Commit Graph

412710 Commits

Author SHA1 Message Date
Arend van Spriel 11e69c36ee brcmfmac: add support for bcm43362 device
This patch adds support for the bcm43362 1x1 11n chipset. This
chipset is used in AP6210 wifi module found on Cubieboard [1].

[1] http://cubieboard.org/

Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:38 -05:00
Pavel Machek 260da7e155 wl1251: fix NULL pointer dereference
wl1251: fix NULL pointer dereference

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Reported-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:38 -05:00
Pavel Machek deb6e6b748 wl1251: add nvs file name to module firmware list
Add nvs file name to module firmware list

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:37 -05:00
David Gnedt b90a1165a7 wl1251: enforce changed hw encryption support on monitor state change
The firmware doesn't support per packet encryption selection, so disable hw
encryption support completely while a monitor interface is present to support
injection of packets (which shouldn't get encrypted by hw).
To enforce the changed hw encryption support force a disassociation on
non-monitor interfaces.
For disassociation a workaround using hw connection monitor is employed,
which temporary enables hw connection manager flag.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:37 -05:00
David Gnedt 3d49da748b wl1251: disable retry and ACK policy for injected packets
Set the retry limit to 0 and disable the ACK policy for injected packets.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:36 -05:00
David Gnedt c8909e5a27 wl1251: enable tx path in monitor mode if necessary for packet injection
If necessary enable the tx path in monitor mode for packet injection using
the JOIN command with BSS_TYPE_STA_BSS and zero BSSID.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:08 -05:00
David Gnedt ed3213c913 wl1251: fix channel switching in monitor mode
Use the ENABLE_RX command for channel switching when no interface is present
(monitor mode only).
The advantage of ENABLE_RX is that it leaves the tx data path disabled in
firmware, whereas the usual JOIN command seems to transmit some frames at
firmware level.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:07 -05:00
David Gnedt dd4a560f0a wl1251: disable power saving in monitor mode
Force power saving off while monitor interface is present.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:07 -05:00
David Gnedt 9ed74ba029 wl1251: implement multicast address filtering (fwd)
Port multicast address filtering from wl1271 driver.
It sets up the hardware multicast address filter in configure_filter() with
addresses supplied through prepare_multicast().

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:56:06 -05:00
David Gnedt 4d09b5378d wl1251: configure hardware en-/decryption for monitor mode
Disable hardware encryption (DF_ENCRYPTION_DISABLE) and decryption
(DF_SNIFF_MODE_ENABLE) via wl1251_acx_feature_cfg while monitor interface is
present.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:54:58 -05:00
David Gnedt 9281691fb2 wl1251: split RX and TX data path initialisation
Split up data path initialisation into RX and TX data path initialisation
functions. This change is required for channel switching in monitor mode.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:53:39 -05:00
David Gnedt 204cc5c44f wl1251: implement hardware ARP filtering
Update hardware ARP filter configuration on BSS_CHANGED_ARP_FILTER
notification from mac80211.
Ported from wl1271 driver.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:53:39 -05:00
David Gnedt f7ad1eed4d wl1251: retry power save entry
Port of the power save entry retry code from wl1251 driver version included
in the Maemo Fremantle kernel.
This tries to enable power save mode up to 3 times before failing.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:53:38 -05:00
David Gnedt 64322e28d3 wl1251: fix scan behaviour while not associated
With a dissasociated card I often encoutered very long scan delays.

My guess is that it has something to do with the cards DTIM handling and
another firmware bug mentioned in the TI WLAN driver, which is described as
the card may never end scanning if the channel is overloaded because it
can't send probe requests. I think the firmware somehow also tries to
receive DTIM messages when the BSSID is not set. Therefore most of the time
it waits for DTIM messages and can't do scanning work.

Anyway we can workaround this misbehaviour by setting the HIGH_PRIORITY
bit for scans in disassociated state.

