GitHub/moto-9609/android_kernel_motorola_exynos9610.git
10 years agoiwlwifi: remove IWL_UCODE_TLV_FLAGS_SCHED_SCAN flag
Emmanuel Grumbach [Sun, 30 Mar 2014 06:11:44 +0000 (09:11 +0300)]
iwlwifi: remove IWL_UCODE_TLV_FLAGS_SCHED_SCAN flag

All the supported firmwares have this flag set.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: remove IWL_UCODE_TLV_FLAGS_D3_CONTINUITY_API flag
Emmanuel Grumbach [Sun, 30 Mar 2014 06:10:28 +0000 (09:10 +0300)]
iwlwifi: remove IWL_UCODE_TLV_FLAGS_D3_CONTINUITY_API flag

All the supported firmwares have this flag set.

Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: remove IWL_UCODE_TLV_FLAGS_BF_UPDATED flag
Emmanuel Grumbach [Sun, 30 Mar 2014 05:57:30 +0000 (08:57 +0300)]
iwlwifi: remove IWL_UCODE_TLV_FLAGS_BF_UPDATED flag

All the supported firmwares have this flag set.

Reviewed-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: remove IWL_UCODE_TLV_FLAGS_TIME_EVENT_API_V2 flag
Emmanuel Grumbach [Sun, 30 Mar 2014 05:40:46 +0000 (08:40 +0300)]
iwlwifi: remove IWL_UCODE_TLV_FLAGS_TIME_EVENT_API_V2 flag

All the supported firmwares have this flag set.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: remove IWL_UCODE_TLV_FLAGS_RX_ENERGY_API flag
Emmanuel Grumbach [Sun, 30 Mar 2014 05:40:46 +0000 (08:40 +0300)]
iwlwifi: remove IWL_UCODE_TLV_FLAGS_RX_ENERGY_API flag

All the supported firmwares have this flag set.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: remove IWL_UCODE_TLV_FLAGS_PM_CMD_SUPPORT flag
Emmanuel Grumbach [Sun, 30 Mar 2014 06:50:54 +0000 (09:50 +0300)]
iwlwifi: remove IWL_UCODE_TLV_FLAGS_PM_CMD_SUPPORT flag

All the supported firmwares have this flag set.

Reviewed-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: remove IWL_UCODE_TLV_FLAGS_NEWBT_COEX TLV flag
Emmanuel Grumbach [Sun, 30 Mar 2014 05:32:56 +0000 (08:32 +0300)]
iwlwifi: remove IWL_UCODE_TLV_FLAGS_NEWBT_COEX TLV flag

All the supported firmwares have this flag set.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: deprecate -7 firmware
Emmanuel Grumbach [Thu, 27 Mar 2014 17:12:12 +0000 (19:12 +0200)]
iwlwifi: mvm: deprecate -7 firmware

This firmware is not supported any more.
A few code paths specific to old firmware can be removed.
We can now assume that a few TLV flags are always set since
we won't load firmware that didn't support the corresponding
features. This will be done in a separate patch.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: replace BUG_ON by WARN_ON in scan.c
Emmanuel Grumbach [Thu, 27 Mar 2014 08:06:29 +0000 (10:06 +0200)]
iwlwifi: mvm: replace BUG_ON by WARN_ON in scan.c

While the scan_cmd should really be allocated in init (and
we do fail init in case the allocation failed), it doesn't
mean we should lock up the machine if something really bad
happened.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: add per rate tx stats
Eyal Shapira [Mon, 24 Mar 2014 00:12:00 +0000 (02:12 +0200)]
iwlwifi: mvm: add per rate tx stats

Collect accumulated stats of tx attempts and successes
per rate and column for debugging purposes.
These stats can be read via debugfs file drv_tx_stats
and can also be reset by writing to this file.

Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: Use RCU_INIT_POINTER(x, NULL)
Monam Agarwal [Sun, 23 Mar 2014 18:35:56 +0000 (00:05 +0530)]
iwlwifi: mvm: Use RCU_INIT_POINTER(x, NULL)

rcu_assign_pointer() ensures that the initialization of a structure is
carried out before storing a pointer to that structure. However, in the
case that NULL is assigned there's no structure to initialize so using
RCU_INIT_POINTER instead is safe and more efficient.

Signed-off-by: Monam Agarwal <monamagarwal123@gmail.com>
[rewrite commit log]
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: don't enable bcast filtering on P2P client
Emmanuel Grumbach [Tue, 1 Apr 2014 18:34:59 +0000 (21:34 +0300)]
iwlwifi: mvm: don't enable bcast filtering on P2P client

The firmware doesn't support broadcast filtering on P2P
client. Trying to enable it makes the firmware assert.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: Fix tx-backoff when NIC exit thermal throttling
Eytan Lifshitz [Tue, 1 Apr 2014 13:44:21 +0000 (16:44 +0300)]
iwlwifi: mvm: Fix tx-backoff when NIC exit thermal throttling

When NIC is exiting from thermal throttling state (i.e. after
heating and then cooling down), tx-backoff values are assigned
to be zero, instead of being restored to the minimal value. Fixed.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: Fix warning message when exit thermal throttling
Eytan Lifshitz [Wed, 2 Apr 2014 18:37:57 +0000 (21:37 +0300)]
iwlwifi: mvm: Fix warning message when exit thermal throttling

When NIC exit thermal throttling while having minimal tx-backoff
restriction, the warning message that indicate about that state
won't show up. Fixed.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: dump Rx FIFO when the firmware asserts
Emmanuel Grumbach [Thu, 20 Mar 2014 09:08:19 +0000 (11:08 +0200)]
iwlwifi: mvm: dump Rx FIFO when the firmware asserts

The Rx FIFO includes valuable data - dump it when the FW
asserts. Also - free the SRAM and Rx FIFO when we create
the file, and don't collect new SRAM / Rx FIFO if the
previous file hasn't been collected through debugfs yet.

