If we pick a high value for "offset" then it could lead to an integer
overflow and we would get past the check for:
if (offset + len > buflen) { ...
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
These variables can never be less than zero because we cap them in
get_device_pmkids(). Let's make them unsigned here because it's simpler
to not have to worry about negative numbers when we read the code.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
We never use the "len" variable.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If "offset" is negative then we can get past this check:
if (offset > CONTROL_BUFFER_SIZE)
Or if we pick a very high "req_ie_len" then we can get around the check:
if (offset + req_ie_len > CONTROL_BUFFER_SIZE)
I made "resp_ie_len" and "req_ie_len" unsigned. I don't know if it was
intentional that they were signed in the original.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mesh peer links are established only if average rssi of the peer
candidate satisfies the threshold. This is not in 802.11s specification
but was requested by David Fulgham, an open80211s user. This is a way to avoid
marginal peer links with stations that are barely within range.
This patch adds a new mesh configuration parameter, mesh_rssi_threshold. This
feature is supported only for hardwares that report signal in dBm.
Signed-off-by: Ashok Nagarajan <ashok@cozybit.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When using the bcm5354 (Soc with integrated LP-PHY Wifi) with a recent
firmware >= 478.104 it runs out of memory after a very short time in
OpenWrt after doing an active scan or any thing else where packages are
send. This was cased by a gpio misconfiguration, the firmware triggered
the GPIO pins used for buttons on some devices and that caused an other
driver (OpenWrt diag) listening for these buttons irqs to send many
messages to the user space.
This patch fixes the bug for my devices (Asus WL-520GU) and makes it
work with firmware 666.2. Now the firmware just uses LED GPIO pin
number 1 and not the button pins any more.
This is the GPIO Pin layout used on my device, see [0].
GPIO pin layout:
pin# name type
0 power led
1 wlan led
2 reset button
3 ses buttom
This is the nvram configuration output of "nvram show |grep gpio"
related nvram configuration:
wl0gpio2=11
wl0gpio3=11
wl0gpio0=11
wl0gpio1=0x02
reset_gpio=2
[0]: https://dev.openwrt.org/browser/trunk/package/broadcom-diag/src/diag.c
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
this does the same thing as the previous code
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
its better to zero initialize the 'valid_phy_rate_idx' array completely
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
According to Section Y.7.4 Actions on receipt of proactive RANN, an individually
addressed PREQ should be generated towards the neighbor peer mesh STA indicated
in the RANN Sender Address field in the forwarding information.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently if valid SSID list is provided in scan request, driver
performs specific SSID scan otherwise wildcard scan is chosen.
When wpa_supplicant provides valid SSID list followed by
zero-length SSID for wildcard scan, only specific SSID scan is
performed by driver. Actually driver is expected to do both type
of scanning in this case. The patch fixes this issue.
Also, use SSID list pointer provided by stack directly, instead
of copying SSID's to local structure.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Use struct cfg80211_ssid available in include/net/cfg80211.h
instead of having similar definition in driver.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
1. Driver and firmware do not support 22Mbps and 72Mbps bitrates.
Remove them from the rate table advertised to cfg80211.
2. First 4 rates from mwifiex_rates table are not valid for
5GHz/A band. Set correct bitrate array's index and no of rates for
ieee80211_supported_band for 5GHz band.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On SoCs the sprom is often stored in nvram in the flashchip. This patch
registers a sprom fallback callback handler in bcma and provides the
sprom needed for this device.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Move the sprom parsing from nvram into sprom.c. There are all values
needed for sprom version 1 to 9 read from nvram and there are more
sanity checks added. This is based on the sprom parsing in the open
source part of the Broadcom SDK.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Explicitly enforce an char array of 6 bytes for the mac address.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On SoCs the sprom is stored in the nvram in a special partition on the
flash chip. The nvram contains the sprom for the main bus, but
sometimes also for a pci devices using bcma. This patch makes it
possible for the arch code to register a function to fetch the needed
sprom from the nvram and provide it to the bcma code.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This function is needed by the bcm47xx arch code to get the number of
the ieee80211 core.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch extends the sprom struct to contain all sprom attributes
found in sprom version 1 to 9. This was done accordingly to the open
source part of the Broadcom SDK.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This member contains the country code encoded with two chars
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On sprom version 4 and 5 there are 4 values for pa_2g, pa_5gl, pa_5g
and pa_5gh, for sprom version 8 and 9 there are only 3. Make the per
path sprom store also work for older sprom versions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
There is no 2.4 GHz or 5GHz antenna gain stored in sprom. The sprom
just stores the gain values for antenna 1 and 2 or 1 to 4 for more
recent sprom versions. On old devices antenna 2 was used for 5 GHz wifi.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Some parts of the sprom struct are bigger than needed.
