Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next

+1 -1

Documentation/devicetree/bindings/net/nfc/st21nfca.txt

··· 1 1 * STMicroelectronics SAS. ST21NFCA NFC Controller 2 2 3 3 Required properties: 4 - - compatible: Should be "st,st21nfca-i2c". 4 + - compatible: Should be "st,st21nfca_i2c". 5 5 - clock-frequency: I²C work frequency. 6 6 - reg: address on the bus 7 7 - interrupt-parent: phandle for the interrupt gpio controller

+154 -1

drivers/bluetooth/btusb.c

··· 49 49 #define BTUSB_WRONG_SCO_MTU 0x40 50 50 #define BTUSB_ATH3012 0x80 51 51 #define BTUSB_INTEL 0x100 52 + #define BTUSB_BCM_PATCHRAM 0x200 52 53 53 54 static const struct usb_device_id btusb_table[] = { 54 55 /* Generic Bluetooth USB device */ ··· 112 111 { USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) }, 113 112 114 113 /* Broadcom devices with vendor specific id */ 115 - { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) }, 114 + { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01), 115 + .driver_info = BTUSB_BCM_PATCHRAM }, 116 116 117 117 /* Belkin F8065bf - Broadcom based */ 118 118 { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, ··· 1383 1381 return 0; 1384 1382 } 1385 1383 1384 + static int btusb_setup_bcm_patchram(struct hci_dev *hdev) 1385 + { 1386 + struct btusb_data *data = hci_get_drvdata(hdev); 1387 + struct usb_device *udev = data->udev; 1388 + char fw_name[64]; 1389 + const struct firmware *fw; 1390 + const u8 *fw_ptr; 1391 + size_t fw_size; 1392 + const struct hci_command_hdr *cmd; 1393 + const u8 *cmd_param; 1394 + u16 opcode; 1395 + struct sk_buff *skb; 1396 + struct hci_rp_read_local_version *ver; 1397 + long ret; 1398 + 1399 + snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd", 1400 + udev->product ? udev->product : "BCM", 1401 + le16_to_cpu(udev->descriptor.idVendor), 1402 + le16_to_cpu(udev->descriptor.idProduct)); 1403 + 1404 + ret = request_firmware(&fw, fw_name, &hdev->dev); 1405 + if (ret < 0) { 1406 + BT_INFO("%s: BCM: patch %s not found", hdev->name, 1407 + fw_name); 1408 + return 0; 1409 + } 1410 + 1411 + /* Reset */ 1412 + skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1413 + if (IS_ERR(skb)) { 1414 + ret = PTR_ERR(skb); 1415 + BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1416 + goto done; 1417 + } 1418 + kfree_skb(skb); 1419 + 1420 + /* Read Local Version Info */ 1421 + skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1422 + HCI_INIT_TIMEOUT); 1423 + if (IS_ERR(skb)) { 1424 + ret = PTR_ERR(skb); 1425 + BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1426 + hdev->name, ret); 1427 + goto done; 1428 + } 1429 + 1430 + if (skb->len != sizeof(*ver)) { 1431 + BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1432 + hdev->name); 1433 + kfree_skb(skb); 1434 + ret = -EIO; 1435 + goto done; 1436 + } 1437 + 1438 + ver = (struct hci_rp_read_local_version *) skb->data; 1439 + BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1440 + "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1441 + ver->lmp_ver, ver->lmp_subver); 1442 + kfree_skb(skb); 1443 + 1444 + /* Start Download */ 1445 + skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT); 1446 + if (IS_ERR(skb)) { 1447 + ret = PTR_ERR(skb); 1448 + BT_ERR("%s: BCM: Download Minidrv command failed (%ld)", 1449 + hdev->name, ret); 1450 + goto reset_fw; 1451 + } 1452 + kfree_skb(skb); 1453 + 1454 + /* 50 msec delay after Download Minidrv completes */ 1455 + msleep(50); 1456 + 1457 + fw_ptr = fw->data; 1458 + fw_size = fw->size; 1459 + 1460 + while (fw_size >= sizeof(*cmd)) { 1461 + cmd = (struct hci_command_hdr *) fw_ptr; 1462 + fw_ptr += sizeof(*cmd); 1463 + fw_size -= sizeof(*cmd); 1464 + 1465 + if (fw_size < cmd->plen) { 1466 + BT_ERR("%s: BCM: patch %s is corrupted", 1467 + hdev->name, fw_name); 1468 + ret = -EINVAL; 1469 + goto reset_fw; 1470 + } 1471 + 1472 + cmd_param = fw_ptr; 1473 + fw_ptr += cmd->plen; 1474 + fw_size -= cmd->plen; 1475 + 1476 + opcode = le16_to_cpu(cmd->opcode); 1477 + 1478 + skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param, 1479 + HCI_INIT_TIMEOUT); 1480 + if (IS_ERR(skb)) { 1481 + ret = PTR_ERR(skb); 1482 + BT_ERR("%s: BCM: patch command %04x failed (%ld)", 1483 + hdev->name, opcode, ret); 1484 + goto reset_fw; 1485 + } 1486 + kfree_skb(skb); 1487 + } 1488 + 1489 + /* 250 msec delay after Launch Ram completes */ 1490 + msleep(250); 1491 + 1492 + reset_fw: 1493 + /* Reset */ 1494 + skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1495 + if (IS_ERR(skb)) { 1496 + ret = PTR_ERR(skb); 1497 + BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret); 1498 + goto done; 1499 + } 1500 + kfree_skb(skb); 1501 + 1502 + /* Read Local Version Info */ 1503 + skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 1504 + HCI_INIT_TIMEOUT); 1505 + if (IS_ERR(skb)) { 1506 + ret = PTR_ERR(skb); 1507 + BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 1508 + hdev->name, ret); 1509 + goto done; 1510 + } 1511 + 1512 + if (skb->len != sizeof(*ver)) { 1513 + BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 1514 + hdev->name); 1515 + kfree_skb(skb); 1516 + ret = -EIO; 1517 + goto done; 1518 + } 1519 + 1520 + ver = (struct hci_rp_read_local_version *) skb->data; 1521 + BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x " 1522 + "lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev, 1523 + ver->lmp_ver, ver->lmp_subver); 1524 + kfree_skb(skb); 1525 + 1526 + done: 1527 + release_firmware(fw); 1528 + 1529 + return ret; 1530 + } 1531 + 1386 1532 static int btusb_probe(struct usb_interface *intf, 1387 1533 const struct usb_device_id *id) 1388 1534 { ··· 1635 1485 1636 1486 if (id->driver_info & BTUSB_BCM92035) 1637 1487 hdev->setup = btusb_setup_bcm92035; 1488 + 1489 + if (id->driver_info & BTUSB_BCM_PATCHRAM) 1490 + hdev->setup = btusb_setup_bcm_patchram; 1638 1491 1639 1492 if (id->driver_info & BTUSB_INTEL) 1640 1493 hdev->setup = btusb_setup_intel;

+95 -32

drivers/net/wireless/at76c50x-usb.c

··· 365 365 static int at76_usbdfu_download(struct usb_device *udev, u8 *buf, u32 size, 366 366 int manifest_sync_timeout) 367 367 { 368 - u8 *block; 369 - struct dfu_status dfu_stat_buf; 370 368 int ret = 0; 371 369 int need_dfu_state = 1; 372 370 int is_done = 0; 373 - u8 dfu_state = 0; 374 371 u32 dfu_timeout = 0; 375 372 int bsize = 0; 376 373 int blockno = 0; 374 + struct dfu_status *dfu_stat_buf = NULL; 375 + u8 *dfu_state = NULL; 376 + u8 *block = NULL; 377 377 378 378 at76_dbg(DBG_DFU, "%s( %p, %u, %d)", __func__, buf, size, 379 379 manifest_sync_timeout); ··· 383 383 return -EINVAL; 384 384 } 385 385 386 + dfu_stat_buf = kmalloc(sizeof(struct dfu_status), GFP_KERNEL); 387 + if (!dfu_stat_buf) { 388 + ret = -ENOMEM; 389 + goto exit; 390 + } 391 + 386 392 block = kmalloc(FW_BLOCK_SIZE, GFP_KERNEL); 387 - if (!block) 388 - return -ENOMEM; 393 + if (!block) { 394 + ret = -ENOMEM; 395 + goto exit; 396 + } 397 + 398 + dfu_state = kmalloc(sizeof(u8), GFP_KERNEL); 399 + if (!dfu_state) { 400 + ret = -ENOMEM; 401 + goto exit; 402 + } 403 + *dfu_state = 0; 389 404 390 405 do { 391 406 if (need_dfu_state) { 392 - ret = at76_dfu_get_state(udev, &dfu_state); 407 + ret = at76_dfu_get_state(udev, dfu_state); 393 408 if (ret < 0) { 394 409 dev_err(&udev->dev, 395 410 "cannot get DFU state: %d\n", ret); ··· 413 398 need_dfu_state = 0; 414 399 } 415 400 416 - switch (dfu_state) { 401 + switch (*dfu_state) { 417 402 case STATE_DFU_DOWNLOAD_SYNC: 418 403 at76_dbg(DBG_DFU, "STATE_DFU_DOWNLOAD_SYNC"); 419 - ret = at76_dfu_get_status(udev, &dfu_stat_buf); 404 + ret = at76_dfu_get_status(udev, dfu_stat_buf); 420 405 if (ret >= 0) { 421 - dfu_state = dfu_stat_buf.state; 422 - dfu_timeout = at76_get_timeout(&dfu_stat_buf); 406 + *dfu_state = dfu_stat_buf->state; 407 + dfu_timeout = at76_get_timeout(dfu_stat_buf); 423 408 need_dfu_state = 0; 424 409 } else 425 410 dev_err(&udev->dev, ··· 462 447 case STATE_DFU_MANIFEST_SYNC: 463 448 at76_dbg(DBG_DFU, "STATE_DFU_MANIFEST_SYNC"); 464 449 465 - ret = at76_dfu_get_status(udev, &dfu_stat_buf); 450 + ret = at76_dfu_get_status(udev, dfu_stat_buf); 466 451 if (ret < 0) 467 452 break; 468 453 469 - dfu_state = dfu_stat_buf.state; 470 - dfu_timeout = at76_get_timeout(&dfu_stat_buf); 454 + *dfu_state = dfu_stat_buf->state; 455 + dfu_timeout = at76_get_timeout(dfu_stat_buf); 471 456 need_dfu_state = 0; 472 457 473 458 /* override the timeout from the status response, ··· 499 484 break; 500 485 501 486 default: 502 - at76_dbg(DBG_DFU, "DFU UNKNOWN STATE (%d)", dfu_state); 487 + at76_dbg(DBG_DFU, "DFU UNKNOWN STATE (%d)", *dfu_state); 503 488 ret = -EINVAL; 504 489 break; 505 490 } 506 491 } while (!is_done && (ret >= 0)); 507 492 508 493 exit: 494 + kfree(dfu_state); 509 495 kfree(block); 496 + kfree(dfu_stat_buf); 497 + 510 498 if (ret >= 0) 511 499 ret = 0; 512 500 ··· 1295 1277 dev_err(&udev->dev, 1296 1278 "loading %dth firmware block failed: %d\n", 1297 1279 blockno, ret); 1280 + ret = -EIO; 1298 1281 goto exit; 1299 1282 } 1300 1283 buf += bsize; ··· 2039 2020 ieee80211_queue_work(hw, &priv->work_set_promisc); 2040 2021 } 2041 2022 2023 + static int at76_set_wep(struct at76_priv *priv) 2024 + { 2025 + int ret = 0; 2026 + struct mib_mac_wep *mib_data = &priv->mib_buf.data.wep_mib; 2027 + 2028 + priv->mib_buf.type = MIB_MAC_WEP; 2029 + priv->mib_buf.size = sizeof(struct mib_mac_wep); 2030 + priv->mib_buf.index = 0; 2031 + 2032 + memset(mib_data, 0, sizeof(*mib_data)); 2033 + 2034 + if (priv->wep_enabled) { 2035 + if (priv->wep_keys_len[priv->wep_key_id] > WEP_SMALL_KEY_LEN) 2036 + mib_data->encryption_level = 2; 2037 + else 2038 + mib_data->encryption_level = 1; 2039 + 2040 + /* always exclude unencrypted if WEP is active */ 2041 + mib_data->exclude_unencrypted = 1; 2042 + } else { 2043 + mib_data->exclude_unencrypted = 0; 2044 + mib_data->encryption_level = 0; 2045 + } 2046 + 2047 + mib_data->privacy_invoked = priv->wep_enabled; 2048 + mib_data->wep_default_key_id = priv->wep_key_id; 2049 + memcpy(mib_data->wep_default_keyvalue, priv->wep_keys, 2050 + sizeof(priv->wep_keys)); 2051 + 2052 + ret = at76_set_mib(priv, &priv->mib_buf); 2053 + 2054 + if (ret < 0) 2055 + wiphy_err(priv->hw->wiphy, 2056 + "set_mib (wep) failed: %d\n", ret); 2057 + 2058 + return ret; 2059 + } 2060 + 2042 2061 static int at76_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, 2043 2062 struct ieee80211_vif *vif, struct ieee80211_sta *sta, 2044 2063 struct ieee80211_key_conf *key) ··· 2119 2062 priv->wep_enabled = 1; 2120 2063 } 2121 2064 2122 - at76_startup_device(priv); 2065 + at76_set_wep(priv); 2123 2066 2124 2067 mutex_unlock(&priv->mtx); 2125 2068 ··· 2387 2330 struct usb_device *udev; 2388 2331 int op_mode; 2389 2332 int need_ext_fw = 0; 2390 - struct mib_fw_version fwv; 2333 + struct mib_fw_version *fwv = NULL; 2391 2334 int board_type = (int)id->driver_info; 2392 2335 2393 2336 udev = usb_get_dev(interface_to_usbdev(interface)); 2337 + 2338 + fwv = kmalloc(sizeof(*fwv), GFP_KERNEL); 2339 + if (!fwv) { 2340 + ret = -ENOMEM; 2341 + goto exit; 2342 + } 2394 2343 2395 2344 /* Load firmware into kernel memory */ 2396 2345 fwe = at76_load_firmware(udev, board_type); 2397 2346 if (!fwe) { 2398 2347 ret = -ENOENT; 2399 - goto error; 2348 + goto exit; 2400 2349 } 2401 2350 2402 2351 op_mode = at76_get_op_mode(udev); ··· 2416 2353 dev_err(&interface->dev, 2417 2354 "cannot handle a device in HW_CONFIG_MODE\n"); 2418 2355 ret = -EBUSY; 2419 - goto error; 2356 + goto exit; 2420 2357 } 2421 2358 2422 2359 if (op_mode != OPMODE_NORMAL_NIC_WITH_FLASH ··· 2429 2366 dev_err(&interface->dev, 2430 2367 "error %d downloading internal firmware\n", 2431 2368 ret); 2432 - goto error; 2369 + goto exit; 2433 2370 } 2434 2371 usb_put_dev(udev); 2435 - return ret; 2372 + goto exit; 2436 2373 } 2437 2374 2438 2375 /* Internal firmware already inside the device. Get firmware ··· 2445 2382 * query the device for the fw version */ 2446 2383 if ((fwe->fw_version.major > 0 || fwe->fw_version.minor >= 100) 2447 2384 || (op_mode == OPMODE_NORMAL_NIC_WITH_FLASH)) { 2448 - ret = at76_get_mib(udev, MIB_FW_VERSION, &fwv, sizeof(fwv)); 2449 - if (ret < 0 || (fwv.major | fwv.minor) == 0) 2385 + ret = at76_get_mib(udev, MIB_FW_VERSION, fwv, sizeof(*fwv)); 2386 + if (ret < 0 || (fwv->major | fwv->minor) == 0) 2450 2387 need_ext_fw = 1; 2451 2388 } else 2452 2389 /* No way to check firmware version, reload to be sure */ ··· 2457 2394 "downloading external firmware\n"); 2458 2395 2459 2396 ret = at76_load_external_fw(udev, fwe); 2460 - if (ret) 2461 - goto error; 2397 + if (ret < 0) 2398 + goto exit; 2462 2399 2463 2400 /* Re-check firmware version */ 2464 - ret = at76_get_mib(udev, MIB_FW_VERSION, &fwv, sizeof(fwv)); 2401 + ret = at76_get_mib(udev, MIB_FW_VERSION, fwv, sizeof(*fwv)); 2465 2402 if (ret < 0) { 2466 2403 dev_err(&interface->dev, 2467 2404 "error %d getting firmware version\n", ret); 2468 - goto error; 2405 + goto exit; 2469 2406 } 2470 2407 } 2471 2408 2472 2409 priv = at76_alloc_new_device(udev); 2473 2410 if (!priv) { 2474 2411 ret = -ENOMEM; 2475 - goto error; 2412 + goto exit; 2476 2413 } 2477 2414 2478 2415 usb_set_intfdata(interface, priv); 2479 2416 2480 - memcpy(&priv->fw_version, &fwv, sizeof(struct mib_fw_version)); 2417 + memcpy(&priv->fw_version, fwv, sizeof(struct mib_fw_version)); 2481 2418 priv->board_type = board_type; 2482 2419 2483 2420 ret = at76_init_new_device(priv, interface); 2484 2421 if (ret < 0) 2485 2422 at76_delete_device(priv); 2486 2423 2487 - return ret; 2488 - 2489 - error: 2490 - usb_put_dev(udev); 2424 + exit: 2425 + kfree(fwv); 2426 + if (ret < 0) 2427 + usb_put_dev(udev); 2491 2428 return ret; 2492 2429 } 2493 2430

+13 -12

drivers/net/wireless/at76c50x-usb.h

··· 219 219 u8 reserved; 220 220 } __packed; 221 221 222 - struct set_mib_buffer { 223 - u8 type; 224 - u8 size; 225 - u8 index; 226 - u8 reserved; 227 - union { 228 - u8 byte; 229 - __le16 word; 230 - u8 addr[ETH_ALEN]; 231 - } data; 232 - } __packed; 233 - 234 222 struct mib_local { 235 223 u16 reserved0; 236 224 u8 beacon_enable; ··· 320 332 struct mib_mdomain { 321 333 u8 tx_powerlevel[14]; 322 334 u8 channel_list[14]; /* 0 for invalid channels */ 335 + } __packed; 336 + 337 + struct set_mib_buffer { 338 + u8 type; 339 + u8 size; 340 + u8 index; 341 + u8 reserved; 342 + union { 343 + u8 byte; 344 + __le16 word; 345 + u8 addr[ETH_ALEN]; 346 + struct mib_mac_wep wep_mib; 347 + } data; 323 348 } __packed; 324 349 325 350 struct at76_fw_header {

+2 -1

drivers/net/wireless/ath/ath10k/bmi.h

··· 201 201 \ 202 202 addr = host_interest_item_address(HI_ITEM(item)); \ 203 203 ret = ath10k_bmi_read_memory(ar, addr, (u8 *)&tmp, 4); \ 204 - *val = __le32_to_cpu(tmp); \ 204 + if (!ret) \ 205 + *val = __le32_to_cpu(tmp); \ 205 206 ret; \ 206 207 }) 207 208

+27

drivers/net/wireless/ath/ath10k/ce.c

··· 329 329 return ret; 330 330 } 331 331 332 + void __ath10k_ce_send_revert(struct ath10k_ce_pipe *pipe) 333 + { 334 + struct ath10k *ar = pipe->ar; 335 + struct ath10k_pci *ar_pci = ath10k_pci_priv(ar); 336 + struct ath10k_ce_ring *src_ring = pipe->src_ring; 337 + u32 ctrl_addr = pipe->ctrl_addr; 338 + 339 + lockdep_assert_held(&ar_pci->ce_lock); 340 + 341 + /* 342 + * This function must be called only if there is an incomplete 343 + * scatter-gather transfer (before index register is updated) 344 + * that needs to be cleaned up. 345 + */ 346 + if (WARN_ON_ONCE(src_ring->write_index == src_ring->sw_index)) 347 + return; 348 + 349 + if (WARN_ON_ONCE(src_ring->write_index == 350 + ath10k_ce_src_ring_write_index_get(ar, ctrl_addr))) 351 + return; 352 + 353 + src_ring->write_index--; 354 + src_ring->write_index &= src_ring->nentries_mask; 355 + 356 + src_ring->per_transfer_context[src_ring->write_index] = NULL; 357 + } 358 + 332 359 int ath10k_ce_send(struct ath10k_ce_pipe *ce_state, 333 360 void *per_transfer_context, 334 361 u32 buffer,

+2

drivers/net/wireless/ath/ath10k/ce.h

··· 160 160 unsigned int transfer_id, 161 161 unsigned int flags); 162 162 163 + void __ath10k_ce_send_revert(struct ath10k_ce_pipe *pipe); 164 + 163 165 void ath10k_ce_send_cb_register(struct ath10k_ce_pipe *ce_state, 164 166 void (*send_cb)(struct ath10k_ce_pipe *), 165 167 int disable_interrupts);

+154 -123

drivers/net/wireless/ath/ath10k/core.c

··· 58 58 complete(&ar->target_suspend); 59 59 } 60 60 61 - static int ath10k_init_connect_htc(struct ath10k *ar) 62 - { 63 - int status; 64 - 65 - status = ath10k_wmi_connect_htc_service(ar); 66 - if (status) 67 - goto conn_fail; 68 - 69 - /* Start HTC */ 70 - status = ath10k_htc_start(&ar->htc); 71 - if (status) 72 - goto conn_fail; 73 - 74 - /* Wait for WMI event to be ready */ 75 - status = ath10k_wmi_wait_for_service_ready(ar); 76 - if (status <= 0) { 77 - ath10k_warn("wmi service ready event not received"); 78 - status = -ETIMEDOUT; 79 - goto timeout; 80 - } 81 - 82 - ath10k_dbg(ATH10K_DBG_BOOT, "boot wmi ready\n"); 83 - return 0; 84 - 85 - timeout: 86 - ath10k_htc_stop(&ar->htc); 87 - conn_fail: 88 - return status; 89 - } 90 - 91 61 static int ath10k_init_configure_target(struct ath10k *ar) 92 62 { 93 63 u32 param_host; ··· 651 681 switch (ar->state) { 652 682 case ATH10K_STATE_ON: 653 683 ar->state = ATH10K_STATE_RESTARTING; 654 - ath10k_halt(ar); 684 + del_timer_sync(&ar->scan.timeout); 685 + ath10k_reset_scan((unsigned long)ar); 655 686 ieee80211_restart_hw(ar->hw); 656 687 break; 657 688 case ATH10K_STATE_OFF: ··· 661 690 ath10k_warn("cannot restart a device that hasn't been started\n"); 662 691 break; 663 692 case ATH10K_STATE_RESTARTING: 693 + /* hw restart might be requested from multiple places */ 694 + break; 664 695 case ATH10K_STATE_RESTARTED: 665 696 ar->state = ATH10K_STATE_WEDGED; 666 697 /* fall through */ ··· 673 700 674 701 mutex_unlock(&ar->conf_mutex); 675 702 } 676 - 677 - struct ath10k *ath10k_core_create(void *hif_priv, struct device *dev, 678 - const struct ath10k_hif_ops *hif_ops) 679 - { 680 - struct ath10k *ar; 681 - 682 - ar = ath10k_mac_create(); 683 - if (!ar) 684 - return NULL; 685 - 686 - ar->ath_common.priv = ar; 687 - ar->ath_common.hw = ar->hw; 688 - 689 - ar->p2p = !!ath10k_p2p; 690 - ar->dev = dev; 691 - 692 - ar->hif.priv = hif_priv; 693 - ar->hif.ops = hif_ops; 694 - 695 - init_completion(&ar->scan.started); 696 - init_completion(&ar->scan.completed); 697 - init_completion(&ar->scan.on_channel); 698 - init_completion(&ar->target_suspend); 699 - 700 - init_completion(&ar->install_key_done); 701 - init_completion(&ar->vdev_setup_done); 702 - 703 - setup_timer(&ar->scan.timeout, ath10k_reset_scan, (unsigned long)ar); 704 - 705 - ar->workqueue = create_singlethread_workqueue("ath10k_wq"); 706 - if (!ar->workqueue) 707 - goto err_wq; 708 - 709 - mutex_init(&ar->conf_mutex); 710 - spin_lock_init(&ar->data_lock); 711 - 712 - INIT_LIST_HEAD(&ar->peers); 713 - init_waitqueue_head(&ar->peer_mapping_wq); 714 - 715 - init_completion(&ar->offchan_tx_completed); 716 - INIT_WORK(&ar->offchan_tx_work, ath10k_offchan_tx_work); 717 - skb_queue_head_init(&ar->offchan_tx_queue); 718 - 719 - INIT_WORK(&ar->wmi_mgmt_tx_work, ath10k_mgmt_over_wmi_tx_work); 720 - skb_queue_head_init(&ar->wmi_mgmt_tx_queue); 721 - 722 - INIT_WORK(&ar->restart_work, ath10k_core_restart); 723 - 724 - return ar; 725 - 726 - err_wq: 727 - ath10k_mac_destroy(ar); 728 - return NULL; 729 - } 730 - EXPORT_SYMBOL(ath10k_core_create); 731 - 732 - void ath10k_core_destroy(struct ath10k *ar) 733 - { 734 - flush_workqueue(ar->workqueue); 735 - destroy_workqueue(ar->workqueue); 736 - 737 - ath10k_mac_destroy(ar); 738 - } 739 - EXPORT_SYMBOL(ath10k_core_destroy); 740 703 741 704 int ath10k_core_start(struct ath10k *ar) 742 705 { ··· 714 805 goto err; 715 806 } 716 807 808 + status = ath10k_htt_init(ar); 809 + if (status) { 810 + ath10k_err("failed to init htt: %d\n", status); 811 + goto err_wmi_detach; 812 + } 813 + 814 + status = ath10k_htt_tx_alloc(&ar->htt); 815 + if (status) { 816 + ath10k_err("failed to alloc htt tx: %d\n", status); 817 + goto err_wmi_detach; 818 + } 819 + 820 + status = ath10k_htt_rx_alloc(&ar->htt); 821 + if (status) { 822 + ath10k_err("failed to alloc htt rx: %d\n", status); 823 + goto err_htt_tx_detach; 824 + } 825 + 717 826 status = ath10k_hif_start(ar); 718 827 if (status) { 719 828 ath10k_err("could not start HIF: %d\n", status); 720 - goto err_wmi_detach; 829 + goto err_htt_rx_detach; 721 830 } 722 831 723 832 status = ath10k_htc_wait_target(&ar->htc); ··· 744 817 goto err_hif_stop; 745 818 } 746 819 747 - status = ath10k_htt_attach(ar); 820 + status = ath10k_htt_connect(&ar->htt); 748 821 if (status) { 749 - ath10k_err("could not attach htt (%d)\n", status); 822 + ath10k_err("failed to connect htt (%d)\n", status); 750 823 goto err_hif_stop; 751 824 } 752 825 753 - status = ath10k_init_connect_htc(ar); 754 - if (status) 755 - goto err_htt_detach; 826 + status = ath10k_wmi_connect(ar); 827 + if (status) { 828 + ath10k_err("could not connect wmi: %d\n", status); 829 + goto err_hif_stop; 830 + } 831 + 832 + status = ath10k_htc_start(&ar->htc); 833 + if (status) { 834 + ath10k_err("failed to start htc: %d\n", status); 835 + goto err_hif_stop; 836 + } 837 + 838 + status = ath10k_wmi_wait_for_service_ready(ar); 839 + if (status <= 0) { 840 + ath10k_warn("wmi service ready event not received"); 841 + status = -ETIMEDOUT; 842 + goto err_htc_stop; 843 + } 756 844 757 845 ath10k_dbg(ATH10K_DBG_BOOT, "firmware %s booted\n", 758 846 ar->hw->wiphy->fw_version); ··· 775 833 status = ath10k_wmi_cmd_init(ar); 776 834 if (status) { 777 835 ath10k_err("could not send WMI init command (%d)\n", status); 778 - goto err_disconnect_htc; 836 + goto err_htc_stop; 779 837 } 780 838 781 839 status = ath10k_wmi_wait_for_unified_ready(ar); 782 840 if (status <= 0) { 783 841 ath10k_err("wmi unified ready event not received\n"); 784 842 status = -ETIMEDOUT; 785 - goto err_disconnect_htc; 843 + goto err_htc_stop; 786 844 } 787 845 788 - status = ath10k_htt_attach_target(&ar->htt); 789 - if (status) 790 - goto err_disconnect_htc; 846 + status = ath10k_htt_setup(&ar->htt); 847 + if (status) { 848 + ath10k_err("failed to setup htt: %d\n", status); 849 + goto err_htc_stop; 850 + } 791 851 792 852 status = ath10k_debug_start(ar); 793 853 if (status) 794 - goto err_disconnect_htc; 854 + goto err_htc_stop; 795 855 796 856 ar->free_vdev_map = (1 << TARGET_NUM_VDEVS) - 1; 797 857 INIT_LIST_HEAD(&ar->arvifs); ··· 812 868 813 869 return 0; 814 870 815 - err_disconnect_htc: 871 + err_htc_stop: 816 872 ath10k_htc_stop(&ar->htc); 817 - err_htt_detach: 818 - ath10k_htt_detach(&ar->htt); 819 873 err_hif_stop: 820 874 ath10k_hif_stop(ar); 875 + err_htt_rx_detach: 876 + ath10k_htt_rx_free(&ar->htt); 877 + err_htt_tx_detach: 878 + ath10k_htt_tx_free(&ar->htt); 821 879 err_wmi_detach: 822 880 ath10k_wmi_detach(ar); 823 881 err: ··· 859 913 860 914 ath10k_debug_stop(ar); 861 915 ath10k_htc_stop(&ar->htc); 862 - ath10k_htt_detach(&ar->htt); 916 + ath10k_hif_stop(ar); 917 + ath10k_htt_tx_free(&ar->htt); 918 + ath10k_htt_rx_free(&ar->htt); 863 919 ath10k_wmi_detach(ar); 864 920 } 865 921 EXPORT_SYMBOL(ath10k_core_stop); ··· 953 1005 return 0; 954 1006 } 955 1007 956 - int ath10k_core_register(struct ath10k *ar, u32 chip_id) 1008 + static void ath10k_core_register_work(struct work_struct *work) 957 1009 { 1010 + struct ath10k *ar = container_of(work, struct ath10k, register_work); 958 1011 int status; 959 - 960 - ar->chip_id = chip_id; 961 - 962 - status = ath10k_core_check_chip_id(ar); 963 - if (status) { 964 - ath10k_err("Unsupported chip id 0x%08x\n", ar->chip_id); 965 - return status; 966 - } 967 1012 968 1013 status = ath10k_core_probe_fw(ar); 969 1014 if (status) { 970 1015 ath10k_err("could not probe fw (%d)\n", status); 971 - return status; 1016 + goto err; 972 1017 } 973 1018 974 1019 status = ath10k_mac_register(ar); ··· 976 1035 goto err_unregister_mac; 977 1036 } 978 1037 979 - return 0; 1038 + set_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags); 1039 + return; 980 1040 981 1041 err_unregister_mac: 982 1042 ath10k_mac_unregister(ar); 983 1043 err_release_fw: 984 1044 ath10k_core_free_firmware_files(ar); 985 - return status; 1045 + err: 1046 + device_release_driver(ar->dev); 1047 + return; 1048 + } 1049 + 1050 + int ath10k_core_register(struct ath10k *ar, u32 chip_id) 1051 + { 1052 + int status; 1053 + 1054 + ar->chip_id = chip_id; 1055 + 1056 + status = ath10k_core_check_chip_id(ar); 1057 + if (status) { 1058 + ath10k_err("Unsupported chip id 0x%08x\n", ar->chip_id); 1059 + return status; 1060 + } 1061 + 1062 + queue_work(ar->workqueue, &ar->register_work); 1063 + 1064 + return 0; 986 1065 } 987 1066 EXPORT_SYMBOL(ath10k_core_register); 988 1067 989 1068 void ath10k_core_unregister(struct ath10k *ar) 990 1069 { 1070 + cancel_work_sync(&ar->register_work); 1071 + 1072 + if (!test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags)) 1073 + return; 1074 + 991 1075 /* We must unregister from mac80211 before we stop HTC and HIF. 992 1076 * Otherwise we will fail to submit commands to FW and mac80211 will be 993 1077 * unhappy about callback failures. */ ··· 1023 1057 ath10k_debug_destroy(ar); 1024 1058 } 1025 1059 EXPORT_SYMBOL(ath10k_core_unregister); 1060 + 1061 + struct ath10k *ath10k_core_create(void *hif_priv, struct device *dev, 1062 + const struct ath10k_hif_ops *hif_ops) 1063 + { 1064 + struct ath10k *ar; 1065 + 1066 + ar = ath10k_mac_create(); 1067 + if (!ar) 1068 + return NULL; 1069 + 1070 + ar->ath_common.priv = ar; 1071 + ar->ath_common.hw = ar->hw; 1072 + 1073 + ar->p2p = !!ath10k_p2p; 1074 + ar->dev = dev; 1075 + 1076 + ar->hif.priv = hif_priv; 1077 + ar->hif.ops = hif_ops; 1078 + 1079 + init_completion(&ar->scan.started); 1080 + init_completion(&ar->scan.completed); 1081 + init_completion(&ar->scan.on_channel); 1082 + init_completion(&ar->target_suspend); 1083 + 1084 + init_completion(&ar->install_key_done); 1085 + init_completion(&ar->vdev_setup_done); 1086 + 1087 + setup_timer(&ar->scan.timeout, ath10k_reset_scan, (unsigned long)ar); 1088 + 1089 + ar->workqueue = create_singlethread_workqueue("ath10k_wq"); 1090 + if (!ar->workqueue) 1091 + goto err_wq; 1092 + 1093 + mutex_init(&ar->conf_mutex); 1094 + spin_lock_init(&ar->data_lock); 1095 + 1096 + INIT_LIST_HEAD(&ar->peers); 1097 + init_waitqueue_head(&ar->peer_mapping_wq); 1098 + 1099 + init_completion(&ar->offchan_tx_completed); 1100 + INIT_WORK(&ar->offchan_tx_work, ath10k_offchan_tx_work); 1101 + skb_queue_head_init(&ar->offchan_tx_queue); 1102 + 1103 + INIT_WORK(&ar->wmi_mgmt_tx_work, ath10k_mgmt_over_wmi_tx_work); 1104 + skb_queue_head_init(&ar->wmi_mgmt_tx_queue); 1105 + 1106 + INIT_WORK(&ar->register_work, ath10k_core_register_work); 1107 + INIT_WORK(&ar->restart_work, ath10k_core_restart); 1108 + 1109 + return ar; 1110 + 1111 + err_wq: 1112 + ath10k_mac_destroy(ar); 1113 + return NULL; 1114 + } 1115 + EXPORT_SYMBOL(ath10k_core_create); 1116 + 1117 + void ath10k_core_destroy(struct ath10k *ar) 1118 + { 1119 + flush_workqueue(ar->workqueue); 1120 + destroy_workqueue(ar->workqueue); 1121 + 1122 + ath10k_mac_destroy(ar); 1123 + } 1124 + EXPORT_SYMBOL(ath10k_core_destroy); 1026 1125 1027 1126 MODULE_AUTHOR("Qualcomm Atheros"); 1028 1127 MODULE_DESCRIPTION("Core module for QCA988X PCIe devices.");

