GitHub/mt8127/android_kernel_alcatel_ttab.git
12 years agoath9k: Fix phyerr debug statistics
Sujith Manoharan [Thu, 16 Feb 2012 06:22:25 +0000 (11:52 +0530)]
ath9k: Fix phyerr debug statistics

Validate the phyerr value against the max. size of the
statistics array properly.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoath9k: Prettify recv debugfs file output
Sujith Manoharan [Thu, 16 Feb 2012 06:21:23 +0000 (11:51 +0530)]
ath9k: Prettify recv debugfs file output

Dumping the RSSI information in the middle of error
statistics is a bit misleading. Move them to the end.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoath9k: Add a debugfs file to display reset statistics
Sujith Manoharan [Thu, 16 Feb 2012 06:21:11 +0000 (11:51 +0530)]
ath9k: Add a debugfs file to display reset statistics

Location: <debugfs_path>/ieee80211/phy#/ath9k/reset

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoath9k: Merge wiphy and misc debugfs files
Sujith Manoharan [Thu, 16 Feb 2012 06:21:02 +0000 (11:51 +0530)]
ath9k: Merge wiphy and misc debugfs files

This patch merges the 'wiphy' and 'misc' debugfs files
and consolidates the information.

Information about the current channel and other HT parameters
can be obtained from both mac80211 and iw. Remove such
redundant data.

The reset statistics have been removed, they will be re-added in
a subsequent patch (in a new debugfs file).

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoath9k: Remove unnecessary variable initialization
Sujith Manoharan [Thu, 16 Feb 2012 06:20:55 +0000 (11:50 +0530)]
ath9k: Remove unnecessary variable initialization

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoath9k_hw: remove duplicate initvals
Felix Fietkau [Wed, 15 Feb 2012 20:53:16 +0000 (21:53 +0100)]
ath9k_hw: remove duplicate initvals

Comparing SHA1 checksums of the initval tables has shown that there are many
tables that are 100% identical.

iniBank{0,1,2,3,7} and iniBB_RfGain are shared by AR5416, AR913x, AR9160
iniBank6 is shared between AR5416 and AR9160
iniBank6TPC is shared between AR913x and AR9160

iniPcieSerdes is the same for all AR9002 based devices

The CCK FIR coefficients are shared between AR9271 and AR9287

Getting rid of those duplicates saves about 7.5k uncompressed (on MIPS).

For AR9003 and later there are some duplicates as well, but I've decided to
leave them in for now, as the initvals for those chips are still actively
maintained by QCA.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agort2x00: Add support for D-Link DWA-127 to rt2800usb.
Gertjan van Wingerde [Sat, 11 Feb 2012 20:58:09 +0000 (21:58 +0100)]
rt2x00: Add support for D-Link DWA-127 to rt2800usb.

This is an RT3070 based device.

Cc: <stable@vger.kernel.org>
Reported-by: Mikhail Kryshen <mikhail@kryshen.net>
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoMerge branch 'wireless-next' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi...
John W. Linville [Mon, 27 Feb 2012 18:30:45 +0000 (13:30 -0500)]
Merge branch 'wireless-next' of git://git./linux/kernel/git/iwlwifi/iwlwifi

12 years agoath9k: remove unnecessary PS wrappers
Mohammed Shafi Shajakhan [Tue, 14 Feb 2012 13:09:19 +0000 (18:39 +0530)]
ath9k: remove unnecessary PS wrappers

ath_set_channel is called from ath9k_config which already has proper
PS wrappers

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoath9k: remove obsolete comments
Mohammed Shafi Shajakhan [Tue, 14 Feb 2012 13:09:18 +0000 (18:39 +0530)]
ath9k: remove obsolete comments

the corresponding code/logic was removed in
"ath9k: rework power state handling"

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoath5k:Remove __raw_read and __raw_write
Jonathan Bither [Tue, 14 Feb 2012 02:47:45 +0000 (21:47 -0500)]
ath5k:Remove __raw_read and __raw_write

By swithing from our __raw_read and __raw_write functions to ioread32 and iowrite32,
benchmarks on my desk with iperf went from 11MBps to 18.1MBps using the AHB bus
on an EnGenius ECB3500 running OpenWRT.

Signed-off-by: Jonathan Bither <jonbither@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agocfg80211: restructure AP/GO mode API
Johannes Berg [Mon, 13 Feb 2012 14:17:18 +0000 (15:17 +0100)]
cfg80211: restructure AP/GO mode API

The AP/GO mode API isn't very clearly defined, it
has "set beacon" and "new beacon" etc.

Modify the API to the following:
 * start AP -- all settings
 * change beacon -- new beacon data
 * stop AP -- stop AP mode operation

This also reflects in the nl80211 API, rename
the commands there correspondingly (but keep
the old names for compatibility.)

Overall, this makes it much clearer what's going
on in the API.

Kalle developed the ath6kl changes, I created
the rest of the patch.

Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: remove il_is_rfkill_hw
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:31 +0000 (11:23 +0100)]
iwlegacy: remove il_is_rfkill_hw

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: s/il_txq_mem/il_free_txq_mem/g
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:30 +0000 (11:23 +0100)]
iwlegacy: s/il_txq_mem/il_free_txq_mem/g

Previous name was confusing.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: s/S_RF_KILL_HW/S_RFKILL/g
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:29 +0000 (11:23 +0100)]
iwlegacy: s/S_RF_KILL_HW/S_RFKILL/g

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: small queue initializations cleanup
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:28 +0000 (11:23 +0100)]
iwlegacy: small queue initializations cleanup

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: enable only rfkill interrupt when rfkill switch is on during IFF_UP
Stanislaw Gruszka [Tue, 14 Feb 2012 07:50:42 +0000 (08:50 +0100)]
iwlegacy: enable only rfkill interrupt when rfkill switch is on during IFF_UP

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: small il4965_set_hw_ready cleanup
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:26 +0000 (11:23 +0100)]
iwlegacy: small il4965_set_hw_ready cleanup

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: check correct il_poll_bit error value
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:25 +0000 (11:23 +0100)]
iwlegacy: check correct il_poll_bit error value

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: do not grab nic access if rfkill
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:24 +0000 (11:23 +0100)]
iwlegacy: do not grab nic access if rfkill

If rfkill is on il_grab_nic_access() fail and we can not write to the
various registers during stop procedure. Write to those registers
unconditionally instead.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwleagcy: fix ident code damage
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:23 +0000 (11:23 +0100)]
iwleagcy: fix ident code damage

Using ident is not always good.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwleagcy: remove old comments
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:22 +0000 (11:23 +0100)]
iwleagcy: remove old comments

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: improve mac operation debuggability a bit
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:21 +0000 (11:23 +0100)]
iwlegacy: improve mac operation debuggability a bit

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: get rid of tx/rx traffic log
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:20 +0000 (11:23 +0100)]
iwlegacy: get rid of tx/rx traffic log

The same data can be gathered using monitor mode.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: merge all ops structures into one
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:19 +0000 (11:23 +0100)]
iwlegacy: merge all ops structures into one

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: merge il_lib_ops into il_ops
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:18 +0000 (11:23 +0100)]
iwlegacy: merge il_lib_ops into il_ops

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: remove il_apm_ops
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:17 +0000 (11:23 +0100)]
iwlegacy: remove il_apm_ops

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: merge eeprom_ops into lib_ops
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:16 +0000 (11:23 +0100)]
iwlegacy: merge eeprom_ops into lib_ops

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: remove temp_ops
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:15 +0000 (11:23 +0100)]
iwlegacy: remove temp_ops

Remove unneeded structure and cleanup temperature calibration routines
a bit.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: move debugfs_ops to il_priv
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:14 +0000 (11:23 +0100)]
iwlegacy: move debugfs_ops to il_priv

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: gather all 4965 handlers in one place
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:13 +0000 (11:23 +0100)]
iwlegacy: gather all 4965 handlers in one place

Handers belongs logically into 4965-mac.c file.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: regulatory_bands is not an ops
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:12 +0000 (11:23 +0100)]
iwlegacy: regulatory_bands is not an ops

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: use writeb,writel,readl directly
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:11 +0000 (11:23 +0100)]
iwlegacy: use writeb,writel,readl directly

That change will save us some CPU cycles at run time. Having
port-based I/O seems to be not possible for PCIe devices.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: cleanup/fix memory barriers
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:10 +0000 (11:23 +0100)]
iwlegacy: cleanup/fix memory barriers

wmb(), rmb() are not needed when writel(), readl() are used as
accessors for MMIO. We use them indirectly via iowrite32(),
ioread32().

What is needed mmiowb(), for synchronizing writes coming from
different CPUs on PCIe bridge (see in patch comments). This
fortunately is not needed on x86, where mmiowb() is just
defined as compiler barrier. As iwlegacy devices are most likely
not used on anything other than x86, this is not so important
fix.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: always check if got h/w access before write
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:09 +0000 (11:23 +0100)]
iwlegacy: always check if got h/w access before write

Before we write to the device register always check if
_il_grap_nic_access() was successful.

Change type return type _il_grap_nic_access() to bool, and
add likely()/unlikely() statements.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: dump stack when fail to gain access to the device
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:08 +0000 (11:23 +0100)]
iwlegacy: dump stack when fail to gain access to the device

Print dump stack when the device is not responding. This should give
some more clue about the reason of failure. Also change the message we
print, since "MAC in deep sleep" is kinda confusing.

On the way add unlikely(), as fail to gain NIC access is hmm ...
unlikely.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi: rtl8192se firmware load can overflow target buffer
Tim Gardner [Fri, 10 Feb 2012 00:19:52 +0000 (18:19 -0600)]
rtlwifi: rtl8192se firmware load can overflow target buffer

Define RTL8190_MAX_RAW_FIRMWARE_CODE_SIZE which represents the
maximimum possible firmware file size. Use it in the definition
of the buffer which receives the firmware file data.

Set RTL8190_MAX_RAW_FIRMWARE_CODE_SIZE closer to the actual size of
the firmware file, e.g., 90000 (down from hard coded 164000). The current
size of rtlwifi/rtl8192sefw.bin is 88856.

Set max_fw_size to RTL8190_MAX_RAW_FIRMWARE_CODE_SIZE for the size limit
check. Fix the error case where max_fw_size is not cleared if the size
limit check fails.

Cc: Chaoming Li <chaoming_li@realsil.com.cn>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: make sdio firmware filename specific
Arend van Spriel [Thu, 9 Feb 2012 20:09:09 +0000 (21:09 +0100)]
brcm80211: fmac: make sdio firmware filename specific

The sdio driver part uses firmware name brcmfmac.bin. With addition
of usb this name is too generic. This patch renames the filename
to brcmfmac-sdio.bin.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: add USB support for bcm43235/6/8 chipsets
Arend van Spriel [Thu, 9 Feb 2012 20:09:08 +0000 (21:09 +0100)]
brcm80211: fmac: add USB support for bcm43235/6/8 chipsets

This patch extends the use of the brcmfmac driver with support for
chipsets with a USB host interface. The first chipsets supported are
the bcm43235, bcm43236, and bcm43238 for which firmware has been
submitted.

This driver change has been successfully built for x86, x86_64,
ppc64, arm_le, and mips_be.

