kernel/kernel-generic.git
12 years agoiwlegacy: regulatory_bands is not an ops
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:12 +0000 (11:23 +0100)]
iwlegacy: regulatory_bands is not an ops

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: use writeb,writel,readl directly
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:11 +0000 (11:23 +0100)]
iwlegacy: use writeb,writel,readl directly

That change will save us some CPU cycles at run time. Having
port-based I/O seems to be not possible for PCIe devices.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: cleanup/fix memory barriers
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:10 +0000 (11:23 +0100)]
iwlegacy: cleanup/fix memory barriers

wmb(), rmb() are not needed when writel(), readl() are used as
accessors for MMIO. We use them indirectly via iowrite32(),
ioread32().

What is needed mmiowb(), for synchronizing writes coming from
different CPUs on PCIe bridge (see in patch comments). This
fortunately is not needed on x86, where mmiowb() is just
defined as compiler barrier. As iwlegacy devices are most likely
not used on anything other than x86, this is not so important
fix.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: always check if got h/w access before write
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:09 +0000 (11:23 +0100)]
iwlegacy: always check if got h/w access before write

Before we write to the device register always check if
_il_grap_nic_access() was successful.

Change type return type _il_grap_nic_access() to bool, and
add likely()/unlikely() statements.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoiwlegacy: dump stack when fail to gain access to the device
Stanislaw Gruszka [Mon, 13 Feb 2012 10:23:08 +0000 (11:23 +0100)]
iwlegacy: dump stack when fail to gain access to the device

Print dump stack when the device is not responding. This should give
some more clue about the reason of failure. Also change the message we
print, since "MAC in deep sleep" is kinda confusing.

On the way add unlikely(), as fail to gain NIC access is hmm ...
unlikely.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi: rtl8192se firmware load can overflow target buffer
Tim Gardner [Fri, 10 Feb 2012 00:19:52 +0000 (18:19 -0600)]
rtlwifi: rtl8192se firmware load can overflow target buffer

Define RTL8190_MAX_RAW_FIRMWARE_CODE_SIZE which represents the
maximimum possible firmware file size. Use it in the definition
of the buffer which receives the firmware file data.

Set RTL8190_MAX_RAW_FIRMWARE_CODE_SIZE closer to the actual size of
the firmware file, e.g., 90000 (down from hard coded 164000). The current
size of rtlwifi/rtl8192sefw.bin is 88856.

Set max_fw_size to RTL8190_MAX_RAW_FIRMWARE_CODE_SIZE for the size limit
check. Fix the error case where max_fw_size is not cleared if the size
limit check fails.

Cc: Chaoming Li <chaoming_li@realsil.com.cn>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: make sdio firmware filename specific
Arend van Spriel [Thu, 9 Feb 2012 20:09:09 +0000 (21:09 +0100)]
brcm80211: fmac: make sdio firmware filename specific

The sdio driver part uses firmware name brcmfmac.bin. With addition
of usb this name is too generic. This patch renames the filename
to brcmfmac-sdio.bin.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: add USB support for bcm43235/6/8 chipsets
Arend van Spriel [Thu, 9 Feb 2012 20:09:08 +0000 (21:09 +0100)]
brcm80211: fmac: add USB support for bcm43235/6/8 chipsets

This patch extends the use of the brcmfmac driver with support for
chipsets with a USB host interface. The first chipsets supported are
the bcm43235, bcm43236, and bcm43238 for which firmware has been
submitted.

This driver change has been successfully built for x86, x86_64,
ppc64, arm_le, and mips_be.

It has been tested successfully on x86 and x86_64.

Cc: M. Lambert <lambertm@westman.wave.ca>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Kan Yan <kanyan@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: use spinlock calls saving irq flags in brcmf_enq_event()
Arend van Spriel [Thu, 9 Feb 2012 20:09:07 +0000 (21:09 +0100)]
brcm80211: fmac: use spinlock calls saving irq flags in brcmf_enq_event()

This function is executed within irq context. The call spin_unlock_irq
does enable interrupts which is not desired in the irq context. This patch
replaces them using the spin_loc_irqsave and spin_unlock_irqrestore
functions.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Kan Yan <kanyan@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: change allocation flag in brcmf_enq_event() function
Arend van Spriel [Thu, 9 Feb 2012 20:09:06 +0000 (21:09 +0100)]
brcm80211: fmac: change allocation flag in brcmf_enq_event() function

As the function is called from atomic context it should not do the
kzalloc call with GFP_KERNEL.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Kan Yan <kanyan@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: update bus state in common driver part
Arend van Spriel [Thu, 9 Feb 2012 20:09:05 +0000 (21:09 +0100)]
brcm80211: fmac: update bus state in common driver part

The bus state is updated in the sdio bus init function, but it is
better to do it when the brcmf_bus_start() function is completed
successfully. The brcmf_netdev_open() function will return -EAGAIN
until the state is updated instead of calling brcmf_bus_start() to
avoid reentering that function.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: only return success in brcmf_sdbrcm_bus_init() when true
Arend van Spriel [Thu, 9 Feb 2012 20:09:04 +0000 (21:09 +0100)]
brcm80211: fmac: only return success in brcmf_sdbrcm_bus_init() when true

The function brcmf_sdbrcm_bus_init() always returned success except for
firmware download failure. However, also when enabling SDIO function 2
is failing the function should return failure. This patch fixes that.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: move module entry points to dhd_linux.c
Arend van Spriel [Thu, 9 Feb 2012 20:09:03 +0000 (21:09 +0100)]
brcm80211: fmac: move module entry points to dhd_linux.c

The module_init/exit functions are moved to dhd_linux.c to prepare
for supporting multiple host interface types.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: use specific types in struct brcmf_bus
Arend van Spriel [Thu, 9 Feb 2012 20:09:02 +0000 (21:09 +0100)]
brcm80211: fmac: use specific types in struct brcmf_bus

The fields bus_priv and drvr are defined as void pointer. It is
preferred to have specific types for compiler type checking. To
prepare for other bus types the bus_priv field is defined as a
union containing the sdio bus private structure reference.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: make sure cancel_work_sync only called after INIT_WORK
Franky Lin [Thu, 9 Feb 2012 20:09:01 +0000 (21:09 +0100)]
brcm80211: fmac: make sure cancel_work_sync only called after INIT_WORK

INIT_WORK only gets called after brcmf_proto_attach returns
success. This dependency should be annotated in brcmf_detach to
avoid any error.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Franky Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: fmac: resolve smatch issues in brcmfmac code
Arend van Spriel [Thu, 9 Feb 2012 20:09:00 +0000 (21:09 +0100)]
brcm80211: fmac: resolve smatch issues in brcmfmac code

