Commit Graph

644 Commits

Author SHA1 Message Date
Mohammed Shafi Shajakhan 9d0e2f0772 ath6kl: Fix invalid pointer access on fuzz testing with AP mode
In our Fuz testing, reference client corrupts the dest mac to "00:00:00:00:00:00"
in the WPA2 handshake no 2. During driver init the sta_list entries mac
addresses are by default "00:00:00:00:00:00". Driver returns an invalid
pointer (conn) and the drver shall crash, if rxtids (aggr_conn)
skb queues are accessed, since they would not be initialized.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-08-07 10:58:59 +03:00
Vasanthakumar Thiagarajan f32036e823 ath6kl: Fix race in heart beat polling
Make sure to cancel heart beat timer before
freeing wmi to avoid potential NULL pointer
dereference.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-08-07 10:53:36 +03:00
John W. Linville 3100cdd8bf Merge branch 'for-linville' of git://github.com/kvalo/ath6kl 2013-06-13 13:33:39 -04:00
Antonio Quartulli bfd634d01e ath6kl: make mgmt_tx accept a NULL channel
cfg80211 passes a NULL channel to mgmt_tx if the frame has
to be sent on the one currently in use by the device.
Make the implementation of mgmt_tx correctly handle this
case

Cc: Nicolas Cavallari <Nicolas.Cavallari@lri.fr>
Acked-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-06-11 15:01:36 +02:00
Johannes Berg 964dc9e2c3 cfg80211: take WoWLAN support information out of wiphy struct
There's no need to take up the space for devices that don't
support WoWLAN, and most drivers can even make the support
data static const (except where it's modified at runtime.)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-06-03 18:43:34 +02:00
Geert Uytterhoeven 37291fc612 ath6kl: Unify sg_sz and buf_sz in ath6kl_sdio_alloc_prep_scat_req()
sg_sz and buf_sz are initialized and used in a mutual exclusive way.
However, some versions of gcc are not smart enough to see this:

drivers/net/wireless/ath/ath6kl/sdio.c: In function ‘ath6kl_sdio_alloc_prep_scat_req’:
drivers/net/wireless/ath/ath6kl/sdio.c:338: warning: ‘sg_sz’ may be used uninitialized in this function

Unify the sg_sz and buf_sz variables into a single size variable to kill
the compiler warning.

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-06-01 15:16:33 +03:00
Mohammed Shafi Shajakhan 8c40e4e0e1 ath6kl: Fix a suspend/resume crash in AR6004 USB
cfg80211 suspend/resume callbacks are not yet implemented
for AR6004 USB. Introduce dummy handlers for these to avoid
NULL pointer dereference.

Cc: Sivanesan Rajapupathi <c_srajap@qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-06-01 15:14:41 +03:00
Mohammed Shafi Shajakhan 0b3d3ff15f ath6kl: Rename USB driver's suspend/resume/reset_resume
Rename USB driver's suspend/resume/reset_resume callbacks
with 'pm' prefix. This is necessary to differentiate it from
cfg80211/hif suspend/resume/reset_resume callbacks.

Cc: Sivanesan Rajapupathi <c_srajap@qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-06-01 15:14:40 +03:00
Andy Shevchenko ade9833074 wireless: ath6kl: re-use native helper to parse MAC
There is native mac_pton() function which helps to parse MAC.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-06-01 15:11:52 +03:00
Raja Mani ab1ef14116 ath6kl: Check wmi ready event status before validating abi version
There is no point to check firmware ABI version when the driver
fails to wait for WMI_READY event during the boot time.

For such failures, the driver should assume the firmware is not
booted and start doing cleanup.

Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-06-01 15:08:46 +03:00
Kalle Valo 0d4e67174b ath6kl: fix size_t printf warnings
My new tracing code for ath6kl introduced these warnings on 64-bit:

trace.h:38:1: warning: format '%d' expects argument of type 'int',
	but argument 4 has type 'size_t' [-Wformat]
trace.h:61:1: warning: format '%d' expects argument of type 'int',
	but argument 4 has type 'size_t' [-Wformat]
trace.h:84:1: warning: format '%d' expects argument of type 'int',
	but argument 6 has type 'size_t' [-Wformat]
trace.h:119:1: warning: format '%d' expects argument of type 'int',
	but argument 7 has type 'size_t' [-Wformat]
trace.h:173:1: warning: format '%d' expects argument of type 'int',
	but argument 3 has type 'size_t' [-Wformat]
trace.h:193:1: warning: format '%d' expects argument of type 'int',
	but argument 5 has type 'size_t' [-Wformat]
trace.h:221:1: warning: format '%d' expects argument of type 'int',
	but argument 5 has type 'size_t' [-Wformat]

Fix them by using %zd.

Reported-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-03-20 08:55:26 -04:00
John W. Linville 345fb3f8ef Merge tag 'for-linville-20130318' of git://github.com/kvalo/ath6kl 2013-03-18 16:34:55 -04:00
Mohammed Shafi Shajakhan 243c028099 ath6kl: Fix a debugfs crash for USB devices
Credit distribution stats is currently implemented
only for SDIO. This fixes a crash in debugfs for
USB interface.

BUG: unable to handle kernel NULL pointer dereference at   (null)
IP: [<f91c2048>] read_file_credit_dist_stats+0x38/0x330 [ath6kl_core]
*pde = b62bd067
Oops: 0000 [#1] SMP

EIP: 0060:[<f91c2048>] EFLAGS: 00210246 CPU: 0
EIP is at read_file_credit_dist_stats+0x38/0x330 [ath6kl_core]
EAX: 00000000 EBX: e6f7a9c0 ECX: e7b148b8 EDX: 00000000
ESI: 000000c8 EDI: e7b14000 EBP: e6e09f64 ESP: e6e09f30
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process cat (pid: 4058, ti=e6e08000 task=e50cf230 task.ti=e6e08000)
Stack:
00008000 00000000 e6e09f64 c1132d3c 00004e71 e50cf230 00008000 089e4000
e7b148b8 00000000 e6f7a9c0 00008000 089e4000 e6e09f8c c11331fc e6e09f98
00000001 e6e09f7c f91c2010 e6e09fac e6f7a9c0 089e4877 089e4000 e6e09fac

	Call Trace:
	[<c1132d3c>] ? rw_verify_area+0x6c/0x120
	[<c11331fc>] vfs_read+0x8c/0x160
	[<f91c2010>] ? read_file_war_stats+0x130/0x130 [ath6kl_core]
	[<c113330d>] sys_read+0x3d/0x70
	[<c15755b4>] syscall_call+0x7/0xb
	[<c1570000>] ? fill_powernow_table_pstate+0x127/0x127

Cc: Ryan Hsu <ryanhsu@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 14:09:40 +02:00
Andrei Epure a41d9a91e3 ath: changed kmalloc to kmemdup
Signed-off-by: Andrei Epure <epure.andrei@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 14:08:20 +02:00
Myoungje Kim 6a3e4e06a1 ath6kl: Fix the byte alignment rule to avoid loss of bytes in a TCP segment
Either first 3 bytes of the first received tcp segment or last one
over MTU size file can be loss due to the byte alignment problem.
Although ATH6KL_HTC_ALIGN_BYTES was defined for 'extra bytes for htc header
alignment' in the patch "Fix buffer alignment for scatter-gather
I/O"(1df94a857), there exists the bytes loss issue which means that it will be
truncated 3 bytes in the transmitted file contents if a file which has over MTU
size is transferred through TCP/IP stack.  It doesn't look like TCP/IP stack
bug of 3.5 or the latest version of kernel but the byte alignment issue.  This
patch is to use the roundup() function for the byte alignment rather than the
predefined ATH6KL_HTC_ALIGN_BYTES.

kvalo: fixed indentation

Signed-off-by: Myoungje Kim <mjei78@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:54:06 +02:00
Kalle Valo 15ac0778a6 ath6kl: remove false check from ath6kl_rx()
Dan found a check from ath6kl_rx() which doesn't make any sense at all:

"  1327          if (status || !(skb->data + HTC_HDR_LENGTH)) {
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^
skb->data is a pointer.  This pointer math is always going to be false.
Should it be testing "packet->act_len < HTC_HDR_LENGTH" or something?"

