Error Trace

[Home]

Bug # 113

Show/hide error trace
Error trace
Function bodies
Blocks
  • Others...
    Function bodies without model function calls
    Initialization function calls
    Initialization function bodies
    Entry point
    Entry point body
    Function calls
    Skipped function calls
    Formal parameter names
    Declarations
    Assumes
    Assume conditions
    Returns
    Return values
    DEG initialization
    DEG function calls
    Model function calls
    Model function bodies
    Model asserts
    Model state changes
    Model function function calls
    Model function function bodies
    Model returns
    Model others
    Identation
    Line numbers
    Expand signs
/*Is true unsafe:*/
/*Number of usage points:2*/
/*Number of usages :2*/
/*Two examples:*/
/*_____________________*/
/*Without locks*/
-__CPAchecker_initialize()
{
return ;
}
-entry_point
{
649 struct sk_buff *ldvarg73;
650 int ldvarg74;
651 void *ldvarg72;
652 int tmp;
653 int tmp___0;
654 int tmp___1;
655 int tmp___2;
656 int tmp___3;
657 int tmp___4;
648 ldv_initialize() { /* Function call is skipped due to function is undefined */}
654 ldv_state_variable_11 = 0;
655 ldv_state_variable_7 = 0;
656 ldv_state_variable_17 = 0;
658 -timer_init_2()
{
333 ldv_timer_2_0 = 0;
334 ldv_timer_2_1 = 0;
335 ldv_timer_2_2 = 0;
336 ldv_timer_2_3 = 0;
337 return ;;
}
660 ldv_state_variable_2 = 1;
662 -timer_init_1()
{
341 ldv_timer_1_0 = 0;
342 ldv_timer_1_1 = 0;
343 ldv_timer_1_2 = 0;
344 ldv_timer_1_3 = 0;
345 return ;;
}
664 ldv_state_variable_1 = 1;
665 ldv_state_variable_18 = 0;
666 ref_cnt = 0;
667 ldv_state_variable_0 = 1;
668 ldv_state_variable_16 = 0;
669 ldv_state_variable_13 = 0;
670 ldv_state_variable_6 = 0;
672 -timer_init_3()
{
285 ldv_timer_3_0 = 0;
286 ldv_timer_3_1 = 0;
287 ldv_timer_3_2 = 0;
288 ldv_timer_3_3 = 0;
289 return ;;
}
674 ldv_state_variable_3 = 1;
675 ldv_state_variable_9 = 0;
676 ldv_state_variable_12 = 0;
677 ldv_state_variable_14 = 0;
678 ldv_state_variable_15 = 0;
679 ldv_state_variable_8 = 0;
680 ldv_state_variable_4 = 0;
681 ldv_state_variable_10 = 0;
682 ldv_state_variable_5 = 0;
683 ldv_53487:;
684 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
684 switch (tmp);
685 assume(!(tmp == 0));
693 assume(!(tmp == 1));
701 assume(!(tmp == 2));
709 assume(!(tmp == 3));
717 assume(!(tmp == 4));
725 assume(tmp == 5);
728 assume(ldv_state_variable_18 != 0);
729 -ldv_main_exported_18()
{
161 struct station_info *ldvarg28;
162 u8 *ldvarg34;
163 unsigned short ldvarg19;
164 u8 *ldvarg22;
165 unsigned char ldvarg25;
166 unsigned char ldvarg21;
167 unsigned char ldvarg33;
168 struct cfg80211_chan_def *ldvarg30;
169 struct cfg80211_connect_params *ldvarg38;
170 u32 *ldvarg35;
171 struct cfg80211_scan_request *ldvarg27;
172 _Bool ldvarg26;
173 _Bool ldvarg24;
174 u8 *ldvarg29;
175 enum nl80211_iftype ldvarg36;
176 struct vif_params *ldvarg37;
177 struct ieee80211_channel *ldvarg23;
178 _Bool ldvarg20;
179 struct key_params *ldvarg31;
180 _Bool ldvarg32;
181 struct cfg80211_ibss_params *ldvarg18;
182 int tmp;
182 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
182 switch (tmp);
183 assume(!(tmp == 0));
195 assume(!(tmp == 1));
219 assume(!(tmp == 2));
243 assume(!(tmp == 3));
267 assume(!(tmp == 4));
291 assume(tmp == 5);
293 assume(ldv_state_variable_18 == 1);
295 -lbs_leave_ibss(lbs_cfg80211_ops_group1, lbs_cfg80211_ops_group0)
{
2020 struct lbs_private *priv;
2021 void *tmp;
2022 struct cmd_ds_802_11_ad_hoc_stop cmd;
2023 int ret;
2024 int tmp___0;
2025 unsigned short __sz;
2026 int tmp___1;
2027 int tmp___2;
2020 -wiphy_priv(wiphy)
{
3324 long tmp;
3324 -__builtin_expect(((unsigned long)wiphy) == ((unsigned long)((struct wiphy *)0)), 0L)
{
52 return exp;;
}
3324 assume(!(tmp != 0L));
3325 return (void *)(&(wiphy->priv));;
}
2020 priv = (struct lbs_private *)tmp;
2022 ret = 0;
2024 unsigned long __CPAchecker_TMP_0 = (unsigned long)(priv->mesh_dev);
2024 assume(!(__CPAchecker_TMP_0 == ((unsigned long)dev)));
2027 assume(!((lbs_debug & 33554433U) == 33554433U));
2029 __memset((void *)(&cmd), 0, 8UL) { /* Function call is skipped due to function is undefined */}
2030 cmd.hdr.size = 8U;
2031 __sz = cmd.hdr.size;
2031 cmd.hdr.size = 8U;
2031 -__lbs_cmd(priv, 64, &(cmd.hdr), (int)__sz, &lbs_cmd_copyback, (unsigned long)(&cmd))
{
1689 struct cmd_ctrl_node *cmdnode;
1690 unsigned long flags;
1691 int ret;
1692 int tmp;
1693 long tmp___0;
1694 _Bool tmp___1;
1695 struct __wait_queue __wait;
1696 long __ret;
1697 long __int;
1698 long tmp___2;
1699 int tmp___3;
1692 ret = 0;
1694 assume(!((lbs_debug & 8193U) == 8193U));
1696 -__lbs_cmd_async(priv, (int)command, in_cmd, in_cmd_size, callback, callback_arg)
{
1623 struct cmd_ctrl_node *cmdnode;
1624 int tmp;
1625 int tmp___0;
1626 void *tmp___1;
1627 int tmp___2;
1628 void *tmp___3;
1629 int tmp___4;
1630 void *tmp___5;
1631 int tmp___6;
1632 int tmp___7;
1625 assume(!((lbs_debug & 8193U) == 8193U));
1627 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->surpriseremoved);
1627 assume(!(__CPAchecker_TMP_1 != 0U));
1636 assume(!((priv->is_auto_deep_sleep_enabled) == 0));
1644 -lbs_get_free_cmd_node(priv)
{
1278 struct cmd_ctrl_node *tempnode;
1279 unsigned long flags;
1280 int tmp;
1281 const struct list_head *__mptr;
1282 int tmp___0;
1283 int tmp___1;
1284 int tmp___2;
1281 assume(!((lbs_debug & 8193U) == 8193U));
1283 assume(!(((unsigned long)priv) == ((unsigned long)((struct lbs_private *)0))));
1286 -ldv___ldv_spin_lock_124(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
590 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
591 return ;;
}
1288 -list_empty((const struct list_head *)(&(priv->cmdfreeq)))
{
200 union __anonunion___u_20 __u;
200 -__read_once_size((const volatile void *)(&(head->next)), (void *)(&(__u.__c)), 8)
{
218 switch (size);
219 assume(!(size == 1));
219 assume(!(size == 2));
219 assume(!(size == 4));
219 assume(size == 8);
218 *((__u64 *)res) = *((__u64 *)p);
218 goto ldv_880;
220 return ;;
}
200 return ((unsigned long)((const struct list_head *)(__u.__val))) == ((unsigned long)head);;
}
1288 assume(tmp___1 == 0);
1289 __mptr = (const struct list_head *)(priv->cmdfreeq.next);
1289 tempnode = (struct cmd_ctrl_node *)__mptr;
1291 -list_del_init(&(tempnode->list))
{
156 __list_del_entry(entry) { /* Function call is skipped due to function is undefined */}
157 -INIT_LIST_HEAD___0(entry)
{
27 union __anonunion___u_16___0 __u;
27 __u.__val = list;
27 -__write_once_size((volatile void *)(&(list->next)), (void *)(&(__u.__c)), 8)
{
243 switch (size);
244 assume(!(size == 1));
245 assume(!(size == 2));
246 assume(!(size == 4));
247 assume(size == 8);
247 *((__u64 *)p) = *((__u64 *)res);
247 goto ldv_902;
254 return ;;
}
28 list->prev = list;
29 return ;;
}
158 return ;;
}
1297 -ldv_spin_unlock_irqrestore_116(&(priv->driver_lock), flags)
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
538 return ;;
}
1299 assume(!((lbs_debug & 8194U) == 8194U));
1300 return tempnode;;
}
1645 assume(!(((unsigned long)cmdnode) == ((unsigned long)((struct cmd_ctrl_node *)0))));
1654 cmdnode->callback = callback;
1655 cmdnode->callback_arg = callback_arg;
1658 void *__CPAchecker_TMP_5 = (void *)(cmdnode->cmdbuf);
1658 __memcpy(__CPAchecker_TMP_5, (const void *)in_cmd, (size_t )in_cmd_size) { /* Function call is skipped due to function is undefined */}
1661 cmdnode->cmdbuf->command = command;
1662 cmdnode->cmdbuf->size = (unsigned short)in_cmd_size;
1663 cmdnode->cmdbuf->result = 0U;
1665 assume(!((lbs_debug & 8192U) != 0U));
1667 cmdnode->cmdwaitqwoken = 0U;
1668 -lbs_queue_cmd(priv, cmdnode)
{
942 unsigned long flags;
943 int addtail;
944 int tmp;
945 int tmp___0;
946 int tmp___1;
947 struct cmd_ds_802_11_ps_mode *psm;
948 int tmp___2;
949 int tmp___3;
944 addtail = 1;
946 assume(!((lbs_debug & 8193U) == 8193U));
948 assume(!(((unsigned long)cmdnode) == ((unsigned long)((struct cmd_ctrl_node *)0))));
952 unsigned int __CPAchecker_TMP_2 = (unsigned int)(cmdnode->cmdbuf->size);
952 assume(!(__CPAchecker_TMP_2 == 0U));
956 cmdnode->result = 0;
959 unsigned int __CPAchecker_TMP_4 = (unsigned int)(cmdnode->cmdbuf->command);
959 assume(__CPAchecker_TMP_4 == 33U);
960 psm = (struct cmd_ds_802_11_ps_mode *)(&(cmdnode->cmdbuf));
962 unsigned int __CPAchecker_TMP_5 = (unsigned int)(psm->action);
962 assume(__CPAchecker_TMP_5 == 49U);
963 assume((priv->psstate) != 0U);
964 addtail = 0;
968 unsigned int __CPAchecker_TMP_6 = (unsigned int)(cmdnode->cmdbuf->command);
968 assume(!(__CPAchecker_TMP_6 == 68U));
971 -ldv___ldv_spin_lock_115(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
531 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
532 return ;;
}
973 assume(!(addtail != 0));
976 -list_add(&(cmdnode->list), &(priv->cmdpendingq))
{
63 __list_add(new, head, head->next) { /* Function call is skipped due to function is undefined */}
64 return ;;
}
978 -ldv_spin_unlock_irqrestore_116(&(priv->driver_lock), flags)
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
538 return ;;
}
980 assume(!((lbs_debug & 8192U) != 0U));
986 done:;
984 assume(!((lbs_debug & 8194U) == 8194U));
985 return ;;
}
1669 __wake_up(&(priv->waitq), 3U, 1, (void *)0) { /* Function call is skipped due to function is undefined */}
1670 done:;
1672 assume(!((lbs_debug & 8194U) == 8194U));
1673 return cmdnode;;
}
1698 -IS_ERR((const void *)cmdnode)
{
35 long tmp;
35 -__builtin_expect(((unsigned long)ptr) > 4294963200UL, 0L)
{
52 return exp;;
}
35 return tmp != 0L;;
}
1698 assume(!(((int)tmp___1) == 0));
1699 -PTR_ERR((const void *)cmdnode)
{
30 return (long)ptr;;
}
1699 ret = (int)tmp___0;
1700 goto done;
1722 assume(!((lbs_debug & 8194U) == 8194U));
1723 return ret;;
}
2031 ret = tmp___1;
2034 -lbs_mac_event_disconnected(priv, 1)
{
29 int tmp;
30 int tmp___0;
31 int tmp___1;
30 assume(!((priv->connect_status) != 0U));
33 assume(!((lbs_debug & 257U) == 257U));
39 msleep_interruptible(1000U) { /* Function call is skipped due to function is undefined */}
41 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->wdev->iftype);
41 assume(!(__CPAchecker_TMP_1 == 2U));
45 -netif_stop_queue(priv->dev)
{
2778 struct netdev_queue *tmp;
2778 -netdev_get_tx_queue((const struct net_device *)dev, 0U)
{
1886 struct netdev_queue *__CPAchecker_TMP_0 = (struct netdev_queue *)(dev->_tx);
1886 return __CPAchecker_TMP_0 + ((unsigned long)index);;
}
2778 -netif_tx_stop_queue(tmp)
{
2766 -set_bit(0L, (volatile unsigned long *)(&(dev_queue->state)))
{
80 Ignored inline assembler code
82 return ;;
}
2767 return ;;
}
2779 return ;;
}
46 netif_carrier_off(priv->dev) { /* Function call is skipped due to function is undefined */}
49 kfree_skb(priv->currenttxskb) { /* Function call is skipped due to function is undefined */}
50 priv->currenttxskb = (struct sk_buff *)0;
51 priv->tx_pending_len = 0;
53 priv->connect_status = 1U;
55 assume(!((priv->psstate) != 0U));
return ;;
}
return ;;
}
return ;;
}
return ;;
}
/*_____________________*/
/*spin_lock(char *"_driver_lock_of_lbs_private")[1]*/
/*Failure in refinement*/
-__CPAchecker_initialize()
{
return ;
}
-entry_point
{
649 struct sk_buff *ldvarg73;
650 int ldvarg74;
651 void *ldvarg72;
652 int tmp;
653 int tmp___0;
654 int tmp___1;
655 int tmp___2;
656 int tmp___3;
657 int tmp___4;
648 ldv_initialize() { /* Function call is skipped due to function is undefined */}
654 ldv_state_variable_11 = 0;
655 ldv_state_variable_7 = 0;
656 ldv_state_variable_17 = 0;
658 -timer_init_2()
{
333 ldv_timer_2_0 = 0;
334 ldv_timer_2_1 = 0;
335 ldv_timer_2_2 = 0;
336 ldv_timer_2_3 = 0;
337 return ;;
}
660 ldv_state_variable_2 = 1;
662 -timer_init_1()
{
341 ldv_timer_1_0 = 0;
342 ldv_timer_1_1 = 0;
343 ldv_timer_1_2 = 0;
344 ldv_timer_1_3 = 0;
345 return ;;
}
664 ldv_state_variable_1 = 1;
665 ldv_state_variable_18 = 0;
666 ref_cnt = 0;
667 ldv_state_variable_0 = 1;
668 ldv_state_variable_16 = 0;
669 ldv_state_variable_13 = 0;
670 ldv_state_variable_6 = 0;
672 -timer_init_3()
{
285 ldv_timer_3_0 = 0;
286 ldv_timer_3_1 = 0;
287 ldv_timer_3_2 = 0;
288 ldv_timer_3_3 = 0;
289 return ;;
}
674 ldv_state_variable_3 = 1;
675 ldv_state_variable_9 = 0;
676 ldv_state_variable_12 = 0;
677 ldv_state_variable_14 = 0;
678 ldv_state_variable_15 = 0;
679 ldv_state_variable_8 = 0;
680 ldv_state_variable_4 = 0;
681 ldv_state_variable_10 = 0;
682 ldv_state_variable_5 = 0;
683 ldv_53487:;
684 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
684 switch (tmp);
685 assume(!(tmp == 0));
693 assume(!(tmp == 1));
701 assume(!(tmp == 2));
709 assume(!(tmp == 3));
717 assume(!(tmp == 4));
725 assume(!(tmp == 5));
733 assume(!(tmp == 6));
785 assume(!(tmp == 7));
793 assume(!(tmp == 8));
801 assume(!(tmp == 9));
809 assume(!(tmp == 10));
817 assume(!(tmp == 11));
825 assume(!(tmp == 12));
833 assume(!(tmp == 13));
841 assume(!(tmp == 14));
994 assume(!(tmp == 15));
1002 assume(tmp == 16);
1005 assume(ldv_state_variable_4 != 0);
1006 -ldv_main_exported_4()
{
392 void *ldvarg80;
393 struct sk_buff *ldvarg81;
394 int tmp;
395 int tmp___0;
396 int tmp___1;
397 int tmp___2;
394 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */}
394 switch (tmp);
395 assume(!(tmp == 0));
419 assume(!(tmp == 1));
429 assume(!(tmp == 2));
440 assume(tmp == 3);
442 assume(ldv_state_variable_4 == 3);
444 -lbs_hard_start_xmit(ldvarg81, mesh_netdev_ops_group1)
{
66 unsigned long flags;
67 struct lbs_private *priv;
68 struct txpd *txpd;
69 char *p802x_hdr;
70 unsigned short pkt_len;
71 enum netdev_tx ret;
72 int tmp;
73 int tmp___0;
74 int tmp___1;
75 unsigned int __min1;
76 unsigned int __min2;
77 struct tx_radiotap_hdr *rtap_hdr;
78 int tmp___2;
79 int tmp___3;
67 priv = (struct lbs_private *)(dev->__annonCompField102.ml_priv);
71 ret = 0;
73 assume(!((lbs_debug & 65537U) == 65537U));
77 -ldv___ldv_spin_lock_553(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
531 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
532 return ;;
}
79 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->surpriseremoved);
79 assume(!(__CPAchecker_TMP_1 != 0U));
82 assume(!((skb->len) == 0U));
82 assume(!((skb->len) > 1574U));
93 -netif_stop_queue(priv->dev)
{
2778 struct netdev_queue *tmp;
2778 -netdev_get_tx_queue((const struct net_device *)dev, 0U)
{
1886 struct netdev_queue *__CPAchecker_TMP_0 = (struct netdev_queue *)(dev->_tx);
1886 return __CPAchecker_TMP_0 + ((unsigned long)index);;
}
2778 -netif_tx_stop_queue(tmp)
{
2766 -set_bit(0L, (volatile unsigned long *)(&(dev_queue->state)))
{
80 Ignored inline assembler code
82 return ;;
}
2767 return ;;
}
2779 return ;;
}
94 unsigned long __CPAchecker_TMP_3 = (unsigned long)(priv->mesh_dev);
94 assume(!(__CPAchecker_TMP_3 != ((unsigned long)((struct net_device *)0))));
97 assume(!((priv->tx_pending_len) != 0));
106 priv->tx_pending_len = -1;
107 -ldv_spin_unlock_irqrestore_116(&(priv->driver_lock), flags)
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
538 return ;;
}
109 __min1 = skb->len;
109 __min2 = 100U;
109 u8 *__CPAchecker_TMP_5 = (u8 *)(skb->data);
109 unsigned int __CPAchecker_TMP_6;
109 assume(!(__min1 < __min2));
109 __CPAchecker_TMP_6 = __min2;
109 -lbs_deb_hex___3(65536U, "TX Data", __CPAchecker_TMP_5, (int)__CPAchecker_TMP_6)
{
96 int i;
96 i = 0;
98 assume(len___0 != 0);
98 assume(!((lbs_debug & 2097152U) != 0U));
113 return ;;
}
111 txpd = (struct txpd *)(&(priv->tx_pending_buf));
112 __memset((void *)txpd, 0, 24UL) { /* Function call is skipped due to function is undefined */}
114 char *__CPAchecker_TMP_7 = (char *)(skb->data);
114 p802x_hdr = __CPAchecker_TMP_7;
115 uint16_t __CPAchecker_TMP_8 = (uint16_t )(skb->len);
115 pkt_len = __CPAchecker_TMP_8;
117 unsigned int __CPAchecker_TMP_9 = (unsigned int)(priv->wdev->iftype);
117 assume(__CPAchecker_TMP_9 == 6U);
118 struct tx_radiotap_hdr *__CPAchecker_TMP_10 = (struct tx_radiotap_hdr *)(skb->data);
118 rtap_hdr = __CPAchecker_TMP_10;
121 int __CPAchecker_TMP_11 = (int)(rtap_hdr->rate);
121 -convert_radiotap_rate_to_mv(__CPAchecker_TMP_11)
{
27 switch ((int)rate);
28 assume(!(((int)rate) == 2));
30 assume(!(((int)rate) == 4));
32 assume(!(((int)rate) == 11));
34 assume(!(((int)rate) == 22));
36 assume(!(((int)rate) == 12));
38 assume(!(((int)rate) == 18));
40 assume(!(((int)rate) == 24));
42 assume(!(((int)rate) == 36));
44 assume(!(((int)rate) == 48));
46 assume(!(((int)rate) == 72));
48 assume(!(((int)rate) == 96));
50 assume(!(((int)rate) == 108));
53 return 0U;;
}
124 p802x_hdr = p802x_hdr + 12UL;
125 pkt_len = ((unsigned int)pkt_len) - 12U;
128 __memcpy((void *)(&(txpd->tx_dest_addr_high)), ((const void *)p802x_hdr) + 4U, 6UL) { /* Function call is skipped due to function is undefined */}
134 txpd->tx_packet_length = pkt_len;
135 txpd->tx_packet_location = 24U;
137 -lbs_mesh_set_txpd(priv, dev, txpd)
{
1098 unsigned long __CPAchecker_TMP_0 = (unsigned long)(priv->mesh_dev);
1098 assume(!(__CPAchecker_TMP_0 == ((unsigned long)dev)));
1103 return ;;
}
139 -lbs_deb_hex___3(65536U, "txpd", (u8 *)(&txpd), 24)
{
96 int i;
96 i = 0;
98 assume(len___0 != 0);
98 assume(!((lbs_debug & 2097152U) != 0U));
113 return ;;
}
141 int __CPAchecker_TMP_12 = (int)(txpd->tx_packet_length);
141 -lbs_deb_hex___3(65536U, "Tx Data", (u8 *)p802x_hdr, __CPAchecker_TMP_12)
{
96 int i;
96 i = 0;
98 assume(!(len___0 != 0));
113 return ;;
}
143 size_t __CPAchecker_TMP_13 = (size_t )(txpd->tx_packet_length);
143 __memcpy(((void *)txpd) + 1U, (const void *)p802x_hdr, __CPAchecker_TMP_13) { /* Function call is skipped due to function is undefined */}
145 -ldv___ldv_spin_lock_555(&(priv->driver_lock))
{
/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/
543 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */}
544 return ;;
}
146 priv->tx_pending_len = (int)(((unsigned int)pkt_len) + 24U);
148 assume(!((lbs_debug & 65536U) != 0U));
150 dev->stats.tx_packets = (dev->stats.tx_packets) + 1UL;
151 unsigned long __CPAchecker_TMP_15 = (unsigned long)(skb->len);
151 dev->stats.tx_bytes = (dev->stats.tx_bytes) + __CPAchecker_TMP_15;
153 unsigned int __CPAchecker_TMP_16 = (unsigned int)(priv->wdev->iftype);
153 assume(__CPAchecker_TMP_16 == 6U);
156 -skb_orphan(skb)
{
2295 long tmp;
2295 unsigned long __CPAchecker_TMP_0 = (unsigned long)(skb->destructor);
2295 assume(!(__CPAchecker_TMP_0 != ((unsigned long)((void (*)(struct sk_buff *))0))));
2300 unsigned long __CPAchecker_TMP_1 = (unsigned long)(skb->sk);
2300 -__builtin_expect(__CPAchecker_TMP_1 != ((unsigned long)((struct sock *)0)), 0L)
{
52 return exp;;
}
2300 assume(!(tmp != 0L));
2302 return ;;
}
159 priv->currenttxskb = skb;
return ;;
}
return ;;
}
return ;;
}
Source code
1 /* 2 * Implement cfg80211 ("iw") support. 3 * 4 * Copyright (C) 2009 M&N Solutions GmbH, 61191 Rosbach, Germany 5 * Holger Schurig <hs4233@mail.mn-solutions.de> 6 * 7 */ 8 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/hardirq.h> 12 #include <linux/sched.h> 13 #include <linux/wait.h> 14 #include <linux/slab.h> 15 #include <linux/ieee80211.h> 16 #include <net/cfg80211.h> 17 #include <asm/unaligned.h> 18 19 #include "decl.h" 20 #include "cfg.h" 21 #include "cmd.h" 22 #include "mesh.h" 23 24 25 #define CHAN2G(_channel, _freq, _flags) { \ 26 .band = IEEE80211_BAND_2GHZ, \ 27 .center_freq = (_freq), \ 28 .hw_value = (_channel), \ 29 .flags = (_flags), \ 30 .max_antenna_gain = 0, \ 31 .max_power = 30, \ 32 } 33 34 static struct ieee80211_channel lbs_2ghz_channels[] = { 35 CHAN2G(1, 2412, 0), 36 CHAN2G(2, 2417, 0), 37 CHAN2G(3, 2422, 0), 38 CHAN2G(4, 2427, 0), 39 CHAN2G(5, 2432, 0), 40 CHAN2G(6, 2437, 0), 41 CHAN2G(7, 2442, 0), 42 CHAN2G(8, 2447, 0), 43 CHAN2G(9, 2452, 0), 44 CHAN2G(10, 2457, 0), 45 CHAN2G(11, 2462, 0), 46 CHAN2G(12, 2467, 0), 47 CHAN2G(13, 2472, 0), 48 CHAN2G(14, 2484, 0), 49 }; 50 51 #define RATETAB_ENT(_rate, _hw_value, _flags) { \ 52 .bitrate = (_rate), \ 53 .hw_value = (_hw_value), \ 54 .flags = (_flags), \ 55 } 56 57 58 /* Table 6 in section 3.2.1.1 */ 59 static struct ieee80211_rate lbs_rates[] = { 60 RATETAB_ENT(10, 0, 0), 61 RATETAB_ENT(20, 1, 0), 62 RATETAB_ENT(55, 2, 0), 63 RATETAB_ENT(110, 3, 0), 64 RATETAB_ENT(60, 9, 0), 65 RATETAB_ENT(90, 6, 0), 66 RATETAB_ENT(120, 7, 0), 67 RATETAB_ENT(180, 8, 0), 68 RATETAB_ENT(240, 9, 0), 69 RATETAB_ENT(360, 10, 0), 70 RATETAB_ENT(480, 11, 0), 71 RATETAB_ENT(540, 12, 0), 72 }; 73 74 static struct ieee80211_supported_band lbs_band_2ghz = { 75 .channels = lbs_2ghz_channels, 76 .n_channels = ARRAY_SIZE(lbs_2ghz_channels), 77 .bitrates = lbs_rates, 78 .n_bitrates = ARRAY_SIZE(lbs_rates), 79 }; 80 81 82 static const u32 cipher_suites[] = { 83 WLAN_CIPHER_SUITE_WEP40, 84 WLAN_CIPHER_SUITE_WEP104, 85 WLAN_CIPHER_SUITE_TKIP, 86 WLAN_CIPHER_SUITE_CCMP, 87 }; 88 89 /* Time to stay on the channel */ 90 #define LBS_DWELL_PASSIVE 100 91 #define LBS_DWELL_ACTIVE 40 92 93 94 /*************************************************************************** 95 * Misc utility functions 96 * 97 * TLVs are Marvell specific. They are very similar to IEs, they have the 98 * same structure: type, length, data*. The only difference: for IEs, the 99 * type and length are u8, but for TLVs they're __le16. 100 */ 101 102 /* 103 * Convert NL80211's auth_type to the one from Libertas, see chapter 5.9.1 104 * in the firmware spec 105 */ 106 static int lbs_auth_to_authtype(enum nl80211_auth_type auth_type) 107 { 108 int ret = -ENOTSUPP; 109 110 switch (auth_type) { 111 case NL80211_AUTHTYPE_OPEN_SYSTEM: 112 case NL80211_AUTHTYPE_SHARED_KEY: 113 ret = auth_type; 114 break; 115 case NL80211_AUTHTYPE_AUTOMATIC: 116 ret = NL80211_AUTHTYPE_OPEN_SYSTEM; 117 break; 118 case NL80211_AUTHTYPE_NETWORK_EAP: 119 ret = 0x80; 120 break; 121 default: 122 /* silence compiler */ 123 break; 124 } 125 return ret; 126 } 127 128 129 /* 130 * Various firmware commands need the list of supported rates, but with 131 * the hight-bit set for basic rates 132 */ 133 static int lbs_add_rates(u8 *rates) 134 { 135 size_t i; 136 137 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 138 u8 rate = lbs_rates[i].bitrate / 5; 139 if (rate == 0x02 || rate == 0x04 || 140 rate == 0x0b || rate == 0x16) 141 rate |= 0x80; 142 rates[i] = rate; 143 } 144 return ARRAY_SIZE(lbs_rates); 145 } 146 147 148 /*************************************************************************** 149 * TLV utility functions 150 * 151 * TLVs are Marvell specific. They are very similar to IEs, they have the 152 * same structure: type, length, data*. The only difference: for IEs, the 153 * type and length are u8, but for TLVs they're __le16. 154 */ 155 156 157 /* 158 * Add ssid TLV 159 */ 160 #define LBS_MAX_SSID_TLV_SIZE \ 161 (sizeof(struct mrvl_ie_header) \ 162 + IEEE80211_MAX_SSID_LEN) 163 164 static int lbs_add_ssid_tlv(u8 *tlv, const u8 *ssid, int ssid_len) 165 { 166 struct mrvl_ie_ssid_param_set *ssid_tlv = (void *)tlv; 167 168 /* 169 * TLV-ID SSID 00 00 170 * length 06 00 171 * ssid 4d 4e 54 45 53 54 172 */ 173 ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID); 174 ssid_tlv->header.len = cpu_to_le16(ssid_len); 175 memcpy(ssid_tlv->ssid, ssid, ssid_len); 176 return sizeof(ssid_tlv->header) + ssid_len; 177 } 178 179 180 /* 181 * Add channel list TLV (section 8.4.2) 182 * 183 * Actual channel data comes from priv->wdev->wiphy->channels. 184 */ 185 #define LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 186 (sizeof(struct mrvl_ie_header) \ 187 + (LBS_SCAN_BEFORE_NAP * sizeof(struct chanscanparamset))) 188 189 static int lbs_add_channel_list_tlv(struct lbs_private *priv, u8 *tlv, 190 int last_channel, int active_scan) 191 { 192 int chanscanparamsize = sizeof(struct chanscanparamset) * 193 (last_channel - priv->scan_channel); 194 195 struct mrvl_ie_header *header = (void *) tlv; 196 197 /* 198 * TLV-ID CHANLIST 01 01 199 * length 0e 00 200 * channel 00 01 00 00 00 64 00 201 * radio type 00 202 * channel 01 203 * scan type 00 204 * min scan time 00 00 205 * max scan time 64 00 206 * channel 2 00 02 00 00 00 64 00 207 * 208 */ 209 210 header->type = cpu_to_le16(TLV_TYPE_CHANLIST); 211 header->len = cpu_to_le16(chanscanparamsize); 212 tlv += sizeof(struct mrvl_ie_header); 213 214 /* lbs_deb_scan("scan: channels %d to %d\n", priv->scan_channel, 215 last_channel); */ 216 memset(tlv, 0, chanscanparamsize); 217 218 while (priv->scan_channel < last_channel) { 219 struct chanscanparamset *param = (void *) tlv; 220 221 param->radiotype = CMD_SCAN_RADIO_TYPE_BG; 222 param->channumber = 223 priv->scan_req->channels[priv->scan_channel]->hw_value; 224 if (active_scan) { 225 param->maxscantime = cpu_to_le16(LBS_DWELL_ACTIVE); 226 } else { 227 param->chanscanmode.passivescan = 1; 228 param->maxscantime = cpu_to_le16(LBS_DWELL_PASSIVE); 229 } 230 tlv += sizeof(struct chanscanparamset); 231 priv->scan_channel++; 232 } 233 return sizeof(struct mrvl_ie_header) + chanscanparamsize; 234 } 235 236 237 /* 238 * Add rates TLV 239 * 240 * The rates are in lbs_bg_rates[], but for the 802.11b 241 * rates the high bit is set. We add this TLV only because 242 * there's a firmware which otherwise doesn't report all 243 * APs in range. 