Also - add a comment to saying that the ASSERT output should
not be modified since we have automatic scripts that monitor
this output.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: WARN upon traffic while flushing TX queues
Emmanuel Grumbach [Mon, 24 Mar 2014 09:25:48 +0000 (11:25 +0200)]
iwlwifi: pcie: WARN upon traffic while flushing TX queues

This must not happen - otherwise we might keep flushing
forever.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: allow to wait for a subset of the queues
Emmanuel Grumbach [Mon, 24 Mar 2014 09:23:51 +0000 (11:23 +0200)]
iwlwifi: allow to wait for a subset of the queues

This will be used later to flush / wait for queues that are
related to a specific vif.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: don't set AP STA to EINVAL
Emmanuel Grumbach [Mon, 24 Mar 2014 11:32:59 +0000 (13:32 +0200)]
iwlwifi: mvm: don't set AP STA to EINVAL

Now that mac80211 calls pre_rcu_remove and we set the
fw_id_to_mac_id pointer to -ENOENT before the station is
removed, we don't need to set fw_id_to_mac_id to -EINVAL
when the station is really removed.
Leave fw_id_to_mac_id to be -ENOENT which will let the
drain worker (iwl_mvm_sta_drained_wk) know that this station
is not to be drained.
We don't need to drain this station since it is our AP in
managed mode and we flush all its frames synchronously
anyway.

Setting the AP station to -EINVAL could lead to confusion
since internal stations are also reserved with -EINVAL,
this confusion showed up in the logs as:

Drained sta 0, but it is internal?

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: propagate the beamforming status from firmware
Emmanuel Grumbach [Tue, 4 Mar 2014 07:38:43 +0000 (09:38 +0200)]
iwlwifi: mvm: propagate the beamforming status from firmware

The firmware tells us if an Rx packet was beamformed or not.
Propagate this data to mac80211's rx_status.vht_flags.
The main user of this data is the radiotap header.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: remove redundant empty line
Emmanuel Grumbach [Wed, 26 Mar 2014 08:19:56 +0000 (10:19 +0200)]
iwlwifi: mvm: remove redundant empty line

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: move CPU1_CPU2_SEPARATOR_SECTION to iwl-fw.h
Eran Harary [Tue, 25 Mar 2014 06:45:24 +0000 (08:45 +0200)]
iwlwifi: move CPU1_CPU2_SEPARATOR_SECTION to iwl-fw.h

This define is related to the firmware packaging and is
needed by more than one transport.

Signed-off-by: Eran Harary <eran.harary@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: unify iwl_rx_replenish and iwl_rx_replenish_now
Emmanuel Grumbach [Tue, 25 Mar 2014 19:58:32 +0000 (21:58 +0200)]
iwlwifi: pcie: unify iwl_rx_replenish and iwl_rx_replenish_now

Besides the different allocation flags, they are really
the same. Pass the gfp_t flags as a parameter, and unify
them.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: clarify TX queue need_update handling
Johannes Berg [Thu, 27 Feb 2014 13:36:55 +0000 (14:36 +0100)]
iwlwifi: pcie: clarify TX queue need_update handling

Similar to the recent RX queue patch, this changes the need_update
handling for the TX queues to be clearer and only done when needed.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: fix TX queue locking
Johannes Berg [Thu, 27 Feb 2014 13:36:19 +0000 (14:36 +0100)]
iwlwifi: pcie: fix TX queue locking

When updating the write pointer, the TX queue should be locked
to get consistent state, fix that in the interrupt handler.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: use bool for TX queue where appropriate
Johannes Berg [Thu, 27 Feb 2014 13:24:36 +0000 (14:24 +0100)]
iwlwifi: pcie: use bool for TX queue where appropriate

Instead of using u8 to hold logic values, use bool.

Also fix a comment, the return value is no longer relevant.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: clarify RX queue need_update handling and locking
Johannes Berg [Thu, 27 Feb 2014 10:20:07 +0000 (11:20 +0100)]
iwlwifi: pcie: clarify RX queue need_update handling and locking

When shadow registers are enabled, then need_update never needs
to be set, so move the need_update handling into the function
that really needs to do it (iwl_pcie_rxq_inc_wr_ptr) and also
separate the check when it woke up. While at it, convert it to
bool.

This also clarifies the locking and means the irq_lock needs to
no longer be held for any such updates.

The irq_lock also doesn't have to be held for restocking since
everything else locks the RX queue properly, so remove that and
finally disentangle the two locks entirely so there aren't any
dependencies between the two left.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: implement GRO without NAPI
Johannes Berg [Fri, 21 Mar 2014 12:30:03 +0000 (13:30 +0100)]
iwlwifi: pcie: implement GRO without NAPI

Use the new NAPI infrastructure added to mac80211 to get
GRO. We don't really implement NAPI since we don't have
a real poll function and we never schedule a NAPI poll.
Instead of this, we collect all the packets we got from a
single interrupt and then call napi_gro_flush().

This allows us to benefit from GRO. In half duplex medium
like WiFi, its main advantage is that it reduces the number
of TCP Acks, hence improving the TCP Rx performance.

Since we call the Rx path with a spinlock held, remove
the might_sleep mention from the op_mode's API.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Ido Yariv <ido@wizery.com>
[Squash different patches and rewrite the commit message]
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: add debugfs file for fixed reduced tx power
Eliad Peller [Thu, 13 Mar 2014 15:15:04 +0000 (17:15 +0200)]
iwlwifi: mvm: add debugfs file for fixed reduced tx power

Allow fixing the tx power reduction through debugfs
file.

The change doesn't take affect immediately, but
will be considered the next time tpc is evaluated.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: add ATPC implementation
Eliad Peller [Thu, 13 Mar 2014 15:21:36 +0000 (17:21 +0200)]
iwlwifi: mvm: add ATPC implementation

Implement Adaptive Tx Power Control algorithm.

ATPC basically tries to decrease the tx power
as much as possible while the throughput is
not being hurt.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: add lq_cmd/tx_resp reduced_tpc field
Eliad Peller [Wed, 12 Mar 2014 13:05:06 +0000 (15:05 +0200)]
iwlwifi: mvm: add lq_cmd/tx_resp reduced_tpc field

The fw recently added an option to set tx power reduction
per station (in the lq_cmd command), and get the tx power
reduction used (in the tx_resp struct).

Use them and propogate this value up to mac80211's tx
response (in order to use it later in the rate-scaling
algorithm).

