openwrt/staging/blogic.git
10 years agoath9k: Fix beacon miss handling
Sujith Manoharan [Wed, 10 Sep 2014 13:46:00 +0000 (19:16 +0530)]
ath9k: Fix beacon miss handling

The NoA duration for a GO is half the beacon interval
and a concurrent context like a STA can be active only
for that duration, before switching back to the GO's
operating channel.

Currently, when multiple beacons are missed, the dwell
time for the STA context is extended to improve the
chances of receiving a beacon. But the NoA is not updated
and this will cause problems since the GO is offline
for a period that is longer than the advertised duration.

Fix this by ensuring that the NoA is updated first before
extending the time slot for the STA context. Also make
sure that non-periodic NoA is used for a one-time, longer
absence period.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix channel switch time duration
Sujith Manoharan [Wed, 10 Sep 2014 13:45:59 +0000 (19:15 +0530)]
ath9k: Fix channel switch time duration

Since the NoA duration is the maximum time the GO interface
can be offline, it needs to include the time take to
switch channels in the HW.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Clear offchannel duration properly
Sujith Manoharan [Wed, 10 Sep 2014 13:45:58 +0000 (19:15 +0530)]
ath9k: Clear offchannel duration properly

Clearing the offchannel duration value in the
scheduler unconditionally breaks NoA when
multiple contexts are active and an offchannel
request is deferred, for example, in a scan run.

Fix this by clearing the duration only if there
is no pending offchannel request.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix Notice of Absence issues
Sujith Manoharan [Wed, 10 Sep 2014 13:45:57 +0000 (19:15 +0530)]
ath9k: Fix Notice of Absence issues

* The index has to incremented only when advertising
  a new NoA schedule.

* Switch to non-periodic NoA when starting a scan operation
  and multiple channel contexts are active.

* Make sure that periodic NoA is advertised again when
  scan ends. Since the offchannel timer moves the offchannel
  state to IDLE after the GO operating channel becomes
  active, use a flag "force_noa_update" to update the
  NoA contents.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Assign offchannel duration properly
Sujith Manoharan [Wed, 10 Sep 2014 13:45:56 +0000 (19:15 +0530)]
ath9k: Assign offchannel duration properly

In multi-channel mode, an offchannel request will
be deferred if both contexts are active. The duration
of the offchannel operation is calculated but is
not stored in the scheduler state. Fix this.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix PTR_ERR() usage after initialization to constant
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:51 +0000 (16:34 +0300)]
wil6210: fix PTR_ERR() usage after initialization to constant

Reported by coccinelle:

tree:   git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next.git master
head:   6a5d088a923854569e20eac4f3f569926d5911ec
commit: b7cde47009640b88cb3629ee7078a43bc2642459 [18/80] wil6210: convert debugfs to the table mode

coccinelle warnings: (new ones prefixed by >>)

>> drivers/net/wireless/ath/wil6210/debugfs.c:327:17-24: ERROR: PTR_ERR applied after initialization to constant on line 304

vim +327 drivers/net/wireless/ath/wil6210/debugfs.c

   298                                          struct dentry *dbg, void *base,
   299                                          const struct dbg_off * const tbl)
   300  {
   301          int i;
   302
   303          for (i = 0; tbl[i].name; i++) {

 > 304                  struct dentry *f = NULL;
   305
   306                  switch (tbl[i].type) {
   307                  case doff_u32:
   308                          f = debugfs_create_u32(tbl[i].name, tbl[i].mode, dbg,
   309                                                 base + tbl[i].off);
   310                          break;
   311                  case doff_x32:
   312                          f = debugfs_create_x32(tbl[i].name, tbl[i].mode, dbg,
   313                                                 base + tbl[i].off);
   314                          break;
   315                  case doff_ulong:
   316                          f = wil_debugfs_create_ulong(tbl[i].name, tbl[i].mode,
   317                                                       dbg, base + tbl[i].off);
   318                          break;
   319                  case doff_io32:
   320                          f = wil_debugfs_create_iomem_x32(tbl[i].name,
   321                                                           tbl[i].mode, dbg,
   322                                                           base + tbl[i].off);
   323                          break;
   324                  }
   325                  if (IS_ERR_OR_NULL(f))
   326                          wil_err(wil, "Create file \"%s\": err %ld\n",

 > 327                                  tbl[i].name, PTR_ERR(f));
   328          }
   329  }
   330

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix for oops while stopping interface
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:50 +0000 (16:34 +0300)]
wil6210: fix for oops while stopping interface

When interface stopped while running intensive Rx traffic, the following oops
observed:

[89846.734683] Call trace:
[89846.737117] [<ffffffc00083aa64>] dev_gro_receive+0xac/0x358
[89846.742674] [<ffffffc00083ae94>] napi_gro_receive+0x24/0xa4
[89846.748251] [<ffffffbffc1c2f88>] $x+0xec/0x1f8 [wil6210]         wil_netif_rx_any
[89846.753547] [<ffffffbffc1c4830>] $x+0x34/0x54 [wil6210]          wil_release_reorder_frame
[89846.758755] [<ffffffbffc1c48ac>] wil_release_reorder_frames+0x5c/0x78 [wil6210]
[89846.766044] [<ffffffbffc1c4bf8>] wil_tid_ampdu_rx_free+0x20/0x48 [wil6210]
[89846.772901] [<ffffffbffc1bedc8>] $x+0x190/0x1e8 [wil6210]
[89846.778285] [<ffffffbffc1c0ed4>] wmi_event_worker+0x230/0x2f8 [wil6210]
[89846.784865] [<ffffffc0000b0bc8>] process_one_work+0x278/0x3fc
[89846.790591] [<ffffffc0000b1218>] worker_thread+0x200/0x330
[89846.796060] [<ffffffc0000b6664>] kthread+0xac/0xb8
[89846.800836] Code: b940c661 f9406a62 8b010041 f9400026 (f8636882)
[89846.807008] ---[ end trace d6fdc17cd27d18f6 ]---

Reason is the following: when removing Rx vring
(wil_netdev_ops.ndo_stop -> wil_stop -> wil_down -> __wil_down -> wil_rx_fini),
Rx interrupt occurs. It trigger Rx NAPI, calling wil_rx_handle() that reaps
(already cleaned) buffer, causing skb referring to garbage memory being set into reorder buffer.
Then, network stack trying to access this buffer and fails.

