GitHub/LineageOS/G12/android_kernel_amlogic_linux-4.9.git
10 years agoBluetooth: Add constants for LTK key types
Marcel Holtmann [Sat, 1 Feb 2014 03:02:30 +0000 (19:02 -0800)]
Bluetooth: Add constants for LTK key types

The LTK key types available right now are unauthenticated and
authenticated ones. Provide two simple constants for it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Track if link is using P-256 authenticated combination key
Marcel Holtmann [Sat, 1 Feb 2014 19:52:02 +0000 (11:52 -0800)]
Bluetooth: Track if link is using P-256 authenticated combination key

When the ACL link is using P-256 authenticated combination key, mark
the link mode as HCI_LM_FIPS.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Include security level 4 in connections check
Marcel Holtmann [Sat, 1 Feb 2014 19:32:25 +0000 (11:32 -0800)]
Bluetooth: Include security level 4 in connections check

This check is only used for RFCOMM connections and most likely no
RFCOMM based profile will require security level 4 secure connection
security policy. In case it ever does make sure that seucrity level 4
is treated as sufficient security level.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add management command for Secure Connection Only Mode
Marcel Holtmann [Sat, 1 Feb 2014 17:19:57 +0000 (09:19 -0800)]
Bluetooth: Add management command for Secure Connection Only Mode

With support for Secure Connections it is possible to switch the
controller into a mode that is called Secure Connections Only. In
this mode only security level 4 connections are allowed (with the
exception of security level 0 approved services).

This patch just introduces the management command and setting of the
right internal flags to enable this mode. It does not yet enforce it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Remove __packed from struct smp_ltk
Marcel Holtmann [Sat, 1 Feb 2014 02:42:18 +0000 (18:42 -0800)]
Bluetooth: Remove __packed from struct smp_ltk

The struct smp_ltk does not need to be packed and so remove __packed.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Rename authentication to key_type in mgmt_ltk_info
Marcel Holtmann [Sat, 1 Feb 2014 02:42:17 +0000 (18:42 -0800)]
Bluetooth: Rename authentication to key_type in mgmt_ltk_info

The field is not a boolean, it is actually a field for a key type. So
name it properly.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Remove check for valid LTK authenticated parameter
Marcel Holtmann [Sat, 1 Feb 2014 02:42:16 +0000 (18:42 -0800)]
Bluetooth: Remove check for valid LTK authenticated parameter

The LTK authenticated parameter is the key type of the LTK and similar
to link keys there is no need to check the currently supported values.

For possible future improvements, the kernel will only use key types
it knows about and just ignore all the other ones.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Track the AES-CCM encryption status of LE and BR/EDR links
Marcel Holtmann [Sat, 1 Feb 2014 00:24:28 +0000 (16:24 -0800)]
Bluetooth: Track the AES-CCM encryption status of LE and BR/EDR links

When encryption for LE links has been enabled, it will always be use
AES-CCM encryption. In case of BR/EDR Secure Connections, the link
will also use AES-CCM encryption. In both cases track the AES-CCM
status in the connection flags.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Remove one level of indentation from hci_encrypt_change_evt
Marcel Holtmann [Sat, 1 Feb 2014 00:24:27 +0000 (16:24 -0800)]
Bluetooth: Remove one level of indentation from hci_encrypt_change_evt

The function already has an unlock label which means the one extra level
on indentation is not useful and just makes the code more complex. So
remove it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Remove use_debug_keys debugfs entry
Marcel Holtmann [Fri, 31 Jan 2014 19:55:23 +0000 (11:55 -0800)]
Bluetooth: Remove use_debug_keys debugfs entry

Since the use of debug keys can now be identified from the current
settings information, this debugfs entry is no longer necessary.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add management command to allow use of debug keys
Marcel Holtmann [Fri, 31 Jan 2014 19:55:22 +0000 (11:55 -0800)]
Bluetooth: Add management command to allow use of debug keys

Originally allowing the use of debug keys was done via the Load Link
Keys management command. However this is BR/EDR specific and to be
flexible and allow extending this to LE as well, make this an independent
command.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add management setting for use of debug keys
Marcel Holtmann [Fri, 31 Jan 2014 19:55:21 +0000 (11:55 -0800)]
Bluetooth: Add management setting for use of debug keys

When the controller has been enabled to allow usage of debug keys, then
clearly identify that in the current settings information.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Introduce le_conn_failed() helper
Andre Guedes [Thu, 30 Jan 2014 21:22:08 +0000 (18:22 -0300)]
Bluetooth: Introduce le_conn_failed() helper

This patch moves connection attempt failure code to its own function
so it can be reused in the next patch.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Group list_head fields from strcut hci_dev together
Andre Guedes [Thu, 30 Jan 2014 21:22:05 +0000 (18:22 -0300)]
Bluetooth: Group list_head fields from strcut hci_dev together

This patch groups the list_head fields from struct hci_dev together
and removes empty lines between them.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Save connection interval parameters in hci_conn
Andre Guedes [Thu, 30 Jan 2014 21:22:04 +0000 (18:22 -0300)]
Bluetooth: Save connection interval parameters in hci_conn

This patch creates two new fields in struct hci_conn to save the
minimum and maximum connection interval values used to establish
the connection this object represents.

This change is required in order to know what parameters the
connection is currently using.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix differentiating stored master vs slave LTK types
Johan Hedberg [Fri, 31 Jan 2014 03:40:00 +0000 (19:40 -0800)]
Bluetooth: Fix differentiating stored master vs slave LTK types

If LTK distribution happens in both directions we will have two LTKs for
the same remote device: one which is used when we're connecting as
master and another when we're connecting as slave. When looking up LTKs
from the locally stored list we shouldn't blindly return the first match
but also consider which type of key is in question. If we do not do this
we may end up selecting an incorrect encryption key for a connection.

