profile/common/kernel-common.git
11 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi...
John W. Linville [Mon, 4 Mar 2013 19:27:26 +0000 (14:27 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes

11 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
John W. Linville [Mon, 4 Mar 2013 19:24:02 +0000 (14:24 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211

11 years agoiwlwifi: mvm: don't warn on normal BAR sending
Emmanuel Grumbach [Sun, 3 Mar 2013 12:35:03 +0000 (14:35 +0200)]
iwlwifi: mvm: don't warn on normal BAR sending

This flow happens when we get a failed single Tx response
on an AMPDU queue. In this case, the frame won't be sent
any more. So we need to move the window on the recipient
side. This is done by a BAR.

Now if we are in the following case: 10, 12 and 13 are ACKed
and 11 isn't.

 10  11  12  13.
 V   X   V   V

Then, 11 will be sent 16 times as an MPDU (as oppsed to
A-MPDU). If this failed, we are entering the flow described
above. So we need to send a BAR with ssn = 12.
But in this case, the scheduler will tell us to free frames
up to 13 (included).

So, it is perfectly possible to get a failed single Tx
response on an AMPDU queue that makes the scheduler's ssn
jump by more than 1 single packet.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: update the rssi calculation
Emmanuel Grumbach [Thu, 28 Feb 2013 09:54:28 +0000 (11:54 +0200)]
iwlwifi: mvm: update the rssi calculation

Make the rssi more accurate by taking in count per-chain AGC
values. Without this, the RSSI reports inaccurate values.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: ignore STOP_AGG when restarting
Emmanuel Grumbach [Mon, 4 Mar 2013 07:11:08 +0000 (09:11 +0200)]
iwlwifi: mvm: ignore STOP_AGG when restarting

Since the device is being restarted, all the Rx / Tx Block
Ack sessions are been wiped out by the driver. So ignore
the requests from mac80211 that stops Tx agg while
reconfiguring the device.

Note that stopping a non-existing Rx BA session is harmless,
so just honor mac80211's request.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Remove overriding calibrations for the 7000 family
Dor Shaish [Wed, 27 Feb 2013 11:01:09 +0000 (13:01 +0200)]
iwlwifi: mvm: Remove overriding calibrations for the 7000 family

This fix removes the override of calibration request values sent
to the FW.
Due to that, the sending of default values to now implemented
calibrations is removed.

Signed-off-by: Dor Shaish <dor.shaish@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Take the phy_cfg from the TLV value
Dor Shaish [Wed, 27 Feb 2013 13:55:48 +0000 (15:55 +0200)]
iwlwifi: mvm: Take the phy_cfg from the TLV value

The phy_cfg is given from the TLV value and does not have to be
built by us.

Signed-off-by: Dor Shaish <dor.shaish@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Set valid TX antennas value before calib request
Dor Shaish [Wed, 27 Feb 2013 21:00:27 +0000 (23:00 +0200)]
iwlwifi: mvm: Set valid TX antennas value before calib request

We must set the valid TX antennas number in the ucode before
sending the phy_cfg_cmd and request for calibrations.

Signed-off-by: Dor Shaish <dor.shaish@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: restart the NIC of the cmd queue gets full
Emmanuel Grumbach [Thu, 28 Feb 2013 06:57:31 +0000 (08:57 +0200)]
iwlwifi: mvm: restart the NIC of the cmd queue gets full

This situation is clearly an error situation and the only
way to recover is to restart the driver / fw.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: another fix for idle handling in monitor mode
Felix Fietkau [Sat, 2 Mar 2013 18:05:47 +0000 (19:05 +0100)]
mac80211: another fix for idle handling in monitor mode

When setting a monitor interface up or down, the idle state needs to be
recalculated, otherwise the hardware will just stay in its previous idle
state.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix VHT MCS calculation
Johannes Berg [Fri, 1 Mar 2013 16:33:18 +0000 (17:33 +0100)]
mac80211: fix VHT MCS calculation

The VHT MCSes we advertise to the AP were supposed to
be restricted to the AP, but due to a bug in the logic
mac80211 will advertise rates to the AP that aren't
even supported by the local device. To fix this skip
any adjustment if the NSS isn't supported at all.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix oops on mesh PS broadcast forwarding
Marco Porsch [Fri, 1 Mar 2013 15:01:18 +0000 (16:01 +0100)]
mac80211: fix oops on mesh PS broadcast forwarding

Introduced with de74a1d9032f4d37ea453ad2a647e1aff4cd2591
"mac80211: fix WPA with VLAN on AP side with ps-sta".
Apparently overwrites the sdata pointer with non-valid data in
the case of mesh.
Fix this by checking for IFTYPE_AP_VLAN.

Signed-off-by: Marco Porsch <marco@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: increase wiphy dump size dynamically
Johannes Berg [Fri, 1 Mar 2013 13:03:49 +0000 (14:03 +0100)]
nl80211: increase wiphy dump size dynamically

Given a device with many channels capabilities the wiphy
information can still overflow even though its size in
3.9 was reduced to 3.8 levels. For new userspace and
kernel 3.10 we're going to implement a new "split dump"
protocol that can use multiple messages per wiphy.

For now though, add a workaround to be able to send more
information to userspace. Since generic netlink doesn't
have a way to set the minimum dump size globally, and we
wouldn't really want to set it globally anyway, increase
the size only when needed, as described in the comments.
As userspace might not be prepared for large buffers, we
can only use 4k.

Also increase the size for the get_wiphy command.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: use coherent DMA memory for command header
Johannes Berg [Wed, 27 Feb 2013 12:18:50 +0000 (13:18 +0100)]
iwlwifi: use coherent DMA memory for command header

Recently in commit 8a964f44e01ad3bbc208c3e80d931ba91b9ea786
("iwlwifi: always copy first 16 bytes of commands") we fixed
the problem that the hardware writes back to the command and
that could overwrite parts of the data that was still needed
and would thus be corrupted.

Investigating this problem more closely we found that this
write-back isn't really ordered very well with respect to
other DMA traffic. Therefore, it sometimes happened that the
write-back occurred after unmapping the command again which
is clearly an issue and could corrupt the next allocation
that goes to that spot, or (better) cause IOMMU faults.

To fix this, allocate coherent memory for the first 16 bytes
of each command, containing the write-back part, and use it
for all queues. All the dynamic DMA mappings only need to be
TO_DEVICE then. This ensures that even when the write-back
happens "too late" it can't hit memory that has been freed
or a mapping that doesn't exist any more.

