This patch fixes potential NULL pointer dereference in ampdu. This
was found running smatch static code checker. Smatch warning says:
drivers/net/wireless/brcm80211/brcmsmac/ampdu.c:741 brcms_c_sendampdu()
warn: variable dereferenced before check 'p'
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The function brcms_set_hint() does not add any functionality
so regulatory_hint() can be called directly. The error value
has been removed from the message when regulatory_hint() fails.
Reported-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This flow can actually happen due to a corner case in
mac80211: the station is deleted before we get a chance
to reclaim all the packets in flight in AGG queue.
The tid_data for this station is zeroed, and we lose
the match with the Tx queue.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since request_module_nowait() can't be backported
use request_module() instead -- we don't need the
asynchronous behaviour of request_module_nowait()
here since we're running in the firmware request
work struct.
Tested-by: Donald H Fry <donald.h.fry@intel.com>
Reviewed-by: Donald H Fry <donald.h.fry@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Due to commit 26a7ca9a71 ("iwlwifi: refactor EEPROM
reading/parsing") adding a new parameter, while commit
d2c8b15d0c ("iwlwifi: use correct supported firmware
for 6035 and 6000g2") added a new device structure we
need to add the parameter to the new device structure
to make 6035 device work.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
For AGG queues, we must match between the WiFi sequence
number and the TFD number. This is a HW (SCD) requirement.
This is a take two of my
iwlwifi: add debug in Tx path in AGG flow
This will allow us to catch bad cases in which the packets aren't in
the right place on the ring.
which disappeared during code move.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In fragmentation we don't update the write pointer of the
HW immediately. So we shouldn't modify the timer in that
case.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
CMD_SYNC is zero so the if (cmd->flags & CMD_SYNC) is never true and we
never check the assertion.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the queue gets stuck from time to time, we are trying
to get as much information as we can when this occurs.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When the driver is built into the kernel instead of a module
when the system boots it results in a panic. The order things are built in
results in their initialization order when built into the kernel. Wifi
has to be initialized before mvm or dvm.
Reviewed-by: Donald H Fry <donald.h.fry@intel.com>
Tested-by: Donald H Fry <donald.h.fry@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Brandon Misemer <brandon.misemer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Using the driver_data area in ieee80211_tx_info which
resides in the CB overrides the info->control field.
Add a comment to prevent mistakes.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This locking isn't needed. The only locking we need is when
we access prph registers but there is already a separate
lock for that.
Since we haven't returned from the mac80211's
IEEE80211_AMPDU_TX_OPERATIONAL ampdu_action, we cannot
receive any Tx frame for that sta / tid while enabling the
queue.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is not needed, we just need to tell the SCD not to use
that queue. We will reconfigure that queue when we will use
it again.
Clean up a bit the code on the way.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Print some more info from the SCD's SRAM and dump the TRB
from the FH.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Change its name to better reflect this.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This macro gets the bufsize in bytes.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add locking to the dynamic loading code to prevent
corrupting the list if multiple device ever init at
the same time (which cannot happen for multiple PCI
devices, but could happen when different busses init
concurrently.)
Also remove a device from the list when it stops so
the list isn't left corrupted, including a fix from
Don to not crash when it was never added.
Reviewed-by: Donald H Fry <donald.h.fry@intel.com>
Tested-by: Donald H Fry <donald.h.fry@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
MSI is enabled by default for most of the 4th generation
chips. Add this for AR9462 - this fixes PowerSave operation,
the chip was not entering Network-Sleep mode earlier.
With proper powering down of the MAC now, power consumption
in associated state is reduced considerably.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently 4 channels are scanned per scan command. if scan request
is issued by user during Tx traffic, radio will be out of channel
for "4 * per_chan_scan_time" for each scan command and will not be
able to receive Rx packets. This adds delay in data traffic. We can
minimize it by reducing number of channels scanned per scan command
in this scenario.
We can not always scan 1 channel per scan command due to limitation
of number of command buffers. So we add code to decide number of
channels scanned per scan command in associated state.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If scan operation is started when Tx traffic is already running,
driver locks Tx queue until it gets completed. With this logic
there is a delay for Tx packets.
This patch implements new approach to give Tx path higher priority
in this case. Driver internally sends multiple synchronous scan
commands to firmware when scan is requested by user. Now we will
make sure that Tx queue is empty everytime before sending next scan
command. If Tx queue isn't empty scan command will be postponsed by
20msec. This rule will be followed until Tx queue becomes empty or
timeout of 1 second happens. In case of timeout scan operation will
be aborted.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently the scan time per channel for active scanning is set to
200ms. It takes quite a while to finsh scanning on all channels,
especially with a dual band configuration.
Change the per channel scan time settings to the following values:
passive scan: 110ms
active scan: 30ms
specific scan: 30ms
Above settings have been tested on x86 and arm platforms.
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The iwl-test flows were based on the cfg80211 testmode APIs.
To remove this coupling, the op mode (during the initialization
of the iwl_test object) is responsible to set the callbacks that
should be used by iwl-test to allocate skbs for events and replies
and to send events and replies.
The current op modes implement these callbacks based on the cfg80211
testmode APIs.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Create an object that will enacpsulate the testmode functionality
that is common to all op modes.
* Copy definitions from dvm/dev.h
* Copy the testmode logic from dvm/testmode.c
* Link iwl-test object into the iwlwifi module
* Modify DVM to use iwl-test object
Reviewed-by: Amit Beka <amit.beka@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
CC drivers/net/wireless/ti/wl18xx/main.o
drivers/net/wireless/ti/wl18xx/main.c: In function ‘wl18xx_conf_init’:
drivers/net/wireless/ti/wl18xx/main.c:1024:3: warning: format ‘%d’ expects argument of type ‘int’, but argument 2 has type ‘long unsigned int’ [-Wformat]
drivers/net/wireless/ti/wl18xx/main.c:1024:3: warning: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘size_t’ [-Wformat]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This feature has been reported to be buggy and enabled by
default. We therefore need to disable it manually.
