GitHub/LineageOS/G12/android_kernel_amlogic_linux-4.9.git
10 years agowl1251: fix channel switching in monitor mode
David Gnedt [Tue, 7 Jan 2014 12:09:42 +0000 (13:09 +0100)]
wl1251: fix channel switching in monitor mode

Use the ENABLE_RX command for channel switching when no interface is present
(monitor mode only).
The advantage of ENABLE_RX is that it leaves the tx data path disabled in
firmware, whereas the usual JOIN command seems to transmit some frames at
firmware level.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowl1251: disable power saving in monitor mode
David Gnedt [Tue, 7 Jan 2014 12:09:06 +0000 (13:09 +0100)]
wl1251: disable power saving in monitor mode

Force power saving off while monitor interface is present.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowl1251: implement multicast address filtering (fwd)
David Gnedt [Tue, 7 Jan 2014 12:08:30 +0000 (13:08 +0100)]
wl1251: implement multicast address filtering (fwd)

Port multicast address filtering from wl1271 driver.
It sets up the hardware multicast address filter in configure_filter() with
addresses supplied through prepare_multicast().

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowl1251: configure hardware en-/decryption for monitor mode
David Gnedt [Tue, 7 Jan 2014 12:07:52 +0000 (13:07 +0100)]
wl1251: configure hardware en-/decryption for monitor mode

Disable hardware encryption (DF_ENCRYPTION_DISABLE) and decryption
(DF_SNIFF_MODE_ENABLE) via wl1251_acx_feature_cfg while monitor interface is
present.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowl1251: split RX and TX data path initialisation
David Gnedt [Tue, 7 Jan 2014 12:06:58 +0000 (13:06 +0100)]
wl1251: split RX and TX data path initialisation

Split up data path initialisation into RX and TX data path initialisation
functions. This change is required for channel switching in monitor mode.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowl1251: implement hardware ARP filtering
David Gnedt [Tue, 7 Jan 2014 12:06:24 +0000 (13:06 +0100)]
wl1251: implement hardware ARP filtering

Update hardware ARP filter configuration on BSS_CHANGED_ARP_FILTER
notification from mac80211.
Ported from wl1271 driver.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowl1251: retry power save entry
David Gnedt [Tue, 7 Jan 2014 12:05:45 +0000 (13:05 +0100)]
wl1251: retry power save entry

Port of the power save entry retry code from wl1251 driver version included
in the Maemo Fremantle kernel.
This tries to enable power save mode up to 3 times before failing.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowl1251: fix scan behaviour while not associated
David Gnedt [Tue, 7 Jan 2014 12:04:53 +0000 (13:04 +0100)]
wl1251: fix scan behaviour while not associated

With a dissasociated card I often encoutered very long scan delays.

My guess is that it has something to do with the cards DTIM handling and
another firmware bug mentioned in the TI WLAN driver, which is described as
the card may never end scanning if the channel is overloaded because it
can't send probe requests. I think the firmware somehow also tries to
receive DTIM messages when the BSSID is not set. Therefore most of the time
it waits for DTIM messages and can't do scanning work.

Anyway we can workaround this misbehaviour by setting the HIGH_PRIORITY
bit for scans in disassociated state.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoMerge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetoot...
John W. Linville [Wed, 8 Jan 2014 18:44:29 +0000 (13:44 -0500)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth-next

10 years agoBluetooth: Fix 6loWPAN peer lookup
Claudio Takahasi [Tue, 7 Jan 2014 12:07:48 +0000 (09:07 -0300)]
Bluetooth: Fix 6loWPAN peer lookup

This patch fixes peer address lookup for 6loWPAN over Bluetooth Low
Energy links.

ADDR_LE_DEV_PUBLIC, and ADDR_LE_DEV_RANDOM are the values allowed for
"dst_type" field in the hci_conn struct for LE links.

Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
10 years agoBluetooth: Fix setting Universal/Local bit
Claudio Takahasi [Tue, 7 Jan 2014 12:07:47 +0000 (09:07 -0300)]
Bluetooth: Fix setting Universal/Local bit

This patch fixes the Bluetooth Low Energy Address type checking when
setting Universal/Local bit for the 6loWPAN network device or for the
peer device connection.

ADDR_LE_DEV_PUBLIC or ADDR_LE_DEV_RANDOM are the values allowed for
"src_type" and "dst_type" in the hci_conn struct. The Bluetooth link
type can be obtainned reading the "type" field in the same struct.

Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
10 years agoBluetooth: Remove rfcomm_carrier_raised()
Gianluca Anzolin [Mon, 6 Jan 2014 20:23:53 +0000 (21:23 +0100)]
Bluetooth: Remove rfcomm_carrier_raised()

Remove the rfcomm_carrier_raised() definition as that function isn't
used anymore.

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Always wait for a connection on RFCOMM open()
Gianluca Anzolin [Mon, 6 Jan 2014 20:23:52 +0000 (21:23 +0100)]
Bluetooth: Always wait for a connection on RFCOMM open()

This patch fixes two regressions introduced with the recent rfcomm tty
rework.

The current code uses the carrier_raised() method to wait for the
bluetooth connection when a process opens the tty.

However processes may open the port with the O_NONBLOCK flag or set the
CLOCAL termios flag: in these cases the open() syscall returns
immediately without waiting for the bluetooth connection to
complete.

This behaviour confuses userspace which expects an established bluetooth
connection.

The patch restores the old behaviour by waiting for the connection in
rfcomm_dev_activate() and removes carrier_raised() from the tty_port ops.

As a side effect the new code also fixes the case in which the rfcomm
tty device is created with the flag RFCOMM_REUSE_DLC: the old code
didn't call device_move() and ModemManager skipped the detection
probe. Now device_move() is always called inside rfcomm_dev_activate().