Since now the actual command is no longer modified, we can
also remove CMD_WANT_HCMD and get rid of the DMA sync that
was necessary to update the scratch pointer.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: disable 8K A-MSDU by default
Emmanuel Grumbach [Wed, 20 Feb 2013 09:33:00 +0000 (11:33 +0200)]
iwlwifi: disable 8K A-MSDU by default

Supporting 8K A-MSDU means that we need to allocate order 1
pages for every Rx packet. Even when there is no traffic.
This adds stress on the memory manager. The handling of
compound pages is also less trivial for the memory manager
and not using them will make the allocation code run faster
although I didn't really measure.
Eric also pointed out that having huge buffers with little
data in them is not very nice towards the TCP stack since
the truesize of the skb is huge. This doesn't allow TCP
to have a big Rx window.
See https://patchwork.kernel.org/patch/2167711/ for details.

Note that very few vendors will actually send A-MSDU.
Disable this feature by default.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: rename IWL_MAX_CMD_TFDS to IWL_MAX_CMD_TBS_PER_TFD
Johannes Berg [Tue, 26 Feb 2013 10:32:26 +0000 (11:32 +0100)]
iwlwifi: rename IWL_MAX_CMD_TFDS to IWL_MAX_CMD_TBS_PER_TFD

The IWL_MAX_CMD_TFDS name for this constant is wrong, the
constant really indicates how many TBs we can use in the
driver for a single command TFD, rename the constant and
also add a comment explaining it.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: don't map complete commands bidirectionally
Johannes Berg [Tue, 26 Feb 2013 10:28:19 +0000 (11:28 +0100)]
iwlwifi: don't map complete commands bidirectionally

The reason we mapped them bidirectionally was that not doing
so had caused IOMMU exceptions, due to the fact that the HW
writes back into the command. Now that the first part of the
command including the write-back part is always in the first
buffer, we don't need to map the remaining buffer(s) bidi
and can get rid of the special-casing for commands.

This is a requisite patch for another one to fix DMA mapping.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: really fix monitor mode channel reporting
Johannes Berg [Thu, 28 Feb 2013 08:59:22 +0000 (09:59 +0100)]
mac80211: really fix monitor mode channel reporting

After Felix's patch it was still broken in case you
used more than just a single monitor interface. Fix
it better now.

Reported-by: Sujith Manoharan <sujith@msujith.org>
Tested-by: Sujith Manoharan <sujith@msujith.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agolibertas: fix crash for SD8688
Bing Zhao [Tue, 26 Feb 2013 20:58:35 +0000 (12:58 -0800)]
libertas: fix crash for SD8688

For SD8688, FUNC_INIT command is queued before fw_ready flag is
set. This causes the following crash as lbs_thread blocks any
command if fw_ready is not set.

[  209.338953] [<c0502248>] (__schedule+0x610/0x764) from [<bf20ae24>] (__lbs_cmd+0xb8/0x130 [libertas])
[  209.348340] [<bf20ae24>] (__lbs_cmd+0xb8/0x130 [libertas]) from [<bf222474>] (if_sdio_finish_power_on+0xec/0x1b0 [libertas_sdio])
[  209.360136] [<bf222474>] (if_sdio_finish_power_on+0xec/0x1b0 [libertas_sdio]) from [<bf2226c4>] (if_sdio_power_on+0x18c/0x20c [libertas_sdio])
[  209.373052] [<bf2226c4>] (if_sdio_power_on+0x18c/0x20c [libertas_sdio]) from [<bf222944>] (if_sdio_probe+0x200/0x31c [libertas_sdio])
[  209.385316] [<bf222944>] (if_sdio_probe+0x200/0x31c [libertas_sdio]) from [<bf01d820>] (sdio_bus_probe+0x94/0xfc [mmc_core])
[  209.396748] [<bf01d820>] (sdio_bus_probe+0x94/0xfc [mmc_core]) from [<c02e729c>] (driver_probe_device+0x12c/0x348)
[  209.407214] [<c02e729c>] (driver_probe_device+0x12c/0x348) from [<c02e7530>] (__driver_attach+0x78/0x9c)
[  209.416798] [<c02e7530>] (__driver_attach+0x78/0x9c) from [<c02e5658>] (bus_for_each_dev+0x50/0x88)
[  209.425946] [<c02e5658>] (bus_for_each_dev+0x50/0x88) from [<c02e6810>] (bus_add_driver+0x108/0x268)
[  209.435180] [<c02e6810>] (bus_add_driver+0x108/0x268) from [<c02e782c>] (driver_register+0xa4/0x134)
[  209.444426] [<c02e782c>] (driver_register+0xa4/0x134) from [<bf22601c>] (if_sdio_init_module+0x1c/0x3c [libertas_sdio])
[  209.455339] [<bf22601c>] (if_sdio_init_module+0x1c/0x3c [libertas_sdio]) from [<c00085b8>] (do_one_initcall+0x98/0x174)
[  209.466236] [<c00085b8>] (do_one_initcall+0x98/0x174) from [<c0076504>] (load_module+0x1c5c/0x1f80)
[  209.475390] [<c0076504>] (load_module+0x1c5c/0x1f80) from [<c007692c>] (sys_init_module+0x104/0x128)
[  209.484632] [<c007692c>] (sys_init_module+0x104/0x128) from [<c0008c40>] (ret_fast_syscall+0x0/0x38)

Fix it by setting fw_ready flag prior to queuing FUNC_INIT command.

Cc: <stable@vger.kernel.org> # 3.5+
Reported-by: Lubomir Rintel <lkundrak@v3.sk>
Tested-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agort2x00: error in configurations with mesh support disabled
Felix Fietkau [Tue, 26 Feb 2013 15:09:55 +0000 (16:09 +0100)]
rt2x00: error in configurations with mesh support disabled

If CONFIG_MAC80211_MESH is not set, cfg80211 will now allow advertising
interface combinations with NL80211_IFTYPE_MESH_POINT present.
Add appropriate ifdefs to avoid running into errors.

Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: correct sleep delay counter
Avinash Patil [Tue, 26 Feb 2013 00:01:34 +0000 (16:01 -0800)]
mwifiex: correct sleep delay counter

Maximum delay for waking up card is 50 ms. Because of typo in
counter, this delay goes to 500ms. This patch fixes the bug.

Cc: <stable@vger.kernel.org> # 3.2+
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agoath9k_hw: improve reset reliability after errors
Felix Fietkau [Mon, 25 Feb 2013 19:51:07 +0000 (20:51 +0100)]
ath9k_hw: improve reset reliability after errors

On many different chips, important aspects of the MAC state are not
fully cleared by a warm reset. This can show up as tx/rx hangs, those
annoying "DMA failed to stop in 10 ms..." messages or other quirks.

