We were allocating the size of the NVS file struct and not checking
whether the length of the buffer passed was correct before copying it
into the allocated memory. This is a security hole because buffer
overflows can occur if the userspace passes a bigger file than what is
expected.
With this patch, we check if the size of the data passed from
userspace matches the size required.
This bug was introduced in 2.6.36.
Cc: stable@kernel.org
Reported-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The MODULE_AUTHOR() macro in the main module (wl12xx) has been updated
to reflect one of the author's new email address, but the wl12xx_spi
and wl12xx_sdio modules haven't been updated. This patches updates
them.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Set the gf_protection bit when calling ACX_HT_BSS_OPERATION according
to the GF bit passed by mac80211 in ht_operation_mode.
[Added a proper commit message -- Luca]
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Commands are sometimes sent to FW on scan completion. Make sure the chip
is awake to receive them. Sending commands while the chip is in ELP
can cause SDIO read errors and/or crash the FW.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Tests have shown that the requested number of memory blocks is
sub-optimal. Slightly modify the requested number of memory blocks for
TX.
Signed-off-by: Ido Yariv <ido@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
TX might be handled in the threaded IRQ handler, in which case, TX work
might be scheduled just to discover it has nothing to do.
Save a few context switches by cancelling redundant TX work in case TX
is about to be handled in the threaded IRQ handler. Also, avoid
scheduling TX work from wl1271_op_tx if not needed.
Signed-off-by: Ido Yariv <ido@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The interrupt of the wl12xx is a level interrupt in nature, since the
interrupt line is not auto-reset. However, since resetting the interrupt
requires bus transactions, this cannot be done from an interrupt
context. Thus, requesting a level interrupt would require to disable the
irq and re-enable it after the HW is acknowledged. Since we now request
a threaded irq, this can also be done by specifying the IRQF_ONESHOT
flag.
Triggering on an edge can be problematic in some platforms, if the
sampling frequency is not sufficient for detecting very frequent
interrupts. In case an interrupt is missed, the driver will hang as the
interrupt line will stay high until it is acknowledged by the driver,
which will never happen.
Fix this by requesting a level triggered interrupt, with the
IRQF_ONESHOT flag.
Signed-off-by: Ido Yariv <ido@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
To achieve maximal throughput, it is very important to react to
interrupts as soon as possible. Currently the interrupt handler wakes up
a worker for handling interrupts in process context. A cleaner and more
efficient design would be to request a threaded interrupt handler. This
handler's priority is very high, and can do blocking operations such as
SDIO/SPI transactions.
Some work can be deferred, mostly calls to mac80211 APIs
(ieee80211_rx_ni and ieee80211_tx_status). By deferring such work to a
different worker, we can keep the irq handler thread more I/O
responsive. In addition, on multi-core systems the two threads can be
scheduled on different cores, which will improve overall performance.
The use of WL1271_FLAG_IRQ_PENDING & WL1271_FLAG_IRQ_RUNNING was
changed. For simplicity, always query the FW for more pending
interrupts. Since there are relatively long bursts of interrupts, the
extra FW status read overhead is negligible. In addition, this enables
registering the IRQ handler with the ONESHOT option.
Signed-off-by: Ido Yariv <ido@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The SDIO bus is claimed and released for each SDIO transaction. In
addition to the few CPU cycles it takes to claim and release the bus, it
may also cause undesired side effects such as the MMC host stopping its
internal clocks.
Since only the wl12xx_sdio driver drives this SDIO card, it is safe to
claim the SDIO host once (on power on), and release it only when turning
the power off.
This patch was inspired by Juuso Oikarinen's (juuso.oikarinen@nokia.com)
patch "wl12xx: Change claiming of the (SDIO) bus".
Signed-off-by: Ido Yariv <ido@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
On newer hardware revisions, there is no need to write the host's
counter at the end of a RX transaction. The same applies to writing the
number of packets at the end of a TX transaction.
It is generally a good idea to avoid unnecessary SDIO/SPI transfers.
Throughput and CPU usage are improved when avoiding these.
Send the host's RX counter and the TX packet count only if needed, based
on the hardware revision.
[Changed WL12XX_QUIRK_END_OF_TRANSACTION to use BIT(0) -- Luca]
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The FW has a limited amount of memory for holding frames. In case it
runs out of memory reserved for RX frames, it'll have no other choice
but to drop packets received from the AP. Thus, it is important to
handle RX data interrupts as soon as possible, before handling anything
else.
In addition, since there are enough TX descriptors to go around, it is
better to first send TX frames, and only then handle TX completions.
Fix this by changing the order of function calls in wl1271_irq_work.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Frames in the tx_frames array include extra private headers, which must
be removed before passing the skbs to ieee80211_tx_status.