Signed-off-by: David Gnedt <david.gnedt@davizone.at>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-09 10:53:38 -05:00
John W. Linville 300e5fd160 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2014-01-08 13:44:29 -05:00
Claudio Takahasi e825eb1d7e Bluetooth: Fix 6loWPAN peer lookup
This patch fixes peer address lookup for 6loWPAN over Bluetooth Low
Energy links.

ADDR_LE_DEV_PUBLIC, and ADDR_LE_DEV_RANDOM are the values allowed for
"dst_type" field in the hci_conn struct for LE links.

Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2014-01-07 11:32:15 -02:00
Claudio Takahasi b071a62099 Bluetooth: Fix setting Universal/Local bit
This patch fixes the Bluetooth Low Energy Address type checking when
setting Universal/Local bit for the 6loWPAN network device or for the
peer device connection.

ADDR_LE_DEV_PUBLIC or ADDR_LE_DEV_RANDOM are the values allowed for
"src_type" and "dst_type" in the hci_conn struct. The Bluetooth link
type can be obtainned reading the "type" field in the same struct.

Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2014-01-07 11:32:11 -02:00
Gianluca Anzolin f86772af6a Bluetooth: Remove rfcomm_carrier_raised()
Remove the rfcomm_carrier_raised() definition as that function isn't
used anymore.

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-01-06 13:51:45 -08:00
Gianluca Anzolin 4a2fb3ecc7 Bluetooth: Always wait for a connection on RFCOMM open()
This patch fixes two regressions introduced with the recent rfcomm tty
rework.

The current code uses the carrier_raised() method to wait for the
bluetooth connection when a process opens the tty.

However processes may open the port with the O_NONBLOCK flag or set the
CLOCAL termios flag: in these cases the open() syscall returns
immediately without waiting for the bluetooth connection to
complete.

This behaviour confuses userspace which expects an established bluetooth
connection.

The patch restores the old behaviour by waiting for the connection in
rfcomm_dev_activate() and removes carrier_raised() from the tty_port ops.

As a side effect the new code also fixes the case in which the rfcomm
tty device is created with the flag RFCOMM_REUSE_DLC: the old code
didn't call device_move() and ModemManager skipped the detection
probe. Now device_move() is always called inside rfcomm_dev_activate().

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Reported-by: Andrey Vihrov <andrey.vihrov@gmail.com>
Reported-by: Beson Chow <blc+bluez@mail.vanade.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-01-06 13:51:45 -08:00
Gianluca Anzolin e228b63390 Bluetooth: Move rfcomm_get_device() before rfcomm_dev_activate()
This is a preparatory patch which moves the rfcomm_get_device()
definition before rfcomm_dev_activate() where it will be used.

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-01-06 13:51:45 -08:00
Gianluca Anzolin 5b89924187 Bluetooth: Release RFCOMM port when the last user closes the TTY
This patch fixes a userspace regression introduced by the commit
29cd718b.

If the rfcomm device was created with the flag RFCOMM_RELEASE_ONHUP the
user space expects that the tty_port is released as soon as the last
process closes the tty.

The current code attempts to release the port in the function
rfcomm_dev_state_change(). However it won't get a reference to the
relevant tty to send a HUP: at that point the tty is already destroyed
and therefore NULL.

This patch fixes the regression by taking over the tty refcount in the
tty install method(). This way the tty_port is automatically released as
soon as the tty is destroyed.

As a consequence the check for RFCOMM_RELEASE_ONHUP flag in the hangup()
method is now redundant. Instead we have to be careful with the reference
counting in the rfcomm_release_dev() function.

Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
Reported-by: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-01-06 13:51:45 -08:00
Arend van Spriel 6e08d757b7 mmc: add SDIO identifiers for Broadcom WLAN devices
The SDIO identifier for Broadcom WLAN devices were defined in the
brcmfmac SDIO driver. Moving the definitions in MMC header file
seems common sense.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:06 -05:00
Arend van Spriel 9df4d542fc brcmfmac: use custom destructor callback for all netdevice interfaces
The destructor for net devices was set to free_netdev() to get rid
of it and the private data. The private data refers to a brcmf_if
instance, but indirectly it also refers to brcmf_cfg80211_vif which
holds the wdev. This is freed as well by using a new custom destructor
called brcmf_cfg80211_free_netdev().