On AR933x, the chip can occasionally get stuck in a way that only a
driver unload/reload or a reboot would bring it back to life.

With this patch, a full reset is issued when bringing the chip out of
FULL-SLEEP state (after idle), or if either Rx or Tx was not shut down
properly. This makes the DMA related error messages disappear completely
in my tests on AR933x, and the chip does not get stuck anymore.

Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agobcma: init spin lock
Hauke Mehrtens [Sat, 23 Feb 2013 22:30:22 +0000 (23:30 +0100)]
bcma: init spin lock

This spin lock was not initialized.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agoath9k_htc: fix signal strength handling issues
Felix Fietkau [Fri, 22 Feb 2013 20:37:25 +0000 (21:37 +0100)]
ath9k_htc: fix signal strength handling issues

The ath9k commit 2ef167557c0a26c88162ecffb017bfcc51eb7b29
(ath9k: fix signal strength reporting issues) fixed an issue where the
reported per-frame signal strength reported to mac80211 was being
overwritten with an internal average. The same issue is also present
in ath9k_htc.
In addition to preventing the driver from overwriting the value, this
commit also ensures that the internal average (which is used for ANI)
only tracks beacons of the AP that we're connected to.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agoath9k: fix RSSI dummy marker value
Felix Fietkau [Fri, 22 Feb 2013 20:09:17 +0000 (21:09 +0100)]
ath9k: fix RSSI dummy marker value

RSSI is being stored internally as s8 in several places. The indication
of an unset RSSI value, ATH_RSSI_DUMMY_MARKER, was supposed to have been
set to 127, but ended up being set to 0x127 because of a code cleanup
mistake. This could lead to invalid signal strength values in a few
places.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi...
John W. Linville [Wed, 27 Feb 2013 19:11:04 +0000 (14:11 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes

11 years agonl80211: remove channel width and extended capa advertising
Johannes Berg [Wed, 27 Feb 2013 14:08:28 +0000 (15:08 +0100)]
nl80211: remove channel width and extended capa advertising

This is another case of data increasing the size of the
wiphy information significantly with a new feature, for
now remove this as well.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Remove testing of static PIC in PhyDB
Dor Shaish [Tue, 12 Feb 2013 07:49:00 +0000 (09:49 +0200)]
iwlwifi: mvm: Remove testing of static PIC in PhyDB

The PIC was supposed to be a small signature appended to the
PhyDB data, but the signature isn't really static and thus
attempting to check it just causes the warnings spuriously
so remove them.

Signed-off-by: Dor Shaish <dor.shaish@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: fix wakeup status query and packet reporting
Johannes Berg [Tue, 26 Feb 2013 11:04:18 +0000 (12:04 +0100)]
iwlwifi: fix wakeup status query and packet reporting

The wakeup packet in the status response is padded out
to a multiple of 4 bytes by the firmware for transfer
to the host, take that into account when checking the
length of the command.

Also, the reported wakeup packet includes the FCS but
the userspace API doesn't, so remove that. If it is a
data packet it is reported as an 802.3 packet but I
forgot to take into account and remove the encryption
head/tail, fix all of that as well.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: Fix crash due to un-canceled work-items
Ben Greear [Wed, 20 Feb 2013 17:41:09 +0000 (09:41 -0800)]
mac80211: Fix crash due to un-canceled work-items

Some mlme work structs are not cancelled on disassociation
nor interface deletion, which leads to them running after
the memory has been freed

There is not a clean way to cancel these in the disassociation
logic because they must be canceled outside of the ifmgd->mtx
lock, so just cancel them in mgd_stop logic that tears down
the station.

This fixes the crashes we see in 3.7.9+.  The crash stack
trace itself isn't so helpful, but this warning gives
more useful info:

WARNING: at /home/greearb/git/linux-3.7.dev.y/lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
ODEBUG: free active (active state 0) object type: work_struct hint: ieee80211_sta_monitor_work+0x0/0x14 [mac80211]
Modules linked in: [...]
Pid: 14743, comm: iw Tainted: G         C O 3.7.9+ #11
Call Trace:
 [<ffffffff81087ef8>] warn_slowpath_common+0x80/0x98
 [<ffffffff81087fa4>] warn_slowpath_fmt+0x41/0x43
 [<ffffffff812a2608>] debug_print_object+0x7c/0x8d
 [<ffffffff812a2bca>] debug_check_no_obj_freed+0x95/0x1c3
 [<ffffffff8114cc69>] slab_free_hook+0x70/0x79
 [<ffffffff8114ea3e>] kfree+0x62/0xb7
 [<ffffffff8149f465>] netdev_release+0x39/0x3e
 [<ffffffff8136ad67>] device_release+0x52/0x8a
 [<ffffffff812937db>] kobject_release+0x121/0x158
 [<ffffffff81293612>] kobject_put+0x4c/0x50
 [<ffffffff8148f0d7>] netdev_run_todo+0x25c/0x27e

Cc: stable@vger.kernel.org
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stop timers before canceling work items
Ben Greear [Wed, 20 Feb 2013 17:41:08 +0000 (09:41 -0800)]
mac80211: stop timers before canceling work items

Re-order the quiesce code so that timers are always
stopped before work-items are flushed. This was not
the problem I saw, but I think it may still be more
correct.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: fix AP/GO mode station removal
Johannes Berg [Fri, 22 Feb 2013 13:07:56 +0000 (14:07 +0100)]
iwlwifi: mvm: fix AP/GO mode station removal

When stations are removed while packets are in the queue,
we drain the queues first, and then remove the stations.
If this happens in AP mode while the interface is removed
the MAC context might be removed from the firmware before
we removed the station(s), resulting in a SYSASSERT 3421.
This is because we remove the MAC context from the FW in
stop_ap(), but only flush the station drain work later in
remove_interface().

Refactor the code a bit to have a common MAC context
removal preparation first to solve this.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: always copy first 16 bytes of commands
Johannes Berg [Mon, 25 Feb 2013 15:01:34 +0000 (16:01 +0100)]
iwlwifi: always copy first 16 bytes of commands

The FH hardware will always write back to the scratch field
in commands, even host commands not just TX commands, which
can overwrite parts of the command. This is problematic if
the command is re-used (with IWL_HCMD_DFL_NOCOPY) and can
cause calibration issues.

Address this problem by always putting at least the first
16 bytes into the buffer we also use for the command header
and therefore make the DMA engine write back into this.

