The channel switch command for 6000 series devices
is larger than the maximum inline command size of
320 bytes. The command is therefore refused with a
warning. Fix this by allocating the command and
using the NOCOPY mechanism.
Cc: stable@kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Before Emmanuel's change to use a copy of the command
("iwlwifi: get the correct HCMD in the response handler")
the iwl_add_sta_callback() function would have used a
random pointer to somewhere when processing responses
to an async command, while that wasn't valid data it
was at least a valid pointer. Now, the pointer will be
NULL in this case, thus crashing.
Fix this by exiting the function early if no command
is passed back which means it was sent asynchronously.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of memcpy() from a static array, just use
the new helper function eth_broadcast_addr().
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of allocating one big chunk of DMA-coherent
memory for the firmware and keeping it around, only
vmalloc() the firmware and copy it into a single
page of DMA-coherent memory for the upload.
The advantage is that we don't need DMA memory for
the firmware image that is stored while the driver
is operating, we only need it while uploading.
This will make it easier for the driver to work if
the system has fragmented memory.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the firmware will give us an A-MPDU bit and
only a single PHY information packet for all the
subframes in an A-MPDU, we can easily report the
minimal A-MPDU information for radiotap.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The device only supports a maximum of three
antennas, and only three bits are used, the
fourth bit is the A-MPDU indicator.
The only consequence of this is reporting
invalid information in radiotap, so this
isn't an important change.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the device is not started, we can't read its
SRAM and attempting to do so will cause issues.
Protect the debugfs read.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When unregistered with mac80211, we can't call its functionality
for FW restart, so avoid it and prevent automatic FW restart for
the init firmware.
Signed-off-by: Amit Beka <amit.beka@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's a bug that causes the rate scaling to get stuck
when it has to use single-stream rates with a peer that
can do GF and SGI; the two are incompatible so we can't
use them together, but that causes the algorithm to not
work at all, it always rejects updates.
Disable greenfield for now to prevent that problem.
Cc: stable@vger.kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Tested-by: Cesar Eduardo Barros <cesarb@cesarb.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Remove the control.sta pointer from ieee80211_tx_info to free up
sufficient space in the TX skb control buffer for the upcoming
Transmit Power Control (TPC).
Instead, the pointer is now on the stack in a new control struct
that is passed as a function parameter to the drivers' tx method.
Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Signed-off-by: Alina Friedrichsen <x-alina@gmx.net>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
[reworded commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Due to the way the PAN parameters are set up, the
maximum duration isn't 1000 but much lower, set it
to 500 which is safe (somewhere around 550 might
be possible.)
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Until now, the response handler of a Host Command got the
exact same pointer that was also given to the DMA engine.
We almost never need to the Host Command that was sent while
handling its response, but when we do need it, we see that
the command has been modified.
This mystery has been elucidated. The FH (our DMA engine)
writes its meta data on the buffer in the DRAM. Of course it
copies the buffer to the NIC first. This was known to happen
for Tx command, but as a matter of fact, it happens to all
TFD brought by the FH which doesn't care much about what it
brings from DRAM to internal SRAM.
So copy the Host Command to yet another buffer so that we
can properly pass the buffer that was sent originally to the
fw. Do that only if it was request by the user since very
few flows need to get the HCMD sent in the response handler.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Align the code to inside the WARN_ON() as it should.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The generic part of the driver now creates all debugfs
directories. It creates a root directory directly in
the the root of the debugfs filesystem and within that
directories for each device, named after the device ID
of the devices iwlwifi is attached to.
In the cfg80211/mac80211 directory there's now a link
to the toplevel iwlwifi debugfs directory to make it
easier to find the debugfs files.
Signed-off-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If registration with mac80211 fails, stop the thermal
throttling and testmode work that were previously started.
Signed-off-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some drivers (iwlegacy, iwlwifi and rt2x00) today use the
bss_conf.last_tsf value. By itself though that value is
completely worthless since it may be ancient. What really
is needed is synchronisation between some device time and
the TSF.
To clarify this, rename bss_conf.last_tsf to sync_tsf and
add sync_device_ts which is obtained from rx_status which
gets a new field device_timestamp for this purpose. This
is intentionally not using the mactime field since that
is used for other things and in IBSS is expected to sync
with the IBSS's TSF which isn't necessarily true for the
device timestamp.
