wrqu->encoding.length comes from the network administrator. It's
size u16. We want to limit "tocopy" to the smallest value of either
"len_keys", "wrqu->encoding.length" or 100. But because .length
gets cast from u16 to u8 we might use a random, smaller value than
the was desired. It's probably not very serious, but we may as well
fix it.
Btw, this is from code auditing and not from testing. I don't know
if this affects anyone in real life.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When we cancel a scan, the completion runs
only from the workqueue. This can cause the
remain-on-channel scan to fail when another
one was just canceled, because we're still
aborting it.
To fix this, run the completion inline with
the lock still held before returning from
iwl_scan_cancel_timeout().
Also, to avoid the scan complete work from
completing a new scan prematurely, add a
new STATUS_SCAN_COMPLETE bit.
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Tested-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
To make the next patch easier to read, move
the function up, it'll be needed earlier in
this file in the next patch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
We'll need to be able to run scan complete
inline, not from the workqueue, so refactor
it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The return value of iwl_scan_cancel_timeout()
isn't used anywhere, so let's just remove it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Only 5150 series devices report their temperature
in Kelvin, and for those we already convert it to
Celsius when storing into priv->temperature, so
there's no way priv->temperature will ever be in
Kelvin. Remove support for this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When an AP mode interface is added with a DTIM
period of two, the slot programming is wrong.
Fix it by taking into account the DTIM period.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If iwl_scan_initiate() fails for any reason,
priv->scan_request and priv->scan_vif are left
dangling. This can lead to a crash later when
iwl_bg_scan_completed() tries to run a pending
scan request.
In practice, this seems to be very rare due to
the STATUS_SCANNING check earlier. That check,
however, is wrong -- it should allow a scan to
be queued when a reset/roc scan is going on.
When a normal scan is already going on, a new
one can't be issued by mac80211, so that code
can be removed completely. I introduced this
bug when adding off-channel support in commit
266af4c745.
Cc: stable@kernel.org [3.0]
Reported-by: Peng Yan <peng.yan@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
As everybody knows kcalloc checks the multiplication is safe and
that we don't run into overflow.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In the current code, the rate scaling isn't fed with
statistics from the BA notifications.
This is since my patch:
iwlagn: reclaim the packets in transport layer
Fix that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Add debugging to show the status of probe in scan notification
to help debug probe related issues
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since all the queue logic has been moved to the transport layer,
the sequence number is set in the transport layer.
While doing that I forgot that the mac header is copied to the
TB of the TX cmd in the upper layer before the call to the transport
layer. So basically we used the sequence number from mac80211...
This was fine for the first assocation but after the second, mac80211
resets its counters while we don't hence a shift that led to terrible
impact on performance.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since priv->temperature is signed, we cannot use debugfs_create_u32
to refer to it.
Use a regular debugfs file instead.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Txid was used without being initialized.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
After 'ath9k: optimize ath9k_ps_restore', it would only send the device to
network sleep and not to full sleep anymore, potentially causing more
battery drain.
Reported-by: Vivek Natarajan <nataraja@qca.qualcomm.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
After handling command response, cmd skb is inserted into command
free queue(which keeps track of availabile skbs) for reuse purpose.
Skb length is not getting reset to zero here. This patch takes care
of it.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ieee80211_channel_to_frequency() routine expects band parameter in
the form of "enum ieee80211_band band". Currently driver specific
band (BAND_A, BAND_AN etc.) is passed to the routine.
This patch makes sure that correct parameter is passed.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In recent commit "mwifiex: use cfg80211 dynamic scan..."
(7c6fa2a843..) scan table handling in driver is removed to
make use of cfg80211 dynamic scan table. Now driver sends
beacon buffers found in scanning directly to stack and parse
the buffer for requested BSS only during association.
Beacon buffer doesn't contain bss band information. Driver
gets it from firmware in separate tlv (chan_band_tlv).
Currently since we don't inform stack about bss bandinfo,
there is an issue with 5GHz association.
Use "priv" field of struct cfg80211_bss to store bandinfo.
