#
d26a0a66 |
|
01-Apr-2024 |
Colin Ian King <colin.i.king@gmail.com> |
wifi: brcmfmac: Fix spelling mistake "ivalid" -> "invalid" There are spelling mistakes in bphy_err() messages. Fix them. Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240401215402.1348565-1-colin.i.king@gmail.com
|
#
b4152222 |
|
29-Feb-2024 |
Duoming Zhou <duoming@zju.edu.cn> |
wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op. Fixes: a96202acaea4 ("wifi: brcmfmac: cfg80211: Add support for PMKID_V3 operations") Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Duoming Zhou <duoming@zju.edu.cn> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240229103153.18533-1-duoming@zju.edu.cn
|
#
379e5e83 |
|
22-Feb-2024 |
Alexey Berezhok <a@bayrepo.ru> |
wifi: brcmfmac: do not pass hidden SSID attribute as value directly In brcmf_cfg80211_start_ap() do not assume that NL80211_HIDDEN_SSID_NOT_IN_USE is zero but prefer an explicit check instead. Use local variable 'closednet' to pass in function call and use for error message. Compile tested only. Addition for the commit f20073f50dfd1 ("wifi: brcmfmac: do not cast hidden SSID attribute value to boolean"). Signed-off-by: Alexey Berezhok <a@bayrepo.ru> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240222122923.46691-1-a@bayrepo.ru
|
#
f20073f5 |
|
08-Feb-2024 |
Alexey Berezhok <a@bayrepo.ru> |
wifi: brcmfmac: do not cast hidden SSID attribute value to boolean In 'brcmf_cfg80211_start_ap()', not assume that NL80211_HIDDEN_SSID_NOT_IN_USE is zero but prefer an explicit check instead. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Alexey Berezhok <a@bayrepo.ru> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240208085121.2430-1-a@bayrepo.ru
|
#
9f7861c5 |
|
03-Jan-2024 |
Hector Martin <marcan@marcan.st> |
wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Using the WSEC command instead of sae_password seems to be the supported mechanism on newer firmware, and also how the brcmdhd driver does it. The existing firmware mechanism intended for (some) Cypress chips has been separated from the new firmware mechanism using the multi-vendor framework. Depending on the device it will select the appropriate firmware mechanism. This makes WPA3 work with iwd, or with wpa_supplicant pending a support patchset [2]. [1] https://rachelbythebay.com/w/2023/11/06/wpa3/ [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html Signed-off-by: Hector Martin <marcan@marcan.st> Reviewed-by: Neal Gompa <neal@gompa.dev> [arend.vanspriel@broadcom.com: use multi-vendor framework] Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240103095704.135651-5-arend.vanspriel@broadcom.com
|
#
31343230 |
|
03-Jan-2024 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
wifi: brcmfmac: export firmware interface functions With multi-vendor support the vendor-specific module may need to use the firmware interface functions so export them using the macro BRCMF_EXPORT_SYMBOL_GPL() which exports them to driver namespace. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240103095704.135651-2-arend.vanspriel@broadcom.com
|
#
0f735255 |
|
07-Jan-2024 |
Zheng Wang <zyytlz.wz@163.com> |
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm80211 driver,it starts with the following invoking chain to start init a timeout worker: ->brcmf_usb_probe ->brcmf_usb_probe_cb ->brcmf_attach ->brcmf_bus_started ->brcmf_cfg80211_attach ->wl_init_priv ->brcmf_init_escan ->INIT_WORK(&cfg->escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); If we disconnect the USB by hotplug, it will call brcmf_usb_disconnect to make cleanup. The invoking chain is : brcmf_usb_disconnect ->brcmf_usb_disconnect_cb ->brcmf_detach ->brcmf_cfg80211_detach ->kfree(cfg); While the timeout woker may still be running. This will cause a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker. Fix it by deleting the timer and canceling the worker in brcmf_cfg80211_detach. Fixes: e756af5b30b0 ("brcmfmac: add e-scan support.") Signed-off-by: Zheng Wang <zyytlz.wz@163.com> Cc: stable@vger.kernel.org [arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free] Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240107072504.392713-1-arend.vanspriel@broadcom.com
|
#
5bdda004 |
|
26-Jan-2024 |
Kees Cook <keescook@chromium.org> |
wifi: brcmfmac: Adjust n_channels usage for __counted_by After commit e3eac9f32ec0 ("wifi: cfg80211: Annotate struct cfg80211_scan_request with __counted_by"), the compiler may enforce dynamic array indexing of req->channels to stay below n_channels. As a result, n_channels needs to be increased _before_ accessing the newly added array index. Increment it first, then use "i" for the prior index. Solves this warning in the coming GCC that has __counted_by support: ../drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c: In function 'brcmf_internal_escan_add_info': ../drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:3783:46: warning: operation on 'req-> n_channels' may be undefined [-Wsequence-point] 3783 | req->channels[req->n_channels++] = chan; | ~~~~~~~~~~~~~~~^~ Fixes: e3eac9f32ec0 ("wifi: cfg80211: Annotate struct cfg80211_scan_request with __counted_by") Cc: Arend van Spriel <aspriel@gmail.com> Cc: Franky Lin <franky.lin@broadcom.com> Cc: Hante Meuleman <hante.meuleman@broadcom.com> Cc: Kalle Valo <kvalo@kernel.org> Cc: Chi-hsien Lin <chi-hsien.lin@infineon.com> Cc: Ian Lin <ian.lin@infineon.com> Cc: Johannes Berg <johannes.berg@intel.com> Cc: Wright Feng <wright.feng@cypress.com> Cc: Hector Martin <marcan@marcan.st> Cc: linux-wireless@vger.kernel.org Cc: brcm80211-dev-list.pdl@broadcom.com Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://msgid.link/20240126223150.work.548-kees@kernel.org
|
#
9d0d0a20 |
|
17-Oct-2023 |
Justin Stitt <justinstitt@google.com> |
wifi: brcm80211: replace deprecated strncpy with strscpy Let's move away from using strncpy and instead favor a less ambiguous and more robust interface. For ifp->ndev->name, we expect ifp->ndev->name to be NUL-terminated based on its use in format strings within core.c: 67 | char *brcmf_ifname(struct brcmf_if *ifp) 68 | { 69 | if (!ifp) 70 | return "<if_null>"; 71 | 72 | if (ifp->ndev) 73 | return ifp->ndev->name; 74 | 75 | return "<if_none>"; 76 | } ... 288 | static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb, 289 | struct net_device *ndev) { ... 330 | brcmf_dbg(INFO, "%s: insufficient headroom (%d)\n", 331 | brcmf_ifname(ifp), head_delta); ... 336 | bphy_err(drvr, "%s: failed to expand headroom\n", 337 | brcmf_ifname(ifp)); For di->name, we expect di->name to be NUL-terminated based on its usage with format strings: | brcms_dbg_dma(di->core, | "%s: DMA64 tx doesn't have AE set\n", | di->name); Looking at its allocation we can see that it is already zero-allocated which means NUL-padding is not required: | di = kzalloc(sizeof(struct dma_info), GFP_ATOMIC); For wlc->modulecb[i].name, we expect each name in wlc->modulecb to be NUL-terminated based on their usage with strcmp(): | if (!strcmp(wlc->modulecb[i].name, name) && NUL-padding is not required as wlc is zero-allocated in: brcms_c_attach_malloc() -> | wlc = kzalloc(sizeof(struct brcms_c_info), GFP_ATOMIC); For all these cases, a suitable replacement is `strscpy` due to the fact that it guarantees NUL-termination on the destination buffer without unnecessarily NUL-padding. Signed-off-by: Justin Stitt <justinstitt@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20231017-strncpy-drivers-net-wireless-broadcom-brcm80211-brcmfmac-cfg80211-c-v3-1-af780d74ae38@google.com
|
#
bb55441c |
|
25-Sep-2023 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: split struct cfg80211_ap_settings Using the full struct cfg80211_ap_settings for an update is misleading, since most settings cannot be updated. Split the update case off into a new struct cfg80211_ap_update. Change-Id: I3ba4dd9280938ab41252f145227a7005edf327e4 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
66f85d57 |
|
27-Jul-2023 |
Aloka Dixit <quic_alokad@quicinc.com> |
wifi: cfg80211: modify prototype for change_beacon Modify the prototype for change_beacon() in struct cfg80211_op to accept cfg80211_ap_settings instead of cfg80211_beacon_data so that it can process data in addition to beacons. Modify the prototypes of ieee80211_change_beacon() and driver specific functions accordingly. Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com> Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com> Link: https://lore.kernel.org/r/20230727174100.11721-4-quic_alokad@quicinc.com [while at it, remove pointless "if (info)" check in tracing that just makes all the lines longer than they need be - it's never NULL] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5add321c |
|
28-Aug-2023 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: remove scan_width support There really isn't any support for scanning at different channel widths than 20 MHz since there's no way to set it. Remove this support for now, if somebody wants to maintain this whole thing later we can revisit how it should work. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
07d69832 |
|
02-Aug-2023 |
Petr Tesarik <petr.tesarik.ext@huawei.com> |
wifi: brcm80211: handle params_v1 allocation failure Return -ENOMEM from brcmf_run_escan() if kzalloc() fails for v1 params. Fixes: 398ce273d6b1 ("wifi: brcmfmac: cfg80211: Add support for scan params v2") Signed-off-by: Petr Tesarik <petr.tesarik.ext@huawei.com> Link: https://lore.kernel.org/r/20230802163430.1656-1-petrtesarik@huaweicloud.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0da40e01 |
|
09-Mar-2023 |
Jisoo Jang <jisoo.jang@yonsei.ac.kr> |
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() Fix a slab-out-of-bounds read that occurs in kmemdup() called from brcmf_get_assoc_ies(). The bug could occur when assoc_info->req_len, data from a URB provided by a USB device, is bigger than the size of buffer which is defined as WL_EXTRA_BUF_MAX. Add the size check for req_len/resp_len of assoc_info. Found by a modified version of syzkaller. [ 46.592467][ T7] ================================================================== [ 46.594687][ T7] BUG: KASAN: slab-out-of-bounds in kmemdup+0x3e/0x50 [ 46.596572][ T7] Read of size 3014656 at addr ffff888019442000 by task kworker/0:1/7 [ 46.598575][ T7] [ 46.599157][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G O 5.14.0+ #145 [ 46.601333][ T7] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 46.604360][ T7] Workqueue: events brcmf_fweh_event_worker [ 46.605943][ T7] Call Trace: [ 46.606584][ T7] dump_stack_lvl+0x8e/0xd1 [ 46.607446][ T7] print_address_description.constprop.0.cold+0x93/0x334 [ 46.608610][ T7] ? kmemdup+0x3e/0x50 [ 46.609341][ T7] kasan_report.cold+0x79/0xd5 [ 46.610151][ T7] ? kmemdup+0x3e/0x50 [ 46.610796][ T7] kasan_check_range+0x14e/0x1b0 [ 46.611691][ T7] memcpy+0x20/0x60 [ 46.612323][ T7] kmemdup+0x3e/0x50 [ 46.612987][ T7] brcmf_get_assoc_ies+0x967/0xf60 [ 46.613904][ T7] ? brcmf_notify_vif_event+0x3d0/0x3d0 [ 46.614831][ T7] ? lock_chain_count+0x20/0x20 [ 46.615683][ T7] ? mark_lock.part.0+0xfc/0x2770 [ 46.616552][ T7] ? lock_chain_count+0x20/0x20 [ 46.617409][ T7] ? mark_lock.part.0+0xfc/0x2770 [ 46.618244][ T7] ? lock_chain_count+0x20/0x20 [ 46.619024][ T7] brcmf_bss_connect_done.constprop.0+0x241/0x2e0 [ 46.620019][ T7] ? brcmf_parse_configure_security.isra.0+0x2a0/0x2a0 [ 46.620818][ T7] ? __lock_acquire+0x181f/0x5790 [ 46.621462][ T7] brcmf_notify_connect_status+0x448/0x1950 [ 46.622134][ T7] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 46.622736][ T7] ? brcmf_cfg80211_join_ibss+0x7b0/0x7b0 [ 46.623390][ T7] ? find_held_lock+0x2d/0x110 [ 46.623962][ T7] ? brcmf_fweh_event_worker+0x19f/0xc60 [ 46.624603][ T7] ? mark_held_locks+0x9f/0xe0 [ 46.625145][ T7] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 46.625871][ T7] ? brcmf_cfg80211_join_ibss+0x7b0/0x7b0 [ 46.626545][ T7] brcmf_fweh_call_event_handler.isra.0+0x90/0x100 [ 46.627338][ T7] brcmf_fweh_event_worker+0x557/0xc60 [ 46.627962][ T7] ? brcmf_fweh_call_event_handler.isra.0+0x100/0x100 [ 46.628736][ T7] ? rcu_read_lock_sched_held+0xa1/0xd0 [ 46.629396][ T7] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 46.629970][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 46.630649][ T7] process_one_work+0x92b/0x1460 [ 46.631205][ T7] ? pwq_dec_nr_in_flight+0x330/0x330 [ 46.631821][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 46.632347][ T7] worker_thread+0x95/0xe00 [ 46.632832][ T7] ? __kthread_parkme+0x115/0x1e0 [ 46.633393][ T7] ? process_one_work+0x1460/0x1460 [ 46.633957][ T7] kthread+0x3a1/0x480 [ 46.634369][ T7] ? set_kthread_struct+0x120/0x120 [ 46.634933][ T7] ret_from_fork+0x1f/0x30 [ 46.635431][ T7] [ 46.635687][ T7] Allocated by task 7: [ 46.636151][ T7] kasan_save_stack+0x1b/0x40 [ 46.636628][ T7] __kasan_kmalloc+0x7c/0x90 [ 46.637108][ T7] kmem_cache_alloc_trace+0x19e/0x330 [ 46.637696][ T7] brcmf_cfg80211_attach+0x4a0/0x4040 [ 46.638275][ T7] brcmf_attach+0x389/0xd40 [ 46.638739][ T7] brcmf_usb_probe+0x12de/0x1690 [ 46.639279][ T7] usb_probe_interface+0x2aa/0x760 [ 46.639820][ T7] really_probe+0x205/0xb70 [ 46.640342][ T7] __driver_probe_device+0x311/0x4b0 [ 46.640876][ T7] driver_probe_device+0x4e/0x150 [ 46.641445][ T7] __device_attach_driver+0x1cc/0x2a0 [ 46.642000][ T7] bus_for_each_drv+0x156/0x1d0 [ 46.642543][ T7] __device_attach+0x23f/0x3a0 [ 46.643065][ T7] bus_probe_device+0x1da/0x290 [ 46.643644][ T7] device_add+0xb7b/0x1eb0 [ 46.644130][ T7] usb_set_configuration+0xf59/0x16f0 [ 46.644720][ T7] usb_generic_driver_probe+0x82/0xa0 [ 46.645295][ T7] usb_probe_device+0xbb/0x250 [ 46.645786][ T7] really_probe+0x205/0xb70 [ 46.646258][ T7] __driver_probe_device+0x311/0x4b0 [ 46.646804][ T7] driver_probe_device+0x4e/0x150 [ 46.647387][ T7] __device_attach_driver+0x1cc/0x2a0 [ 46.647926][ T7] bus_for_each_drv+0x156/0x1d0 [ 46.648454][ T7] __device_attach+0x23f/0x3a0 [ 46.648939][ T7] bus_probe_device+0x1da/0x290 [ 46.649478][ T7] device_add+0xb7b/0x1eb0 [ 46.649936][ T7] usb_new_device.cold+0x49c/0x1029 [ 46.650526][ T7] hub_event+0x1c98/0x3950 [ 46.650975][ T7] process_one_work+0x92b/0x1460 [ 46.651535][ T7] worker_thread+0x95/0xe00 [ 46.651991][ T7] kthread+0x3a1/0x480 [ 46.652413][ T7] ret_from_fork+0x1f/0x30 [ 46.652885][ T7] [ 46.653131][ T7] The buggy address belongs to the object at ffff888019442000 [ 46.653131][ T7] which belongs to the cache kmalloc-2k of size 2048 [ 46.654669][ T7] The buggy address is located 0 bytes inside of [ 46.654669][ T7] 2048-byte region [ffff888019442000, ffff888019442800) [ 46.656137][ T7] The buggy address belongs to the page: [ 46.656720][ T7] page:ffffea0000651000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19440 [ 46.657792][ T7] head:ffffea0000651000 order:3 compound_mapcount:0 compound_pincount:0 [ 46.658673][ T7] flags: 0x100000000010200(slab|head|node=0|zone=1) [ 46.659422][ T7] raw: 0100000000010200 0000000000000000 dead000000000122 ffff888100042000 [ 46.660363][ T7] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 46.661236][ T7] page dumped because: kasan: bad access detected [ 46.661956][ T7] page_owner tracks the page as allocated [ 46.662588][ T7] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7, ts 31136961085, free_ts 0 [ 46.664271][ T7] prep_new_page+0x1aa/0x240 [ 46.664763][ T7] get_page_from_freelist+0x159a/0x27c0 [ 46.665340][ T7] __alloc_pages+0x2da/0x6a0 [ 46.665847][ T7] alloc_pages+0xec/0x1e0 [ 46.666308][ T7] allocate_slab+0x380/0x4e0 [ 46.666770][ T7] ___slab_alloc+0x5bc/0x940 [ 46.667264][ T7] __slab_alloc+0x6d/0x80 [ 46.667712][ T7] kmem_cache_alloc_trace+0x30a/0x330 [ 46.668299][ T7] brcmf_usbdev_qinit.constprop.0+0x50/0x470 [ 46.668885][ T7] brcmf_usb_probe+0xc97/0x1690 [ 46.669438][ T7] usb_probe_interface+0x2aa/0x760 [ 46.669988][ T7] really_probe+0x205/0xb70 [ 46.670487][ T7] __driver_probe_device+0x311/0x4b0 [ 46.671031][ T7] driver_probe_device+0x4e/0x150 [ 46.671604][ T7] __device_attach_driver+0x1cc/0x2a0 [ 46.672192][ T7] bus_for_each_drv+0x156/0x1d0 [ 46.672739][ T7] page_owner free stack trace missing [ 46.673335][ T7] [ 46.673620][ T7] Memory state around the buggy address: [ 46.674213][ T7] ffff888019442700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.675083][ T7] ffff888019442780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.675994][ T7] >ffff888019442800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.676875][ T7] ^ [ 46.677323][ T7] ffff888019442880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.678190][ T7] ffff888019442900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.679052][ T7] ================================================================== [ 46.679945][ T7] Disabling lock debugging due to kernel taint [ 46.680725][ T7] Kernel panic - not syncing: Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Jisoo Jang <jisoo.jang@yonsei.ac.kr> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr
|
#
659fda7f |
|
03-Mar-2023 |
Hans de Goede <hdegoede@redhat.com> |
wifi: brcmfmac: Use ISO3166 country code and rev 0 as fallback on 4356 Many devices ship with a nvram ccode value of X2/XT/XU/XV/ALL which are all special world-wide compatibility ccode-s. Most of these world-wide ccode-s allow passive scan mode only for 2.4GHz channels 12-14, only enabling them when an AP is seen on them. Since linux-firmware has moved to the new cyfmac4356-pci.bin + cyfmac4356-pci.clm_blob firmware files this no longer works and 4356 devices using e.g. an X2 ccode fail to connect to an AP on channel 13. Add the 4356 chip-id to the list of chips for which to use the ISO3166 country code + rev 0 as fallback in brcmf_translate_country_code() to fix this. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230303222331.285663-1-hdegoede@redhat.com
|
#
89b89e52 |
|
14-Feb-2023 |
Hector Martin <marcan@marcan.st> |
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware (e.g. BCM4387). It seems there was a simple way of passing it in binary all along, so use that and avoid the hexification. OpenBSD has been doing it like this from the beginning, so this should work on all chips. Also clear the structure before setting the PMK. This was leaking uninitialized stack contents to the device. Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Hector Martin <marcan@marcan.st> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230214092423.15175-6-marcan@marcan.st
|
#
a96202ac |
|
14-Feb-2023 |
Hector Martin <marcan@marcan.st> |
wifi: brcmfmac: cfg80211: Add support for PMKID_V3 operations Add support for the new PMKID_V3 API, which allows performing PMKID mutations individually, instead of requiring the driver to keep track of the full list. This new API is required by at least BCM4387. Note that PMKID_V2 is not implemented yet. Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Hector Martin <marcan@marcan.st> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230214092423.15175-5-marcan@marcan.st
|
#
398ce273 |
|
14-Feb-2023 |
Hector Martin <marcan@marcan.st> |