This patch resolves the following smatch issues:

wl_cfg80211.c +1377 brcmf_cfg80211_connect(65) warn: min_t truncates
here '(sme->ssid_len)' (4294967295 vs 9223372036854775807)
dhd_sdio.c +1275 brcmf_sdbrcm_rxglom(156) warn: min_t truncates here
'(pfirst->len)' (2147483647 vs 4294967295)
dhd_sdio.c +1457 brcmf_sdbrcm_rxglom(338) warn: min_t truncates here
'(pfirst->len)' (2147483647 vs 4294967295)
bcmsdh_sdmmc.c +300 brcmf_sdioh_request_buffer(10) warn: variable
dereferenced before check 'pkt' (see line 295)

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: remove smatch warnings from brcmsmac code
Arend van Spriel [Thu, 9 Feb 2012 20:08:59 +0000 (21:08 +0100)]
brcm80211: smac: remove smatch warnings from brcmsmac code

The patch fixes following smatch warnings:

main.c +2902 brcms_b_read_objmem(11) info: ignoring unreachable code.
mac80211_if.c +1146 brcms_suspend(8) error: we previously assumed 'wl'
could be null (see line 1145)
srom.c +641 _initvars_srom_pci(16) error: potential null dereference
'entry'.  (kzalloc returns null)

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: fix endless retry of A-MPDU transmissions
Arend van Spriel [Thu, 9 Feb 2012 20:08:58 +0000 (21:08 +0100)]
brcm80211: smac: fix endless retry of A-MPDU transmissions

The A-MPDU code checked against a retry limit, but it was using
the wrong variable to do so. This patch fixes this to assure
proper retry mechanism.

This problem had a side-effect causing the mac80211 flush callback
to remain waiting forever as well. That side effect has been fixed
by commit by Stanislaw Gruszka:

commit f96b08a7e6f69c0f0a576554df3df5b1b519c479
Date:   Tue Jan 17 12:38:50 2012 +0100

    brcmsmac: fix tx queue flush infinite loop

    Reference:
    https://bugzilla.kernel.org/show_bug.cgi?id=42576

Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: remove redundant assignments from txpwrctrl_pwr_setup_nphy
Arend van Spriel [Thu, 9 Feb 2012 20:08:57 +0000 (21:08 +0100)]
brcm80211: smac: remove redundant assignments from txpwrctrl_pwr_setup_nphy

The function wlc_phy_txpwrctrl_pwr_setup_nphy() does assign a local
variable target_pwr_qtrdbm in several code paths, but in the end all
code paths are coming to an assignment of that variable which does
override all previous. So those early and redundant assignments have
been removed.

Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: smac: fix unintended fallthru in wlc_phy_radio_init_2057()
Arend van Spriel [Thu, 9 Feb 2012 20:08:56 +0000 (21:08 +0100)]
brcm80211: smac: fix unintended fallthru in wlc_phy_radio_init_2057()

The radio initialization for 2057 rev 5 was using the incorrect
register table for the initialization. This patch fixes that.

Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agobrcm80211: update the maintainers listed for brcm80211 drivers
Arend van Spriel [Thu, 9 Feb 2012 20:08:55 +0000 (21:08 +0100)]
brcm80211: update the maintainers listed for brcm80211 drivers

Henry Ptasinski is not working on the brcm80211 driver so taking
his name/email out of the MAINTAINERS file.

Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoCorrecting typos in rtlwifi/base.c
Tristan Pourcelot [Thu, 9 Feb 2012 13:48:09 +0000 (14:48 +0100)]
Correcting typos in rtlwifi/base.c

This patch correct some typos in a comment.

Signed-off-by: Tristan Pourcelot <tristan.pourcelot@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi: rtl8192c-common: rtl8192se: rtl8192de: Simplify if statements
Larry Finger [Thu, 9 Feb 2012 02:56:52 +0000 (20:56 -0600)]
rtlwifi: rtl8192c-common: rtl8192se: rtl8192de: Simplify if statements

Devendra Naga <devendra.aaru@gmail.com> submitted a patch for rtl8192c_common
to change the tests in _rtl92c_store_pwrIndex_diffrate_offset(). This patch
improves on those changes and applies similar modifications to drivers rtl8192se
and rtl8192de.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agort2x00:Add debug message for new chipset
John Li [Wed, 8 Feb 2012 13:25:24 +0000 (21:25 +0800)]
rt2x00:Add debug message for new chipset

Signed-off-by: John Li <chen-yang.li@mediatek.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agort2x00:Fix typo
John Li [Wed, 8 Feb 2012 13:19:01 +0000 (21:19 +0800)]
rt2x00:Fix typo

Signed-off-by: John Li <chen-yang.li@mediatek.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi/rtl8192c: in _rtl92c_phy_calculate_bit_shift remove comparing bitmask against 1
Devendra.Naga [Tue, 31 Jan 2012 07:11:03 +0000 (02:11 -0500)]
rtlwifi/rtl8192c: in _rtl92c_phy_calculate_bit_shift remove comparing bitmask against 1

in _rtl92c_phy_calculate_bit_shift everytime the right shifted bitmask
is AND with 1 and compared against 1. i.e.
       if ((bitmask >> i) & 0x1 == 1)
               break;
which in the if condition is anyway becomes a 1 or 0.

Signed-off-by: Devendra.Naga <devendra.aaru@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoMerge branch 'for-linville' of git://git.kernel.org/pub/scm/linux/kernel/git/luca...
John W. Linville [Wed, 22 Feb 2012 19:44:50 +0000 (14:44 -0500)]
Merge branch 'for-linville' of git://git./linux/kernel/git/luca/wl12xx

12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville [Wed, 15 Feb 2012 21:24:37 +0000 (16:24 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless

Conflicts:
net/mac80211/debugfs_sta.c
net/mac80211/sta_info.h

12 years agoath9k: stop on rates with idx -1 in ath9k rate control's .tx_status
Pavel Roskin [Sat, 11 Feb 2012 15:01:53 +0000 (10:01 -0500)]
ath9k: stop on rates with idx -1 in ath9k rate control's .tx_status

Rate control algorithms are supposed to stop processing when they
encounter a rate with the index -1.  Checking for rate->count not being
zero is not enough.

Allowing a rate with negative index leads to memory corruption in
ath_debug_stat_rc().

One consequence of the bug is discussed at
https://bugzilla.redhat.com/show_bug.cgi?id=768639

Signed-off-by: Pavel Roskin <proski@gnu.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomwifiex: clear previous security setting during association
Amitkumar Karwar [Fri, 10 Feb 2012 02:32:22 +0000 (18:32 -0800)]
mwifiex: clear previous security setting during association

Driver maintains different flags for WEP, WPA, WPA2 security modes.
Appropriate flag is set using security information provided in
connect request. mwifiex_is_network_compatible() routine uses them
to check if driver's setting is compatible with AP. Association is
aborted if the routine fails.

For some corner cases, it is observed that association is failed
even for valid security information based on association history.
This patch fixes the problem by clearing previous security setting
during each association.