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: don't leave the new NICs awake for commands
Emmanuel Grumbach [Tue, 25 Mar 2014 08:00:31 +0000 (10:00 +0200)]
iwlwifi: pcie: don't leave the new NICs awake for commands

A hardware bug had been discovered on 7260 / 3160 and 7265
and the workaround for this bug is to force the NIC to stay
awake as long as we have host commands in flight. This
workaround has been introduced for all NICs in a previous
patch:

b9439491055a ("iwlwifi: pcie: keep the NIC awake when commands are in flight")

In newer NICs, this bug is solved, so we can let the NIC go
to sleep even when we send commands. The hardware will wake
up when we increment the scheduler write pointer.
Make the workaround conditional to only use it on affected
hardware.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: fix the number of channels in family 8000
Eran Harary [Thu, 6 Mar 2014 07:25:30 +0000 (09:25 +0200)]
iwlwifi: mvm: fix the number of channels in family 8000

Number of channels changed from 40 to 50

Signed-off-by: Eran Harary <eran.harary@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: Handle power management constraints for additional use-cases
Avri Altman [Wed, 19 Mar 2014 05:25:06 +0000 (07:25 +0200)]
iwlwifi: mvm: Handle power management constraints for additional use-cases

Today, the driver logic looks for the conditions to disable
power management albeit power management should be enabled
in a very few distinct cases.
This patch changes the driver logic to enable power
management once the required conditions met.
While at it, make some housekeeping and support a few
additional use cases:

a) Add support for a standalone p2p client:
   Power management should be enabled for a P2P client
   MAC only if the firmware supports it (TLV flag is set).
   Instead we used the DCM flag, therefore we didn't cover
   use cases that did not include the DCM flag.

b) Add support to Same-Channel-Mode (SCM):
   If both clients share the same channel (SCM), and there
   are no other active vifs in the system, power management
   should be enabled only if the firmware supports this
   (TLV flag is set).

c) Fix power management logic for GO/AP:
   Today, when we detect an active GO / AP MAC - we disable
   power management for all the vifs altogether.
   Actually, the correct behavior is to enable power
   management on a client if on a different channel
   (based on the firmware capabilities).

d) Housekeeping - Along with that, this patch includes some
   code-reorganizing: Today the logic of disabling power is
   scattered across several functions, specifically in the
   iterator. For the sake of both readability and
   scalability, we moved this logic to its applicable
   function, leaving the iterator gather information only.
   Furthermore, as power management is a MAC-related
   attribute, we moved the power management member to the
   iwl_mvm_vif structure.

Signed-off-by: Avri Altman <avri.altman@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agortl8187: fix use after free on failure path in rtl8187_probe()
Alexey Khoroshilov [Fri, 28 Mar 2014 20:26:15 +0000 (00:26 +0400)]
rtl8187: fix use after free on failure path in rtl8187_probe()

If allocation of io_dmabuf fails, rtl8187_probe() calls usb_put_dev(udev)
while usb_get_dev(udev) is not called yet. As a result refcnt is decremented
incorrectly and usb_dev can be used after memory deallocation.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: don't use weird trick to access "far" registers
Andrea Merello [Fri, 28 Mar 2014 17:14:28 +0000 (18:14 +0100)]
rtl8180: don't use weird trick to access "far" registers

In rtl8180/rtl8185/rtl8187se the register space is represented
using packed structure type. Register are thus accessed using a
pointer of this type.
All registers are packed toghether, and only small gaps are present.

However Rtl8187se has also some "sparse" registers, very far from
the "main register block".

It could be possible to access them by simply declare huge reserved
blocks inside the register struct (and this causes NO memory waste).
However, for various reasons, access to those "far" registers is
done with special dedicated macros, without declaring them in the
register struct.

This is done in an intricate manner, that makes code less readable
and caused static analisys tool to produce warnings.

This patch keeps the "macro" mechanism, but it changes its
implementation in a simplier and more straightforward way.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agorsi: rsi_91x: misleading debug printk
Dan Carpenter [Fri, 28 Mar 2014 08:27:33 +0000 (11:27 +0300)]
rsi: rsi_91x: misleading debug printk

There is a missing set of curly braces here so the debug output says
"Probe confirm received" unintentionally.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: fix spinlock bad magic bug
Amitkumar Karwar [Fri, 28 Mar 2014 04:05:26 +0000 (21:05 -0700)]
mwifiex: fix spinlock bad magic bug

[ 6630.450908] BUG: spinlock bad magic on CPU#1,
               ksdioirqd/mmc1/355
[ 6630.450914] Unable to handle kernel NULL pointer dereference
               at virtual address 0000004f
[ 6630.450919] pgd = ecbd8000
[ 6630.450926] [0000004f] *pgd=00000000
[ 6630.450936]  lock: 0xeea4ab08, .magic: 00000000,
               .owner: <none>/-1, .owner_cpu: 0
[ 6630.450939] Backtrace:
[ 6630.450956] [<c010d354>] (unwind_backtrace+0x0/0x118) from
               [<c060c238>] (dump_stack+0x28/0x30)
[ 6630.450960] Internal error: Oops: 5 [#1] SMP ARM
[ 6630.450964] Modules linked in: uvcvideo videobuf2_vmalloc
[ 6630.450980] [<c060c238>] (dump_stack+0x28/0x30) from
               [<c0315ab4>] (spin_dump+0x80/0x94)
[ 6630.450988] [<c0315ab4>] (spin_dump+0x80/0x94) from
               [<c0315af4>] (spin_bug+0x2c/0x30)
[ 6630.450996] [<c0315af4>] (spin_bug+0x2c/0x30) from
               [<c0315b80>] (do_raw_spin_lock+0x28/0x15c)
[ 6630.451004] [<c0315b80>] (do_raw_spin_lock+0x28/0x15c) from
               [<c0610c24>] (_raw_spin_lock_irqsave+0x20/0x28)
[ 6630.451016] [<c0610c24>] (_raw_spin_lock_irqsave+0x20/0x28)
               from [<bf07a7f4>] (mwifiex_exec_next_cmd
                                  +0x6c/0x45c [mwifiex])
[ 6630.451030] [<bf07a7f4>] (mwifiex_exec_next_cmd+0x6c/0x45c
               [mwifiex]) from [<bf07834c>]
               (mwifiex_main_process+0x2c8/0x464 [mwifiex])
[ 6630.451047] [<bf07834c>] (mwifiex_main_process+0x2c8/0x464
               [mwifiex]) from [<bf0a093c>]
               (mwifiex_sdio_interrupt+0xc8/0x1cc [mwifiex_sdio]
[ 6630.451064] [<bf0a093c>] (mwifiex_sdio_interrupt+0xc8/0x1cc
               [mwifiex_sdio]) from [<c04bbde0>]
               (sdio_irq_thread+0x178/0x31c)
[ 6630.451079] [<c04bbde0>] (sdio_irq_thread+0x178/0x31c) from
               [<c0145514>] (kthread+0xc8/0xd8)
[ 6630.451095] [<c0145514>] (kthread+0xc8/0xd8) from
               [<c0106118>] (ret_from_fork+0x14/0x20)