wifi: brcmfmac: cfg80211: Add support for scan params v2 This new API version is required for at least the BCM4387 firmware. Add support for it, with a fallback to the v1 API. Acked-by: Linus Walleij <linus.walleij@linaro.org> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Hector Martin <marcan@marcan.st> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230214092423.15175-3-marcan@marcan.st
|
#
ec52d77d |
|
24-Jan-2023 |
John Keeping <john@metanate.com> |
wifi: brcmfmac: support CQM RSSI notification with older firmware Using the BCM4339 firmware from linux-firmware (version "BCM4339/2 wl0: Sep 5 2019 11:05:52 version 6.37.39.113 (r722271 CY)" from cypress/cyfmac4339-sdio.bin) the RSSI respose is only 4 bytes, which results in an error being logged. It seems that older devices send only the RSSI field and neither SNR nor noise is included. Handle this by accepting a 4 byte message and reading only the RSSI from it. Fixes: 7dd56ea45a66 ("brcmfmac: add support for CQM RSSI notifications") Signed-off-by: John Keeping <john@metanate.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230124104248.2917465-1-john@metanate.com
|
#
5fac1858 |
|
03-Jan-2023 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
wifi: brcmfmac: change cfg80211_set_channel() name and signature The function cfg80211_set_channel() is an static function in brcmfmac but the name is misleading. Hence rename it with 'brcmf' prefix. Also changing the parameters to avoid additional conversions. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230103124117.271988-4-arend.vanspriel@broadcom.com
|
#
aadb50d1 |
|
03-Jan-2023 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
wifi: brcmfmac: avoid NULL-deref in survey dump for 2G only device When dealing with a device for 2GHz band only the wiphy->bands for 5GHz will be NULL. This would result in a NULL-deref in the brcmf_cfg80211_dump_survey() function. Rework the code with a for-loop to make it easier to add another band. Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for HostApd AutoChannelSelection") Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230103124117.271988-3-arend.vanspriel@broadcom.com
|
#
e5d1ab1a |
|
03-Jan-2023 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
wifi: brcmfmac: avoid handling disabled channels for survey dump An issue was reported in which periodically error messages are printed in the kernel log: [ 26.303445] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6 [ 26.303554] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.bin failed with error -2 [ 26.516752] brcmfmac_wcc: brcmf_wcc_attach: executing [ 26.528264] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Jan 4 2021 19:56:29 version 7.45.229 (617f1f5 CY) FWID 01-2dbd9d2e [ 27.076829] Bluetooth: hci0: BCM: features 0x2f [ 27.078592] Bluetooth: hci0: BCM43455 37.4MHz Raspberry Pi 3+ [ 27.078601] Bluetooth: hci0: BCM4345C0 (003.001.025) build 0342 [ 30.142104] Adding 102396k swap on /var/swap. Priority:-2 extents:1 across:102396k SS [ 30.590017] Bluetooth: MGMT ver 1.22 [ 104.897615] brcmfmac: cfg80211_set_channel: set chanspec 0x100e fail, reason -52 [ 104.897992] brcmfmac: cfg80211_set_channel: set chanspec 0xd022 fail, reason -52 [ 105.007672] brcmfmac: cfg80211_set_channel: set chanspec 0xd026 fail, reason -52 [ 105.117654] brcmfmac: cfg80211_set_channel: set chanspec 0xd02a fail, reason -52 [ 105.227636] brcmfmac: cfg80211_set_channel: set chanspec 0xd02e fail, reason -52 [ 106.987552] brcmfmac: cfg80211_set_channel: set chanspec 0xd090 fail, reason -52 [ 106.987911] brcmfmac: cfg80211_set_channel: set chanspec 0xd095 fail, reason -52 [ 106.988233] brcmfmac: cfg80211_set_channel: set chanspec 0xd099 fail, reason -52 [ 106.988565] brcmfmac: cfg80211_set_channel: set chanspec 0xd09d fail, reason -52 [ 106.988909] brcmfmac: cfg80211_set_channel: set chanspec 0xd0a1 fail, reason -52 This happens in brcmf_cfg80211_dump_survey() because we try a disabled channel. When channel is marked as disabled we do not need to fill any other info so bail out. Fixes: 6c04deae1438 ("brcmfmac: Add dump_survey cfg80211 ops for HostApd AutoChannelSelection") Reported-by: Stefan Wahren <stefan.wahren@i2se.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Tested-by: Stefan Wahren <stefan.wahren@i2se.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230103124117.271988-2-arend.vanspriel@broadcom.com
|
#
4920ab13 |
|
16-Nov-2022 |
Minsuk Kang <linuxlovemin@yonsei.ac.kr> |
wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count value of channel specifications provided by the device is greater than the length of 'list->element[]', decided by the size of the 'list' allocated with kzalloc(). The patch adds checks that make the functions free the buffer and return -EINVAL if that is the case. Note that the negative return is handled by the caller, brcmf_setup_wiphybands() or brcmf_cfg80211_attach(). Found by a modified version of syzkaller. Crash Report from brcmf_construct_chaninfo(): ================================================================== BUG: KASAN: slab-out-of-bounds in brcmf_setup_wiphybands+0x1238/0x1430 Read of size 4 at addr ffff888115f24600 by task kworker/0:2/1896 CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G W O 5.14.0+ #132 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: dump_stack_lvl+0x57/0x7d print_address_description.constprop.0.cold+0x93/0x334 kasan_report.cold+0x83/0xdf brcmf_setup_wiphybands+0x1238/0x1430 brcmf_cfg80211_attach+0x2118/0x3fd0 brcmf_attach+0x389/0xd40 brcmf_usb_probe+0x12de/0x1690 usb_probe_interface+0x25f/0x710 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_set_configuration+0x984/0x1770 usb_generic_driver_probe+0x69/0x90 usb_probe_device+0x9c/0x220 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_new_device.cold+0x463/0xf66 hub_event+0x10d5/0x3330 process_one_work+0x873/0x13e0 worker_thread+0x8b/0xd10 kthread+0x379/0x450 ret_from_fork+0x1f/0x30 Allocated by task 1896: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0x7c/0x90 kmem_cache_alloc_trace+0x19e/0x330 brcmf_setup_wiphybands+0x290/0x1430 brcmf_cfg80211_attach+0x2118/0x3fd0 brcmf_attach+0x389/0xd40 brcmf_usb_probe+0x12de/0x1690 usb_probe_interface+0x25f/0x710 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_set_configuration+0x984/0x1770 usb_generic_driver_probe+0x69/0x90 usb_probe_device+0x9c/0x220 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_new_device.cold+0x463/0xf66 hub_event+0x10d5/0x3330 process_one_work+0x873/0x13e0 worker_thread+0x8b/0xd10 kthread+0x379/0x450 ret_from_fork+0x1f/0x30 The buggy address belongs to the object at ffff888115f24000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 1536 bytes inside of 2048-byte region [ffff888115f24000, ffff888115f24800) Memory state around the buggy address: ffff888115f24500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888115f24580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888115f24600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888115f24680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888115f24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== Crash Report from brcmf_enable_bw40_2g(): ================================================================== BUG: KASAN: slab-out-of-bounds in brcmf_cfg80211_attach+0x3d11/0x3fd0 Read of size 4 at addr ffff888103787600 by task kworker/0:2/1896 CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G W O 5.14.0+ #132 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: dump_stack_lvl+0x57/0x7d print_address_description.constprop.0.cold+0x93/0x334 kasan_report.cold+0x83/0xdf brcmf_cfg80211_attach+0x3d11/0x3fd0 brcmf_attach+0x389/0xd40 brcmf_usb_probe+0x12de/0x1690 usb_probe_interface+0x25f/0x710 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_set_configuration+0x984/0x1770 usb_generic_driver_probe+0x69/0x90 usb_probe_device+0x9c/0x220 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_new_device.cold+0x463/0xf66 hub_event+0x10d5/0x3330 process_one_work+0x873/0x13e0 worker_thread+0x8b/0xd10 kthread+0x379/0x450 ret_from_fork+0x1f/0x30 Allocated by task 1896: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0x7c/0x90 kmem_cache_alloc_trace+0x19e/0x330 brcmf_cfg80211_attach+0x3302/0x3fd0 brcmf_attach+0x389/0xd40 brcmf_usb_probe+0x12de/0x1690 usb_probe_interface+0x25f/0x710 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_set_configuration+0x984/0x1770 usb_generic_driver_probe+0x69/0x90 usb_probe_device+0x9c/0x220 really_probe+0x1be/0xa90 __driver_probe_device+0x2ab/0x460 driver_probe_device+0x49/0x120 __device_attach_driver+0x18a/0x250 bus_for_each_drv+0x123/0x1a0 __device_attach+0x207/0x330 bus_probe_device+0x1a2/0x260 device_add+0xa61/0x1ce0 usb_new_device.cold+0x463/0xf66 hub_event+0x10d5/0x3330 process_one_work+0x873/0x13e0 worker_thread+0x8b/0xd10 kthread+0x379/0x450 ret_from_fork+0x1f/0x30 The buggy address belongs to the object at ffff888103787000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 1536 bytes inside of 2048-byte region [ffff888103787000, ffff888103787800) Memory state around the buggy address: ffff888103787500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888103787580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888103787600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888103787680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888103787700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== Reported-by: Dokyung Song <dokyungs@yonsei.ac.kr> Reported-by: Jisoo Jang <jisoo.jang@yonsei.ac.kr> Reported-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20221116142952.518241-1-linuxlovemin@yonsei.ac.kr
|
#
c81c1fd4 |
|
24-Oct-2022 |
Prasanna Kerekoppa <prasanna.kerekoppa@cypress.com> |
wifi: brcmfmac: Avoiding Connection delay Channel info passed by supplicant is not given to firmware. This causes delay (about 3seconds) due to full scan. Supplicant already provides the channel info for the specific SSID. channel_hint carries this channel info for the connect call back. Patch has been verified on 43012 and 43455. Signed-off-by: Prasanna Kerekoppa <prasanna.kerekoppa@cypress.com> Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20221024085215.27616-4-ian.lin@infineon.com
|
#
52617bee |
|
24-Oct-2022 |
Wataru Gohda <wataru.gohda@cypress.com> |
wifi: brcmfmac: Fix for when connect request is not success Currently brcmfmac is expecting to be set for both BRCMF_VIF_STATUS_EAP_SUCCESS and BRCMF_VIF_STATUS_EAP status bit based on dongle event and those bits are cleared to complete connect request successfully. But when connect request is finished unsuccessfully, either BRCMF_VIF_STATUS_EAP_SUCCESS / BRCMF_VIF_STATUS_EAP bits are not cleared depending on how the connect fail event happens. These status bits are carried over to following new connect request and this will lead to generate below kernel warning for some case. Worst case status mismatch happens between dongle and wpa_supplicant. WARNING: ../net/wireless/sme.c:756 __cfg80211_connect_result+0x42c/0x4a0 [cfg80211] The fix is to clear the BRCMF_VIF_STATUS_EAP_SUCCESS / BRCMF_VIF_STATUS_EAP bits during the link down process and add to call link down process when link down event received during BRCMF_VIF_STATUS_CONNECTING as well as BRCMF_VIF_STATUS_CONNECTED state. Signed-off-by: Wataru Gohda <wataru.gohda@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20221024085215.27616-3-ian.lin@infineon.com
|
#
0ff57171 |
|
07-Sep-2022 |
Vinayak Yadawad <vinayak.yadawad@broadcom.com> |
cfg80211: Update Transition Disable policy during port authorization In case of 4way handshake offload, transition disable policy updated by the AP during EAPOL 3/4 is not updated to the upper layer. This results in mismatch between transition disable policy between the upper layer and the driver. This patch addresses this issue by updating transition disable policy as part of port authorization indication. Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1562bdef |
|
28-Sep-2022 |
Prasanna Kerekoppa <prasanna.kerekoppa@infineon.com> |
brcmfmac: Fix AP interface delete issue Fixes the ap interface delete issue. Fix is to make sure interface is created with supported version. Patch has been verified by creating and deleting AP interface. Signed-off-by: Prasanna Kerekoppa <prasanna.kerekoppa@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220929050614.31518-4-ian.lin@infineon.com
|
#
4388827b |
|
28-Sep-2022 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: support station interface creation version 1, 2 and 3 To create virtual station interface for RSDB and VSDB, we add interface creation version 1, 2 and 3 supports The structures of each version are different and only version 3 and later version are able to get interface creating version from firmware side. The patch has been verified two concurrent stations pings test with interface create version 1: 89342(4359b1)-PCIE: 9.40.100 interface create version 2: 4373a0-sdio: 13.10.271 interface create version 3: 4373a0-sdio: 13.35.48 Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220929050614.31518-3-ian.lin@infineon.com
|
#
2b5fb30f |
|
28-Sep-2022 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: add creating station interface support With RSDB device, it is able to control two station interfaces concurrently. So we add creating station interface support and allow user to create it via cfg80211. Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220929050614.31518-2-ian.lin@infineon.com
|
#
62ccb2e6 |
|
28-Sep-2022 |
Ramesh Rangavittal <ramesh.rangavittal@infineon.com> |
brcmfmac: Fix authentication latency caused by OBSS stats survey Auto Channel Select feature of HostAP uses dump_survey to fetch OBSS statistics. When the device is in the middle of an authentication sequence or just at the end of authentication completion, running dump_survey would trigger a channel change. The channel change in-turn can cause packet loss, resulting in authentication delay. With this change, dump_survey won't be run when authentication or association is in progress, hence resolving the issue. Signed-off-by: Ramesh Rangavittal <ramesh.rangavittal@infineon.com> Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220929012527.4152-5-ian.lin@infineon.com
|
#
25076fe2 |
|
28-Sep-2022 |
Double Lo <double.lo@cypress.com> |
brcmfmac: fix CERT-P2P:5.1.10 failure This patch fix CERT-P2P:5.1.10 failure at step 18 Group formation failed due to chip is under dump survey. Decrease the dump survery duration to pass this certification case. Signed-off-by: Double Lo <double.lo@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220929012527.4152-4-ian.lin@infineon.com
|
#
216647e6 |
|
28-Sep-2022 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: fix firmware trap while dumping obss stats When doing dump_survey, host will call "dump_obss" iovar to firmware side. Host need to make sure the HW clock in dongle is on, or there is high probability that firmware gets trap because register or shared memory access failed. To fix this, we disable mpc when doing dump obss and set it back after that. [28350.512799] brcmfmac: brcmf_dump_obss: dump_obss error (-52) [28743.402314] ieee80211 phy0: brcmf_fw_crashed: Firmware has halted or crashed [28745.869430] brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout [28745.877546] brcmfmac: brcmf_sdio_checkdied: firmware trap in dongle Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220929012527.4152-3-ian.lin@infineon.com
|
#
6c04deae |
|
28-Sep-2022 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: Add dump_survey cfg80211 ops for HostApd AutoChannelSelection To enable ACS feature in Hostap daemon, dump_survey cfg80211 ops and dump obss survey command in firmware side are needed. This patch is for adding dump_survey feature and adding DUMP_OBSS feature flag to check if firmware supports dump_obss iovar. Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220929012527.4152-2-ian.lin@infineon.com
|
#
a373f38c |
|
22-Sep-2022 |
Ramesh Rangavittal <ramesh.rangavittal@infineon.com> |
brcmfmac: Remove the call to "dtim_assoc" IOVAR When STA roams from one AP to another, after roam is complete, host driver tries to get TIM information from firmware. This is no longer supported in the firmware & hence, this call will always fail. This failure results in the below message being displayed on the console all the time when roam is done. ieee80211 phy0: brcmf_update_bss_info: wl dtim_assoc failed (-52) Changes ensure that the host driver will no longer try to get TIM information from firmware. Signed-off-by: Ramesh Rangavittal <ramesh.rangavittal@infineon.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Ian Lin <ian.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220922104140.11889-5-ian.lin@infineon.com
|
#
e56a7708 |
|
31-Aug-2022 |
Jinpeng Cui <cui.jinpeng2@zte.com.cn> |
wifi: brcmfmac: remove redundant variable err Return value from brcmf_fil_iovar_data_set() and brcmf_config_ap_mgmt_ie() directly instead of taking this in another redundant variable. Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Jinpeng Cui <cui.jinpeng2@zte.com.cn> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220831132254.303697-1-cui.jinpeng2@zte.com.cn
|
#
d173d020 |
|
10-Aug-2022 |
Hans de Goede <hdegoede@redhat.com> |
wifi: brcmfmac: Use ISO3166 country code and rev 0 as fallback on 43430 Many devices ship with a nvram ccode value of X2/XT/XU/XV/ALL which are all special world-wide compatibility ccode-s. Most of these world-wide ccode-s allow passive scan mode only for 2.4GHz channels 12-14, only enabling them when an AP is seen on them. Since linux-firmware has moved to the new cyfmac43430-sdio.bin + cyfmac43430-sdio.clm_blob firmware files this no longer works and 43430 devices using e.g. an X2 ccode fail to connect to an AP on channel 13. Add the 43430 chip-id to the list of chips for which to use the ISO3166 country code + rev 0 as fallback in brcmf_translate_country_code() to fix this. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220810142328.141030-1-hdegoede@redhat.com
|
#
e7a7b84e |
|
29-Jul-2022 |
Veerendranath Jakkam <quic_vjakkam@quicinc.com> |
wifi: cfg80211: Add link_id parameter to various key operations for MLO Add support for various key operations on MLD by adding new parameter link_id. Pass the link_id received from userspace to driver for add_key, get_key, del_key, set_default_key, set_default_mgmt_key and set_default_beacon_key to support configuring keys specific to each MLO link. Userspace must not specify link ID for MLO pairwise key since it is common for all the MLO links. Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com> Link: https://lore.kernel.org/r/20220730052643.1959111-4-quic_vjakkam@quicinc.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5606aeaa |
|
22-Jul-2022 |
Wataru Gohda <wataru.gohda@cypress.com> |
wifi: brcmfmac: Fix to add brcmf_clear_assoc_ies when rmmod Conn_info->req_ie/resp_ie is used to indicate the assoc_req_ies / assoc_resp_ies to cfg80211 layer when connection is done. The buffer is freed and allocated again at next connection establishment. The buffers also needs to be freed at the timing of rmmod as well. Signed-off-by: Wataru Gohda <wataru.gohda@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220722115632.620681-5-alvin@pqrs.dk
|
#
5c54ab24 |
|
