Apparently firmware can sometimes report a
sequence with the first rx descriptor saying it's
not the last MSDU. In that case msdu_chaining
value could be overwritten saying it's not a
chained MSDU. This in turn led to skb_push panic
as the frame could be treated as an A-MSDU instead
of a chained MSDU.
Reported-By: Avery Pennarun <apenwarr@gmail.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
msdu_payId was read before txrx tasklet was killed
so it was possible to end up using an invalid
sk_buff pointer leading to a panic.
Make sure to sanitize rx ring sk_buff pointers and
make the clean up go through all possible entries
and not rely on coherent-DMA mapped u32 index
which could be (in theory) corrupted by the device
as well.
Reported-By: Avery Pennarun <apenwarr@gmail.com>
Reported-By: Ben Greear <greearb@candelatech.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
The struct cfg80211_chan_def contains additional info to derive the
bandwidth and side-band information of the chanspec. This patch adds
chandef_to_chanspec() function used in IBSS join and starting AP
operation.
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The device is queried about the usability of channels, but it did not
take 80MHz channels into consideration. This patch adds processing those
chanspecs and clear the NO_80MHZ flag for those control/primary channels.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The function does not provide any additional functionality and is
used only once so just get rid of it.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
By default allow 80Mhz in custom regulatory rules of the 5G band so
the channels will not be flagged with N0_80MHZ.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Although brcmfmac support several 11ac devices it did not advertise
VHT related information to cfg80211.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The channel values used by firmware is handled using conversion functions
depending on the type of chip. These functions were already in place but
lacked proper support for 80MHz channel definitions. This patch adds the
support for that.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In the .start_ap callback cfg80211_get_chandef_type() was used to
provide debug log info. However, this causes a warning when the
chandef contains VHT channel with 80MHz bandwidth. Avoid the warning
by just printing the channel and bandwidth instead.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The DISASSOC command needs to be sent to firmware when a connection
loss is detected by firmware (e.g., beacon timeout). Otherwise the
next connect request fails due to a lingering LINK(down) event from
firmware. This patch resolves the issue by using brcmf_link_down()
handler, instead of the incomplete duplicated codes.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Daniel Kim <dekim@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver serializes the nvram firmware file before sending it
to the device. This patch enhances this to assure serialized data
is properly formatted and provide warnings on syntax failures.
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
FWS is always queuing frames and using a worker for de-queueing,
this is not always efficient for all bus layer. For example SDIO
has an internal queue and worker making the queueing of FWS
unnecessary. Make it possible to bypass the worker if fws mode
is none using a bus interface configuration. For USB bus layer
this configuration is set true to have fws provide queueing
regardless the fws mode.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tracking and handling of 802.1x frames is done in two modules, it
is more logical and clear to move this to dhd_linux module.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In tx_finalize the hdrpull is performed. For the new protocol
msgbuf this is complex, because it does not use protocol headers
in front of payload anymore and therefor can not determine interface
index in the hdr pulll operation. Move out the hdrpull operation
from tx_finalize to make msgbuf implementation easier.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Currently firmware roaming support is not reported to cfg80211.
This patch reports the support of firmware based roaming when
it is enabled.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Daniel Kim <dekim@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When a BSS provides both 2.4GHz and 5GHz bands, in many cases it
makes sense to choose 5GHz. Typically a 5GHz channel is less crowded
and has less interference and therefore its performance will be
better than a crowded 2.4 GHz channel. This patch configures
'join_pref' to induce firmware to preferably select 5GHz BSS.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Daniel Kim <dekim@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
and use it. This move need changes in both drivers.
Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This adds choice submenu "Supported bus types" as two simple bool
configs would allow user to compile b43 without any bus support
(prety useless).
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Users of new (BCMA based) wireless chipsets may not want to enable SSB.
This is hopefully the last code patch for dropping SSB dependency.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The check of ezusb_firmware_download() return value (added by commit
488ec878034eccb852267b0e27ce9d511f75c587) is broken because
ezusb_firmware_download() returns 1 on success.
This causes the driver not to work with the following error:
orinoco_usb: probe of 3-3:1.0 failed with error -14
Check the return value only for negative values.
This fix should be applied to -stable kernels too.
Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Systems with multiple DFS channel detectors need to track
timestamp of previous pulse per instance to display the
correct pulse interval.
Since the interval value is used for debug printing only,
this is a non-functional modification.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Originally Helmut posted a v2 of the "ath9k: Allow platform override
without EEPROM override", but I had prematurely commited the original
as commit 552a515707a. This commit restores the tree to what Helmut
intended with his v2 submission. -- JWL
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The msi module parameter offers an option to enable or disable MSI
interrupts mode, for debugging and workaround(in case) convenience.
Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The msi module parameter offers an option to enable or disable MSI
interrupts mode. For now, some users report RTL8188EE works only with
MSI on their certain platforms, some others report it works only without
MSI, this parameter will help.
Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This makes MSI support a module parameter, for debugging and workaround
convenience.
Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ieee80211_beacon_loss() is only to be called in managed mode,
but the firmware may send the sync timeout event at any time,
so do a check before calling.
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Tested-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The join arguments are mixed up, passing beacon_interval instead of
channel and channel instead of beacon_interval. Fix them.
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Tested-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix the WARN below by not calling ieee80211_nullfunc_get() in IBSS mode,
but setting up empty template the same way wl12xx driver does.
WARNING: CPU: 0 PID: 914 at net/mac80211/tx.c:2750 ieee80211_nullfunc_get+0xc0/0xd0 [mac80211]()
Modules linked in: wl1251_sdio wl1251 mac80211 cfg80211
...
[<c00439c0>] (warn_slowpath_null)
[<bf0bdfdc>] (ieee80211_nullfunc_get [mac80211])
[<bf134774>] (wl1251_op_bss_info_changed [wl1251])
[<bf099e14>] (ieee80211_bss_info_change_notify [mac80211])
...
Also perform join command regardless of bss_type as that seems to be
required for proper operation.
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Tested-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This reverts commit b90a1165a72fabdc260abaa9eeadcbfd29e267eb.
That commit (or rather, hack) triggers a scary WARN in IBSS (ad-hoc) mode.
Steps to reproduce:
ifconfig wlan0 down
iwconfig wlan0 mode ad-hoc
ifconfig wlan0 up
------------[ cut here ]------------
WARNING: CPU: 0 PID: 905 at kernel/workqueue.c:1400 __queue_work+0x21c/0x2f4()
Modules linked in: wl1251_sdio wl1251 mac80211 cfg80211
CPU: 0 PID: 905 Comm: ifconfig Not tainted 3.15.0-rc2#233
[<c0015f38>] (unwind_backtrace) from [<c0012938>]
[<c0012938>] (show_stack) from [<c05d4034>]
[<c05d4034>] (dump_stack) from [<c0043984>]
[<c0043984>] (warn_slowpath_common) from [<c00439c0>]
[<c00439c0>] (warn_slowpath_null) from [<c005b6c8>]
[<c005b6c8>] (__queue_work) from [<c005b820>]
[<c005b820>] (queue_work_on) from [<bf134ac0>]
[<bf134ac0>] (wl1251_op_config [wl1251])
[<bf099a70>] (ieee80211_hw_config [mac80211])
...
This happens because ieee80211_connection_loss() is not expected to be
called in IBSS mode (mac80211 ends up queuing uninitialized work
in that case).
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Tested-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Prevent sched scan while not idle (including during association or in AP
mode) instead of while associated only.
This fixes my previous commit which was incomplete:
commit bd5e4744a6ca64299b57a2682c720d00a475a734
Author: David Spinadel <david.spinadel@intel.com>
Date: Thu Apr 24 13:15:29 2014 +0300
iwlwifi: mvm: do no sched scan while associated
Currently the FW doesn't support sched scan while associated,
Prevent it.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
tail should be equal to the last valid index, so
decrease it by one.
This error causes in "a gap" in some cases (as well as
some possible out-of-bound write), finally resulting in
ucode assertion.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Fix iovar 'bw_cap' set command failure introduced by
commit ff3b0fba6f25555ef59c55d138a467d0f81d82d7
Author: Arend van Spriel <arend@broadcom.com>
Date: Sat Mar 15 12:00:57 2014 +0100
brcmfmac: fallback to mimo_bw_cap for older firmwares
This resulted in disabling 20MHz operation in the firmware.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Daniel Kim <dekim@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If sdata doesn't have a valid dev (e.g. in case of monitor
vif), the vif_name field was initialized with (a length of)
some short string, but later was set to a different,
potentially larger one.
This resulted in out-of-bounds write, which usually
appeared as garbage in the trace log.
Simply trace sdata->name, as it should always have the
correct name for both cases.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There are two (related) issues with this.
One case, reported by Michal, is related to hostap: it unsets the
20/40 capability bit for stations that associate when it's in 20
MHz mode.
The other case, reported by Eyal, is that some APs like Netgear
R6300v2 and probably others based on the BCM4360 chipset can be
configured for doing VHT at 20Mhz. In this case the beacon has
a VHT IE but the HT cap indicates transmitter only support 20Mhz.
In both of these cases, we currently avoid VHT and use only HT
this means we can't use the highest rates (MCS8), so fixing this
leads to throughput improvements.
Reported-by: Michal Kazior <michal.kazior@tieto.com>
Reported-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>