I don't know what the check really was supposed to do, but I think Dan's guess
is right. Fix it accordingly.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:50:19 +02:00
Kalle Valo 99089ab756 ath6kl: add an extra band check to ath6kl_wmi_beginscan_cmd()
Dan reported that smatch found a possible issue in ath6kl_wmi_beginscan_cmd()
where we might access sc->supp_rates beyond the end. It shouldn't happen as
ar->wiphy->bands always have just the first two bands set, but add an extra
check just to be sure.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:50:19 +02:00
Kalle Valo aa8705fc65 ath6kl: add tracing support to debug message macros
Now all log messages are sent through the tracing infrastruture as well.
Tracing point doesn't follow debug_mask module parameter, instead it sends
all debug messages, so once you enable ath6kl_log_dbg tracing point you will
get a lot of messages. Needs to be discussed if this is sensible or not.
The overhead should be small enough and we anyway include debug level as
well so it's easy to filter in user space.

I wasn't really sure what to do with ath6kl_dbg_dump() and for now decided
that it also sends the buffer to user space. But most likely in the future
ath6kl_dbg_dump() should go away in favor of using proper tracing points, but
we will see.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:44:43 +02:00
Kalle Valo da01d53cfb ath6kl: add tracing support to log functions
All log messages are now sent through tracing interface as well if
ATH6KL_TRACING is enabled.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:44:16 +02:00
Kalle Valo d470b4bcc1 ath6kl: convert ath6kl_info/err/warn macros to real functions
After this it's cleaner to add trace calls.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:42:21 +02:00
Kalle Valo 4771979aab ath6kl: adding tracing points for htc_mbox
Add tracing points for htc layer, just dumping the packets to user space.
I wasn't really sure what to do with the status value, it might not always
be accurate, but I included it anyway.

I skipped htc_pipe (and usb) implementation for now. Need to add those
tracepoints later.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:42:21 +02:00
Kalle Valo d57f093aab ath6kl: add tracing point for hif irqs
Add a tracing point for hif irq and dump the register content to user space.
This is in hif.c as we could use the same code also with SPI but, as ath6kl
doesn't SPI and most likely never will be, this is used just by SDIO so
name the trace point as ath6kl_sdio_irq to make it easier to manage filters.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:42:21 +02:00
Kalle Valo e60c81543f ath6kl: add tracing points for sdio transfers
Add tracing points for sdio transfers, just dump the address, flags and the
buffer.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:42:20 +02:00
Kalle Valo 416cf0b49e ath6kl: add tracing support and tracing points for wmi packets
Add basic tracing infrastructure support to ath6kl and which can be
enabled with CONFIG_ATH6KL_TRACING.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:42:20 +02:00
Kalle Valo 44af34428d ath6kl: cold reset target after host warm boot
Julien reported that ar6004 usb device fails to initialise
after host has been rebooted and power is still on for the ar6004 device. He
found out that doing a cold reset fixes the issue.

I wasn't sure what would be the best way to detect if target needs a reset so I
settled on checking a timeout from htc_wait_recv_ctrl_message().

Reported-by: Julien Massot <jmassot@aldebaran-robotics.com>
Tested-by: Julien Massot <jmassot@aldebaran-robotics.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:38:37 +02:00
Kalle Valo 4e1609c9ee ath6kl: fix usb related error handling and warnings
It was annoying to debug usb warm reboot initialisation problems as many usb
related functions just ignored errors and it wasn't obvious from the kernel
logs what was failing. Fix all that so that error messages are printed and
errors are handled properly.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:37:46 +02:00
Kalle Valo ec1461dc30 ath6kl: cleanup ath6kl_reset_device()
Move it to init.c, make it static, remove all useless checks and force it to
always do cold reset.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:37:46 +02:00
Kalle Valo e72c27464c ath6kl: print firmware capabilities
Printin the  firmware capabilities during the first firmware boot makes it easier to find out what
features firmware supports.