Fix this by removing any private headers in wl1271_tx_reset, similar to
how this is done in wl1271_tx_complete_packet.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Runtime PM might not always be enabled. Even if it is enabled in the
running kernel, it can still be temporarily disabled, for instance
during suspend. Runtime PM is opportunistic in nature, and should not be
relied on for toggling power.
In case the interface is removed and re-added while runtime PM is
disabled, the FW will fail to boot, as it is mandatory to toggle power
between boots. For instance, this can happen during suspend in case one
of the devices fails to suspend before the MMC host suspends, but after
mac80211 was suspended. The interface will be removed and reactivated
without toggling the power.
Fix this by calling mmc_power_save_host/mmc_power_restore_host in
wl1271_sdio_power_on/off functions. It will toggle the power to the chip
even if runtime PM is disabled. The runtime PM functions should still be
called to make sure runtime PM does not opportunistically power the chip
off (e.g. after resuming from system suspend).
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
In the linux-firmware git tree, the firmwares and the NVS are inside
the ti-connectivity directory. Fix the filenames that the driver
looks for accordingly.
[Fixed commit message and merged with the latest changes. -- Luca]
Signed-off-by: Sebastien Jan <s-jan@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The return value of the tx operation is commonly
misused by drivers, leading to errors. All drivers
will drop frames if they fail to TX the frame, and
they must also properly manage the queues (if they
didn't, mac80211 would already warn).
Removing the ability for drivers to return a BUSY
value also allows significant cleanups of the TX
TX handling code in mac80211.
Note that this also fixes a bug in ath9k_htc, the
old "return -1" there was wrong.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Tested-by: Sedat Dilek <sedat.dilek@googlemail.com> [ath5k]
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> [rt2x00]
Acked-by: Larry Finger <Larry.Finger@lwfinger.net> [b43, rtl8187, rtlwifi]
Acked-by: Luciano Coelho <coelho@ti.com> [wl12xx]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Update the PS mode of each link according to a bitmap polled from
fw_status. Manually notify mac80211 about PS mode changes in connected
stations.
mac80211 will only be notified about PS start when the station is in PS
and there is a small number of TX blocks from this link ready in HW.
This is required for waking up the remote station since the TIM is
updated entirely by FW.
When a station enters mac80211-PS-mode, we drop all the skbs in the
low-level TX queues belonging to this sta with STAT_TX_FILTERED
to keep our queues clean.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Count the number of FW TX blocks allocated per link. We add blocks to a
link counter when allocated for a TX descriptor. We remove blocks
according to counters in fw_status indicating the number of freed blocks
in FW. These counters are polled after each IRQ.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Remove an active hlid when chip wakeup fails. In addition rename the
involved functions.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
When operating in AP mode the wl1271 hardware filters out null-data
packets as well as management packets. This makes it impossible for
mac80211 to monitor the PS mode by using the PM bit of incoming frames.
Disable mac80211 automatic link PS-mode handling by supporting
IEEE80211_HW_AP_LINK_PS in HW flags.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Report a TX rate idx of -1 and count 0 when returning untransmitted
skbs to mac80211 using ieee80211_tx_status(). Otherwise mac80211
tries to use the returned (essentially garbage) status.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
When operating in AP-mode we require a per link tx-queue.
This allows us to implement HW assisted PS mode for links,
as well as regulate per-link FW TX blocks consumption.
Split each link into ACs to support future QoS for AP-mode.
AC queues are emptied in priority and per-link queues are
scheduled in a simple round-robin fashion.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
If a sta starts transmitting immediately after authentication, sometimes
the FW deauthenticates it. Fix this by marking the sta "in-connection"
in FW before sending the autentication response.
The "in-connection" entry is automatically removed when connection
succeeds or after a timeout.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Check the conditions for the high/low TX queue watermarks when the
spin-lock is taken. This prevents race conditions as tx_queue_count and
the flag checked are only modified when the spin-lock is taken.
The following race was in mind:
- Queues are almost full and wl1271_op_tx() will stop the queues, but it
doesn't get the spin-lock yet.
- (on another CPU) tx_work_locked() dequeues 15 skbs from this queue and
tx_queue_count is updated to reflect this
- wl1271_op_tx() does not check tx_queue_count after taking the
spin-lock and incorrectly stops the queue.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The mac_address should be set also when ht caps are disabled.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Use the standard ALIGN() macro instead of redefining similar macros.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The wl12xx fw supports ack status reporting for tx frames, so
add the IEEE80211_HW_REPORTS_TX_ACK_STATUS flag to our supported
features.
Since we do the rate control in the fw, we'll probably want
to adjust the STA_LOST_PKT_THRESHOLD heuristics in the future, to
account for retransmissions as well.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Some blocking functions were called while holding the rcu lock for
accessing STA information. This can lead to a deadlock.
