firefly-linux-kernel-4.4.55.git
11 years agocfg80211: always check for scan end on P2P device
Johannes Berg [Tue, 19 Mar 2013 14:04:07 +0000 (15:04 +0100)]
cfg80211: always check for scan end on P2P device

If a P2P device wdev is removed while it has a scan, then the
scan completion might crash later as it is already freed by
that time. To avoid the crash always check the scan completion
when the P2P device is being removed for some reason. If the
driver already canceled it, don't want and free it, otherwise
warn and leak it to avoid later crashes.

In order to do this, locking needs to be changed away from the
rdev mutex (which can't always be guaranteed). For now, use
the sched_scan_mtx instead, I'll rename it to just scan_mtx in
a later patch.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix virtual monitor interface locking
Johannes Berg [Wed, 20 Mar 2013 21:25:17 +0000 (22:25 +0100)]
mac80211: fix virtual monitor interface locking

The virtual monitor interface has a locking issue, it calls
into the channel context code with the iflist mutex held
which isn't allowed since it is usually acquired the other
way around. The mutex is still required for the interface
iteration, but need not be held across the channel calls.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: fix wdev tracing crash
Johannes Berg [Tue, 19 Mar 2013 19:26:57 +0000 (20:26 +0100)]
cfg80211: fix wdev tracing crash

Arend reported a crash in tracing if the driver returns an
ERR_PTR() value from the add_virtual_intf() callback. This
is due to the tracing then still attempting to dereference
the "pointer", fix this by using IS_ERR_OR_NULL().

Reported-by: Arend van Spriel <arend@broadcom.com>
Tested-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix crash with P2P Device returning action frames
Johannes Berg [Thu, 7 Mar 2013 12:22:05 +0000 (13:22 +0100)]
mac80211: fix crash with P2P Device returning action frames

If a P2P Device interface receives an unhandled action
frame, we attempt to return it. This crashes because it
doesn't have a channel context. Fix the crash by using
status->band and properly mark the return frame as an
off-channel frame.

Reported-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: fix potential BSS memory leak and update
Johannes Berg [Wed, 6 Mar 2013 09:31:05 +0000 (10:31 +0100)]
cfg80211: fix potential BSS memory leak and update

In the odd case that while updating information from a beacon,
a BSS was found that is part of a hidden group, we drop the
new information. In this case, however, we leak the IE buffer
from the update, and erroneously update the entry's timestamp
so it will never time out. Fix both these issues.

Cc: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: fix inconsistency in trace for rdev_set_mac_acl
Vladimir Kondratiev [Thu, 7 Mar 2013 09:08:29 +0000 (11:08 +0200)]
cfg80211: fix inconsistency in trace for rdev_set_mac_acl

There is NETDEV_ENTRY that was incorrectly assigned as WIPHY_ASSIGN,
fix it.

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: always synchronize_net() during station removal
Johannes Berg [Wed, 6 Mar 2013 22:17:08 +0000 (23:17 +0100)]
mac80211: always synchronize_net() during station removal

If there are keys left during station removal, then a
synchronize_net() will be done (for each key, I have a
patch to address this for 3.10), otherwise it won't be
done at all which causes issues because the station
could be used for TX while it's being removed from the
driver -- that might confuse the driver.

Fix this by always doing synchronize_net() if no key
was present any more.

Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: another fix for idle handling in monitor mode
Felix Fietkau [Sat, 2 Mar 2013 18:05:47 +0000 (19:05 +0100)]
mac80211: another fix for idle handling in monitor mode

When setting a monitor interface up or down, the idle state needs to be
recalculated, otherwise the hardware will just stay in its previous idle
state.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix VHT MCS calculation
Johannes Berg [Fri, 1 Mar 2013 16:33:18 +0000 (17:33 +0100)]
mac80211: fix VHT MCS calculation

The VHT MCSes we advertise to the AP were supposed to
be restricted to the AP, but due to a bug in the logic
mac80211 will advertise rates to the AP that aren't
even supported by the local device. To fix this skip
any adjustment if the NSS isn't supported at all.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix oops on mesh PS broadcast forwarding
Marco Porsch [Fri, 1 Mar 2013 15:01:18 +0000 (16:01 +0100)]
mac80211: fix oops on mesh PS broadcast forwarding

Introduced with de74a1d9032f4d37ea453ad2a647e1aff4cd2591
"mac80211: fix WPA with VLAN on AP side with ps-sta".
Apparently overwrites the sdata pointer with non-valid data in
the case of mesh.
Fix this by checking for IFTYPE_AP_VLAN.

Signed-off-by: Marco Porsch <marco@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: increase wiphy dump size dynamically
Johannes Berg [Fri, 1 Mar 2013 13:03:49 +0000 (14:03 +0100)]
nl80211: increase wiphy dump size dynamically

Given a device with many channels capabilities the wiphy
information can still overflow even though its size in
3.9 was reduced to 3.8 levels. For new userspace and
kernel 3.10 we're going to implement a new "split dump"
protocol that can use multiple messages per wiphy.

For now though, add a workaround to be able to send more
information to userspace. Since generic netlink doesn't
have a way to set the minimum dump size globally, and we
wouldn't really want to set it globally anyway, increase
the size only when needed, as described in the comments.
As userspace might not be prepared for large buffers, we
can only use 4k.

Also increase the size for the get_wiphy command.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: really fix monitor mode channel reporting
Johannes Berg [Thu, 28 Feb 2013 08:59:22 +0000 (09:59 +0100)]
mac80211: really fix monitor mode channel reporting

After Felix's patch it was still broken in case you
used more than just a single monitor interface. Fix
it better now.

Reported-by: Sujith Manoharan <sujith@msujith.org>
Tested-by: Sujith Manoharan <sujith@msujith.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: remove channel width and extended capa advertising
Johannes Berg [Wed, 27 Feb 2013 14:08:28 +0000 (15:08 +0100)]
nl80211: remove channel width and extended capa advertising

This is another case of data increasing the size of the
wiphy information significantly with a new feature, for
now remove this as well.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: Fix crash due to un-canceled work-items
Ben Greear [Wed, 20 Feb 2013 17:41:09 +0000 (09:41 -0800)]
mac80211: Fix crash due to un-canceled work-items

Some mlme work structs are not cancelled on disassociation
nor interface deletion, which leads to them running after
the memory has been freed

There is not a clean way to cancel these in the disassociation
logic because they must be canceled outside of the ifmgd->mtx
lock, so just cancel them in mgd_stop logic that tears down
the station.