Also, since we have the information and it's useful even
before the connection has been established, give all the
timing details to the driver before authenticating.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Newer devices use 32 bit for boost register,
set the correct value for it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Remove this dead code, it is unused for device newer than
4965.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
'echo 1 > log_event' generates the bogus "MAC is in deep sleep"
or "Timeout waiting for hardware access" log messages when
the interface is down, we should just disallow accessing the
device through debugfs when it is down.
Signed-off-by: Richard A. Griffiths <richardx.a.griffiths@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The dwell time for scanning is currently limited
so that it fits into the timings inside the ucode
when that is tracking DTIM/beacon periods for the
AP(s) it's connected to.
However, when it's connected to two APs, those
may be in lockstep, for example if they both have
a DTIM interval of 100 TU, then one could be 50
TU after the other, leaving only 50 TU free to
be used by scanning.
Since we can't know how far apart they are the
only option is to restrict to 1/2 of the minium
of the two APs.
In theory, it would be possible to not use 1/2 of
the minimum but take into account that if they
have different intervals then there will be a bit
more time since they can't be in lockstep, but as
they will have 100 TU intervals in practice that
complex calculation will probably just result in
hard-to-find bugs.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the op_mode defines the queue mapping, let it do it
completely through the API functions.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Currently when mac80211 asks to change the interface
type, we will accept it for both the BSS and PAN
contexts. This is not terribly complicated today,
but with the addition of the P2P Device abstraction
the PAN context handling will get more complex, so
restrict mac_change_interface to the BSS context.
Also fix a small locking issue and use is_active
instead of the vif pointer to check if the other
context is activated, guarding exclusive interface
types on the BSS context (IBSS) against the PAN
context being used for something else.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When the first interface is active, then scanning
on it or the second interface can take a little
longer than 7s (I observed around 8s.) Bump the
timeout to 15s to avoid aborting a scan that is
still running, just taking more time.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
My previous commit to shorten the radio reset time
caused issues as the firmware checks the active
dwell time against the quiet time, asserting that
the dwell is >= quiet time. This isn't really
needed in case of passive scanning like here, but
of course we need to pass that check.
To fix this, override the quiet time to be the
same as the radio reset dwell time.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Now that the eeprom parsing code overrides the sku
field directly with 11n_disable parameters, there's
no longer a need to keep a copy of this field.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The effect of using a short single-channel scan
to reset the radio is that scanning a channel
that isn't in use needs to re-tune the radio.
This means that the dwell time is irrelevant,
so use a shorter time.
While at it, clean up the code for this a bit.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When the device is doing an internal radio reset
scan, ROC can be rejected to the supplicant with
busy status which confuses it.
One option would be to queue the ROC and handle
it later, but since the radio reset scan is very
quick we can just wait for it to finish instead.
Also add a warning since we shouldn't run into
the case of having a scan active when requesting
a ROC in any other case since mac80211 will not
scan while ROC or ROC while scanning.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This feature needs to be disabled for all NICs.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This flow can actually happen due to a corner case in
mac80211: the station is deleted before we get a chance
to reclaim all the packets in flight in AGG queue.
The tid_data for this station is zeroed, and we lose
the match with the Tx queue.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
CMD_SYNC is zero so the if (cmd->flags & CMD_SYNC) is never true and we
never check the assertion.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Using the driver_data area in ieee80211_tx_info which
resides in the CB overrides the info->control field.
Add a comment to prevent mistakes.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Change its name to better reflect this.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This macro gets the bufsize in bytes.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The iwl-test flows were based on the cfg80211 testmode APIs.
To remove this coupling, the op mode (during the initialization
of the iwl_test object) is responsible to set the callbacks that
should be used by iwl-test to allocate skbs for events and replies
and to send events and replies.
The current op modes implement these callbacks based on the cfg80211
testmode APIs.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Create an object that will enacpsulate the testmode functionality
that is common to all op modes.
* Copy definitions from dvm/dev.h
* Copy the testmode logic from dvm/testmode.c
* Link iwl-test object into the iwlwifi module
* Modify DVM to use iwl-test object
Reviewed-by: Amit Beka <amit.beka@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's no need to declare the opmode ops
as extern since they're now dynamically
registered.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the RF config is done for all devices,
there's no need to keep a separate function
that is called for all devices, move it into
the general NIC config function.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Wey-Yi W Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>