We should set WEP key provided in connect request as default tx key.
This missing change is also added here.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: do not call rate control .tx_status before .rate_init
Felix Fietkau [Wed, 8 Feb 2012 18:17:11 +0000 (19:17 +0100)]
mac80211: do not call rate control .tx_status before .rate_init

Most rate control implementations assume .get_rate and .tx_status are only
called once the per-station data has been fully initialized.
minstrel_ht crashes if this assumption is violated.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Tested-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: call rate control only after init
Johannes Berg [Fri, 20 Jan 2012 12:55:23 +0000 (13:55 +0100)]
mac80211: call rate control only after init

There are situations where we don't have the
necessary rate control information yet for
station entries, e.g. when associating. This
currently doesn't really happen due to the
dummy station handling; explicitly disabling
rate control when it's not initialised will
allow us to remove dummy stations.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoBluetooth: Fix possible use after free in delete path
Ulisses Furquim [Mon, 30 Jan 2012 20:26:29 +0000 (18:26 -0200)]
Bluetooth: Fix possible use after free in delete path

We need to use the _sync() version for cancelling the info and security
timer in the L2CAP connection delete path. Otherwise the delayed work
handler might run after the connection object is freed.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove usage of __cancel_delayed_work()
Ulisses Furquim [Mon, 30 Jan 2012 20:26:28 +0000 (18:26 -0200)]
Bluetooth: Remove usage of __cancel_delayed_work()

__cancel_delayed_work() is being used in some paths where we cannot
sleep waiting for the delayed work to finish. However, that function
might return while the timer is running and the work will be queued
again. Replace the calls with safer cancel_delayed_work() version
which spins until the timer handler finishes on other CPUs and
cancels the delayed work.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0
Manoj Iyer [Thu, 2 Feb 2012 15:32:36 +0000 (09:32 -0600)]
Bluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0

T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=03 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f3 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=74DE2B344A7B
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)

Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Dennis Chua <dennis.chua@canonical.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close
Johan Hedberg [Fri, 3 Feb 2012 19:29:40 +0000 (21:29 +0200)]
Bluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close

We should only perform a reset in hci_dev_do_close if the
HCI_QUIRK_NO_RESET flag is set (since in such a case a reset will not be
performed when initializing the device).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix RFCOMM session reference counting issue
Octavian Purdila [Fri, 27 Jan 2012 17:32:39 +0000 (19:32 +0200)]
Bluetooth: Fix RFCOMM session reference counting issue

There is an imbalance in the rfcomm_session_hold / rfcomm_session_put
operations which causes the following crash:

[  685.010159] BUG: unable to handle kernel paging request at 6b6b6b6b
[  685.010169] IP: [<c149d76d>] rfcomm_process_dlcs+0x1b/0x15e
[  685.010181] *pdpt = 000000002d665001 *pde = 0000000000000000
[  685.010191] Oops: 0000 [#1] PREEMPT SMP
[  685.010247]
[  685.010255] Pid: 947, comm: krfcommd Tainted: G         C  3.0.16-mid8-dirty #44
[  685.010266] EIP: 0060:[<c149d76d>] EFLAGS: 00010246 CPU: 1
[  685.010274] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[  685.010281] EAX: e79f551c EBX: 6b6b6b6b ECX: 00000007 EDX: e79f40b4
[  685.010288] ESI: e79f4060 EDI: ed4e1f70 EBP: ed4e1f68 ESP: ed4e1f50
[  685.010295]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  685.010303] Process krfcommd (pid: 947, ti=ed4e0000 task=ed43e5e0 task.ti=ed4e0000)
[  685.010308] Stack:
[  685.010312]  ed4e1f68 c149eb53 e5925150 e79f4060 ed500000 ed4e1f70 ed4e1f80 c149ec10
[  685.010331]  00000000 ed43e5e0 00000000 ed4e1f90 ed4e1f9c c149ec87 0000bf54 00000000
[  685.010348]  00000000 ee03bf54 c149ec37 ed4e1fe4 c104fe01 00000000 00000000 00000000
[  685.010367] Call Trace:
[  685.010376]  [<c149eb53>] ? rfcomm_process_rx+0x6e/0x74
[  685.010387]  [<c149ec10>] rfcomm_process_sessions+0xb7/0xde
[  685.010398]  [<c149ec87>] rfcomm_run+0x50/0x6d
[  685.010409]  [<c149ec37>] ? rfcomm_process_sessions+0xde/0xde
[  685.010419]  [<c104fe01>] kthread+0x63/0x68
[  685.010431]  [<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[  685.010442]  [<c14dae82>] kernel_thread_helper+0x6/0xd

This issue has been brought up earlier here:

https://lkml.org/lkml/2011/5/21/127

The issue appears to be the rfcomm_session_put in rfcomm_recv_ua. This
operation doesn't seem be to required as for the non-initiator case we
have the rfcomm_process_rx doing an explicit put and in the initiator
case the last dlc_unlink will drive the reference counter to 0.

There have been several attempts to fix these issue:

6c2718d Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket
683d949 Bluetooth: Never deallocate a session when some DLC points to it

but AFAICS they do not fix the issue just make it harder to reproduce.

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Gopala Krishna Murala <gopala.krishna.murala@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix potential deadlock
Andre Guedes [Fri, 27 Jan 2012 22:42:02 +0000 (19:42 -0300)]
Bluetooth: Fix potential deadlock

We don't need to use the _sync variant in hci_conn_hold and
hci_conn_put to cancel conn->disc_work delayed work. This way
we avoid potential deadlocks like this one reported by lockdep.

======================================================
[ INFO: possible circular locking dependency detected ]
3.2.0+ #1 Not tainted
-------------------------------------------------------
kworker/u:1/17 is trying to acquire lock:
 (&hdev->lock){+.+.+.}, at: [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]

but task is already holding lock:
 ((&(&conn->disc_work)->work)){+.+...}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 ((&(&conn->disc_work)->work)){+.+...}:
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff81034ed1>] wait_on_work+0x3d/0xaa
       [<ffffffff81035b54>] __cancel_work_timer+0xac/0xef
       [<ffffffff81035ba4>] cancel_delayed_work_sync+0xd/0xf
       [<ffffffffa00554b0>] smp_chan_create+0xde/0xe6 [bluetooth]
       [<ffffffffa0056160>] smp_conn_security+0xa3/0x12d [bluetooth]
       [<ffffffffa0053640>] l2cap_connect_cfm+0x237/0x2e8 [bluetooth]
       [<ffffffffa004239c>] hci_proto_connect_cfm+0x2d/0x6f [bluetooth]
       [<ffffffffa0046ea5>] hci_event_packet+0x29d1/0x2d60 [bluetooth]
       [<ffffffffa003dde3>] hci_rx_work+0xd0/0x2e1 [bluetooth]
       [<ffffffff810357af>] process_one_work+0x178/0x2bf
       [<ffffffff81036178>] worker_thread+0xce/0x152
       [<ffffffff81039a03>] kthread+0x95/0x9d
       [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10