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Reported-by: Andrey Vihrov <andrey.vihrov@gmail.com>
Reported-by: Beson Chow <blc+bluez@mail.vanade.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Move rfcomm_get_device() before rfcomm_dev_activate()
Gianluca Anzolin [Mon, 6 Jan 2014 20:23:51 +0000 (21:23 +0100)]
Bluetooth: Move rfcomm_get_device() before rfcomm_dev_activate()

This is a preparatory patch which moves the rfcomm_get_device()
definition before rfcomm_dev_activate() where it will be used.

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Release RFCOMM port when the last user closes the TTY
Gianluca Anzolin [Mon, 6 Jan 2014 20:23:50 +0000 (21:23 +0100)]
Bluetooth: Release RFCOMM port when the last user closes the TTY

This patch fixes a userspace regression introduced by the commit
29cd718b.

If the rfcomm device was created with the flag RFCOMM_RELEASE_ONHUP the
user space expects that the tty_port is released as soon as the last
process closes the tty.

The current code attempts to release the port in the function
rfcomm_dev_state_change(). However it won't get a reference to the
relevant tty to send a HUP: at that point the tty is already destroyed
and therefore NULL.

This patch fixes the regression by taking over the tty refcount in the
tty install method(). This way the tty_port is automatically released as
soon as the tty is destroyed.

As a consequence the check for RFCOMM_RELEASE_ONHUP flag in the hangup()
method is now redundant. Instead we have to be careful with the reference
counting in the rfcomm_release_dev() function.

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Reported-by: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agommc: add SDIO identifiers for Broadcom WLAN devices
Arend van Spriel [Mon, 6 Jan 2014 11:40:50 +0000 (12:40 +0100)]
mmc: add SDIO identifiers for Broadcom WLAN devices

The SDIO identifier for Broadcom WLAN devices were defined in the
brcmfmac SDIO driver. Moving the definitions in MMC header file
seems common sense.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: use custom destructor callback for all netdevice interfaces
Arend van Spriel [Mon, 6 Jan 2014 11:40:49 +0000 (12:40 +0100)]
brcmfmac: use custom destructor callback for all netdevice interfaces

The destructor for net devices was set to free_netdev() to get rid
of it and the private data. The private data refers to a brcmf_if
instance, but indirectly it also refers to brcmf_cfg80211_vif which
holds the wdev. This is freed as well by using a new custom destructor
called brcmf_cfg80211_free_netdev().

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: call brcmf_cfg80211_detach() after removal of interfaces
Arend van Spriel [Mon, 6 Jan 2014 11:40:48 +0000 (12:40 +0100)]
brcmfmac: call brcmf_cfg80211_detach() after removal of interfaces

Instead of calling brcmf_cfg80211_detach() in brcmf_del_if() when
deleting the primary interface, call it in brcmf_detach() after
deleting all interfaces.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: move wiphy_unregister() call to brcmf_cfg80211_detach()
Arend van Spriel [Mon, 6 Jan 2014 11:40:47 +0000 (12:40 +0100)]
brcmfmac: move wiphy_unregister() call to brcmf_cfg80211_detach()

The wiphy_unregister() call was done in brcmf_free_vif() when the
last interface was being removed. This is not the obvious place to
do that. This patch moves it to the brcmf_cfg80211_detach(). This
removes the need to keep count of interfaces.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: inform cfg80211 when changing the CONNECTED state
Arend van Spriel [Mon, 6 Jan 2014 11:40:46 +0000 (12:40 +0100)]
brcmfmac: inform cfg80211 when changing the CONNECTED state

Upon unload of the brcmfmac driver it gave a kernel warning because
cfg80211 still believed to be connected to an AP. The brcmfmac had
already transitioned to disconnected state during unload. This patch
adds informing cfg80211 about this transition. This will get rid of
warning from cfg80211 seen upon module unload:

 ------------[ cut here ]------------
 WARNING: CPU: 3 PID: 24303 at net/wireless/core.c:952
cfg80211_netdev_notifier_call+0x193/0x640 [cfg80211]()
 Modules linked in: brcmfmac(O-) brcmutil(O) cfg80211(O) ... [last unloaded: bcma]
 CPU: 3 PID: 24303 Comm: rmmod Tainted: G        W  O 3.13.0-rc4-wl-testing-x64-00002-gb472b6d-dirty #1
 Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
  00000000000003b8 ffff8800b211faf8 ffffffff815a7fcd 0000000000000007
  0000000000000000 ffff8800b211fb38 ffffffff8104819c ffff880000000000
  ffff8800c889d008 ffff8800b2000220 ffff8800c889a000 ffff8800c889d018
 Call Trace:
  [<ffffffff815a7fcd>] dump_stack+0x46/0x58
  [<ffffffff8104819c>] warn_slowpath_common+0x8c/0xc0
  [<ffffffff810481ea>] warn_slowpath_null+0x1a/0x20
  [<ffffffffa173fd83>] cfg80211_netdev_notifier_call+0x193/0x640 [cfg80211]
  [<ffffffff81521ca8>] ? arp_ifdown+0x18/0x20
  [<ffffffff8152d75a>] ? fib_disable_ip+0x3a/0x50
  [<ffffffff815b143d>] notifier_call_chain+0x4d/0x70
  [<ffffffff8106d6e6>] raw_notifier_call_chain+0x16/0x20
  [<ffffffff814b9ae0>] call_netdevice_notifiers_info+0x40/0x70
  [<ffffffff814b9b26>] call_netdevice_notifiers+0x16/0x20
  [<ffffffff814bb59d>] rollback_registered_many+0x17d/0x280
  [<ffffffff814bb74d>] rollback_registered+0x2d/0x40
  [<ffffffff814bb7c8>] unregister_netdevice_queue+0x68/0xd0
  [<ffffffff814bb9c0>] unregister_netdev+0x20/0x30
  [<ffffffffa180069e>] brcmf_del_if+0xce/0x180 [brcmfmac]
  [<ffffffffa1800b3c>] brcmf_detach+0x6c/0xe0 [brcmfmac]