+8

drivers/net/wireless/ath/ath10k/core.h

··· 335 335 /* Indicates that ath10k device is during CAC phase of DFS */ 336 336 ATH10K_CAC_RUNNING, 337 337 ATH10K_FLAG_FIRST_BOOT_DONE, 338 + ATH10K_FLAG_CORE_REGISTERED, 338 339 }; 339 340 340 341 struct ath10k { ··· 441 440 bool radar_enabled; 442 441 int num_started_vdevs; 443 442 443 + /* Protected by conf-mutex */ 444 + u8 supp_tx_chainmask; 445 + u8 supp_rx_chainmask; 446 + u8 cfg_tx_chainmask; 447 + u8 cfg_rx_chainmask; 448 + 444 449 struct wmi_pdev_set_wmm_params_arg wmm_params; 445 450 struct completion install_key_done; 446 451 ··· 477 470 478 471 enum ath10k_state state; 479 472 473 + struct work_struct register_work; 480 474 struct work_struct restart_work; 481 475 482 476 /* cycle count is reported twice for each visited channel during scan.

-6

drivers/net/wireless/ath/ath10k/htc.c

··· 830 830 return 0; 831 831 } 832 832 833 - /* 834 - * stop HTC communications, i.e. stop interrupt reception, and flush all 835 - * queued buffers 836 - */ 837 833 void ath10k_htc_stop(struct ath10k_htc *htc) 838 834 { 839 835 spin_lock_bh(&htc->tx_lock); 840 836 htc->stopped = true; 841 837 spin_unlock_bh(&htc->tx_lock); 842 - 843 - ath10k_hif_stop(htc->ar); 844 838 } 845 839 846 840 /* registered target arrival callback from the HIF layer */

+3 -39

drivers/net/wireless/ath/ath10k/htt.c

··· 22 22 #include "core.h" 23 23 #include "debug.h" 24 24 25 - static int ath10k_htt_htc_attach(struct ath10k_htt *htt) 25 + int ath10k_htt_connect(struct ath10k_htt *htt) 26 26 { 27 27 struct ath10k_htc_svc_conn_req conn_req; 28 28 struct ath10k_htc_svc_conn_resp conn_resp; ··· 48 48 return 0; 49 49 } 50 50 51 - int ath10k_htt_attach(struct ath10k *ar) 51 + int ath10k_htt_init(struct ath10k *ar) 52 52 { 53 53 struct ath10k_htt *htt = &ar->htt; 54 - int ret; 55 54 56 55 htt->ar = ar; 57 56 htt->max_throughput_mbps = 800; 58 - 59 - /* 60 - * Connect to HTC service. 61 - * This has to be done before calling ath10k_htt_rx_attach, 62 - * since ath10k_htt_rx_attach involves sending a rx ring configure 63 - * message to the target. 64 - */ 65 - ret = ath10k_htt_htc_attach(htt); 66 - if (ret) { 67 - ath10k_err("could not attach htt htc (%d)\n", ret); 68 - goto err_htc_attach; 69 - } 70 - 71 - ret = ath10k_htt_tx_attach(htt); 72 - if (ret) { 73 - ath10k_err("could not attach htt tx (%d)\n", ret); 74 - goto err_htc_attach; 75 - } 76 - 77 - ret = ath10k_htt_rx_attach(htt); 78 - if (ret) { 79 - ath10k_err("could not attach htt rx (%d)\n", ret); 80 - goto err_rx_attach; 81 - } 82 57 83 58 /* 84 59 * Prefetch enough data to satisfy target ··· 68 93 2; /* ip4 dscp or ip6 priority */ 69 94 70 95 return 0; 71 - 72 - err_rx_attach: 73 - ath10k_htt_tx_detach(htt); 74 - err_htc_attach: 75 - return ret; 76 96 } 77 97 78 98 #define HTT_TARGET_VERSION_TIMEOUT_HZ (3*HZ) ··· 87 117 return 0; 88 118 } 89 119 90 - int ath10k_htt_attach_target(struct ath10k_htt *htt) 120 + int ath10k_htt_setup(struct ath10k_htt *htt) 91 121 { 92 122 int status; 93 123 ··· 109 139 return status; 110 140 111 141 return ath10k_htt_send_rx_ring_cfg_ll(htt); 112 - } 113 - 114 - void ath10k_htt_detach(struct ath10k_htt *htt) 115 - { 116 - ath10k_htt_rx_detach(htt); 117 - ath10k_htt_tx_detach(htt); 118 142 }

+9 -7

drivers/net/wireless/ath/ath10k/htt.h

··· 1328 1328 #define HTT_LOG2_MAX_CACHE_LINE_SIZE 7 /* 2^7 = 128 */ 1329 1329 #define HTT_MAX_CACHE_LINE_SIZE_MASK ((1 << HTT_LOG2_MAX_CACHE_LINE_SIZE) - 1) 1330 1330 1331 - int ath10k_htt_attach(struct ath10k *ar); 1332 - int ath10k_htt_attach_target(struct ath10k_htt *htt); 1333 - void ath10k_htt_detach(struct ath10k_htt *htt); 1331 + int ath10k_htt_connect(struct ath10k_htt *htt); 1332 + int ath10k_htt_init(struct ath10k *ar); 1333 + int ath10k_htt_setup(struct ath10k_htt *htt); 1334 1334 1335 - int ath10k_htt_tx_attach(struct ath10k_htt *htt); 1336 - void ath10k_htt_tx_detach(struct ath10k_htt *htt); 1337 - int ath10k_htt_rx_attach(struct ath10k_htt *htt); 1338 - void ath10k_htt_rx_detach(struct ath10k_htt *htt); 1335 + int ath10k_htt_tx_alloc(struct ath10k_htt *htt); 1336 + void ath10k_htt_tx_free(struct ath10k_htt *htt); 1337 + 1338 + int ath10k_htt_rx_alloc(struct ath10k_htt *htt); 1339 + void ath10k_htt_rx_free(struct ath10k_htt *htt); 1340 + 1339 1341 void ath10k_htt_htc_tx_complete(struct ath10k *ar, struct sk_buff *skb); 1340 1342 void ath10k_htt_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb); 1341 1343 int ath10k_htt_h2t_ver_req_msg(struct ath10k_htt *htt);

+66 -26

drivers/net/wireless/ath/ath10k/htt_rx.c

··· 225 225 ath10k_htt_rx_msdu_buff_replenish(htt); 226 226 } 227 227 228 - void ath10k_htt_rx_detach(struct ath10k_htt *htt) 228 + static void ath10k_htt_rx_ring_clean_up(struct ath10k_htt *htt) 229 229 { 230 - int sw_rd_idx = htt->rx_ring.sw_rd_idx.msdu_payld; 230 + struct sk_buff *skb; 231 + int i; 231 232 233 + for (i = 0; i < htt->rx_ring.size; i++) { 234 + skb = htt->rx_ring.netbufs_ring[i]; 235 + if (!skb) 236 + continue; 237 + 238 + dma_unmap_single(htt->ar->dev, ATH10K_SKB_CB(skb)->paddr, 239 + skb->len + skb_tailroom(skb), 240 + DMA_FROM_DEVICE); 241 + dev_kfree_skb_any(skb); 242 + htt->rx_ring.netbufs_ring[i] = NULL; 243 + } 244 + } 245 + 246 + void ath10k_htt_rx_free(struct ath10k_htt *htt) 247 + { 232 248 del_timer_sync(&htt->rx_ring.refill_retry_timer); 233 249 tasklet_kill(&htt->rx_replenish_task); 234 250 tasklet_kill(&htt->txrx_compl_task); ··· 252 236 skb_queue_purge(&htt->tx_compl_q); 253 237 skb_queue_purge(&htt->rx_compl_q); 254 238 255 - while (sw_rd_idx != __le32_to_cpu(*(htt->rx_ring.alloc_idx.vaddr))) { 256 - struct sk_buff *skb = 257 - htt->rx_ring.netbufs_ring[sw_rd_idx]; 258 - struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb); 259 - 260 - dma_unmap_single(htt->ar->dev, cb->paddr, 261 - skb->len + skb_tailroom(skb), 262 - DMA_FROM_DEVICE); 263 - dev_kfree_skb_any(htt->rx_ring.netbufs_ring[sw_rd_idx]); 264 - sw_rd_idx++; 265 - sw_rd_idx &= htt->rx_ring.size_mask; 266 - } 239 + ath10k_htt_rx_ring_clean_up(htt); 267 240 268 241 dma_free_coherent(htt->ar->dev, 269 242 (htt->rx_ring.size * ··· 282 277 283 278 idx = htt->rx_ring.sw_rd_idx.msdu_payld; 284 279 msdu = htt->rx_ring.netbufs_ring[idx]; 280 + htt->rx_ring.netbufs_ring[idx] = NULL; 285 281 286 282 idx++; 287 283 idx &= htt->rx_ring.size_mask; ··· 312 306 int msdu_len, msdu_chaining = 0; 313 307 struct sk_buff *msdu; 314 308 struct htt_rx_desc *rx_desc; 309 + bool corrupted = false; 315 310 316 311 lockdep_assert_held(&htt->rx_ring.lock); 317 312 ··· 406 399 msdu_len = MS(__le32_to_cpu(rx_desc->msdu_start.info0), 407 400 RX_MSDU_START_INFO0_MSDU_LENGTH); 408 401 msdu_chained = rx_desc->frag_info.ring2_more_count; 409 - msdu_chaining = msdu_chained; 410 402 411 403 if (msdu_len_invalid) 412 404 msdu_len = 0; ··· 433 427 434 428 msdu->next = next; 435 429 msdu = next; 430 + msdu_chaining = 1; 436 431 } 437 432 438 433 last_msdu = __le32_to_cpu(rx_desc->msdu_end.info0) & 439 434 RX_MSDU_END_INFO0_LAST_MSDU; 435 + 436 + if (msdu_chaining && !last_msdu) 437 + corrupted = true; 440 438 441 439 if (last_msdu) { 442 440 msdu->next = NULL; ··· 455 445 456 446 if (*head_msdu == NULL) 457 447 msdu_chaining = -1; 448 + 449 + /* 450 + * Apparently FW sometimes reports weird chained MSDU sequences with 451 + * more than one rx descriptor. This seems like a bug but needs more 452 + * analyzing. For the time being fix it by dropping such sequences to 453 + * avoid blowing up the host system. 454 + */ 455 + if (corrupted) { 456 + ath10k_warn("failed to pop chained msdus, dropping\n"); 457 + ath10k_htt_rx_free_msdu_chain(*head_msdu); 458 + *head_msdu = NULL; 459 + *tail_msdu = NULL; 460 + msdu_chaining = -EINVAL; 461 + } 458 462 459 463 /* 460 464 * Don't refill the ring yet. ··· 492 468 ath10k_htt_rx_msdu_buff_replenish(htt); 493 469 } 494 470 495 - int ath10k_htt_rx_attach(struct ath10k_htt *htt) 471 + int ath10k_htt_rx_alloc(struct ath10k_htt *htt) 496 472 { 497 473 dma_addr_t paddr; 498 474 void *vaddr; ··· 518 494 htt->rx_ring.fill_level = ath10k_htt_rx_ring_fill_level(htt); 519 495 520 496 htt->rx_ring.netbufs_ring = 521 - kmalloc(htt->rx_ring.size * sizeof(struct sk_buff *), 497 + kzalloc(htt->rx_ring.size * sizeof(struct sk_buff *), 522 498 GFP_KERNEL); 523 499 if (!htt->rx_ring.netbufs_ring) 524 500 goto err_netbuf; ··· 778 754 static void ath10k_htt_rx_h_protected(struct ath10k_htt *htt, 779 755 struct ieee80211_rx_status *rx_status, 780 756 struct sk_buff *skb, 781 - enum htt_rx_mpdu_encrypt_type enctype) 757 + enum htt_rx_mpdu_encrypt_type enctype, 758 + enum rx_msdu_decap_format fmt, 759 + bool dot11frag) 782 760 { 783 761 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 784 762 763 + rx_status->flag &= ~(RX_FLAG_DECRYPTED | 764 + RX_FLAG_IV_STRIPPED | 765 + RX_FLAG_MMIC_STRIPPED); 785 766 786 - if (enctype == HTT_RX_MPDU_ENCRYPT_NONE) { 787 - rx_status->flag &= ~(RX_FLAG_DECRYPTED | 788 - RX_FLAG_IV_STRIPPED | 789 - RX_FLAG_MMIC_STRIPPED); 767 + if (enctype == HTT_RX_MPDU_ENCRYPT_NONE) 790 768 return; 791 - } 769 + 770 + /* 771 + * There's no explicit rx descriptor flag to indicate whether a given 772 + * frame has been decrypted or not. We're forced to use the decap 773 + * format as an implicit indication. However fragmentation rx is always 774 + * raw and it probably never reports undecrypted raws. 775 + * 776 + * This makes sure sniffed frames are reported as-is without stripping 777 + * the protected flag. 778 + */ 779 + if (fmt == RX_MSDU_DECAP_RAW && !dot11frag) 780 + return; 792 781 793 782 rx_status->flag |= RX_FLAG_DECRYPTED | 794 783 RX_FLAG_IV_STRIPPED | ··· 955 918 } 956 919 957 920 skb_in = skb; 958 - ath10k_htt_rx_h_protected(htt, rx_status, skb_in, enctype); 921 + ath10k_htt_rx_h_protected(htt, rx_status, skb_in, enctype, fmt, 922 + false); 959 923 skb = skb->next; 960 924 skb_in->next = NULL; 961 925 ··· 1038 1000 break; 1039 1001 } 1040 1002 1041 - ath10k_htt_rx_h_protected(htt, rx_status, skb, enctype); 1003 + ath10k_htt_rx_h_protected(htt, rx_status, skb, enctype, fmt, false); 1042 1004 1043 1005 ath10k_process_rx(htt->ar, rx_status, skb); 1044 1006 } ··· 1326 1288 } 1327 1289 1328 1290 /* FIXME: implement signal strength */ 1291 + rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; 1329 1292 1330 1293 hdr = (struct ieee80211_hdr *)msdu_head->data; 1331 1294 rxd = (void *)msdu_head->data - sizeof(*rxd); ··· 1345 1306 1346 1307 enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0), 1347 1308 RX_MPDU_START_INFO0_ENCRYPT_TYPE); 1348 - ath10k_htt_rx_h_protected(htt, rx_status, msdu_head, enctype); 1309 + ath10k_htt_rx_h_protected(htt, rx_status, msdu_head, enctype, fmt, 1310 + true); 1349 1311 msdu_head->ip_summed = ath10k_htt_rx_get_csum_state(msdu_head); 1350 1312 1351 1313 if (tkip_mic_err)

+4 -4

drivers/net/wireless/ath/ath10k/htt_tx.c

··· 83 83 __clear_bit(msdu_id, htt->used_msdu_ids); 84 84 } 85 85 86 - int ath10k_htt_tx_attach(struct ath10k_htt *htt) 86 + int ath10k_htt_tx_alloc(struct ath10k_htt *htt) 87 87 { 88 88 spin_lock_init(&htt->tx_lock); 89 89 init_waitqueue_head(&htt->empty_tx_wq); ··· 120 120 return 0; 121 121 } 122 122 123 - static void ath10k_htt_tx_cleanup_pending(struct ath10k_htt *htt) 123 + static void ath10k_htt_tx_free_pending(struct ath10k_htt *htt) 124 124 { 125 125 struct htt_tx_done tx_done = {0}; 126 126 int msdu_id; ··· 141 141 spin_unlock_bh(&htt->tx_lock); 142 142 } 143 143 144 - void ath10k_htt_tx_detach(struct ath10k_htt *htt) 144 + void ath10k_htt_tx_free(struct ath10k_htt *htt) 145 145 { 146 - ath10k_htt_tx_cleanup_pending(htt); 146 + ath10k_htt_tx_free_pending(htt); 147 147 kfree(htt->pending_tx); 148 148 kfree(htt->used_msdu_ids); 149 149 dma_pool_destroy(htt->tx_pool);

+162 -52

drivers/net/wireless/ath/ath10k/mac.c

··· 54 54 switch (key->cipher) { 55 55 case WLAN_CIPHER_SUITE_CCMP: 56 56 arg.key_cipher = WMI_CIPHER_AES_CCM; 57 - key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX; 57 + if (arvif->vdev_type == WMI_VDEV_TYPE_AP) 58 + key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT; 59 + else 60 + key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX; 58 61 break; 59 62 case WLAN_CIPHER_SUITE_TKIP: 60 63 arg.key_cipher = WMI_CIPHER_TKIP; ··· 1891 1888 wep_key_work); 1892 1889 int ret, keyidx = arvif->def_wep_key_newidx; 1893 1890 1891 + mutex_lock(&arvif->ar->conf_mutex); 1892 + 1893 + if (arvif->ar->state != ATH10K_STATE_ON) 1894 + goto unlock; 1895 + 1894 1896 if (arvif->def_wep_key_idx == keyidx) 1895 - return; 1897 + goto unlock; 1896 1898 1897 1899 ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n", 1898 1900 arvif->vdev_id, keyidx); ··· 1910 1902 ath10k_warn("failed to update wep key index for vdev %d: %d\n", 1911 1903 arvif->vdev_id, 1912 1904 ret); 1913 - return; 1905 + goto unlock; 1914 1906 } 1915 1907 1916 1908 arvif->def_wep_key_idx = keyidx; 1909 + 1910 + unlock: 1911 + mutex_unlock(&arvif->ar->conf_mutex); 1917 1912 } 1918 1913 1919 1914 static void ath10k_tx_h_update_wep_key(struct sk_buff *skb) ··· 2297 2286 ath10k_tx_htt(ar, skb); 2298 2287 } 2299 2288 2300 - /* 2301 - * Initialize various parameters with default vaules. 2302 - */ 2289 + /* Must not be called with conf_mutex held as workers can use that also. */ 2290 + static void ath10k_drain_tx(struct ath10k *ar) 2291 + { 2292 + /* make sure rcu-protected mac80211 tx path itself is drained */ 2293 + synchronize_net(); 2294 + 2295 + ath10k_offchan_tx_purge(ar); 2296 + ath10k_mgmt_over_wmi_tx_purge(ar); 2297 + 2298 + cancel_work_sync(&ar->offchan_tx_work); 2299 + cancel_work_sync(&ar->wmi_mgmt_tx_work); 2300 + } 2301 + 2303 2302 void ath10k_halt(struct ath10k *ar) 2304 2303 { 2305 2304 struct ath10k_vif *arvif; ··· 2324 2303 } 2325 2304 2326 2305 del_timer_sync(&ar->scan.timeout); 2327 - ath10k_offchan_tx_purge(ar); 2328 - ath10k_mgmt_over_wmi_tx_purge(ar); 2306 + ath10k_reset_scan((unsigned long)ar); 2329 2307 ath10k_peer_cleanup_all(ar); 2330 2308 ath10k_core_stop(ar); 2331 2309 ath10k_hif_power_down(ar); 2332 2310 2333 2311 spin_lock_bh(&ar->data_lock); 2334 - if (ar->scan.in_progress) { 2335 - del_timer(&ar->scan.timeout); 2336 - ar->scan.in_progress = false; 2337 - ieee80211_scan_completed(ar->hw, true); 2338 - } 2339 - 2340 2312 list_for_each_entry(arvif, &ar->arvifs, list) { 2341 2313 if (!arvif->beacon) 2342 2314 continue; ··· 2343 2329 spin_unlock_bh(&ar->data_lock); 2344 2330 } 2345 2331 2332 + static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant) 2333 + { 2334 + struct ath10k *ar = hw->priv; 2335 + 2336 + mutex_lock(&ar->conf_mutex); 2337 + 2338 + if (ar->cfg_tx_chainmask) { 2339 + *tx_ant = ar->cfg_tx_chainmask; 2340 + *rx_ant = ar->cfg_rx_chainmask; 2341 + } else { 2342 + *tx_ant = ar->supp_tx_chainmask; 2343 + *rx_ant = ar->supp_rx_chainmask; 2344 + } 2345 + 2346 + mutex_unlock(&ar->conf_mutex); 2347 + 2348 + return 0; 2349 + } 2350 + 2351 + static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant) 2352 + { 2353 + int ret; 2354 + 2355 + lockdep_assert_held(&ar->conf_mutex); 2356 + 2357 + ar->cfg_tx_chainmask = tx_ant; 2358 + ar->cfg_rx_chainmask = rx_ant; 2359 + 2360 + if ((ar->state != ATH10K_STATE_ON) && 2361 + (ar->state != ATH10K_STATE_RESTARTED)) 2362 + return 0; 2363 + 2364 + ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask, 2365 + tx_ant); 2366 + if (ret) { 2367 + ath10k_warn("failed to set tx-chainmask: %d, req 0x%x\n", 2368 + ret, tx_ant); 2369 + return ret; 2370 + } 2371 + 2372 + ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask, 2373 + rx_ant); 2374 + if (ret) { 2375 + ath10k_warn("failed to set rx-chainmask: %d, req 0x%x\n", 2376 + ret, rx_ant); 2377 + return ret; 2378 + } 2379 + 2380 + return 0; 2381 + } 2382 + 2383 + static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant) 2384 + { 2385 + struct ath10k *ar = hw->priv; 2386 + int ret; 2387 + 2388 + mutex_lock(&ar->conf_mutex); 2389 + ret = __ath10k_set_antenna(ar, tx_ant, rx_ant); 2390 + mutex_unlock(&ar->conf_mutex); 2391 + return ret; 2392 + } 2393 + 2346 2394 static int ath10k_start(struct ieee80211_hw *hw) 2347 2395 { 2348 2396 struct ath10k *ar = hw->priv; 2349 2397 int ret = 0; 2350 2398 2399 + /* 2400 + * This makes sense only when restarting hw. It is harmless to call 2401 + * uncoditionally. This is necessary to make sure no HTT/WMI tx 2402 + * commands will be submitted while restarting. 2403 + */ 2404 + ath10k_drain_tx(ar); 2405 + 2351 2406 mutex_lock(&ar->conf_mutex); 2352 2407 2353 - if (ar->state != ATH10K_STATE_OFF && 2354 - ar->state != ATH10K_STATE_RESTARTING) { 2408 + switch (ar->state) { 2409 + case ATH10K_STATE_OFF: 2410 + ar->state = ATH10K_STATE_ON; 2411 + break; 2412 + case ATH10K_STATE_RESTARTING: 2413 + ath10k_halt(ar); 2414 + ar->state = ATH10K_STATE_RESTARTED; 2415 + break; 2416 + case ATH10K_STATE_ON: 2417 + case ATH10K_STATE_RESTARTED: 2418 + case ATH10K_STATE_WEDGED: 2419 + WARN_ON(1); 2355 2420 ret = -EINVAL; 2356 - goto exit; 2421 + goto err; 2357 2422 } 2358 2423 2359 2424 ret = ath10k_hif_power_up(ar); 2360 2425 if (ret) { 2361 2426 ath10k_err("Could not init hif: %d\n", ret); 2362 - ar->state = ATH10K_STATE_OFF; 2363 - goto exit; 2427 + goto err_off; 2364 2428 } 2365 2429 2366 2430 ret = ath10k_core_start(ar); 2367 2431 if (ret) { 2368 2432 ath10k_err("Could not init core: %d\n", ret); 2369 - ath10k_hif_power_down(ar); 2370 - ar->state = ATH10K_STATE_OFF; 2371 - goto exit; 2433 + goto err_power_down; 2372 2434 } 2373 2435 2374 - if (ar->state == ATH10K_STATE_OFF) 2375 - ar->state = ATH10K_STATE_ON; 2376 - else if (ar->state == ATH10K_STATE_RESTARTING) 2377 - ar->state = ATH10K_STATE_RESTARTED; 2378 - 2379 2436 ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->pmf_qos, 1); 2380 - if (ret) 2437 + if (ret) { 2381 2438 ath10k_warn("failed to enable PMF QOS: %d\n", ret); 2439 + goto err_core_stop; 2440 + } 2382 2441 2383 2442 ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->dynamic_bw, 1); 2384 - if (ret) 2443 + if (ret) { 2385 2444 ath10k_warn("failed to enable dynamic BW: %d\n", ret); 2445 + goto err_core_stop; 2446 + } 2447 + 2448 + if (ar->cfg_tx_chainmask) 2449 + __ath10k_set_antenna(ar, ar->cfg_tx_chainmask, 2450 + ar->cfg_rx_chainmask); 2386 2451 2387 2452 /* 2388 2453 * By default FW set ARP frames ac to voice (6). In that case ARP ··· 2477 2384 if (ret) { 2478 2385 ath10k_warn("failed to set arp ac override parameter: %d\n", 2479 2386 ret); 2480 - goto exit; 2387 + goto err_core_stop; 2481 2388 } 2482 2389 2483 2390 ar->num_started_vdevs = 0; 2484 2391 ath10k_regd_update(ar); 2485 - ret = 0; 2486 2392 2487 - exit: 2393 + mutex_unlock(&ar->conf_mutex); 2394 + return 0; 2395 + 2396 + err_core_stop: 2397 + ath10k_core_stop(ar); 2398 + 2399 + err_power_down: 2400 + ath10k_hif_power_down(ar); 2401 + 2402 + err_off: 2403 + ar->state = ATH10K_STATE_OFF; 2404 + 2405 + err: 2488 2406 mutex_unlock(&ar->conf_mutex); 2489 2407 return ret; 2490 2408 } ··· 2504 2400 { 2505 2401 struct ath10k *ar = hw->priv; 2506 2402 2507 - mutex_lock(&ar->conf_mutex); 2508 - if (ar->state == ATH10K_STATE_ON || 2509 - ar->state == ATH10K_STATE_RESTARTED || 2510 - ar->state == ATH10K_STATE_WEDGED) 2511 - ath10k_halt(ar); 2403 + ath10k_drain_tx(ar); 2512 2404 2513 - ar->state = ATH10K_STATE_OFF; 2405 + mutex_lock(&ar->conf_mutex); 2406 + if (ar->state != ATH10K_STATE_OFF) { 2407 + ath10k_halt(ar); 2408 + ar->state = ATH10K_STATE_OFF; 2409 + } 2514 2410 mutex_unlock(&ar->conf_mutex); 2515 2411 2516 - ath10k_mgmt_over_wmi_tx_purge(ar); 2517 - 2518 - cancel_work_sync(&ar->offchan_tx_work); 2519 - cancel_work_sync(&ar->wmi_mgmt_tx_work); 2520 2412 cancel_work_sync(&ar->restart_work); 2521 2413 } 2522 2414 ··· 3025 2925 arvif->u.ap.hidden_ssid = info->hidden_ssid; 3026 2926 } 3027 2927 3028 - if (changed & BSS_CHANGED_BSSID) { 2928 + /* 2929 + * Firmware manages AP self-peer internally so make sure to not create 2930 + * it in driver. Otherwise AP self-peer deletion may timeout later. 2931 + */ 2932 + if (changed & BSS_CHANGED_BSSID && 2933 + vif->type != NL80211_IFTYPE_AP) { 3029 2934 if (!is_zero_ether_addr(info->bssid)) { 3030 2935 ath10k_dbg(ATH10K_DBG_MAC, 3031 2936 "mac vdev %d create peer %pM\n", ··· 4247 4142 fixed_nss, force_sgi); 4248 4143 } 4249 4144 4250 - static void ath10k_channel_switch_beacon(struct ieee80211_hw *hw, 4251 - struct ieee80211_vif *vif, 4252 - struct cfg80211_chan_def *chandef) 4253 - { 4254 - /* there's no need to do anything here. vif->csa_active is enough */ 4255 - return; 4256 - } 4257 - 4258 4145 static void ath10k_sta_rc_update(struct ieee80211_hw *hw, 4259 4146 struct ieee80211_vif *vif, 4260 4147 struct ieee80211_sta *sta, ··· 4350 4253 .set_frag_threshold = ath10k_set_frag_threshold, 4351 4254 .flush = ath10k_flush, 4352 4255 .tx_last_beacon = ath10k_tx_last_beacon, 4256 + .set_antenna = ath10k_set_antenna, 4257 + .get_antenna = ath10k_get_antenna, 4353 4258 .restart_complete = ath10k_restart_complete, 4354 4259 .get_survey = ath10k_get_survey, 4355 4260 .set_bitrate_mask = ath10k_set_bitrate_mask, 4356 - .channel_switch_beacon = ath10k_channel_switch_beacon, 4357 4261 .sta_rc_update = ath10k_sta_rc_update, 4358 4262 .get_tsf = ath10k_get_tsf, 4359 4263 #ifdef CONFIG_PM ··· 4699 4601 BIT(NL80211_IFTYPE_STATION) | 4700 4602 BIT(NL80211_IFTYPE_ADHOC) | 4701 4603 BIT(NL80211_IFTYPE_AP); 4604 + 4605 + if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) { 4606 + /* TODO: Have to deal with 2x2 chips if/when the come out. */ 4607 + ar->supp_tx_chainmask = TARGET_10X_TX_CHAIN_MASK; 4608 + ar->supp_rx_chainmask = TARGET_10X_RX_CHAIN_MASK; 4609 + } else { 4610 + ar->supp_tx_chainmask = TARGET_TX_CHAIN_MASK; 4611 + ar->supp_rx_chainmask = TARGET_RX_CHAIN_MASK; 4612 + } 4613 + 4614 + ar->hw->wiphy->available_antennas_rx = ar->supp_rx_chainmask; 4615 + ar->hw->wiphy->available_antennas_tx = ar->supp_tx_chainmask; 4702 4616 4703 4617 if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->fw_features)) 4704 4618 ar->hw->wiphy->interface_modes |=