244 */ 245 #define LBS_MAX_RATES_TLV_SIZE \ 246 (sizeof(struct mrvl_ie_header) \ 247 + (ARRAY_SIZE(lbs_rates))) 248 249 /* Adds a TLV with all rates the hardware supports */ 250 static int lbs_add_supported_rates_tlv(u8 *tlv) 251 { 252 size_t i; 253 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 254 255 /* 256 * TLV-ID RATES 01 00 257 * length 0e 00 258 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 259 */ 260 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 261 tlv += sizeof(rate_tlv->header); 262 i = lbs_add_rates(tlv); 263 tlv += i; 264 rate_tlv->header.len = cpu_to_le16(i); 265 return sizeof(rate_tlv->header) + i; 266 } 267 268 /* Add common rates from a TLV and return the new end of the TLV */ 269 static u8 * 270 add_ie_rates(u8 *tlv, const u8 *ie, int *nrates) 271 { 272 int hw, ap, ap_max = ie[1]; 273 u8 hw_rate; 274 275 /* Advance past IE header */ 276 ie += 2; 277 278 lbs_deb_hex(LBS_DEB_ASSOC, "AP IE Rates", (u8 *) ie, ap_max); 279 280 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 281 hw_rate = lbs_rates[hw].bitrate / 5; 282 for (ap = 0; ap < ap_max; ap++) { 283 if (hw_rate == (ie[ap] & 0x7f)) { 284 *tlv++ = ie[ap]; 285 *nrates = *nrates + 1; 286 } 287 } 288 } 289 return tlv; 290 } 291 292 /* 293 * Adds a TLV with all rates the hardware *and* BSS supports. 294 */ 295 static int lbs_add_common_rates_tlv(u8 *tlv, struct cfg80211_bss *bss) 296 { 297 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 298 const u8 *rates_eid, *ext_rates_eid; 299 int n = 0; 300 301 rcu_read_lock(); 302 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 303 ext_rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 304 305 /* 306 * 01 00 TLV_TYPE_RATES 307 * 04 00 len 308 * 82 84 8b 96 rates 309 */ 310 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 311 tlv += sizeof(rate_tlv->header); 312 313 /* Add basic rates */ 314 if (rates_eid) { 315 tlv = add_ie_rates(tlv, rates_eid, &n); 316 317 /* Add extended rates, if any */ 318 if (ext_rates_eid) 319 tlv = add_ie_rates(tlv, ext_rates_eid, &n); 320 } else { 321 lbs_deb_assoc("assoc: bss had no basic rate IE\n"); 322 /* Fallback: add basic 802.11b rates */ 323 *tlv++ = 0x82; 324 *tlv++ = 0x84; 325 *tlv++ = 0x8b; 326 *tlv++ = 0x96; 327 n = 4; 328 } 329 rcu_read_unlock(); 330 331 rate_tlv->header.len = cpu_to_le16(n); 332 return sizeof(rate_tlv->header) + n; 333 } 334 335 336 /* 337 * Add auth type TLV. 338 * 339 * This is only needed for newer firmware (V9 and up). 340 */ 341 #define LBS_MAX_AUTH_TYPE_TLV_SIZE \ 342 sizeof(struct mrvl_ie_auth_type) 343 344 static int lbs_add_auth_type_tlv(u8 *tlv, enum nl80211_auth_type auth_type) 345 { 346 struct mrvl_ie_auth_type *auth = (void *) tlv; 347 348 /* 349 * 1f 01 TLV_TYPE_AUTH_TYPE 350 * 01 00 len 351 * 01 auth type 352 */ 353 auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE); 354 auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header)); 355 auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type)); 356 return sizeof(*auth); 357 } 358 359 360 /* 361 * Add channel (phy ds) TLV 362 */ 363 #define LBS_MAX_CHANNEL_TLV_SIZE \ 364 sizeof(struct mrvl_ie_header) 365 366 static int lbs_add_channel_tlv(u8 *tlv, u8 channel) 367 { 368 struct mrvl_ie_ds_param_set *ds = (void *) tlv; 369 370 /* 371 * 03 00 TLV_TYPE_PHY_DS 372 * 01 00 len 373 * 06 channel 374 */ 375 ds->header.type = cpu_to_le16(TLV_TYPE_PHY_DS); 376 ds->header.len = cpu_to_le16(sizeof(*ds)-sizeof(ds->header)); 377 ds->channel = channel; 378 return sizeof(*ds); 379 } 380 381 382 /* 383 * Add (empty) CF param TLV of the form: 384 */ 385 #define LBS_MAX_CF_PARAM_TLV_SIZE \ 386 sizeof(struct mrvl_ie_header) 387 388 static int lbs_add_cf_param_tlv(u8 *tlv) 389 { 390 struct mrvl_ie_cf_param_set *cf = (void *)tlv; 391 392 /* 393 * 04 00 TLV_TYPE_CF 394 * 06 00 len 395 * 00 cfpcnt 396 * 00 cfpperiod 397 * 00 00 cfpmaxduration 398 * 00 00 cfpdurationremaining 399 */ 400 cf->header.type = cpu_to_le16(TLV_TYPE_CF); 401 cf->header.len = cpu_to_le16(sizeof(*cf)-sizeof(cf->header)); 402 return sizeof(*cf); 403 } 404 405 /* 406 * Add WPA TLV 407 */ 408 #define LBS_MAX_WPA_TLV_SIZE \ 409 (sizeof(struct mrvl_ie_header) \ 410 + 128 /* TODO: I guessed the size */) 411 412 static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len) 413 { 414 size_t tlv_len; 415 416 /* 417 * We need just convert an IE to an TLV. IEs use u8 for the header, 418 * u8 type 419 * u8 len 420 * u8[] data 421 * but TLVs use __le16 instead: 422 * __le16 type 423 * __le16 len 424 * u8[] data 425 */ 426 *tlv++ = *ie++; 427 *tlv++ = 0; 428 tlv_len = *tlv++ = *ie++; 429 *tlv++ = 0; 430 while (tlv_len--) 431 *tlv++ = *ie++; 432 /* the TLV is two bytes larger than the IE */ 433 return ie_len + 2; 434 } 435 436 /* 437 * Set Channel 438 */ 439 440 static int lbs_cfg_set_monitor_channel(struct wiphy *wiphy, 441 struct cfg80211_chan_def *chandef) 442 { 443 struct lbs_private *priv = wiphy_priv(wiphy); 444 int ret = -ENOTSUPP; 445 446 lbs_deb_enter_args(LBS_DEB_CFG80211, "freq %d, type %d", 447 chandef->chan->center_freq, 448 cfg80211_get_chandef_type(chandef)); 449 450 if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT) 451 goto out; 452 453 ret = lbs_set_channel(priv, chandef->chan->hw_value); 454 455 out: 456 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 457 return ret; 458 } 459 460 static int lbs_cfg_set_mesh_channel(struct wiphy *wiphy, 461 struct net_device *netdev, 462 struct ieee80211_channel *channel) 463 { 464 struct lbs_private *priv = wiphy_priv(wiphy); 465 int ret = -ENOTSUPP; 466 467 lbs_deb_enter_args(LBS_DEB_CFG80211, "iface %s freq %d", 468 netdev_name(netdev), channel->center_freq); 469 470 if (netdev != priv->mesh_dev) 471 goto out; 472 473 ret = lbs_mesh_set_channel(priv, channel->hw_value); 474 475 out: 476 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 477 return ret; 478 } 479 480 481 482 /* 483 * Scanning 484 */ 485 486 /* 487 * When scanning, the firmware doesn't send a nul packet with the power-safe 488 * bit to the AP. So we cannot stay away from our current channel too long, 489 * otherwise we loose data. So take a "nap" while scanning every other 490 * while. 491 */ 492 #define LBS_SCAN_BEFORE_NAP 4 493 494 495 /* 496 * When the firmware reports back a scan-result, it gives us an "u8 rssi", 497 * which isn't really an RSSI, as it becomes larger when moving away from 498 * the AP. Anyway, we need to convert that into mBm. 499 */ 500 #define LBS_SCAN_RSSI_TO_MBM(rssi) \ 501 ((-(int)rssi + 3)*100) 502 503 static int lbs_ret_scan(struct lbs_private *priv, unsigned long dummy, 504 struct cmd_header *resp) 505 { 506 struct cfg80211_bss *bss; 507 struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp; 508 int bsssize; 509 const u8 *pos; 510 const u8 *tsfdesc; 511 int tsfsize; 512 int i; 513 int ret = -EILSEQ; 514 515 lbs_deb_enter(LBS_DEB_CFG80211); 516 517 bsssize = get_unaligned_le16(&scanresp->bssdescriptsize); 518 519 lbs_deb_scan("scan response: %d BSSs (%d bytes); resp size %d bytes\n", 520 scanresp->nr_sets, bsssize, le16_to_cpu(resp->size)); 521 522 if (scanresp->nr_sets == 0) { 523 ret = 0; 524 goto done; 525 } 526 527 /* 528 * The general layout of the scan response is described in chapter 529 * 5.7.1. Basically we have a common part, then any number of BSS 530 * descriptor sections. Finally we have section with the same number 531 * of TSFs. 532 * 533 * cmd_ds_802_11_scan_rsp 534 * cmd_header 535 * pos_size 536 * nr_sets 537 * bssdesc 1 538 * bssid 539 * rssi 540 * timestamp 541 * intvl 542 * capa 543 * IEs 544 * bssdesc 2 545 * bssdesc n 546 * MrvlIEtypes_TsfFimestamp_t 547 * TSF for BSS 1 548 * TSF for BSS 2 549 * TSF for BSS n 550 */ 551 552 pos = scanresp->bssdesc_and_tlvbuffer; 553 554 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_RSP", scanresp->bssdesc_and_tlvbuffer, 555 scanresp->bssdescriptsize); 556 557 tsfdesc = pos + bsssize; 558 tsfsize = 4 + 8 * scanresp->nr_sets; 559 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TSF", (u8 *) tsfdesc, tsfsize); 560 561 /* Validity check: we expect a Marvell-Local TLV */ 562 i = get_unaligned_le16(tsfdesc); 563 tsfdesc += 2; 564 if (i != TLV_TYPE_TSFTIMESTAMP) { 565 lbs_deb_scan("scan response: invalid TSF Timestamp %d\n", i); 566 goto done; 567 } 568 569 /* 570 * Validity check: the TLV holds TSF values with 8 bytes each, so 571 * the size in the TLV must match the nr_sets value 572 */ 573 i = get_unaligned_le16(tsfdesc); 574 tsfdesc += 2; 575 if (i / 8 != scanresp->nr_sets) { 576 lbs_deb_scan("scan response: invalid number of TSF timestamp " 577 "sets (expected %d got %d)\n", scanresp->nr_sets, 578 i / 8); 579 goto done; 580 } 581 582 for (i = 0; i < scanresp->nr_sets; i++) { 583 const u8 *bssid; 584 const u8 *ie; 585 int left; 586 int ielen; 587 int rssi; 588 u16 intvl; 589 u16 capa; 590 int chan_no = -1; 591 const u8 *ssid = NULL; 592 u8 ssid_len = 0; 593 594 int len = get_unaligned_le16(pos); 595 pos += 2; 596 597 /* BSSID */ 598 bssid = pos; 599 pos += ETH_ALEN; 600 /* RSSI */ 601 rssi = *pos++; 602 /* Packet time stamp */ 603 pos += 8; 604 /* Beacon interval */ 605 intvl = get_unaligned_le16(pos); 606 pos += 2; 607 /* Capabilities */ 608 capa = get_unaligned_le16(pos); 609 pos += 2; 610 611 /* To find out the channel, we must parse the IEs */ 612 ie = pos; 613 /* 614 * 6+1+8+2+2: size of BSSID, RSSI, time stamp, beacon 615 * interval, capabilities 616 */ 617 ielen = left = len - (6 + 1 + 8 + 2 + 2); 618 while (left >= 2) { 619 u8 id, elen; 620 id = *pos++; 621 elen = *pos++; 622 left -= 2; 623 if (elen > left) { 624 lbs_deb_scan("scan response: invalid IE fmt\n"); 625 goto done; 626 } 627 628 if (id == WLAN_EID_DS_PARAMS) 629 chan_no = *pos; 630 if (id == WLAN_EID_SSID) { 631 ssid = pos; 632 ssid_len = elen; 633 } 634 left -= elen; 635 pos += elen; 636 } 637 638 /* No channel, no luck */ 639 if (chan_no != -1) { 640 struct wiphy *wiphy = priv->wdev->wiphy; 641 int freq = ieee80211_channel_to_frequency(chan_no, 642 IEEE80211_BAND_2GHZ); 643 struct ieee80211_channel *channel = 644 ieee80211_get_channel(wiphy, freq); 645 646 lbs_deb_scan("scan: %pM, capa %04x, chan %2d, %*pE, %d dBm\n", 647 bssid, capa, chan_no, ssid_len, ssid, 648 LBS_SCAN_RSSI_TO_MBM(rssi)/100); 649 650 if (channel && 651 !(channel->flags & IEEE80211_CHAN_DISABLED)) { 652 bss = cfg80211_inform_bss(wiphy, channel, 653 CFG80211_BSS_FTYPE_UNKNOWN, 654 bssid, get_unaligned_le64(tsfdesc), 655 capa, intvl, ie, ielen, 656 LBS_SCAN_RSSI_TO_MBM(rssi), 657 GFP_KERNEL); 658 cfg80211_put_bss(wiphy, bss); 659 } 660 } else 661 lbs_deb_scan("scan response: missing BSS channel IE\n"); 662 663 tsfdesc += 8; 664 } 665 ret = 0; 666 667 done: 668 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret); 669 return ret; 670 } 671 672 673 /* 674 * Our scan command contains a TLV, consting of a SSID TLV, a channel list 675 * TLV and a rates TLV. Determine the maximum size of them: 676 */ 677 #define LBS_SCAN_MAX_CMD_SIZE \ 678 (sizeof(struct cmd_ds_802_11_scan) \ 679 + LBS_MAX_SSID_TLV_SIZE \ 680 + LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 681 + LBS_MAX_RATES_TLV_SIZE) 682 683 /* 684 * Assumes priv->scan_req is initialized and valid 685 * Assumes priv->scan_channel is initialized 686 */ 687 static void lbs_scan_worker(struct work_struct *work) 688 { 689 struct lbs_private *priv = 690 container_of(work, struct lbs_private, scan_work.work); 691 struct cmd_ds_802_11_scan *scan_cmd; 692 u8 *tlv; /* pointer into our current, growing TLV storage area */ 693 int last_channel; 694 int running, carrier; 695 696 lbs_deb_enter(LBS_DEB_SCAN); 697 698 scan_cmd = kzalloc(LBS_SCAN_MAX_CMD_SIZE, GFP_KERNEL); 699 if (scan_cmd == NULL) 700 goto out_no_scan_cmd; 701 702 /* prepare fixed part of scan command */ 703 scan_cmd->bsstype = CMD_BSS_TYPE_ANY; 704 705 /* stop network while we're away from our main channel */ 706 running = !netif_queue_stopped(priv->dev); 707 carrier = netif_carrier_ok(priv->dev); 708 if (running) 709 netif_stop_queue(priv->dev); 710 if (carrier) 711 netif_carrier_off(priv->dev); 712 713 /* prepare fixed part of scan command */ 714 tlv = scan_cmd->tlvbuffer; 715 716 /* add SSID TLV */ 717 if (priv->scan_req->n_ssids && priv->scan_req->ssids[0].ssid_len > 0) 718 tlv += lbs_add_ssid_tlv(tlv, 719 priv->scan_req->ssids[0].ssid, 720 priv->scan_req->ssids[0].ssid_len); 721 722 /* add channel TLVs */ 723 last_channel = priv->scan_channel + LBS_SCAN_BEFORE_NAP; 724 if (last_channel > priv->scan_req->n_channels) 725 last_channel = priv->scan_req->n_channels; 726 tlv += lbs_add_channel_list_tlv(priv, tlv, last_channel, 727 priv->scan_req->n_ssids); 728 729 /* add rates TLV */ 730 tlv += lbs_add_supported_rates_tlv(tlv); 731 732 if (priv->scan_channel < priv->scan_req->n_channels) { 733 cancel_delayed_work(&priv->scan_work); 734 if (netif_running(priv->dev)) 735 queue_delayed_work(priv->work_thread, &priv->scan_work, 736 msecs_to_jiffies(300)); 737 } 738 739 /* This is the final data we are about to send */ 740 scan_cmd->hdr.size = cpu_to_le16(tlv - (u8 *)scan_cmd); 741 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd, 742 sizeof(*scan_cmd)); 743 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer, 744 tlv - scan_cmd->tlvbuffer); 745 746 __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr, 747 le16_to_cpu(scan_cmd->hdr.size), 748 lbs_ret_scan, 0); 749 750 if (priv->scan_channel >= priv->scan_req->n_channels) { 751 /* Mark scan done */ 752 cancel_delayed_work(&priv->scan_work); 753 lbs_scan_done(priv); 754 } 755 756 /* Restart network */ 757 if (carrier) 758 netif_carrier_on(priv->dev); 759 if (running && !priv->tx_pending_len) 760 netif_wake_queue(priv->dev); 761 762 kfree(scan_cmd); 763 764 /* Wake up anything waiting on scan completion */ 765 if (priv->scan_req == NULL) { 766 lbs_deb_scan("scan: waking up waiters\n"); 767 wake_up_all(&priv->scan_q); 768 } 769 770 out_no_scan_cmd: 771 lbs_deb_leave(LBS_DEB_SCAN); 772 } 773 774 static void _internal_start_scan(struct lbs_private *priv, bool internal, 775 struct cfg80211_scan_request *request) 776 { 777 lbs_deb_enter(LBS_DEB_CFG80211); 778 779 lbs_deb_scan("scan: ssids %d, channels %d, ie_len %zd\n", 780 request->n_ssids, request->n_channels, request->ie_len); 781 782 priv->scan_channel = 0; 783 priv->scan_req = request; 784 priv->internal_scan = internal; 785 786 queue_delayed_work(priv->work_thread, &priv->scan_work, 787 msecs_to_jiffies(50)); 788 789 lbs_deb_leave(LBS_DEB_CFG80211); 790 } 791 792 /* 793 * Clean up priv->scan_req. Should be used to handle the allocation details. 794 */ 795 void lbs_scan_done(struct lbs_private *priv) 796 { 797 WARN_ON(!priv->scan_req); 798 799 if (priv->internal_scan) 800 kfree(priv->scan_req); 801 else 802 cfg80211_scan_done(priv->scan_req, false); 803 804 priv->scan_req = NULL; 805 } 806 807 static int lbs_cfg_scan(struct wiphy *wiphy, 808 struct cfg80211_scan_request *request) 809 { 810 struct lbs_private *priv = wiphy_priv(wiphy); 811 int ret = 0; 812 813 lbs_deb_enter(LBS_DEB_CFG80211); 814 815 if (priv->scan_req || delayed_work_pending(&priv->scan_work)) { 816 /* old scan request not yet processed */ 817 ret = -EAGAIN; 818 goto out; 819 } 820 821 _internal_start_scan(priv, false, request); 822 823 if (priv->surpriseremoved) 824 ret = -EIO; 825 826 out: 827 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 828 return ret; 829 } 830 831 832 833 834 /* 835 * Events 836 */ 837 838 void lbs_send_disconnect_notification(struct lbs_private *priv, 839 bool locally_generated) 840 { 841 lbs_deb_enter(LBS_DEB_CFG80211); 842 843 cfg80211_disconnected(priv->dev, 0, NULL, 0, locally_generated, 844 GFP_KERNEL); 845 846 lbs_deb_leave(LBS_DEB_CFG80211); 847 } 848 849 void lbs_send_mic_failureevent(struct lbs_private *priv, u32 event) 850 { 851 lbs_deb_enter(LBS_DEB_CFG80211); 852 853 cfg80211_michael_mic_failure(priv->dev, 854 priv->assoc_bss, 855 event == MACREG_INT_CODE_MIC_ERR_MULTICAST ? 856 NL80211_KEYTYPE_GROUP : 857 NL80211_KEYTYPE_PAIRWISE, 858 -1, 859 NULL, 860 GFP_KERNEL); 861 862 lbs_deb_leave(LBS_DEB_CFG80211); 863 } 864 865 866 867 868 /* 869 * Connect/disconnect 870 */ 871 872 873 /* 874 * This removes all WEP keys 875 */ 876 static int lbs_remove_wep_keys(struct lbs_private *priv) 877 { 878 struct cmd_ds_802_11_set_wep cmd; 879 int ret; 880 881 lbs_deb_enter(LBS_DEB_CFG80211); 882 883 memset(&cmd, 0, sizeof(cmd)); 884 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 885 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 886 cmd.action = cpu_to_le16(CMD_ACT_REMOVE); 887 888 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 889 890 lbs_deb_leave(LBS_DEB_CFG80211); 891 return ret; 892 } 893 894 /* 895 * Set WEP keys 896 */ 897 static int lbs_set_wep_keys(struct lbs_private *priv) 898 { 899 struct cmd_ds_802_11_set_wep cmd; 900 int i; 901 int ret; 902 903 lbs_deb_enter(LBS_DEB_CFG80211); 904 905 /* 906 * command 13 00 907 * size 50 00 908 * sequence xx xx 909 * result 00 00 910 * action 02 00 ACT_ADD 911 * transmit key 00 00 912 * type for key 1 01 WEP40 913 * type for key 2 00 914 * type for key 3 00 915 * type for key 4 00 916 * key 1 39 39 39 39 39 00 00 00 917 * 00 00 00 00 00 00 00 00 918 * key 2 00 00 00 00 00 00 00 00 919 * 00 00 00 00 00 00 00 00 920 * key 3 00 00 00 00 00 00 00 00 921 * 00 00 00 00 00 00 00 00 922 * key 4 00 00 00 00 00 00 00 00 923 */ 924 if (priv->wep_key_len[0] || priv->wep_key_len[1] || 925 priv->wep_key_len[2] || priv->wep_key_len[3]) { 926 /* Only set wep keys if we have at least one of them */ 927 memset(&cmd, 0, sizeof(cmd)); 928 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 929 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 930 cmd.action = cpu_to_le16(CMD_ACT_ADD); 931 932 for (i = 0; i < 4; i++) { 933 switch (priv->wep_key_len[i]) { 934 case WLAN_KEY_LEN_WEP40: 935 cmd.keytype[i] = CMD_TYPE_WEP_40_BIT; 936 break; 937 case WLAN_KEY_LEN_WEP104: 938 cmd.keytype[i] = CMD_TYPE_WEP_104_BIT; 939 break; 940 default: 941 cmd.keytype[i] = 0; 942 break; 943 } 944 memcpy(cmd.keymaterial[i], priv->wep_key[i], 945 priv->wep_key_len[i]); 946 } 947 948 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 949 } else { 950 /* Otherwise remove all wep keys */ 951 ret = lbs_remove_wep_keys(priv); 952 } 953 954 lbs_deb_leave(LBS_DEB_CFG80211); 955 return ret; 956 } 957 958 959 /* 960 * Enable/Disable RSN status 961 */ 962 static int lbs_enable_rsn(struct lbs_private *priv, int enable) 963 { 964 struct cmd_ds_802_11_enable_rsn cmd; 965 int ret; 966 967 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", enable); 968 969 /* 970 * cmd 2f 00 971 * size 0c 00 972 * sequence xx xx 973 * result 00 00 974 * action 01 00 ACT_SET 975 * enable 01 00 976 */ 977 memset(&cmd, 0, sizeof(cmd)); 978 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 979 cmd.action = cpu_to_le16(CMD_ACT_SET); 980 cmd.enable = cpu_to_le16(enable); 981 982 ret = lbs_cmd_with_response(priv, CMD_802_11_ENABLE_RSN, &cmd); 983 984 lbs_deb_leave(LBS_DEB_CFG80211); 985 return ret; 986 } 987 988 989 /* 990 * Set WPA/WPA key material 991 */ 992 993 /* 994 * like "struct cmd_ds_802_11_key_material", but with cmd_header. Once we 995 * get rid of WEXT, this should go into host.h 996 */ 997 998 struct cmd_key_material { 999 struct cmd_header hdr; 1000 1001 __le16 action; 1002 struct MrvlIEtype_keyParamSet param; 1003 } __packed; 1004 1005 static int lbs_set_key_material(struct lbs_private *priv, 1006 int key_type, int key_info, 1007 const u8 *key, u16 key_len) 1008 { 1009 struct cmd_key_material cmd; 1010 int ret; 1011 1012 lbs_deb_enter(LBS_DEB_CFG80211); 1013 1014 /* 1015 * Example for WPA (TKIP): 1016 * 1017 * cmd 5e 00 1018 * size 34 00 1019 * sequence xx xx 1020 * result 00 00 1021 * action 01 00 1022 * TLV type 00 01 key param 1023 * length 00 26 1024 * key type 01 00 TKIP 1025 * key info 06 00 UNICAST | ENABLED 1026 * key len 20 00 1027 * key 32 bytes 1028 */ 1029 memset(&cmd, 0, sizeof(cmd)); 1030 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1031 cmd.action = cpu_to_le16(CMD_ACT_SET); 1032 cmd.param.type = cpu_to_le16(TLV_TYPE_KEY_MATERIAL); 1033 cmd.param.length = cpu_to_le16(sizeof(cmd.param) - 4); 1034 cmd.param.keytypeid = cpu_to_le16(key_type); 1035 cmd.param.keyinfo = cpu_to_le16(key_info); 1036 cmd.param.keylen = cpu_to_le16(key_len); 1037 if (key && key_len) 1038 memcpy(cmd.param.key, key, key_len); 1039 1040 ret = lbs_cmd_with_response(priv, CMD_802_11_KEY_MATERIAL, &cmd); 1041 1042 lbs_deb_leave(LBS_DEB_CFG80211); 1043 return ret; 1044 } 1045 1046 1047 /* 1048 * Sets the auth type (open, shared, etc) in the firmware. That 1049 * we use CMD_802_11_AUTHENTICATE is misleading, this firmware 1050 * command doesn't send an authentication frame at all, it just 1051 * stores the auth_type. 1052 */ 1053 static int lbs_set_authtype(struct lbs_private *priv, 1054 struct cfg80211_connect_params *sme) 1055 { 1056 struct cmd_ds_802_11_authenticate cmd; 1057 int ret; 1058 1059 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", sme->auth_type); 1060 1061 /* 1062 * cmd 11 00 1063 * size 19 00 1064 * sequence xx xx 1065 * result 00 00 1066 * BSS id 00 13 19 80 da 30 1067 * auth type 00 1068 * reserved 00 00 00 00 00 00 00 00 00 00 1069 */ 1070 memset(&cmd, 0, sizeof(cmd)); 1071 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1072 if (sme->bssid) 1073 memcpy(cmd.bssid, sme->bssid, ETH_ALEN); 1074 /* convert auth_type */ 1075 ret = lbs_auth_to_authtype(sme->auth_type); 1076 if (ret < 0) 1077 goto done; 1078 1079 cmd.authtype = ret; 1080 ret = lbs_cmd_with_response(priv, CMD_802_11_AUTHENTICATE, &cmd); 1081 1082 done: 1083 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1084 return ret; 1085 } 1086 1087 1088 /* 1089 * Create association request 1090 */ 1091 #define LBS_ASSOC_MAX_CMD_SIZE \ 1092 (sizeof(struct cmd_ds_802_11_associate) \ 1093 - 512 /* cmd_ds_802_11_associate.iebuf */ \ 1094 + LBS_MAX_SSID_TLV_SIZE \ 1095 + LBS_MAX_CHANNEL_TLV_SIZE \ 1096 + LBS_MAX_CF_PARAM_TLV_SIZE \ 1097 + LBS_MAX_AUTH_TYPE_TLV_SIZE \ 1098 + LBS_MAX_WPA_TLV_SIZE) 1099 1100 static int lbs_associate(struct lbs_private *priv, 1101 struct cfg80211_bss *bss, 1102 struct cfg80211_connect_params *sme) 1103 { 1104 struct cmd_ds_802_11_associate_response *resp; 1105 struct cmd_ds_802_11_associate *cmd = kzalloc(LBS_ASSOC_MAX_CMD_SIZE, 1106 GFP_KERNEL); 1107 const u8 *ssid_eid; 1108 size_t len, resp_ie_len; 1109 int status; 1110 int ret; 1111 u8 *pos; 1112 u8 *tmp; 1113 1114 lbs_deb_enter(LBS_DEB_CFG80211); 1115 1116 if (!cmd) { 1117 ret = -ENOMEM; 1118 goto done; 1119 } 1120 pos = &cmd->iebuf[0]; 1121 1122 /* 1123 * cmd 50 00 1124 * length 34 00 1125 * sequence xx xx 1126 * result 00 00 1127 * BSS id 00 13 19 80 da 30 1128 * capabilities 11 00 1129 * listen interval 0a 00 1130 * beacon interval 00 00 1131 * DTIM period 00 1132 * TLVs xx (up to 512 bytes) 1133 */ 1134 cmd->hdr.command = cpu_to_le16(CMD_802_11_ASSOCIATE); 1135 1136 /* Fill in static fields */ 1137 memcpy(cmd->bssid, bss->bssid, ETH_ALEN); 1138 cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL); 1139 cmd->capability = cpu_to_le16(bss->capability); 1140 1141 /* add SSID TLV */ 1142 rcu_read_lock(); 1143 ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID); 1144 if (ssid_eid) 1145 pos += lbs_add_ssid_tlv(pos, ssid_eid + 2, ssid_eid[1]); 1146 else 1147 lbs_deb_assoc("no SSID\n"); 1148 rcu_read_unlock(); 1149 1150 /* add DS param TLV */ 1151 if (bss->channel) 1152 pos += lbs_add_channel_tlv(pos, bss->channel->hw_value); 1153 else 1154 lbs_deb_assoc("no channel\n"); 1155 1156 /* add (empty) CF param TLV */ 1157 pos += lbs_add_cf_param_tlv(pos); 1158 1159 /* add rates TLV */ 1160 tmp = pos + 4; /* skip Marvell IE header */ 1161 pos += lbs_add_common_rates_tlv(pos, bss); 1162 lbs_deb_hex(LBS_DEB_ASSOC, "Common Rates", tmp, pos - tmp); 1163 1164 /* add auth type TLV */ 1165 if (MRVL_FW_MAJOR_REV(priv->fwrelease) >= 9) 1166 pos += lbs_add_auth_type_tlv(pos, sme->auth_type); 1167 1168 /* add WPA/WPA2 TLV */ 1169 if (sme->ie && sme->ie_len) 1170 pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len); 1171 1172 len = (sizeof(*cmd) - sizeof(cmd->iebuf)) + 1173 (u16)(pos - (u8 *) &cmd->iebuf); 1174 cmd->hdr.size = cpu_to_le16(len); 1175 1176 lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd, 1177 le16_to_cpu(cmd->hdr.size)); 1178 1179 /* store for later use */ 1180 memcpy(priv->assoc_bss, bss->bssid, ETH_ALEN); 1181 1182 ret = lbs_cmd_with_response(priv, CMD_802_11_ASSOCIATE, cmd); 1183 if (ret) 1184 goto done; 1185 1186 /* generate connect message to cfg80211 */ 1187 1188 resp = (void *) cmd; /* recast for easier field access */ 1189 status = le16_to_cpu(resp->statuscode); 1190 1191 /* Older FW versions map the IEEE 802.11 Status Code in the association 1192 * response to the following values returned in resp->statuscode: 1193 * 1194 * IEEE Status Code Marvell Status Code 1195 * 0 -> 0x0000 ASSOC_RESULT_SUCCESS 1196 * 13 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1197 * 14 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1198 * 15 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1199 * 16 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1200 * others -> 0x0003 ASSOC_RESULT_REFUSED 1201 * 1202 * Other response codes: 1203 * 0x0001 -> ASSOC_RESULT_INVALID_PARAMETERS (unused) 1204 * 0x0002 -> ASSOC_RESULT_TIMEOUT (internal timer expired waiting for 1205 * association response from the AP) 1206 */ 1207 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 1208 switch (status) { 1209 case 0: 1210 break; 1211 case 1: 1212 lbs_deb_assoc("invalid association parameters\n"); 1213 status = WLAN_STATUS_CAPS_UNSUPPORTED; 1214 break; 1215 case 2: 1216 lbs_deb_assoc("timer expired while waiting for AP\n"); 1217 status = WLAN_STATUS_AUTH_TIMEOUT; 1218 break; 1219 case 3: 1220 lbs_deb_assoc("association refused by AP\n"); 1221 status = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1222 break; 1223 case 4: 1224 lbs_deb_assoc("authentication refused by AP\n"); 1225 status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1226 break; 1227 default: 1228 lbs_deb_assoc("association failure %d\n", status); 1229 /* v5 OLPC firmware does return the AP status code if 1230 * it's not one of the values above. Let that through. 