11-Jul-2022 |
Alvin Šipraga <alsi@bang-olufsen.dk> |
wifi: brcmfmac: support brcm,ccode-map-trivial DT property Commit a21bf90e927f ("brcmfmac: use ISO3166 country code and 0 rev as fallback on some devices") introduced a fallback mechanism whereby a trivial mapping from ISO3166 country codes to firmware country code and revision is used on some devices. This fallback operates on the device level, so it is enabled only for certain supported chipsets. In general though, the firmware country codes are determined by the CLM blob, which is board-specific and may vary despite the underlying chipset being the same. The aforementioned commit is actually a refinement of a previous commit that was reverted in commit 151a7c12c4fc ("Revert "brcmfmac: use ISO3166 country code and 0 rev as fallback"") due to regressions with a BCM4359 device. The refinement restricted the fallback mechanism to specific chipsets such as the BCM4345. We use a chipset - CYW88359 - that the driver identifies as a BCM4359 too. But in our case, the CLM blob uses ISO3166 country codes internally, and all with revision 0. So the trivial mapping is exactly what is needed in order for the driver to sync the kernel regulatory domain to the firmware. This is just a matter of how the CLM blob was prepared by the hardware vendor. The same could hold for other boards too. Although the brcm,ccode-map device tree property is useful for cases where the mapping is more complex, the trivial case invites a much simpler specification. This patch adds support for parsing the brcm,ccode-map-trivial device tree property. Subordinate to the more specific brcm,ccode-map property, this new proprety simply informs the driver that the fallback method should be used in every case. In the absence of the new property in the device tree, expect no functional change. Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk> Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220711123005.3055300-3-alvin@pqrs.dk
|
#
efbabc11 |
|
08-Jun-2022 |
Veerendranath Jakkam <quic_vjakkam@quicinc.com> |
cfg80211: Indicate MLO connection info in connect and roam callbacks The MLO links used for connection with an MLD AP are decided by the driver in case of SME offloaded to driver. Add support for the drivers to indicate the information of links used for MLO connection in connect and roam callbacks, update the connected links information in wdev from connect/roam result sent by driver. Also, send the connected links information to userspace. Add a netlink flag attribute to indicate that userspace supports handling of MLO connection. Drivers must not do MLO connection when this flag is not set. This is to maintain backwards compatibility with older supplicant versions which doesn't have support for MLO connection. Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7b0a0e3c |
|
14-Apr-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: do some rework towards MLO link APIs In order to support multi-link operation with multiple links, start adding some APIs. The notable addition here is to have the link ID in a new nl80211 attribute, that will be used to differentiate the links in many nl80211 operations. So far, this patch adds the netlink NL80211_ATTR_MLO_LINK_ID attribute (as well as the NL80211_ATTR_MLO_LINKS attribute) and plugs it through the system in some places, checking the validity etc. along with other infrastructure needed for it. For now, I've decided to include only the over-the-air link ID in the API. I know we discussed that we eventually need to have to have other ways of identifying a link, but for local AP mode and auth/assoc commands as well as set_key etc. we'll use the OTA ID. Also included in this patch is some refactoring of the data structures in struct wireless_dev, splitting for the first time the data into type dependent pieces, to make reasoning about these things easier. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
84f23fb1 |
|
20-May-2022 |
Jakub Kicinski <kuba@kernel.org> |
wifi: brcmfmac: work around a GCC 12 -Warray-bounds warning GCC 12 really doesn't like partial struct allocations: drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:2202:32: warning: array subscript ‘struct brcmf_ext_join_params_le[0]’ is partly outside array bounds of ‘void[70]’ [-Warray-bounds] 2202 | ext_join_params->scan_le.passive_time = | ^~ brcmfmac is trying to save 2 bytes at the end by either allocating or not allocating a channel member. Let's keep @join_params_size the "right" size but kmalloc() the full structure. Acked-by: Kalle Valo <kvalo@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
21947f3a |
|
23-Apr-2022 |
Hamid Zamani <hzamani.cs91@gmail.com> |
brcmfmac: use ISO3166 country code and 0 rev as fallback on brcmfmac43602 chips This uses ISO3166 country code and 0 rev on brcmfmac43602 chips. Without this patch 80 MHz width is not selected on 5 GHz channels. Commit a21bf90e927f ("brcmfmac: use ISO3166 country code and 0 rev as fallback on some devices") provides a way to specify chips for using the fallback case. Before commit 151a7c12c4fc ("Revert "brcmfmac: use ISO3166 country code and 0 rev as fallback"") brcmfmac43602 devices works correctly and for this specific case 80 MHz width is selected. Signed-off-by: Hamid Zamani <hzamani.cs91@gmail.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220423111237.60892-1-hzamani.cs91@gmail.com
|
#
2386f64c |
|
07-Mar-2022 |
Colin Ian King <colin.king@intel.com> |
brcmfmac: make the read-only array pktflags static const Don't populate the read-only array pktflags on the stack but instead make it static const. Also makes the object code a little smaller. Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220307223227.165963-1-colin.i.king@gmail.com
|
#
a21bf90e |
|
18-Dec-2021 |
Hans de Goede <hdegoede@redhat.com> |
brcmfmac: use ISO3166 country code and 0 rev as fallback on some devices This is a second attempt at honering the country code send out by access points. This was first added in commit b0b524f079a2 ("brcmfmac: use ISO3166 country code and 0 rev as fallback"). Subsequently this was reverted in commit 151a7c12c4fc ("Revert "brcmfmac: use ISO3166 country code and 0 rev as fallback""), because it was causing issues with AP mode on some brcmfmac models (specifically on BCM4359/9). Many devices ship with a nvram ccode value of X2/XT/XU/XV/ALL which are all special world-wide compatibility ccode-s. Most of these world-wide ccode-s allow passive scan mode only for 2.4GHz channels 12-14, only enabling them when an AP is seen on them. But at least on brcmfmac43455 devices this is not working correctly, these do not see accesspoints on channels 12-14 unless the ccode is changes to a country where these channels are allowed. Translating received country codes to an ISO3166 country code and 0 rev ccreq fixes devices using a brcmfmac43455 with a X2/XT/XU/XV/ALL ccode not seeing accesspoints on channels 12-14. To avoid this causing issues on other brcmfmac models again, the fallback is limited to only brcmfmac4345* chips this time. Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Soeren Moch <smoch@web.de> Cc: Fabio Aiuto <fabioaiuto83@gmail.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Tested-by: Soeren Moch <smoch@web.de> # on BCM4359/9 Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20211218185643.158182-1-hdegoede@redhat.com
|
#
3db30b79 |
|
08-Dec-2021 |
Loic Poulain <loic.poulain@linaro.org> |
brcmfmac: Fix incorrect type assignments for keep-alive cpu_to_le16 has been used for all keep-alive fields, but 'perdio_msec' is a 32-bit field and 'keep_alive_id' a 8-bit one. Fix that. Fixes: 7a6cfe28ae3e ("brcmfmac: Configure keep-alive packet on suspend") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Loic Poulain <loic.poulain@linaro.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/1638953708-29192-1-git-send-email-loic.poulain@linaro.org
|
#
7a6cfe28 |
|
22-Nov-2021 |
Loic Poulain <loic.poulain@linaro.org> |
brcmfmac: Configure keep-alive packet on suspend When entering suspend as a client station with wowlan enabled, the Wi-Fi link is supposed to be maintained. In that state, no more data is generated from client side, and the link stays idle as long the station is suspended and as long the AP as no data to transmit. However, most of the APs kick-off such 'inactive' stations after few minutes, causing unexpected disconnect (reconnect, etc...). The usual way to prevent this is to submit a Null function frame periodically as a keep-alive. This is something that can be host /software generated (e.g. wpa_supplicant), but that needs to be offloaded to the Wi-Fi controller in case of suspended host. This change enables firmware generated keep-alive frames when entering wowlan suspend, using the 'mkeep_alive' IOVAR. Signed-off-by: Loic Poulain <loic.poulain@linaro.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1637596046-21651-1-git-send-email-loic.poulain@linaro.org
|
#
beca6bd9 |
|
01-Sep-2021 |
James Prestwood <prestwoj@gmail.com> |
brcmfmac: fix incorrect error prints An unsupported AKM would end up printing "invalid cipher group". Instead print "invalid akm suite" with the offending AKM. Signed-off-by: James Prestwood <prestwoj@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210901190641.255624-1-prestwoj@gmail.com
|
#
151a7c12 |
|
26-Sep-2021 |
Soeren Moch <smoch@web.de> |
Revert "brcmfmac: use ISO3166 country code and 0 rev as fallback" This reverts commit b0b524f079a23e440dd22b04e369368dde847533. Commit b0b524f079a2 ("brcmfmac: use ISO3166 country code and 0 rev as fallback") changes country setup to directly use ISO3166 country codes if no more specific code is configured. This was done under the assumption that brcmfmac firmwares can handle such simple direct mapping from country codes to firmware ccode values. Unfortunately this is not true for all chipset/firmware combinations. E.g. BCM4359/9 devices stop working as access point with this change, so revert the offending commit to avoid the regression. Signed-off-by: Soeren Moch <smoch@web.de> Cc: stable@vger.kernel.org # 5.14.x Acked-by: Shawn Guo <shawn.guo@linaro.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210926201905.211605-1-smoch@web.de
|
#
4b51de06 |
|
24-Aug-2021 |
Paweł Drewniak <czajernia@gmail.com> |
brcmfmac: Add WPA3 Personal with FT to supported cipher suites This allows the driver to connect to BSSIDs supporting SAE with 802.11r. Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2. AP was set to 'sae-mixed' (WPA2/3 Personal). Signed-off-by: Paweł Drewniak <czajernia@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com
|
#
78f0a64f |
|
11-May-2021 |
Dmitry Osipenko <digetx@gmail.com> |
brcmfmac: Silence error messages about unsupported firmware features KMSG is flooded with error messages about unsupported firmware features of BCM4329 chip. The GET_ASSOCLIST error became especially noisy with a newer NetworkManager version of Ubuntu 21.04. Turn the noisy error messages into info messages and print them out only once. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210511211549.30571-2-digetx@gmail.com
|
#
9a159093 |
|
06-May-2021 |
Alvin Šipraga <ALSI@bang-olufsen.dk> |
brcmfmac: correctly report average RSSI in station info The rx_lastpkt_rssi field provided by the firmware is suitable for NL80211_STA_INFO_{SIGNAL,CHAIN_SIGNAL}, while the rssi field is an average. Fix up the assignments and set the correct STA_INFO bits. This lets userspace know that the average RSSI is part of the station info. Fixes: cae355dc90db ("brcmfmac: Add RSSI information to get_station.") Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210506132010.3964484-2-alsi@bang-olufsen.dk
|
#
feb45643 |
|
06-May-2021 |
Alvin Šipraga <ALSI@bang-olufsen.dk> |
brcmfmac: fix setting of station info chains bitmask The sinfo->chains field is a bitmask for filled values in chain_signal and chain_signal_avg, not a count. Treat it as such so that the driver can properly report per-chain RSSI information. Before (MIMO mode): $ iw dev wlan0 station dump ... signal: -51 [-51] dBm After (MIMO mode): $ iw dev wlan0 station dump ... signal: -53 [-53, -54] dBm Fixes: cae355dc90db ("brcmfmac: Add RSSI information to get_station.") Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210506132010.3964484-1-alsi@bang-olufsen.dk
|
#
b0b524f0 |
|
25-Apr-2021 |
Shawn Guo <shawn.guo@linaro.org> |
brcmfmac: use ISO3166 country code and 0 rev as fallback Instead of aborting country code setup in firmware, use ISO3166 country code and 0 rev as fallback, when country_codes mapping table is not configured. This fallback saves the country_codes table setup for recent brcmfmac chipsets/firmwares, which just use ISO3166 code and require no revision number. Signed-off-by: Shawn Guo <shawn.guo@linaro.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210425110200.3050-1-shawn.guo@linaro.org
|
#
7dd56ea4 |
|
07-Feb-2021 |
Alvin Šipraga <ALSI@bang-olufsen.dk> |
brcmfmac: add support for CQM RSSI notifications Add support for CQM RSSI measurement reporting and advertise the NL80211_EXT_FEATURE_CQM_RSSI_LIST feature. This enables a userspace supplicant such as iwd to be notified of changes in the RSSI for roaming and signal monitoring purposes. Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210208125738.3546557-1-alsi@bang-olufsen.dk
|
#
e862a3e4 |
|
24-Dec-2020 |
Luca Pesce <luca.pesce@vimar.com> |
brcmfmac: clear EAP/association status bits on linkdown events This ensure that previous association attempts do not leave stale statuses on subsequent attempts. This fixes the WARN_ON(!cr->bss)) from __cfg80211_connect_result() when connecting to an AP after a previous connection failure (e.g. where EAP fails due to incorrect psk but association succeeded). In some scenarios, indeed, brcmf_is_linkup() was reporting a link up event too early due to stale BRCMF_VIF_STATUS_ASSOC_SUCCESS bit, thus reporting to cfg80211 a connection result with a zeroed bssid (vif->profile.bssid is still empty), causing the WARN_ON due to the call to cfg80211_get_bss() with the empty bssid. Signed-off-by: Luca Pesce <luca.pesce@vimar.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1608807119-21785-1-git-send-email-luca.pesce@vimar.com
|
#
37ff144d |
|
12-Nov-2020 |
Zhang Changzhong <zhangchangzhong@huawei.com> |
brcmfmac: fix error return code in brcmf_cfg80211_connect() Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in this function. Fixes: 3b1e0a7bdfee ("brcmfmac: add support for SAE authentication offload") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com> Reviewed-by: Chi-hsien Lin <chi-hsien.lin@infineon.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1605248896-16812-1-git-send-email-zhangchangzhong@huawei.com
|
#
d5f59c96 |
|
17-Aug-2020 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: support SAE authentication offload in AP mode Firmware may have SAE authenticator code built-in. This is detected by the driver and indicated in the wiphy features flags. User space can use this flag to determine whether or not to provide the password material in the nl80211 start AP command to offload the SAE authentication in AP mode. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200817073316.33402-5-stanley.hsu@cypress.com
|
#
787fb926 |
|
17-Aug-2020 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: support 4-way handshake offloading for WPA/WPA2-PSK in AP mode Firmware may have authenticator code built-in. This is detected by the driver and indicated in the wiphy features flags. User space can use this flag to determine whether or not to provide the pre-shared key material in the nl80211 start AP command to offload the 4-way handshake in AP mode. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200817073316.33402-3-stanley.hsu@cypress.com
|
#
0bde10dc |
|
21-Aug-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
brcmfmac: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200821063758.GA17783@embeddedor
|
#
838933ca |
|
30-Jul-2020 |
Andy Shevchenko <andriy.shevchenko@linux.intel.com> |
brcmfmac: use %*ph to print small buffer Use %*ph format to print small buffer as hex string. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200730155327.40130-1-andriy.shevchenko@linux.intel.com
|
#
3dc05ffb |
|
21-Jul-2020 |
Nicolas Saenz Julienne <nsaenzjulienne@suse.de> |
brcmfmac: Set timeout value when configuring power save Set the timeout value as per cfg80211's set_power_mgmt() request. If the requested value value is left undefined we set it to 2 seconds, the maximum supported value. Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200721112302.22718-1-nsaenzjulienne@suse.de
|
#
0d9de08d |
|
18-Jun-2020 |
Able Liao <Able.Liao@cypress.com> |
brcmfmac: do not disconnect for disassoc frame from unconnected AP Ignore FW event if the event's BSSID is different form the BSSID of the currently connected AP. Check interface state is connected or not, if state is not connected that can ignore link down event. Signed-off-by: Able Liao <Able.Liao@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200618160739.21457-4-chi-hsien.lin@cypress.com
|
#
1b050d97 |
|
18-Jun-2020 |
Soontak Lee <soontak.lee@cypress.com> |
brcmfmac: Fix for wrong disconnection event source information Current brcmf_link_down() always call cfg80211_disconnected() with locally_generated=1, which is not always the case. Add event source argument on link down handler and set locally_generated based on the real trigger. Signed-off-by: Soontak Lee <soontak.lee@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200618160739.21457-3-chi-hsien.lin@cypress.com
|
#
d9429d03 |
|
18-Jun-2020 |
Soontak Lee <soontak.lee@cypress.com> |
brcmfmac: Fix for unable to return to visible SSID Unable to change back to visiable SSID because there is no disable hidden ssid routine. Signed-off-by: Soontak Lee <soontak.lee@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200618160739.21457-2-chi-hsien.lin@cypress.com
|
#
ad96bc27 |
|
10-Jun-2020 |
Joseph Chuang <joseph.chuang@cypress.com> |
brcmfmac: initialize the requested dwell time Commit 4905432b28b7 ("brcmfmac: Fix P2P Group Formation failure via Go-neg method") did not initialize requested_dwell properly, resulting in an always-false dwell time overflow check. Fix it by setting the correct requested_dwell value. Fixes: 4905432b28b7 ("brcmfmac: Fix P2P Group Formation failure via Go-neg method") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Joseph Chuang <joseph.chuang@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200610152106.175257-7-chi-hsien.lin@cypress.com
|
#
ec3428bb |
|
04-Jun-2020 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: reduce maximum station interface from 2 to 1 in RSDB mode The firmware state machines are not fully suitable for concurrent station interface support, it may hit unexpected error if we have 2 different SSIDs and the roaming scenarios concurrently. To avoid the bad user-experience if this is not fully validated, we dis-allow user to create two concurrent station interfaces. Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200604071835.3842-5-wright.feng@cypress.com
|
#
b2fe11f0 |
|