+73 -30

drivers/net/wireless/ath/ath10k/pci.c

··· 59 59 60 60 /* how long wait to wait for target to initialise, in ms */ 61 61 #define ATH10K_PCI_TARGET_WAIT 3000 62 + #define ATH10K_PCI_NUM_WARM_RESET_ATTEMPTS 3 62 63 63 64 #define QCA988X_2_0_DEVICE_ID (0x003c) 64 65 ··· 762 761 struct ath10k_pci_pipe *pci_pipe = &ar_pci->pipe_info[pipe_id]; 763 762 struct ath10k_ce_pipe *ce_pipe = pci_pipe->ce_hdl; 764 763 struct ath10k_ce_ring *src_ring = ce_pipe->src_ring; 765 - unsigned int nentries_mask = src_ring->nentries_mask; 766 - unsigned int sw_index = src_ring->sw_index; 767 - unsigned int write_index = src_ring->write_index; 768 - int err, i; 764 + unsigned int nentries_mask; 765 + unsigned int sw_index; 766 + unsigned int write_index; 767 + int err, i = 0; 769 768 770 769 spin_lock_bh(&ar_pci->ce_lock); 770 + 771 + nentries_mask = src_ring->nentries_mask; 772 + sw_index = src_ring->sw_index; 773 + write_index = src_ring->write_index; 771 774 772 775 if (unlikely(CE_RING_DELTA(nentries_mask, 773 776 write_index, sw_index - 1) < n_items)) { 774 777 err = -ENOBUFS; 775 - goto unlock; 778 + goto err; 776 779 } 777 780 778 781 for (i = 0; i < n_items - 1; i++) { ··· 793 788 items[i].transfer_id, 794 789 CE_SEND_FLAG_GATHER); 795 790 if (err) 796 - goto unlock; 791 + goto err; 797 792 } 798 793 799 794 /* `i` is equal to `n_items -1` after for() */ ··· 811 806 items[i].transfer_id, 812 807 0); 813 808 if (err) 814 - goto unlock; 809 + goto err; 815 810 816 - err = 0; 817 - unlock: 811 + spin_unlock_bh(&ar_pci->ce_lock); 812 + return 0; 813 + 814 + err: 815 + for (; i > 0; i--) 816 + __ath10k_ce_send_revert(ce_pipe); 817 + 818 818 spin_unlock_bh(&ar_pci->ce_lock); 819 819 return err; 820 820 } ··· 1280 1270 int ret; 1281 1271 1282 1272 ath10k_dbg(ATH10K_DBG_BOOT, "boot hif stop\n"); 1273 + 1274 + if (WARN_ON(!ar_pci->started)) 1275 + return; 1283 1276 1284 1277 ret = ath10k_ce_disable_interrupts(ar); 1285 1278 if (ret) ··· 1815 1802 ath10k_pci_sleep(ar); 1816 1803 } 1817 1804 1805 + /* this function effectively clears target memory controller assert line */ 1806 + static void ath10k_pci_warm_reset_si0(struct ath10k *ar) 1807 + { 1808 + u32 val; 1809 + 1810 + val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS); 1811 + ath10k_pci_soc_write32(ar, SOC_RESET_CONTROL_ADDRESS, 1812 + val | SOC_RESET_CONTROL_SI0_RST_MASK); 1813 + val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS); 1814 + 1815 + msleep(10); 1816 + 1817 + val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS); 1818 + ath10k_pci_soc_write32(ar, SOC_RESET_CONTROL_ADDRESS, 1819 + val & ~SOC_RESET_CONTROL_SI0_RST_MASK); 1820 + val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS); 1821 + 1822 + msleep(10); 1823 + } 1824 + 1818 1825 static int ath10k_pci_warm_reset(struct ath10k *ar) 1819 1826 { 1820 1827 int ret = 0; ··· 1892 1859 val = ath10k_pci_read32(ar, RTC_SOC_BASE_ADDRESS + 1893 1860 SOC_RESET_CONTROL_ADDRESS); 1894 1861 msleep(10); 1862 + 1863 + ath10k_pci_warm_reset_si0(ar); 1895 1864 1896 1865 /* debug */ 1897 1866 val = ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS + ··· 2023 1988 return ret; 2024 1989 } 2025 1990 1991 + static int ath10k_pci_hif_power_up_warm(struct ath10k *ar) 1992 + { 1993 + int i, ret; 1994 + 1995 + /* 1996 + * Sometime warm reset succeeds after retries. 1997 + * 1998 + * FIXME: It might be possible to tune ath10k_pci_warm_reset() to work 1999 + * at first try. 2000 + */ 2001 + for (i = 0; i < ATH10K_PCI_NUM_WARM_RESET_ATTEMPTS; i++) { 2002 + ret = __ath10k_pci_hif_power_up(ar, false); 2003 + if (ret == 0) 2004 + break; 2005 + 2006 + ath10k_warn("failed to warm reset (attempt %d out of %d): %d\n", 2007 + i + 1, ATH10K_PCI_NUM_WARM_RESET_ATTEMPTS, ret); 2008 + } 2009 + 2010 + return ret; 2011 + } 2012 + 2026 2013 static int ath10k_pci_hif_power_up(struct ath10k *ar) 2027 2014 { 2028 2015 int ret; ··· 2056 1999 * preferred (and safer) way to perform a device reset is through a 2057 2000 * warm reset. 2058 2001 * 2059 - * Warm reset doesn't always work though (notably after a firmware 2060 - * crash) so fall back to cold reset if necessary. 2002 + * Warm reset doesn't always work though so fall back to cold reset may 2003 + * be necessary. 2061 2004 */ 2062 - ret = __ath10k_pci_hif_power_up(ar, false); 2005 + ret = ath10k_pci_hif_power_up_warm(ar); 2063 2006 if (ret) { 2064 2007 ath10k_warn("failed to power up target using warm reset: %d\n", 2065 2008 ret); ··· 2253 2196 if (fw_ind & FW_IND_EVENT_PENDING) { 2254 2197 ath10k_pci_write32(ar, FW_INDICATOR_ADDRESS, 2255 2198 fw_ind & ~FW_IND_EVENT_PENDING); 2256 - 2257 - /* Some structures are unavailable during early boot or at 2258 - * driver teardown so just print that the device has crashed. */ 2259 - ath10k_warn("device crashed - no diagnostics available\n"); 2199 + ath10k_pci_hif_dump_area(ar); 2260 2200 } 2261 2201 2262 2202 ath10k_pci_sleep(ar); ··· 2530 2476 2531 2477 if (val & FW_IND_EVENT_PENDING) { 2532 2478 ath10k_warn("device has crashed during init\n"); 2479 + ath10k_pci_write32(ar, FW_INDICATOR_ADDRESS, 2480 + val & ~FW_IND_EVENT_PENDING); 2481 + ath10k_pci_hif_dump_area(ar); 2533 2482 ret = -ECOMM; 2534 2483 goto out; 2535 2484 } ··· 2659 2602 2660 2603 pci_set_drvdata(pdev, ar); 2661 2604 2662 - /* 2663 - * Without any knowledge of the Host, the Target may have been reset or 2664 - * power cycled and its Config Space may no longer reflect the PCI 2665 - * address space that was assigned earlier by the PCI infrastructure. 2666 - * Refresh it now. 2667 - */ 2668 - ret = pci_assign_resource(pdev, BAR_NUM); 2669 - if (ret) { 2670 - ath10k_err("failed to assign PCI space: %d\n", ret); 2671 - goto err_ar; 2672 - } 2673 - 2674 2605 ret = pci_enable_device(pdev); 2675 2606 if (ret) { 2676 2607 ath10k_err("failed to enable PCI device: %d\n", ret); ··· 2769 2724 2770 2725 if (!ar_pci) 2771 2726 return; 2772 - 2773 - tasklet_kill(&ar_pci->msi_fw_err); 2774 2727 2775 2728 ath10k_core_unregister(ar); 2776 2729 ath10k_pci_free_ce(ar);

+21 -5

drivers/net/wireless/ath/ath10k/wmi.c

··· 639 639 struct sk_buff *wmi_skb; 640 640 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 641 641 int len; 642 + u32 buf_len = skb->len; 642 643 u16 fc; 643 644 644 645 hdr = (struct ieee80211_hdr *)skb->data; ··· 649 648 return -EINVAL; 650 649 651 650 len = sizeof(cmd->hdr) + skb->len; 651 + 652 + if ((ieee80211_is_action(hdr->frame_control) || 653 + ieee80211_is_deauth(hdr->frame_control) || 654 + ieee80211_is_disassoc(hdr->frame_control)) && 655 + ieee80211_has_protected(hdr->frame_control)) { 656 + len += IEEE80211_CCMP_MIC_LEN; 657 + buf_len += IEEE80211_CCMP_MIC_LEN; 658 + } 659 + 652 660 len = round_up(len, 4); 653 661 654 662 wmi_skb = ath10k_wmi_alloc_skb(len); ··· 669 659 cmd->hdr.vdev_id = __cpu_to_le32(ATH10K_SKB_CB(skb)->vdev_id); 670 660 cmd->hdr.tx_rate = 0; 671 661 cmd->hdr.tx_power = 0; 672 - cmd->hdr.buf_len = __cpu_to_le32((u32)(skb->len)); 662 + cmd->hdr.buf_len = __cpu_to_le32(buf_len); 673 663 674 664 memcpy(cmd->hdr.peer_macaddr.addr, ieee80211_get_DA(hdr), ETH_ALEN); 675 665 memcpy(cmd->buf, skb->data, skb->len); ··· 967 957 * frames with Protected Bit set. */ 968 958 if (ieee80211_has_protected(hdr->frame_control) && 969 959 !ieee80211_is_auth(hdr->frame_control)) { 970 - status->flag |= RX_FLAG_DECRYPTED | RX_FLAG_IV_STRIPPED | 971 - RX_FLAG_MMIC_STRIPPED; 972 - hdr->frame_control = __cpu_to_le16(fc & 960 + status->flag |= RX_FLAG_DECRYPTED; 961 + 962 + if (!ieee80211_is_action(hdr->frame_control) && 963 + !ieee80211_is_deauth(hdr->frame_control) && 964 + !ieee80211_is_disassoc(hdr->frame_control)) { 965 + status->flag |= RX_FLAG_IV_STRIPPED | 966 + RX_FLAG_MMIC_STRIPPED; 967 + hdr->frame_control = __cpu_to_le16(fc & 973 968 ~IEEE80211_FCTL_PROTECTED); 969 + } 974 970 } 975 971 976 972 ath10k_dbg(ATH10K_DBG_MGMT, ··· 2375 2359 ar->wmi.num_mem_chunks = 0; 2376 2360 } 2377 2361 2378 - int ath10k_wmi_connect_htc_service(struct ath10k *ar) 2362 + int ath10k_wmi_connect(struct ath10k *ar) 2379 2363 { 2380 2364 int status; 2381 2365 struct ath10k_htc_svc_conn_req conn_req;

+3 -3

drivers/net/wireless/ath/ath10k/wmi.h

··· 2323 2323 #define WMI_PDEV_PARAM_UNSUPPORTED 0 2324 2324 2325 2325 enum wmi_pdev_param { 2326 - /* TX chian mask */ 2326 + /* TX chain mask */ 2327 2327 WMI_PDEV_PARAM_TX_CHAIN_MASK = 0x1, 2328 - /* RX chian mask */ 2328 + /* RX chain mask */ 2329 2329 WMI_PDEV_PARAM_RX_CHAIN_MASK, 2330 2330 /* TX power limit for 2G Radio */ 2331 2331 WMI_PDEV_PARAM_TXPOWER_LIMIT2G, ··· 4259 4259 int ath10k_wmi_wait_for_service_ready(struct ath10k *ar); 4260 4260 int ath10k_wmi_wait_for_unified_ready(struct ath10k *ar); 4261 4261 4262 - int ath10k_wmi_connect_htc_service(struct ath10k *ar); 4262 + int ath10k_wmi_connect(struct ath10k *ar); 4263 4263 int ath10k_wmi_pdev_set_channel(struct ath10k *ar, 4264 4264 const struct wmi_channel_arg *); 4265 4265 int ath10k_wmi_pdev_suspend_target(struct ath10k *ar, u32 suspend_opt);

+1

drivers/net/wireless/ath/ath9k/ath9k.h

··· 770 770 struct ath_ant_comb ant_comb; 771 771 u8 ant_tx, ant_rx; 772 772 struct dfs_pattern_detector *dfs_detector; 773 + u64 dfs_prev_pulse_ts; 773 774 u32 wow_enabled; 774 775 /* relay(fs) channel for spectral scan */ 775 776 struct rchan *rfs_chan_spec_scan;

+2 -4

drivers/net/wireless/ath/ath9k/dfs.c

··· 178 178 pe.ts = mactime; 179 179 if (ath9k_postprocess_radar_event(sc, &ard, &pe)) { 180 180 struct dfs_pattern_detector *pd = sc->dfs_detector; 181 - #ifdef CONFIG_ATH9K_DEBUGFS 182 181 ath_dbg(common, DFS, 183 182 "ath9k_dfs_process_phyerr: channel=%d, ts=%llu, " 184 183 "width=%d, rssi=%d, delta_ts=%llu\n", 185 184 pe.freq, pe.ts, pe.width, pe.rssi, 186 - pe.ts - sc->debug.stats.dfs_stats.last_ts); 187 - sc->debug.stats.dfs_stats.last_ts = pe.ts; 188 - #endif 185 + pe.ts - sc->dfs_prev_pulse_ts); 186 + sc->dfs_prev_pulse_ts = pe.ts; 189 187 DFS_STAT_INC(sc, pulses_processed); 190 188 if (pd != NULL && pd->add_pulse(pd, &pe)) { 191 189 DFS_STAT_INC(sc, radar_detected);

-1

drivers/net/wireless/ath/ath9k/dfs_debug.h

··· 51 51 /* pattern detection stats */ 52 52 u32 pulses_processed; 53 53 u32 radar_detected; 54 - u64 last_ts; 55 54 }; 56 55 57 56 #if defined(CONFIG_ATH9K_DFS_DEBUGFS)

+21 -4

drivers/net/wireless/ath/ath9k/init.c

··· 61 61 module_param_named(ps_enable, ath9k_ps_enable, int, 0444); 62 62 MODULE_PARM_DESC(ps_enable, "Enable WLAN PowerSave"); 63 63 64 + static int ath9k_use_chanctx; 65 + module_param_named(use_chanctx, ath9k_use_chanctx, int, 0444); 66 + MODULE_PARM_DESC(use_chanctx, "Enable channel context for concurrency"); 67 + 64 68 bool is_ath9k_unloaded; 65 69 66 70 #ifdef CONFIG_MAC80211_LEDS ··· 650 646 } 651 647 652 648 static const struct ieee80211_iface_limit if_limits[] = { 653 - { .max = 2048, .types = BIT(NL80211_IFTYPE_STATION) | 654 - BIT(NL80211_IFTYPE_WDS) }, 649 + { .max = 2048, .types = BIT(NL80211_IFTYPE_STATION) }, 655 650 { .max = 8, .types = 656 651 #ifdef CONFIG_MAC80211_MESH 657 652 BIT(NL80211_IFTYPE_MESH_POINT) | ··· 658 655 BIT(NL80211_IFTYPE_AP) }, 659 656 { .max = 1, .types = BIT(NL80211_IFTYPE_P2P_CLIENT) | 660 657 BIT(NL80211_IFTYPE_P2P_GO) }, 658 + }; 659 + 660 + static const struct ieee80211_iface_limit wds_limits[] = { 661 + { .max = 2048, .types = BIT(NL80211_IFTYPE_WDS) }, 661 662 }; 662 663 663 664 static const struct ieee80211_iface_limit if_dfs_limits[] = { ··· 676 669 { 677 670 .limits = if_limits, 678 671 .n_limits = ARRAY_SIZE(if_limits), 672 + .max_interfaces = 2048, 673 + .num_different_channels = 1, 674 + .beacon_int_infra_match = true, 675 + }, 676 + { 677 + .limits = wds_limits, 678 + .n_limits = ARRAY_SIZE(wds_limits), 679 679 .max_interfaces = 2048, 680 680 .num_different_channels = 1, 681 681 .beacon_int_infra_match = true, ··· 736 722 BIT(NL80211_IFTYPE_P2P_GO) | 737 723 BIT(NL80211_IFTYPE_P2P_CLIENT) | 738 724 BIT(NL80211_IFTYPE_AP) | 739 - BIT(NL80211_IFTYPE_WDS) | 740 725 BIT(NL80211_IFTYPE_STATION) | 741 726 BIT(NL80211_IFTYPE_ADHOC) | 742 727 BIT(NL80211_IFTYPE_MESH_POINT); 743 728 hw->wiphy->iface_combinations = if_comb; 744 - hw->wiphy->n_iface_combinations = ARRAY_SIZE(if_comb); 729 + if (!ath9k_use_chanctx) { 730 + hw->wiphy->n_iface_combinations = ARRAY_SIZE(if_comb); 731 + hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_WDS); 732 + } else 733 + hw->wiphy->n_iface_combinations = 1; 745 734 } 746 735 747 736 hw->wiphy->flags &= ~WIPHY_FLAG_PS_ON_BY_DEFAULT;

+8 -19

drivers/net/wireless/ath/ath9k/main.c

··· 1757 1757 void ath9k_update_p2p_ps(struct ath_softc *sc, struct ieee80211_vif *vif) 1758 1758 { 1759 1759 struct ath_vif *avp = (void *)vif->drv_priv; 1760 - unsigned long flags; 1761 1760 u32 tsf; 1762 1761 1763 1762 if (!sc->p2p_ps_timer) ··· 1766 1767 return; 1767 1768 1768 1769 sc->p2p_ps_vif = avp; 1769 - 1770 - spin_lock_irqsave(&sc->sc_pm_lock, flags); 1771 - if (!(sc->ps_flags & PS_BEACON_SYNC)) { 1772 - tsf = ath9k_hw_gettsf32(sc->sc_ah); 1773 - ieee80211_parse_p2p_noa(&vif->bss_conf.p2p_noa_attr, &avp->noa, tsf); 1774 - ath9k_update_p2p_ps_timer(sc, avp); 1775 - } 1776 - spin_unlock_irqrestore(&sc->sc_pm_lock, flags); 1770 + tsf = ath9k_hw_gettsf32(sc->sc_ah); 1771 + ieee80211_parse_p2p_noa(&vif->bss_conf.p2p_noa_attr, &avp->noa, tsf); 1772 + ath9k_update_p2p_ps_timer(sc, avp); 1777 1773 } 1778 1774 1779 1775 static void ath9k_bss_info_changed(struct ieee80211_hw *hw, ··· 1785 1791 struct ath_hw *ah = sc->sc_ah; 1786 1792 struct ath_common *common = ath9k_hw_common(ah); 1787 1793 struct ath_vif *avp = (void *)vif->drv_priv; 1794 + unsigned long flags; 1788 1795 int slottime; 1789 1796 1790 1797 ath9k_ps_wakeup(sc); ··· 1848 1853 1849 1854 if (changed & BSS_CHANGED_P2P_PS) { 1850 1855 spin_lock_bh(&sc->sc_pcu_lock); 1851 - ath9k_update_p2p_ps(sc, vif); 1856 + spin_lock_irqsave(&sc->sc_pm_lock, flags); 1857 + if (!(sc->ps_flags & PS_BEACON_SYNC)) 1858 + ath9k_update_p2p_ps(sc, vif); 1859 + spin_unlock_irqrestore(&sc->sc_pm_lock, flags); 1852 1860 spin_unlock_bh(&sc->sc_pcu_lock); 1853 1861 } 1854 1862 ··· 2230 2232 clear_bit(ATH_OP_SCANNING, &common->op_flags); 2231 2233 } 2232 2234 2233 - static void ath9k_channel_switch_beacon(struct ieee80211_hw *hw, 2234 - struct ieee80211_vif *vif, 2235 - struct cfg80211_chan_def *chandef) 2236 - { 2237 - /* depend on vif->csa_active only */ 2238 - return; 2239 - } 2240 - 2241 2235 struct ieee80211_ops ath9k_ops = { 2242 2236 .tx = ath9k_tx, 2243 2237 .start = ath9k_start, ··· 2277 2287 #endif 2278 2288 .sw_scan_start = ath9k_sw_scan_start, 2279 2289 .sw_scan_complete = ath9k_sw_scan_complete, 2280 - .channel_switch_beacon = ath9k_channel_switch_beacon, 2281 2290 };

+13 -11

drivers/net/wireless/ath/ath9k/recv.c

··· 34 34 * buffer (or rx fifo). This can incorrectly acknowledge packets 35 35 * to a sender if last desc is self-linked. 36 36 */ 37 - static void ath_rx_buf_link(struct ath_softc *sc, struct ath_rxbuf *bf) 37 + static void ath_rx_buf_link(struct ath_softc *sc, struct ath_rxbuf *bf, 38 + bool flush) 38 39 { 39 40 struct ath_hw *ah = sc->sc_ah; 40 41 struct ath_common *common = ath9k_hw_common(ah); ··· 60 59 common->rx_bufsize, 61 60 0); 62 61 63 - if (sc->rx.rxlink == NULL) 64 - ath9k_hw_putrxbuf(ah, bf->bf_daddr); 65 - else 62 + if (sc->rx.rxlink) 66 63 *sc->rx.rxlink = bf->bf_daddr; 64 + else if (!flush) 65 + ath9k_hw_putrxbuf(ah, bf->bf_daddr); 67 66 68 67 sc->rx.rxlink = &ds->ds_link; 69 68 } 70 69 71 - static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_rxbuf *bf) 70 + static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_rxbuf *bf, 71 + bool flush) 72 72 { 73 73 if (sc->rx.buf_hold) 74 - ath_rx_buf_link(sc, sc->rx.buf_hold); 74 + ath_rx_buf_link(sc, sc->rx.buf_hold, flush); 75 75 76 76 sc->rx.buf_hold = bf; 77 77 } ··· 444 442 sc->rx.buf_hold = NULL; 445 443 sc->rx.rxlink = NULL; 446 444 list_for_each_entry_safe(bf, tbf, &sc->rx.rxbuf, list) { 447 - ath_rx_buf_link(sc, bf); 445 + ath_rx_buf_link(sc, bf, false); 448 446 } 449 447 450 448 /* We could have deleted elements so the list may be empty now */ ··· 1120 1118 requeue: 1121 1119 list_add_tail(&bf->list, &sc->rx.rxbuf); 1122 1120 1123 - if (edma) { 1124 - ath_rx_edma_buf_link(sc, qtype); 1125 - } else { 1126 - ath_rx_buf_relink(sc, bf); 1121 + if (!edma) { 1122 + ath_rx_buf_relink(sc, bf, flush); 1127 1123 if (!flush) 1128 1124 ath9k_hw_rxena(ah); 1125 + } else if (!flush) { 1126 + ath_rx_edma_buf_link(sc, qtype); 1129 1127 } 1130 1128 1131 1129 if (!budget--)

+1 -2

drivers/net/wireless/ath/wcn36xx/smd.c

··· 2068 2068 if (!msg_ind) 2069 2069 goto nomem; 2070 2070 msg_ind->msg_len = len; 2071 - msg_ind->msg = kmalloc(len, GFP_KERNEL); 2071 + msg_ind->msg = kmemdup(buf, len, GFP_KERNEL); 2072 2072 if (!msg_ind->msg) { 2073 2073 kfree(msg_ind); 2074 2074 nomem: ··· 2080 2080 msg_header->msg_type); 2081 2081 break; 2082 2082 } 2083 - memcpy(msg_ind->msg, buf, len); 2084 2083 mutex_lock(&wcn->hal_ind_mutex); 2085 2084 list_add_tail(&msg_ind->list, &wcn->hal_ind_queue); 2086 2085 queue_work(wcn->hal_ind_wq, &wcn->hal_ind_work);