This fixes the crashes we see in 3.7.9+.  The crash stack
trace itself isn't so helpful, but this warning gives
more useful info:

WARNING: at /home/greearb/git/linux-3.7.dev.y/lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
ODEBUG: free active (active state 0) object type: work_struct hint: ieee80211_sta_monitor_work+0x0/0x14 [mac80211]
Modules linked in: [...]
Pid: 14743, comm: iw Tainted: G         C O 3.7.9+ #11
Call Trace:
 [<ffffffff81087ef8>] warn_slowpath_common+0x80/0x98
 [<ffffffff81087fa4>] warn_slowpath_fmt+0x41/0x43
 [<ffffffff812a2608>] debug_print_object+0x7c/0x8d
 [<ffffffff812a2bca>] debug_check_no_obj_freed+0x95/0x1c3
 [<ffffffff8114cc69>] slab_free_hook+0x70/0x79
 [<ffffffff8114ea3e>] kfree+0x62/0xb7
 [<ffffffff8149f465>] netdev_release+0x39/0x3e
 [<ffffffff8136ad67>] device_release+0x52/0x8a
 [<ffffffff812937db>] kobject_release+0x121/0x158
 [<ffffffff81293612>] kobject_put+0x4c/0x50
 [<ffffffff8148f0d7>] netdev_run_todo+0x25c/0x27e

Cc: stable@vger.kernel.org
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stop timers before canceling work items
Ben Greear [Wed, 20 Feb 2013 17:41:08 +0000 (09:41 -0800)]
mac80211: stop timers before canceling work items

Re-order the quiesce code so that timers are always
stopped before work-items are flushed. This was not
the problem I saw, but I think it may still be more
correct.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix monitor mode channel reporting
Felix Fietkau [Sat, 23 Feb 2013 18:02:14 +0000 (19:02 +0100)]
mac80211: fix monitor mode channel reporting

When not using channel contexts with only monitor mode interfaces being
active, report local->monitor_chandef to userspace.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix idle handling in monitor mode
Felix Fietkau [Sat, 23 Feb 2013 17:40:57 +0000 (18:40 +0100)]
mac80211: fix idle handling in monitor mode

When the driver does not want a monitor mode VIF, no channel context is
allocated for it. This causes ieee80211_recalc_idle to put the hardware
into idle mode if only a monitor mode is active, breaking injection.

Fix this by checking local->monitors in addition to active channel
contexts.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: Ensure off-channel frames don't get queued
Seth Forshee [Mon, 25 Feb 2013 20:58:05 +0000 (14:58 -0600)]
mac80211: Ensure off-channel frames don't get queued

Commit 6c17b77b67587b9f9e3070fb89fe98cef3187131 (mac80211: Fix tx queue
handling during scans) contains a bug that causes off-channel frames to
get queued when they should be handed down to the driver for transmit.
Prevent this from happening.

Reported-by: Fabio Rossi <rossi.f@inwind.it>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix the problem of forwarding from DS to DS in Mesh
Chun-Yeow Yeoh [Tue, 19 Feb 2013 02:04:50 +0000 (10:04 +0800)]
mac80211: fix the problem of forwarding from DS to DS in Mesh

Unicast frame with unknown forwarding information always trigger
the path discovery assuming destination is always located inside the
MBSS. This patch allows the forwarding to look for mesh gate if path
discovery inside the MBSS has failed.

Reported-by: Cedric Voncken <cedric.voncken@acksys.fr>
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: remove TCP WoWLAN information
Johannes Berg [Tue, 19 Feb 2013 23:56:27 +0000 (00:56 +0100)]
nl80211: remove TCP WoWLAN information

Just like the radar information, the TCP WoWLAN capability
data can increase the wiphy information and make it too
big. Remove the TCP WoWLAN information; no driver supports
it and new userspace tools will be required as well.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: remove radar information
Johannes Berg [Mon, 18 Feb 2013 22:44:38 +0000 (23:44 +0100)]
nl80211: remove radar information

The wiphy information is getting very close to being too
much for a typical netlink dump message and adding the
radar attributes to channels and interface combinations
can push it over the limit, which means userspace gets no
information whatsoever. Therefore, remove these again for
now, no driver actually supports radar detection anyway
and a modified userspace is required as well.

We're working on a solution that will allow userspace to
request splitting the information across multiple netlink
messages, which will allow us to add this back.

Cc: Simon Wunderlich <simon.wunderlich@s2003.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix tim_lock locking
Johannes Berg [Fri, 22 Feb 2013 11:55:01 +0000 (12:55 +0100)]
mac80211: fix tim_lock locking

The ieee80211_beacon_add_tim() function might be called
by drivers with BHs enabled, which causes a potential
deadlock if TX happens at the same time and attempts to
lock the tim_lock as well. Use spin_lock_bh to fix it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agobrcmfmac: fix missing unlock on error in brcmf_notify_vif_event()
Wei Yongjun [Fri, 22 Feb 2013 13:32:20 +0000 (21:32 +0800)]
brcmfmac: fix missing unlock on error in brcmf_notify_vif_event()

Add the missing unlock before return from function brcmf_notify_vif_event()
in the error handling case.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: fix system freeze while reloading driver
Avinash Patil [Thu, 21 Feb 2013 05:12:58 +0000 (21:12 -0800)]
mwifiex: fix system freeze while reloading driver

Unload sequence for mwifiex PCIE driver is as follows:
1. Invoking cleanup module from kernel results into
   pci_unregister_driver
2. Kernel invokes PCIE remove() handler which disconnects all
   interfaces.
3. One step during disconnect is to clean PCIE TX rings.
   During this we read txbd_rdptr from FW.

While loading driver next time, we see pci_enable_device()
results into system freeze. This may have happened because we
accessed PCI device after unregistering from bus driver.
Removing this ioread() operation resolves this bug.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: don't drop carrier flag over suspend
Daniel Drake [Tue, 19 Feb 2013 20:09:47 +0000 (15:09 -0500)]
mwifiex: don't drop carrier flag over suspend

If the system suspends with mwifiex wifi powered on, and is then woken
by an ICMP ping packet, the ping response is discarded by the kernel
because the kernel incorrectly thinks there is no carrier.