It has been tested successfully on x86 and x86_64.

Cc: M. Lambert <lambertm@westman.wave.ca>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Kan Yan <kanyan@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: use spinlock calls saving irq flags in brcmf_enq_event()
Arend van Spriel [Thu, 9 Feb 2012 20:09:07 +0000 (21:09 +0100)]
brcm80211: fmac: use spinlock calls saving irq flags in brcmf_enq_event()

This function is executed within irq context. The call spin_unlock_irq
does enable interrupts which is not desired in the irq context. This patch
replaces them using the spin_loc_irqsave and spin_unlock_irqrestore
functions.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Kan Yan <kanyan@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: change allocation flag in brcmf_enq_event() function
Arend van Spriel [Thu, 9 Feb 2012 20:09:06 +0000 (21:09 +0100)]
brcm80211: fmac: change allocation flag in brcmf_enq_event() function

As the function is called from atomic context it should not do the
kzalloc call with GFP_KERNEL.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Kan Yan <kanyan@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: update bus state in common driver part
Arend van Spriel [Thu, 9 Feb 2012 20:09:05 +0000 (21:09 +0100)]
brcm80211: fmac: update bus state in common driver part

The bus state is updated in the sdio bus init function, but it is
better to do it when the brcmf_bus_start() function is completed
successfully. The brcmf_netdev_open() function will return -EAGAIN
until the state is updated instead of calling brcmf_bus_start() to
avoid reentering that function.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: only return success in brcmf_sdbrcm_bus_init() when true
Arend van Spriel [Thu, 9 Feb 2012 20:09:04 +0000 (21:09 +0100)]
brcm80211: fmac: only return success in brcmf_sdbrcm_bus_init() when true

The function brcmf_sdbrcm_bus_init() always returned success except for
firmware download failure. However, also when enabling SDIO function 2
is failing the function should return failure. This patch fixes that.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: move module entry points to dhd_linux.c
Arend van Spriel [Thu, 9 Feb 2012 20:09:03 +0000 (21:09 +0100)]
brcm80211: fmac: move module entry points to dhd_linux.c

The module_init/exit functions are moved to dhd_linux.c to prepare
for supporting multiple host interface types.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: use specific types in struct brcmf_bus
Arend van Spriel [Thu, 9 Feb 2012 20:09:02 +0000 (21:09 +0100)]
brcm80211: fmac: use specific types in struct brcmf_bus

The fields bus_priv and drvr are defined as void pointer. It is
preferred to have specific types for compiler type checking. To
prepare for other bus types the bus_priv field is defined as a
union containing the sdio bus private structure reference.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: make sure cancel_work_sync only called after INIT_WORK
Franky Lin [Thu, 9 Feb 2012 20:09:01 +0000 (21:09 +0100)]
brcm80211: fmac: make sure cancel_work_sync only called after INIT_WORK

INIT_WORK only gets called after brcmf_proto_attach returns
success. This dependency should be annotated in brcmf_detach to
avoid any error.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Franky Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: resolve smatch issues in brcmfmac code
Arend van Spriel [Thu, 9 Feb 2012 20:09:00 +0000 (21:09 +0100)]
brcm80211: fmac: resolve smatch issues in brcmfmac code

This patch resolves the following smatch issues:

wl_cfg80211.c +1377 brcmf_cfg80211_connect(65) warn: min_t truncates
here '(sme->ssid_len)' (4294967295 vs 9223372036854775807)
dhd_sdio.c +1275 brcmf_sdbrcm_rxglom(156) warn: min_t truncates here
'(pfirst->len)' (2147483647 vs 4294967295)
dhd_sdio.c +1457 brcmf_sdbrcm_rxglom(338) warn: min_t truncates here
'(pfirst->len)' (2147483647 vs 4294967295)
bcmsdh_sdmmc.c +300 brcmf_sdioh_request_buffer(10) warn: variable
dereferenced before check 'pkt' (see line 295)

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: remove smatch warnings from brcmsmac code
Arend van Spriel [Thu, 9 Feb 2012 20:08:59 +0000 (21:08 +0100)]
brcm80211: smac: remove smatch warnings from brcmsmac code

The patch fixes following smatch warnings:

main.c +2902 brcms_b_read_objmem(11) info: ignoring unreachable code.
mac80211_if.c +1146 brcms_suspend(8) error: we previously assumed 'wl'
could be null (see line 1145)
srom.c +641 _initvars_srom_pci(16) error: potential null dereference
'entry'.  (kzalloc returns null)

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: fix endless retry of A-MPDU transmissions
Arend van Spriel [Thu, 9 Feb 2012 20:08:58 +0000 (21:08 +0100)]
brcm80211: smac: fix endless retry of A-MPDU transmissions

The A-MPDU code checked against a retry limit, but it was using
the wrong variable to do so. This patch fixes this to assure
proper retry mechanism.

This problem had a side-effect causing the mac80211 flush callback
to remain waiting forever as well. That side effect has been fixed
by commit by Stanislaw Gruszka:

commit f96b08a7e6f69c0f0a576554df3df5b1b519c479
Date:   Tue Jan 17 12:38:50 2012 +0100

    brcmsmac: fix tx queue flush infinite loop

    Reference:
    https://bugzilla.kernel.org/show_bug.cgi?id=42576

Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: remove redundant assignments from txpwrctrl_pwr_setup_nphy
Arend van Spriel [Thu, 9 Feb 2012 20:08:57 +0000 (21:08 +0100)]
brcm80211: smac: remove redundant assignments from txpwrctrl_pwr_setup_nphy

The function wlc_phy_txpwrctrl_pwr_setup_nphy() does assign a local
variable target_pwr_qtrdbm in several code paths, but in the end all
code paths are coming to an assignment of that variable which does
override all previous. So those early and redundant assignments have
been removed.

Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: fix unintended fallthru in wlc_phy_radio_init_2057()
Arend van Spriel [Thu, 9 Feb 2012 20:08:56 +0000 (21:08 +0100)]
brcm80211: smac: fix unintended fallthru in wlc_phy_radio_init_2057()

The radio initialization for 2057 rev 5 was using the incorrect
register table for the initialization. This patch fixes that.

Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: update the maintainers listed for brcm80211 drivers
Arend van Spriel [Thu, 9 Feb 2012 20:08:55 +0000 (21:08 +0100)]
brcm80211: update the maintainers listed for brcm80211 drivers

Henry Ptasinski is not working on the brcm80211 driver so taking
his name/email out of the MAINTAINERS file.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoCorrecting typos in rtlwifi/base.c
Tristan Pourcelot [Thu, 9 Feb 2012 13:48:09 +0000 (14:48 +0100)]
Correcting typos in rtlwifi/base.c

This patch correct some typos in a comment.

Signed-off-by: Tristan Pourcelot <tristan.pourcelot@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi: rtl8192c-common: rtl8192se: rtl8192de: Simplify if statements
Larry Finger [Thu, 9 Feb 2012 02:56:52 +0000 (20:56 -0600)]
rtlwifi: rtl8192c-common: rtl8192se: rtl8192de: Simplify if statements

Devendra Naga <devendra.aaru@gmail.com> submitted a patch for rtl8192c_common
to change the tests in _rtl92c_store_pwrIndex_diffrate_offset(). This patch
improves on those changes and applies similar modifications to drivers rtl8192se
and rtl8192de.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agort2x00:Add debug message for new chipset
John Li [Wed, 8 Feb 2012 13:25:24 +0000 (21:25 +0800)]
rt2x00:Add debug message for new chipset

Signed-off-by: John Li <chen-yang.li@mediatek.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agort2x00:Fix typo
John Li [Wed, 8 Feb 2012 13:19:01 +0000 (21:19 +0800)]
rt2x00:Fix typo

Signed-off-by: John Li <chen-yang.li@mediatek.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi/rtl8192c: in _rtl92c_phy_calculate_bit_shift remove comparing bitmask against 1
Devendra.Naga [Tue, 31 Jan 2012 07:11:03 +0000 (02:11 -0500)]
rtlwifi/rtl8192c: in _rtl92c_phy_calculate_bit_shift remove comparing bitmask against 1

in _rtl92c_phy_calculate_bit_shift everytime the right shifted bitmask
is AND with 1 and compared against 1. i.e.
       if ((bitmask >> i) & 0x1 == 1)
               break;
which in the if condition is anyway becomes a 1 or 0.

Signed-off-by: Devendra.Naga <devendra.aaru@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoMerge branch 'for-linville' of git://git.kernel.org/pub/scm/linux/kernel/git/luca...
John W. Linville [Wed, 22 Feb 2012 19:44:50 +0000 (14:44 -0500)]
Merge branch 'for-linville' of git://git./linux/kernel/git/luca/wl12xx

12 years agoiwlwifi: enable receiving beacons when not associated
Meenakshi Venkataraman [Wed, 8 Feb 2012 20:04:41 +0000 (12:04 -0800)]
iwlwifi: enable receiving beacons when not associated

If the firmware implements beacon filtering,
beacons are filtered when not associated. This causes
association failures on channels marked passive.

Enabling this flag indicates to the firmware to allow
the beacons to pass through when not associated only.

Signed-off-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: remove un-necessary return
Wey-Yi Guy [Wed, 8 Feb 2012 23:57:39 +0000 (15:57 -0800)]
iwlwifi: remove un-necessary return

Already return 0, change to void

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: SRAM size moves from hw_params to cfg
Emmanuel Grumbach [Tue, 7 Feb 2012 10:56:26 +0000 (12:56 +0200)]
iwlwifi: SRAM size moves from hw_params to cfg

This will allow to set the hw_params after we fetch the uCode.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: save ucode capabilities in iwl_fw
Don Fry [Tue, 7 Feb 2012 01:06:07 +0000 (17:06 -0800)]
iwlwifi: save ucode capabilities in iwl_fw

The capabilities parsed from the ucode file are never saved.  Save
them in the iwl_fw structure.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: changes args to iwl_nic for firmware operations
Don Fry [Tue, 7 Feb 2012 22:21:32 +0000 (14:21 -0800)]
iwlwifi: changes args to iwl_nic for firmware operations

Remove the references to iwl_priv from the firmware request and
parsing routines.  They are generic to the nic.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: the transport knows its state
Emmanuel Grumbach [Mon, 6 Feb 2012 12:30:54 +0000 (14:30 +0200)]
iwlwifi: the transport knows its state

This allows to handle races such as Tx packets on their way to be
sent although the transport has been stopped already.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: move event and err pointers to iwl_nic
Don Fry [Tue, 7 Feb 2012 22:03:55 +0000 (14:03 -0800)]
iwlwifi: move event and err pointers to iwl_nic

Move the ucode offset pointers to the iwl_nic as they are nic related.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: document the transport layer
Emmanuel Grumbach [Mon, 6 Feb 2012 14:41:58 +0000 (16:41 +0200)]
iwlwifi: document the transport layer

Fix a few typos in the existing comments too.
Enforce the comments with might_sleep.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: send testmode hcmd reply with rx header
Amit Beka [Wed, 8 Feb 2012 08:01:35 +0000 (10:01 +0200)]
iwlwifi: send testmode hcmd reply with rx header

When a host command is sent through testmode, the whole
reply (including rx header) is returned to the user, and not
only the payload of the rx.
Before this commit the length was buggy - the reply contained 4 bytes
after the end of the payload.

