Error Trace

[Home]

Bug # 113

Show/hide error trace
Error trace
Function bodies
Blocks
  • Others...
    Function bodies without model function calls
    Initialization function calls
    Initialization function bodies
    Entry point
    Entry point body
    Function calls
    Skipped function calls
    Formal parameter names
    Declarations
    Assumes
    Assume conditions
    Returns
    Return values
    DEG initialization
    DEG function calls
    Model function calls
    Model function bodies
    Model asserts
    Model state changes
    Model function function calls
    Model function function bodies
    Model returns
    Model others
    Identation
    Line numbers
    Expand signs
/*Is true unsafe:*/
/*Number of usage points:2*/
/*Number of usages :2*/
/*Two examples:*/
/*_____________________*/
/*Without locks*/
-__CPAchecker_initialize()
{
return ;
}
-entry_point
{
649 struct sk_buff *ldvarg73;
650 int ldvarg74;
651 void *ldvarg72;
652 int tmp;
653 int tmp___0;
654 int tmp___1;
655 int tmp___2;
656 int tmp___3;
657 int tmp___4;
648 ldv_initialize() { /* Function call is skipped due to function is undefined */}
654 ldv_state_variable_11 = 0;
655 ldv_state_variable_7 = 0;
656 ldv_state_variable_17 = 0;
658 -timer_init_2()
{
333 ldv_timer_2_0 = 0;
334 ldv_timer_2_1 = 0;
335 ldv_timer_2_2 = 0;
336 ldv_timer_2_3 = 0;
337 return ;;
}
660 ldv_state_variable_2 = 1;
662 -timer_init_1()
{
341 ldv_timer_1_0 = 0;
342 ldv_timer_1_1 = 0;
343 ldv_timer_1_2 = 0;
344 ldv_timer_1_3 = 0;
345 return ;;
}
664 ldv_state_variable_1 = 1;
665 ldv_state_variable_18 = 0;
666 ref_cnt = 0;
667 ldv_state_variable_0 = 1;
668 ldv_state_variable_16 = 0;
669 ldv_state_variable_13 = 0;
670 ldv_state_variable_6 = 0;
672 -timer_init_3()
{
285 ldv_timer_3_0 = 0;
286 ldv_timer_3_1 = 0;
287 ldv_timer_3_2 = 0;
288 ldv_timer_3_3 = 0;
289 return ;;
}
674 ldv_state_variable_3 = 1;
675 ldv_state_variable_9 = 0;
676 ldv_state_variable_12 = 0;
677 ldv_state_variable_14 = 0;
678 ldv_state_variable_15 = 0;
679 ldv_state_variable_8 = 0;
680 ldv_state_variable_4 = 0;
681 ldv_state_variable_10 = 0;
682 ldv_state_variable_5 = 0;
683 ldv_53487:;
684 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
684 switch (tmp);
685 assume(!(tmp == 0));
693 assume(!(tmp == 1));
701 assume(!(tmp == 2));
709 assume(!(tmp == 3));
717 assume(!(tmp == 4));
725 assume(tmp == 5);
728 assume(ldv_state_variable_18 != 0);
729 -ldv_main_exported_18()
{
161 struct station_info *ldvarg28;
162 u8 *ldvarg34;
163 unsigned short ldvarg19;
164 u8 *ldvarg22;
165 unsigned char ldvarg25;
166 unsigned char ldvarg21;
167 unsigned char ldvarg33;
168 struct cfg80211_chan_def *ldvarg30;
169 struct cfg80211_connect_params *ldvarg38;
170 u32 *ldvarg35;
171 struct cfg80211_scan_request *ldvarg27;
172 _Bool ldvarg26;
173 _Bool ldvarg24;
174 u8 *ldvarg29;
175 enum nl80211_iftype ldvarg36;
176 struct vif_params *ldvarg37;
177 struct ieee80211_channel *ldvarg23;
178 _Bool ldvarg20;
179 struct key_params *ldvarg31;
180 _Bool ldvarg32;
181 struct cfg80211_ibss_params *ldvarg18;
182 int tmp;
182 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
182 switch (tmp);
183 assume(!(tmp == 0));
195 assume(!(tmp == 1));
219 assume(!(tmp == 2));
243 assume(!(tmp == 3));
267 assume(!(tmp == 4));
291 assume(tmp == 5);
293 assume(ldv_state_variable_18 == 1);
295 -lbs_leave_ibss(lbs_cfg80211_ops_group1, lbs_cfg80211_ops_group0)
{
2020 struct lbs_private *priv;
2021 void *tmp;
2022 struct cmd_ds_802_11_ad_hoc_stop cmd;
2023 int ret;
2024 int tmp___0;
2025 unsigned short __sz;
2026 int tmp___1;
2027 int tmp___2;
2020 -wiphy_priv(wiphy)
{
3324 long tmp;
3324 -__builtin_expect(((unsigned long)wiphy) == ((unsigned long)((struct wiphy *)0)), 0L)
{
52 return exp;;
}
3324 assume(!(tmp != 0L));
3325 return (void *)(&(wiphy->priv));;
}
2020 priv = (struct lbs_private *)tmp;
2022 ret = 0;
2024 unsigned long __CPAchecker_TMP_0 = (unsigned long)(priv->mesh_dev);
2024 assume(!(__CPAchecker_TMP_0 == ((unsigned long)dev)));
2027 assume(!((lbs_debug & 33554433U) == 33554433U));
2029 __memset((void *)(&cmd), 0, 8UL) { /* Function call is skipped due to function is undefined */}
2030 cmd.hdr.size = 8U;
2031 __sz = cmd.hdr.size;
2031 cmd.hdr.size = 8U;
2031 -__lbs_cmd(priv, 64, &(cmd.hdr), (int)__sz, &lbs_cmd_copyback, (unsigned long)(&cmd))
{
1689 struct cmd_ctrl_node *cmdnode;
1690 unsigned long flags;
1691 int ret;
1692 int tmp;
1693 long tmp___0;
1694 _Bool tmp___1;
1695 struct __wait_queue __wait;
1696 long __ret;
1697 long __int;
1698 long tmp___2;
1699 int tmp___3;
1692 ret = 0;
1694 assume(!((lbs_debug & 8193U) == 8193U));
1696 -__lbs_cmd_async(priv, (int)command, in_cmd, in_cmd_size, callback, callback_arg)
{
1623 struct cmd_ctrl_node *cmdnode;
1624 int tmp;
1625 int tmp___0;
1626 void *tmp___1;
1627 int tmp___2;
1628 void *tmp___3;
1629 int tmp___4;
1630 void *tmp___5;
1631 int tmp___6;
1632 int tmp___7;
1625 assume(!((lbs_debug & 8193U) == 8193U));
1627 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->surpriseremoved);
1627 assume(!(__CPAchecker_TMP_1 != 0U));
1636 assume(!((priv->is_auto_deep_sleep_enabled) == 0));
1644 -lbs_get_free_cmd_node(priv)
{
1278 struct cmd_ctrl_node *tempnode;
1279 unsigned long flags;
1280 int tmp;
1281 const struct list_head *__mptr;
1282 int tmp___0;
1283 int tmp___1;
1284 int tmp___2;
1281 assume(!((lbs_debug & 8193U) == 8193U));
1283 assume(!(((unsigned long)priv) == ((unsigned long)((struct lbs_private *)0))));
1286 -ldv___ldv_spin_lock_124(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
590 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
591 return ;;
}
1288 -list_empty((const struct list_head *)(&(priv->cmdfreeq)))
{
200 union __anonunion___u_20 __u;
200 -__read_once_size((const volatile void *)(&(head->next)), (void *)(&(__u.__c)), 8)
{
218 switch (size);
219 assume(!(size == 1));
219 assume(!(size == 2));
219 assume(!(size == 4));
219 assume(size == 8);
218 *((__u64 *)res) = *((__u64 *)p);
218 goto ldv_880;
220 return ;;
}
200 return ((unsigned long)((const struct list_head *)(__u.__val))) == ((unsigned long)head);;
}
1288 assume(tmp___1 == 0);
1289 __mptr = (const struct list_head *)(priv->cmdfreeq.next);
1289 tempnode = (struct cmd_ctrl_node *)__mptr;
1291 -list_del_init(&(tempnode->list))
{
156 __list_del_entry(entry) { /* Function call is skipped due to function is undefined */}
157 -INIT_LIST_HEAD___0(entry)
{
27 union __anonunion___u_16___0 __u;
27 __u.__val = list;
27 -__write_once_size((volatile void *)(&(list->next)), (void *)(&(__u.__c)), 8)
{
243 switch (size);
244 assume(!(size == 1));
245 assume(!(size == 2));
246 assume(!(size == 4));
247 assume(size == 8);
247 *((__u64 *)p) = *((__u64 *)res);
247 goto ldv_902;
254 return ;;
}
28 list->prev = list;
29 return ;;
}
158 return ;;
}
1297 -ldv_spin_unlock_irqrestore_116(&(priv->driver_lock), flags)
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
538 return ;;
}
1299 assume(!((lbs_debug & 8194U) == 8194U));
1300 return tempnode;;
}
1645 assume(!(((unsigned long)cmdnode) == ((unsigned long)((struct cmd_ctrl_node *)0))));
1654 cmdnode->callback = callback;
1655 cmdnode->callback_arg = callback_arg;
1658 void *__CPAchecker_TMP_5 = (void *)(cmdnode->cmdbuf);
1658 __memcpy(__CPAchecker_TMP_5, (const void *)in_cmd, (size_t )in_cmd_size) { /* Function call is skipped due to function is undefined */}
1661 cmdnode->cmdbuf->command = command;
1662 cmdnode->cmdbuf->size = (unsigned short)in_cmd_size;
1663 cmdnode->cmdbuf->result = 0U;
1665 assume(!((lbs_debug & 8192U) != 0U));
1667 cmdnode->cmdwaitqwoken = 0U;
1668 -lbs_queue_cmd(priv, cmdnode)
{
942 unsigned long flags;
943 int addtail;
944 int tmp;
945 int tmp___0;
946 int tmp___1;
947 struct cmd_ds_802_11_ps_mode *psm;
948 int tmp___2;
949 int tmp___3;
944 addtail = 1;
946 assume(!((lbs_debug & 8193U) == 8193U));
948 assume(!(((unsigned long)cmdnode) == ((unsigned long)((struct cmd_ctrl_node *)0))));
952 unsigned int __CPAchecker_TMP_2 = (unsigned int)(cmdnode->cmdbuf->size);
952 assume(!(__CPAchecker_TMP_2 == 0U));
956 cmdnode->result = 0;
959 unsigned int __CPAchecker_TMP_4 = (unsigned int)(cmdnode->cmdbuf->command);
959 assume(__CPAchecker_TMP_4 == 33U);
960 psm = (struct cmd_ds_802_11_ps_mode *)(&(cmdnode->cmdbuf));
962 unsigned int __CPAchecker_TMP_5 = (unsigned int)(psm->action);
962 assume(__CPAchecker_TMP_5 == 49U);
963 assume((priv->psstate) != 0U);
964 addtail = 0;
968 unsigned int __CPAchecker_TMP_6 = (unsigned int)(cmdnode->cmdbuf->command);
968 assume(!(__CPAchecker_TMP_6 == 68U));
971 -ldv___ldv_spin_lock_115(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
531 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
532 return ;;
}
973 assume(!(addtail != 0));
976 -list_add(&(cmdnode->list), &(priv->cmdpendingq))
{
63 __list_add(new, head, head->next) { /* Function call is skipped due to function is undefined */}
64 return ;;
}
978 -ldv_spin_unlock_irqrestore_116(&(priv->driver_lock), flags)
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
538 return ;;
}
980 assume(!((lbs_debug & 8192U) != 0U));
986 done:;
984 assume(!((lbs_debug & 8194U) == 8194U));
985 return ;;
}
1669 __wake_up(&(priv->waitq), 3U, 1, (void *)0) { /* Function call is skipped due to function is undefined */}
1670 done:;
1672 assume(!((lbs_debug & 8194U) == 8194U));
1673 return cmdnode;;
}
1698 -IS_ERR((const void *)cmdnode)
{
35 long tmp;
35 -__builtin_expect(((unsigned long)ptr) > 4294963200UL, 0L)
{
52 return exp;;
}
35 return tmp != 0L;;
}
1698 assume(!(((int)tmp___1) == 0));
1699 -PTR_ERR((const void *)cmdnode)
{
30 return (long)ptr;;
}
1699 ret = (int)tmp___0;
1700 goto done;
1722 assume(!((lbs_debug & 8194U) == 8194U));
1723 return ret;;
}
2031 ret = tmp___1;
2034 -lbs_mac_event_disconnected(priv, 1)
{
29 int tmp;
30 int tmp___0;
31 int tmp___1;
30 assume(!((priv->connect_status) != 0U));
33 assume(!((lbs_debug & 257U) == 257U));
39 msleep_interruptible(1000U) { /* Function call is skipped due to function is undefined */}
41 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->wdev->iftype);
41 assume(!(__CPAchecker_TMP_1 == 2U));
45 -netif_stop_queue(priv->dev)
{
2778 struct netdev_queue *tmp;
2778 -netdev_get_tx_queue((const struct net_device *)dev, 0U)
{
1886 struct netdev_queue *__CPAchecker_TMP_0 = (struct netdev_queue *)(dev->_tx);
1886 return __CPAchecker_TMP_0 + ((unsigned long)index);;
}
2778 -netif_tx_stop_queue(tmp)
{
2766 -set_bit(0L, (volatile unsigned long *)(&(dev_queue->state)))
{
80 Ignored inline assembler code
82 return ;;
}
2767 return ;;
}
2779 return ;;
}
46 netif_carrier_off(priv->dev) { /* Function call is skipped due to function is undefined */}
49 kfree_skb(priv->currenttxskb) { /* Function call is skipped due to function is undefined */}
50 priv->currenttxskb = (struct sk_buff *)0;
51 priv->tx_pending_len = 0;
53 priv->connect_status = 1U;
55 assume(!((priv->psstate) != 0U));
return ;;
}
return ;;
}
return ;;
}
return ;;
}
/*_____________________*/
/*spin_lock(char *"_driver_lock_of_lbs_private")[1]*/
/*Failure in refinement*/
-__CPAchecker_initialize()
{
return ;
}
-entry_point
{
649 struct sk_buff *ldvarg73;
650 int ldvarg74;
651 void *ldvarg72;
652 int tmp;
653 int tmp___0;
654 int tmp___1;
655 int tmp___2;
656 int tmp___3;
657 int tmp___4;
648 ldv_initialize() { /* Function call is skipped due to function is undefined */}
654 ldv_state_variable_11 = 0;
655 ldv_state_variable_7 = 0;
656 ldv_state_variable_17 = 0;
658 -timer_init_2()
{
333 ldv_timer_2_0 = 0;
334 ldv_timer_2_1 = 0;
335 ldv_timer_2_2 = 0;
336 ldv_timer_2_3 = 0;
337 return ;;
}
660 ldv_state_variable_2 = 1;
662 -timer_init_1()
{
341 ldv_timer_1_0 = 0;
342 ldv_timer_1_1 = 0;
343 ldv_timer_1_2 = 0;
344 ldv_timer_1_3 = 0;
345 return ;;
}
664 ldv_state_variable_1 = 1;
665 ldv_state_variable_18 = 0;
666 ref_cnt = 0;
667 ldv_state_variable_0 = 1;
668 ldv_state_variable_16 = 0;
669 ldv_state_variable_13 = 0;
670 ldv_state_variable_6 = 0;
672 -timer_init_3()
{
285 ldv_timer_3_0 = 0;
286 ldv_timer_3_1 = 0;
287 ldv_timer_3_2 = 0;
288 ldv_timer_3_3 = 0;
289 return ;;
}
674 ldv_state_variable_3 = 1;
675 ldv_state_variable_9 = 0;
676 ldv_state_variable_12 = 0;
677 ldv_state_variable_14 = 0;
678 ldv_state_variable_15 = 0;
679 ldv_state_variable_8 = 0;
680 ldv_state_variable_4 = 0;
681 ldv_state_variable_10 = 0;
682 ldv_state_variable_5 = 0;
683 ldv_53487:;
684 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
684 switch (tmp);
685 assume(!(tmp == 0));
693 assume(!(tmp == 1));
701 assume(!(tmp == 2));
709 assume(!(tmp == 3));
717 assume(!(tmp == 4));
725 assume(!(tmp == 5));
733 assume(!(tmp == 6));
785 assume(!(tmp == 7));
793 assume(!(tmp == 8));
801 assume(!(tmp == 9));
809 assume(!(tmp == 10));
817 assume(!(tmp == 11));
825 assume(!(tmp == 12));
833 assume(!(tmp == 13));
841 assume(!(tmp == 14));
994 assume(!(tmp == 15));
1002 assume(tmp == 16);
1005 assume(ldv_state_variable_4 != 0);
1006 -ldv_main_exported_4()
{
392 void *ldvarg80;
393 struct sk_buff *ldvarg81;
394 int tmp;
395 int tmp___0;
396 int tmp___1;
397 int tmp___2;
394 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
394 switch (tmp);
395 assume(!(tmp == 0));
419 assume(!(tmp == 1));
429 assume(!(tmp == 2));
440 assume(tmp == 3);
442 assume(ldv_state_variable_4 == 3);
444 -lbs_hard_start_xmit(ldvarg81, mesh_netdev_ops_group1)
{
66 unsigned long flags;
67 struct lbs_private *priv;
68 struct txpd *txpd;
69 char *p802x_hdr;
70 unsigned short pkt_len;
71 enum netdev_tx ret;
72 int tmp;
73 int tmp___0;
74 int tmp___1;
75 unsigned int __min1;
76 unsigned int __min2;
77 struct tx_radiotap_hdr *rtap_hdr;
78 int tmp___2;
79 int tmp___3;
67 priv = (struct lbs_private *)(dev->__annonCompField102.ml_priv);
71 ret = 0;
73 assume(!((lbs_debug & 65537U) == 65537U));
77 -ldv___ldv_spin_lock_553(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
531 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
532 return ;;
}
79 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->surpriseremoved);
79 assume(!(__CPAchecker_TMP_1 != 0U));
82 assume(!((skb->len) == 0U));
82 assume(!((skb->len) > 1574U));
93 -netif_stop_queue(priv->dev)
{
2778 struct netdev_queue *tmp;
2778 -netdev_get_tx_queue((const struct net_device *)dev, 0U)
{
1886 struct netdev_queue *__CPAchecker_TMP_0 = (struct netdev_queue *)(dev->_tx);
1886 return __CPAchecker_TMP_0 + ((unsigned long)index);;
}
2778 -netif_tx_stop_queue(tmp)
{
2766 -set_bit(0L, (volatile unsigned long *)(&(dev_queue->state)))
{
80 Ignored inline assembler code
82 return ;;
}
2767 return ;;
}
2779 return ;;
}
94 unsigned long __CPAchecker_TMP_3 = (unsigned long)(priv->mesh_dev);
94 assume(!(__CPAchecker_TMP_3 != ((unsigned long)((struct net_device *)0))));
97 assume(!((priv->tx_pending_len) != 0));
106 priv->tx_pending_len = -1;
107 -ldv_spin_unlock_irqrestore_116(&(priv->driver_lock), flags)
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
538 return ;;
}
109 __min1 = skb->len;
109 __min2 = 100U;
109 u8 *__CPAchecker_TMP_5 = (u8 *)(skb->data);
109 unsigned int __CPAchecker_TMP_6;
109 assume(!(__min1 < __min2));
109 __CPAchecker_TMP_6 = __min2;
109 -lbs_deb_hex___3(65536U, "TX Data", __CPAchecker_TMP_5, (int)__CPAchecker_TMP_6)
{
96 int i;
96 i = 0;
98 assume(len___0 != 0);
98 assume(!((lbs_debug & 2097152U) != 0U));
113 return ;;
}
111 txpd = (struct txpd *)(&(priv->tx_pending_buf));
112 __memset((void *)txpd, 0, 24UL) { /* Function call is skipped due to function is undefined */}
114 char *__CPAchecker_TMP_7 = (char *)(skb->data);
114 p802x_hdr = __CPAchecker_TMP_7;
115 uint16_t __CPAchecker_TMP_8 = (uint16_t )(skb->len);
115 pkt_len = __CPAchecker_TMP_8;
117 unsigned int __CPAchecker_TMP_9 = (unsigned int)(priv->wdev->iftype);
117 assume(__CPAchecker_TMP_9 == 6U);
118 struct tx_radiotap_hdr *__CPAchecker_TMP_10 = (struct tx_radiotap_hdr *)(skb->data);
118 rtap_hdr = __CPAchecker_TMP_10;
121 int __CPAchecker_TMP_11 = (int)(rtap_hdr->rate);
121 -convert_radiotap_rate_to_mv(__CPAchecker_TMP_11)
{
27 switch ((int)rate);
28 assume(!(((int)rate) == 2));
30 assume(!(((int)rate) == 4));
32 assume(!(((int)rate) == 11));
34 assume(!(((int)rate) == 22));
36 assume(!(((int)rate) == 12));
38 assume(!(((int)rate) == 18));
40 assume(!(((int)rate) == 24));
42 assume(!(((int)rate) == 36));
44 assume(!(((int)rate) == 48));
46 assume(!(((int)rate) == 72));
48 assume(!(((int)rate) == 96));
50 assume(!(((int)rate) == 108));
53 return 0U;;
}
124 p802x_hdr = p802x_hdr + 12UL;
125 pkt_len = ((unsigned int)pkt_len) - 12U;
128 __memcpy((void *)(&(txpd->tx_dest_addr_high)), ((const void *)p802x_hdr) + 4U, 6UL) { /* Function call is skipped due to function is undefined */}
134 txpd->tx_packet_length = pkt_len;
135 txpd->tx_packet_location = 24U;
137 -lbs_mesh_set_txpd(priv, dev, txpd)
{
1098 unsigned long __CPAchecker_TMP_0 = (unsigned long)(priv->mesh_dev);
1098 assume(!(__CPAchecker_TMP_0 == ((unsigned long)dev)));
1103 return ;;
}
139 -lbs_deb_hex___3(65536U, "txpd", (u8 *)(&txpd), 24)
{
96 int i;
96 i = 0;
98 assume(len___0 != 0);
98 assume(!((lbs_debug & 2097152U) != 0U));
113 return ;;
}
141 int __CPAchecker_TMP_12 = (int)(txpd->tx_packet_length);
141 -lbs_deb_hex___3(65536U, "Tx Data", (u8 *)p802x_hdr, __CPAchecker_TMP_12)
{
96 int i;
96 i = 0;
98 assume(!(len___0 != 0));
113 return ;;
}
143 size_t __CPAchecker_TMP_13 = (size_t )(txpd->tx_packet_length);
143 __memcpy(((void *)txpd) + 1U, (const void *)p802x_hdr, __CPAchecker_TMP_13) { /* Function call is skipped due to function is undefined */}
145 -ldv___ldv_spin_lock_555(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
543 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
544 return ;;
}
146 priv->tx_pending_len = (int)(((unsigned int)pkt_len) + 24U);
148 assume(!((lbs_debug & 65536U) != 0U));
150 dev->stats.tx_packets = (dev->stats.tx_packets) + 1UL;
151 unsigned long __CPAchecker_TMP_15 = (unsigned long)(skb->len);
151 dev->stats.tx_bytes = (dev->stats.tx_bytes) + __CPAchecker_TMP_15;
153 unsigned int __CPAchecker_TMP_16 = (unsigned int)(priv->wdev->iftype);
153 assume(__CPAchecker_TMP_16 == 6U);
156 -skb_orphan(skb)
{
2295 long tmp;
2295 unsigned long __CPAchecker_TMP_0 = (unsigned long)(skb->destructor);
2295 assume(!(__CPAchecker_TMP_0 != ((unsigned long)((void (*)(struct sk_buff *))0))));
2300 unsigned long __CPAchecker_TMP_1 = (unsigned long)(skb->sk);
2300 -__builtin_expect(__CPAchecker_TMP_1 != ((unsigned long)((struct sock *)0)), 0L)
{
52 return exp;;
}
2300 assume(!(tmp != 0L));
2302 return ;;
}
159 priv->currenttxskb = skb;
return ;;
}
return ;;
}
return ;;
}
Source code
1 /* 2 * Implement cfg80211 ("iw") support. 3 * 4 * Copyright (C) 2009 M&N Solutions GmbH, 61191 Rosbach, Germany 5 * Holger Schurig <hs4233@mail.mn-solutions.de> 6 * 7 */ 8 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/hardirq.h> 12 #include <linux/sched.h> 13 #include <linux/wait.h> 14 #include <linux/slab.h> 15 #include <linux/ieee80211.h> 16 #include <net/cfg80211.h> 17 #include <asm/unaligned.h> 18 19 #include "decl.h" 20 #include "cfg.h" 21 #include "cmd.h" 22 #include "mesh.h" 23 24 25 #define CHAN2G(_channel, _freq, _flags) { \ 26 .band = IEEE80211_BAND_2GHZ, \ 27 .center_freq = (_freq), \ 28 .hw_value = (_channel), \ 29 .flags = (_flags), \ 30 .max_antenna_gain = 0, \ 31 .max_power = 30, \ 32 } 33 34 static struct ieee80211_channel lbs_2ghz_channels[] = { 35 CHAN2G(1, 2412, 0), 36 CHAN2G(2, 2417, 0), 37 CHAN2G(3, 2422, 0), 38 CHAN2G(4, 2427, 0), 39 CHAN2G(5, 2432, 0), 40 CHAN2G(6, 2437, 0), 41 CHAN2G(7, 2442, 0), 42 CHAN2G(8, 2447, 0), 43 CHAN2G(9, 2452, 0), 44 CHAN2G(10, 2457, 0), 45 CHAN2G(11, 2462, 0), 46 CHAN2G(12, 2467, 0), 47 CHAN2G(13, 2472, 0), 48 CHAN2G(14, 2484, 0), 49 }; 50 51 #define RATETAB_ENT(_rate, _hw_value, _flags) { \ 52 .bitrate = (_rate), \ 53 .hw_value = (_hw_value), \ 54 .flags = (_flags), \ 55 } 56 57 58 /* Table 6 in section 3.2.1.1 */ 59 static struct ieee80211_rate lbs_rates[] = { 60 RATETAB_ENT(10, 0, 0), 61 RATETAB_ENT(20, 1, 0), 62 RATETAB_ENT(55, 2, 0), 63 RATETAB_ENT(110, 3, 0), 64 RATETAB_ENT(60, 9, 0), 65 RATETAB_ENT(90, 6, 0), 66 RATETAB_ENT(120, 7, 0), 67 RATETAB_ENT(180, 8, 0), 68 RATETAB_ENT(240, 9, 0), 69 RATETAB_ENT(360, 10, 0), 70 RATETAB_ENT(480, 11, 0), 71 RATETAB_ENT(540, 12, 0), 72 }; 73 74 static struct ieee80211_supported_band lbs_band_2ghz = { 75 .channels = lbs_2ghz_channels, 76 .n_channels = ARRAY_SIZE(lbs_2ghz_channels), 77 .bitrates = lbs_rates, 78 .n_bitrates = ARRAY_SIZE(lbs_rates), 79 }; 80 81 82 static const u32 cipher_suites[] = { 83 WLAN_CIPHER_SUITE_WEP40, 84 WLAN_CIPHER_SUITE_WEP104, 85 WLAN_CIPHER_SUITE_TKIP, 86 WLAN_CIPHER_SUITE_CCMP, 87 }; 88 89 /* Time to stay on the channel */ 90 #define LBS_DWELL_PASSIVE 100 91 #define LBS_DWELL_ACTIVE 40 92 93 94 /*************************************************************************** 95 * Misc utility functions 96 * 97 * TLVs are Marvell specific. They are very similar to IEs, they have the 98 * same structure: type, length, data*. The only difference: for IEs, the 99 * type and length are u8, but for TLVs they're __le16. 100 */ 101 102 /* 103 * Convert NL80211's auth_type to the one from Libertas, see chapter 5.9.1 104 * in the firmware spec 105 */ 106 static int lbs_auth_to_authtype(enum nl80211_auth_type auth_type) 107 { 108 int ret = -ENOTSUPP; 109 110 switch (auth_type) { 111 case NL80211_AUTHTYPE_OPEN_SYSTEM: 112 case NL80211_AUTHTYPE_SHARED_KEY: 113 ret = auth_type; 114 break; 115 case NL80211_AUTHTYPE_AUTOMATIC: 116 ret = NL80211_AUTHTYPE_OPEN_SYSTEM; 117 break; 118 case NL80211_AUTHTYPE_NETWORK_EAP: 119 ret = 0x80; 120 break; 121 default: 122 /* silence compiler */ 123 break; 124 } 125 return ret; 126 } 127 128 129 /* 130 * Various firmware commands need the list of supported rates, but with 131 * the hight-bit set for basic rates 132 */ 133 static int lbs_add_rates(u8 *rates) 134 { 135 size_t i; 136 137 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 138 u8 rate = lbs_rates[i].bitrate / 5; 139 if (rate == 0x02 || rate == 0x04 || 140 rate == 0x0b || rate == 0x16) 141 rate |= 0x80; 142 rates[i] = rate; 143 } 144 return ARRAY_SIZE(lbs_rates); 145 } 146 147 148 /*************************************************************************** 149 * TLV utility functions 150 * 151 * TLVs are Marvell specific. They are very similar to IEs, they have the 152 * same structure: type, length, data*. The only difference: for IEs, the 153 * type and length are u8, but for TLVs they're __le16. 154 */ 155 156 157 /* 158 * Add ssid TLV 159 */ 160 #define LBS_MAX_SSID_TLV_SIZE \ 161 (sizeof(struct mrvl_ie_header) \ 162 + IEEE80211_MAX_SSID_LEN) 163 164 static int lbs_add_ssid_tlv(u8 *tlv, const u8 *ssid, int ssid_len) 165 { 166 struct mrvl_ie_ssid_param_set *ssid_tlv = (void *)tlv; 167 168 /* 169 * TLV-ID SSID 00 00 170 * length 06 00 171 * ssid 4d 4e 54 45 53 54 172 */ 173 ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID); 174 ssid_tlv->header.len = cpu_to_le16(ssid_len); 175 memcpy(ssid_tlv->ssid, ssid, ssid_len); 176 return sizeof(ssid_tlv->header) + ssid_len; 177 } 178 179 180 /* 181 * Add channel list TLV (section 8.4.2) 182 * 183 * Actual channel data comes from priv->wdev->wiphy->channels. 184 */ 185 #define LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 186 (sizeof(struct mrvl_ie_header) \ 187 + (LBS_SCAN_BEFORE_NAP * sizeof(struct chanscanparamset))) 188 189 static int lbs_add_channel_list_tlv(struct lbs_private *priv, u8 *tlv, 190 int last_channel, int active_scan) 191 { 192 int chanscanparamsize = sizeof(struct chanscanparamset) * 193 (last_channel - priv->scan_channel); 194 195 struct mrvl_ie_header *header = (void *) tlv; 196 197 /* 198 * TLV-ID CHANLIST 01 01 199 * length 0e 00 200 * channel 00 01 00 00 00 64 00 201 * radio type 00 202 * channel 01 203 * scan type 00 204 * min scan time 00 00 205 * max scan time 64 00 206 * channel 2 00 02 00 00 00 64 00 207 * 208 */ 209 210 header->type = cpu_to_le16(TLV_TYPE_CHANLIST); 211 header->len = cpu_to_le16(chanscanparamsize); 212 tlv += sizeof(struct mrvl_ie_header); 213 214 /* lbs_deb_scan("scan: channels %d to %d\n", priv->scan_channel, 215 last_channel); */ 216 memset(tlv, 0, chanscanparamsize); 217 218 while (priv->scan_channel < last_channel) { 219 struct chanscanparamset *param = (void *) tlv; 220 221 param->radiotype = CMD_SCAN_RADIO_TYPE_BG; 222 param->channumber = 223 priv->scan_req->channels[priv->scan_channel]->hw_value; 224 if (active_scan) { 225 param->maxscantime = cpu_to_le16(LBS_DWELL_ACTIVE); 226 } else { 227 param->chanscanmode.passivescan = 1; 228 param->maxscantime = cpu_to_le16(LBS_DWELL_PASSIVE); 229 } 230 tlv += sizeof(struct chanscanparamset); 231 priv->scan_channel++; 232 } 233 return sizeof(struct mrvl_ie_header) + chanscanparamsize; 234 } 235 236 237 /* 238 * Add rates TLV 239 * 240 * The rates are in lbs_bg_rates[], but for the 802.11b 241 * rates the high bit is set. We add this TLV only because 242 * there's a firmware which otherwise doesn't report all 243 * APs in range. 244 */ 245 #define LBS_MAX_RATES_TLV_SIZE \ 246 (sizeof(struct mrvl_ie_header) \ 247 + (ARRAY_SIZE(lbs_rates))) 248 249 /* Adds a TLV with all rates the hardware supports */ 250 static int lbs_add_supported_rates_tlv(u8 *tlv) 251 { 252 size_t i; 253 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 254 255 /* 256 * TLV-ID RATES 01 00 257 * length 0e 00 258 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 259 */ 260 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 261 tlv += sizeof(rate_tlv->header); 262 i = lbs_add_rates(tlv); 263 tlv += i; 264 rate_tlv->header.len = cpu_to_le16(i); 265 return sizeof(rate_tlv->header) + i; 266 } 267 268 /* Add common rates from a TLV and return the new end of the TLV */ 269 static u8 * 270 add_ie_rates(u8 *tlv, const u8 *ie, int *nrates) 271 { 272 int hw, ap, ap_max = ie[1]; 273 u8 hw_rate; 274 275 /* Advance past IE header */ 276 ie += 2; 277 278 lbs_deb_hex(LBS_DEB_ASSOC, "AP IE Rates", (u8 *) ie, ap_max); 279 280 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 281 hw_rate = lbs_rates[hw].bitrate / 5; 282 for (ap = 0; ap < ap_max; ap++) { 283 if (hw_rate == (ie[ap] & 0x7f)) { 284 *tlv++ = ie[ap]; 285 *nrates = *nrates + 1; 286 } 287 } 288 } 289 return tlv; 290 } 291 292 /* 293 * Adds a TLV with all rates the hardware *and* BSS supports. 294 */ 295 static int lbs_add_common_rates_tlv(u8 *tlv, struct cfg80211_bss *bss) 296 { 297 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 298 const u8 *rates_eid, *ext_rates_eid; 299 int n = 0; 300 301 rcu_read_lock(); 302 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 303 ext_rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 304 305 /* 306 * 01 00 TLV_TYPE_RATES 307 * 04 00 len 308 * 82 84 8b 96 rates 309 */ 310 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 311 tlv += sizeof(rate_tlv->header); 312 313 /* Add basic rates */ 314 if (rates_eid) { 315 tlv = add_ie_rates(tlv, rates_eid, &n); 316 317 /* Add extended rates, if any */ 318 if (ext_rates_eid) 319 tlv = add_ie_rates(tlv, ext_rates_eid, &n); 320 } else { 321 lbs_deb_assoc("assoc: bss had no basic rate IE\n"); 322 /* Fallback: add basic 802.11b rates */ 323 *tlv++ = 0x82; 324 *tlv++ = 0x84; 325 *tlv++ = 0x8b; 326 *tlv++ = 0x96; 327 n = 4; 328 } 329 rcu_read_unlock(); 330 331 rate_tlv->header.len = cpu_to_le16(n); 332 return sizeof(rate_tlv->header) + n; 333 } 334 335 336 /* 337 * Add auth type TLV. 338 * 339 * This is only needed for newer firmware (V9 and up). 340 */ 341 #define LBS_MAX_AUTH_TYPE_TLV_SIZE \ 342 sizeof(struct mrvl_ie_auth_type) 343 344 static int lbs_add_auth_type_tlv(u8 *tlv, enum nl80211_auth_type auth_type) 345 { 346 struct mrvl_ie_auth_type *auth = (void *) tlv; 347 348 /* 349 * 1f 01 TLV_TYPE_AUTH_TYPE 350 * 01 00 len 351 * 01 auth type 352 */ 353 auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE); 354 auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header)); 355 auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type)); 356 return sizeof(*auth); 357 } 358 359 360 /* 361 * Add channel (phy ds) TLV 362 */ 363 #define LBS_MAX_CHANNEL_TLV_SIZE \ 364 sizeof(struct mrvl_ie_header) 365 366 static int lbs_add_channel_tlv(u8 *tlv, u8 channel) 367 { 368 struct mrvl_ie_ds_param_set *ds = (void *) tlv; 369 370 /* 371 * 03 00 TLV_TYPE_PHY_DS 372 * 01 00 len 373 * 06 channel 374 */ 375 ds->header.type = cpu_to_le16(TLV_TYPE_PHY_DS); 376 ds->header.len = cpu_to_le16(sizeof(*ds)-sizeof(ds->header)); 377 ds->channel = channel; 378 return sizeof(*ds); 379 } 380 381 382 /* 383 * Add (empty) CF param TLV of the form: 384 */ 385 #define LBS_MAX_CF_PARAM_TLV_SIZE \ 386 sizeof(struct mrvl_ie_header) 387 388 static int lbs_add_cf_param_tlv(u8 *tlv) 389 { 390 struct mrvl_ie_cf_param_set *cf = (void *)tlv; 391 392 /* 393 * 04 00 TLV_TYPE_CF 394 * 06 00 len 395 * 00 cfpcnt 396 * 00 cfpperiod 397 * 00 00 cfpmaxduration 398 * 00 00 cfpdurationremaining 399 */ 400 cf->header.type = cpu_to_le16(TLV_TYPE_CF); 401 cf->header.len = cpu_to_le16(sizeof(*cf)-sizeof(cf->header)); 402 return sizeof(*cf); 403 } 404 405 /* 406 * Add WPA TLV 407 */ 408 #define LBS_MAX_WPA_TLV_SIZE \ 409 (sizeof(struct mrvl_ie_header) \ 410 + 128 /* TODO: I guessed the size */) 411 412 static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len) 413 { 414 size_t tlv_len; 415 416 /* 417 * We need just convert an IE to an TLV. IEs use u8 for the header, 418 * u8 type 419 * u8 len 420 * u8[] data 421 * but TLVs use __le16 instead: 422 * __le16 type 423 * __le16 len 424 * u8[] data 425 */ 426 *tlv++ = *ie++; 427 *tlv++ = 0; 428 tlv_len = *tlv++ = *ie++; 429 *tlv++ = 0; 430 while (tlv_len--) 431 *tlv++ = *ie++; 432 /* the TLV is two bytes larger than the IE */ 433 return ie_len + 2; 434 } 435 436 /* 437 * Set Channel 438 */ 439 440 static int lbs_cfg_set_monitor_channel(struct wiphy *wiphy, 441 struct cfg80211_chan_def *chandef) 442 { 443 struct lbs_private *priv = wiphy_priv(wiphy); 444 int ret = -ENOTSUPP; 445 446 lbs_deb_enter_args(LBS_DEB_CFG80211, "freq %d, type %d", 447 chandef->chan->center_freq, 448 cfg80211_get_chandef_type(chandef)); 449 450 if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT) 451 goto out; 452 453 ret = lbs_set_channel(priv, chandef->chan->hw_value); 454 455 out: 456 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 457 return ret; 458 } 459 460 static int lbs_cfg_set_mesh_channel(struct wiphy *wiphy, 461 struct net_device *netdev, 462 struct ieee80211_channel *channel) 463 { 464 struct lbs_private *priv = wiphy_priv(wiphy); 465 int ret = -ENOTSUPP; 466 467 lbs_deb_enter_args(LBS_DEB_CFG80211, "iface %s freq %d", 468 netdev_name(netdev), channel->center_freq); 469 470 if (netdev != priv->mesh_dev) 471 goto out; 472 473 ret = lbs_mesh_set_channel(priv, channel->hw_value); 474 475 out: 476 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 477 return ret; 478 } 479 480 481 482 /* 483 * Scanning 484 */ 485 486 /* 487 * When scanning, the firmware doesn't send a nul packet with the power-safe 488 * bit to the AP. So we cannot stay away from our current channel too long, 489 * otherwise we loose data. So take a "nap" while scanning every other 490 * while. 491 */ 492 #define LBS_SCAN_BEFORE_NAP 4 493 494 495 /* 496 * When the firmware reports back a scan-result, it gives us an "u8 rssi", 497 * which isn't really an RSSI, as it becomes larger when moving away from 498 * the AP. Anyway, we need to convert that into mBm. 499 */ 500 #define LBS_SCAN_RSSI_TO_MBM(rssi) \ 501 ((-(int)rssi + 3)*100) 502 503 static int lbs_ret_scan(struct lbs_private *priv, unsigned long dummy, 504 struct cmd_header *resp) 505 { 506 struct cfg80211_bss *bss; 507 struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp; 508 int bsssize; 509 const u8 *pos; 510 const u8 *tsfdesc; 511 int tsfsize; 512 int i; 513 int ret = -EILSEQ; 514 515 lbs_deb_enter(LBS_DEB_CFG80211); 516 517 bsssize = get_unaligned_le16(&scanresp->bssdescriptsize); 518 519 lbs_deb_scan("scan response: %d BSSs (%d bytes); resp size %d bytes\n", 520 scanresp->nr_sets, bsssize, le16_to_cpu(resp->size)); 521 522 if (scanresp->nr_sets == 0) { 523 ret = 0; 524 goto done; 525 } 526 527 /* 528 * The general layout of the scan response is described in chapter 529 * 5.7.1. Basically we have a common part, then any number of BSS 530 * descriptor sections. Finally we have section with the same number 531 * of TSFs. 532 * 533 * cmd_ds_802_11_scan_rsp 534 * cmd_header 535 * pos_size 536 * nr_sets 537 * bssdesc 1 538 * bssid 539 * rssi 540 * timestamp 541 * intvl 542 * capa 543 * IEs 544 * bssdesc 2 545 * bssdesc n 546 * MrvlIEtypes_TsfFimestamp_t 547 * TSF for BSS 1 548 * TSF for BSS 2 549 * TSF for BSS n 550 */ 551 552 pos = scanresp->bssdesc_and_tlvbuffer; 553 554 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_RSP", scanresp->bssdesc_and_tlvbuffer, 555 scanresp->bssdescriptsize); 556 557 tsfdesc = pos + bsssize; 558 tsfsize = 4 + 8 * scanresp->nr_sets; 559 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TSF", (u8 *) tsfdesc, tsfsize); 560 561 /* Validity check: we expect a Marvell-Local TLV */ 562 i = get_unaligned_le16(tsfdesc); 563 tsfdesc += 2; 564 if (i != TLV_TYPE_TSFTIMESTAMP) { 565 lbs_deb_scan("scan response: invalid TSF Timestamp %d\n", i); 566 goto done; 567 } 568 569 /* 570 * Validity check: the TLV holds TSF values with 8 bytes each, so 571 * the size in the TLV must match the nr_sets value 572 */ 573 i = get_unaligned_le16(tsfdesc); 574 tsfdesc += 2; 575 if (i / 8 != scanresp->nr_sets) { 576 lbs_deb_scan("scan response: invalid number of TSF timestamp " 577 "sets (expected %d got %d)\n", scanresp->nr_sets, 578 i / 8); 579 goto done; 580 } 581 582 for (i = 0; i < scanresp->nr_sets; i++) { 583 const u8 *bssid; 584 const u8 *ie; 585 int left; 586 int ielen; 587 int rssi; 588 u16 intvl; 589 u16 capa; 590 int chan_no = -1; 591 const u8 *ssid = NULL; 592 u8 ssid_len = 0; 593 594 int len = get_unaligned_le16(pos); 595 pos += 2; 596 597 /* BSSID */ 598 bssid = pos; 599 pos += ETH_ALEN; 600 /* RSSI */ 601 rssi = *pos++; 602 /* Packet time stamp */ 603 pos += 8; 604 /* Beacon interval */ 605 intvl = get_unaligned_le16(pos); 606 pos += 2; 607 /* Capabilities */ 608 capa = get_unaligned_le16(pos); 609 pos += 2; 610 611 /* To find out the channel, we must parse the IEs */ 612 ie = pos; 613 /* 614 * 6+1+8+2+2: size of BSSID, RSSI, time stamp, beacon 615 * interval, capabilities 616 */ 617 ielen = left = len - (6 + 1 + 8 + 2 + 2); 618 while (left >= 2) { 619 u8 id, elen; 620 id = *pos++; 621 elen = *pos++; 622 left -= 2; 623 if (elen > left) { 624 lbs_deb_scan("scan response: invalid IE fmt\n"); 625 goto done; 626 } 627 628 if (id == WLAN_EID_DS_PARAMS) 629 chan_no = *pos; 630 if (id == WLAN_EID_SSID) { 631 ssid = pos; 632 ssid_len = elen; 633 } 634 left -= elen; 635 pos += elen; 636 } 637 638 /* No channel, no luck */ 639 if (chan_no != -1) { 640 struct wiphy *wiphy = priv->wdev->wiphy; 641 int freq = ieee80211_channel_to_frequency(chan_no, 642 IEEE80211_BAND_2GHZ); 643 struct ieee80211_channel *channel = 644 ieee80211_get_channel(wiphy, freq); 645 646 lbs_deb_scan("scan: %pM, capa %04x, chan %2d, %*pE, %d dBm\n", 647 bssid, capa, chan_no, ssid_len, ssid, 648 LBS_SCAN_RSSI_TO_MBM(rssi)/100); 649 650 if (channel && 651 !