I can't see any valid reason to want to report loss of carrier here,
so remove the offending code.

Fixes http://dev.laptop.org/ticket/12554

Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agonet: wireless: hostap: hostap_ap.c: Return -ENOMEM instead of -1 for if kmalloc(...
Kumar Amit Mehta [Mon, 18 Feb 2013 12:13:44 +0000 (04:13 -0800)]
net: wireless: hostap: hostap_ap.c: Return -ENOMEM instead of -1 for if kmalloc() fails.

When memory allocation using, kmalloc() fails, report appropriate error value.

Signed-off-by: Kumar Amit Mehta <gmate.amit@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agonet: wireless: orinoco: orinoco_usb.c: fix DMA buffers on stack
Kumar Amit Mehta [Mon, 18 Feb 2013 11:37:44 +0000 (03:37 -0800)]
net: wireless: orinoco: orinoco_usb.c: fix DMA buffers on stack

This patch fixes an instance of DMA buffer on stack(being passed to
usb_control_msg) for the wireless USB version of the Agere Orinoco card driver.
It also fixes the missing audit for the return value of firmware download
routine. Found using smatch.

Signed-off-by: Kumar Amit Mehta <gmate.amit@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agortlwifi: usb: allocate URB control message setup_packet and data buffer separately
Jussi Kivilinna [Mon, 18 Feb 2013 08:29:30 +0000 (10:29 +0200)]
rtlwifi: usb: allocate URB control message setup_packet and data buffer separately

rtlwifi allocates both setup_packet and data buffer of control message urb,
using shared kmalloc in _usbctrl_vendorreq_async_write. Structure used for
allocating is:
struct {
u8 data[254];
struct usb_ctrlrequest dr;
};

Because 'struct usb_ctrlrequest' is __packed, setup packet is unaligned and
DMA mapping of both 'data' and 'dr' confuses ARM/sunxi, leading to memory
corruptions and freezes.

Patch changes setup packet to be allocated separately.

[v2]:
 - Use WARN_ON_ONCE instead of WARN_ON

Cc: <stable@vger.kernel.org>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: add 802.11AC support
Yogesh Ashok Powar [Sat, 16 Feb 2013 05:44:30 +0000 (21:44 -0800)]
mwifiex: add 802.11AC support

For STA mode, collect VHT realated IEs from the Beacons or Probe
Responses and append similar VHT related IEs to association
requests.

For AP mode, get VHT related capability information and share it
with cfg80211 at the time of wiphy register. This information is
further used by cfg80211 and hostapd to start an AP with 802.11AC
support.

Currently only 8897 supports 802.11AC.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Frank Huang <frankh@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: coding style cleanup in bss parameter update
Yogesh Ashok Powar [Sat, 16 Feb 2013 05:44:29 +0000 (21:44 -0800)]
mwifiex: coding style cleanup in bss parameter update

They all can make one line.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: fix empty TX ring check for PCIe8897 while unloading driver
Avinash Patil [Sat, 16 Feb 2013 05:37:54 +0000 (21:37 -0800)]
mwifiex: fix empty TX ring check for PCIe8897 while unloading driver

While unloading driver, we free all pending TX packets by flushing
TX ring. There is unhandled case for PCIE8897 while checking for
ring empty condition.

This patch adds the handling by calling mwifiex_pcie_txbd_empty().

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac802...
John W. Linville [Mon, 18 Feb 2013 20:27:42 +0000 (15:27 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211-next

11 years agoiwlwifi: dvm: improve (again) the prints in reclaim path
Emmanuel Grumbach [Thu, 14 Feb 2013 09:33:54 +0000 (11:33 +0200)]
iwlwifi: dvm: improve (again) the prints in reclaim path

I removed a bit too much info last time.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: dvm: fix delayed enter to CT-kill bug
Eytan Lifshitz [Fri, 15 Feb 2013 14:31:45 +0000 (16:31 +0200)]
iwlwifi: dvm: fix delayed enter to CT-kill bug

Theoretically, the card may not enter CTKILL:
In case the timer that iwl_prepare_ct_kill_task is setting,
will expire before tt->state revert to its previous state.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Reserve MAC id 0 for managed interfaces
Ilan Peer [Wed, 13 Feb 2013 11:27:18 +0000 (13:27 +0200)]
iwlwifi: mvm: Reserve MAC id 0 for managed interfaces

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Fix resource allocation for P2P Device
Ilan Peer [Wed, 13 Feb 2013 10:26:39 +0000 (12:26 +0200)]
iwlwifi: mvm: Fix resource allocation for P2P Device

The time event data structures are required also for P2P Device
interface.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: Set the scan type according to the vif type
Ilan Peer [Mon, 11 Feb 2013 06:50:45 +0000 (08:50 +0200)]
iwlwifi: mvm: Set the scan type according to the vif type

The FW can differentiate between scans, according to the interface
type on which the scan was issues. Supply the interfaces type
information to the FW.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: fix time event command handling race
Johannes Berg [Fri, 15 Feb 2013 23:11:34 +0000 (00:11 +0100)]
iwlwifi: mvm: fix time event command handling race

