We see this WARN_ON during PCIe unload:
WARNING: at kernel/smp.c:382 smp_call_function_many+0x66/0x1e1()
This happens because we are doing PCI iounmap operations while
holding spinlock via spin_lock_irqsave(). Holding spinlock this
way causes disabling IRQs and hence PCI iounmap shows warning on
irqs_disabled() check.
Use non-irq variant of spin_lock i.e. spin_lock() instead.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch adds cfg80211 del_station handler for mwifiex.
If bss is not started or there are no stations in associated
stations list, no action is taken. If argument received is
null/broadcast mac, all stations in associated station list are
deauthenticated.
Patch also deletes related RxReorder stream and TxBA stream tables
for related station.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
During deleting a station entry from associated sta_list, we are
supposed to delete entry only for this particular mac address.
This patch is a bug fix wherein we were deleting all entries from
list; fix this by removing list_for_each_entry_safe() call.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
A full-channel scan is split to multiple scan commands in driver
before they are sent to firmware. When each scan result is back
the SSID entries are parsed and informed to cfg80211 directly.
It's observed that sometimes userspace may initiate association
as soon as the target AP is found. During the 4-way handshake
firmware may go off-channel to scan the remaining channels.
This causes the 4-way handshake to fail.
Fix it by checking 'scan_block' flag and aborting the remaining
scan in this case. 'scan_block' flag is set after association
and before 4-way handshake. It gets cleared after 4-way handshake
is completed.
Tested-by: Jason Abele <jabele@chromium.org>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
As the variable is used only for preparation of internal scan
commands, we don't need to keep it allocated until the entire
scan completes. We will define it as a local variable and free
immediately after it's use.
New flag 'scan_aborting' is added to handle race between
mwifiex_close() and scan handler. Previously user_scan_cfg
pointer used to take care of this.
This patch fixes a memory leak in mwifiex_cfg80211_scan after
running "iwlist mlan0 scan & sleep 1; rmmod mwifiex_sdio".
Reported-by: Daniel Drake <dsd@laptop.org>
Tested-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Return from scan delay timer routine if surprise_removed flag
is true. Also, cancel the timer in unload path.
This fixes a crash when scan delay timer accesses structures
that have been freed already.
Tested with "iwlist mlan0 scan & sleep 1; rmmod mwifiex_sdio"
Reported-by: Daniel Drake <dsd@laptop.org>
Tested-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
We have two different static routines with name
mwifiex_free_adapter(). The routine in main.c actually frees the
adapter structure.
We will rename other routine in init.c to mwifiex_adapter_cleanup()
to avoid confusion.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This is pretty much the same as rev 9, there are just 2 extra fields we
know about, but are not used/stored yet anyway.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pass it as an argument to all functions. This is requires as newer SPROM
revisions have different lengths.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Packet drop may be caused by various flows, like disconnect
while Tx packets was queued; this should not lead to stopping
of the Tx queue, or all Tx get stalled.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
- Introduce common code for Tx/Rx descriptor physical address set/parse
- Fix endianness for address fields
- consistent descriptor naming: '_d' for non-cached memory, 'd' for cached copy
- wil_tx_desc_map now modify cached copy, no need for 'volatile'
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Introduce NAPI for Rx and Tx completion.
This fixes packet reordering that happens when Rx handled right in
the IRQ: netif_rx puts packet in 'percpu' queue, then network stack
fetches packets from 'percpu' queues for processing, with different
pattern of queue switching. As result, network stack see packets
in different order. This causes hard to understand TCP throughput
degradation in about 30min
Complete polling if only one packet was processed - this eliminates
empty polls that would be otherwise done at the end of each burst
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Move packet dump to the earliest location where it is known to have
valid data.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If Rx descriptor contains garbage, it is possible to access memory beyond
allocated buffer.
Check this condition and drop Rx if reported length is
unreasonable large
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hardware uses little endian for the Tx/Rx descriptors field 'length',
do appropriate conversions
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Chun-Yeow and Javier Lopez contributed these changes to
make mesh mode use the more similar AP beaconing mode and
queue parameters. Should improve PS performance, interface
concurrency (AP modes can coexist), and beacon interval
stability.
AR9271 (ath9k_htc) mesh interfaces also need to be in AP
operating mode.
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Advertise support for management frame protection in hardware.
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
More specifically, enable AP-style beaconing on mesh
ifaces and change the hw capabilities to reflect mesh
support.
Coexistence with a virtual STA interface was tested as
working fine.
Signed-off-by: Javier Cardona <javier@cozybit.com>
[rebase, add iface combinations]
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This was added during the early conversion of ampdu_action
to a sleeping callback. There is no need to do this - instead,
use the normal mutex that is acquired for all callbacks.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This option has not been enabled by default in any
distribution, has never been enabled in OpenWrt and no developer
has asked for this information in a bug report.
Dumping pages of random values doesn't help debugging,
remove this option (along with the vmalloc() abuse).
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
All PCIe devices must support MSIs, make use of them.
Signed-off-by: Jakub Kicinski <kubakici@wp.pl>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Only do it after the queues are allocated. This
will allow to use the 'rt2x00dev->bcn->limit'
instead of 'rt2x00dev->ops->bcn->entry_num'.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The beacon data queue is initialized already when
the rt2800_clear_beacon_register() function is called.
Fetch the size of the TXWI descriptor from that
instead of using the winfo_size field of the data
queue descriptor.
The two values are the same, and the use of the
rt2x00dev->bcn->winfo_size value allows us to
get rid of a superfluous pointer dereference.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The RX data queue is initialized already when
the rt2800_usb_enable_radio() function is called.