-> #1 (slock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}:
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff812e553a>] _raw_spin_lock_bh+0x36/0x6a
       [<ffffffff81244d56>] lock_sock_nested+0x24/0x7f
       [<ffffffffa004d96f>] lock_sock+0xb/0xd [bluetooth]
       [<ffffffffa0052906>] l2cap_chan_connect+0xa9/0x26f [bluetooth]
       [<ffffffffa00545f8>] l2cap_sock_connect+0xb3/0xff [bluetooth]
       [<ffffffff81243b48>] sys_connect+0x69/0x8a
       [<ffffffff812e6579>] system_call_fastpath+0x16/0x1b

-> #0 (&hdev->lock){+.+.+.}:
       [<ffffffff81056d06>] __lock_acquire+0xa80/0xd74
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
       [<ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
       [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
       [<ffffffff810357af>] process_one_work+0x178/0x2bf
       [<ffffffff81036178>] worker_thread+0xce/0x152
       [<ffffffff81039a03>] kthread+0x95/0x9d
       [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10

other info that might help us debug this:

Chain exists of:
  &hdev->lock --> slock-AF_BLUETOOTH-BTPROTO_L2CAP --> (&(&conn->disc_work)->work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&(&conn->disc_work)->work));
                               lock(slock-AF_BLUETOOTH-BTPROTO_L2CAP);
                               lock((&(&conn->disc_work)->work));
  lock(&hdev->lock);

 *** DEADLOCK ***

2 locks held by kworker/u:1/17:
 #0:  (hdev->name){.+.+.+}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf
 #1:  ((&(&conn->disc_work)->work)){+.+...}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf

stack backtrace:
Pid: 17, comm: kworker/u:1 Not tainted 3.2.0+ #1
Call Trace:
 [<ffffffff812e06c6>] print_circular_bug+0x1f8/0x209
 [<ffffffff81056d06>] __lock_acquire+0xa80/0xd74
 [<ffffffff81021ef2>] ? arch_local_irq_restore+0x6/0xd
 [<ffffffff81022bc7>] ? vprintk+0x3f9/0x41e
 [<ffffffff81057444>] lock_acquire+0x8a/0xa7
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff81190fd6>] ? __dynamic_pr_debug+0x6d/0x6f
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff8105320f>] ? trace_hardirqs_off+0xd/0xf
 [<ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
 [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff810357af>] process_one_work+0x178/0x2bf
 [<ffffffff81035751>] ? process_one_work+0x11a/0x2bf
 [<ffffffff81055af3>] ? lock_acquired+0x1d0/0x1df
 [<ffffffffa00410f3>] ? hci_acl_disconn+0x65/0x65 [bluetooth]
 [<ffffffff81036178>] worker_thread+0xce/0x152
 [<ffffffff810407ed>] ? finish_task_switch+0x45/0xc5
 [<ffffffff810360aa>] ? manage_workers.isra.25+0x16a/0x16a
 [<ffffffff81039a03>] kthread+0x95/0x9d
 [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10
 [<ffffffff812e5db4>] ? retint_restore_args+0x13/0x13
 [<ffffffff8103996e>] ? __init_kthread_worker+0x55/0x55
 [<ffffffff812e7750>] ? gs_change+0x13/0x13

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: silence lockdep warning
Octavian Purdila [Sat, 21 Jan 2012 22:28:34 +0000 (00:28 +0200)]
Bluetooth: silence lockdep warning

Since bluetooth uses multiple protocols types, to avoid lockdep
warnings, we need to use different lockdep classes (one for each
protocol type).

This is already done in bt_sock_create but it misses a couple of cases
when new connections are created. This patch corrects that to fix the
following warning:

<4>[ 1864.732366] =======================================================
<4>[ 1864.733030] [ INFO: possible circular locking dependency detected ]
<4>[ 1864.733544] 3.0.16-mid3-00007-gc9a0f62 #3
<4>[ 1864.733883] -------------------------------------------------------
<4>[ 1864.734408] t.android.btclc/4204 is trying to acquire lock:
<4>[ 1864.734869]  (rfcomm_mutex){+.+.+.}, at: [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.735541]
<4>[ 1864.735549] but task is already holding lock:
<4>[ 1864.736045]  (sk_lock-AF_BLUETOOTH){+.+.+.}, at: [<c1498bf7>] lock_sock+0xa/0xc
<4>[ 1864.736732]
<4>[ 1864.736740] which lock already depends on the new lock.
<4>[ 1864.736750]
<4>[ 1864.737428]
<4>[ 1864.737437] the existing dependency chain (in reverse order) is:
<4>[ 1864.738016]
<4>[ 1864.738023] -> #1 (sk_lock-AF_BLUETOOTH){+.+.+.}:
<4>[ 1864.738549]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.738977]        [<c13d35c1>] lock_sock_nested+0x58/0x68
<4>[ 1864.739411]        [<c1493c33>] l2cap_sock_sendmsg+0x3e/0x76
<4>[ 1864.739858]        [<c13d06c3>] __sock_sendmsg+0x50/0x59
<4>[ 1864.740279]        [<c13d0ea2>] sock_sendmsg+0x94/0xa8
<4>[ 1864.740687]        [<c13d0ede>] kernel_sendmsg+0x28/0x37
<4>[ 1864.741106]        [<c14969ca>] rfcomm_send_frame+0x30/0x38
<4>[ 1864.741542]        [<c1496a2a>] rfcomm_send_ua+0x58/0x5a
<4>[ 1864.741959]        [<c1498447>] rfcomm_run+0x441/0xb52
<4>[ 1864.742365]        [<c104f095>] kthread+0x63/0x68
<4>[ 1864.742742]        [<c14d5182>] kernel_thread_helper+0x6/0xd
<4>[ 1864.743187]
<4>[ 1864.743193] -> #0 (rfcomm_mutex){+.+.+.}:
<4>[ 1864.743667]        [<c1061ada>] __lock_acquire+0x988/0xc00
<4>[ 1864.744100]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.744519]        [<c14d2c70>] __mutex_lock_common+0x3b/0x33f
<4>[ 1864.744975]        [<c14d303e>] mutex_lock_nested+0x2d/0x36
<4>[ 1864.745412]        [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.745842]        [<c14990d9>] __rfcomm_sock_close+0x5f/0x6b
<4>[ 1864.746288]        [<c1499114>] rfcomm_sock_shutdown+0x2f/0x62
<4>[ 1864.746737]        [<c13d275d>] sys_socketcall+0x1db/0x422
<4>[ 1864.747165]        [<c14d42f0>] syscall_call+0x7/0xb

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix using an absolute timeout on hci_conn_put()
Vinicius Costa Gomes [Wed, 4 Jan 2012 14:57:17 +0000 (11:57 -0300)]
Bluetooth: Fix using an absolute timeout on hci_conn_put()

queue_delayed_work() expects a relative time for when that work
should be scheduled.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: l2cap_set_timer needs jiffies as timeout value
Andrzej Kaczmarek [Wed, 4 Jan 2012 11:10:42 +0000 (12:10 +0100)]
Bluetooth: l2cap_set_timer needs jiffies as timeout value

After moving L2CAP timers to workqueues l2cap_set_timer expects timeout
value to be specified in jiffies but constants defined in miliseconds
are used. This makes timeouts unreliable when CONFIG_HZ is not set to
1000.