Signed-off-by: Amit Beka <amit.beka@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: fixes to testmode indirect access
Amit Beka [Sun, 5 Feb 2012 22:40:47 +0000 (00:40 +0200)]
iwlwifi: fixes to testmode indirect access

Fixed casting of buffer addressing, and added size to
the read method, like in __iwl_read_prph.

Signed-off-by: Amit Beka <amit.beka@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: use enhance_sensitivity from iwl_fw
Emmanuel Grumbach [Tue, 7 Feb 2012 08:55:46 +0000 (10:55 +0200)]
iwlwifi: use enhance_sensitivity from iwl_fw

Remove another dependency between the nic layer and the iwl_priv
struct.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: iwl_set_hw_params returns always 0
Emmanuel Grumbach [Fri, 17 Feb 2012 18:52:03 +0000 (10:52 -0800)]
iwlwifi: iwl_set_hw_params returns always 0

Remove the return value.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: kill iwl_down and s/__iwl_down/iwl_down
Emmanuel Grumbach [Fri, 17 Feb 2012 18:34:53 +0000 (10:34 -0800)]
iwlwifi: kill iwl_down and s/__iwl_down/iwl_down

iwl_down was just a wrapper around __iwl_down which was called from
one place only. Replace it to direct call to iwl_down. Add lockdep
warning in iwl_down to ensure it was called with the mutex held.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: change args to ucode routines
Don Fry [Tue, 7 Feb 2012 00:37:46 +0000 (16:37 -0800)]
iwlwifi: change args to ucode routines

Change the prameters to the ucode (de)allocate routines to iwl_nic as
they are not transport operations.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: Move ucode pointers to iwl_fw
Don Fry [Tue, 7 Feb 2012 23:00:12 +0000 (15:00 -0800)]
iwlwifi: Move ucode pointers to iwl_fw

The ucode image is a ucode related thing not a transport one.  Move them.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: move firmware_loading_complete to iwl_nic
Don Fry [Tue, 7 Feb 2012 00:00:14 +0000 (16:00 -0800)]
iwlwifi: move firmware_loading_complete to iwl_nic

Move firmware_loading_complete from iwl_priv to iwl_nic and rename it
to more accurately reflect what it does.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: move firmware_name to iwl_nic
Don Fry [Mon, 6 Feb 2012 23:57:40 +0000 (15:57 -0800)]
iwlwifi: move firmware_name to iwl_nic

Delete firmware_name from iwl_priv and use iwl_nic instead.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: move fw_index from iwl_priv to iwl_nic
Don Fry [Mon, 6 Feb 2012 23:54:31 +0000 (15:54 -0800)]
iwlwifi: move fw_index from iwl_priv to iwl_nic

Delete fw_index from iwl_priv and use iwl_nic instead.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: move ucode_ver to iwl_nic
Don Fry [Mon, 6 Feb 2012 23:51:15 +0000 (15:51 -0800)]
iwlwifi: move ucode_ver to iwl_nic

Delete ucode_ver from iwl_priv and use iwl_nic instead.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: create iwl_nic structure
Don Fry [Tue, 7 Feb 2012 22:45:58 +0000 (14:45 -0800)]
iwlwifi: create iwl_nic structure

Create iwl_nic structure and link it together.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: give PCIe its own lock
Johannes Berg [Sun, 5 Feb 2012 21:55:11 +0000 (13:55 -0800)]
iwlwifi: give PCIe its own lock

Instead of using a global lock, the PCIe transport
can use an own lock for its IRQ. This will make it
possible to not disable IRQs for the shared lock.
The lock is currently used throughout the code but
this can be improved even further by splitting up
the locking for the queues.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Wey-Yi W Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: move workqueue to priv
Johannes Berg [Fri, 17 Feb 2012 18:07:44 +0000 (10:07 -0800)]
iwlwifi: move workqueue to priv

In order to separate the different parts of the
driver better, we are reducing the shared data.
This moves the workqueue to "priv", and removes
it from the transport. To do this, simply use
schedule_work() in the transport.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: trace debug messages
Johannes Berg [Wed, 1 Feb 2012 05:08:37 +0000 (21:08 -0800)]
iwlwifi: trace debug messages

Make iwlwifi record all debug messages into
tracing, even if debug_level is not enabled.
Due to the lack of APIs, the debug messages
are now recorded up to a max length of 100,
the only one above that is the RXON which is
not needed if you trace the commands as well
as it only dumps the command contents.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi W Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: added reply data to testmode HCMD send
Amit Beka [Tue, 31 Jan 2012 13:30:39 +0000 (15:30 +0200)]
iwlwifi: added reply data to testmode HCMD send

The testmode command for host command send now replies
with a nl80211 message and the response it recieved from
the device.

This does not change the API directly, but adds a reply
to the testmode call.

Signed-off-by: Amit Beka <amit.beka@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: testmode new indirect RW API
Amit Beka [Wed, 25 Jan 2012 11:30:27 +0000 (13:30 +0200)]
iwlwifi: testmode new indirect RW API

Replaced the old SRAM and periphery indirect access functions
with a unified indirect memory access functions. These include
new IWL_TM_CMDs for buffer read/write/dump which replace the
SRAM read/dump commands, but the API for IWL_TM_CMD_INDIRECT_REG
read/write will now not be supported (returns error).

This also handles writing to periphery registers in 1-3 bytes.

Requires the corresponding patch in the library for the API change.