Fetch the number of the queue entries from that
instead of using the entry_num field of the data
queue descriptor.
The two values are the same, and the use of the
rt2x00dev->rx->limit value allows us to get rid
of a superfluous pointer dereference.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The TX data queue is initialized already when
the rt2800pci_txstatus_interrupt() function is
called.
Fetch the number of the queue entries from that
instead of using the entry_num field of the data
queue descriptor.
The two values are the same, and the use of the
rt2x00dev->tx->limit value allows us to get rid
of a superfluous pointer dereference.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The TX data queue is initialized already when
the rt61pci_txdone() function is called.
Fetch the number of the queue entries from that
instead of using the entry_num field of the data
queue descriptor.
The two values are the same, and the use of the
rt2x00dev->tx->limit value allows us to get rid
of a superfluous pointer dereference.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The TX data queue is initialized already when
the rt2x00lib_probe_hw() function is called.
Fetch the number of the queue entries from that
instead of using the entry_num field of the data
queue descriptor.
The two values are the same, and the use of the
rt2x00dev->tx->limit value allows us to get rid
of a superfluous pointer dereference.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
We send direct probe to broadcast address, as some APs do not respond to
unicast PROBE frames when unassociated. Broadcast frames are not acked,
so we can not use that for trigger MLME state machine, but we need to
use old timeout mechanism.
This fixes authentication timed out like below:
[ 1024.671974] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 1024.694125] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 1024.695450] wlan6: direct probe to 54:e6:fc:98:63:fe (try 2/3)
[ 1024.700586] wlan6: send auth to 54:e6:fc:98:63:fe (try 3/3)
[ 1024.701441] wlan6: authentication with 54:e6:fc:98:63:fe timed out
With fix, we have:
[ 4524.198978] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 4524.220692] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 4524.421784] wlan6: send auth to 54:e6:fc:98:63:fe (try 2/3)
[ 4524.423272] wlan6: authenticated
[ 4524.423811] wlan6: associate with 54:e6:fc:98:63:fe (try 1/3)
[ 4524.427492] wlan6: RX AssocResp from 54:e6:fc:98:63:fe (capab=0x431 status=0 aid=1)
Cc: stable@vger.kernel.org # 3.9
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The D3 firmware API changed to include a new field, adjust
the driver to it to avoid getting an NMI when configuring.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When different images can (soon) be accessed through this
file, storing the section offset/length on first access to
the file breaks (or needs manual reset). Avoid this by not
storing the offset/length values but using them locally in
the function only. That way, the correct values are always
used.
While at it, correct the check that firmware is loaded.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If RF-kill is asserted while a device is initialized, the
firmware INIT image can now be run to retrieve the NVM
data and register to mac80211 properly. Previously, the
initialisation would fail in this scenario and the driver
wouldn't register with mac80211 at all, making the device
unusable.
Signed-off-by: Eran Harary <eran.harary@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some newer devices will be integrated into the platform more
deeply and will not have embedded NVM (EEPROM/OTP). To support
such devices the NVM data must be provided by the platform,
allow loading the data via request_firmware() and then send it
to the device as needed.
Signed-off-by: Eran Harary <eran.harary@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These messages aren't really useful, suppress them unless
EEPROM debugging is turned on.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
As the new MVM firmware files package the DATA section
first, and debugfs files want to access the DATA and
not INST section, reverse the order here. This is only
relevant for debugfs code that accesses the SRAM DATA
section and uses this constant to access the section.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If NVM parsing fails and returns NULL, we continue in
the code flow and eventually crash accessing the NULL
pointer. Return an error from iwl_nvm_init() if the
parsing failed.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Configure power management in the D3 firmware by sending
the power table command to it when suspending; this uses
some values that are more suitable to a low power state.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
New host-device API provides the ability to set the number
of DTIMs to skip. Add this parameter to the command and set
it (to a sane default value.)
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Generally, the DTIM period is available after a beacon has
been received, and if no beacon has been received enabling
powersave is problematic anyway for synchronisation. Since
some drivers may require the DTIM period for powersave,
don't enable powersave until it becomes available in case
the scan/association managed to not receive a beacon.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Previously the mesh_auth_id was disabled. Instead set the
correct mesh authentication bit based on the mesh setup.
Signed-off-by: Colleen Twitty <colleen@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Authentication takes place in userspace, but the beacon is
generated in the kernel. Allow userspace to inform the
kernel of the authentication method so the appropriate
mesh config IE can be set prior to beacon generation when
joining the MBSS.
Signed-off-by: Colleen Twitty <colleen@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's no real difference between *array and array, but
the former confuses smatch so write it differently. The
generated code is exactly the same.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211 and the Intel drivers all define crypto
constants, move them to ieee80211.h instead.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When an HT AP is advertising channel switch in a beacon, it
doesn't (and shouldn't, according to 802.11-2012 Table 8-20)
include a secondary channel offset element. The only possible
interpretation is that the previous secondary channel offset
remains valid, so use that when switching channel based only
on beacon information.
VHT requires the Wide Bandwidth Channel Switch subelement to
be present in the Channel Switch Wrapper element, so the code
for that is probably ok (see 802.11ac Draft 4, 8.4.2.165.)
Reported-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Make kerneldoc content match header file content, no functional
change.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Avinash Patil
Bing Zhao
Amitkumar Karwar
Rafał Miłecki
Vladimir Kondratiev
Thomas Pedersen
Javier Cardona
Sujith Manoharan
Jakub Kicinski
Gabor Juhos
Stanislaw Gruszka
Johannes Berg
Eran Harary
Emmanuel Grumbach
Alexander Bondar
Colleen Twitty
Robert P. J. Day