(channel->flags & IEEE80211_CHAN_DISABLED)) { 652 bss = cfg80211_inform_bss(wiphy, channel, 653 CFG80211_BSS_FTYPE_UNKNOWN, 654 bssid, get_unaligned_le64(tsfdesc), 655 capa, intvl, ie, ielen, 656 LBS_SCAN_RSSI_TO_MBM(rssi), 657 GFP_KERNEL); 658 cfg80211_put_bss(wiphy, bss); 659 } 660 } else 661 lbs_deb_scan("scan response: missing BSS channel IE\n"); 662 663 tsfdesc += 8; 664 } 665 ret = 0; 666 667 done: 668 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret); 669 return ret; 670 } 671 672 673 /* 674 * Our scan command contains a TLV, consting of a SSID TLV, a channel list 675 * TLV and a rates TLV. Determine the maximum size of them: 676 */ 677 #define LBS_SCAN_MAX_CMD_SIZE \ 678 (sizeof(struct cmd_ds_802_11_scan) \ 679 + LBS_MAX_SSID_TLV_SIZE \ 680 + LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 681 + LBS_MAX_RATES_TLV_SIZE) 682 683 /* 684 * Assumes priv->scan_req is initialized and valid 685 * Assumes priv->scan_channel is initialized 686 */ 687 static void lbs_scan_worker(struct work_struct *work) 688 { 689 struct lbs_private *priv = 690 container_of(work, struct lbs_private, scan_work.work); 691 struct cmd_ds_802_11_scan *scan_cmd; 692 u8 *tlv; /* pointer into our current, growing TLV storage area */ 693 int last_channel; 694 int running, carrier; 695 696 lbs_deb_enter(LBS_DEB_SCAN); 697 698 scan_cmd = kzalloc(LBS_SCAN_MAX_CMD_SIZE, GFP_KERNEL); 699 if (scan_cmd == NULL) 700 goto out_no_scan_cmd; 701 702 /* prepare fixed part of scan command */ 703 scan_cmd->bsstype = CMD_BSS_TYPE_ANY; 704 705 /* stop network while we're away from our main channel */ 706 running = !netif_queue_stopped(priv->dev); 707 carrier = netif_carrier_ok(priv->dev); 708 if (running) 709 netif_stop_queue(priv->dev); 710 if (carrier) 711 netif_carrier_off(priv->dev); 712 713 /* prepare fixed part of scan command */ 714 tlv = scan_cmd->tlvbuffer; 715 716 /* add SSID TLV */ 717 if (priv->scan_req->n_ssids && priv->scan_req->ssids[0].ssid_len > 0) 718 tlv += lbs_add_ssid_tlv(tlv, 719 priv->scan_req->ssids[0].ssid, 720 priv->scan_req->ssids[0].ssid_len); 721 722 /* add channel TLVs */ 723 last_channel = priv->scan_channel + LBS_SCAN_BEFORE_NAP; 724 if (last_channel > priv->scan_req->n_channels) 725 last_channel = priv->scan_req->n_channels; 726 tlv += lbs_add_channel_list_tlv(priv, tlv, last_channel, 727 priv->scan_req->n_ssids); 728 729 /* add rates TLV */ 730 tlv += lbs_add_supported_rates_tlv(tlv); 731 732 if (priv->scan_channel < priv->scan_req->n_channels) { 733 cancel_delayed_work(&priv->scan_work); 734 if (netif_running(priv->dev)) 735 queue_delayed_work(priv->work_thread, &priv->scan_work, 736 msecs_to_jiffies(300)); 737 } 738 739 /* This is the final data we are about to send */ 740 scan_cmd->hdr.size = cpu_to_le16(tlv - (u8 *)scan_cmd); 741 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd, 742 sizeof(*scan_cmd)); 743 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer, 744 tlv - scan_cmd->tlvbuffer); 745 746 __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr, 747 le16_to_cpu(scan_cmd->hdr.size), 748 lbs_ret_scan, 0); 749 750 if (priv->scan_channel >= priv->scan_req->n_channels) { 751 /* Mark scan done */ 752 cancel_delayed_work(&priv->scan_work); 753 lbs_scan_done(priv); 754 } 755 756 /* Restart network */ 757 if (carrier) 758 netif_carrier_on(priv->dev); 759 if (running && !priv->tx_pending_len) 760 netif_wake_queue(priv->dev); 761 762 kfree(scan_cmd); 763 764 /* Wake up anything waiting on scan completion */ 765 if (priv->scan_req == NULL) { 766 lbs_deb_scan("scan: waking up waiters\n"); 767 wake_up_all(&priv->scan_q); 768 } 769 770 out_no_scan_cmd: 771 lbs_deb_leave(LBS_DEB_SCAN); 772 } 773 774 static void _internal_start_scan(struct lbs_private *priv, bool internal, 775 struct cfg80211_scan_request *request) 776 { 777 lbs_deb_enter(LBS_DEB_CFG80211); 778 779 lbs_deb_scan("scan: ssids %d, channels %d, ie_len %zd\n", 780 request->n_ssids, request->n_channels, request->ie_len); 781 782 priv->scan_channel = 0; 783 priv->scan_req = request; 784 priv->internal_scan = internal; 785 786 queue_delayed_work(priv->work_thread, &priv->scan_work, 787 msecs_to_jiffies(50)); 788 789 lbs_deb_leave(LBS_DEB_CFG80211); 790 } 791 792 /* 793 * Clean up priv->scan_req. Should be used to handle the allocation details. 794 */ 795 void lbs_scan_done(struct lbs_private *priv) 796 { 797 WARN_ON(!priv->scan_req); 798 799 if (priv->internal_scan) 800 kfree(priv->scan_req); 801 else 802 cfg80211_scan_done(priv->scan_req, false); 803 804 priv->scan_req = NULL; 805 } 806 807 static int lbs_cfg_scan(struct wiphy *wiphy, 808 struct cfg80211_scan_request *request) 809 { 810 struct lbs_private *priv = wiphy_priv(wiphy); 811 int ret = 0; 812 813 lbs_deb_enter(LBS_DEB_CFG80211); 814 815 if (priv->scan_req || delayed_work_pending(&priv->scan_work)) { 816 /* old scan request not yet processed */ 817 ret = -EAGAIN; 818 goto out; 819 } 820 821 _internal_start_scan(priv, false, request); 822 823 if (priv->surpriseremoved) 824 ret = -EIO; 825 826 out: 827 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 828 return ret; 829 } 830 831 832 833 834 /* 835 * Events 836 */ 837 838 void lbs_send_disconnect_notification(struct lbs_private *priv, 839 bool locally_generated) 840 { 841 lbs_deb_enter(LBS_DEB_CFG80211); 842 843 cfg80211_disconnected(priv->dev, 0, NULL, 0, locally_generated, 844 GFP_KERNEL); 845 846 lbs_deb_leave(LBS_DEB_CFG80211); 847 } 848 849 void lbs_send_mic_failureevent(struct lbs_private *priv, u32 event) 850 { 851 lbs_deb_enter(LBS_DEB_CFG80211); 852 853 cfg80211_michael_mic_failure(priv->dev, 854 priv->assoc_bss, 855 event == MACREG_INT_CODE_MIC_ERR_MULTICAST ? 856 NL80211_KEYTYPE_GROUP : 857 NL80211_KEYTYPE_PAIRWISE, 858 -1, 859 NULL, 860 GFP_KERNEL); 861 862 lbs_deb_leave(LBS_DEB_CFG80211); 863 } 864 865 866 867 868 /* 869 * Connect/disconnect 870 */ 871 872 873 /* 874 * This removes all WEP keys 875 */ 876 static int lbs_remove_wep_keys(struct lbs_private *priv) 877 { 878 struct cmd_ds_802_11_set_wep cmd; 879 int ret; 880 881 lbs_deb_enter(LBS_DEB_CFG80211); 882 883 memset(&cmd, 0, sizeof(cmd)); 884 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 885 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 886 cmd.action = cpu_to_le16(CMD_ACT_REMOVE); 887 888 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 889 890 lbs_deb_leave(LBS_DEB_CFG80211); 891 return ret; 892 } 893 894 /* 895 * Set WEP keys 896 */ 897 static int lbs_set_wep_keys(struct lbs_private *priv) 898 { 899 struct cmd_ds_802_11_set_wep cmd; 900 int i; 901 int ret; 902 903 lbs_deb_enter(LBS_DEB_CFG80211); 904 905 /* 906 * command 13 00 907 * size 50 00 908 * sequence xx xx 909 * result 00 00 910 * action 02 00 ACT_ADD 911 * transmit key 00 00 912 * type for key 1 01 WEP40 913 * type for key 2 00 914 * type for key 3 00 915 * type for key 4 00 916 * key 1 39 39 39 39 39 00 00 00 917 * 00 00 00 00 00 00 00 00 918 * key 2 00 00 00 00 00 00 00 00 919 * 00 00 00 00 00 00 00 00 920 * key 3 00 00 00 00 00 00 00 00 921 * 00 00 00 00 00 00 00 00 922 * key 4 00 00 00 00 00 00 00 00 923 */ 924 if (priv->wep_key_len[0] || priv->wep_key_len[1] || 925 priv->wep_key_len[2] || priv->wep_key_len[3]) { 926 /* Only set wep keys if we have at least one of them */ 927 memset(&cmd, 0, sizeof(cmd)); 928 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 929 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 930 cmd.action = cpu_to_le16(CMD_ACT_ADD); 931 932 for (i = 0; i < 4; i++) { 933 switch (priv->wep_key_len[i]) { 934 case WLAN_KEY_LEN_WEP40: 935 cmd.keytype[i] = CMD_TYPE_WEP_40_BIT; 936 break; 937 case WLAN_KEY_LEN_WEP104: 938 cmd.keytype[i] = CMD_TYPE_WEP_104_BIT; 939 break; 940 default: 941 cmd.keytype[i] = 0; 942 break; 943 } 944 memcpy(cmd.keymaterial[i], priv->wep_key[i], 945 priv->wep_key_len[i]); 946 } 947 948 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 949 } else { 950 /* Otherwise remove all wep keys */ 951 ret = lbs_remove_wep_keys(priv); 952 } 953 954 lbs_deb_leave(LBS_DEB_CFG80211); 955 return ret; 956 } 957 958 959 /* 960 * Enable/Disable RSN status 961 */ 962 static int lbs_enable_rsn(struct lbs_private *priv, int enable) 963 { 964 struct cmd_ds_802_11_enable_rsn cmd; 965 int ret; 966 967 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", enable); 968 969 /* 970 * cmd 2f 00 971 * size 0c 00 972 * sequence xx xx 973 * result 00 00 974 * action 01 00 ACT_SET 975 * enable 01 00 976 */ 977 memset(&cmd, 0, sizeof(cmd)); 978 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 979 cmd.action = cpu_to_le16(CMD_ACT_SET); 980 cmd.enable = cpu_to_le16(enable); 981 982 ret = lbs_cmd_with_response(priv, CMD_802_11_ENABLE_RSN, &cmd); 983 984 lbs_deb_leave(LBS_DEB_CFG80211); 985 return ret; 986 } 987 988 989 /* 990 * Set WPA/WPA key material 991 */ 992 993 /* 994 * like "struct cmd_ds_802_11_key_material", but with cmd_header. Once we 995 * get rid of WEXT, this should go into host.h 996 */ 997 998 struct cmd_key_material { 999 struct cmd_header hdr; 1000 1001 __le16 action; 1002 struct MrvlIEtype_keyParamSet param; 1003 } __packed; 1004 1005 static int lbs_set_key_material(struct lbs_private *priv, 1006 int key_type, int key_info, 1007 const u8 *key, u16 key_len) 1008 { 1009 struct cmd_key_material cmd; 1010 int ret; 1011 1012 lbs_deb_enter(LBS_DEB_CFG80211); 1013 1014 /* 1015 * Example for WPA (TKIP): 1016 * 1017 * cmd 5e 00 1018 * size 34 00 1019 * sequence xx xx 1020 * result 00 00 1021 * action 01 00 1022 * TLV type 00 01 key param 1023 * length 00 26 1024 * key type 01 00 TKIP 1025 * key info 06 00 UNICAST | ENABLED 1026 * key len 20 00 1027 * key 32 bytes 1028 */ 1029 memset(&cmd, 0, sizeof(cmd)); 1030 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1031 cmd.action = cpu_to_le16(CMD_ACT_SET); 1032 cmd.param.type = cpu_to_le16(TLV_TYPE_KEY_MATERIAL); 1033 cmd.param.length = cpu_to_le16(sizeof(cmd.param) - 4); 1034 cmd.param.keytypeid = cpu_to_le16(key_type); 1035 cmd.param.keyinfo = cpu_to_le16(key_info); 1036 cmd.param.keylen = cpu_to_le16(key_len); 1037 if (key && key_len) 1038 memcpy(cmd.param.key, key, key_len); 1039 1040 ret = lbs_cmd_with_response(priv, CMD_802_11_KEY_MATERIAL, &cmd); 1041 1042 lbs_deb_leave(LBS_DEB_CFG80211); 1043 return ret; 1044 } 1045 1046 1047 /* 1048 * Sets the auth type (open, shared, etc) in the firmware. That 1049 * we use CMD_802_11_AUTHENTICATE is misleading, this firmware 1050 * command doesn't send an authentication frame at all, it just 1051 * stores the auth_type. 1052 */ 1053 static int lbs_set_authtype(struct lbs_private *priv, 1054 struct cfg80211_connect_params *sme) 1055 { 1056 struct cmd_ds_802_11_authenticate cmd; 1057 int ret; 1058 1059 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", sme->auth_type); 1060 1061 /* 1062 * cmd 11 00 1063 * size 19 00 1064 * sequence xx xx 1065 * result 00 00 1066 * BSS id 00 13 19 80 da 30 1067 * auth type 00 1068 * reserved 00 00 00 00 00 00 00 00 00 00 1069 */ 1070 memset(&cmd, 0, sizeof(cmd)); 1071 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1072 if (sme->bssid) 1073 memcpy(cmd.bssid, sme->bssid, ETH_ALEN); 1074 /* convert auth_type */ 1075 ret = lbs_auth_to_authtype(sme->auth_type); 1076 if (ret < 0) 1077 goto done; 1078 1079 cmd.authtype = ret; 1080 ret = lbs_cmd_with_response(priv, CMD_802_11_AUTHENTICATE, &cmd); 1081 1082 done: 1083 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1084 return ret; 1085 } 1086 1087 1088 /* 1089 * Create association request 1090 */ 1091 #define LBS_ASSOC_MAX_CMD_SIZE \ 1092 (sizeof(struct cmd_ds_802_11_associate) \ 1093 - 512 /* cmd_ds_802_11_associate.iebuf */ \ 1094 + LBS_MAX_SSID_TLV_SIZE \ 1095 + LBS_MAX_CHANNEL_TLV_SIZE \ 1096 + LBS_MAX_CF_PARAM_TLV_SIZE \ 1097 + LBS_MAX_AUTH_TYPE_TLV_SIZE \ 1098 + LBS_MAX_WPA_TLV_SIZE) 1099 1100 static int lbs_associate(struct lbs_private *priv, 1101 struct cfg80211_bss *bss, 1102 struct cfg80211_connect_params *sme) 1103 { 1104 struct cmd_ds_802_11_associate_response *resp; 1105 struct cmd_ds_802_11_associate *cmd = kzalloc(LBS_ASSOC_MAX_CMD_SIZE, 1106 GFP_KERNEL); 1107 const u8 *ssid_eid; 1108 size_t len, resp_ie_len; 1109 int status; 1110 int ret; 1111 u8 *pos; 1112 u8 *tmp; 1113 1114 lbs_deb_enter(LBS_DEB_CFG80211); 1115 1116 if (!cmd) { 1117 ret = -ENOMEM; 1118 goto done; 1119 } 1120 pos = &cmd->iebuf[0]; 1121 1122 /* 1123 * cmd 50 00 1124 * length 34 00 1125 * sequence xx xx 1126 * result 00 00 1127 * BSS id 00 13 19 80 da 30 1128 * capabilities 11 00 1129 * listen interval 0a 00 1130 * beacon interval 00 00 1131 * DTIM period 00 1132 * TLVs xx (up to 512 bytes) 1133 */ 1134 cmd->hdr.command = cpu_to_le16(CMD_802_11_ASSOCIATE); 1135 1136 /* Fill in static fields */ 1137 memcpy(cmd->bssid, bss->bssid, ETH_ALEN); 1138 cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL); 1139 cmd->capability = cpu_to_le16(bss->capability); 1140 1141 /* add SSID TLV */ 1142 rcu_read_lock(); 1143 ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID); 1144 if (ssid_eid) 1145 pos += lbs_add_ssid_tlv(pos, ssid_eid + 2, ssid_eid[1]); 1146 else 1147 lbs_deb_assoc("no SSID\n"); 1148 rcu_read_unlock(); 1149 1150 /* add DS param TLV */ 1151 if (bss->channel) 1152 pos += lbs_add_channel_tlv(pos, bss->channel->hw_value); 1153 else 1154 lbs_deb_assoc("no channel\n"); 1155 1156 /* add (empty) CF param TLV */ 1157 pos += lbs_add_cf_param_tlv(pos); 1158 1159 /* add rates TLV */ 1160 tmp = pos + 4; /* skip Marvell IE header */ 1161 pos += lbs_add_common_rates_tlv(pos, bss); 1162 lbs_deb_hex(LBS_DEB_ASSOC, "Common Rates", tmp, pos - tmp); 1163 1164 /* add auth type TLV */ 1165 if (MRVL_FW_MAJOR_REV(priv->fwrelease) >= 9) 1166 pos += lbs_add_auth_type_tlv(pos, sme->auth_type); 1167 1168 /* add WPA/WPA2 TLV */ 1169 if (sme->ie && sme->ie_len) 1170 pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len); 1171 1172 len = (sizeof(*cmd) - sizeof(cmd->iebuf)) + 1173 (u16)(pos - (u8 *) &cmd->iebuf); 1174 cmd->hdr.size = cpu_to_le16(len); 1175 1176 lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd, 1177 le16_to_cpu(cmd->hdr.size)); 1178 1179 /* store for later use */ 1180 memcpy(priv->assoc_bss, bss->bssid, ETH_ALEN); 1181 1182 ret = lbs_cmd_with_response(priv, CMD_802_11_ASSOCIATE, cmd); 1183 if (ret) 1184 goto done; 1185 1186 /* generate connect message to cfg80211 */ 1187 1188 resp = (void *) cmd; /* recast for easier field access */ 1189 status = le16_to_cpu(resp->statuscode); 1190 1191 /* Older FW versions map the IEEE 802.11 Status Code in the association 1192 * response to the following values returned in resp->statuscode: 1193 * 1194 * IEEE Status Code Marvell Status Code 1195 * 0 -> 0x0000 ASSOC_RESULT_SUCCESS 1196 * 13 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1197 * 14 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1198 * 15 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1199 * 16 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1200 * others -> 0x0003 ASSOC_RESULT_REFUSED 1201 * 1202 * Other response codes: 1203 * 0x0001 -> ASSOC_RESULT_INVALID_PARAMETERS (unused) 1204 * 0x0002 -> ASSOC_RESULT_TIMEOUT (internal timer expired waiting for 1205 * association response from the AP) 1206 */ 1207 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 1208 switch (status) { 1209 case 0: 1210 break; 1211 case 1: 1212 lbs_deb_assoc("invalid association parameters\n"); 1213 status = WLAN_STATUS_CAPS_UNSUPPORTED; 1214 break; 1215 case 2: 1216 lbs_deb_assoc("timer expired while waiting for AP\n"); 1217 status = WLAN_STATUS_AUTH_TIMEOUT; 1218 break; 1219 case 3: 1220 lbs_deb_assoc("association refused by AP\n"); 1221 status = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1222 break; 1223 case 4: 1224 lbs_deb_assoc("authentication refused by AP\n"); 1225 status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1226 break; 1227 default: 1228 lbs_deb_assoc("association failure %d\n", status); 1229 /* v5 OLPC firmware does return the AP status code if 1230 * it's not one of the values above. Let that through. 1231 */ 1232 break; 1233 } 1234 } 1235 1236 lbs_deb_assoc("status %d, statuscode 0x%04x, capability 0x%04x, " 1237 "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode), 1238 le16_to_cpu(resp->capability), le16_to_cpu(resp->aid)); 1239 1240 resp_ie_len = le16_to_cpu(resp->hdr.size) 1241 - sizeof(resp->hdr) 1242 - 6; 1243 cfg80211_connect_result(priv->dev, 1244 priv->assoc_bss, 1245 sme->ie, sme->ie_len, 1246 resp->iebuf, resp_ie_len, 1247 status, 1248 GFP_KERNEL); 1249 1250 if (status == 0) { 1251 /* TODO: get rid of priv->connect_status */ 1252 priv->connect_status = LBS_CONNECTED; 1253 netif_carrier_on(priv->dev); 1254 if (!priv->tx_pending_len) 1255 netif_tx_wake_all_queues(priv->dev); 1256 } 1257 1258 kfree(cmd); 1259 done: 1260 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1261 return ret; 1262 } 1263 1264 static struct cfg80211_scan_request * 1265 _new_connect_scan_req(struct wiphy *wiphy, struct cfg80211_connect_params *sme) 1266 { 1267 struct cfg80211_scan_request *creq = NULL; 1268 int i, n_channels = ieee80211_get_num_supported_channels(wiphy); 1269 enum ieee80211_band band; 1270 1271 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1272 n_channels * sizeof(void *), 1273 GFP_ATOMIC); 1274 if (!creq) 1275 return NULL; 1276 1277 /* SSIDs come after channels */ 1278 creq->ssids = (void *)&creq->channels[n_channels]; 1279 creq->n_channels = n_channels; 1280 creq->n_ssids = 1; 1281 1282 /* Scan all available channels */ 1283 i = 0; 1284 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1285 int j; 1286 1287 if (!wiphy->bands[band]) 1288 continue; 1289 1290 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1291 /* ignore disabled channels */ 1292 if (wiphy->bands[band]->channels[j].flags & 1293 IEEE80211_CHAN_DISABLED) 1294 continue; 1295 1296 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1297 i++; 1298 } 1299 } 1300 if (i) { 1301 /* Set real number of channels specified in creq->channels[] */ 1302 creq->n_channels = i; 1303 1304 /* Scan for the SSID we're going to connect to */ 1305 memcpy(creq->ssids[0].ssid, sme->ssid, sme->ssid_len); 1306 creq->ssids[0].ssid_len = sme->ssid_len; 1307 } else { 1308 /* No channels found... */ 1309 kfree(creq); 1310 creq = NULL; 1311 } 1312 1313 return creq; 1314 } 1315 1316 static int lbs_cfg_connect(struct wiphy *wiphy, struct net_device *dev, 1317 struct cfg80211_connect_params *sme) 1318 { 1319 struct lbs_private *priv = wiphy_priv(wiphy); 1320 struct cfg80211_bss *bss = NULL; 1321 int ret = 0; 1322 u8 preamble = RADIO_PREAMBLE_SHORT; 1323 1324 if (dev == priv->mesh_dev) 1325 return -EOPNOTSUPP; 1326 1327 lbs_deb_enter(LBS_DEB_CFG80211); 1328 1329 if (!sme->bssid) { 1330 struct cfg80211_scan_request *creq; 1331 1332 /* 1333 * Scan for the requested network after waiting for existing 1334 * scans to finish. 1335 */ 1336 lbs_deb_assoc("assoc: waiting for existing scans\n"); 1337 wait_event_interruptible_timeout(priv->scan_q, 1338 (priv->scan_req == NULL), 1339 (15 * HZ)); 1340 1341 creq = _new_connect_scan_req(wiphy, sme); 1342 if (!creq) { 1343 ret = -EINVAL; 1344 goto done; 1345 } 1346 1347 lbs_deb_assoc("assoc: scanning for compatible AP\n"); 1348 _internal_start_scan(priv, true, creq); 1349 1350 lbs_deb_assoc("assoc: waiting for scan to complete\n"); 1351 wait_event_interruptible_timeout(priv->scan_q, 1352 (priv->scan_req == NULL), 1353 (15 * HZ)); 1354 lbs_deb_assoc("assoc: scanning completed\n"); 1355 } 1356 1357 /* Find the BSS we want using available scan results */ 1358 bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid, 1359 sme->ssid, sme->ssid_len, IEEE80211_BSS_TYPE_ESS, 1360 IEEE80211_PRIVACY_ANY); 1361 if (!bss) { 1362 wiphy_err(wiphy, "assoc: bss %pM not in scan results\n", 1363 sme->bssid); 1364 ret = -ENOENT; 1365 goto done; 1366 } 1367 lbs_deb_assoc("trying %pM\n", bss->bssid); 1368 lbs_deb_assoc("cipher 0x%x, key index %d, key len %d\n", 1369 sme->crypto.cipher_group, 1370 sme->key_idx, sme->key_len); 1371 1372 /* As this is a new connection, clear locally stored WEP keys */ 1373 priv->wep_tx_key = 0; 1374 memset(priv->wep_key, 0, sizeof(priv->wep_key)); 1375 memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len)); 1376 1377 /* set/remove WEP keys */ 1378 switch (sme->crypto.cipher_group) { 1379 case WLAN_CIPHER_SUITE_WEP40: 1380 case WLAN_CIPHER_SUITE_WEP104: 1381 /* Store provided WEP keys in priv-> */ 1382 priv->wep_tx_key = sme->key_idx; 1383 priv->wep_key_len[sme->key_idx] = sme->key_len; 1384 memcpy(priv->wep_key[sme->key_idx], sme->key, sme->key_len); 1385 /* Set WEP keys and WEP mode */ 1386 lbs_set_wep_keys(priv); 1387 priv->mac_control |= CMD_ACT_MAC_WEP_ENABLE; 1388 lbs_set_mac_control(priv); 1389 /* No RSN mode for WEP */ 1390 lbs_enable_rsn(priv, 0); 1391 break; 1392 case 0: /* there's no WLAN_CIPHER_SUITE_NONE definition */ 1393 /* 1394 * If we don't have no WEP, no WPA and no WPA2, 1395 * we remove all keys like in the WPA/WPA2 setup, 1396 * we just don't set RSN. 1397 * 1398 * Therefore: fall-through 1399 */ 1400 case WLAN_CIPHER_SUITE_TKIP: 1401 case WLAN_CIPHER_SUITE_CCMP: 1402 /* Remove WEP keys and WEP mode */ 1403 lbs_remove_wep_keys(priv); 1404 priv->mac_control &= ~CMD_ACT_MAC_WEP_ENABLE; 1405 lbs_set_mac_control(priv); 1406 1407 /* clear the WPA/WPA2 keys */ 1408 lbs_set_key_material(priv, 1409 KEY_TYPE_ID_WEP, /* doesn't matter */ 1410 KEY_INFO_WPA_UNICAST, 1411 NULL, 0); 1412 lbs_set_key_material(priv, 1413 KEY_TYPE_ID_WEP, /* doesn't matter */ 1414 KEY_INFO_WPA_MCAST, 1415 NULL, 0); 1416 /* RSN mode for WPA/WPA2 */ 1417 lbs_enable_rsn(priv, sme->crypto.cipher_group != 0); 1418 break; 1419 default: 1420 wiphy_err(wiphy, "unsupported cipher group 0x%x\n", 1421 sme->crypto.cipher_group); 1422 ret = -ENOTSUPP; 1423 goto done; 1424 } 1425 1426 ret = lbs_set_authtype(priv, sme); 1427 if (ret == -ENOTSUPP) { 1428 wiphy_err(wiphy, "unsupported authtype 0x%x\n", sme->auth_type); 1429 goto done; 1430 } 1431 1432 lbs_set_radio(priv, preamble, 1); 1433 1434 /* Do the actual association */ 1435 ret = lbs_associate(priv, bss, sme); 1436 1437 done: 1438 if (bss) 1439 cfg80211_put_bss(wiphy, bss); 1440 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1441 return ret; 1442 } 1443 1444 int lbs_disconnect(struct lbs_private *priv, u16 reason) 1445 { 1446 struct cmd_ds_802_11_deauthenticate cmd; 1447 int ret; 1448 1449 memset(&cmd, 0, sizeof(cmd)); 1450 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1451 /* Mildly ugly to use a locally store my own BSSID ... */ 1452 memcpy(cmd.macaddr, &priv->assoc_bss, ETH_ALEN); 1453 cmd.reasoncode = cpu_to_le16(reason); 1454 1455 ret = lbs_cmd_with_response(priv, CMD_802_11_DEAUTHENTICATE, &cmd); 1456 if (ret) 1457 return ret; 1458 1459 cfg80211_disconnected(priv->dev, 1460 reason, 1461 NULL, 0, true, 1462 GFP_KERNEL); 1463 priv->connect_status = LBS_DISCONNECTED; 1464 1465 return 0; 1466 } 1467 1468 static int lbs_cfg_disconnect(struct wiphy *wiphy, struct net_device *dev, 1469 u16 reason_code) 1470 { 1471 struct lbs_private *priv = wiphy_priv(wiphy); 1472 1473 if (dev == priv->mesh_dev) 1474 return -EOPNOTSUPP; 1475 1476 lbs_deb_enter_args(LBS_DEB_CFG80211, "reason_code %d", reason_code); 1477 1478 /* store for lbs_cfg_ret_disconnect() */ 1479 priv->disassoc_reason = reason_code; 1480 1481 return lbs_disconnect(priv, reason_code); 1482 } 1483 1484 static int lbs_cfg_set_default_key(struct wiphy *wiphy, 1485 struct net_device *netdev, 1486 u8 key_index, bool unicast, 1487 bool multicast) 1488 { 1489 struct lbs_private *priv = wiphy_priv(wiphy); 1490 1491 if (netdev == priv->mesh_dev) 1492 return -EOPNOTSUPP; 1493 1494 lbs_deb_enter(LBS_DEB_CFG80211); 1495 1496 if (key_index != priv->wep_tx_key) { 1497 lbs_deb_assoc("set_default_key: to %d\n", key_index); 1498 priv->wep_tx_key = key_index; 1499 lbs_set_wep_keys(priv); 1500 } 1501 1502 return 0; 1503 } 1504 1505 1506 static int lbs_cfg_add_key(struct wiphy *wiphy, struct net_device *netdev, 1507 u8 idx, bool pairwise, const u8 *mac_addr, 1508 struct key_params *params) 1509 { 1510 struct lbs_private *priv = wiphy_priv(wiphy); 1511 u16 key_info; 1512 u16 key_type; 1513 int ret = 0; 1514 1515 if (netdev == priv->mesh_dev) 1516 return -EOPNOTSUPP; 1517 1518 lbs_deb_enter(LBS_DEB_CFG80211); 1519 1520 lbs_deb_assoc("add_key: cipher 0x%x, mac_addr %pM\n", 1521 params->cipher, mac_addr); 1522 lbs_deb_assoc("add_key: key index %d, key len %d\n", 1523 idx, params->key_len); 1524 if (params->key_len) 1525 lbs_deb_hex(LBS_DEB_CFG80211, "KEY", 1526 params->key, params->key_len); 1527 1528 lbs_deb_assoc("add_key: seq len %d\n", params->seq_len); 1529 if (params->seq_len) 1530 lbs_deb_hex(LBS_DEB_CFG80211, "SEQ", 1531 params->seq, params->seq_len); 1532 1533 switch (params->cipher) { 1534 case WLAN_CIPHER_SUITE_WEP40: 1535 case WLAN_CIPHER_SUITE_WEP104: 1536 /* actually compare if something has changed ... */ 1537 if ((priv->wep_key_len[idx] != params->key_len) || 1538 memcmp(priv->wep_key[idx], 1539 params->key, params->key_len) != 0) { 1540 priv->wep_key_len[idx] = params->key_len; 1541 memcpy(priv->wep_key[idx], 1542 params->key, params->key_len); 1543 lbs_set_wep_keys(priv); 1544 } 1545 break; 1546 case WLAN_CIPHER_SUITE_TKIP: 1547 case WLAN_CIPHER_SUITE_CCMP: 1548 key_info = KEY_INFO_WPA_ENABLED | ((idx == 0) 1549 ? KEY_INFO_WPA_UNICAST 1550 : KEY_INFO_WPA_MCAST); 1551 key_type = (params->cipher == WLAN_CIPHER_SUITE_TKIP) 1552 ? KEY_TYPE_ID_TKIP 1553 : KEY_TYPE_ID_AES; 1554 lbs_set_key_material(priv, 1555 key_type, 1556 key_info, 1557 params->key, params->key_len); 1558 break; 1559 default: 1560 wiphy_err(wiphy, "unhandled cipher 0x%x\n", params->cipher); 1561 ret = -ENOTSUPP; 1562 break; 1563 } 1564 1565 return ret; 1566 } 1567 1568 1569 static int lbs_cfg_del_key(struct wiphy *wiphy, struct net_device *netdev, 1570 u8 key_index, bool pairwise, const u8 *mac_addr) 1571 { 1572 1573 lbs_deb_enter(LBS_DEB_CFG80211); 1574 1575 lbs_deb_assoc("del_key: key_idx %d, mac_addr %pM\n", 1576 key_index, mac_addr); 1577 1578 #ifdef TODO 1579 struct lbs_private *priv = wiphy_priv(wiphy); 1580 /* 1581 * I think can keep this a NO-OP, because: 1582 1583 * - we clear all keys whenever we do lbs_cfg_connect() anyway 1584 * - neither "iw" nor "wpa_supplicant" won't call this during 1585 * an ongoing connection 1586 * - TODO: but I have to check if this is still true when 1587 * I set the AP to periodic re-keying 1588 * - we've not kzallec() something when we've added a key at 1589 * lbs_cfg_connect() or lbs_cfg_add_key(). 1590 * 1591 * This causes lbs_cfg_del_key() only called at disconnect time, 1592 * where we'd just waste time deleting a key that is not going 1593 * to be used anyway. 1594 */ 1595 if (key_index < 3 && priv->wep_key_len[key_index]) { 1596 priv->wep_key_len[key_index] = 0; 1597 lbs_set_wep_keys(priv); 1598 } 1599 #endif 1600 1601 return 0; 1602 } 1603 1604 1605 /* 1606 * Get station 1607 */ 1608 1609 static int lbs_cfg_get_station(struct wiphy *wiphy, struct net_device *dev, 1610 const u8 *mac, struct station_info *sinfo) 1611 { 1612 struct lbs_private *priv = wiphy_priv(wiphy); 1613 s8 signal, noise; 1614 int ret; 1615 size_t i; 1616 1617 lbs_deb_enter(LBS_DEB_CFG80211); 1618 1619 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BYTES) | 1620 BIT(NL80211_STA_INFO_TX_PACKETS) | 1621 BIT(NL80211_STA_INFO_RX_BYTES) | 1622 BIT(NL80211_STA_INFO_RX_PACKETS); 1623 sinfo->tx_bytes = priv->dev->stats.tx_bytes; 1624 sinfo->tx_packets = priv->dev->stats.tx_packets; 1625 sinfo->rx_bytes = priv->dev->stats.rx_bytes; 1626 sinfo->rx_packets = priv->dev->stats.rx_packets; 1627 1628 /* Get current RSSI */ 1629 ret = lbs_get_rssi(priv, &signal, &noise); 1630 if (ret == 0) { 1631 sinfo->signal = signal; 1632 sinfo->filled |= BIT(NL80211_STA_INFO_SIGNAL); 1633 } 1634 1635 /* Convert priv->cur_rate from hw_value to NL80211 value */ 1636 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 1637 if (priv->cur_rate == lbs_rates[i].hw_value) { 1638 sinfo->txrate.legacy = lbs_rates[i].bitrate; 1639 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BITRATE); 1640 break; 1641 } 1642 } 1643 1644 return 0; 1645 } 1646 1647 1648 1649 1650 /* 1651 * Change interface 1652 */ 1653 1654 static int lbs_change_intf(struct wiphy *wiphy, struct net_device *dev, 1655 enum nl80211_iftype type, u32 *flags, 1656 struct vif_params *params) 1657 { 1658 struct lbs_private *priv = wiphy_priv(wiphy); 1659 int ret = 0; 1660 1661 if (dev == priv->mesh_dev) 1662 return -EOPNOTSUPP; 1663 1664 switch (type) { 1665 case NL80211_IFTYPE_MONITOR: 1666 case NL80211_IFTYPE_STATION: 1667 case NL80211_IFTYPE_ADHOC: 1668 break; 1669 default: 1670 return -EOPNOTSUPP; 1671 } 1672 1673 lbs_deb_enter(LBS_DEB_CFG80211); 1674 1675 if (priv->iface_running) 1676 ret = lbs_set_iface_type(priv, type); 1677 1678 if (!ret) 1679 priv->wdev->iftype = type; 1680 1681 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1682 return ret; 1683 } 1684 1685 1686 1687 /* 1688 * IBSS (Ad-Hoc) 1689 */ 1690 1691 /* 1692 * The firmware needs the following bits masked out of the beacon-derived 1693 * capability field when associating/joining to a BSS: 1694 * 9 (QoS), 11 (APSD), 12 (unused), 14 (unused), 15 (unused) 1695 */ 1696 #define CAPINFO_MASK (~(0xda00)) 1697 1698 1699 static void lbs_join_post(struct lbs_private *priv, 1700 struct cfg80211_ibss_params *params, 1701 u8 *bssid, u16 capability) 1702 { 1703 u8 fake_ie[2 + IEEE80211_MAX_SSID_LEN + /* ssid */ 1704 2 + 4 + /* basic rates */ 1705 2 + 1 + /* DS parameter */ 1706 2 + 2 + /* atim */ 1707 2 + 8]; /* extended rates */ 1708 u8 *fake = fake_ie; 1709 struct cfg80211_bss *bss; 1710 1711 lbs_deb_enter(LBS_DEB_CFG80211); 1712 1713 /* 1714 * For cfg80211_inform_bss, we'll need a fake IE, as we can't get 1715 * the real IE from the firmware. So we fabricate a fake IE based on 1716 * what the firmware actually sends (sniffed with wireshark). 1717 */ 1718 /* Fake SSID IE */ 1719 *fake++ = WLAN_EID_SSID; 1720 *fake++ = params->ssid_len; 1721 memcpy(fake, params->ssid, params->ssid_len); 1722 fake += params->ssid_len; 1723 /* Fake supported basic rates IE */ 1724 *fake++ = WLAN_EID_SUPP_RATES; 1725 *fake++ = 4; 1726 *fake++ = 0x82; 1727 *fake++ = 0x84; 1728 *fake++ = 0x8b; 1729 *fake++ = 0x96; 1730 /* Fake DS channel IE */ 1731 *fake++ = WLAN_EID_DS_PARAMS; 1732 *fake++ = 1; 1733 *fake++ = params->chandef.chan->hw_value; 1734 /* Fake IBSS params IE */ 1735 *fake++ = WLAN_EID_IBSS_PARAMS; 1736 *fake++ = 2; 1737 *fake++ = 0; /* ATIM=0 */ 1738 *fake++ = 0; 1739 /* Fake extended rates IE, TODO: don't add this for 802.11b only, 1740 * but I don't know how this could be checked */ 1741 *fake++ = WLAN_EID_EXT_SUPP_RATES; 1742 *fake++ = 8; 1743 *fake++ = 0x0c; 1744 *fake++ = 0x12; 1745 *fake++ = 0x18; 1746 *fake++ = 0x24; 1747 *fake++ = 0x30; 1748 *fake++ = 0x48; 1749 *fake++ = 0x60; 1750 *fake++ = 0x6c; 1751 lbs_deb_hex(LBS_DEB_CFG80211, "IE", fake_ie, fake - fake_ie); 1752 1753 bss = cfg80211_inform_bss(priv->wdev->wiphy, 1754 params->chandef.chan, 1755 CFG80211_BSS_FTYPE_UNKNOWN, 1756 bssid, 1757 0, 1758 capability, 1759 params->beacon_interval, 1760 fake_ie, fake - fake_ie, 1761 0, GFP_KERNEL); 1762 cfg80211_put_bss(priv->wdev->wiphy, bss); 1763 1764 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len); 1765 priv->wdev->ssid_len = params->ssid_len; 1766 1767 cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan, 1768 GFP_KERNEL); 1769 1770 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */ 1771 priv->connect_status = LBS_CONNECTED; 1772 netif_carrier_on(priv->dev); 1773 if (!priv->tx_pending_len) 1774 netif_wake_queue(priv->dev); 1775 1776 lbs_deb_leave(LBS_DEB_CFG80211); 1777 } 1778 1779 static int lbs_ibss_join_existing(struct lbs_private *priv, 1780 struct cfg80211_ibss_params *params, 1781 struct cfg80211_bss *bss) 1782 { 1783 const u8 *rates_eid; 1784 struct cmd_ds_802_11_ad_hoc_join cmd; 1785 u8 preamble = RADIO_PREAMBLE_SHORT; 1786 int ret = 0; 1787 1788 lbs_deb_enter(LBS_DEB_CFG80211); 1789 1790 /* TODO: set preamble based on scan result */ 1791 ret = lbs_set_radio(priv, preamble, 1); 1792 if (ret) 1793 goto out; 1794 1795 /* 1796 * Example CMD_802_11_AD_HOC_JOIN command: 1797 * 1798 * command 2c 00 CMD_802_11_AD_HOC_JOIN 1799 * size 65 00 1800 * sequence xx xx 1801 * result 00 00 1802 * bssid 02 27 27 97 2f 96 1803 * ssid 49 42 53 53 00 00 00 00 1804 * 00 00 00 00 00 00 00 00 1805 * 00 00 00 00 00 00 00 00 1806 * 00 00 00 00 00 00 00 00 1807 * type 02 CMD_BSS_TYPE_IBSS 1808 * beacon period 64 00 1809 * dtim period 00 1810 * timestamp 00 00 00 00 00 00 00 00 1811 * localtime 00 00 00 00 00 00 00 00 1812 * IE DS 03 1813 * IE DS len 01 1814 * IE DS channel 01 1815 * reserveed 00 00 00 00 1816 * IE IBSS 06 1817 * IE IBSS len 02 1818 * IE IBSS atim 00 00 1819 * reserved 00 00 00 00 1820 * capability 02 00 1821 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 00 1822 * fail timeout ff 00 1823 * probe delay 00 00 1824 */ 1825 memset(&cmd, 0, sizeof(cmd)); 1826 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1827 1828 memcpy(cmd.bss.bssid, bss->bssid, ETH_ALEN); 1829 memcpy(cmd.bss.ssid, params->ssid, params->ssid_len); 1830 cmd.bss.type = CMD_BSS_TYPE_IBSS; 1831 cmd.bss.beaconperiod = cpu_to_le16(params->beacon_interval); 1832 cmd.bss.ds.header.id = WLAN_EID_DS_PARAMS; 1833 cmd.bss.ds.header.len = 1; 1834 cmd.bss.ds.channel = params->chandef.chan->hw_value; 1835 cmd.bss.ibss.header.id = WLAN_EID_IBSS_PARAMS; 1836 cmd.bss.ibss.header.len = 2; 1837 cmd.bss.ibss.atimwindow = 0; 1838 cmd.bss.capability = cpu_to_le16(bss->capability & CAPINFO_MASK); 1839 1840 /* set rates to the intersection of our rates and the rates in the 1841 bss */ 1842 rcu_read_lock(); 1843 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1844 if (!rates_eid) { 1845 lbs_add_rates(cmd.bss.rates); 1846 } else { 1847 int hw, i; 1848 u8 rates_max = rates_eid[1]; 1849 u8 *rates = cmd.bss.rates; 1850 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 1851 u8 hw_rate = lbs_rates[hw].bitrate / 5; 1852 for (i = 0; i < rates_max; i++) { 1853 if (hw_rate == (rates_eid[i+2] & 0x7f)) { 1854 u8 rate = rates_eid[i+2]; 1855 if (rate == 0x02 || rate == 0x04 || 1856 rate == 0x0b || rate == 0x16) 1857 rate |= 0x80; 1858 *rates++ = rate; 1859 } 1860 } 1861 } 1862 } 1863 rcu_read_unlock(); 1864 1865 /* Only v8 and below support setting this */ 1866 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 1867 cmd.failtimeout = cpu_to_le16(MRVDRV_ASSOCIATION_TIME_OUT); 1868 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 1869 } 1870 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_JOIN, &cmd); 1871 if (ret) 1872 goto out; 1873 1874 /* 1875 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 1876 * 1877 * response 2c 80 1878 * size 09 00 1879 * sequence xx xx 1880 * result 00 00 1881 * reserved 00 1882 */ 1883 lbs_join_post(priv, params, bss->bssid, bss->capability); 1884 1885 out: 1886 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1887 return ret; 1888 } 1889 1890 1891 1892 static int lbs_ibss_start_new(struct lbs_private *priv, 1893 struct cfg80211_ibss_params *params) 1894 { 1895 struct cmd_ds_802_11_ad_hoc_start cmd; 1896 struct cmd_ds_802_11_ad_hoc_result *resp = 1897 (struct cmd_ds_802_11_ad_hoc_result *) &cmd; 1898 u8 preamble = RADIO_PREAMBLE_SHORT; 1899 int ret = 0; 1900 u16 capability; 1901 1902 lbs_deb_enter(LBS_DEB_CFG80211); 1903 1904 ret = lbs_set_radio(priv, preamble, 1); 1905 if (ret) 1906 goto out; 1907 1908 /* 1909 * Example CMD_802_11_AD_HOC_START command: 1910 * 1911 * command 2b 00 CMD_802_11_AD_HOC_START 1912 * size b1 00 1913 * sequence xx xx 1914 * result 00 00 1915 * ssid 54 45 53 54 00 00 00 00 1916 * 00 00 00 00 00 00 00 00 1917 * 00 00 00 00 00 00 00 00 1918 * 00 00 00 00 00 00 00 00 1919 * bss type 02 1920 * beacon period 64 00 1921 * dtim period 00 1922 * IE IBSS 06 1923 * IE IBSS len 02 1924 * IE IBSS atim 00 00 1925 * reserved 00 00 00 00 1926 * IE DS 03 1927 * IE DS len 01 1928 * IE DS channel 01 1929 * reserved 00 00 00 00 1930 * probe delay 00 00 1931 * capability 02 00 1932 * rates 82 84 8b 96 (basic rates with have bit 7 set) 1933 * 0c 12 18 24 30 48 60 6c 1934 * padding 100 bytes 1935 */ 1936 memset(&cmd, 0, sizeof(cmd)); 1937 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1938 memcpy(cmd.ssid, params->ssid, params->ssid_len); 1939 cmd.bsstype = CMD_BSS_TYPE_IBSS; 1940 cmd.beaconperiod = cpu_to_le16(params->beacon_interval); 1941 cmd.ibss.header.id = WLAN_EID_IBSS_PARAMS; 1942 cmd.ibss.header.len = 2; 1943 cmd.ibss.atimwindow = 0; 1944 cmd.ds.header.id = WLAN_EID_DS_PARAMS; 1945 cmd.ds.header.len = 1; 1946 cmd.ds.channel = params->chandef.chan->hw_value; 1947 /* Only v8 and below support setting probe delay */ 1948 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) 1949 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 1950 /* TODO: mix in WLAN_CAPABILITY_PRIVACY */ 1951 capability = WLAN_CAPABILITY_IBSS; 1952 cmd.capability = cpu_to_le16(capability); 1953 lbs_add_rates(cmd.rates); 1954 1955 1956 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_START, &cmd); 1957 if (ret) 1958 goto out; 1959 1960 /* 1961 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 1962 * 1963 * response 2b 80 1964 * size 14 00 1965 * sequence xx xx 1966 * result 00 00 1967 * reserved 00 1968 * bssid 02 2b 7b 0f 86 0e 1969 */ 1970 lbs_join_post(priv, params, resp->bssid, capability); 1971 1972 out: 1973 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1974 return ret; 1975 } 1976 1977 1978 static int lbs_join_ibss(struct wiphy *wiphy, struct net_device *dev, 1979 struct cfg80211_ibss_params *params) 1980 { 1981 struct lbs_private *priv = wiphy_priv(wiphy); 1982 int ret = 0; 1983 struct cfg80211_bss *bss; 1984 1985 if (dev == priv->mesh_dev) 1986 return -EOPNOTSUPP; 1987 1988 lbs_deb_enter(LBS_DEB_CFG80211); 1989 1990 if (!params->chandef.chan) { 1991 ret = -ENOTSUPP; 1992 goto out; 1993 } 1994 1995 ret = lbs_set_channel(priv, params->chandef.chan->hw_value); 1996 if (ret) 1997 goto out; 1998 1999 /* Search if someone is beaconing. This assumes that the 2000 * bss list is populated already */ 2001 bss = cfg80211_get_bss(wiphy, params->chandef.chan, params->bssid, 2002 params->ssid, params->ssid_len, 2003 IEEE80211_BSS_TYPE_IBSS, IEEE80211_PRIVACY_ANY); 2004 2005 if (bss) { 2006 ret = lbs_ibss_join_existing(priv, params, bss); 2007 cfg80211_put_bss(wiphy, bss); 2008 } else 2009 ret = lbs_ibss_start_new(priv, params); 2010 2011 2012 out: 2013 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2014 return ret; 2015 } 2016 2017 2018 static int lbs_leave_ibss(struct wiphy *wiphy, struct net_device *dev) 2019 { 2020 struct lbs_private *priv = wiphy_priv(wiphy); 2021 struct cmd_ds_802_11_ad_hoc_stop cmd; 2022 int ret = 0; 2023 2024 if (dev == priv->mesh_dev) 2025 return -EOPNOTSUPP; 2026 2027 lbs_deb_enter(LBS_DEB_CFG80211); 2028 2029 memset(&cmd, 0, sizeof(cmd)); 2030 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 2031 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_STOP, &cmd); 2032 2033 /* TODO: consider doing this at MACREG_INT_CODE_ADHOC_BCN_LOST time */ 2034 lbs_mac_event_disconnected(priv, true); 2035 2036 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2037 return ret; 2038 } 2039 2040 2041 2042 2043 /* 2044 * Initialization 2045 */ 2046 2047 static struct cfg80211_ops lbs_cfg80211_ops = { 2048 .set_monitor_channel = lbs_cfg_set_monitor_channel, 2049 .