+1

drivers/net/wireless/ath/wil6210/cfg80211.c

··· 288 288 } 289 289 290 290 wil->scan_request = request; 291 + mod_timer(&wil->scan_timer, jiffies + WIL6210_SCAN_TO); 291 292 292 293 memset(&cmd, 0, sizeof(cmd)); 293 294 cmd.cmd.num_channels = 0;

+2 -2

drivers/net/wireless/ath/wil6210/debugfs.c

··· 35 35 void __iomem *x = wmi_addr(wil, vring->hwtail); 36 36 37 37 seq_printf(s, "VRING %s = {\n", name); 38 - seq_printf(s, " pa = 0x%016llx\n", (unsigned long long)vring->pa); 38 + seq_printf(s, " pa = %pad\n", &vring->pa); 39 39 seq_printf(s, " va = 0x%p\n", vring->va); 40 40 seq_printf(s, " size = %d\n", vring->size); 41 41 seq_printf(s, " swtail = %d\n", vring->swtail); ··· 473 473 u[0], u[1], u[2], u[3]); 474 474 seq_printf(s, " DMA = 0x%08x 0x%08x 0x%08x 0x%08x\n", 475 475 u[4], u[5], u[6], u[7]); 476 - seq_printf(s, " SKB = %p\n", skb); 476 + seq_printf(s, " SKB = 0x%p\n", skb); 477 477 478 478 if (skb) { 479 479 skb_get(skb);

+34 -1

drivers/net/wireless/ath/wil6210/main.c

··· 150 150 schedule_work(&wil->disconnect_worker); 151 151 } 152 152 153 + static void wil_scan_timer_fn(ulong x) 154 + { 155 + struct wil6210_priv *wil = (void *)x; 156 + 157 + clear_bit(wil_status_fwready, &wil->status); 158 + wil_err(wil, "Scan timeout detected, start fw error recovery\n"); 159 + schedule_work(&wil->fw_error_worker); 160 + } 161 + 153 162 static void wil_fw_error_worker(struct work_struct *work) 154 163 { 155 164 struct wil6210_priv *wil = container_of(work, ··· 170 161 if (no_fw_recovery) 171 162 return; 172 163 164 + /* increment @recovery_count if less then WIL6210_FW_RECOVERY_TO 165 + * passed since last recovery attempt 166 + */ 167 + if (time_is_after_jiffies(wil->last_fw_recovery + 168 + WIL6210_FW_RECOVERY_TO)) 169 + wil->recovery_count++; 170 + else 171 + wil->recovery_count = 1; /* fw was alive for a long time */ 172 + 173 + if (wil->recovery_count > WIL6210_FW_RECOVERY_RETRIES) { 174 + wil_err(wil, "too many recovery attempts (%d), giving up\n", 175 + wil->recovery_count); 176 + return; 177 + } 178 + 179 + wil->last_fw_recovery = jiffies; 180 + 173 181 mutex_lock(&wil->mutex); 174 182 switch (wdev->iftype) { 175 183 case NL80211_IFTYPE_STATION: 176 184 case NL80211_IFTYPE_P2P_CLIENT: 177 185 case NL80211_IFTYPE_MONITOR: 178 - wil_info(wil, "fw error recovery started...\n"); 186 + wil_info(wil, "fw error recovery started (try %d)...\n", 187 + wil->recovery_count); 179 188 wil_reset(wil); 180 189 181 190 /* need to re-allocate Rx ring after reset */ ··· 257 230 258 231 wil->pending_connect_cid = -1; 259 232 setup_timer(&wil->connect_timer, wil_connect_timer_fn, (ulong)wil); 233 + setup_timer(&wil->scan_timer, wil_scan_timer_fn, (ulong)wil); 260 234 261 235 INIT_WORK(&wil->connect_worker, wil_connect_worker); 262 236 INIT_WORK(&wil->disconnect_worker, wil_disconnect_worker); ··· 277 249 return -EAGAIN; 278 250 } 279 251 252 + wil->last_fw_recovery = jiffies; 253 + 280 254 return 0; 281 255 } 282 256 ··· 290 260 291 261 void wil_priv_deinit(struct wil6210_priv *wil) 292 262 { 263 + del_timer_sync(&wil->scan_timer); 293 264 cancel_work_sync(&wil->disconnect_worker); 294 265 cancel_work_sync(&wil->fw_error_worker); 295 266 mutex_lock(&wil->mutex); ··· 422 391 if (wil->scan_request) { 423 392 wil_dbg_misc(wil, "Abort scan_request 0x%p\n", 424 393 wil->scan_request); 394 + del_timer_sync(&wil->scan_timer); 425 395 cfg80211_scan_done(wil->scan_request, true); 426 396 wil->scan_request = NULL; 427 397 } ··· 552 520 napi_disable(&wil->napi_tx); 553 521 554 522 if (wil->scan_request) { 523 + del_timer_sync(&wil->scan_timer); 555 524 cfg80211_scan_done(wil->scan_request, true); 556 525 wil->scan_request = NULL; 557 526 }

+14

drivers/net/wireless/ath/wil6210/netdev.c

··· 32 32 return wil_down(wil); 33 33 } 34 34 35 + static int wil_change_mtu(struct net_device *ndev, int new_mtu) 36 + { 37 + struct wil6210_priv *wil = ndev_to_wil(ndev); 38 + 39 + if (new_mtu < 68 || new_mtu > IEEE80211_MAX_DATA_LEN_DMG) 40 + return -EINVAL; 41 + 42 + wil_dbg_misc(wil, "change MTU %d -> %d\n", ndev->mtu, new_mtu); 43 + ndev->mtu = new_mtu; 44 + 45 + return 0; 46 + } 47 + 35 48 static const struct net_device_ops wil_netdev_ops = { 36 49 .ndo_open = wil_open, 37 50 .ndo_stop = wil_stop, 38 51 .ndo_start_xmit = wil_start_xmit, 39 52 .ndo_set_mac_address = eth_mac_addr, 40 53 .ndo_validate_addr = eth_validate_addr, 54 + .ndo_change_mtu = wil_change_mtu, 41 55 }; 42 56 43 57 static int wil6210_netdev_poll_rx(struct napi_struct *napi, int budget)

+1 -1

drivers/net/wireless/ath/wil6210/pcie_bus.c

··· 138 138 goto err_release_reg; 139 139 } 140 140 /* rollback to err_iounmap */ 141 - dev_info(&pdev->dev, "CSR at %pR -> %p\n", &pdev->resource[0], csr); 141 + dev_info(&pdev->dev, "CSR at %pR -> 0x%p\n", &pdev->resource[0], csr); 142 142 143 143 wil = wil_if_alloc(dev, csr); 144 144 if (IS_ERR(wil)) {

+8 -1

drivers/net/wireless/ath/wil6210/rx_reorder.c

··· 49 49 { 50 50 int index; 51 51 52 - while (seq_less(r->head_seq_num, hseq)) { 52 + /* note: this function is never called with 53 + * hseq preceding r->head_seq_num, i.e it is always true 54 + * !seq_less(hseq, r->head_seq_num) 55 + * and thus on loop exit it should be 56 + * r->head_seq_num == hseq 57 + */ 58 + while (seq_less(r->head_seq_num, hseq) && r->stored_mpdu_num) { 53 59 index = reorder_index(r, r->head_seq_num); 54 60 wil_release_reorder_frame(wil, r, index); 55 61 } 62 + r->head_seq_num = hseq; 56 63 } 57 64 58 65 static void wil_reorder_release(struct wil6210_priv *wil,

+22 -6

drivers/net/wireless/ath/wil6210/txrx.c

··· 64 64 return vring->size - used - 1; 65 65 } 66 66 67 + /** 68 + * wil_vring_wmark_low - low watermark for available descriptor space 69 + */ 70 + static inline int wil_vring_wmark_low(struct vring *vring) 71 + { 72 + return vring->size/8; 73 + } 74 + 75 + /** 76 + * wil_vring_wmark_high - high watermark for available descriptor space 77 + */ 78 + static inline int wil_vring_wmark_high(struct vring *vring) 79 + { 80 + return vring->size/4; 81 + } 82 + 67 83 static int wil_vring_alloc(struct wil6210_priv *wil, struct vring *vring) 68 84 { 69 85 struct device *dev = wil_to_dev(wil); ··· 114 98 _d->dma.status = TX_DMA_STATUS_DU; 115 99 } 116 100 117 - wil_dbg_misc(wil, "vring[%d] 0x%p:0x%016llx 0x%p\n", vring->size, 118 - vring->va, (unsigned long long)vring->pa, vring->ctx); 101 + wil_dbg_misc(wil, "vring[%d] 0x%p:%pad 0x%p\n", vring->size, 102 + vring->va, &vring->pa, vring->ctx); 119 103 120 104 return 0; 121 105 } ··· 896 880 pa = dma_map_single(dev, skb->data, 897 881 skb_headlen(skb), DMA_TO_DEVICE); 898 882 899 - wil_dbg_txrx(wil, "Tx skb %d bytes %p -> %#08llx\n", skb_headlen(skb), 900 - skb->data, (unsigned long long)pa); 883 + wil_dbg_txrx(wil, "Tx skb %d bytes 0x%p -> %pad\n", skb_headlen(skb), 884 + skb->data, &pa); 901 885 wil_hex_dump_txrx("Tx ", DUMP_PREFIX_OFFSET, 16, 1, 902 886 skb->data, skb_headlen(skb), false); 903 887 ··· 1023 1007 rc = wil_tx_vring(wil, vring, skb); 1024 1008 1025 1009 /* do we still have enough room in the vring? */ 1026 - if (wil_vring_avail_tx(vring) < vring->size/8) 1010 + if (wil_vring_avail_tx(vring) < wil_vring_wmark_low(vring)) 1027 1011 netif_tx_stop_all_queues(wil_to_ndev(wil)); 1028 1012 1029 1013 switch (rc) { ··· 1132 1116 done++; 1133 1117 } 1134 1118 } 1135 - if (wil_vring_avail_tx(vring) > vring->size/4) 1119 + if (wil_vring_avail_tx(vring) > wil_vring_wmark_high(vring)) 1136 1120 netif_tx_wake_all_queues(wil_to_ndev(wil)); 1137 1121 1138 1122 return done;

+6

drivers/net/wireless/ath/wil6210/wil6210.h

··· 40 40 #define WIL6210_MAX_CID (8) /* HW limit */ 41 41 #define WIL6210_NAPI_BUDGET (16) /* arbitrary */ 42 42 #define WIL6210_ITR_TRSH (10000) /* arbitrary - about 15 IRQs/msec */ 43 + #define WIL6210_FW_RECOVERY_RETRIES (5) /* try to recover this many times */ 44 + #define WIL6210_FW_RECOVERY_TO msecs_to_jiffies(5000) 45 + #define WIL6210_SCAN_TO msecs_to_jiffies(10000) 43 46 44 47 /* Hardware definitions begin */ 45 48 ··· 364 361 u32 fw_version; 365 362 u32 hw_version; 366 363 u8 n_mids; /* number of additional MIDs as reported by FW */ 364 + int recovery_count; /* num of FW recovery attempts in a short time */ 365 + unsigned long last_fw_recovery; /* jiffies of last fw recovery */ 367 366 /* profile */ 368 367 u32 monitor_flags; 369 368 u32 secure_pcp; /* create secure PCP? */ ··· 387 382 struct work_struct disconnect_worker; 388 383 struct work_struct fw_error_worker; /* for FW error recovery */ 389 384 struct timer_list connect_timer; 385 + struct timer_list scan_timer; /* detect scan timeout */ 390 386 int pending_connect_cid; 391 387 struct list_head pending_wmi_ev; 392 388 /*

+18 -7

drivers/net/wireless/ath/wil6210/wmi.c

··· 351 351 bool aborted = (data->status != WMI_SCAN_SUCCESS); 352 352 353 353 wil_dbg_wmi(wil, "SCAN_COMPLETE(0x%08x)\n", data->status); 354 + del_timer_sync(&wil->scan_timer); 354 355 cfg80211_scan_done(wil->scan_request, aborted); 355 356 wil->scan_request = NULL; 356 357 } else { ··· 659 658 u8 *cmd; 660 659 void __iomem *src; 661 660 ulong flags; 661 + unsigned n; 662 662 663 663 if (!test_bit(wil_status_reset_done, &wil->status)) { 664 664 wil_err(wil, "Reset not completed\n"); 665 665 return; 666 666 } 667 667 668 - for (;;) { 668 + for (n = 0;; n++) { 669 669 u16 len; 670 670 671 671 r->head = ioread32(wil->csr + HOST_MBOX + 672 672 offsetof(struct wil6210_mbox_ctl, rx.head)); 673 - if (r->tail == r->head) 673 + if (r->tail == r->head) { 674 + if (n == 0) 675 + wil_dbg_wmi(wil, "No events?\n"); 674 676 return; 677 + } 675 678 676 - /* read cmd from tail */ 679 + wil_dbg_wmi(wil, "Mbox head %08x tail %08x\n", 680 + r->head, r->tail); 681 + /* read cmd descriptor from tail */ 677 682 wil_memcpy_fromio_32(&d_tail, wil->csr + HOSTADDR(r->tail), 678 683 sizeof(struct wil6210_mbox_ring_desc)); 679 684 if (d_tail.sync == 0) { ··· 687 680 return; 688 681 } 689 682 683 + /* read cmd header from descriptor */ 690 684 if (0 != wmi_read_hdr(wil, d_tail.addr, &hdr)) { 691 685 wil_err(wil, "Mbox evt at 0x%08x?\n", 692 686 le32_to_cpu(d_tail.addr)); 693 687 return; 694 688 } 695 - 696 689 len = le16_to_cpu(hdr.len); 690 + wil_dbg_wmi(wil, "Mbox evt %04x %04x %04x %02x\n", 691 + le16_to_cpu(hdr.seq), len, le16_to_cpu(hdr.type), 692 + hdr.flags); 693 + 694 + /* read cmd buffer from descriptor */ 697 695 src = wmi_buffer(wil, d_tail.addr) + 698 696 sizeof(struct wil6210_mbox_hdr); 699 697 evt = kmalloc(ALIGN(offsetof(struct pending_wmi_event, ··· 714 702 iowrite32(0, wil->csr + HOSTADDR(r->tail) + 715 703 offsetof(struct wil6210_mbox_ring_desc, sync)); 716 704 /* indicate */ 717 - wil_dbg_wmi(wil, "Mbox evt %04x %04x %04x %02x\n", 718 - le16_to_cpu(hdr.seq), len, le16_to_cpu(hdr.type), 719 - hdr.flags); 720 705 if ((hdr.type == WIL_MBOX_HDR_TYPE_WMI) && 721 706 (len >= sizeof(struct wil6210_mbox_hdr_wmi))) { 722 707 struct wil6210_mbox_hdr_wmi *wmi = &evt->event.wmi; ··· 743 734 wil_dbg_wmi(wil, "queue_work -> %d\n", q); 744 735 } 745 736 } 737 + if (n > 1) 738 + wil_dbg_wmi(wil, "%s -> %d events processed\n", __func__, n); 746 739 } 747 740 748 741 int wmi_call(struct wil6210_priv *wil, u16 cmdid, void *buf, u16 len,

+6 -1

drivers/net/wireless/b43/main.c

··· 3742 3742 b43dbg(dev->wl, "Switching to %s GHz band\n", 3743 3743 band_to_string(chan->band)); 3744 3744 3745 - b43_software_rfkill(dev, true); 3745 + /* Some new devices don't need disabling radio for band switching */ 3746 + if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3)) 3747 + b43_software_rfkill(dev, true); 3746 3748 3747 3749 phy->gmode = gmode; 3748 3750 b43_phy_put_into_reset(dev); ··· 5166 5164 static int b43_wireless_core_attach(struct b43_wldev *dev) 5167 5165 { 5168 5166 struct b43_wl *wl = dev->wl; 5167 + struct b43_phy *phy = &dev->phy; 5169 5168 int err; 5170 5169 u32 tmp; 5171 5170 bool have_2ghz_phy = false, have_5ghz_phy = false; ··· 5183 5180 b43err(wl, "Bus powerup failed\n"); 5184 5181 goto out; 5185 5182 } 5183 + 5184 + phy->do_full_init = true; 5186 5185 5187 5186 /* Try to guess supported bands for the first init needs */ 5188 5187 switch (dev->dev->bus_type) {

+5

drivers/net/wireless/b43/phy_common.c

··· 98 98 99 99 phy->ops->switch_analog(dev, true); 100 100 b43_software_rfkill(dev, false); 101 + 101 102 err = ops->init(dev); 102 103 if (err) { 103 104 b43err(dev->wl, "PHY init failed\n"); 104 105 goto err_block_rf; 105 106 } 107 + phy->do_full_init = false; 108 + 106 109 /* Make sure to switch hardware and firmware (SHM) to 107 110 * the default channel. */ 108 111 err = b43_switch_channel(dev, ops->get_default_chan(dev)); ··· 117 114 return 0; 118 115 119 116 err_phy_exit: 117 + phy->do_full_init = true; 120 118 if (ops->exit) 121 119 ops->exit(dev); 122 120 err_block_rf: ··· 131 127 const struct b43_phy_operations *ops = dev->phy.ops; 132 128 133 129 b43_software_rfkill(dev, true); 130 + dev->phy.do_full_init = true; 134 131 if (ops->exit) 135 132 ops->exit(dev); 136 133 }

+3

drivers/net/wireless/b43/phy_common.h

··· 234 234 /* Is GMODE (2 GHz mode) bit enabled? */ 235 235 bool gmode; 236 236 237 + /* After power reset full init has to be performed */ 238 + bool do_full_init; 239 + 237 240 /* Analog Type */ 238 241 u8 analog; 239 242 /* B43_PHYTYPE_ */

+6 -11

drivers/net/wireless/b43/phy_n.c

··· 700 700 b43_radio_mask(dev, R2057_RFPLL_MISC_CAL_RESETN, ~0x78); 701 701 b43_radio_mask(dev, R2057_XTAL_CONFIG2, ~0x80); 702 702 703 - if (dev->phy.n->init_por) { 703 + if (dev->phy.do_full_init) { 704 704 b43_radio_2057_rcal(dev); 705 705 b43_radio_2057_rccal(dev); 706 706 } 707 707 b43_radio_mask(dev, R2057_RFPLL_MASTER, ~0x8); 708 - 709 - dev->phy.n->init_por = false; 710 708 } 711 709 712 710 /* http://bcm-v4.sipsolutions.net/802.11/Radio/2057/Init */ ··· 1026 1028 b43_radio_mask(dev, B2056_SYN_COM_RESET, ~0x2); 1027 1029 b43_radio_mask(dev, B2056_SYN_PLL_MAST2, ~0xFC); 1028 1030 b43_radio_mask(dev, B2056_SYN_RCCAL_CTRL0, ~0x1); 1029 - if (dev->phy.n->init_por) 1031 + if (dev->phy.do_full_init) 1030 1032 b43_radio_2056_rcal(dev); 1031 1033 } 1032 1034 ··· 1039 1041 b43_radio_init2056_pre(dev); 1040 1042 b2056_upload_inittabs(dev, 0, 0); 1041 1043 b43_radio_init2056_post(dev); 1042 - 1043 - dev->phy.n->init_por = false; 1044 1044 } 1045 1045 1046 1046 /************************************************** ··· 5557 5561 nphy->hang_avoid = (phy->rev == 3 || phy->rev == 4); 5558 5562 nphy->spur_avoid = (phy->rev >= 3) ? 5559 5563 B43_SPUR_AVOID_AUTO : B43_SPUR_AVOID_DISABLE; 5560 - nphy->init_por = true; 5561 5564 nphy->gain_boost = true; /* this way we follow wl, assume it is true */ 5562 5565 nphy->txrx_chain = 2; /* sth different than 0 and 1 for now */ 5563 5566 nphy->phyrxchain = 3; /* to avoid b43_nphy_set_rx_core_state like wl */ ··· 5597 5602 nphy->ipa2g_on = sprom->fem.ghz2.extpa_gain == 2; 5598 5603 nphy->ipa5g_on = sprom->fem.ghz5.extpa_gain == 2; 5599 5604 } 5600 - 5601 - nphy->init_por = true; 5602 5605 } 5603 5606 5604 5607 static void b43_nphy_op_free(struct b43_wldev *dev) ··· 5707 5714 } 5708 5715 } else { 5709 5716 if (dev->phy.rev >= 7) { 5710 - b43_radio_2057_init(dev); 5717 + if (!dev->phy.radio_on) 5718 + b43_radio_2057_init(dev); 5711 5719 b43_switch_channel(dev, dev->phy.channel); 5712 5720 } else if (dev->phy.rev >= 3) { 5713 - b43_radio_init2056(dev); 5721 + if (!dev->phy.radio_on) 5722 + b43_radio_init2056(dev); 5714 5723 b43_switch_channel(dev, dev->phy.channel); 5715 5724 } else { 5716 5725 b43_radio_init2055(dev);

-1

drivers/net/wireless/b43/phy_n.h

··· 931 931 u16 papd_epsilon_offset[2]; 932 932 s32 preamble_override; 933 933 u32 bb_mult_save; 934 - bool init_por; 935 934 936 935 bool gain_boost; 937 936 bool elna_gain_config;

+42 -38

drivers/net/wireless/b43/tables_nphy.c

··· 3042 3042 antswlut = sprom->fem.ghz2.antswlut; 3043 3043 3044 3044 /* Static tables */ 3045 - ntab_upload(dev, B43_NTAB_FRAMESTRUCT_R3, b43_ntab_framestruct_r3); 3046 - ntab_upload(dev, B43_NTAB_PILOT_R3, b43_ntab_pilot_r3); 3047 - ntab_upload(dev, B43_NTAB_TMAP_R3, b43_ntab_tmap_r3); 3048 - ntab_upload(dev, B43_NTAB_INTLEVEL_R3, b43_ntab_intlevel_r3); 3049 - ntab_upload(dev, B43_NTAB_TDTRN_R3, b43_ntab_tdtrn_r3); 3050 - ntab_upload(dev, B43_NTAB_NOISEVAR_R3, b43_ntab_noisevar_r3); 3051 - ntab_upload(dev, B43_NTAB_MCS_R3, b43_ntab_mcs_r3); 3052 - ntab_upload(dev, B43_NTAB_TDI20A0_R3, b43_ntab_tdi20a0_r3); 3053 - ntab_upload(dev, B43_NTAB_TDI20A1_R3, b43_ntab_tdi20a1_r3); 3054 - ntab_upload(dev, B43_NTAB_TDI40A0_R3, b43_ntab_tdi40a0_r3); 3055 - ntab_upload(dev, B43_NTAB_TDI40A1_R3, b43_ntab_tdi40a1_r3); 3056 - ntab_upload(dev, B43_NTAB_PILOTLT_R3, b43_ntab_pilotlt_r3); 3057 - ntab_upload(dev, B43_NTAB_CHANEST_R3, b43_ntab_channelest_r3); 3058 - ntab_upload(dev, B43_NTAB_FRAMELT_R3, b43_ntab_framelookup_r3); 3059 - ntab_upload(dev, B43_NTAB_C0_ESTPLT_R3, b43_ntab_estimatepowerlt0_r3); 3060 - ntab_upload(dev, B43_NTAB_C1_ESTPLT_R3, b43_ntab_estimatepowerlt1_r3); 3061 - ntab_upload(dev, B43_NTAB_C0_ADJPLT_R3, b43_ntab_adjustpower0_r3); 3062 - ntab_upload(dev, B43_NTAB_C1_ADJPLT_R3, b43_ntab_adjustpower1_r3); 3063 - ntab_upload(dev, B43_NTAB_C0_GAINCTL_R3, b43_ntab_gainctl0_r3); 3064 - ntab_upload(dev, B43_NTAB_C1_GAINCTL_R3, b43_ntab_gainctl1_r3); 3065 - ntab_upload(dev, B43_NTAB_C0_IQLT_R3, b43_ntab_iqlt0_r3); 3066 - ntab_upload(dev, B43_NTAB_C1_IQLT_R3, b43_ntab_iqlt1_r3); 3067 - ntab_upload(dev, B43_NTAB_C0_LOFEEDTH_R3, b43_ntab_loftlt0_r3); 3068 - ntab_upload(dev, B43_NTAB_C1_LOFEEDTH_R3, b43_ntab_loftlt1_r3); 3045 + if (dev->phy.do_full_init) { 3046 + ntab_upload(dev, B43_NTAB_FRAMESTRUCT_R3, b43_ntab_framestruct_r3); 3047 + ntab_upload(dev, B43_NTAB_PILOT_R3, b43_ntab_pilot_r3); 3048 + ntab_upload(dev, B43_NTAB_TMAP_R3, b43_ntab_tmap_r3); 3049 + ntab_upload(dev, B43_NTAB_INTLEVEL_R3, b43_ntab_intlevel_r3); 3050 + ntab_upload(dev, B43_NTAB_TDTRN_R3, b43_ntab_tdtrn_r3); 3051 + ntab_upload(dev, B43_NTAB_NOISEVAR_R3, b43_ntab_noisevar_r3); 3052 + ntab_upload(dev, B43_NTAB_MCS_R3, b43_ntab_mcs_r3); 3053 + ntab_upload(dev, B43_NTAB_TDI20A0_R3, b43_ntab_tdi20a0_r3); 3054 + ntab_upload(dev, B43_NTAB_TDI20A1_R3, b43_ntab_tdi20a1_r3); 3055 + ntab_upload(dev, B43_NTAB_TDI40A0_R3, b43_ntab_tdi40a0_r3); 3056 + ntab_upload(dev, B43_NTAB_TDI40A1_R3, b43_ntab_tdi40a1_r3); 3057 + ntab_upload(dev, B43_NTAB_PILOTLT_R3, b43_ntab_pilotlt_r3); 3058 + ntab_upload(dev, B43_NTAB_CHANEST_R3, b43_ntab_channelest_r3); 3059 + ntab_upload(dev, B43_NTAB_FRAMELT_R3, b43_ntab_framelookup_r3); 3060 + ntab_upload(dev, B43_NTAB_C0_ESTPLT_R3, b43_ntab_estimatepowerlt0_r3); 3061 + ntab_upload(dev, B43_NTAB_C1_ESTPLT_R3, b43_ntab_estimatepowerlt1_r3); 3062 + ntab_upload(dev, B43_NTAB_C0_ADJPLT_R3, b43_ntab_adjustpower0_r3); 3063 + ntab_upload(dev, B43_NTAB_C1_ADJPLT_R3, b43_ntab_adjustpower1_r3); 3064 + ntab_upload(dev, B43_NTAB_C0_GAINCTL_R3, b43_ntab_gainctl0_r3); 3065 + ntab_upload(dev, B43_NTAB_C1_GAINCTL_R3, b43_ntab_gainctl1_r3); 3066 + ntab_upload(dev, B43_NTAB_C0_IQLT_R3, b43_ntab_iqlt0_r3); 3067 + ntab_upload(dev, B43_NTAB_C1_IQLT_R3, b43_ntab_iqlt1_r3); 3068 + ntab_upload(dev, B43_NTAB_C0_LOFEEDTH_R3, b43_ntab_loftlt0_r3); 3069 + ntab_upload(dev, B43_NTAB_C1_LOFEEDTH_R3, b43_ntab_loftlt1_r3); 3070 + } 3069 3071 3070 3072 /* Volatile tables */ 3071 3073 if (antswlut < ARRAY_SIZE(b43_ntab_antswctl_r3)) ··· 3080 3078 static void b43_nphy_tables_init_rev0(struct b43_wldev *dev) 3081 3079 { 3082 3080 /* Static tables */ 3083 - ntab_upload(dev, B43_NTAB_FRAMESTRUCT, b43_ntab_framestruct); 3084 - ntab_upload(dev, B43_NTAB_FRAMELT, b43_ntab_framelookup); 3085 - ntab_upload(dev, B43_NTAB_TMAP, b43_ntab_tmap); 3086 - ntab_upload(dev, B43_NTAB_TDTRN, b43_ntab_tdtrn); 3087 - ntab_upload(dev, B43_NTAB_INTLEVEL, b43_ntab_intlevel); 3088 - ntab_upload(dev, B43_NTAB_PILOT, b43_ntab_pilot); 3089 - ntab_upload(dev, B43_NTAB_TDI20A0, b43_ntab_tdi20a0); 3090 - ntab_upload(dev, B43_NTAB_TDI20A1, b43_ntab_tdi20a1); 3091 - ntab_upload(dev, B43_NTAB_TDI40A0, b43_ntab_tdi40a0); 3092 - ntab_upload(dev, B43_NTAB_TDI40A1, b43_ntab_tdi40a1); 3093 - ntab_upload(dev, B43_NTAB_CHANEST, b43_ntab_channelest); 3094 - ntab_upload(dev, B43_NTAB_MCS, b43_ntab_mcs); 3095 - ntab_upload(dev, B43_NTAB_NOISEVAR10, b43_ntab_noisevar10); 3096 - ntab_upload(dev, B43_NTAB_NOISEVAR11, b43_ntab_noisevar11); 3081 + if (dev->phy.do_full_init) { 3082 + ntab_upload(dev, B43_NTAB_FRAMESTRUCT, b43_ntab_framestruct); 3083 + ntab_upload(dev, B43_NTAB_FRAMELT, b43_ntab_framelookup); 3084 + ntab_upload(dev, B43_NTAB_TMAP, b43_ntab_tmap); 3085 + ntab_upload(dev, B43_NTAB_TDTRN, b43_ntab_tdtrn); 3086 + ntab_upload(dev, B43_NTAB_INTLEVEL, b43_ntab_intlevel); 3087 + ntab_upload(dev, B43_NTAB_PILOT, b43_ntab_pilot); 3088 + ntab_upload(dev, B43_NTAB_TDI20A0, b43_ntab_tdi20a0); 3089 + ntab_upload(dev, B43_NTAB_TDI20A1, b43_ntab_tdi20a1); 3090 + ntab_upload(dev, B43_NTAB_TDI40A0, b43_ntab_tdi40a0); 3091 + ntab_upload(dev, B43_NTAB_TDI40A1, b43_ntab_tdi40a1); 3092 + ntab_upload(dev, B43_NTAB_CHANEST, b43_ntab_channelest); 3093 + ntab_upload(dev, B43_NTAB_MCS, b43_ntab_mcs); 3094 + ntab_upload(dev, B43_NTAB_NOISEVAR10, b43_ntab_noisevar10); 3095 + ntab_upload(dev, B43_NTAB_NOISEVAR11, b43_ntab_noisevar11); 3096 + } 3097 3097 3098 3098 /* Volatile tables */ 3099 3099 ntab_upload(dev, B43_NTAB_BDI, b43_ntab_bdi);

