RSSI value is provided on word3 not on word2.
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The regression was introduced in the following commit:
0967e01e8e
"ath5k: make use of the new rate control API"
ath5k_tx_frame_completed saves the intended per-rate retry counts before
they are cleared by ieee80211_tx_info_clear_status, however at this
point the information in info->status.rates is incomplete.
This causes significant throughput degradation and excessive packet loss
on links where high bit rates don't work properly.
Move the copy from bf->rates a few lines up to ensure that the saved
retry counts are updated, and that they are really cleared in
info->status.rates after the call to ieee80211_tx_info_clear_status.
Cc: stable@vger.kernel.org # 3.10+
Cc: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Cc: Benjamin Vahl <bvahl@net.t-labs.tu-berlin.de>
Reported-by: Ben West <ben@gowasabi.net>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Acked-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since we set IEEE80211_HW_QUEUE_CONTROL, we can let
mac80211 do the queue assignement and don't need to
override its decisions.
While reassiging the same values is harmless of course,
it triggered a WARNING when iwlwifi and mac80211 came
to different conclusions. This happened when mac80211 set
IEEE80211_TX_CTL_SEND_AFTER_DTIM, but didn't route the
packet to the cab_queue because no stations were asleep.
iwlwifi should not override mac80211's decicions for
offchannel packets and packets to be sent after DTIM,
but it should override mac80211's decision for AMPDUs
since we have a special queue for them. So for AMPDU,
we still override info->hw_queue by the AMPDU queue.
This avoids:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2531 at drivers/net/wireless/iwlwifi/dvm/tx.c:456 iwlagn_tx_skb+0x6c5/0x883()
Modules linked in:
CPU: 0 PID: 2531 Comm: hostapd Not tainted 3.12.0-rc5+ #1
Hardware name: /D53427RKE, BIOS RKPPT10H.86A.0017.2013.0425.1251 04/25/2013
0000000000000000 0000000000000009 ffffffff8189aa62 0000000000000000
ffffffff8105a4f2 ffff880058339a48 ffffffff815f8a04 0000000000000000
ffff8800560097b0 0000000000000208 0000000000000000 ffff8800561a9e5e
Call Trace:
[<ffffffff8189aa62>] ? dump_stack+0x41/0x51
[<ffffffff8105a4f2>] ? warn_slowpath_common+0x78/0x90
[<ffffffff815f8a04>] ? iwlagn_tx_skb+0x6c5/0x883
[<ffffffff815f8a04>] ? iwlagn_tx_skb+0x6c5/0x883
[<ffffffff818a0040>] ? put_cred+0x15/0x15
[<ffffffff815f6db4>] ? iwlagn_mac_tx+0x19/0x2f
[<ffffffff8186cc45>] ? __ieee80211_tx+0x226/0x29b
[<ffffffff8186e6bd>] ? ieee80211_tx+0xa6/0xb5
[<ffffffff8186e98b>] ? ieee80211_monitor_start_xmit+0x1e9/0x204
[<ffffffff8171ce5f>] ? dev_hard_start_xmit+0x271/0x3ec
[<ffffffff817351ac>] ? sch_direct_xmit+0x66/0x164
[<ffffffff8171d1bf>] ? dev_queue_xmit+0x1e5/0x3c8
[<ffffffff817fac5a>] ? packet_sendmsg+0xac5/0xb3d
[<ffffffff81709a09>] ? sock_sendmsg+0x37/0x52
[<ffffffff810f9e0c>] ? __do_fault+0x338/0x36b
[<ffffffff81713820>] ? verify_iovec+0x44/0x94
[<ffffffff81709e63>] ? ___sys_sendmsg+0x1f1/0x283
[<ffffffff81140a73>] ? __inode_wait_for_writeback+0x67/0xae
[<ffffffff8111735e>] ? __cache_free.isra.46+0x178/0x187
[<ffffffff811173b1>] ? kmem_cache_free+0x44/0x84
[<ffffffff81132c22>] ? dentry_kill+0x13d/0x149
[<ffffffff81132f6f>] ? dput+0xe5/0xef
[<ffffffff81136e04>] ? fget_light+0x2e/0x7c
[<ffffffff8170ae62>] ? __sys_sendmsg+0x39/0x57
[<ffffffff818a7e39>] ? system_call_fastpath+0x16/0x1b
---[ end trace 1b3eb79359c1d1e6 ]---
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Integers need to be multiplied before division.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The fw_rx_stats entry in debugfs was getting truncated because the
internal buffer used to hold the string was too short. The
calculation of the needed buffer size was rather bogus.