For commands that are smaller than 16 bytes also always map
enough memory for the DMA engine to write back to.

Cc: stable@vger.kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix monitor mode channel reporting
Felix Fietkau [Sat, 23 Feb 2013 18:02:14 +0000 (19:02 +0100)]
mac80211: fix monitor mode channel reporting

When not using channel contexts with only monitor mode interfaces being
active, report local->monitor_chandef to userspace.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix idle handling in monitor mode
Felix Fietkau [Sat, 23 Feb 2013 17:40:57 +0000 (18:40 +0100)]
mac80211: fix idle handling in monitor mode

When the driver does not want a monitor mode VIF, no channel context is
allocated for it. This causes ieee80211_recalc_idle to put the hardware
into idle mode if only a monitor mode is active, breaking injection.

Fix this by checking local->monitors in addition to active channel
contexts.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: Ensure off-channel frames don't get queued
Seth Forshee [Mon, 25 Feb 2013 20:58:05 +0000 (14:58 -0600)]
mac80211: Ensure off-channel frames don't get queued

Commit 6c17b77b67587b9f9e3070fb89fe98cef3187131 (mac80211: Fix tx queue
handling during scans) contains a bug that causes off-channel frames to
get queued when they should be handed down to the driver for transmit.
Prevent this from happening.

Reported-by: Fabio Rossi <rossi.f@inwind.it>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix the problem of forwarding from DS to DS in Mesh
Chun-Yeow Yeoh [Tue, 19 Feb 2013 02:04:50 +0000 (10:04 +0800)]
mac80211: fix the problem of forwarding from DS to DS in Mesh

Unicast frame with unknown forwarding information always trigger
the path discovery assuming destination is always located inside the
MBSS. This patch allows the forwarding to look for mesh gate if path
discovery inside the MBSS has failed.

Reported-by: Cedric Voncken <cedric.voncken@acksys.fr>
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: remove TCP WoWLAN information
Johannes Berg [Tue, 19 Feb 2013 23:56:27 +0000 (00:56 +0100)]
nl80211: remove TCP WoWLAN information

Just like the radar information, the TCP WoWLAN capability
data can increase the wiphy information and make it too
big. Remove the TCP WoWLAN information; no driver supports
it and new userspace tools will be required as well.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: remove radar information
Johannes Berg [Mon, 18 Feb 2013 22:44:38 +0000 (23:44 +0100)]
nl80211: remove radar information

The wiphy information is getting very close to being too
much for a typical netlink dump message and adding the
radar attributes to channels and interface combinations
can push it over the limit, which means userspace gets no
information whatsoever. Therefore, remove these again for
now, no driver actually supports radar detection anyway
and a modified userspace is required as well.

We're working on a solution that will allow userspace to
request splitting the information across multiple netlink
messages, which will allow us to add this back.

Cc: Simon Wunderlich <simon.wunderlich@s2003.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix tim_lock locking
Johannes Berg [Fri, 22 Feb 2013 11:55:01 +0000 (12:55 +0100)]
mac80211: fix tim_lock locking

The ieee80211_beacon_add_tim() function might be called
by drivers with BHs enabled, which causes a potential
deadlock if TX happens at the same time and attempts to
lock the tim_lock as well. Use spin_lock_bh to fix it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agobrcmfmac: fix missing unlock on error in brcmf_notify_vif_event()
Wei Yongjun [Fri, 22 Feb 2013 13:32:20 +0000 (21:32 +0800)]
brcmfmac: fix missing unlock on error in brcmf_notify_vif_event()

Add the missing unlock before return from function brcmf_notify_vif_event()
in the error handling case.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: fix system freeze while reloading driver
Avinash Patil [Thu, 21 Feb 2013 05:12:58 +0000 (21:12 -0800)]
mwifiex: fix system freeze while reloading driver

Unload sequence for mwifiex PCIE driver is as follows:
1. Invoking cleanup module from kernel results into
   pci_unregister_driver
2. Kernel invokes PCIE remove() handler which disconnects all
   interfaces.
3. One step during disconnect is to clean PCIE TX rings.
   During this we read txbd_rdptr from FW.

While loading driver next time, we see pci_enable_device()
results into system freeze. This may have happened because we
accessed PCI device after unregistering from bus driver.
Removing this ioread() operation resolves this bug.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: don't drop carrier flag over suspend
Daniel Drake [Tue, 19 Feb 2013 20:09:47 +0000 (15:09 -0500)]
mwifiex: don't drop carrier flag over suspend

If the system suspends with mwifiex wifi powered on, and is then woken
by an ICMP ping packet, the ping response is discarded by the kernel
because the kernel incorrectly thinks there is no carrier.

I can't see any valid reason to want to report loss of carrier here,
so remove the offending code.

Fixes http://dev.laptop.org/ticket/12554

Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agonet: wireless: hostap: hostap_ap.c: Return -ENOMEM instead of -1 for if kmalloc(...
Kumar Amit Mehta [Mon, 18 Feb 2013 12:13:44 +0000 (04:13 -0800)]
net: wireless: hostap: hostap_ap.c: Return -ENOMEM instead of -1 for if kmalloc() fails.

When memory allocation using, kmalloc() fails, report appropriate error value.

Signed-off-by: Kumar Amit Mehta <gmate.amit@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agonet: wireless: orinoco: orinoco_usb.c: fix DMA buffers on stack
Kumar Amit Mehta [Mon, 18 Feb 2013 11:37:44 +0000 (03:37 -0800)]
net: wireless: orinoco: orinoco_usb.c: fix DMA buffers on stack

This patch fixes an instance of DMA buffer on stack(being passed to
usb_control_msg) for the wireless USB version of the Agere Orinoco card driver.
It also fixes the missing audit for the return value of firmware download
routine. Found using smatch.

Signed-off-by: Kumar Amit Mehta <gmate.amit@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agortlwifi: usb: allocate URB control message setup_packet and data buffer separately
Jussi Kivilinna [Mon, 18 Feb 2013 08:29:30 +0000 (10:29 +0200)]
rtlwifi: usb: allocate URB control message setup_packet and data buffer separately

rtlwifi allocates both setup_packet and data buffer of control message urb,
using shared kmalloc in _usbctrl_vendorreq_async_write. Structure used for
allocating is:
struct {
u8 data[254];
struct usb_ctrlrequest dr;
};

Because 'struct usb_ctrlrequest' is __packed, setup packet is unaligned and
DMA mapping of both 'data' and 'dr' confuses ARM/sunxi, leading to memory
corruptions and freezes.

