Age | Commit message (Collapse) | Author | Files | Lines |
|
a minor cleanup in assigning the driver specific network type
based on interface type.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
On continuous loading and unloading of AR6004 ath6kl USB
driver it triggers a panic due to NULL pointer dereference of
'target' pointer.
while true; do sudo modprobe -v ath6kl_core;
sudo modprobe -v ath6kl_usb; sudo modprobe -r usb;
sudo modprobe -r ath6kl_core; done
ar->htc_target can be NULL due to a race condition that can occur
during driver initialization(we do 'ath6kl_hif_power_on' before
initializing 'ar->htc_target' via 'ath6kl_htc_create').
'ath6kl_hif_power_on' assigns 'ath6kl_recv_complete' as
usb_complete_t/callback function for 'usb_fill_bulk_urb'.
Thus the possibility of ar->htc_target being NULL
via ath6kl_recv_complete -> ath6kl_usb_io_comp_work
before even 'ath6kl_htc_create' is finished to initialize
ar->htc_create.
Worth noting is the obvious solution of doing 'ath6kl_hif_power_on'
later(i.e after we are done with 'ath6kl_htc_create', causes a
h/w bring up failure in AR6003 SDIO, as 'ath6kl_hif_power_on' is a
pre-requisite to get the target version 'ath6kl_bmi_get_target_info'.
So simply check for NULL pointer for 'ar->htc_target' and bail out.
[23614.518282] BUG: unable to handle kernel NULL pointer dereference at
00000904
[23614.518463] IP: [<c012e7a6>] __ticket_spin_trylock+0x6/0x30
[23614.518570] *pde = 00000000
[23614.518664] Oops: 0000 [#1] SMP
[23614.518795] Modules linked in: ath6kl_usb(O+) ath6kl_core(O)
[23614.520012] EIP: 0060:[<c012e7a6>] EFLAGS: 00010286 CPU: 0
[23614.520012] EIP is at __ticket_spin_trylock+0x6/0x30
Call Trace:
[<c03f2a44>] do_raw_spin_trylock+0x14/0x40
[<c06daa12>] _raw_spin_lock_bh+0x52/0x80
[<f85464b4>] ? ath6kl_htc_pipe_rx_complete+0x3b4/0x4c0 [ath6kl_core]
[<f85464b4>] ath6kl_htc_pipe_rx_complete+0x3b4/0x4c0 [ath6kl_core]
[<c05bc272>] ? skb_dequeue+0x22/0x70
[<c05bc272>] ? skb_dequeue+0x22/0x70
[<f855bb32>] ath6kl_core_rx_complete+0x12/0x20 [ath6kl_core]
[<f848771a>] ath6kl_usb_io_comp_work+0xaa/0xb0 [ath6kl_usb]
[<c015b863>] process_one_work+0x1a3/0x5e0
[<c015b7e7>] ? process_one_work+0x127/0x5e0
[<f8487670>] ? ath6kl_usb_reset_resume+0x30/0x30 [ath6kl_usb]
[<c015bfde>] worker_thread+0x11e/0x3f0
Kernel panic - not syncing: Fatal exception in interrupt
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
dev_kfree_skb kernel API itself takes for checking for NULL
skb, so an explicit check is not required.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Assign 'true' to the bool variable instead of needless typecasting.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
WLAN_ENABLED is vif specific, not part of
the driver's struct ath6kl. Proper clearing
of this flag is already taken care in
ath6kl_cleanup_vif.
Cc: wei-jen jlin <jenlin@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Just use WARN_ON rather than an if containing only WARN_ON(1).
A simplified version of the semantic patch that makes this transformation
is as follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression e;
@@
- if (e) WARN_ON(1);
+ WARN_ON(e);
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Power Save Enabled : REC_POWER - conserve power
without sacrificing performance.
Power Save Disabled : MAX_PERF_POWER - maximum
performance at the expense of power.
