- 08 Mar, 2013 8 commits
-
-
Dean Jenkins authored
Previous commits have improved the handling of the RFCOMM session timer and the RFCOMM session pointers such that freed RFCOMM session structures should no longer be erroneously accessed. The RFCOMM session refcnt now has no purpose and will be deleted by this commit. Note that the RFCOMM session is now deleted as soon as the RFCOMM control channel link is no longer required. This makes the lifetime of the RFCOMM session deterministic and absolute. Previously with the refcnt, there was uncertainty about when the session structure would be deleted because the relative refcnt prevented the session structure from being deleted at will. It was noted that the refcnt could malfunction under very heavy real-time processor loading in embedded SMP environments. This could cause premature RFCOMM session deletion or double session deletion that could result in kernel crashes. Removal of the refcnt prevents this issue. There are 4 connection / disconnection RFCOMM session scenarios: host initiated control link ---> host disconnected control link host initiated ctrl link ---> remote device disconnected ctrl link remote device initiated ctrl link ---> host disconnected ctrl link remote device initiated ctrl link ---> remote device disc'ed ctrl link The control channel connection procedures are independent of the disconnection procedures. Strangely, the RFCOMM session refcnt was applying special treatment so erroneously combining connection and disconnection events. This commit fixes this issue by removing some session code that used the "initiator" member of the session structure that was intended for use with the data channels. Signed-off-by:
Dean Jenkins <Dean_Jenkins@mentor.com> Acked-by:
Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
Gustavo Padovan <gustavo.padovan@collabora.co.uk>
-
Dean Jenkins authored
Unfortunately, the design retains local copies of the s RFCOMM session pointer in various code blocks and this invites the erroneous access to a freed RFCOMM session structure. Therefore, return the RFCOMM session pointer back up the call stack to avoid accessing a freed RFCOMM session structure. When the RFCOMM session is deleted, NULL is passed up the call stack. If active DLCs exist when the rfcomm session is terminating, avoid a memory leak of rfcomm_dlc structures by ensuring that rfcomm_session_close() is used instead of rfcomm_session_del(). Signed-off-by:
-
Dean Jenkins authored
A race condition exists between near simultaneous asynchronous DLC data channel disconnection requests from the host and remote device. This causes the socket layer to request a socket shutdown at the same time the rfcomm core is processing the disconnect request from the remote device. The socket layer retains a copy of a struct rfcomm_dlc d pointer. The d pointer refers to a copy of a struct rfcomm_session. When the socket layer thread performs a socket shutdown, the thread may wait on a rfcomm lock in rfcomm_dlc_close(). This means that whilst the thread waits, the rfcomm_session and/or rfcomm_dlc structures pointed to by d maybe freed due to rfcomm core handling. Consequently, when the rfcomm lock becomes available and the thread runs, a malfunction could occur as a freed rfcomm_session structure and/or a freed rfcomm_dlc structure will be erroneously accessed. Therefore, after the rfcomm lock is acquired, check that the struct rfcomm_session is still valid by searching the rfcomm session list. If the session is valid then validate the d pointer by searching the rfcomm session list of active DLCs for the rfcomm_dlc structure pointed by d. Signed-off-by:
-
Dean Jenkins authored
Use del_timer_sync() instead of del_timer() as this ensures that rfcomm_session_timeout() is not running on a different CPU when rfcomm_session_put() is called. This avoids a race condition on SMP systems because potentially rfcomm_session_timeout() could reuse the freed RFCOMM session structure caused by the execution of rfcomm_session_put(). Note that this modification makes the reason for the RFCOMM session refcnt mechanism redundant. Signed-off-by:
-
David Herrmann authored
There is no reason a caller ever wants to check the return type of this call. _Iff_ a user successfully called bt_sock_register(), they're allowed to call bt_sock_unregister(). All other calls in the kernel (device_del, device_unregister, kfree(), ..) that are logically equivalent return void. Lets not make callers think they have to check the return type of this call and instead simply return void. We guarantee that after bt_sock_unregister() is called, the socket type _is_ unregistered. If that is not what the caller wants, they're using the wrong function, anyway. Signed-off-by:
David Herrmann <dh.herrmann@gmail.com> Signed-off-by:
-
David Herrmann authored