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel, 2050 .scan = lbs_cfg_scan, 2051 .connect = lbs_cfg_connect, 2052 .disconnect = lbs_cfg_disconnect, 2053 .add_key = lbs_cfg_add_key, 2054 .del_key = lbs_cfg_del_key, 2055 .set_default_key = lbs_cfg_set_default_key, 2056 .get_station = lbs_cfg_get_station, 2057 .change_virtual_intf = lbs_change_intf, 2058 .join_ibss = lbs_join_ibss, 2059 .leave_ibss = lbs_leave_ibss, 2060 }; 2061 2062 2063 /* 2064 * At this time lbs_private *priv doesn't even exist, so we just allocate 2065 * memory and don't initialize the wiphy further. This is postponed until we 2066 * can talk to the firmware and happens at registration time in 2067 * lbs_cfg_wiphy_register(). 2068 */ 2069 struct wireless_dev *lbs_cfg_alloc(struct device *dev) 2070 { 2071 int ret = 0; 2072 struct wireless_dev *wdev; 2073 2074 lbs_deb_enter(LBS_DEB_CFG80211); 2075 2076 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 2077 if (!wdev) 2078 return ERR_PTR(-ENOMEM); 2079 2080 wdev->wiphy = wiphy_new(&lbs_cfg80211_ops, sizeof(struct lbs_private)); 2081 if (!wdev->wiphy) { 2082 dev_err(dev, "cannot allocate wiphy\n"); 2083 ret = -ENOMEM; 2084 goto err_wiphy_new; 2085 } 2086 2087 lbs_deb_leave(LBS_DEB_CFG80211); 2088 return wdev; 2089 2090 err_wiphy_new: 2091 kfree(wdev); 2092 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2093 return ERR_PTR(ret); 2094 } 2095 2096 2097 static void lbs_cfg_set_regulatory_hint(struct lbs_private *priv) 2098 { 2099 struct region_code_mapping { 2100 const char *cn; 2101 int code; 2102 }; 2103 2104 /* Section 5.17.2 */ 2105 static const struct region_code_mapping regmap[] = { 2106 {"US ", 0x10}, /* US FCC */ 2107 {"CA ", 0x20}, /* Canada */ 2108 {"EU ", 0x30}, /* ETSI */ 2109 {"ES ", 0x31}, /* Spain */ 2110 {"FR ", 0x32}, /* France */ 2111 {"JP ", 0x40}, /* Japan */ 2112 }; 2113 size_t i; 2114 2115 lbs_deb_enter(LBS_DEB_CFG80211); 2116 2117 for (i = 0; i < ARRAY_SIZE(regmap); i++) 2118 if (regmap[i].code == priv->regioncode) { 2119 regulatory_hint(priv->wdev->wiphy, regmap[i].cn); 2120 break; 2121 } 2122 2123 lbs_deb_leave(LBS_DEB_CFG80211); 2124 } 2125 2126 static void lbs_reg_notifier(struct wiphy *wiphy, 2127 struct regulatory_request *request) 2128 { 2129 struct lbs_private *priv = wiphy_priv(wiphy); 2130 2131 lbs_deb_enter_args(LBS_DEB_CFG80211, "cfg80211 regulatory domain " 2132 "callback for domain %c%c\n", request->alpha2[0], 2133 request->alpha2[1]); 2134 2135 memcpy(priv->country_code, request->alpha2, sizeof(request->alpha2)); 2136 if (lbs_iface_active(priv)) 2137 lbs_set_11d_domain_info(priv); 2138 2139 lbs_deb_leave(LBS_DEB_CFG80211); 2140 } 2141 2142 /* 2143 * This function get's called after lbs_setup_firmware() determined the 2144 * firmware capabities. So we can setup the wiphy according to our 2145 * hardware/firmware. 2146 */ 2147 int lbs_cfg_register(struct lbs_private *priv) 2148 { 2149 struct wireless_dev *wdev = priv->wdev; 2150 int ret; 2151 2152 lbs_deb_enter(LBS_DEB_CFG80211); 2153 2154 wdev->wiphy->max_scan_ssids = 1; 2155 wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; 2156 2157 wdev->wiphy->interface_modes = 2158 BIT(NL80211_IFTYPE_STATION) | 2159 BIT(NL80211_IFTYPE_ADHOC); 2160 if (lbs_rtap_supported(priv)) 2161 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR); 2162 if (lbs_mesh_activated(priv)) 2163 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MESH_POINT); 2164 2165 wdev->wiphy->bands[IEEE80211_BAND_2GHZ] = &lbs_band_2ghz; 2166 2167 /* 2168 * We could check priv->fwcapinfo && FW_CAPINFO_WPA, but I have 2169 * never seen a firmware without WPA 2170 */ 2171 wdev->wiphy->cipher_suites = cipher_suites; 2172 wdev->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites); 2173 wdev->wiphy->reg_notifier = lbs_reg_notifier; 2174 2175 ret = wiphy_register(wdev->wiphy); 2176 if (ret < 0) 2177 pr_err("cannot register wiphy device\n"); 2178 2179 priv->wiphy_registered = true; 2180 2181 ret = register_netdev(priv->dev); 2182 if (ret) 2183 pr_err("cannot register network device\n"); 2184 2185 INIT_DELAYED_WORK(&priv->scan_work, lbs_scan_worker); 2186 2187 lbs_cfg_set_regulatory_hint(priv); 2188 2189 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2190 return ret; 2191 } 2192 2193 void lbs_scan_deinit(struct lbs_private *priv) 2194 { 2195 lbs_deb_enter(LBS_DEB_CFG80211); 2196 cancel_delayed_work_sync(&priv->scan_work); 2197 } 2198 2199 2200 void lbs_cfg_free(struct lbs_private *priv) 2201 { 2202 struct wireless_dev *wdev = priv->wdev; 2203 2204 lbs_deb_enter(LBS_DEB_CFG80211); 2205 2206 if (!wdev) 2207 return; 2208 2209 if (priv->wiphy_registered) 2210 wiphy_unregister(wdev->wiphy); 2211 2212 if (wdev->wiphy) 2213 wiphy_free(wdev->wiphy); 2214 2215 kfree(wdev); 2216 }
1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 extern int ldv_state_variable_8; 53 extern int ldv_state_variable_15; 54 extern int ldv_timer_1_3; 55 extern struct timer_list * ldv_timer_list_2_0; 56 extern int ldv_timer_2_1; 57 extern int ldv_state_variable_0; 58 extern int ldv_state_variable_5; 59 extern int ldv_state_variable_13; 60 extern int ldv_state_variable_12; 61 extern struct device_attribute *dev_attr_protocol_id_group1; 62 extern struct timer_list * ldv_timer_list_3_1; 63 extern int ldv_state_variable_14; 64 extern struct device_attribute *dev_attr_capability_group1; 65 extern struct timer_list * ldv_timer_list_3_2; 66 extern int ldv_timer_2_2; 67 extern struct net_device *lbs_ethtool_ops_group0; 68 extern int ldv_timer_3_3; 69 extern int ldv_timer_2_3; 70 extern struct device_attribute *dev_attr_lbs_mesh_group1; 71 extern int ldv_timer_1_0; 72 extern int ldv_state_variable_17; 73 extern struct timer_list * ldv_timer_list_3_3; 74 extern int ldv_state_variable_9; 75 extern int ldv_timer_3_1; 76 extern int ref_cnt; 77 extern int ldv_state_variable_1; 78 extern int ldv_state_variable_7; 79 extern struct device_attribute *dev_attr_metric_id_group1; 80 extern struct net_device *lbs_netdev_ops_group1; 81 extern struct timer_list * ldv_timer_list_1_3; 82 extern struct net_device *lbs_cfg80211_ops_group0; 83 extern int ldv_state_variable_10; 84 extern struct timer_list * ldv_timer_list_1_1; 85 extern struct file *lbs_debug_fops_group2; 86 extern struct timer_list * ldv_timer_list_2_1; 87 extern struct wiphy *lbs_cfg80211_ops_group1; 88 extern struct timer_list * ldv_timer_list_1_0; 89 extern int ldv_state_variable_6; 90 extern int ldv_timer_1_2; 91 extern int ldv_state_variable_16; 92 extern struct device_attribute *dev_attr_channel_group1; 93 extern int ldv_timer_2_0; 94 extern int ldv_timer_1_1; 95 extern int ldv_state_variable_2; 96 extern struct timer_list * ldv_timer_list_1_2; 97 extern struct device_attribute *dev_attr_anycast_mask_group1; 98 extern int ldv_state_variable_11; 99 extern struct device_attribute *dev_attr_bootflag_group1; 100 extern int LDV_IN_INTERRUPT = 1; 101 extern int ldv_state_variable_18; 102 extern struct net_device *mesh_netdev_ops_group1; 103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1; 104 extern struct inode *lbs_debug_fops_group1; 105 extern int ldv_timer_3_2; 106 extern struct mutex fs_mutex; 107 extern int ldv_state_variable_3; 108 extern struct mutex ar_mutex; 109 extern struct timer_list * ldv_timer_list_2_3; 110 extern struct device_attribute *dev_attr_boottime_group1; 111 extern int ldv_timer_3_0; 112 extern struct timer_list * ldv_timer_list_3_0; 113 extern struct device_attribute *dev_attr_mesh_id_group1; 114 extern struct timer_list * ldv_timer_list_2_2; 115 extern int ldv_state_variable_4; 116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1; 117 extern void ldv_initialyze_cfg80211_ops_18(void); 118 extern int evil_hack_15(void); 119 extern void choose_timer_2(void); 120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag); 122 extern void choose_timer_3(void); 123 extern void timer_init_3(void); 124 extern void ldv_net_device_ops_4(void); 125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 126 extern void timer_init_2(void); 127 extern void timer_init_1(void); 128 extern void ldv_net_device_ops_15(void); 129 extern void disable_suitable_timer_3(struct timer_list * timer); 130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data); 131 extern int evil_hack_4(void); 132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 133 extern void disable_suitable_timer_2(struct timer_list * timer); 134 extern void disable_suitable_timer_1(struct timer_list * timer); 135 extern int evil_hack_fs_lock(void); 136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag); 138 extern int __VERIFIER_nondet_int(void); 139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 140 extern void ldv_file_operations_17(void); 141 extern void ldv_initialyze_ethtool_ops_16(void); 142 extern void choose_timer_1(void); 143 extern void ldv_timer_1(int state, struct timer_list * timer); 144 extern int evil_hack_ar_lock(void); 145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data); 146 extern void ldv_timer_2(int state, struct timer_list * timer); 147 extern void ldv_timer_3(int state, struct timer_list * timer); 148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cfg.c" 149 /* 150 * Implement cfg80211 ("iw") support. 151 * 152 * Copyright (C) 2009 M&N Solutions GmbH, 61191 Rosbach, Germany 153 * Holger Schurig <hs4233@mail.mn-solutions.de> 154 * 155 */ 156 157 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 158 159 #include <linux/hardirq.h> 160 #include <linux/sched.h> 161 #include <linux/wait.h> 162 #include <linux/slab.h> 163 #include <linux/ieee80211.h> 164 #include <net/cfg80211.h> 165 #include <asm/unaligned.h> 166 167 #include "decl.h" 168 #include "cfg.h" 169 #include "cmd.h" 170 #include "mesh.h" 171 172 173 #define CHAN2G(_channel, _freq, _flags) { \ 174 .band = IEEE80211_BAND_2GHZ, \ 175 .center_freq = (_freq), \ 176 .hw_value = (_channel), \ 177 .flags = (_flags), \ 178 .max_antenna_gain = 0, \ 179 .max_power = 30, \ 180 } 181 182 static struct ieee80211_channel lbs_2ghz_channels[] = { 183 CHAN2G(1, 2412, 0), 184 CHAN2G(2, 2417, 0), 185 CHAN2G(3, 2422, 0), 186 CHAN2G(4, 2427, 0), 187 CHAN2G(5, 2432, 0), 188 CHAN2G(6, 2437, 0), 189 CHAN2G(7, 2442, 0), 190 CHAN2G(8, 2447, 0), 191 CHAN2G(9, 2452, 0), 192 CHAN2G(10, 2457, 0), 193 CHAN2G(11, 2462, 0), 194 CHAN2G(12, 2467, 0), 195 CHAN2G(13, 2472, 0), 196 CHAN2G(14, 2484, 0), 197 }; 198 199 #define RATETAB_ENT(_rate, _hw_value, _flags) { \ 200 .bitrate = (_rate), \ 201 .hw_value = (_hw_value), \ 202 .flags = (_flags), \ 203 } 204 205 206 /* Table 6 in section 3.2.1.1 */ 207 static struct ieee80211_rate lbs_rates[] = { 208 RATETAB_ENT(10, 0, 0), 209 RATETAB_ENT(20, 1, 0), 210 RATETAB_ENT(55, 2, 0), 211 RATETAB_ENT(110, 3, 0), 212 RATETAB_ENT(60, 9, 0), 213 RATETAB_ENT(90, 6, 0), 214 RATETAB_ENT(120, 7, 0), 215 RATETAB_ENT(180, 8, 0), 216 RATETAB_ENT(240, 9, 0), 217 RATETAB_ENT(360, 10, 0), 218 RATETAB_ENT(480, 11, 0), 219 RATETAB_ENT(540, 12, 0), 220 }; 221 222 static struct ieee80211_supported_band lbs_band_2ghz = { 223 .channels = lbs_2ghz_channels, 224 .n_channels = ARRAY_SIZE(lbs_2ghz_channels), 225 .bitrates = lbs_rates, 226 .n_bitrates = ARRAY_SIZE(lbs_rates), 227 }; 228 229 230 static const u32 cipher_suites[] = { 231 WLAN_CIPHER_SUITE_WEP40, 232 WLAN_CIPHER_SUITE_WEP104, 233 WLAN_CIPHER_SUITE_TKIP, 234 WLAN_CIPHER_SUITE_CCMP, 235 }; 236 237 /* Time to stay on the channel */ 238 #define LBS_DWELL_PASSIVE 100 239 #define LBS_DWELL_ACTIVE 40 240 241 242 /*************************************************************************** 243 * Misc utility functions 244 * 245 * TLVs are Marvell specific. They are very similar to IEs, they have the 246 * same structure: type, length, data*. The only difference: for IEs, the 247 * type and length are u8, but for TLVs they're __le16. 248 */ 249 250 /* 251 * Convert NL80211's auth_type to the one from Libertas, see chapter 5.9.1 252 * in the firmware spec 253 */ 254 static int lbs_auth_to_authtype(enum nl80211_auth_type auth_type) 255 { 256 int ret = -ENOTSUPP; 257 258 switch (auth_type) { 259 case NL80211_AUTHTYPE_OPEN_SYSTEM: 260 case NL80211_AUTHTYPE_SHARED_KEY: 261 ret = auth_type; 262 break; 263 case NL80211_AUTHTYPE_AUTOMATIC: 264 ret = NL80211_AUTHTYPE_OPEN_SYSTEM; 265 break; 266 case NL80211_AUTHTYPE_NETWORK_EAP: 267 ret = 0x80; 268 break; 269 default: 270 /* silence compiler */ 271 break; 272 } 273 return ret; 274 } 275 276 277 /* 278 * Various firmware commands need the list of supported rates, but with 279 * the hight-bit set for basic rates 280 */ 281 static int lbs_add_rates(u8 *rates) 282 { 283 size_t i; 284 285 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 286 u8 rate = lbs_rates[i].bitrate / 5; 287 if (rate == 0x02 || rate == 0x04 || 288 rate == 0x0b || rate == 0x16) 289 rate |= 0x80; 290 rates[i] = rate; 291 } 292 return ARRAY_SIZE(lbs_rates); 293 } 294 295 296 /*************************************************************************** 297 * TLV utility functions 298 * 299 * TLVs are Marvell specific. They are very similar to IEs, they have the 300 * same structure: type, length, data*. The only difference: for IEs, the 301 * type and length are u8, but for TLVs they're __le16. 302 */ 303 304 305 /* 306 * Add ssid TLV 307 */ 308 #define LBS_MAX_SSID_TLV_SIZE \ 309 (sizeof(struct mrvl_ie_header) \ 310 + IEEE80211_MAX_SSID_LEN) 311 312 static int lbs_add_ssid_tlv(u8 *tlv, const u8 *ssid, int ssid_len) 313 { 314 struct mrvl_ie_ssid_param_set *ssid_tlv = (void *)tlv; 315 316 /* 317 * TLV-ID SSID 00 00 318 * length 06 00 319 * ssid 4d 4e 54 45 53 54 320 */ 321 ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID); 322 ssid_tlv->header.len = cpu_to_le16(ssid_len); 323 memcpy(ssid_tlv->ssid, ssid, ssid_len); 324 return sizeof(ssid_tlv->header) + ssid_len; 325 } 326 327 328 /* 329 * Add channel list TLV (section 8.4.2) 330 * 331 * Actual channel data comes from priv->wdev->wiphy->channels. 332 */ 333 #define LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 334 (sizeof(struct mrvl_ie_header) \ 335 + (LBS_SCAN_BEFORE_NAP * sizeof(struct chanscanparamset))) 336 337 static int lbs_add_channel_list_tlv(struct lbs_private *priv, u8 *tlv, 338 int last_channel, int active_scan) 339 { 340 int chanscanparamsize = sizeof(struct chanscanparamset) * 341 (last_channel - priv->scan_channel); 342 343 struct mrvl_ie_header *header = (void *) tlv; 344 345 /* 346 * TLV-ID CHANLIST 01 01 347 * length 0e 00 348 * channel 00 01 00 00 00 64 00 349 * radio type 00 350 * channel 01 351 * scan type 00 352 * min scan time 00 00 353 * max scan time 64 00 354 * channel 2 00 02 00 00 00 64 00 355 * 356 */ 357 358 header->type = cpu_to_le16(TLV_TYPE_CHANLIST); 359 header->len = cpu_to_le16(chanscanparamsize); 360 tlv += sizeof(struct mrvl_ie_header); 361 362 /* lbs_deb_scan("scan: channels %d to %d\n", priv->scan_channel, 363 last_channel); */ 364 memset(tlv, 0, chanscanparamsize); 365 366 while (priv->scan_channel < last_channel) { 367 struct chanscanparamset *param = (void *) tlv; 368 369 param->radiotype = CMD_SCAN_RADIO_TYPE_BG; 370 param->channumber = 371 priv->scan_req->channels[priv->scan_channel]->hw_value; 372 if (active_scan) { 373 param->maxscantime = cpu_to_le16(LBS_DWELL_ACTIVE); 374 } else { 375 param->chanscanmode.passivescan = 1; 376 param->maxscantime = cpu_to_le16(LBS_DWELL_PASSIVE); 377 } 378 tlv += sizeof(struct chanscanparamset); 379 priv->scan_channel++; 380 } 381 return sizeof(struct mrvl_ie_header) + chanscanparamsize; 382 } 383 384 385 /* 386 * Add rates TLV 387 * 388 * The rates are in lbs_bg_rates[], but for the 802.11b 389 * rates the high bit is set. We add this TLV only because 390 * there's a firmware which otherwise doesn't report all 391 * APs in range. 392 */ 393 #define LBS_MAX_RATES_TLV_SIZE \ 394 (sizeof(struct mrvl_ie_header) \ 395 + (ARRAY_SIZE(lbs_rates))) 396 397 /* Adds a TLV with all rates the hardware supports */ 398 static int lbs_add_supported_rates_tlv(u8 *tlv) 399 { 400 size_t i; 401 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 402 403 /* 404 * TLV-ID RATES 01 00 405 * length 0e 00 406 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 407 */ 408 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 409 tlv += sizeof(rate_tlv->header); 410 i = lbs_add_rates(tlv); 411 tlv += i; 412 rate_tlv->header.len = cpu_to_le16(i); 413 return sizeof(rate_tlv->header) + i; 414 } 415 416 /* Add common rates from a TLV and return the new end of the TLV */ 417 static u8 * 418 add_ie_rates(u8 *tlv, const u8 *ie, int *nrates) 419 { 420 int hw, ap, ap_max = ie[1]; 421 u8 hw_rate; 422 423 /* Advance past IE header */ 424 ie += 2; 425 426 lbs_deb_hex(LBS_DEB_ASSOC, "AP IE Rates", (u8 *) ie, ap_max); 427 428 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 429 hw_rate = lbs_rates[hw].bitrate / 5; 430 for (ap = 0; ap < ap_max; ap++) { 431 if (hw_rate == (ie[ap] & 0x7f)) { 432 *tlv++ = ie[ap]; 433 *nrates = *nrates + 1; 434 } 435 } 436 } 437 return tlv; 438 } 439 440 /* 441 * Adds a TLV with all rates the hardware *and* BSS supports. 442 */ 443 static int lbs_add_common_rates_tlv(u8 *tlv, struct cfg80211_bss *bss) 444 { 445 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 446 const u8 *rates_eid, *ext_rates_eid; 447 int n = 0; 448 449 rcu_read_lock(); 450 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 451 ext_rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 452 453 /* 454 * 01 00 TLV_TYPE_RATES 455 * 04 00 len 456 * 82 84 8b 96 rates 457 */ 458 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 459 tlv += sizeof(rate_tlv->header); 460 461 /* Add basic rates */ 462 if (rates_eid) { 463 tlv = add_ie_rates(tlv, rates_eid, &n); 464 465 /* Add extended rates, if any */ 466 if (ext_rates_eid) 467 tlv = add_ie_rates(tlv, ext_rates_eid, &n); 468 } else { 469 lbs_deb_assoc("assoc: bss had no basic rate IE\n"); 470 /* Fallback: add basic 802.11b rates */ 471 *tlv++ = 0x82; 472 *tlv++ = 0x84; 473 *tlv++ = 0x8b; 474 *tlv++ = 0x96; 475 n = 4; 476 } 477 rcu_read_unlock(); 478 479 rate_tlv->header.len = cpu_to_le16(n); 480 return sizeof(rate_tlv->header) + n; 481 } 482 483 484 /* 485 * Add auth type TLV. 486 * 487 * This is only needed for newer firmware (V9 and up). 488 */ 489 #define LBS_MAX_AUTH_TYPE_TLV_SIZE \ 490 sizeof(struct mrvl_ie_auth_type) 491 492 static int lbs_add_auth_type_tlv(u8 *tlv, enum nl80211_auth_type auth_type) 493 { 494 struct mrvl_ie_auth_type *auth = (void *) tlv; 495 496 /* 497 * 1f 01 TLV_TYPE_AUTH_TYPE 498 * 01 00 len 499 * 01 auth type 500 */ 501 auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE); 502 auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header)); 503 auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type)); 504 return sizeof(*auth); 505 } 506 507 508 /* 509 * Add channel (phy ds) TLV 510 */ 511 #define LBS_MAX_CHANNEL_TLV_SIZE \ 512 sizeof(struct mrvl_ie_header) 513 514 static int lbs_add_channel_tlv(u8 *tlv, u8 channel) 515 { 516 struct mrvl_ie_ds_param_set *ds = (void *) tlv; 517 518 /* 519 * 03 00 TLV_TYPE_PHY_DS 520 * 01 00 len 521 * 06 channel 522 */ 523 ds->header.type = cpu_to_le16(TLV_TYPE_PHY_DS); 524 ds->header.len = cpu_to_le16(sizeof(*ds)-sizeof(ds->header)); 525 ds->channel = channel; 526 return sizeof(*ds); 527 } 528 529 530 /* 531 * Add (empty) CF param TLV of the form: 532 */ 533 #define LBS_MAX_CF_PARAM_TLV_SIZE \ 534 sizeof(struct mrvl_ie_header) 535 536 static int lbs_add_cf_param_tlv(u8 *tlv) 537 { 538 struct mrvl_ie_cf_param_set *cf = (void *)tlv; 539 540 /* 541 * 04 00 TLV_TYPE_CF 542 * 06 00 len 543 * 00 cfpcnt 544 * 00 cfpperiod 545 * 00 00 cfpmaxduration 546 * 00 00 cfpdurationremaining 547 */ 548 cf->header.type = cpu_to_le16(TLV_TYPE_CF); 549 cf->header.len = cpu_to_le16(sizeof(*cf)-sizeof(cf->header)); 550 return sizeof(*cf); 551 } 552 553 /* 554 * Add WPA TLV 555 */ 556 #define LBS_MAX_WPA_TLV_SIZE \ 557 (sizeof(struct mrvl_ie_header) \ 558 + 128 /* TODO: I guessed the size */) 559 560 static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len) 561 { 562 size_t tlv_len; 563 564 /* 565 * We need just convert an IE to an TLV. IEs use u8 for the header, 566 * u8 type 567 * u8 len 568 * u8[] data 569 * but TLVs use __le16 instead: 570 * __le16 type 571 * __le16 len 572 * u8[] data 573 */ 574 *tlv++ = *ie++; 575 *tlv++ = 0; 576 tlv_len = *tlv++ = *ie++; 577 *tlv++ = 0; 578 while (tlv_len--) 579 *tlv++ = *ie++; 580 /* the TLV is two bytes larger than the IE */ 581 return ie_len + 2; 582 } 583 584 /* 585 * Set Channel 586 */ 587 588 static int lbs_cfg_set_monitor_channel(struct wiphy *wiphy, 589 struct cfg80211_chan_def *chandef) 590 { 591 struct lbs_private *priv = wiphy_priv(wiphy); 592 int ret = -ENOTSUPP; 593 594 lbs_deb_enter_args(LBS_DEB_CFG80211, "freq %d, type %d", 595 chandef->chan->center_freq, 596 cfg80211_get_chandef_type(chandef)); 597 598 if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT) 599 goto out; 600 601 ret = lbs_set_channel(priv, chandef->chan->hw_value); 602 603 out: 604 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 605 return ret; 606 } 607 608 static int lbs_cfg_set_mesh_channel(struct wiphy *wiphy, 609 struct net_device *netdev, 610 struct ieee80211_channel *channel) 611 { 612 struct lbs_private *priv = wiphy_priv(wiphy); 613 int ret = -ENOTSUPP; 614 615 lbs_deb_enter_args(LBS_DEB_CFG80211, "iface %s freq %d", 616 netdev_name(netdev), channel->center_freq); 617 618 if (netdev != priv->mesh_dev) 619 goto out; 620 621 ret = lbs_mesh_set_channel(priv, channel->hw_value); 622 623 out: 624 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 625 return ret; 626 } 627 628 629 630 /* 631 * Scanning 632 */ 633 634 /* 635 * When scanning, the firmware doesn't send a nul packet with the power-safe 636 * bit to the AP. So we cannot stay away from our current channel too long, 637 * otherwise we loose data. So take a "nap" while scanning every other 638 * while. 639 */ 640 #define LBS_SCAN_BEFORE_NAP 4 641 642 643 /* 644 * When the firmware reports back a scan-result, it gives us an "u8 rssi", 645 * which isn't really an RSSI, as it becomes larger when moving away from 646 * the AP. Anyway, we need to convert that into mBm. 647 */ 648 #define LBS_SCAN_RSSI_TO_MBM(rssi) \ 649 ((-(int)rssi + 3)*100) 650 651 static int lbs_ret_scan(struct lbs_private *priv, unsigned long dummy, 652 struct cmd_header *resp) 653 { 654 struct cfg80211_bss *bss; 655 struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp; 656 int bsssize; 657 const u8 *pos; 658 const u8 *tsfdesc; 659 int tsfsize; 660 int i; 661 int ret = -EILSEQ; 662 663 lbs_deb_enter(LBS_DEB_CFG80211); 664 665 bsssize = get_unaligned_le16(&scanresp->bssdescriptsize); 666 667 lbs_deb_scan("scan response: %d BSSs (%d bytes); resp size %d bytes\n", 668 scanresp->nr_sets, bsssize, le16_to_cpu(resp->size)); 669 670 if (scanresp->nr_sets == 0) { 671 ret = 0; 672 goto done; 673 } 674 675 /* 676 * The general layout of the scan response is described in chapter 677 * 5.7.1. Basically we have a common part, then any number of BSS 678 * descriptor sections. Finally we have section with the same number 679 * of TSFs. 680 * 681 * cmd_ds_802_11_scan_rsp 682 * cmd_header 683 * pos_size 684 * nr_sets 685 * bssdesc 1 686 * bssid 687 * rssi 688 * timestamp 689 * intvl 690 * capa 691 * IEs 692 * bssdesc 2 693 * bssdesc n 694 * MrvlIEtypes_TsfFimestamp_t 695 * TSF for BSS 1 696 * TSF for BSS 2 697 * TSF for BSS n 698 */ 699 700 pos = scanresp->bssdesc_and_tlvbuffer; 701 702 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_RSP", scanresp->bssdesc_and_tlvbuffer, 703 scanresp->bssdescriptsize); 704 705 tsfdesc = pos + bsssize; 706 tsfsize = 4 + 8 * scanresp->nr_sets; 707 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TSF", (u8 *) tsfdesc, tsfsize); 708 709 /* Validity check: we expect a Marvell-Local TLV */ 710 i = get_unaligned_le16(tsfdesc); 711 tsfdesc += 2; 712 if (i != TLV_TYPE_TSFTIMESTAMP) { 713 lbs_deb_scan("scan response: invalid TSF Timestamp %d\n", i); 714 goto done; 715 } 716 717 /* 718 * Validity check: the TLV holds TSF values with 8 bytes each, so 719 * the size in the TLV must match the nr_sets value 720 */ 721 i = get_unaligned_le16(tsfdesc); 722 tsfdesc += 2; 723 if (i / 8 != scanresp->nr_sets) { 724 lbs_deb_scan("scan response: invalid number of TSF timestamp " 725 "sets (expected %d got %d)\n", scanresp->nr_sets, 726 i / 8); 727 goto done; 728 } 729 730 for (i = 0; i < scanresp->nr_sets; i++) { 731 const u8 *bssid; 732 const u8 *ie; 733 int left; 734 int ielen; 735 int rssi; 736 u16 intvl; 737 u16 capa; 738 int chan_no = -1; 739 const u8 *ssid = NULL; 740 u8 ssid_len = 0; 741 742 int len = get_unaligned_le16(pos); 743 pos += 2; 744 745 /* BSSID */ 746 bssid = pos; 747 pos += ETH_ALEN; 748 /* RSSI */ 749 rssi = *pos++; 750 /* Packet time stamp */ 751 pos += 8; 752 /* Beacon interval */ 753 intvl = get_unaligned_le16(pos); 754 pos += 2; 755 /* Capabilities */ 756 capa = get_unaligned_le16(pos); 757 pos += 2; 758 759 /* To find out the channel, we must parse the IEs */ 760 ie = pos; 761 /* 762 * 6+1+8+2+2: size of BSSID, RSSI, time stamp, beacon 763 * interval, capabilities 764 */ 765 ielen = left = len - (6 + 1 + 8 + 2 + 2); 766 while (left >= 2) { 767 u8 id, elen; 768 id = *pos++; 769 elen = *pos++; 770 left -= 2; 771 if (elen > left) { 772 lbs_deb_scan("scan response: invalid IE fmt\n"); 773 goto done; 774 } 775 776 if (id == WLAN_EID_DS_PARAMS) 777 chan_no = *pos; 778 if (id == WLAN_EID_SSID) { 779 ssid = pos; 780 ssid_len = elen; 781 } 782 left -= elen; 783 pos += elen; 784 } 785 786 /* No channel, no luck */ 787 if (chan_no != -1) { 788 struct wiphy *wiphy = priv->wdev->wiphy; 789 int freq = ieee80211_channel_to_frequency(chan_no, 790 IEEE80211_BAND_2GHZ); 791 struct ieee80211_channel *channel = 792 ieee80211_get_channel(wiphy, freq); 793 794 lbs_deb_scan("scan: %pM, capa %04x, chan %2d, %*pE, %d dBm\n", 795 bssid, capa, chan_no, ssid_len, ssid, 796 LBS_SCAN_RSSI_TO_MBM(rssi)/100); 797 798 if (channel && 799 !(channel->flags & IEEE80211_CHAN_DISABLED)) { 800 bss = cfg80211_inform_bss(wiphy, channel, 801 CFG80211_BSS_FTYPE_UNKNOWN, 802 bssid, get_unaligned_le64(tsfdesc), 803 capa, intvl, ie, ielen, 804 LBS_SCAN_RSSI_TO_MBM(rssi), 805 GFP_KERNEL); 806 cfg80211_put_bss(wiphy, bss); 807 } 808 } else 809 lbs_deb_scan("scan response: missing BSS channel IE\n"); 810 811 tsfdesc += 8; 812 } 813 ret = 0; 814 815 done: 816 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret); 817 return ret; 818 } 819 820 821 /* 822 * Our scan command contains a TLV, consting of a SSID TLV, a channel list 823 * TLV and a rates TLV. Determine the maximum size of them: 824 */ 825 #define LBS_SCAN_MAX_CMD_SIZE \ 826 (sizeof(struct cmd_ds_802_11_scan) \ 827 + LBS_MAX_SSID_TLV_SIZE \ 828 + LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 829 + LBS_MAX_RATES_TLV_SIZE) 830 831 /* 832 * Assumes priv->scan_req is initialized and valid 833 * Assumes priv->scan_channel is initialized 834 */ 835 static void lbs_scan_worker(struct work_struct *work) 836 { 837 struct lbs_private *priv = 838 container_of(work, struct lbs_private, scan_work.work); 839 struct cmd_ds_802_11_scan *scan_cmd; 840 u8 *tlv; /* pointer into our current, growing TLV storage area */ 841 int last_channel; 842 int running, carrier; 843 844 lbs_deb_enter(LBS_DEB_SCAN); 845 846 scan_cmd = kzalloc(LBS_SCAN_MAX_CMD_SIZE, GFP_KERNEL); 847 if (scan_cmd == NULL) 848 goto out_no_scan_cmd; 849 850 /* prepare fixed part of scan command */ 851 scan_cmd->bsstype = CMD_BSS_TYPE_ANY; 852 853 /* stop network while we're away from our main channel */ 854 running = !netif_queue_stopped(priv->dev); 855 carrier = netif_carrier_ok(priv->dev); 856 if (running) 857 netif_stop_queue(priv->dev); 858 if (carrier) 859 netif_carrier_off(priv->dev); 860 861 /* prepare fixed part of scan command */ 862 tlv = scan_cmd->tlvbuffer; 863 864 /* add SSID TLV */ 865 if (priv->scan_req->n_ssids && priv->scan_req->ssids[0].ssid_len > 0) 866 tlv += lbs_add_ssid_tlv(tlv, 867 priv->scan_req->ssids[0].ssid, 868 priv->scan_req->ssids[0].ssid_len); 869 870 /* add channel TLVs */ 871 last_channel = priv->scan_channel + LBS_SCAN_BEFORE_NAP; 872 if (last_channel > priv->scan_req->n_channels) 873 last_channel = priv->scan_req->n_channels; 874 tlv += lbs_add_channel_list_tlv(priv, tlv, last_channel, 875 priv->scan_req->n_ssids); 876 877 /* add rates TLV */ 878 tlv += lbs_add_supported_rates_tlv(tlv); 879 880 if (priv->scan_channel < priv->scan_req->n_channels) { 881 cancel_delayed_work(&priv->scan_work); 882 if (netif_running(priv->dev)) 883 queue_delayed_work(priv->work_thread, &priv->scan_work, 884 msecs_to_jiffies(300)); 885 } 886 887 /* This is the final data we are about to send */ 888 scan_cmd->hdr.size = cpu_to_le16(tlv - (u8 *)scan_cmd); 889 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd, 890 sizeof(*scan_cmd)); 891 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer, 892 tlv - scan_cmd->tlvbuffer); 893 894 __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr, 895 le16_to_cpu(scan_cmd->hdr.size), 896 lbs_ret_scan, 0); 897 898 if (priv->scan_channel >= priv->scan_req->n_channels) { 899 /* Mark scan done */ 900 cancel_delayed_work(&priv->scan_work); 901 lbs_scan_done(priv); 902 } 903 904 /* Restart network */ 905 if (carrier) 906 netif_carrier_on(priv->dev); 907 if (running && !priv->tx_pending_len) 908 netif_wake_queue(priv->dev); 909 910 kfree(scan_cmd); 911 912 /* Wake up anything waiting on scan completion */ 913 if (priv->scan_req == NULL) { 914 lbs_deb_scan("scan: waking up waiters\n"); 915 wake_up_all(&priv->scan_q); 916 } 917 918 out_no_scan_cmd: 919 lbs_deb_leave(LBS_DEB_SCAN); 920 } 921 922 static void _internal_start_scan(struct lbs_private *priv, bool internal, 923 struct cfg80211_scan_request *request) 924 { 925 lbs_deb_enter(LBS_DEB_CFG80211); 926 927 lbs_deb_scan("scan: ssids %d, channels %d, ie_len %zd\n", 928 request->n_ssids, request->n_channels, request->ie_len); 929 930 priv->scan_channel = 0; 931 priv->scan_req = request; 932 priv->internal_scan = internal; 933 934 queue_delayed_work(priv->work_thread, &priv->scan_work, 935 msecs_to_jiffies(50)); 936 937 lbs_deb_leave(LBS_DEB_CFG80211); 938 } 939 940 /* 941 * Clean up priv->scan_req. Should be used to handle the allocation details. 942 */ 943 void lbs_scan_done(struct lbs_private *priv) 944 { 945 WARN_ON(!priv->scan_req); 946 947 if (priv->internal_scan) 948 kfree(priv->scan_req); 949 else 950 cfg80211_scan_done(priv->scan_req, false); 951 952 priv->scan_req = NULL; 953 } 954 955 static int lbs_cfg_scan(struct wiphy *wiphy, 956 struct cfg80211_scan_request *request) 957 { 958 struct lbs_private *priv = wiphy_priv(wiphy); 959 int ret = 0; 960 961 lbs_deb_enter(LBS_DEB_CFG80211); 962 963 if (priv->scan_req || delayed_work_pending(&priv->scan_work)) { 964 /* old scan request not yet processed */ 965 ret = -EAGAIN; 966 goto out; 967 } 968 969 _internal_start_scan(priv, false, request); 970 971 if (priv->surpriseremoved) 972 ret = -EIO; 973 974 out: 975 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 976 return ret; 977 } 978 979 980 981 982 /* 983 * Events 984 */ 985 986 void lbs_send_disconnect_notification(struct lbs_private *priv, 987 bool locally_generated) 988 { 989 lbs_deb_enter(LBS_DEB_CFG80211); 990 991 cfg80211_disconnected(priv->dev, 0, NULL, 0, locally_generated, 992 GFP_KERNEL); 993 994 lbs_deb_leave(LBS_DEB_CFG80211); 995 } 996 997 void lbs_send_mic_failureevent(struct lbs_private *priv, u32 event) 998 { 999 lbs_deb_enter(LBS_DEB_CFG80211); 1000 1001 cfg80211_michael_mic_failure(priv->dev, 1002 priv->assoc_bss, 1003 event == MACREG_INT_CODE_MIC_ERR_MULTICAST ? 