Simplify the calculation by multiplying the number of entries in the
entire structure by the size of each data line and adding the size of
the header lines.
Additionally, add the mac_id value, which was missing.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The activity grading indication from the firmware should
not be used in this case, but the bt_status in the firwmare
notification.
Fix that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The firmware always expects the Coex Mode to be set.
Moreover, the firmware expects bit 0 is the valid bits to
be set all the times.
I misunderstood the API and didn't set these bits when
commands are sent to update the paramters of the Coex. As
a result, the firmware understood that the BT Coex was
disabled (Coex mode = 0) and ignored all the updates (valid
bit 0 clear).
Fix that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Section size limitation to 6000 is incorrect.
NVM file need to support bigger sections in order
to support PAPD tables.
Signed-off-by: Idan Kahlon <idanx.kahlon@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Maor Perez <maorx.perez@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When the remote LE device is blocked, then do not create a L2CAP
channel for it. Without a channel, all packets for that connection
will be dropped.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
When the HCI connection hcon is already dereferenced, then use hcon
directly instead of conn->hcon.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The old blacklist ioctl interface was only able to operate on BR/EDR
addresses. So use the BDADDR_BREDR address type definition instead
of an open coded magic 0 value.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Old user space versions bind the Attribute Protocol socket to
BDADDR_BREDR when they should be using BDADDR_LE_PUBLIC or
BDADDR_LE_RANDOM. The kernel recently introduced stricter checks on the
socket parameters but we need to punch this hole for old user space
versions to keep them working.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Move the debugfs configuration directly into hci_core.c and only expose
it when the controller actually support BR/EDR sniff power saving mode.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The address type is important for the blacklist entries. So include
it at well.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The device_add handling can be done directly in hci_register_dev and
device_remove within hci_unregister_dev.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Create the root Bluetooth debugfs directory during module init
and remove it on module exit.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Create the debugfs directory for each HCI device directly in
hci_register_dev function and remove it during hci_unregister_dev.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make sure to use IS_ERR_OR_NULL for checking the existing of the root
debugfs dentry bt_debugfs.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The uuids debugfs should only be created together with the other
entries after the setup procedure has been finished.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The blacklist debugfs should only be created together with the other
entries after the setup procedure has been finished.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The device blacklist is not taking care of the address type. Actually
store the address type in the list entries and also use them when
looking up addresses in the table.
This is actually a serious bug. When adding a LE public address to
the blacklist, then it would be blocking a device on BR/EDR. And this
is not the expected behavior.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
For easier debugging of the current voice setting, expose the value
in debugfs if the controller is BR/EDR capable.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
For LE capable controllers, the static address can be configured. For
debugging purposes expose the value in debugfs.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The auto_accept_delay debugfs entry is only valid for BR/EDR capable
controllers that also support SSP. If SSP is not available or it is
a LE-only single mode controller this value has no affect and so do
not expose it.
Since the value can be actually changed, switch the permissions
to 0644 to clearly indicate that the value is indeed writeable.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Some APs (notably a Sitecom WL-153 v1 with firmware 1.45) are sending
invalid WMM parameters setting AIFSN, ECWmin and ECWmax to zero. The
spec mandates that the value of AIFSN is at least 2, and some cards
(e.g. Intel with the iwldvm driver) can't transmit when the invalid
QoS parameters are actually uploaded to the firmware.
Since there's little chance of being able to guess the values that
the AP actually meant, disable WMM if such an invalid case is found.
Since ECWmin/ECWmax are allowed to be zero, only verify AIFSN >= 2
and ECWmin <= ECWmax.
Reviewed-by: Eliad Peller <eliad@wizery.com>
Reported-by: Antonio Quartulli <antonio@meshcoding.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The inquiry_cache debugfs entry is only valid for BR/EDR capable
controllers. In case of single mode LE-only controllers that
entry is not valid.