1231 */ 1232 break; 1233 } 1234 } 1235 1236 lbs_deb_assoc("status %d, statuscode 0x%04x, capability 0x%04x, " 1237 "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode), 1238 le16_to_cpu(resp->capability), le16_to_cpu(resp->aid)); 1239 1240 resp_ie_len = le16_to_cpu(resp->hdr.size) 1241 - sizeof(resp->hdr) 1242 - 6; 1243 cfg80211_connect_result(priv->dev, 1244 priv->assoc_bss, 1245 sme->ie, sme->ie_len, 1246 resp->iebuf, resp_ie_len, 1247 status, 1248 GFP_KERNEL); 1249 1250 if (status == 0) { 1251 /* TODO: get rid of priv->connect_status */ 1252 priv->connect_status = LBS_CONNECTED; 1253 netif_carrier_on(priv->dev); 1254 if (!priv->tx_pending_len) 1255 netif_tx_wake_all_queues(priv->dev); 1256 } 1257 1258 kfree(cmd); 1259 done: 1260 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1261 return ret; 1262 } 1263 1264 static struct cfg80211_scan_request * 1265 _new_connect_scan_req(struct wiphy *wiphy, struct cfg80211_connect_params *sme) 1266 { 1267 struct cfg80211_scan_request *creq = NULL; 1268 int i, n_channels = ieee80211_get_num_supported_channels(wiphy); 1269 enum ieee80211_band band; 1270 1271 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1272 n_channels * sizeof(void *), 1273 GFP_ATOMIC); 1274 if (!creq) 1275 return NULL; 1276 1277 /* SSIDs come after channels */ 1278 creq->ssids = (void *)&creq->channels[n_channels]; 1279 creq->n_channels = n_channels; 1280 creq->n_ssids = 1; 1281 1282 /* Scan all available channels */ 1283 i = 0; 1284 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1285 int j; 1286 1287 if (!wiphy->bands[band]) 1288 continue; 1289 1290 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1291 /* ignore disabled channels */ 1292 if (wiphy->bands[band]->channels[j].flags & 1293 IEEE80211_CHAN_DISABLED) 1294 continue; 1295 1296 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1297 i++; 1298 } 1299 } 1300 if (i) { 1301 /* Set real number of channels specified in creq->channels[] */ 1302 creq->n_channels = i; 1303 1304 /* Scan for the SSID we're going to connect to */ 1305 memcpy(creq->ssids[0].ssid, sme->ssid, sme->ssid_len); 1306 creq->ssids[0].ssid_len = sme->ssid_len; 1307 } else { 1308 /* No channels found... */ 1309 kfree(creq); 1310 creq = NULL; 1311 } 1312 1313 return creq; 1314 } 1315 1316 static int lbs_cfg_connect(struct wiphy *wiphy, struct net_device *dev, 1317 struct cfg80211_connect_params *sme) 1318 { 1319 struct lbs_private *priv = wiphy_priv(wiphy); 1320 struct cfg80211_bss *bss = NULL; 1321 int ret = 0; 1322 u8 preamble = RADIO_PREAMBLE_SHORT; 1323 1324 if (dev == priv->mesh_dev) 1325 return -EOPNOTSUPP; 1326 1327 lbs_deb_enter(LBS_DEB_CFG80211); 1328 1329 if (!sme->bssid) { 1330 struct cfg80211_scan_request *creq; 1331 1332 /* 1333 * Scan for the requested network after waiting for existing 1334 * scans to finish. 1335 */ 1336 lbs_deb_assoc("assoc: waiting for existing scans\n"); 1337 wait_event_interruptible_timeout(priv->scan_q, 1338 (priv->scan_req == NULL), 1339 (15 * HZ)); 1340 1341 creq = _new_connect_scan_req(wiphy, sme); 1342 if (!creq) { 1343 ret = -EINVAL; 1344 goto done; 1345 } 1346 1347 lbs_deb_assoc("assoc: scanning for compatible AP\n"); 1348 _internal_start_scan(priv, true, creq); 1349 1350 lbs_deb_assoc("assoc: waiting for scan to complete\n"); 1351 wait_event_interruptible_timeout(priv->scan_q, 1352 (priv->scan_req == NULL), 1353 (15 * HZ)); 1354 lbs_deb_assoc("assoc: scanning completed\n"); 1355 } 1356 1357 /* Find the BSS we want using available scan results */ 1358 bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid, 1359 sme->ssid, sme->ssid_len, IEEE80211_BSS_TYPE_ESS, 1360 IEEE80211_PRIVACY_ANY); 1361 if (!bss) { 1362 wiphy_err(wiphy, "assoc: bss %pM not in scan results\n", 1363 sme->bssid); 1364 ret = -ENOENT; 1365 goto done; 1366 } 1367 lbs_deb_assoc("trying %pM\n", bss->bssid); 1368 lbs_deb_assoc("cipher 0x%x, key index %d, key len %d\n", 1369 sme->crypto.cipher_group, 1370 sme->key_idx, sme->key_len); 1371 1372 /* As this is a new connection, clear locally stored WEP keys */ 1373 priv->wep_tx_key = 0; 1374 memset(priv->wep_key, 0, sizeof(priv->wep_key)); 1375 memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len)); 1376 1377 /* set/remove WEP keys */ 1378 switch (sme->crypto.cipher_group) { 1379 case WLAN_CIPHER_SUITE_WEP40: 1380 case WLAN_CIPHER_SUITE_WEP104: 1381 /* Store provided WEP keys in priv-> */ 1382 priv->wep_tx_key = sme->key_idx; 1383 priv->wep_key_len[sme->key_idx] = sme->key_len; 1384 memcpy(priv->wep_key[sme->key_idx], sme->key, sme->key_len); 1385 /* Set WEP keys and WEP mode */ 1386 lbs_set_wep_keys(priv); 1387 priv->mac_control |= CMD_ACT_MAC_WEP_ENABLE; 1388 lbs_set_mac_control(priv); 1389 /* No RSN mode for WEP */ 1390 lbs_enable_rsn(priv, 0); 1391 break; 1392 case 0: /* there's no WLAN_CIPHER_SUITE_NONE definition */ 1393 /* 1394 * If we don't have no WEP, no WPA and no WPA2, 1395 * we remove all keys like in the WPA/WPA2 setup, 1396 * we just don't set RSN. 1397 * 1398 * Therefore: fall-through 1399 */ 1400 case WLAN_CIPHER_SUITE_TKIP: 1401 case WLAN_CIPHER_SUITE_CCMP: 1402 /* Remove WEP keys and WEP mode */ 1403 lbs_remove_wep_keys(priv); 1404 priv->mac_control &= ~CMD_ACT_MAC_WEP_ENABLE; 1405 lbs_set_mac_control(priv); 1406 1407 /* clear the WPA/WPA2 keys */ 1408 lbs_set_key_material(priv, 1409 KEY_TYPE_ID_WEP, /* doesn't matter */ 1410 KEY_INFO_WPA_UNICAST, 1411 NULL, 0); 1412 lbs_set_key_material(priv, 1413 KEY_TYPE_ID_WEP, /* doesn't matter */ 1414 KEY_INFO_WPA_MCAST, 1415 NULL, 0); 1416 /* RSN mode for WPA/WPA2 */ 1417 lbs_enable_rsn(priv, sme->crypto.cipher_group != 0); 1418 break; 1419 default: 1420 wiphy_err(wiphy, "unsupported cipher group 0x%x\n", 1421 sme->crypto.cipher_group); 1422 ret = -ENOTSUPP; 1423 goto done; 1424 } 1425 1426 ret = lbs_set_authtype(priv, sme); 1427 if (ret == -ENOTSUPP) { 1428 wiphy_err(wiphy, "unsupported authtype 0x%x\n", sme->auth_type); 1429 goto done; 1430 } 1431 1432 lbs_set_radio(priv, preamble, 1); 1433 1434 /* Do the actual association */ 1435 ret = lbs_associate(priv, bss, sme); 1436 1437 done: 1438 if (bss) 1439 cfg80211_put_bss(wiphy, bss); 1440 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1441 return ret; 1442 } 1443 1444 int lbs_disconnect(struct lbs_private *priv, u16 reason) 1445 { 1446 struct cmd_ds_802_11_deauthenticate cmd; 1447 int ret; 1448 1449 memset(&cmd, 0, sizeof(cmd)); 1450 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1451 /* Mildly ugly to use a locally store my own BSSID ... */ 1452 memcpy(cmd.macaddr, &priv->assoc_bss, ETH_ALEN); 1453 cmd.reasoncode = cpu_to_le16(reason); 1454 1455 ret = lbs_cmd_with_response(priv, CMD_802_11_DEAUTHENTICATE, &cmd); 1456 if (ret) 1457 return ret; 1458 1459 cfg80211_disconnected(priv->dev, 1460 reason, 1461 NULL, 0, true, 1462 GFP_KERNEL); 1463 priv->connect_status = LBS_DISCONNECTED; 1464 1465 return 0; 1466 } 1467 1468 static int lbs_cfg_disconnect(struct wiphy *wiphy, struct net_device *dev, 1469 u16 reason_code) 1470 { 1471 struct lbs_private *priv = wiphy_priv(wiphy); 1472 1473 if (dev == priv->mesh_dev) 1474 return -EOPNOTSUPP; 1475 1476 lbs_deb_enter_args(LBS_DEB_CFG80211, "reason_code %d", reason_code); 1477 1478 /* store for lbs_cfg_ret_disconnect() */ 1479 priv->disassoc_reason = reason_code; 1480 1481 return lbs_disconnect(priv, reason_code); 1482 } 1483 1484 static int lbs_cfg_set_default_key(struct wiphy *wiphy, 1485 struct net_device *netdev, 1486 u8 key_index, bool unicast, 1487 bool multicast) 1488 { 1489 struct lbs_private *priv = wiphy_priv(wiphy); 1490 1491 if (netdev == priv->mesh_dev) 1492 return -EOPNOTSUPP; 1493 1494 lbs_deb_enter(LBS_DEB_CFG80211); 1495 1496 if (key_index != priv->wep_tx_key) { 1497 lbs_deb_assoc("set_default_key: to %d\n", key_index); 1498 priv->wep_tx_key = key_index; 1499 lbs_set_wep_keys(priv); 1500 } 1501 1502 return 0; 1503 } 1504 1505 1506 static int lbs_cfg_add_key(struct wiphy *wiphy, struct net_device *netdev, 1507 u8 idx, bool pairwise, const u8 *mac_addr, 1508 struct key_params *params) 1509 { 1510 struct lbs_private *priv = wiphy_priv(wiphy); 1511 u16 key_info; 1512 u16 key_type; 1513 int ret = 0; 1514 1515 if (netdev == priv->mesh_dev) 1516 return -EOPNOTSUPP; 1517 1518 lbs_deb_enter(LBS_DEB_CFG80211); 1519 1520 lbs_deb_assoc("add_key: cipher 0x%x, mac_addr %pM\n", 1521 params->cipher, mac_addr); 1522 lbs_deb_assoc("add_key: key index %d, key len %d\n", 1523 idx, params->key_len); 1524 if (params->key_len) 1525 lbs_deb_hex(LBS_DEB_CFG80211, "KEY", 1526 params->key, params->key_len); 1527 1528 lbs_deb_assoc("add_key: seq len %d\n", params->seq_len); 1529 if (params->seq_len) 1530 lbs_deb_hex(LBS_DEB_CFG80211, "SEQ", 1531 params->seq, params->seq_len); 1532 1533 switch (params->cipher) { 1534 case WLAN_CIPHER_SUITE_WEP40: 1535 case WLAN_CIPHER_SUITE_WEP104: 1536 /* actually compare if something has changed ... */ 1537 if ((priv->wep_key_len[idx] != params->key_len) || 1538 memcmp(priv->wep_key[idx], 1539 params->key, params->key_len) != 0) { 1540 priv->wep_key_len[idx] = params->key_len; 1541 memcpy(priv->wep_key[idx], 1542 params->key, params->key_len); 1543 lbs_set_wep_keys(priv); 1544 } 1545 break; 1546 case WLAN_CIPHER_SUITE_TKIP: 1547 case WLAN_CIPHER_SUITE_CCMP: 1548 key_info = KEY_INFO_WPA_ENABLED | ((idx == 0) 1549 ? KEY_INFO_WPA_UNICAST 1550 : KEY_INFO_WPA_MCAST); 1551 key_type = (params->cipher == WLAN_CIPHER_SUITE_TKIP) 1552 ? KEY_TYPE_ID_TKIP 1553 : KEY_TYPE_ID_AES; 1554 lbs_set_key_material(priv, 1555 key_type, 1556 key_info, 1557 params->key, params->key_len); 1558 break; 1559 default: 1560 wiphy_err(wiphy, "unhandled cipher 0x%x\n", params->cipher); 1561 ret = -ENOTSUPP; 1562 break; 1563 } 1564 1565 return ret; 1566 } 1567 1568 1569 static int lbs_cfg_del_key(struct wiphy *wiphy, struct net_device *netdev, 1570 u8 key_index, bool pairwise, const u8 *mac_addr) 1571 { 1572 1573 lbs_deb_enter(LBS_DEB_CFG80211); 1574 1575 lbs_deb_assoc("del_key: key_idx %d, mac_addr %pM\n", 1576 key_index, mac_addr); 1577 1578 #ifdef TODO 1579 struct lbs_private *priv = wiphy_priv(wiphy); 1580 /* 1581 * I think can keep this a NO-OP, because: 1582 1583 * - we clear all keys whenever we do lbs_cfg_connect() anyway 1584 * - neither "iw" nor "wpa_supplicant" won't call this during 1585 * an ongoing connection 1586 * - TODO: but I have to check if this is still true when 1587 * I set the AP to periodic re-keying 1588 * - we've not kzallec() something when we've added a key at 1589 * lbs_cfg_connect() or lbs_cfg_add_key(). 1590 * 1591 * This causes lbs_cfg_del_key() only called at disconnect time, 1592 * where we'd just waste time deleting a key that is not going 1593 * to be used anyway. 1594 */ 1595 if (key_index < 3 && priv->wep_key_len[key_index]) { 1596 priv->wep_key_len[key_index] = 0; 1597 lbs_set_wep_keys(priv); 1598 } 1599 #endif 1600 1601 return 0; 1602 } 1603 1604 1605 /* 1606 * Get station 1607 */ 1608 1609 static int lbs_cfg_get_station(struct wiphy *wiphy, struct net_device *dev, 1610 const u8 *mac, struct station_info *sinfo) 1611 { 1612 struct lbs_private *priv = wiphy_priv(wiphy); 1613 s8 signal, noise; 1614 int ret; 1615 size_t i; 1616 1617 lbs_deb_enter(LBS_DEB_CFG80211); 1618 1619 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BYTES) | 1620 BIT(NL80211_STA_INFO_TX_PACKETS) | 1621 BIT(NL80211_STA_INFO_RX_BYTES) | 1622 BIT(NL80211_STA_INFO_RX_PACKETS); 1623 sinfo->tx_bytes = priv->dev->stats.tx_bytes; 1624 sinfo->tx_packets = priv->dev->stats.tx_packets; 1625 sinfo->rx_bytes = priv->dev->stats.rx_bytes; 1626 sinfo->rx_packets = priv->dev->stats.rx_packets; 1627 1628 /* Get current RSSI */ 1629 ret = lbs_get_rssi(priv, &signal, &noise); 1630 if (ret == 0) { 1631 sinfo->signal = signal; 1632 sinfo->filled |= BIT(NL80211_STA_INFO_SIGNAL); 1633 } 1634 1635 /* Convert priv->cur_rate from hw_value to NL80211 value */ 1636 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 1637 if (priv->cur_rate == lbs_rates[i].hw_value) { 1638 sinfo->txrate.legacy = lbs_rates[i].bitrate; 1639 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BITRATE); 1640 break; 1641 } 1642 } 1643 1644 return 0; 1645 } 1646 1647 1648 1649 1650 /* 1651 * Change interface 1652 */ 1653 1654 static int lbs_change_intf(struct wiphy *wiphy, struct net_device *dev, 1655 enum nl80211_iftype type, u32 *flags, 1656 struct vif_params *params) 1657 { 1658 struct lbs_private *priv = wiphy_priv(wiphy); 1659 int ret = 0; 1660 1661 if (dev == priv->mesh_dev) 1662 return -EOPNOTSUPP; 1663 1664 switch (type) { 1665 case NL80211_IFTYPE_MONITOR: 1666 case NL80211_IFTYPE_STATION: 1667 case NL80211_IFTYPE_ADHOC: 1668 break; 1669 default: 1670 return -EOPNOTSUPP; 1671 } 1672 1673 lbs_deb_enter(LBS_DEB_CFG80211); 1674 1675 if (priv->iface_running) 1676 ret = lbs_set_iface_type(priv, type); 1677 1678 if (!ret) 1679 priv->wdev->iftype = type; 1680 1681 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1682 return ret; 1683 } 1684 1685 1686 1687 /* 1688 * IBSS (Ad-Hoc) 1689 */ 1690 1691 /* 1692 * The firmware needs the following bits masked out of the beacon-derived 1693 * capability field when associating/joining to a BSS: 1694 * 9 (QoS), 11 (APSD), 12 (unused), 14 (unused), 15 (unused) 1695 */ 1696 #define CAPINFO_MASK (~(0xda00)) 1697 1698 1699 static void lbs_join_post(struct lbs_private *priv, 1700 struct cfg80211_ibss_params *params, 1701 u8 *bssid, u16 capability) 1702 { 1703 u8 fake_ie[2 + IEEE80211_MAX_SSID_LEN + /* ssid */ 1704 2 + 4 + /* basic rates */ 1705 2 + 1 + /* DS parameter */ 1706 2 + 2 + /* atim */ 1707 2 + 8]; /* extended rates */ 1708 u8 *fake = fake_ie; 1709 struct cfg80211_bss *bss; 1710 1711 lbs_deb_enter(LBS_DEB_CFG80211); 1712 1713 /* 1714 * For cfg80211_inform_bss, we'll need a fake IE, as we can't get 1715 * the real IE from the firmware. So we fabricate a fake IE based on 1716 * what the firmware actually sends (sniffed with wireshark). 1717 */ 1718 /* Fake SSID IE */ 1719 *fake++ = WLAN_EID_SSID; 1720 *fake++ = params->ssid_len; 1721 memcpy(fake, params->ssid, params->ssid_len); 1722 fake += params->ssid_len; 1723 /* Fake supported basic rates IE */ 1724 *fake++ = WLAN_EID_SUPP_RATES; 1725 *fake++ = 4; 1726 *fake++ = 0x82; 1727 *fake++ = 0x84; 1728 *fake++ = 0x8b; 1729 *fake++ = 0x96; 1730 /* Fake DS channel IE */ 1731 *fake++ = WLAN_EID_DS_PARAMS; 1732 *fake++ = 1; 1733 *fake++ = params->chandef.chan->hw_value; 1734 /* Fake IBSS params IE */ 1735 *fake++ = WLAN_EID_IBSS_PARAMS; 1736 *fake++ = 2; 1737 *fake++ = 0; /* ATIM=0 */ 1738 *fake++ = 0; 1739 /* Fake extended rates IE, TODO: don't add this for 802.11b only, 1740 * but I don't know how this could be checked */ 1741 *fake++ = WLAN_EID_EXT_SUPP_RATES; 1742 *fake++ = 8; 1743 *fake++ = 0x0c; 1744 *fake++ = 0x12; 1745 *fake++ = 0x18; 1746 *fake++ = 0x24; 1747 *fake++ = 0x30; 1748 *fake++ = 0x48; 1749 *fake++ = 0x60; 1750 *fake++ = 0x6c; 1751 lbs_deb_hex(LBS_DEB_CFG80211, "IE", fake_ie, fake - fake_ie); 1752 1753 bss = cfg80211_inform_bss(priv->wdev->wiphy, 1754 params->chandef.chan, 1755 CFG80211_BSS_FTYPE_UNKNOWN, 1756 bssid, 1757 0, 1758 capability, 1759 params->beacon_interval, 1760 fake_ie, fake - fake_ie, 1761 0, GFP_KERNEL); 1762 cfg80211_put_bss(priv->wdev->wiphy, bss); 1763 1764 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len); 1765 priv->wdev->ssid_len = params->ssid_len; 1766 1767 cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan, 1768 GFP_KERNEL); 1769 1770 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */ 1771 priv->connect_status = LBS_CONNECTED; 1772 netif_carrier_on(priv->dev); 1773 if (!priv->tx_pending_len) 1774 netif_wake_queue(priv->dev); 1775 1776 lbs_deb_leave(LBS_DEB_CFG80211); 1777 } 1778 1779 static int lbs_ibss_join_existing(struct lbs_private *priv, 1780 struct cfg80211_ibss_params *params, 1781 struct cfg80211_bss *bss) 1782 { 1783 const u8 *rates_eid; 1784 struct cmd_ds_802_11_ad_hoc_join cmd; 1785 u8 preamble = RADIO_PREAMBLE_SHORT; 1786 int ret = 0; 1787 1788 lbs_deb_enter(LBS_DEB_CFG80211); 1789 1790 /* TODO: set preamble based on scan result */ 1791 ret = lbs_set_radio(priv, preamble, 1); 1792 if (ret) 1793 goto out; 1794 1795 /* 1796 * Example CMD_802_11_AD_HOC_JOIN command: 1797 * 1798 * command 2c 00 CMD_802_11_AD_HOC_JOIN 1799 * size 65 00 1800 * sequence xx xx 1801 * result 00 00 1802 * bssid 02 27 27 97 2f 96 1803 * ssid 49 42 53 53 00 00 00 00 1804 * 00 00 00 00 00 00 00 00 1805 * 00 00 00 00 00 00 00 00 1806 * 00 00 00 00 00 00 00 00 1807 * type 02 CMD_BSS_TYPE_IBSS 1808 * beacon period 64 00 1809 * dtim period 00 1810 * timestamp 00 00 00 00 00 00 00 00 1811 * localtime 00 00 00 00 00 00 00 00 1812 * IE DS 03 1813 * IE DS len 01 1814 * IE DS channel 01 1815 * reserveed 00 00 00 00 1816 * IE IBSS 06 1817 * IE IBSS len 02 1818 * IE IBSS atim 00 00 1819 * reserved 00 00 00 00 1820 * capability 02 00 1821 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 00 1822 * fail timeout ff 00 1823 * probe delay 00 00 1824 */ 1825 memset(&cmd, 0, sizeof(cmd)); 1826 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1827 1828 memcpy(cmd.bss.bssid, bss->bssid, ETH_ALEN); 1829 memcpy(cmd.bss.ssid, params->ssid, params->ssid_len); 1830 cmd.bss.type = CMD_BSS_TYPE_IBSS; 1831 cmd.bss.beaconperiod = cpu_to_le16(params->beacon_interval); 1832 cmd.bss.ds.header.id = WLAN_EID_DS_PARAMS; 1833 cmd.bss.ds.header.len = 1; 1834 cmd.bss.ds.channel = params->chandef.chan->hw_value; 1835 cmd.bss.ibss.header.id = WLAN_EID_IBSS_PARAMS; 1836 cmd.bss.ibss.header.len = 2; 1837 cmd.bss.ibss.atimwindow = 0; 1838 cmd.bss.capability = cpu_to_le16(bss->capability & CAPINFO_MASK); 1839 1840 /* set rates to the intersection of our rates and the rates in the 1841 bss */ 1842 rcu_read_lock(); 1843 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1844 if (!rates_eid) { 1845 lbs_add_rates(cmd.bss.rates); 1846 } else { 1847 int hw, i; 1848 u8 rates_max = rates_eid[1]; 1849 u8 *rates = cmd.bss.rates; 1850 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 1851 u8 hw_rate = lbs_rates[hw].bitrate / 5; 1852 for (i = 0; i < rates_max; i++) { 1853 if (hw_rate == (rates_eid[i+2] & 0x7f)) { 1854 u8 rate = rates_eid[i+2]; 1855 if (rate == 0x02 || rate == 0x04 || 1856 rate == 0x0b || rate == 0x16) 1857 rate |= 0x80; 1858 *rates++ = rate; 1859 } 1860 } 1861 } 1862 } 1863 rcu_read_unlock(); 1864 1865 /* Only v8 and below support setting this */ 1866 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 1867 cmd.failtimeout = cpu_to_le16(MRVDRV_ASSOCIATION_TIME_OUT); 1868 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 1869 } 1870 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_JOIN, &cmd); 1871 if (ret) 1872 goto out; 1873 1874 /* 1875 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 1876 * 1877 * response 2c 80 1878 * size 09 00 1879 * sequence xx xx 1880 * result 00 00 1881 * reserved 00 1882 */ 1883 lbs_join_post(priv, params, bss->bssid, bss->capability); 1884 1885 out: 1886 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1887 return ret; 1888 } 1889 1890 1891 1892 static int lbs_ibss_start_new(struct lbs_private *priv, 1893 struct cfg80211_ibss_params *params) 1894 { 1895 struct cmd_ds_802_11_ad_hoc_start cmd; 1896 struct cmd_ds_802_11_ad_hoc_result *resp = 1897 (struct cmd_ds_802_11_ad_hoc_result *) &cmd; 1898 u8 preamble = RADIO_PREAMBLE_SHORT; 1899 int ret = 0; 1900 u16 capability; 1901 1902 lbs_deb_enter(LBS_DEB_CFG80211); 1903 1904 ret = lbs_set_radio(priv, preamble, 1); 1905 if (ret) 1906 goto out; 1907 1908 /* 1909 * Example CMD_802_11_AD_HOC_START command: 1910 * 1911 * command 2b 00 CMD_802_11_AD_HOC_START 1912 * size b1 00 1913 * sequence xx xx 1914 * result 00 00 1915 * ssid 54 45 53 54 00 00 00 00 1916 * 00 00 00 00 00 00 00 00 1917 * 00 00 00 00 00 00 00 00 1918 * 00 00 00 00 00 00 00 00 1919 * bss type 02 1920 * beacon period 64 00 1921 * dtim period 00 1922 * IE IBSS 06 1923 * IE IBSS len 02 1924 * IE IBSS atim 00 00 1925 * reserved 00 00 00 00 1926 * IE DS 03 1927 * IE DS len 01 1928 * IE DS channel 01 1929 * reserved 00 00 00 00 1930 * probe delay 00 00 1931 * capability 02 00 1932 * rates 82 84 8b 96 (basic rates with have bit 7 set) 1933 * 0c 12 18 24 30 48 60 6c 1934 * padding 100 bytes 1935 */ 1936 memset(&cmd, 0, sizeof(cmd)); 1937 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1938 memcpy(cmd.ssid, params->ssid, params->ssid_len); 1939 cmd.bsstype = CMD_BSS_TYPE_IBSS; 1940 cmd.beaconperiod = cpu_to_le16(params->beacon_interval); 1941 cmd.ibss.header.id = WLAN_EID_IBSS_PARAMS; 1942 cmd.ibss.header.len = 2; 1943 cmd.ibss.atimwindow = 0; 1944 cmd.ds.header.id = WLAN_EID_DS_PARAMS; 1945 cmd.ds.header.len = 1; 1946 cmd.ds.channel = params->chandef.chan->hw_value; 1947 /* Only v8 and below support setting probe delay */ 1948 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) 1949 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 1950 /* TODO: mix in WLAN_CAPABILITY_PRIVACY */ 1951 capability = WLAN_CAPABILITY_IBSS; 1952 cmd.capability = cpu_to_le16(capability); 1953 lbs_add_rates(cmd.rates); 1954 1955 1956 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_START, &cmd); 1957 if (ret) 1958 goto out; 1959 1960 /* 1961 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 1962 * 1963 * response 2b 80 1964 * size 14 00 1965 * sequence xx xx 1966 * result 00 00 1967 * reserved 00 1968 * bssid 02 2b 7b 0f 86 0e 1969 */ 1970 lbs_join_post(priv, params, resp->bssid, capability); 1971 1972 out: 1973 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1974 return ret; 1975 } 1976 1977 1978 static int lbs_join_ibss(struct wiphy *wiphy, struct net_device *dev, 1979 struct cfg80211_ibss_params *params) 1980 { 1981 struct lbs_private *priv = wiphy_priv(wiphy); 1982 int ret = 0; 1983 struct cfg80211_bss *bss; 1984 1985 if (dev == priv->mesh_dev) 1986 return -EOPNOTSUPP; 1987 1988 lbs_deb_enter(LBS_DEB_CFG80211); 1989 1990 if (!params->chandef.chan) { 1991 ret = -ENOTSUPP; 1992 goto out; 1993 } 1994 1995 ret = lbs_set_channel(priv, params->chandef.chan->hw_value); 1996 if (ret) 1997 goto out; 1998 1999 /* Search if someone is beaconing. This assumes that the 2000 * bss list is populated already */ 2001 bss = cfg80211_get_bss(wiphy, params->chandef.chan, params->bssid, 2002 params->ssid, params->ssid_len, 2003 IEEE80211_BSS_TYPE_IBSS, IEEE80211_PRIVACY_ANY); 2004 2005 if (bss) { 2006 ret = lbs_ibss_join_existing(priv, params, bss); 2007 cfg80211_put_bss(wiphy, bss); 2008 } else 2009 ret = lbs_ibss_start_new(priv, params); 2010 2011 2012 out: 2013 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2014 return ret; 2015 } 2016 2017 2018 static int lbs_leave_ibss(struct wiphy *wiphy, struct net_device *dev) 2019 { 2020 struct lbs_private *priv = wiphy_priv(wiphy); 2021 struct cmd_ds_802_11_ad_hoc_stop cmd; 2022 int ret = 0; 2023 2024 if (dev == priv->mesh_dev) 2025 return -EOPNOTSUPP; 2026 2027 lbs_deb_enter(LBS_DEB_CFG80211); 2028 2029 memset(&cmd, 0, sizeof(cmd)); 2030 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 2031 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_STOP, &cmd); 2032 2033 /* TODO: consider doing this at MACREG_INT_CODE_ADHOC_BCN_LOST time */ 2034 lbs_mac_event_disconnected(priv, true); 2035 2036 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2037 return ret; 2038 } 2039 2040 2041 2042 2043 /* 2044 * Initialization 2045 */ 2046 2047 static struct cfg80211_ops lbs_cfg80211_ops = { 2048 .set_monitor_channel = lbs_cfg_set_monitor_channel, 2049 .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel, 2050 .scan = lbs_cfg_scan, 2051 .connect = lbs_cfg_connect, 2052 .disconnect = lbs_cfg_disconnect, 2053 .add_key = lbs_cfg_add_key, 2054 .del_key = lbs_cfg_del_key, 2055 .set_default_key = lbs_cfg_set_default_key, 2056 .get_station = lbs_cfg_get_station, 2057 .change_virtual_intf = lbs_change_intf, 2058 .join_ibss = lbs_join_ibss, 2059 .leave_ibss = lbs_leave_ibss, 2060 }; 2061 2062 2063 /* 2064 * At this time lbs_private *priv doesn't even exist, so we just allocate 2065 * memory and don't initialize the wiphy further. This is postponed until we 2066 * can talk to the firmware and happens at registration time in 2067 * lbs_cfg_wiphy_register(). 