This patch fixes the issue by always specifying to the LTK lookup
functions whether we're looking for a master or a slave key.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary LTK type check from hci_add_ltk
Johan Hedberg [Fri, 31 Jan 2014 03:39:59 +0000 (19:39 -0800)]
Bluetooth: Remove unnecessary LTK type check from hci_add_ltk

All callers of hci_add_ltk pass a valid value to it. There are no places
where e.g. user space, the controller or the remote peer would be able
to cause invalid values to be passed. Therefore, just remove the
potentially confusing check from the beginning of the function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Make LTK key type check more readable
Johan Hedberg [Fri, 31 Jan 2014 03:39:58 +0000 (19:39 -0800)]
Bluetooth: Make LTK key type check more readable

Instead of magic bitwise operations simply compare with the two possible
type values that we are interested in.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix long_term_keys debugfs output
Johan Hedberg [Fri, 31 Jan 2014 03:39:57 +0000 (19:39 -0800)]
Bluetooth: Fix long_term_keys debugfs output

The code was previously iterating the wrong list (and what's worse
casting entries to a type which they were not) and also missing a proper
line terminator when printing each entry. The code now also prints the
LTK type in hex for easier comparison with the kernel-defined values.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove Simultaneous LE & BR/EDR flags from AD
Johan Hedberg [Thu, 30 Jan 2014 19:16:50 +0000 (11:16 -0800)]
Bluetooth: Remove Simultaneous LE & BR/EDR flags from AD

Starting with the 4.1 Core Specification these flags are no longer used
and should always be cleared. From volume 3, part C, section 13.1.1:

"The 'Simultaneous LE and BR/EDR to Same Device Capable (Controller)'
and ‘Simultaneous LE and BR/EDR to Same Device Capable (Host)’ bits in
the Flags AD type shall be set to ‘0’."

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Enable LTK distribution to slave devices
Johan Hedberg [Wed, 29 Jan 2014 21:55:59 +0000 (13:55 -0800)]
Bluetooth: Enable LTK distribution to slave devices

So far we've only been requesting the LTK to be distributed to the
master (initiator) of pairing, which is usually enough since it's the
master that will establish future connections and initiate encryption.
However, in the case that both devices support switching to the opposing
role (which seems to be increasingly common) pairing will have to
performed again since the "new" master will not have all information.

As there is no real harm in it, this patch updates the code to always
try distributing the LTK also to the slave device, thereby enabling role
switches for future connections.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Vinicius Gomes <vcgomes@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Increment management interface revision
Marcel Holtmann [Tue, 28 Jan 2014 23:39:01 +0000 (15:39 -0800)]
Bluetooth: Increment management interface revision

This patch increments the management interface revision due to the
various fixes, improvements and other changes that have been made.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Remove unnecessary check for chan->psm
Johan Hedberg [Tue, 28 Jan 2014 23:28:04 +0000 (15:28 -0800)]
Bluetooth: Remove unnecessary check for chan->psm

Now that ATT sockets have been converted to use the new L2CAP_CHAN_FIXED
type there is no need to have an extra check for chan->psm in the
l2cap_chan_close function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Always use l2cap_chan->psm for returning PSM to user space
Johan Hedberg [Tue, 28 Jan 2014 23:16:51 +0000 (15:16 -0800)]
Bluetooth: Always use l2cap_chan->psm for returning PSM to user space

The l2cap_chan->psm value is always set to a valid value for a
connection oriented channel. The l2cap_chan->sport is used for tracking
local PSM allocations but will not always have a proper value, such as
with connected sockets derived from a listening socket. This patch fixes
the sock_getname callback to always use chan->psm when returning address
information.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Refuse peer RFCOMM address reading when not connected
Johan Hedberg [Tue, 28 Jan 2014 23:16:50 +0000 (15:16 -0800)]
Bluetooth: Refuse peer RFCOMM address reading when not connected

When we're not connected the peer address information is undefined. This
patch fixes the remote address getting to return a proper error in case
the sate is anything else than BT_CONNECTED.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Refuse peer L2CAP address reading when not connected
Johan Hedberg [Tue, 28 Jan 2014 23:16:49 +0000 (15:16 -0800)]
Bluetooth: Refuse peer L2CAP address reading when not connected

When we're not connected the peer address information is undefined. This
patch fixes the remote address getting to return a proper error in case
the state is anything else than BT_CONNECTED.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Free up l2cap_chan->sport when initiating a connection
Johan Hedberg [Tue, 28 Jan 2014 23:16:48 +0000 (15:16 -0800)]
Bluetooth: Free up l2cap_chan->sport when initiating a connection

The sport variable is used to track the allocation of the local PSM
database to ensure no two sockets take the same local PSM. It is
acquired upon bind() but needs to be freed up if the socket ends up
becoming a client one. This patch adds the clearing of the value when
l2cap_chan_connect is called.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix disconnecting L2CAP when a credits overflow occurs
Johan Hedberg [Mon, 27 Jan 2014 23:11:35 +0000 (15:11 -0800)]
Bluetooth: Fix disconnecting L2CAP when a credits overflow occurs

The L2CAP specification requires us to disconnect an L2CAP channel if
the remote side gives us credits beyond 65535. This patch makes sure we
disconnect the channel in such a situation.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix disconnecting L2CAP channel for credits violation
Johan Hedberg [Mon, 27 Jan 2014 23:11:34 +0000 (15:11 -0800)]
Bluetooth: Fix disconnecting L2CAP channel for credits violation