Obligatory screenshot:

[21025.678481] ath6kl: ar6003 hw 2.1.1 sdio fw 3.2.0.144 api 3
[21025.678667] ath6kl: firmware supports: sched-scan,sta-p2pdev-duplex,rsn-cap-override

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-18 13:37:11 +02:00
Dan Carpenter 1fdc7fe18e ath6kl: small cleanup in ath6kl_htc_pipe_rx_complete()
It's harmless, but Smatch complains if we use "htc_hdr->eid" before
doing the bounds check.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-09 09:34:47 +02:00
John W. Linville 3d5c203272 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-03-08 15:52:21 -05:00
Dan Carpenter f6baf153ee ath6kl: small cleanup in ath6kl_htc_pipe_rx_complete()
It's harmless, but Smatch complains if we use "htc_hdr->eid" before
doing the bounds check.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-03-06 16:25:48 -05:00
Johannes Berg 77ee7c891a cfg80211: comprehensively check station changes
The station change API isn't being checked properly before
drivers are called, and as a result it is difficult to see
what should be allowed and what not.

In order to comprehensively check the API parameters parse
everything first, and then have the driver call a function
(cfg80211_check_station_change()) with the additionally
information about the kind of station that is being changed;
this allows the function to make better decisions than the
old code could.

While at it, also add a few checks, particularly in mesh
and clarify the TDLS station lifetime in documentation.

To be able to reduce a few checks, ignore any flag set bits
when the mask isn't set, they shouldn't be applied then.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-03-06 16:35:40 +01:00
Mohammed Shafi Shajakhan 4ce720b6f0 ath6kl: Remove NETDEV_REGISTERED flag
Currently its no where used.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-05 09:41:54 +02:00
Mohammed Shafi Shajakhan bf97814547 ath6kl: Return error from ath6kl_bmi_done()
This addresses a FIXME in the driver.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-05 09:41:54 +02:00
Mohammed Shafi Shajakhan bc52aab380 ath6kl: Protect ath6kl_cfg80211_vif_cleanup using rtnl_locks
ath6kl_cfg80211_vif_cleanup calls 'unregister_netdevice' which
inturn calls 'unregister_netdevice_queue' and it requires holding
rtnl_lock semaphore protection.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-05 09:41:54 +02:00
Mohammed Shafi Shajakhan 0db96de625 ath6kl: Cosmetic change in checking for free vif slot
A minor optimization is done in finding the free slot
available for the new virtual interface in the firmware.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2013-03-05 09:41:53 +02:00
Linus Torvalds 06991c28f3 Driver core patches for 3.9-rc1
Here is the big driver core merge for 3.9-rc1
 
 There are two major series here, both of which touch lots of drivers all
 over the kernel, and will cause you some merge conflicts:
   - add a new function called devm_ioremap_resource() to properly be
     able to check return values.
   - remove CONFIG_EXPERIMENTAL
 
 If you need me to provide a merged tree to handle these resolutions,
 please let me know.
 
 Other than those patches, there's not much here, some minor fixes and
 updates.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iEYEABECAAYFAlEmV0cACgkQMUfUDdst+yncCQCfbmnQZju7kzWXk6PjdFuKspT9
 weAAoMCzcAtEzzc4LXuUxxG/sXBVBCjW
 =yWAQ
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-3.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core patches from Greg Kroah-Hartman:
 "Here is the big driver core merge for 3.9-rc1

  There are two major series here, both of which touch lots of drivers
  all over the kernel, and will cause you some merge conflicts:

   - add a new function called devm_ioremap_resource() to properly be
     able to check return values.