Occasionally, we would run into this warning:

  iwlwifi 0000:02:00.0: U iwl_mvm_protect_session extend 0x2601: only 200 ms left
  iwlwifi 0000:02:00.0: U iwl_mvm_remove_time_event Removing TE 0x2601
  iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command TIME_EVENT_CMD (#29), seq: 0x0925, 60 bytes at 37[5]:9
  iwlwifi 0000:02:00.0: U iwl_pcie_send_hcmd_sync Attempting to send sync command TIME_EVENT_CMD
  iwlwifi 0000:02:00.0: U iwl_pcie_send_hcmd_sync Setting HCMD_ACTIVE for command TIME_EVENT_CMD
  iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command TIME_EVENT_CMD (#29), seq: 0x0926, 60 bytes at 38[6]:9
  iwlwifi 0000:02:00.0: U iwl_mvm_time_event_response TIME_EVENT_CMD response - UID = 0x2601
  iwlwifi 0000:02:00.0: I iwl_pcie_hcmd_complete Clearing HCMD_ACTIVE for command TIME_EVENT_CMD
  iwlwifi 0000:02:00.0: U iwl_mvm_rx_time_event_notif Time event notification - UID = 0x2701 action 1
  wlan0: associate with 00:0a:b8:55:a8:30 (try 2/3)
  ------------[ cut here ]------------
  WARNING: at drivers/net/wireless/iwlwifi/mvm/time-event.c:269 iwl_mvm_time_event_send_add+0x163/0x1a0 [iwlmvm]()
  Modules linked in: [...]
  Call Trace:
   [<c1046e42>] warn_slowpath_common+0x72/0xa0
   [<c1046e92>] warn_slowpath_null+0x22/0x30
   [<f8cad913>] iwl_mvm_time_event_send_add+0x163/0x1a0 [iwlmvm]
   [<f8cadead>] iwl_mvm_protect_session+0xcd/0x1c0 [iwlmvm]
   [<f8ca2087>] iwl_mvm_mac_mgd_prepare_tx+0x67/0xa0 [iwlmvm]
   [<f882a130>] ieee80211_sta_work+0x8f0/0x1070 [mac80211]

The reason is a problem with asynchronous vs. synchronous
commands, what happens here is the following:
 * TE 0x2601 is removed, the TIME_EVENT_CMD for that is async
 * a new TE (will be 0x2701) is created, the TIME_EVENT_CMD
   for that is sync and also uses a notification wait for the
   response (to avoid another race condition)
 * the response for the TE 0x2601 removal comes from the
   firmware, and is handled by the notification wait handler
   that's really waiting for the second response, but can't
   tell the difference, we therefore see the message
   "TIME_EVENT_CMD response - UID = 0x2601" instead of
   "TIME_EVENT_CMD response - UID = 0x2701".

Fix this issue by making the TE removal synchronous as well,
this means that we wait for the response to that command
first, before there's any chance of sending a new one.

Also, to detect such issues more easily in the future, add
a warning to the notification handler that detects them.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: add debug statement to time event add
Johannes Berg [Fri, 15 Feb 2013 22:54:10 +0000 (23:54 +0100)]
iwlwifi: mvm: add debug statement to time event add

This is helpful for debugging the time event warning,
but also in general to see what's going on.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: fix GO powersave client manipulation
Johannes Berg [Fri, 15 Feb 2013 21:47:48 +0000 (22:47 +0100)]
iwlwifi: mvm: fix GO powersave client manipulation

All station commands must include a valid MAC ID,
the ID 0 is randomly valid in some cases, but we
must set the ID properly. Do that by passing the
right station and using its mac_id_n_color.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: program DTIM timings properly
Johannes Berg [Tue, 5 Feb 2013 17:10:04 +0000 (18:10 +0100)]
iwlwifi: mvm: program DTIM timings properly

For the firmware to know when DTIM beacons arrive
we have to program the DTIM time in TSF and system
time in the MAC context. Since mac80211 now tracks
the different times (on demand), this becomes easy.

Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoiwlwifi: mvm: fix merge error
Johannes Berg [Fri, 15 Feb 2013 22:39:17 +0000 (23:39 +0100)]
iwlwifi: mvm: fix merge error

The iwlwifi-next tree removed IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC
while the mac80211-next tree removed

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoMerge remote-tracking branch 'wireless-next/master' into iwlwifi-next
Johannes Berg [Mon, 18 Feb 2013 19:16:12 +0000 (20:16 +0100)]
Merge remote-tracking branch 'wireless-next/master' into iwlwifi-next

11 years agocfg80211: fix station change if TDLS isn't supported
Johannes Berg [Mon, 18 Feb 2013 13:57:42 +0000 (14:57 +0100)]
cfg80211: fix station change if TDLS isn't supported

Larry noticed (and bisected) that commit df881293c6ba9a12868491a717b25
"cfg80211: Pass TDLS peer's QoS/HT/VHT information during set_station"
broke secure connections. This is is the case only for drivers that
don't support TDLS, where any kind of change, even just the change of
authorized flag that is required for normal operation, was rejected
now. To fix this, remove the checks. I have some patches that will add
proper verification for all the different cases later.

Cc: Jouni Malinen <j@w1.fi>
Bisected-by: Larry Finger <Larry.Finger@lwfinger.net>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: don't spam mesh probe response messages
Thomas Pedersen [Sat, 16 Feb 2013 18:41:06 +0000 (10:41 -0800)]
mac80211: don't spam mesh probe response messages

If mesh plink debugging is enabled, this gets annoying in
a crowded environment, fast.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stringify mesh peering events
Thomas Pedersen [Sat, 16 Feb 2013 18:41:05 +0000 (10:41 -0800)]
mac80211: stringify mesh peering events

Convert mesh peering events into strings and make the
debug output a little easier to read. Also stop printing
the llid and plid since these don't change across peering
states and are random numbers anyway so they just amount
to noise.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: clean up mesh HT operation
Thomas Pedersen [Sat, 16 Feb 2013 18:41:04 +0000 (10:41 -0800)]
mac80211: clean up mesh HT operation

ieee80211_ht_cap_ie_to_sta_ht_cap() will clean up the
ht_supported flag and station bandwidth field for us
if the peer beacon doesn't have an HT capability element
(is operating as non-HT).