1004 NL80211_KEYTYPE_GROUP : 1005 NL80211_KEYTYPE_PAIRWISE, 1006 -1, 1007 NULL, 1008 GFP_KERNEL); 1009 1010 lbs_deb_leave(LBS_DEB_CFG80211); 1011 } 1012 1013 1014 1015 1016 /* 1017 * Connect/disconnect 1018 */ 1019 1020 1021 /* 1022 * This removes all WEP keys 1023 */ 1024 static int lbs_remove_wep_keys(struct lbs_private *priv) 1025 { 1026 struct cmd_ds_802_11_set_wep cmd; 1027 int ret; 1028 1029 lbs_deb_enter(LBS_DEB_CFG80211); 1030 1031 memset(&cmd, 0, sizeof(cmd)); 1032 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1033 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 1034 cmd.action = cpu_to_le16(CMD_ACT_REMOVE); 1035 1036 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 1037 1038 lbs_deb_leave(LBS_DEB_CFG80211); 1039 return ret; 1040 } 1041 1042 /* 1043 * Set WEP keys 1044 */ 1045 static int lbs_set_wep_keys(struct lbs_private *priv) 1046 { 1047 struct cmd_ds_802_11_set_wep cmd; 1048 int i; 1049 int ret; 1050 1051 lbs_deb_enter(LBS_DEB_CFG80211); 1052 1053 /* 1054 * command 13 00 1055 * size 50 00 1056 * sequence xx xx 1057 * result 00 00 1058 * action 02 00 ACT_ADD 1059 * transmit key 00 00 1060 * type for key 1 01 WEP40 1061 * type for key 2 00 1062 * type for key 3 00 1063 * type for key 4 00 1064 * key 1 39 39 39 39 39 00 00 00 1065 * 00 00 00 00 00 00 00 00 1066 * key 2 00 00 00 00 00 00 00 00 1067 * 00 00 00 00 00 00 00 00 1068 * key 3 00 00 00 00 00 00 00 00 1069 * 00 00 00 00 00 00 00 00 1070 * key 4 00 00 00 00 00 00 00 00 1071 */ 1072 if (priv->wep_key_len[0] || priv->wep_key_len[1] || 1073 priv->wep_key_len[2] || priv->wep_key_len[3]) { 1074 /* Only set wep keys if we have at least one of them */ 1075 memset(&cmd, 0, sizeof(cmd)); 1076 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1077 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 1078 cmd.action = cpu_to_le16(CMD_ACT_ADD); 1079 1080 for (i = 0; i < 4; i++) { 1081 switch (priv->wep_key_len[i]) { 1082 case WLAN_KEY_LEN_WEP40: 1083 cmd.keytype[i] = CMD_TYPE_WEP_40_BIT; 1084 break; 1085 case WLAN_KEY_LEN_WEP104: 1086 cmd.keytype[i] = CMD_TYPE_WEP_104_BIT; 1087 break; 1088 default: 1089 cmd.keytype[i] = 0; 1090 break; 1091 } 1092 memcpy(cmd.keymaterial[i], priv->wep_key[i], 1093 priv->wep_key_len[i]); 1094 } 1095 1096 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 1097 } else { 1098 /* Otherwise remove all wep keys */ 1099 ret = lbs_remove_wep_keys(priv); 1100 } 1101 1102 lbs_deb_leave(LBS_DEB_CFG80211); 1103 return ret; 1104 } 1105 1106 1107 /* 1108 * Enable/Disable RSN status 1109 */ 1110 static int lbs_enable_rsn(struct lbs_private *priv, int enable) 1111 { 1112 struct cmd_ds_802_11_enable_rsn cmd; 1113 int ret; 1114 1115 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", enable); 1116 1117 /* 1118 * cmd 2f 00 1119 * size 0c 00 1120 * sequence xx xx 1121 * result 00 00 1122 * action 01 00 ACT_SET 1123 * enable 01 00 1124 */ 1125 memset(&cmd, 0, sizeof(cmd)); 1126 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1127 cmd.action = cpu_to_le16(CMD_ACT_SET); 1128 cmd.enable = cpu_to_le16(enable); 1129 1130 ret = lbs_cmd_with_response(priv, CMD_802_11_ENABLE_RSN, &cmd); 1131 1132 lbs_deb_leave(LBS_DEB_CFG80211); 1133 return ret; 1134 } 1135 1136 1137 /* 1138 * Set WPA/WPA key material 1139 */ 1140 1141 /* 1142 * like "struct cmd_ds_802_11_key_material", but with cmd_header. Once we 1143 * get rid of WEXT, this should go into host.h 1144 */ 1145 1146 struct cmd_key_material { 1147 struct cmd_header hdr; 1148 1149 __le16 action; 1150 struct MrvlIEtype_keyParamSet param; 1151 } __packed; 1152 1153 static int lbs_set_key_material(struct lbs_private *priv, 1154 int key_type, int key_info, 1155 const u8 *key, u16 key_len) 1156 { 1157 struct cmd_key_material cmd; 1158 int ret; 1159 1160 lbs_deb_enter(LBS_DEB_CFG80211); 1161 1162 /* 1163 * Example for WPA (TKIP): 1164 * 1165 * cmd 5e 00 1166 * size 34 00 1167 * sequence xx xx 1168 * result 00 00 1169 * action 01 00 1170 * TLV type 00 01 key param 1171 * length 00 26 1172 * key type 01 00 TKIP 1173 * key info 06 00 UNICAST | ENABLED 1174 * key len 20 00 1175 * key 32 bytes 1176 */ 1177 memset(&cmd, 0, sizeof(cmd)); 1178 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1179 cmd.action = cpu_to_le16(CMD_ACT_SET); 1180 cmd.param.type = cpu_to_le16(TLV_TYPE_KEY_MATERIAL); 1181 cmd.param.length = cpu_to_le16(sizeof(cmd.param) - 4); 1182 cmd.param.keytypeid = cpu_to_le16(key_type); 1183 cmd.param.keyinfo = cpu_to_le16(key_info); 1184 cmd.param.keylen = cpu_to_le16(key_len); 1185 if (key && key_len) 1186 memcpy(cmd.param.key, key, key_len); 1187 1188 ret = lbs_cmd_with_response(priv, CMD_802_11_KEY_MATERIAL, &cmd); 1189 1190 lbs_deb_leave(LBS_DEB_CFG80211); 1191 return ret; 1192 } 1193 1194 1195 /* 1196 * Sets the auth type (open, shared, etc) in the firmware. That 1197 * we use CMD_802_11_AUTHENTICATE is misleading, this firmware 1198 * command doesn't send an authentication frame at all, it just 1199 * stores the auth_type. 1200 */ 1201 static int lbs_set_authtype(struct lbs_private *priv, 1202 struct cfg80211_connect_params *sme) 1203 { 1204 struct cmd_ds_802_11_authenticate cmd; 1205 int ret; 1206 1207 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", sme->auth_type); 1208 1209 /* 1210 * cmd 11 00 1211 * size 19 00 1212 * sequence xx xx 1213 * result 00 00 1214 * BSS id 00 13 19 80 da 30 1215 * auth type 00 1216 * reserved 00 00 00 00 00 00 00 00 00 00 1217 */ 1218 memset(&cmd, 0, sizeof(cmd)); 1219 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1220 if (sme->bssid) 1221 memcpy(cmd.bssid, sme->bssid, ETH_ALEN); 1222 /* convert auth_type */ 1223 ret = lbs_auth_to_authtype(sme->auth_type); 1224 if (ret < 0) 1225 goto done; 1226 1227 cmd.authtype = ret; 1228 ret = lbs_cmd_with_response(priv, CMD_802_11_AUTHENTICATE, &cmd); 1229 1230 done: 1231 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1232 return ret; 1233 } 1234 1235 1236 /* 1237 * Create association request 1238 */ 1239 #define LBS_ASSOC_MAX_CMD_SIZE \ 1240 (sizeof(struct cmd_ds_802_11_associate) \ 1241 - 512 /* cmd_ds_802_11_associate.iebuf */ \ 1242 + LBS_MAX_SSID_TLV_SIZE \ 1243 + LBS_MAX_CHANNEL_TLV_SIZE \ 1244 + LBS_MAX_CF_PARAM_TLV_SIZE \ 1245 + LBS_MAX_AUTH_TYPE_TLV_SIZE \ 1246 + LBS_MAX_WPA_TLV_SIZE) 1247 1248 static int lbs_associate(struct lbs_private *priv, 1249 struct cfg80211_bss *bss, 1250 struct cfg80211_connect_params *sme) 1251 { 1252 struct cmd_ds_802_11_associate_response *resp; 1253 struct cmd_ds_802_11_associate *cmd = kzalloc(LBS_ASSOC_MAX_CMD_SIZE, 1254 GFP_KERNEL); 1255 const u8 *ssid_eid; 1256 size_t len, resp_ie_len; 1257 int status; 1258 int ret; 1259 u8 *pos; 1260 u8 *tmp; 1261 1262 lbs_deb_enter(LBS_DEB_CFG80211); 1263 1264 if (!cmd) { 1265 ret = -ENOMEM; 1266 goto done; 1267 } 1268 pos = &cmd->iebuf[0]; 1269 1270 /* 1271 * cmd 50 00 1272 * length 34 00 1273 * sequence xx xx 1274 * result 00 00 1275 * BSS id 00 13 19 80 da 30 1276 * capabilities 11 00 1277 * listen interval 0a 00 1278 * beacon interval 00 00 1279 * DTIM period 00 1280 * TLVs xx (up to 512 bytes) 1281 */ 1282 cmd->hdr.command = cpu_to_le16(CMD_802_11_ASSOCIATE); 1283 1284 /* Fill in static fields */ 1285 memcpy(cmd->bssid, bss->bssid, ETH_ALEN); 1286 cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL); 1287 cmd->capability = cpu_to_le16(bss->capability); 1288 1289 /* add SSID TLV */ 1290 rcu_read_lock(); 1291 ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID); 1292 if (ssid_eid) 1293 pos += lbs_add_ssid_tlv(pos, ssid_eid + 2, ssid_eid[1]); 1294 else 1295 lbs_deb_assoc("no SSID\n"); 1296 rcu_read_unlock(); 1297 1298 /* add DS param TLV */ 1299 if (bss->channel) 1300 pos += lbs_add_channel_tlv(pos, bss->channel->hw_value); 1301 else 1302 lbs_deb_assoc("no channel\n"); 1303 1304 /* add (empty) CF param TLV */ 1305 pos += lbs_add_cf_param_tlv(pos); 1306 1307 /* add rates TLV */ 1308 tmp = pos + 4; /* skip Marvell IE header */ 1309 pos += lbs_add_common_rates_tlv(pos, bss); 1310 lbs_deb_hex(LBS_DEB_ASSOC, "Common Rates", tmp, pos - tmp); 1311 1312 /* add auth type TLV */ 1313 if (MRVL_FW_MAJOR_REV(priv->fwrelease) >= 9) 1314 pos += lbs_add_auth_type_tlv(pos, sme->auth_type); 1315 1316 /* add WPA/WPA2 TLV */ 1317 if (sme->ie && sme->ie_len) 1318 pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len); 1319 1320 len = (sizeof(*cmd) - sizeof(cmd->iebuf)) + 1321 (u16)(pos - (u8 *) &cmd->iebuf); 1322 cmd->hdr.size = cpu_to_le16(len); 1323 1324 lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd, 1325 le16_to_cpu(cmd->hdr.size)); 1326 1327 /* store for later use */ 1328 memcpy(priv->assoc_bss, bss->bssid, ETH_ALEN); 1329 1330 ret = lbs_cmd_with_response(priv, CMD_802_11_ASSOCIATE, cmd); 1331 if (ret) 1332 goto done; 1333 1334 /* generate connect message to cfg80211 */ 1335 1336 resp = (void *) cmd; /* recast for easier field access */ 1337 status = le16_to_cpu(resp->statuscode); 1338 1339 /* Older FW versions map the IEEE 802.11 Status Code in the association 1340 * response to the following values returned in resp->statuscode: 1341 * 1342 * IEEE Status Code Marvell Status Code 1343 * 0 -> 0x0000 ASSOC_RESULT_SUCCESS 1344 * 13 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1345 * 14 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1346 * 15 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1347 * 16 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1348 * others -> 0x0003 ASSOC_RESULT_REFUSED 1349 * 1350 * Other response codes: 1351 * 0x0001 -> ASSOC_RESULT_INVALID_PARAMETERS (unused) 1352 * 0x0002 -> ASSOC_RESULT_TIMEOUT (internal timer expired waiting for 1353 * association response from the AP) 1354 */ 1355 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 1356 switch (status) { 1357 case 0: 1358 break; 1359 case 1: 1360 lbs_deb_assoc("invalid association parameters\n"); 1361 status = WLAN_STATUS_CAPS_UNSUPPORTED; 1362 break; 1363 case 2: 1364 lbs_deb_assoc("timer expired while waiting for AP\n"); 1365 status = WLAN_STATUS_AUTH_TIMEOUT; 1366 break; 1367 case 3: 1368 lbs_deb_assoc("association refused by AP\n"); 1369 status = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1370 break; 1371 case 4: 1372 lbs_deb_assoc("authentication refused by AP\n"); 1373 status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1374 break; 1375 default: 1376 lbs_deb_assoc("association failure %d\n", status); 1377 /* v5 OLPC firmware does return the AP status code if 1378 * it's not one of the values above. Let that through. 1379 */ 1380 break; 1381 } 1382 } 1383 1384 lbs_deb_assoc("status %d, statuscode 0x%04x, capability 0x%04x, " 1385 "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode), 1386 le16_to_cpu(resp->capability), le16_to_cpu(resp->aid)); 1387 1388 resp_ie_len = le16_to_cpu(resp->hdr.size) 1389 - sizeof(resp->hdr) 1390 - 6; 1391 cfg80211_connect_result(priv->dev, 1392 priv->assoc_bss, 1393 sme->ie, sme->ie_len, 1394 resp->iebuf, resp_ie_len, 1395 status, 1396 GFP_KERNEL); 1397 1398 if (status == 0) { 1399 /* TODO: get rid of priv->connect_status */ 1400 priv->connect_status = LBS_CONNECTED; 1401 netif_carrier_on(priv->dev); 1402 if (!priv->tx_pending_len) 1403 netif_tx_wake_all_queues(priv->dev); 1404 } 1405 1406 kfree(cmd); 1407 done: 1408 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1409 return ret; 1410 } 1411 1412 static struct cfg80211_scan_request * 1413 _new_connect_scan_req(struct wiphy *wiphy, struct cfg80211_connect_params *sme) 1414 { 1415 struct cfg80211_scan_request *creq = NULL; 1416 int i, n_channels = ieee80211_get_num_supported_channels(wiphy); 1417 enum ieee80211_band band; 1418 1419 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1420 n_channels * sizeof(void *), 1421 GFP_ATOMIC); 1422 if (!creq) 1423 return NULL; 1424 1425 /* SSIDs come after channels */ 1426 creq->ssids = (void *)&creq->channels[n_channels]; 1427 creq->n_channels = n_channels; 1428 creq->n_ssids = 1; 1429 1430 /* Scan all available channels */ 1431 i = 0; 1432 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1433 int j; 1434 1435 if (!wiphy->bands[band]) 1436 continue; 1437 1438 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1439 /* ignore disabled channels */ 1440 if (wiphy->bands[band]->channels[j].flags & 1441 IEEE80211_CHAN_DISABLED) 1442 continue; 1443 1444 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1445 i++; 1446 } 1447 } 1448 if (i) { 1449 /* Set real number of channels specified in creq->channels[] */ 1450 creq->n_channels = i; 1451 1452 /* Scan for the SSID we're going to connect to */ 1453 memcpy(creq->ssids[0].ssid, sme->ssid, sme->ssid_len); 1454 creq->ssids[0].ssid_len = sme->ssid_len; 1455 } else { 1456 /* No channels found... */ 1457 kfree(creq); 1458 creq = NULL; 1459 } 1460 1461 return creq; 1462 } 1463 1464 static int lbs_cfg_connect(struct wiphy *wiphy, struct net_device *dev, 1465 struct cfg80211_connect_params *sme) 1466 { 1467 struct lbs_private *priv = wiphy_priv(wiphy); 1468 struct cfg80211_bss *bss = NULL; 1469 int ret = 0; 1470 u8 preamble = RADIO_PREAMBLE_SHORT; 1471 1472 if (dev == priv->mesh_dev) 1473 return -EOPNOTSUPP; 1474 1475 lbs_deb_enter(LBS_DEB_CFG80211); 1476 1477 if (!sme->bssid) { 1478 struct cfg80211_scan_request *creq; 1479 1480 /* 1481 * Scan for the requested network after waiting for existing 1482 * scans to finish. 1483 */ 1484 lbs_deb_assoc("assoc: waiting for existing scans\n"); 1485 wait_event_interruptible_timeout(priv->scan_q, 1486 (priv->scan_req == NULL), 1487 (15 * HZ)); 1488 1489 creq = _new_connect_scan_req(wiphy, sme); 1490 if (!creq) { 1491 ret = -EINVAL; 1492 goto done; 1493 } 1494 1495 lbs_deb_assoc("assoc: scanning for compatible AP\n"); 1496 _internal_start_scan(priv, true, creq); 1497 1498 lbs_deb_assoc("assoc: waiting for scan to complete\n"); 1499 wait_event_interruptible_timeout(priv->scan_q, 1500 (priv->scan_req == NULL), 1501 (15 * HZ)); 1502 lbs_deb_assoc("assoc: scanning completed\n"); 1503 } 1504 1505 /* Find the BSS we want using available scan results */ 1506 bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid, 1507 sme->ssid, sme->ssid_len, IEEE80211_BSS_TYPE_ESS, 1508 IEEE80211_PRIVACY_ANY); 1509 if (!bss) { 1510 wiphy_err(wiphy, "assoc: bss %pM not in scan results\n", 1511 sme->bssid); 1512 ret = -ENOENT; 1513 goto done; 1514 } 1515 lbs_deb_assoc("trying %pM\n", bss->bssid); 1516 lbs_deb_assoc("cipher 0x%x, key index %d, key len %d\n", 1517 sme->crypto.cipher_group, 1518 sme->key_idx, sme->key_len); 1519 1520 /* As this is a new connection, clear locally stored WEP keys */ 1521 priv->wep_tx_key = 0; 1522 memset(priv->wep_key, 0, sizeof(priv->wep_key)); 1523 memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len)); 1524 1525 /* set/remove WEP keys */ 1526 switch (sme->crypto.cipher_group) { 1527 case WLAN_CIPHER_SUITE_WEP40: 1528 case WLAN_CIPHER_SUITE_WEP104: 1529 /* Store provided WEP keys in priv-> */ 1530 priv->wep_tx_key = sme->key_idx; 1531 priv->wep_key_len[sme->key_idx] = sme->key_len; 1532 memcpy(priv->wep_key[sme->key_idx], sme->key, sme->key_len); 1533 /* Set WEP keys and WEP mode */ 1534 lbs_set_wep_keys(priv); 1535 priv->mac_control |= CMD_ACT_MAC_WEP_ENABLE; 1536 lbs_set_mac_control(priv); 1537 /* No RSN mode for WEP */ 1538 lbs_enable_rsn(priv, 0); 1539 break; 1540 case 0: /* there's no WLAN_CIPHER_SUITE_NONE definition */ 1541 /* 1542 * If we don't have no WEP, no WPA and no WPA2, 1543 * we remove all keys like in the WPA/WPA2 setup, 1544 * we just don't set RSN. 1545 * 1546 * Therefore: fall-through 1547 */ 1548 case WLAN_CIPHER_SUITE_TKIP: 1549 case WLAN_CIPHER_SUITE_CCMP: 1550 /* Remove WEP keys and WEP mode */ 1551 lbs_remove_wep_keys(priv); 1552 priv->mac_control &= ~CMD_ACT_MAC_WEP_ENABLE; 1553 lbs_set_mac_control(priv); 1554 1555 /* clear the WPA/WPA2 keys */ 1556 lbs_set_key_material(priv, 1557 KEY_TYPE_ID_WEP, /* doesn't matter */ 1558 KEY_INFO_WPA_UNICAST, 1559 NULL, 0); 1560 lbs_set_key_material(priv, 1561 KEY_TYPE_ID_WEP, /* doesn't matter */ 1562 KEY_INFO_WPA_MCAST, 1563 NULL, 0); 1564 /* RSN mode for WPA/WPA2 */ 1565 lbs_enable_rsn(priv, sme->crypto.cipher_group != 0); 1566 break; 1567 default: 1568 wiphy_err(wiphy, "unsupported cipher group 0x%x\n", 1569 sme->crypto.cipher_group); 1570 ret = -ENOTSUPP; 1571 goto done; 1572 } 1573 1574 ret = lbs_set_authtype(priv, sme); 1575 if (ret == -ENOTSUPP) { 1576 wiphy_err(wiphy, "unsupported authtype 0x%x\n", sme->auth_type); 1577 goto done; 1578 } 1579 1580 lbs_set_radio(priv, preamble, 1); 1581 1582 /* Do the actual association */ 1583 ret = lbs_associate(priv, bss, sme); 1584 1585 done: 1586 if (bss) 1587 cfg80211_put_bss(wiphy, bss); 1588 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1589 return ret; 1590 } 1591 1592 int lbs_disconnect(struct lbs_private *priv, u16 reason) 1593 { 1594 struct cmd_ds_802_11_deauthenticate cmd; 1595 int ret; 1596 1597 memset(&cmd, 0, sizeof(cmd)); 1598 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1599 /* Mildly ugly to use a locally store my own BSSID ... */ 1600 memcpy(cmd.macaddr, &priv->assoc_bss, ETH_ALEN); 1601 cmd.reasoncode = cpu_to_le16(reason); 1602 1603 ret = lbs_cmd_with_response(priv, CMD_802_11_DEAUTHENTICATE, &cmd); 1604 if (ret) 1605 return ret; 1606 1607 cfg80211_disconnected(priv->dev, 1608 reason, 1609 NULL, 0, true, 1610 GFP_KERNEL); 1611 priv->connect_status = LBS_DISCONNECTED; 1612 1613 return 0; 1614 } 1615 1616 static int lbs_cfg_disconnect(struct wiphy *wiphy, struct net_device *dev, 1617 u16 reason_code) 1618 { 1619 struct lbs_private *priv = wiphy_priv(wiphy); 1620 1621 if (dev == priv->mesh_dev) 1622 return -EOPNOTSUPP; 1623 1624 lbs_deb_enter_args(LBS_DEB_CFG80211, "reason_code %d", reason_code); 1625 1626 /* store for lbs_cfg_ret_disconnect() */ 1627 priv->disassoc_reason = reason_code; 1628 1629 return lbs_disconnect(priv, reason_code); 1630 } 1631 1632 static int lbs_cfg_set_default_key(struct wiphy *wiphy, 1633 struct net_device *netdev, 1634 u8 key_index, bool unicast, 1635 bool multicast) 1636 { 1637 struct lbs_private *priv = wiphy_priv(wiphy); 1638 1639 if (netdev == priv->mesh_dev) 1640 return -EOPNOTSUPP; 1641 1642 lbs_deb_enter(LBS_DEB_CFG80211); 1643 1644 if (key_index != priv->wep_tx_key) { 1645 lbs_deb_assoc("set_default_key: to %d\n", key_index); 1646 priv->wep_tx_key = key_index; 1647 lbs_set_wep_keys(priv); 1648 } 1649 1650 return 0; 1651 } 1652 1653 1654 static int lbs_cfg_add_key(struct wiphy *wiphy, struct net_device *netdev, 1655 u8 idx, bool pairwise, const u8 *mac_addr, 1656 struct key_params *params) 1657 { 1658 struct lbs_private *priv = wiphy_priv(wiphy); 1659 u16 key_info; 1660 u16 key_type; 1661 int ret = 0; 1662 1663 if (netdev == priv->mesh_dev) 1664 return -EOPNOTSUPP; 1665 1666 lbs_deb_enter(LBS_DEB_CFG80211); 1667 1668 lbs_deb_assoc("add_key: cipher 0x%x, mac_addr %pM\n", 1669 params->cipher, mac_addr); 1670 lbs_deb_assoc("add_key: key index %d, key len %d\n", 1671 idx, params->key_len); 1672 if (params->key_len) 1673 lbs_deb_hex(LBS_DEB_CFG80211, "KEY", 1674 params->key, params->key_len); 1675 1676 lbs_deb_assoc("add_key: seq len %d\n", params->seq_len); 1677 if (params->seq_len) 1678 lbs_deb_hex(LBS_DEB_CFG80211, "SEQ", 1679 params->seq, params->seq_len); 1680 1681 switch (params->cipher) { 1682 case WLAN_CIPHER_SUITE_WEP40: 1683 case WLAN_CIPHER_SUITE_WEP104: 1684 /* actually compare if something has changed ... */ 1685 if ((priv->wep_key_len[idx] != params->key_len) || 1686 memcmp(priv->wep_key[idx], 1687 params->key, params->key_len) != 0) { 1688 priv->wep_key_len[idx] = params->key_len; 1689 memcpy(priv->wep_key[idx], 1690 params->key, params->key_len); 1691 lbs_set_wep_keys(priv); 1692 } 1693 break; 1694 case WLAN_CIPHER_SUITE_TKIP: 1695 case WLAN_CIPHER_SUITE_CCMP: 1696 key_info = KEY_INFO_WPA_ENABLED | ((idx == 0) 1697 ? KEY_INFO_WPA_UNICAST 1698 : KEY_INFO_WPA_MCAST); 1699 key_type = (params->cipher == WLAN_CIPHER_SUITE_TKIP) 1700 ? KEY_TYPE_ID_TKIP 1701 : KEY_TYPE_ID_AES; 1702 lbs_set_key_material(priv, 1703 key_type, 1704 key_info, 1705 params->key, params->key_len); 1706 break; 1707 default: 1708 wiphy_err(wiphy, "unhandled cipher 0x%x\n", params->cipher); 1709 ret = -ENOTSUPP; 1710 break; 1711 } 1712 1713 return ret; 1714 } 1715 1716 1717 static int lbs_cfg_del_key(struct wiphy *wiphy, struct net_device *netdev, 1718 u8 key_index, bool pairwise, const u8 *mac_addr) 1719 { 1720 1721 lbs_deb_enter(LBS_DEB_CFG80211); 1722 1723 lbs_deb_assoc("del_key: key_idx %d, mac_addr %pM\n", 1724 key_index, mac_addr); 1725 1726 #ifdef TODO 1727 struct lbs_private *priv = wiphy_priv(wiphy); 1728 /* 1729 * I think can keep this a NO-OP, because: 1730 1731 * - we clear all keys whenever we do lbs_cfg_connect() anyway 1732 * - neither "iw" nor "wpa_supplicant" won't call this during 1733 * an ongoing connection 1734 * - TODO: but I have to check if this is still true when 1735 * I set the AP to periodic re-keying 1736 * - we've not kzallec() something when we've added a key at 1737 * lbs_cfg_connect() or lbs_cfg_add_key(). 1738 * 1739 * This causes lbs_cfg_del_key() only called at disconnect time, 1740 * where we'd just waste time deleting a key that is not going 1741 * to be used anyway. 1742 */ 1743 if (key_index < 3 && priv->wep_key_len[key_index]) { 1744 priv->wep_key_len[key_index] = 0; 1745 lbs_set_wep_keys(priv); 1746 } 1747 #endif 1748 1749 return 0; 1750 } 1751 1752 1753 /* 1754 * Get station 1755 */ 1756 1757 static int lbs_cfg_get_station(struct wiphy *wiphy, struct net_device *dev, 1758 const u8 *mac, struct station_info *sinfo) 1759 { 1760 struct lbs_private *priv = wiphy_priv(wiphy); 1761 s8 signal, noise; 1762 int ret; 1763 size_t i; 1764 1765 lbs_deb_enter(LBS_DEB_CFG80211); 1766 1767 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BYTES) | 1768 BIT(NL80211_STA_INFO_TX_PACKETS) | 1769 BIT(NL80211_STA_INFO_RX_BYTES) | 1770 BIT(NL80211_STA_INFO_RX_PACKETS); 1771 sinfo->tx_bytes = priv->dev->stats.tx_bytes; 1772 sinfo->tx_packets = priv->dev->stats.tx_packets; 1773 sinfo->rx_bytes = priv->dev->stats.rx_bytes; 1774 sinfo->rx_packets = priv->dev->stats.rx_packets; 1775 1776 /* Get current RSSI */ 1777 ret = lbs_get_rssi(priv, &signal, &noise); 1778 if (ret == 0) { 1779 sinfo->signal = signal; 1780 sinfo->filled |= BIT(NL80211_STA_INFO_SIGNAL); 1781 } 1782 1783 /* Convert priv->cur_rate from hw_value to NL80211 value */ 1784 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 1785 if (priv->cur_rate == lbs_rates[i].hw_value) { 1786 sinfo->txrate.legacy = lbs_rates[i].bitrate; 1787 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BITRATE); 1788 break; 1789 } 1790 } 1791 1792 return 0; 1793 } 1794 1795 1796 1797 1798 /* 1799 * Change interface 1800 */ 1801 1802 static int lbs_change_intf(struct wiphy *wiphy, struct net_device *dev, 1803 enum nl80211_iftype type, u32 *flags, 1804 struct vif_params *params) 1805 { 1806 struct lbs_private *priv = wiphy_priv(wiphy); 1807 int ret = 0; 1808 1809 if (dev == priv->mesh_dev) 1810 return -EOPNOTSUPP; 1811 1812 switch (type) { 1813 case NL80211_IFTYPE_MONITOR: 1814 case NL80211_IFTYPE_STATION: 1815 case NL80211_IFTYPE_ADHOC: 1816 break; 1817 default: 1818 return -EOPNOTSUPP; 1819 } 1820 1821 lbs_deb_enter(LBS_DEB_CFG80211); 1822 1823 if (priv->iface_running) 1824 ret = lbs_set_iface_type(priv, type); 1825 1826 if (!ret) 1827 priv->wdev->iftype = type; 1828 1829 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1830 return ret; 1831 } 1832 1833 1834 1835 /* 1836 * IBSS (Ad-Hoc) 1837 */ 1838 1839 /* 1840 * The firmware needs the following bits masked out of the beacon-derived 1841 * capability field when associating/joining to a BSS: 1842 * 9 (QoS), 11 (APSD), 12 (unused), 14 (unused), 15 (unused) 1843 */ 1844 #define CAPINFO_MASK (~(0xda00)) 1845 1846 1847 static void lbs_join_post(struct lbs_private *priv, 1848 struct cfg80211_ibss_params *params, 1849 u8 *bssid, u16 capability) 1850 { 1851 u8 fake_ie[2 + IEEE80211_MAX_SSID_LEN + /* ssid */ 1852 2 + 4 + /* basic rates */ 1853 2 + 1 + /* DS parameter */ 1854 2 + 2 + /* atim */ 1855 2 + 8]; /* extended rates */ 1856 u8 *fake = fake_ie; 1857 struct cfg80211_bss *bss; 1858 1859 lbs_deb_enter(LBS_DEB_CFG80211); 1860 1861 /* 1862 * For cfg80211_inform_bss, we'll need a fake IE, as we can't get 1863 * the real IE from the firmware. So we fabricate a fake IE based on 1864 * what the firmware actually sends (sniffed with wireshark). 1865 */ 1866 /* Fake SSID IE */ 1867 *fake++ = WLAN_EID_SSID; 1868 *fake++ = params->ssid_len; 1869 memcpy(fake, params->ssid, params->ssid_len); 1870 fake += params->ssid_len; 1871 /* Fake supported basic rates IE */ 1872 *fake++ = WLAN_EID_SUPP_RATES; 1873 *fake++ = 4; 1874 *fake++ = 0x82; 1875 *fake++ = 0x84; 1876 *fake++ = 0x8b; 1877 *fake++ = 0x96; 1878 /* Fake DS channel IE */ 1879 *fake++ = WLAN_EID_DS_PARAMS; 1880 *fake++ = 1; 1881 *fake++ = params->chandef.chan->hw_value; 1882 /* Fake IBSS params IE */ 1883 *fake++ = WLAN_EID_IBSS_PARAMS; 1884 *fake++ = 2; 1885 *fake++ = 0; /* ATIM=0 */ 1886 *fake++ = 0; 1887 /* Fake extended rates IE, TODO: don't add this for 802.11b only, 1888 * but I don't know how this could be checked */ 1889 *fake++ = WLAN_EID_EXT_SUPP_RATES; 1890 *fake++ = 8; 1891 *fake++ = 0x0c; 1892 *fake++ = 0x12; 1893 *fake++ = 0x18; 1894 *fake++ = 0x24; 1895 *fake++ = 0x30; 1896 *fake++ = 0x48; 1897 *fake++ = 0x60; 1898 *fake++ = 0x6c; 1899 lbs_deb_hex(LBS_DEB_CFG80211, "IE", fake_ie, fake - fake_ie); 1900 1901 bss = cfg80211_inform_bss(priv->wdev->wiphy, 1902 params->chandef.chan, 1903 CFG80211_BSS_FTYPE_UNKNOWN, 1904 bssid, 1905 0, 1906 capability, 1907 params->beacon_interval, 1908 fake_ie, fake - fake_ie, 1909 0, GFP_KERNEL); 1910 cfg80211_put_bss(priv->wdev->wiphy, bss); 1911 1912 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len); 1913 priv->wdev->ssid_len = params->ssid_len; 1914 1915 cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan, 1916 GFP_KERNEL); 1917 1918 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */ 1919 priv->connect_status = LBS_CONNECTED; 1920 netif_carrier_on(priv->dev); 1921 if (!priv->tx_pending_len) 1922 netif_wake_queue(priv->dev); 1923 1924 lbs_deb_leave(LBS_DEB_CFG80211); 1925 } 1926 1927 static int lbs_ibss_join_existing(struct lbs_private *priv, 1928 struct cfg80211_ibss_params *params, 1929 struct cfg80211_bss *bss) 1930 { 1931 const u8 *rates_eid; 1932 struct cmd_ds_802_11_ad_hoc_join cmd; 1933 u8 preamble = RADIO_PREAMBLE_SHORT; 1934 int ret = 0; 1935 1936 lbs_deb_enter(LBS_DEB_CFG80211); 1937 1938 /* TODO: set preamble based on scan result */ 1939 ret = lbs_set_radio(priv, preamble, 1); 1940 if (ret) 1941 goto out; 1942 1943 /* 1944 * Example CMD_802_11_AD_HOC_JOIN command: 1945 * 1946 * command 2c 00 CMD_802_11_AD_HOC_JOIN 1947 * size 65 00 1948 * sequence xx xx 1949 * result 00 00 1950 * bssid 02 27 27 97 2f 96 1951 * ssid 49 42 53 53 00 00 00 00 1952 * 00 00 00 00 00 00 00 00 1953 * 00 00 00 00 00 00 00 00 1954 * 00 00 00 00 00 00 00 00 1955 * type 02 CMD_BSS_TYPE_IBSS 1956 * beacon period 64 00 1957 * dtim period 00 1958 * timestamp 00 00 00 00 00 00 00 00 1959 * localtime 00 00 00 00 00 00 00 00 1960 * IE DS 03 1961 * IE DS len 01 1962 * IE DS channel 01 1963 * reserveed 00 00 00 00 1964 * IE IBSS 06 1965 * IE IBSS len 02 1966 * IE IBSS atim 00 00 1967 * reserved 00 00 00 00 1968 * capability 02 00 1969 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 00 1970 * fail timeout ff 00 1971 * probe delay 00 00 1972 */ 1973 memset(&cmd, 0, sizeof(cmd)); 1974 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1975 1976 memcpy(cmd.bss.bssid, bss->bssid, ETH_ALEN); 1977 memcpy(cmd.bss.ssid, params->ssid, params->ssid_len); 1978 cmd.bss.type = CMD_BSS_TYPE_IBSS; 1979 cmd.bss.beaconperiod = cpu_to_le16(params->beacon_interval); 1980 cmd.bss.ds.header.id = WLAN_EID_DS_PARAMS; 1981 cmd.bss.ds.header.len = 1; 1982 cmd.bss.ds.channel = params->chandef.chan->hw_value; 1983 cmd.bss.ibss.header.id = WLAN_EID_IBSS_PARAMS; 1984 cmd.bss.ibss.header.len = 2; 1985 cmd.bss.ibss.atimwindow = 0; 1986 cmd.bss.capability = cpu_to_le16(bss->capability & CAPINFO_MASK); 1987 1988 /* set rates to the intersection of our rates and the rates in the 1989 bss */ 1990 rcu_read_lock(); 1991 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1992 if (!rates_eid) { 1993 lbs_add_rates(cmd.bss.rates); 1994 } else { 1995 int hw, i; 1996 u8 rates_max = rates_eid[1]; 1997 u8 *rates = cmd.bss.rates; 1998 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 1999 u8 hw_rate = lbs_rates[hw].bitrate / 5; 2000 for (i = 0; i < rates_max; i++) { 2001 if (hw_rate == (rates_eid[i+2] & 0x7f)) { 2002 u8 rate = rates_eid[i+2]; 2003 if (rate == 0x02 || rate == 0x04 || 2004 rate == 0x0b || rate == 0x16) 2005 rate |= 0x80; 2006 *rates++ = rate; 2007 } 2008 } 2009 } 2010 } 2011 rcu_read_unlock(); 2012 2013 /* Only v8 and below support setting this */ 2014 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 2015 cmd.failtimeout = cpu_to_le16(MRVDRV_ASSOCIATION_TIME_OUT); 2016 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 2017 } 2018 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_JOIN, &cmd); 2019 if (ret) 2020 goto out; 2021 2022 /* 2023 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 2024 * 2025 * response 2c 80 2026 * size 09 00 2027 * sequence xx xx 2028 * result 00 00 2029 * reserved 00 2030 */ 2031 lbs_join_post(priv, params, bss->bssid, bss->capability); 2032 2033 out: 2034 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2035 return ret; 2036 } 2037 2038 2039 2040 static int lbs_ibss_start_new(struct lbs_private *priv, 2041 struct cfg80211_ibss_params *params) 2042 { 2043 struct cmd_ds_802_11_ad_hoc_start cmd; 2044 struct cmd_ds_802_11_ad_hoc_result *resp = 2045 (struct cmd_ds_802_11_ad_hoc_result *) &cmd; 2046 u8 preamble = RADIO_PREAMBLE_SHORT; 2047 int ret = 0; 2048 u16 capability; 2049 2050 lbs_deb_enter(LBS_DEB_CFG80211); 2051 2052 ret = lbs_set_radio(priv, preamble, 1); 2053 if (ret) 2054 goto out; 2055 2056 /* 2057 * Example CMD_802_11_AD_HOC_START command: 2058 * 2059 * command 2b 00 CMD_802_11_AD_HOC_START 2060 * size b1 00 2061 * sequence xx xx 2062 * result 00 00 2063 * ssid 54 45 53 54 00 00 00 00 2064 * 00 00 00 00 00 00 00 00 2065 * 00 00 00 00 00 00 00 00 2066 * 00 00 00 00 00 00 00 00 2067 * bss type 02 2068 * beacon period 64 00 2069 * dtim period 00 2070 * IE IBSS 06 2071 * IE IBSS len 02 2072 * IE IBSS atim 00 00 2073 * reserved 00 00 00 00 2074 * IE DS 03 2075 * IE DS len 01 2076 * IE DS channel 01 2077 * reserved 00 00 00 00 2078 * probe delay 00 00 2079 * capability 02 00 2080 * rates 82 84 8b 96 (basic rates with have bit 7 set) 2081 * 0c 12 18 24 30 48 60 6c 2082 * padding 100 bytes 2083 */ 2084 memset(&cmd, 0, sizeof(cmd)); 2085 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 2086 memcpy(cmd.ssid, params->ssid, params->ssid_len); 2087 cmd.bsstype = CMD_BSS_TYPE_IBSS; 2088 cmd.beaconperiod = cpu_to_le16(params->beacon_interval); 2089 cmd.ibss.header.id = WLAN_EID_IBSS_PARAMS; 2090 cmd.ibss.header.len = 2; 2091 cmd.ibss.atimwindow = 0; 2092 cmd.ds.header.id = WLAN_EID_DS_PARAMS; 2093 cmd.ds.header.len = 1; 2094 cmd.ds.channel = params->chandef.chan->hw_value; 2095 /* Only v8 and below support setting probe delay */ 2096 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) 2097 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 2098 /* TODO: mix in WLAN_CAPABILITY_PRIVACY */ 2099 capability = WLAN_CAPABILITY_IBSS; 2100 cmd.capability = cpu_to_le16(capability); 2101 lbs_add_rates(cmd.rates); 2102 2103 2104 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_START, &cmd); 2105 if (ret) 2106 goto out; 2107 2108 /* 2109 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 2110 * 2111 * response 2b 80 2112 * size 14 00 2113 * sequence xx xx 2114 * result 00 00 2115 * reserved 00 2116 * bssid 02 2b 7b 0f 86 0e 2117 */ 2118 lbs_join_post(priv, params, resp->bssid, capability); 2119 2120 out: 2121 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2122 return ret; 2123 } 2124 2125 2126 static int lbs_join_ibss(struct wiphy *wiphy, struct net_device *dev, 2127 struct cfg80211_ibss_params *params) 2128 { 2129 struct lbs_private *priv = wiphy_priv(wiphy); 2130 int ret = 0; 2131 struct cfg80211_bss *bss; 2132 2133 if (dev == priv->mesh_dev) 2134 return -EOPNOTSUPP; 2135 2136 lbs_deb_enter(LBS_DEB_CFG80211); 2137 2138 if (!params->chandef.chan) { 2139 ret = -ENOTSUPP; 2140 goto out; 2141 } 2142 2143 ret = lbs_set_channel(priv, params->chandef.chan->hw_value); 2144 if (ret) 2145 goto out; 2146 2147 /* Search if someone is beaconing. This assumes that the 2148 * bss list is populated already */ 2149 bss = cfg80211_get_bss(wiphy, params->chandef.chan, params->bssid, 2150 params->ssid, params->ssid_len, 2151 IEEE80211_BSS_TYPE_IBSS, IEEE80211_PRIVACY_ANY); 2152 2153 if (bss) { 2154 ret = lbs_ibss_join_existing(priv, params, bss); 2155 cfg80211_put_bss(wiphy, bss); 2156 } else 2157 ret = lbs_ibss_start_new(priv, params); 2158 2159 2160 out: 2161 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2162 return ret; 2163 } 2164 2165 2166 static int lbs_leave_ibss(struct wiphy *wiphy, struct net_device *dev) 2167 { 2168 struct lbs_private *priv = wiphy_priv(wiphy); 2169 struct cmd_ds_802_11_ad_hoc_stop cmd; 2170 int ret = 0; 2171 2172 if (dev == priv->mesh_dev) 2173 return -EOPNOTSUPP; 2174 2175 lbs_deb_enter(LBS_DEB_CFG80211); 2176 2177 memset(&cmd, 0, sizeof(cmd)); 2178 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 2179 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_STOP, &cmd); 2180 2181 /* TODO: consider doing this at MACREG_INT_CODE_ADHOC_BCN_LOST time */ 2182 lbs_mac_event_disconnected(priv, true); 2183 2184 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2185 return ret; 2186 } 2187 2188 2189 2190 2191 /* 2192 * Initialization 2193 */ 2194 2195 static struct cfg80211_ops lbs_cfg80211_ops = { 2196 .set_monitor_channel = lbs_cfg_set_monitor_channel, 2197 .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel, 2198 .scan = lbs_cfg_scan, 2199 .connect = lbs_cfg_connect, 2200 .disconnect = lbs_cfg_disconnect, 2201 .add_key = lbs_cfg_add_key, 2202 .del_key = lbs_cfg_del_key, 2203 .set_default_key = lbs_cfg_set_default_key, 2204 .get_station = lbs_cfg_get_station, 2205 .change_virtual_intf = lbs_change_intf, 2206 .join_ibss = lbs_join_ibss, 2207 .leave_ibss = lbs_leave_ibss, 2208 }; 2209 2210 2211 /* 2212 * At this time lbs_private *priv doesn't even exist, so we just allocate 2213 * memory and don't initialize the wiphy further. This is postponed until we 2214 * can talk to the firmware and happens at registration time in 2215 * lbs_cfg_wiphy_register(). 2216 */ 2217 struct wireless_dev *lbs_cfg_alloc(struct device *dev) 2218 { 2219 int ret = 0; 2220 struct wireless_dev *wdev; 2221 2222 lbs_deb_enter(LBS_DEB_CFG80211); 2223 2224 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 2225 if (!wdev) 2226 return ERR_PTR(-ENOMEM); 2227 2228 wdev->wiphy = wiphy_new(&lbs_cfg80211_ops, sizeof(struct lbs_private)); 2229 if (!wdev->wiphy) { 2230 dev_err(dev, "cannot allocate wiphy\n"); 2231 ret = -ENOMEM; 2232 goto err_wiphy_new; 2233 } 2234 2235 lbs_deb_leave(LBS_DEB_CFG80211); 2236 return wdev; 2237 2238 err_wiphy_new: 2239 kfree(wdev); 2240 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2241 return ERR_PTR(ret); 2242 } 2243 2244 2245 static void lbs_cfg_set_regulatory_hint(struct lbs_private *priv) 2246 { 2247 struct region_code_mapping { 2248 const char *cn; 2249 int code; 2250 }; 2251 2252 /* Section 5.17.2 */ 2253 static const struct region_code_mapping regmap[] = { 2254 {"US ", 0x10}, /* US FCC */ 2255 {"CA ", 0x20}, /* Canada */ 2256 {"EU ", 0x30}, /* ETSI */ 2257 {"ES ", 0x31}, /* Spain */ 2258 {"FR ", 0x32}, /* France */ 2259 {"JP ", 0x40}, /* Japan */ 2260 }; 2261 size_t i; 2262 2263 lbs_deb_enter(LBS_DEB_CFG80211); 2264 2265 for (i = 0; i < ARRAY_SIZE(regmap); i++) 2266 if (regmap[i].code == priv->regioncode) { 2267 regulatory_hint(priv->wdev->wiphy, regmap[i].cn); 2268 break; 2269 } 2270 2271 lbs_deb_leave(LBS_DEB_CFG80211); 2272 } 2273 2274 static void lbs_reg_notifier(struct wiphy *wiphy, 2275 struct regulatory_request *request) 2276 { 2277 struct lbs_private *priv = wiphy_priv(wiphy); 2278 2279 lbs_deb_enter_args(LBS_DEB_CFG80211, "cfg80211 regulatory domain " 2280 "callback for domain %c%c\n", request->alpha2[0], 2281 request->alpha2[1]); 2282 2283 memcpy(priv->country_code, request->alpha2, sizeof(request->alpha2)); 2284 if (lbs_iface_active(priv)) 2285 lbs_set_11d_domain_info(priv); 2286 2287 lbs_deb_leave(LBS_DEB_CFG80211); 2288 } 2289 2290 /* 2291 * This function get's called after lbs_setup_firmware() determined the 2292 * firmware capabities. So we can setup the wiphy according to our 2293 * hardware/firmware. 