This bug has introduced/exposed due to recent patch in which we
cancel pending commands before suspend (using hs_enabling flag).
The NULL pointer is dereferenced when both
mwifiex_cancel_all_pending_cmd() and mwifiex_exec_next_cmd()
try to access cmd pending queue simultaneously.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8187: fix compile warning
Andrea Merello [Fri, 28 Mar 2014 17:12:08 +0000 (18:12 +0100)]
rtl8187: fix compile warning

ANAPARAM3 register, defined in the rtl818x common register
struct, is accessed as 16bit by rtl8187se and as 8bit by rtl8187b.
Since I have no documentation about this, I can only stick to
the reference code and to what is known to work.

This issue has been addressed by a patch from Larry Finger
that introduces an "union", in the register struct.
In my last patch-set I applied it on the register struct, but
I forget to update rtl8187 driver too.
This patch does it.

Suggested-by: Larry Finger <Larry.Finger@lwfinger.net> [ Original patch ]
Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: rtl8188ee: enable MSI interrupts mode
Adam Lee [Fri, 28 Mar 2014 03:36:19 +0000 (11:36 +0800)]
rtlwifi: rtl8188ee: enable MSI interrupts mode

Some HP notebooks using this rtl8188ee hardware module can't get
AP scan results with pin-based interrupts mode, enabling MSI interrupts
mode could fix it.

As RealTek's testing results, RTL8188EE works well with both MSI mode
and pin-based mode fallback.

Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: add MSI interrupts mode support
Adam Lee [Fri, 28 Mar 2014 03:36:18 +0000 (11:36 +0800)]
rtlwifi: add MSI interrupts mode support

Add MSI interrupts mode support, enable it when submodules' msi_support
flag is true, also could fallback to pin-based interrupts mode if MSI
interrupts mode fails.

RealTek's policy(on modules which work well with MSI interrupts mode) is:

> If the platform supports both MSI and pin-based, use MSI.
> If the platform supports MSI only, use MSI.
> If the platform supports pin-based only, use pin-based.

Also as RealTek's testing results, RTL8188EE and RTL8723BE work well
with both MSI mode and pin-based mode fallback.

Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: use timeout variant for wait_event_interruptible
Amitkumar Karwar [Thu, 20 Mar 2014 23:23:50 +0000 (16:23 -0700)]
mwifiex: use timeout variant for wait_event_interruptible

It has been observed that system hangs during suspend, if host
sleep activation fails due to a missing interrupt from firmware.
Use timeout variant, so that the thread will be woken up when
timer expires.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: cancel pending commands for signal
Amitkumar Karwar [Thu, 20 Mar 2014 23:23:49 +0000 (16:23 -0700)]
mwifiex: cancel pending commands for signal

When a thread is interrupted by signal, all
wait_event_interruptible calls after queueing commands return
an error. Numbers of commands in pending queue are increased
in this case. Sometimes all commands nodes in pool are filled.

We will cancel pending commands when signal is received.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: scan command preparation failure handling
Amitkumar Karwar [Fri, 21 Mar 2014 02:50:06 +0000 (19:50 -0700)]
mwifiex: scan command preparation failure handling

When scan request is received, scan commands are prepared and
queued into scan pending queue. There is a corner case when
command nodes are full. So we stop queueing further scan
commands and return an error. This patch makes sure that
currently queued commands in scan pending queue are also freed
in this case.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl818x: Update Kconfig for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:04:37 +0000 (21:04 +0100)]
rtl818x: Update Kconfig for rtl8187se

update description in Kconfig to state rtl8180 driver
now supports also rtl8187se cards

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: enable rtl8187se support
Andrea Merello [Wed, 26 Mar 2014 20:04:23 +0000 (21:04 +0100)]
rtl8180: enable rtl8187se support

Finally make rtl8187se works (hopefylly).
This patch adds PCI ID for rtl8187, updates copyright notes and
updates MODULE_DESCRIPTION.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: detect rtl8187se card
Andrea Merello [Wed, 26 Mar 2014 20:04:05 +0000 (21:04 +0100)]
rtl8180: detect rtl8187se card

Add case to detect the rtl8187se card and its RF frontend.
In this case set also accordingly mac80211 queue number.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add WMM parameters configuration for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:03:40 +0000 (21:03 +0100)]
rtl8180: add WMM parameters configuration for rtl8187se

Introduce a new function to configure AC parameters for TX queues
on rtl8187se cards, and hook it onto mac80211 in order to enable
WMM support.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: make sure RTL818X_MSR_ENEDCA is set for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:03:17 +0000 (21:03 +0100)]
rtl8180: make sure RTL818X_MSR_ENEDCA is set for rtl8187se

MSR register for rtl8187se must always have ENEDCA flag set.
Write it accordingly when updated on BSS change.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add ERP configuration for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:03:03 +0000 (21:03 +0100)]
rtl8180: add ERP configuration for rtl8187se

This patch adds ERP configuration support for rtl8187se to the
existing ERP configuration function.
It needs a different register offset and it must not apply
rtl8185 workaround.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add rtl8187se HW initialization
Andrea Merello [Wed, 26 Mar 2014 20:02:46 +0000 (21:02 +0100)]
rtl8180: add rtl8187se HW initialization

This patch adds few functions that initializes extra stuff that
is present only in rtl8187se HW, and it modify the existing
HW initialization function where necessary

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add RF code for rtl8225 zebra v4
Andrea Merello [Wed, 26 Mar 2014 20:02:28 +0000 (21:02 +0100)]
rtl8180: add RF code for rtl8225 zebra v4

This patch introduce new RF code for rtl8225 zebra v4 radio
frontend.

This code contains a lot of black magic and it can work probably
only with the radio embdedded in the rtl8187se single-chip.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: introduce functions for setting ANAPARAM 2 and 3 params
Andrea Merello [Wed, 26 Mar 2014 20:02:05 +0000 (21:02 +0100)]
rtl8180: introduce functions for setting ANAPARAM 2 and 3 params

rtl8180 has one register for analog converters setting ,rtl8185 has
two and rtl8187se has three.
Setting those registers require more than a simple write, and for
one of them a function is already provided.
This patch introduces functions for the other two.
rtl8187se will use them. rtl8185 doesen't yet, but should

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add rtl8187se params to eeprom reading
Andrea Merello [Wed, 26 Mar 2014 20:01:47 +0000 (21:01 +0100)]
rtl8180: add rtl8187se params to eeprom reading

rtl8187se nees extra parameters to be read from the eeprom.
This patch adds support for it

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: config carbus register for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:01:19 +0000 (21:01 +0100)]
rtl8180: config carbus register for rtl8187se

configuration of carbus-related registers is different for
rtl8187se.
Introduce a dedicated function that does it for all cards in the
proper way

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add TX queue mapping and support for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:00:57 +0000 (21:00 +0100)]
rtl8180: add TX queue mapping and support for rtl8187se

This patch adds tx queue mapping for rtl8187se and a long comment
block about their usages.
It adapts the TX function to use that map and it sets properly
the TX descriptor rtl8187se-only fields

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: don't write MAR registers for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:00:42 +0000 (21:00 +0100)]
rtl8180: don't write MAR registers for rtl8187se

MAR registers are not present in rtl8187se, and attempting to
write to them must be avoided

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: introduce functions to enable/disable ints and add support for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:00:24 +0000 (21:00 +0100)]
rtl8180: introduce functions to enable/disable ints and add support for rtl8187se

This patch introduces two dedicated functions for enabling and
disabling ints.
Support for rtl8187se is also added to them

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add ISR for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 20:00:06 +0000 (21:00 +0100)]
rtl8180: add ISR for rtl8187se

rtl8187se has more queues and different ISR flags.
This patch adds a separated ISR handler for rtl8187se

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: support for rtl8187se RX descriptors
Andrea Merello [Wed, 26 Mar 2014 19:59:52 +0000 (20:59 +0100)]
rtl8180: support for rtl8187se RX descriptors

Currently RX status descriptor and RX command descriptor are
represented using the same struct type.
This patch splits this by introducing different types for
rx status and command descriptor.
Doing this make it possible to handle rtl8187se RX descriptors
easier.
This patch do also this by adding specific cases where needed.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add basic rate configuration support for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 19:59:25 +0000 (20:59 +0100)]
rtl8180: add basic rate configuration support for rtl8187se

Basic rate configuration is a bit different for rtl8187se.
Adding this also fixes the gcc warning introduced in last patch
about unhandled case in switch.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add rtl8187se fields to TX descriptor
Andrea Merello [Wed, 26 Mar 2014 19:58:43 +0000 (20:58 +0100)]
rtl8180: add rtl8187se fields to TX descriptor

This patch modifies the TX descriptor struct so it can work also
for rtl8187se.
Some reserved field is now meaningful, and where needed union is
used.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: add rtl8187se chip type
Andrea Merello [Wed, 26 Mar 2014 19:58:14 +0000 (20:58 +0100)]
rtl8180: add rtl8187se chip type

Add back rtl8187se chip type to the enum for known chips.
This causes unhandled switch/case warning that will be fixed
in following patch

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl818x: add registers for rtl8187se
Andrea Merello [Wed, 26 Mar 2014 19:57:46 +0000 (20:57 +0100)]
rtl818x: add registers for rtl8187se

Adds registers for rtl8187se to the rtl818x common struct

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: cancel pending commands during host sleep
Amitkumar Karwar [Wed, 26 Mar 2014 02:01:20 +0000 (19:01 -0700)]
mwifiex: cancel pending commands during host sleep

Sometimes we may end up downloading other commands when host
sleep is configured. This patch makes sure that pending
commands are cancelled and we stop queueing further commands
during host sleep.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: correction in sleep confirm command sequence number
Amitkumar Karwar [Wed, 26 Mar 2014 02:01:19 +0000 (19:01 -0700)]
mwifiex: correction in sleep confirm command sequence number

Incremented sequence number was not being used for SLEEP confirm
command. This patch fixes the issue.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: corner case NULL pointer dereference fix
Amitkumar Karwar [Wed, 26 Mar 2014 02:01:18 +0000 (19:01 -0700)]
mwifiex: corner case NULL pointer dereference fix

When next scan command is delayed due to Tx traffic and
meanwhile synchronous command is received followed by a signal,
we cance all pending commands. NULL pointer dereference is seen
in this case while queueing next command in scan delay timer.
This patch adds a check to fix this issue.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: use mfp if required from user-space
Daniel Kim [Tue, 25 Mar 2014 20:45:09 +0000 (21:45 +0100)]
brcmfmac: use mfp if required from user-space

The struct cfg80211_connect_params indicate whether the connection
should use management frame protection (mfp). If required set the
MFP_CAPABLE flag in the firmware command. This is supported from
user-space by wpa_supplicant since v2.1.

Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: Remove casts of pointer to same type
Joe Perches [Mon, 24 Mar 2014 20:15:40 +0000 (13:15 -0700)]
rtlwifi: Remove casts of pointer to same type

Casting a pointer to a pointer of the same type is pointless,
so remove these unnecessary casts.