Also, we don't really need a special station ch_width
member to track the station operating mode any more so use
sta.bandwidth instead.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix harmless station flush warning
Johannes Berg [Fri, 15 Feb 2013 10:47:50 +0000 (11:47 +0100)]
mac80211: fix harmless station flush warning

If an interface is set down while authenticating or
associating, there's a station entry that will be
removed by the flushing in do_stop() and that will
cause a warning. It's otherwise harmless, but avoid
the warning by calling ieee80211_mgd_stop() first.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: add correct docbook entries
Johannes Berg [Fri, 15 Feb 2013 09:11:24 +0000 (10:11 +0100)]
cfg80211: add correct docbook entries

Update the 802.11 book to list the correct
data structures.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: Fix incorrect use of STA_PR_FMT in trace points
Seth Forshee [Fri, 15 Feb 2013 19:15:48 +0000 (13:15 -0600)]
mac80211: Fix incorrect use of STA_PR_FMT in trace points

Several tracepoints are using STA_PR_FMT where STA_PR_ARG should be
used, resulting in messages like "phy0 sta:ARG TYPE NOT FIELD BUT 1".
Change these to STA_PR_ARG.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoMerge branch 'for-linville' of git://github.com/kvalo/ath6kl
John W. Linville [Fri, 15 Feb 2013 19:06:32 +0000 (14:06 -0500)]
Merge branch 'for-linville' of git://github.com/kvalo/ath6kl

11 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac802...
John W. Linville [Fri, 15 Feb 2013 18:59:53 +0000 (13:59 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211-next

11 years agomac80211: enable vif.cab_queue for mesh
Bob Copeland [Fri, 15 Feb 2013 15:18:34 +0000 (10:18 -0500)]
mac80211: enable vif.cab_queue for mesh

Since mesh powersaving was added, pending bcast/mcast frames may go out the
CAB queue now.  Unfortunately, the queue was only set up for AP mode, so we
would try to tx on the IEEE80211_INVAL_HW_QUEUE.  Allow cab_queue for mesh
interfaces as well.

Fixes the following warning (or crash without MAC80211_VERBOSE_DEBUG):

WARNING: at net/mac80211/tx.c:1223 __ieee80211_tx+0x162/0x35f [mac80211]()
Modules linked in: mac80211_hwsim mac80211 cfg80211 [...]
Pid: 3085, comm: avahi-daemon Tainted: G        W    3.8.0-rc1+ #377
Call Trace:
 [<ffffffff81045c20>] warn_slowpath_common+0x83/0x9c
 [<ffffffff81045c53>] warn_slowpath_null+0x1a/0x1c
 [<ffffffffa083aef0>] __ieee80211_tx+0x162/0x35f [mac80211]
 [<ffffffffa083cb1d>] ieee80211_tx+0xd3/0xf9 [mac80211]
 [<ffffffffa083cc0f>] ieee80211_xmit+0xcc/0xd5 [mac80211]
 [<ffffffffa083db59>] ieee80211_subif_start_xmit+0xc53/0xcd8 [mac80211]
 [<ffffffff81319acd>] dev_hard_start_xmit+0x259/0x3ce
 [<ffffffff81333d6b>] sch_direct_xmit+0x74/0x17d
 [<ffffffff8131a0b1>] dev_queue_xmit+0x230/0x414
 [<ffffffff8134877a>] ip_finish_output2+0x348/0x3aa
 [<ffffffff81349029>] ip_finish_output+0x6c/0x71
 [<ffffffff81349046>] NF_HOOK_COND.constprop.44+0x18/0x58
 [<ffffffff8134a03a>] ip_mc_output+0x134/0x13c
 [<ffffffff8134835a>] dst_output+0x18/0x1c
 [<ffffffff81349a24>] ip_local_out+0x20/0x24
 [<ffffffff8134a8cf>] ip_send_skb+0x16/0x3c
 [<ffffffff8136bfba>] udp_send_skb+0x254/0x2b9
 [<ffffffff8136c85e>] udp_sendmsg+0x5a8/0x7d4

Signed-off-by: Bob Copeland <bob@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: clean up mesh code
Johannes Berg [Fri, 15 Feb 2013 13:40:31 +0000 (14:40 +0100)]
mac80211: clean up mesh code

There's various code with strange indentation,
questionable loop and locking constructs, etc.

The bigger change is moving the "sdata" argument
to the first argument of all functions, like all
other mac80211 functions that have one.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211_hwsim: ask mac80211 to reserve space for chanctx.drv_priv
Karl Beldan [Thu, 14 Feb 2013 23:03:14 +0000 (00:03 +0100)]
mac80211_hwsim: ask mac80211 to reserve space for chanctx.drv_priv

Otherwise memory corruption occurs when using channel contexts (ATM when
param 'channel' > 1).

Signed-off-by: Karl Beldan <karl.beldan@rivierawaves.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: prevent spurious HT/VHT downgrade message
Johannes Berg [Thu, 14 Feb 2013 11:13:53 +0000 (12:13 +0100)]
mac80211: prevent spurious HT/VHT downgrade message

Even when connecting to an AP that doesn't support VHT,
and even when the local device doesn't support it either,
the downgrade message gets printed. Suppress the message
if HT and/or VHT is disabled.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: renumber NL80211_FEATURE_FULL_AP_CLIENT_STATE
Johannes Berg [Thu, 14 Feb 2013 10:56:13 +0000 (11:56 +0100)]
nl80211: renumber NL80211_FEATURE_FULL_AP_CLIENT_STATE

Adding the flag to mac80211 already without testing was
clearly a mistake, one that we now pay for by having to
reserve bit 13 forever. The problem is cfg80211 doesn't
allow capability/rate changes for station entries that
were added unassociated, so the station entries cannot
be set up properly when marked associated.

Change the NL80211_FEATURE_FULL_AP_CLIENT_STATE value
to make it clear to userspace implementations that all
current kernels don't actually support it, even though
the previous bit is set, and of course also remove the
flag from mac80211 until we test and fix the issues.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: Pass TDLS peer's QoS/HT/VHT information during set_station
Jouni Malinen [Thu, 14 Feb 2013 19:10:54 +0000 (21:10 +0200)]
cfg80211: Pass TDLS peer's QoS/HT/VHT information during set_station

The information of the peer's capabilities is required for the driver
to perform TDLS Peer UAPSD operations. This information of the peer is
passed by the supplicant using NL80211_CMD_SET_STATION command. This
commit enhances the function nl80211_set_station to pass this
information of the peer to the driver in case this command is used
with the TDLS peer STA.

In addition, make the HT/VHT capability configuration handled more
consistently for other STA cases (reject both instead of just HT).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: Pass station (extended) capability info to kernel
Jouni Malinen [Thu, 14 Feb 2013 19:10:13 +0000 (21:10 +0200)]
cfg80211: Pass station (extended) capability info to kernel

The information of the peer's capabilities and extended capabilities are
required for the driver to perform TDLS Peer UAPSD operations and off
channel operations. This information of the peer is passed from user space
using NL80211_CMD_SET_STATION command. This commit enhances
the function nl80211_set_station to pass the capability information of
the peer to the driver.