Patch changes setup packet to be allocated separately.

[v2]:
 - Use WARN_ON_ONCE instead of WARN_ON

Cc: <stable@vger.kernel.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: add 802.11AC support
Yogesh Ashok Powar [Sat, 16 Feb 2013 05:44:30 +0000 (21:44 -0800)]
mwifiex: add 802.11AC support

For STA mode, collect VHT realated IEs from the Beacons or Probe
Responses and append similar VHT related IEs to association
requests.

For AP mode, get VHT related capability information and share it
with cfg80211 at the time of wiphy register. This information is
further used by cfg80211 and hostapd to start an AP with 802.11AC
support.

Currently only 8897 supports 802.11AC.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Frank Huang <frankh@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: coding style cleanup in bss parameter update
Yogesh Ashok Powar [Sat, 16 Feb 2013 05:44:29 +0000 (21:44 -0800)]
mwifiex: coding style cleanup in bss parameter update

They all can make one line.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: fix empty TX ring check for PCIe8897 while unloading driver
Avinash Patil [Sat, 16 Feb 2013 05:37:54 +0000 (21:37 -0800)]
mwifiex: fix empty TX ring check for PCIe8897 while unloading driver

While unloading driver, we free all pending TX packets by flushing
TX ring. There is unhandled case for PCIE8897 while checking for
ring empty condition.

This patch adds the handling by calling mwifiex_pcie_txbd_empty().

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac802...
John W. Linville [Mon, 18 Feb 2013 20:27:42 +0000 (15:27 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211-next

11 years agoiwlwifi: dvm: improve (again) the prints in reclaim path
Emmanuel Grumbach [Thu, 14 Feb 2013 09:33:54 +0000 (11:33 +0200)]
iwlwifi: dvm: improve (again) the prints in reclaim path

I removed a bit too much info last time.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: dvm: fix delayed enter to CT-kill bug
Eytan Lifshitz [Fri, 15 Feb 2013 14:31:45 +0000 (16:31 +0200)]
iwlwifi: dvm: fix delayed enter to CT-kill bug

Theoretically, the card may not enter CTKILL:
In case the timer that iwl_prepare_ct_kill_task is setting,
will expire before tt->state revert to its previous state.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Reserve MAC id 0 for managed interfaces
Ilan Peer [Wed, 13 Feb 2013 11:27:18 +0000 (13:27 +0200)]
iwlwifi: mvm: Reserve MAC id 0 for managed interfaces

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Fix resource allocation for P2P Device
Ilan Peer [Wed, 13 Feb 2013 10:26:39 +0000 (12:26 +0200)]
iwlwifi: mvm: Fix resource allocation for P2P Device

The time event data structures are required also for P2P Device
interface.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Set the scan type according to the vif type
Ilan Peer [Mon, 11 Feb 2013 06:50:45 +0000 (08:50 +0200)]
iwlwifi: mvm: Set the scan type according to the vif type

The FW can differentiate between scans, according to the interface
type on which the scan was issues. Supply the interfaces type
information to the FW.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: fix time event command handling race
Johannes Berg [Fri, 15 Feb 2013 23:11:34 +0000 (00:11 +0100)]
iwlwifi: mvm: fix time event command handling race

Occasionally, we would run into this warning:

  iwlwifi 0000:02:00.0: U iwl_mvm_protect_session extend 0x2601: only 200 ms left
  iwlwifi 0000:02:00.0: U iwl_mvm_remove_time_event Removing TE 0x2601
  iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command TIME_EVENT_CMD (#29), seq: 0x0925, 60 bytes at 37[5]:9
  iwlwifi 0000:02:00.0: U iwl_pcie_send_hcmd_sync Attempting to send sync command TIME_EVENT_CMD
  iwlwifi 0000:02:00.0: U iwl_pcie_send_hcmd_sync Setting HCMD_ACTIVE for command TIME_EVENT_CMD
  iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command TIME_EVENT_CMD (#29), seq: 0x0926, 60 bytes at 38[6]:9
  iwlwifi 0000:02:00.0: U iwl_mvm_time_event_response TIME_EVENT_CMD response - UID = 0x2601
  iwlwifi 0000:02:00.0: I iwl_pcie_hcmd_complete Clearing HCMD_ACTIVE for command TIME_EVENT_CMD
  iwlwifi 0000:02:00.0: U iwl_mvm_rx_time_event_notif Time event notification - UID = 0x2701 action 1
  wlan0: associate with 00:0a:b8:55:a8:30 (try 2/3)
  ------------[ cut here ]------------
  WARNING: at drivers/net/wireless/iwlwifi/mvm/time-event.c:269 iwl_mvm_time_event_send_add+0x163/0x1a0 [iwlmvm]()
  Modules linked in: [...]
  Call Trace:
   [<c1046e42>] warn_slowpath_common+0x72/0xa0
   [<c1046e92>] warn_slowpath_null+0x22/0x30
   [<f8cad913>] iwl_mvm_time_event_send_add+0x163/0x1a0 [iwlmvm]
   [<f8cadead>] iwl_mvm_protect_session+0xcd/0x1c0 [iwlmvm]
   [<f8ca2087>] iwl_mvm_mac_mgd_prepare_tx+0x67/0xa0 [iwlmvm]
   [<f882a130>] ieee80211_sta_work+0x8f0/0x1070 [mac80211]

The reason is a problem with asynchronous vs. synchronous
commands, what happens here is the following:
 * TE 0x2601 is removed, the TIME_EVENT_CMD for that is async
 * a new TE (will be 0x2701) is created, the TIME_EVENT_CMD
   for that is sync and also uses a notification wait for the
   response (to avoid another race condition)
 * the response for the TE 0x2601 removal comes from the
   firmware, and is handled by the notification wait handler
   that's really waiting for the second response, but can't
   tell the difference, we therefore see the message
   "TIME_EVENT_CMD response - UID = 0x2601" instead of
   "TIME_EVENT_CMD response - UID = 0x2701".

Fix this issue by making the TE removal synchronous as well,
this means that we wait for the response to that command
first, before there's any chance of sending a new one.