__set_chan_timer macro still uses jiffies as input to avoid multiple
conversions from/to jiffies for sk_sndtimeo value which is already
specified in jiffies.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Ackec-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix sk_sndtimeo initialization for L2CAP socket
Andrzej Kaczmarek [Wed, 4 Jan 2012 11:10:41 +0000 (12:10 +0100)]
Bluetooth: Fix sk_sndtimeo initialization for L2CAP socket

sk_sndtime value should be specified in jiffies thus initial value
needs to be converted from miliseconds. Otherwise this timeout is
unreliable when CONFIG_HZ is not set to 1000.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove bogus inline declaration from l2cap_chan_connect
Johan Hedberg [Sun, 8 Jan 2012 20:51:16 +0000 (22:51 +0200)]
Bluetooth: Remove bogus inline declaration from l2cap_chan_connect

As reported by Dan Carpenter this function causes a Sparse warning and
shouldn't be declared inline:

include/net/bluetooth/l2cap.h:837:30 error: marked inline, but without a
definition"

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Don't mark non xfer isoc endpoint URBs with URB_ISO_ASAP
Daniel Wagner [Tue, 3 Jan 2012 10:53:53 +0000 (11:53 +0100)]
Bluetooth: Don't mark non xfer isoc endpoint URBs with URB_ISO_ASAP

[ 2096.384084] btusb_send_frame:684: hci0
[ 2096.384087] usb 3-1: BOGUS urb flags, 2 --> 0
[ 2096.384091] Bluetooth: hci0 urb ffff8801b61d3a80 submission failed (22)

According the documentation in usb_submit_urb() URB_ISO_ASAP
flag is only allowed for endpoints of type USB_ENDPOINT_XFER_ISOC.

This reverts commit b8aabfc92249b239c425da7e4ca85b7e4855e984.

Signed-off-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix l2cap conn failures for ssp devices
Peter Hurley [Fri, 13 Jan 2012 14:11:30 +0000 (15:11 +0100)]
Bluetooth: Fix l2cap conn failures for ssp devices

Commit 330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).

However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agowl12xx: remove some dead code in wl1271_plt_init()
Dan Carpenter [Wed, 8 Feb 2012 09:20:04 +0000 (12:20 +0300)]
wl12xx: remove some dead code in wl1271_plt_init()

"ret" has already been checked at this point, and we don't need to check
it again.  This was left around from a previous patch 49d750ca14
"wl12xx: 1281/1283 support - New radio structs and functions".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: delete wl->vif (and allow multiple vifs)
Eliad Peller [Mon, 6 Feb 2012 10:47:57 +0000 (12:47 +0200)]
wl12xx: delete wl->vif (and allow multiple vifs)

Delete the global wl->vif (and the checks on it),
so multiple vifs could be added.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: enter forced-psm on fw change
Eliad Peller [Mon, 6 Feb 2012 10:47:56 +0000 (12:47 +0200)]
wl12xx: enter forced-psm on fw change

Enter forced psm when changing fw, in order to make the
sta a bit more disconnection-persistent.
(DPM doesn't know about the incoming recovery, so it
won't enter psm by itself)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: dynamically change fw according to number of active roles
Eliad Peller [Mon, 6 Feb 2012 11:07:52 +0000 (13:07 +0200)]
wl12xx: dynamically change fw according to number of active roles

wl12xx uses different fw for single-role and multi-role
scenarios (due to lack of space, some of the fw advanced
features are disabled in the multi-role fw).

Add checks on add_interfae and remove_interface in order
to determine whether a fw switch is needed (and initiate
recovery in this case).

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Use a dedicated fw for PLT
Eliad Peller [Mon, 6 Feb 2012 10:47:54 +0000 (12:47 +0200)]
wl12xx: Use a dedicated fw for PLT

A special PLT firmware is used for calibration.

Add multiple fw support by introducing a new fw_type member,
representing the currently saved fw (the actual fw state
can be determined by wl->state).

Signed-off-by: Gery Kahn <geryk@ti.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add split_scan_timeout debugfs file
Eyal Shapira [Thu, 2 Feb 2012 11:54:29 +0000 (13:54 +0200)]
wl12xx: add split_scan_timeout debugfs file

Add control over split_scan_timeout through
debugfs. Values are in ms while 0 will disable split scan.

Signed-off-by: Eyal Shapira <eyal@wizey.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: use split scan for normal scan
Eyal Shapira [Thu, 2 Feb 2012 11:54:28 +0000 (13:54 +0200)]
wl12xx: use split scan for normal scan

Split scan allows the FW to schedule other activities
during a scan which may be a long operation. This is
achieved by setting a trigger TID to ANY_TID and a scan
trigger timeout other than 0. The default one is set to 50ms.

Signed-off-by: Eyal Shapira <eyal@wizey.com>
Signed-off-by: Igal Chernobelsky <igalc@ti.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: increase max probe-req template size to WL1271_CMD_TEMPL_MAX_SIZE
Ido Reis [Thu, 2 Feb 2012 11:54:27 +0000 (13:54 +0200)]
wl12xx: increase max probe-req template size to WL1271_CMD_TEMPL_MAX_SIZE

Increase max scan IEs to allow big probe-req frames

Report a correct max-length for the scan IEs we can support, according
to the now larger size of the probe-req template.

Signed-off-by: Ido Reis <idor@ti.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: don't fail on AP scan
Eliad Peller [Thu, 2 Feb 2012 11:54:26 +0000 (13:54 +0200)]
wl12xx: don't fail on AP scan

AP role uses its own role_id for scans, so there's
no reason to fail the scan if dev_role_id is invalid.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: declare support for hw scan while idle
Eliad Peller [Thu, 2 Feb 2012 11:15:35 +0000 (13:15 +0200)]
wl12xx: declare support for hw scan while idle

By allowing hw scan while idle, we no longer
need the redundant ROC/CROC that are done
on idle off/on, which helps simplifying the
state machine of the driver.

This way, we can also allow scanning while
there is an ongoing sched scan (otherwise,
we won't be able to ROC on idle-off)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: configure arp filtering only after association
Eliad Peller [Thu, 2 Feb 2012 10:22:11 +0000 (12:22 +0200)]
wl12xx: configure arp filtering only after association

We have to configure arp filtering only after the role was
started, so move the BSS_CHANGED_ARP_FILTER handling after
the join.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Revert "wl12xx: disable auto-arp"
Eliad Peller [Thu, 2 Feb 2012 10:22:10 +0000 (12:22 +0200)]
wl12xx: Revert "wl12xx: disable auto-arp"

This reverts commit e5e2f24b3eec67a7a35d43654a997f98ca21aff2.