Hence fix the debug message.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
As ath6kl firmware can't do intersections the driver should only listen
to regdom changes from cellular base stations, all other requests need to
be refused.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Make use of SDIO CRC error workaround hardware flag and avoid
target revision checks.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
AR6004(UB134) firmware supports only LP Endpoint, So map
all Access Categories to Low Priority endpoints. This fixes a WPA2
connection issue as the uplink(tx) endpoint is appropriately
mapped in sync with the firmware.
Tested-by: Ben Gray <ben.r.gray@gmail.com>
Reported-by: Ben Gray <ben.r.gray@gmail.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Currently AR6004 handles the inactivity timeout resolution
in minutes rather than seconds. So parse the inactivity timeout
to the firmware in minutes. For now we will cleanup the
inactive station entries to the nearest converted minutes
(ex: an inactive time of 70 seconds would take atleast 2 - 3 minutes)
Tested with surprise removal of client cards/host shutdown.
Cc: Manikandan Radhakrishnan <mradhakr@qca.qualcomm.com>
Reported-by: Leela Kella <leela@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Rename ATH6KL_HW_FLAG_64BIT_RATES to ATH6KL_HW_64BIT_RATES.
This seemed to be necessary to add/use new hardware flags
without exceeding 80 lines. We shall be adding new hw flags
dropping the FLAG term.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Incase the resource allocation for the struct ath6kl_urb_context in the
function ath6kl_usb_alloc_pipe_resources fails, return this error
case so that ath6kl_usb_probe is aware of this error case.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
These checks are no longer needed as the necessary
USB support is already present in the driver.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Endpoint ID is checked to make sure it is valid.
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The variable assigned_ep can be assigned value of -1 and is never
checked if it equals -1. So the endpoint array can have -1 as the index
value and can be out of bounds.
The value of assigned_ep is checked for -1 and is ensured that the
endpoint array doesn't go out of bounds.
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
When a station tries to connect to an AP and if the MAC of the
station is in the AP's block list, the station cannot connect to the
AP. This is notified to the userspace with event
NL80211_CMD_CONN_FAILED and attribute NL80211_ATTR_CONN_FAILED_REASON.
The reason sent will be NL80211_CONN_FAIL_BLOCKED_CLIENT.
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
When a station requests connection to an AP, that has already been
connected to the maximum number of stations it can support, an event
is sent to user space via NL80211_CMD_CONN_FAILED command and reason
attribute NL80211_ATTR_CONN_FAILED_REASON with
NL80211_CONN_FAIL_MAX_CLIENTS as reason.
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The skb->tail pointer of rx buffers is not adjusted
after skb->data pointer is aligned to 4-byte, this
causes random rx data corruption.
Signed-off-by: Jin Navy <nhjin@qca.qualcomm.com>
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
It's safe to check endpoint id values before it get
really used. Found this on code review.
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
There are 28 items defined in rate table array 'wmi_rate_tbl'.
The rate table index (reply->rate_index) in ath6kl_wmi_bitrate_reply_rx()
func is not checked for the valid max limit index before accessing
rate table array. There may be some incidents to get memory crashes
without safe max check. Fix this.
Found this on code review.
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Return value of ath6kl_get_regpair() is stored in 'regpair' in
ath6kl_wmi_regdomain_event() func and it's directly accessed
in the debug prints without checking for NULL value. There are
situation to get NULL pointer as a return value from
ath6kl_get_regpair() func. Fix this.
Found this on code review.
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Disallowing any wmi commands while re-initializing the
firmware results in connection failures after recovery
is done in open/WEP mode. To fix this, clear WMI_READY,
to make sure no wmi command is tried while fw is down.
Remove ATH6KL_STATE_RECOVERY state check in ath6kl_control_tx()
so that any configuration during fw init time will go through
using wmi commands.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Using list_move_tail() instead of list_del() + list_add_tail().
spatch with a semantic match is used to found this problem.