2068 */ 2069 struct wireless_dev *lbs_cfg_alloc(struct device *dev) 2070 { 2071 int ret = 0; 2072 struct wireless_dev *wdev; 2073 2074 lbs_deb_enter(LBS_DEB_CFG80211); 2075 2076 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 2077 if (!wdev) 2078 return ERR_PTR(-ENOMEM); 2079 2080 wdev->wiphy = wiphy_new(&lbs_cfg80211_ops, sizeof(struct lbs_private)); 2081 if (!wdev->wiphy) { 2082 dev_err(dev, "cannot allocate wiphy\n"); 2083 ret = -ENOMEM; 2084 goto err_wiphy_new; 2085 } 2086 2087 lbs_deb_leave(LBS_DEB_CFG80211); 2088 return wdev; 2089 2090 err_wiphy_new: 2091 kfree(wdev); 2092 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2093 return ERR_PTR(ret); 2094 } 2095 2096 2097 static void lbs_cfg_set_regulatory_hint(struct lbs_private *priv) 2098 { 2099 struct region_code_mapping { 2100 const char *cn; 2101 int code; 2102 }; 2103 2104 /* Section 5.17.2 */ 2105 static const struct region_code_mapping regmap[] = { 2106 {"US ", 0x10}, /* US FCC */ 2107 {"CA ", 0x20}, /* Canada */ 2108 {"EU ", 0x30}, /* ETSI */ 2109 {"ES ", 0x31}, /* Spain */ 2110 {"FR ", 0x32}, /* France */ 2111 {"JP ", 0x40}, /* Japan */ 2112 }; 2113 size_t i; 2114 2115 lbs_deb_enter(LBS_DEB_CFG80211); 2116 2117 for (i = 0; i < ARRAY_SIZE(regmap); i++) 2118 if (regmap[i].code == priv->regioncode) { 2119 regulatory_hint(priv->wdev->wiphy, regmap[i].cn); 2120 break; 2121 } 2122 2123 lbs_deb_leave(LBS_DEB_CFG80211); 2124 } 2125 2126 static void lbs_reg_notifier(struct wiphy *wiphy, 2127 struct regulatory_request *request) 2128 { 2129 struct lbs_private *priv = wiphy_priv(wiphy); 2130 2131 lbs_deb_enter_args(LBS_DEB_CFG80211, "cfg80211 regulatory domain " 2132 "callback for domain %c%c\n", request->alpha2[0], 2133 request->alpha2[1]); 2134 2135 memcpy(priv->country_code, request->alpha2, sizeof(request->alpha2)); 2136 if (lbs_iface_active(priv)) 2137 lbs_set_11d_domain_info(priv); 2138 2139 lbs_deb_leave(LBS_DEB_CFG80211); 2140 } 2141 2142 /* 2143 * This function get's called after lbs_setup_firmware() determined the 2144 * firmware capabities. So we can setup the wiphy according to our 2145 * hardware/firmware. 2146 */ 2147 int lbs_cfg_register(struct lbs_private *priv) 2148 { 2149 struct wireless_dev *wdev = priv->wdev; 2150 int ret; 2151 2152 lbs_deb_enter(LBS_DEB_CFG80211); 2153 2154 wdev->wiphy->max_scan_ssids = 1; 2155 wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; 2156 2157 wdev->wiphy->interface_modes = 2158 BIT(NL80211_IFTYPE_STATION) | 2159 BIT(NL80211_IFTYPE_ADHOC); 2160 if (lbs_rtap_supported(priv)) 2161 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR); 2162 if (lbs_mesh_activated(priv)) 2163 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MESH_POINT); 2164 2165 wdev->wiphy->bands[IEEE80211_BAND_2GHZ] = &lbs_band_2ghz; 2166 2167 /* 2168 * We could check priv->fwcapinfo && FW_CAPINFO_WPA, but I have 2169 * never seen a firmware without WPA 2170 */ 2171 wdev->wiphy->cipher_suites = cipher_suites; 2172 wdev->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites); 2173 wdev->wiphy->reg_notifier = lbs_reg_notifier; 2174 2175 ret = wiphy_register(wdev->wiphy); 2176 if (ret < 0) 2177 pr_err("cannot register wiphy device\n"); 2178 2179 priv->wiphy_registered = true; 2180 2181 ret = register_netdev(priv->dev); 2182 if (ret) 2183 pr_err("cannot register network device\n"); 2184 2185 INIT_DELAYED_WORK(&priv->scan_work, lbs_scan_worker); 2186 2187 lbs_cfg_set_regulatory_hint(priv); 2188 2189 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2190 return ret; 2191 } 2192 2193 void lbs_scan_deinit(struct lbs_private *priv) 2194 { 2195 lbs_deb_enter(LBS_DEB_CFG80211); 2196 cancel_delayed_work_sync(&priv->scan_work); 2197 } 2198 2199 2200 void lbs_cfg_free(struct lbs_private *priv) 2201 { 2202 struct wireless_dev *wdev = priv->wdev; 2203 2204 lbs_deb_enter(LBS_DEB_CFG80211); 2205 2206 if (!wdev) 2207 return; 2208 2209 if (priv->wiphy_registered) 2210 wiphy_unregister(wdev->wiphy); 2211 2212 if (wdev->wiphy) 2213 wiphy_free(wdev->wiphy); 2214 2215 kfree(wdev); 2216 }
1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 extern int ldv_state_variable_8; 53 extern int ldv_state_variable_15; 54 extern int ldv_timer_1_3; 55 extern struct timer_list * ldv_timer_list_2_0; 56 extern int ldv_timer_2_1; 57 extern int ldv_state_variable_0; 58 extern int ldv_state_variable_5; 59 extern int ldv_state_variable_13; 60 extern int ldv_state_variable_12; 61 extern struct device_attribute *dev_attr_protocol_id_group1; 62 extern struct timer_list * ldv_timer_list_3_1; 63 extern int ldv_state_variable_14; 64 extern struct device_attribute *dev_attr_capability_group1; 65 extern struct timer_list * ldv_timer_list_3_2; 66 extern int ldv_timer_2_2; 67 extern struct net_device *lbs_ethtool_ops_group0; 68 extern int ldv_timer_3_3; 69 extern int ldv_timer_2_3; 70 extern struct device_attribute *dev_attr_lbs_mesh_group1; 71 extern int ldv_timer_1_0; 72 extern int ldv_state_variable_17; 73 extern struct timer_list * ldv_timer_list_3_3; 74 extern int ldv_state_variable_9; 75 extern int ldv_timer_3_1; 76 extern int ref_cnt; 77 extern int ldv_state_variable_1; 78 extern int ldv_state_variable_7; 79 extern struct device_attribute *dev_attr_metric_id_group1; 80 extern struct net_device *lbs_netdev_ops_group1; 81 extern struct timer_list * ldv_timer_list_1_3; 82 extern struct net_device *lbs_cfg80211_ops_group0; 83 extern int ldv_state_variable_10; 84 extern struct timer_list * ldv_timer_list_1_1; 85 extern struct file *lbs_debug_fops_group2; 86 extern struct timer_list * ldv_timer_list_2_1; 87 extern struct wiphy *lbs_cfg80211_ops_group1; 88 extern struct timer_list * ldv_timer_list_1_0; 89 extern int ldv_state_variable_6; 90 extern int ldv_timer_1_2; 91 extern int ldv_state_variable_16; 92 extern struct device_attribute *dev_attr_channel_group1; 93 extern int ldv_timer_2_0; 94 extern int ldv_timer_1_1; 95 extern int ldv_state_variable_2; 96 extern struct timer_list * ldv_timer_list_1_2; 97 extern struct device_attribute *dev_attr_anycast_mask_group1; 98 extern int ldv_state_variable_11; 99 extern struct device_attribute *dev_attr_bootflag_group1; 100 extern int LDV_IN_INTERRUPT = 1; 101 extern int ldv_state_variable_18; 102 extern struct net_device *mesh_netdev_ops_group1; 103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1; 104 extern struct inode *lbs_debug_fops_group1; 105 extern int ldv_timer_3_2; 106 extern struct mutex fs_mutex; 107 extern int ldv_state_variable_3; 108 extern struct mutex ar_mutex; 109 extern struct timer_list * ldv_timer_list_2_3; 110 extern struct device_attribute *dev_attr_boottime_group1; 111 extern int ldv_timer_3_0; 112 extern struct timer_list * ldv_timer_list_3_0; 113 extern struct device_attribute *dev_attr_mesh_id_group1; 114 extern struct timer_list * ldv_timer_list_2_2; 115 extern int ldv_state_variable_4; 116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1; 117 extern void ldv_initialyze_cfg80211_ops_18(void); 118 extern int evil_hack_15(void); 119 extern void choose_timer_2(void); 120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag); 122 extern void choose_timer_3(void); 123 extern void timer_init_3(void); 124 extern void ldv_net_device_ops_4(void); 125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 126 extern void timer_init_2(void); 127 extern void timer_init_1(void); 128 extern void ldv_net_device_ops_15(void); 129 extern void disable_suitable_timer_3(struct timer_list * timer); 130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data); 131 extern int evil_hack_4(void); 132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 133 extern void disable_suitable_timer_2(struct timer_list * timer); 134 extern void disable_suitable_timer_1(struct timer_list * timer); 135 extern int evil_hack_fs_lock(void); 136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag); 138 extern int __VERIFIER_nondet_int(void); 139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 140 extern void ldv_file_operations_17(void); 141 extern void ldv_initialyze_ethtool_ops_16(void); 142 extern void choose_timer_1(void); 143 extern void ldv_timer_1(int state, struct timer_list * timer); 144 extern int evil_hack_ar_lock(void); 145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data); 146 extern void ldv_timer_2(int state, struct timer_list * timer); 147 extern void ldv_timer_3(int state, struct timer_list * timer); 148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cfg.c" 149 /* 150 * Implement cfg80211 ("iw") support. 151 * 152 * Copyright (C) 2009 M&N Solutions GmbH, 61191 Rosbach, Germany 153 * Holger Schurig <hs4233@mail.mn-solutions.de> 154 * 155 */ 156 157 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 158 159 #include <linux/hardirq.h> 160 #include <linux/sched.h> 161 #include <linux/wait.h> 162 #include <linux/slab.h> 163 #include <linux/ieee80211.h> 164 #include <net/cfg80211.h> 165 #include <asm/unaligned.h> 166 167 #include "decl.h" 168 #include "cfg.h" 169 #include "cmd.h" 170 #include "mesh.h" 171 172 173 #define CHAN2G(_channel, _freq, _flags) { \ 174 .band = IEEE80211_BAND_2GHZ, \ 175 .center_freq = (_freq), \ 176 .hw_value = (_channel), \ 177 .flags = (_flags), \ 178 .max_antenna_gain = 0, \ 179 .max_power = 30, \ 180 } 181 182 static struct ieee80211_channel lbs_2ghz_channels[] = { 183 CHAN2G(1, 2412, 0), 184 CHAN2G(2, 2417, 0), 185 CHAN2G(3, 2422, 0), 186 CHAN2G(4, 2427, 0), 187 CHAN2G(5, 2432, 0), 188 CHAN2G(6, 2437, 0), 189 CHAN2G(7, 2442, 0), 190 CHAN2G(8, 2447, 0), 191 CHAN2G(9, 2452, 0), 192 CHAN2G(10, 2457, 0), 193 CHAN2G(11, 2462, 0), 194 CHAN2G(12, 2467, 0), 195 CHAN2G(13, 2472, 0), 196 CHAN2G(14, 2484, 0), 197 }; 198 199 #define RATETAB_ENT(_rate, _hw_value, _flags) { \ 200 .bitrate = (_rate), \ 201 .hw_value = (_hw_value), \ 202 .flags = (_flags), \ 203 } 204 205 206 /* Table 6 in section 3.2.1.1 */ 207 static struct ieee80211_rate lbs_rates[] = { 208 RATETAB_ENT(10, 0, 0), 209 RATETAB_ENT(20, 1, 0), 210 RATETAB_ENT(55, 2, 0), 211 RATETAB_ENT(110, 3, 0), 212 RATETAB_ENT(60, 9, 0), 213 RATETAB_ENT(90, 6, 0), 214 RATETAB_ENT(120, 7, 0), 215 RATETAB_ENT(180, 8, 0), 216 RATETAB_ENT(240, 9, 0), 217 RATETAB_ENT(360, 10, 0), 218 RATETAB_ENT(480, 11, 0), 219 RATETAB_ENT(540, 12, 0), 220 }; 221 222 static struct ieee80211_supported_band lbs_band_2ghz = { 223 .channels = lbs_2ghz_channels, 224 .n_channels = ARRAY_SIZE(lbs_2ghz_channels), 225 .bitrates = lbs_rates, 226 .n_bitrates = ARRAY_SIZE(lbs_rates), 227 }; 228 229 230 static const u32 cipher_suites[] = { 231 WLAN_CIPHER_SUITE_WEP40, 232 WLAN_CIPHER_SUITE_WEP104, 233 WLAN_CIPHER_SUITE_TKIP, 234 WLAN_CIPHER_SUITE_CCMP, 235 }; 236 237 /* Time to stay on the channel */ 238 #define LBS_DWELL_PASSIVE 100 239 #define LBS_DWELL_ACTIVE 40 240 241 242 /*************************************************************************** 243 * Misc utility functions 244 * 245 * TLVs are Marvell specific. They are very similar to IEs, they have the 246 * same structure: type, length, data*. The only difference: for IEs, the 247 * type and length are u8, but for TLVs they're __le16. 248 */ 249 250 /* 251 * Convert NL80211's auth_type to the one from Libertas, see chapter 5.9.1 252 * in the firmware spec 253 */ 254 static int lbs_auth_to_authtype(enum nl80211_auth_type auth_type) 255 { 256 int ret = -ENOTSUPP; 257 258 switch (auth_type) { 259 case NL80211_AUTHTYPE_OPEN_SYSTEM: 260 case NL80211_AUTHTYPE_SHARED_KEY: 261 ret = auth_type; 262 break; 263 case NL80211_AUTHTYPE_AUTOMATIC: 264 ret = NL80211_AUTHTYPE_OPEN_SYSTEM; 265 break; 266 case NL80211_AUTHTYPE_NETWORK_EAP: 267 ret = 0x80; 268 break; 269 default: 270 /* silence compiler */ 271 break; 272 } 273 return ret; 274 } 275 276 277 /* 278 * Various firmware commands need the list of supported rates, but with 279 * the hight-bit set for basic rates 280 */ 281 static int lbs_add_rates(u8 *rates) 282 { 283 size_t i; 284 285 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 286 u8 rate = lbs_rates[i].bitrate / 5; 287 if (rate == 0x02 || rate == 0x04 || 288 rate == 0x0b || rate == 0x16) 289 rate |= 0x80; 290 rates[i] = rate; 291 } 292 return ARRAY_SIZE(lbs_rates); 293 } 294 295 296 /*************************************************************************** 297 * TLV utility functions 298 * 299 * TLVs are Marvell specific. They are very similar to IEs, they have the 300 * same structure: type, length, data*. The only difference: for IEs, the 301 * type and length are u8, but for TLVs they're __le16. 302 */ 303 304 305 /* 306 * Add ssid TLV 307 */ 308 #define LBS_MAX_SSID_TLV_SIZE \ 309 (sizeof(struct mrvl_ie_header) \ 310 + IEEE80211_MAX_SSID_LEN) 311 312 static int lbs_add_ssid_tlv(u8 *tlv, const u8 *ssid, int ssid_len) 313 { 314 struct mrvl_ie_ssid_param_set *ssid_tlv = (void *)tlv; 315 316 /* 317 * TLV-ID SSID 00 00 318 * length 06 00 319 * ssid 4d 4e 54 45 53 54 320 */ 321 ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID); 322 ssid_tlv->header.len = cpu_to_le16(ssid_len); 323 memcpy(ssid_tlv->ssid, ssid, ssid_len); 324 return sizeof(ssid_tlv->header) + ssid_len; 325 } 326 327 328 /* 329 * Add channel list TLV (section 8.4.2) 330 * 331 * Actual channel data comes from priv->wdev->wiphy->channels. 332 */ 333 #define LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 334 (sizeof(struct mrvl_ie_header) \ 335 + (LBS_SCAN_BEFORE_NAP * sizeof(struct chanscanparamset))) 336 337 static int lbs_add_channel_list_tlv(struct lbs_private *priv, u8 *tlv, 338 int last_channel, int active_scan) 339 { 340 int chanscanparamsize = sizeof(struct chanscanparamset) * 341 (last_channel - priv->scan_channel); 342 343 struct mrvl_ie_header *header = (void *) tlv; 344 345 /* 346 * TLV-ID CHANLIST 01 01 347 * length 0e 00 348 * channel 00 01 00 00 00 64 00 349 * radio type 00 350 * channel 01 351 * scan type 00 352 * min scan time 00 00 353 * max scan time 64 00 354 * channel 2 00 02 00 00 00 64 00 355 * 356 */ 357 358 header->type = cpu_to_le16(TLV_TYPE_CHANLIST); 359 header->len = cpu_to_le16(chanscanparamsize); 360 tlv += sizeof(struct mrvl_ie_header); 361 362 /* lbs_deb_scan("scan: channels %d to %d\n", priv->scan_channel, 363 last_channel); */ 364 memset(tlv, 0, chanscanparamsize); 365 366 while (priv->scan_channel < last_channel) { 367 struct chanscanparamset *param = (void *) tlv; 368 369 param->radiotype = CMD_SCAN_RADIO_TYPE_BG; 370 param->channumber = 371 priv->scan_req->channels[priv->scan_channel]->hw_value; 372 if (active_scan) { 373 param->maxscantime = cpu_to_le16(LBS_DWELL_ACTIVE); 374 } else { 375 param->chanscanmode.passivescan = 1; 376 param->maxscantime = cpu_to_le16(LBS_DWELL_PASSIVE); 377 } 378 tlv += sizeof(struct chanscanparamset); 379 priv->scan_channel++; 380 } 381 return sizeof(struct mrvl_ie_header) + chanscanparamsize; 382 } 383 384 385 /* 386 * Add rates TLV 387 * 388 * The rates are in lbs_bg_rates[], but for the 802.11b 389 * rates the high bit is set. We add this TLV only because 390 * there's a firmware which otherwise doesn't report all 391 * APs in range. 392 */ 393 #define LBS_MAX_RATES_TLV_SIZE \ 394 (sizeof(struct mrvl_ie_header) \ 395 + (ARRAY_SIZE(lbs_rates))) 396 397 /* Adds a TLV with all rates the hardware supports */ 398 static int lbs_add_supported_rates_tlv(u8 *tlv) 399 { 400 size_t i; 401 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 402 403 /* 404 * TLV-ID RATES 01 00 405 * length 0e 00 406 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 407 */ 408 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 409 tlv += sizeof(rate_tlv->header); 410 i = lbs_add_rates(tlv); 411 tlv += i; 412 rate_tlv->header.len = cpu_to_le16(i); 413 return sizeof(rate_tlv->header) + i; 414 } 415 416 /* Add common rates from a TLV and return the new end of the TLV */ 417 static u8 * 418 add_ie_rates(u8 *tlv, const u8 *ie, int *nrates) 419 { 420 int hw, ap, ap_max = ie[1]; 421 u8 hw_rate; 422 423 /* Advance past IE header */ 424 ie += 2; 425 426 lbs_deb_hex(LBS_DEB_ASSOC, "AP IE Rates", (u8 *) ie, ap_max); 427 428 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 429 hw_rate = lbs_rates[hw].bitrate / 5; 430 for (ap = 0; ap < ap_max; ap++) { 431 if (hw_rate == (ie[ap] & 0x7f)) { 432 *tlv++ = ie[ap]; 433 *nrates = *nrates + 1; 434 } 435 } 436 } 437 return tlv; 438 } 439 440 /* 441 * Adds a TLV with all rates the hardware *and* BSS supports. 442 */ 443 static int lbs_add_common_rates_tlv(u8 *tlv, struct cfg80211_bss *bss) 444 { 445 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv; 446 const u8 *rates_eid, *ext_rates_eid; 447 int n = 0; 448 449 rcu_read_lock(); 450 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 451 ext_rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 452 453 /* 454 * 01 00 TLV_TYPE_RATES 455 * 04 00 len 456 * 82 84 8b 96 rates 457 */ 458 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); 459 tlv += sizeof(rate_tlv->header); 460 461 /* Add basic rates */ 462 if (rates_eid) { 463 tlv = add_ie_rates(tlv, rates_eid, &n); 464 465 /* Add extended rates, if any */ 466 if (ext_rates_eid) 467 tlv = add_ie_rates(tlv, ext_rates_eid, &n); 468 } else { 469 lbs_deb_assoc("assoc: bss had no basic rate IE\n"); 470 /* Fallback: add basic 802.11b rates */ 471 *tlv++ = 0x82; 472 *tlv++ = 0x84; 473 *tlv++ = 0x8b; 474 *tlv++ = 0x96; 475 n = 4; 476 } 477 rcu_read_unlock(); 478 479 rate_tlv->header.len = cpu_to_le16(n); 480 return sizeof(rate_tlv->header) + n; 481 } 482 483 484 /* 485 * Add auth type TLV. 486 * 487 * This is only needed for newer firmware (V9 and up). 488 */ 489 #define LBS_MAX_AUTH_TYPE_TLV_SIZE \ 490 sizeof(struct mrvl_ie_auth_type) 491 492 static int lbs_add_auth_type_tlv(u8 *tlv, enum nl80211_auth_type auth_type) 493 { 494 struct mrvl_ie_auth_type *auth = (void *) tlv; 495 496 /* 497 * 1f 01 TLV_TYPE_AUTH_TYPE 498 * 01 00 len 499 * 01 auth type 500 */ 501 auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE); 502 auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header)); 503 auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type)); 504 return sizeof(*auth); 505 } 506 507 508 /* 509 * Add channel (phy ds) TLV 510 */ 511 #define LBS_MAX_CHANNEL_TLV_SIZE \ 512 sizeof(struct mrvl_ie_header) 513 514 static int lbs_add_channel_tlv(u8 *tlv, u8 channel) 515 { 516 struct mrvl_ie_ds_param_set *ds = (void *) tlv; 517 518 /* 519 * 03 00 TLV_TYPE_PHY_DS 520 * 01 00 len 521 * 06 channel 522 */ 523 ds->header.type = cpu_to_le16(TLV_TYPE_PHY_DS); 524 ds->header.len = cpu_to_le16(sizeof(*ds)-sizeof(ds->header)); 525 ds->channel = channel; 526 return sizeof(*ds); 527 } 528 529 530 /* 531 * Add (empty) CF param TLV of the form: 532 */ 533 #define LBS_MAX_CF_PARAM_TLV_SIZE \ 534 sizeof(struct mrvl_ie_header) 535 536 static int lbs_add_cf_param_tlv(u8 *tlv) 537 { 538 struct mrvl_ie_cf_param_set *cf = (void *)tlv; 539 540 /* 541 * 04 00 TLV_TYPE_CF 542 * 06 00 len 543 * 00 cfpcnt 544 * 00 cfpperiod 545 * 00 00 cfpmaxduration 546 * 00 00 cfpdurationremaining 547 */ 548 cf->header.type = cpu_to_le16(TLV_TYPE_CF); 549 cf->header.len = cpu_to_le16(sizeof(*cf)-sizeof(cf->header)); 550 return sizeof(*cf); 551 } 552 553 /* 554 * Add WPA TLV 555 */ 556 #define LBS_MAX_WPA_TLV_SIZE \ 557 (sizeof(struct mrvl_ie_header) \ 558 + 128 /* TODO: I guessed the size */) 559 560 static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len) 561 { 562 size_t tlv_len; 563 564 /* 565 * We need just convert an IE to an TLV. IEs use u8 for the header, 566 * u8 type 567 * u8 len 568 * u8[] data 569 * but TLVs use __le16 instead: 570 * __le16 type 571 * __le16 len 572 * u8[] data 573 */ 574 *tlv++ = *ie++; 575 *tlv++ = 0; 576 tlv_len = *tlv++ = *ie++; 577 *tlv++ = 0; 578 while (tlv_len--) 579 *tlv++ = *ie++; 580 /* the TLV is two bytes larger than the IE */ 581 return ie_len + 2; 582 } 583 584 /* 585 * Set Channel 586 */ 587 588 static int lbs_cfg_set_monitor_channel(struct wiphy *wiphy, 589 struct cfg80211_chan_def *chandef) 590 { 591 struct lbs_private *priv = wiphy_priv(wiphy); 592 int ret = -ENOTSUPP; 593 594 lbs_deb_enter_args(LBS_DEB_CFG80211, "freq %d, type %d", 595 chandef->chan->center_freq, 596 cfg80211_get_chandef_type(chandef)); 597 598 if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT) 599 goto out; 600 601 ret = lbs_set_channel(priv, chandef->chan->hw_value); 602 603 out: 604 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 605 return ret; 606 } 607 608 static int lbs_cfg_set_mesh_channel(struct wiphy *wiphy, 609 struct net_device *netdev, 610 struct ieee80211_channel *channel) 611 { 612 struct lbs_private *priv = wiphy_priv(wiphy); 613 int ret = -ENOTSUPP; 614 615 lbs_deb_enter_args(LBS_DEB_CFG80211, "iface %s freq %d", 616 netdev_name(netdev), channel->center_freq); 617 618 if (netdev != priv->mesh_dev) 619 goto out; 620 621 ret = lbs_mesh_set_channel(priv, channel->hw_value); 622 623 out: 624 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 625 return ret; 626 } 627 628 629 630 /* 631 * Scanning 632 */ 633 634 /* 635 * When scanning, the firmware doesn't send a nul packet with the power-safe 636 * bit to the AP. So we cannot stay away from our current channel too long, 637 * otherwise we loose data. So take a "nap" while scanning every other 638 * while. 639 */ 640 #define LBS_SCAN_BEFORE_NAP 4 641 642 643 /* 644 * When the firmware reports back a scan-result, it gives us an "u8 rssi", 645 * which isn't really an RSSI, as it becomes larger when moving away from 646 * the AP. Anyway, we need to convert that into mBm. 647 */ 648 #define LBS_SCAN_RSSI_TO_MBM(rssi) \ 649 ((-(int)rssi + 3)*100) 650 651 static int lbs_ret_scan(struct lbs_private *priv, unsigned long dummy, 652 struct cmd_header *resp) 653 { 654 struct cfg80211_bss *bss; 655 struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp; 656 int bsssize; 657 const u8 *pos; 658 const u8 *tsfdesc; 659 int tsfsize; 660 int i; 661 int ret = -EILSEQ; 662 663 lbs_deb_enter(LBS_DEB_CFG80211); 664 665 bsssize = get_unaligned_le16(&scanresp->bssdescriptsize); 666 667 lbs_deb_scan("scan response: %d BSSs (%d bytes); resp size %d bytes\n", 668 scanresp->nr_sets, bsssize, le16_to_cpu(resp->size)); 669 670 if (scanresp->nr_sets == 0) { 671 ret = 0; 672 goto done; 673 } 674 675 /* 676 * The general layout of the scan response is described in chapter 677 * 5.7.1. Basically we have a common part, then any number of BSS 678 * descriptor sections. Finally we have section with the same number 679 * of TSFs. 680 * 681 * cmd_ds_802_11_scan_rsp 682 * cmd_header 683 * pos_size 684 * nr_sets 685 * bssdesc 1 686 * bssid 687 * rssi 688 * timestamp 689 * intvl 690 * capa 691 * IEs 692 * bssdesc 2 693 * bssdesc n 694 * MrvlIEtypes_TsfFimestamp_t 695 * TSF for BSS 1 696 * TSF for BSS 2 697 * TSF for BSS n 698 */ 699 700 pos = scanresp->bssdesc_and_tlvbuffer; 701 702 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_RSP", scanresp->bssdesc_and_tlvbuffer, 703 scanresp->bssdescriptsize); 704 705 tsfdesc = pos + bsssize; 706 tsfsize = 4 + 8 * scanresp->nr_sets; 707 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TSF", (u8 *) tsfdesc, tsfsize); 708 709 /* Validity check: we expect a Marvell-Local TLV */ 710 i = get_unaligned_le16(tsfdesc); 711 tsfdesc += 2; 712 if (i != TLV_TYPE_TSFTIMESTAMP) { 713 lbs_deb_scan("scan response: invalid TSF Timestamp %d\n", i); 714 goto done; 715 } 716 717 /* 718 * Validity check: the TLV holds TSF values with 8 bytes each, so 719 * the size in the TLV must match the nr_sets value 720 */ 721 i = get_unaligned_le16(tsfdesc); 722 tsfdesc += 2; 723 if (i / 8 != scanresp->nr_sets) { 724 lbs_deb_scan("scan response: invalid number of TSF timestamp " 725 "sets (expected %d got %d)\n", scanresp->nr_sets, 726 i / 8); 727 goto done; 728 } 729 730 for (i = 0; i < scanresp->nr_sets; i++) { 731 const u8 *bssid; 732 const u8 *ie; 733 int left; 734 int ielen; 735 int rssi; 736 u16 intvl; 737 u16 capa; 738 int chan_no = -1; 739 const u8 *ssid = NULL; 740 u8 ssid_len = 0; 741 742 int len = get_unaligned_le16(pos); 743 pos += 2; 744 745 /* BSSID */ 746 bssid = pos; 747 pos += ETH_ALEN; 748 /* RSSI */ 749 rssi = *pos++; 750 /* Packet time stamp */ 751 pos += 8; 752 /* Beacon interval */ 753 intvl = get_unaligned_le16(pos); 754 pos += 2; 755 /* Capabilities */ 756 capa = get_unaligned_le16(pos); 757 pos += 2; 758 759 /* To find out the channel, we must parse the IEs */ 760 ie = pos; 761 /* 762 * 6+1+8+2+2: size of BSSID, RSSI, time stamp, beacon 763 * interval, capabilities 764 */ 765 ielen = left = len - (6 + 1 + 8 + 2 + 2); 766 while (left >= 2) { 767 u8 id, elen; 768 id = *pos++; 769 elen = *pos++; 770 left -= 2; 771 if (elen > left) { 772 lbs_deb_scan("scan response: invalid IE fmt\n"); 773 goto done; 774 } 775 776 if (id == WLAN_EID_DS_PARAMS) 777 chan_no = *pos; 778 if (id == WLAN_EID_SSID) { 779 ssid = pos; 780 ssid_len = elen; 781 } 782 left -= elen; 783 pos += elen; 784 } 785 786 /* No channel, no luck */ 787 if (chan_no != -1) { 788 struct wiphy *wiphy = priv->wdev->wiphy; 789 int freq = ieee80211_channel_to_frequency(chan_no, 790 IEEE80211_BAND_2GHZ); 791 struct ieee80211_channel *channel = 792 ieee80211_get_channel(wiphy, freq); 793 794 lbs_deb_scan("scan: %pM, capa %04x, chan %2d, %*pE, %d dBm\n", 795 bssid, capa, chan_no, ssid_len, ssid, 796 LBS_SCAN_RSSI_TO_MBM(rssi)/100); 797 798 if (channel && 799 !