The encryption consideration on auto-arp configuration,
along with a fw fix, seem to resolve the crashes that
occured when auto-arp was enabled, so we can re-enable it now.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: consider encryption and QoS in auto arp template
Eliad Peller [Thu, 2 Feb 2012 10:22:09 +0000 (12:22 +0200)]
wl12xx: consider encryption and QoS in auto arp template

When configuring the arp response template,
and encryption is enabled, we should add some
space and set the protected flag bit in the fc.

In order to track the encryption type, set
wlvif->encryption_type when setting an encryption key,
and reconfigure the arp response. Clear this field on
wl1271_join, as keys have to be re-configured
anyway after a join command.

Similarly, track whether QoS is configured.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add forced_ps debugfs file
Eyal Shapira [Thu, 2 Feb 2012 10:03:42 +0000 (12:03 +0200)]
wl12xx: add forced_ps debugfs file

Added control over forced_ps option through debugfs.
This can be either 1 or 0.

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add forced_ps mode
Eyal Shapira [Thu, 2 Feb 2012 17:06:45 +0000 (19:06 +0200)]
wl12xx: add forced_ps mode

For certain WiFi certification tests forcing PS
is necessary. Since DPS is now enabled in the FW
and this can't be achieved by using netlatency
this required a new config option.

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add suspend_listen_interval debugfs file
Eyal Shapira [Thu, 2 Feb 2012 10:03:40 +0000 (12:03 +0200)]
wl12xx: add suspend_listen_interval debugfs file

Add read/write to suspend_dtim_interval file which
controls the number of DTIM periods between wakeups
while the host is suspended.
The value while the host is resumed is controlled
by the file dtim_interval which existed previously.

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Set different wake up conditions in case of suspend
Eyal Shapira [Thu, 2 Feb 2012 10:03:39 +0000 (12:03 +0200)]
wl12xx: Set different wake up conditions in case of suspend

Added ability to set different wake up conditions for suspend/resume.
Set default values to wake up every 3 DTIMs while suspended
and every 1 DTIM while resumed

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add new coex params
Eliad Peller [Tue, 31 Jan 2012 15:54:43 +0000 (17:54 +0200)]
wl12xx: add new coex params

new params were added to the coex params.
Add them with default value of 0.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add TX_HW_ATTR_HOST_ENCRYPT flag
Eliad Peller [Tue, 31 Jan 2012 15:54:42 +0000 (17:54 +0200)]
wl12xx: add TX_HW_ATTR_HOST_ENCRYPT flag

In WEP shared authentication, we encrypt the auth frame
in the host, and we want the fw to pass it as-is.
Use the TX_HW_ATTR_HOST_ENCRYPT flag in order to indicate
it to the fw.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Set IEEE80211_TX_RC_SHORT_GI if short GI was used on
Pontus Fuchs [Tue, 31 Jan 2012 15:54:41 +0000 (17:54 +0200)]
wl12xx: Set IEEE80211_TX_RC_SHORT_GI if short GI was used on

New FW reports usage of short GI as a rate class index. Check for
this rate and set the IEEE80211_TX_RC_SHORT_GI if used.

Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Set IEEE80211_TX_RC_MCS on MCS rates on TX complete.
Pontus Fuchs [Tue, 31 Jan 2012 15:54:40 +0000 (17:54 +0200)]
wl12xx: Set IEEE80211_TX_RC_MCS on MCS rates on TX complete.

IEEE80211_TX_RC_MCS was not set correctly leading to incorrect link
speed calculation.

Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
Signed-off-by: Ido Reis <idor@ti.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: change WLVIF_FLAG_PSM name and remove WLVIF_FLAG_PSM_REQUESTED
Eyal Shapira [Tue, 31 Jan 2012 09:57:25 +0000 (11:57 +0200)]
wl12xx: change WLVIF_FLAG_PSM name and remove WLVIF_FLAG_PSM_REQUESTED

WLVIF_FLAG_PSM turned to WLVIF_FLAG_IN_AUTO_PS which
marks that this vif is in AUTO PS.

WLVIF_FLAG_PSM_REQUESTED is not required as mac80211
calls op_config with CONF_PS after association.

wl12xx_config_vif() handling of CONF_PS was simplified
and cleaned up.

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: enable/disable BET with AUTO_PS/ACTIVE
Eyal Shapira [Tue, 31 Jan 2012 09:57:24 +0000 (11:57 +0200)]
wl12xx: enable/disable BET with AUTO_PS/ACTIVE

While the FW with dynamic PS controls BET when going to PSM and back
internally within the FW, there's still a need to enable it from the driver
at least once (so enable on every entry to AUTO_PS)
and disable it once we explicitly go back to STATION_ACTIVE_MODE.
BET isn't relevant for 5GHz

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: remove 2 unused parameters in wl1271_ps_set_mode()
Eyal Shapira [Tue, 31 Jan 2012 09:57:23 +0000 (11:57 +0200)]
wl12xx: remove 2 unused parameters in wl1271_ps_set_mode()

cleanup 2 unused parameters of wl1271_ps_set_mode

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add dynamic_ps_timeout debugfs file
Eyal Shapira [Tue, 31 Jan 2012 09:57:22 +0000 (11:57 +0200)]
wl12xx: add dynamic_ps_timeout debugfs file

Enable read/write of dynamic_ps_timeout which controls the timeout
of the dynamic PS implemented in the FW.
dynamic_ps_timeout is the timeout (in msec) until going back to PS
when there's no Rx/Tx

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add support for HW dynamic PS
Eyal Shapira [Tue, 31 Jan 2012 09:57:21 +0000 (11:57 +0200)]
wl12xx: add support for HW dynamic PS

FW now supports dynamic PS so we don't need to use mac80211 support.
FW will go to PSM after a specified timeout with no Rx/Tx traffic.
- Changed FW API to include new PS mode (AUTO_MODE) and including timeout parameter
- The default PS mode would be dynamic PS
- Default timeout is 100ms (same as it used to be in mac80211)
- Avoid using mac80211 APIs to disable/enable dynamic PS as we're not
using mac80211 PS control anymore.
- COEX is handled by the FW while in dynamic PS so removed
handling of SOFT_GEMINI

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: remove PS management code
Eyal Shapira [Tue, 31 Jan 2012 09:57:20 +0000 (11:57 +0200)]
wl12xx: remove PS management code

Removal of PS management code from the driver as PS
is handled by the FW (dynamic PS)

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: fw api change - update cmd/acx/event enums
Eliad Peller [Tue, 31 Jan 2012 09:57:19 +0000 (11:57 +0200)]
wl12xx: fw api change - update cmd/acx/event enums

Update enums/structs to the new fw api.

Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: fw api change - add role_id to tsf_info
Eliad Peller [Tue, 31 Jan 2012 09:57:18 +0000 (11:57 +0200)]
wl12xx: fw api change - add role_id to tsf_info

The ACX_TSF_INFO command now takes role_id as param.
change the struct accordingly, and pass the wlvif
to the wl1271_acx_tsf_info() function.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: use dev_role_id for scans
Eliad Peller [Tue, 31 Jan 2012 09:57:17 +0000 (11:57 +0200)]
wl12xx: use dev_role_id for scans

Use device role for scans when the sta is not
associated.

sched_scan is used only when the sta is
not associated, and thus should use
the dev role (instead of sta role).