Similarly, there may be need for capability information for other modes,
so allow this to be provided with both add_station and change_station.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: advertise operating mode notification capability
Johannes Berg [Mon, 11 Feb 2013 13:27:08 +0000 (14:27 +0100)]
mac80211: advertise operating mode notification capability

Use the new extended capabilities advertising to advertise
the fact that operating mode notification is supported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: advertise extended capabilities to userspace
Johannes Berg [Mon, 11 Feb 2013 13:20:05 +0000 (14:20 +0100)]
cfg80211: advertise extended capabilities to userspace

In many cases, userspace may need to know which of the
802.11 extended capabilities ("Extended Capabilities
element") are implemented in the driver or device, to
include them e.g. in beacons, assoc request/response
or other frames. Add a new nl80211 attribute to hold
the extended capabilities bitmap for this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stop modifying HT SMPS capability
Johannes Berg [Tue, 12 Feb 2013 13:21:00 +0000 (14:21 +0100)]
mac80211: stop modifying HT SMPS capability

Instead of modifying the HT SMPS capability field
for stations, track the SMPS mode explicitly in a
new field in the station struct and use it in the
drivers that care about it. This simplifies the
code using it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: generate mesh probe responses
Thomas Pedersen [Thu, 14 Feb 2013 19:20:14 +0000 (11:20 -0800)]
mac80211: generate mesh probe responses

Mesh interfaces will now respond to any broadcast (or
matching directed mesh) probe requests with a probe
response.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: cache mesh beacon
Thomas Pedersen [Thu, 14 Feb 2013 19:20:13 +0000 (11:20 -0800)]
mac80211: cache mesh beacon

Previously, the entire mesh beacon would be generated each
time the beacon timer fired. Instead generate a beacon
head and tail (so the TIM can easily be inserted when mesh
power save is on) when starting a mesh or the MBSS
parameters change.

Also add a mutex for protecting beacon updates and
preventing leaks.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: constify IE parsing
Johannes Berg [Tue, 12 Feb 2013 15:43:19 +0000 (16:43 +0100)]
mac80211: constify IE parsing

Make all the parsed IE pointers const, and propagate
the change to all the users etc.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211: advertise HT/VHT channel limitations
Johannes Berg [Wed, 12 Dec 2012 16:59:39 +0000 (17:59 +0100)]
nl80211: advertise HT/VHT channel limitations

When drivers or regulatory have limitations on
40, 80 or 160 MHz channels, advertise these to
userspace via nl80211. Also add a new feature
flag to let userspace know this is supported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agocfg80211: allow drivers to selectively disable 80/160 MHz
Johannes Berg [Wed, 12 Dec 2012 16:50:39 +0000 (17:50 +0100)]
cfg80211: allow drivers to selectively disable 80/160 MHz

Some drivers might support 80 or 160 MHz only on some
channels for whatever reason, so allow them to disable
these channel widths. Also maintain the new flags when
regulatory bandwidth limitations would disable these
wide channels.

Reviewed-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: properly track HT/VHT operation changes
Johannes Berg [Fri, 8 Feb 2013 14:12:14 +0000 (15:12 +0100)]
mac80211: properly track HT/VHT operation changes

A while ago, I made the mac80211 station code never change
the channel type after association. This solved a number of
issues but is ultimately wrong, we should react if the AP
changes the HT operation IE and switches bandwidth. One of
the issues is that we associate as HT40 capable, but if the
AP ever switches to 40 MHz we won't be able to receive such
frames because we never set our channel to 40 MHz.

This addresses this and VHT operation changes. If there's a
change that is incompatible with our setup, e.g. if the AP
decides to change the channel entirely (and for some reason
we still hear the beacon) we'll just disconnect.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: move ieee80211_determine_chantype function
Johannes Berg [Fri, 8 Feb 2013 13:52:32 +0000 (14:52 +0100)]
mac80211: move ieee80211_determine_chantype function

The next patch will need it further up in the file, so
move it unchanged now.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: add ieee80211_vif_change_bandwidth
Johannes Berg [Thu, 7 Feb 2013 20:37:29 +0000 (21:37 +0100)]
mac80211: add ieee80211_vif_change_bandwidth

For HT and VHT the current bandwidth can change,
add the function ieee80211_vif_change_bandwidth()
to take care of this. It returns a failure if the
new bandwidth isn't compatible with the existing
channel context, the caller has to handle that.
When it happens, also inform the driver that the
bandwidth changed for this virtual interface (no
drivers would actually care today though.)

Changing to/from HT/VHT isn't allowed though.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: clean up channel use in ieee80211_config_ht_tx
Johannes Berg [Fri, 8 Feb 2013 12:15:55 +0000 (13:15 +0100)]
mac80211: clean up channel use in ieee80211_config_ht_tx

The channel use is confusing, some uses the channel
context and some the bss_conf.chandef. The latter is
fine, so get rid of the channel context part.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: disable HT/VHT if AP has no HT/VHT capability
Johannes Berg [Thu, 7 Feb 2013 22:33:32 +0000 (23:33 +0100)]
mac80211: disable HT/VHT if AP has no HT/VHT capability

Having HT/VHT operation IEs but not capability IEs
leads to a strange situation where we configure the
channel to an HT or VHT bandwidth and then can't
actually use it. Prevent this by checking that the
HT and VHT capability IEs are present as well as
the operation IEs; if not, disable HT and/or VHT.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: handle operating mode notif in beacon/assoc response
Johannes Berg [Thu, 7 Feb 2013 21:24:55 +0000 (22:24 +0100)]
mac80211: handle operating mode notif in beacon/assoc response

In beacons and association response frames an AP may include an
operating mode notification element to advertise changes in the
number of spatial streams it can receive. Handle this using the
existing function that handles the action frame, but only handle
NSS changes, not bandwidth changes which aren't allowed here.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix ieee80211_change_chandef name
Johannes Berg [Thu, 7 Feb 2013 20:30:37 +0000 (21:30 +0100)]
mac80211: fix ieee80211_change_chandef name

This should be called ieee80211_change_chanctx() since
it changes the channel context, not a chandef.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix HT/VHT disable flags
Johannes Berg [Thu, 7 Feb 2013 19:41:50 +0000 (20:41 +0100)]
mac80211: fix HT/VHT disable flags

The code to disable HT and VHT if VHT was advertised
without VHT is wrong -- it accidentally uses the wrong
flags. Fix that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: init HT TX data before rate control
Johannes Berg [Thu, 7 Feb 2013 16:36:12 +0000 (17:36 +0100)]
mac80211: init HT TX data before rate control

In case of connection, the station data is initialised from
the beacon/probe response first and then updated from the
association response. If the latter is different we update
the rate control algorithm and driver. Instead of doing it
this way, set the station data properly with data from the
association response before initializing rate control.