(channel->flags & IEEE80211_CHAN_DISABLED)) { 800 bss = cfg80211_inform_bss(wiphy, channel, 801 CFG80211_BSS_FTYPE_UNKNOWN, 802 bssid, get_unaligned_le64(tsfdesc), 803 capa, intvl, ie, ielen, 804 LBS_SCAN_RSSI_TO_MBM(rssi), 805 GFP_KERNEL); 806 cfg80211_put_bss(wiphy, bss); 807 } 808 } else 809 lbs_deb_scan("scan response: missing BSS channel IE\n"); 810 811 tsfdesc += 8; 812 } 813 ret = 0; 814 815 done: 816 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret); 817 return ret; 818 } 819 820 821 /* 822 * Our scan command contains a TLV, consting of a SSID TLV, a channel list 823 * TLV and a rates TLV. Determine the maximum size of them: 824 */ 825 #define LBS_SCAN_MAX_CMD_SIZE \ 826 (sizeof(struct cmd_ds_802_11_scan) \ 827 + LBS_MAX_SSID_TLV_SIZE \ 828 + LBS_MAX_CHANNEL_LIST_TLV_SIZE \ 829 + LBS_MAX_RATES_TLV_SIZE) 830 831 /* 832 * Assumes priv->scan_req is initialized and valid 833 * Assumes priv->scan_channel is initialized 834 */ 835 static void lbs_scan_worker(struct work_struct *work) 836 { 837 struct lbs_private *priv = 838 container_of(work, struct lbs_private, scan_work.work); 839 struct cmd_ds_802_11_scan *scan_cmd; 840 u8 *tlv; /* pointer into our current, growing TLV storage area */ 841 int last_channel; 842 int running, carrier; 843 844 lbs_deb_enter(LBS_DEB_SCAN); 845 846 scan_cmd = kzalloc(LBS_SCAN_MAX_CMD_SIZE, GFP_KERNEL); 847 if (scan_cmd == NULL) 848 goto out_no_scan_cmd; 849 850 /* prepare fixed part of scan command */ 851 scan_cmd->bsstype = CMD_BSS_TYPE_ANY; 852 853 /* stop network while we're away from our main channel */ 854 running = !netif_queue_stopped(priv->dev); 855 carrier = netif_carrier_ok(priv->dev); 856 if (running) 857 netif_stop_queue(priv->dev); 858 if (carrier) 859 netif_carrier_off(priv->dev); 860 861 /* prepare fixed part of scan command */ 862 tlv = scan_cmd->tlvbuffer; 863 864 /* add SSID TLV */ 865 if (priv->scan_req->n_ssids && priv->scan_req->ssids[0].ssid_len > 0) 866 tlv += lbs_add_ssid_tlv(tlv, 867 priv->scan_req->ssids[0].ssid, 868 priv->scan_req->ssids[0].ssid_len); 869 870 /* add channel TLVs */ 871 last_channel = priv->scan_channel + LBS_SCAN_BEFORE_NAP; 872 if (last_channel > priv->scan_req->n_channels) 873 last_channel = priv->scan_req->n_channels; 874 tlv += lbs_add_channel_list_tlv(priv, tlv, last_channel, 875 priv->scan_req->n_ssids); 876 877 /* add rates TLV */ 878 tlv += lbs_add_supported_rates_tlv(tlv); 879 880 if (priv->scan_channel < priv->scan_req->n_channels) { 881 cancel_delayed_work(&priv->scan_work); 882 if (netif_running(priv->dev)) 883 queue_delayed_work(priv->work_thread, &priv->scan_work, 884 msecs_to_jiffies(300)); 885 } 886 887 /* This is the final data we are about to send */ 888 scan_cmd->hdr.size = cpu_to_le16(tlv - (u8 *)scan_cmd); 889 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd, 890 sizeof(*scan_cmd)); 891 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer, 892 tlv - scan_cmd->tlvbuffer); 893 894 __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr, 895 le16_to_cpu(scan_cmd->hdr.size), 896 lbs_ret_scan, 0); 897 898 if (priv->scan_channel >= priv->scan_req->n_channels) { 899 /* Mark scan done */ 900 cancel_delayed_work(&priv->scan_work); 901 lbs_scan_done(priv); 902 } 903 904 /* Restart network */ 905 if (carrier) 906 netif_carrier_on(priv->dev); 907 if (running && !priv->tx_pending_len) 908 netif_wake_queue(priv->dev); 909 910 kfree(scan_cmd); 911 912 /* Wake up anything waiting on scan completion */ 913 if (priv->scan_req == NULL) { 914 lbs_deb_scan("scan: waking up waiters\n"); 915 wake_up_all(&priv->scan_q); 916 } 917 918 out_no_scan_cmd: 919 lbs_deb_leave(LBS_DEB_SCAN); 920 } 921 922 static void _internal_start_scan(struct lbs_private *priv, bool internal, 923 struct cfg80211_scan_request *request) 924 { 925 lbs_deb_enter(LBS_DEB_CFG80211); 926 927 lbs_deb_scan("scan: ssids %d, channels %d, ie_len %zd\n", 928 request->n_ssids, request->n_channels, request->ie_len); 929 930 priv->scan_channel = 0; 931 priv->scan_req = request; 932 priv->internal_scan = internal; 933 934 queue_delayed_work(priv->work_thread, &priv->scan_work, 935 msecs_to_jiffies(50)); 936 937 lbs_deb_leave(LBS_DEB_CFG80211); 938 } 939 940 /* 941 * Clean up priv->scan_req. Should be used to handle the allocation details. 942 */ 943 void lbs_scan_done(struct lbs_private *priv) 944 { 945 WARN_ON(!priv->scan_req); 946 947 if (priv->internal_scan) 948 kfree(priv->scan_req); 949 else 950 cfg80211_scan_done(priv->scan_req, false); 951 952 priv->scan_req = NULL; 953 } 954 955 static int lbs_cfg_scan(struct wiphy *wiphy, 956 struct cfg80211_scan_request *request) 957 { 958 struct lbs_private *priv = wiphy_priv(wiphy); 959 int ret = 0; 960 961 lbs_deb_enter(LBS_DEB_CFG80211); 962 963 if (priv->scan_req || delayed_work_pending(&priv->scan_work)) { 964 /* old scan request not yet processed */ 965 ret = -EAGAIN; 966 goto out; 967 } 968 969 _internal_start_scan(priv, false, request); 970 971 if (priv->surpriseremoved) 972 ret = -EIO; 973 974 out: 975 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 976 return ret; 977 } 978 979 980 981 982 /* 983 * Events 984 */ 985 986 void lbs_send_disconnect_notification(struct lbs_private *priv, 987 bool locally_generated) 988 { 989 lbs_deb_enter(LBS_DEB_CFG80211); 990 991 cfg80211_disconnected(priv->dev, 0, NULL, 0, locally_generated, 992 GFP_KERNEL); 993 994 lbs_deb_leave(LBS_DEB_CFG80211); 995 } 996 997 void lbs_send_mic_failureevent(struct lbs_private *priv, u32 event) 998 { 999 lbs_deb_enter(LBS_DEB_CFG80211); 1000 1001 cfg80211_michael_mic_failure(priv->dev, 1002 priv->assoc_bss, 1003 event == MACREG_INT_CODE_MIC_ERR_MULTICAST ? 1004 NL80211_KEYTYPE_GROUP : 1005 NL80211_KEYTYPE_PAIRWISE, 1006 -1, 1007 NULL, 1008 GFP_KERNEL); 1009 1010 lbs_deb_leave(LBS_DEB_CFG80211); 1011 } 1012 1013 1014 1015 1016 /* 1017 * Connect/disconnect 1018 */ 1019 1020 1021 /* 1022 * This removes all WEP keys 1023 */ 1024 static int lbs_remove_wep_keys(struct lbs_private *priv) 1025 { 1026 struct cmd_ds_802_11_set_wep cmd; 1027 int ret; 1028 1029 lbs_deb_enter(LBS_DEB_CFG80211); 1030 1031 memset(&cmd, 0, sizeof(cmd)); 1032 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1033 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 1034 cmd.action = cpu_to_le16(CMD_ACT_REMOVE); 1035 1036 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 1037 1038 lbs_deb_leave(LBS_DEB_CFG80211); 1039 return ret; 1040 } 1041 1042 /* 1043 * Set WEP keys 1044 */ 1045 static int lbs_set_wep_keys(struct lbs_private *priv) 1046 { 1047 struct cmd_ds_802_11_set_wep cmd; 1048 int i; 1049 int ret; 1050 1051 lbs_deb_enter(LBS_DEB_CFG80211); 1052 1053 /* 1054 * command 13 00 1055 * size 50 00 1056 * sequence xx xx 1057 * result 00 00 1058 * action 02 00 ACT_ADD 1059 * transmit key 00 00 1060 * type for key 1 01 WEP40 1061 * type for key 2 00 1062 * type for key 3 00 1063 * type for key 4 00 1064 * key 1 39 39 39 39 39 00 00 00 1065 * 00 00 00 00 00 00 00 00 1066 * key 2 00 00 00 00 00 00 00 00 1067 * 00 00 00 00 00 00 00 00 1068 * key 3 00 00 00 00 00 00 00 00 1069 * 00 00 00 00 00 00 00 00 1070 * key 4 00 00 00 00 00 00 00 00 1071 */ 1072 if (priv->wep_key_len[0] || priv->wep_key_len[1] || 1073 priv->wep_key_len[2] || priv->wep_key_len[3]) { 1074 /* Only set wep keys if we have at least one of them */ 1075 memset(&cmd, 0, sizeof(cmd)); 1076 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1077 cmd.keyindex = cpu_to_le16(priv->wep_tx_key); 1078 cmd.action = cpu_to_le16(CMD_ACT_ADD); 1079 1080 for (i = 0; i < 4; i++) { 1081 switch (priv->wep_key_len[i]) { 1082 case WLAN_KEY_LEN_WEP40: 1083 cmd.keytype[i] = CMD_TYPE_WEP_40_BIT; 1084 break; 1085 case WLAN_KEY_LEN_WEP104: 1086 cmd.keytype[i] = CMD_TYPE_WEP_104_BIT; 1087 break; 1088 default: 1089 cmd.keytype[i] = 0; 1090 break; 1091 } 1092 memcpy(cmd.keymaterial[i], priv->wep_key[i], 1093 priv->wep_key_len[i]); 1094 } 1095 1096 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd); 1097 } else { 1098 /* Otherwise remove all wep keys */ 1099 ret = lbs_remove_wep_keys(priv); 1100 } 1101 1102 lbs_deb_leave(LBS_DEB_CFG80211); 1103 return ret; 1104 } 1105 1106 1107 /* 1108 * Enable/Disable RSN status 1109 */ 1110 static int lbs_enable_rsn(struct lbs_private *priv, int enable) 1111 { 1112 struct cmd_ds_802_11_enable_rsn cmd; 1113 int ret; 1114 1115 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", enable); 1116 1117 /* 1118 * cmd 2f 00 1119 * size 0c 00 1120 * sequence xx xx 1121 * result 00 00 1122 * action 01 00 ACT_SET 1123 * enable 01 00 1124 */ 1125 memset(&cmd, 0, sizeof(cmd)); 1126 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1127 cmd.action = cpu_to_le16(CMD_ACT_SET); 1128 cmd.enable = cpu_to_le16(enable); 1129 1130 ret = lbs_cmd_with_response(priv, CMD_802_11_ENABLE_RSN, &cmd); 1131 1132 lbs_deb_leave(LBS_DEB_CFG80211); 1133 return ret; 1134 } 1135 1136 1137 /* 1138 * Set WPA/WPA key material 1139 */ 1140 1141 /* 1142 * like "struct cmd_ds_802_11_key_material", but with cmd_header. Once we 1143 * get rid of WEXT, this should go into host.h 1144 */ 1145 1146 struct cmd_key_material { 1147 struct cmd_header hdr; 1148 1149 __le16 action; 1150 struct MrvlIEtype_keyParamSet param; 1151 } __packed; 1152 1153 static int lbs_set_key_material(struct lbs_private *priv, 1154 int key_type, int key_info, 1155 const u8 *key, u16 key_len) 1156 { 1157 struct cmd_key_material cmd; 1158 int ret; 1159 1160 lbs_deb_enter(LBS_DEB_CFG80211); 1161 1162 /* 1163 * Example for WPA (TKIP): 1164 * 1165 * cmd 5e 00 1166 * size 34 00 1167 * sequence xx xx 1168 * result 00 00 1169 * action 01 00 1170 * TLV type 00 01 key param 1171 * length 00 26 1172 * key type 01 00 TKIP 1173 * key info 06 00 UNICAST | ENABLED 1174 * key len 20 00 1175 * key 32 bytes 1176 */ 1177 memset(&cmd, 0, sizeof(cmd)); 1178 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1179 cmd.action = cpu_to_le16(CMD_ACT_SET); 1180 cmd.param.type = cpu_to_le16(TLV_TYPE_KEY_MATERIAL); 1181 cmd.param.length = cpu_to_le16(sizeof(cmd.param) - 4); 1182 cmd.param.keytypeid = cpu_to_le16(key_type); 1183 cmd.param.keyinfo = cpu_to_le16(key_info); 1184 cmd.param.keylen = cpu_to_le16(key_len); 1185 if (key && key_len) 1186 memcpy(cmd.param.key, key, key_len); 1187 1188 ret = lbs_cmd_with_response(priv, CMD_802_11_KEY_MATERIAL, &cmd); 1189 1190 lbs_deb_leave(LBS_DEB_CFG80211); 1191 return ret; 1192 } 1193 1194 1195 /* 1196 * Sets the auth type (open, shared, etc) in the firmware. That 1197 * we use CMD_802_11_AUTHENTICATE is misleading, this firmware 1198 * command doesn't send an authentication frame at all, it just 1199 * stores the auth_type. 1200 */ 1201 static int lbs_set_authtype(struct lbs_private *priv, 1202 struct cfg80211_connect_params *sme) 1203 { 1204 struct cmd_ds_802_11_authenticate cmd; 1205 int ret; 1206 1207 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", sme->auth_type); 1208 1209 /* 1210 * cmd 11 00 1211 * size 19 00 1212 * sequence xx xx 1213 * result 00 00 1214 * BSS id 00 13 19 80 da 30 1215 * auth type 00 1216 * reserved 00 00 00 00 00 00 00 00 00 00 1217 */ 1218 memset(&cmd, 0, sizeof(cmd)); 1219 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1220 if (sme->bssid) 1221 memcpy(cmd.bssid, sme->bssid, ETH_ALEN); 1222 /* convert auth_type */ 1223 ret = lbs_auth_to_authtype(sme->auth_type); 1224 if (ret < 0) 1225 goto done; 1226 1227 cmd.authtype = ret; 1228 ret = lbs_cmd_with_response(priv, CMD_802_11_AUTHENTICATE, &cmd); 1229 1230 done: 1231 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1232 return ret; 1233 } 1234 1235 1236 /* 1237 * Create association request 1238 */ 1239 #define LBS_ASSOC_MAX_CMD_SIZE \ 1240 (sizeof(struct cmd_ds_802_11_associate) \ 1241 - 512 /* cmd_ds_802_11_associate.iebuf */ \ 1242 + LBS_MAX_SSID_TLV_SIZE \ 1243 + LBS_MAX_CHANNEL_TLV_SIZE \ 1244 + LBS_MAX_CF_PARAM_TLV_SIZE \ 1245 + LBS_MAX_AUTH_TYPE_TLV_SIZE \ 1246 + LBS_MAX_WPA_TLV_SIZE) 1247 1248 static int lbs_associate(struct lbs_private *priv, 1249 struct cfg80211_bss *bss, 1250 struct cfg80211_connect_params *sme) 1251 { 1252 struct cmd_ds_802_11_associate_response *resp; 1253 struct cmd_ds_802_11_associate *cmd = kzalloc(LBS_ASSOC_MAX_CMD_SIZE, 1254 GFP_KERNEL); 1255 const u8 *ssid_eid; 1256 size_t len, resp_ie_len; 1257 int status; 1258 int ret; 1259 u8 *pos; 1260 u8 *tmp; 1261 1262 lbs_deb_enter(LBS_DEB_CFG80211); 1263 1264 if (!cmd) { 1265 ret = -ENOMEM; 1266 goto done; 1267 } 1268 pos = &cmd->iebuf[0]; 1269 1270 /* 1271 * cmd 50 00 1272 * length 34 00 1273 * sequence xx xx 1274 * result 00 00 1275 * BSS id 00 13 19 80 da 30 1276 * capabilities 11 00 1277 * listen interval 0a 00 1278 * beacon interval 00 00 1279 * DTIM period 00 1280 * TLVs xx (up to 512 bytes) 1281 */ 1282 cmd->hdr.command = cpu_to_le16(CMD_802_11_ASSOCIATE); 1283 1284 /* Fill in static fields */ 1285 memcpy(cmd->bssid, bss->bssid, ETH_ALEN); 1286 cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL); 1287 cmd->capability = cpu_to_le16(bss->capability); 1288 1289 /* add SSID TLV */ 1290 rcu_read_lock(); 1291 ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID); 1292 if (ssid_eid) 1293 pos += lbs_add_ssid_tlv(pos, ssid_eid + 2, ssid_eid[1]); 1294 else 1295 lbs_deb_assoc("no SSID\n"); 1296 rcu_read_unlock(); 1297 1298 /* add DS param TLV */ 1299 if (bss->channel) 1300 pos += lbs_add_channel_tlv(pos, bss->channel->hw_value); 1301 else 1302 lbs_deb_assoc("no channel\n"); 1303 1304 /* add (empty) CF param TLV */ 1305 pos += lbs_add_cf_param_tlv(pos); 1306 1307 /* add rates TLV */ 1308 tmp = pos + 4; /* skip Marvell IE header */ 1309 pos += lbs_add_common_rates_tlv(pos, bss); 1310 lbs_deb_hex(LBS_DEB_ASSOC, "Common Rates", tmp, pos - tmp); 1311 1312 /* add auth type TLV */ 1313 if (MRVL_FW_MAJOR_REV(priv->fwrelease) >= 9) 1314 pos += lbs_add_auth_type_tlv(pos, sme->auth_type); 1315 1316 /* add WPA/WPA2 TLV */ 1317 if (sme->ie && sme->ie_len) 1318 pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len); 1319 1320 len = (sizeof(*cmd) - sizeof(cmd->iebuf)) + 1321 (u16)(pos - (u8 *) &cmd->iebuf); 1322 cmd->hdr.size = cpu_to_le16(len); 1323 1324 lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd, 1325 le16_to_cpu(cmd->hdr.size)); 1326 1327 /* store for later use */ 1328 memcpy(priv->assoc_bss, bss->bssid, ETH_ALEN); 1329 1330 ret = lbs_cmd_with_response(priv, CMD_802_11_ASSOCIATE, cmd); 1331 if (ret) 1332 goto done; 1333 1334 /* generate connect message to cfg80211 */ 1335 1336 resp = (void *) cmd; /* recast for easier field access */ 1337 status = le16_to_cpu(resp->statuscode); 1338 1339 /* Older FW versions map the IEEE 802.11 Status Code in the association 1340 * response to the following values returned in resp->statuscode: 1341 * 1342 * IEEE Status Code Marvell Status Code 1343 * 0 -> 0x0000 ASSOC_RESULT_SUCCESS 1344 * 13 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1345 * 14 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1346 * 15 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1347 * 16 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED 1348 * others -> 0x0003 ASSOC_RESULT_REFUSED 1349 * 1350 * Other response codes: 1351 * 0x0001 -> ASSOC_RESULT_INVALID_PARAMETERS (unused) 1352 * 0x0002 -> ASSOC_RESULT_TIMEOUT (internal timer expired waiting for 1353 * association response from the AP) 1354 */ 1355 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 1356 switch (status) { 1357 case 0: 1358 break; 1359 case 1: 1360 lbs_deb_assoc("invalid association parameters\n"); 1361 status = WLAN_STATUS_CAPS_UNSUPPORTED; 1362 break; 1363 case 2: 1364 lbs_deb_assoc("timer expired while waiting for AP\n"); 1365 status = WLAN_STATUS_AUTH_TIMEOUT; 1366 break; 1367 case 3: 1368 lbs_deb_assoc("association refused by AP\n"); 1369 status = WLAN_STATUS_ASSOC_DENIED_UNSPEC; 1370 break; 1371 case 4: 1372 lbs_deb_assoc("authentication refused by AP\n"); 1373 status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1374 break; 1375 default: 1376 lbs_deb_assoc("association failure %d\n", status); 1377 /* v5 OLPC firmware does return the AP status code if 1378 * it's not one of the values above. Let that through. 1379 */ 1380 break; 1381 } 1382 } 1383 1384 lbs_deb_assoc("status %d, statuscode 0x%04x, capability 0x%04x, " 1385 "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode), 1386 le16_to_cpu(resp->capability), le16_to_cpu(resp->aid)); 1387 1388 resp_ie_len = le16_to_cpu(resp->hdr.size) 1389 - sizeof(resp->hdr) 1390 - 6; 1391 cfg80211_connect_result(priv->dev, 1392 priv->assoc_bss, 1393 sme->ie, sme->ie_len, 1394 resp->iebuf, resp_ie_len, 1395 status, 1396 GFP_KERNEL); 1397 1398 if (status == 0) { 1399 /* TODO: get rid of priv->connect_status */ 1400 priv->connect_status = LBS_CONNECTED; 1401 netif_carrier_on(priv->dev); 1402 if (!priv->tx_pending_len) 1403 netif_tx_wake_all_queues(priv->dev); 1404 } 1405 1406 kfree(cmd); 1407 done: 1408 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1409 return ret; 1410 } 1411 1412 static struct cfg80211_scan_request * 1413 _new_connect_scan_req(struct wiphy *wiphy, struct cfg80211_connect_params *sme) 1414 { 1415 struct cfg80211_scan_request *creq = NULL; 1416 int i, n_channels = ieee80211_get_num_supported_channels(wiphy); 1417 enum ieee80211_band band; 1418 1419 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 1420 n_channels * sizeof(void *), 1421 GFP_ATOMIC); 1422 if (!creq) 1423 return NULL; 1424 1425 /* SSIDs come after channels */ 1426 creq->ssids = (void *)&creq->channels[n_channels]; 1427 creq->n_channels = n_channels; 1428 creq->n_ssids = 1; 1429 1430 /* Scan all available channels */ 1431 i = 0; 1432 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1433 int j; 1434 1435 if (!wiphy->bands[band]) 1436 continue; 1437 1438 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 1439 /* ignore disabled channels */ 1440 if (wiphy->bands[band]->channels[j].flags & 1441 IEEE80211_CHAN_DISABLED) 1442 continue; 1443 1444 creq->channels[i] = &wiphy->bands[band]->channels[j]; 1445 i++; 1446 } 1447 } 1448 if (i) { 1449 /* Set real number of channels specified in creq->channels[] */ 1450 creq->n_channels = i; 1451 1452 /* Scan for the SSID we're going to connect to */ 1453 memcpy(creq->ssids[0].ssid, sme->ssid, sme->ssid_len); 1454 creq->ssids[0].ssid_len = sme->ssid_len; 1455 } else { 1456 /* No channels found... */ 1457 kfree(creq); 1458 creq = NULL; 1459 } 1460 1461 return creq; 1462 } 1463 1464 static int lbs_cfg_connect(struct wiphy *wiphy, struct net_device *dev, 1465 struct cfg80211_connect_params *sme) 1466 { 1467 struct lbs_private *priv = wiphy_priv(wiphy); 1468 struct cfg80211_bss *bss = NULL; 1469 int ret = 0; 1470 u8 preamble = RADIO_PREAMBLE_SHORT; 1471 1472 if (dev == priv->mesh_dev) 1473 return -EOPNOTSUPP; 1474 1475 lbs_deb_enter(LBS_DEB_CFG80211); 1476 1477 if (!sme->bssid) { 1478 struct cfg80211_scan_request *creq; 1479 1480 /* 1481 * Scan for the requested network after waiting for existing 1482 * scans to finish. 1483 */ 1484 lbs_deb_assoc("assoc: waiting for existing scans\n"); 1485 wait_event_interruptible_timeout(priv->scan_q, 1486 (priv->scan_req == NULL), 1487 (15 * HZ)); 1488 1489 creq = _new_connect_scan_req(wiphy, sme); 1490 if (!creq) { 1491 ret = -EINVAL; 1492 goto done; 1493 } 1494 1495 lbs_deb_assoc("assoc: scanning for compatible AP\n"); 1496 _internal_start_scan(priv, true, creq); 1497 1498 lbs_deb_assoc("assoc: waiting for scan to complete\n"); 1499 wait_event_interruptible_timeout(priv->scan_q, 1500 (priv->scan_req == NULL), 1501 (15 * HZ)); 1502 lbs_deb_assoc("assoc: scanning completed\n"); 1503 } 1504 1505 /* Find the BSS we want using available scan results */ 1506 bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid, 1507 sme->ssid, sme->ssid_len, IEEE80211_BSS_TYPE_ESS, 1508 IEEE80211_PRIVACY_ANY); 1509 if (!bss) { 1510 wiphy_err(wiphy, "assoc: bss %pM not in scan results\n", 1511 sme->bssid); 1512 ret = -ENOENT; 1513 goto done; 1514 } 1515 lbs_deb_assoc("trying %pM\n", bss->bssid); 1516 lbs_deb_assoc("cipher 0x%x, key index %d, key len %d\n", 1517 sme->crypto.cipher_group, 1518 sme->key_idx, sme->key_len); 1519 1520 /* As this is a new connection, clear locally stored WEP keys */ 1521 priv->wep_tx_key = 0; 1522 memset(priv->wep_key, 0, sizeof(priv->wep_key)); 1523 memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len)); 1524 1525 /* set/remove WEP keys */ 1526 switch (sme->crypto.cipher_group) { 1527 case WLAN_CIPHER_SUITE_WEP40: 1528 case WLAN_CIPHER_SUITE_WEP104: 1529 /* Store provided WEP keys in priv-> */ 1530 priv->wep_tx_key = sme->key_idx; 1531 priv->wep_key_len[sme->key_idx] = sme->key_len; 1532 memcpy(priv->wep_key[sme->key_idx], sme->key, sme->key_len); 1533 /* Set WEP keys and WEP mode */ 1534 lbs_set_wep_keys(priv); 1535 priv->mac_control |= CMD_ACT_MAC_WEP_ENABLE; 1536 lbs_set_mac_control(priv); 1537 /* No RSN mode for WEP */ 1538 lbs_enable_rsn(priv, 0); 1539 break; 1540 case 0: /* there's no WLAN_CIPHER_SUITE_NONE definition */ 1541 /* 1542 * If we don't have no WEP, no WPA and no WPA2, 1543 * we remove all keys like in the WPA/WPA2 setup, 1544 * we just don't set RSN. 1545 * 1546 * Therefore: fall-through 1547 */ 1548 case WLAN_CIPHER_SUITE_TKIP: 1549 case WLAN_CIPHER_SUITE_CCMP: 1550 /* Remove WEP keys and WEP mode */ 1551 lbs_remove_wep_keys(priv); 1552 priv->mac_control &= ~CMD_ACT_MAC_WEP_ENABLE; 1553 lbs_set_mac_control(priv); 1554 1555 /* clear the WPA/WPA2 keys */ 1556 lbs_set_key_material(priv, 1557 KEY_TYPE_ID_WEP, /* doesn't matter */ 1558 KEY_INFO_WPA_UNICAST, 1559 NULL, 0); 1560 lbs_set_key_material(priv, 1561 KEY_TYPE_ID_WEP, /* doesn't matter */ 1562 KEY_INFO_WPA_MCAST, 1563 NULL, 0); 1564 /* RSN mode for WPA/WPA2 */ 1565 lbs_enable_rsn(priv, sme->crypto.cipher_group != 0); 1566 break; 1567 default: 1568 wiphy_err(wiphy, "unsupported cipher group 0x%x\n", 1569 sme->crypto.cipher_group); 1570 ret = -ENOTSUPP; 1571 goto done; 1572 } 1573 1574 ret = lbs_set_authtype(priv, sme); 1575 if (ret == -ENOTSUPP) { 1576 wiphy_err(wiphy, "unsupported authtype 0x%x\n", sme->auth_type); 1577 goto done; 1578 } 1579 1580 lbs_set_radio(priv, preamble, 1); 1581 1582 /* Do the actual association */ 1583 ret = lbs_associate(priv, bss, sme); 1584 1585 done: 1586 if (bss) 1587 cfg80211_put_bss(wiphy, bss); 1588 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1589 return ret; 1590 } 1591 1592 int lbs_disconnect(struct lbs_private *priv, u16 reason) 1593 { 1594 struct cmd_ds_802_11_deauthenticate cmd; 1595 int ret; 1596 1597 memset(&cmd, 0, sizeof(cmd)); 1598 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1599 /* Mildly ugly to use a locally store my own BSSID ... */ 1600 memcpy(cmd.macaddr, &priv->assoc_bss, ETH_ALEN); 1601 cmd.reasoncode = cpu_to_le16(reason); 1602 1603 ret = lbs_cmd_with_response(priv, CMD_802_11_DEAUTHENTICATE, &cmd); 1604 if (ret) 1605 return ret; 1606 1607 cfg80211_disconnected(priv->dev, 1608 reason, 1609 NULL, 0, true, 1610 GFP_KERNEL); 1611 priv->connect_status = LBS_DISCONNECTED; 1612 1613 return 0; 1614 } 1615 1616 static int lbs_cfg_disconnect(struct wiphy *wiphy, struct net_device *dev, 1617 u16 reason_code) 1618 { 1619 struct lbs_private *priv = wiphy_priv(wiphy); 1620 1621 if (dev == priv->mesh_dev) 1622 return -EOPNOTSUPP; 1623 1624 lbs_deb_enter_args(LBS_DEB_CFG80211, "reason_code %d", reason_code); 1625 1626 /* store for lbs_cfg_ret_disconnect() */ 1627 priv->disassoc_reason = reason_code; 1628 1629 return lbs_disconnect(priv, reason_code); 1630 } 1631 1632 static int lbs_cfg_set_default_key(struct wiphy *wiphy, 1633 struct net_device *netdev, 1634 u8 key_index, bool unicast, 1635 bool multicast) 1636 { 1637 struct lbs_private *priv = wiphy_priv(wiphy); 1638 1639 if (netdev == priv->mesh_dev) 1640 return -EOPNOTSUPP; 1641 1642 lbs_deb_enter(LBS_DEB_CFG80211); 1643 1644 if (key_index != priv->wep_tx_key) { 1645 lbs_deb_assoc("set_default_key: to %d\n", key_index); 1646 priv->wep_tx_key = key_index; 1647 lbs_set_wep_keys(priv); 1648 } 1649 1650 return 0; 1651 } 1652 1653 1654 static int lbs_cfg_add_key(struct wiphy *wiphy, struct net_device *netdev, 1655 u8 idx, bool pairwise, const u8 *mac_addr, 1656 struct key_params *params) 1657 { 1658 struct lbs_private *priv = wiphy_priv(wiphy); 1659 u16 key_info; 1660 u16 key_type; 1661 int ret = 0; 1662 1663 if (netdev == priv->mesh_dev) 1664 return -EOPNOTSUPP; 1665 1666 lbs_deb_enter(LBS_DEB_CFG80211); 1667 1668 lbs_deb_assoc("add_key: cipher 0x%x, mac_addr %pM\n", 1669 params->cipher, mac_addr); 1670 lbs_deb_assoc("add_key: key index %d, key len %d\n", 1671 idx, params->key_len); 1672 if (params->key_len) 1673 lbs_deb_hex(LBS_DEB_CFG80211, "KEY", 1674 params->key, params->key_len); 1675 1676 lbs_deb_assoc("add_key: seq len %d\n", params->seq_len); 1677 if (params->seq_len) 1678 lbs_deb_hex(LBS_DEB_CFG80211, "SEQ", 1679 params->seq, params->seq_len); 1680 1681 switch (params->cipher) { 1682 case WLAN_CIPHER_SUITE_WEP40: 1683 case WLAN_CIPHER_SUITE_WEP104: 1684 /* actually compare if something has changed ... */ 1685 if ((priv->wep_key_len[idx] != params->key_len) || 1686 memcmp(priv->wep_key[idx], 1687 params->key, params->key_len) != 0) { 1688 priv->wep_key_len[idx] = params->key_len; 1689 memcpy(priv->wep_key[idx], 1690 params->key, params->key_len); 1691 lbs_set_wep_keys(priv); 1692 } 1693 break; 1694 case WLAN_CIPHER_SUITE_TKIP: 1695 case WLAN_CIPHER_SUITE_CCMP: 1696 key_info = KEY_INFO_WPA_ENABLED | ((idx == 0) 1697 ? KEY_INFO_WPA_UNICAST 1698 : KEY_INFO_WPA_MCAST); 1699 key_type = (params->cipher == WLAN_CIPHER_SUITE_TKIP) 1700 ? KEY_TYPE_ID_TKIP 1701 : KEY_TYPE_ID_AES; 1702 lbs_set_key_material(priv, 1703 key_type, 1704 key_info, 1705 params->key, params->key_len); 1706 break; 1707 default: 1708 wiphy_err(wiphy, "unhandled cipher 0x%x\n", params->cipher); 1709 ret = -ENOTSUPP; 1710 break; 1711 } 1712 1713 return ret; 1714 } 1715 1716 1717 static int lbs_cfg_del_key(struct wiphy *wiphy, struct net_device *netdev, 1718 u8 key_index, bool pairwise, const u8 *mac_addr) 1719 { 1720 1721 lbs_deb_enter(LBS_DEB_CFG80211); 1722 1723 lbs_deb_assoc("del_key: key_idx %d, mac_addr %pM\n", 1724 key_index, mac_addr); 1725 1726 #ifdef TODO 1727 struct lbs_private *priv = wiphy_priv(wiphy); 1728 /* 1729 * I think can keep this a NO-OP, because: 1730 1731 * - we clear all keys whenever we do lbs_cfg_connect() anyway 1732 * - neither "iw" nor "wpa_supplicant" won't call this during 1733 * an ongoing connection 1734 * - TODO: but I have to check if this is still true when 1735 * I set the AP to periodic re-keying 1736 * - we've not kzallec() something when we've added a key at 1737 * lbs_cfg_connect() or lbs_cfg_add_key(). 