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:06 -05:00
Arend van Spriel e14799514d brcmfmac: call brcmf_cfg80211_detach() after removal of interfaces
Instead of calling brcmf_cfg80211_detach() in brcmf_del_if() when
deleting the primary interface, call it in brcmf_detach() after
deleting all interfaces.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:05 -05:00
Arend van Spriel 427dec5fc8 brcmfmac: move wiphy_unregister() call to brcmf_cfg80211_detach()
The wiphy_unregister() call was done in brcmf_free_vif() when the
last interface was being removed. This is not the obvious place to
do that. This patch moves it to the brcmf_cfg80211_detach(). This
removes the need to keep count of interfaces.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:04 -05:00
Arend van Spriel 43dffbc6be brcmfmac: inform cfg80211 when changing the CONNECTED state
Upon unload of the brcmfmac driver it gave a kernel warning because
cfg80211 still believed to be connected to an AP. The brcmfmac had
already transitioned to disconnected state during unload. This patch
adds informing cfg80211 about this transition. This will get rid of
warning from cfg80211 seen upon module unload:

 ------------[ cut here ]------------
 WARNING: CPU: 3 PID: 24303 at net/wireless/core.c:952
	cfg80211_netdev_notifier_call+0x193/0x640 [cfg80211]()
 Modules linked in: brcmfmac(O-) brcmutil(O) cfg80211(O) ... [last unloaded: bcma]
 CPU: 3 PID: 24303 Comm: rmmod Tainted: G        W  O 3.13.0-rc4-wl-testing-x64-00002-gb472b6d-dirty #1
 Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
  00000000000003b8 ffff8800b211faf8 ffffffff815a7fcd 0000000000000007
  0000000000000000 ffff8800b211fb38 ffffffff8104819c ffff880000000000
  ffff8800c889d008 ffff8800b2000220 ffff8800c889a000 ffff8800c889d018
 Call Trace:
  [<ffffffff815a7fcd>] dump_stack+0x46/0x58
  [<ffffffff8104819c>] warn_slowpath_common+0x8c/0xc0
  [<ffffffff810481ea>] warn_slowpath_null+0x1a/0x20
  [<ffffffffa173fd83>] cfg80211_netdev_notifier_call+0x193/0x640 [cfg80211]
  [<ffffffff81521ca8>] ? arp_ifdown+0x18/0x20
  [<ffffffff8152d75a>] ? fib_disable_ip+0x3a/0x50
  [<ffffffff815b143d>] notifier_call_chain+0x4d/0x70
  [<ffffffff8106d6e6>] raw_notifier_call_chain+0x16/0x20
  [<ffffffff814b9ae0>] call_netdevice_notifiers_info+0x40/0x70
  [<ffffffff814b9b26>] call_netdevice_notifiers+0x16/0x20
  [<ffffffff814bb59d>] rollback_registered_many+0x17d/0x280
  [<ffffffff814bb74d>] rollback_registered+0x2d/0x40
  [<ffffffff814bb7c8>] unregister_netdevice_queue+0x68/0xd0
  [<ffffffff814bb9c0>] unregister_netdev+0x20/0x30
  [<ffffffffa180069e>] brcmf_del_if+0xce/0x180 [brcmfmac]
  [<ffffffffa1800b3c>] brcmf_detach+0x6c/0xe0 [brcmfmac]