(http://coccinelle.lip6.fr/)
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
gcc 4.8 warns
/backup/lsrc/git/linux-lto-2.6/drivers/net/wireless/ath/ath6kl/sdio.c:
In function 'ath6kl_sdio_enable_scatter':
/backup/lsrc/git/linux-lto-2.6/drivers/net/wireless/ath/ath6kl/sdio.c:748:16:
warning: 'ret' may be used uninitialized in this function
[-Wmaybe-uninitialized]
if (virt_scat || ret) {
^
The variable can indeed be uninitialized when the previous if branch is
skipped. I just set it to zero for now. I'm not fully sure the fix is
correct, maybe the || should be an && ?
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Add a modparam to configure recovery. Recovery
from firmware error is disabled by default to debug
the actual issue further. To recovery from error,
modprobe ath6kl_core recovery_enable=1.
Reported-by: Jin Navy <nhjin@qca.qualcomm.com>
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Add a bit in ath6kl_dev_state to maintian the run time state
of firmware recovery configuration. This would help to have
user configuration in fw_recovery which will be added in
a separate patch.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Checking for recovery state just before re-arming hb_timer is not
necessary, this should be done at the begining of the timer instead.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
hb_timer should be scheduled only when hb_poll is non-zero.
But in ath6kl_recovery_work() the timer is scheduled based
on fw_recovery.enable instead which is wrong.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
In some error conditions, fw pauses HTC pipes which would
result in control endpoint full condition. When we hit this
case, most of the time the device will be unusable. Re-initialize
the target to recover from this situation.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
This patch adds support to detect fw error condition by sending
periodic message (heart beat challenge) to firmware. Upon reception
of the message, fw would send a response event to driver. When
there are no reponses from fw for about 5 cmd driver would
trigger the recovery logic assuming that fw has gone into an
error state.
Capable fw will advertise this capability through
ATH6KL_FW_CAPABILITY_HEART_BEAT_POLL bit. This feature
is disabled by default, can be enabled through a modparam
(heart_beat_poll). This modparam also confiures the polling
interval in msecs.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Re-initialize the target when fw crash is reported.
This would make the device functional again after
target crash. During the target re-initialization
it is made sure that target is not bugged with data/cmd
request, ar->state ATH6KL_STATE_RECOVERY is used
for this purpose.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
So that these functions will be used to re-initialize the fw
upon detecting fw error. This refactoring moves ar->state
setting out of core stop/start functionality.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The MSB of rate index from FW is used for sgi. But the ath6kl_wmi_get_rate
doesn't handle it. The access to wmi_rate_tbl array may be out of range
if sgi is 1. This may cause the return value of ath6kl_wmi_get_rate()
function is incorrect link rate. We add sgi adjustment to avoid such case.
kvalo: change patch title
Signed-off-by: Dengke Qiu <dqiu@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
a minor cleanup in assigning the driver specific network type
based on interface type.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Since WOW_MASK_SIZE and WOW_PATTERN_SIZE have the same value, are
logically equivalent, and part of the WMI API so therefore unlikely to
change, consolidate these into WOW_PATTERN_SIZE.
Reported-by Kalle Valo <kvalo@qualcomm.com>
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
This patch reflects changes in the firmware scheduled scan
implementation to behave better in cases with multiple concurrent vifs.
Major changes:
- scheduled scan filters and state are now programmed per-vif.
- decouple scheduled scan from host sleep.
To maintain graceful failure with old firmwares, a new firmware
capability bit is introduced: ATH6KL_FW_CAPABILITY_SCHED_SCAN_V2.
ath6kl simply won't advertise scheduled scan to cfg80211 if the
SCHED_SCAN_V2 is not supported.
Since firmwares from here on out won't support the previous implicit API
for scheduled scan (set WoW filters and host sleep), bump the firmware
API to protect old drivers.
Unfortunately, due to firmware RAM constraints ath6kl still cannot
expect a scan complete event at the end of a scheduled scan results
cycle, so the sched_scan_timer is retained.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
ath6kl_usb_init() does not check usb_register() return value.
As a result it may incorrectly report success of driver initialization.
