instead of NULL dereference, assume all
the links in this case have low priorities.
Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
On recovery, we increase the current seq num by
WL1271_TX_SQN_POST_RECOVERY_PADDING in order to
compensate for packets we might have missed during
recovery.
It seems that some GEM APs have issues when the
gap is too big, so use a smaller padding in this case.
Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
b43: always print info about radio (manuf, id, revision)
Type of radio has a major meaning for the driver. There is quite some
code that does initialization/calibration depending on the radio rev.
Knowing radio params is quite important to provide help to users, so
print it even with debugging disabled.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michal Kazior [Mon, 14 Jul 2014 13:25:25 +0000 (16:25 +0300)]
ath10k: sanitize tx ring index access properly
The tx ring index was immediately trimmed with a
bitmask. This discarded the 0xFFFFFFFF error case
(which theoretically can happen when a device is
abruptly disconnected) and led to using an invalid
tx ring index. This could lead to memory
corruption.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Michal Kazior [Mon, 14 Jul 2014 13:25:25 +0000 (16:25 +0300)]
ath10k: fix bmi exchange tx/rx race
It was possible for tx completion not to be
processed. In that case an old stack pointer was
left on copy engine tx ring. Next bmi exchange
would immediately pop it and use complete() on the
completion struct there causing corruption.
Make sure to wait for both tx and rx completions
properly.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This patch removes the null test on ctrl. ctrl is initialized at the
beginning of the function to &session->ctrl. Since session is
dereferenced prior to the null test, session must be a valid pointer,
and &session->ctrl cannot be null.
The following Coccinelle script is used for detecting the change:
Michal Kazior [Mon, 14 Jul 2014 13:07:29 +0000 (16:07 +0300)]
ath10k: fix unregister deadlock when fw probe fails
If firmware probing worker failed it called
device_release_driver() which synchronously called
remove() pci callback. The callback in turn waited
for the worker that called it to finish resulting
in a deadlock.
Waiting for a completion instead of a worker, like
some other drivers do, doesn't seem like the best
idea either:
There's no guarantee that Worker upon resuming can
still access any data/code of the module.
Leaving device bound to a driver is not as harmful
as deadlocking so remove the call to
device_release_driver() while a proper solution is
figured out.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Jessica Wu [Tue, 17 Jun 2014 09:41:16 +0000 (12:41 +0300)]
ath6kl: add support for ar6004 hw3.0
This change enables ath6kl driver to support ar6004 hw3.0. At the same time do
some fixes in firmware initialisation which applies to ar6004 hw1.3 as well.
Signed-off-by: Jessica Wu <wjessica@qca.qualcomm.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Kalle Valo [Tue, 17 Jun 2014 09:40:52 +0000 (12:40 +0300)]
ath6kl: convert ar6004 hardware flags to firmware feature flags
The functionality defined through these flags were actually firmware features
which can change between firmware versions. To make it possible to support
different firmware versions with the same driver, convert the flags to firmware
feature flags.
For backwards compatibility support for old ar6004 firmware FW
API 3 or smaller images we forcefully set the feature bits in the driver.
Starting from FW API 5 the firmware image needs to set them.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>