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:04 -05:00
Arend van Spriel 76a4c6817c brcmfmac: only disable clock when brcmf_sdio_bus_init() fails
The condition to disable the clock at the end of brcmf_sdio_bus_init()
was wrong as the bus state is updated by the calling function. Hence,
the clock was always disabled after brcmf_sdio_bus_init() which was
not the intended behaviour.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:03 -05:00
Arend van Spriel d6ae2c51be brcmfmac: enable watchdog when bus initialization is complete
Change condition in brcmf_sdio_wd_timer() function to program
watchdog only when in BRCMF_BUS_DATA state. This avoids watchdog
being active during initialization. During initialization the
SDIO save&restore capability is determined which affect the
bus sleep mechanism used in watchdog thread.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:03 -05:00
Arend van Spriel 3bd44d991f brcmfmac: correct detection of save&restore device capability
The detection of the save&restore capability in brcmf_sdio_sr_capable()
is only valid for certain chipsets. This patch should cover it for all
chipsets currently supported.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:02 -05:00
Arend van Spriel af35f55f94 brcmfmac: add sdio drive strength programming for bcm4334 chipset
The table for BCM4334 SDIO drive strength programming was missing
from the driver. Adding it with this patch set.

Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:02 -05:00
Arend van Spriel 2375d9701b brcmfmac: correct reporting HT40 support in wiphy htcap
Using 'iw phy' only showed HT20 support in the HT capabilities info.
This patch determines support for HT40 using a firmware query that
is supposed to work for all supported devices.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:01 -05:00
Arend van Spriel fad1322850 brcmfmac: cleanup helper functions in sdio probe path
Moving code from helper functions to the calling function
as it makes code easier to read.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:00 -05:00
Arend van Spriel bfad4a048c brcmfmac: cleanup helper functions in sdio remove path
Two helper functions in the sdio remove path were very thin and
only used once. So its code is moved to the calling function.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:48:00 -05:00
Hante Meuleman d453399229 brcmfmac: Limit control message length from host to device.
An control request or set message length is restricted to
ETH frame length for the buffer from host to device. This
is limitation is imposed by the firmware.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:47:59 -05:00
Hante Meuleman 75b39dd240 brcmfmac: Remove some obsolete definitions and variables.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:47:59 -05:00
Arend van Spriel 71c60cf2e9 brcmfmac: rework SDIO register access functions
The logic in the SDIO register access functions was hard to
read and contained a lot of conditional code path. This rework
attempts to clean it up.

Reviewed-by: Franky Lin <frankyl@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-06 15:47:58 -05:00
John W. Linville 9d1cd503c7 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2014-01-06 14:08:41 -05:00
Johan Hedberg cb6ca8e1ed Bluetooth: Default to no security with L2CAP RAW sockets
L2CAP RAW sockets can be used for things which do not involve
establishing actual connection oriented L2CAP channels. One example of
such usage is the l2ping tool. The default security level for L2CAP
sockets is LOW, which implies that for SSP based connection
authentication is still requested (although with no MITM requirement),
which is not what we want (or need) for things like l2ping. Therefore,
default to one lower level, i.e. BT_SECURITY_SDP, for L2CAP RAW sockets
in order not to trigger unwanted authentication requests.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-01-06 09:26:23 -08:00
Johan Hedberg 8cef8f50d4 Bluetooth: Fix NULL pointer dereference when disconnecting
When disconnecting it is possible that the l2cap_conn pointer is already
NULL when bt_6lowpan_del_conn() is entered. Looking at l2cap_conn_del
also verifies this as there's a NULL check there too. This patch adds
the missing NULL check without which the following bug may occur:

BUG: unable to handle kernel NULL pointer dereference at   (null)
IP: [<c131e9c7>] bt_6lowpan_del_conn+0x19/0x12a
*pde = 00000000
Oops: 0000 [#1] SMP
CPU: 1 PID: 52 Comm: kworker/u5:1 Not tainted 3.12.0+ #196
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: hci0 hci_rx_work
task: f6259b00 ti: f48c0000 task.ti: f48c0000
EIP: 0060:[<c131e9c7>] EFLAGS: 00010282 CPU: 1
EIP is at bt_6lowpan_del_conn+0x19/0x12a
EAX: 00000000 EBX: ef094e10 ECX: 00000000 EDX: 00000016
ESI: 00000000 EDI: f48c1e60 EBP: f48c1e50 ESP: f48c1e34
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 8005003b CR2: 00000000 CR3: 30c65000 CR4: 00000690
Stack:
 f4d38000 00000000 f4d38000 00000002 ef094e10 00000016 f48c1e60 f48c1e70
 c1316bed f48c1e84 c1316bed 00000000 00000001 ef094e10 f48c1e84 f48c1ed0
 c1303cc6 c1303c7b f31f331a c1303cc6 f6e7d1c0 f3f8ea16 f3f8f380 f4d38008
Call Trace:
 [<c1316bed>] l2cap_disconn_cfm+0x3f/0x5b
 [<c1316bed>] ? l2cap_disconn_cfm+0x3f/0x5b
 [<c1303cc6>] hci_event_packet+0x645/0x2117
 [<c1303c7b>] ? hci_event_packet+0x5fa/0x2117
 [<c1303cc6>] ? hci_event_packet+0x645/0x2117
 [<c12681bd>] ? __kfree_skb+0x65/0x68
 [<c12681eb>] ? kfree_skb+0x2b/0x2e
 [<c130d3fb>] ? hci_send_to_sock+0x18d/0x199
 [<c12fa327>] hci_rx_work+0xf9/0x295
 [<c12fa327>] ? hci_rx_work+0xf9/0x295
 [<c1036d25>] process_one_work+0x128/0x1df
 [<c1346a39>] ? _raw_spin_unlock_irq+0x8/0x12
 [<c1036d25>] ? process_one_work+0x128/0x1df
 [<c103713a>] worker_thread+0x127/0x1c4
 [<c1037013>] ? rescuer_thread+0x216/0x216
 [<c103aec6>] kthread+0x88/0x8d
 [<c1040000>] ? task_rq_lock+0x37/0x6e
 [<c13474b7>] ret_from_kernel_thread+0x1b/0x28
 [<c103ae3e>] ? __kthread_parkme+0x50/0x50
Code: 05 b8 f4 ff ff ff 8d 65 f4 5b 5e 5f 5d 8d 67 f8 5f c3 57 8d 7c 24 08 83 e4 f8 ff 77 fc 55 89 e5 57 56f
EIP: [<c131e9c7>] bt_6lowpan_del_conn+0x19/0x12a SS:ESP 0068:f48c1e34
CR2: 0000000000000000

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-01-06 09:26:23 -08:00
Marcel Holtmann 81cac64ba2 Bluetooth: Deal with USB devices that are faking CSR vendor
There exists a set of Bluetooth USB devices that show up on the USB
bus as 0a12:0001 and identify themselves as devices from CSR. However
they are not. When sending Read Local Version command they now have
a split personality and say they are from Broadcom.

  < HCI Command: Read Local Version Information (0x04|0x0001) plen 0
  > HCI Event: Command Complete (0x0e) plen 12
      Read Local Version Information (0x04|0x0001) ncmd 1
      status 0x00
      HCI Version: 2.0 (0x3) HCI Revision: 0x3000
      LMP Version: 2.0 (0x3) LMP Subversion: 0x420b
      Manufacturer: Broadcom Corporation (15)

The assumption is that they are neither CSR nor Broadcom based devices
and that they are designed and manufactured by someone else.

For the most parts they follow the Bluetooth HCI specification and
can be used as standard Bluetooth devices. However they have the
minor problem that the Delete Stored Link Key command is not working
as it should.

During the Bluetooth controller setup, this command is needed if
stored link keys are supported. For these devices it has to be
assumed that this is broken and so just set a quirk to clearly
indicate the behavior. After that the setup can just proceed.

Now the trick part is to detect these faulty devices since we do
not want to punish all CSR and all Broadcom devices. The original
devices do actually work according to the specification.

What is known so far is that these broken devices set the USB bcdDevice
revision information to 1.0 or less.