2294 */ 2295 int lbs_cfg_register(struct lbs_private *priv) 2296 { 2297 struct wireless_dev *wdev = priv->wdev; 2298 int ret; 2299 2300 lbs_deb_enter(LBS_DEB_CFG80211); 2301 2302 wdev->wiphy->max_scan_ssids = 1; 2303 wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; 2304 2305 wdev->wiphy->interface_modes = 2306 BIT(NL80211_IFTYPE_STATION) | 2307 BIT(NL80211_IFTYPE_ADHOC); 2308 if (lbs_rtap_supported(priv)) 2309 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR); 2310 if (lbs_mesh_activated(priv)) 2311 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MESH_POINT); 2312 2313 wdev->wiphy->bands[IEEE80211_BAND_2GHZ] = &lbs_band_2ghz; 2314 2315 /* 2316 * We could check priv->fwcapinfo && FW_CAPINFO_WPA, but I have 2317 * never seen a firmware without WPA 2318 */ 2319 wdev->wiphy->cipher_suites = cipher_suites; 2320 wdev->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites); 2321 wdev->wiphy->reg_notifier = lbs_reg_notifier; 2322 2323 ret = wiphy_register(wdev->wiphy); 2324 if (ret < 0) 2325 pr_err("cannot register wiphy device\n"); 2326 2327 priv->wiphy_registered = true; 2328 2329 ret = register_netdev(priv->dev); 2330 if (ret) 2331 pr_err("cannot register network device\n"); 2332 2333 INIT_DELAYED_WORK(&priv->scan_work, lbs_scan_worker); 2334 2335 lbs_cfg_set_regulatory_hint(priv); 2336 2337 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2338 return ret; 2339 } 2340 2341 void lbs_scan_deinit(struct lbs_private *priv) 2342 { 2343 lbs_deb_enter(LBS_DEB_CFG80211); 2344 cancel_delayed_work_sync(&priv->scan_work); 2345 } 2346 2347 2348 void lbs_cfg_free(struct lbs_private *priv) 2349 { 2350 struct wireless_dev *wdev = priv->wdev; 2351 2352 lbs_deb_enter(LBS_DEB_CFG80211); 2353 2354 if (!wdev) 2355 return; 2356 2357 if (priv->wiphy_registered) 2358 wiphy_unregister(wdev->wiphy); 2359 2360 if (wdev->wiphy) 2361 wiphy_free(wdev->wiphy); 2362 2363 kfree(wdev); 2364 } 2365 2366 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cfg.o.c.prepared" 2367 2368 int ldv_bind_18(void); 2369 int ldv_retval_1; 2370 int ldv_release_18(void); 2371 2372 2373 void ldv_initialyze_cfg80211_ops_18(void){ 2374 lbs_cfg80211_ops_group0 = ldv_undef_ptr(); 2375 lbs_cfg80211_ops_group1 = ldv_undef_ptr(); 2376 } 2377 2378 void ldv_main_exported_18(void){ 2379 struct station_info *ldvarg28; 2380 u8 const *ldvarg34; 2381 u16 ldvarg19; 2382 u8 const *ldvarg22; 2383 u8 ldvarg25; 2384 u8 ldvarg21; 2385 u8 ldvarg33; 2386 struct cfg80211_chan_def *ldvarg30; 2387 struct cfg80211_connect_params *ldvarg38; 2388 u32 *ldvarg35; 2389 struct cfg80211_scan_request *ldvarg27; 2390 bool ldvarg26; 2391 bool ldvarg24; 2392 u8 const *ldvarg29; 2393 enum nl80211_iftype ldvarg36; 2394 struct vif_params *ldvarg37; 2395 struct ieee80211_channel *ldvarg23; 2396 bool ldvarg20; 2397 struct key_params *ldvarg31; 2398 bool ldvarg32; 2399 struct cfg80211_ibss_params *ldvarg18; 2400 /*DEG-struct: handlers from structure lbs_cfg80211_ops*/ 2401 switch(__VERIFIER_nondet_int()){ 2402 case 0:{ 2403 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2404 if(ldv_state_variable_18 == 2){ 2405 /*DEG-CALL: handler connect from lbs_cfg80211_ops*/ 2406 ldv_retval_1=(& lbs_cfg_connect)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg38); 2407 /*DEG-postcall: if success*/ 2408 if(ldv_retval_1==0){ 2409 ldv_state_variable_18 = 3; 2410 } 2411 } 2412 } 2413 break; 2414 case 1:{ 2415 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2416 if(ldv_state_variable_18 == 1){ 2417 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/ 2418 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37); 2419 /*DEG-postcall: default*/ 2420 ldv_state_variable_18 = 1; 2421 } 2422 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2423 if(ldv_state_variable_18 == 3){ 2424 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/ 2425 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37); 2426 /*DEG-postcall: default*/ 2427 ldv_state_variable_18 = 3; 2428 } 2429 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2430 if(ldv_state_variable_18 == 2){ 2431 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/ 2432 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37); 2433 /*DEG-postcall: default*/ 2434 ldv_state_variable_18 = 2; 2435 } 2436 } 2437 break; 2438 case 2:{ 2439 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2440 if(ldv_state_variable_18 == 1){ 2441 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/ 2442 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31); 2443 /*DEG-postcall: default*/ 2444 ldv_state_variable_18 = 1; 2445 } 2446 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2447 if(ldv_state_variable_18 == 3){ 2448 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/ 2449 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31); 2450 /*DEG-postcall: default*/ 2451 ldv_state_variable_18 = 3; 2452 } 2453 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2454 if(ldv_state_variable_18 == 2){ 2455 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/ 2456 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31); 2457 /*DEG-postcall: default*/ 2458 ldv_state_variable_18 = 2; 2459 } 2460 } 2461 break; 2462 case 3:{ 2463 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2464 if(ldv_state_variable_18 == 1){ 2465 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/ 2466 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30); 2467 /*DEG-postcall: default*/ 2468 ldv_state_variable_18 = 1; 2469 } 2470 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2471 if(ldv_state_variable_18 == 3){ 2472 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/ 2473 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30); 2474 /*DEG-postcall: default*/ 2475 ldv_state_variable_18 = 3; 2476 } 2477 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2478 if(ldv_state_variable_18 == 2){ 2479 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/ 2480 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30); 2481 /*DEG-postcall: default*/ 2482 ldv_state_variable_18 = 2; 2483 } 2484 } 2485 break; 2486 case 4:{ 2487 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2488 if(ldv_state_variable_18 == 1){ 2489 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/ 2490 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28); 2491 /*DEG-postcall: default*/ 2492 ldv_state_variable_18 = 1; 2493 } 2494 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2495 if(ldv_state_variable_18 == 3){ 2496 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/ 2497 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28); 2498 /*DEG-postcall: default*/ 2499 ldv_state_variable_18 = 3; 2500 } 2501 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2502 if(ldv_state_variable_18 == 2){ 2503 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/ 2504 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28); 2505 /*DEG-postcall: default*/ 2506 ldv_state_variable_18 = 2; 2507 } 2508 } 2509 break; 2510 case 5:{ 2511 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2512 if(ldv_state_variable_18 == 1){ 2513 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/ 2514 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0); 2515 /*DEG-postcall: default*/ 2516 ldv_state_variable_18 = 1; 2517 } 2518 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2519 if(ldv_state_variable_18 == 3){ 2520 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/ 2521 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0); 2522 /*DEG-postcall: default*/ 2523 ldv_state_variable_18 = 3; 2524 } 2525 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2526 if(ldv_state_variable_18 == 2){ 2527 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/ 2528 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0); 2529 /*DEG-postcall: default*/ 2530 ldv_state_variable_18 = 2; 2531 } 2532 } 2533 break; 2534 case 6:{ 2535 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2536 if(ldv_state_variable_18 == 1){ 2537 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/ 2538 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27); 2539 /*DEG-postcall: default*/ 2540 ldv_state_variable_18 = 1; 2541 } 2542 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2543 if(ldv_state_variable_18 == 3){ 2544 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/ 2545 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27); 2546 /*DEG-postcall: default*/ 2547 ldv_state_variable_18 = 3; 2548 } 2549 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2550 if(ldv_state_variable_18 == 2){ 2551 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/ 2552 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27); 2553 /*DEG-postcall: default*/ 2554 ldv_state_variable_18 = 2; 2555 } 2556 } 2557 break; 2558 case 7:{ 2559 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2560 if(ldv_state_variable_18 == 1){ 2561 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/ 2562 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26); 2563 /*DEG-postcall: default*/ 2564 ldv_state_variable_18 = 1; 2565 } 2566 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2567 if(ldv_state_variable_18 == 3){ 2568 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/ 2569 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26); 2570 /*DEG-postcall: default*/ 2571 ldv_state_variable_18 = 3; 2572 } 2573 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2574 if(ldv_state_variable_18 == 2){ 2575 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/ 2576 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26); 2577 /*DEG-postcall: default*/ 2578 ldv_state_variable_18 = 2; 2579 } 2580 } 2581 break; 2582 case 8:{ 2583 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2584 if(ldv_state_variable_18 == 1){ 2585 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/ 2586 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23); 2587 /*DEG-postcall: default*/ 2588 ldv_state_variable_18 = 1; 2589 } 2590 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2591 if(ldv_state_variable_18 == 3){ 2592 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/ 2593 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23); 2594 /*DEG-postcall: default*/ 2595 ldv_state_variable_18 = 3; 2596 } 2597 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2598 if(ldv_state_variable_18 == 2){ 2599 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/ 2600 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23); 2601 /*DEG-postcall: default*/ 2602 ldv_state_variable_18 = 2; 2603 } 2604 } 2605 break; 2606 case 9:{ 2607 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2608 if(ldv_state_variable_18 == 1){ 2609 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/ 2610 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22); 2611 /*DEG-postcall: default*/ 2612 ldv_state_variable_18 = 1; 2613 } 2614 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2615 if(ldv_state_variable_18 == 3){ 2616 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/ 2617 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22); 2618 /*DEG-postcall: default*/ 2619 ldv_state_variable_18 = 3; 2620 } 2621 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2622 if(ldv_state_variable_18 == 2){ 2623 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/ 2624 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22); 2625 /*DEG-postcall: default*/ 2626 ldv_state_variable_18 = 2; 2627 } 2628 } 2629 break; 2630 case 10:{ 2631 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2632 if(ldv_state_variable_18 == 3){ 2633 /*DEG-CALL: handler disconnect from lbs_cfg80211_ops*/ 2634 (& lbs_cfg_disconnect)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg19); 2635 ldv_state_variable_18 = 2; 2636 } 2637 } 2638 break; 2639 case 11:{ 2640 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2641 if(ldv_state_variable_18 == 1){ 2642 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/ 2643 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18); 2644 /*DEG-postcall: default*/ 2645 ldv_state_variable_18 = 1; 2646 } 2647 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2648 if(ldv_state_variable_18 == 3){ 2649 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/ 2650 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18); 2651 /*DEG-postcall: default*/ 2652 ldv_state_variable_18 = 3; 2653 } 2654 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2655 if(ldv_state_variable_18 == 2){ 2656 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/ 2657 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18); 2658 /*DEG-postcall: default*/ 2659 ldv_state_variable_18 = 2; 2660 } 2661 } 2662 break; 2663 case 12:{ 2664 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2665 if(ldv_state_variable_18 == 2){ 2666 /*DEG-CALL: handler release from lbs_cfg80211_ops*/ 2667 ldv_release_18(); 2668 ldv_state_variable_18 = 1; 2669 ref_cnt--; 2670 } 2671 } 2672 break; 2673 case 13:{ 2674 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2675 if(ldv_state_variable_18 == 1){ 2676 /*DEG-CALL: handler bind from lbs_cfg80211_ops*/ 2677 ldv_bind_18(); 2678 ldv_state_variable_18 = 2; 2679 ref_cnt++; 2680 } 2681 } 2682 break; 2683 default: ldv_assume(0); 2684 } 2685 2686 };
1 /* 2 * This file contains the handling of command. 3 * It prepares command and sends it to firmware when it is ready. 4 */ 5 6 #include <linux/hardirq.h> 7 #include <linux/kfifo.h> 8 #include <linux/sched.h> 9 #include <linux/slab.h> 10 #include <linux/if_arp.h> 11 #include <linux/export.h> 12 13 #include "decl.h" 14 #include "cfg.h" 15 #include "cmd.h" 16 17 #define CAL_NF(nf) ((s32)(-(s32)(nf))) 18 #define CAL_RSSI(snr, nf) ((s32)((s32)(snr) + CAL_NF(nf))) 19 20 /** 21 * lbs_cmd_copyback - Simple callback that copies response back into command 22 * 23 * @priv: A pointer to &struct lbs_private structure 24 * @extra: A pointer to the original command structure for which 25 * 'resp' is a response 26 * @resp: A pointer to the command response 27 * 28 * returns: 0 on success, error on failure 29 */ 30 int lbs_cmd_copyback(struct lbs_private *priv, unsigned long extra, 31 struct cmd_header *resp) 32 { 33 struct cmd_header *buf = (void *)extra; 34 uint16_t copy_len; 35 36 copy_len = min(le16_to_cpu(buf->size), le16_to_cpu(resp->size)); 37 memcpy(buf, resp, copy_len); 38 return 0; 39 } 40 EXPORT_SYMBOL_GPL(lbs_cmd_copyback); 41 42 /** 43 * lbs_cmd_async_callback - Simple callback that ignores the result. 44 * Use this if you just want to send a command to the hardware, but don't 45 * care for the result. 46 * 47 * @priv: ignored 48 * @extra: ignored 49 * @resp: ignored 50 * 51 * returns: 0 for success 52 */ 53 static int lbs_cmd_async_callback(struct lbs_private *priv, unsigned long extra, 54 struct cmd_header *resp) 55 { 56 return 0; 57 } 58 59 60 /** 61 * is_command_allowed_in_ps - tests if a command is allowed in Power Save mode 62 * 63 * @cmd: the command ID 64 * 65 * returns: 1 if allowed, 0 if not allowed 66 */ 67 static u8 is_command_allowed_in_ps(u16 cmd) 68 { 69 switch (cmd) { 70 case CMD_802_11_RSSI: 71 return 1; 72 case CMD_802_11_HOST_SLEEP_CFG: 73 return 1; 74 default: 75 break; 76 } 77 return 0; 78 } 79 80 /** 81 * lbs_update_hw_spec - Updates the hardware details like MAC address 82 * and regulatory region 83 * 84 * @priv: A pointer to &struct lbs_private structure 85 * 86 * returns: 0 on success, error on failure 87 */ 88 int lbs_update_hw_spec(struct lbs_private *priv) 89 { 90 struct cmd_ds_get_hw_spec cmd; 91 int ret = -1; 92 u32 i; 93 94 lbs_deb_enter(LBS_DEB_CMD); 95 96 memset(&cmd, 0, sizeof(cmd)); 97 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 98 memcpy(cmd.permanentaddr, priv->current_addr, ETH_ALEN); 99 ret = lbs_cmd_with_response(priv, CMD_GET_HW_SPEC, &cmd); 100 if (ret) 101 goto out; 102 103 priv->fwcapinfo = le32_to_cpu(cmd.fwcapinfo); 104 105 /* The firmware release is in an interesting format: the patch 106 * level is in the most significant nibble ... so fix that: */ 107 priv->fwrelease = le32_to_cpu(cmd.fwrelease); 108 priv->fwrelease = (priv->fwrelease << 8) | 109 (priv->fwrelease >> 24 & 0xff); 110 111 /* Some firmware capabilities: 112 * CF card firmware 5.0.16p0: cap 0x00000303 113 * USB dongle firmware 5.110.17p2: cap 0x00000303 114 */ 115 netdev_info(priv->dev, "%pM, fw %u.%u.%up%u, cap 0x%08x\n", 116 cmd.permanentaddr, 117 priv->fwrelease >> 24 & 0xff, 118 priv->fwrelease >> 16 & 0xff, 119 priv->fwrelease >> 8 & 0xff, 120 priv->fwrelease & 0xff, 121 priv->fwcapinfo); 122 lbs_deb_cmd("GET_HW_SPEC: hardware interface 0x%x, hardware spec 0x%04x\n", 123 cmd.hwifversion, cmd.version); 124 125 /* Clamp region code to 8-bit since FW spec indicates that it should 126 * only ever be 8-bit, even though the field size is 16-bit. Some firmware 127 * returns non-zero high 8 bits here. 128 * 129 * Firmware version 4.0.102 used in CF8381 has region code shifted. We 130 * need to check for this problem and handle it properly. 131 */ 132 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V4) 133 priv->regioncode = (le16_to_cpu(cmd.regioncode) >> 8) & 0xFF; 134 else 135 priv->regioncode = le16_to_cpu(cmd.regioncode) & 0xFF; 136 137 for (i = 0; i < MRVDRV_MAX_REGION_CODE; i++) { 138 /* use the region code to search for the index */ 139 if (priv->regioncode == lbs_region_code_to_index[i]) 140 break; 141 } 142 143 /* if it's unidentified region code, use the default (USA) */ 144 if (i >= MRVDRV_MAX_REGION_CODE) { 145 priv->regioncode = 0x10; 146 netdev_info(priv->dev, 147 "unidentified region code; using the default (USA)\n"); 148 } 149 150 if (priv->current_addr[0] == 0xff) 151 memmove(priv->current_addr, cmd.permanentaddr, ETH_ALEN); 152 153 if (!priv->copied_hwaddr) { 154 memcpy(priv->dev->dev_addr, priv->current_addr, ETH_ALEN); 155 if (priv->mesh_dev) 156 memcpy(priv->mesh_dev->dev_addr, 157 priv->current_addr, ETH_ALEN); 158 priv->copied_hwaddr = 1; 159 } 160 161 out: 162 lbs_deb_leave(LBS_DEB_CMD); 163 return ret; 164 } 165 166 static int lbs_ret_host_sleep_cfg(struct lbs_private *priv, unsigned long dummy, 167 struct cmd_header *resp) 168 { 169 lbs_deb_enter(LBS_DEB_CMD); 170 if (priv->is_host_sleep_activated) { 171 priv->is_host_sleep_configured = 0; 172 if (priv->psstate == PS_STATE_FULL_POWER) { 173 priv->is_host_sleep_activated = 0; 174 wake_up_interruptible(&priv->host_sleep_q); 175 } 176 } else { 177 priv->is_host_sleep_configured = 1; 178 } 179 lbs_deb_leave(LBS_DEB_CMD); 180 return 0; 181 } 182 183 int lbs_host_sleep_cfg(struct lbs_private *priv, uint32_t criteria, 184 struct wol_config *p_wol_config) 185 { 186 struct cmd_ds_host_sleep cmd_config; 187 int ret; 188 189 /* 190 * Certain firmware versions do not support EHS_REMOVE_WAKEUP command 191 * and the card will return a failure. Since we need to be 192 * able to reset the mask, in those cases we set a 0 mask instead. 193 */ 194 if (criteria == EHS_REMOVE_WAKEUP && !priv->ehs_remove_supported) 195 criteria = 0; 196 197 cmd_config.hdr.size = cpu_to_le16(sizeof(cmd_config)); 198 cmd_config.criteria = cpu_to_le32(criteria); 199 cmd_config.gpio = priv->wol_gpio; 200 cmd_config.gap = priv->wol_gap; 201 202 if (p_wol_config != NULL) 203 memcpy((uint8_t *)&cmd_config.wol_conf, (uint8_t *)p_wol_config, 204 sizeof(struct wol_config)); 205 else 206 cmd_config.wol_conf.action = CMD_ACT_ACTION_NONE; 207 208 ret = __lbs_cmd(priv, CMD_802_11_HOST_SLEEP_CFG, &cmd_config.hdr, 209 le16_to_cpu(cmd_config.hdr.size), 210 lbs_ret_host_sleep_cfg, 0); 211 if (!ret) { 212 if (p_wol_config) 213 memcpy((uint8_t *) p_wol_config, 214 (uint8_t *)&cmd_config.wol_conf, 215 sizeof(struct wol_config)); 216 } else { 217 netdev_info(priv->dev, "HOST_SLEEP_CFG failed %d\n", ret); 218 } 219 220 return ret; 221 } 222 EXPORT_SYMBOL_GPL(lbs_host_sleep_cfg); 223 224 /** 225 * lbs_set_ps_mode - Sets the Power Save mode 226 * 227 * @priv: A pointer to &struct lbs_private structure 228 * @cmd_action: The Power Save operation (PS_MODE_ACTION_ENTER_PS or 229 * PS_MODE_ACTION_EXIT_PS) 230 * @block: Whether to block on a response or not 231 * 232 * returns: 0 on success, error on failure 233 */ 234 int lbs_set_ps_mode(struct lbs_private *priv, u16 cmd_action, bool block) 235 { 236 struct cmd_ds_802_11_ps_mode cmd; 237 int ret = 0; 238 239 lbs_deb_enter(LBS_DEB_CMD); 240 241 memset(&cmd, 0, sizeof(cmd)); 242 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 243 cmd.action = cpu_to_le16(cmd_action); 244 245 if (cmd_action == PS_MODE_ACTION_ENTER_PS) { 246 lbs_deb_cmd("PS_MODE: action ENTER_PS\n"); 247 cmd.multipledtim = cpu_to_le16(1); /* Default DTIM multiple */ 248 } else if (cmd_action == PS_MODE_ACTION_EXIT_PS) { 249 lbs_deb_cmd("PS_MODE: action EXIT_PS\n"); 250 } else { 251 /* We don't handle CONFIRM_SLEEP here because it needs to 252 * be fastpathed to the firmware. 253 */ 254 lbs_deb_cmd("PS_MODE: unknown action 0x%X\n", cmd_action); 255 ret = -EOPNOTSUPP; 256 goto out; 257 } 258 259 if (block) 260 ret = lbs_cmd_with_response(priv, CMD_802_11_PS_MODE, &cmd); 261 else 262 lbs_cmd_async(priv, CMD_802_11_PS_MODE, &cmd.hdr, sizeof (cmd)); 263 264 out: 265 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 266 return ret; 267 } 268 269 int lbs_cmd_802_11_sleep_params(struct lbs_private *priv, uint16_t cmd_action, 270 struct sleep_params *sp) 271 { 272 struct cmd_ds_802_11_sleep_params cmd; 273 int ret; 274 275 lbs_deb_enter(LBS_DEB_CMD); 276 277 if (cmd_action == CMD_ACT_GET) { 278 memset(&cmd, 0, sizeof(cmd)); 279 } else { 280 cmd.error = cpu_to_le16(sp->sp_error); 281 cmd.offset = cpu_to_le16(sp->sp_offset); 282 cmd.stabletime = cpu_to_le16(sp->sp_stabletime); 283 cmd.calcontrol = sp->sp_calcontrol; 284 cmd.externalsleepclk = sp->sp_extsleepclk; 285 cmd.reserved = cpu_to_le16(sp->sp_reserved); 286 } 287 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 288 cmd.action = cpu_to_le16(cmd_action); 289 290 ret = lbs_cmd_with_response(priv, CMD_802_11_SLEEP_PARAMS, &cmd); 291 292 if (!ret) { 293 lbs_deb_cmd("error 0x%x, offset 0x%x, stabletime 0x%x, " 294 "calcontrol 0x%x extsleepclk 0x%x\n", 295 le16_to_cpu(cmd.error), le16_to_cpu(cmd.offset), 296 le16_to_cpu(cmd.stabletime), cmd.calcontrol, 297 cmd.externalsleepclk); 298 299 sp->sp_error = le16_to_cpu(cmd.error); 300 sp->sp_offset = le16_to_cpu(cmd.offset); 301 sp->sp_stabletime = le16_to_cpu(cmd.stabletime); 302 sp->sp_calcontrol = cmd.calcontrol; 303 sp->sp_extsleepclk = cmd.externalsleepclk; 304 sp->sp_reserved = le16_to_cpu(cmd.reserved); 305 } 306 307 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 308 return 0; 309 } 310 311 static int lbs_wait_for_ds_awake(struct lbs_private *priv) 312 { 313 int ret = 0; 314 315 lbs_deb_enter(LBS_DEB_CMD); 316 317 if (priv->is_deep_sleep) { 318 if (!wait_event_interruptible_timeout(priv->ds_awake_q, 319 !priv->is_deep_sleep, (10 * HZ))) { 320 netdev_err(priv->dev, "ds_awake_q: timer expired\n"); 321 ret = -1; 322 } 323 } 324 325 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 326 return ret; 327 } 328 329 int lbs_set_deep_sleep(struct lbs_private *priv, int deep_sleep) 330 { 331 int ret = 0; 332 333 lbs_deb_enter(LBS_DEB_CMD); 334 335 if (deep_sleep) { 336 if (priv->is_deep_sleep != 1) { 337 lbs_deb_cmd("deep sleep: sleep\n"); 338 BUG_ON(!priv->enter_deep_sleep); 339 ret = priv->enter_deep_sleep(priv); 340 if (!ret) { 341 netif_stop_queue(priv->dev); 342 netif_carrier_off(priv->dev); 343 } 344 } else { 345 netdev_err(priv->dev, "deep sleep: already enabled\n"); 346 } 347 } else { 348 if (priv->is_deep_sleep) { 349 lbs_deb_cmd("deep sleep: wakeup\n"); 350 BUG_ON(!priv->exit_deep_sleep); 351 ret = priv->exit_deep_sleep(priv); 352 if (!ret) { 353 ret = lbs_wait_for_ds_awake(priv); 354 if (ret) 355 netdev_err(priv->dev, 356 "deep sleep: wakeup failed\n"); 357 } 358 } 359 } 360 361 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 362 return ret; 363 } 364 365 static int lbs_ret_host_sleep_activate(struct lbs_private *priv, 366 unsigned long dummy, 367 struct cmd_header *cmd) 368 { 369 lbs_deb_enter(LBS_DEB_FW); 370 priv->is_host_sleep_activated = 1; 371 wake_up_interruptible(&priv->host_sleep_q); 372 lbs_deb_leave(LBS_DEB_FW); 373 return 0; 374 } 375 376 int lbs_set_host_sleep(struct lbs_private *priv, int host_sleep) 377 { 378 struct cmd_header cmd; 379 int ret = 0; 380 uint32_t criteria = EHS_REMOVE_WAKEUP; 381 382 lbs_deb_enter(LBS_DEB_CMD); 383 384 if (host_sleep) { 385 if (priv->is_host_sleep_activated != 1) { 386 memset(&cmd, 0, sizeof(cmd)); 387 ret = lbs_host_sleep_cfg(priv, priv->wol_criteria, 388 (struct wol_config *)NULL); 389 if (ret) { 390 netdev_info(priv->dev, 391 "Host sleep configuration failed: %d\n", 392 ret); 393 return ret; 394 } 395 if (priv->psstate == PS_STATE_FULL_POWER) { 396 ret = __lbs_cmd(priv, 397 CMD_802_11_HOST_SLEEP_ACTIVATE, 398 &cmd, 399 sizeof(cmd), 400 lbs_ret_host_sleep_activate, 0); 401 if (ret) 402 netdev_info(priv->dev, 403 "HOST_SLEEP_ACTIVATE failed: %d\n", 404 ret); 405 } 406 407 if (!wait_event_interruptible_timeout( 408 priv->host_sleep_q, 409 priv->is_host_sleep_activated, 410 (10 * HZ))) { 411 netdev_err(priv->dev, 412 "host_sleep_q: timer expired\n"); 413 ret = -1; 414 } 415 } else { 416 netdev_err(priv->dev, "host sleep: already enabled\n"); 417 } 418 } else { 419 if (priv->is_host_sleep_activated) 420 ret = lbs_host_sleep_cfg(priv, criteria, 421 (struct wol_config *)NULL); 422 } 423 424 return ret; 425 } 426 427 /** 428 * lbs_set_snmp_mib - Set an SNMP MIB value 429 * 430 * @priv: A pointer to &struct lbs_private structure 431 * @oid: The OID to set in the firmware 432 * @val: Value to set the OID to 433 * 434 * returns: 0 on success, error on failure 435 */ 436 int lbs_set_snmp_mib(struct lbs_private *priv, u32 oid, u16 val) 437 { 438 struct cmd_ds_802_11_snmp_mib cmd; 439 int ret; 440 441 lbs_deb_enter(LBS_DEB_CMD); 442 443 memset(&cmd, 0, sizeof (cmd)); 444 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 445 cmd.action = cpu_to_le16(CMD_ACT_SET); 446 cmd.oid = cpu_to_le16((u16) oid); 447 448 switch (oid) { 449 case SNMP_MIB_OID_BSS_TYPE: 450 cmd.bufsize = cpu_to_le16(sizeof(u8)); 451 cmd.value[0] = val; 452 break; 453 case SNMP_MIB_OID_11D_ENABLE: 454 case SNMP_MIB_OID_FRAG_THRESHOLD: 455 case SNMP_MIB_OID_RTS_THRESHOLD: 456 case SNMP_MIB_OID_SHORT_RETRY_LIMIT: 457 case SNMP_MIB_OID_LONG_RETRY_LIMIT: 458 cmd.bufsize = cpu_to_le16(sizeof(u16)); 459 *((__le16 *)(&cmd.value)) = cpu_to_le16(val); 460 break; 461 default: 462 lbs_deb_cmd("SNMP_CMD: (set) unhandled OID 0x%x\n", oid); 463 ret = -EINVAL; 464 goto out; 465 } 466 467 lbs_deb_cmd("SNMP_CMD: (set) oid 0x%x, oid size 0x%x, value 0x%x\n", 468 le16_to_cpu(cmd.oid), le16_to_cpu(cmd.bufsize), val); 469 470 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 471 472 out: 473 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 474 return ret; 475 } 476 477 /** 478 * lbs_get_snmp_mib - Get an SNMP MIB value 479 * 480 * @priv: A pointer to &struct lbs_private structure 481 * @oid: The OID to retrieve from the firmware 482 * @out_val: Location for the returned value 483 * 484 * returns: 0 on success, error on failure 485 */ 486 int lbs_get_snmp_mib(struct lbs_private *priv, u32 oid, u16 *out_val) 487 { 488 struct cmd_ds_802_11_snmp_mib cmd; 489 int ret; 490 491 lbs_deb_enter(LBS_DEB_CMD); 492 493 memset(&cmd, 0, sizeof (cmd)); 494 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 495 cmd.action = cpu_to_le16(CMD_ACT_GET); 496 cmd.oid = cpu_to_le16(oid); 497 498 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 499 if (ret) 500 goto out; 501 502 switch (le16_to_cpu(cmd.bufsize)) { 503 case sizeof(u8): 504 *out_val = cmd.value[0]; 505 break; 506 case sizeof(u16): 507 *out_val = le16_to_cpu(*((__le16 *)(&cmd.value))); 508 break; 509 default: 510 lbs_deb_cmd("SNMP_CMD: (get) unhandled OID 0x%x size %d\n", 511 oid, le16_to_cpu(cmd.bufsize)); 512 break; 513 } 514 515 out: 516 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 517 return ret; 518 } 519 520 /** 521 * lbs_get_tx_power - Get the min, max, and current TX power 522 * 523 * @priv: A pointer to &struct lbs_private structure 524 * @curlevel: Current power level in dBm 525 * @minlevel: Minimum supported power level in dBm (optional) 526 * @maxlevel: Maximum supported power level in dBm (optional) 527 * 528 * returns: 0 on success, error on failure 529 */ 530 int lbs_get_tx_power(struct lbs_private *priv, s16 *curlevel, s16 *minlevel, 531 s16 *maxlevel) 532 { 533 struct cmd_ds_802_11_rf_tx_power cmd; 534 int ret; 535 536 lbs_deb_enter(LBS_DEB_CMD); 537 538 memset(&cmd, 0, sizeof(cmd)); 539 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 540 cmd.action = cpu_to_le16(CMD_ACT_GET); 541 542 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 543 if (ret == 0) { 544 *curlevel = le16_to_cpu(cmd.curlevel); 545 if (minlevel) 546 *minlevel = cmd.minlevel; 547 if (maxlevel) 548 *maxlevel = cmd.maxlevel; 549 } 550 551 lbs_deb_leave(LBS_DEB_CMD); 552 return ret; 553 } 554 555 /** 556 * lbs_set_tx_power - Set the TX power 557 * 558 * @priv: A pointer to &struct lbs_private structure 559 * @dbm: The desired power level in dBm 560 * 561 * returns: 0 on success, error on failure 562 */ 563 int lbs_set_tx_power(struct lbs_private *priv, s16 dbm) 564 { 565 struct cmd_ds_802_11_rf_tx_power cmd; 566 int ret; 567 568 lbs_deb_enter(LBS_DEB_CMD); 569 570 memset(&cmd, 0, sizeof(cmd)); 571 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 572 cmd.action = cpu_to_le16(CMD_ACT_SET); 573 cmd.curlevel = cpu_to_le16(dbm); 574 575 lbs_deb_cmd("SET_RF_TX_POWER: %d dBm\n", dbm); 576 577 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 578 579 lbs_deb_leave(LBS_DEB_CMD); 580 return ret; 581 } 582 583 /** 584 * lbs_set_monitor_mode - Enable or disable monitor mode 585 * (only implemented on OLPC usb8388 FW) 586 * 587 * @priv: A pointer to &struct lbs_private structure 588 * @enable: 1 to enable monitor mode, 0 to disable 589 * 590 * returns: 0 on success, error on failure 591 */ 592 int lbs_set_monitor_mode(struct lbs_private *priv, int enable) 593 { 594 struct cmd_ds_802_11_monitor_mode cmd; 595 int ret; 596 597 memset(&cmd, 0, sizeof(cmd)); 598 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 599 cmd.action = cpu_to_le16(CMD_ACT_SET); 600 if (enable) 601 cmd.mode = cpu_to_le16(0x1); 602 603 lbs_deb_cmd("SET_MONITOR_MODE: %d\n", enable); 604 605 ret = lbs_cmd_with_response(priv, CMD_802_11_MONITOR_MODE, &cmd); 606 if (ret == 0) { 607 priv->dev->type = enable ? ARPHRD_IEEE80211_RADIOTAP : 608 ARPHRD_ETHER; 609 } 610 611 lbs_deb_leave(LBS_DEB_CMD); 612 return ret; 613 } 614 615 /** 616 * lbs_get_channel - Get the radio channel 617 * 618 * @priv: A pointer to &struct lbs_private structure 619 * 620 * returns: The channel on success, error on failure 621 */ 622 static int lbs_get_channel(struct lbs_private *priv) 623 { 624 struct cmd_ds_802_11_rf_channel cmd; 625 int ret = 0; 626 627 lbs_deb_enter(LBS_DEB_CMD); 628 629 memset(&cmd, 0, sizeof(cmd)); 630 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 631 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_GET); 632 633 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 634 if (ret) 635 goto out; 636 637 ret = le16_to_cpu(cmd.channel); 638 lbs_deb_cmd("current radio channel is %d\n", ret); 639 640 out: 641 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 642 return ret; 643 } 644 645 int lbs_update_channel(struct lbs_private *priv) 646 { 647 int ret; 648 649 /* the channel in f/w could be out of sync; get the current channel */ 650 lbs_deb_enter(LBS_DEB_ASSOC); 651 652 ret = lbs_get_channel(priv); 653 if (ret > 0) { 654 priv->channel = ret; 655 ret = 0; 656 } 657 lbs_deb_leave_args(LBS_DEB_ASSOC, "ret %d", ret); 658 return ret; 659 } 660 661 /** 662 * lbs_set_channel - Set the radio channel 663 * 664 * @priv: A pointer to &struct lbs_private structure 665 * @channel: The desired channel, or 0 to clear a locked channel 666 * 667 * returns: 0 on success, error on failure 668 */ 669 int lbs_set_channel(struct lbs_private *priv, u8 channel) 670 { 671 struct cmd_ds_802_11_rf_channel cmd; 672 #ifdef DEBUG 673 u8 old_channel = priv->channel; 674 #endif 675 int ret = 0; 676 677 lbs_deb_enter(LBS_DEB_CMD); 678 679 memset(&cmd, 0, sizeof(cmd)); 680 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 681 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_SET); 682 cmd.channel = cpu_to_le16(channel); 683 684 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 685 if (ret) 686 goto out; 687 688 priv->channel = (uint8_t) le16_to_cpu(cmd.channel); 689 lbs_deb_cmd("channel switch from %d to %d\n", old_channel, 690 priv->channel); 691 692 out: 693 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 694 return ret; 695 } 696 697 /** 698 * lbs_get_rssi - Get current RSSI and noise floor 699 * 700 * @priv: A pointer to &struct lbs_private structure 701 * @rssi: On successful return, signal level in mBm 702 * @nf: On successful return, Noise floor 703 * 704 * returns: The channel on success, error on failure 705 */ 706 int lbs_get_rssi(struct lbs_private *priv, s8 *rssi, s8 *nf) 707 { 708 struct cmd_ds_802_11_rssi cmd; 709 int ret = 0; 710 711 lbs_deb_enter(LBS_DEB_CMD); 712 713 BUG_ON(rssi == NULL); 714 BUG_ON(nf == NULL); 715 716 memset(&cmd, 0, sizeof(cmd)); 717 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 718 /* Average SNR over last 8 beacons */ 719 cmd.n_or_snr = cpu_to_le16(8); 720 721 ret = lbs_cmd_with_response(priv, CMD_802_11_RSSI, &cmd); 722 if (ret == 0) { 723 *nf = CAL_NF(le16_to_cpu(cmd.nf)); 724 *rssi = CAL_RSSI(le16_to_cpu(cmd.n_or_snr), le16_to_cpu(cmd.nf)); 725 } 726 727 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 728 return ret; 729 } 730 731 /** 732 * lbs_set_11d_domain_info - Send regulatory and 802.11d domain information 733 * to the firmware 734 * 735 * @priv: pointer to &struct lbs_private 736 * 737 * returns: 0 on success, error code on failure 738 */ 739 int lbs_set_11d_domain_info(struct lbs_private *priv) 740 { 741 struct wiphy *wiphy = priv->wdev->wiphy; 742 struct ieee80211_supported_band **bands = wiphy->bands; 743 struct cmd_ds_802_11d_domain_info cmd; 744 struct mrvl_ie_domain_param_set *domain = &cmd.domain; 745 struct ieee80211_country_ie_triplet *t; 746 enum ieee80211_band band; 747 struct ieee80211_channel *ch; 748 u8 num_triplet = 0; 749 u8 num_parsed_chan = 0; 750 u8 first_channel = 0, next_chan = 0, max_pwr = 0; 751 u8 i, flag = 0; 752 size_t triplet_size; 753 int ret = 0; 754 755 lbs_deb_enter(LBS_DEB_11D); 756 if (!priv->country_code[0]) 757 goto out; 758 759 memset(&cmd, 0, sizeof(cmd)); 760 cmd.action = cpu_to_le16(CMD_ACT_SET); 761 762 lbs_deb_11d("Setting country code '%c%c'\n", 763 priv->country_code[0], priv->country_code[1]); 764 765 domain->header.type = cpu_to_le16(TLV_TYPE_DOMAIN); 766 767 /* Set country code */ 768 domain->country_code[0] = priv->country_code[0]; 769 domain->country_code[1] = priv->country_code[1]; 770 domain->country_code[2] = ' '; 771 772 /* Now set up the channel triplets; firmware is somewhat picky here 773 * and doesn't validate channel numbers and spans; hence it would 774 * interpret a triplet of (36, 4, 20) as channels 36, 37, 38, 39. Since 775 * the last 3 aren't valid channels, the driver is responsible for 776 * splitting that up into 4 triplet pairs of (36, 1, 20) + (40, 1, 20) 777 * etc. 778 */ 779 for (band = 0; 780 (band < IEEE80211_NUM_BANDS) && (num_triplet < MAX_11D_TRIPLETS); 781 band++) { 782 783 if (!bands[band]) 784 continue; 785 786 for (i = 0; 787 (i < bands[band]->n_channels) && (num_triplet < MAX_11D_TRIPLETS); 788 i++) { 789 ch = &bands[band]->channels[i]; 790 if (ch->flags & IEEE80211_CHAN_DISABLED) 791 continue; 792 793 if (!flag) { 794 flag = 1; 795 next_chan = first_channel = (u32) ch->hw_value; 796 max_pwr = ch->max_power; 797 num_parsed_chan = 1; 798 continue; 799 } 800 801 if ((ch->hw_value == next_chan + 1) && 802 (ch->max_power == max_pwr)) { 803 /* Consolidate adjacent channels */ 804 next_chan++; 805 num_parsed_chan++; 806 } else { 807 /* Add this triplet */ 808 lbs_deb_11d("11D triplet (%d, %d, %d)\n", 809 first_channel, num_parsed_chan, 810 max_pwr); 811 t = &domain->triplet[num_triplet]; 812 t->chans.first_channel = first_channel; 813 t->chans.num_channels = num_parsed_chan; 814 t->chans.max_power = max_pwr; 815 num_triplet++; 816 flag = 0; 817 } 818 } 819 820 if (flag) { 821 /* Add last triplet */ 822 lbs_deb_11d("11D triplet (%d, %d, %d)\n", first_channel, 823 num_parsed_chan, max_pwr); 824 t = &domain->triplet[num_triplet]; 825 t->chans.first_channel = first_channel; 826 t->chans.num_channels = num_parsed_chan; 827 t->chans.max_power = max_pwr; 828 num_triplet++; 829 } 830 } 831 832 lbs_deb_11d("# triplets %d\n", num_triplet); 833 834 /* Set command header sizes */ 835 triplet_size = num_triplet * sizeof(struct ieee80211_country_ie_triplet); 836 domain->header.len = cpu_to_le16(sizeof(domain->country_code) + 837 triplet_size); 838 839 lbs_deb_hex(LBS_DEB_11D, "802.11D domain param set", 840 (u8 *) &cmd.domain.country_code, 841 le16_to_cpu(domain->header.len)); 842 843 cmd.hdr.size = cpu_to_le16(sizeof(cmd.hdr) + 844 sizeof(cmd.action) + 845 sizeof(cmd.domain.header) + 846 sizeof(cmd.domain.country_code) + 847 triplet_size); 848 849 ret = lbs_cmd_with_response(priv, CMD_802_11D_DOMAIN_INFO, &cmd); 850 851 out: 852 lbs_deb_leave_args(LBS_DEB_11D, "ret %d", ret); 853 return ret; 854 } 855 856 /** 857 * lbs_get_reg - Read a MAC, Baseband, or RF register 858 * 859 * @priv: pointer to &struct lbs_private 860 * @reg: register command, one of CMD_MAC_REG_ACCESS, 861 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 862 * @offset: byte offset of the register to get 863 * @value: on success, the value of the register at 'offset' 864 * 865 * returns: 0 on success, error code on failure 866 */ 867 int lbs_get_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 *value) 868 { 869 struct cmd_ds_reg_access cmd; 870 int ret = 0; 871 872 lbs_deb_enter(LBS_DEB_CMD); 873 874 BUG_ON(value == NULL); 875 876 memset(&cmd, 