cfg80211_find_vendor_ie() was checking only that the vendor IE would
fit in the remaining IEs buffer. If a corrupt includes a vendor IE
that is too small, we could potentially overrun the IEs buffer.
Fix this by checking that the vendor IE fits in the reported IE length
field and skip it otherwise.
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Luciano Coelho <coelho@ti.com>
[change BUILD_BUG_ON to != 1 (from >= 2)]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If user knows the location of a wowlan pattern to be matched in
Rx packet, he can provide an offset with the pattern. This will
help drivers to ignore initial bytes and match the pattern
efficiently.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
[refactor pattern sending]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This partially reverts commit 44ba973699.
rate_control_rate_init assumes the rate_init member of
struct rate_control_ops is not NULL therefore not initializing it leads to
an oops as soon the driver succesfully associates to an AP.
The removal of rate_update from 44ba973699
is ok because rate_update is checked for NULL before being
called.
Signed-off-by: Catalin Iacob <iacobcatalin@gmail.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Make the code more readable, and while at it also
add a missing "break" to avoid checking handlers
that cannot be used.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In managed mode, the HT/VHT capabilities aren't set when
the station is initially added, so update the station
when it is marked associated. In AP/GO mode, the station
will typically be added with full capabilities today,
but an upcoming change in hostapd may mean a similar
scenario as for managed mode, therefore do the update
unconditionally.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Now that mac80211 no longer starts the auth/assoc
timeouts when it transmits the frame, but only when
the frame status arrives, we no longer need to wait
for the session protection time event to start, we
can schedule it and enqueue the auth/assoc frame
right away. This reduces the amount of time we block
mac80211's workqueue.
Also, since now we no longer need different behavior
for session protection and P2P time events, refactor
the code to have just a common implementation.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If we haven't heard a beacon before we associate we can
still start the association process and set the MAC in
the firmware to associated only after having received a
beacon with DTIM period by reacting to the new change
flag (BSS_CHANGED_DTIM_PERIOD) from mac80211.
This reduces the association time in these cases.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the AP/GO beacon changes, apply such a change
immediately, otherwise the AP/GO beacon can be
stale for a long time.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Query the wakeup reasons properly and then
report them to mac80211.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Implement proper WoWLAN wakeup and query the wakeup
reasons, then report them to userspace.
Note that this is tricky: a firmware bug (that has
been fixed in later versions) means that the status
command response isn't properly closed in hardware
and thus won't arrive at the host. Sending another
command after it closes the status response but the
next command gets stuck, etc. We reset the device
after querying though, so this is not a big issue,
just makes for strange code.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Using the non-atomic version creates a dependency between
mac80211's iflist_mtx and mvm->mutex. Use the atomic version
instead which doesn't take iflist_mtx but can't sleep, so
send the HCMD in ASYNC.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bail out if no update is made to the SMPS state. This
allows the driver to avoid duplicating the state.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The match 00:xx:00:00:xx:00:00:00:00:xx:xx:xx (where xx indicates
"don't care") should be represented by a pattern of twelve zero
bytes, and a mask of "0xed,0x01", not "0xed,0x07".
mask_len = (pat_len + 7) / 8 = (12 + 7) / 8 = 2
Hence the mask will be of 2 bytes.
Replace each valid byte in pattern by 1 and don't care byte by 0:
10110111 1000 (0000)
1st byte of pattern corresponds to lower order bit in first byte
of mask. And 9th byte of pattern corresponds to lower order bit
in second byte of mask. With this logic the mask will be
11101101 00000001 = 0xed 0x01
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We've got a couple of races when enabling powersave with an AP for
off-channel operation. The first is fairly simple. If we go off-channel
before the nullfunc frame to enable PS is transmitted then it may not be
received by the AP. Add a flush after enabling off-channel PS to prevent
this from happening.