T:  Bus=02 Lev=01 Prnt=01 Port=08 Cnt=03 Dev#=  9 Spd=12   MxCh= 0
D:  Ver= 2.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0a12 ProdID=0001 Rev= 1.00
S:  Manufacturer=Bluetooth v2.0
S:  Product=Bluetooth V2.0 Dongle

T:  Bus=05 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0a12 ProdID=0001 Rev= 0.07

In case of CSR devices, the bcdDevice revision contains the firmware
build ID and that is normally a higher value. If the bcdDevice revision
is 1.0 or less, then an extra setup stage is checking if Read Local
Version returns CSR manufacturer information. If not then it will be
assumed that this is a broken device and the Delete Stored Link Key
command will be marked as broken.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-01-04 20:11:07 +02:00
Marcel Holtmann f9f462faa0 Bluetooth: Add quirk for disabling Delete Stored Link Key command
Some controller pretend they support the Delete Stored Link Key command,
but in reality they really don't support it.

  < HCI Command: Delete Stored Link Key (0x03|0x0012) plen 7
      bdaddr 00:00:00:00:00:00 all 1
  > HCI Event: Command Complete (0x0e) plen 4
      Delete Stored Link Key (0x03|0x0012) ncmd 1
      status 0x11 deleted 0
      Error: Unsupported Feature or Parameter Value

Not correctly supporting this command causes the controller setup to
fail and will make a device not work. However sending the command for
controller that handle stored link keys is important. This quirk
allows a driver to disable the command if it knows that this command
handling is broken.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-01-04 20:10:40 +02:00
Paul Gortmaker c8bf40ad4f wireless: delete non-required instances of include <linux/init.h>
None of these files are actually using any __init type directives
and hence don't need to include <linux/init.h>.  Most are just a
left over from __devinit and __cpuinit removal, or simply due to
code getting copied from one driver to the next.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:01 -05:00
Hauke Mehrtens c9e4a3fb15 ssb: fix sparse warnings in driver_chipcommon_sflash.c
CHECK   drivers/ssb/driver_chipcommon_sflash.c
drivers/ssb/driver_chipcommon_sflash.c:40:11: warning: Using plain integer as NULL pointer
drivers/ssb/driver_chipcommon_sflash.c:58:11: warning: Using plain integer as NULL pointer
drivers/ssb/driver_chipcommon_sflash.c:69:11: warning: Using plain integer as NULL pointer

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:01 -05:00
Hauke Mehrtens 3ee373055b bcma: fix sparse warnings in driver_chipcommon_sflash.c
CHECK   drivers/bcma/driver_chipcommon_sflash.c
drivers/bcma/driver_chipcommon_sflash.c:41:11: warning: Using plain integer as NULL pointer
drivers/bcma/driver_chipcommon_sflash.c:59:11: warning: Using plain integer as NULL pointer
drivers/bcma/driver_chipcommon_sflash.c:70:11: warning: Using plain integer as NULL pointer

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:01 -05:00
Sujith Manoharan 4d6f720158 ath9k: Fix regulatory compliance
The maximum permissible values for noise floor in ETSI
and Japan domains have been updated with new EU
regulations for CCA detection. Adjust the values in the
driver accordingly.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:01 -05:00
Sujith Manoharan 42dd98b028 ath9k: Fix AR955x RX sensitivity
AR955x has problems with RX sensitivity in 2G. This patch
adds a routine to select range_osdac dynamically on a
per-chain basis to address this issue.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:01 -05:00
Christian Engelmayer 47acf6f544 wireless: cw1200: Fix memory leak in cw1200_wow_suspend()
Fix a memory leak in the cw1200_wow_suspend() error handling path.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:01 -05:00
Sujith Manoharan 2c323058bc ath9k: Add hardware support for QCA9531
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:01 -05:00
Sujith Manoharan b6b5730de4 ath9k: Initialize QCA953x INI arrays
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:00 -05:00
Sujith Manoharan 709c19b22a ath9k: Add QCA953x initvals
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-01-03 15:37:00 -05:00