Mainline build reports:
warning: (WL12XX) selects WLCORE which has unmet direct dependencies (NETDEVICES && WLAN && WL_TI && GENERIC_HARDIRQS && MAC80211 && INET)
The INET dependency was added in commit
3c6af5b54fe74b6e56efadc22927e4055d00e9fc:
wl1271_main.c:(.text+0x271052): undefined reference to `unregister_inetaddr_
notifier'
wl1271_main.c:(.text+0x2714d7): undefined reference to `register_inetaddr_no
tifier'
Driver is doing some filtering based on IP addresses...
but this driver no longer has that code and it builds fine even when
CONFIG_INET is not enabled, so drop that dependency and eliminate the
kconfig warning message.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Cc: Luciano Coelho <luciano.coelho@nokia.com>
Cc: John W. Linville <linville@tuxdriver.com>
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
commit 7a532fe713
ath9k_hw: fix interpretation of the rx KeyMiss flag
This commit used the rx key miss indication to detect packets that were
passed from the hardware without being decrypted, however it seems that
this bit is not only undefined in the static WEP case, but also for
dynamically allocated WEP keys. This caused a regression when using
WEP-LEAP.
This patch fixes the regression by keeping track of which key indexes
refer to CCMP keys and only using the key miss indication for those.
Reported-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix multiple remotely-exploitable stack-based buffer overflows due to
the NCI code pulling length fields directly from incoming frames and
copying too much data into statically-sized arrays.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Cc: stable@kernel.org
Cc: security@kernel.org
Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Cc: David S. Miller <davem@davemloft.net>
Acked-by: Ilan Elias <ilane@ti.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The code is fine in both cases as-is, but we can
write it slightly differently to fix smatch/sparse
complaints:
* compare the skb pointer (which we use as a cookie)
by casting the skb to unsigned long rather than the
cookie to a pointer (fixes "different address spaces")
* when transmitting, data->channel must be assigned,
don't check it (fixes "dereferenced before check")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
I saw that when the watchdog triggers, the packets do go
through if we wait enough time. So we still have an issue
where packets are blocked in the Tx queue for a short while
and this needs to be debugged separately. For now, don't
restart the driver when it is not needed.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The dwell time for scanning is currently limited
so that it fits into the timings inside the ucode
when that is tracking DTIM/beacon periods for the
AP(s) it's connected to.
However, when it's connected to two APs, those
may be in lockstep, for example if they both have
a DTIM interval of 100 TU, then one could be 50
TU after the other, leaving only 50 TU free to
be used by scanning.
Since we can't know how far apart they are the
only option is to restrict to 1/2 of the minium
of the two APs.
In theory, it would be possible to not use 1/2 of
the minimum but take into account that if they
have different intervals then there will be a bit
more time since they can't be in lockstep, but as
they will have 100 TU intervals in practice that
complex calculation will probably just result in
hard-to-find bugs.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
__get_str() is identical to (char *)__get_dynamic_array()
that is in the code now, substitute __get_str to make the
code more readable.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's one message that goes just over the
limit of 100 characters, so bump the limit to
110 to get rid of the warning from that.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the op_mode defines the queue mapping, let it do it
completely through the API functions.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
It can be very useful to have all debug messages
available when debugging, but hard to correlate
between different sources, so add a trace event
for all mac80211 debug messages.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There are a few things that make the logging and
debugging in mac80211 less useful than it should
be right now:
* a lot of messages should be pr_info, not pr_debug
* wholesale use of pr_debug makes it require *both*
Kconfig and dynamic configuration
* there are still a lot of ifdefs
* the style is very inconsistent, sometimes the
sdata->name is printed in front
Clean up everything, introducing new macros and
separating out the station MLME debugging into
a new Kconfig symbol.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Take the mutex early in the resume handler and use the locked version of
the IRQ routine. This ensures any recoveries queued will only take place
after resume has fully completed.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Separate the threaded IRQ handling routine into two functions.
The outer function takes the mutex and calls recovery on errors. It also
performs a Tx-path optimization to avoid redundant works.
The inner function is simplified - all calls to recovery are removed and
it assumes the lock is taken. The locked variant will be reused elsewhere.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Propagate some missing return values for Rx-filter related functions.