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: only disable clock when brcmf_sdio_bus_init() fails
Arend van Spriel [Mon, 6 Jan 2014 11:40:45 +0000 (12:40 +0100)]
brcmfmac: only disable clock when brcmf_sdio_bus_init() fails

The condition to disable the clock at the end of brcmf_sdio_bus_init()
was wrong as the bus state is updated by the calling function. Hence,
the clock was always disabled after brcmf_sdio_bus_init() which was
not the intended behaviour.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: enable watchdog when bus initialization is complete
Arend van Spriel [Mon, 6 Jan 2014 11:40:44 +0000 (12:40 +0100)]
brcmfmac: enable watchdog when bus initialization is complete

Change condition in brcmf_sdio_wd_timer() function to program
watchdog only when in BRCMF_BUS_DATA state. This avoids watchdog
being active during initialization. During initialization the
SDIO save&restore capability is determined which affect the
bus sleep mechanism used in watchdog thread.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: correct detection of save&restore device capability
Arend van Spriel [Mon, 6 Jan 2014 11:40:43 +0000 (12:40 +0100)]
brcmfmac: correct detection of save&restore device capability

The detection of the save&restore capability in brcmf_sdio_sr_capable()
is only valid for certain chipsets. This patch should cover it for all
chipsets currently supported.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: add sdio drive strength programming for bcm4334 chipset
Arend van Spriel [Mon, 6 Jan 2014 11:40:42 +0000 (12:40 +0100)]
brcmfmac: add sdio drive strength programming for bcm4334 chipset

The table for BCM4334 SDIO drive strength programming was missing
from the driver. Adding it with this patch set.

Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: correct reporting HT40 support in wiphy htcap
Arend van Spriel [Mon, 6 Jan 2014 11:40:41 +0000 (12:40 +0100)]
brcmfmac: correct reporting HT40 support in wiphy htcap

Using 'iw phy' only showed HT20 support in the HT capabilities info.
This patch determines support for HT40 using a firmware query that
is supposed to work for all supported devices.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: cleanup helper functions in sdio probe path
Arend van Spriel [Mon, 6 Jan 2014 11:40:40 +0000 (12:40 +0100)]
brcmfmac: cleanup helper functions in sdio probe path

Moving code from helper functions to the calling function
as it makes code easier to read.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: cleanup helper functions in sdio remove path
Arend van Spriel [Mon, 6 Jan 2014 11:40:39 +0000 (12:40 +0100)]
brcmfmac: cleanup helper functions in sdio remove path

Two helper functions in the sdio remove path were very thin and
only used once. So its code is moved to the calling function.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: Limit control message length from host to device.
Hante Meuleman [Mon, 6 Jan 2014 11:40:38 +0000 (12:40 +0100)]
brcmfmac: Limit control message length from host to device.

An control request or set message length is restricted to
ETH frame length for the buffer from host to device. This
is limitation is imposed by the firmware.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: Remove some obsolete definitions and variables.
Hante Meuleman [Mon, 6 Jan 2014 11:40:37 +0000 (12:40 +0100)]
brcmfmac: Remove some obsolete definitions and variables.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobrcmfmac: rework SDIO register access functions
Arend van Spriel [Mon, 6 Jan 2014 11:40:36 +0000 (12:40 +0100)]
brcmfmac: rework SDIO register access functions

The logic in the SDIO register access functions was hard to
read and contained a lot of conditional code path. This rework
attempts to clean it up.

Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville [Mon, 6 Jan 2014 19:08:41 +0000 (14:08 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless

10 years agoBluetooth: Default to no security with L2CAP RAW sockets
Johan Hedberg [Mon, 6 Jan 2014 16:27:02 +0000 (18:27 +0200)]
Bluetooth: Default to no security with L2CAP RAW sockets

L2CAP RAW sockets can be used for things which do not involve
establishing actual connection oriented L2CAP channels. One example of
such usage is the l2ping tool. The default security level for L2CAP
sockets is LOW, which implies that for SSP based connection
authentication is still requested (although with no MITM requirement),
which is not what we want (or need) for things like l2ping. Therefore,
default to one lower level, i.e. BT_SECURITY_SDP, for L2CAP RAW sockets
in order not to trigger unwanted authentication requests.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix NULL pointer dereference when disconnecting
Johan Hedberg [Mon, 6 Jan 2014 16:27:01 +0000 (18:27 +0200)]
Bluetooth: Fix NULL pointer dereference when disconnecting

When disconnecting it is possible that the l2cap_conn pointer is already
NULL when bt_6lowpan_del_conn() is entered. Looking at l2cap_conn_del
also verifies this as there's a NULL check there too. This patch adds
the missing NULL check without which the following bug may occur:

