Before informing cfg80211 about the scan status the device should
be put back in mpc state. If done after user-space may initiate
another (scheduled) scan and fail because scan is still busy as
shown in logging below:
[ 3301.367376] brcmfmac: brcmf_fweh_event_worker event ESCAN_RESULT (69)
[ 3301.377305] brcmfmac: brcmf_fweh_event_worker version 2 flags 0 status 0
[ 3301.384993] brcmutil: event payload, len=12
[ 3301.389208] 00000000: 0c 00 00 00 6d 00 00 00 34 12 00 00
[ 3301.389214] brcmfmac: brcmf_sdio_kso_control Enter: on=0
[ 3301.402196] brcmfmac: brcmf_inform_bss scanned AP count (0)
[ 3301.407808] brcmfmac: brcmf_notify_escan_complete Enter
[ 3301.413064] brcmfmac: brcmf_notify_escan_complete ESCAN Completed scan: Done
[ 3301.420137] brcmfmac: brcmf_sdio_bus_txctl Enter
[ 3301.420368] brcmfmac: brcmf_cfg80211_sched_scan_start Enter
[ 3301.420370] brcmfmac: brcmf_cfg80211_sched_scan_start:
Scanning already: status (1)
[ 3301.440190] brcmfmac: brcmf_sdio_kso_control Enter: on=1
[ 3301.448695] brcmfmac: brcmf_sdio_tx_ctrlframe Enter
[ 3301.453662] brcmfmac: brcmf_sdio_bus_rxctl Enter
[ 3301.458326] brcmfmac: brcmf_sdio_isr Enter
[ 3301.462523] brcmfmac: brcmf_sdio_dpc Enter
[ 3301.466632] brcmfmac: brcmf_sdio_readframes Enter
[ 3301.471431] brcmfmac: brcmf_sdio_read_control Enter
[ 3301.476340] brcmfmac: brcmf_set_mpc MPC : 1
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When a regular scan does not return any networks user-space does
request a scheduled scan without any matchset or ssid. This can
not be handled by the firmware so we return -EINVAL. However, as
this request is done let us not add an error message to the log.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This issue was reported by coccicheck using the semantic patch
at scripts/coccinelle/api/memdup.cocci
Signed-off-by: Benoit Taine <benoit.taine@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
To be future-proof and for better readability the time comparisons are
modified to use time_after() instead of plain, error-prone math.
Signed-off-by: Manuel Schölling <manuel.schoelling@gmx.de>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently the driver uses HW encryption.
Whenever mac80211 calls the set_key() callback the driver restarts the
whole HW configuration procedure, in order to set (also) the new
WEP key.
However, by doing this, it causes the card to loose association information,
and the HW becomes unable to communicate with the BSS.
This patch adds support for sending another HW command, that sets only
the wep key, instead of resetting all.
Mac80211 key-set requests are thus handled via this new command.
Tested on my at76c503
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Loading the driver with DMA debugging enabled makes the kernel to complain
about the ehci driver trying to perform DMA from memory from the stack.
[ 9848.229514] WARNING: CPU: 1 PID: 627 at lib/dma-debug.c:1153 check_for_stack+0xa4/0xf0()
[ 9848.237678] ehci-pci 0000:00:04.1: DMA-API: device driver maps memory fromstack [addr=ffff88006c80da01]
This is due to at76c50x-usb driver passing buffers allocated on the stack to
the USB layer, that attempts DMA. This occurs is several places.
This patch fixes the problem by allocating those buffers via kmalloc.
Since this adds some kfree() before leaving a couple of functions, I caught the
occasion to clean-up the exit path on error.
Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The commit "ath9k: fix possible hang on flush" changed the receive code
to always link rx descriptors of processed frames, even when flushing.
In some cases, this leads to flushed rx buffers being passed to the
hardware while rx is already stopped.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Make DFS pulse interval calculation independent
from CONFIG_ATH9K_DEBUGFS.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since the rsi_create_kthread interface does not include any format
string arguments, make sure that the resulting thread name can never
accidentally process the name as a format string.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mark new interfaces as idle to allow operations that require that
interfaces are idle to take place. Interface types that are always
not idle (like AP interfaces) will be set as not idle when they are
assigned a channel context.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Emmanuel Grumbach<emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
During strong signal fluctuations under high throughput, few consecutive
failed A-MPDU transmissions can easily trigger packet loss notification,
and thus (in AP mode) client disconnection.
Reduce the number of false positives by checking the A-MPDU status flag
and treating a failed A-MPDU as a single packet.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Doing so will lead to an oops for a p2p-dev interface, since it has
no netdev.