Prevent Rx NAPI from being scheduled if device going to stop. Bit wil_status_napi_en reflects
NAPI enablement state, check it when triggering Rx NAPI.

Testing shows that check for wil_status_napi_en sometimes gets negative, and new error message
get printed - in this case kernel oops would be observed. Original oops is no more reproducible.

This change requires also changes in the AP flows.
Properly enable/disable NAPI for the AP. Make sure Rx VRING is disabled
when resetting target.

For this, promote __wil_up() and __wil_down() to the module scope, and use it
in the relevant flows.

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: rename [en|dis]able irq to [un]mask
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:49 +0000 (16:34 +0300)]
wil6210: rename [en|dis]able irq to [un]mask

To better reflect real action performed, rename:
s/wil6210_disable_irq/wil_mask_irq/
s/wil6210_enable_irq/wil_unmask_irq/

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix typo in comment
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:48 +0000 (16:34 +0300)]
wil6210: fix typo in comment

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: specify max. IE length
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:47 +0000 (16:34 +0300)]
wil6210: specify max. IE length

Expose firmware limit for the max_scan_ie_len;
also do actually set IE's for the probe request

max_scan_ie_len used to be 0, this blocks scan requests with non-zero IE's

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: introduce separate completion for WMI
Dedy Lansky [Wed, 10 Sep 2014 13:34:46 +0000 (16:34 +0300)]
wil6210: introduce separate completion for WMI

re-use of wmi_ready for both FW ready event and for wmi_call was causing
false "FW not ready" indication in case wmi_call() was invoked while reset
took place.
add wmi_call completion variable instead of re-using wmi_ready.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: enlarge TX/RX buffer length
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:45 +0000 (16:34 +0300)]
wil6210: enlarge TX/RX buffer length

HW supports upto 2304 packet size on the air.
HW is responsible for adding (Tx) or removing (Rx) the following headers:
802.11 hdr: 26B
SNAP: 8B
CRC: 4B
Security (optional): 24B
HW adds max 62B to the payload passed from driver. It means driver can use
max packet size of 2304-62 = 2242B

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: add change_beacon() driver callback
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:44 +0000 (16:34 +0300)]
wil6210: add change_beacon() driver callback

This allows updating IEs (e.g. from hostapd) when AP is already started

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: send connect request IEs to FW also for non-secure connection
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:43 +0000 (16:34 +0300)]
wil6210: send connect request IEs to FW also for non-secure connection

Driver is sending connect request IEs to FW only for secure connection and
ignores them for non-secure connection.
This is fixed by always sending the IEs to FW upon connect request

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix race condition between BACK event and Rx data
Dedy Lansky [Wed, 10 Sep 2014 13:34:42 +0000 (16:34 +0300)]
wil6210: fix race condition between BACK event and Rx data

While handling Rx packet, BACK event arrives and frees tid_ampdu_rx array.
This causes kernel panic while accessing already freed spinlock

The fix is to remove tid_ampdu_rx[]'s spinlock and instead use single
sta's spinlock to guard the whole tid_ampdu_rx array.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: modify confusing printout
Dedy Lansky [Wed, 10 Sep 2014 13:34:41 +0000 (16:34 +0300)]
wil6210: modify confusing printout

When WMI event received when driver not ready to accept it, the printed error
message is misleading and hints that HW is stuck. Modify the error message
to make it clearer

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix race condition of disconnect while BACK event
Dedy Lansky [Wed, 10 Sep 2014 13:34:40 +0000 (16:34 +0300)]
wil6210: fix race condition of disconnect while BACK event

This race condition was causing double free of tid_ampdu_rx structures

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix usage of print_hex_dump_debug
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:39 +0000 (16:34 +0300)]
wil6210: fix usage of print_hex_dump_debug

When CONFIG_DYNAMIC_DEBUG is not defined, print_hex_dump_debug
is mapped directly to print_hex_dump which might cause
printout to exist all the time

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix for memory corruption upon rmmod
Dedy Lansky [Wed, 10 Sep 2014 13:34:38 +0000 (16:34 +0300)]
wil6210: fix for memory corruption upon rmmod

Driver disabled PCI master before making sure HW is idle.
This caused memory corruption in case HW access system memory after
PCI master got disabled.
The fix is to change uninit sequence. Make sure FW/HW is idle before
disabling PCI

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: fix for memory corruption while insmod
Dedy Lansky [Wed, 10 Sep 2014 13:34:37 +0000 (16:34 +0300)]
wil6210: fix for memory corruption while insmod

After setting interrupt handler, driver enabled interrupts.
This caused stale (old) HW interrupts to fire before driver is
fully initialized.
The fix is to enable interrupts only when driver is fully initialized
and after FW/HW reset (to prevent any stale interrupts)

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: add more debug printouts
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:36 +0000 (16:34 +0300)]
wil6210: add more debug printouts

added misc printouts in some init/uninit functions for better traceability

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: platform specific module
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:35 +0000 (16:34 +0300)]
wil6210: platform specific module

New module (wil_platform) for handling platform specific tasks

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: coding style fixes
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:34 +0000 (16:34 +0300)]
wil6210: coding style fixes

- parentheses, indentation, typos
- seq_puts() instead of seq_printf() with single argument
- sizeof(var) vs. sizeof(type)

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: some more debug for the WMI mechanism
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:33 +0000 (16:34 +0300)]
wil6210: some more debug for the WMI mechanism

Log worker thread start/stop; as well as every handler invocation

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: print more information when connecting
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:32 +0000 (16:34 +0300)]
wil6210: print more information when connecting

when connecting, print some info about BSS

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: debug prints for vring de-allocation
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:31 +0000 (16:34 +0300)]
wil6210: debug prints for vring de-allocation

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agowil6210: firmware download
Vladimir Kondratiev [Wed, 10 Sep 2014 13:34:30 +0000 (16:34 +0300)]
wil6210: firmware download

Firmware download implemented but is still experimental feature;
flag controlling it added, no_fw_load. It is true by default,
use no_fw_load=N to activate feature.

Reset flows also got some adjustment for the fw download to work

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agob43: HT-PHY: Set MAC frequency to correct values
Rafał Miłecki [Wed, 10 Sep 2014 07:07:13 +0000 (09:07 +0200)]
b43: HT-PHY: Set MAC frequency to correct values

I misunderstood original Broadcom comment and used wrong values.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Fix "always true" warning from commit ed364abffd6e
Larry Finger [Tue, 9 Sep 2014 20:57:46 +0000 (15:57 -0500)]
rtlwifi: btcoexist: Fix "always true" warning from commit ed364abffd6e

The 0-DAY kernel build testing backend reports the following warning:
drivers/net/wireless/rtlwifi/btcoexist/halbtcoutsrc.c:516 halbtc_bitmask_write_1byte()
warn: always true condition '(bit_mask != 4294967295) => (0-255 != u32max)'

This problem was introduced in commit ed364abffd6e19bec67b7ccda8237213b8b37640,
and arises because the caller of halbtc_bitmask_write_1byte() is using a
u8 rather than a u32 for the data.

Reported-by: Kbuild test robot <kbuild-all@01.org>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Kbuild test robot <kbuild-all@01.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agob43: HT-PHY: Complete radio init (add missing entries)
Rafał Miłecki [Tue, 9 Sep 2014 19:17:09 +0000 (21:17 +0200)]
b43: HT-PHY: Complete radio init (add missing entries)

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agob43: HT-PHY: Define some regs for 0x2059 radio
Rafał Miłecki [Tue, 9 Sep 2014 19:17:08 +0000 (21:17 +0200)]
b43: HT-PHY: Define some regs for 0x2059 radio

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agob43: HT-PHY: Move radio calibration to separated functions
Rafał Miłecki [Tue, 9 Sep 2014 19:17:07 +0000 (21:17 +0200)]
b43: HT-PHY: Move radio calibration to separated functions

Also use b43_radio_wait_value to simplify the code and usleep_range when
needed.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agob43: HT-PHY: Move radio preparation into init function
Rafał Miłecki [Tue, 9 Sep 2014 19:17:06 +0000 (21:17 +0200)]
b43: HT-PHY: Move radio preparation into init function

Radio should be prepared only before initialization. We need this to be
able to call b43_radio_2059_init conditionally (in the future).
This also documents RF control register a bit.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: fix %d confusingly prefixed with 0x in format strings
Hans Wennborg [Sat, 6 Sep 2014 03:19:50 +0000 (20:19 -0700)]
rtlwifi: fix %d confusingly prefixed with 0x in format strings

Signed-off-by: Hans Wennborg <hans@hanshq.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoiwl4965: fix %d confusingly prefixed with 0x in format string
Hans Wennborg [Sat, 6 Sep 2014 03:41:48 +0000 (20:41 -0700)]
iwl4965: fix %d confusingly prefixed with 0x in format string

Signed-off-by: Hans Wennborg <hans@hanshq.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: add support for chipcommon B core
Hauke Mehrtens [Mon, 8 Sep 2014 20:53:36 +0000 (22:53 +0200)]
bcma: add support for chipcommon B core

This core is used on BCM4708 to configure the PCIe and USB3 PHYs and it
contains the addresses to the Device Management unit. This will be used
by the PCIe driver first.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: store more alternative addresses
Hauke Mehrtens [Mon, 8 Sep 2014 20:53:35 +0000 (22:53 +0200)]
bcma: store more alternative addresses

Each core could have more than one alternative address. There are cores
with 8 alternative addresses for different functions. The PHY control
in the Chip common B core is done through the 2. alternative address
and not the first one.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CC: linux-usb@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix MCC scanning
Sujith Manoharan [Fri, 5 Sep 2014 04:20:57 +0000 (09:50 +0530)]
ath9k: Fix MCC scanning

Scanning is curently broken when two channel contexts
are active. For example in a P2P-GO/STA setup, the
offchannel timer allows HZ / 10 to elapse before initiating
a switch to the next scan channel from the current operating
channel, which in this case would be the P2P-GO context.

But, the channel context timer might decide to switch
to the STA context when an SWBA comes early and a beacon
is sent out. Since pending offchannel requests are processed
in EVENT_BEACON_PREPARE, this causes inconsistent scanning.

Fix this by making sure that a context switch happens
before processing the pending offchannel request. This
also makes sure that active channel contexts will always
have higher priority than offchannel operations and the
scan sequence looks like this:

p2p-go, sta, p2p-go, offchannel, p2p-go, sta, p2p-go, offchannel,.....

The oper-channel is p2p-go, so the STA context has to
switch to p2p-go again before switching offchannel.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix offchannel operation
Sujith Manoharan [Fri, 5 Sep 2014 04:20:56 +0000 (09:50 +0530)]
ath9k: Fix offchannel operation

When multiple channel contexts are active, an offchannel
request will not be handled immediately, but will be
queued to be handled later. But, currently, the channel definition
is not copied to the local offchannel state. This
breaks operation like scanning when MCC is active.

Fix this by storing the offchannel parameters properly.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Use a subroutine to assign HW queues
Sujith Manoharan [Fri, 5 Sep 2014 04:20:55 +0000 (09:50 +0530)]
ath9k: Use a subroutine to assign HW queues

Reduces code duplication.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix interface accounting
Sujith Manoharan [Fri, 5 Sep 2014 02:33:19 +0000 (08:03 +0530)]
ath9k: Fix interface accounting

Currently, the interface count is maintained globally,
but this causes problems in RX filter calculation.
Make the interface count a per-channel-context variable
to fix this.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix RX filters in channel contexts
Sujith Manoharan [Fri, 5 Sep 2014 02:33:18 +0000 (08:03 +0530)]
ath9k: Fix RX filters in channel contexts

Maintain the RX filter on a per-channel-context
basis and not globally. Not doing so was resulting
in incorrect filter calculation.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix COMP_BAR filter
Sujith Manoharan [Fri, 5 Sep 2014 02:33:17 +0000 (08:03 +0530)]
ath9k: Fix COMP_BAR filter

ATH9K_RX_FILTER_COMP_BAR is used to receive BAR
completion frames and is set if the current channel
is HT. When channel contexts are enabled, instead of using
the mac80211 helpers, check if the current channel
definition is HT.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix ath_startrecv()
Sujith Manoharan [Fri, 5 Sep 2014 02:33:16 +0000 (08:03 +0530)]
ath9k: Fix ath_startrecv()

Since ath_startrecv() doesn't return an error value,
cleanup the callsites.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix RX filter calculation
Sujith Manoharan [Fri, 5 Sep 2014 02:33:15 +0000 (08:03 +0530)]
ath9k: Fix RX filter calculation

If multiple channel contexts are active, then the opmode
can be different in each context. Since the RX filter is
calculated in ath_startrecv() before switching to the
new opmode, the wrong filters are chosen.

Fix this by calling ath9k_calculate_summary_state() before
the RX module is started.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Add CTWindow support
Sujith Manoharan [Fri, 5 Sep 2014 02:33:14 +0000 (08:03 +0530)]
ath9k: Add CTWindow support

Since CTWindow can be used for improving discoverability,
fill this field in the NoA Attribute properly.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix offchannel duration calculation
Sujith Manoharan [Fri, 5 Sep 2014 02:33:13 +0000 (08:03 +0530)]
ath9k: Fix offchannel duration calculation

Currently, different units are used for handling
sc->offchannel.duration. In scan mode, it contains jiffies and in RoC
mode, milliseconds is used. This causes confusion since in
ath_chanctx_switch(), TU_TO_USEC is used to determine the offchannel
duration, resulting in incorrect values. Fix this by using jiffies in
both modes.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix NoA start time calculation
Sujith Manoharan [Fri, 5 Sep 2014 02:33:12 +0000 (08:03 +0530)]
ath9k: Fix NoA start time calculation

The start time field in the NoA attribute needs to be
updated based on the TSF timer when an absence notification
is sent by the P2P GO. When two channel contexts are active,
continuous, cyclic NoA is announced by setting the count value to 255,
but the start time is updated only once, for one beacon and
the same value is sent in all subsequent beacons, even
though the timestamp keeps moving.

Fix this by removing the check for 'periodic_noa_duration'
and assign the interface's start_time/duration values directly
when there is more than one active context.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix panic when adding an AP interface
Sujith Manoharan [Fri, 5 Sep 2014 02:33:11 +0000 (08:03 +0530)]
ath9k: Fix panic when adding an AP interface

If a station interface is already assigned to a context
and is active and a second interface of type AP is added,
then beaconing on the new interface has to be begin only
after the BSS_CHANGED_BEACON_ENABLED flag is sent by mac80211
to the driver.

But, since we issue ATH_CHANCTX_EVENT_ENABLE_MULTICHANNEL as soon
as a new channel context is added, a switch occurs almost immediately
before BSS_CHANGED_BEACON_ENABLED is received. When a HW reset
is done for the new context, beacons are enabled for the
interface since "enable_beacon" in the BSS config maintained
in mac80211 is true - but the driver hasn't been notified yet.
This causes a panic, since the beacon interval is zero for this
interface and ath9k_cmn_beacon_config_ap() doesn't have a safety check.

Fix this panic by checking if the beacon params has been cached
for this context and use the "enable_beacon" flag maintained
locally in the driver. Also, recalculate the summary data
after the beacon params have been cached when BSS_CHANGED_BEACON_ENABLED
is received.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix beacons for managed mode
Sujith Manoharan [Fri, 5 Sep 2014 02:33:10 +0000 (08:03 +0530)]
ath9k: Fix beacons for managed mode

If the current opmode is managed, the ATH_OP_BEACONS flag
needs to be set only when there is a primary station interface
and it is associated/active.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoath9k: Fix beacon configuration for channel contexts
Sujith Manoharan [Fri, 5 Sep 2014 02:33:09 +0000 (08:03 +0530)]
ath9k: Fix beacon configuration for channel contexts

In channel context mode, when a new context is added,
mac80211 issues a bss_info_changed() notfication when
preparing the connection for the new interface/context.

But, this is done prior to the mgd_prepare_tx() call which
is where we switch to the new context. Since the current
context will be different when the earlier bss_info_changed()
is handled, the beacon information for the VIF is not
updated, but discarded since the rules for the current context
disallows it.

In the subsequent association process for the new context/vif,
this becomes a problem because the beacon parameters are invalid.
This causes problems with the TSF timer, causing large jumps.

To fix this, check if the beacon info is being updated for a
different context and if so, allow it without any checks since
we limit the max. interfaces to two anyway.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: register NAND and QSPI cores early
Rafał Miłecki [Thu, 4 Sep 2014 22:18:49 +0000 (00:18 +0200)]
bcma: register NAND and QSPI cores early

On Northstar (ARM arch) we will use MTD subsystem to access NVRAM and
SPROM. To get access to flash device we need to register these cores
first.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: move code for core registration into separate function
Rafał Miłecki [Thu, 4 Sep 2014 22:18:48 +0000 (00:18 +0200)]
bcma: move code for core registration into separate function

This cleans code a bit and will us to register cores in other places as
well. The only difference with this patch is using "core_index" for
setting device name.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Update remaining old parts of the driver
Larry Finger [Thu, 4 Sep 2014 21:03:46 +0000 (16:03 -0500)]
rtlwifi: btcoexist: Update remaining old parts of the driver

This patch makes halbtcoutsrc.{c,h} work with the new pieces of the driver.
Also included are some modifications to various header files.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: troy_tan@realsil.com.cn
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Add second part of BT coexistence routines for rtl8821ae
Larry Finger [Thu, 4 Sep 2014 21:03:45 +0000 (16:03 -0500)]
rtlwifi: btcoexist: Add second part of BT coexistence routines for rtl8821ae

This code comes from the V062414 version of the drivers from Realtek.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: troy_tan@realsil.com.cn
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Add BT coexistence routines for driver rtl8821ae
Larry Finger [Thu, 4 Sep 2014 21:03:44 +0000 (16:03 -0500)]
rtlwifi: btcoexist: Add BT coexistence routines for driver rtl8821ae

This patch adds the code needed for the new rtl8821ae driver.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: troy_tan@realsil.com.cn
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Modify driver to support BT coexistence in rtl8723be
Larry Finger [Thu, 4 Sep 2014 21:03:43 +0000 (16:03 -0500)]
rtlwifi: btcoexist: Modify driver to support BT coexistence in rtl8723be

This patch adds the routines found in the V062814 Realtek version.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: troy_tan@realsil.com.cn
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Modify driver for V062814 Realtek driver
Larry Finger [Thu, 4 Sep 2014 21:03:42 +0000 (16:03 -0500)]
rtlwifi: btcoexist: Modify driver for V062814 Realtek driver

This patch adds the routines needed to support BT coexistence with the
new rtl8192ee driver.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: troy_tan@realsil.com.cn
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Modify rtl_btc for changes in latest Realtek code
Larry Finger [Thu, 4 Sep 2014 21:03:41 +0000 (16:03 -0500)]
rtlwifi: btcoexist: Modify rtl_btc for changes in latest Realtek code

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: troy_tan@realsil.com.cn
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agortlwifi: btcoexist: Modify btcoexist for changes in the V062814 Realtek version
Larry Finger [Thu, 4 Sep 2014 21:03:40 +0000 (16:03 -0500)]
rtlwifi: btcoexist: Modify btcoexist for changes in the V062814 Realtek version

This patch is the first of a set to bring this driver up to the latest Realtek code.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: troy_tan@realsil.com.cn
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: use separated function to initialize bus on SoC
Rafał Miłecki [Mon, 1 Sep 2014 21:11:07 +0000 (23:11 +0200)]
bcma: use separated function to initialize bus on SoC

This is required to split SoC bus init into two phases. The later one
(which includes scanning) should be called when kalloc is available.

Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: move bus struct setup into early part of host specific code
Rafał Miłecki [Mon, 1 Sep 2014 21:11:06 +0000 (23:11 +0200)]
bcma: move bus struct setup into early part of host specific code

This change is important for SoC host. In future we will want to know
chip ID (needed for early MIPS boot) before doing cores scanning.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoBluetooth: 6lowpan: Route packets that are not meant to peer via correct device
Jukka Rissanen [Mon, 8 Sep 2014 09:11:45 +0000 (12:11 +0300)]
Bluetooth: 6lowpan: Route packets that are not meant to peer via correct device

Packets that are supposed to be delivered via the peer device need to
be checked and sent to correct device. This requires that user has set
the routes properly so that the 6lowpan module can then figure out
the destination gateway and the correct Bluetooth device.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17.x
10 years agoBluetooth: 6lowpan: Set the peer IPv6 address correctly
Jukka Rissanen [Mon, 8 Sep 2014 09:11:44 +0000 (12:11 +0300)]
Bluetooth: 6lowpan: Set the peer IPv6 address correctly

The peer IPv6 address contained wrong U/L bit in the EUI-64 part.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17.x
10 years agoBluetooth: 6lowpan: Increase the connection timeout value
Jukka Rissanen [Mon, 8 Sep 2014 09:11:43 +0000 (12:11 +0300)]
Bluetooth: 6lowpan: Increase the connection timeout value

Use the default connection timeout value defined in l2cap.h because
the current timeout was too short and most of the time the connection
attempts timed out.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17.x
10 years agoBluetooth: Fix issue with USB suspend in btusb driver
Champion Chen [Sat, 6 Sep 2014 19:06:08 +0000 (14:06 -0500)]
Bluetooth: Fix issue with USB suspend in btusb driver

Suspend could fail for some platforms because
btusb_suspend==> btusb_stop_traffic ==> usb_kill_anchored_urbs.

When btusb_bulk_complete returns before system suspend and resubmits
an URB, the system cannot enter suspend state.

Signed-off-by: Champion Chen <champion_chen@realsil.com.cn>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
10 years agoBluetooth: Fix mgmt pairing failure when authentication fails
Johan Hedberg [Tue, 9 Sep 2014 00:09:49 +0000 (17:09 -0700)]
Bluetooth: Fix mgmt pairing failure when authentication fails

Whether through HCI with BR/EDR or SMP with LE when authentication fails
we should also notify any pending Pair Device mgmt command. This patch
updates the mgmt_auth_failed function to take the actual hci_conn object
and makes sure that any pending pairing command is notified and cleaned
up appropriately.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix dereferencing conn variable before NULL check
Johan Hedberg [Sat, 6 Sep 2014 03:59:10 +0000 (06:59 +0300)]
Bluetooth: Fix dereferencing conn variable before NULL check

This patch fixes the following type of static analyzer warning (and
probably a real bug as well as the NULL check should be there for a
reason):

net/bluetooth/smp.c:1182 smp_conn_security() warn: variable dereferenced before check 'conn' (see line 1174)

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: LLVMLinux: Remove VLAIS from bluetooth/amp.c
Behan Webster [Fri, 5 Sep 2014 23:03:34 +0000 (16:03 -0700)]
Bluetooth: LLVMLinux: Remove VLAIS from bluetooth/amp.c

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using an char array.

The new code can be compiled with both gcc and clang.

struct shash_desc contains a flexible array member member ctx declared with
CRYPTO_MINALIGN_ATTR, so sizeof(struct shash_desc) aligns the beginning
of the array declared after struct shash_desc with long long.

No trailing padding is required because it is not a struct type that can
be used in an array.

The CRYPTO_MINALIGN_ATTR is required so that desc is aligned with long long
as would be the case for a struct containing a member with
CRYPTO_MINALIGN_ATTR.

Signed-off-by: Behan Webster <behanw@converseincode.com>
Signed-off-by: Mark Charlebois <charlebm@gmail.com>
Signed-off-by: Jan-Simon Möller <dl9pf@gmx.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add strict checks for allowed SMP PDUs
Johan Hedberg [Fri, 5 Sep 2014 19:19:55 +0000 (22:19 +0300)]
Bluetooth: Add strict checks for allowed SMP PDUs

SMP defines quite clearly when certain PDUs are to be expected/allowed
and when not, but doesn't have any explicit request/response definition.
So far the code has relied on each PDU handler to behave correctly if
receiving PDUs at an unexpected moment, however this requires many
different checks and is prone to errors.

This patch introduces a generic way to keep track of allowed PDUs and
thereby reduces the responsibility & load on individual command
handlers. The tracking is implemented using a simple bit-mask where each
opcode maps to its own bit. If the bit is set the corresponding PDU is
allow and if the bit is not set the PDU is not allowed.

As a simple example, when we send the Pairing Request we'd set the bit
for Pairing Response, and when we receive the Pairing Response we'd
clear the bit for Pairing Response.

Since the disallowed PDU rejection is now done in a single central place
we need to be a bit careful of which action makes most sense to all
cases. Previously some, such as Security Request, have been simply
ignored whereas others have caused an explicit disconnect.

The only PDU rejection action that keeps good interoperability and can
be used for all the applicable use cases is to drop the data. This may
raise some concerns of us now being more lenient for misbehaving (and
potentially malicious) devices, but the policy of simply dropping data
has been a successful one for many years e.g. in L2CAP (where this is
the *only* policy for such cases - we never request disconnection in
l2cap_core.c because of bad data). Furthermore, we cannot prevent
connected devices from creating the SMP context (through a Security or
Pairing Request), and once the context exists looking up the
corresponding bit for the received opcode and deciding to reject it is
essentially an equally lightweight operation as the kind of rejection
that l2cap_core.c already successfully does.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix calling smp_distribute_keys() when still waiting for keys
Johan Hedberg [Fri, 5 Sep 2014 19:19:54 +0000 (22:19 +0300)]
Bluetooth: Fix calling smp_distribute_keys() when still waiting for keys

When we're in the process of receiving keys in phase 3 of SMP we keep
track of which keys are still expected in the smp->remote_key_dist
variable. If we still have some key bits set we need to continue waiting
for more PDUs and not needlessly call smp_distribute_keys(). This patch
fixes two such cases in the smp_cmd_master_ident() and
smp_cmd_ident_addr_info() handler functions.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add define for key distribution mask
Johan Hedberg [Fri, 5 Sep 2014 19:19:53 +0000 (22:19 +0300)]
Bluetooth: Add define for key distribution mask

This patch adds a define for the allowed bits of the key distribution
mask so we don't have to have magic 0x07 constants throughout the code.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix locking of the SMP context
Johan Hedberg [Fri, 5 Sep 2014 19:19:52 +0000 (22:19 +0300)]
Bluetooth: Fix locking of the SMP context

Before the move the l2cap_chan the SMP context (smp_chan) didn't have
any kind of proper locking. The best there existed was the
HCI_CONN_LE_SMP_PEND flag which was used to enable mutual exclusion for
potential multiple creators of the SMP context.

Now that SMP has been converted to use the l2cap_chan infrastructure and
since the SMP context is directly mapped to a corresponding l2cap_chan
we get the SMP context locking essentially for free through the
l2cap_chan lock. For all callbacks that l2cap_core.c makes for each
channel implementation (smp.c in the case of SMP) the l2cap_chan lock is
held through l2cap_chan_lock(chan).

Since the calls from l2cap_core.c to smp.c are covered the only missing
piece to have the locking implemented properly is to ensure that the
lock is held for any other call path that may access the SMP context.
This means user responses through mgmt.c, requests to elevate the
security of a connection through hci_conn.c, as well as any deferred
work through workqueues.

This patch adds the necessary locking to all these other code paths that
try to access the SMP context. Since mutual exclusion for the l2cap_chan
access is now covered from all directions the patch also removes
unnecessary HCI_CONN_LE_SMP_PEND flag (once we've acquired the chan lock
we can simply check whether chan->smp is set to know if there's an SMP
context).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary deferred work for SMP key distribution
Johan Hedberg [Fri, 5 Sep 2014 19:19:51 +0000 (22:19 +0300)]
Bluetooth: Remove unnecessary deferred work for SMP key distribution

Now that the identity address update happens through its own deferred
work there's no need to have smp_distribute_keys anymore behind a second
deferred work. This patch removes this extra construction and makes the
code do direct calls to smp_distribute_keys() again.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Move identity address update behind a workqueue
Johan Hedberg [Fri, 5 Sep 2014 19:19:50 +0000 (22:19 +0300)]
Bluetooth: Move identity address update behind a workqueue

The identity address update of all channels for an l2cap_conn needs to
take the lock for each channel, i.e. it's safest to do this by a
separate workqueue callback.

Previously this was partially solved by moving the entire SMP key
distribution behind a workqueue. However, if we want SMP context locking
to be correct and safe we should always use the l2cap_chan lock when
accessing it, meaning even smp_distribute_keys needs to take that lock
which would once again create a dead lock when updating the identity
address.

The simplest way to solve this is to have l2cap_conn manage the deferred
work which is what this patch does. A subsequent patch will remove the
now unnecessary SMP key distribution work struct.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Don't take any action in smp_resume_cb if not encrypted
Johan Hedberg [Fri, 5 Sep 2014 19:19:49 +0000 (22:19 +0300)]
Bluetooth: Don't take any action in smp_resume_cb if not encrypted

When smp_resume_cb is called if we're not encrypted (i.e. the callback
wasn't called because the connection became encrypted) we shouldn't take
any action at all. This patch moves also the security_timer cancellation
behind this condition.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary checks after canceling SMP security timer
Johan Hedberg [Fri, 5 Sep 2014 19:19:48 +0000 (22:19 +0300)]
Bluetooth: Remove unnecessary checks after canceling SMP security timer

The SMP security timer used to be able to modify the SMP context state
but now days it simply calls hci_disconnect(). It is therefore
unnecessary to have extra sanity checks for the SMP context after
canceling the timer.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add clarifying comment for LE CoC result value
Johan Hedberg [Mon, 1 Sep 2014 06:45:03 +0000 (09:45 +0300)]
Bluetooth: Add clarifying comment for LE CoC result value

The "pending" L2CAP response value is not defined for LE CoC. This patch
adds a clarifying comment to the code so that the reader will not think
there is a bug in trying to use this value for LE CoC.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Move clock offset reading into hci_disconnect()
Johan Hedberg [Mon, 18 Aug 2014 17:33:34 +0000 (20:33 +0300)]
Bluetooth: Move clock offset reading into hci_disconnect()

To give all hci_disconnect() users the advantage of getting the clock
offset read automatically this patch moves the necessary code from
hci_conn_timeout() into hci_disconnect(). This way we pretty much always
update the clock offset when disconnecting.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Use hci_disconnect() for mgmt_disconnect_device()
Johan Hedberg [Mon, 18 Aug 2014 17:33:33 +0000 (20:33 +0300)]
Bluetooth: Use hci_disconnect() for mgmt_disconnect_device()

There's no reason to custom build the HCI_Disconnect command in the
Disconnect Device mgmt command handler. This patch updates the code to
use hci_disconnect() instead.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Update hci_disconnect() to return an error value
Johan Hedberg [Mon, 18 Aug 2014 17:33:32 +0000 (20:33 +0300)]
Bluetooth: Update hci_disconnect() to return an error value

We'll soon use hci_disconnect() from places that are interested to know
whether the hci_send_cmd() really succeeded or not. This patch updates
hci_disconnect() to pass on any error returned from hci_send_cmd().

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix SMP error and response to be mutually exclusive
Johan Hedberg [Mon, 18 Aug 2014 17:33:31 +0000 (20:33 +0300)]
Bluetooth: Fix SMP error and response to be mutually exclusive

Returning failure from the SMP data parsing function will cause an
immediate disconnect, making any attempts to send a response PDU futile.
This patch updates the function to always either send a response or
return an error, but never both at the same time:

* In the case that HCI_LE_ENABLED is not set we want to send a Pairing Not
  Supported response but it is not required to force a disconnection, so
  do not set the error return in this case.

* If we get garbage SMP data we can just fail with the handler function
  instead of also trying to send an SMP Failure PDU.

* There's no reason to force a disconnection if we receive an unknown SMP
  command. Instead simply send a proper Command Not Supported SMP
  response.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unused l2cap_conn_shutdown API
Johan Hedberg [Mon, 18 Aug 2014 17:33:30 +0000 (20:33 +0300)]
Bluetooth: Remove unused l2cap_conn_shutdown API

Now that there are no more users of the l2cap_conn_shutdown API (since
smp.c switched to using hci_disconnect) we can simply remove it along
with all of it's l2cap_conn variables.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Use hci_disconnect for immediate disconnection from SMP
Johan Hedberg [Mon, 18 Aug 2014 17:33:29 +0000 (20:33 +0300)]
Bluetooth: Use hci_disconnect for immediate disconnection from SMP

Relying on the l2cap_conn_del procedure (triggered through the
l2cap_conn_shutdown API) to get the connection disconnected is not
reliable as it depends on all users releasing (through hci_conn_drop)
and that there's at least one user (so hci_conn_drop is called at least
one time).

A much simpler and more reliable solution is to call hci_disconnect()
directly from the SMP code when we want to disconnect. One side-effect
this has is that it prevents any SMP Failure PDU from being sent before
the disconnection, however neither one of the scenarios where
l2cap_conn_shutdown was used really requires this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Set discon_timeout to 0 in l2cap_conn_del
Johan Hedberg [Mon, 18 Aug 2014 17:33:28 +0000 (20:33 +0300)]
Bluetooth: Set discon_timeout to 0 in l2cap_conn_del

When the l2cap_conn_del() function is used we do not want to wait around
"in case something happens" before disconnecting. This patch sets the
disconnection timeout to 0 so that the disconnection routines get
immediately scheduled.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove hci_conn_hold/drop from hci_chan
Johan Hedberg [Mon, 18 Aug 2014 17:33:27 +0000 (20:33 +0300)]
Bluetooth: Remove hci_conn_hold/drop from hci_chan

We can't have hci_chan contribute to the "active" reference counting of
the hci_conn since otherwise the connection would never get dropped when
there are no more users (since hci_chan would be counted as a user).
This patch removes hold() when creating the hci_chan and drop() when
destroying it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Ignore incoming data after initiating disconnection
Johan Hedberg [Sun, 17 Aug 2014 21:41:44 +0000 (00:41 +0300)]
Bluetooth: Ignore incoming data after initiating disconnection

When hci_chan_del is called the disconnection routines get scheduled
through a workqueue. If there's any incoming ACL data before the
routines get executed there's a chance that a new hci_chan is created
and the disconnection never happens. This patch adds a new hci_conn flag
to indicate that we're in the process of driving the connection down. We
set the flag in hci_chan_del and check for it in hci_chan_create so that
no new channels are created for the same connection.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Set disc_timeout to 0 when calling hci_chan_del
Johan Hedberg [Sun, 17 Aug 2014 21:41:43 +0000 (00:41 +0300)]
Bluetooth: Set disc_timeout to 0 when calling hci_chan_del