0, sizeof(cmd)); 877 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 878 cmd.action = cpu_to_le16(CMD_ACT_GET); 879 cmd.offset = cpu_to_le16(offset); 880 881 if (reg != CMD_MAC_REG_ACCESS && 882 reg != CMD_BBP_REG_ACCESS && 883 reg != CMD_RF_REG_ACCESS) { 884 ret = -EINVAL; 885 goto out; 886 } 887 888 ret = lbs_cmd_with_response(priv, reg, &cmd); 889 if (!ret) { 890 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 891 *value = cmd.value.bbp_rf; 892 else if (reg == CMD_MAC_REG_ACCESS) 893 *value = le32_to_cpu(cmd.value.mac); 894 } 895 896 out: 897 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 898 return ret; 899 } 900 901 /** 902 * lbs_set_reg - Write a MAC, Baseband, or RF register 903 * 904 * @priv: pointer to &struct lbs_private 905 * @reg: register command, one of CMD_MAC_REG_ACCESS, 906 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 907 * @offset: byte offset of the register to set 908 * @value: the value to write to the register at 'offset' 909 * 910 * returns: 0 on success, error code on failure 911 */ 912 int lbs_set_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 value) 913 { 914 struct cmd_ds_reg_access cmd; 915 int ret = 0; 916 917 lbs_deb_enter(LBS_DEB_CMD); 918 919 memset(&cmd, 0, sizeof(cmd)); 920 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 921 cmd.action = cpu_to_le16(CMD_ACT_SET); 922 cmd.offset = cpu_to_le16(offset); 923 924 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 925 cmd.value.bbp_rf = (u8) (value & 0xFF); 926 else if (reg == CMD_MAC_REG_ACCESS) 927 cmd.value.mac = cpu_to_le32(value); 928 else { 929 ret = -EINVAL; 930 goto out; 931 } 932 933 ret = lbs_cmd_with_response(priv, reg, &cmd); 934 935 out: 936 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 937 return ret; 938 } 939 940 static void lbs_queue_cmd(struct lbs_private *priv, 941 struct cmd_ctrl_node *cmdnode) 942 { 943 unsigned long flags; 944 int addtail = 1; 945 946 lbs_deb_enter(LBS_DEB_HOST); 947 948 if (!cmdnode) { 949 lbs_deb_host("QUEUE_CMD: cmdnode is NULL\n"); 950 goto done; 951 } 952 if (!cmdnode->cmdbuf->size) { 953 lbs_deb_host("DNLD_CMD: cmd size is zero\n"); 954 goto done; 955 } 956 cmdnode->result = 0; 957 958 /* Exit_PS command needs to be queued in the header always. */ 959 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) { 960 struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf; 961 962 if (psm->action == cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 963 if (priv->psstate != PS_STATE_FULL_POWER) 964 addtail = 0; 965 } 966 } 967 968 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_WAKEUP_CONFIRM) 969 addtail = 0; 970 971 spin_lock_irqsave(&priv->driver_lock, flags); 972 973 if (addtail) 974 list_add_tail(&cmdnode->list, &priv->cmdpendingq); 975 else 976 list_add(&cmdnode->list, &priv->cmdpendingq); 977 978 spin_unlock_irqrestore(&priv->driver_lock, flags); 979 980 lbs_deb_host("QUEUE_CMD: inserted command 0x%04x into cmdpendingq\n", 981 le16_to_cpu(cmdnode->cmdbuf->command)); 982 983 done: 984 lbs_deb_leave(LBS_DEB_HOST); 985 } 986 987 static void lbs_submit_command(struct lbs_private *priv, 988 struct cmd_ctrl_node *cmdnode) 989 { 990 unsigned long flags; 991 struct cmd_header *cmd; 992 uint16_t cmdsize; 993 uint16_t command; 994 int timeo = 3 * HZ; 995 int ret; 996 997 lbs_deb_enter(LBS_DEB_HOST); 998 999 cmd = cmdnode->cmdbuf; 1000 1001 spin_lock_irqsave(&priv->driver_lock, flags); 1002 priv->seqnum++; 1003 cmd->seqnum = cpu_to_le16(priv->seqnum); 1004 priv->cur_cmd = cmdnode; 1005 spin_unlock_irqrestore(&priv->driver_lock, flags); 1006 1007 cmdsize = le16_to_cpu(cmd->size); 1008 command = le16_to_cpu(cmd->command); 1009 1010 /* These commands take longer */ 1011 if (command == CMD_802_11_SCAN || command == CMD_802_11_ASSOCIATE) 1012 timeo = 5 * HZ; 1013 1014 lbs_deb_cmd("DNLD_CMD: command 0x%04x, seq %d, size %d\n", 1015 command, le16_to_cpu(cmd->seqnum), cmdsize); 1016 lbs_deb_hex(LBS_DEB_CMD, "DNLD_CMD", (void *) cmdnode->cmdbuf, cmdsize); 1017 1018 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) cmd, cmdsize); 1019 1020 if (ret) { 1021 netdev_info(priv->dev, "DNLD_CMD: hw_host_to_card failed: %d\n", 1022 ret); 1023 /* Reset dnld state machine, report failure */ 1024 priv->dnld_sent = DNLD_RES_RECEIVED; 1025 lbs_complete_command(priv, cmdnode, ret); 1026 } 1027 1028 if (command == CMD_802_11_DEEP_SLEEP) { 1029 if (priv->is_auto_deep_sleep_enabled) { 1030 priv->wakeup_dev_required = 1; 1031 priv->dnld_sent = 0; 1032 } 1033 priv->is_deep_sleep = 1; 1034 lbs_complete_command(priv, cmdnode, 0); 1035 } else { 1036 /* Setup the timer after transmit command */ 1037 mod_timer(&priv->command_timer, jiffies + timeo); 1038 } 1039 1040 lbs_deb_leave(LBS_DEB_HOST); 1041 } 1042 1043 /* 1044 * This function inserts command node to cmdfreeq 1045 * after cleans it. Requires priv->driver_lock held. 1046 */ 1047 static void __lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1048 struct cmd_ctrl_node *cmdnode) 1049 { 1050 lbs_deb_enter(LBS_DEB_HOST); 1051 1052 if (!cmdnode) 1053 goto out; 1054 1055 cmdnode->callback = NULL; 1056 cmdnode->callback_arg = 0; 1057 1058 memset(cmdnode->cmdbuf, 0, LBS_CMD_BUFFER_SIZE); 1059 1060 list_add_tail(&cmdnode->list, &priv->cmdfreeq); 1061 out: 1062 lbs_deb_leave(LBS_DEB_HOST); 1063 } 1064 1065 static void lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1066 struct cmd_ctrl_node *ptempcmd) 1067 { 1068 unsigned long flags; 1069 1070 spin_lock_irqsave(&priv->driver_lock, flags); 1071 __lbs_cleanup_and_insert_cmd(priv, ptempcmd); 1072 spin_unlock_irqrestore(&priv->driver_lock, flags); 1073 } 1074 1075 void __lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1076 int result) 1077 { 1078 /* 1079 * Normally, commands are removed from cmdpendingq before being 1080 * submitted. However, we can arrive here on alternative codepaths 1081 * where the command is still pending. Make sure the command really 1082 * isn't part of a list at this point. 1083 */ 1084 list_del_init(&cmd->list); 1085 1086 cmd->result = result; 1087 cmd->cmdwaitqwoken = 1; 1088 wake_up(&cmd->cmdwait_q); 1089 1090 if (!cmd->callback || cmd->callback == lbs_cmd_async_callback) 1091 __lbs_cleanup_and_insert_cmd(priv, cmd); 1092 priv->cur_cmd = NULL; 1093 wake_up(&priv->waitq); 1094 } 1095 1096 void lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1097 int result) 1098 { 1099 unsigned long flags; 1100 spin_lock_irqsave(&priv->driver_lock, flags); 1101 __lbs_complete_command(priv, cmd, result); 1102 spin_unlock_irqrestore(&priv->driver_lock, flags); 1103 } 1104 1105 int lbs_set_radio(struct lbs_private *priv, u8 preamble, u8 radio_on) 1106 { 1107 struct cmd_ds_802_11_radio_control cmd; 1108 int ret = -EINVAL; 1109 1110 lbs_deb_enter(LBS_DEB_CMD); 1111 1112 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1113 cmd.action = cpu_to_le16(CMD_ACT_SET); 1114 cmd.control = 0; 1115 1116 /* Only v8 and below support setting the preamble */ 1117 if (priv->fwrelease < 0x09000000) { 1118 switch (preamble) { 1119 case RADIO_PREAMBLE_SHORT: 1120 case RADIO_PREAMBLE_AUTO: 1121 case RADIO_PREAMBLE_LONG: 1122 cmd.control = cpu_to_le16(preamble); 1123 break; 1124 default: 1125 goto out; 1126 } 1127 } 1128 1129 if (radio_on) 1130 cmd.control |= cpu_to_le16(0x1); 1131 else { 1132 cmd.control &= cpu_to_le16(~0x1); 1133 priv->txpower_cur = 0; 1134 } 1135 1136 lbs_deb_cmd("RADIO_CONTROL: radio %s, preamble %d\n", 1137 radio_on ? "ON" : "OFF", preamble); 1138 1139 priv->radio_on = radio_on; 1140 1141 ret = lbs_cmd_with_response(priv, CMD_802_11_RADIO_CONTROL, &cmd); 1142 1143 out: 1144 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1145 return ret; 1146 } 1147 1148 void lbs_set_mac_control(struct lbs_private *priv) 1149 { 1150 struct cmd_ds_mac_control cmd; 1151 1152 lbs_deb_enter(LBS_DEB_CMD); 1153 1154 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1155 cmd.action = cpu_to_le16(priv->mac_control); 1156 cmd.reserved = 0; 1157 1158 lbs_cmd_async(priv, CMD_MAC_CONTROL, &cmd.hdr, sizeof(cmd)); 1159 1160 lbs_deb_leave(LBS_DEB_CMD); 1161 } 1162 1163 int lbs_set_mac_control_sync(struct lbs_private *priv) 1164 { 1165 struct cmd_ds_mac_control cmd; 1166 int ret = 0; 1167 1168 lbs_deb_enter(LBS_DEB_CMD); 1169 1170 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1171 cmd.action = cpu_to_le16(priv->mac_control); 1172 cmd.reserved = 0; 1173 ret = lbs_cmd_with_response(priv, CMD_MAC_CONTROL, &cmd); 1174 1175 lbs_deb_leave(LBS_DEB_CMD); 1176 return ret; 1177 } 1178 1179 /** 1180 * lbs_allocate_cmd_buffer - allocates the command buffer and links 1181 * it to command free queue 1182 * 1183 * @priv: A pointer to &struct lbs_private structure 1184 * 1185 * returns: 0 for success or -1 on error 1186 */ 1187 int lbs_allocate_cmd_buffer(struct lbs_private *priv) 1188 { 1189 int ret = 0; 1190 u32 bufsize; 1191 u32 i; 1192 struct cmd_ctrl_node *cmdarray; 1193 1194 lbs_deb_enter(LBS_DEB_HOST); 1195 1196 /* Allocate and initialize the command array */ 1197 bufsize = sizeof(struct cmd_ctrl_node) * LBS_NUM_CMD_BUFFERS; 1198 if (!(cmdarray = kzalloc(bufsize, GFP_KERNEL))) { 1199 lbs_deb_host("ALLOC_CMD_BUF: tempcmd_array is NULL\n"); 1200 ret = -1; 1201 goto done; 1202 } 1203 priv->cmd_array = cmdarray; 1204 1205 /* Allocate and initialize each command buffer in the command array */ 1206 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1207 cmdarray[i].cmdbuf = kzalloc(LBS_CMD_BUFFER_SIZE, GFP_KERNEL); 1208 if (!cmdarray[i].cmdbuf) { 1209 lbs_deb_host("ALLOC_CMD_BUF: ptempvirtualaddr is NULL\n"); 1210 ret = -1; 1211 goto done; 1212 } 1213 } 1214 1215 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1216 init_waitqueue_head(&cmdarray[i].cmdwait_q); 1217 lbs_cleanup_and_insert_cmd(priv, &cmdarray[i]); 1218 } 1219 ret = 0; 1220 1221 done: 1222 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1223 return ret; 1224 } 1225 1226 /** 1227 * lbs_free_cmd_buffer - free the command buffer 1228 * 1229 * @priv: A pointer to &struct lbs_private structure 1230 * 1231 * returns: 0 for success 1232 */ 1233 int lbs_free_cmd_buffer(struct lbs_private *priv) 1234 { 1235 struct cmd_ctrl_node *cmdarray; 1236 unsigned int i; 1237 1238 lbs_deb_enter(LBS_DEB_HOST); 1239 1240 /* need to check if cmd array is allocated or not */ 1241 if (priv->cmd_array == NULL) { 1242 lbs_deb_host("FREE_CMD_BUF: cmd_array is NULL\n"); 1243 goto done; 1244 } 1245 1246 cmdarray = priv->cmd_array; 1247 1248 /* Release shared memory buffers */ 1249 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1250 if (cmdarray[i].cmdbuf) { 1251 kfree(cmdarray[i].cmdbuf); 1252 cmdarray[i].cmdbuf = NULL; 1253 } 1254 } 1255 1256 /* Release cmd_ctrl_node */ 1257 if (priv->cmd_array) { 1258 kfree(priv->cmd_array); 1259 priv->cmd_array = NULL; 1260 } 1261 1262 done: 1263 lbs_deb_leave(LBS_DEB_HOST); 1264 return 0; 1265 } 1266 1267 /** 1268 * lbs_get_free_cmd_node - gets a free command node if available in 1269 * command free queue 1270 * 1271 * @priv: A pointer to &struct lbs_private structure 1272 * 1273 * returns: A pointer to &cmd_ctrl_node structure on success 1274 * or %NULL on error 1275 */ 1276 static struct cmd_ctrl_node *lbs_get_free_cmd_node(struct lbs_private *priv) 1277 { 1278 struct cmd_ctrl_node *tempnode; 1279 unsigned long flags; 1280 1281 lbs_deb_enter(LBS_DEB_HOST); 1282 1283 if (!priv) 1284 return NULL; 1285 1286 spin_lock_irqsave(&priv->driver_lock, flags); 1287 1288 if (!list_empty(&priv->cmdfreeq)) { 1289 tempnode = list_first_entry(&priv->cmdfreeq, 1290 struct cmd_ctrl_node, list); 1291 list_del_init(&tempnode->list); 1292 } else { 1293 lbs_deb_host("GET_CMD_NODE: cmd_ctrl_node is not available\n"); 1294 tempnode = NULL; 1295 } 1296 1297 spin_unlock_irqrestore(&priv->driver_lock, flags); 1298 1299 lbs_deb_leave(LBS_DEB_HOST); 1300 return tempnode; 1301 } 1302 1303 /** 1304 * lbs_execute_next_command - execute next command in command 1305 * pending queue. Will put firmware back to PS mode if applicable. 1306 * 1307 * @priv: A pointer to &struct lbs_private structure 1308 * 1309 * returns: 0 on success or -1 on error 1310 */ 1311 int lbs_execute_next_command(struct lbs_private *priv) 1312 { 1313 struct cmd_ctrl_node *cmdnode = NULL; 1314 struct cmd_header *cmd; 1315 unsigned long flags; 1316 int ret = 0; 1317 1318 /* Debug group is LBS_DEB_THREAD and not LBS_DEB_HOST, because the 1319 * only caller to us is lbs_thread() and we get even when a 1320 * data packet is received */ 1321 lbs_deb_enter(LBS_DEB_THREAD); 1322 1323 spin_lock_irqsave(&priv->driver_lock, flags); 1324 1325 if (priv->cur_cmd) { 1326 netdev_alert(priv->dev, 1327 "EXEC_NEXT_CMD: already processing command!\n"); 1328 spin_unlock_irqrestore(&priv->driver_lock, flags); 1329 ret = -1; 1330 goto done; 1331 } 1332 1333 if (!list_empty(&priv->cmdpendingq)) { 1334 cmdnode = list_first_entry(&priv->cmdpendingq, 1335 struct cmd_ctrl_node, list); 1336 } 1337 1338 spin_unlock_irqrestore(&priv->driver_lock, flags); 1339 1340 if (cmdnode) { 1341 cmd = cmdnode->cmdbuf; 1342 1343 if (is_command_allowed_in_ps(le16_to_cpu(cmd->command))) { 1344 if ((priv->psstate == PS_STATE_SLEEP) || 1345 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1346 lbs_deb_host( 1347 "EXEC_NEXT_CMD: cannot send cmd 0x%04x in psstate %d\n", 1348 le16_to_cpu(cmd->command), 1349 priv->psstate); 1350 ret = -1; 1351 goto done; 1352 } 1353 lbs_deb_host("EXEC_NEXT_CMD: OK to send command " 1354 "0x%04x in psstate %d\n", 1355 le16_to_cpu(cmd->command), priv->psstate); 1356 } else if (priv->psstate != PS_STATE_FULL_POWER) { 1357 /* 1358 * 1. Non-PS command: 1359 * Queue it. set needtowakeup to TRUE if current state 1360 * is SLEEP, otherwise call send EXIT_PS. 1361 * 2. PS command but not EXIT_PS: 1362 * Ignore it. 1363 * 3. PS command EXIT_PS: 1364 * Set needtowakeup to TRUE if current state is SLEEP, 1365 * otherwise send this command down to firmware 1366 * immediately. 1367 */ 1368 if (cmd->command != cpu_to_le16(CMD_802_11_PS_MODE)) { 1369 /* Prepare to send Exit PS, 1370 * this non PS command will be sent later */ 1371 if ((priv->psstate == PS_STATE_SLEEP) 1372 || (priv->psstate == PS_STATE_PRE_SLEEP) 1373 ) { 1374 /* w/ new scheme, it will not reach here. 1375 since it is blocked in main_thread. */ 1376 priv->needtowakeup = 1; 1377 } else { 1378 lbs_set_ps_mode(priv, 1379 PS_MODE_ACTION_EXIT_PS, 1380 false); 1381 } 1382 1383 ret = 0; 1384 goto done; 1385 } else { 1386 /* 1387 * PS command. Ignore it if it is not Exit_PS. 1388 * otherwise send it down immediately. 1389 */ 1390 struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1]; 1391 1392 lbs_deb_host( 1393 "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n", 1394 psm->action); 1395 if (psm->action != 1396 cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 1397 lbs_deb_host( 1398 "EXEC_NEXT_CMD: ignore ENTER_PS cmd\n"); 1399 lbs_complete_command(priv, cmdnode, 0); 1400 1401 ret = 0; 1402 goto done; 1403 } 1404 1405 if ((priv->psstate == PS_STATE_SLEEP) || 1406 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1407 lbs_deb_host( 1408 "EXEC_NEXT_CMD: ignore EXIT_PS cmd in sleep\n"); 1409 lbs_complete_command(priv, cmdnode, 0); 1410 priv->needtowakeup = 1; 1411 1412 ret = 0; 1413 goto done; 1414 } 1415 1416 lbs_deb_host( 1417 "EXEC_NEXT_CMD: sending EXIT_PS\n"); 1418 } 1419 } 1420 spin_lock_irqsave(&priv->driver_lock, flags); 1421 list_del_init(&cmdnode->list); 1422 spin_unlock_irqrestore(&priv->driver_lock, flags); 1423 lbs_deb_host("EXEC_NEXT_CMD: sending command 0x%04x\n", 1424 le16_to_cpu(cmd->command)); 1425 lbs_submit_command(priv, cmdnode); 1426 } else { 1427 /* 1428 * check if in power save mode, if yes, put the device back 1429 * to PS mode 1430 */ 1431 #ifdef TODO 1432 /* 1433 * This was the old code for libertas+wext. Someone that 1434 * understands this beast should re-code it in a sane way. 1435 * 1436 * I actually don't understand why this is related to WPA 1437 * and to connection status, shouldn't powering should be 1438 * independ of such things? 1439 */ 1440 if ((priv->psmode != LBS802_11POWERMODECAM) && 1441 (priv->psstate == PS_STATE_FULL_POWER) && 1442 ((priv->connect_status == LBS_CONNECTED) || 1443 lbs_mesh_connected(priv))) { 1444 if (priv->secinfo.WPAenabled || 1445 priv->secinfo.WPA2enabled) { 1446 /* check for valid WPA group keys */ 1447 if (priv->wpa_mcast_key.len || 1448 priv->wpa_unicast_key.len) { 1449 lbs_deb_host( 1450 "EXEC_NEXT_CMD: WPA enabled and GTK_SET" 1451 " go back to PS_SLEEP"); 1452 lbs_set_ps_mode(priv, 1453 PS_MODE_ACTION_ENTER_PS, 1454 false); 1455 } 1456 } else { 1457 lbs_deb_host( 1458 "EXEC_NEXT_CMD: cmdpendingq empty, " 1459 "go back to PS_SLEEP"); 1460 lbs_set_ps_mode(priv, PS_MODE_ACTION_ENTER_PS, 1461 false); 1462 } 1463 } 1464 #endif 1465 } 1466 1467 ret = 0; 1468 done: 1469 lbs_deb_leave(LBS_DEB_THREAD); 1470 return ret; 1471 } 1472 1473 static void lbs_send_confirmsleep(struct lbs_private *priv) 1474 { 1475 unsigned long flags; 1476 int ret; 1477 1478 lbs_deb_enter(LBS_DEB_HOST); 1479 lbs_deb_hex(LBS_DEB_HOST, "sleep confirm", (u8 *) &confirm_sleep, 1480 sizeof(confirm_sleep)); 1481 1482 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) &confirm_sleep, 1483 sizeof(confirm_sleep)); 1484 if (ret) { 1485 netdev_alert(priv->dev, "confirm_sleep failed\n"); 1486 goto out; 1487 } 1488 1489 spin_lock_irqsave(&priv->driver_lock, flags); 1490 1491 /* We don't get a response on the sleep-confirmation */ 1492 priv->dnld_sent = DNLD_RES_RECEIVED; 1493 1494 if (priv->is_host_sleep_configured) { 1495 priv->is_host_sleep_activated = 1; 1496 wake_up_interruptible(&priv->host_sleep_q); 1497 } 1498 1499 /* If nothing to do, go back to sleep (?) */ 1500 if (!kfifo_len(&priv->event_fifo) && !priv->resp_len[priv->resp_idx]) 1501 priv->psstate = PS_STATE_SLEEP; 1502 1503 spin_unlock_irqrestore(&priv->driver_lock, flags); 1504 1505 out: 1506 lbs_deb_leave(LBS_DEB_HOST); 1507 } 1508 1509 /** 1510 * lbs_ps_confirm_sleep - checks condition and prepares to 1511 * send sleep confirm command to firmware if ok 1512 * 1513 * @priv: A pointer to &struct lbs_private structure 1514 * 1515 * returns: n/a 1516 */ 1517 void lbs_ps_confirm_sleep(struct lbs_private *priv) 1518 { 1519 unsigned long flags =0; 1520 int allowed = 1; 1521 1522 lbs_deb_enter(LBS_DEB_HOST); 1523 1524 spin_lock_irqsave(&priv->driver_lock, flags); 1525 if (priv->dnld_sent) { 1526 allowed = 0; 1527 lbs_deb_host("dnld_sent was set\n"); 1528 } 1529 1530 /* In-progress command? */ 1531 if (priv->cur_cmd) { 1532 allowed = 0; 1533 lbs_deb_host("cur_cmd was set\n"); 1534 } 1535 1536 /* Pending events or command responses? */ 1537 if (kfifo_len(&priv->event_fifo) || priv->resp_len[priv->resp_idx]) { 1538 allowed = 0; 1539 lbs_deb_host("pending events or command responses\n"); 1540 } 1541 spin_unlock_irqrestore(&priv->driver_lock, flags); 1542 1543 if (allowed) { 1544 lbs_deb_host("sending lbs_ps_confirm_sleep\n"); 1545 lbs_send_confirmsleep(priv); 1546 } else { 1547 lbs_deb_host("sleep confirm has been delayed\n"); 1548 } 1549 1550 lbs_deb_leave(LBS_DEB_HOST); 1551 } 1552 1553 1554 /** 1555 * lbs_set_tpc_cfg - Configures the transmission power control functionality 1556 * 1557 * @priv: A pointer to &struct lbs_private structure 1558 * @enable: Transmission power control enable 1559 * @p0: Power level when link quality is good (dBm). 1560 * @p1: Power level when link quality is fair (dBm). 1561 * @p2: Power level when link quality is poor (dBm). 1562 * @usesnr: Use Signal to Noise Ratio in TPC 1563 * 1564 * returns: 0 on success 1565 */ 1566 int lbs_set_tpc_cfg(struct lbs_private *priv, int enable, int8_t p0, int8_t p1, 1567 int8_t p2, int usesnr) 1568 { 1569 struct cmd_ds_802_11_tpc_cfg cmd; 1570 int ret; 1571 1572 memset(&cmd, 0, sizeof(cmd)); 1573 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1574 cmd.action = cpu_to_le16(CMD_ACT_SET); 1575 cmd.enable = !!enable; 1576 cmd.usesnr = !!usesnr; 1577 cmd.P0 = p0; 1578 cmd.P1 = p1; 1579 cmd.P2 = p2; 1580 1581 ret = lbs_cmd_with_response(priv, CMD_802_11_TPC_CFG, &cmd); 1582 1583 return ret; 1584 } 1585 1586 /** 1587 * lbs_set_power_adapt_cfg - Configures the power adaptation settings 1588 * 1589 * @priv: A pointer to &struct lbs_private structure 1590 * @enable: Power adaptation enable 1591 * @p0: Power level for 1, 2, 5.5 and 11 Mbps (dBm). 1592 * @p1: Power level for 6, 9, 12, 18, 22, 24 and 36 Mbps (dBm). 1593 * @p2: Power level for 48 and 54 Mbps (dBm). 1594 * 1595 * returns: 0 on Success 1596 */ 1597 1598 int lbs_set_power_adapt_cfg(struct lbs_private *priv, int enable, int8_t p0, 1599 int8_t p1, int8_t p2) 1600 { 1601 struct cmd_ds_802_11_pa_cfg cmd; 1602 int ret; 1603 1604 memset(&cmd, 0, sizeof(cmd)); 1605 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1606 cmd.action = cpu_to_le16(CMD_ACT_SET); 1607 cmd.enable = !!enable; 1608 cmd.P0 = p0; 1609 cmd.P1 = p1; 1610 cmd.P2 = p2; 1611 1612 ret = lbs_cmd_with_response(priv, CMD_802_11_PA_CFG , &cmd); 1613 1614 return ret; 1615 } 1616 1617 1618 struct cmd_ctrl_node *__lbs_cmd_async(struct lbs_private *priv, 1619 uint16_t command, struct cmd_header *in_cmd, int in_cmd_size, 1620 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1621 unsigned long callback_arg) 1622 { 1623 struct cmd_ctrl_node *cmdnode; 1624 1625 lbs_deb_enter(LBS_DEB_HOST); 1626 1627 if (priv->surpriseremoved) { 1628 lbs_deb_host("PREP_CMD: card removed\n"); 1629 cmdnode = ERR_PTR(-ENOENT); 1630 goto done; 1631 } 1632 1633 /* No commands are allowed in Deep Sleep until we toggle the GPIO 1634 * to wake up the card and it has signaled that it's ready. 1635 */ 1636 if (!priv->is_auto_deep_sleep_enabled) { 1637 if (priv->is_deep_sleep) { 1638 lbs_deb_cmd("command not allowed in deep sleep\n"); 1639 cmdnode = ERR_PTR(-EBUSY); 1640 goto done; 1641 } 1642 } 1643 1644 cmdnode = lbs_get_free_cmd_node(priv); 1645 if (cmdnode == NULL) { 1646 lbs_deb_host("PREP_CMD: cmdnode is NULL\n"); 1647 1648 /* Wake up main thread to execute next command */ 1649 wake_up(&priv->waitq); 1650 cmdnode = ERR_PTR(-ENOBUFS); 1651 goto done; 1652 } 1653 1654 cmdnode->callback = callback; 1655 cmdnode->callback_arg = callback_arg; 1656 1657 /* Copy the incoming command to the buffer */ 1658 memcpy(cmdnode->cmdbuf, in_cmd, in_cmd_size); 1659 1660 /* Set command, clean result, move to buffer */ 1661 cmdnode->cmdbuf->command = cpu_to_le16(command); 1662 cmdnode->cmdbuf->size = cpu_to_le16(in_cmd_size); 1663 cmdnode->cmdbuf->result = 0; 1664 1665 lbs_deb_host("PREP_CMD: command 0x%04x\n", command); 1666 1667 cmdnode->cmdwaitqwoken = 0; 1668 lbs_queue_cmd(priv, cmdnode); 1669 wake_up(&priv->waitq); 1670 1671 done: 1672 lbs_deb_leave_args(LBS_DEB_HOST, "ret %p", cmdnode); 1673 return cmdnode; 1674 } 1675 1676 void lbs_cmd_async(struct lbs_private *priv, uint16_t command, 1677 struct cmd_header *in_cmd, int in_cmd_size) 1678 { 1679 lbs_deb_enter(LBS_DEB_CMD); 1680 __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1681 lbs_cmd_async_callback, 0); 1682 lbs_deb_leave(LBS_DEB_CMD); 1683 } 1684 1685 int __lbs_cmd(struct lbs_private *priv, uint16_t command, 1686 struct cmd_header *in_cmd, int in_cmd_size, 1687 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1688 unsigned long callback_arg) 1689 { 1690 struct cmd_ctrl_node *cmdnode; 1691 unsigned long flags; 1692 int ret = 0; 1693 1694 lbs_deb_enter(LBS_DEB_HOST); 1695 1696 cmdnode = __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1697 callback, callback_arg); 1698 if (IS_ERR(cmdnode)) { 1699 ret = PTR_ERR(cmdnode); 1700 goto done; 1701 } 1702 1703 might_sleep(); 1704 1705 /* 1706 * Be careful with signals here. A signal may be received as the system 1707 * goes into suspend or resume. We do not want this to interrupt the 1708 * command, so we perform an uninterruptible sleep. 1709 */ 1710 wait_event(cmdnode->cmdwait_q, cmdnode->cmdwaitqwoken); 1711 1712 spin_lock_irqsave(&priv->driver_lock, flags); 1713 ret = cmdnode->result; 1714 if (ret) 1715 netdev_info(priv->dev, "PREP_CMD: command 0x%04x failed: %d\n", 1716 command, ret); 1717 1718 __lbs_cleanup_and_insert_cmd(priv, cmdnode); 1719 spin_unlock_irqrestore(&priv->driver_lock, flags); 1720 1721 done: 1722 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1723 return ret; 1724 } 1725 EXPORT_SYMBOL_GPL(__lbs_cmd);
1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 extern int ldv_state_variable_8; 53 extern int ldv_state_variable_15; 54 extern int ldv_timer_1_3; 55 extern struct timer_list * ldv_timer_list_2_0; 56 extern int ldv_timer_2_1; 57 extern int ldv_state_variable_0; 58 extern int ldv_state_variable_5; 59 extern int ldv_state_variable_13; 60 extern int ldv_state_variable_12; 61 extern struct device_attribute *dev_attr_protocol_id_group1; 62 extern struct timer_list * ldv_timer_list_3_1; 63 extern int ldv_state_variable_14; 64 extern struct device_attribute *dev_attr_capability_group1; 65 extern struct timer_list * ldv_timer_list_3_2; 66 extern int ldv_timer_2_2; 67 extern struct net_device *lbs_ethtool_ops_group0; 68 extern int ldv_timer_3_3; 69 extern int ldv_timer_2_3; 70 extern struct device_attribute *dev_attr_lbs_mesh_group1; 71 extern int ldv_timer_1_0; 72 extern int ldv_state_variable_17; 73 extern struct timer_list * ldv_timer_list_3_3; 74 extern int ldv_state_variable_9; 75 extern int ldv_timer_3_1; 76 extern int ref_cnt; 77 extern int ldv_state_variable_1; 78 extern int ldv_state_variable_7; 79 extern struct device_attribute *dev_attr_metric_id_group1; 80 extern struct net_device *lbs_netdev_ops_group1; 81 extern struct timer_list * ldv_timer_list_1_3; 82 extern struct net_device *lbs_cfg80211_ops_group0; 83 extern int ldv_state_variable_10; 84 extern struct timer_list * ldv_timer_list_1_1; 85 extern struct file *lbs_debug_fops_group2; 86 extern struct timer_list * ldv_timer_list_2_1; 87 extern struct wiphy *lbs_cfg80211_ops_group1; 88 extern struct timer_list * ldv_timer_list_1_0; 89 extern int ldv_state_variable_6; 90 extern int ldv_timer_1_2; 91 extern int ldv_state_variable_16; 92 extern struct device_attribute *dev_attr_channel_group1; 93 extern int ldv_timer_2_0; 94 extern int ldv_timer_1_1; 95 extern int ldv_state_variable_2; 96 extern struct timer_list * ldv_timer_list_1_2; 97 extern struct device_attribute *dev_attr_anycast_mask_group1; 98 extern int ldv_state_variable_11; 99 extern struct device_attribute *dev_attr_bootflag_group1; 100 extern int LDV_IN_INTERRUPT = 1; 101 extern int ldv_state_variable_18; 102 extern struct net_device *mesh_netdev_ops_group1; 103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1; 104 extern struct inode *lbs_debug_fops_group1; 105 extern int ldv_timer_3_2; 106 extern struct mutex fs_mutex; 107 extern int ldv_state_variable_3; 108 extern struct mutex ar_mutex; 109 extern struct timer_list * ldv_timer_list_2_3; 110 extern struct device_attribute *dev_attr_boottime_group1; 111 extern int ldv_timer_3_0; 112 extern struct timer_list * ldv_timer_list_3_0; 113 extern struct device_attribute *dev_attr_mesh_id_group1; 114 extern struct timer_list * ldv_timer_list_2_2; 115 extern int ldv_state_variable_4; 116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1; 117 extern void ldv_initialyze_cfg80211_ops_18(void); 118 extern int evil_hack_15(void); 119 extern void choose_timer_2(void); 120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag); 122 extern void choose_timer_3(void); 123 extern void timer_init_3(void); 124 extern void ldv_net_device_ops_4(void); 125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 126 extern void timer_init_2(void); 127 extern void timer_init_1(void); 128 extern void ldv_net_device_ops_15(void); 129 extern void disable_suitable_timer_3(struct timer_list * timer); 130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data); 131 extern int evil_hack_4(void); 132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 133 extern void disable_suitable_timer_2(struct timer_list * timer); 134 extern void disable_suitable_timer_1(struct timer_list * timer); 135 extern int evil_hack_fs_lock(void); 136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag); 138 extern int __VERIFIER_nondet_int(void); 139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 140 extern void ldv_file_operations_17(void); 141 extern void ldv_initialyze_ethtool_ops_16(void); 142 extern void choose_timer_1(void); 143 extern void ldv_timer_1(int state, struct timer_list * timer); 144 extern int evil_hack_ar_lock(void); 145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data); 146 extern void ldv_timer_2(int state, struct timer_list * timer); 147 extern void ldv_timer_3(int state, struct timer_list * timer); 148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cmd.c" 149 /* 150 * This file contains the handling of command. 151 * It prepares command and sends it to firmware when it is ready. 152 */ 153 154 #include <linux/hardirq.h> 155 #include <linux/kfifo.h> 156 #include <linux/sched.h> 157 #include <linux/slab.h> 158 #include <linux/if_arp.h> 159 #include <linux/export.h> 160 161 #include "decl.h" 162 #include "cfg.h" 163 #include "cmd.h" 164 165 #define CAL_NF(nf) ((s32)(-(s32)(nf))) 166 #define CAL_RSSI(snr, nf) ((s32)((s32)(snr) + CAL_NF(nf))) 167 168 /** 169 * lbs_cmd_copyback - Simple callback that copies response back into command 170 * 171 * @priv: A pointer to &struct lbs_private structure 172 * @extra: A pointer to the original command structure for which 173 * 'resp' is a response 174 * @resp: A pointer to the command response 175 * 176 * returns: 0 on success, error on failure 177 */ 178 int lbs_cmd_copyback(struct lbs_private *priv, unsigned long extra, 179 struct cmd_header *resp) 180 { 181 struct cmd_header *buf = (void *)extra; 182 uint16_t copy_len; 183 184 copy_len = min(le16_to_cpu(buf->size), le16_to_cpu(resp->size)); 185 memcpy(buf, resp, copy_len); 186 return 0; 187 } 188 EXPORT_SYMBOL_GPL(lbs_cmd_copyback); 189 190 /** 191 * lbs_cmd_async_callback - Simple callback that ignores the result. 192 * Use this if you just want to send a command to the hardware, but don't 193 * care for the result. 194 * 195 * @priv: ignored 196 * @extra: ignored 197 * @resp: ignored 198 * 199 * returns: 0 for success 200 */ 201 static int lbs_cmd_async_callback(struct lbs_private *priv, unsigned long extra, 202 struct cmd_header *resp) 203 { 204 return 0; 205 } 206 207 208 /** 209 * is_command_allowed_in_ps - tests if a command is allowed in Power Save mode 210 * 211 * @cmd: the command ID 212 * 213 * returns: 1 if allowed, 0 if not allowed 214 */ 215 static u8 is_command_allowed_in_ps(u16 cmd) 216 { 217 switch (cmd) { 218 case CMD_802_11_RSSI: 219 return 1; 220 case CMD_802_11_HOST_SLEEP_CFG: 221 return 1; 222 default: 223 break; 224 } 225 return 0; 226 } 227 228 /** 229 * lbs_update_hw_spec - Updates the hardware details like MAC address 230 * and regulatory region 231 * 232 * @priv: A pointer to &struct lbs_private structure 233 * 234 * returns: 0 on success, error on failure 235 */ 236 int lbs_update_hw_spec(struct lbs_private *priv) 237 { 238 struct cmd_ds_get_hw_spec cmd; 239 int ret = -1; 240 u32 i; 241 242 lbs_deb_enter(LBS_DEB_CMD); 243 244 memset(&cmd, 0, sizeof(cmd)); 245 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 246 memcpy(cmd.permanentaddr, priv->current_addr, ETH_ALEN); 247 ret = lbs_cmd_with_response(priv, CMD_GET_HW_SPEC, &cmd); 248 if (ret) 249 goto out; 250 251 priv->fwcapinfo = le32_to_cpu(cmd.fwcapinfo); 252 253 /* The firmware release is in an interesting format: the patch 254 * level is in the most significant nibble ... so fix that: */ 255 priv->fwrelease = le32_to_cpu(cmd.fwrelease); 256 priv->fwrelease = (priv->fwrelease << 8) | 257 (priv->fwrelease >> 24 & 0xff); 258 259 /* Some firmware capabilities: 260 * CF card firmware 5.0.16p0: cap 0x00000303 261 * USB dongle firmware 5.110.17p2: cap 0x00000303 262 */ 263 netdev_info(priv->dev, "%pM, fw %u.%u.%up%u, cap 0x%08x\n", 264 cmd.permanentaddr, 265 priv->fwrelease >> 24 & 0xff, 266 priv->fwrelease >> 16 & 0xff, 267 priv->fwrelease >> 8 & 0xff, 268 priv->fwrelease & 0xff, 269 priv->fwcapinfo); 270 lbs_deb_cmd("GET_HW_SPEC: hardware interface 0x%x, hardware spec 0x%04x\n", 271 cmd.hwifversion, cmd.version); 272 273 /* Clamp region code to 8-bit since FW spec indicates that it should 274 * only ever be 8-bit, even though the field size is 16-bit. Some firmware 275 * returns non-zero high 8 bits here. 276 * 277 * Firmware version 4.0.102 used in CF8381 has region code shifted. We 278 * need to check for this problem and handle it properly. 279 */ 280 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V4) 281 priv->regioncode = (le16_to_cpu(cmd.regioncode) >> 8) & 0xFF; 282 else 283 priv->regioncode = le16_to_cpu(cmd.regioncode) & 0xFF; 284 285 for (i = 0; i < MRVDRV_MAX_REGION_CODE; i++) { 286 /* use the region code to search for the index */ 287 if (priv->regioncode == lbs_region_code_to_index[i]) 288 break; 289 } 290 291 /* if it's unidentified region code, use the default (USA) */ 292 if (i >= MRVDRV_MAX_REGION_CODE) { 293 priv->regioncode = 0x10; 294 netdev_info(priv->dev, 295 "unidentified region code; using the default (USA)\n"); 296 } 297 298 if (priv->current_addr[0] == 0xff) 299 memmove(priv->current_addr, cmd.permanentaddr, ETH_ALEN); 300 301 if (!priv->copied_hwaddr) { 302 memcpy(priv->dev->dev_addr, priv->current_addr, ETH_ALEN); 303 if (priv->mesh_dev) 304 memcpy(priv->mesh_dev->dev_addr, 305 priv->current_addr, ETH_ALEN); 306 priv->copied_hwaddr = 1; 307 } 308 309 out: 310 lbs_deb_leave(LBS_DEB_CMD); 311 return ret; 312 } 313 314 static int lbs_ret_host_sleep_cfg(struct lbs_private *priv, unsigned long dummy, 315 struct cmd_header *resp) 316 { 317 lbs_deb_enter(LBS_DEB_CMD); 318 if (priv->is_host_sleep_activated) { 319 priv->is_host_sleep_configured = 0; 320 if (priv->psstate == PS_STATE_FULL_POWER) { 321 priv->is_host_sleep_activated = 0; 322 wake_up_interruptible(&priv->host_sleep_q); 323 } 324 } else { 325 priv->is_host_sleep_configured = 1; 326 } 327 lbs_deb_leave(LBS_DEB_CMD); 328 return 0; 329 } 330 331 int lbs_host_sleep_cfg(struct lbs_private *priv, uint32_t criteria, 332 struct wol_config *p_wol_config) 333 { 334 struct cmd_ds_host_sleep cmd_config; 335 int ret; 336 337 /* 338 * Certain firmware versions do not support EHS_REMOVE_WAKEUP command 339 * and the card will return a failure. Since we need to be 340 * able to reset the mask, in those cases we set a 0 mask instead. 341 */ 342 if (criteria == EHS_REMOVE_WAKEUP && !priv->ehs_remove_supported) 343 criteria = 0; 344 345 cmd_config.hdr.size = cpu_to_le16(sizeof(cmd_config)); 346 cmd_config.criteria = cpu_to_le32(criteria); 347 cmd_config.gpio = priv->wol_gpio; 348 cmd_config.gap = priv->wol_gap; 349 350 if (p_wol_config != NULL) 351 memcpy((uint8_t *)&cmd_config.wol_conf, (uint8_t *)p_wol_config, 352 sizeof(struct wol_config)); 353 else 354 cmd_config.wol_conf.action = CMD_ACT_ACTION_NONE; 355 356 ret = __lbs_cmd(priv, CMD_802_11_HOST_SLEEP_CFG, &cmd_config.hdr, 357 le16_to_cpu(cmd_config.hdr.size), 358 lbs_ret_host_sleep_cfg, 0); 359 if (!ret) { 360 if (p_wol_config) 361 memcpy((uint8_t *) p_wol_config, 362 (uint8_t *)&cmd_config.wol_conf, 363 sizeof(struct wol_config)); 364 } else { 365 netdev_info(priv->dev, "HOST_SLEEP_CFG failed %d\n", ret); 366 } 367 368 return ret; 369 } 370 EXPORT_SYMBOL_GPL(lbs_host_sleep_cfg); 371 372 /** 373 * lbs_set_ps_mode - Sets the Power Save mode 374 * 375 * @priv: A pointer to &struct lbs_private structure 376 * @cmd_action: The Power Save operation (PS_MODE_ACTION_ENTER_PS or 377 * PS_MODE_ACTION_EXIT_PS) 378 * @block: Whether to block on a response or not 379 * 380 * returns: 0 on success, error on failure 381 */ 382 int lbs_set_ps_mode(struct lbs_private *priv, u16 cmd_action, bool block) 383 { 384 struct cmd_ds_802_11_ps_mode cmd; 385 int ret = 0; 386 387 lbs_deb_enter(LBS_DEB_CMD); 388 389 memset(&cmd, 0, sizeof(cmd)); 390 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 391 cmd.action = cpu_to_le16(cmd_action); 392 393 if (cmd_action == PS_MODE_ACTION_ENTER_PS) { 394 lbs_deb_cmd("PS_MODE: action ENTER_PS\n"); 395 cmd.multipledtim = cpu_to_le16(1); /* Default DTIM multiple */ 396 } else if (cmd_action == PS_MODE_ACTION_EXIT_PS) { 397 lbs_deb_cmd("PS_MODE: action EXIT_PS\n"); 398 } else { 399 /* We don't handle CONFIRM_SLEEP here because it needs to 400 * be fastpathed to the firmware. 