Around these changes:

o Remove unnecessary parentheses
o Use consistent dereference style (change ptr[0] to *ptr)
o Argument alignment

Done via coccinelle script: (and some typing)

$ cat typecast_2.cocci
@@
type T;
T *foo;
@@

- (T *)foo
+ foo

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwifiex: Remove casts of pointer to same type
Joe Perches [Mon, 24 Mar 2014 20:15:39 +0000 (13:15 -0700)]
mwifiex: Remove casts of pointer to same type

Casting a pointer to a pointer of the same type is pointless,
so remove these unnecessary casts.

Done via coccinelle script:

$ cat typecast_2.cocci
@@
type T;
T *foo;
@@

- (T *)foo
+ foo

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agocarl9170: Remove casts of pointer to same type
Joe Perches [Mon, 24 Mar 2014 20:15:38 +0000 (13:15 -0700)]
carl9170: Remove casts of pointer to same type

Casting a pointer to a pointer of the same type is pointless,
so remove these unnecessary casts.

Done via coccinelle script:

$ cat typecast_2.cocci
@@
type T;
T *foo;
@@

- (T *)foo
+ foo

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: Remove addressof casts to same type
Joe Perches [Mon, 24 Mar 2014 17:46:20 +0000 (10:46 -0700)]
rtlwifi: Remove addressof casts to same type

Using addressof then casting to the original type is pointless,
so remove these unnecessary casts.

Done via coccinelle script:

$ cat typecast.cocci
@@
type T;
T foo;
@@

- (T *)&foo
+ &foo

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: rationalize TX queues
Andrea Merello [Sat, 22 Mar 2014 17:51:20 +0000 (18:51 +0100)]
rtl8180: rationalize TX queues

On currently supported HW there are four TX queues (three for normal
packets and one for beacons).

The driver uses just one TX queue, and declare to mac80211 to
support just one queue, but it allocates coherent memory for all
queues.
Furthermore the TX is code is written assumimg four queues exists,
and even if we decide to enable more queues in future, its mapping
rule to mac80211 is fixed.

This means we have memory waste on rtl8180/rtl8185, and we have also
not enough flexibility to add support for boards (rtl8187se) that
will use more queues.

This patch changes things in order to allocate coherent memory only
for the queues effectively used and it make it possible to specify
how to map hardware queues on mac80211 queues, that will be used
by rtl8187se code as soon it will be merged.

Note: even if the beacon queue is currently unused, this should
change, so I kept it.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortl8180: fix DMA register are written two times
Andrea Merello [Sat, 22 Mar 2014 17:49:08 +0000 (18:49 +0100)]
rtl8180: fix DMA register are written two times

Hw DMA registers are written in rtl8180_init_hw function.
They are also written again just after calling rtl8180_init_hw.
There is no point in doing this twice.

Remove those redundant register writes from rtl8180_start.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: gpio: register 32 GPIOs on BCM5357
Rafał Miłecki [Thu, 20 Mar 2014 20:09:07 +0000 (21:09 +0100)]
bcma: gpio: register 32 GPIOs on BCM5357

Some Broadcom boards have more GPIOs available. For example Linksys
E3200 home router is based on SoC id 0x5357, package 0x0A and uses GPIO
23 to reset internal USB WiFi (gpio23=wombo_reset).

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoMerge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetoot...
John W. Linville [Thu, 27 Mar 2014 18:16:50 +0000 (14:16 -0400)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth-next

10 years agoBluetooth: Fix returning peer address in pending connect state
Johan Hedberg [Wed, 26 Mar 2014 13:49:18 +0000 (15:49 +0200)]
Bluetooth: Fix returning peer address in pending connect state

We should let user space request the peer address also in the pending
connect states, i.e. BT_CONNECT and BT_CONNECT2. There is existing user
space code that tries to do this and will fail without extending the set
of allowed states for the peer address information.

This patch adds the two states to the allowed ones in the L2CAP and
RFCOMM sock_getname functions, thereby preventing ENOTCONN from being
returned.

Reported-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Tested-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary assignment in SMP
Johan Hedberg [Mon, 24 Mar 2014 14:59:14 +0000 (16:59 +0200)]
Bluetooth: Remove unnecessary assignment in SMP

The smp variable in smp_conn_security is not used anywhere before the
smp = smp_chan_create() call in the smp_conn_security function so it
makes no sense to assign any other value to it before that.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix potential NULL pointer dereference in smp_conn_security
Johan Hedberg [Mon, 24 Mar 2014 15:36:25 +0000 (17:36 +0200)]
Bluetooth: Fix potential NULL pointer dereference in smp_conn_security

The smp pointer might not be initialized for jumps to the "done" label
in the smp_conn_security function. Furthermore doing the set_bit after
done might "overwrite" a previous value of the flag in case pairing was
already in progress. This patch moves the call to set_bit before the
label so that it is only done for a newly created smp context (as
returned by smp_chan_create).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove LTK re-encryption procedure
Johan Hedberg [Mon, 24 Mar 2014 12:39:08 +0000 (14:39 +0200)]
Bluetooth: Remove LTK re-encryption procedure

Due to several devices being unable to handle this procedure reliably
(resulting in forced disconnections before pairing completes) it's
better to remove it altogether.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Don't try to confirm locally initiated SMP pairing
Johan Hedberg [Mon, 24 Mar 2014 12:39:07 +0000 (14:39 +0200)]
Bluetooth: Don't try to confirm locally initiated SMP pairing

In the case that the just-works model would be triggered we only want to
confirm remotely initiated pairings (i.e. those triggered by a Security
Request or Pairing Request). This patch adds the necessary check to the
tk_request function to fall back to the JUST_WORKS method in the case of
a locally initiated pairing.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add SMP flag to track which side is the initiator
Johan Hedberg [Mon, 24 Mar 2014 13:54:11 +0000 (15:54 +0200)]
Bluetooth: Add SMP flag to track which side is the initiator

For remotely initiated just-works pairings we want to show the user a
confirmation dialog for the pairing. However, we can only know which
side was the initiator by tracking which side sends the first Security
Request or Pairing Request PDU. This patch adds a new SMP flag to
indicate whether our side was the initiator for the pairing.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix SMP confirmation callback handling
Johan Hedberg [Mon, 24 Mar 2014 12:39:05 +0000 (14:39 +0200)]
Bluetooth: Fix SMP confirmation callback handling

