| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Allow mesh interface to disable the power save which is by default
turn on in certain chipset. Testing with 2 units of ZCN-1523H-5-16
featuring AR9280 chipset which have power save enabled by default.
Constant reset if the average signal of the peer mesh STA is below
-80 dBm and power save is enabled.
Signed-off-by: Chun-Yeow Yeoh <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
When the driver's resume function can't completely
restore the configuration in the device, it returns
1 from the callback which will be treated like a HW
restart request, but done directly.
In this case, also call the driver's restart_complete()
function so it can finish the reconfiguration there.
Signed-off-by: Johannes Berg <[email protected]>
|
|
My commit 529ba6e9313dbe60dab7e72c6fdf647a012e9f5b
("mac80211: clean up association better in suspend")
introduced a bug when resuming from WoWLAN when a
device reset is desired. This case must not use the
suspend_bss_conf as it hasn't been stored.
Signed-off-by: Johannes Berg <[email protected]>
|
|
Channel contexts are not always used with monitor interfaces. If no channel
context is set, use the oper channel, otherwise tx fails.
Signed-off-by: Felix Fietkau <[email protected]>
[check local->use_chanctx]
Signed-off-by: Johannes Berg <[email protected]>
|
|
Since:
commit b23b025fe246f3acc2988eb6d400df34c27cb8ae
Author: Ben Greear <[email protected]>
Date: Fri Feb 4 11:54:17 2011 -0800
mac80211: Optimize scans on current operating channel.
we do not disable PS while going back to operational channel (on
ieee80211_scan_state_suspend) and deffer that until scan finish.
But since we are allowed to send frames, we can send a frame to AP
without PM bit set, so disable PS on AP side. Then when we switch
to off-channel (in ieee80211_scan_state_resume) we do not enable PS.
Hence we are off-channel with PS disabled, frames are not buffered
by AP.
To fix remove offchannel_ps_disable argument and always enable PS when
going off-channel and disable it when going on-channel, like it was
before.
Cc: [email protected] # 2.6.39+
Signed-off-by: Stanislaw Gruszka <[email protected]>
Tested-by: Seth Forshee <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
During FT roaming, wpa_supplicant attempts to set the
key before association. This used to be rejected, but
as a side effect of my commit 66e67e418908442389d3a9e
("mac80211: redesign auth/assoc") the key was accepted
causing hardware crypto to not be used for it as the
station isn't added to the driver yet.
It would be possible to accept the key and then add it
to the driver when the station has been added. However,
this may run into issues with drivers using the state-
based station adding if they accept the key only after
association like it used to be.
For now, revert to the behaviour from before the auth
and assoc change.
Cc: [email protected]
Reported-by: Cédric Debarge <[email protected]>
Tested-by: Cédric Debarge <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz <[email protected]> says:
"This is the first NFC patchset targeted at the 3.9 merge window.
It brings the following goodies:
- LLCP socket timestamping (To be used e.g with the recently released nfctool
application for a more efficient skb timestamping when sniffing).
- A pretty big pn533 rework from Waldemar, preparing the driver to support
more flavours of pn533 based devices.
- HCI changes from Eric in preparation for the microread driver support.
- Some LLCP memory leak fixes, cleanups and slight improvements.
- pn544 and nfcwilink move to the devm_kzalloc API.
- An initial Secure Element (SE) API.
- An nfc.h license change from the original author, allowing non GPL
application code to safely include it."
Signed-off-by: John W. Linville <[email protected]>
|
|
Safer and more robust than than memcpy_toiovec.
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
We can cast msg_name to a sockaddr_nfc_llcp pointer directly.
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
commit 1a9193185f462a51815fe48491f8a6fb6b942551 "regulatory: code cleanup"
changed is_ht40_allowed without considering that IEEE80211_CHAN_NO_HT40 is
not just one flag, but two.
This is causing HT40- to be blocked completely.
Signed-off-by: Felix Fietkau <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
My commit 4bf88530be971bf95a7830ca61b4120980bf4347
("mac80211: convert to channel definition struct")
accidentally broke HT40 connections due to swapped
channel flag checks -- fix that.
Reported-by: Sujith Manoharan <[email protected]>
Tested-by: Sujith Manoharan <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
The uuid should be printed in the CPU endianness and not in little-endian.
Acked-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
The socket from which a mgmt_set_powered command was received should
only receive the command response but no new_settings event.
The mgmt_powered() function which is used to handle the situation with
the HCI_AUTO_OFF flag tries to check for a pending command to know which
socket to skip the event for, but since the pending command hasn't been
added this will not happen.