The second race is a bit more subtle. If the driver supports QoS and has
frames queued when the nullfunc frame is queued, those frames may get
transmitted after the nullfunc frame. If PM is not set then the AP is
being told that we've exited PS before we go off-channel and may try to
deliver frames. To prevent this, add a flush after stopping the queues
but before passing the nullfunc frame to the driver.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Scans currently work by stopping the netdev tx queues but leaving the
mac80211 queues active. This stops the flow of incoming packets while
still allowing mac80211 to transmit nullfunc and probe request frames to
facilitate scanning. However, the driver may try to wake the mac80211
queues while in this state, which will also wake the netdev queues.
To prevent this, add a new queue stop reason,
IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL, to be used when stopping the tx
queues for off-channel operation. This prevents the netdev queues from
waking when a driver wakes the mac80211 queues.
This also stops all frames from being transmitted, even those meant to
be sent off-channel. Add a new tx control flag,
IEEE80211_TX_CTL_OFFCHAN_TX_OK, which allows frames to be transmitted
when the queues are stopped only for the off-channel stop reason. Update
all locations transmitting off-channel frames to use this flag.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
It's more of an unnecessary micro-optimization and it prevents switching
from long-GI to short-GI in HT20/single-stream for the lowest rate
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Internally, 64-bit byte counters maintained for per-station
statistics. Tell to the netlink that full 64-bit value provided
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In commit 0d2e7a5c (wireless: Remove unnecessary alloc/OOM messages,
alloc cleanups) OOM messages after alloc were removed from the wlcore
modules.
Commit afb43e6d (wlcore: remove if_ops from platform_data)
reintroduced a couple of those. This patch removes them.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Reviewed-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
0x06f8, 0xe036 Hercules Wireless Dual Band 600 USB Key HWNUm-600
0x0b05, 0x17a7 ASUS USB-N10H 150Mbps 11n Wireless USB dongle
0x0df6, 0x0069 Sitecom Wireless Dualband Network Adapter 300N X5 WLA-5000
0x0df6, 0x006f Sitecom WiFi USB adapter N600 WLA-5100
0x13d3, 0x3340 AzureWave 802.11n USB Wireless LAN Card
0x13d3, 0x3399 AzureWave 802.11n USB Wireless LAN Card
0x13d3, 0x3400 AzureWave 802.11n USB Wireless LAN Card
0x13d3, 0x3401 AzureWave 802.11n USB Wireless LAN Card
0x1740, 0x0600 EnGenius Dual-Band Wireless Media Adapter
0x1740, 0x0602 EnGenius 802.11 a/b/g/n Wireless USB Adapter
0x177f, 0x0254 Sweex LW054 Wireless 54G Adapter USB
0xf201, 0x5370 TP-LINK 54Mbps Wireless USB Adapter
no RF3053, and I believe no RT5572.
Cc: Ivo van Doorn <IvDoorn@gmail.com>
Cc: Gertjan van Wingerde <gwingerde@gmail.com>
Cc: Helmut Schaa <helmut.schaa@googlemail.com>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: users@rt2x00.serialmonkey.com
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch adds PCIe8897 support to mwifiex.
In PCIe8897 PFU (pre-fetch unit) is enabled by default.
This patch adds support to accommodate this feaure as well.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Frank Huang <frankh@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch defines PCIe ring buffer array pointer as void instead
of mwifiex_pcie_buf_desc. This will enable us to use same pointers
for ring operations instead of new structures if buffer descriptor
structure changes.
Also split out event buffer descriptor structure from struct
mwifiex_pcie_buf_desc. For PCIe8766 TX/RX buffer descriptor is
same as evevt buffer descriptor. Newer chips could use different
TX/RX buffer descriptor while event descriptor remains the same.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch separates PCIe ring initialization from ring creation
routines. This modularizes ring creation(TXBD, RXBD and event
rings) functions.
Readability has been improved while moving the code around.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch adds support for storing PCIe device specific data
into driver_data structure of pci_device_id. When a device with
known device_id is probed, we use this driver_data to populate
card specific structres in driver.
This enables to remove device specific defines for scratch
registers, firmware name, FW download block size, etc. from
source code.