   - remove CONFIG_EXPERIMENTAL

  Other than those patches, there's not much here, some minor fixes and
  updates"

Fix up trivial conflicts

* tag 'driver-core-3.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (221 commits)
  base: memory: fix soft/hard_offline_page permissions
  drivercore: Fix ordering between deferred_probe and exiting initcalls
  backlight: fix class_find_device() arguments
  TTY: mark tty_get_device call with the proper const values
  driver-core: constify data for class_find_device()
  firmware: Ignore abort check when no user-helper is used
  firmware: Reduce ifdef CONFIG_FW_LOADER_USER_HELPER
  firmware: Make user-mode helper optional
  firmware: Refactoring for splitting user-mode helper code
  Driver core: treat unregistered bus_types as having no devices
  watchdog: Convert to devm_ioremap_resource()
  thermal: Convert to devm_ioremap_resource()
  spi: Convert to devm_ioremap_resource()
  power: Convert to devm_ioremap_resource()
  mtd: Convert to devm_ioremap_resource()
  mmc: Convert to devm_ioremap_resource()
  mfd: Convert to devm_ioremap_resource()
  media: Convert to devm_ioremap_resource()
  iommu: Convert to devm_ioremap_resource()
  drm: Convert to devm_ioremap_resource()
  ...
2013-02-21 12:05:51 -08:00
John W. Linville 9e97d14b49 Merge branch 'for-linville' of git://github.com/kvalo/ath6kl 2013-02-15 14:06:32 -05:00
John W. Linville 4fe0c75eed Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-02-12 11:06:52 -05:00
Vladimir Kondratiev 8457703f1e ath6kl: provide 64-bit per-station byte counters
Internally, 64-bit byte counters maintained for per-station
statistics. Tell to the netlink that full 64-bit value provided

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-02-11 15:34:58 -05:00
Johannes Berg 5b112d3d09 cfg80211: pass wiphy to cfg80211_ref_bss/put_bss
This prepares for using the spinlock instead of krefs
which is needed in the next patch to track the refs
of combined BSSes correctly.

Acked-by: Bing Zhao <bzhao@marvell.com> [mwifiex]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-02-11 18:44:52 +01:00
Kees Cook 33fd8fe985 drivers/net/wireless/ath/ath6kl: remove depends on CONFIG_EXPERIMENTAL
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.

CC: Kalle Valo <kvalo@qca.qualcomm.com>
Acked-by: John W. Linville <linville@tuxdriver.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-22 12:01:35 -08:00
Luis R. Rodriguez 0c0280bd0b wireless: make the reg_notifier() void
The reg_notifier()'s return value need not be checked
as it is only supposed to do post regulatory work and
that should never fail. Any behaviour to regulatory
that needs to be considered before cfg80211 does work
to a driver should be specified by using the already
existing flags, the reg_notifier() just does post
processing should it find it needs to.

Also make lbs_reg_notifier static.

Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
[move lbs_reg_notifier to not break compile]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-14 11:32:44 +01:00
Mohammed Shafi Shajakhan 6f7c1adb75 ath6kl: minor optimization using if, else if
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-11-27 21:44:28 +02:00
Mohammed Shafi Shajakhan 355b3a9820 ath6kl: Move and rename ath6kl_cleanup_vif function
Rename ath6kl_cleanup_vif function as 'ath6kl_cfg80211_vif_stop'
which is the more appropriate name considering the functionality
of the module and vif specific cleanup is actually done by
ath6kl_cfg80211_vif_cleanup. Also move it to cfg80211.c.
Also make ath6kl_cfg80211_sta_bmiss_enhance as static function.
This addresses a FIXME/TODO.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-11-27 21:44:28 +02:00
Mohammed Shafi Shajakhan eb922e4b41 ath6kl: Parse beacon interval from userspace
Parse beacon interval from userspace to
firmware. Incase the firmware does not
supports it, just print a warning message
and continue with AP settings.