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: fw api change - add role_id to set_template
Eliad Peller [Tue, 31 Jan 2012 09:57:16 +0000 (11:57 +0200)]
wl12xx: fw api change - add role_id to set_template

The set_template commands now takes the role_id as
parameter.

Usually, we'll use the vif's main role_id.
However, sometimes we'll want to use
wlvif->dev_role_id instead of wlvif->role_id,
so pass the wanted role_id as param.

Update WL127X_FW_NAME/WL128X_FW_NAME.

(This commit starts a series of fw update patches,
and changes the start() callback to return an error
in order to prevent the use of the driver during the
transition. This change will be reverted in the
last patch of series)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: don't release/claim sdio on suspend/resume
Eliad Peller [Thu, 26 Jan 2012 12:12:32 +0000 (14:12 +0200)]
wl12xx: don't release/claim sdio on suspend/resume

Since we reverted to claiming the host only when needed,
we no longer need to release/claim the host on suspend/resume.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agoRevert "wl12xx: Change claiming of the SDIO bus"
Eliad Peller [Thu, 26 Jan 2012 12:12:31 +0000 (14:12 +0200)]
Revert "wl12xx: Change claiming of the SDIO bus"

This reverts commit 393fb560d328cc06e6a5c7b7473901ad724f82e7.

Commit b6ad726 ("mmc: core: Prevent too long response times
for suspend") fails the suspend if the mmc host can't be
claimed before suspend. As the host is claimed by us as long
as the chip is powered on, suspend will always fail.

Revert to claiming the sdio bus only when needed.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: remove wl1271_tx_update_filters
Eliad Peller [Tue, 24 Jan 2012 16:18:43 +0000 (18:18 +0200)]
wl12xx: remove wl1271_tx_update_filters

wl1271_tx_update_filters() is used as some workaround
to open filters while roaming on the same channel.

However, it doesn't handle roaming to a different channel,
and it might also sleep in the tx path, which is a bug.

With the new auth/assoc redesign, roaming is much simpler,
and this function is not needed anymore.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: check bss_conf->assoc on CHANGED_BSSID
Eliad Peller [Tue, 24 Jan 2012 16:18:42 +0000 (18:18 +0200)]
wl12xx: check bss_conf->assoc on CHANGED_BSSID

with the new auth/assoc redesign, we get CHANGED_BSSID
indication before CHANGED_ASSOC indication, while our
CHANGED_BSSID handling block assumes we are already
associated.

Fix it by checking we are either in ibss mode, or
already associated.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: fix typo in fwlog module param description
Luciano Coelho [Tue, 7 Feb 2012 10:37:33 +0000 (12:37 +0200)]
wl12xx: fix typo in fwlog module param description

Fix a copy and paste bug in the MODULE_PARAM_DESC for fwlog.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: remove unnecessary shadow declaration
Luciano Coelho [Tue, 24 Jan 2012 09:46:32 +0000 (11:46 +0200)]
wl12xx: remove unnecessary shadow declaration

The vif variable was being declared inside one of the internal blocks
of wl1271_event_process.  This is not necessary, since this variable
is already declared in the function context.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: add testmode operation to read the BD_ADDR from Fuse ROM
Luciano Coelho [Fri, 13 Jan 2012 12:04:29 +0000 (14:04 +0200)]
wl12xx: add testmode operation to read the BD_ADDR from Fuse ROM

Add a testmode command to retrieve the BD_ADDR that is stored in the
Fuse ROM in newer PGs.  In old PGs this operation is not supported.
The caller can then derive the MAC addresses from it.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: use two MAC addresses based on the NVS or from fuse ROM
Luciano Coelho [Fri, 23 Dec 2011 07:32:17 +0000 (09:32 +0200)]
wl12xx: use two MAC addresses based on the NVS or from fuse ROM

Add support for two MAC addresses.  If the NVS has a valid MAC
address, that takes precedence and we use two sequential address
starting from the one specified.

If the NVS doesn't contain a valid MAC address (ie. if it is set to
00:00:00:00:00:00), we check if the HW PG version in use has the
BD_ADDR written in the fuse ROM.  If it does, we read it and derive
the two subsequent addresses for WLAN.

During production, 3 addresses are reserved per device.  The first for
Bluetooth (burnt in the fuse ROM) and the following two for WLAN.

This patch has some code by Igal and Arik (squashed from internal
patches).

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Igal Chernobelsky <igalc@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: read chip ID and HW PG version during probe
Luciano Coelho [Wed, 18 Jan 2012 12:53:22 +0000 (14:53 +0200)]
wl12xx: read chip ID and HW PG version during probe

In order to read the MAC addresses from the fuse ROM, we need to know
the chip ID and the HW PG version.  We need to know the MAC address
during probe, because that's when we register our HW with mac80211.

To prepare for that, this patch reads the chip ID and HW PG version
during probe instead of doing it at boot time.  We power the chip on
briefly in order to do that.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: move partition table definition to io.c
Luciano Coelho [Thu, 12 Jan 2012 12:45:34 +0000 (14:45 +0200)]
wl12xx: move partition table definition to io.c

Up till now we only needed to access the partition table in boot.c.
But to add support for reading the MAC address from the FUSE in
testmode, we will have to change the partition in testmode.c.

Thus, we move the partition table to io.c and export it via io.h.  It
makes more sense to have it in the io part anyway.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: cancel delayed elp work and clear flags when stopping PLT
Luciano Coelho [Wed, 11 Jan 2012 07:42:42 +0000 (09:42 +0200)]
wl12xx: cancel delayed elp work and clear flags when stopping PLT

In some cases a race condition can happen if we don't cancel any
pending ELP work before stopping PLT.  With this commit we cancel ELP
work and clear the wl->flags bitmask.  Also clean up the wl elements
after powering off.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Fix potential interrupt storm
Ido Yariv [Wed, 11 Jan 2012 07:42:41 +0000 (09:42 +0200)]
wl12xx: Fix potential interrupt storm

The interrupt threaded handler exits immediately if the driver's state
is WL1271_STATE_OFF. As a result, the interrupt status is not read. If
the interrupt is level triggered, it will be fired again.

Fix this by disabling interrupts before setting the state to OFF.

Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Power off after flushing work
Ido Yariv [Wed, 11 Jan 2012 07:42:40 +0000 (09:42 +0200)]
wl12xx: Power off after flushing work

When stopping plt, the chip is powered off before all current work items
are flushed and interrupts are disabled. This might introduce a race in
which the driver tries to communicate with a powered off chip.

Fix this by powering off the device only after interrupts are disabled
and all work items are flushed.

Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Acquire lock before stopping plt
Ido Yariv [Wed, 11 Jan 2012 07:42:39 +0000 (09:42 +0200)]
wl12xx: Acquire lock before stopping plt

__wl1271_plt_stop is called from both wl1271_plt_stop and
wl1271_unregister_hw. While wl1271_plt_stop acquires a mutex,
wl1271_unregister_hw does not.