This fixes 5GHz association issue.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sometimes association in 5GHz doesn't work. Dmesg log shows
"Can not find requested SSID xyz" error message. Currently
while preparing scan channel list for firmware Null entries
are created for disabled channels. The routine which retrieves
this list ignores channels after Null entry. Hence sometimes
driver doesn't scan the channel of requested AP and association
fails. The issue is fixed by avoiding those NULL entries.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When scanning for the broadcast SSID, there is no need to add the
SSID TLV (restoring the behaviour of the driver behaviour in the wext
days, confirmed in Marvell specifications).
If bssid is unspecified, the current scan code will usually fire off an
active scan probing for the specific requested SSID. However, if a scan
is ongoing (or has just finished), those scan results will be used
instead (even if that scan is totally different, e.g. a passive scan on
channel 4 for a different SSID). Fix this inconsistency by always
firing off a scan when associating without a bssid.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
TSF can be kept per vif.
Add ieee80211_vif param to set/get/reset_tsf, and move
the debugfs entries to the per-vif directory.
Update all the drivers that implement these callbacks.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
this represents the bitmap of block ACK received after the
successful transmission of an aggregate frame. also made few
changes to beautify the display
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
proper dma_unmapping and freeing of skb's has to be done in the rx
cleanup for EDMA chipsets when the device is unloaded and this also
seems to address the following warning which shows up occasionally when
the device is unloaded
Call Trace:
[<c0148cd2>] warn_slowpath_common+0x72/0xa0
[<c03b669c>] ? dma_debug_device_change+0x19c/0x200
[<c03b669c>] ? dma_debug_device_change+0x19c/0x200
[<c0148da3>] warn_slowpath_fmt+0x33/0x40
[<c03b669c>] dma_debug_device_change+0x19c/0x200
[<c0657f12>] notifier_call_chain+0x82/0xb0
[<c0171370>] __blocking_notifier_call_chain+0x60/0x90
[<c01713bf>] blocking_notifier_call_chain+0x1f/0x30
[<c044f594>] __device_release_driver+0xa4/0xc0
[<c044f647>] driver_detach+0x97/0xa0
[<c044e65c>] bus_remove_driver+0x6c/0xe0
[<c029af0b>] ? sysfs_addrm_finish+0x4b/0x60
[<c0450109>] driver_unregister+0x49/0x80
[<c0299f54>] ? sysfs_remove_file+0x14/0x20
[<c03c3ab2>] pci_unregister_driver+0x32/0x80
[<f92c2162>] ath_pci_exit+0x12/0x20 [ath9k]
[<f92c8467>] ath9k_exit+0x17/0x36 [ath9k]
[<c06523cd>] ? mutex_unlock+0xd/0x10
[<c018e27f>] sys_delete_module+0x13f/0x200
[<c02139bb>] ? sys_munmap+0x4b/0x60
[<c06547c5>] ? restore_all+0xf/0xf
[<c0657a20>] ? spurious_fault+0xe0/0xe0
[<c01832f4>] ? trace_hardirqs_on_caller+0xf4/0x180
[<c065b863>] sysenter_do_call+0x12/0x38
---[ end trace 16e1c1521c06bcf9 ]---
Mapped at:
[<c03b7938>] debug_dma_map_page+0x48/0x120
[<f92ba3e8>] ath_rx_init+0x3f8/0x4b0 [ath9k]
[<f92b5ae4>] ath9k_init_device+0x4c4/0x7b0 [ath9k]
[<f92c2813>] ath_pci_probe+0x263/0x330 [ath9k]
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Driver rtl8192cu assigns a new struct rtl_tcb_desc object, but fails to
clear it.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@kernel.org> [2.6.39+]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If iwl_scan_initiate() fails for any reason,
priv->scan_request and priv->scan_vif are left
dangling. This can lead to a crash later when
iwl_bg_scan_completed() tries to run a pending
scan request.
In practice, this seems to be very rare due to
the STATUS_SCANNING check earlier. That check,
however, is wrong -- it should allow a scan to
be queued when a reset/roc scan is going on.
When a normal scan is already going on, a new
one can't be issued by mac80211, so that code
can be removed completely. I introduced this
bug when adding off-channel support in commit
266af4c745.