Found by Linux Driver Verification project (linuxtesting.org).
kvalo: fix commit title and make cosmetic changes to the code to follow
more the style used in the driver
Signed-off-by: Marina Makienko <makienko@ispras.ru>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
We bail out from ath6kl_tx_complete() if any of the sanity
checks on skb and ath6kl_cookie fails. By doing this we
potentially leak few remaining buffers in packet_queue.
Make sure to proceed processing the remaining buffers
as well. This issue is found during code review.
Reported-by: Wang yufeng <yufengw@qca.qualcomm.com>
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
skb given to ath6kl_control_tx() is owned by ath6kl_control_tx().
Calling function should not free the skb for error cases.
This is found during code review.
kvalo: fix a checkpatch warning in ath6kl_wmi_cmd_send()
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
If the firmware decides to initiate a channel switch on an AP vif
running an RSN BSS, reconfigure the saved RSN IE capabilities as well.
Fixes a bug where the beacon and 4-way handshake would have a capability
mismatch after a channel switch, since the firmware apparently clears
these on an AP disconnect.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
When an ath6kl STA vif is issued a connect command, the firmware will
disconnect all other beaconing vifs in preparation for a potential
channel switch. The case where the connect fails is currently unhandled,
so if a connection attempt on a STA vif fails and any vifs were waiting
for a new channel, simply restart the concurrent vifs on their previous
channel.
Requires that we start tracking the last issued channel in ar->last_ch,
which is valid since ath6kl only supports 1 channel at a time.
Also clear the beaconing vif's want_ch_switch bit regardless of whether
channel switch succeeds, to stop recommitting the same failed profile.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Only WoW filters for the first vif were being set, causing failures to
wake up on any concurrent connected vifs. Handle all per-vif suspend
and resume tasks.
Since cfg80211 issues user wow filters on a per-wiphy basis, set any
custom filters on all connected vifs.
Starting WoW in firmware and setting host sleep mode is still handled on
a global per-phy level. The first vif is always used for bookkeeping
regardless of whether it is connected or not.
WoW is cancelled if no connected vifs are found.
No firmware capability bits or API bump is needed for this patch, as
setting filters for vifs with index > 0 will simply overwrite the index
0 filters in the current implementation. While not correct, this is
identical to the existing behavior.
kvalo: fix a checkpatch warning in ath6kl_wow_resume()
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
ath6kl was incorrectly assuming that IEEE80211_NUM_BANDS will always be 2
and used that also in the firmware WMI interface definitions. But after
the support for 60 GHz was added to cfg80211 IEEE80211_NUM_BANDS changed to 3
and this can cause all sort of problems, possibly even memory corruption.
I only found this during code review and didn't notice any bugs, but I'm
sure there are a few lurking somewhere.
To fix this rename unused A_NUM_BANDS to ATH6KL_NUM_BANDS, which is
always defined to be 2, and use that in WMI.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
To make it possible to change the country code from user space via nl80211
add handler for reg_notifier. The feature is only enabled when built
time option CONFIG_ATH6KL_REGDOMAIN is enabled, which again depends on
CFG80211_CERTIFICATION_ONUS for certication purposes.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
ATH6KL_FW_CAPABILITY_STA_P2PDEV_DUPLEX was checked in cfg80211.c which is
a bit awkward when adding more callsites to the scan functions. Refactor
the code to wmi.c so that it's transparent to the callers.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
To make it easier to refactor the scan commands move
ath6kl_wmi_startscan_cmd() before the beginscan function. No functional
changes.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
The ath6kl firmware can monitor a connection and report when a certain
TX failure threshold is crossed. Support this configuration and event
reporting on compatible firmwares.
Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
Add support for AR6004 hardware with version 1.3 and has
id 0x31c8088a.
Signed-off-by: Bala Shanmugam <bkamatch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|
|
In ath6kl_read_fwlogs(), return value from ath6kl_diag_read()is not
used to bail out in case of any errors in reading fw log. No real issue
is observed because of this, reported by source code analyzer.
kvalo: fix a long line warning
Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
|