BUG: unable to handle kernel NULL pointer dereference at   (null)
IP: [<c131e9c7>] bt_6lowpan_del_conn+0x19/0x12a
*pde = 00000000
Oops: 0000 [#1] SMP
CPU: 1 PID: 52 Comm: kworker/u5:1 Not tainted 3.12.0+ #196
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: hci0 hci_rx_work
task: f6259b00 ti: f48c0000 task.ti: f48c0000
EIP: 0060:[<c131e9c7>] EFLAGS: 00010282 CPU: 1
EIP is at bt_6lowpan_del_conn+0x19/0x12a
EAX: 00000000 EBX: ef094e10 ECX: 00000000 EDX: 00000016
ESI: 00000000 EDI: f48c1e60 EBP: f48c1e50 ESP: f48c1e34
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 8005003b CR2: 00000000 CR3: 30c65000 CR4: 00000690
Stack:
 f4d38000 00000000 f4d38000 00000002 ef094e10 00000016 f48c1e60 f48c1e70
 c1316bed f48c1e84 c1316bed 00000000 00000001 ef094e10 f48c1e84 f48c1ed0
 c1303cc6 c1303c7b f31f331a c1303cc6 f6e7d1c0 f3f8ea16 f3f8f380 f4d38008
Call Trace:
 [<c1316bed>] l2cap_disconn_cfm+0x3f/0x5b
 [<c1316bed>] ? l2cap_disconn_cfm+0x3f/0x5b
 [<c1303cc6>] hci_event_packet+0x645/0x2117
 [<c1303c7b>] ? hci_event_packet+0x5fa/0x2117
 [<c1303cc6>] ? hci_event_packet+0x645/0x2117
 [<c12681bd>] ? __kfree_skb+0x65/0x68
 [<c12681eb>] ? kfree_skb+0x2b/0x2e
 [<c130d3fb>] ? hci_send_to_sock+0x18d/0x199
 [<c12fa327>] hci_rx_work+0xf9/0x295
 [<c12fa327>] ? hci_rx_work+0xf9/0x295
 [<c1036d25>] process_one_work+0x128/0x1df
 [<c1346a39>] ? _raw_spin_unlock_irq+0x8/0x12
 [<c1036d25>] ? process_one_work+0x128/0x1df
 [<c103713a>] worker_thread+0x127/0x1c4
 [<c1037013>] ? rescuer_thread+0x216/0x216
 [<c103aec6>] kthread+0x88/0x8d
 [<c1040000>] ? task_rq_lock+0x37/0x6e
 [<c13474b7>] ret_from_kernel_thread+0x1b/0x28
 [<c103ae3e>] ? __kthread_parkme+0x50/0x50
Code: 05 b8 f4 ff ff ff 8d 65 f4 5b 5e 5f 5d 8d 67 f8 5f c3 57 8d 7c 24 08 83 e4 f8 ff 77 fc 55 89 e5 57 56f
EIP: [<c131e9c7>] bt_6lowpan_del_conn+0x19/0x12a SS:ESP 0068:f48c1e34
CR2: 0000000000000000

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Deal with USB devices that are faking CSR vendor
Marcel Holtmann [Fri, 3 Jan 2014 11:02:36 +0000 (03:02 -0800)]
Bluetooth: Deal with USB devices that are faking CSR vendor

There exists a set of Bluetooth USB devices that show up on the USB
bus as 0a12:0001 and identify themselves as devices from CSR. However
they are not. When sending Read Local Version command they now have
a split personality and say they are from Broadcom.

  < HCI Command: Read Local Version Information (0x04|0x0001) plen 0
  > HCI Event: Command Complete (0x0e) plen 12
      Read Local Version Information (0x04|0x0001) ncmd 1
      status 0x00
      HCI Version: 2.0 (0x3) HCI Revision: 0x3000
      LMP Version: 2.0 (0x3) LMP Subversion: 0x420b
      Manufacturer: Broadcom Corporation (15)

The assumption is that they are neither CSR nor Broadcom based devices
and that they are designed and manufactured by someone else.

For the most parts they follow the Bluetooth HCI specification and
can be used as standard Bluetooth devices. However they have the
minor problem that the Delete Stored Link Key command is not working
as it should.

During the Bluetooth controller setup, this command is needed if
stored link keys are supported. For these devices it has to be
assumed that this is broken and so just set a quirk to clearly
indicate the behavior. After that the setup can just proceed.

Now the trick part is to detect these faulty devices since we do
not want to punish all CSR and all Broadcom devices. The original
devices do actually work according to the specification.

What is known so far is that these broken devices set the USB bcdDevice
revision information to 1.0 or less.

T:  Bus=02 Lev=01 Prnt=01 Port=08 Cnt=03 Dev#=  9 Spd=12   MxCh= 0
D:  Ver= 2.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0a12 ProdID=0001 Rev= 1.00
S:  Manufacturer=Bluetooth v2.0
S:  Product=Bluetooth V2.0 Dongle

T:  Bus=05 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0a12 ProdID=0001 Rev= 0.07

In case of CSR devices, the bcdDevice revision contains the firmware
build ID and that is normally a higher value. If the bcdDevice revision
is 1.0 or less, then an extra setup stage is checking if Read Local
Version returns CSR manufacturer information. If not then it will be
assumed that this is a broken device and the Delete Stored Link Key
command will be marked as broken.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add quirk for disabling Delete Stored Link Key command
Marcel Holtmann [Fri, 3 Jan 2014 11:02:35 +0000 (03:02 -0800)]
Bluetooth: Add quirk for disabling Delete Stored Link Key command

Some controller pretend they support the Delete Stored Link Key command,
but in reality they really don't support it.