The L2CAP specification requires us to disconnect a channel if the
remote device sends us data when it doesn't have any credits to do so.
This patch makes sure that we send the appropriate L2CAP Disconnect
request in this situation.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix respecting le_default_mps value
Johan Hedberg [Mon, 27 Jan 2014 23:11:33 +0000 (15:11 -0800)]
Bluetooth: Fix respecting le_default_mps value

There's a le_default_mps variable that can be modified through debugfs
but it was never actually used for determining our MPS value. This patch
fixes the MPS initialization to use the variable instead of a fixed
value.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix CID initialization for fixed channels
Johan Hedberg [Sat, 25 Jan 2014 22:10:09 +0000 (17:10 -0500)]
Bluetooth: Fix CID initialization for fixed channels

Fixed channels have the same source and destination CID. Ensure that the
values get properly initialized when receiving incoming connections and
deriving values from the parent socket.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix BT_SECURITY socket option for fixed channels (ATT)
Johan Hedberg [Sat, 25 Jan 2014 22:10:07 +0000 (17:10 -0500)]
Bluetooth: Fix BT_SECURITY socket option for fixed channels (ATT)

The BT_SECURITY option should also be allowed for fixed channels, so
punch the appropriate hole for it when checking for the channel type.
The main user of fixed CID user space sockets is right now ATT (which is
broken without this patch).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Switch ATT channels to use L2CAP_CHAN_FIXED
Johan Hedberg [Fri, 24 Jan 2014 08:35:41 +0000 (10:35 +0200)]
Bluetooth: Switch ATT channels to use L2CAP_CHAN_FIXED

ATT channels are not connection oriented so having them use
L2CAP_CHAN_CONN_ORIENTED is quite confusing. Instead, use the new
L2CAP_CHAN_FIXED type and ensure that the MTU and CID values get
properly set.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Rename L2CAP_CHAN_CONN_FIX_A2MP to L2CAP_CHAN_FIXED
Johan Hedberg [Fri, 24 Jan 2014 08:35:40 +0000 (10:35 +0200)]
Bluetooth: Rename L2CAP_CHAN_CONN_FIX_A2MP to L2CAP_CHAN_FIXED

There's no reason why A2MP should need or deserve its on channel type.
Instead we should be able to group all fixed CID users under a single
channel type and reuse as much code as possible for them. Where CID
specific exceptions are needed the chan-scid value can be used.

This patch renames the current A2MP channel type to a generic one and
thereby paves the way to allow converting ATT and SMP (and any future
fixed channel protocols) to use the new channel type.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove useless l2cap_seq_list_remove function
Johan Hedberg [Sat, 18 Jan 2014 19:32:59 +0000 (21:32 +0200)]
Bluetooth: Remove useless l2cap_seq_list_remove function

The only user of l2cap_seq_list_remove() was l2cap_seq_list_pop() which
only removes the head, meaning only the "else if (seq_list->head ==
seq)" branch was ever being used. This patch moves the code from this
branch straight into l2cap_seq_list_pop() and removes the (now useless)
l2cap_seq_list_remove().

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Queue incoming ACL data until BT_CONNECTED state is reached
Johan Hedberg [Fri, 17 Jan 2014 18:45:11 +0000 (20:45 +0200)]
Bluetooth: Queue incoming ACL data until BT_CONNECTED state is reached

This patch adds a queue for incoming L2CAP data that's received before
l2cap_connect_cfm is called and processes the data once
l2cap_connect_cfm is called. This way we ensure that we have e.g. all
remote features before processing L2CAP signaling data (which is very
important for making the correct security decisions).

The processing of the pending rx data needs to be done through
queue_work since unlike l2cap_recv_acldata, l2cap_connect_cfm is called
with the hci_dev lock held which could cause potential deadlocks.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Reorder L2CAP functions to avoid forward declarations
Johan Hedberg [Fri, 17 Jan 2014 18:45:10 +0000 (20:45 +0200)]
Bluetooth: Reorder L2CAP functions to avoid forward declarations

This patch moves the l2cap_conn_add, is_valid_psm and l2cap_chan_connect
functions further down in l2cap_core.c. The patch doesn't contain
anything else except the relocation of these functions. By moving the
functions further down the patch enables a subsequent patch that adds a
pending RX queue to be implemented without a forward declaration of a
function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add firmware update for Atheros 0cf3:311f
Oliver Neukum [Thu, 16 Jan 2014 15:02:58 +0000 (16:02 +0100)]
Bluetooth: Add firmware update for Atheros 0cf3:311f

The device is not functional without firmware.

The device without firmware:
T:  Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#=  3 Spd=12  MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0cf3 ProdID=311f Rev=00.01
C:  #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:  If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I:  If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb

The device with firmware:
T:  Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#=  4 Spd=12  MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0cf3 ProdID=3007 Rev=00.01
C:  #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:  If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I:  If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Enable Atheros 0cf3:311e for firmware upload
Oliver Neukum [Thu, 16 Jan 2014 14:37:11 +0000 (15:37 +0100)]
Bluetooth: Enable Atheros 0cf3:311e for firmware upload

The device will bind to btusb without firmware, but with the original
buggy firmware device discovery does not work. No devices are detected.