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When we remove a key, we put a key index which was supposed
to tell the fw that we are actually removing the key. But
instead the fw took that index as a valid index and messed
up the SRAM of the device.
This memory corruption on the device mangled the data of
the SCD. The impact on the user is that SCD queue 2 got
stuck after having removed keys.
The message is the log that was printed is:
Queue 2 stuck for 10000ms
This doesn't seem to fix the higher queues that get stuck
from time to time.
Cc: stable@vger.kernel.org [2.6.27+]
Reviewed-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
this patch fixes kernel Oops on "rmmod b43" if firmware was not loaded:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000088
IP: [<ffffffff8104e988>] drain_workqueue+0x25/0x142
PGD 153ac6067 PUD 153b82067 PMD 0
Oops: 0000 [#1] SMP
Signed-off-by: Oleksij Rempel <bug-track@fisher-privat.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
My patch
iwlwifi: use correct released ucode version
did not correctly report supported firmware
for the 6035 device. This patch fixes it. The
minimum supported firmware version for 6035
is v6.
Also correct the minimum supported firmware
version for the 6000g2 series of devices.
Cc: stable@kernel.org
Signed-off-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The station fail average is not updated correctly since the
IEEE80211_STAT_ACK flag is not set when using wmediumd with
mac80211_hwsim. Set this flag when wmediumd indicates that the frame
was successfully transmitted (eventually).
Signed-off-by: Qasim Javed <qasimj@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix:
BUG: sleeping function called from invalid context at kernel/workqueue.c:2547
in_atomic(): 1, irqs_disabled(): 0, pid: 629, name: wpa_supplicant
2 locks held by wpa_supplicant/629:
#0: (rtnl_mutex){+.+.+.}, at: [<c08b2b84>] rtnl_lock+0x14/0x20
#1: (&trigger->leddev_list_lock){.+.?..}, at: [<c0867f41>] led_trigger_event+0x21/0x80
Pid: 629, comm: wpa_supplicant Not tainted 3.3.0-0.rc3.git5.1.fc17.i686
Call Trace:
[<c046a9f6>] __might_sleep+0x126/0x1d0
[<c0457d6c>] wait_on_work+0x2c/0x1d0
[<c045a09a>] __cancel_work_timer+0x6a/0x120
[<c045a160>] cancel_delayed_work_sync+0x10/0x20
[<f7dd3c22>] rtl8187_led_brightness_set+0x82/0xf0 [rtl8187]
[<c0867f7c>] led_trigger_event+0x5c/0x80
[<f7ff5e6d>] ieee80211_led_radio+0x1d/0x40 [mac80211]
[<f7ff3583>] ieee80211_stop_device+0x13/0x230 [mac80211]
Removing _sync is ok, because if led_on work is currently running
it will be finished before led_off work start to perform, since
they are always queued on the same mac80211 local->workqueue.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=795176
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Acked-by: Hin-Tak Leung <htl10@users.sourceforge.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Don't spew errors when we can't find the NVS file in wlcore. Instead
fail the wl12xx boot HW op if the NVS isn't found.
Take this opportunity to remove some dead code from register_hw()
which looks for the NVS again needlessly.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Give all wl18xx phy module paramters -1 as a default value, indicating
the paramter was not set. Add previous default values to the default
18xx priv conf structure.
Remove the board_type field from wl18xx priv. The field with the same
name inside the phy conf is good enough for our purposes.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wl18xx_conf_phy represents part of the FW native wl18xx_mac_and_phy_params
structure. Remove it and replace the phy part of the wl18xx conf with the
FW bound structure. This allows us to set/override all members.
Increment the wlconf version to ensure compatibility with the new
structure
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Aligned to the struct in FW 8.2.0.0.91 and updated the debugfs entries
accordingly.
Signed-off-by: Ido Reis <idor@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Instead of using the hardcoded configuration structure, try to read it
from a "firmware" file called wl18xx-conf.bin. If the file doesn't
exist, fall back to the hardcoded version. If the file exists but is
illegal, bail out.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Since we are now going to export the conf structure and read it from a
file, it should be packed to avoid surprises with padding bytes.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Since we will export the conf structure as a file, we need to use well
defined types. Instead of using enum, whose size may vary, use u8 for
bcn_filt_mode instead.
Signed-off-by: Luciano Coelho <coelho@ti.com>
The conf structure is going to be exported to a file, so we should use
only well defined types. bool is not well defined and may vary from
platform to platform, so change the host_fast_wakeup_support type to
u8 instead.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Instead of parsing all the binary data returned by the firmware, we
should simply export the binary and let the userspace do the parsing.
This commit adds a new file to debugfs to do that.
Signed-off-by: Luciano Coelho <coelho@ti.com>
This patch calls ACX_CLEAR_STATISTICS to clear the firmware
statistics. The trigger is a new debugfs file called
clear_fw_statistics in the fw_stats directory.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Add control over several conf fields which combined
control the rx interrupt pacing mechanism, that is avoiding
getting an interrupt following a single frame rx but instead
have the FW trigger the interrupt only after a certain
amount of frames received or a timeout.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The current debugfs code contains too much code duplication
of bolierplate code. Add some macro magic to avoid this and
enable adding new debugfs entries by using just a few lines.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Add support for an external 26 MHz crystal source.
[Changed wl->ref_clock to priv->ref_clock -- Luca.]
Signed-off-by: Grant Erickson <marathon96@gmail.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>