This will make addition of support for new chipsets a lot easier.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On joining an existing IBSS network, beaconing has to start
only after a TSF sync has happened by receiving a beacon from
the BSS. In creator mode, beaconing can start immediately after
a HW reset has been done.
Now that mac80211 notifies the driver of the mode type (creator/joiner)
via ieee80211_bss_conf->ibss_creator, make use of it to properly setup
the HW beacon timers.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
There are a few places where the station's HT capabilities
should be checked instead of ATH9K_HW_CAP_HT, which is a global
feature for the driver. Fix this.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
physical layer support, as the MEI bus API changed.
From the MEI code, we now pass the MEI id back to the driver probe routine,
and we also pass a name and a MEI id table through the mei_bus_driver
structure. A few renames as well like e.g. mei_bus_driver to mei_driver or
mei_bus_client to mei_device in order to be closer to the driver model
practices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJRGSzIAAoJEIqAPN1PVmxKMvQP+wVGB2rGrkSl4yDkH3GUiByA
52+PlWsiYQPZ8vMUWzZbdSeDr8tvg0SfJuQV1OBH+Z0h0mKW5EtgvVBKYcT760H2
pwSKidQj6OjdUJMmneJMCeiSduK5BUi4Ij86EAXxGiNHWuON4g+oYOumwE8uXznG
LRL5q3DaHksaKzARapy5duhj6QFP3vMGzDge+DDx4BCJALzG8LU+hB/Op3NdgqO4
WrK3wCIb0xmZLM1ZmQv/pfGU7TELzaMUhRSzI5g6HvDU9ikRkbftu0uxEnHmtPuX
h7kQpTBZsQ35qXNH5YsLvXf8my2Ru6ix4+3YCX2dBnHsLfVmdEhZPX81D5Pbj8qT
ph2Rz21UgnEQ2ZpOys3vWAA0geVWmkTKvQwDJAaRn6e/mYzV1Rji4Ujoqj8RQfqf
2AoRPhT468jznFNkMfoAy5YQvi+BV+HXmyd64rMBSrMd2MXvL677JSNAFK2SBN7l
Ki8Y3AmA/LLxW7/cptMlD0ILhWLzzETiVKCKOargQpSncaEYlG9L8iSshQKo8LWF
7F1+7tjquYVKgIGpvMVfooO1xPCI0QXeFxtH1riwDnAqzyMkc22FOg4PTXz9WcPx
gIosvAmu3mQ81NskWFzll+gBVD2+5hctEJA8nTa6PB9/Gdf+vTjDbO9Hjx9HAIzT
gWFk/JUShDwEMK3ybnh4
=PtZa
-----END PGP SIGNATURE-----
Merge tag 'nfc-next-3.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz <sameo@linux.intel.com> says:
"This 3rd NFC pull request for 3.9 contains a fix for the microread MEI
physical layer support, as the MEI bus API changed.
From the MEI code, we now pass the MEI id back to the driver probe routine,
and we also pass a name and a MEI id table through the mei_bus_driver
structure. A few renames as well like e.g. mei_bus_driver to mei_driver or
mei_bus_client to mei_device in order to be closer to the driver model
practices."
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When we get to association, the AP station already exists and
is marked authenticated, so moving it into IEEE80211_STA_AUTH
again is a NOP, remove it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Now that we have channel contexts, idle is (pretty
much) equivalent to not having a channel context.
Change the code to use this relation so that there
no longer is a need for a lot of idle recalculate
calls everywhere.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There are only a few drivers that use HW scan, and
all of those don't need a non-idle transition before
starting the scan -- some don't even care about idle
at all. Remove the flag and code associated with it.
The only driver that really actually needed this is
wl1251 and it can just do it itself in the hw_scan
callback -- implement that.
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The functions were added for some sort of Bluetooth
coexistence, but aren't used, so remove them again.