401 */ 402 lbs_deb_cmd("PS_MODE: unknown action 0x%X\n", cmd_action); 403 ret = -EOPNOTSUPP; 404 goto out; 405 } 406 407 if (block) 408 ret = lbs_cmd_with_response(priv, CMD_802_11_PS_MODE, &cmd); 409 else 410 lbs_cmd_async(priv, CMD_802_11_PS_MODE, &cmd.hdr, sizeof (cmd)); 411 412 out: 413 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 414 return ret; 415 } 416 417 int lbs_cmd_802_11_sleep_params(struct lbs_private *priv, uint16_t cmd_action, 418 struct sleep_params *sp) 419 { 420 struct cmd_ds_802_11_sleep_params cmd; 421 int ret; 422 423 lbs_deb_enter(LBS_DEB_CMD); 424 425 if (cmd_action == CMD_ACT_GET) { 426 memset(&cmd, 0, sizeof(cmd)); 427 } else { 428 cmd.error = cpu_to_le16(sp->sp_error); 429 cmd.offset = cpu_to_le16(sp->sp_offset); 430 cmd.stabletime = cpu_to_le16(sp->sp_stabletime); 431 cmd.calcontrol = sp->sp_calcontrol; 432 cmd.externalsleepclk = sp->sp_extsleepclk; 433 cmd.reserved = cpu_to_le16(sp->sp_reserved); 434 } 435 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 436 cmd.action = cpu_to_le16(cmd_action); 437 438 ret = lbs_cmd_with_response(priv, CMD_802_11_SLEEP_PARAMS, &cmd); 439 440 if (!ret) { 441 lbs_deb_cmd("error 0x%x, offset 0x%x, stabletime 0x%x, " 442 "calcontrol 0x%x extsleepclk 0x%x\n", 443 le16_to_cpu(cmd.error), le16_to_cpu(cmd.offset), 444 le16_to_cpu(cmd.stabletime), cmd.calcontrol, 445 cmd.externalsleepclk); 446 447 sp->sp_error = le16_to_cpu(cmd.error); 448 sp->sp_offset = le16_to_cpu(cmd.offset); 449 sp->sp_stabletime = le16_to_cpu(cmd.stabletime); 450 sp->sp_calcontrol = cmd.calcontrol; 451 sp->sp_extsleepclk = cmd.externalsleepclk; 452 sp->sp_reserved = le16_to_cpu(cmd.reserved); 453 } 454 455 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 456 return 0; 457 } 458 459 static int lbs_wait_for_ds_awake(struct lbs_private *priv) 460 { 461 int ret = 0; 462 463 lbs_deb_enter(LBS_DEB_CMD); 464 465 if (priv->is_deep_sleep) { 466 if (!wait_event_interruptible_timeout(priv->ds_awake_q, 467 !priv->is_deep_sleep, (10 * HZ))) { 468 netdev_err(priv->dev, "ds_awake_q: timer expired\n"); 469 ret = -1; 470 } 471 } 472 473 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 474 return ret; 475 } 476 477 int lbs_set_deep_sleep(struct lbs_private *priv, int deep_sleep) 478 { 479 int ret = 0; 480 481 lbs_deb_enter(LBS_DEB_CMD); 482 483 if (deep_sleep) { 484 if (priv->is_deep_sleep != 1) { 485 lbs_deb_cmd("deep sleep: sleep\n"); 486 BUG_ON(!priv->enter_deep_sleep); 487 ret = priv->enter_deep_sleep(priv); 488 if (!ret) { 489 netif_stop_queue(priv->dev); 490 netif_carrier_off(priv->dev); 491 } 492 } else { 493 netdev_err(priv->dev, "deep sleep: already enabled\n"); 494 } 495 } else { 496 if (priv->is_deep_sleep) { 497 lbs_deb_cmd("deep sleep: wakeup\n"); 498 BUG_ON(!priv->exit_deep_sleep); 499 ret = priv->exit_deep_sleep(priv); 500 if (!ret) { 501 ret = lbs_wait_for_ds_awake(priv); 502 if (ret) 503 netdev_err(priv->dev, 504 "deep sleep: wakeup failed\n"); 505 } 506 } 507 } 508 509 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 510 return ret; 511 } 512 513 static int lbs_ret_host_sleep_activate(struct lbs_private *priv, 514 unsigned long dummy, 515 struct cmd_header *cmd) 516 { 517 lbs_deb_enter(LBS_DEB_FW); 518 priv->is_host_sleep_activated = 1; 519 wake_up_interruptible(&priv->host_sleep_q); 520 lbs_deb_leave(LBS_DEB_FW); 521 return 0; 522 } 523 524 int lbs_set_host_sleep(struct lbs_private *priv, int host_sleep) 525 { 526 struct cmd_header cmd; 527 int ret = 0; 528 uint32_t criteria = EHS_REMOVE_WAKEUP; 529 530 lbs_deb_enter(LBS_DEB_CMD); 531 532 if (host_sleep) { 533 if (priv->is_host_sleep_activated != 1) { 534 memset(&cmd, 0, sizeof(cmd)); 535 ret = lbs_host_sleep_cfg(priv, priv->wol_criteria, 536 (struct wol_config *)NULL); 537 if (ret) { 538 netdev_info(priv->dev, 539 "Host sleep configuration failed: %d\n", 540 ret); 541 return ret; 542 } 543 if (priv->psstate == PS_STATE_FULL_POWER) { 544 ret = __lbs_cmd(priv, 545 CMD_802_11_HOST_SLEEP_ACTIVATE, 546 &cmd, 547 sizeof(cmd), 548 lbs_ret_host_sleep_activate, 0); 549 if (ret) 550 netdev_info(priv->dev, 551 "HOST_SLEEP_ACTIVATE failed: %d\n", 552 ret); 553 } 554 555 if (!wait_event_interruptible_timeout( 556 priv->host_sleep_q, 557 priv->is_host_sleep_activated, 558 (10 * HZ))) { 559 netdev_err(priv->dev, 560 "host_sleep_q: timer expired\n"); 561 ret = -1; 562 } 563 } else { 564 netdev_err(priv->dev, "host sleep: already enabled\n"); 565 } 566 } else { 567 if (priv->is_host_sleep_activated) 568 ret = lbs_host_sleep_cfg(priv, criteria, 569 (struct wol_config *)NULL); 570 } 571 572 return ret; 573 } 574 575 /** 576 * lbs_set_snmp_mib - Set an SNMP MIB value 577 * 578 * @priv: A pointer to &struct lbs_private structure 579 * @oid: The OID to set in the firmware 580 * @val: Value to set the OID to 581 * 582 * returns: 0 on success, error on failure 583 */ 584 int lbs_set_snmp_mib(struct lbs_private *priv, u32 oid, u16 val) 585 { 586 struct cmd_ds_802_11_snmp_mib cmd; 587 int ret; 588 589 lbs_deb_enter(LBS_DEB_CMD); 590 591 memset(&cmd, 0, sizeof (cmd)); 592 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 593 cmd.action = cpu_to_le16(CMD_ACT_SET); 594 cmd.oid = cpu_to_le16((u16) oid); 595 596 switch (oid) { 597 case SNMP_MIB_OID_BSS_TYPE: 598 cmd.bufsize = cpu_to_le16(sizeof(u8)); 599 cmd.value[0] = val; 600 break; 601 case SNMP_MIB_OID_11D_ENABLE: 602 case SNMP_MIB_OID_FRAG_THRESHOLD: 603 case SNMP_MIB_OID_RTS_THRESHOLD: 604 case SNMP_MIB_OID_SHORT_RETRY_LIMIT: 605 case SNMP_MIB_OID_LONG_RETRY_LIMIT: 606 cmd.bufsize = cpu_to_le16(sizeof(u16)); 607 *((__le16 *)(&cmd.value)) = cpu_to_le16(val); 608 break; 609 default: 610 lbs_deb_cmd("SNMP_CMD: (set) unhandled OID 0x%x\n", oid); 611 ret = -EINVAL; 612 goto out; 613 } 614 615 lbs_deb_cmd("SNMP_CMD: (set) oid 0x%x, oid size 0x%x, value 0x%x\n", 616 le16_to_cpu(cmd.oid), le16_to_cpu(cmd.bufsize), val); 617 618 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 619 620 out: 621 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 622 return ret; 623 } 624 625 /** 626 * lbs_get_snmp_mib - Get an SNMP MIB value 627 * 628 * @priv: A pointer to &struct lbs_private structure 629 * @oid: The OID to retrieve from the firmware 630 * @out_val: Location for the returned value 631 * 632 * returns: 0 on success, error on failure 633 */ 634 int lbs_get_snmp_mib(struct lbs_private *priv, u32 oid, u16 *out_val) 635 { 636 struct cmd_ds_802_11_snmp_mib cmd; 637 int ret; 638 639 lbs_deb_enter(LBS_DEB_CMD); 640 641 memset(&cmd, 0, sizeof (cmd)); 642 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 643 cmd.action = cpu_to_le16(CMD_ACT_GET); 644 cmd.oid = cpu_to_le16(oid); 645 646 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 647 if (ret) 648 goto out; 649 650 switch (le16_to_cpu(cmd.bufsize)) { 651 case sizeof(u8): 652 *out_val = cmd.value[0]; 653 break; 654 case sizeof(u16): 655 *out_val = le16_to_cpu(*((__le16 *)(&cmd.value))); 656 break; 657 default: 658 lbs_deb_cmd("SNMP_CMD: (get) unhandled OID 0x%x size %d\n", 659 oid, le16_to_cpu(cmd.bufsize)); 660 break; 661 } 662 663 out: 664 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 665 return ret; 666 } 667 668 /** 669 * lbs_get_tx_power - Get the min, max, and current TX power 670 * 671 * @priv: A pointer to &struct lbs_private structure 672 * @curlevel: Current power level in dBm 673 * @minlevel: Minimum supported power level in dBm (optional) 674 * @maxlevel: Maximum supported power level in dBm (optional) 675 * 676 * returns: 0 on success, error on failure 677 */ 678 int lbs_get_tx_power(struct lbs_private *priv, s16 *curlevel, s16 *minlevel, 679 s16 *maxlevel) 680 { 681 struct cmd_ds_802_11_rf_tx_power cmd; 682 int ret; 683 684 lbs_deb_enter(LBS_DEB_CMD); 685 686 memset(&cmd, 0, sizeof(cmd)); 687 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 688 cmd.action = cpu_to_le16(CMD_ACT_GET); 689 690 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 691 if (ret == 0) { 692 *curlevel = le16_to_cpu(cmd.curlevel); 693 if (minlevel) 694 *minlevel = cmd.minlevel; 695 if (maxlevel) 696 *maxlevel = cmd.maxlevel; 697 } 698 699 lbs_deb_leave(LBS_DEB_CMD); 700 return ret; 701 } 702 703 /** 704 * lbs_set_tx_power - Set the TX power 705 * 706 * @priv: A pointer to &struct lbs_private structure 707 * @dbm: The desired power level in dBm 708 * 709 * returns: 0 on success, error on failure 710 */ 711 int lbs_set_tx_power(struct lbs_private *priv, s16 dbm) 712 { 713 struct cmd_ds_802_11_rf_tx_power cmd; 714 int ret; 715 716 lbs_deb_enter(LBS_DEB_CMD); 717 718 memset(&cmd, 0, sizeof(cmd)); 719 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 720 cmd.action = cpu_to_le16(CMD_ACT_SET); 721 cmd.curlevel = cpu_to_le16(dbm); 722 723 lbs_deb_cmd("SET_RF_TX_POWER: %d dBm\n", dbm); 724 725 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 726 727 lbs_deb_leave(LBS_DEB_CMD); 728 return ret; 729 } 730 731 /** 732 * lbs_set_monitor_mode - Enable or disable monitor mode 733 * (only implemented on OLPC usb8388 FW) 734 * 735 * @priv: A pointer to &struct lbs_private structure 736 * @enable: 1 to enable monitor mode, 0 to disable 737 * 738 * returns: 0 on success, error on failure 739 */ 740 int lbs_set_monitor_mode(struct lbs_private *priv, int enable) 741 { 742 struct cmd_ds_802_11_monitor_mode cmd; 743 int ret; 744 745 memset(&cmd, 0, sizeof(cmd)); 746 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 747 cmd.action = cpu_to_le16(CMD_ACT_SET); 748 if (enable) 749 cmd.mode = cpu_to_le16(0x1); 750 751 lbs_deb_cmd("SET_MONITOR_MODE: %d\n", enable); 752 753 ret = lbs_cmd_with_response(priv, CMD_802_11_MONITOR_MODE, &cmd); 754 if (ret == 0) { 755 priv->dev->type = enable ? ARPHRD_IEEE80211_RADIOTAP : 756 ARPHRD_ETHER; 757 } 758 759 lbs_deb_leave(LBS_DEB_CMD); 760 return ret; 761 } 762 763 /** 764 * lbs_get_channel - Get the radio channel 765 * 766 * @priv: A pointer to &struct lbs_private structure 767 * 768 * returns: The channel on success, error on failure 769 */ 770 static int lbs_get_channel(struct lbs_private *priv) 771 { 772 struct cmd_ds_802_11_rf_channel cmd; 773 int ret = 0; 774 775 lbs_deb_enter(LBS_DEB_CMD); 776 777 memset(&cmd, 0, sizeof(cmd)); 778 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 779 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_GET); 780 781 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 782 if (ret) 783 goto out; 784 785 ret = le16_to_cpu(cmd.channel); 786 lbs_deb_cmd("current radio channel is %d\n", ret); 787 788 out: 789 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 790 return ret; 791 } 792 793 int lbs_update_channel(struct lbs_private *priv) 794 { 795 int ret; 796 797 /* the channel in f/w could be out of sync; get the current channel */ 798 lbs_deb_enter(LBS_DEB_ASSOC); 799 800 ret = lbs_get_channel(priv); 801 if (ret > 0) { 802 priv->channel = ret; 803 ret = 0; 804 } 805 lbs_deb_leave_args(LBS_DEB_ASSOC, "ret %d", ret); 806 return ret; 807 } 808 809 /** 810 * lbs_set_channel - Set the radio channel 811 * 812 * @priv: A pointer to &struct lbs_private structure 813 * @channel: The desired channel, or 0 to clear a locked channel 814 * 815 * returns: 0 on success, error on failure 816 */ 817 int lbs_set_channel(struct lbs_private *priv, u8 channel) 818 { 819 struct cmd_ds_802_11_rf_channel cmd; 820 #ifdef DEBUG 821 u8 old_channel = priv->channel; 822 #endif 823 int ret = 0; 824 825 lbs_deb_enter(LBS_DEB_CMD); 826 827 memset(&cmd, 0, sizeof(cmd)); 828 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 829 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_SET); 830 cmd.channel = cpu_to_le16(channel); 831 832 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 833 if (ret) 834 goto out; 835 836 priv->channel = (uint8_t) le16_to_cpu(cmd.channel); 837 lbs_deb_cmd("channel switch from %d to %d\n", old_channel, 838 priv->channel); 839 840 out: 841 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 842 return ret; 843 } 844 845 /** 846 * lbs_get_rssi - Get current RSSI and noise floor 847 * 848 * @priv: A pointer to &struct lbs_private structure 849 * @rssi: On successful return, signal level in mBm 850 * @nf: On successful return, Noise floor 851 * 852 * returns: The channel on success, error on failure 853 */ 854 int lbs_get_rssi(struct lbs_private *priv, s8 *rssi, s8 *nf) 855 { 856 struct cmd_ds_802_11_rssi cmd; 857 int ret = 0; 858 859 lbs_deb_enter(LBS_DEB_CMD); 860 861 BUG_ON(rssi == NULL); 862 BUG_ON(nf == NULL); 863 864 memset(&cmd, 0, sizeof(cmd)); 865 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 866 /* Average SNR over last 8 beacons */ 867 cmd.n_or_snr = cpu_to_le16(8); 868 869 ret = lbs_cmd_with_response(priv, CMD_802_11_RSSI, &cmd); 870 if (ret == 0) { 871 *nf = CAL_NF(le16_to_cpu(cmd.nf)); 872 *rssi = CAL_RSSI(le16_to_cpu(cmd.n_or_snr), le16_to_cpu(cmd.nf)); 873 } 874 875 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 876 return ret; 877 } 878 879 /** 880 * lbs_set_11d_domain_info - Send regulatory and 802.11d domain information 881 * to the firmware 882 * 883 * @priv: pointer to &struct lbs_private 884 * 885 * returns: 0 on success, error code on failure 886 */ 887 int lbs_set_11d_domain_info(struct lbs_private *priv) 888 { 889 struct wiphy *wiphy = priv->wdev->wiphy; 890 struct ieee80211_supported_band **bands = wiphy->bands; 891 struct cmd_ds_802_11d_domain_info cmd; 892 struct mrvl_ie_domain_param_set *domain = &cmd.domain; 893 struct ieee80211_country_ie_triplet *t; 894 enum ieee80211_band band; 895 struct ieee80211_channel *ch; 896 u8 num_triplet = 0; 897 u8 num_parsed_chan = 0; 898 u8 first_channel = 0, next_chan = 0, max_pwr = 0; 899 u8 i, flag = 0; 900 size_t triplet_size; 901 int ret = 0; 902 903 lbs_deb_enter(LBS_DEB_11D); 904 if (!priv->country_code[0]) 905 goto out; 906 907 memset(&cmd, 0, sizeof(cmd)); 908 cmd.action = cpu_to_le16(CMD_ACT_SET); 909 910 lbs_deb_11d("Setting country code '%c%c'\n", 911 priv->country_code[0], priv->country_code[1]); 912 913 domain->header.type = cpu_to_le16(TLV_TYPE_DOMAIN); 914 915 /* Set country code */ 916 domain->country_code[0] = priv->country_code[0]; 917 domain->country_code[1] = priv->country_code[1]; 918 domain->country_code[2] = ' '; 919 920 /* Now set up the channel triplets; firmware is somewhat picky here 921 * and doesn't validate channel numbers and spans; hence it would 922 * interpret a triplet of (36, 4, 20) as channels 36, 37, 38, 39. Since 923 * the last 3 aren't valid channels, the driver is responsible for 924 * splitting that up into 4 triplet pairs of (36, 1, 20) + (40, 1, 20) 925 * etc. 926 */ 927 for (band = 0; 928 (band < IEEE80211_NUM_BANDS) && (num_triplet < MAX_11D_TRIPLETS); 929 band++) { 930 931 if (!bands[band]) 932 continue; 933 934 for (i = 0; 935 (i < bands[band]->n_channels) && (num_triplet < MAX_11D_TRIPLETS); 936 i++) { 937 ch = &bands[band]->channels[i]; 938 if (ch->flags & IEEE80211_CHAN_DISABLED) 939 continue; 940 941 if (!flag) { 942 flag = 1; 943 next_chan = first_channel = (u32) ch->hw_value; 944 max_pwr = ch->max_power; 945 num_parsed_chan = 1; 946 continue; 947 } 948 949 if ((ch->hw_value == next_chan + 1) && 950 (ch->max_power == max_pwr)) { 951 /* Consolidate adjacent channels */ 952 next_chan++; 953 num_parsed_chan++; 954 } else { 955 /* Add this triplet */ 956 lbs_deb_11d("11D triplet (%d, %d, %d)\n", 957 first_channel, num_parsed_chan, 958 max_pwr); 959 t = &domain->triplet[num_triplet]; 960 t->chans.first_channel = first_channel; 961 t->chans.num_channels = num_parsed_chan; 962 t->chans.max_power = max_pwr; 963 num_triplet++; 964 flag = 0; 965 } 966 } 967 968 if (flag) { 969 /* Add last triplet */ 970 lbs_deb_11d("11D triplet (%d, %d, %d)\n", first_channel, 971 num_parsed_chan, max_pwr); 972 t = &domain->triplet[num_triplet]; 973 t->chans.first_channel = first_channel; 974 t->chans.num_channels = num_parsed_chan; 975 t->chans.max_power = max_pwr; 976 num_triplet++; 977 } 978 } 979 980 lbs_deb_11d("# triplets %d\n", num_triplet); 981 982 /* Set command header sizes */ 983 triplet_size = num_triplet * sizeof(struct ieee80211_country_ie_triplet); 984 domain->header.len = cpu_to_le16(sizeof(domain->country_code) + 985 triplet_size); 986 987 lbs_deb_hex(LBS_DEB_11D, "802.11D domain param set", 988 (u8 *) &cmd.domain.country_code, 989 le16_to_cpu(domain->header.len)); 990 991 cmd.hdr.size = cpu_to_le16(sizeof(cmd.hdr) + 992 sizeof(cmd.action) + 993 sizeof(cmd.domain.header) + 994 sizeof(cmd.domain.country_code) + 995 triplet_size); 996 997 ret = lbs_cmd_with_response(priv, CMD_802_11D_DOMAIN_INFO, &cmd); 998 999 out: 1000 lbs_deb_leave_args(LBS_DEB_11D, "ret %d", ret); 1001 return ret; 1002 } 1003 1004 /** 1005 * lbs_get_reg - Read a MAC, Baseband, or RF register 1006 * 1007 * @priv: pointer to &struct lbs_private 1008 * @reg: register command, one of CMD_MAC_REG_ACCESS, 1009 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 1010 * @offset: byte offset of the register to get 1011 * @value: on success, the value of the register at 'offset' 1012 * 1013 * returns: 0 on success, error code on failure 1014 */ 1015 int lbs_get_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 *value) 1016 { 1017 struct cmd_ds_reg_access cmd; 1018 int ret = 0; 1019 1020 lbs_deb_enter(LBS_DEB_CMD); 1021 1022 BUG_ON(value == NULL); 1023 1024 memset(&cmd, 0, sizeof(cmd)); 1025 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1026 cmd.action = cpu_to_le16(CMD_ACT_GET); 1027 cmd.offset = cpu_to_le16(offset); 1028 1029 if (reg != CMD_MAC_REG_ACCESS && 1030 reg != CMD_BBP_REG_ACCESS && 1031 reg != CMD_RF_REG_ACCESS) { 1032 ret = -EINVAL; 1033 goto out; 1034 } 1035 1036 ret = lbs_cmd_with_response(priv, reg, &cmd); 1037 if (!ret) { 1038 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 1039 *value = cmd.value.bbp_rf; 1040 else if (reg == CMD_MAC_REG_ACCESS) 1041 *value = le32_to_cpu(cmd.value.mac); 1042 } 1043 1044 out: 1045 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1046 return ret; 1047 } 1048 1049 /** 1050 * lbs_set_reg - Write a MAC, Baseband, or RF register 1051 * 1052 * @priv: pointer to &struct lbs_private 1053 * @reg: register command, one of CMD_MAC_REG_ACCESS, 1054 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 1055 * @offset: byte offset of the register to set 1056 * @value: the value to write to the register at 'offset' 1057 * 1058 * returns: 0 on success, error code on failure 1059 */ 1060 int lbs_set_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 value) 1061 { 1062 struct cmd_ds_reg_access cmd; 1063 int ret = 0; 1064 1065 lbs_deb_enter(LBS_DEB_CMD); 1066 1067 memset(&cmd, 0, sizeof(cmd)); 1068 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1069 cmd.action = cpu_to_le16(CMD_ACT_SET); 1070 cmd.offset = cpu_to_le16(offset); 1071 1072 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 1073 cmd.value.bbp_rf = (u8) (value & 0xFF); 1074 else if (reg == CMD_MAC_REG_ACCESS) 1075 cmd.value.mac = cpu_to_le32(value); 1076 else { 1077 ret = -EINVAL; 1078 goto out; 1079 } 1080 1081 ret = lbs_cmd_with_response(priv, reg, &cmd); 1082 1083 out: 1084 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1085 return ret; 1086 } 1087 1088 static void lbs_queue_cmd(struct lbs_private *priv, 1089 struct cmd_ctrl_node *cmdnode) 1090 { 1091 unsigned long flags; 1092 int addtail = 1; 1093 1094 lbs_deb_enter(LBS_DEB_HOST); 1095 1096 if (!cmdnode) { 1097 lbs_deb_host("QUEUE_CMD: cmdnode is NULL\n"); 1098 goto done; 1099 } 1100 if (!cmdnode->cmdbuf->size) { 1101 lbs_deb_host("DNLD_CMD: cmd size is zero\n"); 1102 goto done; 1103 } 1104 cmdnode->result = 0; 1105 1106 /* Exit_PS command needs to be queued in the header always. */ 1107 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) { 1108 struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf; 1109 1110 if (psm->action == cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 1111 if (priv->psstate != PS_STATE_FULL_POWER) 1112 addtail = 0; 1113 } 1114 } 1115 1116 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_WAKEUP_CONFIRM) 1117 addtail = 0; 1118 1119 spin_lock_irqsave(&priv->driver_lock, flags); 1120 1121 if (addtail) 1122 list_add_tail(&cmdnode->list, &priv->cmdpendingq); 1123 else 1124 list_add(&cmdnode->list, &priv->cmdpendingq); 1125 1126 spin_unlock_irqrestore(&priv->driver_lock, flags); 1127 1128 lbs_deb_host("QUEUE_CMD: inserted command 0x%04x into cmdpendingq\n", 1129 le16_to_cpu(cmdnode->cmdbuf->command)); 1130 1131 done: 1132 lbs_deb_leave(LBS_DEB_HOST); 1133 } 1134 1135 static void lbs_submit_command(struct lbs_private *priv, 1136 struct cmd_ctrl_node *cmdnode) 1137 { 1138 unsigned long flags; 1139 struct cmd_header *cmd; 1140 uint16_t cmdsize; 1141 uint16_t command; 1142 int timeo = 3 * HZ; 1143 int ret; 1144 1145 lbs_deb_enter(LBS_DEB_HOST); 1146 1147 cmd = cmdnode->cmdbuf; 1148 1149 spin_lock_irqsave(&priv->driver_lock, flags); 1150 priv->seqnum++; 1151 cmd->seqnum = cpu_to_le16(priv->seqnum); 1152 priv->cur_cmd = cmdnode; 1153 spin_unlock_irqrestore(&priv->driver_lock, flags); 1154 1155 cmdsize = le16_to_cpu(cmd->size); 1156 command = le16_to_cpu(cmd->command); 1157 1158 /* These commands take longer */ 1159 if (command == CMD_802_11_SCAN || command == CMD_802_11_ASSOCIATE) 1160 timeo = 5 * HZ; 1161 1162 lbs_deb_cmd("DNLD_CMD: command 0x%04x, seq %d, size %d\n", 1163 command, le16_to_cpu(cmd->seqnum), cmdsize); 1164 lbs_deb_hex(LBS_DEB_CMD, "DNLD_CMD", (void *) cmdnode->cmdbuf, cmdsize); 1165 1166 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) cmd, cmdsize); 1167 1168 if (ret) { 1169 netdev_info(priv->dev, "DNLD_CMD: hw_host_to_card failed: %d\n", 1170 ret); 1171 /* Reset dnld state machine, report failure */ 1172 priv->dnld_sent = DNLD_RES_RECEIVED; 1173 lbs_complete_command(priv, cmdnode, ret); 1174 } 1175 1176 if (command == CMD_802_11_DEEP_SLEEP) { 1177 if (priv->is_auto_deep_sleep_enabled) { 1178 priv->wakeup_dev_required = 1; 1179 priv->dnld_sent = 0; 1180 } 1181 priv->is_deep_sleep = 1; 1182 lbs_complete_command(priv, cmdnode, 0); 1183 } else { 1184 /* Setup the timer after transmit command */ 1185 mod_timer(&priv->command_timer, jiffies + timeo); 1186 } 1187 1188 lbs_deb_leave(LBS_DEB_HOST); 1189 } 1190 1191 /* 1192 * This function inserts command node to cmdfreeq 1193 * after cleans it. Requires priv->driver_lock held. 1194 */ 1195 static void __lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1196 struct cmd_ctrl_node *cmdnode) 1197 { 1198 lbs_deb_enter(LBS_DEB_HOST); 1199 1200 if (!cmdnode) 1201 goto out; 1202 1203 cmdnode->callback = NULL; 1204 cmdnode->callback_arg = 0; 1205 1206 memset(cmdnode->cmdbuf, 0, LBS_CMD_BUFFER_SIZE); 1207 1208 list_add_tail(&cmdnode->list, &priv->cmdfreeq); 1209 out: 1210 lbs_deb_leave(LBS_DEB_HOST); 1211 } 1212 1213 static void lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1214 struct cmd_ctrl_node *ptempcmd) 1215 { 1216 unsigned long flags; 1217 1218 spin_lock_irqsave(&priv->driver_lock, flags); 1219 __lbs_cleanup_and_insert_cmd(priv, ptempcmd); 1220 spin_unlock_irqrestore(&priv->driver_lock, flags); 1221 } 1222 1223 void __lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1224 int result) 1225 { 1226 /* 1227 * Normally, commands are removed from cmdpendingq before being 1228 * submitted. However, we can arrive here on alternative codepaths 1229 * where the command is still pending. Make sure the command really 1230 * isn't part of a list at this point. 1231 */ 1232 list_del_init(&cmd->list); 1233 1234 cmd->result = result; 1235 cmd->cmdwaitqwoken = 1; 1236 wake_up(&cmd->cmdwait_q); 1237 1238 if (!cmd->callback || cmd->callback == lbs_cmd_async_callback) 1239 __lbs_cleanup_and_insert_cmd(priv, cmd); 1240 priv->cur_cmd = NULL; 1241 wake_up(&priv->waitq); 1242 } 1243 1244 void lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1245 int result) 1246 { 1247 unsigned long flags; 1248 spin_lock_irqsave(&priv->driver_lock, flags); 1249 __lbs_complete_command(priv, cmd, result); 1250 spin_unlock_irqrestore(&priv->driver_lock, flags); 1251 } 1252 1253 int lbs_set_radio(struct lbs_private *priv, u8 preamble, u8 radio_on) 1254 { 1255 struct cmd_ds_802_11_radio_control cmd; 1256 int ret = -EINVAL; 1257 1258 lbs_deb_enter(LBS_DEB_CMD); 1259 1260 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1261 cmd.action = cpu_to_le16(CMD_ACT_SET); 1262 cmd.control = 0; 1263 1264 /* Only v8 and below support setting the preamble */ 1265 if (priv->fwrelease < 0x09000000) { 1266 switch (preamble) { 1267 case RADIO_PREAMBLE_SHORT: 1268 case RADIO_PREAMBLE_AUTO: 1269 case RADIO_PREAMBLE_LONG: 1270 cmd.control = cpu_to_le16(preamble); 1271 break; 1272 default: 1273 goto out; 1274 } 1275 } 1276 1277 if (radio_on) 1278 cmd.control |= cpu_to_le16(0x1); 1279 else { 1280 cmd.control &= cpu_to_le16(~0x1); 1281 priv->txpower_cur = 0; 1282 } 1283 1284 lbs_deb_cmd("RADIO_CONTROL: radio %s, preamble %d\n", 1285 radio_on ? "ON" : "OFF", preamble); 1286 1287 priv->radio_on = radio_on; 1288 1289 ret = lbs_cmd_with_response(priv, CMD_802_11_RADIO_CONTROL, &cmd); 1290 1291 out: 1292 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1293 return ret; 1294 } 1295 1296 void lbs_set_mac_control(struct lbs_private *priv) 1297 { 1298 struct cmd_ds_mac_control cmd; 1299 1300 lbs_deb_enter(LBS_DEB_CMD); 1301 1302 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1303 cmd.action = cpu_to_le16(priv->mac_control); 1304 cmd.reserved = 0; 1305 1306 lbs_cmd_async(priv, CMD_MAC_CONTROL, &cmd.hdr, sizeof(cmd)); 1307 1308 lbs_deb_leave(LBS_DEB_CMD); 1309 } 1310 1311 int lbs_set_mac_control_sync(struct lbs_private *priv) 1312 { 1313 struct cmd_ds_mac_control cmd; 1314 int ret = 0; 1315 1316 lbs_deb_enter(LBS_DEB_CMD); 1317 1318 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1319 cmd.action = cpu_to_le16(priv->mac_control); 1320 cmd.reserved = 0; 1321 ret = lbs_cmd_with_response(priv, CMD_MAC_CONTROL, &cmd); 1322 1323 lbs_deb_leave(LBS_DEB_CMD); 1324 return ret; 1325 } 1326 1327 /** 1328 * lbs_allocate_cmd_buffer - allocates the command buffer and links 1329 * it to command free queue 1330 * 1331 * @priv: A pointer to &struct lbs_private structure 1332 * 1333 * returns: 0 for success or -1 on error 1334 */ 1335 int lbs_allocate_cmd_buffer(struct lbs_private *priv) 1336 { 1337 int ret = 0; 1338 u32 bufsize; 1339 u32 i; 1340 struct cmd_ctrl_node *cmdarray; 1341 1342 lbs_deb_enter(LBS_DEB_HOST); 1343 1344 /* Allocate and initialize the command array */ 1345 bufsize = sizeof(struct cmd_ctrl_node) * LBS_NUM_CMD_BUFFERS; 1346 if (!(cmdarray = kzalloc(bufsize, GFP_KERNEL))) { 1347 lbs_deb_host("ALLOC_CMD_BUF: tempcmd_array is NULL\n"); 1348 ret = -1; 1349 goto done; 1350 } 1351 priv->cmd_array = cmdarray; 1352 1353 /* Allocate and initialize each command buffer in the command array */ 1354 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1355 cmdarray[i].cmdbuf = kzalloc(LBS_CMD_BUFFER_SIZE, GFP_KERNEL); 1356 if (!cmdarray[i].cmdbuf) { 1357 lbs_deb_host("ALLOC_CMD_BUF: ptempvirtualaddr is NULL\n"); 1358 ret = -1; 1359 goto done; 1360 } 1361 } 1362 1363 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1364 init_waitqueue_head(&cmdarray[i].cmdwait_q); 1365 lbs_cleanup_and_insert_cmd(priv, &cmdarray[i]); 1366 } 1367 ret = 0; 1368 1369 done: 1370 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1371 return ret; 1372 } 1373 1374 /** 1375 * lbs_free_cmd_buffer - free the command buffer 1376 * 1377 * @priv: A pointer to &struct lbs_private structure 1378 * 1379 * returns: 0 for success 1380 */ 1381 int lbs_free_cmd_buffer(struct lbs_private *priv) 1382 { 1383 struct cmd_ctrl_node *cmdarray; 1384 unsigned int i; 1385 1386 lbs_deb_enter(LBS_DEB_HOST); 1387 1388 /* need to check if cmd array is allocated or not */ 1389 if (priv->cmd_array == NULL) { 1390 lbs_deb_host("FREE_CMD_BUF: cmd_array is NULL\n"); 1391 goto done; 1392 } 1393 1394 cmdarray = priv->cmd_array; 1395 1396 /* Release shared memory buffers */ 1397 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1398 if (cmdarray[i].cmdbuf) { 1399 kfree(cmdarray[i].cmdbuf); 1400 cmdarray[i].cmdbuf = NULL; 1401 } 1402 } 1403 1404 /* Release cmd_ctrl_node */ 1405 if (priv->cmd_array) { 1406 kfree(priv->cmd_array); 1407 priv->cmd_array = NULL; 1408 } 1409 1410 done: 1411 lbs_deb_leave(LBS_DEB_HOST); 1412 return 0; 1413 } 1414 1415 /** 1416 * lbs_get_free_cmd_node - gets a free command node if available in 1417 * command free queue 1418 * 1419 * @priv: A pointer to &struct lbs_private structure 1420 * 1421 * returns: A pointer to &cmd_ctrl_node structure on success 1422 * or %NULL on error 1423 */ 1424 static struct cmd_ctrl_node *lbs_get_free_cmd_node(struct lbs_private *priv) 1425 { 1426 struct cmd_ctrl_node *tempnode; 1427 unsigned long flags; 1428 1429 lbs_deb_enter(LBS_DEB_HOST); 1430 1431 if (!priv) 1432 return NULL; 1433 1434 spin_lock_irqsave(&priv->driver_lock, flags); 1435 1436 if (!list_empty(&priv->cmdfreeq)) { 1437 tempnode = list_first_entry(&priv->cmdfreeq, 1438 struct cmd_ctrl_node, list); 1439 list_del_init(&tempnode->list); 1440 } else { 1441 lbs_deb_host("GET_CMD_NODE: cmd_ctrl_node is not available\n"); 1442 tempnode = NULL; 1443 } 1444 1445 spin_unlock_irqrestore(&priv->driver_lock, flags); 1446 1447 lbs_deb_leave(LBS_DEB_HOST); 1448 return tempnode; 1449 } 1450 1451 /** 1452 * lbs_execute_next_command - execute next command in command 1453 * pending queue. Will put firmware back to PS mode if applicable. 1454 * 1455 * @priv: A pointer to &struct lbs_private structure 1456 * 1457 * returns: 0 on success or -1 on error 1458 */ 1459 int lbs_execute_next_command(struct lbs_private *priv) 1460 { 1461 struct cmd_ctrl_node *cmdnode = NULL; 1462 struct cmd_header *cmd; 1463 unsigned long flags; 1464 int ret = 0; 1465 1466 /* Debug group is LBS_DEB_THREAD and not LBS_DEB_HOST, because the 1467 * only caller to us is lbs_thread() and we get even when a 1468 * data packet is received */ 1469 lbs_deb_enter(LBS_DEB_THREAD); 1470 1471 spin_lock_irqsave(&priv->driver_lock, flags); 1472 1473 if (priv->cur_cmd) { 1474 netdev_alert(priv->dev, 1475 "EXEC_NEXT_CMD: already processing command!\n"); 1476 spin_unlock_irqrestore(&priv->driver_lock, flags); 1477 ret = -1; 1478 goto done; 1479 } 1480 1481 if (!list_empty(&priv->cmdpendingq)) { 1482 cmdnode = list_first_entry(&priv->cmdpendingq, 1483 struct cmd_ctrl_node, list); 1484 } 1485 1486 spin_unlock_irqrestore(&priv->driver_lock, flags); 1487 1488 if (cmdnode) { 1489 cmd = cmdnode->cmdbuf; 1490 1491 if (is_command_allowed_in_ps(le16_to_cpu(cmd->command))) { 1492 if ((priv->psstate == PS_STATE_SLEEP) || 1493 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1494 lbs_deb_host( 1495 "EXEC_NEXT_CMD: cannot send cmd 0x%04x in psstate %d\n", 1496 le16_to_cpu(cmd->command), 1497 priv->psstate); 1498 ret = -1; 1499 goto done; 1500 } 1501 lbs_deb_host("EXEC_NEXT_CMD: OK to send command " 1502 "0x%04x in psstate %d\n", 1503 le16_to_cpu(cmd->command), priv->psstate); 1504 } else if (priv->psstate != PS_STATE_FULL_POWER) { 1505 /* 1506 * 1. Non-PS command: 1507 * Queue it. set needtowakeup to TRUE if current state 1508 * is SLEEP, otherwise call send EXIT_PS. 1509 * 2. PS command but not EXIT_PS: 1510 * Ignore it. 1511 * 3. PS command EXIT_PS: 1512 * Set needtowakeup to TRUE if current state is SLEEP, 1513 * otherwise send this command down to firmware 1514 * immediately. 1515 */ 1516 if (cmd->command != cpu_to_le16(CMD_802_11_PS_MODE)) { 1517 /* Prepare to send Exit PS, 1518 * this non PS command will be sent later */ 1519 if ((priv->psstate == PS_STATE_SLEEP) 1520 || (priv->psstate == PS_STATE_PRE_SLEEP) 1521 ) { 1522 /* w/ new scheme, it will not reach here. 1523 since it is blocked in main_thread. */ 1524 priv->needtowakeup = 1; 1525 } else { 1526 lbs_set_ps_mode(priv, 1527 PS_MODE_ACTION_EXIT_PS, 1528 false); 1529 } 1530 1531 ret = 0; 1532 goto done; 1533 } else { 1534 /* 1535 * PS command. Ignore it if it is not Exit_PS. 1536 * otherwise send it down immediately. 1537 */ 1538 struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1]; 1539 1540 lbs_deb_host( 1541 "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n", 1542 psm->action); 1543 if (psm->action != 1544 cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 1545 lbs_deb_host( 1546 "EXEC_NEXT_CMD: ignore ENTER_PS cmd\n"); 1547 lbs_complete_command(priv, cmdnode, 0); 1548 1549 ret = 0; 1550 goto done; 1551 } 1552 1553 if ((priv->psstate == PS_STATE_SLEEP) || 1554 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1555 lbs_deb_host( 1556 "EXEC_NEXT_CMD: ignore EXIT_PS cmd in sleep\n"); 1557 lbs_complete_command(priv, cmdnode, 0); 1558 priv->needtowakeup = 1; 1559 1560 ret = 0; 1561 goto done; 1562 } 1563 1564 lbs_deb_host( 1565 "EXEC_NEXT_CMD: sending EXIT_PS\n"); 1566 } 1567 } 1568 spin_lock_irqsave(&priv->driver_lock, flags); 1569 list_del_init(&cmdnode->list); 1570 spin_unlock_irqrestore(&priv->driver_lock, flags); 1571 lbs_deb_host("EXEC_NEXT_CMD: sending command 0x%04x\n", 1572 le16_to_cpu(cmd->command)); 1573 lbs_submit_command(priv, cmdnode); 1574 } else { 1575 /* 1576 * check if in power save mode, if yes, put the device back 1577 * to PS mode 1578 */ 1579 #ifdef TODO 1580 /* 1581 * This was the old code for libertas+wext. Someone that 1582 * understands this beast should re-code it in a sane way. 1583 * 1584 * I actually don't understand why this is related to WPA 1585 * and to connection status, shouldn't powering should be 1586 * independ of such things? 1587 */ 1588 if ((priv->psmode != LBS802_11POWERMODECAM) && 1589 (priv->psstate == PS_STATE_FULL_POWER) && 1590 ((priv->connect_status == LBS_CONNECTED) || 1591 lbs_mesh_connected(priv))) { 1592 if (priv->secinfo.WPAenabled || 1593 priv->secinfo.WPA2enabled) { 1594 /* check for valid WPA group keys */ 1595 if (priv->wpa_mcast_key.len || 1596 priv->wpa_unicast_key.len) { 1597 lbs_deb_host( 1598 "EXEC_NEXT_CMD: WPA enabled and GTK_SET" 1599 " go back to PS_SLEEP"); 1600 lbs_set_ps_mode(priv, 1601 PS_MODE_ACTION_ENTER_PS, 1602 false); 1603 } 1604 } else { 1605 lbs_deb_host( 1606 "EXEC_NEXT_CMD: cmdpendingq empty, " 1607 "go back to PS_SLEEP"); 1608 lbs_set_ps_mode(priv, PS_MODE_ACTION_ENTER_PS, 1609 false); 1610 } 1611 } 1612 #endif 1613 } 1614 1615 ret = 0; 1616 done: 1617 lbs_deb_leave(LBS_DEB_THREAD); 1618 return ret; 1619 } 1620 1621 static void lbs_send_confirmsleep(struct lbs_private *priv) 1622 { 1623 unsigned long flags; 1624 int ret; 1625 1626 lbs_deb_enter(LBS_DEB_HOST); 1627 lbs_deb_hex(LBS_DEB_HOST, "sleep confirm", (u8 *) &confirm_sleep, 1628 sizeof(confirm_sleep)); 1629 1630 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) &confirm_sleep, 1631 sizeof(confirm_sleep)); 1632 if (ret) { 1633 netdev_alert(priv->dev, "confirm_sleep failed\n"); 1634 goto out; 1635 } 1636 1637 spin_lock_irqsave(&priv->driver_lock, flags); 1638 1639 /* We don't get a response on the sleep-confirmation */ 1640 priv->dnld_sent = DNLD_RES_RECEIVED; 1641 1642 if (priv->is_host_sleep_configured) { 1643 priv->is_host_sleep_activated = 1; 1644 wake_up_interruptible(&priv->host_sleep_q); 1645 } 1646 1647 /* If nothing to do, go back to sleep (?) */ 1648 if (!kfifo_len(&priv->event_fifo) && !priv->resp_len[priv->resp_idx]) 1649 priv->psstate = PS_STATE_SLEEP; 1650 1651 spin_unlock_irqrestore(&priv->driver_lock, flags); 1652 1653 out: 1654 lbs_deb_leave(LBS_DEB_HOST); 1655 } 1656 1657 /** 1658 * lbs_ps_confirm_sleep - checks condition and prepares to 1659 * send sleep confirm command to firmware if ok 1660 * 1661 * @priv: A pointer to &struct lbs_private structure 1662 * 1663 * returns: n/a 1664 */ 1665 void lbs_ps_confirm_sleep(struct lbs_private *priv) 1666 { 1667 unsigned long flags =0; 1668 int allowed = 1; 1669 1670 lbs_deb_enter(LBS_DEB_HOST); 1671 1672 spin_lock_irqsave(&priv->driver_lock, flags); 1673 if (priv->dnld_sent) { 1674 allowed = 0; 1675 lbs_deb_host("dnld_sent was set\n"); 1676 } 1677 1678 /* In-progress command? */ 1679 if (priv->cur_cmd) { 1680 allowed = 0; 1681 lbs_deb_host("cur_cmd was set\n"); 1682 } 1683 1684 /* Pending events or command responses? */ 1685 if (kfifo_len(&priv->event_fifo) || priv->resp_len[priv->resp_idx]) { 1686 allowed = 0; 1687 lbs_deb_host("pending events or command responses\n"); 1688 } 1689 spin_unlock_irqrestore(&priv->driver_lock, flags); 1690 1691 if (allowed) { 1692 lbs_deb_host("sending lbs_ps_confirm_sleep\n"); 1693 lbs_send_confirmsleep(priv); 1694 } else { 1695 lbs_deb_host("sleep confirm has been delayed\n"); 1696 } 1697 1698 lbs_deb_leave(LBS_DEB_HOST); 1699 } 1700 1701 1702 /** 1703 * lbs_set_tpc_cfg - Configures the transmission power control functionality 1704 * 1705 * @priv: A pointer to &struct lbs_private structure 1706 * @enable: Transmission power control enable 1707 * @p0: Power level when link quality is good (dBm). 