Device descriptor without firmware:
T:  Bus=03 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0cf3 ProdID=311e Rev= 0.01
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms

with firmware:
T:  Bus=03 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#=  3 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0cf3 ProdID=311e Rev= 0.02
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add debugfs entry to show Secure Connections Only mode
Marcel Holtmann [Thu, 16 Jan 2014 06:37:42 +0000 (22:37 -0800)]
Bluetooth: Add debugfs entry to show Secure Connections Only mode

For debugging purposes of Secure Connection Only support a simple
debugfs entry is used to indicate if this mode is active or not.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Handle security level 4 for RFCOMM connections
Marcel Holtmann [Thu, 16 Jan 2014 06:37:41 +0000 (22:37 -0800)]
Bluetooth: Handle security level 4 for RFCOMM connections

With the introduction of security level 4, the RFCOMM sockets need to
be made aware of this new level. This change ensures that the pairing
requirements are set correctly for these connections.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Handle security level 4 for L2CAP connections
Marcel Holtmann [Thu, 16 Jan 2014 06:37:40 +0000 (22:37 -0800)]
Bluetooth: Handle security level 4 for L2CAP connections

With the introduction of security level 4, the L2CAP sockets need to
be made aware of this new level. This change ensures that the pairing
requirements are set correctly for these connections.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Introduce requirements for security level 4
Marcel Holtmann [Thu, 16 Jan 2014 06:37:39 +0000 (22:37 -0800)]
Bluetooth: Introduce requirements for security level 4

The security level 4 is a new strong security requirement that is based
around 128-bit equivalent strength for link and encryption keys required
using FIPS approved algorithms. Which means that E0, SAFER+ and P-192
are not allowed. Only connections created with P-256 resulting from
using Secure Connections support are allowed.

This security level needs to be enforced when Secure Connection Only
mode is enabled for a controller or a service requires FIPS compliant
strong security. Currently it is not possible to enable either of
these two cases. This patch just puts in the foundation for being
able to handle security level 4 in the future.

It should be noted that devices or services with security level 4
requirement can only communicate using Bluetooth 4.1 controllers
with support for Secure Connections. There is no backward compatibilty
if used with older hardware.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Track Secure Connections support of remote devices
Marcel Holtmann [Thu, 16 Jan 2014 06:37:38 +0000 (22:37 -0800)]
Bluetooth: Track Secure Connections support of remote devices

It is important to know if Secure Connections support has been enabled
for a given remote device. The information is provided in the remote
host features page. So track this information and provide a simple
helper function to extract the status.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Fix mgmt error code for negative PIN response
Johan Hedberg [Mon, 13 Jan 2014 15:15:53 +0000 (17:15 +0200)]
Bluetooth: Fix mgmt error code for negative PIN response

The NOT_PAIRED status is only really suitable for operations where being
paired is a pre-requisite. Using it e.g. for the mgmt_pair_device
command seems unintuitive. In the case that either the local or the
remote user responds with a negative PIN Code response the "PIN or Key
Missing" HCI status will be generated. This patch changes the mapping of
this status from the NOT_PAIRED mgmt status to the more intuitive
AUTH_FAILED mgmt status.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Convert to use ATTRIBUTE_GROUPS macro
Wei Yongjun [Tue, 7 Jan 2014 14:23:08 +0000 (22:23 +0800)]
Bluetooth: Convert to use ATTRIBUTE_GROUPS macro

Use ATTRIBUTE_GROUPS macro to reduce the number of lines of code.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add support for remote OOB input of P-256 data
Marcel Holtmann [Fri, 10 Jan 2014 10:07:30 +0000 (02:07 -0800)]
Bluetooth: Add support for remote OOB input of P-256 data

The current management interface only allows to provide the remote
OOB input of P-192 data. This extends the command to also accept
P-256 data as well. To make this backwards compatible, the userspace
can decide to only provide P-192 data or the combined P-192 and P-256
data. It is also allowed to leave the P-192 data empty if userspace
only has the remote P-256 data.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add internal function for storing P-192 and P-256 data
Marcel Holtmann [Fri, 10 Jan 2014 10:07:29 +0000 (02:07 -0800)]
Bluetooth: Add internal function for storing P-192 and P-256 data

Add function to allow adding P-192 and P-256 data to the internal
storage. This also fixes a few coding style issues from the previous
helper functions for the out-of-band credentials storage.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Provide remote OOB data for Secure Connections
Marcel Holtmann [Fri, 10 Jan 2014 10:07:28 +0000 (02:07 -0800)]
Bluetooth: Provide remote OOB data for Secure Connections

When Secure Connections has been enabled it is possible to provide P-192
and/or P-256 data during the pairing process. The internal out-of-band
credentials storage has been extended to also hold P-256 data.

Initially the P-256 data will be empty and with Secure Connections enabled
no P-256 data will be provided. This is according to the specification
since it might be possible that the remote side did not provide either
of the out-of-band credentials.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add debugfs quirk for forcing Secure Connections support
Marcel Holtmann [Fri, 10 Jan 2014 10:07:27 +0000 (02:07 -0800)]
Bluetooth: Add debugfs quirk for forcing Secure Connections support

The Bluetooth 4.1 specification with Secure Connections support has
just been released and controllers with this feature are still in
an early stage.

A handful of controllers have already support for it, but they do
not always identify this feature correctly. This debugfs entry
allows to tell the kernel that the controller can be treated as
it would fully support Secure Connections.

Using debugfs to force Secure Connections support of course does
not make this feature magically appear in all controllers. This
is a debug functionality for early adopters. Once the majority
of controllers matures this quirk will be removed.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add support for local OOB data with Secure Connections
Marcel Holtmann [Fri, 10 Jan 2014 10:07:26 +0000 (02:07 -0800)]
Bluetooth: Add support for local OOB data with Secure Connections

For Secure Connections support and the usage of out-of-band pairing,
it is needed to read the P-256 hash and randomizer or P-192 hash and
randomizer. This change will read P-192 data when Secure Connections
is disabled and P-192 and P-256 data when it is enabled.