After we successfully registered a socket via bt_sock_register() there is no reason to ever check the return code of bt_sock_unregister(). If bt_sock_unregister() fails, it means the socket _is_ already unregistered so we have what we want, don't we? Also, to get bt_sock_unregister() to fail, another part of the kernel has to unregister _our_ socket. This is sooo _wrong_ that it will break way earlier than when we unregister our socket. Signed-off-by:
-
Karl Relton authored
After linux 3.2 the hid_destroy_device call in hidp_session cleaning up invokes a hook to the power_supply code which in turn tries to read the battery capacity. This read will trigger a call to hidp_get_raw_report which is bound to fail because the device is being taken away - so rather than wait for the 5 second timeout failure this changes enables it to fail straight away. Signed-off-by:
Karl Relton <karllinuxtest.relton@ntlworld.com> Reviewed-by:
-
Andre Guedes authored
As hci_acl_disconn function basically sends the HCI Disconnect Command and it is used to disconnect ACL, SCO and LE links, renaming it to hci_disconnect is more suitable. Signed-off-by:
Andre Guedes <andre.guedes@openbossa.org> Signed-off-by:
-
- 06 Mar, 2013 32 commits
-
-
Amitkumar Karwar authored
Currently 'magic-packet' and 'patterns' options in 'iw wowlan' command are supported. Appropriate packet filters for wowlan are configured in firmware based on provided patterns and/or magic-packet option. For examples, wake-on ARP request for 192.168.0.100: iw phy0 wowlan enable patterns ff:ff:ff:ff:ff:ff 20+08:06 46+c0:a8:00:64 wake-on RX packets sent from IP address 192.168.0.88: iw phy0 wowlan enable patterns 34+c0:a8:00:58 wake-on RX packets with TCP destination port 80 iw phy0 wowlan enable patterns 44+50 wake-on MagicPacket: iw phy0 wowlan enable magic-packet wake-on MagicPacket or patterns: iw phy0 wowlan enable magic-packet patterns 12+00:11:22:33:44:55 18+00:50:43:21 wake-on IPv4 multicast packets: iw phy0 wowlan enable patterns 01:00:5e wake-on IPv6 multicast packets: iw phy0 wowlan enable patterns 33:33 disable all wowlan options iw phy0 wowlan disable Signed-off-by:
Amitkumar Karwar <akarwar@marvell.com> Signed-off-by:
Bing Zhao <bzhao@marvell.com> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
Host sleep wakeup condition is configured using this command. Supports Wake-on: pumb For examples: wake-on any unicast packets: ethtool -s mlan0 wol u wake-on multicast/broadcast packet: ethtool -s mlan0 wol mb wake-on unicast packets and MAC events: ethtool -s mlan0 wol pu wake-on unicast/multicast/broadcast packets and MAC events: ethtool -s mlan0 wol pmbu disable all wake-on options: ethtool -s mlan0 wol d Signed-off-by:
-
Amitkumar Karwar authored
As we are adding a few more macros in this category in next patch, this cleanup work is required. Signed-off-by:
-
Avinash Patil authored
We allocate SKB buffers of 4K size to make sure that we process RX AMSDU of 4K. So when skb->len is lesser than 4K; we should modify skb->truesize. This resolves an issue where kernel has allocated packets with 2K assumption and starts dropping packets for large size data transfer. This fix is already present for USB; extend it to PCIE. Signed-off-by:
Avinash Patil <patila@marvell.com> Signed-off-by:
-
Bing Zhao authored
drivers/net/wireless/mwifiex/pcie.c:1157:9: warning: 'desc2' may be used uninitialized in this function [-Wmaybe-uninitialized] drivers/net/wireless/mwifiex/pcie.c:1048:31: note: 'desc2' was declared here drivers/net/wireless/mwifiex/pcie.c:1159:9: warning: 'desc' may be used uninitialized in this function [-Wmaybe-uninitialized] drivers/net/wireless/mwifiex/pcie.c:1047:32: note: 'desc' was declared here Reported-by:
kbuild test robot <fengguang.wu@intel.com> Signed-off-by:
-
Bing Zhao authored
drivers/net/wireless/mwifiex/pcie.c:204:12: warning: 'mwifiex_pcie_resume' defined but not used [-Wunused-function] drivers/net/wireless/mwifiex/pcie.c:166:12: warning: 'mwifiex_pcie_suspend' defined but not used [-Wunused-function] The suspend/resume handlers ought to be under CONFIG_PM directive. Reported-by:
-
Bing Zhao authored
move functions up just to avoid static forward declaration for mwifiex_pcie_resume. Signed-off-by:
-
Ben Greear authored
Signed-off-by:
Ben Greear <greearb@candelatech.com> Signed-off-by:
-
Ben Greear authored
Signed-off-by:
-
Rafał Miłecki authored
HT-PHY was found only on BCM4331 which is a BCMA-based chipset. This is reallly unlikely we will ever see HT-PHY on SSB thus make the whole code BCMA specific. This will allow us to call various BCMA-specific functions directly (without extra checks). Signed-off-by:
Rafał Miłecki <zajec5@gmail.com> Signed-off-by:
-
Sujith Manoharan authored
When the RX chainmask is set to 0x2 for AR9462, certain values from chain1 have to be programmed for chain0 also. Signed-off-by:
Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by:
-
Sujith Manoharan authored
Signed-off-by:
-
Sujith Manoharan authored
Signed-off-by:
-
Sujith Manoharan authored
This flag is used for indicating channel interference and we currently do nothing with it, so remove it. Signed-off-by:
-
Arend van Spriel authored