Also, to detect such issues more easily in the future, add
a warning to the notification handler that detects them.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: add debug statement to time event add
Johannes Berg [Fri, 15 Feb 2013 22:54:10 +0000 (23:54 +0100)]
iwlwifi: mvm: add debug statement to time event add

This is helpful for debugging the time event warning,
but also in general to see what's going on.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: fix GO powersave client manipulation
Johannes Berg [Fri, 15 Feb 2013 21:47:48 +0000 (22:47 +0100)]
iwlwifi: mvm: fix GO powersave client manipulation

All station commands must include a valid MAC ID,
the ID 0 is randomly valid in some cases, but we
must set the ID properly. Do that by passing the
right station and using its mac_id_n_color.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: program DTIM timings properly
Johannes Berg [Tue, 5 Feb 2013 17:10:04 +0000 (18:10 +0100)]
iwlwifi: mvm: program DTIM timings properly

For the firmware to know when DTIM beacons arrive
we have to program the DTIM time in TSF and system
time in the MAC context. Since mac80211 now tracks
the different times (on demand), this becomes easy.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: fix merge error
Johannes Berg [Fri, 15 Feb 2013 22:39:17 +0000 (23:39 +0100)]
iwlwifi: mvm: fix merge error

The iwlwifi-next tree removed IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC
while the mac80211-next tree removed

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoMerge remote-tracking branch 'wireless-next/master' into iwlwifi-next
Johannes Berg [Mon, 18 Feb 2013 19:16:12 +0000 (20:16 +0100)]
Merge remote-tracking branch 'wireless-next/master' into iwlwifi-next

11 years agocfg80211: fix station change if TDLS isn't supported
Johannes Berg [Mon, 18 Feb 2013 13:57:42 +0000 (14:57 +0100)]
cfg80211: fix station change if TDLS isn't supported

Larry noticed (and bisected) that commit df881293c6ba9a12868491a717b25
"cfg80211: Pass TDLS peer's QoS/HT/VHT information during set_station"
broke secure connections. This is is the case only for drivers that
don't support TDLS, where any kind of change, even just the change of
authorized flag that is required for normal operation, was rejected
now. To fix this, remove the checks. I have some patches that will add
proper verification for all the different cases later.

Cc: Jouni Malinen <j@w1.fi>
Bisected-by: Larry Finger <Larry.Finger@lwfinger.net>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: don't spam mesh probe response messages
Thomas Pedersen [Sat, 16 Feb 2013 18:41:06 +0000 (10:41 -0800)]
mac80211: don't spam mesh probe response messages

If mesh plink debugging is enabled, this gets annoying in
a crowded environment, fast.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stringify mesh peering events
Thomas Pedersen [Sat, 16 Feb 2013 18:41:05 +0000 (10:41 -0800)]
mac80211: stringify mesh peering events

Convert mesh peering events into strings and make the
debug output a little easier to read. Also stop printing
the llid and plid since these don't change across peering
states and are random numbers anyway so they just amount
to noise.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: clean up mesh HT operation
Thomas Pedersen [Sat, 16 Feb 2013 18:41:04 +0000 (10:41 -0800)]
mac80211: clean up mesh HT operation

ieee80211_ht_cap_ie_to_sta_ht_cap() will clean up the
ht_supported flag and station bandwidth field for us
if the peer beacon doesn't have an HT capability element
(is operating as non-HT).

Also, we don't really need a special station ch_width
member to track the station operating mode any more so use
sta.bandwidth instead.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix harmless station flush warning
Johannes Berg [Fri, 15 Feb 2013 10:47:50 +0000 (11:47 +0100)]
mac80211: fix harmless station flush warning

If an interface is set down while authenticating or
associating, there's a station entry that will be
removed by the flushing in do_stop() and that will
cause a warning. It's otherwise harmless, but avoid
the warning by calling ieee80211_mgd_stop() first.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: add correct docbook entries
Johannes Berg [Fri, 15 Feb 2013 09:11:24 +0000 (10:11 +0100)]
cfg80211: add correct docbook entries

Update the 802.11 book to list the correct
data structures.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: Fix incorrect use of STA_PR_FMT in trace points
Seth Forshee [Fri, 15 Feb 2013 19:15:48 +0000 (13:15 -0600)]
mac80211: Fix incorrect use of STA_PR_FMT in trace points

Several tracepoints are using STA_PR_FMT where STA_PR_ARG should be
used, resulting in messages like "phy0 sta:ARG TYPE NOT FIELD BUT 1".
Change these to STA_PR_ARG.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoMerge branch 'for-linville' of git://github.com/kvalo/ath6kl
John W. Linville [Fri, 15 Feb 2013 19:06:32 +0000 (14:06 -0500)]
Merge branch 'for-linville' of git://github.com/kvalo/ath6kl

11 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac802...
John W. Linville [Fri, 15 Feb 2013 18:59:53 +0000 (13:59 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211-next

11 years agomac80211: enable vif.cab_queue for mesh
Bob Copeland [Fri, 15 Feb 2013 15:18:34 +0000 (10:18 -0500)]
mac80211: enable vif.cab_queue for mesh

Since mesh powersaving was added, pending bcast/mcast frames may go out the
CAB queue now.  Unfortunately, the queue was only set up for AP mode, so we
would try to tx on the IEEE80211_INVAL_HW_QUEUE.  Allow cab_queue for mesh
interfaces as well.

Fixes the following warning (or crash without MAC80211_VERBOSE_DEBUG):

WARNING: at net/mac80211/tx.c:1223 __ieee80211_tx+0x162/0x35f [mac80211]()
Modules linked in: mac80211_hwsim mac80211 cfg80211 [...]
Pid: 3085, comm: avahi-daemon Tainted: G        W    3.8.0-rc1+ #377
Call Trace:
 [<ffffffff81045c20>] warn_slowpath_common+0x83/0x9c
 [<ffffffff81045c53>] warn_slowpath_null+0x1a/0x1c
 [<ffffffffa083aef0>] __ieee80211_tx+0x162/0x35f [mac80211]
 [<ffffffffa083cb1d>] ieee80211_tx+0xd3/0xf9 [mac80211]
 [<ffffffffa083cc0f>] ieee80211_xmit+0xcc/0xd5 [mac80211]
 [<ffffffffa083db59>] ieee80211_subif_start_xmit+0xc53/0xcd8 [mac80211]
 [<ffffffff81319acd>] dev_hard_start_xmit+0x259/0x3ce
 [<ffffffff81333d6b>] sch_direct_xmit+0x74/0x17d
 [<ffffffff8131a0b1>] dev_queue_xmit+0x230/0x414
 [<ffffffff8134877a>] ip_finish_output2+0x348/0x3aa
 [<ffffffff81349029>] ip_finish_output+0x6c/0x71
 [<ffffffff81349046>] NF_HOOK_COND.constprop.44+0x18/0x58
 [<ffffffff8134a03a>] ip_mc_output+0x134/0x13c
 [<ffffffff8134835a>] dst_output+0x18/0x1c
 [<ffffffff81349a24>] ip_local_out+0x20/0x24
 [<ffffffff8134a8cf>] ip_send_skb+0x16/0x3c
 [<ffffffff8136bfba>] udp_send_skb+0x254/0x2b9
 [<ffffffff8136c85e>] udp_sendmsg+0x5a8/0x7d4

Signed-off-by: Bob Copeland <bob@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: clean up mesh code
Johannes Berg [Fri, 15 Feb 2013 13:40:31 +0000 (14:40 +0100)]
mac80211: clean up mesh code

There's various code with strange indentation,
questionable loop and locking constructs, etc.