Also simplify the code by passing the station pointer.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: handle VHT operating mode notification
Johannes Berg [Thu, 27 Dec 2012 17:55:36 +0000 (18:55 +0100)]
mac80211: handle VHT operating mode notification

Handle the operating mode notification action frame.
When the supported streams or the bandwidth change
let the driver and rate control algorithm know.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: track number of spatial streams
Johannes Berg [Thu, 27 Dec 2012 17:26:42 +0000 (18:26 +0100)]
mac80211: track number of spatial streams

With VHT, a station can change the number of spatial
streams it can receive on the fly, not unlike spatial
multiplexing in HT. Prepare for that by tracking the
maximum number of spatial streams it can receive when
the connection is established.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agowireless: define operating mode action frame
Johannes Berg [Thu, 27 Dec 2012 17:45:41 +0000 (18:45 +0100)]
wireless: define operating mode action frame

Define the action frame format, the VHT category
and its action types and the field format and EID
for operating mode notifications. The frame may
be used outside of VHT context as well, so don't
include "VHT" in the names.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: stop toggling IEEE80211_HT_CAP_SUP_WIDTH_20_40
Johannes Berg [Thu, 7 Feb 2013 10:47:44 +0000 (11:47 +0100)]
mac80211: stop toggling IEEE80211_HT_CAP_SUP_WIDTH_20_40

For VHT, many more bandwidth changes are possible. As a first
step, stop toggling the IEEE80211_HT_CAP_SUP_WIDTH_20_40 flag
in the HT capabilities and instead introduce a bandwidth field
indicating the currently usable bandwidth to transmit to the
station. Of course, make all drivers use it.

To achieve this, make ieee80211_ht_cap_ie_to_sta_ht_cap() get
the station as an argument, rather than the new capabilities,
so it can set up the new bandwidth field.

If the station is a VHT station and VHT bandwidth is in use,
also set the bandwidth accordingly.

Doing this allows us to get rid of the supports_40mhz flag as
the HT capabilities now reflect the true capability instead of
the current setting.

While at it, also fix ieee80211_ht_cap_ie_to_sta_ht_cap() to not
ignore HT cap overrides when MCS TX isn't supported (not that it
really happens...)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: pass station to ieee80211_vht_cap_ie_to_sta_vht_cap
Johannes Berg [Thu, 7 Feb 2013 10:58:58 +0000 (11:58 +0100)]
mac80211: pass station to ieee80211_vht_cap_ie_to_sta_vht_cap

Like with HT, make things a bit simpler in future patches by
passing the station to ieee80211_vht_cap_ie_to_sta_vht_cap()
instead of the vht_cap pointer. Also disable VHT here if HT
isn't supported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agoMerge remote-tracking branch 'mac80211/master' into HEAD
Johannes Berg [Fri, 15 Feb 2013 08:41:21 +0000 (09:41 +0100)]
Merge remote-tracking branch 'mac80211/master' into HEAD

11 years agomac80211: use spin_lock_bh() for TKIP lock
Johannes Berg [Wed, 13 Feb 2013 17:03:00 +0000 (18:03 +0100)]
mac80211: use spin_lock_bh() for TKIP lock

Since no driver calls the TKIP functions from interrupt
context, there's no need to use spin_lock_irqsave().
Just use spin_lock_bh() (and spin_lock() in the TX path
where we're in a BH or they're already disabled.)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: use spin_lock_bh() for tim_lock
Johannes Berg [Wed, 13 Feb 2013 16:39:53 +0000 (17:39 +0100)]
mac80211: use spin_lock_bh() for tim_lock

There's no need to use _irqsave() as the lock
is never used in interrupt context.

This also fixes a problem in the iwlwifi MVM
driver that calls spin_unlock_bh() within its
set_tim() callback.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: don't pick up WPA vendor IE
Johannes Berg [Tue, 12 Feb 2013 15:27:04 +0000 (16:27 +0100)]
mac80211: don't pick up WPA vendor IE

There's no use for it, WPA is entirely handled in
wpa_supplicant in userspace, so don't pick the IE.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: always unblock CSA queue stop when disconnecting
Johannes Berg [Wed, 13 Feb 2013 13:21:45 +0000 (14:21 +0100)]
mac80211: always unblock CSA queue stop when disconnecting

In some cases when disconnecting after (or during?) CSA
the queues might not recover, and then the only way to
recover is reloading the module.

Fix this by always unblocking the queue CSA reason when
disconnecting.

Cc: stable@vger.kernel.org
Reported-by: Jan-Michael Brummer <jan.brummer@tabos.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: don't call bss_info_changed on p2p-device/monitor
Johannes Berg [Wed, 13 Feb 2013 12:50:51 +0000 (13:50 +0100)]
mac80211: don't call bss_info_changed on p2p-device/monitor

Since the idle decision rework, mac80211 started calling
bss_info_changed() for the driver's monitor interface,
which causes a crash for iwlwifi, but drivers generally
don't expect this to happen. Therefore, avoid it.

While at it, also prevent calling it in such cases and
only print a warning. For the P2P Device interface the
idle will no longer be called (no channel context), so
also prevent that and warn on it.

Reported-by: Chaitanya <chaitanya.mgit@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix auth/assoc timeout handling
Johannes Berg [Wed, 13 Feb 2013 14:39:57 +0000 (15:39 +0100)]
mac80211: fix auth/assoc timeout handling

In my commit 1672c0e31917f49d31d30d79067103432bc20cc7
("mac80211: start auth/assoc timeout on frame status")
I broke auth/assoc timeout handling: in case we wait
for the TX status, it now leaves the timeout field set
to 0, which is a valid time and can compare as being
before now ("jiffies"). Thus, if the work struct runs
for some other reason, the auth/assoc is treated as
having timed out.