1738 * 1739 * This causes lbs_cfg_del_key() only called at disconnect time, 1740 * where we'd just waste time deleting a key that is not going 1741 * to be used anyway. 1742 */ 1743 if (key_index < 3 && priv->wep_key_len[key_index]) { 1744 priv->wep_key_len[key_index] = 0; 1745 lbs_set_wep_keys(priv); 1746 } 1747 #endif 1748 1749 return 0; 1750 } 1751 1752 1753 /* 1754 * Get station 1755 */ 1756 1757 static int lbs_cfg_get_station(struct wiphy *wiphy, struct net_device *dev, 1758 const u8 *mac, struct station_info *sinfo) 1759 { 1760 struct lbs_private *priv = wiphy_priv(wiphy); 1761 s8 signal, noise; 1762 int ret; 1763 size_t i; 1764 1765 lbs_deb_enter(LBS_DEB_CFG80211); 1766 1767 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BYTES) | 1768 BIT(NL80211_STA_INFO_TX_PACKETS) | 1769 BIT(NL80211_STA_INFO_RX_BYTES) | 1770 BIT(NL80211_STA_INFO_RX_PACKETS); 1771 sinfo->tx_bytes = priv->dev->stats.tx_bytes; 1772 sinfo->tx_packets = priv->dev->stats.tx_packets; 1773 sinfo->rx_bytes = priv->dev->stats.rx_bytes; 1774 sinfo->rx_packets = priv->dev->stats.rx_packets; 1775 1776 /* Get current RSSI */ 1777 ret = lbs_get_rssi(priv, &signal, &noise); 1778 if (ret == 0) { 1779 sinfo->signal = signal; 1780 sinfo->filled |= BIT(NL80211_STA_INFO_SIGNAL); 1781 } 1782 1783 /* Convert priv->cur_rate from hw_value to NL80211 value */ 1784 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) { 1785 if (priv->cur_rate == lbs_rates[i].hw_value) { 1786 sinfo->txrate.legacy = lbs_rates[i].bitrate; 1787 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BITRATE); 1788 break; 1789 } 1790 } 1791 1792 return 0; 1793 } 1794 1795 1796 1797 1798 /* 1799 * Change interface 1800 */ 1801 1802 static int lbs_change_intf(struct wiphy *wiphy, struct net_device *dev, 1803 enum nl80211_iftype type, u32 *flags, 1804 struct vif_params *params) 1805 { 1806 struct lbs_private *priv = wiphy_priv(wiphy); 1807 int ret = 0; 1808 1809 if (dev == priv->mesh_dev) 1810 return -EOPNOTSUPP; 1811 1812 switch (type) { 1813 case NL80211_IFTYPE_MONITOR: 1814 case NL80211_IFTYPE_STATION: 1815 case NL80211_IFTYPE_ADHOC: 1816 break; 1817 default: 1818 return -EOPNOTSUPP; 1819 } 1820 1821 lbs_deb_enter(LBS_DEB_CFG80211); 1822 1823 if (priv->iface_running) 1824 ret = lbs_set_iface_type(priv, type); 1825 1826 if (!ret) 1827 priv->wdev->iftype = type; 1828 1829 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 1830 return ret; 1831 } 1832 1833 1834 1835 /* 1836 * IBSS (Ad-Hoc) 1837 */ 1838 1839 /* 1840 * The firmware needs the following bits masked out of the beacon-derived 1841 * capability field when associating/joining to a BSS: 1842 * 9 (QoS), 11 (APSD), 12 (unused), 14 (unused), 15 (unused) 1843 */ 1844 #define CAPINFO_MASK (~(0xda00)) 1845 1846 1847 static void lbs_join_post(struct lbs_private *priv, 1848 struct cfg80211_ibss_params *params, 1849 u8 *bssid, u16 capability) 1850 { 1851 u8 fake_ie[2 + IEEE80211_MAX_SSID_LEN + /* ssid */ 1852 2 + 4 + /* basic rates */ 1853 2 + 1 + /* DS parameter */ 1854 2 + 2 + /* atim */ 1855 2 + 8]; /* extended rates */ 1856 u8 *fake = fake_ie; 1857 struct cfg80211_bss *bss; 1858 1859 lbs_deb_enter(LBS_DEB_CFG80211); 1860 1861 /* 1862 * For cfg80211_inform_bss, we'll need a fake IE, as we can't get 1863 * the real IE from the firmware. So we fabricate a fake IE based on 1864 * what the firmware actually sends (sniffed with wireshark). 1865 */ 1866 /* Fake SSID IE */ 1867 *fake++ = WLAN_EID_SSID; 1868 *fake++ = params->ssid_len; 1869 memcpy(fake, params->ssid, params->ssid_len); 1870 fake += params->ssid_len; 1871 /* Fake supported basic rates IE */ 1872 *fake++ = WLAN_EID_SUPP_RATES; 1873 *fake++ = 4; 1874 *fake++ = 0x82; 1875 *fake++ = 0x84; 1876 *fake++ = 0x8b; 1877 *fake++ = 0x96; 1878 /* Fake DS channel IE */ 1879 *fake++ = WLAN_EID_DS_PARAMS; 1880 *fake++ = 1; 1881 *fake++ = params->chandef.chan->hw_value; 1882 /* Fake IBSS params IE */ 1883 *fake++ = WLAN_EID_IBSS_PARAMS; 1884 *fake++ = 2; 1885 *fake++ = 0; /* ATIM=0 */ 1886 *fake++ = 0; 1887 /* Fake extended rates IE, TODO: don't add this for 802.11b only, 1888 * but I don't know how this could be checked */ 1889 *fake++ = WLAN_EID_EXT_SUPP_RATES; 1890 *fake++ = 8; 1891 *fake++ = 0x0c; 1892 *fake++ = 0x12; 1893 *fake++ = 0x18; 1894 *fake++ = 0x24; 1895 *fake++ = 0x30; 1896 *fake++ = 0x48; 1897 *fake++ = 0x60; 1898 *fake++ = 0x6c; 1899 lbs_deb_hex(LBS_DEB_CFG80211, "IE", fake_ie, fake - fake_ie); 1900 1901 bss = cfg80211_inform_bss(priv->wdev->wiphy, 1902 params->chandef.chan, 1903 CFG80211_BSS_FTYPE_UNKNOWN, 1904 bssid, 1905 0, 1906 capability, 1907 params->beacon_interval, 1908 fake_ie, fake - fake_ie, 1909 0, GFP_KERNEL); 1910 cfg80211_put_bss(priv->wdev->wiphy, bss); 1911 1912 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len); 1913 priv->wdev->ssid_len = params->ssid_len; 1914 1915 cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan, 1916 GFP_KERNEL); 1917 1918 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */ 1919 priv->connect_status = LBS_CONNECTED; 1920 netif_carrier_on(priv->dev); 1921 if (!priv->tx_pending_len) 1922 netif_wake_queue(priv->dev); 1923 1924 lbs_deb_leave(LBS_DEB_CFG80211); 1925 } 1926 1927 static int lbs_ibss_join_existing(struct lbs_private *priv, 1928 struct cfg80211_ibss_params *params, 1929 struct cfg80211_bss *bss) 1930 { 1931 const u8 *rates_eid; 1932 struct cmd_ds_802_11_ad_hoc_join cmd; 1933 u8 preamble = RADIO_PREAMBLE_SHORT; 1934 int ret = 0; 1935 1936 lbs_deb_enter(LBS_DEB_CFG80211); 1937 1938 /* TODO: set preamble based on scan result */ 1939 ret = lbs_set_radio(priv, preamble, 1); 1940 if (ret) 1941 goto out; 1942 1943 /* 1944 * Example CMD_802_11_AD_HOC_JOIN command: 1945 * 1946 * command 2c 00 CMD_802_11_AD_HOC_JOIN 1947 * size 65 00 1948 * sequence xx xx 1949 * result 00 00 1950 * bssid 02 27 27 97 2f 96 1951 * ssid 49 42 53 53 00 00 00 00 1952 * 00 00 00 00 00 00 00 00 1953 * 00 00 00 00 00 00 00 00 1954 * 00 00 00 00 00 00 00 00 1955 * type 02 CMD_BSS_TYPE_IBSS 1956 * beacon period 64 00 1957 * dtim period 00 1958 * timestamp 00 00 00 00 00 00 00 00 1959 * localtime 00 00 00 00 00 00 00 00 1960 * IE DS 03 1961 * IE DS len 01 1962 * IE DS channel 01 1963 * reserveed 00 00 00 00 1964 * IE IBSS 06 1965 * IE IBSS len 02 1966 * IE IBSS atim 00 00 1967 * reserved 00 00 00 00 1968 * capability 02 00 1969 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 00 1970 * fail timeout ff 00 1971 * probe delay 00 00 1972 */ 1973 memset(&cmd, 0, sizeof(cmd)); 1974 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1975 1976 memcpy(cmd.bss.bssid, bss->bssid, ETH_ALEN); 1977 memcpy(cmd.bss.ssid, params->ssid, params->ssid_len); 1978 cmd.bss.type = CMD_BSS_TYPE_IBSS; 1979 cmd.bss.beaconperiod = cpu_to_le16(params->beacon_interval); 1980 cmd.bss.ds.header.id = WLAN_EID_DS_PARAMS; 1981 cmd.bss.ds.header.len = 1; 1982 cmd.bss.ds.channel = params->chandef.chan->hw_value; 1983 cmd.bss.ibss.header.id = WLAN_EID_IBSS_PARAMS; 1984 cmd.bss.ibss.header.len = 2; 1985 cmd.bss.ibss.atimwindow = 0; 1986 cmd.bss.capability = cpu_to_le16(bss->capability & CAPINFO_MASK); 1987 1988 /* set rates to the intersection of our rates and the rates in the 1989 bss */ 1990 rcu_read_lock(); 1991 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1992 if (!rates_eid) { 1993 lbs_add_rates(cmd.bss.rates); 1994 } else { 1995 int hw, i; 1996 u8 rates_max = rates_eid[1]; 1997 u8 *rates = cmd.bss.rates; 1998 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { 1999 u8 hw_rate = lbs_rates[hw].bitrate / 5; 2000 for (i = 0; i < rates_max; i++) { 2001 if (hw_rate == (rates_eid[i+2] & 0x7f)) { 2002 u8 rate = rates_eid[i+2]; 2003 if (rate == 0x02 || rate == 0x04 || 2004 rate == 0x0b || rate == 0x16) 2005 rate |= 0x80; 2006 *rates++ = rate; 2007 } 2008 } 2009 } 2010 } 2011 rcu_read_unlock(); 2012 2013 /* Only v8 and below support setting this */ 2014 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) { 2015 cmd.failtimeout = cpu_to_le16(MRVDRV_ASSOCIATION_TIME_OUT); 2016 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 2017 } 2018 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_JOIN, &cmd); 2019 if (ret) 2020 goto out; 2021 2022 /* 2023 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 2024 * 2025 * response 2c 80 2026 * size 09 00 2027 * sequence xx xx 2028 * result 00 00 2029 * reserved 00 2030 */ 2031 lbs_join_post(priv, params, bss->bssid, bss->capability); 2032 2033 out: 2034 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2035 return ret; 2036 } 2037 2038 2039 2040 static int lbs_ibss_start_new(struct lbs_private *priv, 2041 struct cfg80211_ibss_params *params) 2042 { 2043 struct cmd_ds_802_11_ad_hoc_start cmd; 2044 struct cmd_ds_802_11_ad_hoc_result *resp = 2045 (struct cmd_ds_802_11_ad_hoc_result *) &cmd; 2046 u8 preamble = RADIO_PREAMBLE_SHORT; 2047 int ret = 0; 2048 u16 capability; 2049 2050 lbs_deb_enter(LBS_DEB_CFG80211); 2051 2052 ret = lbs_set_radio(priv, preamble, 1); 2053 if (ret) 2054 goto out; 2055 2056 /* 2057 * Example CMD_802_11_AD_HOC_START command: 2058 * 2059 * command 2b 00 CMD_802_11_AD_HOC_START 2060 * size b1 00 2061 * sequence xx xx 2062 * result 00 00 2063 * ssid 54 45 53 54 00 00 00 00 2064 * 00 00 00 00 00 00 00 00 2065 * 00 00 00 00 00 00 00 00 2066 * 00 00 00 00 00 00 00 00 2067 * bss type 02 2068 * beacon period 64 00 2069 * dtim period 00 2070 * IE IBSS 06 2071 * IE IBSS len 02 2072 * IE IBSS atim 00 00 2073 * reserved 00 00 00 00 2074 * IE DS 03 2075 * IE DS len 01 2076 * IE DS channel 01 2077 * reserved 00 00 00 00 2078 * probe delay 00 00 2079 * capability 02 00 2080 * rates 82 84 8b 96 (basic rates with have bit 7 set) 2081 * 0c 12 18 24 30 48 60 6c 2082 * padding 100 bytes 2083 */ 2084 memset(&cmd, 0, sizeof(cmd)); 2085 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 2086 memcpy(cmd.ssid, params->ssid, params->ssid_len); 2087 cmd.bsstype = CMD_BSS_TYPE_IBSS; 2088 cmd.beaconperiod = cpu_to_le16(params->beacon_interval); 2089 cmd.ibss.header.id = WLAN_EID_IBSS_PARAMS; 2090 cmd.ibss.header.len = 2; 2091 cmd.ibss.atimwindow = 0; 2092 cmd.ds.header.id = WLAN_EID_DS_PARAMS; 2093 cmd.ds.header.len = 1; 2094 cmd.ds.channel = params->chandef.chan->hw_value; 2095 /* Only v8 and below support setting probe delay */ 2096 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) 2097 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME); 2098 /* TODO: mix in WLAN_CAPABILITY_PRIVACY */ 2099 capability = WLAN_CAPABILITY_IBSS; 2100 cmd.capability = cpu_to_le16(capability); 2101 lbs_add_rates(cmd.rates); 2102 2103 2104 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_START, &cmd); 2105 if (ret) 2106 goto out; 2107 2108 /* 2109 * This is a sample response to CMD_802_11_AD_HOC_JOIN: 2110 * 2111 * response 2b 80 2112 * size 14 00 2113 * sequence xx xx 2114 * result 00 00 2115 * reserved 00 2116 * bssid 02 2b 7b 0f 86 0e 2117 */ 2118 lbs_join_post(priv, params, resp->bssid, capability); 2119 2120 out: 2121 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2122 return ret; 2123 } 2124 2125 2126 static int lbs_join_ibss(struct wiphy *wiphy, struct net_device *dev, 2127 struct cfg80211_ibss_params *params) 2128 { 2129 struct lbs_private *priv = wiphy_priv(wiphy); 2130 int ret = 0; 2131 struct cfg80211_bss *bss; 2132 2133 if (dev == priv->mesh_dev) 2134 return -EOPNOTSUPP; 2135 2136 lbs_deb_enter(LBS_DEB_CFG80211); 2137 2138 if (!params->chandef.chan) { 2139 ret = -ENOTSUPP; 2140 goto out; 2141 } 2142 2143 ret = lbs_set_channel(priv, params->chandef.chan->hw_value); 2144 if (ret) 2145 goto out; 2146 2147 /* Search if someone is beaconing. This assumes that the 2148 * bss list is populated already */ 2149 bss = cfg80211_get_bss(wiphy, params->chandef.chan, params->bssid, 2150 params->ssid, params->ssid_len, 2151 IEEE80211_BSS_TYPE_IBSS, IEEE80211_PRIVACY_ANY); 2152 2153 if (bss) { 2154 ret = lbs_ibss_join_existing(priv, params, bss); 2155 cfg80211_put_bss(wiphy, bss); 2156 } else 2157 ret = lbs_ibss_start_new(priv, params); 2158 2159 2160 out: 2161 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2162 return ret; 2163 } 2164 2165 2166 static int lbs_leave_ibss(struct wiphy *wiphy, struct net_device *dev) 2167 { 2168 struct lbs_private *priv = wiphy_priv(wiphy); 2169 struct cmd_ds_802_11_ad_hoc_stop cmd; 2170 int ret = 0; 2171 2172 if (dev == priv->mesh_dev) 2173 return -EOPNOTSUPP; 2174 2175 lbs_deb_enter(LBS_DEB_CFG80211); 2176 2177 memset(&cmd, 0, sizeof(cmd)); 2178 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 2179 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_STOP, &cmd); 2180 2181 /* TODO: consider doing this at MACREG_INT_CODE_ADHOC_BCN_LOST time */ 2182 lbs_mac_event_disconnected(priv, true); 2183 2184 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2185 return ret; 2186 } 2187 2188 2189 2190 2191 /* 2192 * Initialization 2193 */ 2194 2195 static struct cfg80211_ops lbs_cfg80211_ops = { 2196 .set_monitor_channel = lbs_cfg_set_monitor_channel, 2197 .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel, 2198 .scan = lbs_cfg_scan, 2199 .connect = lbs_cfg_connect, 2200 .disconnect = lbs_cfg_disconnect, 2201 .add_key = lbs_cfg_add_key, 2202 .del_key = lbs_cfg_del_key, 2203 .set_default_key = lbs_cfg_set_default_key, 2204 .get_station = lbs_cfg_get_station, 2205 .change_virtual_intf = lbs_change_intf, 2206 .join_ibss = lbs_join_ibss, 2207 .leave_ibss = lbs_leave_ibss, 2208 }; 2209 2210 2211 /* 2212 * At this time lbs_private *priv doesn't even exist, so we just allocate 2213 * memory and don't initialize the wiphy further. This is postponed until we 2214 * can talk to the firmware and happens at registration time in 2215 * lbs_cfg_wiphy_register(). 2216 */ 2217 struct wireless_dev *lbs_cfg_alloc(struct device *dev) 2218 { 2219 int ret = 0; 2220 struct wireless_dev *wdev; 2221 2222 lbs_deb_enter(LBS_DEB_CFG80211); 2223 2224 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 2225 if (!wdev) 2226 return ERR_PTR(-ENOMEM); 2227 2228 wdev->wiphy = wiphy_new(&lbs_cfg80211_ops, sizeof(struct lbs_private)); 2229 if (!wdev->wiphy) { 2230 dev_err(dev, "cannot allocate wiphy\n"); 2231 ret = -ENOMEM; 2232 goto err_wiphy_new; 2233 } 2234 2235 lbs_deb_leave(LBS_DEB_CFG80211); 2236 return wdev; 2237 2238 err_wiphy_new: 2239 kfree(wdev); 2240 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2241 return ERR_PTR(ret); 2242 } 2243 2244 2245 static void lbs_cfg_set_regulatory_hint(struct lbs_private *priv) 2246 { 2247 struct region_code_mapping { 2248 const char *cn; 2249 int code; 2250 }; 2251 2252 /* Section 5.17.2 */ 2253 static const struct region_code_mapping regmap[] = { 2254 {"US ", 0x10}, /* US FCC */ 2255 {"CA ", 0x20}, /* Canada */ 2256 {"EU ", 0x30}, /* ETSI */ 2257 {"ES ", 0x31}, /* Spain */ 2258 {"FR ", 0x32}, /* France */ 2259 {"JP ", 0x40}, /* Japan */ 2260 }; 2261 size_t i; 2262 2263 lbs_deb_enter(LBS_DEB_CFG80211); 2264 2265 for (i = 0; i < ARRAY_SIZE(regmap); i++) 2266 if (regmap[i].code == priv->regioncode) { 2267 regulatory_hint(priv->wdev->wiphy, regmap[i].cn); 2268 break; 2269 } 2270 2271 lbs_deb_leave(LBS_DEB_CFG80211); 2272 } 2273 2274 static void lbs_reg_notifier(struct wiphy *wiphy, 2275 struct regulatory_request *request) 2276 { 2277 struct lbs_private *priv = wiphy_priv(wiphy); 2278 2279 lbs_deb_enter_args(LBS_DEB_CFG80211, "cfg80211 regulatory domain " 2280 "callback for domain %c%c\n", request->alpha2[0], 2281 request->alpha2[1]); 2282 2283 memcpy(priv->country_code, request->alpha2, sizeof(request->alpha2)); 2284 if (lbs_iface_active(priv)) 2285 lbs_set_11d_domain_info(priv); 2286 2287 lbs_deb_leave(LBS_DEB_CFG80211); 2288 } 2289 2290 /* 2291 * This function get's called after lbs_setup_firmware() determined the 2292 * firmware capabities. So we can setup the wiphy according to our 2293 * hardware/firmware. 2294 */ 2295 int lbs_cfg_register(struct lbs_private *priv) 2296 { 2297 struct wireless_dev *wdev = priv->wdev; 2298 int ret; 2299 2300 lbs_deb_enter(LBS_DEB_CFG80211); 2301 2302 wdev->wiphy->max_scan_ssids = 1; 2303 wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; 2304 2305 wdev->wiphy->interface_modes = 2306 BIT(NL80211_IFTYPE_STATION) | 2307 BIT(NL80211_IFTYPE_ADHOC); 2308 if (lbs_rtap_supported(priv)) 2309 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR); 2310 if (lbs_mesh_activated(priv)) 2311 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MESH_POINT); 2312 2313 wdev->wiphy->bands[IEEE80211_BAND_2GHZ] = &lbs_band_2ghz; 2314 2315 /* 2316 * We could check priv->fwcapinfo && FW_CAPINFO_WPA, but I have 2317 * never seen a firmware without WPA 2318 */ 2319 wdev->wiphy->cipher_suites = cipher_suites; 2320 wdev->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites); 2321 wdev->wiphy->reg_notifier = lbs_reg_notifier; 2322 2323 ret = wiphy_register(wdev->wiphy); 2324 if (ret < 0) 2325 pr_err("cannot register wiphy device\n"); 2326 2327 priv->wiphy_registered = true; 2328 2329 ret = register_netdev(priv->dev); 2330 if (ret) 2331 pr_err("cannot register network device\n"); 2332 2333 INIT_DELAYED_WORK(&priv->scan_work, lbs_scan_worker); 2334 2335 lbs_cfg_set_regulatory_hint(priv); 2336 2337 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret); 2338 return ret; 2339 } 2340 2341 void lbs_scan_deinit(struct lbs_private *priv) 2342 { 2343 lbs_deb_enter(LBS_DEB_CFG80211); 2344 cancel_delayed_work_sync(&priv->scan_work); 2345 } 2346 2347 2348 void lbs_cfg_free(struct lbs_private *priv) 2349 { 2350 struct wireless_dev *wdev = priv->wdev; 2351 2352 lbs_deb_enter(LBS_DEB_CFG80211); 2353 2354 if (!wdev) 2355 return; 2356 2357 if (priv->wiphy_registered) 2358 wiphy_unregister(wdev->wiphy); 2359 2360 if (wdev->wiphy) 2361 wiphy_free(wdev->wiphy); 2362 2363 kfree(wdev); 2364 } 2365 2366 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cfg.o.c.prepared" 2367 2368 int ldv_bind_18(void); 2369 int ldv_retval_1; 2370 int ldv_release_18(void); 2371 2372 2373 void ldv_initialyze_cfg80211_ops_18(void){ 2374 lbs_cfg80211_ops_group0 = ldv_undef_ptr(); 2375 lbs_cfg80211_ops_group1 = ldv_undef_ptr(); 2376 } 2377 2378 void ldv_main_exported_18(void){ 2379 struct station_info *ldvarg28; 2380 u8 const *ldvarg34; 2381 u16 ldvarg19; 2382 u8 const *ldvarg22; 2383 u8 ldvarg25; 2384 u8 ldvarg21; 2385 u8 ldvarg33; 2386 struct cfg80211_chan_def *ldvarg30; 2387 struct cfg80211_connect_params *ldvarg38; 2388 u32 *ldvarg35; 2389 struct cfg80211_scan_request *ldvarg27; 2390 bool ldvarg26; 2391 bool ldvarg24; 2392 u8 const *ldvarg29; 2393 enum nl80211_iftype ldvarg36; 2394 struct vif_params *ldvarg37; 2395 struct ieee80211_channel *ldvarg23; 2396 bool ldvarg20; 2397 struct key_params *ldvarg31; 2398 bool ldvarg32; 2399 struct cfg80211_ibss_params *ldvarg18; 2400 /*DEG-struct: handlers from structure lbs_cfg80211_ops*/ 2401 switch(__VERIFIER_nondet_int()){ 2402 case 0:{ 2403 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2404 if(ldv_state_variable_18 == 2){ 2405 /*DEG-CALL: handler connect from lbs_cfg80211_ops*/ 2406 ldv_retval_1=(& lbs_cfg_connect)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg38); 2407 /*DEG-postcall: if success*/ 2408 if(ldv_retval_1==0){ 2409 ldv_state_variable_18 = 3; 2410 } 2411 } 2412 } 2413 break; 2414 case 1:{ 2415 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2416 if(ldv_state_variable_18 == 1){ 2417 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/ 2418 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37); 2419 /*DEG-postcall: default*/ 2420 ldv_state_variable_18 = 1; 2421 } 2422 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2423 if(ldv_state_variable_18 == 3){ 2424 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/ 2425 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37); 2426 /*DEG-postcall: default*/ 2427 ldv_state_variable_18 = 3; 2428 } 2429 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2430 if(ldv_state_variable_18 == 2){ 2431 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/ 2432 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37); 2433 /*DEG-postcall: default*/ 2434 ldv_state_variable_18 = 2; 2435 } 2436 } 2437 break; 2438 case 2:{ 2439 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2440 if(ldv_state_variable_18 == 1){ 2441 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/ 2442 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31); 2443 /*DEG-postcall: default*/ 2444 ldv_state_variable_18 = 1; 2445 } 2446 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2447 if(ldv_state_variable_18 == 3){ 2448 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/ 2449 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31); 2450 /*DEG-postcall: default*/ 2451 ldv_state_variable_18 = 3; 2452 } 2453 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2454 if(ldv_state_variable_18 == 2){ 2455 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/ 2456 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31); 2457 /*DEG-postcall: default*/ 2458 ldv_state_variable_18 = 2; 2459 } 2460 } 2461 break; 2462 case 3:{ 2463 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2464 if(ldv_state_variable_18 == 1){ 2465 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/ 2466 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30); 2467 /*DEG-postcall: default*/ 2468 ldv_state_variable_18 = 1; 2469 } 2470 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2471 if(ldv_state_variable_18 == 3){ 2472 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/ 2473 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30); 2474 /*DEG-postcall: default*/ 2475 ldv_state_variable_18 = 3; 2476 } 2477 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2478 if(ldv_state_variable_18 == 2){ 2479 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/ 2480 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30); 2481 /*DEG-postcall: default*/ 2482 ldv_state_variable_18 = 2; 2483 } 2484 } 2485 break; 2486 case 4:{ 2487 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2488 if(ldv_state_variable_18 == 1){ 2489 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/ 2490 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28); 2491 /*DEG-postcall: default*/ 2492 ldv_state_variable_18 = 1; 2493 } 2494 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2495 if(ldv_state_variable_18 == 3){ 2496 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/ 2497 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28); 2498 /*DEG-postcall: default*/ 2499 ldv_state_variable_18 = 3; 2500 } 2501 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2502 if(ldv_state_variable_18 == 2){ 2503 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/ 2504 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28); 2505 /*DEG-postcall: default*/ 2506 ldv_state_variable_18 = 2; 2507 } 2508 } 2509 break; 2510 case 5:{ 2511 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2512 if(ldv_state_variable_18 == 1){ 2513 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/ 2514 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0); 2515 /*DEG-postcall: default*/ 2516 ldv_state_variable_18 = 1; 2517 } 2518 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2519 if(ldv_state_variable_18 == 3){ 2520 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/ 2521 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0); 2522 /*DEG-postcall: default*/ 2523 ldv_state_variable_18 = 3; 2524 } 2525 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2526 if(ldv_state_variable_18 == 2){ 2527 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/ 2528 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0); 2529 /*DEG-postcall: default*/ 2530 ldv_state_variable_18 = 2; 2531 } 2532 } 2533 break; 2534 case 6:{ 2535 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2536 if(ldv_state_variable_18 == 1){ 2537 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/ 2538 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27); 2539 /*DEG-postcall: default*/ 2540 ldv_state_variable_18 = 1; 2541 } 2542 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2543 if(ldv_state_variable_18 == 3){ 2544 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/ 2545 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27); 2546 /*DEG-postcall: default*/ 2547 ldv_state_variable_18 = 3; 2548 } 2549 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2550 if(ldv_state_variable_18 == 2){ 2551 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/ 2552 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27); 2553 /*DEG-postcall: default*/ 2554 ldv_state_variable_18 = 2; 2555 } 2556 } 2557 break; 2558 case 7:{ 2559 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2560 if(ldv_state_variable_18 == 1){ 2561 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/ 2562 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26); 2563 /*DEG-postcall: default*/ 2564 ldv_state_variable_18 = 1; 2565 } 2566 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2567 if(ldv_state_variable_18 == 3){ 2568 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/ 2569 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26); 2570 /*DEG-postcall: default*/ 2571 ldv_state_variable_18 = 3; 2572 } 2573 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2574 if(ldv_state_variable_18 == 2){ 2575 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/ 2576 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26); 2577 /*DEG-postcall: default*/ 2578 ldv_state_variable_18 = 2; 2579 } 2580 } 2581 break; 2582 case 8:{ 2583 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2584 if(ldv_state_variable_18 == 1){ 2585 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/ 2586 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23); 2587 /*DEG-postcall: default*/ 2588 ldv_state_variable_18 = 1; 2589 } 2590 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2591 if(ldv_state_variable_18 == 3){ 2592 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/ 2593 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23); 2594 /*DEG-postcall: default*/ 2595 ldv_state_variable_18 = 3; 2596 } 2597 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2598 if(ldv_state_variable_18 == 2){ 2599 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/ 2600 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23); 2601 /*DEG-postcall: default*/ 2602 ldv_state_variable_18 = 2; 2603 } 2604 } 2605 break; 2606 case 9:{ 2607 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2608 if(ldv_state_variable_18 == 1){ 2609 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/ 2610 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22); 2611 /*DEG-postcall: default*/ 2612 ldv_state_variable_18 = 1; 2613 } 2614 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2615 if(ldv_state_variable_18 == 3){ 2616 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/ 2617 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22); 2618 /*DEG-postcall: default*/ 2619 ldv_state_variable_18 = 3; 2620 } 2621 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2622 if(ldv_state_variable_18 == 2){ 2623 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/ 2624 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22); 2625 /*DEG-postcall: default*/ 2626 ldv_state_variable_18 = 2; 2627 } 2628 } 2629 break; 2630 case 10:{ 2631 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2632 if(ldv_state_variable_18 == 3){ 2633 /*DEG-CALL: handler disconnect from lbs_cfg80211_ops*/ 2634 (& lbs_cfg_disconnect)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg19); 2635 ldv_state_variable_18 = 2; 2636 } 2637 } 2638 break; 2639 case 11:{ 2640 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2641 if(ldv_state_variable_18 == 1){ 2642 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/ 2643 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18); 2644 /*DEG-postcall: default*/ 2645 ldv_state_variable_18 = 1; 2646 } 2647 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2648 if(ldv_state_variable_18 == 3){ 2649 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/ 2650 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18); 2651 /*DEG-postcall: default*/ 2652 ldv_state_variable_18 = 3; 2653 } 2654 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2655 if(ldv_state_variable_18 == 2){ 2656 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/ 2657 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18); 2658 /*DEG-postcall: default*/ 2659 ldv_state_variable_18 = 2; 2660 } 2661 } 2662 break; 2663 case 12:{ 2664 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2665 if(ldv_state_variable_18 == 2){ 2666 /*DEG-CALL: handler release from lbs_cfg80211_ops*/ 2667 ldv_release_18(); 2668 ldv_state_variable_18 = 1; 2669 ref_cnt--; 2670 } 2671 } 2672 break; 2673 case 13:{ 2674 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2675 if(ldv_state_variable_18 == 1){ 2676 /*DEG-CALL: handler bind from lbs_cfg80211_ops*/ 2677 ldv_bind_18(); 2678 ldv_state_variable_18 = 2; 2679 ref_cnt++; 2680 } 2681 } 2682 break; 2683 default: ldv_assume(0); 2684 } 2685 2686 };
1 /* 2 * This file contains the handling of command. 3 * It prepares command and sends it to firmware when it is ready. 4 */ 5 6 #include <linux/hardirq.h> 7 #include <linux/kfifo.h> 8 #include <linux/sched.h> 9 #include <linux/slab.h> 10 #include <linux/if_arp.h> 11 #include <linux/export.h> 12 13 #include "decl.h" 14 #include "cfg.h" 15 #include "cmd.h" 16 17 #define CAL_NF(nf) ((s32)(-(s32)(nf))) 18 #define CAL_RSSI(snr, nf) ((s32)((s32)(snr) + CAL_NF(nf))) 19 20 /** 21 * lbs_cmd_copyback - Simple callback that copies response back into command 22 * 23 * @priv: A pointer to &struct lbs_private structure 24 * @extra: A pointer to the original command structure for which 25 * 'resp' is a response 26 * @resp: A pointer to the command response 27 * 28 * returns: 0 on success, error on failure 29 */ 30 int lbs_cmd_copyback(struct lbs_private *priv, unsigned long extra, 31 struct cmd_header *resp) 32 { 33 struct cmd_header *buf = (void *)extra; 34 uint16_t copy_len; 35 36 copy_len = min(le16_to_cpu(buf->size), le16_to_cpu(resp->size)); 37 memcpy(buf, resp, copy_len); 38 return 0; 39 } 40 EXPORT_SYMBOL_GPL(lbs_cmd_copyback); 41 42 /** 43 * lbs_cmd_async_callback - Simple callback that ignores the result. 44 * Use this if you just want to send a command to the hardware, but don't 45 * care for the result. 46 * 47 * @priv: ignored 48 * @extra: ignored 49 * @resp: ignored 50 * 51 * returns: 0 for success 52 */ 53 static int lbs_cmd_async_callback(struct lbs_private *priv, unsigned long extra, 54 struct cmd_header *resp) 55 { 56 return 0; 57 } 58 59 60 /** 61 * is_command_allowed_in_ps - tests if a command is allowed in Power Save mode 62 * 63 * @cmd: the command ID 64 * 65 * returns: 1 if allowed, 0 if not allowed 66 */ 67 static u8 is_command_allowed_in_ps(u16 cmd) 68 { 69 switch (cmd) { 70 case CMD_802_11_RSSI: 71 return 1; 72 case CMD_802_11_HOST_SLEEP_CFG: 73 return 1; 74 default: 75 break; 76 } 77 return 0; 78 } 79 80 /** 81 * lbs_update_hw_spec - Updates the hardware details like MAC address 82 * and regulatory region 83 * 84 * @priv: A pointer to &struct lbs_private structure 85 * 86 * returns: 0 on success, error on failure 87 */ 88 int lbs_update_hw_spec(struct lbs_private *priv) 89 { 90 struct cmd_ds_get_hw_spec cmd; 91 int ret = -1; 92 u32 i; 93 94 lbs_deb_enter(LBS_DEB_CMD); 95 96 memset(&cmd, 0, sizeof(cmd)); 97 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 98 memcpy(cmd.permanentaddr, priv->current_addr, ETH_ALEN); 99 ret = lbs_cmd_with_response(priv, CMD_GET_HW_SPEC, &cmd); 100 if (ret) 101 goto out; 102 103 priv->fwcapinfo = le32_to_cpu(cmd.fwcapinfo); 104 105 /* The firmware release is in an interesting format: the patch 106 * level is in the most significant nibble ... so fix that: */ 107 priv->fwrelease = le32_to_cpu(cmd.fwrelease); 108 priv->fwrelease = (priv->fwrelease << 8) | 109 (priv->fwrelease >> 24 & 0xff); 110 111 /* Some firmware capabilities: 112 * CF card firmware 5.0.16p0: cap 0x00000303 113 * USB dongle firmware 5.110.17p2: cap 0x00000303 114 */ 115 netdev_info(priv->dev, "%pM, fw %u.%u.%up%u, cap 0x%08x\n", 116 cmd.permanentaddr, 117 priv->fwrelease >> 24 & 0xff, 118 priv->fwrelease >> 16 & 0xff, 119 priv->fwrelease >> 8 & 0xff, 120 priv->fwrelease & 0xff, 121 priv->fwcapinfo); 122 lbs_deb_cmd("GET_HW_SPEC: hardware interface 0x%x, hardware spec 0x%04x\n", 123 cmd.hwifversion, cmd.version); 124 125 /* Clamp region code to 8-bit since FW spec indicates that it should 126 * only ever be 8-bit, even though the field size is 16-bit. Some firmware 127 * returns non-zero high 8 bits here. 128 * 129 * Firmware version 4.0.102 used in CF8381 has region code shifted. We 130 * need to check for this problem and handle it properly. 131 */ 132 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V4) 133 priv->regioncode = (le16_to_cpu(cmd.regioncode) >> 8) & 0xFF; 134 else 135 priv->regioncode = le16_to_cpu(cmd.regioncode) & 0xFF; 136 137 for (i = 0; i < MRVDRV_MAX_REGION_CODE; i++) { 138 /* use the region code to search for the index */ 139 if (priv->regioncode == lbs_region_code_to_index[i]) 140 break; 141 } 142 143 /* if it's unidentified region code, use the default (USA) */ 144 if (i >= MRVDRV_MAX_REGION_CODE) { 145 priv->regioncode = 0x10; 146 netdev_info(priv->dev, 147 "unidentified region code; using the default (USA)\n"); 148 } 149 150 if (priv->current_addr[0] == 0xff) 151 memmove(priv->current_addr, cmd.permanentaddr, ETH_ALEN); 152 153 if (!priv->copied_hwaddr) { 154 memcpy(priv->dev->dev_addr, priv->current_addr, ETH_ALEN); 155 if (priv->mesh_dev) 156 memcpy(priv->mesh_dev->dev_addr, 157 priv->current_addr, ETH_ALEN); 158 priv->copied_hwaddr = 1; 159 } 160 161 out: 162 lbs_deb_leave(LBS_DEB_CMD); 163 return ret; 164 } 165 166 static int lbs_ret_host_sleep_cfg(struct lbs_private *priv, unsigned long dummy, 167 struct cmd_header *resp) 168 { 169 lbs_deb_enter(LBS_DEB_CMD); 170 if (priv->is_host_sleep_activated) { 171 priv->is_host_sleep_configured = 0; 172 if (priv->psstate == PS_STATE_FULL_POWER) { 173 priv->is_host_sleep_activated = 0; 174 wake_up_interruptible(&priv->host_sleep_q); 175 } 176 } else { 177 priv->is_host_sleep_configured = 1; 178 } 179 lbs_deb_leave(LBS_DEB_CMD); 180 return 0; 181 } 182 183 int lbs_host_sleep_cfg(struct lbs_private *priv, uint32_t criteria, 184 struct wol_config *p_wol_config) 185 { 186 struct cmd_ds_host_sleep cmd_config; 187 int ret; 188 189 /* 190 * Certain firmware versions do not support EHS_REMOVE_WAKEUP command 191 * and the card will return a failure. Since we need to be 192 * able to reset the mask, in those cases we set a 0 mask instead. 193 */ 194 if (criteria == EHS_REMOVE_WAKEUP && !priv->ehs_remove_supported) 195 criteria = 0; 196 197 cmd_config.hdr.size = cpu_to_le16(sizeof(cmd_config)); 198 cmd_config.criteria = cpu_to_le32(criteria); 199 cmd_config.gpio = priv->wol_gpio; 200 cmd_config.gap = priv->wol_gap; 201 202 if (p_wol_config != NULL) 203 memcpy((uint8_t *)&cmd_config.wol_conf, (uint8_t *)p_wol_config, 204 sizeof(struct wol_config)); 205 else 206 cmd_config.wol_conf.action = CMD_ACT_ACTION_NONE; 207 208 ret = __lbs_cmd(priv, CMD_802_11_HOST_SLEEP_CFG, &cmd_config.hdr, 209 le16_to_cpu(cmd_config.hdr.size), 210 lbs_ret_host_sleep_cfg, 0); 211 if (!ret) { 212 if (p_wol_config) 213 memcpy((uint8_t *) p_wol_config, 214 (uint8_t *)&cmd_config.wol_conf, 215 sizeof(struct wol_config)); 216 } else { 217 netdev_info(priv->dev, "HOST_SLEEP_CFG failed %d\n", ret); 218 } 219 220 return ret; 221 } 222 EXPORT_SYMBOL_GPL(lbs_host_sleep_cfg); 223 224 /** 225 * lbs_set_ps_mode - Sets the Power Save mode 226 * 227 * @priv: A pointer to &struct lbs_private structure 228 * @cmd_action: The Power Save operation (PS_MODE_ACTION_ENTER_PS or 229 * PS_MODE_ACTION_EXIT_PS) 230 * @block: Whether to block on a response or not 231 * 232 * returns: 0 on success, error on failure 233 */ 234 int lbs_set_ps_mode(struct lbs_private *priv, u16 cmd_action, bool block) 235 { 236 struct cmd_ds_802_11_ps_mode cmd; 237 int ret = 0; 238 239 lbs_deb_enter(LBS_DEB_CMD); 240 241 memset(&cmd, 0, sizeof(cmd)); 242 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 243 cmd.action = cpu_to_le16(cmd_action); 244 245 if (cmd_action == PS_MODE_ACTION_ENTER_PS) { 246 lbs_deb_cmd("PS_MODE: action ENTER_PS\n"); 247 cmd.multipledtim = cpu_to_le16(1); /* Default DTIM multiple */ 248 } else if (cmd_action == PS_MODE_ACTION_EXIT_PS) { 249 lbs_deb_cmd("PS_MODE: action EXIT_PS\n"); 250 } else { 251 /* We don't handle CONFIRM_SLEEP here because it needs to 252 * be fastpathed to the firmware. 253 */ 254 lbs_deb_cmd("PS_MODE: unknown action 0x%X\n", cmd_action); 255 ret = -EOPNOTSUPP; 256 goto out; 257 } 258 259 if (block) 260 ret = lbs_cmd_with_response(priv, CMD_802_11_PS_MODE, &cmd); 261 else 262 lbs_cmd_async(priv, CMD_802_11_PS_MODE, &cmd.hdr, sizeof (cmd)); 263 264 out: 265 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 266 return ret; 267 } 268 269 int lbs_cmd_802_11_sleep_params(struct lbs_private *priv, uint16_t cmd_action, 270 struct sleep_params *sp) 271 { 272 struct cmd_ds_802_11_sleep_params cmd; 273 int ret; 274 275 lbs_deb_enter(LBS_DEB_CMD); 276 277 if (cmd_action == CMD_ACT_GET) { 278 memset(&cmd, 0, sizeof(cmd)); 279 } else { 280 cmd.error = cpu_to_le16(sp->sp_error); 281 cmd.offset = cpu_to_le16(sp->sp_offset); 282 cmd.stabletime = cpu_to_le16(sp->sp_stabletime); 283 cmd.calcontrol = sp->sp_calcontrol; 284 cmd.externalsleepclk = sp->sp_extsleepclk; 285 cmd.reserved = cpu_to_le16(sp->sp_reserved); 286 } 287 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 288 cmd.action = cpu_to_le16(cmd_action); 289 290 ret = lbs_cmd_with_response(priv, CMD_802_11_SLEEP_PARAMS, &cmd); 291 292 if (!ret) { 293 lbs_deb_cmd("error 0x%x, offset 0x%x, stabletime 0x%x, " 294 "calcontrol 0x%x extsleepclk 0x%x\n", 295 le16_to_cpu(cmd.error), le16_to_cpu(cmd.offset), 296 le16_to_cpu(cmd.stabletime), cmd.calcontrol, 297 cmd.externalsleepclk); 298 299 sp->sp_error = le16_to_cpu(cmd.error); 300 sp->sp_offset = le16_to_cpu(cmd.offset); 301 sp->sp_stabletime = le16_to_cpu(cmd.stabletime); 302 sp->sp_calcontrol = cmd.calcontrol; 303 sp->sp_extsleepclk = cmd.externalsleepclk; 304 sp->sp_reserved = le16_to_cpu(cmd.reserved); 305 } 306 307 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 308 return 0; 309 } 310 311 static int lbs_wait_for_ds_awake(struct lbs_private *priv) 312 { 313 int ret = 0; 314 315 lbs_deb_enter(LBS_DEB_CMD); 316 317 if (priv->is_deep_sleep) { 318 if (!wait_event_interruptible_timeout(priv->ds_awake_q, 319 !priv->is_deep_sleep, (10 * HZ))) { 320 netdev_err(priv->dev, "ds_awake_q: timer expired\n"); 321 ret = -1; 322 } 323 } 324 325 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 326 return ret; 327 } 328 329 int lbs_set_deep_sleep(struct lbs_private *priv, int deep_sleep) 330 { 331 int ret = 0; 332 333 lbs_deb_enter(LBS_DEB_CMD); 334 335 if (deep_sleep) { 336 if (priv->is_deep_sleep != 1) { 337 lbs_deb_cmd("deep sleep: sleep\n"); 338 BUG_ON(!priv->enter_deep_sleep); 339 ret = priv->enter_deep_sleep(priv); 340 if (!ret) { 341 netif_stop_queue(priv->dev); 342 netif_carrier_off(priv->dev); 343 } 344 } else { 345 netdev_err(priv->dev, "deep sleep: already enabled\n"); 346 } 347 } else { 348 if (priv->is_deep_sleep) { 349 lbs_deb_cmd("deep sleep: wakeup\n"); 350 BUG_ON(!priv->exit_deep_sleep); 351 ret = priv->exit_deep_sleep(priv); 352 if (!ret) { 353 ret = lbs_wait_for_ds_awake(priv); 354 if (ret) 355 netdev_err(priv->dev, 356 "deep sleep: wakeup failed\n"); 357 } 358 } 359 } 360 361 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 362 return ret; 363 } 364 365 static int lbs_ret_host_sleep_activate(struct lbs_private *priv, 366 unsigned long dummy, 367 struct cmd_header *cmd) 368 { 369 lbs_deb_enter(LBS_DEB_FW); 370 priv->is_host_sleep_activated = 1; 371 wake_up_interruptible(&priv->host_sleep_q); 372 lbs_deb_leave(LBS_DEB_FW); 373 return 0; 374 } 375 376 int lbs_set_host_sleep(struct lbs_private *priv, int host_sleep) 377 { 378 struct cmd_header cmd; 379 int ret = 0; 380 uint32_t criteria = EHS_REMOVE_WAKEUP; 381 382 lbs_deb_enter(LBS_DEB_CMD); 383 384 if (host_sleep) { 385 if (priv->is_host_sleep_activated != 1) { 386 memset(&cmd, 0, sizeof(cmd)); 387 ret = lbs_host_sleep_cfg(priv, priv->wol_criteria, 388 (struct wol_config *)NULL); 389 if (ret) { 390 netdev_info(priv->dev, 391 "Host sleep configuration failed: %d\n", 392 ret); 393 return ret; 394 } 395 if (priv->psstate == PS_STATE_FULL_POWER) { 396 ret = __lbs_cmd(priv, 397 CMD_802_11_HOST_SLEEP_ACTIVATE, 398 &cmd, 399 sizeof(cmd), 400 lbs_ret_host_sleep_activate, 0); 401 if (ret) 402 netdev_info(priv->dev, 403 "HOST_SLEEP_ACTIVATE failed: %d\n", 404 ret); 405 } 406 407 if (!wait_event_interruptible_timeout( 408 priv->host_sleep_q, 409 priv->is_host_sleep_activated, 410 (10 * HZ))) { 411 netdev_err(priv->dev, 412 "host_sleep_q: timer expired\n"); 413 ret = -1; 414 } 415 } else { 416 netdev_err(priv->dev, "host sleep: already enabled\n"); 417 } 418 } else { 419 if (priv->is_host_sleep_activated) 420 ret = lbs_host_sleep_cfg(priv, criteria, 421 (struct wol_config *)NULL); 422 } 423 424 return ret; 425 } 426 427 /** 428 * lbs_set_snmp_mib - Set an SNMP MIB value 429 * 430 * @priv: A pointer to &struct lbs_private structure 431 * @oid: The OID to set in the firmware 432 * @val: Value to set the OID to 433 * 434 * returns: 0 on success, error on failure 435 */ 436 int lbs_set_snmp_mib(struct lbs_private *priv, u32 oid, u16 val) 437 { 438 struct cmd_ds_802_11_snmp_mib cmd; 439 int ret; 440 441 lbs_deb_enter(LBS_DEB_CMD); 442 443 memset(&cmd, 0, sizeof (cmd)); 444 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 445 cmd.action = cpu_to_le16(CMD_ACT_SET); 446 cmd.oid = cpu_to_le16((u16) oid); 447 448 switch (oid) { 449 case SNMP_MIB_OID_BSS_TYPE: 450 cmd.bufsize = cpu_to_le16(sizeof(u8)); 451 cmd.value[0] = val; 452 break; 453 case SNMP_MIB_OID_11D_ENABLE: 454 case SNMP_MIB_OID_FRAG_THRESHOLD: 455 case SNMP_MIB_OID_RTS_THRESHOLD: 456 case SNMP_MIB_OID_SHORT_RETRY_LIMIT: 457 case SNMP_MIB_OID_LONG_RETRY_LIMIT: 458 cmd.bufsize = cpu_to_le16(sizeof(u16)); 459 *((__le16 *)(&cmd.value)) = cpu_to_le16(val); 460 break; 461 default: 462 lbs_deb_cmd("SNMP_CMD: (set) unhandled OID 0x%x\n", oid); 463 ret = -EINVAL; 464 goto out; 465 } 466 467 lbs_deb_cmd("SNMP_CMD: (set) oid 0x%x, oid size 0x%x, value 0x%x\n", 468 le16_to_cpu(cmd.oid), le16_to_cpu(cmd.bufsize), val); 469 470 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 471 472 out: 473 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 474 return ret; 475 } 476 477 /** 478 * lbs_get_snmp_mib - Get an SNMP MIB value 479 * 480 * @priv: A pointer to &struct lbs_private structure 481 * @oid: The OID to retrieve from the firmware 482 * @out_val: Location for the returned value 483 * 484 * returns: 0 on success, error on failure 485 */ 486 int lbs_get_snmp_mib(struct lbs_private *priv, u32 oid, u16 *out_val) 487 { 488 struct cmd_ds_802_11_snmp_mib cmd; 489 int ret; 490 491 lbs_deb_enter(LBS_DEB_CMD); 492 493 memset(&cmd, 0, sizeof (cmd)); 494 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 495 cmd.action = cpu_to_le16(CMD_ACT_GET); 496 cmd.oid = cpu_to_le16(oid); 497 498 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 499 if (ret) 500 goto out; 501 502 switch (le16_to_cpu(cmd.bufsize)) { 503 case sizeof(u8): 504 *out_val = cmd.value[0]; 505 break; 506 case sizeof(u16): 507 *out_val = le16_to_cpu(*((__le16 *)(&cmd.value))); 508 break; 509 default: 510 lbs_deb_cmd("SNMP_CMD: (get) unhandled OID 0x%x size %d\n", 511 oid, le16_to_cpu(cmd.bufsize)); 512 break; 513 } 514 515 out: 516 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 517 return ret; 518 } 519 520 /** 521 * lbs_get_tx_power - Get the min, max, and current TX power 522 * 523 * @priv: A pointer to &struct lbs_private structure 524 * @curlevel: Current power level in dBm 525 * @minlevel: Minimum supported power level in dBm (optional) 526 * @maxlevel: Maximum supported power level in dBm (optional) 527 * 528 * returns: 0 on success, error on failure 529 */ 530 int lbs_get_tx_power(struct lbs_private *priv, s16 *curlevel, s16 *minlevel, 531 s16 *maxlevel) 532 { 533 struct cmd_ds_802_11_rf_tx_power cmd; 534 int ret; 535 536 lbs_deb_enter(LBS_DEB_CMD); 537 538 memset(&cmd, 0, sizeof(cmd)); 539 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 540 cmd.action = cpu_to_le16(CMD_ACT_GET); 541 542 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 543 if (ret == 0) { 544 *curlevel = le16_to_cpu(cmd.curlevel); 545 if (minlevel) 546 *minlevel = cmd.minlevel; 547 if (maxlevel) 548 *maxlevel = cmd.maxlevel; 549 } 550 551 lbs_deb_leave(LBS_DEB_CMD); 552 return ret; 553 } 554 555 /** 556 * lbs_set_tx_power - Set the TX power 557 * 558 * @priv: A pointer to &struct lbs_private structure 559 * @dbm: The desired power level in dBm 560 * 561 * returns: 0 on success, error on failure 562 */ 563 int lbs_set_tx_power(struct lbs_private *priv, s16 dbm) 564 { 565 struct cmd_ds_802_11_rf_tx_power cmd; 566 int ret; 567 568 lbs_deb_enter(LBS_DEB_CMD); 569 570 memset(&cmd, 0, sizeof(cmd)); 571 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 572 cmd.action = cpu_to_le16(CMD_ACT_SET); 573 cmd.curlevel = cpu_to_le16(dbm); 574 575 lbs_deb_cmd("SET_RF_TX_POWER: %d dBm\n", dbm); 576 577 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 578 579 lbs_deb_leave(LBS_DEB_CMD); 580 return ret; 581 } 582 583 /** 584 * lbs_set_monitor_mode - Enable or disable monitor mode 585 * (only implemented on OLPC usb8388 FW) 586 * 587 * @priv: A pointer to &struct lbs_private structure 588 * @enable: 1 to enable monitor mode, 0 to disable 589 * 590 * returns: 0 on success, error on failure 591 */ 592 int lbs_set_monitor_mode(struct lbs_private *priv, int enable) 593 { 594 struct cmd_ds_802_11_monitor_mode cmd; 595 int ret; 596 597 memset(&cmd, 0, sizeof(cmd)); 598 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 599 cmd.action = cpu_to_le16(CMD_ACT_SET); 600 if (enable) 601 cmd.mode = cpu_to_le16(0x1); 602 603 lbs_deb_cmd("SET_MONITOR_MODE: %d\n", enable); 604 605 ret = lbs_cmd_with_response(priv, CMD_802_11_MONITOR_MODE, &cmd); 606 if (ret == 0) { 607 priv->dev->type = enable ? ARPHRD_IEEE80211_RADIOTAP : 608 ARPHRD_ETHER; 609 } 610 611 lbs_deb_leave(LBS_DEB_CMD); 612 return ret; 613 } 614 615 /** 616 * lbs_get_channel - Get the radio channel 617 * 618 * @priv: A pointer to &struct lbs_private structure 619 * 620 * returns: The channel on success, error on failure 621 */ 622 static int lbs_get_channel(struct lbs_private *priv) 623 { 624 struct cmd_ds_802_11_rf_channel cmd; 625 int ret = 0; 626 627 lbs_deb_enter(LBS_DEB_CMD); 628 629 memset(&cmd, 0, sizeof(cmd)); 630 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 631 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_GET); 632 633 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 634 if (ret) 635 goto out; 636 637 ret = le16_to_cpu(cmd.channel); 638 lbs_deb_cmd("current radio channel is %d\n", ret); 639 640 out: 641 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 642 return ret; 643 } 644 645 int lbs_update_channel(struct lbs_private *priv) 646 { 647 int ret; 648 649 /* the channel in f/w could be out of sync; get the current channel */ 650 lbs_deb_enter(LBS_DEB_ASSOC); 651 652 ret = lbs_get_channel(priv); 653 if (ret > 0) { 654 priv->channel = ret; 655 ret = 0; 656 } 657 lbs_deb_leave_args(LBS_DEB_ASSOC, "ret %d", ret); 658 return ret; 659 } 660 661 /** 662 * lbs_set_channel - Set the radio channel 663 * 664 * @priv: A pointer to &struct lbs_private structure 665 * @channel: The desired channel, or 0 to clear a locked channel 666 * 667 * returns: 0 on success, error on failure 668 */ 669 int lbs_set_channel(struct lbs_private *priv, u8 channel) 670 { 671 struct cmd_ds_802_11_rf_channel cmd; 672 #ifdef DEBUG 673 u8 old_channel = priv->channel; 674 #endif 675 int ret = 0; 676 677 lbs_deb_enter(LBS_DEB_CMD); 678 679 memset(&cmd, 0, sizeof(cmd)); 680 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 681 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_SET); 682 cmd.channel = cpu_to_le16(channel); 683 684 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 685 if (ret) 686 goto out; 687 688 priv->channel = (uint8_t) le16_to_cpu(cmd.channel); 689 lbs_deb_cmd("channel switch from %d to %d\n", old_channel, 690 priv->channel); 691 692 out: 693 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 694 return ret; 695 } 696 697 /** 698 * lbs_get_rssi - Get current RSSI and noise floor 699 * 700 * @priv: A pointer to &struct lbs_private structure 701 * @rssi: On successful return, signal level in mBm 702 * @nf: On successful return, Noise floor 703 * 704 * returns: The channel on success, error on failure 705 */ 706 int lbs_get_rssi(struct lbs_private *priv, s8 *rssi, s8 *nf) 707 { 708 struct cmd_ds_802_11_rssi cmd; 709 int ret = 0; 710 711 lbs_deb_enter(LBS_DEB_CMD); 712 713 BUG_ON(rssi == NULL); 714 BUG_ON(nf == NULL); 715 716 memset(&cmd, 0, sizeof(cmd)); 717 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 718 /* Average SNR over last 