12-May-2020 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: fix WPA/WPA2-PSK 4-way handshake offload and SAE offload failures An incorrect value of use_fwsup is set for 4-way handshake offload for WPA//WPA2-PSK, caused by commit 3b1e0a7bdfee ("brcmfmac: add support for SAE authentication offload"). It results in missing bit BRCMF_VIF_STATUS_EAP_SUCCESS set in brcmf_is_linkup() and causes the failure. This patch correct the value for the case. Also setting bit BRCMF_VIF_STATUS_EAP_SUCCESS for SAE offload case in brcmf_is_linkup() to fix SAE offload failure. Fixes: 3b1e0a7bdfee ("brcmfmac: add support for SAE authentication offload") Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1589277788-119966-1-git-send-email-chi-hsien.lin@cypress.com
|
#
78db077d |
|
06-May-2020 |
Soontak Lee <soontak.lee@cypress.com> |
brcmfmac: Use seq/seq_len and set iv_initialize when plumbing of rxiv in (GTK) keys When plumbing rxiv for (GTK) keys, current code does not use seq/seq_len when present nor set iv_initialized for iovar wsec_key. This could result in missing broadcast traffic after GTK rekey. The fix is setting iv_initialized and using seq/seq_len for iovar wsec_key. Signed-off-by: Soontak Lee <soontak.lee@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1588770201-54361-4-git-send-email-wright.feng@cypress.com
|
#
b46f1546 |
|
06-May-2020 |
Jia-Shyr Chuang <joseph.chuang@cypress.com> |
brcmfmac: set security after reiniting interface Host driver parses and sets security params into FW passed by supplicant. This has to be done after reiniting interface in the firmware. Signed-off-by: Jia-Shyr Chuang <joseph.chuang@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1588770201-54361-2-git-send-email-wright.feng@cypress.com
|
#
92072e5f |
|
05-May-2020 |
Saravanan Shanmugham <saravanan.shanmugham@cypress.com> |
brcmfmac: map 802.1d priority to precedence level based on AP WMM params In WLAN, priority among various access categories of traffic is always set by the AP using WMM parameters and this may not always follow the standard 802.1d priority. In this change, priority is adjusted based on the AP WMM params received as part of the Assoc Response and the same is later used to map the priority of all incoming traffic. In a specific scenario where EDCA parameters are configured to be same for all ACs, use the default FW priority definition to avoid queuing packets of all ACs to the same priority queue. This change fixes the following 802.11 certification tests: * 11n - 5.2.31 ACM Bit Conformance test * 11n - 5.2.32 AC Parameter Modification test * 11ac - 5.2.33 TXOP Limit test Signed-off-by: Saravanan Shanmugham <saravanan.shanmugham@cypress.com> Signed-off-by: Justin Li <justin.li@cypress.com> Signed-off-by: Madhan Mohan R <madhanmohan.r@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1588661487-21884-2-git-send-email-chi-hsien.lin@cypress.com
|
#
2719afca |
|
27-Apr-2020 |
Ryohei Kondo <ryohei.kondo@cypress.com> |
brcmfmac: add vendor ie for association responses Miracast Certification clause 6.1.2 may fail if there is no WFD IE in p2p assoc response. This change allows WFD IE to be added to p2p assoc response. Related WFA certification: 6.1.2 P-SnUT operating as a Group Owner accepts a WFD Session with a Reference Source Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Ryohei Kondo <ryohei.kondo@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1587970803-77700-6-git-send-email-chi-hsien.lin@cypress.com
|
#
774965f2 |
|
27-Apr-2020 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: keep apsta enabled when AP starts with MCHAN feature When starting station mode on wlan0 and AP mode on wlan1, the apsta will be disabled and cause data stall on wlan0(station). The apsta feature with MCHAN(Multi-Channel Concurrent) or RSDB(Real Simultaneous Dual-Band) can make STA+AP work on two bands concurrently. Because of that, we keep apsta enabled if firmware supports MCHAN or RSDB features Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1587970803-77700-2-git-send-email-chi-hsien.lin@cypress.com
|
#
6cd536fe |
|
16-Apr-2020 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: change internal management frame registration API Almost all drivers below cfg80211 get the API wrong (except for cfg80211) and are unable to cope with multiple registrations for the same frame type, which is valid due to the match filter. This seems to indicate the API is wrong, and we should maintain the full information in cfg80211 instead of the drivers. Change the API to no longer inform the driver about individual registrations and unregistrations, but rather every time about the entire state of the entire wiphy and single wdev, whenever it may have changed. This also simplifies the code in cfg80211 as it no longer has to track exactly what was unregistered and can free things immediately. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Link: https://lore.kernel.org/r/20200417124300.f47f3828afc8.I7f81ef59c2c5a340d7075fb3c6d0e08e8aeffe07@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
bd994491 |
|
25-Mar-2020 |
Raveendran Somu <raveendran.somu@cypress.com> |
brcmfmac: fix the incorrect return value in brcmf_inform_single_bss(). The function brcmf_inform_single_bss returns the value as success, even when the length exceeds the maximum value. The fix is to send appropriate code on this error. This issue is observed when Cypress test group reported random fmac crashes when running their tests and the path was identified from the crash logs. With this fix the random failure issue in Cypress test group was resolved. Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Raveendran Somu <raveendran.somu@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1585124429-97371-4-git-send-email-chi-hsien.lin@cypress.com
|
#
20f2c5fa |
|
26-Dec-2019 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: add initial support for monitor mode Report monitor interface availability using cfg80211 and support it in the add_virtual_intf() and del_virtual_intf() callbacks. This new feature is conditional and depends on firmware flagging monitor packets. Receiving monitor frames is already handled by the brcmf_netif_mon_rx(). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
24332f80 |
|
26-Dec-2019 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: simplify building interface combinations Move similar/duplicated code out of combination specific code blocks. This simplifies code a bit and allows adding more combinations later. A list of combinations remains unchanged. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
2635853c |
|
11-Dec-2019 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: not set mbss in vif if firmware does not support MBSS With RSDB mode, FMAC and firmware are able to create 2 or more AP, so we should not set mbss in vif structure if firmware does not support MBSS feature. Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Soeren Moch <smoch@web.de> Reviewed-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
837482e6 |
|
11-Dec-2019 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: add RSDB condition when setting interface combinations With firmware RSDB feature 1. The maximum support interface is four. 2. The maximum difference channel is two. 3. The maximum interfaces of {station/p2p client/AP} are two. 4. The maximum interface of p2p device is one. Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Soeren Moch <smoch@web.de> Reviewed-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
c12c8913 |
|
11-Dec-2019 |
Soeren Moch <smoch@web.de> |
brcmfmac: make errors when setting roaming parameters non-fatal 4359 dongles do not support setting roaming parameters (error -52). Do not fail the 80211 configuration in this case. Signed-off-by: Soeren Moch <smoch@web.de> Acked-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
3b1e0a7b |
|
02-Oct-2019 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: add support for SAE authentication offload The firmware may have SAE authentication code built-in. This is detected by the driver and indicated in the wiphy features flags. User-space can use this flag to determine whether or not to provide the password material for SAE authentication in the nl80211 CONNECT command. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
be898fed |
|
09-May-2019 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: send port authorized event for FT-802.1X With FT-802.1X, driver should send a port authorized event right after sending a roamed event. It is used to indicate that a new AP is already authorized so 802.1X is not required. Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ba76ff25 |
|
02-Sep-2019 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: move "cfg80211_ops" pointer to another struct This moves "ops" pointer from "struct brcmf_cfg80211_info" to the "struct brcmf_pub". This movement makes it possible to allocate wiphy without attaching cfg80211 (brcmf_cfg80211_attach()). It's required for later separation of wiphy allocation and driver initialization. While at it fix also an unlikely memory leak in the brcmf_attach(). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
0e48b86d |
|
04-Sep-2019 |
Andy Shevchenko <andriy.shevchenko@linux.intel.com> |
brcmfmac: use %*ph to print small buffer Use %*ph format to print small buffer as hex string. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
5f42b382 |
|
23-Aug-2019 |
Xulin Sun <xulin.sun@windriver.com> |
brcmfmac: replace strncpy() by strscpy() The strncpy() may truncate the copied string, replace it by the safer strscpy(). To avoid below compile warning with gcc 8.2: drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:In function 'brcmf_vndr_ie': drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:4227:2: warning: 'strncpy' output truncated before terminating nul copying 3 bytes from a string of the same length [-Wstringop-truncation] strncpy(iebuf, add_del_cmd, VNDR_IE_CMD_LEN - 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Xulin Sun <xulin.sun@windriver.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
cddecd92 |
|
24-Jul-2019 |
YueHaibing <yuehaibing@huawei.com> |
brcmfmac: remove set but not used variable 'dtim_period' Fixes gcc '-Wunused-but-set-variable' warning: drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c: In function brcmf_update_bss_info: drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:2962:5: warning: variable dtim_period set but not used [-Wunused-but-set-variable] drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c: In function brcmf_update_bss_info: drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:2961:6: warning: variable beacon_interval set but not used [-Wunused-but-set-variable] They are never used so can be removed. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
1ac11ae9 |
|
11-Jul-2019 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: avoid firmware commands when bus is down Upon rmmod a few attempts are made to inform firmware, but there is no point as the bus is down and these will fail. Avoid them to keep the logs clean. Reported-by: Stefan Wahren <stefan.wahren@i2se.com> Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
fa905092 |
|
11-Jul-2019 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: allow 160MHz in custom regulatory rules The driver has custom regulatory rules which had maximum bandwidth for 5GHz channels set to 80MHz. As a consequence the driver can not use 160MHz in AP mode even when the device supports it. So relax the rules allowing 160MHz. After wiphy_register() the channel flags are updated according what the device actually supports. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
011a56a3 |
|
11-Jul-2019 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: enable DFS_OFFLOAD extended feature if supported If the firmware supports 802.11h and the device can operate in 5GHz band we can enable DFS_OFFLOAD extended feature. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
f491645f |
|
11-Jul-2019 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: add 160MHz in chandef_to_chanspec() The function chandef_to_chanspec() was not handling 160MHz bandwidth resulting in wrong encoding of the channel. That resulting in firmware rejecting the provided channel specification. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
daeccac2 |
|
16-May-2019 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: switch source files to using SPDX license identifier With ISC license text in place under the LICENSES folder switch to using the SPDX license identifier to refer to the ISC license. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
46953f97 |
|
14-Mar-2019 |
Kangjie Lu <kjlu@umn.edu> |
brcmfmac: fix missing checks for kmemdup In case kmemdup fails, the fix sets conn_info->req_ie_len and conn_info->resp_ie_len to zero to avoid buffer overflows. Signed-off-by: Kangjie Lu <kjlu@umn.edu> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
16e64676 |
|
15-Feb-2019 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: rework bphy_err() to take struct brcmf_pub argument This macro will be used in more places not just the cfg80211.c. It makes sense to pass some common struct to it as "struct wiphy" is mostly referenced in cfg80211 code only. A very common one (used above the bus abstraction layer) is struct brcmf_pub. Many functions already keep reference to it which will make using bphy_err() simpler. It should also allow extending that macro's logic if it's ever needed. This improves code recently added in the commit 3ef005b82e2a ("brcmfmac: add bphy_err() and use it in the cfg80211.c"). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
30519cbe |
|
11-Feb-2019 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: support firmware reporting 160 MHz channels So far 160 MHz channels were treated as 20 MHz ones which was breaking support for 40/80 MHz due to the brcmf_construct_chaninfo() logic and its assumptions. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
f4e18329 |
|
11-Feb-2019 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: improve code handling bandwidth of firmware reported channels 1) Use switch to simplify/improve the code & avoid some duplication 2) Add warning for unsupported values Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
1b5e2423 |
|
14-Feb-2019 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: assure SSID length from firmware is limited The SSID length as received from firmware should not exceed IEEE80211_MAX_SSID_LEN as that would result in heap overflow. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
3ef005b8 |
|
15-Jan-2019 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: add bphy_err() and use it in the cfg80211.c This new macro uses wiphy_err() which: 1) Should be the best choice with wiphy already created 2) Uses dev_err() which allows identifying error-affected device Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
861cb5eb |
|
12-Dec-2018 |
Stefan Wahren <stefan.wahren@i2se.com> |
brcmfmac: Fix access point mode Since commit 1204aa17f3b4 ("brcmfmac: set WIPHY_FLAG_HAVE_AP_SME flag") the Raspberry Pi 3 A+ (BCM43455) isn't able to operate in AP mode with hostapd (device_ap_sme=1 use_monitor=0): brcmfmac: brcmf_cfg80211_stop_ap: setting AP mode failed -52 So add the missing mgmt_stypes for AP mode to fix this. Fixes: 1204aa17f3b4 ("brcmfmac: set WIPHY_FLAG_HAVE_AP_SME flag") Suggested-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
8c892df4 |
|
04-Dec-2018 |
Stijn Tintel <stijn@linux-ipv6.be> |
brcmfmac: fix roamoff=1 modparam When the update_connect_param callback is set, nl80211 expects the flag WIPHY_FLAG_SUPPORTS_FW_ROAM to be set as well. However, this flag is only set when modparam roamoff=0, while the callback is set unconditionally. Since commit 7f9a3e150ec7 this causes a warning in wiphy_register, which breaks brcmfmac. Disable the update_connect_param callback when roamoff=0 to fix this. Fixes: 7f9a3e150ec7 ("nl80211: Update ERP info using NL80211_CMD_UPDATE_CONNECT_PARAMS") Cc: Stable <stable@vger.kernel.org> # 4.19+ Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a3bdc6de |
|
04-Nov-2018 |
Wright Feng <Wright.Feng@cypress.com> |
brcmfmac: enable frameburst mode in default firmware setting The frameburst feature can enable per-packet framebursting in firmware side and get higher TX throughput in High Throughput(HT) mode. To enhance TX throughput, we enable frameburst mode in default firmware setting. Signed-off-by: Wright Feng <wright.feng@cypress.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
d1fe6ad6 |
|
08-Nov-2018 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: fix reporting support for 160 MHz channels Driver can report IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ so it's important to provide valid & complete info about supported bands for each channel. By default no support for 160 MHz should be assumed unless firmware reports it for a given channel later. This fixes info passed to the userspace. Without that change userspace could try to use invalid channel and fail to start an interface. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Cc: stable@vger.kernel.org Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a858376c |
|
15-Aug-2018 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: add 4-way handshake offload detection for FT-802.1X Add 4-way handshake offload detection for FT with EAP authentication. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
4ad298da |
|
15-Aug-2018 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: add FT-based AKMs in brcmf_set_key_mgmt() for FT support Add WLAN_AKM_SUITE_FT_8021X and WLAN_AKM_SUITE_FT_PSK in brcmf_set_key_mgmt() for FT support. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
27a8aea1 |
|
07-Aug-2018 |
Winnie Chang <winnie.chang@cypress.com> |
brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference The kernel BUG happens when wowl is enabled from firmware. In brcmf_wiphy_wowl_params(), cfg is a NULL pointer because it is drvr->config returned from wiphy_to_cfg(), and drvr->config is not set yet. To fix it, set drvr->config before brcmf_setup_wiphy() which calls brcmf_wiphy_wowl_params(). Fixes: 856d5a011c86 ("brcmfmac: allocate struct brcmf_pub instance using wiphy_new()") Signed-off-by: Winnie Chang <winnie.chang@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
22d0d2fa |
|
17-Jun-2018 |
Omer Efrat <omer.efrat@tandemg.com> |
wireless-drivers: use BIT_ULL for NL80211_STA_INFO_ attribute types The BIT macro uses unsigned long which some architectures handle as 32 bit and therefore might cause macro's shift to overflow when used on a value equals or larger than 32 (NL80211_STA_INFO_RX_DURATION and afterwards). Since 'filled' member in station_info changed to u64, BIT_ULL macro should be used with all NL80211_STA_INFO_* attribute types instead of BIT to prevent future possible bugs when one will use BIT macro for higher attributes by mistake. This commit cleans up all usages of BIT macro with the above field in wireless-drivers by changing it to BIT_ULL instead. In addition, there are some places which don't use BIT nor BIT_ULL macros so align those as well. Signed-off-by: Omer Efrat <omer.efrat@tandemg.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