Cc: stable@vger.kernel.org
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the rate control algorithm uses a selection table, it
is leaked when the station is destroyed - fix that.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Christophe Prévotaux <cprevotaux@nltinc.com>
Fixes: 0d528d85c5 ("mac80211: improve the rate control API")
Cc: stable@vger.kernel.org # v3.10+
[add commit log entry, remove pointless NULL check]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Generalize the power conversion from mW to dBm
using log. This should fix the below compilation
error for country NO which adds a new power value
2000mW which is not handled earlier.
CC [M] net/wireless/wext-sme.o
CC [M] net/wireless/regdb.o
net/wireless/regdb.c:1130:1: error: Unknown undeclared here (not in
a function)
net/wireless/regdb.c:1130:9: error: expected } before power
make[2]: *** [net/wireless/regdb.o] Error 1
make[1]: *** [net/wireless] Error 2
make: *** [net] Error 2
Reported-By: John Walker <john@x109.net>
Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com>
Acked-by: John W. Linville <linville@tuxdriver.com>
[remove unneeded parentheses, fix rounding by using %.0f]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Without this fix, freshly rebooted Linux creates a new IBSS
instead of joining an existing one. Only when jiffies counter
overflows after 5 minutes the IBSS can be successfully joined.
Signed-off-by: Krzysztof Hałasa <khalasa@piap.pl>
[edit commit message slightly]
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We're currently sending NEW_WIPHY events for renames (which
is a bit odd, but now can't be changed), but also send them
for really new devices that register.
Also send DEL_WIPHY events when a device is removed, the
event ID for this was already reserved.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the commit below, cfg80211_chandef_dfs_required()
will warn if it gets a an NL80211_IFTYPE_UNSPECIFIED iftype
as explicitely written in the commit log.
When an virtual monitor interface is added, its type is set
in ieee80211_sub_if_data.vif.type, but not in
ieee80211_sub_if_data.wdev.iftype which is passed to
cfg80211_chandef_dfs_required() hence resulting in the
following warning:
WARNING: CPU: 1 PID: 21265 at net/wireless/chan.c:376 cfg80211_chandef_dfs_required+0xbc/0x130 [cfg80211]()
Modules linked in: [...]
CPU: 1 PID: 21265 Comm: ifconfig Tainted: G W O 3.13.11+ #12
Hardware name: Dell Inc. Latitude E6410/0667CC, BIOS A01 03/05/2010
0000000000000009 ffff88008f5fdb08 ffffffff817d4219 ffff88008f5fdb50
ffff88008f5fdb40 ffffffff8106f57d 0000000000000000 0000000000000000
ffff880081062fb8 ffff8800810604e0 0000000000000001 ffff88008f5fdba0
Call Trace:
[<ffffffff817d4219>] dump_stack+0x4d/0x66
[<ffffffff8106f57d>] warn_slowpath_common+0x7d/0xa0
[<ffffffff8106f5ec>] warn_slowpath_fmt+0x4c/0x50
[<ffffffffa04ea4ec>] cfg80211_chandef_dfs_required+0xbc/0x130 [cfg80211]
[<ffffffffa06b1024>] ieee80211_vif_use_channel+0x94/0x500 [mac80211]
[<ffffffffa0684e6b>] ieee80211_add_virtual_monitor+0x1ab/0x5c0 [mac80211]
[<ffffffffa0686ae5>] ieee80211_do_open+0xe75/0x1580 [mac80211]
[<ffffffffa0687259>] ieee80211_open+0x69/0x70 [mac80211]
[snip]
Fixes: 00ec75fc5a ("cfg80211: pass the actual iftype when calling cfg80211_chandef_dfs_required()")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Acked-by: Luciano Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In some cases, when the driver is already using all the channel
contexts it can handle at once, we have to do an in-place switch
(ie. we cannot afford using an extra context temporarily for the
transaction). But some drivers may not support switching the channel
context assigned to a vif on the fly (ie. without unassigning and
assigning it) while others may only work if the context is changed on
the fly, without unassigning it first.
To allow these different scenarios, add a new driver operation that
let's the driver decide how to handle an in-place switch.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
On the mgmt level we have a key type parameter which currently accepts
two possible values: 0x00 for unauthenticated and 0x01 for
authenticated. However, in the internal struct smp_ltk representation we
have an explicit "authenticated" boolean value.