Signed-off-by: Amit Beka <amit.beka@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoiwlwifi: log as error when error detected
Wey-Yi Guy [Fri, 3 Feb 2012 21:06:57 +0000 (13:06 -0800)]
iwlwifi: log as error when error detected

A lot of error conditions in testmode log as IWL_DEBUG_INFO which is not
logged by default. Change it

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville [Wed, 15 Feb 2012 21:24:37 +0000 (16:24 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless

Conflicts:
net/mac80211/debugfs_sta.c
net/mac80211/sta_info.h

12 years agoath9k: stop on rates with idx -1 in ath9k rate control's .tx_status
Pavel Roskin [Sat, 11 Feb 2012 15:01:53 +0000 (10:01 -0500)]
ath9k: stop on rates with idx -1 in ath9k rate control's .tx_status

Rate control algorithms are supposed to stop processing when they
encounter a rate with the index -1.  Checking for rate->count not being
zero is not enough.

Allowing a rate with negative index leads to memory corruption in
ath_debug_stat_rc().

One consequence of the bug is discussed at
https://bugzilla.redhat.com/show_bug.cgi?id=768639

Signed-off-by: Pavel Roskin <proski@gnu.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomwifiex: clear previous security setting during association
Amitkumar Karwar [Fri, 10 Feb 2012 02:32:22 +0000 (18:32 -0800)]
mwifiex: clear previous security setting during association

Driver maintains different flags for WEP, WPA, WPA2 security modes.
Appropriate flag is set using security information provided in
connect request. mwifiex_is_network_compatible() routine uses them
to check if driver's setting is compatible with AP. Association is
aborted if the routine fails.

For some corner cases, it is observed that association is failed
even for valid security information based on association history.
This patch fixes the problem by clearing previous security setting
during each association.

We should set WEP key provided in connect request as default tx key.
This missing change is also added here.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: do not call rate control .tx_status before .rate_init
Felix Fietkau [Wed, 8 Feb 2012 18:17:11 +0000 (19:17 +0100)]
mac80211: do not call rate control .tx_status before .rate_init

Most rate control implementations assume .get_rate and .tx_status are only
called once the per-station data has been fully initialized.
minstrel_ht crashes if this assumption is violated.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Tested-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: call rate control only after init
Johannes Berg [Fri, 20 Jan 2012 12:55:23 +0000 (13:55 +0100)]
mac80211: call rate control only after init

There are situations where we don't have the
necessary rate control information yet for
station entries, e.g. when associating. This
currently doesn't really happen due to the
dummy station handling; explicitly disabling
rate control when it's not initialised will
allow us to remove dummy stations.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoBluetooth: Fix possible use after free in delete path
Ulisses Furquim [Mon, 30 Jan 2012 20:26:29 +0000 (18:26 -0200)]
Bluetooth: Fix possible use after free in delete path

We need to use the _sync() version for cancelling the info and security
timer in the L2CAP connection delete path. Otherwise the delayed work
handler might run after the connection object is freed.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove usage of __cancel_delayed_work()
Ulisses Furquim [Mon, 30 Jan 2012 20:26:28 +0000 (18:26 -0200)]
Bluetooth: Remove usage of __cancel_delayed_work()

__cancel_delayed_work() is being used in some paths where we cannot
sleep waiting for the delayed work to finish. However, that function
might return while the timer is running and the work will be queued
again. Replace the calls with safer cancel_delayed_work() version
which spins until the timer handler finishes on other CPUs and
cancels the delayed work.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0
Manoj Iyer [Thu, 2 Feb 2012 15:32:36 +0000 (09:32 -0600)]
Bluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0

T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=03 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f3 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=74DE2B344A7B
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)

Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Dennis Chua <dennis.chua@canonical.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close
Johan Hedberg [Fri, 3 Feb 2012 19:29:40 +0000 (21:29 +0200)]
Bluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close

We should only perform a reset in hci_dev_do_close if the
HCI_QUIRK_NO_RESET flag is set (since in such a case a reset will not be
performed when initializing the device).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix RFCOMM session reference counting issue
Octavian Purdila [Fri, 27 Jan 2012 17:32:39 +0000 (19:32 +0200)]
Bluetooth: Fix RFCOMM session reference counting issue

There is an imbalance in the rfcomm_session_hold / rfcomm_session_put
operations which causes the following crash:

[  685.010159] BUG: unable to handle kernel paging request at 6b6b6b6b
[  685.010169] IP: [<c149d76d>] rfcomm_process_dlcs+0x1b/0x15e
[  685.010181] *pdpt = 000000002d665001 *pde = 0000000000000000
[  685.010191] Oops: 0000 [#1] PREEMPT SMP
[  685.010247]
[  685.010255] Pid: 947, comm: krfcommd Tainted: G         C  3.0.16-mid8-dirty #44
[  685.010266] EIP: 0060:[<c149d76d>] EFLAGS: 00010246 CPU: 1
[  685.010274] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[  685.010281] EAX: e79f551c EBX: 6b6b6b6b ECX: 00000007 EDX: e79f40b4
[  685.010288] ESI: e79f4060 EDI: ed4e1f70 EBP: ed4e1f68 ESP: ed4e1f50
[  685.010295]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  685.010303] Process krfcommd (pid: 947, ti=ed4e0000 task=ed43e5e0 task.ti=ed4e0000)
[  685.010308] Stack:
[  685.010312]  ed4e1f68 c149eb53 e5925150 e79f4060 ed500000 ed4e1f70 ed4e1f80 c149ec10
[  685.010331]  00000000 ed43e5e0 00000000 ed4e1f90 ed4e1f9c c149ec87 0000bf54 00000000
[  685.010348]  00000000 ee03bf54 c149ec37 ed4e1fe4 c104fe01 00000000 00000000 00000000
[  685.010367] Call Trace:
[  685.010376]  [<c149eb53>] ? rfcomm_process_rx+0x6e/0x74
[  685.010387]  [<c149ec10>] rfcomm_process_sessions+0xb7/0xde
[  685.010398]  [<c149ec87>] rfcomm_run+0x50/0x6d
[  685.010409]  [<c149ec37>] ? rfcomm_process_sessions+0xde/0xde
[  685.010419]  [<c104fe01>] kthread+0x63/0x68
[  685.010431]  [<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[  685.010442]  [<c14dae82>] kernel_thread_helper+0x6/0xd