  < HCI Command: Delete Stored Link Key (0x03|0x0012) plen 7
      bdaddr 00:00:00:00:00:00 all 1
  > HCI Event: Command Complete (0x0e) plen 4
      Delete Stored Link Key (0x03|0x0012) ncmd 1
      status 0x11 deleted 0
      Error: Unsupported Feature or Parameter Value

Not correctly supporting this command causes the controller setup to
fail and will make a device not work. However sending the command for
controller that handle stored link keys is important. This quirk
allows a driver to disable the command if it knows that this command
handling is broken.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agowireless: delete non-required instances of include <linux/init.h>
Paul Gortmaker [Thu, 2 Jan 2014 23:58:32 +0000 (18:58 -0500)]
wireless: delete non-required instances of include <linux/init.h>

None of these files are actually using any __init type directives
and hence don't need to include <linux/init.h>.  Most are just a
left over from __devinit and __cpuinit removal, or simply due to
code getting copied from one driver to the next.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agossb: fix sparse warnings in driver_chipcommon_sflash.c
Hauke Mehrtens [Thu, 2 Jan 2014 18:31:37 +0000 (19:31 +0100)]
ssb: fix sparse warnings in driver_chipcommon_sflash.c

  CHECK   drivers/ssb/driver_chipcommon_sflash.c
drivers/ssb/driver_chipcommon_sflash.c:40:11: warning: Using plain integer as NULL pointer
drivers/ssb/driver_chipcommon_sflash.c:58:11: warning: Using plain integer as NULL pointer
drivers/ssb/driver_chipcommon_sflash.c:69:11: warning: Using plain integer as NULL pointer

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: fix sparse warnings in driver_chipcommon_sflash.c
Hauke Mehrtens [Thu, 2 Jan 2014 18:31:36 +0000 (19:31 +0100)]
bcma: fix sparse warnings in driver_chipcommon_sflash.c

  CHECK   drivers/bcma/driver_chipcommon_sflash.c
drivers/bcma/driver_chipcommon_sflash.c:41:11: warning: Using plain integer as NULL pointer
drivers/bcma/driver_chipcommon_sflash.c:59:11: warning: Using plain integer as NULL pointer
drivers/bcma/driver_chipcommon_sflash.c:70:11: warning: Using plain integer as NULL pointer

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix regulatory compliance
Sujith Manoharan [Thu, 2 Jan 2014 04:36:35 +0000 (10:06 +0530)]
ath9k: Fix regulatory compliance

The maximum permissible values for noise floor in ETSI
and Japan domains have been updated with new EU
regulations for CCA detection. Adjust the values in the
driver accordingly.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix AR955x RX sensitivity
Sujith Manoharan [Thu, 2 Jan 2014 04:36:21 +0000 (10:06 +0530)]
ath9k: Fix AR955x RX sensitivity

AR955x has problems with RX sensitivity in 2G. This patch
adds a routine to select range_osdac dynamically on a
per-chain basis to address this issue.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowireless: cw1200: Fix memory leak in cw1200_wow_suspend()
Christian Engelmayer [Tue, 31 Dec 2013 17:33:57 +0000 (18:33 +0100)]
wireless: cw1200: Fix memory leak in cw1200_wow_suspend()

Fix a memory leak in the cw1200_wow_suspend() error handling path.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Add hardware support for QCA9531
Sujith Manoharan [Tue, 31 Dec 2013 02:42:02 +0000 (08:12 +0530)]
ath9k: Add hardware support for QCA9531

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Initialize QCA953x INI arrays
Sujith Manoharan [Tue, 31 Dec 2013 02:42:01 +0000 (08:12 +0530)]
ath9k: Initialize QCA953x INI arrays

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Add QCA953x initvals
Sujith Manoharan [Tue, 31 Dec 2013 02:42:00 +0000 (08:12 +0530)]
ath9k: Add QCA953x initvals

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Assign macVersion for QCA9531
Sujith Manoharan [Tue, 31 Dec 2013 02:41:59 +0000 (08:11 +0530)]
ath9k: Assign macVersion for QCA9531

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Add version/revision macros for QCA9531
Sujith Manoharan [Tue, 31 Dec 2013 02:41:58 +0000 (08:11 +0530)]
ath9k: Add version/revision macros for QCA9531

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agocarl9170: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:15:07 +0000 (19:15 +0100)]
carl9170: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_hdr defined in include/linux/ieee80211.h,
ieee80211_bar defined in include/linux/ieee80211.h and
ath_common defined in drivers/net/wireless/ath/ath.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoat76c50x-usb: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:15:06 +0000 (19:15 +0100)]
at76c50x-usb: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
at76_priv defined in drivers/net/wireless/at76c50x-usb.h and
ieee80211_mgmt defined in include/linux/ieee80211.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoipw2x00: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:15:05 +0000 (19:15 +0100)]
ipw2x00: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structure involved is
libipw_network defined in drivers/net/wireless/ipw2x00/libipw.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:15:04 +0000 (19:15 +0100)]
ath9k: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_hdr defined in include/linux/ieee80211.h
ath_common defined in drivers/net/wireless/ath/ath.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoiwlegacy: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:15:03 +0000 (19:15 +0100)]
iwlegacy: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_hdr defined in include/linux/ieee80211.h,
il_priv defined in drivers/net/wireless/iwlegacy/common.h and
il_rxon_cmd defined in drivers/net/wireless/iwlegacy/commands.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:15:02 +0000 (19:15 +0100)]
rtlwifi: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_hdr defined in include/linux/ieee80211.h and
rtl_mac defined in drivers/net/wireless/rtlwifi/wifi.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agomwl8k: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:15:01 +0000 (19:15 +0100)]
mwl8k: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_hdr defined in include/linux/ieee80211.h and
mwl8k_priv defined in drivers/net/wireless/mwl8k.c

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agop54: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:14:59 +0000 (19:14 +0100)]
p54: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_hdr defined in include/linux/ieee80211.h and
p54_common defined in drivers/net/wireless/p54/p54.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath5k: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:14:58 +0000 (19:14 +0100)]
ath5k: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_mgmt defined in include/linux/ieee80211.h and
ath_common defined in drivers/net/wireless/ath/ath.h

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agort2x00: use ether_addr_equal_64bits
Julia Lawall [Mon, 30 Dec 2013 18:14:57 +0000 (19:14 +0100)]
rt2x00: use ether_addr_equal_64bits

Ether_addr_equal_64bits is more efficient than ether_addr_equal, and can be
used when each argument is an array within a structure that contains at
least two bytes of data beyond the array.