The difference is between using HCI Read Local OOB Data and using the
new HCI Read Local OOB Extended Data command. The first one has been
introduced with Bluetooth 2.1 and returns only the P-192 data.

< HCI Command: Read Local OOB Data (0x03|0x0057) plen 0
> HCI Event: Command Complete (0x0e) plen 36
      Read Local OOB Data (0x03|0x0057) ncmd 1
        Status: Success (0x00)
        Hash C from P-192: 975a59baa1c4eee391477cb410b23e6d
        Randomizer R with P-192: 9ee63b7dec411d3b467c5ae446df7f7d

The second command has been introduced with Bluetooth 4.1 and will
return P-192 and P-256 data.

< HCI Command: Read Local OOB Extended Data (0x03|0x007d) plen 0
> HCI Event: Command Complete (0x0e) plen 68
      Read Local OOB Extended Data (0x03|0x007d) ncmd 1
        Status: Success (0x00)
        Hash C from P-192: 6489731804b156fa6355efb8124a1389
        Randomizer R with P-192: 4781d5352fb215b2958222b3937b6026
        Hash C from P-256: 69ef8a928b9d07fc149e630e74ecb991
        Randomizer R with P-256: 4781d5352fb215b2958222b3937b6026

The change for the management interface is transparent and no change
is required for existing userspace. The Secure Connections feature
needs to be manually enabled. When it is disabled, then userspace
only gets the P-192 returned and with Secure Connections enabled,
userspace gets P-192 and P-256 in an extended structure.

It is also acceptable to just ignore the P-256 data since it is not
required to support them. The pairing with out-of-band credentials
will still succeed. However then of course no Secure Connection will
b established.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Limit acceptable link key types to only supported ones
Marcel Holtmann [Fri, 10 Jan 2014 10:07:25 +0000 (02:07 -0800)]
Bluetooth: Limit acceptable link key types to only supported ones

The link keys that are loaded by userspace during controller setup
should be limited to actual valid and supported types. With the
support for Secure Connections, it is limited to types 0x00 - 0x08
at the moment. Reject any other link key types.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Enable Secure Connection during power on if configured
Marcel Holtmann [Fri, 10 Jan 2014 10:07:24 +0000 (02:07 -0800)]
Bluetooth: Enable Secure Connection during power on if configured

If support for Secure Connection has been configured, then make sure
to send the appropiate HCI command to enable it when powering on the
controller.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add management command for enabling Secure Connections
Marcel Holtmann [Fri, 10 Jan 2014 10:07:23 +0000 (02:07 -0800)]
Bluetooth: Add management command for enabling Secure Connections

The support for Secure Connections need to be explicitly enabled by
userspace. This is required since only userspace that can handle the
new link key types should enable support for Secure Connections.

This command handling is similar to how Secure Simple Pairing enabling
is done. It also tracks the case when Secure Connections support is
enabled via raw HCI commands. This makes sure that the host features
page is updated as well.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add flags and setting for Secure Connections support
Marcel Holtmann [Fri, 10 Jan 2014 10:07:22 +0000 (02:07 -0800)]
Bluetooth: Add flags and setting for Secure Connections support

The MGMT_SETTING_SECURE_CONN setting is used to track the support and
status for Secure Connections from the management interface. For HCI
based tracking HCI_SC_ENABLED flag is used.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Enable Authenticated Payload Timeout Expired event
Marcel Holtmann [Fri, 10 Jan 2014 10:07:21 +0000 (02:07 -0800)]
Bluetooth: Enable Authenticated Payload Timeout Expired event

With Secure Connections capable controllers, the authenticated payload
timeout can trigger. Enable the event so the controller informs the
host when this happens.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add support for handling P-256 derived link keys
Marcel Holtmann [Fri, 10 Jan 2014 10:07:20 +0000 (02:07 -0800)]
Bluetooth: Add support for handling P-256 derived link keys

Before being able to enable Secure Connections support, the core needs
to know on how to handle P-256 derived link keys. The difference between
authenticated and unauthenticated P-256 derived link keys is the same as
its P-192 counter parts.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add definitions for new link key types
Marcel Holtmann [Fri, 10 Jan 2014 10:07:19 +0000 (02:07 -0800)]
Bluetooth: Add definitions for new link key types

With the introduction of Secure Connections, the list of link key types
got extended by P-256 versions of authenticated and unauthenticated
link keys.

To avoid any confusion the previous authenticated and unauthenticated
link key types got ammended with a P912 postfix. And the two new keys
have a P256 postfix now. Existing code using the previous definitions
has been adjusted.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add HCI command definition for extended OOB data
Marcel Holtmann [Fri, 10 Jan 2014 10:07:18 +0000 (02:07 -0800)]
Bluetooth: Add HCI command definition for extended OOB data

The Secure Connections feature introduces the support for P-256 strength
pairings (compared to P-192 with Secure Simple Pairing). This however
means that for out-of-band pairing the hash and randomizer needs to be
differentiated. Two new commands are introduced to handle the possible
combinations of P-192 and P-256. This add the HCI command definition
for both.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add HCI command definition for Secure Connections enabling
Marcel Holtmann [Fri, 10 Jan 2014 10:07:17 +0000 (02:07 -0800)]
Bluetooth: Add HCI command definition for Secure Connections enabling

The Secure Connections feature is optional and host stacks have to
manually enable it. This add the HCI command definiton for reading
and writing this setting.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add LMP feature definitions for Secure Connections support
Marcel Holtmann [Fri, 10 Jan 2014 10:07:16 +0000 (02:07 -0800)]
Bluetooth: Add LMP feature definitions for Secure Connections support

The support for Secure Connections introduces two new controller
features and one new host feature.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Fix outgoing authentication requirement check
Johan Hedberg [Wed, 8 Jan 2014 14:40:39 +0000 (16:40 +0200)]
Bluetooth: Fix outgoing authentication requirement check

The check for HIGH security level dates back to pre-mgmt times when a
raw L2CAP socket with HIGH security level was used to trigger dedicated
bonding. For legacy pairing checking for the security level was the only
way to catch the need to authenticate in all scenarios. With mgmt
however, the pair_device command does not use HIGH security but MEDIUM
security. Therefore, the existing code would never trigger
authentication for a non-SSP connection without an MITM requirement
(e.g. if user space provided a NoInputNoOutput IO capability). In such a
scenario the mgmt_pair_device command would return success without
actually triggering any kind of pairing.