The bigger change is moving the "sdata" argument
to the first argument of all functions, like all
other mac80211 functions that have one.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211_hwsim: ask mac80211 to reserve space for chanctx.drv_priv
Karl Beldan [Thu, 14 Feb 2013 23:03:14 +0000 (00:03 +0100)]
mac80211_hwsim: ask mac80211 to reserve space for chanctx.drv_priv

Otherwise memory corruption occurs when using channel contexts (ATM when
param 'channel' > 1).

Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: prevent spurious HT/VHT downgrade message
Johannes Berg [Thu, 14 Feb 2013 11:13:53 +0000 (12:13 +0100)]
mac80211: prevent spurious HT/VHT downgrade message

Even when connecting to an AP that doesn't support VHT,
and even when the local device doesn't support it either,
the downgrade message gets printed. Suppress the message
if HT and/or VHT is disabled.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: renumber NL80211_FEATURE_FULL_AP_CLIENT_STATE
Johannes Berg [Thu, 14 Feb 2013 10:56:13 +0000 (11:56 +0100)]
nl80211: renumber NL80211_FEATURE_FULL_AP_CLIENT_STATE

Adding the flag to mac80211 already without testing was
clearly a mistake, one that we now pay for by having to
reserve bit 13 forever. The problem is cfg80211 doesn't
allow capability/rate changes for station entries that
were added unassociated, so the station entries cannot
be set up properly when marked associated.

Change the NL80211_FEATURE_FULL_AP_CLIENT_STATE value
to make it clear to userspace implementations that all
current kernels don't actually support it, even though
the previous bit is set, and of course also remove the
flag from mac80211 until we test and fix the issues.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: Pass TDLS peer's QoS/HT/VHT information during set_station
Jouni Malinen [Thu, 14 Feb 2013 19:10:54 +0000 (21:10 +0200)]
cfg80211: Pass TDLS peer's QoS/HT/VHT information during set_station

The information of the peer's capabilities is required for the driver
to perform TDLS Peer UAPSD operations. This information of the peer is
passed by the supplicant using NL80211_CMD_SET_STATION command. This
commit enhances the function nl80211_set_station to pass this
information of the peer to the driver in case this command is used
with the TDLS peer STA.

In addition, make the HT/VHT capability configuration handled more
consistently for other STA cases (reject both instead of just HT).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: Pass station (extended) capability info to kernel
Jouni Malinen [Thu, 14 Feb 2013 19:10:13 +0000 (21:10 +0200)]
cfg80211: Pass station (extended) capability info to kernel

The information of the peer's capabilities and extended capabilities are
required for the driver to perform TDLS Peer UAPSD operations and off
channel operations. This information of the peer is passed from user space
using NL80211_CMD_SET_STATION command. This commit enhances
the function nl80211_set_station to pass the capability information of
the peer to the driver.

Similarly, there may be need for capability information for other modes,
so allow this to be provided with both add_station and change_station.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: advertise operating mode notification capability
Johannes Berg [Mon, 11 Feb 2013 13:27:08 +0000 (14:27 +0100)]
mac80211: advertise operating mode notification capability

Use the new extended capabilities advertising to advertise
the fact that operating mode notification is supported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: advertise extended capabilities to userspace
Johannes Berg [Mon, 11 Feb 2013 13:20:05 +0000 (14:20 +0100)]
cfg80211: advertise extended capabilities to userspace

In many cases, userspace may need to know which of the
802.11 extended capabilities ("Extended Capabilities
element") are implemented in the driver or device, to
include them e.g. in beacons, assoc request/response
or other frames. Add a new nl80211 attribute to hold
the extended capabilities bitmap for this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stop modifying HT SMPS capability
Johannes Berg [Tue, 12 Feb 2013 13:21:00 +0000 (14:21 +0100)]
mac80211: stop modifying HT SMPS capability

Instead of modifying the HT SMPS capability field
for stations, track the SMPS mode explicitly in a
new field in the station struct and use it in the
drivers that care about it. This simplifies the
code using it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: generate mesh probe responses
Thomas Pedersen [Thu, 14 Feb 2013 19:20:14 +0000 (11:20 -0800)]
mac80211: generate mesh probe responses

Mesh interfaces will now respond to any broadcast (or
matching directed mesh) probe requests with a probe
response.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: cache mesh beacon
Thomas Pedersen [Thu, 14 Feb 2013 19:20:13 +0000 (11:20 -0800)]
mac80211: cache mesh beacon

Previously, the entire mesh beacon would be generated each
time the beacon timer fired. Instead generate a beacon
head and tail (so the TIM can easily be inserted when mesh
power save is on) when starting a mesh or the MBSS
parameters change.

Also add a mutex for protecting beacon updates and
preventing leaks.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: constify IE parsing
Johannes Berg [Tue, 12 Feb 2013 15:43:19 +0000 (16:43 +0100)]
mac80211: constify IE parsing

Make all the parsed IE pointers const, and propagate
the change to all the users etc.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: advertise HT/VHT channel limitations
Johannes Berg [Wed, 12 Dec 2012 16:59:39 +0000 (17:59 +0100)]
nl80211: advertise HT/VHT channel limitations

When drivers or regulatory have limitations on
40, 80 or 160 MHz channels, advertise these to
userspace via nl80211. Also add a new feature
flag to let userspace know this is supported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: allow drivers to selectively disable 80/160 MHz
Johannes Berg [Wed, 12 Dec 2012 16:50:39 +0000 (17:50 +0100)]
cfg80211: allow drivers to selectively disable 80/160 MHz

Some drivers might support 80 or 160 MHz only on some
channels for whatever reason, so allow them to disable
these channel widths. Also maintain the new flags when
regulatory bandwidth limitations would disable these
wide channels.