Reviewed-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In order to be able to predict the next DTIM TBTT
in the driver, add the ability to use timing data
from beacons only with the new hardware flag
IEEE80211_HW_TIMING_BEACON_ONLY and the BSS info
value sync_dtim_count which is only valid if the
timing data came from a beacon. The data can only
come from a beacon, and if no beacon was received
before association it is updated later together
with the DTIM count notification.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
While technically the TSF isn't an IE, it can be
necessary to distinguish between the TSF from a
beacon and a probe response, in particular in
order to know the next DTIM TBTT, as not all APs
are spec compliant wrt. TSF==0 being a DTIM TBTT
and thus the DTIM count needs to be taken into
account as well.
To allow this, move the TSF into the IE struct
so it can be known whence it came.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's no way scan BSS IEs can be NULL as even
if the allocation fails the frame is discarded.
Remove some code checking for this and document
that it is always non-NULL.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add debugfs driver callbacks so drivers can add
debugfs entries for interfaces. Note that they
_must_ remove the entries again as add/remove in
the driver doesn't correspond to add/remove in
debugfs; the former is up/down while the latter
is netdev create/destroy.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Currently, cfg80211 will copy beacon IEs from a previously
received hidden SSID beacon to a probe response entry, if
that entry is created after the beacon entry. However, if
it is the other way around, or if the beacon is updated,
such changes aren't propagated.
Fix this by tracking the relation between the probe
response and beacon BSS structs in this case.
In case drivers have private data stored in a BSS struct
and need access to such data from a beacon entry, cfg80211
now provides the hidden_beacon_bss pointer from the probe
response entry to the beacon entry.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Currently the code assigns channel contexts to VLANs
(for use by the TX/RX code) when the AP master gets
its channel context assigned. This works fine, but
in the upcoming radar detection work the VLANs don't
require a channel context (during radar detection)
and assigning one to them anyway causes issues with
locking and also inconsistencies -- a VLAN interface
that is added before radar detection would get the
channel context, while one added during it wouldn't.
Fix these issues moving the channel context copying
to a new explicit operation that will not be used
in the radar detection code.
Acked-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The chandef tracing writes center_freq1 twice, so
that it is always 0 (no driver supports 80+80 yet)
and leaves center_freq2 unset. Fix this mistake.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The messages currently refer to probe request probes,
but on some devices null data packets will be used
instead. Make the messages more generic.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This patch fixes the problem which was discussed in
"mac80211: Fix PN corruption in case of multiple
virtual interface" [1].
Amit Shakya reported a serious issue with my patch:
mac80211: serialize rx path workers" [2]:
In case, ieee80211_rx_handlers processing is going on
for skbs received on one vif and at the same time, rx
aggregation reorder timer expires on another vif then
sta_rx_agg_reorder_timer_expired is invoked and it will
push skbs into the single queue (local->rx_skb_queue).
ieee80211_rx_handlers in the while loop assumes that
the skbs are for the same sdata and sta. This assumption
doesn't hold good in this scenario and the PN gets
corrupted by PN received in other vif's skb, causing
traffic to stop due to PN mismatch."
[1] Message-Id: http://mid.gmane.org/201302041844.44436.chunkeey@googlemail.com
[2] Commit-Id: 24a8fdad35
Reported-by: Amit Shakya <amit.shakya@stericsson.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There seems to be no reason, why it has to be limited to 2.4 GHz.
Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
[remove 'local' variable]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The patch "mac80211: clean up mesh sta allocation warning"
moved some mesh initialization into a path which is only
called when the kernel handles peering. This causes a hang
when mac80211 tries to clean up a userspace-allocated
station entry and delete a timer which has never been
initialized.
To avoid this, only do any mesh sta peering teardown if
the kernel is actually handling it.
The same is true when quiescing before suspend.
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix most kernel-doc warnings, for some reason it
seems to have issues with __aligned, don't remove
the documentation entries it considers to be in
excess due to that.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This prepares for using the spinlock instead of krefs
which is needed in the next patch to track the refs
of combined BSSes correctly.
Acked-by: Bing Zhao <bzhao@marvell.com> [mwifiex]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>