This and makes sure we always fail the suspend in case of SDIO errors.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
If an error is detected after mac80211 is already suspended, the recovery
work will not be queued. This will leave the driver in a bad state on
resume.
Detect this in the resume op and re-queue a recovery.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Set a flag and after the first read/write failure is encountered.
This flag will disallow further SDIO read/writes until op_stop() is
executed, which will clear all flags.
This prevents further errors from occurring, since one error usually
indicates that IO operations won't work anymore until the chip is
rebooted. By blocking more calls, we avoid extra timeouts and having
to wait for them to occur.
[Added second paragraph explaining why the change is needed. -- Luca]
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
We wish to postpone suspend if recovery is pending. This will make sure
the FW is in a good state and perform wowlan wakeup.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Applications running in the user space needs access to the
memory of the chip. Examples of such access
- read/write global variables
- access to firmware log
- dump memory after firmware panic event
Arbitrary 4-bytes aligned location can be accessed by
read/write file wlcore/mem
[Check return value of wlcore_raw_read/write and wlcore_set_partition
calls as required by the recent IO changes. -- Luca]
Signed-off-by: Arkady Miasnikov <a-miasnikov@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
When running in AP mode, the driver reports all deletions from CAM in
a cryptic manner that makes users think it is an error. change so that
the condition is only reported at higher-levels of debugging.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rename mrcCCKOff for better code readability and also fixes
the smatch warning.
drivers/net/wireless/ath/ath9k/ar9003_phy.c:982
ar9003_hw_ani_control() Error invalid range 1 to 0.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In the function brcms_c_regd_init() the channels are validated
against the device capabilities. This is done for both 2.4G and
5G band, but there are devices that are 2.4G only, ie. BCM4313.
For that device this leads to a NULL dereference. This patch adds
a check in brcms_c_regd_init() to fix this.
Issue introduced in wireless-next tree by following commit:
cf03c5d brcm80211: smac: inform mac80211 of the X2 regulatory domain
Cc: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fixes problem detected in linux-next build for powerpc
allyesconfig. The error message below is no longer observed:
CC drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.o
drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c: In function 'brcmf_sdio_dump_console':
drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c:3085: error: implicit declaration of function 'vzalloc'
drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c:3085: warning: assignment makes pointer from integer without a cast
drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c:3113: error: implicit declaration of function 'vfree'
make[2]: *** [drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.o] Error 1
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
FW will not explicitly notify about host sleep activation to the
host for USB and PCIe chipsets. Hence host should generate Host
Sleep Activated event as soon as Host Sleep parameters are
configured to FW successfully.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This is a flaw in recently implemented logic to handle Tx traffic
and scan operation simultaneously. We missed to wakeup main thread
to handle Tx traffic if scan is delayed/aborted.
For some cards (SD8797, for example), firmware will send SLEEP event
if there is no activity for 50msec. While handling the SLEEP event,
main thread will be woken up and Tx packet gets sent hence. In worst
case Tx traffic will be delayed for 50msec.
For other cards, such as USB8797, firmware won't send SLEEP event.
So, Tx traffic gets stuck if no other event triggers the wakeup of
main thread.
This patch fixes above issues.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Add support for parsing WPA IE from beacon parameter of
cfg80211_ap_settings and set it to FW.
WPA/WPA2 mixed mode is supported with this patch.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
skb allocated during initialisation is reused for receiving
commands/events by USB interface. We miss to reset skb->data in
failure cases. This patch takes care of it.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch ensures uniformity in event skb sent by interface code
(USB/PCIe/SDIO) which automatically fixes following bugs.
1) For USB interface, same buffer is reused for receiving cmd and
events from firmware. While handling events, we perform
skb_pull(skb, 4) to remove event header. Corresponding skb_push()
call is missing while submitting the buffer.
2) For PCIe interface, event skb is passed with event header.
Recently added uAP events EVENT_UAP_STA_ASSOC, EVENT_UAP_STA_DEAUTH
will not work for PCIe, as they assume event skb points to event body.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
After association, STA will go through eapol handshake with WPS
enabled AP. It's observed that WPS handshake fails with some 11n
AP. The reason for the failure is that the eapol packet is sent
via 11n frame aggregation.