The leddc and maxpwr values are just 8 bit long and not 16.
rxpo2g and rxpo5g are signed
I got these information for the open source part of the Broadcom SDK
covering sprom version 1 to 9. rxpo2g contained a negative number on my
bcm5354 based device, this cased an error and Broadcom SDK says this is
signed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Not doing so could cause the tx status queue to overflow during longer
periods of time without non-beacon tx. These events are also required
for proper drv_tx_last_beacon handling.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since AR9003 uses a global tx status queue, processing tx status outside of
the regular tx tasklet is dangerous and messes up hardware/software
synchronization of tx status events.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The approach of this change is flawed, as it triggers tx status processing
from more callsites, yet the chips only have one global tx status queue.
Subsequent patches will properly fix the issue that this one tried to address.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When authentication type is configured to NL80211_AUTHTYPE_AUTOMATIC,
driver tries to connect using open mode. The association is failed
if AP is configured in shared mode.
This patch adds code to try association using shared mode as well if
open mode association fails.
Now since we returned exact error code in association response handler
(instead of -1), corresponding changes are done in
mwifiex_process_cmdresp().
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Add a flag to indicate we initiated a recovery work
on purpose, in order to avoid triggering BUG() (when
the bug_on_recovery module param was set).
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
We didn't update the beacon interval on association
(or on a change notification when working as sta),
so the default interval (100ms) was always used.
Update the beacon interval according to the bss_conf
before starting the sta role (on association).
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
return EBUSY on scan when there is any role
in ROC (not necessarily the one we are going
to use)
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Currently, CHANGE_CHANNEL indication while
associated is considered as roaming attempt.
However, with the new auth/assoc redesign,
we no longer have to handle this case,
so remove it.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
In some cases, the wrong vif type was set in the
change_interface callback (P2P_CLIENT/P2P_GO instead
of STA/AP)
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The sesssion_counter has to be incremented each time
the dev is started (similar to sta role).
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wl12xx currently looks for AP authorization by registering
a netdev notifier and waiting for the IF_OPER_UP notification,
which is quite cumbersome.
Use the newly introduced sta_state callback (waiting
for assoc -> auth notification) instead, in order to
simplify it.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Implement sta_state callback instead of the
sta_add/remove callbacks.
Update the fw regarding peer state and ht caps
only after the station was authorized. Otherwise,
the fw might try establishing BA session before
the sta is authorized.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
On disassociation, check only whether the current vif
is idle, instead of checking whether the device is idle.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
device role is used for scanning and sending packets
before connection. however, since we don't need to
send packets before ibss creation, there is no need
to start the device on idle-off.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
That commit intended for 3.4 renamed IEEE80211_TX_CTL_POLL_RESPONSE as
IEEE80211_TX_CTL_NO_PS_BUFFER. Meanwhile, "carl9170: fix frame delivery
if sta is in powersave mode" added a reference to
IEEE80211_TX_CTL_POLL_RESPONSE in the fixes stream for 3.3. This simple
patch fixes that merge boo-boo.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Previous RX error checking was done exclusive-or for different error
types and caused DFS pulse events to be dropped when other error
flags (e.g. CRC) were set simultaneously.
This patch decouples PHY error processing from other types and ensures
that all pulses detected by HW are accounted by the pattern detector.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Remove the enum il4965_calib_enabled_state because it is not used.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Remove the enum il_calib. It defined one identifier: IL_CALIB_MAX.
Remove the function il4965_calib_free_results. It was doing nothing
because IL_CALIB_MAX is zero. Next, remove calib_results from the
il_priv structure and also remove the associated return
type/struct il_calib_result.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since the menuconfig system doesn't indent the debug options
for the 3945 /4965, add some text to make it clear which
debug options are being configured.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Move the debug options so they appear below the 3945 / 4965 options.
Signed-off-by: Greg Dietsche <Gregory.Dietsche@cuw.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This renames the IEEE80211_TX_CTL_POLL_RESPONSE
TX flag to IEEE80211_TX_CTL_NO_PS_BUFFER and also
uses it for non-bufferable MMPDUs (all MMPDUs but
deauth, disassoc and action frames.)
Previously, mac80211 would let the MMPDU through
but not set the flag so drivers supporting some
hardware aids for avoiding the PS races would
then reject the frame.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Instead of defining an 'enum', we can simply use 'u8' flag for WEP
status. Rename 'wep_status' to 'wep_enabled' to match with
'wpa_enabled' and 'wpa2_enabled'.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
It should have been removed by commit "mwifiex: use cfg80211 dynamic
scan..." (7c6fa2a843..) after adding code to avoid an extra scan
during association because scan entries are valid for 15 seconds in
cfg80211 stack.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The association sequence looks (roughly) like
this now:
* set BSSID
* set station to EXIST state
* send auth
* set station to AUTH state
* send assoc
* set station to ASSOC state
* set BSS info to associated
In contrast, the deauth/disassoc sequence is
the other way around:
* clear BSSID/BSS info state
* remove station
* send deauth/disassoc
(in some cases the last two steps are reversed.)
This patch encodes the entire sequence in the
ieee80211_set_disassoc() function and changes
it to be like this, for good measure with an
explicit flush:
* send deauth/disassoc
* flush
* remove station
* clear BSSID/BSS info state
At least iwlwifi gets confused with the other
sequence in P2P mode and complains that it
wasn't able to flush the queues.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter