| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The value for "aid" comes from skb->data so Smatch marks it as
untrusted. If it's invalid then it can result in an out of bounds array
access in ath6kl_add_new_sta().
Fixes: 572e27c00c9d ("ath6kl: Fix AP mode connect event parsing and TIM updates")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200813141315.GB457408@mwanda
|
|
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1].
[1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200727195111.GA1603@embeddedor
|
|
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Addresses-Coverity-ID: 201383 ("Missing break in switch")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: Steve deRosier <derosier@cal-sierra.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Remove extra parentheses to fix the clang warning of extraneous
parentheses.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Variables netlen, orig_buf, orig_len, dropped and stats are assigned values
but are never used hence they are redundant and can be removed.
Cleans up clang warnings:
warning: variable 'netlen' set but not used [-Wunused-but-set-variable]
warning: variable 'orig_buf' set but not used [-Wunused-but-set-variable]
warning: variable 'orig_len' set but not used [-Wunused-but-set-variable]
warning: variable 'dropped' set but not used [-Wunused-but-set-variable]
warning: variable 'stats' set but not used [-Wunused-but-set-variable]
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Since the addition of the TXQ stats to cfg80211, the station_info struct
has grown to be quite large, which results in warnings when allocated on
the stack. Fix the affected places to do dynamic allocations instead.
Fixes: 52539ca89f36 ("cfg80211: Expose TXQ stats and parameters to userspace")
Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.
Cc: Kalle Valo <kvalo@qca.qualcomm.com>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Network devices can allocate reasources and private memory using
netdev_ops->ndo_init(). However, the release of these resources
can occur in one of two different places.
Either netdev_ops->ndo_uninit() or netdev->destructor().
The decision of which operation frees the resources depends upon
whether it is necessary for all netdev refs to be released before it
is safe to perform the freeing.
netdev_ops->ndo_uninit() presumably can occur right after the
NETDEV_UNREGISTER notifier completes and the unicast and multicast
address lists are flushed.
netdev->destructor(), on the other hand, does not run until the
netdev references all go away.
Further complicating the situation is that netdev->destructor()
almost universally does also a free_netdev().
This creates a problem for the logic in register_netdevice().
Because all callers of register_netdevice() manage the freeing
of the netdev, and invoke free_netdev(dev) if register_netdevice()
fails.
If netdev_ops->ndo_init() succeeds, but something else fails inside
of register_netdevice(), it does call ndo_ops->ndo_uninit(). But
it is not able to invoke netdev->destructor().
This is because netdev->destructor() will do a free_netdev() and
then the caller of register_netdevice() will do the same.
However, this means that the resources that would normally be released
by netdev->destructor() will not be.
Over the years drivers have added local hacks to deal with this, by
invoking their destructor parts by hand when register_netdevice()
fails.
Many drivers do not try to deal with this, and instead we have leaks.
Let's close this hole by formalizing the distinction between what
private things need to be freed up by netdev->destructor() and whether
the driver needs unregister_netdevice() to perform the free_netdev().
netdev->priv_destructor() performs all actions to free up the private
resources that used to be freed by netdev->destructor(), except for
free_netdev().
netdev->needs_free_netdev is a boolean that indicates whether
free_netdev() should be done at the end of unregister_netdevice().
Now, register_netdevice() can sanely release all resources after
ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit()
and netdev->priv_destructor().
And at the end of unregister_netdevice(), we invoke
netdev->priv_destructor() and optionally call free_netdev().
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Instead of using a private copy of struct net_device_stats in struct
ath6kl_vif, use stats from struct net_device. Also remove the now
unnecessary .ndo_get_stats function.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Use the built-in function instead of memset.
Miscellanea:
Add #include <linux/etherdevice.h> where appropriate
Use ETH_ALEN instead of 6
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This is really just duplicating the list of information that's
already available in the nl80211 attribute, so remove the list.
Two small changes are needed:
* remove STATION_INFO_ASSOC_REQ_IES complete, but the length
(assoc_req_ies_len) can be used instead
* add NL80211_STA_INFO_RX_DROP_MISC which exists internally
but not in nl80211 yet
This gets rid of the duplicate maintenance of the two lists.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Signed-off-by: Hans Wennborg <hans@hanshq.net>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
This change enables ath6kl driver to support ar6004 hw3.0. At the same time do
some fixes in firmware initialisation which applies to ar6004 hw1.3 as well.
Signed-off-by: Jessica Wu <wjessica@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Some of the firmware versions support rate tables up to mcs15, add support for
that.
Signed-off-by: Jessica Wu <wjessica@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Fixes checkpatch warning:
CHECK: braces {} should be used on all arms of this statement
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Fixes checkpatch warnings:
CHECK: Blank lines aren't necessary after an open brace '{'
CHECK: Blank lines aren't necessary before a close brace '}'
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
In our Fuz testing, reference client corrupts the dest mac to "00:00:00:00:00:00"
in the WPA2 handshake no 2. During driver init the sta_list entries mac
addresses are by default "00:00:00:00:00:00". Driver returns an invalid
pointer (conn) and the drver shall crash, if rxtids (aggr_conn)
skb queues are accessed, since they would not be initialized.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Either first 3 bytes of the first received tcp segment or last one
over MTU size file can be loss due to the byte alignment problem.
Although ATH6KL_HTC_ALIGN_BYTES was defined for 'extra bytes for htc header
alignment' in the patch "Fix buffer alignment for scatter-gather
I/O"(1df94a857), there exists the bytes loss issue which means that it will be
truncated 3 bytes in the transmitted file contents if a file which has over MTU
size is transferred through TCP/IP stack. It doesn't look like TCP/IP stack
bug of 3.5 or the latest version of kernel but the byte alignment issue. This
patch is to use the roundup() function for the byte alignment rather than the
predefined ATH6KL_HTC_ALIGN_BYTES.
kvalo: fixed indentation
Signed-off-by: Myoungje Kim <mjei78@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Move it to init.c, make it static, remove all useless checks and force it to
always do cold reset.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
When a station tries to connect to an AP and if the MAC of the
station is in the AP's block list, the station cannot connect to the
AP. This is notified to the userspace with event
NL80211_CMD_CONN_FAILED and attribute NL80211_ATTR_CONN_FAILED_REASON.
The reason sent will be NL80211_CONN_FAIL_BLOCKED_CLIENT.
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
When a station requests connection to an AP, that has already been
connected to the maximum number of stations it can support, an event
is sent to user space via NL80211_CMD_CONN_FAILED command and reason
attribute NL80211_ATTR_CONN_FAILED_REASON with
NL80211_CONN_FAIL_MAX_CLIENTS as reason.
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
If the firmware decides to initiate a channel switch on an AP vif
running an RSN BSS, reconfigure the saved RSN IE capabilities as well.
Fixes a bug where the beacon and 4-way handshake would have a capability
mismatch after a channel switch, since the firmware apparently clears
these on an AP disconnect.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
When an ath6kl STA vif is issued a connect command, the firmware will
disconnect all other beaconing vifs in preparation for a potential
channel switch. The case where the connect fails is currently unhandled,
so if a connection attempt on a STA vif fails and any vifs were waiting
for a new channel, simply restart the concurrent vifs on their previous
channel.
Requires that we start tracking the last issued channel in ar->last_ch,
which is valid since ath6kl only supports 1 channel at a time.
Also clear the beaconing vif's want_ch_switch bit regardless of whether
channel switch succeeds, to stop recommitting the same failed profile.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
In ath6kl_read_fwlogs(), return value from ath6kl_diag_read()is not
used to bail out in case of any errors in reading fw log. No real issue
is observed because of this, reported by source code analyzer.
kvalo: fix a long line warning
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Conflicts:
drivers/net/wireless/ath/ath6kl/cfg80211.c
|
|
Need to have different FW versioning for different FW binaries.
This is handled by appending different meta data in firmware
binaries.
kvalo: add an empty line before a debug message, use '0' instead of '0x00',
fix indentation
Signed-off-by: Naveen Singh <navesing@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Instead of setting the channel first and then
starting the AP, let cfg80211 store the channel
and provide it as one of the AP settings.
This means that now you have to set the channel
before you can start an AP interface, but since
hostapd/wpa_supplicant always do that we're OK
with this change.
Alternatively, it's now possible to give the
channel as an attribute to the start-ap nl80211
command, overriding any preset channel.
Cc: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
|
Infrastructure to enable Multicast WOW support based on
firmware capability added to the driver.This enables
different customers or chips to control this feature based
on firmware capability.
kvalo: Firmware capability infrastructure for multicast wow feature,
indetation fixes.
Signed-off-by: Naveen Gangadharan <ngangadh@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
This patch enables all multicast packets in non suspend mode
and enable multicast filtering in wow suspend mode. This also
fixes a bug in multicast where the driver assumed disable
multicast-all command disabled/filtered all multicast
packets, which was wrong assumption, because firmware will
apply the programmed filter.
Multicast requirements
- Enable forward all multicast packets(no filtering) in
non suspend mode.
- Enable multicast filtering in wow suspend mode for both
AP and CLIENT.
kvalo: fix a checkpatch warning and drop unrelated newline removal
Signed-off-by: Naveen Gangadharan <ngangadh@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Currently the supported bands are just hard coded in the driver.
However, the ath6kl FW will include its 11n and band capabilites in a
WMI_READY event. Handle this and report capabilites to cfg80211
accordingly.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Found by checkpatch:
WARNING: quoted string split across lines
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
If an ath6kl AP vif is beaconing on one channel, and a STA vif
associates on a different channel, a WMI_DISCONNECT event will be sent
to the AP vif. Make the AP vif follow the STA interface, and notify
userspace.
kvalo: fix a sparse warning with vif->next_chan
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
|
|
Use a more current logging style.
Make sure all output is prefixed appropriately.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
|
Firmware reports the below ARP offload related information
while sending the target statistic event to the host.
* Number of ARP packets received.
* Number of packets matched with the device IP addr.
* Number of ARP response packet sent to the remote.
This patch adds the additional debug prints in debugfs
entry tgt_stats. It will be useful to know the ARP offload
execution status.
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
All found by checkpatch:
ath6kl/wmi.c:1036: CHECK: Logical continuations should be on the previous line
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Fix the issues which checkpatch found and were easy to fix. Especially
callers of ath6kl_bmi_write() are tricky and that needs to be fixed
separately.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Firmware has the option to support the listen interval
per vif specific. Fix this.
Listen interval can be set by the TUs or by the number
of beacons. Current code enables the user to configure
the listen interval in the unit of 'number of beacons'
using debugfs entry "listen_interval". Going forward,
we need to alter the listen interval in the unit of TUs
to get good power numbers while going to WOW suspend/resume.
Allowing the user to change the listen interval in
the unit of "number of beacons" in debugfs and changing
listen interval in wow suspend/resume in the unit of
time (TUs) would lead us to confuse.
This patch make sures the listen interval is changed only
in the unit of time (TUs).
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Move netdev->hw_features setting from ath6kl_core_init() to
init_netdev() so that it is done for every interface.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
PS buffering of unicast Action frames that are sent in a context
of a BSS. In AP mode when the recepient station goes to powersave
and PS_POLL flag is not set, we would buffer the frames. Send out
unicast mgmt bufferred frame when PS_POLL is received.
This fixes a bug in P2P GO behavior when sending a GO Discoverability
Request to a client that is in sleep mode.
kvalo: indentation fixes
Signed-off-by: Thirumalai Pachamuthu <tpachamu@qca.qualcomm.com>
Signed-off-by: Naveen Gangadharan <ngangadh@qca.qualcomm.com>
Signed-off-by: Aarthi Thiruvengadam <athiruve@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Update license header with the copyright to Qualcomm Atheros, Inc.
for the year 2011-2012.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
"ath6kl: Define a structure for connection specific aggregation information"
introduces this. In aggr_conn_init(), vif->aggr_cntxt is assigned to
aggr_conn->aggr_info, but vif->aggr_cntxt is not initialized at this
point, this would end up accessing an invalid pointer in aggregation
receive path. Fix this by passing the correct aggr_info to aggr_conn_init().
The panic trace would look like.
[<ffffffff8159e02e>] panic+0xa1/0x1c6
[<ffffffff8103773d>] ? kmsg_dump+0xfd/0x160
[<ffffffff815a2f6a>] oops_end+0xea/0xf0
[<ffffffff8102b95d>] no_context+0x11d/0x2d0
[<ffffffff8102bc5d>] __bad_area_nosemaphore+0x14d/0x230
[<ffffffff815a5c4d>] ? do_page_fault+0x30d/0x520
[<ffffffff8102bd53>] bad_area_nosemaphore+0x13/0x20
[<ffffffff815a5cfd>] do_page_fault+0x3bd/0x520
[<ffffffff8108bd60>] ? __lock_acquire+0x320/0x1680
[<ffffffff812e3a9d>] ? trace_hardirqs_off_thunk+0x3a/0x3c
[<ffffffff815a2385>] page_fault+0x25/0x30
[<ffffffffa0487a5f>] ? aggr_slice_amsdu+0xdf/0x170 [ath6kl_core]
[<ffffffffa0487bac>] aggr_deque_frms+0xbc/0x190 [ath6kl_core]
[<ffffffffa0488404>] ath6kl_rx+0x3e4/0xae0 [ath6kl_core]
[<ffffffffa047ae77>] ath6kl_htc_rxmsg_pending_handler+0x8b7/0xf10 [ath6kl_core]
[<ffffffffa00c82f0>] ? mmc_do_release_host+0x70/0x90 [mmc_core]
[<ffffffffa00c833a>] ? mmc_release_host+0x2a/0x50 [mmc_core]
[<ffffffffa04865c0>] ? ath6kl_alloc_amsdu_rxbuf+0x140/0x140 [ath6kl_core]
[<ffffffffa0477772>] ath6kl_hif_intr_bh_handler+0x362/0x510 [ath6kl_core]
[<ffffffffa01f1000>] ath6kl_sdio_irq_handler+0x60/0xb0 [ath6kl_sdio]
[<ffffffffa00d30bc>] sdio_irq_thread+0xec/0x320 [mmc_core]
[<ffffffffa00d2fd0>] ? sdio_claim_irq+0x220/0x220 [mmc_core]
[<ffffffffa00d2fd0>] ? sdio_claim_irq+0x220/0x220 [mmc_core]
[<ffffffff8105b21e>] kthread+0xbe/0xd0
[<ffffffff815ab574>] kernel_thread_helper+0x4/0x10
[<ffffffff815a2174>] ? retint_restore_args+0x13/0x13
[<ffffffff8105b160>] ? __init_kthread_worker+0x70/0x70
[<ffffffff815ab570>] ? gs_change+0x13/0x13
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Currently rx aggregation related states are maintained per
vif, but this will not properly work when operating in AP mode.
Aggregation is completely broken when more than one
11n stations are connected to AP mode vif. Fix this issue
by keeping station specific aggregation state in sta_list.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
This will be used when initializing station specific aggregation
information.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Commit c8f44affb7 ("net: introduce and use netdev_features_t for
device features sets") added netdev_features_t to ndo_set_features.
Change ath6kl to use the new type.
This fixes a warning:
ath6kl/main.c:1170: warning: initialization from incompatible pointer type
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
ath6kl_read_fwlogs() assigns the value zero to the variable 'ret'
at the time of declaration. Later, return value of ath6kl_diag_read32()
repalces the init value. Hence removing useless zero assignment.
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
* A new APSD power save queue is added in the station structure.
* When a station has APSD capability and goes to power save, the frame
designated to the station will be buffered in APSD queue.
* When the host receives a frame which the firmware marked as trigger,
host delivers the buffered frame from the APSD power save queue.
Number of frames to deliver is decided by MAX SP length.
* When a station moves from sleep to awake state, all frames buffered
in APSD power save queue are sent to the firmware.
* When a station is disconnected, all frames bufferes in APSD power save
queue are dropped.
* When the host queues the first frame to the APSD queue or removes the
last frame from the APSD queue, it is indicated to the firmware using
WMI_AP_APSD_BUFFERED_TRAFFIC_CMD.
kvalo: fix buggy handling of sks queues, made it more obvious
the user priority when wmm is disabled, remove unneed else block and
combined some variable declarations
Signed-off-by: Thirumalai Pachamuthu <tpachamu@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
This patch addresses a few problems with the commit:
"ath6kl: Implement support for listen interval from userspace"
* The debugfs file required for reading/writing the listen interval
wasn't created. Fix this.
* The interface index was being hardcoded to zero. Fix this.
* Two separate parameters, "listen_interval_time and listen_interval_beacons"
were being used. This fails to work as expected because the FW assigns
higher precedence to "listen_interval_beacons" and "listen_interval_time"
ends up being never used at all.
To handle this, fix the host driver to exclusively use listen interval
based on units of beacon intervals.
To set the listen interval, a user would now do something like this:
echo "10" > /sys/kernel/debug/ieee80211/*/ath6kl/listen_interval
kvalo: fix two checkpatch warnings
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Otherwise if (ielen <= ATH6KL_MAX_IE) is dead code. It looks safe to
change the type of ielen from u8 to size_t instead of removing this
if check, this ielen can have the length of more than one ies in future.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