To make this distinction clear, add defines for the possible mgmt values
and do conversion to and from the internal authenticated value.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Fixes the following warning:
CC drivers/net/wireless/mwifiex/tdls.o
drivers/net/wireless/mwifiex/tdls.c: In function ‘mwifiex_prep_tdls_encap_data’:
drivers/net/wireless/mwifiex/tdls.c:475:4: warning: passing argument 2 of ‘mwifiex_tdls_add_ht_oper’ discards ‘const’ qualifier from pointer target type [enabled by
default]
ret = mwifiex_tdls_add_ht_oper(priv, peer, 1, skb);
^
drivers/net/wireless/mwifiex/tdls.c:190:1: note: expected ‘u8 *’ but argument is of type ‘const u8 *’
mwifiex_tdls_add_ht_oper(struct mwifiex_private *priv, u8 *mac,
^
drivers/net/wireless/mwifiex/tdls.c:481:4: warning: passing argument 2 of ‘mwifiex_tdls_add_ht_oper’ discards ‘const’ qualifier from pointer target type [enabled by
default]
ret = mwifiex_tdls_add_ht_oper(priv, peer, 0, skb);
^
drivers/net/wireless/mwifiex/tdls.c:190:1: note: expected ‘u8 *’ but argument is of type ‘const u8 *’
mwifiex_tdls_add_ht_oper(struct mwifiex_private *priv, u8 *mac,
^
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On idle state, sleep timer is scheduled to put the chip into fullsleep.
But during suspend, this timer is scheduled after the chip is moved to
fullsleep forcibily. This is causing below unnecessary error messages
in kernel log during suspend.
ath: phy2: timeout (100000 us) on reg 0x806c: 0xdeadbeef & 0x01f00000
!= 0x00000000
ath: phy2: RX failed to go idle in 10 ms RXSM=0xdeadbeef
ath: phy2: DMA failed to stop in 10 ms AR_CR=0xdeadbeef AR_DIAG_SW=0xdeadbeef
DMADBG_7=0xdeadbeef
Reported-by: Arkh4mKn1ght <arkh4mkn1ght@gmail.com>
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The keycache index is used to abort transmission for given station
when it goes to sleep state. But the commit "ath9k_hw: Abort transmission
for sleeping station" is not handling multi-key station. Fix that.
Cc: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch adds handling of updating rx sequence number for
packets received from TDLS peer. Current implementation of
mwifiex_queueing_ra_based assumes station would always receive
packets from AP which is not true in case of TDLS.
Fix this by adding this case.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fixes an issue where AMSDU packets for TDLS link
would flow over infra link. This happened because we were
missing setting TDLS flag in TxPD on AMSDU packets.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If userspace application does not take care of TDLS teardown
event, TDLS link would be present in driver database and thus
driver would send such packets on direct link while peer has
already severed link causing data traffic failure. Disable TDLS
link upon teardown event so as to ensure this does not happen.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If TDLS link delete command fails because of non-existent peer
or TDLS peer is absent from driver's entry, it means link was
already deleted. In such case print debug messages with lower
severity.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In station role if TDLS is supported, we traverse TDLS peer list
to see if packet's destination address matches with TDLS peer.
Packets destined to AP are not sent over TDLS link and hence
avoid this list traversal for such packets.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
DFS pulse interval printing is only available
when CONFIG_ATH9K_DEBUGFS is set.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Broadcom hardware uses a bit tricky hw_value-s for 5 GHz channels,
values 184-228 are used for 4920-5140 MHz center frequencies. Normally
you expect channels 7-16 (e.g. 5060 MHz is channel 12, not 212). We never
meant to register hw_value 228 with freq 6140 MHz (5000 + 228 * 5).
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Nothing actually uses the return value yet, but we might as well
make it correct, like process_rxed_802_11_packet() does for the
same case. Also ensure that if monitor mode is enabled (and
thus process_rxed_802_11_packet() is called) that the debugging
enter/leave functions are balanced.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
I've met an endless (or at least very long) loop if I power down the usb
port on witch a usb wifi key is plugged.
(Ok, it's not very smart to power down a usb port when a usb key is in
used... but still, I think that should not lead to an endless loop).
I have a lot of:
ieee80211 phy1: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x0438 with error -71
(-71==-EPROTO)
How to reproduce:
- plug an usb wifi key
- ip link set wlan0 up
- hub-ctrl -b usb_bus -d usb_device -P usb_port -p 0
hub-ctrl source: https://github.com/codazoda/hub-ctrl.c/blob/master/hub-ctrl.c
The following patch prevents the endless loop, but I'm really not sure
that The Right Way To Do It (R)
Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
carl9170_usb_probe() does not handle request_firmware_nowait() failure
that leads to several leaks in this case.