In the case that a local pairing confirmation (JUST_CFM) has been
selected as the method we need to use the user confirm request mgmt
event for it with the confirm_hint set to 1 (to indicate confirmation
without any specific passkey value). Without this (if passkey_notify was
used) the pairing would never proceed. This patch adds the necessary
call to mgmt_user_confirm_request in this scenario.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add missing cmd_status handler for LE_Start_Encryption
Johan Hedberg [Mon, 24 Mar 2014 12:39:04 +0000 (14:39 +0200)]
Bluetooth: Add missing cmd_status handler for LE_Start_Encryption

It is possible that the HCI_LE_Start_Encryption command fails in an
early stage and triggers a command status event with the failure code.
In such a case we need to properly notify the hci_conn object and
cleanly bring the connection down. This patch adds the missing command
status handler for this HCI command.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix potential NULL pointer dereference in SMP
Johan Hedberg [Mon, 24 Mar 2014 12:39:03 +0000 (14:39 +0200)]
Bluetooth: Fix potential NULL pointer dereference in SMP

If a sudden disconnection happens the l2cap_conn pointer may already
have been cleaned up by the time hci_conn_security gets called,
resulting in the following oops if we don't have a proper NULL check:

BUG: unable to handle kernel NULL pointer dereference at 000000c8
IP: [<c132e2ed>] smp_conn_security+0x26/0x151
*pde = 00000000
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
CPU: 1 PID: 673 Comm: memcheck-x86-li Not tainted 3.14.0-rc2+ #437
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: f0ef0520 ti: f0d6a000 task.ti: f0d6a000
EIP: 0060:[<c132e2ed>] EFLAGS: 00010246 CPU: 1
EIP is at smp_conn_security+0x26/0x151
EAX: f0ec1770 EBX: f0ec1770 ECX: 00000002 EDX: 00000002
ESI: 00000002 EDI: 00000000 EBP: f0d6bdc0 ESP: f0d6bda0
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 80050033 CR2: 000000c8 CR3: 30f0f000 CR4: 00000690
Stack:
 f4f55000 00000002 f0d6bdcc c1097a2b c1319f40 f0ec1770 00000002 f0d6bdd0
 f0d6bde8 c1312a82 f0d6bdfc c1312a82 c1319f84 00000008 f4d81c20 f0e5fd86
 f0ec1770 f0d6bdfc f0d6be28 c131be3b c131bdc1 f0d25270 c131be3b 00000008
Call Trace:
 [<c1097a2b>] ? __kmalloc+0x118/0x128
 [<c1319f40>] ? mgmt_pending_add+0x49/0x9b
 [<c1312a82>] hci_conn_security+0x4a/0x1dd
 [<c1312a82>] ? hci_conn_security+0x4a/0x1dd
 [<c1319f84>] ? mgmt_pending_add+0x8d/0x9b
 [<c131be3b>] pair_device+0x1e1/0x206
 [<c131bdc1>] ? pair_device+0x167/0x206
 [<c131be3b>] ? pair_device+0x1e1/0x206
 [<c131ed44>] mgmt_control+0x275/0x2d6

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: bluecard: Use del_timer_sync() in teardown path
Thomas Gleixner [Sun, 23 Mar 2014 15:09:31 +0000 (15:09 +0000)]
Bluetooth: bluecard: Use del_timer_sync() in teardown path

Make sure no timer callback is running before releasing the
datastructure which contains it.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Track current configured LE scan type parameter
Marcel Holtmann [Fri, 21 Mar 2014 19:18:10 +0000 (12:18 -0700)]
Bluetooth: Track current configured LE scan type parameter

The LE scan type paramter defines if active scanning or passive scanning
is in use. Track the currently set value so it can be used for decision
making from other pieces in the core.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: btmrvl: don't consume all vendor specific events
Amitkumar Karwar [Fri, 21 Mar 2014 03:05:44 +0000 (20:05 -0700)]
Bluetooth: btmrvl: don't consume all vendor specific events

If vendor specific HCI commands are received from application,
we should send corresponding events to stack.
These events should be consumed in driver, only if they are for
the internal HCI commands generated by driver.

This patch fixes the vendor command 0x3f stuck problem with
above mentioned change. For example,

hcitool cmd 3f 22 fe 06 22 21 20 43 50 00

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix address value for early disconnection events
Johan Hedberg [Thu, 20 Mar 2014 10:54:16 +0000 (12:54 +0200)]
Bluetooth: Fix address value for early disconnection events

We need to ensure that we do not send events to user space with the
identity address if we have not yet notified user space of the IRK. The
code was previously trying to handle this for the mgmt_pair_device
response (which worked well enough) but this is not the only connection
related event that might be sent to user space before pairing is
successful: another important event is Device Disconnected.

The issue can actually be solved more simply than the solution
previously used for mgmt_pair_device. Since we do have the identity
address tracked as part of the remote IRK struct we can just copy it
over from there to the hci_conn struct once we've for real sent the mgmt
event for the new IRK.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agobrcmfmac: fallback to mimo_bw_cap for older firmwares
Arend van Spriel [Thu, 20 Mar 2014 09:18:03 +0000 (10:18 +0100)]
brcmfmac: fallback to mimo_bw_cap for older firmwares

In order to support the driver behaviour introduced by:

   commit d0575a5a703978c43e25128421158c78534ba100
   Author: Daniel Kim <dekim@broadcom.com>
   Date:   Wed Mar 12 18:12:14 2014 -0700

       brcmfmac: Enable 40MHz bandwidth in 2GHz band and OBSS scanning

in devices that do not support bwcap firmware command a fallback
is added.

Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: only show error message when brcmf_sdiod_regrw_helper() fails
Arend van Spriel [Thu, 20 Mar 2014 09:18:02 +0000 (10:18 +0100)]
brcmfmac: only show error message when brcmf_sdiod_regrw_helper() fails

In the function brcmf_sdiod_request_data() an error message is logged,
but the calling function retries it. This patch will only log an error
message when retry limit is reached. The low-level error is still
logged by a SDIO debug message.

Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: reinit watchdog completion after handling watchdog
Arend van Spriel [Thu, 20 Mar 2014 09:18:01 +0000 (10:18 +0100)]
brcmfmac: reinit watchdog completion after handling watchdog

The watchdog thread waits on completion that is set from a timer. As
the completion is count based this could mean that on a busy system
the watchdog is handled multiple times with a very short interval.
This is not the intended behaviour. After handling the watchdog it
should wait for the next timer expiry. This is accomplished by
reinitializing the completion.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: Enable 40MHz bandwidth in 2GHz band and OBSS scanning operations
Daniel Kim [Thu, 20 Mar 2014 09:18:00 +0000 (10:18 +0100)]
brcmfmac: Enable 40MHz bandwidth in 2GHz band and OBSS scanning operations

This patch enables 40MHz bandwidth in 2GHz band after checking whether
cfg80211 allows it or not, and enables OBSS scanning operations to
to support 20/40 BSS coexistence.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Daniel Kim <dekim@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoMerge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetoot...
John W. Linville [Thu, 20 Mar 2014 15:54:22 +0000 (11:54 -0400)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth-next

10 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac802...
John W. Linville [Thu, 20 Mar 2014 15:53:20 +0000 (11:53 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211-next

10 years agoBluetooth: Fix passkey endianess in user_confirm and notify_passkey
Johan Hedberg [Thu, 20 Mar 2014 06:18:14 +0000 (08:18 +0200)]
Bluetooth: Fix passkey endianess in user_confirm and notify_passkey

The passkey_notify and user_confirm functions in mgmt.c were expecting
different endianess for the passkey, leading to a big endian bug and
sparse warning in recently added SMP code. This patch converts both
functions to expect host endianess and do the conversion to little
endian only when assigning to the mgmt event struct.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Enforce strict Secure Connections Only mode security
Marcel Holtmann [Wed, 19 Mar 2014 21:10:25 +0000 (14:10 -0700)]
Bluetooth: Enforce strict Secure Connections Only mode security

In Secure Connections Only mode, it is required that Secure Connections
is used for pairing and that the link key is encrypted with AES-CCM using
a P-256 authenticated combination key. If this is not the case, then new
connection shall be refused or existing connections shall be dropped.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Fix Pair Device response parameters for pairing failure
Johan Hedberg [Wed, 19 Mar 2014 15:00:49 +0000 (17:00 +0200)]
Bluetooth: Fix Pair Device response parameters for pairing failure

It is possible that pairing fails after we've already received remote
identity information. One example of such a situation is when
re-encryption using the LTK fails. In this case the hci_conn object has
already been updated with the identity address but user space does not
yet know about it (since we didn't notify it of the new IRK yet).

To ensure user space doesn't get a Pair Device command response with an
unknown address always use the same address in the response as was used
for the original command.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix SMP user passkey notification mgmt event
Johan Hedberg [Wed, 19 Mar 2014 12:14:53 +0000 (14:14 +0200)]
Bluetooth: Fix SMP user passkey notification mgmt event

When performing SMP pairing with MITM protection one side needs to
enter the passkey while the other side displays to the user what needs
to be entered. Nowhere in the SMP specification does it say that the
displaying side needs to any kind of confirmation of the passkey, even
though a code comment in smp.c implies this.

This patch removes the misleading comment and converts the code to use
the passkey notification mgmt event instead of the passkey confirmation
mgmt event.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Increase SMP re-encryption delay to 500ms
Johan Hedberg [Wed, 19 Mar 2014 12:14:52 +0000 (14:14 +0200)]
Bluetooth: Increase SMP re-encryption delay to 500ms

In some cases the current 250ms delay is not enough for the remote to
receive the keys, as can be witnessed by the following log:

> ACL Data RX: Handle 64 flags 0x02 dlen 21               [hci1] 231.414217
      SMP: Signing Information (0x0a) len 16
        Signature key: 555bb66b7ab3abc9d5c287c97fe6eb29
< ACL Data TX: Handle 64 flags 0x00 dlen 21               [hci1] 231.414414
      SMP: Encryption Information (0x06) len 16
        Long term key: 2a7cdc233c9a4b1f3ed31dd9843fea29
< ACL Data TX: Handle 64 flags 0x00 dlen 15               [hci1] 231.414466
      SMP: Master Identification (0x07) len 10
        EDIV: 0xeccc
        Rand: 0x322e0ef50bd9308a
< ACL Data TX: Handle 64 flags 0x00 dlen 21               [hci1] 231.414505
      SMP: Signing Information (0x0a) len 16
        Signature key: bbda1b2076e2325aa66fbcdd5388f745
> HCI Event: Number of Completed Packets (0x13) plen 5    [hci1] 231.483130
        Num handles: 1
        Handle: 64
        Count: 2
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28  [hci1] 231.664211
        Handle: 64
        Random number: 0x5052ad2b75fed54b
        Encrypted diversifier: 0xb7c2
        Long term key: a336ede66711b49a84bde9b41426692e
> HCI Event: Command Status (0x0f) plen 4                 [hci1] 231.666937
      LE Start Encryption (0x08|0x0019) ncmd 1
        Status: Success (0x00)
> HCI Event: Number of Completed Packets (0x13) plen 5    [hci1] 231.712646
        Num handles: 1
        Handle: 64
        Count: 1
> HCI Event: Disconnect Complete (0x05) plen 4            [hci1] 232.562587
        Status: Success (0x00)
        Handle: 64
        Reason: Remote User Terminated Connection (0x13)

As can be seen, the last key (Signing Information) is sent at 231.414505
but the completed packets event for it comes only at 231.712646,
i.e. roughly 298ms later.

To have a better margin of error this patch increases the delay to
500ms.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Simplify logic when checking SMP_FLAG_TK_VALID
Johan Hedberg [Wed, 19 Mar 2014 12:14:51 +0000 (14:14 +0200)]
Bluetooth: Simplify logic when checking SMP_FLAG_TK_VALID

This is a trivial coding style simplification by instead of having an
extra early return to instead revert the if condition and do the single
needed queue_work() call there.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>