d602de8e |
|
28-May-2018 |
Joe Perches <joe@perches.com> |
drivers/net: Fix various unnecessary characters after logging newlines Remove and coalesce formats when there is an unnecessary character after a logging newline. These extra characters cause logging defects. Miscellanea: o Coalesce formats Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
763ece85 |
|
15-May-2018 |
Franky Lin <franky.lin@broadcom.com> |
brcmfmac: fix initialization of struct cfg80211_inform_bss variable This patch fixes a sparse warning "Using plain integer as NULL pointer" about cfg80211_inform_bss structure initialization. Reported-by: kbuild test robot <lkp@intel.com> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
1204aa17 |
|
10-May-2018 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: set WIPHY_FLAG_HAVE_AP_SME flag brcmfmac is a FullMAC driver and it implements/uses cfg80211 interface for stations management. At the same time it doesn't receive or pass up management frames. This flag indicates that authenticator doesn't have to subscribe to or handle management frames. Some authenticators (e.g. hostapd) were working with brcmfmac thanks to some extra assumptions. This commit clears up the situation. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
41bd3d58 |
|
10-May-2018 |
Toke Høiland-Jørgensen <toke@toke.dk> |
wireless-drivers: Dynamically allocate struct station_info Since the addition of the TXQ stats to cfg80211, the station_info struct has grown to be quite large, which results in warnings when allocated on the stack. Fix the affected places to do dynamic allocations instead. Fixes: 52539ca89f36 ("cfg80211: Expose TXQ stats and parameters to userspace") Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
aed14219 |
|
25-Apr-2018 |
Franky Lin <franky.lin@broadcom.com> |
brcmfmac: use nl80211_band directly to get ieee80211 channel The enum nl80211_band used to retrieve wiphy->bands is the same as wiphy->bands->band which is checked by wiphy_register(). So it can be used directly as parameter of ieee80211_channel_to_frequency(). Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7742fce4 |
|
25-Apr-2018 |
Franky Lin <franky.lin@broadcom.com> |
brcmfmac: reports boottime_ns while informing bss Provides a timestamp in bss information so user space can see when the bss info was updated. Since tsf is not available from the dongle events boottime is reported instead. Reported-by: Dmitry Shmidt <dimitrysh@google.com> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
856d5a01 |
|
22-Mar-2018 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: allocate struct brcmf_pub instance using wiphy_new() Rework the driver so the wiphy instance holds the main driver information in its private buffer. Previously it held struct brcmf_cfg80211_info instance so a bit of reorg was needed. This was done so that the wiphy name or its parent device can be shown in debug output. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
9b9322db |
|
14-Mar-2018 |
Stefan Wahren <stefan.wahren@i2se.com> |
brcmfmac: Fix check for ISO3166 code The commit "regulatory: add NUL to request alpha2" increases the length of alpha2 to 3. This causes a regression on brcmfmac, because brcmf_cfg80211_reg_notifier() expect valid ISO3166 codes in the complete array. So fix this accordingly. Fixes: 657308f73e67 ("regulatory: add NUL to request alpha2") Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com> Acked-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
64d1519e |
|
19-Feb-2018 |
Johannes Berg <johannes.berg@intel.com> |
brcmfmac: reject too long PSK nl80211 already allows specifying 48 bytes, but brcmfmac only supports 32. Reject keys that are too long. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
e99e88a9 |
|
16-Oct-2017 |
Kees Cook <keescook@chromium.org> |
treewide: setup_timer() -> timer_setup() This converts all remaining cases of the old setup_timer() API into using timer_setup(), where the callback argument is the structure already holding the struct timer_list. These should have no behavioral changes, since they just change which pointer is passed into the callback with the same available pointers after conversion. It handles the following examples, in addition to some other variations. Casting from unsigned long: void my_callback(unsigned long data) { struct something *ptr = (struct something *)data; ... } ... setup_timer(&ptr->my_timer, my_callback, ptr); and forced object casts: void my_callback(struct something *ptr) { ... } ... setup_timer(&ptr->my_timer, my_callback, (unsigned long)ptr); become: void my_callback(struct timer_list *t) { struct something *ptr = from_timer(ptr, t, my_timer); ... } ... timer_setup(&ptr->my_timer, my_callback, 0); Direct function assignments: void my_callback(unsigned long data) { struct something *ptr = (struct something *)data; ... } ... ptr->my_timer.function = my_callback; have a temporary cast added, along with converting the args: void my_callback(struct timer_list *t) { struct something *ptr = from_timer(ptr, t, my_timer); ... } ... ptr->my_timer.function = (TIMER_FUNC_TYPE)my_callback; And finally, callbacks without a data assignment: void my_callback(unsigned long data) { ... } ... setup_timer(&ptr->my_timer, my_callback, 0); have their argument renamed to verify they're unused during conversion: void my_callback(struct timer_list *unused) { ... } ... timer_setup(&ptr->my_timer, my_callback, 0); The conversion is done with the following Coccinelle script: spatch --very-quiet --all-includes --include-headers \ -I ./arch/x86/include -I ./arch/x86/include/generated \ -I ./include -I ./arch/x86/include/uapi \ -I ./arch/x86/include/generated/uapi -I ./include/uapi \ -I ./include/generated/uapi --include ./include/linux/kconfig.h \ --dir . \ --cocci-file ~/src/data/timer_setup.cocci @fix_address_of@ expression e; @@ setup_timer( -&(e) +&e , ...) // Update any raw setup_timer() usages that have a NULL callback, but // would otherwise match change_timer_function_usage, since the latter // will update all function assignments done in the face of a NULL // function initialization in setup_timer(). @change_timer_function_usage_NULL@ expression _E; identifier _timer; type _cast_data; @@ ( -setup_timer(&_E->_timer, NULL, _E); +timer_setup(&_E->_timer, NULL, 0); | -setup_timer(&_E->_timer, NULL, (_cast_data)_E); +timer_setup(&_E->_timer, NULL, 0); | -setup_timer(&_E._timer, NULL, &_E); +timer_setup(&_E._timer, NULL, 0); | -setup_timer(&_E._timer, NULL, (_cast_data)&_E); +timer_setup(&_E._timer, NULL, 0); ) @change_timer_function_usage@ expression _E; identifier _timer; struct timer_list _stl; identifier _callback; type _cast_func, _cast_data; @@ ( -setup_timer(&_E->_timer, _callback, _E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, &_callback, _E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, _callback, (_cast_data)_E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, &_callback, (_cast_data)_E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, (_cast_func)_callback, _E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, (_cast_func)&_callback, _E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, (_cast_func)_callback, (_cast_data)_E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, (_cast_func)&_callback, (_cast_data)_E); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E._timer, _callback, (_cast_data)_E); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, _callback, (_cast_data)&_E); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, &_callback, (_cast_data)_E); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, &_callback, (_cast_data)&_E); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)_E); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)&_E); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)_E); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)&_E); +timer_setup(&_E._timer, _callback, 0); | _E->_timer@_stl.function = _callback; | _E->_timer@_stl.function = &_callback; | _E->_timer@_stl.function = (_cast_func)_callback; | _E->_timer@_stl.function = (_cast_func)&_callback; | _E._timer@_stl.function = _callback; | _E._timer@_stl.function = &_callback; | _E._timer@_stl.function = (_cast_func)_callback; | _E._timer@_stl.function = (_cast_func)&_callback; ) // callback(unsigned long arg) @change_callback_handle_cast depends on change_timer_function_usage@ identifier change_timer_function_usage._callback; identifier change_timer_function_usage._timer; type _origtype; identifier _origarg; type _handletype; identifier _handle; @@ void _callback( -_origtype _origarg +struct timer_list *t ) { ( ... when != _origarg _handletype *_handle = -(_handletype *)_origarg; +from_timer(_handle, t, _timer); ... when != _origarg | ... when != _origarg _handletype *_handle = -(void *)_origarg; +from_timer(_handle, t, _timer); ... when != _origarg | ... when != _origarg _handletype *_handle; ... when != _handle _handle = -(_handletype *)_origarg; +from_timer(_handle, t, _timer); ... when != _origarg | ... when != _origarg _handletype *_handle; ... when != _handle _handle = -(void *)_origarg; +from_timer(_handle, t, _timer); ... when != _origarg ) } // callback(unsigned long arg) without existing variable @change_callback_handle_cast_no_arg depends on change_timer_function_usage && !change_callback_handle_cast@ identifier change_timer_function_usage._callback; identifier change_timer_function_usage._timer; type _origtype; identifier _origarg; type _handletype; @@ void _callback( -_origtype _origarg +struct timer_list *t ) { + _handletype *_origarg = from_timer(_origarg, t, _timer); + ... when != _origarg - (_handletype *)_origarg + _origarg ... when != _origarg } // Avoid already converted callbacks. @match_callback_converted depends on change_timer_function_usage && !change_callback_handle_cast && !change_callback_handle_cast_no_arg@ identifier change_timer_function_usage._callback; identifier t; @@ void _callback(struct timer_list *t) { ... } // callback(struct something *handle) @change_callback_handle_arg depends on change_timer_function_usage && !match_callback_converted && !change_callback_handle_cast && !change_callback_handle_cast_no_arg@ identifier change_timer_function_usage._callback; identifier change_timer_function_usage._timer; type _handletype; identifier _handle; @@ void _callback( -_handletype *_handle +struct timer_list *t ) { + _handletype *_handle = from_timer(_handle, t, _timer); ... } // If change_callback_handle_arg ran on an empty function, remove // the added handler. @unchange_callback_handle_arg depends on change_timer_function_usage && change_callback_handle_arg@ identifier change_timer_function_usage._callback; identifier change_timer_function_usage._timer; type _handletype; identifier _handle; identifier t; @@ void _callback(struct timer_list *t) { - _handletype *_handle = from_timer(_handle, t, _timer); } // We only want to refactor the setup_timer() data argument if we've found // the matching callback. This undoes changes in change_timer_function_usage. @unchange_timer_function_usage depends on change_timer_function_usage && !change_callback_handle_cast && !change_callback_handle_cast_no_arg && !change_callback_handle_arg@ expression change_timer_function_usage._E; identifier change_timer_function_usage._timer; identifier change_timer_function_usage._callback; type change_timer_function_usage._cast_data; @@ ( -timer_setup(&_E->_timer, _callback, 0); +setup_timer(&_E->_timer, _callback, (_cast_data)_E); | -timer_setup(&_E._timer, _callback, 0); +setup_timer(&_E._timer, _callback, (_cast_data)&_E); ) // If we fixed a callback from a .function assignment, fix the // assignment cast now. @change_timer_function_assignment depends on change_timer_function_usage && (change_callback_handle_cast || change_callback_handle_cast_no_arg || change_callback_handle_arg)@ expression change_timer_function_usage._E; identifier change_timer_function_usage._timer; identifier change_timer_function_usage._callback; type _cast_func; typedef TIMER_FUNC_TYPE; @@ ( _E->_timer.function = -_callback +(TIMER_FUNC_TYPE)_callback ; | _E->_timer.function = -&_callback +(TIMER_FUNC_TYPE)_callback ; | _E->_timer.function = -(_cast_func)_callback; +(TIMER_FUNC_TYPE)_callback ; | _E->_timer.function = -(_cast_func)&_callback +(TIMER_FUNC_TYPE)_callback ; | _E._timer.function = -_callback +(TIMER_FUNC_TYPE)_callback ; | _E._timer.function = -&_callback; +(TIMER_FUNC_TYPE)_callback ; | _E._timer.function = -(_cast_func)_callback +(TIMER_FUNC_TYPE)_callback ; | _E._timer.function = -(_cast_func)&_callback +(TIMER_FUNC_TYPE)_callback ; ) // Sometimes timer functions are called directly. Replace matched args. @change_timer_function_calls depends on change_timer_function_usage && (change_callback_handle_cast || change_callback_handle_cast_no_arg || change_callback_handle_arg)@ expression _E; identifier change_timer_function_usage._timer; identifier change_timer_function_usage._callback; type _cast_data; @@ _callback( ( -(_cast_data)_E +&_E->_timer | -(_cast_data)&_E +&_E._timer | -_E +&_E->_timer ) ) // If a timer has been configured without a data argument, it can be // converted without regard to the callback argument, since it is unused. @match_timer_function_unused_data@ expression _E; identifier _timer; identifier _callback; @@ ( -setup_timer(&_E->_timer, _callback, 0); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, _callback, 0L); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E->_timer, _callback, 0UL); +timer_setup(&_E->_timer, _callback, 0); | -setup_timer(&_E._timer, _callback, 0); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, _callback, 0L); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_E._timer, _callback, 0UL); +timer_setup(&_E._timer, _callback, 0); | -setup_timer(&_timer, _callback, 0); +timer_setup(&_timer, _callback, 0); | -setup_timer(&_timer, _callback, 0L); +timer_setup(&_timer, _callback, 0); | -setup_timer(&_timer, _callback, 0UL); +timer_setup(&_timer, _callback, 0); | -setup_timer(_timer, _callback, 0); +timer_setup(_timer, _callback, 0); | -setup_timer(_timer, _callback, 0L); +timer_setup(_timer, _callback, 0); | -setup_timer(_timer, _callback, 0UL); +timer_setup(_timer, _callback, 0); ) @change_callback_unused_data depends on match_timer_function_unused_data@ identifier match_timer_function_unused_data._callback; type _origtype; identifier _origarg; @@ void _callback( -_origtype _origarg +struct timer_list *unused ) { ... when != _origarg } Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
bd99a301 |
|
08-Nov-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: move configuration of probe request IEs The configuration of the IEs for probe requests was done in a P2P related function, which is not very obvious. Moving it to .scan callback function, ie. brcmf_cfg80211_scan(). Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
bbf35414 |
|
08-Nov-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: get rid of struct brcmf_cfg80211_info::active_scan field The field struct brcmf_cfg80211_info::active_scan is set to true upon initializing the driver instance, but it is never changed so simply get rid of it. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
588378f1 |
|
08-Nov-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: get rid of brcmf_cfg80211_escan() function The function brcmf_cfg80211_escan() is only called by brcmf_cfg80211_scan() so there is no reason to split in two function especially since the latter does not do an awful lot. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
df2d8388 |
|
08-Nov-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: use msecs_to_jiffies() instead of calculation using HZ Minor cleanup using provided macro to convert milliseconds interval to jiffies in brcmf_cfg80211_escan(). Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
8c6efda2 |
|
08-Nov-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: cleanup brcmf_cfg80211_escan() function The function brcmf_cfg80211_escan() was always called with a non-null request parameter and null pointer for this_ssid parameter. Clean up the function removing the dead code path. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
6c219b00 |
|
08-Nov-2017 |
Franky Lin <franky.lin@broadcom.com> |
brcmfmac: disable packet filtering in promiscuous mode Disable arp and nd offload to allow all packets sending to host. Reported-by: Phil Elwell <phil@raspberrypi.org> Tested-by: Phil Elwell <phil@raspberrypi.org> Reviewed-by: Arend Van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
27dd0852 |
|
21-Sep-2017 |
Allen Pais <allen.lkml@gmail.com> |
drivers: net: brcm80211: use setup_timer() helper. Use setup_timer function instead of initializing timer with the function and data fields. Signed-off-by: Allen Pais <allen.lkml@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
35f62727 |
|
12-Sep-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: setup passive scan if requested by user-space The driver was not properly configuring firmware with regard to the type of scan. It always performed an active scan even when user-space was requesting for passive scan, ie. the scan request was done without any SSIDs specified. Cc: stable@vger.kernel.org # v4.0.x Reported-by: Huang, Jiangyang <Jiangyang.Huang@itron.com> Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
17df6453 |
|
12-Sep-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: add length check in brcmf_cfg80211_escan_handler() Upon handling the firmware notification for scans the length was checked properly and may result in corrupting kernel heap memory due to buffer overruns. This fix addresses CVE-2017-0786. Cc: stable@vger.kernel.org # v4.0.x Cc: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
8b943e36 |
|
07-Aug-2017 |
Chung-Hsien Hsu <stanley.hsu@cypress.com> |
brcmfmac: add setting carrier state ON for successful roaming After association, ping is not working when sweeping the channel at the AP side. It is caused by having incorrect carrier state (OFF) for the STA in successful roaming. This patch sets the carrier state ON for the case. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
99976fc0 |
|
03-Aug-2017 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: fix wrong num_different_channels when mchan feature enabled When the device/firmware supports multi-channel, it can have P2P connection and regular connection with AP simultaneous. In this case, the num_different_channels in wiphy info was not correct when firmware supports multi-channel (The iw wiphy# info showed "#channels <= 1" in interface combinations). It caused association failed and error message "CTRL-EVENT-FREQ-CONFLICT error" in wpa_supplicant when P2P GO interface was running at the same time. The root cause is that the num_different_channels was always overridden to 1 in brcmf_setup_ifmodes even multi-channel was enabled. We correct the logic by moving num_different_channels setting forward. Signed-off-by: Wright Feng <wright.feng@cypress.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