Cc: Sumathi Mandipati <sumathi@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-11-27 21:44:28 +02:00
Mohammed Shafi Shajakhan 8aa659d2c9 ath6kl: trivial cleanup on interface type selection
a minor cleanup in assigning the driver specific network type
based on interface type.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-11-27 21:44:28 +02:00
Mohammed Shafi Shajakhan de2070fc4a ath6kl: Fix kernel panic on continuous driver load/unload
On continuous loading and unloading of AR6004 ath6kl USB
driver it triggers a panic due to NULL pointer dereference of
'target' pointer.

while true; do sudo modprobe -v ath6kl_core;
sudo modprobe -v ath6kl_usb; sudo modprobe -r usb;
sudo modprobe -r ath6kl_core; done

ar->htc_target can be NULL due to a race condition that can occur
during driver initialization(we do 'ath6kl_hif_power_on' before
initializing 'ar->htc_target' via 'ath6kl_htc_create').
'ath6kl_hif_power_on' assigns 'ath6kl_recv_complete' as
usb_complete_t/callback function for 'usb_fill_bulk_urb'.
Thus the possibility of ar->htc_target being NULL
via ath6kl_recv_complete -> ath6kl_usb_io_comp_work
before even 'ath6kl_htc_create' is finished to initialize
ar->htc_create.

Worth noting is the obvious solution  of doing 'ath6kl_hif_power_on'
later(i.e after we are done with 'ath6kl_htc_create', causes a
h/w bring up failure in AR6003 SDIO, as 'ath6kl_hif_power_on' is a
pre-requisite to get the target version 'ath6kl_bmi_get_target_info'.
So simply check for NULL pointer for 'ar->htc_target' and bail out.

[23614.518282] BUG: unable to handle kernel NULL pointer dereference at
00000904
[23614.518463] IP: [<c012e7a6>] __ticket_spin_trylock+0x6/0x30
[23614.518570] *pde = 00000000
[23614.518664] Oops: 0000 [#1] SMP
[23614.518795] Modules linked in: ath6kl_usb(O+) ath6kl_core(O)
[23614.520012] EIP: 0060:[<c012e7a6>] EFLAGS: 00010286 CPU: 0
[23614.520012] EIP is at __ticket_spin_trylock+0x6/0x30
Call Trace:
	[<c03f2a44>] do_raw_spin_trylock+0x14/0x40
	[<c06daa12>] _raw_spin_lock_bh+0x52/0x80
	[<f85464b4>] ? ath6kl_htc_pipe_rx_complete+0x3b4/0x4c0 [ath6kl_core]
	[<f85464b4>] ath6kl_htc_pipe_rx_complete+0x3b4/0x4c0 [ath6kl_core]
	[<c05bc272>] ? skb_dequeue+0x22/0x70
	[<c05bc272>] ? skb_dequeue+0x22/0x70
	[<f855bb32>] ath6kl_core_rx_complete+0x12/0x20 [ath6kl_core]
	[<f848771a>] ath6kl_usb_io_comp_work+0xaa/0xb0 [ath6kl_usb]
	[<c015b863>] process_one_work+0x1a3/0x5e0
	[<c015b7e7>] ? process_one_work+0x127/0x5e0
	[<f8487670>] ? ath6kl_usb_reset_resume+0x30/0x30 [ath6kl_usb]
	[<c015bfde>] worker_thread+0x11e/0x3f0
	Kernel panic - not syncing: Fatal exception in interrupt

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-11-27 21:44:27 +02:00
Mohammed Shafi Shajakhan e16ccfeefb ath6kl: remove unnecessary check for NULL skb
dev_kfree_skb kernel API itself takes for checking for NULL
skb, so an explicit check is not required.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-11-27 21:44:27 +02:00
Mohammed Shafi Shajakhan 895dc38677 ath6kl: Use standard way to assign the boolean variable
Assign 'true' to the bool variable instead of needless typecasting.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2012-11-27 21:44:27 +02:00