Save the required info beforehand and release the rcu without
blocking.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
for debugging purposes, wl12xx determines whether a rx packet
is a beacon packet.
however, it checks only the frame_control subtype without checking
the actual packet type, which leads to false identification in some
cases.
use ieee80211_is_beacon instead.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
In revision > 6.1.3.0.0 the firmware expects memory configuration command
as part of boot. This was missing if driver boots in PLT mode.
The patch adds the memory configuration command, which fixes PLT commands
tx continuous and rx statistics.
Signed-off-by: Gery Kahn <geryk@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
ret is used to store int types. Using an u8 will break the error
handling.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The wl12xx sdio_test code uses wl12xx_get_platform_data, which is
only present when WL12*_SDIO is enabled, so make WL12XX_SDIO_TEST
depend on WL12XX_SDIO so that the needed interface will be present.
sdio_test.c:(.devinit.text+0x13178): undefined reference to `wl12xx_get_platform_data'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Luciano Coelho <luciano.coelho@nokia.com>
Cc: Roger Quadros <roger.quadros@nokia.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Instead of looking for supported_rates change on every tx packet,
just extract the supported_rates after association completes (station only).
Remove wl1271.sta_rate_set and WL1271_FLAG_STA_RATES_CHANGED which are
not used anymore.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
make the configuration management more flexible by using the
conf struct, rather than predefined macros.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
This patch adds support for the new wl12xx firmware (Rev 6.1.3.50.49)
Since this fw is not backward compatible with previous fw versions,
a new fw (with different name) is being fetched.
(the patch is big because it contains all the required fw api changes.
splitting it into multiple patches will result in corrupted intermediate
commits)
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
mcp2.5 uses this acx to configure the fw only once, rather than
passing the params in every enter psm command.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Commit 0b01f030d3 added a new argument
to the ampdu_action operation. The ampdu_action operation in the
wl12xx driver currently doesn't have that argument and this generates
a warning. This happened during merging of the latest mac80211
patches with the wl12xx BA patches.
CC [M] drivers/net/wireless/wl12xx/main.o
drivers/net/wireless/wl12xx/main.c:3035: warning: initialization from incompatible pointer type
The wl12xx driver doesn't need to do anything about the buf_size
argument since the AMPDU TX is fully handled by the firmware.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The auto-arp feature sometimes has unexpected side effects (e.g. firmware
crashes, no ARP replies, etc.)
disable it until it will be solved.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The passive scan channel dwell time currently used is 30-60TU. A typical
beacon interval for AP's is 100TU. This leads to a ~30% worst-case probability
of finding an AP via passive scanning.
For 5GHz bands for DFS frequencies passive scanning is the only scanning
option. Hence for these, the probability of finding an AP is very low.
To fix this, increase the passive channel scan dwell times (also the early
leave value, as 5GHz channels are still typically very silent.) Use a value
of 100TU, because that covers most typical AP configurations.
Based on testing the probability of finding an AP (100TU beacon interval) on
a single scan round are as follows (based on 100 iterations):
dwell min/max (TU) | probability
---------------------+------------
30/60 | 35%
60/60 | 56%
80/80 | 77%
100/100 | 100%
Total scan times now and after the change:
Region | Before (s) | After (s)
-------+------------+----------
00 | 0.77 | 1.48
FI | 0.95 | 2.01
US | 0.91 | 1.76
Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Return values were assigned to incorrect var / weren't assigned.
fix it, and defer mutex_lock after the sanity checks.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Add new ampdu_action ops to support receiver BA.
The BA initiator session management in FW independently.
Signed-off-by: Shahar Levi <shahar_levi@ti.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Add 80211n BA initiator session support wl1271 driver.
Include BA supported FW version auto detection mechanism.
BA initiator session management included in FW independently.
Signed-off-by: Shahar Levi <shahar_levi@ti.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Channel 14 is only supported in Japan (JP country code in regdb). The
FW limits tranmissions to CCK only on this channel.
Tested in both STA and AP modes to work correctly.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
In wl12xx cards AP-mode requires a separate FW file. Add this file to
the module info.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
PLT mode start/stop is controlled from userspace. When removing module, the
PLT mode state is however not checked, and not cleared. There is the possibility
of some unwanted state to left linger and there is even the possiblity of a
kernel crash if for instance IRQ work is running when the module is removed.
Fix this by stopping PLT mode on module removal, if still running.
Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The wl12xx chips do the AMDPU aggregation work in the firmware, but it
supports a maximum of 8 frames per block. Configure the mac80211 hw
structure accordingly.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Tested-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
changed the visibility of the debug_level module parameter
in the filesystem to be readable and writable to the root user.
It is now accessible under /sys/module/wl12xx/parameters
removed the debug_level debugfs file that was created under
/sys/kernel/debug/...
Signed-off-by: Guy Eilam <guy@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
We were calling ieee80211_find_sta() and the sta returned by it
without locking the RCU, which is required by mac80211.
Fix this and reorganize slightly the area of the code where the sta is
used.
Reported-by: Jonathan DE CESCO <jonathanc@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>