Instead of having an SKB all the time, use a beacon_data struct
with just the information required. This also allows removing a
synchronize_rcu() and using kfree_rcu() instead.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If we don't disable beaconing, the driver might attempt
to continue, but would fail to request a beacon. That's
strange, so disable beaconing first.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If a ROC item is canceled just as it expires, the work
struct may be scheduled while it is running (and waiting
for the mutex). This results in it being run after being
freed, which obviously crashes.
To fix this don't free it when aborting is requested but
instead mark it as "to be freed", which makes the work a
no-op and allows freeing it outside.
Cc: stable@vger.kernel.org [3.6+]
Reported-by: Jouni Malinen <j@w1.fi>
Tested-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Spin locks and completions are expensive in hard IRQ context and cause
problems with RT kernels. In RT kernels, both spin locks and
completions can schedule(), so we can't use them in hard irq context.
Move handling code into the irq thread function to avoid that.
Reported-by: Gregoire Gentil <gregoire@alwaysinnovating.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
We were printing out all the hex dumps regardless of whether dynamic
debugging was enabled or not. Now that print_hex_dump_debug() has
been implemented, we can use that instead.
Reported-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Don't ignore dummy packets when our queues are empty. This causes dummy
packets never to be sent when traffic is not suspended by FW thresholds,
which happens only in high Tx throughput situations. This may hurt Rx
performance.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The wlcore state was checked without the mutex being taken. This leads
to WARN_ONs sometimes if a notification arrives when the driver
is on, but the mutex is only taken after it is off. This usually
happens if stopping the driver while connected to a network.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Save the sequence number of the broadcast AP link in the wlvif. For each
connected station, save the sequence number in the drv_priv part of
ieee80211_sta. Use the saved numbers on recovery/resume, with the
obligatory increment on recovery.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Dont use free_sta() on AP global links. It would fail an internal check
within the function and various structures within the link struct would
not be reset.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Print board type, PG with metal and ROM versions.
This might help debugging HW related issues.
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
For STA we report beacon loss to higher levels so that wpa_s
can attempt to roam without disconnecting. In case of P2P CLI
we don't want to attempt roaming and instead disconnect immediately
upon beacon loss.
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
On !CONFIG_SMP builds spin_is_locked always returns 0. Assert the
locking using assert_spin_locked, which is written to behave correctly
in all cases.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
report the average beacon rssi which is calculated
by firmware for roaming statistics instead of the
last rx packet rssi. this results a more accurate
rssi reporting
Signed-off-by: Nadim Zubidat <nadimz@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Accumulate the total number of sent packets per-link to find out how far
the encryption sequence number has progressed. Use this number as the
initial security sequence number after recovery.
This consolidates security sequence handling for both chip families, as
we no longer have to rely on 12xx specific Tx completion.
A fortunate side effect of this is correct management of seq numbers for
AP roles and multi-role scenarios.
When a link is removed we save the last seq number on a persistent part
of the wlvif. This helps the data survive through recoveries/suspends,
which also entail changes in the hlid of the link.
This functionality is STA only currently.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
The HLID of a STA can change, particularly during recovery. Don't cache
the HLID before it was potentially allocated.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
commit 144614f3eebd7d only allowed a single active link when
turning on the optimization, ignoring the fact that an AP has two
additional global links.
Use 3 links as an indication for a single active link. Use the
FW PSM bits to verify the extra active link belongs to the AP role.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Maximum number of supported RX BA sessions depends on chip type.
wl18xx supports 5 RX BA sessions while wl12xx supports 3.
Signed-off-by: Igal Chernobelsky <igalc@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
It is requiered to enter sleep mode with smaller delay in forced PS mode.
This fixes issue of testing force PS mode during VoIP traffic where packets
are sent every 20ms. Chip never enters ps mode with default 30 ms delay
in such test.
Signed-off-by: Igal Chernobelsky <igalc@ti.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
This was forgotten from the commit that added support for FT
operations with drivers that implement SME.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
I found another crash when deleting lots of virtual stations
in a congested environment. I think the problem is that
the ieee80211_mlme_notify_scan_completed could call
ieee80211_restart_sta_timer for a stopped interface
that was about to be deleted.
With the following patch I am unable to reproduce the
crash.
Signed-off-by: Ben Greear <greearb@candelatech.com>
[move check, also make the same change in mesh]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If a P2P device wdev is removed while it has a scan, then the
scan completion might crash later as it is already freed by
that time. To avoid the crash always check the scan completion
when the P2P device is being removed for some reason. If the
driver already canceled it, don't want and free it, otherwise
warn and leak it to avoid later crashes.