This patch fixes the issue by adding the pending command for the
HCI_AUTO_OFF case and thereby ensures that mgmt_powered() will skip the
right socket when sending the new_settings event, but still send the
proper response to the socket where the command came from.
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Management commands should whenever possible fail with proper command
status or command complete events. This patch fixes the
mgmt_start_discovery command to do this for the failure cases where an
incorrect parameter value was passed to it ("not supported" if the
parameter value was valid but the controller doesn't support it and
"invalid params" if it isn't valid at all).
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
All mgmt_set_* commands that take a boolean value encoded in the form of
a byte should only accept the values 0x00 and 0x01. This patch adds the
necessary checks for this and returns "invalid params" responses if
anything else is provided as the value.
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
This patch fixes sections of code that do not need hci_lock_dev to be
outside of the lock. Such sections include code that do not touch the
hdev at all as well as sections which just read a single byte from the
supported_features value (i.e. all lmp_*_capable() macros).
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
The concept of Class of Device only exists for BR/EDR controllers. The
mgmt_set_dev_class command should therefore return a proper "not
supported" error if it is attempted for a controller that doesn't
support BR/EDR (e.g. a single mode LE-only one).
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
The two lowest bits of the minor device class value are reserved and
should be zero, and the three highest bits of the major device class
likewise. The management code should therefore test for this and return
a proper "invalid params" error if the condition is not met.
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
All management events are expected to indicate successful completion
through a command complete event, however the load long term keys
command was missing this. This patch adds the missing event.
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
All management commands are expected to indicate successful completion
through a command complete event however the confirm name command was
missing it. This patch add the sending of the missing event.
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Checking only for sco_conn seems to not be enough and lead to NULL
dereferences in the code, check for hcon instead.
<1>[11340.226404] BUG: unable to handle kernel NULL pointer dereference at
0000000
8
<4>[11340.226619] EIP is at __sco_sock_close+0xe8/0x1a0
<4>[11340.226629] EAX: f063a740 EBX: 00000000 ECX: f58f4544 EDX: 00000000
<4>[11340.226640] ESI: dec83e00 EDI: 5f9a081f EBP: e0fdff38 ESP: e0fdff1c
<0>[11340.226674] Stack:
<4>[11340.226682] c184db87 c1251028 dec83e00 e0fdff38 c1754aef dec83e00
00000000
e0fdff5c
<4>[11340.226718] c184f587 e0fdff64 e0fdff68 5f9a081f e0fdff5c c1751852
d7813800
62262f10
<4>[11340.226752] e0fdff70 c1753c00 00000000 00000001 0000000d e0fdffac
c175425c
00000041
<0>[11340.226793] Call Trace:
<4>[11340.226813] [<c184db87>] ? sco_sock_clear_timer+0x27/0x60
<4>[11340.226831] [<c1251028>] ? local_bh_enable+0x68/0xd0
<4>[11340.226846] [<c1754aef>] ? lock_sock_nested+0x4f/0x60
<4>[11340.226862] [<c184f587>] sco_sock_shutdown+0x67/0xb0
<4>[11340.226879] [<c1751852>] ? sockfd_lookup_light+0x22/0x80
<4>[11340.226897] [<c1753c00>] sys_shutdown+0x30/0x60
<4>[11340.226912] [<c175425c>] sys_socketcall+0x1dc/0x2a0
<4>[11340.226929] [<c149ba78>] ? trace_hardirqs_on_thunk+0xc/0x10
<4>[11340.226944] [<c18860f1>] syscall_call+0x7/0xb
<4>[11340.226960] [<c1880000>] ? restore_cur+0x5e/0xd7
<0>[11340.226969] Code: <f0> ff 4b 08 0f 94 c0 84 c0 74 20 80 7b 19 01 74
2f b8 0a 00 00
Reported-by: Chuansheng Liu <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
If remote device sends l2cap info request before read_remote_ext_feature
completes then mgmt_connected will be sent in hci_acldata_packet() and
remote name request wont be sent and eventually authentication wont happen
Hcidump log of the issue
< HCI Command: Create Connection (0x01|0x0005) plen 13
bdaddr BC:85:1F:74:7F:29 ptype 0xcc18 rswitch 0x01 clkoffset 0x4bf7 (valid)
Packet type: DM1 DM3 DM5 DH1 DH3 DH5
> HCI Event: Command Status (0x0f) plen 4
Create Connection (0x01|0x0005) status 0x00 ncmd 1
> HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 12 bdaddr BC:85:1F:74:7F:29 type ACL encrypt 0x00
< HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
handle 12
> HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
> HCI Event: Read Remote Supported Features (0x0b) plen 11
status 0x00 handle 12
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
> HCI Event: Max Slots Change (0x1b) plen 3
handle 12 slots 5
< HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
handle 12 page 1
> HCI Event: Command Status (0x0f) plen 4
Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
> ACL data: handle 12 flags 0x02 dlen 10
L2CAP(s): Info req: type 2
< ACL data: handle 12 flags 0x00 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x00b8
Enhanced Retransmission mode
Streaming mode
FCS Option
Fixed Channels
> HCI Event: Read Remote Extended Features (0x23) plen 13
status 0x00 handle 12 page 1 max 1
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> ACL data: handle 12 flags 0x02 dlen 10
L2CAP(s): Info req: type 3
< ACL data: handle 12 flags 0x00 dlen 20
L2CAP(s): Info rsp: type 3 result 0
Fixed channel list 0x00000002
L2CAP Signalling Channel
> HCI Event: Number of Completed Packets (0x13) plen 5
handle 12 packets 2
This patch moves sending mgmt_connected from hci_acldata_packet() to
l2cap_connect_req() since this code is to handle the scenario remote
device sends l2cap connect req too fast
Signed-off-by: Jaganath Kanakkassery <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Each NFC adapter can have several links to different secure elements and
that property needs to be exported by the drivers.