Reviewed-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: properly track HT/VHT operation changes
Johannes Berg [Fri, 8 Feb 2013 14:12:14 +0000 (15:12 +0100)]
mac80211: properly track HT/VHT operation changes

A while ago, I made the mac80211 station code never change
the channel type after association. This solved a number of
issues but is ultimately wrong, we should react if the AP
changes the HT operation IE and switches bandwidth. One of
the issues is that we associate as HT40 capable, but if the
AP ever switches to 40 MHz we won't be able to receive such
frames because we never set our channel to 40 MHz.

This addresses this and VHT operation changes. If there's a
change that is incompatible with our setup, e.g. if the AP
decides to change the channel entirely (and for some reason
we still hear the beacon) we'll just disconnect.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: move ieee80211_determine_chantype function
Johannes Berg [Fri, 8 Feb 2013 13:52:32 +0000 (14:52 +0100)]
mac80211: move ieee80211_determine_chantype function

The next patch will need it further up in the file, so
move it unchanged now.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: add ieee80211_vif_change_bandwidth
Johannes Berg [Thu, 7 Feb 2013 20:37:29 +0000 (21:37 +0100)]
mac80211: add ieee80211_vif_change_bandwidth

For HT and VHT the current bandwidth can change,
add the function ieee80211_vif_change_bandwidth()
to take care of this. It returns a failure if the
new bandwidth isn't compatible with the existing
channel context, the caller has to handle that.
When it happens, also inform the driver that the
bandwidth changed for this virtual interface (no
drivers would actually care today though.)

Changing to/from HT/VHT isn't allowed though.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: clean up channel use in ieee80211_config_ht_tx
Johannes Berg [Fri, 8 Feb 2013 12:15:55 +0000 (13:15 +0100)]
mac80211: clean up channel use in ieee80211_config_ht_tx

The channel use is confusing, some uses the channel
context and some the bss_conf.chandef. The latter is
fine, so get rid of the channel context part.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: disable HT/VHT if AP has no HT/VHT capability
Johannes Berg [Thu, 7 Feb 2013 22:33:32 +0000 (23:33 +0100)]
mac80211: disable HT/VHT if AP has no HT/VHT capability

Having HT/VHT operation IEs but not capability IEs
leads to a strange situation where we configure the
channel to an HT or VHT bandwidth and then can't
actually use it. Prevent this by checking that the
HT and VHT capability IEs are present as well as
the operation IEs; if not, disable HT and/or VHT.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: handle operating mode notif in beacon/assoc response
Johannes Berg [Thu, 7 Feb 2013 21:24:55 +0000 (22:24 +0100)]
mac80211: handle operating mode notif in beacon/assoc response

In beacons and association response frames an AP may include an
operating mode notification element to advertise changes in the
number of spatial streams it can receive. Handle this using the
existing function that handles the action frame, but only handle
NSS changes, not bandwidth changes which aren't allowed here.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix ieee80211_change_chandef name
Johannes Berg [Thu, 7 Feb 2013 20:30:37 +0000 (21:30 +0100)]
mac80211: fix ieee80211_change_chandef name

This should be called ieee80211_change_chanctx() since
it changes the channel context, not a chandef.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix HT/VHT disable flags
Johannes Berg [Thu, 7 Feb 2013 19:41:50 +0000 (20:41 +0100)]
mac80211: fix HT/VHT disable flags

The code to disable HT and VHT if VHT was advertised
without VHT is wrong -- it accidentally uses the wrong
flags. Fix that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: init HT TX data before rate control
Johannes Berg [Thu, 7 Feb 2013 16:36:12 +0000 (17:36 +0100)]
mac80211: init HT TX data before rate control

In case of connection, the station data is initialised from
the beacon/probe response first and then updated from the
association response. If the latter is different we update
the rate control algorithm and driver. Instead of doing it
this way, set the station data properly with data from the
association response before initializing rate control.

Also simplify the code by passing the station pointer.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: handle VHT operating mode notification
Johannes Berg [Thu, 27 Dec 2012 17:55:36 +0000 (18:55 +0100)]
mac80211: handle VHT operating mode notification

Handle the operating mode notification action frame.
When the supported streams or the bandwidth change
let the driver and rate control algorithm know.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: track number of spatial streams
Johannes Berg [Thu, 27 Dec 2012 17:26:42 +0000 (18:26 +0100)]
mac80211: track number of spatial streams

With VHT, a station can change the number of spatial
streams it can receive on the fly, not unlike spatial
multiplexing in HT. Prepare for that by tracking the
maximum number of spatial streams it can receive when
the connection is established.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agowireless: define operating mode action frame
Johannes Berg [Thu, 27 Dec 2012 17:45:41 +0000 (18:45 +0100)]
wireless: define operating mode action frame

Define the action frame format, the VHT category
and its action types and the field format and EID
for operating mode notifications. The frame may
be used outside of VHT context as well, so don't
include "VHT" in the names.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stop toggling IEEE80211_HT_CAP_SUP_WIDTH_20_40
Johannes Berg [Thu, 7 Feb 2013 10:47:44 +0000 (11:47 +0100)]
mac80211: stop toggling IEEE80211_HT_CAP_SUP_WIDTH_20_40

For VHT, many more bandwidth changes are possible. As a first
step, stop toggling the IEEE80211_HT_CAP_SUP_WIDTH_20_40 flag
in the HT capabilities and instead introduce a bandwidth field
indicating the currently usable bandwidth to transmit to the
station. Of course, make all drivers use it.

To achieve this, make ieee80211_ht_cap_ie_to_sta_ht_cap() get
the station as an argument, rather than the new capabilities,
so it can set up the new bandwidth field.

If the station is a VHT station and VHT bandwidth is in use,
also set the bandwidth accordingly.

Doing this allows us to get rid of the supports_40mhz flag as
the HT capabilities now reflect the true capability instead of
the current setting.

While at it, also fix ieee80211_ht_cap_ie_to_sta_ht_cap() to not
ignore HT cap overrides when MCS TX isn't supported (not that it
really happens...)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: pass station to ieee80211_vht_cap_ie_to_sta_vht_cap
Johannes Berg [Thu, 7 Feb 2013 10:58:58 +0000 (11:58 +0100)]
mac80211: pass station to ieee80211_vht_cap_ie_to_sta_vht_cap

Like with HT, make things a bit simpler in future patches by
passing the station to ieee80211_vht_cap_ie_to_sta_vht_cap()
instead of the vht_cap pointer. Also disable VHT here if HT
isn't supported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoMerge remote-tracking branch 'mac80211/master' into HEAD
Johannes Berg [Fri, 15 Feb 2013 08:41:21 +0000 (09:41 +0100)]
Merge remote-tracking branch 'mac80211/master' into HEAD