1708 * @p1: Power level when link quality is fair (dBm). 1709 * @p2: Power level when link quality is poor (dBm). 1710 * @usesnr: Use Signal to Noise Ratio in TPC 1711 * 1712 * returns: 0 on success 1713 */ 1714 int lbs_set_tpc_cfg(struct lbs_private *priv, int enable, int8_t p0, int8_t p1, 1715 int8_t p2, int usesnr) 1716 { 1717 struct cmd_ds_802_11_tpc_cfg cmd; 1718 int ret; 1719 1720 memset(&cmd, 0, sizeof(cmd)); 1721 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1722 cmd.action = cpu_to_le16(CMD_ACT_SET); 1723 cmd.enable = !!enable; 1724 cmd.usesnr = !!usesnr; 1725 cmd.P0 = p0; 1726 cmd.P1 = p1; 1727 cmd.P2 = p2; 1728 1729 ret = lbs_cmd_with_response(priv, CMD_802_11_TPC_CFG, &cmd); 1730 1731 return ret; 1732 } 1733 1734 /** 1735 * lbs_set_power_adapt_cfg - Configures the power adaptation settings 1736 * 1737 * @priv: A pointer to &struct lbs_private structure 1738 * @enable: Power adaptation enable 1739 * @p0: Power level for 1, 2, 5.5 and 11 Mbps (dBm). 1740 * @p1: Power level for 6, 9, 12, 18, 22, 24 and 36 Mbps (dBm). 1741 * @p2: Power level for 48 and 54 Mbps (dBm). 1742 * 1743 * returns: 0 on Success 1744 */ 1745 1746 int lbs_set_power_adapt_cfg(struct lbs_private *priv, int enable, int8_t p0, 1747 int8_t p1, int8_t p2) 1748 { 1749 struct cmd_ds_802_11_pa_cfg cmd; 1750 int ret; 1751 1752 memset(&cmd, 0, sizeof(cmd)); 1753 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1754 cmd.action = cpu_to_le16(CMD_ACT_SET); 1755 cmd.enable = !!enable; 1756 cmd.P0 = p0; 1757 cmd.P1 = p1; 1758 cmd.P2 = p2; 1759 1760 ret = lbs_cmd_with_response(priv, CMD_802_11_PA_CFG , &cmd); 1761 1762 return ret; 1763 } 1764 1765 1766 struct cmd_ctrl_node *__lbs_cmd_async(struct lbs_private *priv, 1767 uint16_t command, struct cmd_header *in_cmd, int in_cmd_size, 1768 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1769 unsigned long callback_arg) 1770 { 1771 struct cmd_ctrl_node *cmdnode; 1772 1773 lbs_deb_enter(LBS_DEB_HOST); 1774 1775 if (priv->surpriseremoved) { 1776 lbs_deb_host("PREP_CMD: card removed\n"); 1777 cmdnode = ERR_PTR(-ENOENT); 1778 goto done; 1779 } 1780 1781 /* No commands are allowed in Deep Sleep until we toggle the GPIO 1782 * to wake up the card and it has signaled that it's ready. 1783 */ 1784 if (!priv->is_auto_deep_sleep_enabled) { 1785 if (priv->is_deep_sleep) { 1786 lbs_deb_cmd("command not allowed in deep sleep\n"); 1787 cmdnode = ERR_PTR(-EBUSY); 1788 goto done; 1789 } 1790 } 1791 1792 cmdnode = lbs_get_free_cmd_node(priv); 1793 if (cmdnode == NULL) { 1794 lbs_deb_host("PREP_CMD: cmdnode is NULL\n"); 1795 1796 /* Wake up main thread to execute next command */ 1797 wake_up(&priv->waitq); 1798 cmdnode = ERR_PTR(-ENOBUFS); 1799 goto done; 1800 } 1801 1802 cmdnode->callback = callback; 1803 cmdnode->callback_arg = callback_arg; 1804 1805 /* Copy the incoming command to the buffer */ 1806 memcpy(cmdnode->cmdbuf, in_cmd, in_cmd_size); 1807 1808 /* Set command, clean result, move to buffer */ 1809 cmdnode->cmdbuf->command = cpu_to_le16(command); 1810 cmdnode->cmdbuf->size = cpu_to_le16(in_cmd_size); 1811 cmdnode->cmdbuf->result = 0; 1812 1813 lbs_deb_host("PREP_CMD: command 0x%04x\n", command); 1814 1815 cmdnode->cmdwaitqwoken = 0; 1816 lbs_queue_cmd(priv, cmdnode); 1817 wake_up(&priv->waitq); 1818 1819 done: 1820 lbs_deb_leave_args(LBS_DEB_HOST, "ret %p", cmdnode); 1821 return cmdnode; 1822 } 1823 1824 void lbs_cmd_async(struct lbs_private *priv, uint16_t command, 1825 struct cmd_header *in_cmd, int in_cmd_size) 1826 { 1827 lbs_deb_enter(LBS_DEB_CMD); 1828 __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1829 lbs_cmd_async_callback, 0); 1830 lbs_deb_leave(LBS_DEB_CMD); 1831 } 1832 1833 int __lbs_cmd(struct lbs_private *priv, uint16_t command, 1834 struct cmd_header *in_cmd, int in_cmd_size, 1835 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1836 unsigned long callback_arg) 1837 { 1838 struct cmd_ctrl_node *cmdnode; 1839 unsigned long flags; 1840 int ret = 0; 1841 1842 lbs_deb_enter(LBS_DEB_HOST); 1843 1844 cmdnode = __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1845 callback, callback_arg); 1846 if (IS_ERR(cmdnode)) { 1847 ret = PTR_ERR(cmdnode); 1848 goto done; 1849 } 1850 1851 might_sleep(); 1852 1853 /* 1854 * Be careful with signals here. A signal may be received as the system 1855 * goes into suspend or resume. We do not want this to interrupt the 1856 * command, so we perform an uninterruptible sleep. 1857 */ 1858 wait_event(cmdnode->cmdwait_q, cmdnode->cmdwaitqwoken); 1859 1860 spin_lock_irqsave(&priv->driver_lock, flags); 1861 ret = cmdnode->result; 1862 if (ret) 1863 netdev_info(priv->dev, "PREP_CMD: command 0x%04x failed: %d\n", 1864 command, ret); 1865 1866 __lbs_cleanup_and_insert_cmd(priv, cmdnode); 1867 spin_unlock_irqrestore(&priv->driver_lock, flags); 1868 1869 done: 1870 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1871 return ret; 1872 } 1873 EXPORT_SYMBOL_GPL(__lbs_cmd); 1874 1875 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cmd.o.c.prepared"
1 /* 2 * This file contains the handling of command 3 * responses as well as events generated by firmware. 4 */ 5 6 #include <linux/hardirq.h> 7 #include <linux/slab.h> 8 #include <linux/delay.h> 9 #include <linux/sched.h> 10 #include <asm/unaligned.h> 11 #include <net/cfg80211.h> 12 13 #include "cfg.h" 14 #include "cmd.h" 15 16 /** 17 * lbs_mac_event_disconnected - handles disconnect event. It 18 * reports disconnect to upper layer, clean tx/rx packets, 19 * reset link state etc. 20 * 21 * @priv: A pointer to struct lbs_private structure 22 * @locally_generated: indicates disconnect was requested locally 23 * (usually by userspace) 24 * 25 * returns: n/a 26 */ 27 void lbs_mac_event_disconnected(struct lbs_private *priv, 28 bool locally_generated) 29 { 30 if (priv->connect_status != LBS_CONNECTED) 31 return; 32 33 lbs_deb_enter(LBS_DEB_ASSOC); 34 35 /* 36 * Cisco AP sends EAP failure and de-auth in less than 0.5 ms. 37 * It causes problem in the Supplicant 38 */ 39 msleep_interruptible(1000); 40 41 if (priv->wdev->iftype == NL80211_IFTYPE_STATION) 42 lbs_send_disconnect_notification(priv, locally_generated); 43 44 /* report disconnect to upper layer */ 45 netif_stop_queue(priv->dev); 46 netif_carrier_off(priv->dev); 47 48 /* Free Tx and Rx packets */ 49 kfree_skb(priv->currenttxskb); 50 priv->currenttxskb = NULL; 51 priv->tx_pending_len = 0; 52 53 priv->connect_status = LBS_DISCONNECTED; 54 55 if (priv->psstate != PS_STATE_FULL_POWER) { 56 /* make firmware to exit PS mode */ 57 lbs_deb_cmd("disconnected, so exit PS mode\n"); 58 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, false); 59 } 60 lbs_deb_leave(LBS_DEB_ASSOC); 61 } 62 63 int lbs_process_command_response(struct lbs_private *priv, u8 *data, u32 len) 64 { 65 uint16_t respcmd, curcmd; 66 struct cmd_header *resp; 67 int ret = 0; 68 unsigned long flags; 69 uint16_t result; 70 71 lbs_deb_enter(LBS_DEB_HOST); 72 73 mutex_lock(&priv->lock); 74 spin_lock_irqsave(&priv->driver_lock, flags); 75 76 if (!priv->cur_cmd) { 77 lbs_deb_host("CMD_RESP: cur_cmd is NULL\n"); 78 ret = -1; 79 spin_unlock_irqrestore(&priv->driver_lock, flags); 80 goto done; 81 } 82 83 resp = (void *)data; 84 curcmd = le16_to_cpu(priv->cur_cmd->cmdbuf->command); 85 respcmd = le16_to_cpu(resp->command); 86 result = le16_to_cpu(resp->result); 87 88 lbs_deb_cmd("CMD_RESP: response 0x%04x, seq %d, size %d\n", 89 respcmd, le16_to_cpu(resp->seqnum), len); 90 lbs_deb_hex(LBS_DEB_CMD, "CMD_RESP", (void *) resp, len); 91 92 if (resp->seqnum != priv->cur_cmd->cmdbuf->seqnum) { 93 netdev_info(priv->dev, 94 "Received CMD_RESP with invalid sequence %d (expected %d)\n", 95 le16_to_cpu(resp->seqnum), 96 le16_to_cpu(priv->cur_cmd->cmdbuf->seqnum)); 97 spin_unlock_irqrestore(&priv->driver_lock, flags); 98 ret = -1; 99 goto done; 100 } 101 if (respcmd != CMD_RET(curcmd) && 102 respcmd != CMD_RET_802_11_ASSOCIATE && curcmd != CMD_802_11_ASSOCIATE) { 103 netdev_info(priv->dev, "Invalid CMD_RESP %x to command %x!\n", 104 respcmd, curcmd); 105 spin_unlock_irqrestore(&priv->driver_lock, flags); 106 ret = -1; 107 goto done; 108 } 109 110 if (resp->result == cpu_to_le16(0x0004)) { 111 /* 0x0004 means -EAGAIN. Drop the response, let it time out 112 and be resubmitted */ 113 netdev_info(priv->dev, 114 "Firmware returns DEFER to command %x. Will let it time out...\n", 115 le16_to_cpu(resp->command)); 116 spin_unlock_irqrestore(&priv->driver_lock, flags); 117 ret = -1; 118 goto done; 119 } 120 121 /* Now we got response from FW, cancel the command timer */ 122 del_timer(&priv->command_timer); 123 priv->cmd_timed_out = 0; 124 125 if (respcmd == CMD_RET(CMD_802_11_PS_MODE)) { 126 struct cmd_ds_802_11_ps_mode *psmode = (void *) &resp[1]; 127 u16 action = le16_to_cpu(psmode->action); 128 129 lbs_deb_host( 130 "CMD_RESP: PS_MODE cmd reply result 0x%x, action 0x%x\n", 131 result, action); 132 133 if (result) { 134 lbs_deb_host("CMD_RESP: PS command failed with 0x%x\n", 135 result); 136 /* 137 * We should not re-try enter-ps command in 138 * ad-hoc mode. It takes place in 139 * lbs_execute_next_command(). 140 */ 141 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR && 142 action == PS_MODE_ACTION_ENTER_PS) 143 priv->psmode = LBS802_11POWERMODECAM; 144 } else if (action == PS_MODE_ACTION_ENTER_PS) { 145 priv->needtowakeup = 0; 146 priv->psstate = PS_STATE_AWAKE; 147 148 lbs_deb_host("CMD_RESP: ENTER_PS command response\n"); 149 if (priv->connect_status != LBS_CONNECTED) { 150 /* 151 * When Deauth Event received before Enter_PS command 152 * response, We need to wake up the firmware. 153 */ 154 lbs_deb_host( 155 "disconnected, invoking lbs_ps_wakeup\n"); 156 157 spin_unlock_irqrestore(&priv->driver_lock, flags); 158 mutex_unlock(&priv->lock); 159 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, 160 false); 161 mutex_lock(&priv->lock); 162 spin_lock_irqsave(&priv->driver_lock, flags); 163 } 164 } else if (action == PS_MODE_ACTION_EXIT_PS) { 165 priv->needtowakeup = 0; 166 priv->psstate = PS_STATE_FULL_POWER; 167 lbs_deb_host("CMD_RESP: EXIT_PS command response\n"); 168 } else { 169 lbs_deb_host("CMD_RESP: PS action 0x%X\n", action); 170 } 171 172 __lbs_complete_command(priv, priv->cur_cmd, result); 173 spin_unlock_irqrestore(&priv->driver_lock, flags); 174 175 ret = 0; 176 goto done; 177 } 178 179 /* If the command is not successful, cleanup and return failure */ 180 if ((result != 0 || !(respcmd & 0x8000))) { 181 lbs_deb_host("CMD_RESP: error 0x%04x in command reply 0x%04x\n", 182 result, respcmd); 183 /* 184 * Handling errors here 185 */ 186 switch (respcmd) { 187 case CMD_RET(CMD_GET_HW_SPEC): 188 case CMD_RET(CMD_802_11_RESET): 189 lbs_deb_host("CMD_RESP: reset failed\n"); 190 break; 191 192 } 193 __lbs_complete_command(priv, priv->cur_cmd, result); 194 spin_unlock_irqrestore(&priv->driver_lock, flags); 195 196 ret = -1; 197 goto done; 198 } 199 200 spin_unlock_irqrestore(&priv->driver_lock, flags); 201 202 if (priv->cur_cmd && priv->cur_cmd->callback) { 203 ret = priv->cur_cmd->callback(priv, priv->cur_cmd->callback_arg, 204 resp); 205 } 206 207 spin_lock_irqsave(&priv->driver_lock, flags); 208 209 if (priv->cur_cmd) { 210 /* Clean up and Put current command back to cmdfreeq */ 211 __lbs_complete_command(priv, priv->cur_cmd, result); 212 } 213 spin_unlock_irqrestore(&priv->driver_lock, flags); 214 215 done: 216 mutex_unlock(&priv->lock); 217 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 218 return ret; 219 } 220 221 int lbs_process_event(struct lbs_private *priv, u32 event) 222 { 223 int ret = 0; 224 struct cmd_header cmd; 225 226 lbs_deb_enter(LBS_DEB_CMD); 227 228 switch (event) { 229 case MACREG_INT_CODE_LINK_SENSED: 230 lbs_deb_cmd("EVENT: link sensed\n"); 231 break; 232 233 case MACREG_INT_CODE_DEAUTHENTICATED: 234 lbs_deb_cmd("EVENT: deauthenticated\n"); 235 lbs_mac_event_disconnected(priv, false); 236 break; 237 238 case MACREG_INT_CODE_DISASSOCIATED: 239 lbs_deb_cmd("EVENT: disassociated\n"); 240 lbs_mac_event_disconnected(priv, false); 241 break; 242 243 case MACREG_INT_CODE_LINK_LOST_NO_SCAN: 244 lbs_deb_cmd("EVENT: link lost\n"); 245 lbs_mac_event_disconnected(priv, true); 246 break; 247 248 case MACREG_INT_CODE_PS_SLEEP: 249 lbs_deb_cmd("EVENT: ps sleep\n"); 250 251 /* handle unexpected PS SLEEP event */ 252 if (priv->psstate == PS_STATE_FULL_POWER) { 253 lbs_deb_cmd( 254 "EVENT: in FULL POWER mode, ignoring PS_SLEEP\n"); 255 break; 256 } 257 priv->psstate = PS_STATE_PRE_SLEEP; 258 259 lbs_ps_confirm_sleep(priv); 260 261 break; 262 263 case MACREG_INT_CODE_HOST_AWAKE: 264 lbs_deb_cmd("EVENT: host awake\n"); 265 if (priv->reset_deep_sleep_wakeup) 266 priv->reset_deep_sleep_wakeup(priv); 267 priv->is_deep_sleep = 0; 268 lbs_cmd_async(priv, CMD_802_11_WAKEUP_CONFIRM, &cmd, 269 sizeof(cmd)); 270 priv->is_host_sleep_activated = 0; 271 wake_up_interruptible(&priv->host_sleep_q); 272 break; 273 274 case MACREG_INT_CODE_DEEP_SLEEP_AWAKE: 275 if (priv->reset_deep_sleep_wakeup) 276 priv->reset_deep_sleep_wakeup(priv); 277 lbs_deb_cmd("EVENT: ds awake\n"); 278 priv->is_deep_sleep = 0; 279 priv->wakeup_dev_required = 0; 280 wake_up_interruptible(&priv->ds_awake_q); 281 break; 282 283 case MACREG_INT_CODE_PS_AWAKE: 284 lbs_deb_cmd("EVENT: ps awake\n"); 285 /* handle unexpected PS AWAKE event */ 286 if (priv->psstate == PS_STATE_FULL_POWER) { 287 lbs_deb_cmd( 288 "EVENT: In FULL POWER mode - ignore PS AWAKE\n"); 289 break; 290 } 291 292 priv->psstate = PS_STATE_AWAKE; 293 294 if (priv->needtowakeup) { 295 /* 296 * wait for the command processing to finish 297 * before resuming sending 298 * priv->needtowakeup will be set to FALSE 299 * in lbs_ps_wakeup() 300 */ 301 lbs_deb_cmd("waking up ...\n"); 302 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, false); 303 } 304 break; 305 306 case MACREG_INT_CODE_MIC_ERR_UNICAST: 307 lbs_deb_cmd("EVENT: UNICAST MIC ERROR\n"); 308 lbs_send_mic_failureevent(priv, event); 309 break; 310 311 case MACREG_INT_CODE_MIC_ERR_MULTICAST: 312 lbs_deb_cmd("EVENT: MULTICAST MIC ERROR\n"); 313 lbs_send_mic_failureevent(priv, event); 314 break; 315 316 case MACREG_INT_CODE_MIB_CHANGED: 317 lbs_deb_cmd("EVENT: MIB CHANGED\n"); 318 break; 319 case MACREG_INT_CODE_INIT_DONE: 320 lbs_deb_cmd("EVENT: INIT DONE\n"); 321 break; 322 case MACREG_INT_CODE_ADHOC_BCN_LOST: 323 lbs_deb_cmd("EVENT: ADHOC beacon lost\n"); 324 break; 325 case MACREG_INT_CODE_RSSI_LOW: 326 netdev_alert(priv->dev, "EVENT: rssi low\n"); 327 break; 328 case MACREG_INT_CODE_SNR_LOW: 329 netdev_alert(priv->dev, "EVENT: snr low\n"); 330 break; 331 case MACREG_INT_CODE_MAX_FAIL: 332 netdev_alert(priv->dev, "EVENT: max fail\n"); 333 break; 334 case MACREG_INT_CODE_RSSI_HIGH: 335 netdev_alert(priv->dev, "EVENT: rssi high\n"); 336 break; 337 case MACREG_INT_CODE_SNR_HIGH: 338 netdev_alert(priv->dev, "EVENT: snr high\n"); 339 break; 340 341 case MACREG_INT_CODE_MESH_AUTO_STARTED: 342 /* Ignore spurious autostart events */ 343 netdev_info(priv->dev, "EVENT: MESH_AUTO_STARTED (ignoring)\n"); 344 break; 345 346 default: 347 netdev_alert(priv->dev, "EVENT: unknown event id %d\n", event); 348 break; 349 } 350 351 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 352 return ret; 353 }
1 /* 2 * This file contains the major functions in WLAN 3 * driver. It includes init, exit, open, close and main 4 * thread etc.. 5 */ 6 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 9 #include <linux/module.h> 10 #include <linux/delay.h> 11 #include <linux/etherdevice.h> 12 #include <linux/hardirq.h> 13 #include <linux/netdevice.h> 14 #include <linux/if_arp.h> 15 #include <linux/kthread.h> 16 #include <linux/kfifo.h> 17 #include <linux/slab.h> 18 #include <net/cfg80211.h> 19 20 #include "host.h" 21 #include "decl.h" 22 #include "dev.h" 23 #include "cfg.h" 24 #include "debugfs.h" 25 #include "cmd.h" 26 #include "mesh.h" 27 28 #define DRIVER_RELEASE_VERSION "323.p0" 29 const char lbs_driver_version[] = "COMM-USB8388-" DRIVER_RELEASE_VERSION 30 #ifdef DEBUG 31 "-dbg" 32 #endif 33 ""; 34 35 36 /* Module parameters */ 37 unsigned int lbs_debug; 38 EXPORT_SYMBOL_GPL(lbs_debug); 39 module_param_named(libertas_debug, lbs_debug, int, 0644); 40 41 unsigned int lbs_disablemesh; 42 EXPORT_SYMBOL_GPL(lbs_disablemesh); 43 module_param_named(libertas_disablemesh, lbs_disablemesh, int, 0644); 44 45 46 /* 47 * This global structure is used to send the confirm_sleep command as 48 * fast as possible down to the firmware. 49 */ 50 struct cmd_confirm_sleep confirm_sleep; 51 52 53 /* 54 * the table to keep region code 55 */ 56 u16 lbs_region_code_to_index[MRVDRV_MAX_REGION_CODE] = 57 { 0x10, 0x20, 0x30, 0x31, 0x32, 0x40 }; 58 59 /* 60 * FW rate table. FW refers to rates by their index in this table, not by the 61 * rate value itself. Values of 0x00 are 62 * reserved positions. 63 */ 64 static u8 fw_data_rates[MAX_RATES] = 65 { 0x02, 0x04, 0x0B, 0x16, 0x00, 0x0C, 0x12, 66 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C, 0x00 67 }; 68 69 /** 70 * lbs_fw_index_to_data_rate - use index to get the data rate 71 * 72 * @idx: The index of data rate 73 * returns: data rate or 0 74 */ 75 u32 lbs_fw_index_to_data_rate(u8 idx) 76 { 77 if (idx >= sizeof(fw_data_rates)) 78 idx = 0; 79 return fw_data_rates[idx]; 80 } 81 82 /** 83 * lbs_data_rate_to_fw_index - use rate to get the index 84 * 85 * @rate: data rate 86 * returns: index or 0 87 */ 88 u8 lbs_data_rate_to_fw_index(u32 rate) 89 { 90 u8 i; 91 92 if (!rate) 93 return 0; 94 95 for (i = 0; i < sizeof(fw_data_rates); i++) { 96 if (rate == fw_data_rates[i]) 97 return i; 98 } 99 return 0; 100 } 101 102 int lbs_set_iface_type(struct lbs_private *priv, enum nl80211_iftype type) 103 { 104 int ret = 0; 105 106 switch (type) { 107 case NL80211_IFTYPE_MONITOR: 108 ret = lbs_set_monitor_mode(priv, 1); 109 break; 110 case NL80211_IFTYPE_STATION: 111 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) 112 ret = lbs_set_monitor_mode(priv, 0); 113 if (!ret) 114 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 1); 115 break; 116 case NL80211_IFTYPE_ADHOC: 117 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) 118 ret = lbs_set_monitor_mode(priv, 0); 119 if (!ret) 120 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 2); 121 break; 122 default: 123 ret = -ENOTSUPP; 124 } 125 return ret; 126 } 127 128 int lbs_start_iface(struct lbs_private *priv) 129 { 130 struct cmd_ds_802_11_mac_address cmd; 131 int ret; 132 133 if (priv->power_restore) { 134 ret = priv->power_restore(priv); 135 if (ret) 136 return ret; 137 } 138 139 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 140 cmd.action = cpu_to_le16(CMD_ACT_SET); 141 memcpy(cmd.macadd, priv->current_addr, ETH_ALEN); 142 143 ret = lbs_cmd_with_response(priv, CMD_802_11_MAC_ADDRESS, &cmd); 144 if (ret) { 145 lbs_deb_net("set MAC address failed\n"); 146 goto err; 147 } 148 149 ret = lbs_set_iface_type(priv, priv->wdev->iftype); 150 if (ret) { 151 lbs_deb_net("set iface type failed\n"); 152 goto err; 153 } 154 155 ret = lbs_set_11d_domain_info(priv); 156 if (ret) { 157 lbs_deb_net("set 11d domain info failed\n"); 158 goto err; 159 } 160 161 lbs_update_channel(priv); 162 163 priv->iface_running = true; 164 return 0; 165 166 err: 167 if (priv->power_save) 168 priv->power_save(priv); 169 return ret; 170 } 171 172 /** 173 * lbs_dev_open - open the ethX interface 174 * 175 * @dev: A pointer to &net_device structure 176 * returns: 0 or -EBUSY if monitor mode active 177 */ 178 static int lbs_dev_open(struct net_device *dev) 179 { 180 struct lbs_private *priv = dev->ml_priv; 181 int ret = 0; 182 183 lbs_deb_enter(LBS_DEB_NET); 184 if (!priv->iface_running) { 185 ret = lbs_start_iface(priv); 186 if (ret) 187 goto out; 188 } 189 190 spin_lock_irq(&priv->driver_lock); 191 192 netif_carrier_off(dev); 193 194 if (!priv->tx_pending_len) 195 netif_wake_queue(dev); 196 197 spin_unlock_irq(&priv->driver_lock); 198 199 out: 200 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 201 return ret; 202 } 203 204 static bool lbs_command_queue_empty(struct lbs_private *priv) 205 { 206 unsigned long flags; 207 bool ret; 208 spin_lock_irqsave(&priv->driver_lock, flags); 209 ret = priv->cur_cmd == NULL && list_empty(&priv->cmdpendingq); 210 spin_unlock_irqrestore(&priv->driver_lock, flags); 211 return ret; 212 } 213 214 int lbs_stop_iface(struct lbs_private *priv) 215 { 216 unsigned long flags; 217 int ret = 0; 218 219 lbs_deb_enter(LBS_DEB_MAIN); 220 221 spin_lock_irqsave(&priv->driver_lock, flags); 222 priv->iface_running = false; 223 kfree_skb(priv->currenttxskb); 224 priv->currenttxskb = NULL; 225 priv->tx_pending_len = 0; 226 spin_unlock_irqrestore(&priv->driver_lock, flags); 227 228 cancel_work_sync(&priv->mcast_work); 229 del_timer_sync(&priv->tx_lockup_timer); 230 231 /* Disable command processing, and wait for all commands to complete */ 232 lbs_deb_main("waiting for commands to complete\n"); 233 wait_event(priv->waitq, lbs_command_queue_empty(priv)); 234 lbs_deb_main("all commands completed\n"); 235 236 if (priv->power_save) 237 ret = priv->power_save(priv); 238 239 lbs_deb_leave(LBS_DEB_MAIN); 240 return ret; 241 } 242 243 /** 244 * lbs_eth_stop - close the ethX interface 245 * 246 * @dev: A pointer to &net_device structure 247 * returns: 0 248 */ 249 static int lbs_eth_stop(struct net_device *dev) 250 { 251 struct lbs_private *priv = dev->ml_priv; 252 253 lbs_deb_enter(LBS_DEB_NET); 254 255 if (priv->connect_status == LBS_CONNECTED) 256 lbs_disconnect(priv, WLAN_REASON_DEAUTH_LEAVING); 257 258 spin_lock_irq(&priv->driver_lock); 259 netif_stop_queue(dev); 260 spin_unlock_irq(&priv->driver_lock); 261 262 lbs_update_mcast(priv); 263 cancel_delayed_work_sync(&priv->scan_work); 264 if (priv->scan_req) 265 lbs_scan_done(priv); 266 267 netif_carrier_off(priv->dev); 268 269 if (!lbs_iface_active(priv)) 270 lbs_stop_iface(priv); 271 272 lbs_deb_leave(LBS_DEB_NET); 273 return 0; 274 } 275 276 void lbs_host_to_card_done(struct lbs_private *priv) 277 { 278 unsigned long flags; 279 280 lbs_deb_enter(LBS_DEB_THREAD); 281 282 spin_lock_irqsave(&priv->driver_lock, flags); 283 del_timer(&priv->tx_lockup_timer); 284 285 priv->dnld_sent = DNLD_RES_RECEIVED; 286 287 /* Wake main thread if commands are pending */ 288 if (!priv->cur_cmd || priv->tx_pending_len > 0) { 289 if (!priv->wakeup_dev_required) 290 wake_up(&priv->waitq); 291 } 292 293 spin_unlock_irqrestore(&priv->driver_lock, flags); 294 lbs_deb_leave(LBS_DEB_THREAD); 295 } 296 EXPORT_SYMBOL_GPL(lbs_host_to_card_done); 297 298 int lbs_set_mac_address(struct net_device *dev, void *addr) 299 { 300 int ret = 0; 301 struct lbs_private *priv = dev->ml_priv; 302 struct sockaddr *phwaddr = addr; 303 304 lbs_deb_enter(LBS_DEB_NET); 305 306 /* 307 * Can only set MAC address when all interfaces are down, to be written 308 * to the hardware when one of them is brought up. 309 */ 310 if (lbs_iface_active(priv)) 311 return -EBUSY; 312 313 /* In case it was called from the mesh device */ 314 dev = priv->dev; 315 316 memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN); 317 memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN); 318 if (priv->mesh_dev) 319 memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN); 320 321 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 322 return ret; 323 } 324 325 326 static inline int mac_in_list(unsigned char *list, int list_len, 327 unsigned char *mac) 328 { 329 while (list_len) { 330 if (!memcmp(list, mac, ETH_ALEN)) 331 return 1; 332 list += ETH_ALEN; 333 list_len--; 334 } 335 return 0; 336 } 337 338 339 static int lbs_add_mcast_addrs(struct cmd_ds_mac_multicast_adr *cmd, 340 struct net_device *dev, int nr_addrs) 341 { 342 int i = nr_addrs; 343 struct netdev_hw_addr *ha; 344 int cnt; 345 346 if ((dev->flags & (IFF_UP|IFF_MULTICAST)) != (IFF_UP|IFF_MULTICAST)) 347 return nr_addrs; 348 349 netif_addr_lock_bh(dev); 350 cnt = netdev_mc_count(dev); 351 netdev_for_each_mc_addr(ha, dev) { 352 if (mac_in_list(cmd->maclist, nr_addrs, ha->addr)) { 353 lbs_deb_net("mcast address %s:%pM skipped\n", dev->name, 354 ha->addr); 355 cnt--; 356 continue; 357 } 358 359 if (i == MRVDRV_MAX_MULTICAST_LIST_SIZE) 360 break; 361 memcpy(&cmd->maclist[6*i], ha->addr, ETH_ALEN); 362 lbs_deb_net("mcast address %s:%pM added to filter\n", dev->name, 363 ha->addr); 364 i++; 365 cnt--; 366 } 367 netif_addr_unlock_bh(dev); 368 if (cnt) 369 return -EOVERFLOW; 370 371 return i; 372 } 373 374 void lbs_update_mcast(struct lbs_private *priv) 375 { 376 struct cmd_ds_mac_multicast_adr mcast_cmd; 377 int dev_flags = 0; 378 int nr_addrs; 379 int old_mac_control = priv->mac_control; 380 381 lbs_deb_enter(LBS_DEB_NET); 382 383 if (netif_running(priv->dev)) 384 dev_flags |= priv->dev->flags; 385 if (priv->mesh_dev && netif_running(priv->mesh_dev)) 386 dev_flags |= priv->mesh_dev->flags; 387 388 if (dev_flags & IFF_PROMISC) { 389 priv->mac_control |= CMD_ACT_MAC_PROMISCUOUS_ENABLE; 390 priv->mac_control &= ~(CMD_ACT_MAC_ALL_MULTICAST_ENABLE | 391 CMD_ACT_MAC_MULTICAST_ENABLE); 392 goto out_set_mac_control; 393 } else if (dev_flags & IFF_ALLMULTI) { 394 do_allmulti: 395 priv->mac_control |= CMD_ACT_MAC_ALL_MULTICAST_ENABLE; 396 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE | 397 CMD_ACT_MAC_MULTICAST_ENABLE); 398 goto out_set_mac_control; 399 } 400 401 /* Once for priv->dev, again for priv->mesh_dev if it exists */ 402 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->dev, 0); 403 if (nr_addrs >= 0 && priv->mesh_dev) 404 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->mesh_dev, nr_addrs); 405 if (nr_addrs < 0) 406 goto do_allmulti; 407 408 if (nr_addrs) { 409 int size = offsetof(struct cmd_ds_mac_multicast_adr, 410 maclist[6*nr_addrs]); 411 412 mcast_cmd.action = cpu_to_le16(CMD_ACT_SET); 413 mcast_cmd.hdr.size = cpu_to_le16(size); 414 mcast_cmd.nr_of_adrs = cpu_to_le16(nr_addrs); 415 416 lbs_cmd_async(priv, CMD_MAC_MULTICAST_ADR, &mcast_cmd.hdr, size); 417 418 priv->mac_control |= CMD_ACT_MAC_MULTICAST_ENABLE; 419 } else 420 priv->mac_control &= ~CMD_ACT_MAC_MULTICAST_ENABLE; 421 422 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE | 423 CMD_ACT_MAC_ALL_MULTICAST_ENABLE); 424 out_set_mac_control: 425 if (priv->mac_control != old_mac_control) 426 lbs_set_mac_control(priv); 427 428 lbs_deb_leave(LBS_DEB_NET); 429 } 430 431 static void lbs_set_mcast_worker(struct work_struct *work) 432 { 433 struct lbs_private *priv = container_of(work, struct lbs_private, mcast_work); 434 lbs_update_mcast(priv); 435 } 436 437 void lbs_set_multicast_list(struct net_device *dev) 438 { 439 struct lbs_private *priv = dev->ml_priv; 440 441 schedule_work(&priv->mcast_work); 442 } 443 444 /** 445 * lbs_thread - handles the major jobs in the LBS driver. 446 * It handles all events generated by firmware, RX data received 447 * from firmware and TX data sent from kernel. 448 * 449 * @data: A pointer to &lbs_thread structure 450 * returns: 0 451 */ 452 static int lbs_thread(void *data) 453 { 454 struct net_device *dev = data; 455 struct lbs_private *priv = dev->ml_priv; 456 wait_queue_t wait; 457 458 lbs_deb_enter(LBS_DEB_THREAD); 459 460 init_waitqueue_entry(&wait, current); 461 462 for (;;) { 463 int shouldsleep; 464 u8 resp_idx; 465 466 lbs_deb_thread("1: currenttxskb %p, dnld_sent %d\n", 467 priv->currenttxskb, priv->dnld_sent); 468 469 add_wait_queue(&priv->waitq, &wait); 470 set_current_state(TASK_INTERRUPTIBLE); 471 spin_lock_irq(&priv->driver_lock); 472 473 if (kthread_should_stop()) 474 shouldsleep = 0; /* Bye */ 475 else if (priv->surpriseremoved) 476 shouldsleep = 1; /* We need to wait until we're _told_ to die */ 477 else if (priv->psstate == PS_STATE_SLEEP) 478 shouldsleep = 1; /* Sleep mode. Nothing we can do till it wakes */ 479 else if (priv->cmd_timed_out) 480 shouldsleep = 0; /* Command timed out. Recover */ 481 else if (!priv->fw_ready) 482 shouldsleep = 1; /* Firmware not ready. We're waiting for it */ 483 else if (priv->dnld_sent) 484 shouldsleep = 1; /* Something is en route to the device already */ 485 else if (priv->tx_pending_len > 0) 486 shouldsleep = 0; /* We've a packet to send */ 487 else if (priv->resp_len[priv->resp_idx]) 488 shouldsleep = 0; /* We have a command response */ 489 else if (priv->cur_cmd) 490 shouldsleep = 1; /* Can't send a command; one already running */ 491 else if (!list_empty(&priv->cmdpendingq) && 492 !(priv->wakeup_dev_required)) 493 shouldsleep = 0; /* We have a command to send */ 494 else if (kfifo_len(&priv->event_fifo)) 495 shouldsleep = 0; /* We have an event to process */ 496 else 497 shouldsleep = 1; /* No command */ 498 499 if (shouldsleep) { 500 lbs_deb_thread("sleeping, connect_status %d, " 501 "psmode %d, psstate %d\n", 502 priv->connect_status, 503 priv->psmode, priv->psstate); 504 spin_unlock_irq(&priv->driver_lock); 505 schedule(); 506 } else 507 spin_unlock_irq(&priv->driver_lock); 508 509 lbs_deb_thread("2: currenttxskb %p, dnld_send %d\n", 510 priv->currenttxskb, priv->dnld_sent); 511 512 set_current_state(TASK_RUNNING); 513 remove_wait_queue(&priv->waitq, &wait); 514 515 lbs_deb_thread("3: currenttxskb %p, dnld_sent %d\n", 516 priv->currenttxskb, priv->dnld_sent); 517 518 if (kthread_should_stop()) { 519 lbs_deb_thread("break from main thread\n"); 520 break; 521 } 522 523 if (priv->surpriseremoved) { 524 lbs_deb_thread("adapter removed; waiting to die...\n"); 525 continue; 526 } 527 528 lbs_deb_thread("4: currenttxskb %p, dnld_sent %d\n", 529 priv->currenttxskb, priv->dnld_sent); 530 531 /* Process any pending command response */ 532 spin_lock_irq(&priv->driver_lock); 533 resp_idx = priv->resp_idx; 534 if (priv->resp_len[resp_idx]) { 535 spin_unlock_irq(&priv->driver_lock); 536 lbs_process_command_response(priv, 537 priv->resp_buf[resp_idx], 538 priv->resp_len[resp_idx]); 539 spin_lock_irq(&priv->driver_lock); 540 priv->resp_len[resp_idx] = 0; 541 } 542 spin_unlock_irq(&priv->driver_lock); 543 544 /* Process hardware events, e.g. card removed, link lost */ 545 spin_lock_irq(&priv->driver_lock); 546 while (kfifo_len(&priv->event_fifo)) { 547 u32 event; 548 549 if (kfifo_out(&priv->event_fifo, 550 (unsigned char *) &event, sizeof(event)) != 551 sizeof(event)) 552 break; 553 spin_unlock_irq(&priv->driver_lock); 554 lbs_process_event(priv, event); 555 spin_lock_irq(&priv->driver_lock); 556 } 557 spin_unlock_irq(&priv->driver_lock); 558 559 if (priv->wakeup_dev_required) { 560 lbs_deb_thread("Waking up device...\n"); 561 /* Wake up device */ 562 if (priv->exit_deep_sleep(priv)) 563 lbs_deb_thread("Wakeup device failed\n"); 564 continue; 565 } 566 567 /* command timeout stuff */ 568 if (priv->cmd_timed_out && priv->cur_cmd) { 569 struct cmd_ctrl_node *cmdnode = priv->cur_cmd; 570 571 netdev_info(dev, "Timeout submitting command 0x%04x\n", 572 le16_to_cpu(cmdnode->cmdbuf->command)); 573 lbs_complete_command(priv, cmdnode, -ETIMEDOUT); 574 575 /* Reset card, but only when it isn't in the process 576 * of being shutdown anyway. */ 577 if (!dev->dismantle && priv->reset_card) 578 priv->reset_card(priv); 579 } 580 priv->cmd_timed_out = 0; 581 582 if (!priv->fw_ready) 583 continue; 584 585 /* Check if we need to confirm Sleep Request received previously */ 586 if (priv->psstate == PS_STATE_PRE_SLEEP && 587 !priv->dnld_sent && !priv->cur_cmd) { 588 if (priv->connect_status == LBS_CONNECTED) { 589 lbs_deb_thread("pre-sleep, currenttxskb %p, " 590 "dnld_sent %d, cur_cmd %p\n", 591 priv->currenttxskb, priv->dnld_sent, 592 priv->cur_cmd); 593 594 lbs_ps_confirm_sleep(priv); 595 } else { 596 /* workaround for firmware sending 597 * deauth/linkloss event immediately 598 * after sleep request; remove this 599 * after firmware fixes it 600 */ 601 priv->psstate = PS_STATE_AWAKE; 602 netdev_alert(dev, 603 "ignore PS_SleepConfirm in non-connected state\n"); 604 } 605 } 606 607 /* The PS state is changed during processing of Sleep Request 608 * event above 609 */ 610 if ((priv->psstate == PS_STATE_SLEEP) || 611 (priv->psstate == PS_STATE_PRE_SLEEP)) 612 continue; 613 614 if (priv->is_deep_sleep) 615 continue; 616 617 /* Execute the next command */ 618 if (!priv->dnld_sent && !priv->cur_cmd) 619 lbs_execute_next_command(priv); 620 621 spin_lock_irq(&priv->driver_lock); 622 if (!priv->dnld_sent && priv->tx_pending_len > 0) { 623 int ret = priv->hw_host_to_card(priv, MVMS_DAT, 624 priv->tx_pending_buf, 625 priv->tx_pending_len); 626 if (ret) { 627 lbs_deb_tx("host_to_card failed %d\n", ret); 628 priv->dnld_sent = DNLD_RES_RECEIVED; 629 } else { 630 mod_timer(&priv->tx_lockup_timer, 631 jiffies + (HZ * 5)); 632 } 633 priv->tx_pending_len = 0; 634 if (!priv->currenttxskb) { 635 /* We can wake the queues immediately if we aren't 636 waiting for TX feedback */ 637 if (priv->connect_status == LBS_CONNECTED) 638 netif_wake_queue(priv->dev); 639 if (priv->mesh_dev && 640 netif_running(priv->mesh_dev)) 641 netif_wake_queue(priv->mesh_dev); 642 } 643 } 644 spin_unlock_irq(&priv->driver_lock); 645 } 646 647 del_timer(&priv->command_timer); 648 del_timer(&priv->tx_lockup_timer); 649 del_timer(&priv->auto_deepsleep_timer); 650 651 lbs_deb_leave(LBS_DEB_THREAD); 652 return 0; 653 } 654 655 /** 656 * lbs_setup_firmware - gets the HW spec from the firmware and sets 657 * some basic parameters 658 * 659 * @priv: A pointer to &struct lbs_private structure 660 * returns: 0 or -1 661 */ 662 static int lbs_setup_firmware(struct lbs_private *priv) 663 { 664 int ret = -1; 665 s16 curlevel = 0, minlevel = 0, maxlevel = 0; 666 667 lbs_deb_enter(LBS_DEB_FW); 668 669 /* Read MAC address from firmware */ 670 eth_broadcast_addr(priv->current_addr); 671 ret = lbs_update_hw_spec(priv); 672 if (ret) 673 goto done; 674 675 /* Read power levels if available */ 676 ret = lbs_get_tx_power(priv, &curlevel, &minlevel, &maxlevel); 677 if (ret == 0) { 678 priv->txpower_cur = curlevel; 679 priv->txpower_min = minlevel; 680 priv->txpower_max = maxlevel; 681 } 682 683 /* Send cmd to FW to enable 11D function */ 684 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_11D_ENABLE, 1); 685 if (ret) 686 goto done; 687 688 ret = lbs_set_mac_control_sync(priv); 689 done: 690 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 691 return ret; 692 } 693 694 int lbs_suspend(struct lbs_private *priv) 695 { 696 int ret; 697 698 lbs_deb_enter(LBS_DEB_FW); 699 700 if (priv->is_deep_sleep) { 701 ret = lbs_set_deep_sleep(priv, 0); 702 if (ret) { 703 netdev_err(priv->dev, 704 "deep sleep cancellation failed: %d\n", ret); 705 return ret; 706 } 707 priv->deep_sleep_required = 1; 708 } 709 710 ret = lbs_set_host_sleep(priv, 1); 711 712 netif_device_detach(priv->dev); 713 if (priv->mesh_dev) 714 netif_device_detach(priv->mesh_dev); 715 716 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 717 return ret; 718 } 719 EXPORT_SYMBOL_GPL(lbs_suspend); 720 721 int lbs_resume(struct lbs_private *priv) 722 { 723 int ret; 724 725 lbs_deb_enter(LBS_DEB_FW); 726 727 ret = lbs_set_host_sleep(priv, 0); 728 729 netif_device_attach(priv->dev); 730 if (priv->mesh_dev) 731 netif_device_attach(priv->mesh_dev); 732 733 if (priv->deep_sleep_required) { 734 priv->deep_sleep_required = 0; 735 ret = lbs_set_deep_sleep(priv, 1); 736 if (ret) 737 netdev_err(priv->dev, 738 "deep sleep activation failed: %d\n", ret); 739 } 740 741 if (priv->setup_fw_on_resume) 742 ret = lbs_setup_firmware(priv); 743 744 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 745 return ret; 746 } 747 EXPORT_SYMBOL_GPL(lbs_resume); 748 749 /** 750 * lbs_cmd_timeout_handler - handles the timeout of command sending. 751 * It will re-send the same command again. 752 * 753 * @data: &struct lbs_private pointer 754