The structures involved are:
ieee80211_bar defined in include/linux/ieee80211.h and
rt2x00_bar_list_entry defined in drivers/net/wireless/rt2x00/rt2x00.h.

This was done using Coccinelle (http://coccinelle.lip6.fr/).

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix interrupt statistics
Sujith Manoharan [Sat, 28 Dec 2013 04:17:15 +0000 (09:47 +0530)]
ath9k: Fix interrupt statistics

Initialize "sync_cause" to zero since commit
"ath9k: move ath9k_debug_sync_cause out of ath9k_hw"
fills it conditionally based on ISR status.
Not doing this results in garbage values in debugfs.

Cc: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Remove unused config option ack_6mb
Sujith Manoharan [Sat, 28 Dec 2013 04:17:14 +0000 (09:47 +0530)]
ath9k: Remove unused config option ack_6mb

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix AR9100 chip power-on
Sujith Manoharan [Sat, 28 Dec 2013 04:17:13 +0000 (09:47 +0530)]
ath9k: Fix AR9100 chip power-on

AR9100 requires a larger delay after waking up
the RTC.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Cleanup __ath9k_hw_init()
Sujith Manoharan [Sat, 28 Dec 2013 04:17:12 +0000 (09:47 +0530)]
ath9k: Cleanup __ath9k_hw_init()

* Move initialization of config variables to
  ath9k_hw_init_config().

* Move initialization of defaults to ath9k_hw_init_defaults().

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Handle unsupported MAC versions early
Sujith Manoharan [Sat, 28 Dec 2013 04:17:11 +0000 (09:47 +0530)]
ath9k: Handle unsupported MAC versions early

There is no point in trying to bring up the chip when
the MAC version is not present in the supported list.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Move private HW callbacks to hw-ops.h
Sujith Manoharan [Sat, 28 Dec 2013 04:17:10 +0000 (09:47 +0530)]
ath9k: Move private HW callbacks to hw-ops.h

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Remove unused functions
Sujith Manoharan [Sat, 28 Dec 2013 04:17:09 +0000 (09:47 +0530)]
ath9k: Remove unused functions

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix "cc_lock" usage
Sujith Manoharan [Thu, 26 Dec 2013 02:44:40 +0000 (08:14 +0530)]
ath9k: Fix "cc_lock" usage

IRQ save/restore is not required for the cycle counters
since they are accessed only from softirq and process context.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Process BB watchdog events in the tasklet
Sujith Manoharan [Tue, 24 Dec 2013 05:14:26 +0000 (10:44 +0530)]
ath9k: Process BB watchdog events in the tasklet

Move the BB processing code to the tasklet and avoid
doing it in the ISR, there is no real benefit and this
makes the ISR less heavy.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Remove RX Poll
Sujith Manoharan [Tue, 24 Dec 2013 05:14:25 +0000 (10:44 +0530)]
ath9k: Remove RX Poll

This patch removes the convoluted and hacky method of
monitoring for connectivity. We rely on mac80211's connection
loss logic and doing it in the driver is not necessary.

The HW check for MAC/BB hangs is also simplified, there
is no need to have a separate work instance for it.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix baseband watchdog reset
Sujith Manoharan [Tue, 24 Dec 2013 05:14:24 +0000 (10:44 +0530)]
ath9k: Fix baseband watchdog reset

Do a HW reset only for required signatures.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Identify baseband watchdog signatures
Sujith Manoharan [Tue, 24 Dec 2013 05:14:23 +0000 (10:44 +0530)]
ath9k: Identify baseband watchdog signatures

A full HW reset is not required for all baseband watchdog
signatures. Some BB watchdog updates are benign and can
be discarded, some require re-programming of certain registers
and others require a chip reset.

This patch adds a routine to identify such signatures.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix baseband watchdog interrupts
Sujith Manoharan [Tue, 24 Dec 2013 05:14:22 +0000 (10:44 +0530)]
ath9k: Fix baseband watchdog interrupts

Program the required baseband watchdog interrupt
mask to ensure that the correct watchdog interrupts
are raised when the BB is hung for some reason.

Also, use the capability HW_BB_WATCHDOG instead of
relying on other flags.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix PHY restart workaround
Sujith Manoharan [Tue, 24 Dec 2013 05:14:21 +0000 (10:44 +0530)]
ath9k: Fix PHY restart workaround

The PHY restart workaround that handles baseband hangs
for packets with unsupported rates is required only
for a HW bug in AR9300 v2.2. All the subsequent chips in
the AR9003 family do not require this driver fix since
it has been addressed in the HW.