Fix this by introducing a separate "timeout_started"
variable that tracks whether the timeout has started
and is checked before timing out.

Additionally, for proper TX status handling the change
requires that the skb->dev pointer is set up for all
the frames, so set it up for all frames in mac80211.

Reported-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
Tested-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix ieee80211_sta_tx_notify for nullfunc
Wojciech Dubowik [Thu, 14 Feb 2013 13:08:37 +0000 (14:08 +0100)]
mac80211: fix ieee80211_sta_tx_notify for nullfunc

Function ieee80211_sta_reset_conn_monitor has been
resetting probe_send_count too early and nullfunc
check was never called after succesfull ack.

Reported-by: Magnus Cederlöf <mcider@gmail.com>
Tested-by: Magnus Cederlöf <mcider@gmail.com>
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: consolidate MBSS change notification
Thomas Pedersen [Wed, 13 Feb 2013 20:14:19 +0000 (12:14 -0800)]
mac80211: consolidate MBSS change notification

A few mesh utility functions will call
ieee80211_bss_info_change_notify(), and then the caller
might notify the driver of the same change again. Avoid
this redundancy by propagating the BSS changes and
generally calling bss_info_change_notify() once per
change.

Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: fix WPA with VLAN on AP side with ps-sta
Michael Braun [Wed, 13 Feb 2013 15:49:16 +0000 (16:49 +0100)]
mac80211: fix WPA with VLAN on AP side with ps-sta

When sending a broadcast while at least on of the connected stations is
sleeping, it gets queued and send after a DTIM beacon is sent.
If the packet was to be sent on a vlan interface, the vif used for dequeing
from the per-bss queue does not hold the per-vlan sdata. The correct sdata is
required to use the correct per-vlan broadcast/multicast key.

This patch fixes this by restoring the per-vlan sdata using the skb->dev entry.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: free ps->bc_buf skbs on vlan device stop
Michael Braun [Wed, 13 Feb 2013 15:49:15 +0000 (16:49 +0100)]
mac80211: free ps->bc_buf skbs on vlan device stop

When the vlan device is removed, ps->bc_buf processing can no longer
send its frames.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agomac80211: add radar detection command/event
Simon Wunderlich [Fri, 8 Feb 2013 17:16:20 +0000 (18:16 +0100)]
mac80211: add radar detection command/event

Add command to trigger radar detection in the driver/FW.
Once radar detection is started it should continuously
monitor for radars as long as the channel active.
If radar is detected usermode notified with 'radar
detected' event.

Scanning and remain on channel functionality must be disabled
while doing radar detection/scanning, and vice versa.

Based on original patch by Victor Goldenshtein <victorg@ti.com>

Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agonl80211/cfg80211: add radar detection command/event
Simon Wunderlich [Fri, 8 Feb 2013 17:16:19 +0000 (18:16 +0100)]
nl80211/cfg80211: add radar detection command/event

Add new NL80211_CMD_RADAR_DETECT, which starts the Channel
Availability Check (CAC). This command will also notify the
usermode about events (CAC finished, CAC aborted, radar
detected, NOP finished).
Once radar detection has started it should continuously
monitor for radars as long as the channel is active.

This patch enables DFS for AP mode in nl80211/cfg80211.

Based on original patch by Victor Goldenshtein <victorg@ti.com>

Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
[remove WIPHY_FLAG_HAS_RADAR_DETECT again -- my mistake]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
11 years agobrcmsmac: Remove unnecessary memset casts
Joe Perches [Thu, 14 Feb 2013 01:33:21 +0000 (17:33 -0800)]
brcmsmac: Remove unnecessary memset casts

Remove the casts of the first argument of memset.

Neaten the style by using the sizeof the actual variable
being memset not the sizeof the type of variable.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agobrcmsmac: Downgrade d11hdrs_mac80211 error messages to warnings.
Joe Perches [Thu, 14 Feb 2013 01:33:20 +0000 (17:33 -0800)]
brcmsmac: Downgrade d11hdrs_mac80211 error messages to warnings.

These messages don't seem to be errors but notifications
that some attribute isn't quite right.

Don't mark them as errors.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agoiwlegacy: more checks for dma mapping errors
Stanislaw Gruszka [Wed, 13 Feb 2013 14:49:08 +0000 (15:49 +0100)]
iwlegacy: more checks for dma mapping errors

This patch check output of pci_map_single() calls. I missed them on
my previous patch "iwlegacy: check for dma mapping errors", which
fixed only pci_map_page() calls.

To handle remaining possible dma mappings errors, we need to rearrange
ilXXXX_tx_skb() and il_enqueue_hcmd() functions.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agort2x00: check for dma mappings errors
Stanislaw Gruszka [Wed, 13 Feb 2013 13:27:05 +0000 (14:27 +0100)]
rt2x00: check for dma mappings errors

Check output of dma_map_single functions which nowadays can fail (when
IOMMU is used). On write_beacon callbacks just print error, similar
like padding error is handled by rt2800_write_beacon.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agomwifiex: device specific sleep cookie handling for PCIe
Avinash Patil [Tue, 12 Feb 2013 22:38:32 +0000 (14:38 -0800)]
mwifiex: device specific sleep cookie handling for PCIe

This patch adds support for handling of PCIe sleep cookie depending
upon device properties. Some PCIe devices need sleep cookie probing
before accessing HW while some others don't. A new sleep_cookie
variable is defined as part of mwifiex_pcie_card_reg strcture and
set/reset as per device capability.

Sleep cookie is allocated/accessed/freed only when flag sleep_cookie
for this particular device is enabled.

Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
11 years agortlwifi: Rework Kconfig
Larry Finger [Tue, 12 Feb 2013 22:09:02 +0000 (16:09 -0600)]
rtlwifi: Rework Kconfig

As the number of drivers in the rtlwifi family has grown, the Kconfig
section for them has grown unwieldy. This change has two effects: (1)
Variable RTLWIFI_DEBUG is documented, and (2) the entries for the
drivers that depend on RTLWIFI are indented.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>