The hci_chan_del() function is used in scenarios where we've decided we
want to get rid of the underlying baseband link. It makes therefore
sense to force the disc_timeout to 0 so that the disconnection routines
are immediately scheduled.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix hci_conn reference counting with hci_chan
Johan Hedberg [Sun, 17 Aug 2014 21:41:42 +0000 (00:41 +0300)]
Bluetooth: Fix hci_conn reference counting with hci_chan

The hci_chan_del() function was doing a hci_conn_drop() but there was no
matching hci_conn_hold() in the hci_chan_create() function. Furthermore,
as the hci_chan struct holds a pointer to the hci_conn there should be
proper use of hci_conn_get/put. This patch fixes both issues so that
hci_chan does correct reference counting of the hci_conn object.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Use zero timeout for immediate scheduling
Johan Hedberg [Sun, 17 Aug 2014 21:41:41 +0000 (00:41 +0300)]
Bluetooth: Use zero timeout for immediate scheduling

There's no point in passing a "small" timeout to queue_delayed_work() to
try to get the callback faster scheduled. Passing 0 is perfectly valid
and will cause a shortcut to a direct queue_work().

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Refactor connection parameter freeing into its own function
Johan Hedberg [Fri, 15 Aug 2014 18:06:59 +0000 (21:06 +0300)]
Bluetooth: Refactor connection parameter freeing into its own function

The necessary steps for freeing connection paramaters have grown quite a
bit so we can simplify the code by factoring it out into its own
function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix using hci_conn_get() for hci_conn pointers
Johan Hedberg [Sun, 17 Aug 2014 20:28:57 +0000 (23:28 +0300)]
Bluetooth: Fix using hci_conn_get() for hci_conn pointers

Wherever we keep hci_conn pointers around we should be using
hci_conn_get/put to ensure that they stay valid. This patch fixes
all places violating against the principle currently.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Improve *_get() functions to return the object type
Johan Hedberg [Fri, 15 Aug 2014 18:06:57 +0000 (21:06 +0300)]
Bluetooth: Improve *_get() functions to return the object type

It's natural to have *_get() functions that increment the reference
count of an object to return the object type itself. This way it's
simple to make a copy of the object pointer and increase the reference
count in a single step. This patch updates two such get() functions,
namely hci_conn_get() and l2cap_conn_get(), and updates the users to
take advantage of the new API.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Optimize connection parameter lookup for LE connections
Johan Hedberg [Fri, 15 Aug 2014 18:06:56 +0000 (21:06 +0300)]
Bluetooth: Optimize connection parameter lookup for LE connections

When we get an LE connection complete event there's really no reason to
look through the entire connection parameter list as the entry should be
present in the hdev->pend_le_conns list too. This patch changes the
lookup code to do a more restricted lookup only in the pend_le_conns
list.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Set addr_type only when it's needed
Johan Hedberg [Fri, 15 Aug 2014 18:06:55 +0000 (21:06 +0300)]
Bluetooth: Set addr_type only when it's needed

In the hci_le_conn_complete_evt() function there's no need to set the
addr_type value until it's actually needed, i.e. for the black list
lookup. This patch moves the code a bit further down in the function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix hci_conn reference counting for fixed channels
Johan Hedberg [Fri, 15 Aug 2014 18:17:06 +0000 (21:17 +0300)]
Bluetooth: Fix hci_conn reference counting for fixed channels

Now that SMP has been converted to use fixed channels we've got a bit of
a problem with the hci_conn reference counting. So far the L2CAP code
has kept a reference for each L2CAP channel that was notified of the
connection. With SMP however this would mean that the connection is
never dropped even though there are no other users of it. Furthermore,
SMP already does its own hci_conn reference counting internally,
starting from a security or pairing request and ending with the key
distribution.

This patch makes L2CAP fixed channels default to the L2CAP core not
keeping a hci_conn reference for them. A new FLAG_HOLD_HCI_CONN flag is
added so that L2CAP users can declare an exception to this rule and hold
a reference even for their fixed channels. One such exception is the
L2CAP socket layer which does want a reference for each socket (e.g. an
ATT socket which uses a fixed channel).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary l2cap_chan_unlock before l2cap_chan_add
Johan Hedberg [Fri, 15 Aug 2014 18:06:52 +0000 (21:06 +0300)]
Bluetooth: Remove unnecessary l2cap_chan_unlock before l2cap_chan_add

The l2cap_chan_add() function doesn't require the channel to be
unlocked. It only requires the l2cap_conn to be unlocked. Therefore,
it's unnecessary to unlock a channel before calling l2cap_chan_add().
This patch removes such unnecessary unlocking from the
l2cap_chan_connect() function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU
Johan Hedberg [Fri, 15 Aug 2014 18:06:51 +0000 (21:06 +0300)]
Bluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU

The l2cap_create_le_flowctl_pdu() function that l2cap_segment_le_sdu()
calls is perfectly capable of doing packet fragmentation if given bigger
PDUs than the HCI buffers allow. Forcing the PDU length based on the HCI
MTU (conn->mtu) would therefore needlessly strict operation on hardware
with limited LE buffers (e.g. both Intel and Broadcom seem to have this
set to just 27 bytes).

This patch removes the restriction and makes it possible to send PDUs of
the full length that the remote MPS value allows.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
10 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville [Mon, 8 Sep 2014 15:14:56 +0000 (11:14 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless

10 years agoath5k: added debugfs file for dumping eeprom
Jade Bilkey [Sat, 30 Aug 2014 19:14:14 +0000 (15:14 -0400)]
ath5k: added debugfs file for dumping eeprom

Signed-off-by: Jade Bilkey <herself@thefumon.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>