Since the value of the AR_PHY_RESTART register is written
with the default initvals, make sure that PHY restart is
always disabled once this particular BB hang signaure has
been encountered.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix MAC HW hang check for AR9003
Sujith Manoharan [Tue, 24 Dec 2013 05:14:20 +0000 (10:44 +0530)]
ath9k: Fix MAC HW hang check for AR9003

The current method of identifying MAC hangs is
convoluted and also, the signatures are wrong and
don't apply to all the chips in the AR9003 family.
Fix this by cleaning up the code and checking for
the correct hang signatures.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Add HW callbacks for MAC/BB hang checks
Sujith Manoharan [Tue, 24 Dec 2013 05:14:19 +0000 (10:44 +0530)]
ath9k: Add HW callbacks for MAC/BB hang checks

This is required for adding separate hang check
routines for AR9002 and AR9003.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Register supported HW hang checks
Sujith Manoharan [Tue, 24 Dec 2013 05:14:18 +0000 (10:44 +0530)]
ath9k: Register supported HW hang checks

HW hang checks have to be done on a per-chip basis.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix max AMPDU size calculation
Sujith Manoharan [Tue, 24 Dec 2013 05:14:17 +0000 (10:44 +0530)]
ath9k: Fix max AMPDU size calculation

The maximum A-MPDU size is calculated in ath_tx_aggr_start(),
so there is no need to do it in node_attach() too. Also, make
sure that the correct size is calculated as described in
8.4.2.58.3.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agonet: wireless: brcm80211: Drop debug version with build date/time
Josh Triplett [Mon, 23 Dec 2013 21:55:03 +0000 (13:55 -0800)]
net: wireless: brcm80211: Drop debug version with build date/time

The kernel already has this information, and individual drivers
shouldn't duplicate that.  This also eliminates the use of __DATE__ and
__TIME__, which make the build non-deterministic.

Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k_hw: fix TSF offset calculation
Felix Fietkau [Fri, 20 Dec 2013 16:02:24 +0000 (17:02 +0100)]
ath9k_hw: fix TSF offset calculation

Since the unit is microseconds and not milliseconds, tv_sec needs to be
multiplied by 1000000, not 1000.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k_hw: fix gentimer callback without overflow handler
Felix Fietkau [Fri, 20 Dec 2013 15:18:45 +0000 (16:18 +0100)]
ath9k_hw: fix gentimer callback without overflow handler

If a gentimer has both the trigger and the overflow bits set, only
mask out the trigger bit if an overflow handler is present.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: fix sparse non static symbol warning
Wei Yongjun [Fri, 20 Dec 2013 02:22:51 +0000 (10:22 +0800)]
ath9k: fix sparse non static symbol warning

Fixes the following sparse warning:

drivers/net/wireless/ath/ath9k/spectral.c:500:24: warning:
 symbol 'rfs_spec_scan_cb' was not declared. Should it be static?

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agodrivers/net/wireless/hostap: Integer overflow
Wenliang Fan [Wed, 18 Dec 2013 05:56:12 +0000 (13:56 +0800)]
drivers/net/wireless/hostap: Integer overflow

The local variable 'value' comes from 'extra', a parameter of function
'prism2_ioctl_priv_prism2_param'. If a large number passed to 'value',
there would be an integer overflow in the following line:
local->passive_scan_timer.expires = jiffies +
local->passive_scan_interval * HZ

Signed-off-by: Wenliang Fan <fanwlexca@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi...
John W. Linville [Fri, 3 Jan 2014 20:34:41 +0000 (15:34 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-next

10 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac802...
John W. Linville [Fri, 3 Jan 2014 20:25:15 +0000 (15:25 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211-next

10 years agoiwlwifi: mvm: fix coccinelle warnings
Fengguang Wu [Tue, 31 Dec 2013 09:04:18 +0000 (11:04 +0200)]
iwlwifi: mvm: fix coccinelle warnings

drivers/net/wireless/iwlwifi/mvm/led.c:106:2-3: Unneeded semicolon

 Removes unneeded semicolon.

Generated by: coccinelle/misc/semicolon.cocci

CC: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: Update Copyright to 2014
Emmanuel Grumbach [Mon, 30 Dec 2013 11:15:54 +0000 (13:15 +0200)]
iwlwifi: Update Copyright to 2014

Happy new year!

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: rs: fix a potential NULL deref
Eyal Shapira [Mon, 23 Dec 2013 14:26:41 +0000 (16:26 +0200)]
iwlwifi: mvm: rs: fix a potential NULL deref

Found by klocwork analysis.
mvm could be NULL which may cause a NULL dereference
in a theoretical call flow

rs_fill_lq_cmd(mvm = NULL, ...)
rs_build_rates_table
rs_fill_rates_for_column
ucode_rate_from_rs_rate
IWL_ERR(mvm,...)

No real reason for passing NULL to rs_fill_lq_cmd so fix that.

Reported-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: dynamically update tsf_id
Ilan Peer [Mon, 23 Dec 2013 20:18:02 +0000 (22:18 +0200)]
iwlwifi: mvm: dynamically update tsf_id

Currently, the MAC context tsf_id assignment and the master/slave
relations are determined only when a new vif is added, as part
of the MAC context resource allocation. However, at this stage, the
beacon interval is not known, and thus could not be taken into account
in the master-slave algorithm.

To fix this, recalculate the MAC context tsf_id assignment,
just before the MAC context is activated, i.e., just before
a station VMAC is configured to associated and before an AP
VMAC is started.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: change the parameters for calculating an AP TBTT
Ilan Peer [Tue, 24 Dec 2013 15:17:05 +0000 (17:17 +0200)]
iwlwifi: mvm: change the parameters for calculating an AP TBTT

Change the parameters for calculating an AP TBTT to 64/36 instead of
80/20, to increase the interval between a station vif and an AP
vif TBTT events.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: Fix CSR_RESET operation access type
Eran Harary [Wed, 11 Dec 2013 06:13:50 +0000 (08:13 +0200)]
iwlwifi: pcie: Fix CSR_RESET operation access type

The access to the CSR_RESET reg should be done as a complete
DWORD and not by setting a bit. This is the right way to reset
the device.