The function brcmf_proto_hdrpush() increases the header space and fills in the protocol header fields. One field is the data offset which is currently fixed to zero meaning the data follows right after the header. The parameter is added to determine the actual start of data. This will be used for firmware signalling. Reviewed-by:
Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by:
Hante Meuleman <meuleman@broadcom.com> Reviewed-by:
Piotr Haber <phaber@broadcom.com> Signed-off-by:
Arend van Spriel <arend@broadcom.com> Signed-off-by:
-
Arend van Spriel authored
Adding a packet dequeue function that will return packets that pass the provided match function. Reviewed-by:
-
Arend van Spriel authored
For transmit packets the function brcmf_txcomplete() must be called. This should be done as well when for some reason the transmit fails to assure proper tx post processing. This patch fixes the code paths in brcmf_usb_tx() that forgot to do so. Reviewed-by:
-
Arend van Spriel authored
In the bus-specific driver code each call to brcmf_txcomplete() is following by a free of that packet. This patch moves that free to the brcmf_txcomplete() function. Reviewed-by:
-
Arend van Spriel authored
The firmware and host can exchange signals which are carried within the data packets. These are TLV based signals that are inserted before the actual data, ie. ethernet frame. This commit adds the new source module for this feature and enables RSSI signals from firmware. Reviewed-by:
-
Arend van Spriel authored
Added inline functions to set bitfields in an unsigned integer variable. Reviewed-by:
-
Arend van Spriel authored
In preparation of firmware signalling feature additional headroom is needed to accommodate signalling protocol data between host and firmware. Reviewed-by:
-
Arend van Spriel authored
In brcmf_cfg80211_sched_scan_start() the request parameter was checked for being non-null. However, it never is so remove the check which gets rid of following smatch warning: drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c:2904 brcmf_cfg80211_sched_scan_start() warn: variable dereferenced before check 'request' (see line 2897) Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by:
-
Arend van Spriel authored
The output of modinfo shows a bit of strangeness because module information macros are used in multiple source files: license: Dual BSD/GPL description: Broadcom 802.11 wireless LAN fullmac driver. author: Broadcom Corporation firmware: brcm/brcmfmac-sdio.txt firmware: brcm/brcmfmac-sdio.bin firmware: brcm/brcmfmac43236b.bin license: Dual BSD/GPL description: Broadcom 802.11n wireless LAN fullmac usb driver. author: Broadcom Corporation This patch cleans it up. Signed-off-by:
-
Arend van Spriel authored
The module parameter definition for brcmf_msg_level has been reworked to a named module parameter with description so modinfo is a bit more informative: parm: debug:level of debug output (int) Reviewed-by:
-
Arend van Spriel authored
Inspired by tracing functionality added by Seth Forshee in the brcmsmac driver, this patch adds similar functionality to brcmfmac. Reviewed-by:
-
Piotr Haber authored
Add support for radio on led indicator. Control led via BCMA gpio driver. Reviewed-by:
-
Nishant Sarmukadam authored
This differs from legacy chips i.e. a 8764 loads firmware image without a helper image b Check interrupt status register for download complete indication. Signed-off-by:
Nishant Sarmukadam <nishants@marvell.com> Signed-off-by:
Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by:
-
Nishant Sarmukadam authored
The patch does the following:- a Add entry in the PCIe table b Add firmware support with API versioning c Reuse most of the 8366 code d Make 8764 specific changes where 8764 differs from 8366 e.g. structure definitions. Signed-off-by:
-
Dan Carpenter authored
It's harmless, but Smatch complains if we use "htc_hdr->eid" before doing the bounds check. Signed-off-by:
-
Chen Gang authored
When make with EXTRA_CFLAGS=-W, it will report error. so give a check in Makefile. Signed-off-by:
Chen Gang <gang.chen@asianux.com> Acked-by:
Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by:
-
Bob Copeland authored
Remove the embedded branch to make the ATH_EP_RND macro a little clearer. The new version also generates better code, saving 24 bytes of text: text data bss dec hex filename 87858 1641 24 89523 15db3 ath9k_orig.ko 87834 1641 24 89499 15d9b ath9k_new.ko Although neither version handles negative values particularly well, the lone caller clamps all negative values to zero anyway. I have verified that the results are the same for the range of possible positive rssi values. Signed-off-by:
Bob Copeland <me@bobcopeland.com> Signed-off-by:
-
Dan Carpenter authored
"translate" should either be set or disabled. We also use it an offset into the framing[] array when we're generating the proc file. Framing looks like this: static const char *framing[] = { "Encapsulation", "Translation" } So when we're setting translate we need to restrict the values to either 1 or 0 or it can an out of bounds read. Signed-off-by:
-