The patch adds all required deallocations.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This is the NFC pull request for 3.16. We have:
- STMicroeectronics st21nfca support. The st21nfca is an HCI chipset and
thus relies on the HCI stack. This submission provides support for tag
redaer/writer mode (including Type 5) and device tree bindings.
- PM runtime support and a bunch of bug fixes for TI's trf7970a.
- Device tree support for NXP's pn544. Legacy platform data support is
obviously kept intact.
- NFC Tag type 4B support to the NFC Digital stack.
- SOCK_RAW type support to the raw NFC socket, and allow NCI
sniffing from that. This can be extended to report HCI frames and also
proprietarry ones like e.g. the pn533 ones.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTepRlAAoJEIqAPN1PVmxKnF0P/RvfrZs6CbGNJC+dkEbk90p1
nsngy4+4MmPwJYVzObnLz4Br0k1kmFKiOKske6drjMpgzDWeuQelw3B7bd3FYfxD
YkQsc5RC984xrDoDH5pn8mA6VJqmn7whrmcibTYAixrDqTvo8gw6uja4ryAnSdZm
n7cRbh/A5F/sa7O4mPA0bCTdp4jAS/vOP9rGFDOth/b5yJVs99XmC+AZp/Ad9BUx
+/osWGmBV5jshtX7aPTSxIQB4BUaP/lP1DW8yF5whKDjsHC9QyJcAtw9HfZ4tv2h
YNteZZ8yjM+rSjnDw/LvDc2Gp8Z8P1GYf8D3QN3cWhw1ZvXi7CnqKjEnm41sbfaH
L5esIfsRBUdmk6Ika7zALqmOQFI3PzH+ag96punl29qb2gyBDRSnXKVLirv3xxFG
h7vYtQL43Rosn/4pSilRbYReRwyKbSCxW3un/tUJy0Faafs6q+9oMC2aWbIfTT6l
40n4H9EmzYy2OaaXSFckiIIYYgVDAji8GLXTf+dPHb+NrH3QQOR3m27WzHc4rmYk
kUrv0lKoFswA+VLlIcJTrSKNF21FDjwuImzIWiPz6Fx/+rWJ0b4GlQyIynD72LpR
2LkUhTrxuRuRtxVCtvTdkPlL6Bdp3HO7t4qZ0EirgnpmGK6NScBgABoqFJSbz9uS
UUvZbHVIjLrDU9zzoyz8
=cSl+
-----END PGP SIGNATURE-----
Merge tag 'nfc-next-3.16-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz <sameo@linux.intel.com> says:
"NFC: 3.16: First pull request
This is the NFC pull request for 3.16. We have:
- STMicroeectronics st21nfca support. The st21nfca is an HCI chipset and
thus relies on the HCI stack. This submission provides support for tag
redaer/writer mode (including Type 5) and device tree bindings.
- PM runtime support and a bunch of bug fixes for TI's trf7970a.
- Device tree support for NXP's pn544. Legacy platform data support is
obviously kept intact.
- NFC Tag type 4B support to the NFC Digital stack.
- SOCK_RAW type support to the raw NFC socket, and allow NCI
sniffing from that. This can be extended to report HCI frames and also
proprietarry ones like e.g. the pn533 ones."
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Channels in 2.4GHz band overlap, this means that if we
send a probe request on channel 1 and then move to channel
2, we will hear the probe response on channel 2. In this
case, the RSSI will be lower than if we had heard it on
the channel on which it was sent (1 in this case).
The firmware / low level driver can parse the channel in
the DS IE or HT IE and compensate the RSSI so that it will
still have a valid value even if we heard the frame on an
adjacent channel. This can be done up to a certain offset.
Add this offset as a configuration for the low level driver.
A low level driver that can compensate the low RSSI in this
case should assign the maximal offset for which the RSSI
value is still valid.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The power update function looks at all current vifs to determine the power
policy. It doesn't use the current vif. Instead the value was overwritten
and used internally.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This was not used is unlikely to be used, just kill it.
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
I forgot to disable the reduced Tx power in a few paths.
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
In some cases, we need to force the association to be off in the
MAC_CONTEXT_CMD command we send to the firmware. Instead of having to
hack the vif->bss_conf.assoc value, pass it all the way down the call
chain.
Additionally, for the iwl_mvm_mac_ctxt_add() case, we *always* set
forced_assoc_off to true, so we can remove the hack in the d3 code
that was forcing it to off by hacking the bss_conf.assoc value.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Enabling beacon filtering should be done only after a beacon
has been received. Doing that too early will cause
disconnections.
This has already been fixed, but the fix didn't take care
about the case where the beacon is received after the
association, it waited only for association which is not
enough.
Signed-off-by: Avri Altman <avri.altman@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>