Cc: stable@kernel.org [3.0]
Reported-by: Peng Yan <peng.yan@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Use the AP_MAX_LINKS as the upper boundary for traversing the links array,
thereby guaranteeing BA sessions with all connected STAs are stopped when
the stop_ba event is received.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Fix an erroneous labeling of array boundaries in the fw_status structure.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Save the configured bitrate, and use the min allowed rate
as the basic rate (e.g. when scanning).
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
If a hidden SSID is requested, generate a probe response template
containing the real SSID.
Depends on the patch "mac80211: add ssid config to bss information
in AP-mode".
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
On roaming, the auth and assoc req are sent with the sta
hlid. This is wrong, as the sta hlid is configured according
to the old ap. Use the dev_hlid instead.
Move the wl1271_tx_update_filters() call into wl1271_tx_get_hlid(),
so wl->dev_hlid will be valid.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
There is a race condition between wl1271_tx_work() and the
channel switch, so make sure all the pending packets are
being sent before switching channel.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wl12xx uses a single probe response template, regardless of
the probe request.
However, the P2P spec forbids including the p2p ie in some
cases (e.g. the probe request didn't include the p2p ie).
The fw responds only to probe requests that don't
include the p2p ie, and passes up probe requests that
include them (the supplicant will answer them).
Thus, strip the p2p ie from the probe response template.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
wl12xx uses the beacon as the probe response template.
However, the beacon includes a TIM ie, which shouldn't
exist in the probe response.
Delete it from the skb before configuring the probe
response template.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
We were including only 11b rates in IBSS mode. This patch adds OFDM
rates.
[Rephrased commit log and removed one unnecessary comment. -- Luca]
Signed-off-by: Shahar Levi <shahar_levi@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Due to some changes in PM in recent kernels, the sdio_test module has
been broken for a while. This patch fixes the code that powers the
card on and off.
Also made some small indentation fixes in the Makefile.
[Rephrased commit log and removed the change in the FW name, since
it's done in another patch. -- Luca]
Signed-off-by: Shahar Levi <shahar_levi@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
We were using incorrect max and min dwell times during forced passive
scans because we were still using the active scan states to scan
(passively) the channels that were not marked as passive.
Instead of doing passive scans in active states, we now skip active
states and scan for all channels in passive states.
Cc: <stable@kernel.org> # 2.6.36+
Signed-off-by: Luciano Coelho <coelho@ti.com>
We dereference "rate" on the lines before so the checks here are too
late to help. This function is only called from
mwifiex_dump_station_info() and "rate" is always a non-NULL pointer
so the check can be removed.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
We're not likely to hit this small memory leak, but lets fix it
anyway to keep the static checkers happy.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwl_trans_rx_alloc is only called from iwl_rx_init, so no need
to init the lists twice.
Signed-off-by: Amit Beka <amit.beka@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
During my works on the transport layer I removed code that updated
a local variable (is_agg) that is needed to keep the pending_frames
count up to date. Fix this.
Also, there should be no way to have a packet with TX_CTL_AMPDU set
while the internal aggregation state machine is not in AGG_ON state.
Add a WARN_ON to ensure that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This has been removed but the declaration hasn't.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This simplifies both the transport layer and the upper layer.
Kill the union in the device command, which avoids the funny syntax
we had: cmd->cmd.payload.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Before this patch, the upper layer could register a callback for each
host command. This mechanism allowed the upper layer to have
different callbacks for the same command ID. In fact, it wasn't used
and the rx_handlers is enough: same callback for all the command with
a specific command ID.
The iwl_send_add_station needs the access the command that was sent
while handling the response (regardless if the command was sent in
SYNC or ASYNC mode). So now, all the handlers receive the host
command that was sent. This implies a change in the handler signature.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If we're associated and want to do P2P at the same
time, the scan for remain-on-channel is currently
limited to 80ms because of the way the device will
behave in that case. Instead of doing that, split
up the dwell times into little pieces. It will not
actually be a single big dwell time then, but will
be close enough. This improves robustness of P2P
in such scenarios.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>