Move the creating of the debugfs entries to the end of controller
init and only create the inquiry_cache entry if BR/EDR is actually
supported.
At the same time this avoids creating any debugfs entries for
AMP controllers since none of the entries are valid there.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The L2CAP socket parameter for CID are actually provided in little
endian. So convert our constants into little endian before comparing
them.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
There is no need to use a timer since the entire Bluetooth subsystem
runs using workqueues these days.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Since the entire Bluetooth subsystem runs in workqueues these days there
is no need to use a timer for deferring work.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Right now we do not allow user space to use connection oriented channels
on LE, and the only CID that can be used is the Attribute Protocol one.
These restrictions went away together with the recent refactoring of the
L2CAP code, but this patch puts them back to their appropriate places.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This function should be operating on scan_rsp_data_len and scan_rsp_data
and not the advertising data variables.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
ath10k_wmi_cmd_send() will now sleep if there are no credits available.
To make it easier to catch callers in atomic context add might_sleep()
to the function.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
ath10k_bss_assoc() was calling ath10k_peer_assoc(), which can sleep, under
atomic rcu_read_lock() and causing scheduing while atomic errors. Workaround
that by delaying the call to ath10k_wmi_peer_assoc().
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
mac80211 interface iteration functions that were
used originally iterated over interfaces that
weren't re-added to the driver during recovery.
Since internal vif list is now used it's safe to
remove the safe-guard as internal vif list is
based on add/remove_interface function which
guarantees that vdev is created in FW before it is
iterated over.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Recent HTC/WMI changes introduced the bug. ath10k
was using _atomic iteration function with
sleepable functions.
mac80211 provides another iteration function but
it cannot be safely called in hw_config() callback
due to local->iflist_mtx being possibly acquired
already.
The patch uses internal vif list for iteration
purposes and removes/refactors no longer necessary
_iter functions.
Reported-By: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
mac80211 interface interations functions have
peculiar locking issues. This patch introduces
internal (to ath10k) vif list that will be used
for vif iteration purposes.
kvalo: remove extra INIT_LIST_HEAD()
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
If something failed along add_interface() setup it
was possible to leak a vdev id, vdev and peer.
This could end up with leaked FW state or FW crash
(assuming add_interface() failure wasn't a result of
a crash).
kvalo: rebased, whitespace fixes
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Recent WMI/HTC changes made it possible for WMI
commands to sleep (if there's not enough HTC TX
credits to submit a command). TX path is in an
atomic context so calling WMI commands in it is
wrong.
This simply moves WEP key index update to a worker
and fixes the 'scheduling while atomic' bug.
This still leaves multiple WEP key handling laggy,
i.e. some frames may be TXed with an old/different
key (although recipient should still be able to RX
them).
kvalo: changed the title
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This seems to be a left-over. The module parameter enable_hs has
been removed, but its extern declaration is still present. It is
not needed anymore, so just remove it.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Return -EOPNOTSUPP if given parameter is not supported by firmware.
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Rename WMI_CMD_UNDEFINED to WMI_CMD_UNSUPPORTED. This is more
accurate here. Also return -EOPNOTSUPP instead of -EINVAL in
wmi_cmd_send().
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
10.X firmware does not support WMI_VDEV_PARAM_TX_ENCAP_TYPE.
It's a known limitation and we should not warn about this.
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The SMP CID is only defined for LE transports. Instead of returning an
error from smp_sig_channel() in this case (which would cause a
disconnection) just return 0 to ignore the data, which is consistent
with the behavior for other unknown CIDs.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
The A2MP CID is only valid for BR/EDR transports. We should ignore A2MP
data on non-BR/EDR links and refuse to create an amp_mgr object.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Now that the only reason code this function can return is
L2CAP_REJ_NOT_UNDERSTOOD we can just do the necessary assignment without
needing a separate function at all.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
There is no command handler that would return an EMSGSIZE error, so just
remove this mapping from the l2cap_err_to_reason function.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
When the reason code in the L2CAP command reject is "invalid CID" there
should be four additional bytes of data in the PDU, namely the source
and destination CIDs (which should be zero if one or both are not
applicable). This patch fixes all occurrences of such errors to return
the right kind of PDU.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