The eapol packet should be sent directly without 11n aggregation.
This patch fixes the problem by adding WPS session control while
dequeuing Tx packets for transmission.
Cc: "3.4.y" <stable@vger.kernel.org>
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently we check the sequence number of last packet received
against start_win. If a sequence hole is detected, start_win is
updated to next sequence number.
Since the rx sequence number is initialized to 0, a corner case
exists when BA setup happens immediately after association. As
0 is a valid sequence number, start_win gets increased to 1
incorrectly. This causes the first packet with sequence number 0
being dropped.
Initialize rx sequence number as 0xffff and skip adjusting
start_win if the sequence number remains 0xffff. The sequence
number will be updated once the first packet is received.
Cc: "3.0.y, 3.1.y, 3.2.y, 3.3.y, 3.4.y" <stable@vger.kernel.org>
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
For better debugging, we would like to have
the sdata pointer available later, so pass
it into these functions.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The TKIP code hasn't been changed in a very long
time, so it seems unlikely that anyone really has
a need for the TKIP debug code. Remove it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
All io functions' return values should be propagated and handled. Add a
__must_check annotation to verify that the return values are checked and
to avoid future mistakes.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Propagate errors from wl1271_read_hwaddr. This function is only used
when reading the FW log (following a recovery), so don't read the FW log
in case of a bus error.
Also rename prefixes of wlcore functions which their prototypes had to
be changed.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Propagate errors from wl1271_raw_write32 and request for recovery when
appropriate.
Also rename prefixes of wlcore functions which their prototypes had to
be changed.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Propagate errors from wl1271_raw_read32. Since the read functions had no
way of returning errors in-band, change their prototypes.
Also rename prefixes of wlcore functions which their prototypes had to
be changed.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Propagate errors from wl1271_write and request for recovery when
appropriate.
Also rename prefixes of wlcore functions which their prototypes had to
be changed.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Propagate errors from wl1271_read and request for recovery when
appropriate.
Also rename prefixes of wlcore functions which their prototypes had to
be changed.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wlcore_raw_read_data is called when the FW status is read which happens
while handling interrupts and when the FW log is read following a
recovery. Request a recovery in the former case, and don't read the FW
log in case the FW status read failed.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Make wl1271_raw_write and wl1271_raw_read return errors so the driver
could handle these appropriately.
Since the prototype has changed, also rename the prefix of these
functions to wlcore.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
While bus operations may fail, either due to HW or FW issues, these are
never propagated to higher layers. As a result, the core driver has no
way of knowing that the operations failed, and will only recover if high
level logic requires it (e.g. no command completion).
Change read/write bus operations to return errors to let higher layer
functionality handle these.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
In case a recovery is initiated, the FW can no longer be trusted, and
the driver should not handle any new FW events.
Disable the interrupt handler when a recovery is scheduled and balance
it back in the op_stop callback.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wl12xx_sdio_power_off() manually powers down the card regardless of the
runtime pm state. If wl12xx_sdio_power_on() is called before the card
was suspended by runtime PM, it will not power up the card.
As part of the HW detection, the chip's power is toggled. Since this
happens in the context of probing sdio, the power reference counter will
be higher than zero. As a result, when wl12xx_sdio_power_off() is
called, the chip will be powered down while still having a positive
power reference counter. If the interface is quickly activated, the
driver might try to transfer data to a powered off chip.
Fix this by ensuring that wl12xx_sdio_power_on() explicitly powers on
the chip in case runtime pm claims the chip is already powered on. To
avoid cases in which it is not possible to determine if the chip was
really powered on (card's power reference counter is positive), operate
on the mmc_card instead of the function.
Also verify that the chip is indeed powered on before powering off, to
avoid wrong reference counter values in error cases.
Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
ieee80211_set_disassoc() clears ifmgd->bssid before
building DELBA frames, resulting in frames with invalid
bssid ("00:00:00:00:00:00").
Fix it by clearing ifmgd->bssid only after building
all the needed frames.
After this change, we no longer need to save the
bssid (before clearing it), so remove the local array.
Reported-by: Ido Yariv <ido@wizery.com>
Cc: stable@vger.kernel.org
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Randy Dunlap