+1 -1

drivers/net/wireless/brcm80211/brcmfmac/Makefile

··· 33 33 bcdc.o \ 34 34 dhd_common.o \ 35 35 dhd_linux.o \ 36 - nvram.o \ 36 + firmware.o \ 37 37 btcoex.o 38 38 brcmfmac-$(CONFIG_BRCMFMAC_SDIO) += \ 39 39 dhd_sdio.o \

-6

drivers/net/wireless/brcm80211/brcmfmac/dhd_bus.h

··· 63 63 */ 64 64 struct brcmf_bus_ops { 65 65 int (*preinit)(struct device *dev); 66 - int (*init)(struct device *dev); 67 66 void (*stop)(struct device *dev); 68 67 int (*txdata)(struct device *dev, struct sk_buff *skb); 69 68 int (*txctl)(struct device *dev, unsigned char *msg, uint len); ··· 111 112 if (!bus->ops->preinit) 112 113 return 0; 113 114 return bus->ops->preinit(bus->dev); 114 - } 115 - 116 - static inline int brcmf_bus_init(struct brcmf_bus *bus) 117 - { 118 - return bus->ops->init(bus->dev); 119 115 } 120 116 121 117 static inline void brcmf_bus_stop(struct brcmf_bus *bus)

-7

drivers/net/wireless/brcm80211/brcmfmac/dhd_linux.c

··· 916 916 917 917 brcmf_dbg(TRACE, "\n"); 918 918 919 - /* Bring up the bus */ 920 - ret = brcmf_bus_init(bus_if); 921 - if (ret != 0) { 922 - brcmf_err("brcmf_sdbrcm_bus_init failed %d\n", ret); 923 - return ret; 924 - } 925 - 926 919 /* add primary networking interface */ 927 920 ifp = brcmf_add_if(drvr, 0, 0, "wlan%d", NULL); 928 921 if (IS_ERR(ifp))

+131 -152

drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c

··· 42 42 #include <soc.h> 43 43 #include "sdio_host.h" 44 44 #include "chip.h" 45 - #include "nvram.h" 45 + #include "firmware.h" 46 46 47 47 #define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 48 48 ··· 632 632 { BCM4354_CHIP_ID, 0xFFFFFFFF, BRCMF_FIRMWARE_NVRAM(BCM4354) } 633 633 }; 634 634 635 - 636 - static const struct firmware *brcmf_sdio_get_fw(struct brcmf_sdio *bus, 637 - enum brcmf_firmware_type type) 635 + static const char *brcmf_sdio_get_fwname(struct brcmf_chip *ci, 636 + enum brcmf_firmware_type type) 638 637 { 639 - const struct firmware *fw; 640 - const char *name; 641 - int err, i; 638 + int i; 642 639 643 640 for (i = 0; i < ARRAY_SIZE(brcmf_fwname_data); i++) { 644 - if (brcmf_fwname_data[i].chipid == bus->ci->chip && 645 - brcmf_fwname_data[i].revmsk & BIT(bus->ci->chiprev)) { 641 + if (brcmf_fwname_data[i].chipid == ci->chip && 642 + brcmf_fwname_data[i].revmsk & BIT(ci->chiprev)) { 646 643 switch (type) { 647 644 case BRCMF_FIRMWARE_BIN: 648 - name = brcmf_fwname_data[i].bin; 649 - break; 645 + return brcmf_fwname_data[i].bin; 650 646 case BRCMF_FIRMWARE_NVRAM: 651 - name = brcmf_fwname_data[i].nv; 652 - break; 647 + return brcmf_fwname_data[i].nv; 653 648 default: 654 649 brcmf_err("invalid firmware type (%d)\n", type); 655 650 return NULL; 656 651 } 657 - goto found; 658 652 } 659 653 } 660 654 brcmf_err("Unknown chipid %d [%d]\n", 661 - bus->ci->chip, bus->ci->chiprev); 655 + ci->chip, ci->chiprev); 662 656 return NULL; 663 - 664 - found: 665 - err = request_firmware(&fw, name, &bus->sdiodev->func[2]->dev); 666 - if ((err) || (!fw)) { 667 - brcmf_err("fail to request firmware %s (%d)\n", name, err); 668 - return NULL; 669 - } 670 - 671 - return fw; 672 657 } 673 658 674 659 static void pkt_align(struct sk_buff *p, int len, int align) ··· 3263 3278 } 3264 3279 3265 3280 static int brcmf_sdio_download_nvram(struct brcmf_sdio *bus, 3266 - const struct firmware *nv) 3281 + void *vars, u32 varsz) 3267 3282 { 3268 - void *vars; 3269 - u32 varsz; 3270 3283 int address; 3271 3284 int err; 3272 3285 3273 3286 brcmf_dbg(TRACE, "Enter\n"); 3274 - 3275 - vars = brcmf_nvram_strip(nv, &varsz); 3276 - 3277 - if (vars == NULL) 3278 - return -EINVAL; 3279 3287 3280 3288 address = bus->ci->ramsize - varsz + bus->ci->rambase; 3281 3289 err = brcmf_sdiod_ramrw(bus->sdiodev, true, address, vars, varsz); ··· 3278 3300 else if (!brcmf_sdio_verifymemory(bus->sdiodev, address, vars, varsz)) 3279 3301 err = -EIO; 3280 3302 3281 - brcmf_nvram_free(vars); 3282 - 3283 3303 return err; 3284 3304 } 3285 3305 3286 - static int brcmf_sdio_download_firmware(struct brcmf_sdio *bus) 3306 + static int brcmf_sdio_download_firmware(struct brcmf_sdio *bus, 3307 + const struct firmware *fw, 3308 + void *nvram, u32 nvlen) 3287 3309 { 3288 3310 int bcmerror = -EFAULT; 3289 - const struct firmware *fw; 3290 3311 u32 rstvec; 3291 3312 3292 3313 sdio_claim_host(bus->sdiodev->func[1]); ··· 3294 3317 /* Keep arm in reset */ 3295 3318 brcmf_chip_enter_download(bus->ci); 3296 3319 3297 - fw = brcmf_sdio_get_fw(bus, BRCMF_FIRMWARE_BIN); 3298 - if (fw == NULL) { 3299 - bcmerror = -ENOENT; 3300 - goto err; 3301 - } 3302 - 3303 3320 rstvec = get_unaligned_le32(fw->data); 3304 3321 brcmf_dbg(SDIO, "firmware rstvec: %x\n", rstvec); 3305 3322 ··· 3301 3330 release_firmware(fw); 3302 3331 if (bcmerror) { 3303 3332 brcmf_err("dongle image file download failed\n"); 3333 + brcmf_fw_nvram_free(nvram); 3304 3334 goto err; 3305 3335 } 3306 3336 3307 - fw = brcmf_sdio_get_fw(bus, BRCMF_FIRMWARE_NVRAM); 3308 - if (fw == NULL) { 3309 - bcmerror = -ENOENT; 3310 - goto err; 3311 - } 3312 - 3313 - bcmerror = brcmf_sdio_download_nvram(bus, fw); 3314 - release_firmware(fw); 3337 + bcmerror = brcmf_sdio_download_nvram(bus, nvram, nvlen); 3338 + brcmf_fw_nvram_free(nvram); 3315 3339 if (bcmerror) { 3316 3340 brcmf_err("dongle nvram file download failed\n"); 3317 3341 goto err; ··· 3454 3488 3455 3489 done: 3456 3490 return err; 3457 - } 3458 - 3459 - static int brcmf_sdio_bus_init(struct device *dev) 3460 - { 3461 - struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3462 - struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3463 - struct brcmf_sdio *bus = sdiodev->bus; 3464 - int err, ret = 0; 3465 - u8 saveclk; 3466 - 3467 - brcmf_dbg(TRACE, "Enter\n"); 3468 - 3469 - /* try to download image and nvram to the dongle */ 3470 - if (bus_if->state == BRCMF_BUS_DOWN) { 3471 - bus->alp_only = true; 3472 - err = brcmf_sdio_download_firmware(bus); 3473 - if (err) 3474 - return err; 3475 - bus->alp_only = false; 3476 - } 3477 - 3478 - if (!bus->sdiodev->bus_if->drvr) 3479 - return 0; 3480 - 3481 - /* Start the watchdog timer */ 3482 - bus->sdcnt.tickcnt = 0; 3483 - brcmf_sdio_wd_timer(bus, BRCMF_WD_POLL_MS); 3484 - 3485 - sdio_claim_host(bus->sdiodev->func[1]); 3486 - 3487 - /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3488 - brcmf_sdio_clkctl(bus, CLK_AVAIL, false); 3489 - if (bus->clkstate != CLK_AVAIL) 3490 - goto exit; 3491 - 3492 - /* Force clocks on backplane to be sure F2 interrupt propagates */ 3493 - saveclk = brcmf_sdiod_regrb(bus->sdiodev, 3494 - SBSDIO_FUNC1_CHIPCLKCSR, &err); 3495 - if (!err) { 3496 - brcmf_sdiod_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3497 - (saveclk | SBSDIO_FORCE_HT), &err); 3498 - } 3499 - if (err) { 3500 - brcmf_err("Failed to force clock for F2: err %d\n", err); 3501 - goto exit; 3502 - } 3503 - 3504 - /* Enable function 2 (frame transfers) */ 3505 - w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3506 - offsetof(struct sdpcmd_regs, tosbmailboxdata)); 3507 - err = sdio_enable_func(bus->sdiodev->func[SDIO_FUNC_2]); 3508 - 3509 - 3510 - brcmf_dbg(INFO, "enable F2: err=%d\n", err); 3511 - 3512 - /* If F2 successfully enabled, set core and enable interrupts */ 3513 - if (!err) { 3514 - /* Set up the interrupt mask and enable interrupts */ 3515 - bus->hostintmask = HOSTINTMASK; 3516 - w_sdreg32(bus, bus->hostintmask, 3517 - offsetof(struct sdpcmd_regs, hostintmask)); 3518 - 3519 - brcmf_sdiod_regwb(bus->sdiodev, SBSDIO_WATERMARK, 8, &err); 3520 - } else { 3521 - /* Disable F2 again */ 3522 - sdio_disable_func(bus->sdiodev->func[SDIO_FUNC_2]); 3523 - ret = -ENODEV; 3524 - } 3525 - 3526 - if (brcmf_chip_sr_capable(bus->ci)) { 3527 - brcmf_sdio_sr_init(bus); 3528 - } else { 3529 - /* Restore previous clock setting */ 3530 - brcmf_sdiod_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3531 - saveclk, &err); 3532 - } 3533 - 3534 - if (ret == 0) { 3535 - ret = brcmf_sdiod_intr_register(bus->sdiodev); 3536 - if (ret != 0) 3537 - brcmf_err("intr register failed:%d\n", ret); 3538 - } 3539 - 3540 - /* If we didn't come up, turn off backplane clock */ 3541 - if (ret != 0) 3542 - brcmf_sdio_clkctl(bus, CLK_NONE, false); 3543 - 3544 - exit: 3545 - sdio_release_host(bus->sdiodev->func[1]); 3546 - 3547 - return ret; 3548 3491 } 3549 3492 3550 3493 void brcmf_sdio_isr(struct brcmf_sdio *bus) ··· 3895 4020 static struct brcmf_bus_ops brcmf_sdio_bus_ops = { 3896 4021 .stop = brcmf_sdio_bus_stop, 3897 4022 .preinit = brcmf_sdio_bus_preinit, 3898 - .init = brcmf_sdio_bus_init, 3899 4023 .txdata = brcmf_sdio_bus_txdata, 3900 4024 .txctl = brcmf_sdio_bus_txctl, 3901 4025 .rxctl = brcmf_sdio_bus_rxctl, 3902 4026 .gettxq = brcmf_sdio_bus_gettxq, 3903 4027 }; 4028 + 4029 + static void brcmf_sdio_firmware_callback(struct device *dev, 4030 + const struct firmware *code, 4031 + void *nvram, u32 nvram_len) 4032 + { 4033 + struct brcmf_bus *bus_if = dev_get_drvdata(dev); 4034 + struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 4035 + struct brcmf_sdio *bus = sdiodev->bus; 4036 + int err = 0; 4037 + u8 saveclk; 4038 + 4039 + brcmf_dbg(TRACE, "Enter: dev=%s\n", dev_name(dev)); 4040 + 4041 + /* try to download image and nvram to the dongle */ 4042 + if (bus_if->state == BRCMF_BUS_DOWN) { 4043 + bus->alp_only = true; 4044 + err = brcmf_sdio_download_firmware(bus, code, nvram, nvram_len); 4045 + if (err) 4046 + goto fail; 4047 + bus->alp_only = false; 4048 + } 4049 + 4050 + if (!bus_if->drvr) 4051 + return; 4052 + 4053 + /* Start the watchdog timer */ 4054 + bus->sdcnt.tickcnt = 0; 4055 + brcmf_sdio_wd_timer(bus, BRCMF_WD_POLL_MS); 4056 + 4057 + sdio_claim_host(sdiodev->func[1]); 4058 + 4059 + /* Make sure backplane clock is on, needed to generate F2 interrupt */ 4060 + brcmf_sdio_clkctl(bus, CLK_AVAIL, false); 4061 + if (bus->clkstate != CLK_AVAIL) 4062 + goto release; 4063 + 4064 + /* Force clocks on backplane to be sure F2 interrupt propagates */ 4065 + saveclk = brcmf_sdiod_regrb(sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, &err); 4066 + if (!err) { 4067 + brcmf_sdiod_regwb(sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 4068 + (saveclk | SBSDIO_FORCE_HT), &err); 4069 + } 4070 + if (err) { 4071 + brcmf_err("Failed to force clock for F2: err %d\n", err); 4072 + goto release; 4073 + } 4074 + 4075 + /* Enable function 2 (frame transfers) */ 4076 + w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 4077 + offsetof(struct sdpcmd_regs, tosbmailboxdata)); 4078 + err = sdio_enable_func(sdiodev->func[SDIO_FUNC_2]); 4079 + 4080 + 4081 + brcmf_dbg(INFO, "enable F2: err=%d\n", err); 4082 + 4083 + /* If F2 successfully enabled, set core and enable interrupts */ 4084 + if (!err) { 4085 + /* Set up the interrupt mask and enable interrupts */ 4086 + bus->hostintmask = HOSTINTMASK; 4087 + w_sdreg32(bus, bus->hostintmask, 4088 + offsetof(struct sdpcmd_regs, hostintmask)); 4089 + 4090 + brcmf_sdiod_regwb(sdiodev, SBSDIO_WATERMARK, 8, &err); 4091 + } else { 4092 + /* Disable F2 again */ 4093 + sdio_disable_func(sdiodev->func[SDIO_FUNC_2]); 4094 + goto release; 4095 + } 4096 + 4097 + if (brcmf_chip_sr_capable(bus->ci)) { 4098 + brcmf_sdio_sr_init(bus); 4099 + } else { 4100 + /* Restore previous clock setting */ 4101 + brcmf_sdiod_regwb(sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 4102 + saveclk, &err); 4103 + } 4104 + 4105 + if (err == 0) { 4106 + err = brcmf_sdiod_intr_register(sdiodev); 4107 + if (err != 0) 4108 + brcmf_err("intr register failed:%d\n", err); 4109 + } 4110 + 4111 + /* If we didn't come up, turn off backplane clock */ 4112 + if (err != 0) 4113 + brcmf_sdio_clkctl(bus, CLK_NONE, false); 4114 + 4115 + sdio_release_host(sdiodev->func[1]); 4116 + 4117 + err = brcmf_bus_start(dev); 4118 + if (err != 0) { 4119 + brcmf_err("dongle is not responding\n"); 4120 + goto fail; 4121 + } 4122 + return; 4123 + 4124 + release: 4125 + sdio_release_host(sdiodev->func[1]); 4126 + fail: 4127 + brcmf_dbg(TRACE, "failed: dev=%s, err=%d\n", dev_name(dev), err); 4128 + device_release_driver(dev); 4129 + } 3904 4130 3905 4131 struct brcmf_sdio *brcmf_sdio_probe(struct brcmf_sdio_dev *sdiodev) 3906 4132 { ··· 4086 4110 goto fail; 4087 4111 } 4088 4112 4113 + /* Query the F2 block size, set roundup accordingly */ 4114 + bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 4115 + bus->roundup = min(max_roundup, bus->blocksize); 4116 + 4089 4117 /* Allocate buffers */ 4090 4118 if (bus->sdiodev->bus_if->maxctl) { 4119 + bus->sdiodev->bus_if->maxctl += bus->roundup; 4091 4120 bus->rxblen = 4092 4121 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN), 4093 4122 ALIGNMENT) + bus->head_align; ··· 4120 4139 bus->idletime = BRCMF_IDLE_INTERVAL; 4121 4140 bus->idleclock = BRCMF_IDLE_ACTIVE; 4122 4141 4123 - /* Query the F2 block size, set roundup accordingly */ 4124 - bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 4125 - bus->roundup = min(max_roundup, bus->blocksize); 4126 - 4127 4142 /* SR state */ 4128 4143 bus->sleeping = false; 4129 4144 bus->sr_enabled = false; ··· 4127 4150 brcmf_sdio_debugfs_create(bus); 4128 4151 brcmf_dbg(INFO, "completed!!\n"); 4129 4152 4130 - /* if firmware path present try to download and bring up bus */ 4131 - ret = brcmf_bus_start(bus->sdiodev->dev); 4153 + ret = brcmf_fw_get_firmwares(sdiodev->dev, BRCMF_FW_REQUEST_NVRAM, 4154 + brcmf_sdio_get_fwname(bus->ci, 4155 + BRCMF_FIRMWARE_BIN), 4156 + brcmf_sdio_get_fwname(bus->ci, 4157 + BRCMF_FIRMWARE_NVRAM), 4158 + brcmf_sdio_firmware_callback); 4132 4159 if (ret != 0) { 4133 - brcmf_err("dongle is not responding\n"); 4160 + brcmf_err("async firmware request failed: %d\n", ret); 4134 4161 goto fail; 4135 4162 } 4136 4163 ··· 4154 4173 /* De-register interrupt handler */ 4155 4174 brcmf_sdiod_intr_unregister(bus->sdiodev); 4156 4175 4157 - if (bus->sdiodev->bus_if->drvr) { 4158 - brcmf_detach(bus->sdiodev->dev); 4159 - } 4176 + brcmf_detach(bus->sdiodev->dev); 4160 4177 4161 4178 cancel_work_sync(&bus->datawork); 4162 4179 if (bus->brcmf_wq)

+109 -3

drivers/net/wireless/brcm80211/brcmfmac/nvram.c drivers/net/wireless/brcm80211/brcmfmac/firmware.c

··· 16 16 17 17 #include <linux/kernel.h> 18 18 #include <linux/slab.h> 19 + #include <linux/device.h> 19 20 #include <linux/firmware.h> 20 21 21 22 #include "dhd_dbg.h" 22 - #include "nvram.h" 23 + #include "firmware.h" 23 24 24 25 enum nvram_parser_state { 25 26 IDLE, ··· 188 187 * and converts newlines to NULs. Shortens buffer as needed and pads with NULs. 189 188 * End of buffer is completed with token identifying length of buffer. 190 189 */ 191 - void *brcmf_nvram_strip(const struct firmware *nv, u32 *new_length) 190 + static void *brcmf_fw_nvram_strip(const struct firmware *nv, u32 *new_length) 192 191 { 193 192 struct nvram_parser nvp; 194 193 u32 pad; ··· 220 219 return nvp.nvram; 221 220 } 222 221 223 - void brcmf_nvram_free(void *nvram) 222 + void brcmf_fw_nvram_free(void *nvram) 224 223 { 225 224 kfree(nvram); 226 225 } 227 226 227 + struct brcmf_fw { 228 + struct device *dev; 229 + u16 flags; 230 + const struct firmware *code; 231 + const char *nvram_name; 232 + void (*done)(struct device *dev, const struct firmware *fw, 233 + void *nvram_image, u32 nvram_len); 234 + }; 235 + 236 + static void brcmf_fw_request_nvram_done(const struct firmware *fw, void *ctx) 237 + { 238 + struct brcmf_fw *fwctx = ctx; 239 + u32 nvram_length = 0; 240 + void *nvram = NULL; 241 + 242 + brcmf_dbg(TRACE, "enter: dev=%s\n", dev_name(fwctx->dev)); 243 + if (!fw && !(fwctx->flags & BRCMF_FW_REQ_NV_OPTIONAL)) 244 + goto fail; 245 + 246 + if (fw) { 247 + nvram = brcmf_fw_nvram_strip(fw, &nvram_length); 248 + release_firmware(fw); 249 + if (!nvram && !(fwctx->flags & BRCMF_FW_REQ_NV_OPTIONAL)) 250 + goto fail; 251 + } 252 + 253 + fwctx->done(fwctx->dev, fwctx->code, nvram, nvram_length); 254 + kfree(fwctx); 255 + return; 256 + 257 + fail: 258 + brcmf_dbg(TRACE, "failed: dev=%s\n", dev_name(fwctx->dev)); 259 + if (fwctx->code) 260 + release_firmware(fwctx->code); 261 + device_release_driver(fwctx->dev); 262 + kfree(fwctx); 263 + } 264 + 265 + static void brcmf_fw_request_code_done(const struct firmware *fw, void *ctx) 266 + { 267 + struct brcmf_fw *fwctx = ctx; 268 + int ret; 269 + 270 + brcmf_dbg(TRACE, "enter: dev=%s\n", dev_name(fwctx->dev)); 271 + if (!fw) 272 + goto fail; 273 + 274 + /* only requested code so done here */ 275 + if (!(fwctx->flags & BRCMF_FW_REQUEST_NVRAM)) { 276 + fwctx->done(fwctx->dev, fw, NULL, 0); 277 + kfree(fwctx); 278 + return; 279 + } 280 + fwctx->code = fw; 281 + ret = request_firmware_nowait(THIS_MODULE, true, fwctx->nvram_name, 282 + fwctx->dev, GFP_KERNEL, fwctx, 283 + brcmf_fw_request_nvram_done); 284 + 285 + if (!ret) 286 + return; 287 + 288 + /* when nvram is optional call .done() callback here */ 289 + if (fwctx->flags & BRCMF_FW_REQ_NV_OPTIONAL) { 290 + fwctx->done(fwctx->dev, fw, NULL, 0); 291 + kfree(fwctx); 292 + return; 293 + } 294 + 295 + /* failed nvram request */ 296 + release_firmware(fw); 297 + fail: 298 + brcmf_dbg(TRACE, "failed: dev=%s\n", dev_name(fwctx->dev)); 299 + device_release_driver(fwctx->dev); 300 + kfree(fwctx); 301 + } 302 + 303 + int brcmf_fw_get_firmwares(struct device *dev, u16 flags, 304 + const char *code, const char *nvram, 305 + void (*fw_cb)(struct device *dev, 306 + const struct firmware *fw, 307 + void *nvram_image, u32 nvram_len)) 308 + { 309 + struct brcmf_fw *fwctx; 310 + 311 + brcmf_dbg(TRACE, "enter: dev=%s\n", dev_name(dev)); 312 + if (!fw_cb || !code) 313 + return -EINVAL; 314 + 315 + if ((flags & BRCMF_FW_REQUEST_NVRAM) && !nvram) 316 + return -EINVAL; 317 + 318 + fwctx = kzalloc(sizeof(*fwctx), GFP_KERNEL); 319 + if (!fwctx) 320 + return -ENOMEM; 321 + 322 + fwctx->dev = dev; 323 + fwctx->flags = flags; 324 + fwctx->done = fw_cb; 325 + if (flags & BRCMF_FW_REQUEST_NVRAM) 326 + fwctx->nvram_name = nvram; 327 + 328 + return request_firmware_nowait(THIS_MODULE, true, code, dev, 329 + GFP_KERNEL, fwctx, 330 + brcmf_fw_request_code_done); 331 + }

+18 -6

drivers/net/wireless/brcm80211/brcmfmac/nvram.h drivers/net/wireless/brcm80211/brcmfmac/firmware.h

··· 13 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 15 */ 16 - #ifndef BRCMFMAC_NVRAM_H 17 - #define BRCMFMAC_NVRAM_H 16 + #ifndef BRCMFMAC_FIRMWARE_H 17 + #define BRCMFMAC_FIRMWARE_H 18 18 19 + #define BRCMF_FW_REQUEST 0x000F 20 + #define BRCMF_FW_REQUEST_NVRAM 0x0001 21 + #define BRCMF_FW_REQ_FLAGS 0x00F0 22 + #define BRCMF_FW_REQ_NV_OPTIONAL 0x0010 19 23 20 - void *brcmf_nvram_strip(const struct firmware *nv, u32 *new_length); 21 - void brcmf_nvram_free(void *nvram); 24 + void brcmf_fw_nvram_free(void *nvram); 25 + /* 26 + * Request firmware(s) asynchronously. When the asynchronous request 27 + * fails it will not use the callback, but call device_release_driver() 28 + * instead which will call the driver .remove() callback. 29 + */ 30 + int brcmf_fw_get_firmwares(struct device *dev, u16 flags, 31 + const char *code, const char *nvram, 32 + void (*fw_cb)(struct device *dev, 33 + const struct firmware *fw, 34 + void *nvram_image, u32 nvram_len)); 22 35 23 - 24 - #endif /* BRCMFMAC_NVRAM_H */ 36 + #endif /* BRCMFMAC_FIRMWARE_H */