Fix this by calling wl1271_plt_stop instead of __wl1271_plt_stop from
wl1271_unregister_hw.

Signed-off-by: Ido Yariv <ido@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: Make sure HW is available in sched scan ops
Pontus Fuchs [Wed, 11 Jan 2012 13:22:42 +0000 (14:22 +0100)]
wl12xx: Make sure HW is available in sched scan ops

The sched_scan_(stop|start) ops fails to check for WL1271_STATE_OFF.
This can lead to a race where the driver tries to access the HW
while it's off.

Fix this by checking for WL1271_STATE_OFF before accessing the HW.

Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl12xx: enable sparse endianess check by default
Luciano Coelho [Wed, 21 Dec 2011 19:52:31 +0000 (21:52 +0200)]
wl12xx: enable sparse endianess check by default

Following the good example of the Intel (and more recently Atheros)
drivers, enable endianess check by default when running sparse.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl1251: enable sparse endianess check by default
Luciano Coelho [Wed, 21 Dec 2011 20:36:29 +0000 (22:36 +0200)]
wl1251: enable sparse endianess check by default

Following the good example of the Intel (and more recently Atheros)
drivers, enable endianess check by default when running sparse.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl1251: convert 32-bit values to le32 before writing to the chip
Luciano Coelho [Wed, 21 Dec 2011 20:36:28 +0000 (22:36 +0200)]
wl1251: convert 32-bit values to le32 before writing to the chip

The 32-bit values were not converted before writing them to the chip.
Change the wl1251_read32() and wl1251_write32() so that they always
read and write le32 values and convert to and from the CPU endianess.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agowl1251: fix sparse warning
Luciano Coelho [Wed, 21 Dec 2011 20:36:27 +0000 (22:36 +0200)]
wl1251: fix sparse warning

The wl1251 driver was generating the following warning:

drivers/net/wireless/wl1251/boot.c:467:21: warning: incorrect type in assignment (different base types)
drivers/net/wireless/wl1251/boot.c:467:21:    expected unsigned int [unsigned] [assigned] [usertype] val
drivers/net/wireless/wl1251/boot.c:467:21:    got restricted __le32 [usertype] <noident>

Fix this by removing one cpu_to_le32() call in the wrong place.

Signed-off-by: Luciano Coelho <coelho@ti.com>
12 years agortlwifi: Modify rtl_pci_init to return 0 on success
Simon Graham [Thu, 9 Feb 2012 14:55:13 +0000 (09:55 -0500)]
rtlwifi: Modify rtl_pci_init to return 0 on success

Fixes problem where caller would think routine succeeded when it failed
leading to divide by zero panic.

Signed-off-by: Simon Graham <simon.graham@virtualcomputer.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: Fix a rwlock bad magic bug
Mohammed Shafi Shajakhan [Thu, 9 Feb 2012 14:29:43 +0000 (19:59 +0530)]
mac80211: Fix a rwlock bad magic bug

read_lock(&tpt_trig->trig.leddev_list_lock) is accessed via the path
ieee80211_open (->) ieee80211_do_open (->) ieee80211_mod_tpt_led_trig
(->) ieee80211_start_tpt_led_trig (->) tpt_trig_timer before initializing
it.
the intilization of this read/write lock happens via the path
ieee80211_led_init (->) led_trigger_register, but we are doing
'ieee80211_led_init'  after 'ieeee80211_if_add' where we
register netdev_ops.
so we access leddev_list_lock before initializing it and causes the
following bug in chrome laptops with AR928X cards with the following
script

while true
do
sudo modprobe -v ath9k
sleep 3
sudo modprobe -r ath9k
sleep 3
done

BUG: rwlock bad magic on CPU#1, wpa_supplicant/358, f5b9eccc
Pid: 358, comm: wpa_supplicant Not tainted 3.0.13 #1
Call Trace:

[<8137b9df>] rwlock_bug+0x3d/0x47
[<81179830>] do_raw_read_lock+0x19/0x29
[<8137f063>] _raw_read_lock+0xd/0xf
[<f9081957>] tpt_trig_timer+0xc3/0x145 [mac80211]
[<f9081f3a>] ieee80211_mod_tpt_led_trig+0x152/0x174 [mac80211]
[<f9076a3f>] ieee80211_do_open+0x11e/0x42e [mac80211]
[<f9075390>] ? ieee80211_check_concurrent_iface+0x26/0x13c [mac80211]
[<f9076d97>] ieee80211_open+0x48/0x4c [mac80211]
[<812dbed8>] __dev_open+0x82/0xab
[<812dc0c9>] __dev_change_flags+0x9c/0x113
[<812dc1ae>] dev_change_flags+0x18/0x44
[<8132144f>] devinet_ioctl+0x243/0x51a
[<81321ba9>] inet_ioctl+0x93/0xac
[<812cc951>] sock_ioctl+0x1c6/0x1ea
[<812cc78b>] ? might_fault+0x20/0x20
[<810b1ebb>] do_vfs_ioctl+0x46e/0x4a2
[<810a6ebb>] ? fget_light+0x2f/0x70
[<812ce549>] ? sys_recvmsg+0x3e/0x48
[<810b1f35>] sys_ioctl+0x46/0x69
[<8137fa77>] sysenter_do_call+0x12/0x2

Cc: <stable@vger.kernel.org>
Cc: Gary Morain <gmorain@google.com>
Cc: Paul Stewart <pstew@google.com>
Cc: Abhijit Pradhan <abhijit@qca.qualcomm.com>
Cc: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Acked-by: Johannes Berg <johannes.berg@intel.com>
Tested-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi: Modify rtl_pci_init to return 0 on success
John W. Linville [Thu, 9 Feb 2012 19:48:25 +0000 (14:48 -0500)]
rtlwifi: Modify rtl_pci_init to return 0 on success

Fixes problem where caller would think routine succeeded when it failed
leading to divide by zero panic.

(This also reverts an earlier attempt, commit 42bc0c97 "rtlwifi: Return
correct failure code on error". -- JWL)

Signed-off-by: Simon Graham <simon.graham@virtualcomputer.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: do not call rate control .tx_status before .rate_init
Felix Fietkau [Wed, 8 Feb 2012 18:17:11 +0000 (19:17 +0100)]
mac80211: do not call rate control .tx_status before .rate_init

Most rate control implementations assume .get_rate and .tx_status are only
called once the per-station data has been fully initialized.
minstrel_ht crashes if this assumption is violated.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Tested-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agortlwifi: Return correct failure code on error
Simon Graham [Wed, 8 Feb 2012 17:34:23 +0000 (12:34 -0500)]
rtlwifi: Return correct failure code on error

Callers of rtl_pci_init expect zero to be returned on error. Returning
the error code leads to, amongst other things, divide by zero panics
attempting to use the ring size that is set to zero.

Signed-off-by: Simon Graham <simon.graham@virtualcomputer.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>