This patch updates the authentication requirement check to also consider
MEDIUM security level, and thereby ensures that mgmt_pair_device will
always trigger authentication.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agomwifiex: add key material v2 support
Avinash Patil [Sat, 8 Feb 2014 00:32:35 +0000 (16:32 -0800)]
mwifiex: add key material v2 support

This patch adds key material V2 support to mwifiex.
Newer FW supports this feature and FW KEY API version is used
to determine which command structure needs to be used.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: parse API version from FW
Avinash Patil [Sat, 8 Feb 2014 00:30:42 +0000 (16:30 -0800)]
mwifiex: parse API version from FW

This patch adds support to parse FW API version TLVs.
Currently only API version for key_material is supported.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: disable all TDLS link during disconnection
Avinash Patil [Sat, 8 Feb 2014 00:30:41 +0000 (16:30 -0800)]
mwifiex: disable all TDLS link during disconnection

During deauthenticate/link lost event, disable all TDLS links as
TDLS would not work when infra connection is not active.
Also this will avoid an issue where ping to peer station doesn't
work after reassociation to AP where we had created TDLS link in
earlier association.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: separate BA params for TDLS link if 11ac is supported
Avinash Patil [Sat, 8 Feb 2014 00:30:40 +0000 (16:30 -0800)]
mwifiex: separate BA params for TDLS link if 11ac is supported

If TDLS link is 11ac enabled i.e. we as well as peer station
supports VHT, configure seprate TX & RX window sizes during
BA setup. So even if BSS does not support 11ac, we can use VHT
capabilities and higher window sizes on direct link.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: add VHT support for TDLS
Avinash Patil [Sat, 8 Feb 2014 00:30:39 +0000 (16:30 -0800)]
mwifiex: add VHT support for TDLS

During TDLS setup request/response, if HW is 11ac capable,
we add VHT Capability IEs in outgoing data frame. Also while
processing received setup request/response, we preserve peer's
11ac capability retrieved from IEs.

Patch also gets VHT parameters from config_station handlers and
sets it to FW using TDLS config command.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: pass ieee80211_vht_cap to mwifiex_fill_vht_cap_tlv
Avinash Patil [Sat, 8 Feb 2014 00:30:38 +0000 (16:30 -0800)]
mwifiex: pass ieee80211_vht_cap to mwifiex_fill_vht_cap_tlv

This patch changes mwifiex_fill_vht_cap_tlv function to pass
struct ieee80211_vht_cap instead of mwifiex_ie_types_vhtcap
so that it can be used generically.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: AMPDU support for TDLS link
Avinash Patil [Sat, 8 Feb 2014 00:30:37 +0000 (16:30 -0800)]
mwifiex: AMPDU support for TDLS link

This patch adds AMPDU support for TDLS link. We have set 11n
capabilities including AMPDU parameters during ENABLE_LINK.
We set a variable in RA list to indicate this as TDLS link.
This patch uses these capabilities to know if AMPDU is allowed
on TDLS link and enables AMPDU aggregation for TX and RX reording
support for RA list for this peer.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: tdls related handling for data packets addressed to TDLS peer
Avinash Patil [Sat, 8 Feb 2014 00:30:36 +0000 (16:30 -0800)]
mwifiex: tdls related handling for data packets addressed to TDLS peer

1. If data packet is addressed to TDLS peer for which link is
established, mark these packets with TDLS flag so that FW can
send them on direct link instead of sending via AP.
2. If data packet is addressed to TDLS peer and TDLS setup is
underway, move these packets to TDLS queue.
3. If this packet is TDLS setup packet, do not block it.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: provision for holding and restoring packets during TDLS setup
Avinash Patil [Sat, 8 Feb 2014 00:30:35 +0000 (16:30 -0800)]
mwifiex: provision for holding and restoring packets during TDLS setup

While TDLS link is being setup, few packets from this station to
peer station may be buffered at AP. It may happen that once TDLS
link is setup, packets sent from station to peer on direct link
get delivered before traffic from AP arrives at peer station.
This results into packet reordering issue at peer station.

To avoid this, we hold data packets destined to TDLS peer during
TDLS setup. These packets are moved to temperory TDLS TX queue.
Upon successful TDLS setup, they are moved to RA list created for
this peer. Upon failure, packets are moved back to AP's RA list
for that particular TID.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: add cfg80211 change_station handler support
Avinash Patil [Sat, 8 Feb 2014 00:30:34 +0000 (16:30 -0800)]
mwifiex: add cfg80211 change_station handler support

This patch adds cfg80211 change_station handler support for mwifiex
which is needed for TDLS link setup. Driver creates a command to
modify peer link capabilities and issues command to FW.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: add cfg80211 add_station handler support
Avinash Patil [Sat, 8 Feb 2014 00:30:33 +0000 (16:30 -0800)]
mwifiex: add cfg80211 add_station handler support