A secure element link can be enabled and disabled, and card emulation will
be handled by the currently active one. Otherwise card emulation will be
host implemented.
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
Some chips diverge from the HCI spec in their implementation of standard
features. This adds a new quirks parameter to
nfc_hci_allocate_device() to let the driver indicate its divergence.
Signed-off-by: Eric Lapuyade <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
Signed-off-by: Eric Lapuyade <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
Some chips use a standard HCI event code, destined to a proprietary
gate, with a different meaning. Therefore, the HCI driver must always
have a chance to intercept the event before standard processing is
attempted.
The new semantic specifies that the result value "1" means that the
driver doesn't especially handle the event. result <= 0 means it was
handled.
Signed-off-by: Eric Lapuyade <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
There is no use to return an error if the caller doesn't get it.
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
When an adapter is removed, it will unregister itself from hci and/or
nfc core. In order to do that safely, work tasks must first be canceled
and prevented to be scheduled again, before the hci or nfc device can be
destroyed.
Signed-off-by: Eric Lapuyade <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
The reference count bump on the llcp Rx path is leading to a memory leak
whenever we're not receiving an I frame.
We fix that by removing the refcount bump (drivers must not free their
received skb) and using it only in the I frame path, when the frame is
actually queued. In that case, the skb will only be freed when someone
fetches it from userspace. in all other cases, LLCP received frames will
be freed when leaving the Rx work queue.
Reported-by: Eric Lapuyade <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
Not only it was improperly use to queue backlogged RX skbuffs, but it was
also not processed at all.
If the socket receive queue is full we simply drop the incoming packets.
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
Set timestamp in sent and received sk_buffs. timestamp is then put in
msghdr structure in llcp_sock_recvmsg().
Signed-off-by: Thierry Escande <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
|
|
The length parameter should be sizeof(req->name) - 1 because there is no
guarantee that string provided by userspace will contain the trailing
'\0'.
Can be easily reproduced by manually setting req->name to 128 non-zero
bytes prior to ioctl(HIDPCONNADD) and checking the device name setup on
input subsystem:
$ cat /sys/devices/pnp0/00\:04/tty/ttyS0/hci0/hci0\:1/input8/name
AAAAAA[...]AAAAAAAAf0:af:f0:af:f0:af
("f0:af:f0:af:f0:af" is the device bluetooth address, taken from "phys"
field in struct hid_device due to overflow.)
Cc: [email protected]
Signed-off-by: Anderson Lizardo <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
After sending reset command wait for its command complete event before
sending next command. Some chips sends CC event for command received
before reset if reset was send before chip replied with CC.
This is also required by specification that host shall not send
additional HCI commands before receiving CC for reset.
< HCI Command: Reset (0x03|0x0003) plen 0 [hci0] 18.404612
> HCI Event: Command Complete (0x0e) plen 4 [hci0] 18.405850
Write Extended Inquiry Response (0x03|0x0052) ncmd 1
Status: Success (0x00)
< HCI Command: Read Local Supported Features (0x04|0x0003) plen 0 [hci0] 18.406079
> HCI Event: Command Complete (0x0e) plen 4 [hci0] 18.407864
Reset (0x03|0x0003) ncmd 1
Status: Success (0x00)
< HCI Command: Read Local Supported Features (0x04|0x0003) plen 0 [hci0] 18.408062
> HCI Event: Command Complete (0x0e) plen 12 [hci0] 18.408835
Signed-off-by: Szymon Janc <[email protected]>
Cc: [email protected]
Acked-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Use MGMT_STATUS_SUCCESS for success return code.