fdfb0f94 |
|
03-Aug-2017 |
Wright Feng <wright.feng@cypress.com> |
brcmfmac: set wpa_auth to WPA_AUTH_DISABLED in AP/OPEN security mode When setting wpa_auth to WPA_AUTH_NONE(1) in AP mode with WEP security, firmware will set privacy bit and add WPA OUI in VENDOR IE in beacon and probe response. The security type in softAP beacons confuse the supplicant in client side, and the user client will see [WPA-?] in supplicant scan result. So we set WPA_AUTH_DISABLED in softAP mode with OPEN security. Signed-off-by: Wright Feng <wright.feng@cypress.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
8f44c9a4 |
|
07-Jul-2017 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() The lower level nl80211 code in cfg80211 ensures that "len" is between 25 and NL80211_ATTR_FRAME (2304). We subtract DOT11_MGMT_HDR_LEN (24) from "len" so thats's max of 2280. However, the action_frame->data[] buffer is only BRCMF_FIL_ACTION_FRAME_SIZE (1800) bytes long so this memcpy() can overflow. memcpy(action_frame->data, &buf[DOT11_MGMT_HDR_LEN], le16_to_cpu(action_frame->len)); Cc: stable@vger.kernel.org # 3.9.x Fixes: 18e2f61db3b70 ("brcmfmac: P2P action frame tx.") Reported-by: "freenerguo(郭大兴)" <freenerguo@tencent.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
123fef3f |
|
09-Jun-2017 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: switch to using cfg80211_connect_done() The driver used cfg80211_connect_result() which is basically a wrapper around cfg80211_connect_done() passing a subset of the information that can be passed. For upcoming functionality this is not sufficient so switching to use cfg80211_connect_done(). Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
2526ff21 |
|
09-Jun-2017 |
Arend van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: support 4-way handshake offloading for 802.1X Adding callbacks for PMK provisioning. If firmware supports offloading it is indicated to user-space that 802.1X offload is supported. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b8a64f0e |
|
09-Jun-2017 |
Arend van Spriel <arend@broadcom.com> |
brcmfmac: support 4-way handshake offloading for WPA/WPA2-PSK The firmware may have supplicant code built-in. This is detected by the driver and indicated in the wiphy features flags. User-space can use this flag to determine whether or not to provide the pre-shared key material in the nl80211 CONNECT command. Reviewed-by: Gautam (Gautam Kumar) Shukla <gautams@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
57c00f2f |
|
20-Jun-2017 |
Christophe Jaillet <christophe.jaillet@wanadoo.fr> |
brcmfmac: Fix a memory leak in error handling path in 'brcmf_cfg80211_attach' If 'wiphy_new()' fails, we leak 'ops'. Add a new label in the error handling path to free it in such a case. Cc: stable@vger.kernel.org Fixes: 5c22fb85102a7 ("brcmfmac: add wowl gtk rekeying offload support") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
dca2307e |
|
24-Jun-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: fix double free upon register_netdevice() failure The function brcmf_net_attach() can only fail when register_netdevice() fails. When this happens register_netdevice() calls priv_destructor, ie. brcmf_cfg80211_free_netdev() freeing the vif instance. Also upon this failure brcmf_net_attach() calls free_netdev(). However, callers are also doing cleanup resulting in double free. In some places they need netdev private space as it holds parameters to communicate with the device. So we want to do the cleanup only in callers of brcmf_net_attach() by making the following changes: - set priv_destructor after register_netdevice() succeeds. - remove call to free_netdev() in brcmf_net_attach(). - call free_netdev() in brcmf_net_detach() for unregistered netdev. - add free_netdev() if brcmf_net_attach() fails for a created interface. Fixes: cf124db566e6 ("net: Fix inconsistent teardown and release of private netdev state.") Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a9507d5c |
|
10-Jun-2017 |
Martin Michlmayr <tbm@cyrius.com> |
brcmfmac: Fix grammar issue in error message Fix grammar issue in error message about ISO3166. Signed-off-by: Martin Michlmayr <tbm@cyrius.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
efc2c1fa |
|
08-Jun-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: add support multi-scheduled scan This change adds support for multi-scheduled scan in the driver. It currently relies on g-scan support in firmware and will set struct wiphy::max_sched_scan_reqs accordingly. This is limited to 16 concurrent requests. The firmware currently has a limit of 64 channels that can be configured for all requests in total regardless whether there are duplicates. So if a request uses 35 channels there are 29 channels left for another request. When user-space does not specify any channels cfg80211 will add all channels defined by the wiphy instance to the request, which makes reaching the limit rather easy for dual-band devices. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
cf124db5 |
|
07-May-2017 |
David S. Miller <davem@davemloft.net> |
net: Fix inconsistent teardown and release of private netdev state. Network devices can allocate reasources and private memory using netdev_ops->ndo_init(). However, the release of these resources can occur in one of two different places. Either netdev_ops->ndo_uninit() or netdev->destructor(). The decision of which operation frees the resources depends upon whether it is necessary for all netdev refs to be released before it is safe to perform the freeing. netdev_ops->ndo_uninit() presumably can occur right after the NETDEV_UNREGISTER notifier completes and the unicast and multicast address lists are flushed. netdev->destructor(), on the other hand, does not run until the netdev references all go away. Further complicating the situation is that netdev->destructor() almost universally does also a free_netdev(). This creates a problem for the logic in register_netdevice(). Because all callers of register_netdevice() manage the freeing of the netdev, and invoke free_netdev(dev) if register_netdevice() fails. If netdev_ops->ndo_init() succeeds, but something else fails inside of register_netdevice(), it does call ndo_ops->ndo_uninit(). But it is not able to invoke netdev->destructor(). This is because netdev->destructor() will do a free_netdev() and then the caller of register_netdevice() will do the same. However, this means that the resources that would normally be released by netdev->destructor() will not be. Over the years drivers have added local hacks to deal with this, by invoking their destructor parts by hand when register_netdevice() fails. Many drivers do not try to deal with this, and instead we have leaks. Let's close this hole by formalizing the distinction between what private things need to be freed up by netdev->destructor() and whether the driver needs unregister_netdevice() to perform the free_netdev(). netdev->priv_destructor() performs all actions to free up the private resources that used to be freed by netdev->destructor(), except for free_netdev(). netdev->needs_free_netdev is a boolean that indicates whether free_netdev() should be done at the end of unregister_netdevice(). Now, register_netdevice() can sanely release all resources after ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit() and netdev->priv_destructor(). And at the end of unregister_netdevice(), we invoke netdev->priv_destructor() and optionally call free_netdev(). Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9029679f |
|
18-May-2017 |
Chi-hsien Lin <Chi-Hsien.Lin@cypress.com> |
brcmfmac: remove setting IBSS mode when stopping AP Upon stopping an AP interface the driver disable INFRA mode effectively setting the interface in IBSS mode. However, this may affect other interfaces running in INFRA mode. For instance, if user creates and stops hostap daemon on virtual interface, then association cannot work on primary interface because default BSS has been set to IBSS mode in firmware side. The IBSS mode should be set when cfg80211 changes the interface. Reviewed-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Chi-hsien Lin <Chi-Hsien.Lin@cypress.com> [kvalo@codeaurora.org: rephased commit log based on discussion] Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
94ed6ffb |
|
21-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: move scheduled scan wiphy param setting to pno module As pno module is providing scheduled scan functionality have it taking care of setting related wiphy parameters as well. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b34939b9 |
|
28-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
cfg80211: add request id to cfg80211_sched_scan_*() api Have proper request id filled in the SCHED_SCAN_RESULTS and SCHED_SCAN_STOPPED notifications toward user-space by having the driver provide it through the api. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
29ce6ecb |
|
26-Apr-2017 |
Avraham Stern <avraham.stern@intel.com> |
cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss() cfg80211_roamed() and cfg80211_roamed_bss() take the same arguments except that cfg80211_roamed() requires the BSSID and cfg80211_roamed_bss() requires the bss entry. Unify the two functions by using a struct for driver initiated roaming information so that either the BSSID or the bss entry can be passed as an argument to the unified function. Signed-off-by: Avraham Stern <avraham.stern@intel.com> [modified the ath6k, brcm80211, rndis and wlan-ng drivers accordingly] Signed-off-by: Luca Coelho <luciano.coelho@intel.com> [modify brcmfmac to remove the useless cast, spotted by Arend] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3a3ecf1d |
|
21-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
cfg80211: add request id parameter to .sched_scan_stop() signature For multiple scheduled scan support the driver needs to know which scheduled scan request is being stopped. Pass the request id in the .sched_scan_stop() callback. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
ca986ad9 |
|
21-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
nl80211: allow multiple active scheduled scan requests This patch implements the idea to have multiple scheduled scan requests running concurrently. It mainly illustrates how to deal with the incoming request from user-space in terms of backward compatibility. In order to use multiple scheduled scans user-space needs to provide a flag attribute NL80211_ATTR_SCHED_SCAN_MULTI to indicate support. If not the request is treated as a legacy scan. Drivers currently supporting scheduled scan are now indicating they support a single scheduled scan request. This obsoletes WIPHY_FLAG_SUPPORTS_SCHED_SCAN. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> [clean up netlink destroy path to avoid allocations, code cleanups] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
6ea51fc7 |
|
06-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: only add channels and ssids once in scan request When receiving pno results there may be duplicate channels and/or ssids. Assure each is added only once when preparing the internal escan request. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
6594e1e8 |
|
06-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: remove bogus check in scheduled scan result handler Checking whether the address of an array element is null is bogus so removing it. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
4835f37e |
|
06-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: add length checks in scheduled scan result handler Assure the event data buffer is long enough to hold the array of netinfo items and that SSID length does not exceed the maximum of 32 characters as per 802.11 spec. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
818a986e |
|
12-Apr-2017 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: move add/change interface monitor flags into params Instead passing both flags, which can be NULL, and vif_params, which are never NULL, move the flags into the vif_params and use BIT(0), which is invalid from userspace, to indicate that the flags were changed. While updating all drivers, fix a small bug in wil6210 where it was setting the flags to 0 instead of leaving them unchanged. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0cc0236c |
|
28-Mar-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: add support to move wiphy instance into network namespace To support network namespace the driver must assure all created network interfaces are in the same namespace as the wiphy instance and flag the support using WIPHY_FLAG_NETNS_OK. Verified using two terminals: Terminal 1 Terminal 2 -------------------------- --------------------------------- # ip netns add brcm-wifi # iw dev phy#0 Interface wlan3 ifindex 11 wdev 0x1 # ip netns exec brcm-wifi bash # iw dev # echo $$ 20337 # iw phy0 set netns 20337 # iw dev phy#0 Interface wlan3 ifindex 11 wdev 0x2 # iw phy0 interface add wl3.ap type __ap # iw dev phy#0 Interface wl3.ap ifindex 2 wdev 0x3 Interface wlan3 ifindex 11 wdev 0x2 # iw dev # iw phy0 set netns 1 # iw dev # iw dev phy#0 Interface wl3.ap ifindex 2 wdev 0x5 Interface wlan3 ifindex 11 wdev 0x4 Note: increasing wdev identifier above indicates issue in cfg80211 which is addressed separately. Tested-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b9472a2e |
|
08-Mar-2017 |
Hans de Goede <hdegoede@redhat.com> |
brcmfmac: Handle status == BRCMF_E_STATUS_ABORT in cfg80211_escan_handler If a scan gets aborted BRCMF_SCAN_STATUS_BUSY gets cleared in cfg->scan_status and when we receive an abort event from the firmware the BRCMF_SCAN_STATUS_BUSY check in the cfg80211_escan_handler will trigger resulting in multiple errors getting logged. Check for a status of BRCMF_E_STATUS_ABORT and in this case simply cleanly exit the cfg80211_escan_handler. This also avoids a BRCMF_E_STATUS_ABORT event arriving after a new scan has been started causing the new scan to complete prematurely without any data. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
26e53788 |
|
08-Mar-2017 |
Hans de Goede <hdegoede@redhat.com> |
brcmfmac: Do not complain about country code "00" The country code gets set to "00" by default at boot, ignore this rather then logging an error about it. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
5b5e0928 |
|
27-Feb-2017 |
Alexey Dobriyan <adobriyan@gmail.com> |
lib/vsprintf.c: remove %Z support Now that %z is standartised in C99 there is no reason to support %Z. Unlike %L it doesn't even make format strings smaller. Use BUILD_BUG_ON in a couple ATM drivers. In case anyone didn't notice lib/vsprintf.o is about half of SLUB which is in my opinion is quite an achievement. Hopefully this patch inspires someone else to trim vsprintf.c more. Link: http://lkml.kernel.org/r/20170103230126.GA30170@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Andy Shevchenko <andy.shevchenko@gmail.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
0f83ff69 |
|
17-Jan-2017 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: use wiphy_read_of_freq_limits to respect limits from DT This new helper reads extra frequency limits specified in DT and disables unavailable chanels. This is useful for devices (like home routers) with chipsets limited e.g. by board design. In order to respect info read from DT we simply need to check for IEEE80211_CHAN_DISABLED bit when constructing channel info. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
2a2a5d18 |
|
26-Jan-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: add .update_connect_params() callback Add support for the .update_connect_params() callback for roaming or subsequent (re)association. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
0b57010f |
|
26-Jan-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: allow wowlan support to be per device The wowlan support is (partially) determined dynamic by checking the device/firmware capabilities. So they can differ per device. So it is not possible to use a static global. Instead use the global as a template and use kmemdup(). When kmemdup() fails the template is used unmodified. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
d29afe91 |
|
26-Jan-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: fix handling firmware results for wowl netdetect For wowl netdetect the event data changed for newer chips. This was recently fixed for scheduled scan, but same change is needed for wowl netdetect. Removing now pointles += operation from both result handlers. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
2ef03590 |
|
26-Jan-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: provide a value for struct wowlan_support::max_nd_match_sets The driver advertises support for WOWLAN_NETDETECT but did not specify maximum amount of netdetect match sets. This was no issue due to a bug in nl80211. As that has been fixed, brcmfmac also needs fixing. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
c8d87079 |
|
18-Jan-2017 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: drop unneeded function declarations from headers Functions brcmf_c_prec_enq and brcmf_sdio_init don't exist so we really don't need their declarations. Function brcmf_parse_tlvs is used in cfg80211.c only so make it static and drop from header as well. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ab99063f |
|
07-Jan-2017 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: setup wiphy bands after registering it first During bands setup we disable all channels that firmware doesn't support in the current regulatory setup. If we do this before wiphy_register it will result in copying set flags (including IEEE80211_CHAN_DISABLED) to the orig_flags which is supposed to be persistent. We don't want this as regulatory change may result in enabling some channels. We shouldn't mess with orig_flags then (by changing them or ignoring them) so it's better to just take care of their proper values. This patch cleanups code a bit (by taking orig_flags more seriously) and allows further improvements like disabling really unavailable channels. We will need that e.g. if some frequencies should be disabled for good due to hardware setup (design). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
9ea0c307 |
|
07-Jan-2017 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: don't preset all channels as disabled During init we take care of regulatory stuff by disabling all unavailable channels (see brcmf_construct_chaninfo) so this predisabling them is not really required (and this patch won't change any behavior). It will on the other hand allow more detailed runtime control over channels which is the main reason for this change. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
77c0d0cd |
|