This patch adds cfg80211 add_station handler support for mwifiex
which is needed for TDLS setup. Driver issues create TDLS link
command to FW upon receiving add_station from cfg80211.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: add cfg80211 tdls_oper handler support
Avinash Patil [Sat, 8 Feb 2014 00:27:34 +0000 (16:27 -0800)]
mwifiex: add cfg80211 tdls_oper handler support

This patch adds cfg80211 handler tdls_oper handler support to
mwifiex. Upon enable link, driver sets status as TDLS status as
setup complete and also sets AMSDU size, AMPDU params for direct
link. Upon disable link, driver issues command to FW to delete
this link in FW.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: parse TDLS action frames during RX
Avinash Patil [Sat, 8 Feb 2014 00:27:33 +0000 (16:27 -0800)]
mwifiex: parse TDLS action frames during RX

This patch adds support for parsing TDLS action frames during
station receive handler.
Peer station capabilities are stored into station node.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: add tdls_mgmt handler support
Avinash Patil [Sat, 8 Feb 2014 00:27:32 +0000 (16:27 -0800)]
mwifiex: add tdls_mgmt handler support

This patch adds support for TDLS management frames transmit
handler. mwifiex driver supports TDLS with external support,
i.e. expects user space application to form TDLS frames.
Same is advertised to cfg80211 during registration.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: cleanup in mwifiex_fill_cap_info()
Amitkumar Karwar [Sat, 8 Feb 2014 00:27:31 +0000 (16:27 -0800)]
mwifiex: cleanup in mwifiex_fill_cap_info()

Pass 'struct ieee80211_ht_cap' pointer to
mwifiex_fill_cap_info() instead of
'struct mwifiex_ie_types_htcap' pointer, because the routine
internally uses the later one.
This patch also adds WARN_ON_ONCE check for NULL band.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: move station list functions to common code
Avinash Patil [Sat, 8 Feb 2014 00:27:30 +0000 (16:27 -0800)]
mwifiex: move station list functions to common code

These functions are now needed by TDLS while managing station list.
Move them from AP related file to utility file.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: make tos_to_tid_inv part of mwifiex_private structure
Avinash Patil [Sat, 8 Feb 2014 00:27:29 +0000 (16:27 -0800)]
mwifiex: make tos_to_tid_inv part of mwifiex_private structure

tos_to_tid_inv values are needed even during TDLS restore
operations. Currently tos_to_tid_inv is part of wmm.c and
is declared static.
Make it part of private structure so that it can be used in
other files as well.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: handle AMPDU supported check for AP interface
Avinash Patil [Sat, 8 Feb 2014 00:27:28 +0000 (16:27 -0800)]
mwifiex: handle AMPDU supported check for AP interface

This patch fixes a bug where we were checking for AP's AMPDU param
setting even when transmitting traffic to associated station.
Patch adds provision to pass additional parameter ra_list pointer
to function which checks if AMPDU is allowed. If current BSS type is
AP, we check station's AMPDU params else we check AP's AMPDU params.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: advertise correct beamforming information for VHT
Amitkumar Karwar [Sat, 8 Feb 2014 00:27:27 +0000 (16:27 -0800)]
mwifiex: advertise correct beamforming information for VHT

Currently MU/SU beamformer and MU beamformee features are
not supported.

Hence this patch modifies VHT capability information accordingly.
Number of sounding dimensions should be zero in this case.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: update beamforming capability field for HT
Amitkumar Karwar [Sat, 8 Feb 2014 00:27:26 +0000 (16:27 -0800)]
mwifiex: update beamforming capability field for HT

This patch makes sure that beamforming capability field in
ht capability info gets filled if hardware supports the feature.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: don't leak DMA command skbuffs
Aaron Durbin [Sat, 8 Feb 2014 00:25:51 +0000 (16:25 -0800)]
mwifiex: don't leak DMA command skbuffs

The current mwifiex pcie driver assumed that it would get
its cmdrsp_complete() callback called before another command
was sent to unmap the command's skbuff. However, that is not
true. The mwifiex_check_ps_cond() will send a sleep command
to the card without having adapter->curr_cmd set. Within the
workqueue's state machine the adapter's state would be set
to allow commands (curr_cmd = NULL && cmd_sent = false) after
having receieved the response from the sleep command. The
card->cmd_buf would then be overridden with the new command
but the first command's skbuff was not unmapped. This leaks
mapped skbuffs when a bounce buffer is employed.

To rectify this unmap the card->cmd_buf when the response is
received from the card instead of waiting for the
cmdrsp_complete() callback.

Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Reviewed-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: balance dma map/unmap sizes
Aaron Durbin [Sat, 8 Feb 2014 00:25:50 +0000 (16:25 -0800)]
mwifiex: balance dma map/unmap sizes

Depending on the underlying DMA implementation its
not possible to partially unmap DMA buffers. Moreover
its not possible to understand the intent of passing
0 as the size to dma unmap. The intent of this
driver is unmap the entire skb buffer. The only way
to ensure that the size matches on unmap is to store
both the dma address and the size in the skb ca field.

Introduce a mwifiex_dma_mapping structure which tracks
the dma address and the size. Additionally, provide
a mwifiex_unmap_pci_memory() that utilizes the new
structure. This also provide symmetry within the
internal API.

Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Reviewed-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: implement extended scan feature
Amitkumar Karwar [Wed, 12 Feb 2014 02:39:56 +0000 (18:39 -0800)]
mwifiex: implement extended scan feature

In extended scan, host gets scan results through one or
multiple events instead of scan command response. Host will
send next scan command when all the events are received.