This issue has been brought up earlier here:

https://lkml.org/lkml/2011/5/21/127

The issue appears to be the rfcomm_session_put in rfcomm_recv_ua. This
operation doesn't seem be to required as for the non-initiator case we
have the rfcomm_process_rx doing an explicit put and in the initiator
case the last dlc_unlink will drive the reference counter to 0.

There have been several attempts to fix these issue:

6c2718d Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket
683d949 Bluetooth: Never deallocate a session when some DLC points to it

but AFAICS they do not fix the issue just make it harder to reproduce.

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Gopala Krishna Murala <gopala.krishna.murala@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix potential deadlock
Andre Guedes [Fri, 27 Jan 2012 22:42:02 +0000 (19:42 -0300)]
Bluetooth: Fix potential deadlock

We don't need to use the _sync variant in hci_conn_hold and
hci_conn_put to cancel conn->disc_work delayed work. This way
we avoid potential deadlocks like this one reported by lockdep.

======================================================
[ INFO: possible circular locking dependency detected ]
3.2.0+ #1 Not tainted
-------------------------------------------------------
kworker/u:1/17 is trying to acquire lock:
 (&hdev->lock){+.+.+.}, at: [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]

but task is already holding lock:
 ((&(&conn->disc_work)->work)){+.+...}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 ((&(&conn->disc_work)->work)){+.+...}:
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff81034ed1>] wait_on_work+0x3d/0xaa
       [<ffffffff81035b54>] __cancel_work_timer+0xac/0xef
       [<ffffffff81035ba4>] cancel_delayed_work_sync+0xd/0xf
       [<ffffffffa00554b0>] smp_chan_create+0xde/0xe6 [bluetooth]
       [<ffffffffa0056160>] smp_conn_security+0xa3/0x12d [bluetooth]
       [<ffffffffa0053640>] l2cap_connect_cfm+0x237/0x2e8 [bluetooth]
       [<ffffffffa004239c>] hci_proto_connect_cfm+0x2d/0x6f [bluetooth]
       [<ffffffffa0046ea5>] hci_event_packet+0x29d1/0x2d60 [bluetooth]
       [<ffffffffa003dde3>] hci_rx_work+0xd0/0x2e1 [bluetooth]
       [<ffffffff810357af>] process_one_work+0x178/0x2bf
       [<ffffffff81036178>] worker_thread+0xce/0x152
       [<ffffffff81039a03>] kthread+0x95/0x9d
       [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10

-> #1 (slock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}:
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff812e553a>] _raw_spin_lock_bh+0x36/0x6a
       [<ffffffff81244d56>] lock_sock_nested+0x24/0x7f
       [<ffffffffa004d96f>] lock_sock+0xb/0xd [bluetooth]
       [<ffffffffa0052906>] l2cap_chan_connect+0xa9/0x26f [bluetooth]
       [<ffffffffa00545f8>] l2cap_sock_connect+0xb3/0xff [bluetooth]
       [<ffffffff81243b48>] sys_connect+0x69/0x8a
       [<ffffffff812e6579>] system_call_fastpath+0x16/0x1b

-> #0 (&hdev->lock){+.+.+.}:
       [<ffffffff81056d06>] __lock_acquire+0xa80/0xd74
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
       [<ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
       [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
       [<ffffffff810357af>] process_one_work+0x178/0x2bf
       [<ffffffff81036178>] worker_thread+0xce/0x152
       [<ffffffff81039a03>] kthread+0x95/0x9d
       [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10

other info that might help us debug this:

Chain exists of:
  &hdev->lock --> slock-AF_BLUETOOTH-BTPROTO_L2CAP --> (&(&conn->disc_work)->work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&(&conn->disc_work)->work));
                               lock(slock-AF_BLUETOOTH-BTPROTO_L2CAP);
                               lock((&(&conn->disc_work)->work));
  lock(&hdev->lock);

 *** DEADLOCK ***

2 locks held by kworker/u:1/17:
 #0:  (hdev->name){.+.+.+}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf
 #1:  ((&(&conn->disc_work)->work)){+.+...}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf

stack backtrace:
Pid: 17, comm: kworker/u:1 Not tainted 3.2.0+ #1
Call Trace:
 [<ffffffff812e06c6>] print_circular_bug+0x1f8/0x209
 [<ffffffff81056d06>] __lock_acquire+0xa80/0xd74
 [<ffffffff81021ef2>] ? arch_local_irq_restore+0x6/0xd
 [<ffffffff81022bc7>] ? vprintk+0x3f9/0x41e
 [<ffffffff81057444>] lock_acquire+0x8a/0xa7
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff81190fd6>] ? __dynamic_pr_debug+0x6d/0x6f
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff8105320f>] ? trace_hardirqs_off+0xd/0xf
 [<ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
 [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff810357af>] process_one_work+0x178/0x2bf
 [<ffffffff81035751>] ? process_one_work+0x11a/0x2bf
 [<ffffffff81055af3>] ? lock_acquired+0x1d0/0x1df
 [<ffffffffa00410f3>] ? hci_acl_disconn+0x65/0x65 [bluetooth]
 [<ffffffff81036178>] worker_thread+0xce/0x152
 [<ffffffff810407ed>] ? finish_task_switch+0x45/0xc5
 [<ffffffff810360aa>] ? manage_workers.isra.25+0x16a/0x16a
 [<ffffffff81039a03>] kthread+0x95/0x9d
 [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10
 [<ffffffff812e5db4>] ? retint_restore_args+0x13/0x13
 [<ffffffff8103996e>] ? __init_kthread_worker+0x55/0x55
 [<ffffffff812e7750>] ? gs_change+0x13/0x13

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: silence lockdep warning
Octavian Purdila [Sat, 21 Jan 2012 22:28:34 +0000 (00:28 +0200)]
Bluetooth: silence lockdep warning

Since bluetooth uses multiple protocols types, to avoid lockdep
warnings, we need to use different lockdep classes (one for each
protocol type).