03-Jan-2017 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: avoid writing channel out of allocated array Our code was assigning number of channels to the index variable by default. If firmware reported channel we didn't predict this would result in using that initial index value and writing out of array. This never happened so far (we got a complete list of supported channels) but it means possible memory corruption so we should handle it anyway. This patch simply detects unexpected channel and ignores it. As we don't try to create new entry now, it's also safe to drop hw_value and center_freq assignment. For known channels we have these set anyway. I decided to fix this issue by assigning NULL or a target channel to the channel variable. This was one of possible ways, I prefefred this one as it also avoids using channel[index] over and over. Fixes: 58de92d2f95e ("brcmfmac: use static superset of channels for wiphy bands") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ad334bbb |
|
22-Dec-2016 |
Colin Ian King <colin.king@canonical.com> |
brcmfmac: fix spelling mistakes on "Ivalid" Trivial fixes to spelling mistake "Ivalid" to "Invalid" in brcmf_err error messages. Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
cb853da3 |
|
09-Dec-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: fix memory leak in brcmf_cfg80211_attach() In brcmf_cfg80211_attach() there was one error path not properly handled as it leaked memory allocated in brcmf_btcoex_attach(). Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
53e3a80d |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: fix scheduled scan result handling for newer chips The scan results for scheduled scan as retrieved from the device have changed. A field has been added which is not needed. However, the appended info is. Luckily they are versioned so check that to find out the location of the appended data. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
c6989fd5 |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: use requested scan interval in scheduled scan User-space can specify the interval for the scheduled scan. This interval is found in scheduled scan plan. The driver supports only one plan, which is legacy behaviour. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
dfe5b0d5 |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: remove restriction from .sched_scan_start() callback In the .sched_scan_start() callback a condition was checked whether a normal scan was ongoing. However, there is no need for this check as it is ok to start the scheduled scan irrespective whether or not a normal scan is ongoing. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
3e48611d |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: move scheduled scan activation to pno source file Rework .sched_scan_start() callback moving actual configuration of the device in pno source file. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
fca6cb2f |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: split up brcmf_pno_config() function The brcmf_pno_config() function handles two configurations in firmware. Split it and have caller sort out what is needed. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
fa85b30a |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: make internal escan more generic For scheduled scan we initiate an escan in firmware to obtain more info missing from the scheduled scan notification we get from firmware. For upcoming functionality this is also required so make it a bit more generic. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ab5981c8 |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: change prototype for brcmf_do_escan() Reduce the number of parameters as the removed ones can be obtained through struct brcmf_if parameter. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
3e2e86ab |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: fix handling ssids in .sched_scan_start() callback The ssids list in the scheduled scan request were not properly taken into account when configuring in firmware. The hidden bit was set for any ssid resulting in active scanning for all. Only set it for ssids that are in the ssids list. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ac55136f |
|
23-Nov-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: move pno helper functions in separate source file Introducing new source file for pno related functionality. Moving existing pno functions. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
f25ba69c |
|
17-Nov-2016 |
Wright Feng <wefe@cypress.com> |
brcmfmac: update beacon IE after bss up and clear when AP stopped Firmware doesn't update beacon/Probe Response vendor IEs correctly when bss is down, so we move brcmf_config_ap_mgmt_ie after BSS up. And host driver should clear IEs when AP stopped so that the IEs in host side will be synced with in firmware side. Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
e1c122d5 |
|
14-Oct-2016 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: print name of connect status event This simplifies debugging. Format %s (%u) comes from similar debugging message in brcmf_fweh_event_worker. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
d3532ea6 |
|
17-Oct-2016 |
Arnd Bergmann <arnd@arndb.de> |
brcmfmac: avoid maybe-uninitialized warning in brcmf_cfg80211_start_ap A bugfix added a sanity check around the assignment and use of the 'is_11d' variable, which looks correct to me, but as the function is rather complex already, this confuses the compiler to the point where it can no longer figure out if the variable is always initialized correctly: brcm80211/brcmfmac/cfg80211.c: In function ‘brcmf_cfg80211_start_ap’: brcm80211/brcmfmac/cfg80211.c:4586:10: error: ‘is_11d’ may be used uninitialized in this function [-Werror=maybe-uninitialized] This adds an initialization for the newly introduced case in which the variable should not really be used, in order to make the warning go away. Fixes: b3589dfe0212 ("brcmfmac: ignore 11d configuration errors") Cc: Hante Meuleman <hante.meuleman@broadcom.com> Cc: Arend van Spriel <arend.vanspriel@broadcom.com> Cc: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
e227300c |
|
12-Oct-2016 |
Purushottam Kushwaha <pkushwah@qti.qualcomm.com> |
cfg80211: pass struct to interface combination check/iter Move the growing parameter list to a structure for the interface combination check and iteration functions in cfg80211 and mac80211 to make the code easier to understand. Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com> [edit commit message] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
23e9c128 |
|
21-Sep-2016 |
Rafał Miłecki <rafal@milecki.pl> |
brcmfmac: fix memory leak in brcmf_fill_bss_param This function is called from get_station callback which means that every time user space was getting/dumping station(s) we were leaking 2 KiB. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Fixes: 1f0dc59a6de ("brcmfmac: rework .get_station() callback") Cc: stable@vger.kernel.org # 4.2+ Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
92c31360 |
|
18-Sep-2016 |
Hante Meuleman <hante.meuleman@broadcom.com> |
brcmfmac: simplify mapping of auth type The 802.11 standard only has four valid auth type configurations of which our firmware only supports two, ie. Open System and Shared Key. Simplify the mapping falling back to automatic for other types specified by user-space. Reviewed-by: Arend Van Spriel <arend.vanspriel@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a7ed7828 |
|
18-Sep-2016 |
Hante Meuleman <hante.meuleman@broadcom.com> |
brcmfmac: fix out of bound access on clearing wowl wake indicator Clearing the wowl wakeindicator happens with a rather odd construction where the string "clear" is used to set the iovar wowl_wakeind. This was implemented incorrectly as it caused an out of bound access. Use an intermediate variable of correct length and copy string in that. Problem was found using coverity. Reviewed-by: Arend Van Spriel <arend.vanspriel@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b3589dfe |
|
18-Sep-2016 |
Hante Meuleman <hante.meuleman@broadcom.com> |
brcmfmac: ignore 11d configuration errors 802.11d is not always supported by firmware anymore. Currently the AP configuration of 11d will cause an abort if the ioctl set is failing. This behavior is not correct and the error should be ignored. Reviewed-by: Arend Van Spriel <arend.vanspriel@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ded89912 |
|
05-Sep-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() User-space can choose to omit NL80211_ATTR_SSID and only provide raw IE TLV data. When doing so it can provide SSID IE with length exceeding the allowed size. The driver further processes this IE copying it into a local variable without checking the length. Hence stack can be corrupted and used as exploit. Cc: stable@vger.kernel.org # v4.7 Reported-by: Daxing Guo <freener.gdx@gmail.com> Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7703773ef |
|
23-Aug-2016 |
Nicolas Iooss <nicolas.iooss_linux@m4x.org> |
brcmfmac: fix pmksa->bssid usage The struct cfg80211_pmksa defines its bssid field as: const u8 *bssid; contrary to struct brcmf_pmksa, which uses: u8 bssid[ETH_ALEN]; Therefore in brcmf_cfg80211_del_pmksa(), &pmksa->bssid takes the address of this field (of type u8**), not the one of its content (which would be u8*). Remove the & operator to make brcmf_dbg("%pM") and memcmp() behave as expected. This bug have been found using a custom static checker (which checks the usage of %p... attributes at build time). It has been introduced in commit 6c404f34f2bd ("brcmfmac: Cleanup pmksa cache handling code"), which replaced pmksa->bssid by &pmksa->bssid while refactoring the code, without modifying struct cfg80211_pmksa definition. Replace &pmk[i].bssid with pmk[i].bssid too to make the code clearer, this change does not affect the semantic. Fixes: 6c404f34f2bd ("brcmfmac: Cleanup pmksa cache handling code") Cc: stable@vger.kernel.org Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b64abcb7 |
|
15-Aug-2016 |
mhiramat@kernel.org <mhiramat@kernel.org> |
brcmfmac: Change vif_event_lock to spinlock Change vif_event_lock to spinlock from mutex, since this lock is used in wait_event_timeout() via vif_event_equals(). This caused a warning report as below. As far as I can see, this lock protects regions where updating structure members, not function calls. Also, since those regions are not called from interrupt handlers (of course, it was a mutex), spin_lock is used instead of spin_lock_irqsave. [ 186.678550] ------------[ cut here ]------------ [ 186.678556] WARNING: CPU: 2 PID: 7140 at /home/mhiramat/ksrc/linux/kernel/sched/core.c:7545 __might_sleep+0x7c/0x80 [ 186.678560] do not call blocking ops when !TASK_RUNNING; state=2 set at [<ffffffff980d9090>] prepare_to_wait_event+0x60/0x100 [ 186.678560] Modules linked in: brcmfmac xt_CHECKSUM rfcomm ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_addrtype br_netfilter xt_tcpudp ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_raw ip6table_security ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_raw iptable_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_filter ip_tables x_tables bnep nls_iso8859_1 i2c_designware_platform i2c_designware_core snd_hda_codec_hdmi snd_hda_codec_realtek dcdbas snd_hda_codec_generic snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal intel_powerclamp coretemp [ 186.678594] snd_pcm crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 joydev glue_helper snd_hwdep lrw gf128mul uvcvideo ablk_helper snd_seq_midi cryptd snd_seq_midi_event snd_rawmidi videobuf2_vmalloc videobuf2_memops snd_seq input_leds videobuf2_v4l2 cfg80211 videobuf2_core snd_timer videodev serio_raw btusb snd_seq_device media btrtl rtsx_pci_ms snd mei_me memstick hid_multitouch mei soundcore brcmutil idma64 virt_dma intel_lpss_pci processor_thermal_device intel_soc_dts_iosf hci_uart btbcm btqca btintel bluetooth int3403_thermal dell_smo8800 intel_lpss_acpi intel_lpss int3402_thermal int340x_thermal_zone intel_hid mac_hid int3400_thermal shpchp sparse_keymap acpi_pad acpi_thermal_rel acpi_als kfifo_buf industrialio kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq [ 186.678631] usbhid nouveau ttm i915 rtsx_pci_sdmmc mxm_wmi i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse drm ahci rtsx_pci nvme nvme_core libahci i2c_hid hid pinctrl_sunrisepoint video wmi pinctrl_intel fjes [last unloaded: brcmfmac] [ 186.678646] CPU: 2 PID: 7140 Comm: wpa_supplicant Not tainted 4.8.0-rc1+ #8 [ 186.678647] Hardware name: Dell Inc. XPS 15 9550/0N7TVV, BIOS 01.02.00 04/07/2016 [ 186.678648] 0000000000000000 ffff9d8c64b5b900 ffffffff98442f23 ffff9d8c64b5b950 [ 186.678651] 0000000000000000 ffff9d8c64b5b940 ffffffff9808b22b 00001d790000000d [ 186.678653] ffffffff98c75e78 000000000000026c 0000000000000000 ffff9d8c2706d058 [ 186.678655] Call Trace: [ 186.678659] [<ffffffff98442f23>] dump_stack+0x85/0xc2 [ 186.678666] [<ffffffff9808b22b>] __warn+0xcb/0xf0 [ 186.678668] [<ffffffff9808b29f>] warn_slowpath_fmt+0x4f/0x60 [ 186.678671] [<ffffffff980d9090>] ? prepare_to_wait_event+0x60/0x100 [ 186.678672] [<ffffffff980d9090>] ? prepare_to_wait_event+0x60/0x100 [ 186.678674] [<ffffffff980b922c>] __might_sleep+0x7c/0x80 [ 186.678680] [<ffffffff988b0853>] mutex_lock_nested+0x33/0x3b0 [ 186.678682] [<ffffffff980e5d8d>] ? trace_hardirqs_on+0xd/0x10 [ 186.678689] [<ffffffffc0c57d2d>] brcmf_cfg80211_wait_vif_event+0xcd/0x130 [brcmfmac] [ 186.678691] [<ffffffff980d9190>] ? wake_atomic_t_function+0x60/0x60 [ 186.678697] [<ffffffffc0c628e9>] brcmf_p2p_del_vif+0xf9/0x220 [brcmfmac] [ 186.678702] [<ffffffffc0c57fab>] brcmf_cfg80211_del_iface+0x21b/0x270 [brcmfmac] [ 186.678716] [<ffffffffc0b0539e>] nl80211_del_interface+0xfe/0x3a0 [cfg80211] [ 186.678718] [<ffffffff987ca335>] genl_family_rcv_msg+0x1b5/0x370 [ 186.678720] [<ffffffff980e5d8d>] ? trace_hardirqs_on+0xd/0x10 [ 186.678721] [<ffffffff987ca56d>] genl_rcv_msg+0x7d/0xb0 [ 186.678722] [<ffffffff987ca4f0>] ? genl_family_rcv_msg+0x370/0x370 [ 186.678724] [<ffffffff987c9a47>] netlink_rcv_skb+0x97/0xb0 [ 186.678726] [<ffffffff987ca168>] genl_rcv+0x28/0x40 [ 186.678727] [<ffffffff987c93c3>] netlink_unicast+0x1d3/0x2f0 [ 186.678729] [<ffffffff987c933b>] ? netlink_unicast+0x14b/0x2f0 [ 186.678731] [<ffffffff987c97cb>] netlink_sendmsg+0x2eb/0x3a0 [ 186.678733] [<ffffffff9876dad8>] sock_sendmsg+0x38/0x50 [ 186.678734] [<ffffffff9876e4df>] ___sys_sendmsg+0x27f/0x290 [ 186.678737] [<ffffffff9828b935>] ? mntput_no_expire+0x5/0x3f0 [ 186.678739] [<ffffffff9828b9be>] ? mntput_no_expire+0x8e/0x3f0 [ 186.678741] [<ffffffff9828b935>] ? mntput_no_expire+0x5/0x3f0 [ 186.678743] [<ffffffff9828bd44>] ? mntput+0x24/0x40 [ 186.678744] [<ffffffff98267830>] ? __fput+0x190/0x200 [ 186.678746] [<ffffffff9876f125>] __sys_sendmsg+0x45/0x80 [ 186.678748] [<ffffffff9876f172>] SyS_sendmsg+0x12/0x20 [ 186.678749] [<ffffffff988b5680>] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 186.678751] [<ffffffff980e2b8f>] ? trace_hardirqs_off_caller+0x1f/0xc0 [ 186.678752] ---[ end trace e224d66c5d8408b5 ]--- Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
c940de10 |
|
05-Jul-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: respect hidden_ssid for AP interfaces This was succesfully tested with 4366B1. A small workaround is needed for the main interface otherwise it would stuck at the hidden state. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
dba8fbc6 |
|
29-Jun-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: support removing AP interfaces with "interface_remove" New firmwares (e.g. 10.10.69.36 for BCM4366) support "interface_remove" for removing interfaces. Try to use this method on cfg80211 request. In case of older firmwares (e.g. 7.35.177.56 for BCM43602 as I tested) this will just result in firmware rejecting command and this won't change any behavior. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
1d76250b |
|
05-Jul-2016 |
Avraham Stern <avraham.stern@intel.com> |
nl80211: support beacon report scanning Beacon report radio measurement requires reporting observed BSSs on the channels specified in the beacon request. If the measurement mode is set to passive or active, it requires actually performing a scan (passive or active, accordingly), and reporting the time that the scan was started and the time each beacon/probe was received (both in terms of TSF of the BSS of the requesting AP). If the request mode is table, this information is optional. In addition, the radio measurement request specifies the channel dwell time for the measurement. In order to use scan for beacon report when the mode is active or passive, add a parameter to scan request that specifies the channel dwell time, and add scan start time and beacon received time to scan results information. Supporting beacon report is required for Multi Band Operation (MBO). Signed-off-by: Assaf Krauss <assaf.krauss@intel.com> Signed-off-by: David Spinadel <david.spinadel@intel.com> Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f568adac |
|
07-Jun-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: slightly simplify building interface combinations This change reorders some operations in brcmf_setup_ifmodes in hope to make it simpler: 1) It allocates arrays right before filling them. This way it's easier to follow requested array length as it's immediately followed by code filling it. It's easier to check e.g. why we need 4 entries for P2P. Other than that it deduplicates some checks (e.g. for P2P). 2) It reorders code to first prepare limits and then define a new combo. Previously this was mixed (e.g. we were setting num of channels before preparing limits). 3) It modifies mbss code to use i variable just like other combos do. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
26072330 |
|
06-Jun-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: drop unused pm_block vif attribute This attribute was added 3 years ago by commit 3eacf866559c ("brcmfmac: introduce brcmf_cfg80211_vif structure") but it remains unused since then. It seems we can safely drop it. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
fd3667a8 |
|
29-May-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: don't remove interface on link down firmware event There are two firmware events we handle similarly in brcmfmac: BRCMF_E_LINK and BRCMF_E_IF. The difference from firmware point of view is that the first one means BSS remains present in the firmware. Trying to (re)create it (e.g. when adding new virtual interface) will result in an error. Current code treats both events in a similar way. It removes Linux interface for each of them. It works OK with e.g. BCM43602. Its firmware generates both events for each interface. It means we get BRCMF_E_LINK and remove interface. That is soon followed by BRCMF_E_IF which means BSS was also removed in a firmware. The only downside of this is a harmless error like: [ 208.643180] brcmfmac: brcmf_fweh_call_event_handler: no interface object Unfortunately BCM4366 firmware doesn't automatically remove BSS and so it doesn't generate BRCMF_E_IF. In such case we incorrectly remove Linux interface on BRCMF_E_LINK as BSS is still present in the firmware. It results in an error when trying to re-create virtual interface, e.g.: > iw phy phy1 interface add wlan1-1 type __ap [ 3602.929199] brcmfmac: brcmf_ap_add_vif: timeout occurred command failed: I/O error (-5) With this patch we don't remove Linux interface while firmware keeps BSS. Thanks to this we keep a consistent states of host driver and device firmware. Further improvement should be to mark BSS as disabled and remove interface on BRCMF_E_LINK. Then we should add support for reusing BSS-es. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