In order to do this, locking needs to be changed away from the
rdev mutex (which can't always be guaranteed). For now, use
the sched_scan_mtx instead, I'll rename it to just scan_mtx in
a later patch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add P2P NoA settings for STA mode.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
[fix docs]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Use ieee80211_p2p_noa_attr structure during
P2P_PS (oppps) detection.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add P2P Notice of Absence attribute structure.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
On loaded systems with lots of VIFs, I see lots of beacon
timeouts, even though the connection to the AP is very
good. Allow tuning the beacon-loss-count variable to
give the system longer to process beacons if the user
prefers.
Signed-off-by: Ben Greear <greearb@candelatech.com>
[add the number of beacons to the message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The virtual monitor interface has a locking issue, it calls
into the channel context code with the iflist mutex held
which isn't allowed since it is usually acquired the other
way around. The mutex is still required for the interface
iteration, but need not be held across the channel calls.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Arend reported a crash in tracing if the driver returns an
ERR_PTR() value from the add_virtual_intf() callback. This
is due to the tracing then still attempting to dereference
the "pointer", fix this by using IS_ERR_OR_NULL().
Reported-by: Arend van Spriel <arend@broadcom.com>
Tested-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
For the sake of speed of calculation and number accuracy,
mac80211 tracks the RSSI in dBm * 16. But it forgot to
divide back by 16 when the RSSI is asked by the driver.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix to return a negative error code from the error handling
case instead of 0, as returned elsewhere in this function.
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
kfree_skb was called twice when the socket receive queue is full
Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Schedule different time event based on the ROC type
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Increase the maximal remain on channel time as longer remain
on channel requests are handled by the FW using fragmented
time events.
This reduces the number of user/kernel space iterations during
flows such as p2p_listen. In addition it is currently required
for flows which require longer duration such as p2p_sd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The RF-kill wakeup trigger flag is set in the wrong command,
which means it won't work. Also fix the comment in the TCP
wakeup trigger code -- the firmware was changed to look at
all the different trigger flags.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We should disable MIMO only if bt_traffic_load goes up to 3.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is the right source of information for the valid Tx
antennas, not the NVM.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This data should taken from TLVs and not from the NVM. This
is true for the value written in CSR_HW_IF_CONFIG_REG too.
Also, no need to set the CSR_HW_IF_CONFIG_REG_BIT_MAC_SI bit
for 7000 devices which are the only devices currently
supported.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In firmware "listener" (monitor) mode, we still need to
open up the filters with the filter flags to receive all
frames.
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This has valuable data about RFkill state seen from the fw
side.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
5ghz_disable has no effect any longer, that was changed during
refactoring of EEPROM reading/parsing. Remove it, wpa_supplicant
allow now to specify frequencies, on which device will operate.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1. Quota for the monitor interface should be added only if there is
a channel context assigned to the interface.
2. In the unassign channel context flow, need to remove the quota
for the monitor interface binding, before unbinding.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This feature is not implemented yet in firmware.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The masks were wrong. They should be 0xffffffff when SCO,
HID or SNIFF profiles are used. They should be 0xffff0000
in any other case (default) to get a bit more throughput
when the BT profile allows for it.
Fix a debug print on the way.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix to return a negative error code from the error handling
case instead of 0, as returned elsewhere in this function.
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If wpa_supplicant and iw/iwconfig are used together, very
rarely the system crashes. It seems to be related to the
connection parameters not being set up, but it's not all
clear to me how this happens. In any case, checking that
the conn pointer exists here is probably a good idea.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
My new tracing code for ath6kl introduced these warnings on 64-bit:
trace.h:38:1: warning: format '%d' expects argument of type 'int',
but argument 4 has type 'size_t' [-Wformat]
trace.h:61:1: warning: format '%d' expects argument of type 'int',
but argument 4 has type 'size_t' [-Wformat]
trace.h:84:1: warning: format '%d' expects argument of type 'int',
but argument 6 has type 'size_t' [-Wformat]
trace.h:119:1: warning: format '%d' expects argument of type 'int',
but argument 7 has type 'size_t' [-Wformat]
trace.h:173:1: warning: format '%d' expects argument of type 'int',
but argument 3 has type 'size_t' [-Wformat]
trace.h:193:1: warning: format '%d' expects argument of type 'int',
but argument 5 has type 'size_t' [-Wformat]
trace.h:221:1: warning: format '%d' expects argument of type 'int',
but argument 5 has type 'size_t' [-Wformat]
Fix them by using %zd.
Reported-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
There is a race between the restart flow and the workers.
The workers are cancelled after the fw is already killed
and might send HCMD when there is fw to handle them.
Simply check that there is a fw to which the HCMD can be
sent before actually sending it.
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