+85 -184

drivers/net/wireless/brcm80211/brcmfmac/usb.c

··· 25 25 #include <dhd_bus.h> 26 26 #include <dhd_dbg.h> 27 27 28 + #include "firmware.h" 28 29 #include "usb_rdl.h" 29 30 #include "usb.h" 30 31 ··· 62 61 u8 *image; 63 62 int image_len; 64 63 }; 65 - static struct list_head fw_image_list; 66 - 67 - struct intr_transfer_buf { 68 - u32 notification; 69 - u32 reserved; 70 - }; 71 64 72 65 struct brcmf_usbdev_info { 73 66 struct brcmf_usbdev bus_pub; /* MUST BE FIRST */ ··· 70 75 struct list_head rx_postq; 71 76 struct list_head tx_freeq; 72 77 struct list_head tx_postq; 73 - uint rx_pipe, tx_pipe, intr_pipe, rx_pipe2; 78 + uint rx_pipe, tx_pipe, rx_pipe2; 74 79 75 80 int rx_low_watermark; 76 81 int tx_low_watermark; ··· 82 87 struct brcmf_usbreq *tx_reqs; 83 88 struct brcmf_usbreq *rx_reqs; 84 89 85 - u8 *image; /* buffer for combine fw and nvram */ 90 + const u8 *image; /* buffer for combine fw and nvram */ 86 91 int image_len; 87 92 88 93 struct usb_device *usbdev; ··· 99 104 ulong ctl_op; 100 105 101 106 struct urb *bulk_urb; /* used for FW download */ 102 - struct urb *intr_urb; /* URB for interrupt endpoint */ 103 - int intr_size; /* Size of interrupt message */ 104 - int interval; /* Interrupt polling interval */ 105 - struct intr_transfer_buf intr; /* Data buffer for interrupt endpoint */ 106 107 }; 107 108 108 109 static void brcmf_usb_rx_refill(struct brcmf_usbdev_info *devinfo, ··· 522 531 } 523 532 } 524 533 525 - static void 526 - brcmf_usb_intr_complete(struct urb *urb) 527 - { 528 - struct brcmf_usbdev_info *devinfo = 529 - (struct brcmf_usbdev_info *)urb->context; 530 - int err; 531 - 532 - brcmf_dbg(USB, "Enter, urb->status=%d\n", urb->status); 533 - 534 - if (devinfo == NULL) 535 - return; 536 - 537 - if (unlikely(urb->status)) { 538 - if (urb->status == -ENOENT || 539 - urb->status == -ESHUTDOWN || 540 - urb->status == -ENODEV) { 541 - brcmf_usb_state_change(devinfo, 542 - BRCMFMAC_USB_STATE_DOWN); 543 - } 544 - } 545 - 546 - if (devinfo->bus_pub.state == BRCMFMAC_USB_STATE_DOWN) { 547 - brcmf_err("intr cb when DBUS down, ignoring\n"); 548 - return; 549 - } 550 - 551 - if (devinfo->bus_pub.state == BRCMFMAC_USB_STATE_UP) { 552 - err = usb_submit_urb(devinfo->intr_urb, GFP_ATOMIC); 553 - if (err) 554 - brcmf_err("usb_submit_urb, err=%d\n", err); 555 - } 556 - } 557 - 558 534 static int brcmf_usb_tx(struct device *dev, struct sk_buff *skb) 559 535 { 560 536 struct brcmf_usbdev_info *devinfo = brcmf_usb_get_businfo(dev); ··· 577 619 { 578 620 struct brcmf_usbdev_info *devinfo = brcmf_usb_get_businfo(dev); 579 621 u16 ifnum; 580 - int ret; 581 622 582 623 brcmf_dbg(USB, "Enter\n"); 583 624 if (devinfo->bus_pub.state == BRCMFMAC_USB_STATE_UP) ··· 584 627 585 628 /* Success, indicate devinfo is fully up */ 586 629 brcmf_usb_state_change(devinfo, BRCMFMAC_USB_STATE_UP); 587 - 588 - if (devinfo->intr_urb) { 589 - usb_fill_int_urb(devinfo->intr_urb, devinfo->usbdev, 590 - devinfo->intr_pipe, 591 - &devinfo->intr, 592 - devinfo->intr_size, 593 - (usb_complete_t)brcmf_usb_intr_complete, 594 - devinfo, 595 - devinfo->interval); 596 - 597 - ret = usb_submit_urb(devinfo->intr_urb, GFP_ATOMIC); 598 - if (ret) { 599 - brcmf_err("USB_SUBMIT_URB failed with status %d\n", 600 - ret); 601 - return -EINVAL; 602 - } 603 - } 604 630 605 631 if (devinfo->ctl_urb) { 606 632 devinfo->ctl_in_pipe = usb_rcvctrlpipe(devinfo->usbdev, 0); ··· 621 681 return; 622 682 623 683 brcmf_usb_state_change(devinfo, BRCMFMAC_USB_STATE_DOWN); 624 - if (devinfo->intr_urb) 625 - usb_kill_urb(devinfo->intr_urb); 626 684 627 685 if (devinfo->ctl_urb) 628 686 usb_kill_urb(devinfo->ctl_urb); ··· 959 1021 } 960 1022 961 1023 err = brcmf_usb_dlstart(devinfo, 962 - devinfo->image, devinfo->image_len); 1024 + (u8 *)devinfo->image, devinfo->image_len); 963 1025 if (err == 0) 964 1026 err = brcmf_usb_dlrun(devinfo); 965 1027 return err; ··· 974 1036 brcmf_usb_free_q(&devinfo->rx_freeq, false); 975 1037 brcmf_usb_free_q(&devinfo->tx_freeq, false); 976 1038 977 - usb_free_urb(devinfo->intr_urb); 978 1039 usb_free_urb(devinfo->ctl_urb); 979 1040 usb_free_urb(devinfo->bulk_urb); 980 1041 ··· 1017 1080 return -1; 1018 1081 } 1019 1082 1020 - static int brcmf_usb_get_fw(struct brcmf_usbdev_info *devinfo) 1083 + static const char *brcmf_usb_get_fwname(struct brcmf_usbdev_info *devinfo) 1021 1084 { 1022 - s8 *fwname; 1023 - const struct firmware *fw; 1024 - struct brcmf_usb_image *fw_image; 1025 - int err; 1026 - 1027 - brcmf_dbg(USB, "Enter\n"); 1028 1085 switch (devinfo->bus_pub.devid) { 1029 1086 case 43143: 1030 - fwname = BRCMF_USB_43143_FW_NAME; 1031 - break; 1087 + return BRCMF_USB_43143_FW_NAME; 1032 1088 case 43235: 1033 1089 case 43236: 1034 1090 case 43238: 1035 - fwname = BRCMF_USB_43236_FW_NAME; 1036 - break; 1091 + return BRCMF_USB_43236_FW_NAME; 1037 1092 case 43242: 1038 - fwname = BRCMF_USB_43242_FW_NAME; 1039 - break; 1093 + return BRCMF_USB_43242_FW_NAME; 1040 1094 default: 1041 - return -EINVAL; 1042 - break; 1095 + return NULL; 1043 1096 } 1044 - brcmf_dbg(USB, "Loading FW %s\n", fwname); 1045 - list_for_each_entry(fw_image, &fw_image_list, list) { 1046 - if (fw_image->fwname == fwname) { 1047 - devinfo->image = fw_image->image; 1048 - devinfo->image_len = fw_image->image_len; 1049 - return 0; 1050 - } 1051 - } 1052 - /* fw image not yet loaded. Load it now and add to list */ 1053 - err = request_firmware(&fw, fwname, devinfo->dev); 1054 - if (!fw) { 1055 - brcmf_err("fail to request firmware %s\n", fwname); 1056 - return err; 1057 - } 1058 - if (check_file(fw->data) < 0) { 1059 - brcmf_err("invalid firmware %s\n", fwname); 1060 - return -EINVAL; 1061 - } 1062 - 1063 - fw_image = kzalloc(sizeof(*fw_image), GFP_ATOMIC); 1064 - if (!fw_image) 1065 - return -ENOMEM; 1066 - INIT_LIST_HEAD(&fw_image->list); 1067 - list_add_tail(&fw_image->list, &fw_image_list); 1068 - fw_image->fwname = fwname; 1069 - fw_image->image = vmalloc(fw->size); 1070 - if (!fw_image->image) 1071 - return -ENOMEM; 1072 - 1073 - memcpy(fw_image->image, fw->data, fw->size); 1074 - fw_image->image_len = fw->size; 1075 - 1076 - release_firmware(fw); 1077 - 1078 - devinfo->image = fw_image->image; 1079 - devinfo->image_len = fw_image->image_len; 1080 - 1081 - return 0; 1082 1097 } 1083 1098 1084 1099 ··· 1075 1186 goto error; 1076 1187 devinfo->tx_freecount = ntxq; 1077 1188 1078 - devinfo->intr_urb = usb_alloc_urb(0, GFP_ATOMIC); 1079 - if (!devinfo->intr_urb) { 1080 - brcmf_err("usb_alloc_urb (intr) failed\n"); 1081 - goto error; 1082 - } 1083 1189 devinfo->ctl_urb = usb_alloc_urb(0, GFP_ATOMIC); 1084 1190 if (!devinfo->ctl_urb) { 1085 1191 brcmf_err("usb_alloc_urb (ctl) failed\n"); ··· 1086 1202 goto error; 1087 1203 } 1088 1204 1089 - if (!brcmf_usb_dlneeded(devinfo)) 1090 - return &devinfo->bus_pub; 1091 - 1092 - brcmf_dbg(USB, "Start fw downloading\n"); 1093 - if (brcmf_usb_get_fw(devinfo)) 1094 - goto error; 1095 - 1096 - if (brcmf_usb_fw_download(devinfo)) 1097 - goto error; 1098 - 1099 1205 return &devinfo->bus_pub; 1100 1206 1101 1207 error: ··· 1096 1222 1097 1223 static struct brcmf_bus_ops brcmf_usb_bus_ops = { 1098 1224 .txdata = brcmf_usb_tx, 1099 - .init = brcmf_usb_up, 1100 1225 .stop = brcmf_usb_down, 1101 1226 .txctl = brcmf_usb_tx_ctlpkt, 1102 1227 .rxctl = brcmf_usb_rx_ctlpkt, 1103 1228 }; 1104 1229 1230 + static int brcmf_usb_bus_setup(struct brcmf_usbdev_info *devinfo) 1231 + { 1232 + int ret; 1233 + 1234 + /* Attach to the common driver interface */ 1235 + ret = brcmf_attach(devinfo->dev); 1236 + if (ret) { 1237 + brcmf_err("brcmf_attach failed\n"); 1238 + return ret; 1239 + } 1240 + 1241 + ret = brcmf_usb_up(devinfo->dev); 1242 + if (ret) 1243 + goto fail; 1244 + 1245 + ret = brcmf_bus_start(devinfo->dev); 1246 + if (ret) 1247 + goto fail; 1248 + 1249 + return 0; 1250 + fail: 1251 + brcmf_detach(devinfo->dev); 1252 + return ret; 1253 + } 1254 + 1255 + static void brcmf_usb_probe_phase2(struct device *dev, 1256 + const struct firmware *fw, 1257 + void *nvram, u32 nvlen) 1258 + { 1259 + struct brcmf_bus *bus = dev_get_drvdata(dev); 1260 + struct brcmf_usbdev_info *devinfo; 1261 + int ret; 1262 + 1263 + brcmf_dbg(USB, "Start fw downloading\n"); 1264 + ret = check_file(fw->data); 1265 + if (ret < 0) { 1266 + brcmf_err("invalid firmware\n"); 1267 + release_firmware(fw); 1268 + goto error; 1269 + } 1270 + 1271 + devinfo = bus->bus_priv.usb->devinfo; 1272 + devinfo->image = fw->data; 1273 + devinfo->image_len = fw->size; 1274 + 1275 + ret = brcmf_usb_fw_download(devinfo); 1276 + release_firmware(fw); 1277 + if (ret) 1278 + goto error; 1279 + 1280 + ret = brcmf_usb_bus_setup(devinfo); 1281 + if (ret) 1282 + goto error; 1283 + 1284 + return; 1285 + error: 1286 + brcmf_dbg(TRACE, "failed: dev=%s, err=%d\n", dev_name(dev), ret); 1287 + device_release_driver(dev); 1288 + } 1289 + 1105 1290 static int brcmf_usb_probe_cb(struct brcmf_usbdev_info *devinfo) 1106 1291 { 1107 1292 struct brcmf_bus *bus = NULL; 1108 1293 struct brcmf_usbdev *bus_pub = NULL; 1109 - int ret; 1110 1294 struct device *dev = devinfo->dev; 1295 + int ret; 1111 1296 1112 1297 brcmf_dbg(USB, "Enter\n"); 1113 1298 bus_pub = brcmf_usb_attach(devinfo, BRCMF_USB_NRXQ, BRCMF_USB_NTXQ); ··· 1189 1256 bus->proto_type = BRCMF_PROTO_BCDC; 1190 1257 bus->always_use_fws_queue = true; 1191 1258 1192 - /* Attach to the common driver interface */ 1193 - ret = brcmf_attach(dev); 1194 - if (ret) { 1195 - brcmf_err("brcmf_attach failed\n"); 1196 - goto fail; 1259 + if (!brcmf_usb_dlneeded(devinfo)) { 1260 + ret = brcmf_usb_bus_setup(devinfo); 1261 + if (ret) 1262 + goto fail; 1197 1263 } 1198 - 1199 - ret = brcmf_bus_start(dev); 1200 - if (ret) { 1201 - brcmf_err("dongle is not responding\n"); 1202 - brcmf_detach(dev); 1203 - goto fail; 1204 - } 1205 - 1264 + /* request firmware here */ 1265 + brcmf_fw_get_firmwares(dev, 0, brcmf_usb_get_fwname(devinfo), NULL, 1266 + brcmf_usb_probe_phase2); 1206 1267 return 0; 1268 + 1207 1269 fail: 1208 1270 /* Release resources in reverse order */ 1209 1271 kfree(bus); ··· 1286 1358 goto fail; 1287 1359 } 1288 1360 1289 - endpoint_num = endpoint->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; 1290 - devinfo->intr_pipe = usb_rcvintpipe(usb, endpoint_num); 1291 - 1292 1361 devinfo->rx_pipe = 0; 1293 1362 devinfo->rx_pipe2 = 0; 1294 1363 devinfo->tx_pipe = 0; ··· 1317 1392 } 1318 1393 } 1319 1394 1320 - /* Allocate interrupt URB and data buffer */ 1321 - /* RNDIS says 8-byte intr, our old drivers used 4-byte */ 1322 - if (IFEPDESC(usb, CONTROL_IF, 0).wMaxPacketSize == cpu_to_le16(16)) 1323 - devinfo->intr_size = 8; 1324 - else 1325 - devinfo->intr_size = 4; 1326 - 1327 - devinfo->interval = IFEPDESC(usb, CONTROL_IF, 0).bInterval; 1328 - 1329 - if (usb->speed == USB_SPEED_HIGH) 1395 + if (usb->speed == USB_SPEED_SUPER) 1396 + brcmf_dbg(USB, "Broadcom super speed USB wireless device detected\n"); 1397 + else if (usb->speed == USB_SPEED_HIGH) 1330 1398 brcmf_dbg(USB, "Broadcom high speed USB wireless device detected\n"); 1331 1399 else 1332 1400 brcmf_dbg(USB, "Broadcom full speed USB wireless device detected\n"); ··· 1374 1456 struct brcmf_usbdev_info *devinfo = brcmf_usb_get_businfo(&usb->dev); 1375 1457 1376 1458 brcmf_dbg(USB, "Enter\n"); 1377 - if (!brcmf_attach(devinfo->dev)) 1378 - return brcmf_bus_start(&usb->dev); 1379 - 1380 - return 0; 1459 + return brcmf_usb_bus_setup(devinfo); 1381 1460 } 1382 1461 1383 1462 static int brcmf_usb_reset_resume(struct usb_interface *intf) 1384 1463 { 1385 1464 struct usb_device *usb = interface_to_usbdev(intf); 1386 1465 struct brcmf_usbdev_info *devinfo = brcmf_usb_get_businfo(&usb->dev); 1387 - 1388 1466 brcmf_dbg(USB, "Enter\n"); 1389 1467 1390 - if (!brcmf_usb_fw_download(devinfo)) 1391 - return brcmf_usb_resume(intf); 1392 - 1393 - return -EIO; 1468 + return brcmf_fw_get_firmwares(&usb->dev, 0, 1469 + brcmf_usb_get_fwname(devinfo), NULL, 1470 + brcmf_usb_probe_phase2); 1394 1471 } 1395 1472 1396 1473 #define BRCMF_USB_VENDOR_ID_BROADCOM 0x0a5c ··· 1420 1507 .disable_hub_initiated_lpm = 1, 1421 1508 }; 1422 1509 1423 - static void brcmf_release_fw(struct list_head *q) 1424 - { 1425 - struct brcmf_usb_image *fw_image, *next; 1426 - 1427 - list_for_each_entry_safe(fw_image, next, q, list) { 1428 - vfree(fw_image->image); 1429 - list_del_init(&fw_image->list); 1430 - } 1431 - } 1432 - 1433 1510 static int brcmf_usb_reset_device(struct device *dev, void *notused) 1434 1511 { 1435 1512 /* device past is the usb interface so we ··· 1438 1535 ret = driver_for_each_device(drv, NULL, NULL, 1439 1536 brcmf_usb_reset_device); 1440 1537 usb_deregister(&brcmf_usbdrvr); 1441 - brcmf_release_fw(&fw_image_list); 1442 1538 } 1443 1539 1444 1540 void brcmf_usb_register(void) 1445 1541 { 1446 1542 brcmf_dbg(USB, "Enter\n"); 1447 - INIT_LIST_HEAD(&fw_image_list); 1448 1543 usb_register(&brcmf_usbdrvr); 1449 1544 }

+6 -5

drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c

··· 341 341 return qdbm; 342 342 } 343 343 344 - u16 chandef_to_chanspec(struct brcmu_d11inf *d11inf, 345 - struct cfg80211_chan_def *ch) 344 + static u16 chandef_to_chanspec(struct brcmu_d11inf *d11inf, 345 + struct cfg80211_chan_def *ch) 346 346 { 347 347 struct brcmu_chan ch_inf; 348 348 s32 primary_offset; ··· 640 640 if (err) 641 641 brcmf_err("Scan abort failed\n"); 642 642 } 643 + 644 + brcmf_set_mpc(ifp, 1); 645 + 643 646 /* 644 647 * e-scan can be initiated by scheduled scan 645 648 * which takes precedence. ··· 652 649 cfg->sched_escan = false; 653 650 if (!aborted) 654 651 cfg80211_sched_scan_results(cfg_to_wiphy(cfg)); 655 - brcmf_set_mpc(ifp, 1); 656 652 } else if (scan_request) { 657 653 brcmf_dbg(SCAN, "ESCAN Completed scan: %s\n", 658 654 aborted ? "Aborted" : "Done"); 659 655 cfg80211_scan_done(scan_request, aborted); 660 - brcmf_set_mpc(ifp, 1); 661 656 } 662 657 if (!test_and_clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) 663 658 brcmf_dbg(SCAN, "Scan complete, probably P2P scan\n"); ··· 3179 3178 } 3180 3179 3181 3180 if (!request->n_ssids || !request->n_match_sets) { 3182 - brcmf_err("Invalid sched scan req!! n_ssids:%d\n", 3181 + brcmf_dbg(SCAN, "Invalid sched scan req!! n_ssids:%d\n", 3183 3182 request->n_ssids); 3184 3183 return -EINVAL; 3185 3184 }

+1 -1

drivers/net/wireless/brcm80211/brcmutil/d11.c

··· 54 54 if (ch->bw == BRCMU_CHAN_BW_20) 55 55 ch->sb = BRCMU_CHAN_SB_NONE; 56 56 57 + ch->chspec = 0; 57 58 brcmu_maskset16(&ch->chspec, BRCMU_CHSPEC_CH_MASK, 58 59 BRCMU_CHSPEC_CH_SHIFT, ch->chnum); 59 60 brcmu_maskset16(&ch->chspec, BRCMU_CHSPEC_D11N_SB_MASK, ··· 62 61 brcmu_maskset16(&ch->chspec, BRCMU_CHSPEC_D11N_BW_MASK, 63 62 0, d11n_bw(ch->bw)); 64 63 65 - ch->chspec &= ~BRCMU_CHSPEC_D11N_BND_MASK; 66 64 if (ch->chnum <= CH_MAX_2G_CHANNEL) 67 65 ch->chspec |= BRCMU_CHSPEC_D11N_BND_2G; 68 66 else

+1 -1

drivers/net/wireless/mwifiex/fw.h

··· 405 405 #define HS_CFG_CANCEL 0xffffffff 406 406 #define HS_CFG_COND_DEF 0x00000000 407 407 #define HS_CFG_GPIO_DEF 0xff 408 - #define HS_CFG_GAP_DEF 0 408 + #define HS_CFG_GAP_DEF 0xff 409 409 #define HS_CFG_COND_BROADCAST_DATA 0x00000001 410 410 #define HS_CFG_COND_UNICAST_DATA 0x00000002 411 411 #define HS_CFG_COND_MAC_EVENT 0x00000004

+1 -1

drivers/net/wireless/mwifiex/main.h

··· 1099 1099 return 0; 1100 1100 1101 1101 /* Clear csa channel, if DFS channel move time has passed */ 1102 - if (jiffies > priv->csa_expire_time) { 1102 + if (time_after(jiffies, priv->csa_expire_time)) { 1103 1103 priv->csa_chan = 0; 1104 1104 priv->csa_expire_time = 0; 1105 1105 }

+19 -10

drivers/net/wireless/mwifiex/scan.c

··· 1738 1738 return 0; 1739 1739 } 1740 1740 1741 + static void mwifiex_complete_scan(struct mwifiex_private *priv) 1742 + { 1743 + struct mwifiex_adapter *adapter = priv->adapter; 1744 + 1745 + if (adapter->curr_cmd->wait_q_enabled) { 1746 + adapter->cmd_wait_q.status = 0; 1747 + if (!priv->scan_request) { 1748 + dev_dbg(adapter->dev, "complete internal scan\n"); 1749 + mwifiex_complete_cmd(adapter, adapter->curr_cmd); 1750 + } 1751 + } 1752 + } 1753 + 1741 1754 static void mwifiex_check_next_scan_command(struct mwifiex_private *priv) 1742 1755 { 1743 1756 struct mwifiex_adapter *adapter = priv->adapter; ··· 1764 1751 adapter->scan_processing = false; 1765 1752 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags); 1766 1753 1767 - /* Need to indicate IOCTL complete */ 1768 - if (adapter->curr_cmd->wait_q_enabled) { 1769 - adapter->cmd_wait_q.status = 0; 1770 - if (!priv->scan_request) { 1771 - dev_dbg(adapter->dev, 1772 - "complete internal scan\n"); 1773 - mwifiex_complete_cmd(adapter, 1774 - adapter->curr_cmd); 1775 - } 1776 - } 1754 + if (!adapter->ext_scan) 1755 + mwifiex_complete_scan(priv); 1756 + 1777 1757 if (priv->report_scan_result) 1778 1758 priv->report_scan_result = false; 1779 1759 ··· 1971 1965 int mwifiex_ret_802_11_scan_ext(struct mwifiex_private *priv) 1972 1966 { 1973 1967 dev_dbg(priv->adapter->dev, "info: EXT scan returns successfully\n"); 1968 + 1969 + mwifiex_complete_scan(priv); 1970 + 1974 1971 return 0; 1975 1972 } 1976 1973

+1

drivers/net/wireless/mwifiex/wmm.c

··· 163 163 if (!mwifiex_queuing_ra_based(priv)) { 164 164 if (mwifiex_get_tdls_link_status(priv, ra) == 165 165 TDLS_SETUP_COMPLETE) { 166 + ra_list->tdls_link = true; 166 167 ra_list->is_11n_enabled = 167 168 mwifiex_tdls_peer_11n_enabled(priv, ra); 168 169 } else {

+1 -1

drivers/net/wireless/rsi/rsi_common.h

··· 63 63 u8 *name) 64 64 { 65 65 init_completion(&thread->completion); 66 - thread->task = kthread_run(func_ptr, common, name); 66 + thread->task = kthread_run(func_ptr, common, "%s", name); 67 67 if (IS_ERR(thread->task)) 68 68 return (int)PTR_ERR(thread->task); 69 69

-3

drivers/net/wireless/rtlwifi/rtl8192cu/sw.c

··· 395 395 /* .resume = rtl_usb_resume, */ 396 396 /* .reset_resume = rtl8192c_resume, */ 397 397 #endif /* CONFIG_PM */ 398 - #ifdef CONFIG_AUTOSUSPEND 399 - .supports_autosuspend = 1, 400 - #endif 401 398 .disable_hub_initiated_lpm = 1, 402 399 }; 403 400

-1

drivers/net/wireless/rtlwifi/rtl8723ae/hal_bt_coexist.c

··· 32 32 #include "dm.h" 33 33 #include "fw.h" 34 34 #include "../rtl8723com/fw_common.h" 35 - #include "../rtl8723com/fw_common.h" 36 35 #include "phy.h" 37 36 #include "reg.h" 38 37 #include "hal_btc.h"

-1

drivers/net/wireless/rtlwifi/rtl8723be/trx.c

··· 33 33 #include "trx.h" 34 34 #include "led.h" 35 35 #include "dm.h" 36 - #include "phy.h" 37 36 38 37 static u8 _rtl8723be_map_hwqueue_to_fwqueue(struct sk_buff *skb, u8 hw_queue) 39 38 {

+35 -1

drivers/nfc/port100.c

··· 28 28 NFC_PROTO_MIFARE_MASK | \ 29 29 NFC_PROTO_FELICA_MASK | \ 30 30 NFC_PROTO_NFC_DEP_MASK | \ 31 - NFC_PROTO_ISO14443_MASK) 31 + NFC_PROTO_ISO14443_MASK | \ 32 + NFC_PROTO_ISO14443_B_MASK) 32 33 33 34 #define PORT100_CAPABILITIES (NFC_DIGITAL_DRV_CAPS_IN_CRC | \ 34 35 NFC_DIGITAL_DRV_CAPS_TG_CRC) ··· 121 120 #define PORT100_COMM_TYPE_IN_212F 0x01 122 121 #define PORT100_COMM_TYPE_IN_424F 0x02 123 122 #define PORT100_COMM_TYPE_IN_106A 0x03 123 + #define PORT100_COMM_TYPE_IN_106B 0x07 124 124 125 125 static const struct port100_in_rf_setting in_rf_settings[] = { 126 126 [NFC_DIGITAL_RF_TECH_212F] = { ··· 141 139 .in_send_comm_type = PORT100_COMM_TYPE_IN_106A, 142 140 .in_recv_set_number = 15, 143 141 .in_recv_comm_type = PORT100_COMM_TYPE_IN_106A, 142 + }, 143 + [NFC_DIGITAL_RF_TECH_106B] = { 144 + .in_send_set_number = 3, 145 + .in_send_comm_type = PORT100_COMM_TYPE_IN_106B, 146 + .in_recv_set_number = 15, 147 + .in_recv_comm_type = PORT100_COMM_TYPE_IN_106B, 144 148 }, 145 149 /* Ensures the array has NFC_DIGITAL_RF_TECH_LAST elements */ 146 150 [NFC_DIGITAL_RF_TECH_LAST] = { 0 }, ··· 347 339 }, 348 340 [NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED] = { 349 341 { PORT100_IN_PROT_END, 0 }, 342 + }, 343 + [NFC_DIGITAL_FRAMING_NFCB] = { 344 + { PORT100_IN_PROT_INITIAL_GUARD_TIME, 20 }, 345 + { PORT100_IN_PROT_ADD_CRC, 1 }, 346 + { PORT100_IN_PROT_CHECK_CRC, 1 }, 347 + { PORT100_IN_PROT_MULTI_CARD, 0 }, 348 + { PORT100_IN_PROT_ADD_PARITY, 0 }, 349 + { PORT100_IN_PROT_CHECK_PARITY, 0 }, 350 + { PORT100_IN_PROT_BITWISE_AC_RECV_MODE, 0 }, 351 + { PORT100_IN_PROT_VALID_BIT_NUMBER, 8 }, 352 + { PORT100_IN_PROT_CRYPTO1, 0 }, 353 + { PORT100_IN_PROT_ADD_SOF, 1 }, 354 + { PORT100_IN_PROT_CHECK_SOF, 1 }, 355 + { PORT100_IN_PROT_ADD_EOF, 1 }, 356 + { PORT100_IN_PROT_CHECK_EOF, 1 }, 357 + { PORT100_IN_PROT_DEAF_TIME, 4 }, 358 + { PORT100_IN_PROT_CRM, 0 }, 359 + { PORT100_IN_PROT_CRM_MIN_LEN, 0 }, 360 + { PORT100_IN_PROT_T1_TAG_FRAME, 0 }, 361 + { PORT100_IN_PROT_RFCA, 0 }, 362 + { PORT100_IN_PROT_GUARD_TIME_AT_INITIATOR, 6 }, 363 + { PORT100_IN_PROT_END, 0 }, 364 + }, 365 + [NFC_DIGITAL_FRAMING_NFCB_T4T] = { 366 + /* nfc_digital_framing_nfcb */ 367 + { PORT100_IN_PROT_END, 0 }, 350 368 }, 351 369 /* Ensures the array has NFC_DIGITAL_FRAMING_LAST elements */ 352 370 [NFC_DIGITAL_FRAMING_LAST] = {

+12 -1

drivers/nfc/trf7970a.c

··· 105 105 106 106 #define TRF7970A_SUPPORTED_PROTOCOLS \ 107 107 (NFC_PROTO_MIFARE_MASK | NFC_PROTO_ISO14443_MASK | \ 108 - NFC_PROTO_ISO14443_B_MASK | NFC_PROTO_ISO15693_MASK) 108 + NFC_PROTO_ISO14443_B_MASK | NFC_PROTO_FELICA_MASK | \ 109 + NFC_PROTO_ISO15693_MASK) 109 110 110 111 #define TRF7970A_AUTOSUSPEND_DELAY 30000 /* 30 seconds */ 111 112 ··· 868 867 trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_14443B_106; 869 868 trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_DEPTH_ASK10; 870 869 break; 870 + case NFC_DIGITAL_RF_TECH_212F: 871 + trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_FELICA_212; 872 + trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_DEPTH_ASK10; 873 + break; 874 + case NFC_DIGITAL_RF_TECH_424F: 875 + trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_FELICA_424; 876 + trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_DEPTH_ASK10; 877 + break; 871 878 case NFC_DIGITAL_RF_TECH_ISO15693: 872 879 trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_15693_SGL_1OF4_2648; 873 880 trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_DEPTH_OOK; ··· 907 898 case NFC_DIGITAL_FRAMING_NFCA_T4T: 908 899 case NFC_DIGITAL_FRAMING_NFCB: 909 900 case NFC_DIGITAL_FRAMING_NFCB_T4T: 901 + case NFC_DIGITAL_FRAMING_NFCF: 902 + case NFC_DIGITAL_FRAMING_NFCF_T3T: 910 903 case NFC_DIGITAL_FRAMING_ISO15693_INVENTORY: 911 904 case NFC_DIGITAL_FRAMING_ISO15693_T5T: 912 905 trf->tx_cmd = TRF7970A_CMD_TRANSMIT;

+1

include/linux/ieee80211.h

··· 1711 1711 WLAN_EID_RRM_ENABLED_CAPABILITIES = 70, 1712 1712 WLAN_EID_MULTIPLE_BSSID = 71, 1713 1713 WLAN_EID_BSS_COEX_2040 = 72, 1714 + WLAN_EID_BSS_INTOLERANT_CHL_REPORT = 73, 1714 1715 WLAN_EID_OVERLAP_BSS_SCAN_PARAM = 74, 1715 1716 WLAN_EID_RIC_DESCRIPTOR = 75, 1716 1717 WLAN_EID_MMIE = 76,

+21

include/net/bluetooth/hci.h

··· 1054 1054 __le16 window; 1055 1055 } __packed; 1056 1056 1057 + #define HCI_OP_READ_TX_POWER 0x0c2d 1058 + struct hci_cp_read_tx_power { 1059 + __le16 handle; 1060 + __u8 type; 1061 + } __packed; 1062 + struct hci_rp_read_tx_power { 1063 + __u8 status; 1064 + __le16 handle; 1065 + __s8 tx_power; 1066 + } __packed; 1067 + 1057 1068 #define HCI_OP_READ_PAGE_SCAN_TYPE 0x0c46 1058 1069 struct hci_rp_read_page_scan_type { 1059 1070 __u8 status; ··· 1074 1063 #define HCI_OP_WRITE_PAGE_SCAN_TYPE 0x0c47 1075 1064 #define PAGE_SCAN_TYPE_STANDARD 0x00 1076 1065 #define PAGE_SCAN_TYPE_INTERLACED 0x01 1066 + 1067 + #define HCI_OP_READ_RSSI 0x1405 1068 + struct hci_cp_read_rssi { 1069 + __le16 handle; 1070 + } __packed; 1071 + struct hci_rp_read_rssi { 1072 + __u8 status; 1073 + __le16 handle; 1074 + __s8 rssi; 1075 + } __packed; 1077 1076 1078 1077 #define HCI_OP_READ_LOCAL_AMP_INFO 0x1409 1079 1078 struct hci_rp_read_local_amp_info {