8707e08d |
|
27-May-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: fix setting AP channel with new firmwares Firmware for new chipsets is based on a new major version of code internally maintained at Broadcom. E.g. brcmfmac4366b-pcie.bin (used for BCM4366B1) is based on 10.10.69.3309 while brcmfmac43602-pcie.ap.bin was based on 7.35.177.56. Currently setting AP 5 GHz channel doesn't work reliably with BCM4366B1. When setting e.g. 36 control channel with VHT80 (center channel 42) firmware may randomly pick one of: 1) 52 control channel with 58 as center one 2) 100 control channel with 106 as center one 3) 116 control channel with 122 as center one 4) 149 control channel with 155 as center one It seems new firmwares require setting AP mode (BRCMF_C_SET_AP) before specifying a channel. Changing an order of firmware calls fixes the problem. This requirement resulted in two separated "chanspec" calls, one in AP code path and one in P2P path. This fix was verified with BCM4366B1 and tested for regressions on BCM43602. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
0cd33c20 |
|
27-May-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: print errors if creating interface fails This is helpful for debugging. Without this all I was getting from "iw" command on failed creating of P2P interface was: > command failed: Too many open files in system (-23) Signed-off-by: Rafal Milecki <zajec5@gmail.com> [arend@broadcom.com: reduce error prints upon iface creation] Signed-off-by: Arend van Spriel <arend@broadcom.com> Reviewed-by: Julian Calaby <julian.calaby@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
ee6e7aa3 |
|
20-May-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: support get_channel cfg80211 callback This is important for brcmfmac as some of released firmwares (e.g. brcmfmac4366b-pcie.bin) may pick different channel than requested. This has been tested with BCM4366B1 in D-Link DIR-885L. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
4712d88a |
|
20-May-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmutil: add field storing control channel to the struct brcmu_chan Our d11 code supports encoding/decoding channel info into/from chanspec format used by firmware. Current implementation is quite misleading because of the way "chnum" field is used. When encoding channel info, "chnum" has to be filled by a caller with *center* channel number. However when decoding chanspec the same field is filled with a *control* channel number. 1) This can be confusing. It's expected for information to be the same after encoding and decoding. 2) It doesn't allow accessing all info when decoding. Some functions may need to know both channel numbers, e.g. cfg80211 callback getting current channel. Solve this by adding a separated field for control channel. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
d464fd8b |
|
19-May-2016 |
Muhammad Falak R Wani <falakreyaz@gmail.com> |
brcmfmac: use kmemdup Use kmemdup when some other buffer is immediately copied into allocated region. It replaces call to allocation followed by memcpy, by a single call to kmemdup. Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
d02fb8f1 |
|
25-May-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: rework function picking free BSS index The old implementation was overcomplicated and slightly bugged in some corner cases. Consider following state of BSS-es (limited to 6 for simplification): drvr->iflist[0]: { bsscfgidx:0, ndev->name:wlan1, } drvr->iflist[1]: (null) drvr->iflist[2]: { bsscfgidx:2, ndev->name:wlan1-1, } drvr->iflist[3]: { bsscfgidx:3, ndev->name:wlan1-2, } drvr->iflist[4]: (null) drvr->iflist[5]: (null) In such case the next AP interface should bsscfgidx 4 (we don't use 1 as it's reserved for P2P). With old code the loop iterations were following: [ifidx = 0] [bsscfgidx = 2] [highest = 2] [ifidx = 1] [bsscfgidx = 2] [highest = 2] available = true [ifidx = 2] [bsscfgidx = 2] [highest = 2] bsscfgidx = highest + 1 [ifidx = 3] [bsscfgidx = 3] [highest = 2] bsscfgidx = highest + 1 [ifidx = 4] [bsscfgidx = 3] [highest = 2] available = true [ifidx = 5] [bsscfgidx = 3] [highest = 2] available = true There were 2 obvious problems: 1) Having empty BSS at index 1 was resulting in available being always set to true, even if we would run out of BSS-es. 2) Calculated bsscfgidx was invalid (3 instead of 4) resulting in driver not being able to create the 4th AP interface. New code is simpler, placed in file where it's really used, handles running out of free BSS-es and allows using 4 interfaces at the same time. It also looks for the first free BSS instead of one after the last in use. It works well with current driver (which doesn't allow deleting interfaces) and should be future proof (if we ever allow deleting). Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
94abd778 |
|
12-May-2016 |
Jaap Jan Meijer <jjmeijer88@gmail.com> |
brcmfmac: add fallback for devices that do not report per-chain values If brcmf_cfg80211_get_station fails to determine the RSSI from the per-chain values get the value individually as a fallback. Fixes: 1f0dc59a6de9 ("brcmfmac: rework .get_station() callback") Signed-off-by: Jaap Jan Meijer <jjmeijer88@gmail.com> Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7705ba6f |
|
17-Apr-2016 |
Arend van Spriel <arend@broadcom.com> |
brcmfmac: add support for nl80211 BSS_SELECT feature Announce support for nl80211 feature BSS_SELECT and process BSS selection behaviour provided in .connect() callback. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Lei Zhang <leizh@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
28b285a6 |
|
11-Apr-2016 |
Hante Meuleman <hante.meuleman@broadcom.com> |
brcmfmac: fix clearing wowl wake indicators Newer firmwares require the usage of the wowl wakeind struct as size for the iovar to clear the wake indicators. Older firmwares do not care, so change the used size. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
57fbcce3 |
|
12-Apr-2016 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: remove enum ieee80211_band This enum is already perfectly aliased to enum nl80211_band, and the only reason for it is that we get IEEE80211_NUM_BANDS out of it. There's no really good reason to not declare the number of bands in nl80211 though, so do that and remove the cfg80211 one. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
240d61a9 |
|
17-Feb-2016 |
Hante Meuleman <hante.meuleman@broadcom.com> |
brcmfmac: add 802.11w management frame protection support Add full support for both AP and STA for management frame protection. Reviewed-by: Arend Van Spriel <arend.van@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <franky.lin@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
219e0f74 |
|
17-Feb-2016 |
Hante Meuleman <hante.meuleman@broadcom.com> |
brcmfmac: integrate add_keyext in add_key brcmf_add_keyext is called when a key is configured for a specific mac address. This function is very similar to the calling function brcmf_add_key. Integrate this function and also use existing del_key function in case key is to be cleared. Reviewed-by: Arend Van Spriel <arend.van@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <franky.lin@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
4d792895 |
|
17-Feb-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: switch to new platform data Platform data is only available for sdio. With this patch a new platform data structure is being used which allows for platform data for any device and configurable per device. This patch only switches to the new structure and adds support for SDIO devices. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
73ef9e64 |
|
17-Feb-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: keep ARP and ND offload enabled during WOWL Currently ARP and ND (IPv6 Neigbor Discovery) offload get disabled on entering suspend. However when firmwares support the wowl_cap iovar then these offload routines can be kept enabled as they will work during WOWL as well. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
5c22fb85 |
|
17-Feb-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: add wowl gtk rekeying offload support This patch adds support for gtk rekeying offload and for gtk rekeying failure during wowl mode. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
52f22fb2 |
|
17-Feb-2016 |
Franky Lin <frankyl@broadcom.com> |
brcmfmac: add neighbor discovery offload ip address table configuration Configure ipv6 address for neighbor discovery offload ip table in firmware obtained through ipv6 address notification callback. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
0aedbcaf |
|
17-Feb-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Add length checks on firmware events Add additional length checks on firmware events to create more robust code. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Lei Zhang <leizh@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
73345fd2 |
|
17-Feb-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Configure country code using device specific settings Country code configuration in a device is a device specific operation. For this the country code as specified by reg notifier (iso3166 alpha2) needs to be translated to a device specific country locale and revision number. This patch adds this translation and puts a placeholder in the device specific settings where the translation table can be stored. Additional patches will be needed to read these tables from for example device platform data. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
6ea09153 |
|
17-Feb-2016 |
Franky Lin <frankyl@broadcom.com> |
brcmfmac: check for wowl support before enumerating feature flag In some cases wiphy->wowlan could be NULL if firmware doesn't have the support. Driver should check for support before walking down the feature flags. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
d5367334 |
|
17-Feb-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Limit memory allocs to <64K Some systems have problems with allocating memory allocation larger then 64K. Often on unload/load or suspend/resume a failure is reported: Could not allocate wiphy device. This patch makes the escan intermediate storage buf dynamically allocated, and smaller than 64K. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a9eb0c4b |
|
17-Feb-2016 |
Arend van Spriel <arend@broadcom.com> |
brcmfmac: change function name for brcmf_cfg80211_wait_vif_event_timeout() Dropping the '_timeout' from the function name as the fact that a timeout value is passed makes it obvious a timeout is used. Also helps to keep code lines a bit shorter and easier to stick to 80 char boundary. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
36e8072e |
|
20-Jan-2016 |
Rafał Miłecki <zajec5@gmail.com> |
brcmfmac: fix setting primary channel for 80 MHz width First of all it changes the way we calculate primary channel offset. If we use e.g. 80 MHz channel with primary frequency 5180 MHz (which means center frequency is 5210 MHz) it makes sense to calculate primary offset as -30 MHz. Then it fixes values we compare primary_offset with. We were comparing offset in MHz against -2 or 2 which was resulting in picking a wrong primary channel. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
42e0ed0d |
|
05-Jan-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Do not handle link downs for ibss. Sometimes on module reload and reconnect to ibss a deauth from other station can be received. This is treated as a link down but for ibss this is wrong. It will close the interface and no data is possible. Ignore the firmware generated link down events in ibss mode, as ibss is always teared down by cfg80211. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
63ce3d5d |
|
05-Jan-2016 |
Arend van Spriel <arend@broadcom.com> |
brcmfmac: use msecs_to_jiffies() in macro definitions Instead to having macro definition for millisecond timeout have the definition directly in jiffies. This makes the unit of the value immediately clear and may result in code that is bit more compact. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
5419f7f1 |
|
05-Jan-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Reshuffle functions to avoid forward declarations Function prototype forward declarations are to be avoided. This patch shuffles some of the functions so the forward declarations can be removed. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
3021ad9a |
|
05-Jan-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Add wowl net detect support With wowl net detect it becomes possible to scan for specific ssids and wakeup once found. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7d34b056 |
|
02-Jan-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Move all module parameters to one place Module parameters are defined in several files. Move them in one place and make them device specific or global. This makes it easier to override device specific settings by external data like platform data in the future. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
6a98d64a |
|
02-Jan-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Fix warn trace on module unload while in ibss mode When the driver is being unloaded a situation can occur where the wirelesss core (cfg80211) wants to remove the ibss, but the state of brcmfmac has already been set to down. When an error is returned in that situation then that will result in a stack trace on removal of the wiphy object. This is avoided by returning 0 when device is down on a leave_ibss call. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
48ed16e8 |
|
02-Jan-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Add support for scheduled scan mac randomization Scheduled scan be requested to use mac randomization. This patch checks the flags and enables the randomization if desired. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
3f5893d1 |
|
02-Jan-2016 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Add get_station support for IBSS When get_station is requested for IBSS then an error will be printed and no information will be returned. This patch adds IBSS specific get station information function. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
b0a79088 |
|
10-Dec-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Fix IBSS setup IBSS got broken over time. Disconnect events should not be given for IBSS mode and connect events for IBSS need to have channel information. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
353c46ac |
|
10-Dec-2015 |
Arend van Spriel <arend@broadcom.com> |
brcmfmac: no interface combination check for single interface The interface combinations are intended for use-case in which the driver handles multiple interface concurrently. This means that the combinations do not need to be checked when there is only a single interface active. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
a7b82d47 |
|
10-Dec-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Make TDLS a detectable feature Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
6c404f34 |
|
10-Dec-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Cleanup pmksa cache handling code Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
4235edcd |
|
10-Dec-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Remove some redundant cfg80211 data Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
675f5d82 |
|
10-Dec-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Use local storage for ssid iovar Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
1678ba8e |
|
10-Dec-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Simplify scan timing configuration No need to pass timing configuration in local functions as they are static anyway. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
7bf65aa9 |
|
25-Nov-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Add beamforming support. Some devices support beamforming. This patch enables tx beamforming if supported and reports beamforming capabilities per channel if supported. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
1119e23e |
|
25-Nov-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Cleanup roaming configuration. Put all roaming configuration related code in one place and configure timeout based upon roaming setting. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
c4958106 |
|
25-Nov-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Remove redundant parameter action from scan. ESCAN is always performed using action start scan. No need to pass this parameter on to different functions. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
e9a6ca82 |
|
25-Nov-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Cleanup ssid storage. SSIDs used for connect and p2p got stored, but never used. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
aeb64225 |
|
29-Oct-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Add wowl wake indication report. On wakeup of the system (resume) a wowl wakeup indication report can be sent to cfg80211. This patch adds support for this. The report specifies if the device was responsible for the wakeup and if so, will specify the exact reason. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
37a869ec |
|
29-Oct-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Use consistent naming for bsscfgidx. The variable bsscfgidx is used in different places with different names, e.g. bsscfg, bssidx, bsscfg_idx. This patch cleans this up by using bsscfgidx everywhere. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
8abffd81 |
|
29-Oct-2015 |
Hante Meuleman <meuleman@broadcom.com> |
brcmfmac: Add RSDB support. Broadcom devices with a single 802.11 core can work on two band concurrently using VSDB feature, ie. Virtual Simultaneous Dual-Band. For devices that are fitted with two 802.11 cores and RF paths the driver should support a firmware feature called RSDB, which stands for Real Simultaneous Dual-Band. RSDB works almost autonomously in firmware except for AP config. When the device supports RSDB then the interface should not be brought down when configuring it, otherwise the link (if configured) on the other interface will be lost. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> [kvalo@codeaurora.org: changed the commit log based on discussion] Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
#
05491d2c |
|
17-Nov-2015 |
Kalle Valo <kvalo@codeaurora.org> |
brcm80211: move under broadcom vendor directory Part of reorganising wireless drivers directory and Kconfig. Note that I had to edit Makefiles from subdirectories to use the new location. Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|