This is already done in bt_sock_create but it misses a couple of cases
when new connections are created. This patch corrects that to fix the
following warning:

<4>[ 1864.732366] =======================================================
<4>[ 1864.733030] [ INFO: possible circular locking dependency detected ]
<4>[ 1864.733544] 3.0.16-mid3-00007-gc9a0f62 #3
<4>[ 1864.733883] -------------------------------------------------------
<4>[ 1864.734408] t.android.btclc/4204 is trying to acquire lock:
<4>[ 1864.734869]  (rfcomm_mutex){+.+.+.}, at: [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.735541]
<4>[ 1864.735549] but task is already holding lock:
<4>[ 1864.736045]  (sk_lock-AF_BLUETOOTH){+.+.+.}, at: [<c1498bf7>] lock_sock+0xa/0xc
<4>[ 1864.736732]
<4>[ 1864.736740] which lock already depends on the new lock.
<4>[ 1864.736750]
<4>[ 1864.737428]
<4>[ 1864.737437] the existing dependency chain (in reverse order) is:
<4>[ 1864.738016]
<4>[ 1864.738023] -> #1 (sk_lock-AF_BLUETOOTH){+.+.+.}:
<4>[ 1864.738549]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.738977]        [<c13d35c1>] lock_sock_nested+0x58/0x68
<4>[ 1864.739411]        [<c1493c33>] l2cap_sock_sendmsg+0x3e/0x76
<4>[ 1864.739858]        [<c13d06c3>] __sock_sendmsg+0x50/0x59
<4>[ 1864.740279]        [<c13d0ea2>] sock_sendmsg+0x94/0xa8
<4>[ 1864.740687]        [<c13d0ede>] kernel_sendmsg+0x28/0x37
<4>[ 1864.741106]        [<c14969ca>] rfcomm_send_frame+0x30/0x38
<4>[ 1864.741542]        [<c1496a2a>] rfcomm_send_ua+0x58/0x5a
<4>[ 1864.741959]        [<c1498447>] rfcomm_run+0x441/0xb52
<4>[ 1864.742365]        [<c104f095>] kthread+0x63/0x68
<4>[ 1864.742742]        [<c14d5182>] kernel_thread_helper+0x6/0xd
<4>[ 1864.743187]
<4>[ 1864.743193] -> #0 (rfcomm_mutex){+.+.+.}:
<4>[ 1864.743667]        [<c1061ada>] __lock_acquire+0x988/0xc00
<4>[ 1864.744100]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.744519]        [<c14d2c70>] __mutex_lock_common+0x3b/0x33f
<4>[ 1864.744975]        [<c14d303e>] mutex_lock_nested+0x2d/0x36
<4>[ 1864.745412]        [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.745842]        [<c14990d9>] __rfcomm_sock_close+0x5f/0x6b
<4>[ 1864.746288]        [<c1499114>] rfcomm_sock_shutdown+0x2f/0x62
<4>[ 1864.746737]        [<c13d275d>] sys_socketcall+0x1db/0x422
<4>[ 1864.747165]        [<c14d42f0>] syscall_call+0x7/0xb

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix using an absolute timeout on hci_conn_put()
Vinicius Costa Gomes [Wed, 4 Jan 2012 14:57:17 +0000 (11:57 -0300)]
Bluetooth: Fix using an absolute timeout on hci_conn_put()

queue_delayed_work() expects a relative time for when that work
should be scheduled.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: l2cap_set_timer needs jiffies as timeout value
Andrzej Kaczmarek [Wed, 4 Jan 2012 11:10:42 +0000 (12:10 +0100)]
Bluetooth: l2cap_set_timer needs jiffies as timeout value

After moving L2CAP timers to workqueues l2cap_set_timer expects timeout
value to be specified in jiffies but constants defined in miliseconds
are used. This makes timeouts unreliable when CONFIG_HZ is not set to
1000.

__set_chan_timer macro still uses jiffies as input to avoid multiple
conversions from/to jiffies for sk_sndtimeo value which is already
specified in jiffies.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Ackec-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix sk_sndtimeo initialization for L2CAP socket
Andrzej Kaczmarek [Wed, 4 Jan 2012 11:10:41 +0000 (12:10 +0100)]
Bluetooth: Fix sk_sndtimeo initialization for L2CAP socket

sk_sndtime value should be specified in jiffies thus initial value
needs to be converted from miliseconds. Otherwise this timeout is
unreliable when CONFIG_HZ is not set to 1000.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove bogus inline declaration from l2cap_chan_connect
Johan Hedberg [Sun, 8 Jan 2012 20:51:16 +0000 (22:51 +0200)]
Bluetooth: Remove bogus inline declaration from l2cap_chan_connect

As reported by Dan Carpenter this function causes a Sparse warning and
shouldn't be declared inline:

include/net/bluetooth/l2cap.h:837:30 error: marked inline, but without a
definition"

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>