Signed-off-by: Eran Harary <eran.harary@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: Add a missed beacons threshold
Ilan Peer [Tue, 24 Dec 2013 20:08:14 +0000 (22:08 +0200)]
iwlwifi: mvm: Add a missed beacons threshold

Instead of always calling ieee80211_beacon_loss() on every missed
beacons notification, call this function only if the number of
consecutive missed beacons from last rx is higher than a predefined
threshold.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: squash a spurious warning on chnctx change
Arik Nemtsov [Sun, 29 Dec 2013 15:57:53 +0000 (17:57 +0200)]
iwlwifi: mvm: squash a spurious warning on chnctx change

If the channel min-width changes, we can update the PHY ctx, even if
it has multiple references.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Reviewed-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: dump to debugfs the SRAM as binary
Emmanuel Grumbach [Tue, 24 Dec 2013 12:58:29 +0000 (14:58 +0200)]
iwlwifi: mvm: dump to debugfs the SRAM as binary

This allows to format it at will using external tools.
Since different teams want it in different formats, dump
the raw data and everyone can play with the data the way
they want.

While at it - make this code slightly more robust by making
the required verification on the offsets / length in the
write handler.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: BT Coex - update channel inihibition for channel 14
Emmanuel Grumbach [Tue, 24 Dec 2013 08:55:24 +0000 (10:55 +0200)]
iwlwifi: mvm: BT Coex - update channel inihibition for channel 14

This channel inhibition for channel 14 was wrong. Fix it.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: fix harmless smatch / coccinelle warnings
Emmanuel Grumbach [Sun, 22 Dec 2013 08:55:47 +0000 (10:55 +0200)]
iwlwifi: mvm: fix harmless smatch / coccinelle warnings

Don't check if mvm->fw->cs is NULL since it can't be.
cs is an array member of iwl_fw, it can't be NULL.

Use memset(ptr, 0, sizeof(*ptr)); instead of
memset(ptr, 0, sizeof(struct ptr_type));

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: disable the device as soon as RFKILL fires
Emmanuel Grumbach [Thu, 19 Dec 2013 20:20:58 +0000 (22:20 +0200)]
iwlwifi: mvm: disable the device as soon as RFKILL fires

The firmware needs to be stopped quickly (100ms) after the
RFKILL interrupt fired. Failing to do so would allow the
firmware to access the radio registers which would lead to
a hardware error.

Before this change, we would kill the firmware only when
mac80211 stops the device which can take a fair amount of
time. Take a shortcut by stopping the device right away
in the interrupt.

This is not relevant if the current firmware is INIT
firmware since that firmware can run while in RFKILL.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: allow the op_mode to call stop_device whenever it wants
Emmanuel Grumbach [Thu, 19 Dec 2013 20:19:17 +0000 (22:19 +0200)]
iwlwifi: pcie: allow the op_mode to call stop_device whenever it wants

Calling stop_device when start_fw wasn't called would issue:
Stopping tx queues that aren't allocated...

Also allow the op_mode to call stop_device and then to
disable the Tx queues - in that case just silently ignore
the disabling on the Tx queues, since the PRPH registers
aren't reachable any more.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: don't update the op_mode if rfkill hasn't changed
Emmanuel Grumbach [Sun, 22 Dec 2013 13:13:01 +0000 (15:13 +0200)]
iwlwifi: pcie: don't update the op_mode if rfkill hasn't changed

This is useless and introduces a dependency between rfkill
and stop_device - the op_mode can't call stop_device from
the rfkill notification since it would lead to an endless
recursion.
Next patches will need to do so.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: pcie: keep the NIC awake when commands are in flight
Emmanuel Grumbach [Sun, 22 Dec 2013 13:09:40 +0000 (15:09 +0200)]
iwlwifi: pcie: keep the NIC awake when commands are in flight

Under very specific circumstances, the firmware might
ignore a host command. This was debugged and we ended up
seeing that the power management hardware was faulty.
In order to workaround this issue, we keep the NIC awake
as long as we have host commands in flight. This will avoid
to put the hardware into buggy condition.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: fix possible memory leak
Eytan Lifshitz [Wed, 18 Dec 2013 21:05:06 +0000 (23:05 +0200)]
iwlwifi: mvm: fix possible memory leak

In case of invalid section_id, the function returns after
it aleready allocated memory. Fixed by change the order of actions.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: fix AC / FIFO mapping
Emmanuel Grumbach [Thu, 19 Dec 2013 14:50:49 +0000 (16:50 +0200)]
iwlwifi: mvm: fix AC / FIFO mapping

The AC / fifo mapping was wrong - BE packets landed in VO
FIFO. The iwl_mvm_tx_fifo enumeration isn't in the same
order as ieee80211_ac_numbers enumeration.
Since the firmware relies on fifo / ac mapping - this led
to wrong behavior. E.g. the firmware sends beacon with the
same QoS parameters as VO, and it actually took the
parameters of BK. There are probably more severe issues.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoBluetooth: Use MD SET register for changing SDIO Type-B to Type-A
Marcel Holtmann [Sun, 29 Dec 2013 06:10:02 +0000 (22:10 -0800)]
Bluetooth: Use MD SET register for changing SDIO Type-B to Type-A

The register for setting the SDIO card mode of a Type-B Bluetooth card
is called MD SET. The MD STAT register is used for reading the current
mode back.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add support for vectored writes to virtual HCI driver
Marcel Holtmann [Sun, 29 Dec 2013 05:57:14 +0000 (21:57 -0800)]
Bluetooth: Add support for vectored writes to virtual HCI driver

The Bluetooth virtual HCI driver is using a misc character device to
allow emulation of HCI devices from userspace. This change enables the
support for vectored writes. Previously this was failing with EINVAL
since no complete H:4 packet was written.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>