Signed-off-by: Szymon Janc <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Those commands don't send any HCI commands to controller so there is no
need to restrict them to only powered up controller. This also makes
implementation more consistent as already stored remote OOB data
persist power toggle.
Signed-off-by: Szymon Janc <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Using bit operations solves problems with multiple requests
and clearing state.
Signed-off-by: Andrei Emeltchenko <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Remove code which cannot execute. l2cap_conn_add for AMP_LINK
might only be invoked when receiving data in l2cap_recv_acldata.
But this case is checked in the first statement there.
Signed-off-by: Andrei Emeltchenko <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Use chan->hs_hcon instead of lookup by dst address.
Signed-off-by: Andrei Emeltchenko <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
Postpone sending A2MP Create Phylink Response until we got successful
HCI Command Complete after HCI Write Remote AMP Assoc.
Signed-off-by: Andrei Emeltchenko <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
This patch removes unnecessary include of <net/bluetooth/l2cap.h>
in bluetooth/bnep/core.c.
Signed-off-by: Rami Rosen <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
|
|
My commit 379b82f4c9dc6e67bf61aa61b096c06a2f320f60
("regulatory: pass new regdomain to reset function")
broke the restore_regulatory_settings() function due
to a logic change. Consider this change:
- reset_regdomains(true);
- cfg80211_regdomain = cfg80211_world_regdom;
+ reset_regdomains(true, cfg80211_world_regdom);
This looks innocent enough, until you realise that the
called function (reset_regdomains) also resets the
cfg80211_world_regdom pointer, so that the old version
of the code would use the new object it pointed to and
the new version of the code uses the old object. This
lead to a double-free of this object.
Since reset_regdomains() sets it to &world_regdom, use
that directly.
Reported-by: Sujith Manoharan <[email protected]>
Tested-by: Sujith Manoharan <[email protected]>
Reported-by: Bob Copeland <[email protected]>
Reported-by: Emmanuel Grumbach <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
The uevent callback doesn't protect its access to
last_request, which now causes a warning since
the conversion to get_last_request(). Fix this by
allowing to use RCU protection for last_request.
Reported-by: Emmanuel Grumbach <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
One of the function names was wrong and some parameters were
missing.
Signed-off-by: Bob Copeland <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
The following changes are invalid and should be
disallowed when a station already exists:
* supported rates changes, except for TDLS peers
* listen interval changes
* HT capability changes
Disallow them and also update a mac80211 comment
explaining how they would be racy.
Signed-off-by: Johannes Berg <[email protected]>
|
|
When an interface is configured to a 20 MHz channel
and the device as well as the peer are 40 MHz capable
the HT capabilities of the peer are not restricted to
20 MHz, even though they're supposed to be restricted
to the currently possible capabilities.
Unset the 40 MHz HT capability bits in this case.
Signed-off-by: Johannes Berg <[email protected]>
|
|
Use __aligned(...) instead of __attribute__((aligned(...)))
in mac80211 and cfg80211.
Signed-off-by: Johannes Berg <[email protected]>
|
|
Support the HT notify channel width action frame
to update the rate scaling about the bandwidth
the peer can receive in.
Signed-off-by: Johannes Berg <[email protected]>
|
|
When TX aggregation is stopped, there are a few
different cases:
- connection with the peer was dropped
- session stop was requested locally
- session stop was requested by the peer
- connection was dropped while a session is stopping
The behaviour in these cases should be different, if
the connection is dropped then the driver should drop
all frames, otherwise the frames may continue to be
transmitted, aggregated in the case of a locally
requested session stop or unaggregated in the case of
the peer requesting session stop.
Split these different cases so that the driver can
act accordingly; however, treat local and remote stop
the same way and ask the driver to not send frames as
aggregated packets any more.
In the case of connection drop, the stop callback the
driver is otherwise supposed to call is no longer
required.
Signed-off-by: Johannes Berg <[email protected]>
|
|
To call it from ___ieee80211_stop_tx_ba_session,
move the function and dependencies up.
Signed-off-by: Johannes Berg <[email protected]>
|
|
Create the function ieee80211_remove_tid_tx to call
it from ___ieee80211_stop_tx_ba_session later.
Signed-off-by: Johannes Berg <[email protected]>
|