Legacy scan sometimes truncates scan results in a noisy
environment due to buffer length limitation. This issue
is addressed in extended scan.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: separate out next scan command queueing logic
Amitkumar Karwar [Sat, 8 Feb 2014 00:23:36 +0000 (16:23 -0800)]
mwifiex: separate out next scan command queueing logic

This new function will be useful later for extended scan
feature.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: separate out response buffer parsing code
Amitkumar Karwar [Sat, 8 Feb 2014 00:23:35 +0000 (16:23 -0800)]
mwifiex: separate out response buffer parsing code

This new function will be useful later for extended scan
feature.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: change beacon parameter structure
Amitkumar Karwar [Sat, 8 Feb 2014 00:23:34 +0000 (16:23 -0800)]
mwifiex: change beacon parameter structure

'mwifiex_bcn_param' structure contains five parameters which
are present in beacon buffer in case of legacy scan.

'rssi' field won't be there in this buffer for extended scan.
Hence 'bssid' and 'rssi' are removed from the structure and it is
renamed as 'mwifiex_fixed_bcn_param' so that we can have common
parsing logic later for both.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: remove unsupported code in 11ac
Bing Zhao [Sat, 8 Feb 2014 00:21:01 +0000 (16:21 -0800)]
mwifiex: remove unsupported code in 11ac

bit12 in fw_cap_info is for testing only.
Remove all related code.

Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: improve readability in 11ac mcsmap to maxrate conversion
Bing Zhao [Sat, 8 Feb 2014 00:21:00 +0000 (16:21 -0800)]
mwifiex: improve readability in 11ac mcsmap to maxrate conversion

1) rename max_mcs to mcs;
2) initialize 'i' and 'nss' as 1 instead of 0 in nss lookup;
3) use GET_VHTNSSMCS(mcs_map, nss) macro;
4) use IEEE80211_VHT_MCS_* definitions instead of hard coding

Reported-by: Paul Stewart <pstew@chromium.org>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: make 11ac mcs rate tables global and const
Bing Zhao [Sat, 8 Feb 2014 00:20:59 +0000 (16:20 -0800)]
mwifiex: make 11ac mcs rate tables global and const

Remove these local array variables and define them as static
const array in global space.
The duplicated mcs_rate table is removed automatically with this
change.

Reported-by: Paul Stewart <pstew@chromium.org>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: make use of IEEE80211_VHT_MCS_NOT_SUPPORTED
Bing Zhao [Sat, 8 Feb 2014 00:20:58 +0000 (16:20 -0800)]
mwifiex: make use of IEEE80211_VHT_MCS_NOT_SUPPORTED

Remove driver's macro and use ieee80211's definition instead

Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Calculate IQ-CAL median
Sujith Manoharan [Fri, 7 Feb 2014 04:59:55 +0000 (10:29 +0530)]
ath9k: Calculate IQ-CAL median

This patch adds a routine to calculate the median IQ correction
values for AR955x, which is used for outlier detection.
The normal method which is used for all other chips is
bypassed for AR955x.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Expand the IQ coefficient array
Sujith Manoharan [Fri, 7 Feb 2014 04:59:54 +0000 (10:29 +0530)]
ath9k: Expand the IQ coefficient array

This will be used for storing data for mutiple
IQ calibration runs, for AR955x.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Modify IQ calibration for AR955x
Sujith Manoharan [Fri, 7 Feb 2014 04:59:53 +0000 (10:29 +0530)]
ath9k: Modify IQ calibration for AR955x

IQ calibration post-processing for AR955x is different
from other chips - instead of just doing it as part
of AGC calibration once, it is triggered 3 times and
a median is determined. This patch adds initial support
for changing the calibration behavior for AR955x.

Also, to simplify things, a helper routine to issue/poll
AGC calibration is used.

For non-AR955x chips, the iqcal_idx (which will be used
in subsequent patches) is set to zero.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix magnitude/phase calculation
Sujith Manoharan [Fri, 7 Feb 2014 04:59:52 +0000 (10:29 +0530)]
ath9k: Fix magnitude/phase calculation

Incorrect values are programmed in the registers
containing the IQ correction coefficients by the IQ-CAL
post-processing code. Fix this.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Rename ar9003_hw_tx_iqcal_load_avg_2_passes
Sujith Manoharan [Fri, 7 Feb 2014 04:59:51 +0000 (10:29 +0530)]
ath9k: Rename ar9003_hw_tx_iqcal_load_avg_2_passes

Use ar9003_hw_tx_iq_cal_outlier_detection instead.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Check explicitly for IQ calibration
Sujith Manoharan [Fri, 7 Feb 2014 04:59:50 +0000 (10:29 +0530)]
ath9k: Check explicitly for IQ calibration

In chips like AR955x, the initvals contain the information
whether IQ calibration is to be done in the HW when an
AGC calibration is triggered. Check if IQ-CAL is enabled
in the initvals before flagging 'txiqcal_done' as true.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix IQ cal post processing for SoC
Sujith Manoharan [Fri, 7 Feb 2014 04:59:49 +0000 (10:29 +0530)]
ath9k: Fix IQ cal post processing for SoC

Calibration data is not reused for SoC chips, so
call ar9003_hw_tx_iq_cal_post_proc() with the correct
argument. The 'is_reusable' flag is currently used
only for PC-OEM chips, but it makes things clearer to
specify it explicity.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k_htc: Add device ID for Buffalo WLI-UV-AG300P
Masaki TAGAWA [Thu, 6 Feb 2014 05:06:24 +0000 (14:06 +0900)]
ath9k_htc: Add device ID for Buffalo WLI-UV-AG300P

Buffalo WLI-UV-AG300P is almost the same as Sony UWA-BR100.

Signed-off-by: Masaki TAGAWA <masaki@club.kyutech.ac.jp>
Signed-off-by: John W. Linville <linville@tuxdriver.com>