+11

include/net/bluetooth/hci_core.h

··· 145 145 /* Default LE RPA expiry time, 15 minutes */ 146 146 #define HCI_DEFAULT_RPA_TIMEOUT (15 * 60) 147 147 148 + /* Default min/max age of connection information (1s/3s) */ 149 + #define DEFAULT_CONN_INFO_MIN_AGE 1000 150 + #define DEFAULT_CONN_INFO_MAX_AGE 3000 151 + 148 152 struct amp_assoc { 149 153 __u16 len; 150 154 __u16 offset; ··· 204 200 __u16 le_conn_min_interval; 205 201 __u16 le_conn_max_interval; 206 202 __u16 discov_interleaved_timeout; 203 + __u16 conn_info_min_age; 204 + __u16 conn_info_max_age; 207 205 __u8 ssp_debug_mode; 208 206 209 207 __u16 devid_source; ··· 380 374 __u16 setting; 381 375 __u16 le_conn_min_interval; 382 376 __u16 le_conn_max_interval; 377 + __s8 rssi; 378 + __s8 tx_power; 379 + __s8 max_tx_power; 383 380 unsigned long flags; 381 + 382 + unsigned long conn_info_timestamp; 384 383 385 384 __u8 remote_cap; 386 385 __u8 remote_auth;

+15

include/net/bluetooth/mgmt.h

··· 181 181 } __packed; 182 182 #define MGMT_LOAD_LINK_KEYS_SIZE 3 183 183 184 + #define MGMT_LTK_UNAUTHENTICATED 0x00 185 + #define MGMT_LTK_AUTHENTICATED 0x01 186 + 184 187 struct mgmt_ltk_info { 185 188 struct mgmt_addr_info addr; 186 189 __u8 type; ··· 411 408 struct mgmt_irk_info irks[0]; 412 409 } __packed; 413 410 #define MGMT_LOAD_IRKS_SIZE 2 411 + 412 + #define MGMT_OP_GET_CONN_INFO 0x0031 413 + struct mgmt_cp_get_conn_info { 414 + struct mgmt_addr_info addr; 415 + } __packed; 416 + #define MGMT_GET_CONN_INFO_SIZE MGMT_ADDR_INFO_SIZE 417 + struct mgmt_rp_get_conn_info { 418 + struct mgmt_addr_info addr; 419 + __s8 rssi; 420 + __s8 tx_power; 421 + __s8 max_tx_power; 422 + } __packed; 414 423 415 424 #define MGMT_EV_CMD_COMPLETE 0x0001 416 425 struct mgmt_ev_cmd_complete {

+3 -3

include/net/bluetooth/rfcomm.h

··· 173 173 struct sk_buff_head tx_queue; 174 174 struct timer_list timer; 175 175 176 - spinlock_t lock; 176 + struct mutex lock; 177 177 unsigned long state; 178 178 unsigned long flags; 179 179 atomic_t refcnt; ··· 244 244 void rfcomm_dlc_accept(struct rfcomm_dlc *d); 245 245 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel); 246 246 247 - #define rfcomm_dlc_lock(d) spin_lock(&d->lock) 248 - #define rfcomm_dlc_unlock(d) spin_unlock(&d->lock) 247 + #define rfcomm_dlc_lock(d) mutex_lock(&d->lock) 248 + #define rfcomm_dlc_unlock(d) mutex_unlock(&d->lock) 249 249 250 250 static inline void rfcomm_dlc_hold(struct rfcomm_dlc *d) 251 251 {

+46

include/net/mac80211.h

··· 189 189 }; 190 190 191 191 /** 192 + * enum ieee80211_chanctx_switch_mode - channel context switch mode 193 + * @CHANCTX_SWMODE_REASSIGN_VIF: Both old and new contexts already 194 + * exist (and will continue to exist), but the virtual interface 195 + * needs to be switched from one to the other. 196 + * @CHANCTX_SWMODE_SWAP_CONTEXTS: The old context exists but will stop 197 + * to exist with this call, the new context doesn't exist but 198 + * will be active after this call, the virtual interface switches 199 + * from the old to the new (note that the driver may of course 200 + * implement this as an on-the-fly chandef switch of the existing 201 + * hardware context, but the mac80211 pointer for the old context 202 + * will cease to exist and only the new one will later be used 203 + * for changes/removal.) 204 + */ 205 + enum ieee80211_chanctx_switch_mode { 206 + CHANCTX_SWMODE_REASSIGN_VIF, 207 + CHANCTX_SWMODE_SWAP_CONTEXTS, 208 + }; 209 + 210 + /** 211 + * struct ieee80211_vif_chanctx_switch - vif chanctx switch information 212 + * 213 + * This is structure is used to pass information about a vif that 214 + * needs to switch from one chanctx to another. The 215 + * &ieee80211_chanctx_switch_mode defines how the switch should be 216 + * done. 217 + * 218 + * @vif: the vif that should be switched from old_ctx to new_ctx 219 + * @old_ctx: the old context to which the vif was assigned 220 + * @new_ctx: the new context to which the vif must be assigned 221 + */ 222 + struct ieee80211_vif_chanctx_switch { 223 + struct ieee80211_vif *vif; 224 + struct ieee80211_chanctx_conf *old_ctx; 225 + struct ieee80211_chanctx_conf *new_ctx; 226 + }; 227 + 228 + /** 192 229 * enum ieee80211_bss_change - BSS change notification flags 193 230 * 194 231 * These flags are used with the bss_info_changed() callback ··· 2773 2736 * to vif. Possible use is for hw queue remapping. 2774 2737 * @unassign_vif_chanctx: Notifies device driver about channel context being 2775 2738 * unbound from vif. 2739 + * @switch_vif_chanctx: switch a number of vifs from one chanctx to 2740 + * another, as specified in the list of 2741 + * @ieee80211_vif_chanctx_switch passed to the driver, according 2742 + * to the mode defined in &ieee80211_chanctx_switch_mode. 2743 + * 2776 2744 * @start_ap: Start operation on the AP interface, this is called after all the 2777 2745 * information in bss_conf is set and beacon can be retrieved. A channel 2778 2746 * context is bound before this is called. Note that if the driver uses ··· 2994 2952 void (*unassign_vif_chanctx)(struct ieee80211_hw *hw, 2995 2953 struct ieee80211_vif *vif, 2996 2954 struct ieee80211_chanctx_conf *ctx); 2955 + int (*switch_vif_chanctx)(struct ieee80211_hw *hw, 2956 + struct ieee80211_vif_chanctx_switch *vifs, 2957 + int n_vifs, 2958 + enum ieee80211_chanctx_switch_mode mode); 2997 2959 2998 2960 void (*restart_complete)(struct ieee80211_hw *hw); 2999 2961

+3

net/bluetooth/hci_conn.c

··· 28 28 29 29 #include <net/bluetooth/bluetooth.h> 30 30 #include <net/bluetooth/hci_core.h> 31 + #include <net/bluetooth/l2cap.h> 31 32 32 33 #include "smp.h" 33 34 #include "a2mp.h" ··· 408 407 conn->io_capability = hdev->io_capability; 409 408 conn->remote_auth = 0xff; 410 409 conn->key_type = 0xff; 410 + conn->tx_power = HCI_TX_POWER_INVALID; 411 + conn->max_tx_power = HCI_TX_POWER_INVALID; 411 412 412 413 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); 413 414 conn->disc_timeout = HCI_DISCONN_TIMEOUT;

+64

net/bluetooth/hci_core.c

··· 34 34 35 35 #include <net/bluetooth/bluetooth.h> 36 36 #include <net/bluetooth/hci_core.h> 37 + #include <net/bluetooth/l2cap.h> 37 38 38 39 #include "smp.h" 39 40 ··· 579 578 580 579 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get, 581 580 sniff_max_interval_set, "%llu\n"); 581 + 582 + static int conn_info_min_age_set(void *data, u64 val) 583 + { 584 + struct hci_dev *hdev = data; 585 + 586 + if (val == 0 || val > hdev->conn_info_max_age) 587 + return -EINVAL; 588 + 589 + hci_dev_lock(hdev); 590 + hdev->conn_info_min_age = val; 591 + hci_dev_unlock(hdev); 592 + 593 + return 0; 594 + } 595 + 596 + static int conn_info_min_age_get(void *data, u64 *val) 597 + { 598 + struct hci_dev *hdev = data; 599 + 600 + hci_dev_lock(hdev); 601 + *val = hdev->conn_info_min_age; 602 + hci_dev_unlock(hdev); 603 + 604 + return 0; 605 + } 606 + 607 + DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get, 608 + conn_info_min_age_set, "%llu\n"); 609 + 610 + static int conn_info_max_age_set(void *data, u64 val) 611 + { 612 + struct hci_dev *hdev = data; 613 + 614 + if (val == 0 || val < hdev->conn_info_min_age) 615 + return -EINVAL; 616 + 617 + hci_dev_lock(hdev); 618 + hdev->conn_info_max_age = val; 619 + hci_dev_unlock(hdev); 620 + 621 + return 0; 622 + } 623 + 624 + static int conn_info_max_age_get(void *data, u64 *val) 625 + { 626 + struct hci_dev *hdev = data; 627 + 628 + hci_dev_lock(hdev); 629 + *val = hdev->conn_info_max_age; 630 + hci_dev_unlock(hdev); 631 + 632 + return 0; 633 + } 634 + 635 + DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get, 636 + conn_info_max_age_set, "%llu\n"); 582 637 583 638 static int identity_show(struct seq_file *f, void *p) 584 639 { ··· 1810 1753 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev, 1811 1754 &blacklist_fops); 1812 1755 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops); 1756 + 1757 + debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev, 1758 + &conn_info_min_age_fops); 1759 + debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev, 1760 + &conn_info_max_age_fops); 1813 1761 1814 1762 if (lmp_bredr_capable(hdev)) { 1815 1763 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs, ··· 3851 3789 3852 3790 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT; 3853 3791 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT; 3792 + hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE; 3793 + hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE; 3854 3794 3855 3795 mutex_init(&hdev->lock); 3856 3796 mutex_init(&hdev->req_lock);

+61

net/bluetooth/hci_event.c

··· 1245 1245 amp_write_rem_assoc_continue(hdev, rp->phy_handle); 1246 1246 } 1247 1247 1248 + static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb) 1249 + { 1250 + struct hci_rp_read_rssi *rp = (void *) skb->data; 1251 + struct hci_conn *conn; 1252 + 1253 + BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1254 + 1255 + if (rp->status) 1256 + return; 1257 + 1258 + hci_dev_lock(hdev); 1259 + 1260 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 1261 + if (conn) 1262 + conn->rssi = rp->rssi; 1263 + 1264 + hci_dev_unlock(hdev); 1265 + } 1266 + 1267 + static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb) 1268 + { 1269 + struct hci_cp_read_tx_power *sent; 1270 + struct hci_rp_read_tx_power *rp = (void *) skb->data; 1271 + struct hci_conn *conn; 1272 + 1273 + BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 1274 + 1275 + if (rp->status) 1276 + return; 1277 + 1278 + sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 1279 + if (!sent) 1280 + return; 1281 + 1282 + hci_dev_lock(hdev); 1283 + 1284 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 1285 + if (!conn) 1286 + goto unlock; 1287 + 1288 + switch (sent->type) { 1289 + case 0x00: 1290 + conn->tx_power = rp->tx_power; 1291 + break; 1292 + case 0x01: 1293 + conn->max_tx_power = rp->tx_power; 1294 + break; 1295 + } 1296 + 1297 + unlock: 1298 + hci_dev_unlock(hdev); 1299 + } 1300 + 1248 1301 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1249 1302 { 1250 1303 BT_DBG("%s status 0x%2.2x", hdev->name, status); ··· 2688 2635 2689 2636 case HCI_OP_WRITE_REMOTE_AMP_ASSOC: 2690 2637 hci_cc_write_remote_amp_assoc(hdev, skb); 2638 + break; 2639 + 2640 + case HCI_OP_READ_RSSI: 2641 + hci_cc_read_rssi(hdev, skb); 2642 + break; 2643 + 2644 + case HCI_OP_READ_TX_POWER: 2645 + hci_cc_read_tx_power(hdev, skb); 2691 2646 break; 2692 2647 2693 2648 default:

+232 -4

net/bluetooth/mgmt.c

··· 29 29 30 30 #include <net/bluetooth/bluetooth.h> 31 31 #include <net/bluetooth/hci_core.h> 32 + #include <net/bluetooth/l2cap.h> 32 33 #include <net/bluetooth/mgmt.h> 33 34 34 35 #include "smp.h" 35 36 36 37 #define MGMT_VERSION 1 37 - #define MGMT_REVISION 5 38 + #define MGMT_REVISION 6 38 39 39 40 static const u16 mgmt_commands[] = { 40 41 MGMT_OP_READ_INDEX_LIST, ··· 84 83 MGMT_OP_SET_DEBUG_KEYS, 85 84 MGMT_OP_SET_PRIVACY, 86 85 MGMT_OP_LOAD_IRKS, 86 + MGMT_OP_GET_CONN_INFO, 87 87 }; 88 88 89 89 static const u16 mgmt_events[] = { ··· 4534 4532 4535 4533 for (i = 0; i < key_count; i++) { 4536 4534 struct mgmt_ltk_info *key = &cp->keys[i]; 4537 - u8 type, addr_type; 4535 + u8 type, addr_type, authenticated; 4538 4536 4539 4537 if (key->addr.type == BDADDR_LE_PUBLIC) 4540 4538 addr_type = ADDR_LE_DEV_PUBLIC; ··· 4546 4544 else 4547 4545 type = HCI_SMP_LTK_SLAVE; 4548 4546 4547 + if (key->type == MGMT_LTK_UNAUTHENTICATED) 4548 + authenticated = 0x00; 4549 + else 4550 + authenticated = 0x01; 4551 + 4549 4552 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type, 4550 - key->type, key->val, key->enc_size, key->ediv, 4553 + authenticated, key->val, key->enc_size, key->ediv, 4551 4554 key->rand); 4552 4555 } 4553 4556 ··· 4561 4554 4562 4555 hci_dev_unlock(hdev); 4563 4556 4557 + return err; 4558 + } 4559 + 4560 + struct cmd_conn_lookup { 4561 + struct hci_conn *conn; 4562 + bool valid_tx_power; 4563 + u8 mgmt_status; 4564 + }; 4565 + 4566 + static void get_conn_info_complete(struct pending_cmd *cmd, void *data) 4567 + { 4568 + struct cmd_conn_lookup *match = data; 4569 + struct mgmt_cp_get_conn_info *cp; 4570 + struct mgmt_rp_get_conn_info rp; 4571 + struct hci_conn *conn = cmd->user_data; 4572 + 4573 + if (conn != match->conn) 4574 + return; 4575 + 4576 + cp = (struct mgmt_cp_get_conn_info *) cmd->param; 4577 + 4578 + memset(&rp, 0, sizeof(rp)); 4579 + bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4580 + rp.addr.type = cp->addr.type; 4581 + 4582 + if (!match->mgmt_status) { 4583 + rp.rssi = conn->rssi; 4584 + 4585 + if (match->valid_tx_power) { 4586 + rp.tx_power = conn->tx_power; 4587 + rp.max_tx_power = conn->max_tx_power; 4588 + } else { 4589 + rp.tx_power = HCI_TX_POWER_INVALID; 4590 + rp.max_tx_power = HCI_TX_POWER_INVALID; 4591 + } 4592 + } 4593 + 4594 + cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 4595 + match->mgmt_status, &rp, sizeof(rp)); 4596 + 4597 + hci_conn_drop(conn); 4598 + 4599 + mgmt_pending_remove(cmd); 4600 + } 4601 + 4602 + static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status) 4603 + { 4604 + struct hci_cp_read_rssi *cp; 4605 + struct hci_conn *conn; 4606 + struct cmd_conn_lookup match; 4607 + u16 handle; 4608 + 4609 + BT_DBG("status 0x%02x", status); 4610 + 4611 + hci_dev_lock(hdev); 4612 + 4613 + /* TX power data is valid in case request completed successfully, 4614 + * otherwise we assume it's not valid. At the moment we assume that 4615 + * either both or none of current and max values are valid to keep code 4616 + * simple. 4617 + */ 4618 + match.valid_tx_power = !status; 4619 + 4620 + /* Commands sent in request are either Read RSSI or Read Transmit Power 4621 + * Level so we check which one was last sent to retrieve connection 4622 + * handle. Both commands have handle as first parameter so it's safe to 4623 + * cast data on the same command struct. 4624 + * 4625 + * First command sent is always Read RSSI and we fail only if it fails. 4626 + * In other case we simply override error to indicate success as we 4627 + * already remembered if TX power value is actually valid. 4628 + */ 4629 + cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 4630 + if (!cp) { 4631 + cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 4632 + status = 0; 4633 + } 4634 + 4635 + if (!cp) { 4636 + BT_ERR("invalid sent_cmd in response"); 4637 + goto unlock; 4638 + } 4639 + 4640 + handle = __le16_to_cpu(cp->handle); 4641 + conn = hci_conn_hash_lookup_handle(hdev, handle); 4642 + if (!conn) { 4643 + BT_ERR("unknown handle (%d) in response", handle); 4644 + goto unlock; 4645 + } 4646 + 4647 + match.conn = conn; 4648 + match.mgmt_status = mgmt_status(status); 4649 + 4650 + /* Cache refresh is complete, now reply for mgmt request for given 4651 + * connection only. 4652 + */ 4653 + mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev, 4654 + get_conn_info_complete, &match); 4655 + 4656 + unlock: 4657 + hci_dev_unlock(hdev); 4658 + } 4659 + 4660 + static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 4661 + u16 len) 4662 + { 4663 + struct mgmt_cp_get_conn_info *cp = data; 4664 + struct mgmt_rp_get_conn_info rp; 4665 + struct hci_conn *conn; 4666 + unsigned long conn_info_age; 4667 + int err = 0; 4668 + 4669 + BT_DBG("%s", hdev->name); 4670 + 4671 + memset(&rp, 0, sizeof(rp)); 4672 + bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4673 + rp.addr.type = cp->addr.type; 4674 + 4675 + if (!bdaddr_type_is_valid(cp->addr.type)) 4676 + return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4677 + MGMT_STATUS_INVALID_PARAMS, 4678 + &rp, sizeof(rp)); 4679 + 4680 + hci_dev_lock(hdev); 4681 + 4682 + if (!hdev_is_powered(hdev)) { 4683 + err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4684 + MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 4685 + goto unlock; 4686 + } 4687 + 4688 + if (cp->addr.type == BDADDR_BREDR) 4689 + conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4690 + &cp->addr.bdaddr); 4691 + else 4692 + conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 4693 + 4694 + if (!conn || conn->state != BT_CONNECTED) { 4695 + err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4696 + MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp)); 4697 + goto unlock; 4698 + } 4699 + 4700 + /* To avoid client trying to guess when to poll again for information we 4701 + * calculate conn info age as random value between min/max set in hdev. 4702 + */ 4703 + conn_info_age = hdev->conn_info_min_age + 4704 + prandom_u32_max(hdev->conn_info_max_age - 4705 + hdev->conn_info_min_age); 4706 + 4707 + /* Query controller to refresh cached values if they are too old or were 4708 + * never read. 4709 + */ 4710 + if (time_after(jiffies, conn->conn_info_timestamp + 4711 + msecs_to_jiffies(conn_info_age)) || 4712 + !conn->conn_info_timestamp) { 4713 + struct hci_request req; 4714 + struct hci_cp_read_tx_power req_txp_cp; 4715 + struct hci_cp_read_rssi req_rssi_cp; 4716 + struct pending_cmd *cmd; 4717 + 4718 + hci_req_init(&req, hdev); 4719 + req_rssi_cp.handle = cpu_to_le16(conn->handle); 4720 + hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 4721 + &req_rssi_cp); 4722 + 4723 + /* For LE links TX power does not change thus we don't need to 4724 + * query for it once value is known. 4725 + */ 4726 + if (!bdaddr_type_is_le(cp->addr.type) || 4727 + conn->tx_power == HCI_TX_POWER_INVALID) { 4728 + req_txp_cp.handle = cpu_to_le16(conn->handle); 4729 + req_txp_cp.type = 0x00; 4730 + hci_req_add(&req, HCI_OP_READ_TX_POWER, 4731 + sizeof(req_txp_cp), &req_txp_cp); 4732 + } 4733 + 4734 + /* Max TX power needs to be read only once per connection */ 4735 + if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 4736 + req_txp_cp.handle = cpu_to_le16(conn->handle); 4737 + req_txp_cp.type = 0x01; 4738 + hci_req_add(&req, HCI_OP_READ_TX_POWER, 4739 + sizeof(req_txp_cp), &req_txp_cp); 4740 + } 4741 + 4742 + err = hci_req_run(&req, conn_info_refresh_complete); 4743 + if (err < 0) 4744 + goto unlock; 4745 + 4746 + cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 4747 + data, len); 4748 + if (!cmd) { 4749 + err = -ENOMEM; 4750 + goto unlock; 4751 + } 4752 + 4753 + hci_conn_hold(conn); 4754 + cmd->user_data = conn; 4755 + 4756 + conn->conn_info_timestamp = jiffies; 4757 + } else { 4758 + /* Cache is valid, just reply with values cached in hci_conn */ 4759 + rp.rssi = conn->rssi; 4760 + rp.tx_power = conn->tx_power; 4761 + rp.max_tx_power = conn->max_tx_power; 4762 + 4763 + err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4764 + MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4765 + } 4766 + 4767 + unlock: 4768 + hci_dev_unlock(hdev); 4564 4769 return err; 4565 4770 } 4566 4771 ··· 4831 4612 { set_debug_keys, false, MGMT_SETTING_SIZE }, 4832 4613 { set_privacy, false, MGMT_SET_PRIVACY_SIZE }, 4833 4614 { load_irks, true, MGMT_LOAD_IRKS_SIZE }, 4615 + { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE }, 4834 4616 }; 4835 4617 4836 4618 ··· 5227 5007 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 5228 5008 } 5229 5009 5010 + static u8 mgmt_ltk_type(struct smp_ltk *ltk) 5011 + { 5012 + if (ltk->authenticated) 5013 + return MGMT_LTK_AUTHENTICATED; 5014 + 5015 + return MGMT_LTK_UNAUTHENTICATED; 5016 + } 5017 + 5230 5018 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 5231 5019 { 5232 5020 struct mgmt_ev_new_long_term_key ev; ··· 5260 5032 5261 5033 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 5262 5034 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 5263 - ev.key.type = key->authenticated; 5035 + ev.key.type = mgmt_ltk_type(key); 5264 5036 ev.key.enc_size = key->enc_size; 5265 5037 ev.key.ediv = key->ediv; 5266 5038 ev.key.rand = key->rand;

+1 -1

net/bluetooth/rfcomm/core.c

··· 307 307 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 308 308 309 309 skb_queue_head_init(&d->tx_queue); 310 - spin_lock_init(&d->lock); 310 + mutex_init(&d->lock); 311 311 atomic_set(&d->refcnt, 1); 312 312 313 313 rfcomm_dlc_clear_state(d);

+10 -10

net/bluetooth/rfcomm/tty.c

··· 70 70 }; 71 71 72 72 static LIST_HEAD(rfcomm_dev_list); 73 - static DEFINE_SPINLOCK(rfcomm_dev_lock); 73 + static DEFINE_MUTEX(rfcomm_dev_lock); 74 74 75 75 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 76 76 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); ··· 96 96 if (dev->tty_dev) 97 97 tty_unregister_device(rfcomm_tty_driver, dev->id); 98 98 99 - spin_lock(&rfcomm_dev_lock); 99 + mutex_lock(&rfcomm_dev_lock); 100 100 list_del(&dev->list); 101 - spin_unlock(&rfcomm_dev_lock); 101 + mutex_unlock(&rfcomm_dev_lock); 102 102 103 103 kfree(dev); 104 104 ··· 161 161 { 162 162 struct rfcomm_dev *dev; 163 163 164 - spin_lock(&rfcomm_dev_lock); 164 + mutex_lock(&rfcomm_dev_lock); 165 165 166 166 dev = __rfcomm_dev_lookup(id); 167 167 168 168 if (dev && !tty_port_get(&dev->port)) 169 169 dev = NULL; 170 170 171 - spin_unlock(&rfcomm_dev_lock); 171 + mutex_unlock(&rfcomm_dev_lock); 172 172 173 173 return dev; 174 174 } ··· 224 224 if (!dev) 225 225 return ERR_PTR(-ENOMEM); 226 226 227 - spin_lock(&rfcomm_dev_lock); 227 + mutex_lock(&rfcomm_dev_lock); 228 228 229 229 if (req->dev_id < 0) { 230 230 dev->id = 0; ··· 305 305 holds reference to this module. */ 306 306 __module_get(THIS_MODULE); 307 307 308 - spin_unlock(&rfcomm_dev_lock); 308 + mutex_unlock(&rfcomm_dev_lock); 309 309 return dev; 310 310 311 311 out: 312 - spin_unlock(&rfcomm_dev_lock); 312 + mutex_unlock(&rfcomm_dev_lock); 313 313 kfree(dev); 314 314 return ERR_PTR(err); 315 315 } ··· 524 524 525 525 di = dl->dev_info; 526 526 527 - spin_lock(&rfcomm_dev_lock); 527 + mutex_lock(&rfcomm_dev_lock); 528 528 529 529 list_for_each_entry(dev, &rfcomm_dev_list, list) { 530 530 if (!tty_port_get(&dev->port)) ··· 540 540 break; 541 541 } 542 542 543 - spin_unlock(&rfcomm_dev_lock); 543 + mutex_unlock(&rfcomm_dev_lock); 544 544 545 545 dl->dev_num = n; 546 546 size = sizeof(*dl) + n * sizeof(*di);

+77 -76

net/bluetooth/smp.c

··· 35 35 36 36 #define AUTH_REQ_MASK 0x07 37 37 38 + #define SMP_FLAG_TK_VALID 1 39 + #define SMP_FLAG_CFM_PENDING 2 40 + #define SMP_FLAG_MITM_AUTH 3 41 + #define SMP_FLAG_COMPLETE 4 42 + #define SMP_FLAG_INITIATOR 5 43 + 44 + struct smp_chan { 45 + struct l2cap_conn *conn; 46 + u8 preq[7]; /* SMP Pairing Request */ 47 + u8 prsp[7]; /* SMP Pairing Response */ 48 + u8 prnd[16]; /* SMP Pairing Random (local) */ 49 + u8 rrnd[16]; /* SMP Pairing Random (remote) */ 50 + u8 pcnf[16]; /* SMP Pairing Confirm */ 51 + u8 tk[16]; /* SMP Temporary Key */ 52 + u8 enc_key_size; 53 + u8 remote_key_dist; 54 + bdaddr_t id_addr; 55 + u8 id_addr_type; 56 + u8 irk[16]; 57 + struct smp_csrk *csrk; 58 + struct smp_csrk *slave_csrk; 59 + struct smp_ltk *ltk; 60 + struct smp_ltk *slave_ltk; 61 + struct smp_irk *remote_irk; 62 + unsigned long flags; 63 + }; 64 + 38 65 static inline void swap128(const u8 src[16], u8 dst[16]) 39 66 { 40 67 int i; ··· 396 369 397 370 /* Initialize key for JUST WORKS */ 398 371 memset(smp->tk, 0, sizeof(smp->tk)); 399 - clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags); 372 + clear_bit(SMP_FLAG_TK_VALID, &smp->flags); 400 373 401 374 BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io); 402 375 ··· 415 388 method = JUST_WORKS; 416 389 417 390 /* Don't confirm locally initiated pairing attempts */ 418 - if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, 419 - &smp->smp_flags)) 391 + if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags)) 420 392 method = JUST_WORKS; 421 393 422 394 /* If Just Works, Continue with Zero TK */ 423 395 if (method == JUST_WORKS) { 424 - set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags); 396 + set_bit(SMP_FLAG_TK_VALID, &smp->flags); 425 397 return 0; 426 398 } 427 399 428 400 /* Not Just Works/Confirm results in MITM Authentication */ 429 401 if (method != JUST_CFM) 430 - set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags); 402 + set_bit(SMP_FLAG_MITM_AUTH, &smp->flags); 431 403 432 404 /* If both devices have Keyoard-Display I/O, the master 433 405 * Confirms and the slave Enters the passkey. ··· 445 419 passkey %= 1000000; 446 420 put_unaligned_le32(passkey, smp->tk); 447 421 BT_DBG("PassKey: %d", passkey); 448 - set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags); 422 + set_bit(SMP_FLAG_TK_VALID, &smp->flags); 449 423 } 450 424 451 425 hci_dev_lock(hcon->hdev); ··· 467 441 return ret; 468 442 } 469 443 470 - static void confirm_work(struct work_struct *work) 444 + static u8 smp_confirm(struct smp_chan *smp) 471 445 { 472 - struct smp_chan *smp = container_of(work, struct smp_chan, confirm); 473 446 struct l2cap_conn *conn = smp->conn; 474 447 struct hci_dev *hdev = conn->hcon->hdev; 475 448 struct crypto_blkcipher *tfm = hdev->tfm_aes; 476 449 struct smp_cmd_pairing_confirm cp; 477 450 int ret; 478 - u8 reason; 479 451 480 452 BT_DBG("conn %p", conn); 481 453 ··· 487 463 488 464 hci_dev_unlock(hdev); 489 465 490 - if (ret) { 491 - reason = SMP_UNSPECIFIED; 492 - goto error; 493 - } 466 + if (ret) 467 + return SMP_UNSPECIFIED; 494 468 495 - clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags); 469 + clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 496 470 497 471 smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); 498 472 499 - return; 500 - 501 - error: 502 - smp_failure(conn, reason); 473 + return 0; 503 474 } 504 475 505 - static void random_work(struct work_struct *work) 476 + static u8 smp_random(struct smp_chan *smp) 506 477 { 507 - struct smp_chan *smp = container_of(work, struct smp_chan, random); 508 478 struct l2cap_conn *conn = smp->conn; 509 479 struct hci_conn *hcon = conn->hcon; 510 480 struct hci_dev *hdev = hcon->hdev; 511 481 struct crypto_blkcipher *tfm = hdev->tfm_aes; 512 - u8 reason, confirm[16]; 482 + u8 confirm[16]; 513 483 int ret; 514 484 515 - if (IS_ERR_OR_NULL(tfm)) { 516 - reason = SMP_UNSPECIFIED; 517 - goto error; 518 - } 485 + if (IS_ERR_OR_NULL(tfm)) 486 + return SMP_UNSPECIFIED; 519 487 520 488 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 521 489 ··· 520 504 521 505 hci_dev_unlock(hdev); 522 506 523 - if (ret) { 524 - reason = SMP_UNSPECIFIED; 525 - goto error; 526 - } 507 + if (ret) 508 + return SMP_UNSPECIFIED; 527 509 528 510 if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) { 529 511 BT_ERR("Pairing failed (confirmation values mismatch)"); 530 - reason = SMP_CONFIRM_FAILED; 531 - goto error; 512 + return SMP_CONFIRM_FAILED; 532 513 } 533 514 534 515 if (hcon->out) { ··· 538 525 memset(stk + smp->enc_key_size, 0, 539 526 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 540 527 541 - if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) { 542 - reason = SMP_UNSPECIFIED; 543 - goto error; 544 - } 528 + if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) 529 + return SMP_UNSPECIFIED; 545 530 546 531 hci_le_start_enc(hcon, ediv, rand, stk); 547 532 hcon->enc_key_size = smp->enc_key_size; ··· 561 550 ediv, rand); 562 551 } 563 552 564 - return; 565 - 566 - error: 567 - smp_failure(conn, reason); 553 + return 0; 568 554 } 569 555 570 556 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) ··· 571 563 smp = kzalloc(sizeof(*smp), GFP_ATOMIC); 572 564 if (!smp) 573 565 return NULL; 574 - 575 - INIT_WORK(&smp->confirm, confirm_work); 576 - INIT_WORK(&smp->random, random_work); 577 566 578 567 smp->conn = conn; 579 568 conn->smp_chan = smp; ··· 588 583 589 584 BUG_ON(!smp); 590 585 591 - complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags); 586 + complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); 592 587 mgmt_smp_complete(conn->hcon, complete); 593 588 594 589 kfree(smp->csrk); ··· 639 634 put_unaligned_le32(value, smp->tk); 640 635 /* Fall Through */ 641 636 case MGMT_OP_USER_CONFIRM_REPLY: 642 - set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags); 637 + set_bit(SMP_FLAG_TK_VALID, &smp->flags); 643 638 break; 644 639 case MGMT_OP_USER_PASSKEY_NEG_REPLY: 645 640 case MGMT_OP_USER_CONFIRM_NEG_REPLY: ··· 651 646 } 652 647 653 648 /* If it is our turn to send Pairing Confirm, do so now */ 654 - if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags)) 655 - queue_work(hcon->hdev->workqueue, &smp->confirm); 649 + if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) { 650 + u8 rsp = smp_confirm(smp); 651 + if (rsp) 652 + smp_failure(conn, rsp); 653 + } 656 654 657 655 return 0; 658 656 } ··· 664 656 { 665 657 struct smp_cmd_pairing rsp, *req = (void *) skb->data; 666 658 struct smp_chan *smp; 667 - u8 key_size; 668 - u8 auth = SMP_AUTH_NONE; 659 + u8 key_size, auth; 669 660 int ret; 670 661 671 662 BT_DBG("conn %p", conn); 672 663 673 664 if (skb->len < sizeof(*req)) 674 - return SMP_UNSPECIFIED; 665 + return SMP_INVALID_PARAMS; 675 666 676 667 if (conn->hcon->link_mode & HCI_LM_MASTER) 677 668 return SMP_CMD_NOTSUPP; ··· 688 681 skb_pull(skb, sizeof(*req)); 689 682 690 683 /* We didn't start the pairing, so match remote */ 691 - if (req->auth_req & SMP_AUTH_BONDING) 692 - auth = req->auth_req; 684 + auth = req->auth_req; 693 685 694 686 conn->hcon->pending_sec_level = authreq_to_seclevel(auth); 695 687 ··· 710 704 if (ret) 711 705 return SMP_UNSPECIFIED; 712 706 713 - clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags); 707 + clear_bit(SMP_FLAG_INITIATOR, &smp->flags); 714 708 715 709 return 0; 716 710 } ··· 719 713 { 720 714 struct smp_cmd_pairing *req, *rsp = (void *) skb->data; 721 715 struct smp_chan *smp = conn->smp_chan; 722 - struct hci_dev *hdev = conn->hcon->hdev; 723 716 u8 key_size, auth = SMP_AUTH_NONE; 724 717 int ret; 725 718 726 719 BT_DBG("conn %p", conn); 727 720 728 721 if (skb->len < sizeof(*rsp)) 729 - return SMP_UNSPECIFIED; 722 + return SMP_INVALID_PARAMS; 730 723 731 724 if (!(conn->hcon->link_mode & HCI_LM_MASTER)) 732 725 return SMP_CMD_NOTSUPP; ··· 758 753 if (ret) 759 754 return SMP_UNSPECIFIED; 760 755 761 - set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags); 756 + set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 762 757 763 758 /* Can't compose response until we have been confirmed */ 764 - if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) 765 - queue_work(hdev->workqueue, &smp->confirm); 759 + if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 760 + return smp_confirm(smp); 766 761 767 762 return 0; 768 763 } ··· 770 765 static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) 771 766 { 772 767 struct smp_chan *smp = conn->smp_chan; 773 - struct hci_dev *hdev = conn->hcon->hdev; 774 768 775 769 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 776 770 777 771 if (skb->len < sizeof(smp->pcnf)) 778 - return SMP_UNSPECIFIED; 772 + return SMP_INVALID_PARAMS; 779 773 780 774 memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); 781 775 skb_pull(skb, sizeof(smp->pcnf)); ··· 782 778 if (conn->hcon->out) 783 779 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd), 784 780 smp->prnd); 785 - else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) 786 - queue_work(hdev->workqueue, &smp->confirm); 781 + else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags)) 782 + return smp_confirm(smp); 787 783 else 788 - set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags); 784 + set_bit(SMP_FLAG_CFM_PENDING, &smp->flags); 789 785 790 786 return 0; 791 787 } ··· 793 789 static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) 794 790 { 795 791 struct smp_chan *smp = conn->smp_chan; 796 - struct hci_dev *hdev = conn->hcon->hdev; 797 792 798 793 BT_DBG("conn %p", conn); 799 794 800 795 if (skb->len < sizeof(smp->rrnd)) 801 - return SMP_UNSPECIFIED; 796 + return SMP_INVALID_PARAMS; 802 797 803 798 memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd)); 804 799 skb_pull(skb, sizeof(smp->rrnd)); 805 800 806 - queue_work(hdev->workqueue, &smp->random); 807 - 808 - return 0; 801 + return smp_random(smp); 809 802 } 810 803 811 804 static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) ··· 837 836 BT_DBG("conn %p", conn); 838 837 839 838 if (skb->len < sizeof(*rp)) 840 - return SMP_UNSPECIFIED; 839 + return SMP_INVALID_PARAMS; 841 840 842 841 if (!(conn->hcon->link_mode & HCI_LM_MASTER)) 843 842 return SMP_CMD_NOTSUPP; ··· 862 861 863 862 smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); 864 863 865 - clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags); 864 + clear_bit(SMP_FLAG_INITIATOR, &smp->flags); 866 865 867 866 return 0; 868 867 } ··· 929 928 smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); 930 929 } 931 930 932 - set_bit(SMP_FLAG_INITIATOR, &smp->smp_flags); 931 + set_bit(SMP_FLAG_INITIATOR, &smp->flags); 933 932 934 933 done: 935 934 hcon->pending_sec_level = sec_level; ··· 945 944 BT_DBG("conn %p", conn); 946 945 947 946 if (skb->len < sizeof(*rp)) 948 - return SMP_UNSPECIFIED; 947 + return SMP_INVALID_PARAMS; 949 948 950 949 /* Ignore this PDU if it wasn't requested */ 951 950 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY)) ··· 970 969 BT_DBG("conn %p", conn); 971 970 972 971 if (skb->len < sizeof(*rp)) 973 - return SMP_UNSPECIFIED; 972 + return SMP_INVALID_PARAMS; 974 973 975 974 /* Ignore this PDU if it wasn't requested */ 976 975 if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY)) ··· 1002 1001 BT_DBG(""); 1003 1002 1004 1003 if (skb->len < sizeof(*info)) 1005 - return SMP_UNSPECIFIED; 1004 + return SMP_INVALID_PARAMS; 1006 1005 1007 1006 /* Ignore this PDU if it wasn't requested */ 1008 1007 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) ··· 1026 1025 BT_DBG(""); 1027 1026 1028 1027 if (skb->len < sizeof(*info)) 1029 - return SMP_UNSPECIFIED; 1028 + return SMP_INVALID_PARAMS; 1030 1029 1031 1030 /* Ignore this PDU if it wasn't requested */ 1032 1031 if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) ··· 1076 1075 BT_DBG("conn %p", conn); 1077 1076 1078 1077 if (skb->len < sizeof(*rp)) 1079 - return SMP_UNSPECIFIED; 1078 + return SMP_INVALID_PARAMS; 1080 1079 1081 1080 /* Ignore this PDU if it wasn't requested */ 1082 1081 if (!(smp->remote_key_dist & SMP_DIST_SIGN)) ··· 1359 1358 1360 1359 clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags); 1361 1360 cancel_delayed_work_sync(&conn->security_timer); 1362 - set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags); 1361 + set_bit(SMP_FLAG_COMPLETE, &smp->flags); 1363 1362 smp_notify_keys(conn); 1364 1363 1365 1364 smp_chan_destroy(conn);

+1 -29

net/bluetooth/smp.h

··· 111 111 #define SMP_CMD_NOTSUPP 0x07 112 112 #define SMP_UNSPECIFIED 0x08 113 113 #define SMP_REPEATED_ATTEMPTS 0x09 114 + #define SMP_INVALID_PARAMS 0x0a 114 115 115 116 #define SMP_MIN_ENC_KEY_SIZE 7 116 117 #define SMP_MAX_ENC_KEY_SIZE 16 117 - 118 - #define SMP_FLAG_TK_VALID 1 119 - #define SMP_FLAG_CFM_PENDING 2 120 - #define SMP_FLAG_MITM_AUTH 3 121 - #define SMP_FLAG_COMPLETE 4 122 - #define SMP_FLAG_INITIATOR 5 123 - 124 - struct smp_chan { 125 - struct l2cap_conn *conn; 126 - u8 preq[7]; /* SMP Pairing Request */ 127 - u8 prsp[7]; /* SMP Pairing Response */ 128 - u8 prnd[16]; /* SMP Pairing Random (local) */ 129 - u8 rrnd[16]; /* SMP Pairing Random (remote) */ 130 - u8 pcnf[16]; /* SMP Pairing Confirm */ 131 - u8 tk[16]; /* SMP Temporary Key */ 132 - u8 enc_key_size; 133 - u8 remote_key_dist; 134 - bdaddr_t id_addr; 135 - u8 id_addr_type; 136 - u8 irk[16]; 137 - struct smp_csrk *csrk; 138 - struct smp_csrk *slave_csrk; 139 - struct smp_ltk *ltk; 140 - struct smp_ltk *slave_ltk; 141 - struct smp_irk *remote_irk; 142 - unsigned long smp_flags; 143 - struct work_struct confirm; 144 - struct work_struct random; 145 - }; 146 118 147 119 /* SMP Commands */ 148 120 bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level);

+2 -4

net/mac80211/debugfs_netdev.c

··· 34 34 ssize_t ret = -EINVAL; 35 35 36 36 read_lock(&dev_base_lock); 37 - if (sdata->dev->reg_state == NETREG_REGISTERED) 38 - ret = (*format)(sdata, buf, sizeof(buf)); 37 + ret = (*format)(sdata, buf, sizeof(buf)); 39 38 read_unlock(&dev_base_lock); 40 39 41 40 if (ret >= 0) ··· 61 62 62 63 ret = -ENODEV; 63 64 rtnl_lock(); 64 - if (sdata->dev->reg_state == NETREG_REGISTERED) 65 - ret = (*write)(sdata, buf, count); 65 + ret = (*write)(sdata, buf, count); 66 66 rtnl_unlock(); 67 67 68 68 return ret;

+53

net/mac80211/driver-ops.h

··· 1048 1048 trace_drv_return_void(local); 1049 1049 } 1050 1050 1051 + static inline int 1052 + drv_switch_vif_chanctx(struct ieee80211_local *local, 1053 + struct ieee80211_vif_chanctx_switch *vifs, 1054 + int n_vifs, 1055 + enum ieee80211_chanctx_switch_mode mode) 1056 + { 1057 + int ret = 0; 1058 + int i; 1059 + 1060 + if (!local->ops->switch_vif_chanctx) 1061 + return -EOPNOTSUPP; 1062 + 1063 + for (i = 0; i < n_vifs; i++) { 1064 + struct ieee80211_chanctx *new_ctx = 1065 + container_of(vifs[i].new_ctx, 1066 + struct ieee80211_chanctx, 1067 + conf); 1068 + struct ieee80211_chanctx *old_ctx = 1069 + container_of(vifs[i].old_ctx, 1070 + struct ieee80211_chanctx, 1071 + conf); 1072 + 1073 + WARN_ON_ONCE(!old_ctx->driver_present); 1074 + WARN_ON_ONCE((mode == CHANCTX_SWMODE_SWAP_CONTEXTS && 1075 + new_ctx->driver_present) || 1076 + (mode == CHANCTX_SWMODE_REASSIGN_VIF && 1077 + !new_ctx->driver_present)); 1078 + } 1079 + 1080 + trace_drv_switch_vif_chanctx(local, vifs, n_vifs, mode); 1081 + ret = local->ops->switch_vif_chanctx(&local->hw, 1082 + vifs, n_vifs, mode); 1083 + trace_drv_return_int(local, ret); 1084 + 1085 + if (!ret && mode == CHANCTX_SWMODE_SWAP_CONTEXTS) { 1086 + for (i = 0; i < n_vifs; i++) { 1087 + struct ieee80211_chanctx *new_ctx = 1088 + container_of(vifs[i].new_ctx, 1089 + struct ieee80211_chanctx, 1090 + conf); 1091 + struct ieee80211_chanctx *old_ctx = 1092 + container_of(vifs[i].old_ctx, 1093 + struct ieee80211_chanctx, 1094 + conf); 1095 + 1096 + new_ctx->driver_present = true; 1097 + old_ctx->driver_present = false; 1098 + } 1099 + } 1100 + 1101 + return ret; 1102 + } 1103 + 1051 1104 static inline int drv_start_ap(struct ieee80211_local *local, 1052 1105 struct ieee80211_sub_if_data *sdata) 1053 1106 {

+1

net/mac80211/ibss.c

··· 1677 1677 sdata->u.ibss.control_port = params->control_port; 1678 1678 sdata->u.ibss.userspace_handles_dfs = params->userspace_handles_dfs; 1679 1679 sdata->u.ibss.basic_rates = params->basic_rates; 1680 + sdata->u.ibss.last_scan_completed = jiffies; 1680 1681 1681 1682 /* fix basic_rates if channel does not support these rates */ 1682 1683 rate_flags = ieee80211_chandef_rate_flags(&params->chandef);

+2

net/mac80211/iface.c

··· 399 399 sdata->vif.type = NL80211_IFTYPE_MONITOR; 400 400 snprintf(sdata->name, IFNAMSIZ, "%s-monitor", 401 401 wiphy_name(local->hw.wiphy)); 402 + sdata->wdev.iftype = NL80211_IFTYPE_MONITOR; 402 403 403 404 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 404 405 ··· 1286 1285 sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE); 1287 1286 sdata->control_port_no_encrypt = false; 1288 1287 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 1288 + sdata->vif.bss_conf.idle = true; 1289 1289 1290 1290 sdata->noack_map = 0; 1291 1291

+1

net/mac80211/sta_info.c

··· 240 240 241 241 sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr); 242 242 243 + kfree(rcu_dereference_raw(sta->sta.rates)); 243 244 kfree(sta); 244 245 } 245 246

+19 -6

net/mac80211/status.c

··· 541 541 */ 542 542 #define STA_LOST_PKT_THRESHOLD 50 543 543 544 + static void ieee80211_lost_packet(struct sta_info *sta, struct sk_buff *skb) 545 + { 546 + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 547 + 548 + /* This packet was aggregated but doesn't carry status info */ 549 + if ((info->flags & IEEE80211_TX_CTL_AMPDU) && 550 + !(info->flags & IEEE80211_TX_STAT_AMPDU)) 551 + return; 552 + 553 + if (++sta->lost_packets < STA_LOST_PKT_THRESHOLD) 554 + return; 555 + 556 + cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr, 557 + sta->lost_packets, GFP_ATOMIC); 558 + sta->lost_packets = 0; 559 + } 560 + 544 561 void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb) 545 562 { 546 563 struct sk_buff *skb2; ··· 697 680 if (info->flags & IEEE80211_TX_STAT_ACK) { 698 681 if (sta->lost_packets) 699 682 sta->lost_packets = 0; 700 - } else if (++sta->lost_packets >= STA_LOST_PKT_THRESHOLD) { 701 - cfg80211_cqm_pktloss_notify(sta->sdata->dev, 702 - sta->sta.addr, 703 - sta->lost_packets, 704 - GFP_ATOMIC); 705 - sta->lost_packets = 0; 683 + } else { 684 + ieee80211_lost_packet(sta, skb); 706 685 } 707 686 } 708 687

+85

net/mac80211/trace.h

··· 1389 1389 ) 1390 1390 ); 1391 1391 1392 + #if !defined(__TRACE_VIF_ENTRY) 1393 + #define __TRACE_VIF_ENTRY 1394 + struct trace_vif_entry { 1395 + enum nl80211_iftype vif_type; 1396 + bool p2p; 1397 + char vif_name[IFNAMSIZ]; 1398 + } __packed; 1399 + 1400 + struct trace_chandef_entry { 1401 + u32 control_freq; 1402 + u32 chan_width; 1403 + u32 center_freq1; 1404 + u32 center_freq2; 1405 + } __packed; 1406 + 1407 + struct trace_switch_entry { 1408 + struct trace_vif_entry vif; 1409 + struct trace_chandef_entry old_chandef; 1410 + struct trace_chandef_entry new_chandef; 1411 + } __packed; 1412 + 1413 + #define SWITCH_ENTRY_ASSIGN(to, from) local_vifs[i].to = vifs[i].from 1414 + #endif 1415 + 1416 + TRACE_EVENT(drv_switch_vif_chanctx, 1417 + TP_PROTO(struct ieee80211_local *local, 1418 + struct ieee80211_vif_chanctx_switch *vifs, 1419 + int n_vifs, enum ieee80211_chanctx_switch_mode mode), 1420 + TP_ARGS(local, vifs, n_vifs, mode), 1421 + 1422 + TP_STRUCT__entry( 1423 + LOCAL_ENTRY 1424 + __field(int, n_vifs) 1425 + __field(u32, mode) 1426 + __dynamic_array(u8, vifs, 1427 + sizeof(struct trace_switch_entry) * n_vifs) 1428 + ), 1429 + 1430 + TP_fast_assign( 1431 + LOCAL_ASSIGN; 1432 + __entry->n_vifs = n_vifs; 1433 + __entry->mode = mode; 1434 + { 1435 + struct trace_switch_entry *local_vifs = 1436 + __get_dynamic_array(vifs); 1437 + int i; 1438 + 1439 + for (i = 0; i < n_vifs; i++) { 1440 + struct ieee80211_sub_if_data *sdata; 1441 + 1442 + sdata = container_of(vifs[i].vif, 1443 + struct ieee80211_sub_if_data, 1444 + vif); 1445 + 1446 + SWITCH_ENTRY_ASSIGN(vif.vif_type, vif->type); 1447 + SWITCH_ENTRY_ASSIGN(vif.p2p, vif->p2p); 1448 + strncpy(local_vifs[i].vif.vif_name, 1449 + sdata->name, 1450 + sizeof(local_vifs[i].vif.vif_name)); 1451 + SWITCH_ENTRY_ASSIGN(old_chandef.control_freq, 1452 + old_ctx->def.chan->center_freq); 1453 + SWITCH_ENTRY_ASSIGN(old_chandef.chan_width, 1454 + old_ctx->def.width); 1455 + SWITCH_ENTRY_ASSIGN(old_chandef.center_freq1, 1456 + old_ctx->def.center_freq1); 1457 + SWITCH_ENTRY_ASSIGN(old_chandef.center_freq2, 1458 + old_ctx->def.center_freq2); 1459 + SWITCH_ENTRY_ASSIGN(new_chandef.control_freq, 1460 + new_ctx->def.chan->center_freq); 1461 + SWITCH_ENTRY_ASSIGN(new_chandef.chan_width, 1462 + new_ctx->def.width); 1463 + SWITCH_ENTRY_ASSIGN(new_chandef.center_freq1, 1464 + new_ctx->def.center_freq1); 1465 + SWITCH_ENTRY_ASSIGN(new_chandef.center_freq2, 1466 + new_ctx->def.center_freq2); 1467 + } 1468 + } 1469 + ), 1470 + 1471 + TP_printk( 1472 + LOCAL_PR_FMT " n_vifs:%d mode:%d", 1473 + LOCAL_PR_ARG, __entry->n_vifs, __entry->mode 1474 + ) 1475 + ); 1476 + 1392 1477 DECLARE_EVENT_CLASS(local_sdata_chanctx, 1393 1478 TP_PROTO(struct ieee80211_local *local, 1394 1479 struct ieee80211_sub_if_data *sdata,

+4 -2

net/nfc/digital_core.c

··· 386 386 387 387 void digital_poll_next_tech(struct nfc_digital_dev *ddev) 388 388 { 389 + u8 rand_mod; 390 + 389 391 digital_switch_rf(ddev, 0); 390 392 391 393 mutex_lock(&ddev->poll_lock); ··· 397 395 return; 398 396 } 399 397 400 - ddev->poll_tech_index = (ddev->poll_tech_index + 1) % 401 - ddev->poll_tech_count; 398 + get_random_bytes(&rand_mod, sizeof(rand_mod)); 399 + ddev->poll_tech_index = rand_mod % ddev->poll_tech_count; 402 400 403 401 mutex_unlock(&ddev->poll_lock); 404 402

+2 -3

net/nfc/digital_dep.c

··· 224 224 225 225 ddev->skb_add_crc(skb); 226 226 227 - digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res, target); 228 - 229 - return 0; 227 + return digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res, 228 + target); 230 229 } 231 230 232 231 static int digital_in_send_rtox(struct nfc_digital_dev *ddev,

+1 -1

net/nfc/digital_technology.c

··· 613 613 digital_poll_next_tech(ddev); 614 614 } 615 615 616 - int digital_in_send_attrib_req(struct nfc_digital_dev *ddev, 616 + static int digital_in_send_attrib_req(struct nfc_digital_dev *ddev, 617 617 struct nfc_target *target, 618 618 struct digital_sensb_res *sensb_res) 619 619 {

+2 -2

net/nfc/rawsock.c

··· 31 31 .lock = __RW_LOCK_UNLOCKED(raw_sk_list.lock) 32 32 }; 33 33 34 - void nfc_sock_link(struct nfc_sock_list *l, struct sock *sk) 34 + static void nfc_sock_link(struct nfc_sock_list *l, struct sock *sk) 35 35 { 36 36 write_lock(&l->lock); 37 37 sk_add_node(sk, &l->head); 38 38 write_unlock(&l->lock); 39 39 } 40 40 41 - void nfc_sock_unlink(struct nfc_sock_list *l, struct sock *sk) 41 + static void nfc_sock_unlink(struct nfc_sock_list *l, struct sock *sk) 42 42 { 43 43 write_lock(&l->lock); 44 44 sk_del_node_init(sk);

+4 -1

net/wireless/core.c

··· 130 130 newname)) 131 131 pr_err("failed to rename debugfs dir to %s!\n", newname); 132 132 133 - nl80211_notify_dev_rename(rdev); 133 + nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY); 134 134 135 135 return 0; 136 136 } ··· 660 660 return res; 661 661 } 662 662 663 + nl80211_notify_wiphy(rdev, NL80211_CMD_NEW_WIPHY); 664 + 663 665 return 0; 664 666 } 665 667 EXPORT_SYMBOL(wiphy_register); ··· 700 698 rfkill_unregister(rdev->rfkill); 701 699 702 700 rtnl_lock(); 701 + nl80211_notify_wiphy(rdev, NL80211_CMD_DEL_WIPHY); 703 702 rdev->wiphy.registered = false; 704 703 705 704 WARN_ON(!list_empty(&rdev->wdev_list));

+2 -12

net/wireless/genregdb.awk

··· 68 68 sub(/,/, "", units) 69 69 dfs_cac = $9 70 70 if (units == "mW") { 71 - if (power == 100) { 72 - power = 20 73 - } else if (power == 200) { 74 - power = 23 75 - } else if (power == 500) { 76 - power = 27 77 - } else if (power == 1000) { 78 - power = 30 79 - } else { 80 - print "Unknown power value in database!" 81 - } 71 + power = 10 * log(power)/log(10) 82 72 } else { 83 73 dfs_cac = $8 84 74 } ··· 107 117 108 118 } 109 119 flags = flags "0" 110 - printf "\t\tREG_RULE_EXT(%d, %d, %d, %d, %d, %d, %s),\n", start, end, bw, gain, power, dfs_cac, flags 120 + printf "\t\tREG_RULE_EXT(%d, %d, %d, %d, %.0f, %d, %s),\n", start, end, bw, gain, power, dfs_cac, flags 111 121 rules++ 112 122 } 113 123

+16 -5

net/wireless/nl80211.c

··· 1226 1226 }; 1227 1227 1228 1228 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev, 1229 + enum nl80211_commands cmd, 1229 1230 struct sk_buff *msg, u32 portid, u32 seq, 1230 1231 int flags, struct nl80211_dump_wiphy_state *state) 1231 1232 { ··· 1241 1240 rdev->wiphy.mgmt_stypes; 1242 1241 u32 features; 1243 1242 1244 - hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY); 1243 + hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 1245 1244 if (!hdr) 1246 1245 return -ENOBUFS; 1247 1246 ··· 1254 1253 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1255 1254 cfg80211_rdev_list_generation)) 1256 1255 goto nla_put_failure; 1256 + 1257 + if (cmd != NL80211_CMD_NEW_WIPHY) 1258 + goto finish; 1257 1259 1258 1260 switch (state->split_start) { 1259 1261 case 0: ··· 1686 1682 state->split_start = 0; 1687 1683 break; 1688 1684 } 1685 + finish: 1689 1686 return genlmsg_end(msg, hdr); 1690 1687 1691 1688 nla_put_failure: ··· 1761 1756 continue; 1762 1757 /* attempt to fit multiple wiphy data chunks into the skb */ 1763 1758 do { 1764 - ret = nl80211_send_wiphy(rdev, skb, 1759 + ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, 1760 + skb, 1765 1761 NETLINK_CB(cb->skb).portid, 1766 1762 cb->nlh->nlmsg_seq, 1767 1763 NLM_F_MULTI, state); ··· 1817 1811 if (!msg) 1818 1812 return -ENOMEM; 1819 1813 1820 - if (nl80211_send_wiphy(rdev, msg, info->snd_portid, info->snd_seq, 0, 1814 + if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg, 1815 + info->snd_portid, info->snd_seq, 0, 1821 1816 &state) < 0) { 1822 1817 nlmsg_free(msg); 1823 1818 return -ENOBUFS; ··· 10108 10101 10109 10102 /* notification functions */ 10110 10103 10111 - void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 10104 + void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev, 10105 + enum nl80211_commands cmd) 10112 10106 { 10113 10107 struct sk_buff *msg; 10114 10108 struct nl80211_dump_wiphy_state state = {}; 10109 + 10110 + WARN_ON(cmd != NL80211_CMD_NEW_WIPHY && 10111 + cmd != NL80211_CMD_DEL_WIPHY); 10115 10112 10116 10113 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 10117 10114 if (!msg) 10118 10115 return; 10119 10116 10120 - if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) { 10117 + if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) { 10121 10118 nlmsg_free(msg); 10122 10119 return; 10123 10120 }

+2 -1

net/wireless/nl80211.h

··· 5 5 6 6 int nl80211_init(void); 7 7 void nl80211_exit(void); 8 - void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev); 8 + void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev, 9 + enum nl80211_commands cmd); 9 10 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 10 11 struct wireless_dev *wdev); 11 12 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,