8 beacons */ 719 cmd.n_or_snr = cpu_to_le16(8); 720 721 ret = lbs_cmd_with_response(priv, CMD_802_11_RSSI, &cmd); 722 if (ret == 0) { 723 *nf = CAL_NF(le16_to_cpu(cmd.nf)); 724 *rssi = CAL_RSSI(le16_to_cpu(cmd.n_or_snr), le16_to_cpu(cmd.nf)); 725 } 726 727 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 728 return ret; 729 } 730 731 /** 732 * lbs_set_11d_domain_info - Send regulatory and 802.11d domain information 733 * to the firmware 734 * 735 * @priv: pointer to &struct lbs_private 736 * 737 * returns: 0 on success, error code on failure 738 */ 739 int lbs_set_11d_domain_info(struct lbs_private *priv) 740 { 741 struct wiphy *wiphy = priv->wdev->wiphy; 742 struct ieee80211_supported_band **bands = wiphy->bands; 743 struct cmd_ds_802_11d_domain_info cmd; 744 struct mrvl_ie_domain_param_set *domain = &cmd.domain; 745 struct ieee80211_country_ie_triplet *t; 746 enum ieee80211_band band; 747 struct ieee80211_channel *ch; 748 u8 num_triplet = 0; 749 u8 num_parsed_chan = 0; 750 u8 first_channel = 0, next_chan = 0, max_pwr = 0; 751 u8 i, flag = 0; 752 size_t triplet_size; 753 int ret = 0; 754 755 lbs_deb_enter(LBS_DEB_11D); 756 if (!priv->country_code[0]) 757 goto out; 758 759 memset(&cmd, 0, sizeof(cmd)); 760 cmd.action = cpu_to_le16(CMD_ACT_SET); 761 762 lbs_deb_11d("Setting country code '%c%c'\n", 763 priv->country_code[0], priv->country_code[1]); 764 765 domain->header.type = cpu_to_le16(TLV_TYPE_DOMAIN); 766 767 /* Set country code */ 768 domain->country_code[0] = priv->country_code[0]; 769 domain->country_code[1] = priv->country_code[1]; 770 domain->country_code[2] = ' '; 771 772 /* Now set up the channel triplets; firmware is somewhat picky here 773 * and doesn't validate channel numbers and spans; hence it would 774 * interpret a triplet of (36, 4, 20) as channels 36, 37, 38, 39. Since 775 * the last 3 aren't valid channels, the driver is responsible for 776 * splitting that up into 4 triplet pairs of (36, 1, 20) + (40, 1, 20) 777 * etc. 778 */ 779 for (band = 0; 780 (band < IEEE80211_NUM_BANDS) && (num_triplet < MAX_11D_TRIPLETS); 781 band++) { 782 783 if (!bands[band]) 784 continue; 785 786 for (i = 0; 787 (i < bands[band]->n_channels) && (num_triplet < MAX_11D_TRIPLETS); 788 i++) { 789 ch = &bands[band]->channels[i]; 790 if (ch->flags & IEEE80211_CHAN_DISABLED) 791 continue; 792 793 if (!flag) { 794 flag = 1; 795 next_chan = first_channel = (u32) ch->hw_value; 796 max_pwr = ch->max_power; 797 num_parsed_chan = 1; 798 continue; 799 } 800 801 if ((ch->hw_value == next_chan + 1) && 802 (ch->max_power == max_pwr)) { 803 /* Consolidate adjacent channels */ 804 next_chan++; 805 num_parsed_chan++; 806 } else { 807 /* Add this triplet */ 808 lbs_deb_11d("11D triplet (%d, %d, %d)\n", 809 first_channel, num_parsed_chan, 810 max_pwr); 811 t = &domain->triplet[num_triplet]; 812 t->chans.first_channel = first_channel; 813 t->chans.num_channels = num_parsed_chan; 814 t->chans.max_power = max_pwr; 815 num_triplet++; 816 flag = 0; 817 } 818 } 819 820 if (flag) { 821 /* Add last triplet */ 822 lbs_deb_11d("11D triplet (%d, %d, %d)\n", first_channel, 823 num_parsed_chan, max_pwr); 824 t = &domain->triplet[num_triplet]; 825 t->chans.first_channel = first_channel; 826 t->chans.num_channels = num_parsed_chan; 827 t->chans.max_power = max_pwr; 828 num_triplet++; 829 } 830 } 831 832 lbs_deb_11d("# triplets %d\n", num_triplet); 833 834 /* Set command header sizes */ 835 triplet_size = num_triplet * sizeof(struct ieee80211_country_ie_triplet); 836 domain->header.len = cpu_to_le16(sizeof(domain->country_code) + 837 triplet_size); 838 839 lbs_deb_hex(LBS_DEB_11D, "802.11D domain param set", 840 (u8 *) &cmd.domain.country_code, 841 le16_to_cpu(domain->header.len)); 842 843 cmd.hdr.size = cpu_to_le16(sizeof(cmd.hdr) + 844 sizeof(cmd.action) + 845 sizeof(cmd.domain.header) + 846 sizeof(cmd.domain.country_code) + 847 triplet_size); 848 849 ret = lbs_cmd_with_response(priv, CMD_802_11D_DOMAIN_INFO, &cmd); 850 851 out: 852 lbs_deb_leave_args(LBS_DEB_11D, "ret %d", ret); 853 return ret; 854 } 855 856 /** 857 * lbs_get_reg - Read a MAC, Baseband, or RF register 858 * 859 * @priv: pointer to &struct lbs_private 860 * @reg: register command, one of CMD_MAC_REG_ACCESS, 861 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 862 * @offset: byte offset of the register to get 863 * @value: on success, the value of the register at 'offset' 864 * 865 * returns: 0 on success, error code on failure 866 */ 867 int lbs_get_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 *value) 868 { 869 struct cmd_ds_reg_access cmd; 870 int ret = 0; 871 872 lbs_deb_enter(LBS_DEB_CMD); 873 874 BUG_ON(value == NULL); 875 876 memset(&cmd, 0, sizeof(cmd)); 877 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 878 cmd.action = cpu_to_le16(CMD_ACT_GET); 879 cmd.offset = cpu_to_le16(offset); 880 881 if (reg != CMD_MAC_REG_ACCESS && 882 reg != CMD_BBP_REG_ACCESS && 883 reg != CMD_RF_REG_ACCESS) { 884 ret = -EINVAL; 885 goto out; 886 } 887 888 ret = lbs_cmd_with_response(priv, reg, &cmd); 889 if (!ret) { 890 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 891 *value = cmd.value.bbp_rf; 892 else if (reg == CMD_MAC_REG_ACCESS) 893 *value = le32_to_cpu(cmd.value.mac); 894 } 895 896 out: 897 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 898 return ret; 899 } 900 901 /** 902 * lbs_set_reg - Write a MAC, Baseband, or RF register 903 * 904 * @priv: pointer to &struct lbs_private 905 * @reg: register command, one of CMD_MAC_REG_ACCESS, 906 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 907 * @offset: byte offset of the register to set 908 * @value: the value to write to the register at 'offset' 909 * 910 * returns: 0 on success, error code on failure 911 */ 912 int lbs_set_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 value) 913 { 914 struct cmd_ds_reg_access cmd; 915 int ret = 0; 916 917 lbs_deb_enter(LBS_DEB_CMD); 918 919 memset(&cmd, 0, sizeof(cmd)); 920 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 921 cmd.action = cpu_to_le16(CMD_ACT_SET); 922 cmd.offset = cpu_to_le16(offset); 923 924 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 925 cmd.value.bbp_rf = (u8) (value & 0xFF); 926 else if (reg == CMD_MAC_REG_ACCESS) 927 cmd.value.mac = cpu_to_le32(value); 928 else { 929 ret = -EINVAL; 930 goto out; 931 } 932 933 ret = lbs_cmd_with_response(priv, reg, &cmd); 934 935 out: 936 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 937 return ret; 938 } 939 940 static void lbs_queue_cmd(struct lbs_private *priv, 941 struct cmd_ctrl_node *cmdnode) 942 { 943 unsigned long flags; 944 int addtail = 1; 945 946 lbs_deb_enter(LBS_DEB_HOST); 947 948 if (!cmdnode) { 949 lbs_deb_host("QUEUE_CMD: cmdnode is NULL\n"); 950 goto done; 951 } 952 if (!cmdnode->cmdbuf->size) { 953 lbs_deb_host("DNLD_CMD: cmd size is zero\n"); 954 goto done; 955 } 956 cmdnode->result = 0; 957 958 /* Exit_PS command needs to be queued in the header always. */ 959 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) { 960 struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf; 961 962 if (psm->action == cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 963 if (priv->psstate != PS_STATE_FULL_POWER) 964 addtail = 0; 965 } 966 } 967 968 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_WAKEUP_CONFIRM) 969 addtail = 0; 970 971 spin_lock_irqsave(&priv->driver_lock, flags); 972 973 if (addtail) 974 list_add_tail(&cmdnode->list, &priv->cmdpendingq); 975 else 976 list_add(&cmdnode->list, &priv->cmdpendingq); 977 978 spin_unlock_irqrestore(&priv->driver_lock, flags); 979 980 lbs_deb_host("QUEUE_CMD: inserted command 0x%04x into cmdpendingq\n", 981 le16_to_cpu(cmdnode->cmdbuf->command)); 982 983 done: 984 lbs_deb_leave(LBS_DEB_HOST); 985 } 986 987 static void lbs_submit_command(struct lbs_private *priv, 988 struct cmd_ctrl_node *cmdnode) 989 { 990 unsigned long flags; 991 struct cmd_header *cmd; 992 uint16_t cmdsize; 993 uint16_t command; 994 int timeo = 3 * HZ; 995 int ret; 996 997 lbs_deb_enter(LBS_DEB_HOST); 998 999 cmd = cmdnode->cmdbuf; 1000 1001 spin_lock_irqsave(&priv->driver_lock, flags); 1002 priv->seqnum++; 1003 cmd->seqnum = cpu_to_le16(priv->seqnum); 1004 priv->cur_cmd = cmdnode; 1005 spin_unlock_irqrestore(&priv->driver_lock, flags); 1006 1007 cmdsize = le16_to_cpu(cmd->size); 1008 command = le16_to_cpu(cmd->command); 1009 1010 /* These commands take longer */ 1011 if (command == CMD_802_11_SCAN || command == CMD_802_11_ASSOCIATE) 1012 timeo = 5 * HZ; 1013 1014 lbs_deb_cmd("DNLD_CMD: command 0x%04x, seq %d, size %d\n", 1015 command, le16_to_cpu(cmd->seqnum), cmdsize); 1016 lbs_deb_hex(LBS_DEB_CMD, "DNLD_CMD", (void *) cmdnode->cmdbuf, cmdsize); 1017 1018 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) cmd, cmdsize); 1019 1020 if (ret) { 1021 netdev_info(priv->dev, "DNLD_CMD: hw_host_to_card failed: %d\n", 1022 ret); 1023 /* Reset dnld state machine, report failure */ 1024 priv->dnld_sent = DNLD_RES_RECEIVED; 1025 lbs_complete_command(priv, cmdnode, ret); 1026 } 1027 1028 if (command == CMD_802_11_DEEP_SLEEP) { 1029 if (priv->is_auto_deep_sleep_enabled) { 1030 priv->wakeup_dev_required = 1; 1031 priv->dnld_sent = 0; 1032 } 1033 priv->is_deep_sleep = 1; 1034 lbs_complete_command(priv, cmdnode, 0); 1035 } else { 1036 /* Setup the timer after transmit command */ 1037 mod_timer(&priv->command_timer, jiffies + timeo); 1038 } 1039 1040 lbs_deb_leave(LBS_DEB_HOST); 1041 } 1042 1043 /* 1044 * This function inserts command node to cmdfreeq 1045 * after cleans it. Requires priv->driver_lock held. 1046 */ 1047 static void __lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1048 struct cmd_ctrl_node *cmdnode) 1049 { 1050 lbs_deb_enter(LBS_DEB_HOST); 1051 1052 if (!cmdnode) 1053 goto out; 1054 1055 cmdnode->callback = NULL; 1056 cmdnode->callback_arg = 0; 1057 1058 memset(cmdnode->cmdbuf, 0, LBS_CMD_BUFFER_SIZE); 1059 1060 list_add_tail(&cmdnode->list, &priv->cmdfreeq); 1061 out: 1062 lbs_deb_leave(LBS_DEB_HOST); 1063 } 1064 1065 static void lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1066 struct cmd_ctrl_node *ptempcmd) 1067 { 1068 unsigned long flags; 1069 1070 spin_lock_irqsave(&priv->driver_lock, flags); 1071 __lbs_cleanup_and_insert_cmd(priv, ptempcmd); 1072 spin_unlock_irqrestore(&priv->driver_lock, flags); 1073 } 1074 1075 void __lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1076 int result) 1077 { 1078 /* 1079 * Normally, commands are removed from cmdpendingq before being 1080 * submitted. However, we can arrive here on alternative codepaths 1081 * where the command is still pending. Make sure the command really 1082 * isn't part of a list at this point. 1083 */ 1084 list_del_init(&cmd->list); 1085 1086 cmd->result = result; 1087 cmd->cmdwaitqwoken = 1; 1088 wake_up(&cmd->cmdwait_q); 1089 1090 if (!cmd->callback || cmd->callback == lbs_cmd_async_callback) 1091 __lbs_cleanup_and_insert_cmd(priv, cmd); 1092 priv->cur_cmd = NULL; 1093 wake_up(&priv->waitq); 1094 } 1095 1096 void lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1097 int result) 1098 { 1099 unsigned long flags; 1100 spin_lock_irqsave(&priv->driver_lock, flags); 1101 __lbs_complete_command(priv, cmd, result); 1102 spin_unlock_irqrestore(&priv->driver_lock, flags); 1103 } 1104 1105 int lbs_set_radio(struct lbs_private *priv, u8 preamble, u8 radio_on) 1106 { 1107 struct cmd_ds_802_11_radio_control cmd; 1108 int ret = -EINVAL; 1109 1110 lbs_deb_enter(LBS_DEB_CMD); 1111 1112 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1113 cmd.action = cpu_to_le16(CMD_ACT_SET); 1114 cmd.control = 0; 1115 1116 /* Only v8 and below support setting the preamble */ 1117 if (priv->fwrelease < 0x09000000) { 1118 switch (preamble) { 1119 case RADIO_PREAMBLE_SHORT: 1120 case RADIO_PREAMBLE_AUTO: 1121 case RADIO_PREAMBLE_LONG: 1122 cmd.control = cpu_to_le16(preamble); 1123 break; 1124 default: 1125 goto out; 1126 } 1127 } 1128 1129 if (radio_on) 1130 cmd.control |= cpu_to_le16(0x1); 1131 else { 1132 cmd.control &= cpu_to_le16(~0x1); 1133 priv->txpower_cur = 0; 1134 } 1135 1136 lbs_deb_cmd("RADIO_CONTROL: radio %s, preamble %d\n", 1137 radio_on ? "ON" : "OFF", preamble); 1138 1139 priv->radio_on = radio_on; 1140 1141 ret = lbs_cmd_with_response(priv, CMD_802_11_RADIO_CONTROL, &cmd); 1142 1143 out: 1144 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1145 return ret; 1146 } 1147 1148 void lbs_set_mac_control(struct lbs_private *priv) 1149 { 1150 struct cmd_ds_mac_control cmd; 1151 1152 lbs_deb_enter(LBS_DEB_CMD); 1153 1154 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1155 cmd.action = cpu_to_le16(priv->mac_control); 1156 cmd.reserved = 0; 1157 1158 lbs_cmd_async(priv, CMD_MAC_CONTROL, &cmd.hdr, sizeof(cmd)); 1159 1160 lbs_deb_leave(LBS_DEB_CMD); 1161 } 1162 1163 int lbs_set_mac_control_sync(struct lbs_private *priv) 1164 { 1165 struct cmd_ds_mac_control cmd; 1166 int ret = 0; 1167 1168 lbs_deb_enter(LBS_DEB_CMD); 1169 1170 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1171 cmd.action = cpu_to_le16(priv->mac_control); 1172 cmd.reserved = 0; 1173 ret = lbs_cmd_with_response(priv, CMD_MAC_CONTROL, &cmd); 1174 1175 lbs_deb_leave(LBS_DEB_CMD); 1176 return ret; 1177 } 1178 1179 /** 1180 * lbs_allocate_cmd_buffer - allocates the command buffer and links 1181 * it to command free queue 1182 * 1183 * @priv: A pointer to &struct lbs_private structure 1184 * 1185 * returns: 0 for success or -1 on error 1186 */ 1187 int lbs_allocate_cmd_buffer(struct lbs_private *priv) 1188 { 1189 int ret = 0; 1190 u32 bufsize; 1191 u32 i; 1192 struct cmd_ctrl_node *cmdarray; 1193 1194 lbs_deb_enter(LBS_DEB_HOST); 1195 1196 /* Allocate and initialize the command array */ 1197 bufsize = sizeof(struct cmd_ctrl_node) * LBS_NUM_CMD_BUFFERS; 1198 if (!(cmdarray = kzalloc(bufsize, GFP_KERNEL))) { 1199 lbs_deb_host("ALLOC_CMD_BUF: tempcmd_array is NULL\n"); 1200 ret = -1; 1201 goto done; 1202 } 1203 priv->cmd_array = cmdarray; 1204 1205 /* Allocate and initialize each command buffer in the command array */ 1206 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1207 cmdarray[i].cmdbuf = kzalloc(LBS_CMD_BUFFER_SIZE, GFP_KERNEL); 1208 if (!cmdarray[i].cmdbuf) { 1209 lbs_deb_host("ALLOC_CMD_BUF: ptempvirtualaddr is NULL\n"); 1210 ret = -1; 1211 goto done; 1212 } 1213 } 1214 1215 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1216 init_waitqueue_head(&cmdarray[i].cmdwait_q); 1217 lbs_cleanup_and_insert_cmd(priv, &cmdarray[i]); 1218 } 1219 ret = 0; 1220 1221 done: 1222 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1223 return ret; 1224 } 1225 1226 /** 1227 * lbs_free_cmd_buffer - free the command buffer 1228 * 1229 * @priv: A pointer to &struct lbs_private structure 1230 * 1231 * returns: 0 for success 1232 */ 1233 int lbs_free_cmd_buffer(struct lbs_private *priv) 1234 { 1235 struct cmd_ctrl_node *cmdarray; 1236 unsigned int i; 1237 1238 lbs_deb_enter(LBS_DEB_HOST); 1239 1240 /* need to check if cmd array is allocated or not */ 1241 if (priv->cmd_array == NULL) { 1242 lbs_deb_host("FREE_CMD_BUF: cmd_array is NULL\n"); 1243 goto done; 1244 } 1245 1246 cmdarray = priv->cmd_array; 1247 1248 /* Release shared memory buffers */ 1249 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1250 if (cmdarray[i].cmdbuf) { 1251 kfree(cmdarray[i].cmdbuf); 1252 cmdarray[i].cmdbuf = NULL; 1253 } 1254 } 1255 1256 /* Release cmd_ctrl_node */ 1257 if (priv->cmd_array) { 1258 kfree(priv->cmd_array); 1259 priv->cmd_array = NULL; 1260 } 1261 1262 done: 1263 lbs_deb_leave(LBS_DEB_HOST); 1264 return 0; 1265 } 1266 1267 /** 1268 * lbs_get_free_cmd_node - gets a free command node if available in 1269 * command free queue 1270 * 1271 * @priv: A pointer to &struct lbs_private structure 1272 * 1273 * returns: A pointer to &cmd_ctrl_node structure on success 1274 * or %NULL on error 1275 */ 1276 static struct cmd_ctrl_node *lbs_get_free_cmd_node(struct lbs_private *priv) 1277 { 1278 struct cmd_ctrl_node *tempnode; 1279 unsigned long flags; 1280 1281 lbs_deb_enter(LBS_DEB_HOST); 1282 1283 if (!priv) 1284 return NULL; 1285 1286 spin_lock_irqsave(&priv->driver_lock, flags); 1287 1288 if (!list_empty(&priv->cmdfreeq)) { 1289 tempnode = list_first_entry(&priv->cmdfreeq, 1290 struct cmd_ctrl_node, list); 1291 list_del_init(&tempnode->list); 1292 } else { 1293 lbs_deb_host("GET_CMD_NODE: cmd_ctrl_node is not available\n"); 1294 tempnode = NULL; 1295 } 1296 1297 spin_unlock_irqrestore(&priv->driver_lock, flags); 1298 1299 lbs_deb_leave(LBS_DEB_HOST); 1300 return tempnode; 1301 } 1302 1303 /** 1304 * lbs_execute_next_command - execute next command in command 1305 * pending queue. Will put firmware back to PS mode if applicable. 1306 * 1307 * @priv: A pointer to &struct lbs_private structure 1308 * 1309 * returns: 0 on success or -1 on error 1310 */ 1311 int lbs_execute_next_command(struct lbs_private *priv) 1312 { 1313 struct cmd_ctrl_node *cmdnode = NULL; 1314 struct cmd_header *cmd; 1315 unsigned long flags; 1316 int ret = 0; 1317 1318 /* Debug group is LBS_DEB_THREAD and not LBS_DEB_HOST, because the 1319 * only caller to us is lbs_thread() and we get even when a 1320 * data packet is received */ 1321 lbs_deb_enter(LBS_DEB_THREAD); 1322 1323 spin_lock_irqsave(&priv->driver_lock, flags); 1324 1325 if (priv->cur_cmd) { 1326 netdev_alert(priv->dev, 1327 "EXEC_NEXT_CMD: already processing command!\n"); 1328 spin_unlock_irqrestore(&priv->driver_lock, flags); 1329 ret = -1; 1330 goto done; 1331 } 1332 1333 if (!list_empty(&priv->cmdpendingq)) { 1334 cmdnode = list_first_entry(&priv->cmdpendingq, 1335 struct cmd_ctrl_node, list); 1336 } 1337 1338 spin_unlock_irqrestore(&priv->driver_lock, flags); 1339 1340 if (cmdnode) { 1341 cmd = cmdnode->cmdbuf; 1342 1343 if (is_command_allowed_in_ps(le16_to_cpu(cmd->command))) { 1344 if ((priv->psstate == PS_STATE_SLEEP) || 1345 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1346 lbs_deb_host( 1347 "EXEC_NEXT_CMD: cannot send cmd 0x%04x in psstate %d\n", 1348 le16_to_cpu(cmd->command), 1349 priv->psstate); 1350 ret = -1; 1351 goto done; 1352 } 1353 lbs_deb_host("EXEC_NEXT_CMD: OK to send command " 1354 "0x%04x in psstate %d\n", 1355 le16_to_cpu(cmd->command), priv->psstate); 1356 } else if (priv->psstate != PS_STATE_FULL_POWER) { 1357 /* 1358 * 1. Non-PS command: 1359 * Queue it. set needtowakeup to TRUE if current state 1360 * is SLEEP, otherwise call send EXIT_PS. 1361 * 2. PS command but not EXIT_PS: 1362 * Ignore it. 1363 * 3. PS command EXIT_PS: 1364 * Set needtowakeup to TRUE if current state is SLEEP, 1365 * otherwise send this command down to firmware 1366 * immediately. 1367 */ 1368 if (cmd->command != cpu_to_le16(CMD_802_11_PS_MODE)) { 1369 /* Prepare to send Exit PS, 1370 * this non PS command will be sent later */ 1371 if ((priv->psstate == PS_STATE_SLEEP) 1372 || (priv->psstate == PS_STATE_PRE_SLEEP) 1373 ) { 1374 /* w/ new scheme, it will not reach here. 1375 since it is blocked in main_thread. */ 1376 priv->needtowakeup = 1; 1377 } else { 1378 lbs_set_ps_mode(priv, 1379 PS_MODE_ACTION_EXIT_PS, 1380 false); 1381 } 1382 1383 ret = 0; 1384 goto done; 1385 } else { 1386 /* 1387 * PS command. Ignore it if it is not Exit_PS. 1388 * otherwise send it down immediately. 1389 */ 1390 struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1]; 1391 1392 lbs_deb_host( 1393 "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n", 1394 psm->action); 1395 if (psm->action != 1396 cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 1397 lbs_deb_host( 1398 "EXEC_NEXT_CMD: ignore ENTER_PS cmd\n"); 1399 lbs_complete_command(priv, cmdnode, 0); 1400 1401 ret = 0; 1402 goto done; 1403 } 1404 1405 if ((priv->psstate == PS_STATE_SLEEP) || 1406 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1407 lbs_deb_host( 1408 "EXEC_NEXT_CMD: ignore EXIT_PS cmd in sleep\n"); 1409 lbs_complete_command(priv, cmdnode, 0); 1410 priv->needtowakeup = 1; 1411 1412 ret = 0; 1413 goto done; 1414 } 1415 1416 lbs_deb_host( 1417 "EXEC_NEXT_CMD: sending EXIT_PS\n"); 1418 } 1419 } 1420 spin_lock_irqsave(&priv->driver_lock, flags); 1421 list_del_init(&cmdnode->list); 1422 spin_unlock_irqrestore(&priv->driver_lock, flags); 1423 lbs_deb_host("EXEC_NEXT_CMD: sending command 0x%04x\n", 1424 le16_to_cpu(cmd->command)); 1425 lbs_submit_command(priv, cmdnode); 1426 } else { 1427 /* 1428 * check if in power save mode, if yes, put the device back 1429 * to PS mode 1430 */ 1431 #ifdef TODO 1432 /* 1433 * This was the old code for libertas+wext. Someone that 1434 * understands this beast should re-code it in a sane way. 1435 * 1436 * I actually don't understand why this is related to WPA 1437 * and to connection status, shouldn't powering should be 1438 * independ of such things? 1439 */ 1440 if ((priv->psmode != LBS802_11POWERMODECAM) && 1441 (priv->psstate == PS_STATE_FULL_POWER) && 1442 ((priv->connect_status == LBS_CONNECTED) || 1443 lbs_mesh_connected(priv))) { 1444 if (priv->secinfo.WPAenabled || 1445 priv->secinfo.WPA2enabled) { 1446 /* check for valid WPA group keys */ 1447 if (priv->wpa_mcast_key.len || 1448 priv->wpa_unicast_key.len) { 1449 lbs_deb_host( 1450 "EXEC_NEXT_CMD: WPA enabled and GTK_SET" 1451 " go back to PS_SLEEP"); 1452 lbs_set_ps_mode(priv, 1453 PS_MODE_ACTION_ENTER_PS, 1454 false); 1455 } 1456 } else { 1457 lbs_deb_host( 1458 "EXEC_NEXT_CMD: cmdpendingq empty, " 1459 "go back to PS_SLEEP"); 1460 lbs_set_ps_mode(priv, PS_MODE_ACTION_ENTER_PS, 1461 false); 1462 } 1463 } 1464 #endif 1465 } 1466 1467 ret = 0; 1468 done: 1469 lbs_deb_leave(LBS_DEB_THREAD); 1470 return ret; 1471 } 1472 1473 static void lbs_send_confirmsleep(struct lbs_private *priv) 1474 { 1475 unsigned long flags; 1476 int ret; 1477 1478 lbs_deb_enter(LBS_DEB_HOST); 1479 lbs_deb_hex(LBS_DEB_HOST, "sleep confirm", (u8 *) &confirm_sleep, 1480 sizeof(confirm_sleep)); 1481 1482 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) &confirm_sleep, 1483 sizeof(confirm_sleep)); 1484 if (ret) { 1485 netdev_alert(priv->dev, "confirm_sleep failed\n"); 1486 goto out; 1487 } 1488 1489 spin_lock_irqsave(&priv->driver_lock, flags); 1490 1491 /* We don't get a response on the sleep-confirmation */ 1492 priv->dnld_sent = DNLD_RES_RECEIVED; 1493 1494 if (priv->is_host_sleep_configured) { 1495 priv->is_host_sleep_activated = 1; 1496 wake_up_interruptible(&priv->host_sleep_q); 1497 } 1498 1499 /* If nothing to do, go back to sleep (?) */ 1500 if (!kfifo_len(&priv->event_fifo) && !priv->resp_len[priv->resp_idx]) 1501 priv->psstate = PS_STATE_SLEEP; 1502 1503 spin_unlock_irqrestore(&priv->driver_lock, flags); 1504 1505 out: 1506 lbs_deb_leave(LBS_DEB_HOST); 1507 } 1508 1509 /** 1510 * lbs_ps_confirm_sleep - checks condition and prepares to 1511 * send sleep confirm command to firmware if ok 1512 * 1513 * @priv: A pointer to &struct lbs_private structure 1514 * 1515 * returns: n/a 1516 */ 1517 void lbs_ps_confirm_sleep(struct lbs_private *priv) 1518 { 1519 unsigned long flags =0; 1520 int allowed = 1; 1521 1522 lbs_deb_enter(LBS_DEB_HOST); 1523 1524 spin_lock_irqsave(&priv->driver_lock, flags); 1525 if (priv->dnld_sent) { 1526 allowed = 0; 1527 lbs_deb_host("dnld_sent was set\n"); 1528 } 1529 1530 /* In-progress command? */ 1531 if (priv->cur_cmd) { 1532 allowed = 0; 1533 lbs_deb_host("cur_cmd was set\n"); 1534 } 1535 1536 /* Pending events or command responses? */ 1537 if (kfifo_len(&priv->event_fifo) || priv->resp_len[priv->resp_idx]) { 1538 allowed = 0; 1539 lbs_deb_host("pending events or command responses\n"); 1540 } 1541 spin_unlock_irqrestore(&priv->driver_lock, flags); 1542 1543 if (allowed) { 1544 lbs_deb_host("sending lbs_ps_confirm_sleep\n"); 1545 lbs_send_confirmsleep(priv); 1546 } else { 1547 lbs_deb_host("sleep confirm has been delayed\n"); 1548 } 1549 1550 lbs_deb_leave(LBS_DEB_HOST); 1551 } 1552 1553 1554 /** 1555 * lbs_set_tpc_cfg - Configures the transmission power control functionality 1556 * 1557 * @priv: A pointer to &struct lbs_private structure 1558 * @enable: Transmission power control enable 1559 * @p0: Power level when link quality is good (dBm). 1560 * @p1: Power level when link quality is fair (dBm). 1561 * @p2: Power level when link quality is poor (dBm). 1562 * @usesnr: Use Signal to Noise Ratio in TPC 1563 * 1564 * returns: 0 on success 1565 */ 1566 int lbs_set_tpc_cfg(struct lbs_private *priv, int enable, int8_t p0, int8_t p1, 1567 int8_t p2, int usesnr) 1568 { 1569 struct cmd_ds_802_11_tpc_cfg cmd; 1570 int ret; 1571 1572 memset(&cmd, 0, sizeof(cmd)); 1573 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1574 cmd.action = cpu_to_le16(CMD_ACT_SET); 1575 cmd.enable = !!enable; 1576 cmd.usesnr = !!usesnr; 1577 cmd.P0 = p0; 1578 cmd.P1 = p1; 1579 cmd.P2 = p2; 1580 1581 ret = lbs_cmd_with_response(priv, CMD_802_11_TPC_CFG, &cmd); 1582 1583 return ret; 1584 } 1585 1586 /** 1587 * lbs_set_power_adapt_cfg - Configures the power adaptation settings 1588 * 1589 * @priv: A pointer to &struct lbs_private structure 1590 * @enable: Power adaptation enable 1591 * @p0: Power level for 1, 2, 5.5 and 11 Mbps (dBm). 1592 * @p1: Power level for 6, 9, 12, 18, 22, 24 and 36 Mbps (dBm). 1593 * @p2: Power level for 48 and 54 Mbps (dBm). 1594 * 1595 * returns: 0 on Success 1596 */ 1597 1598 int lbs_set_power_adapt_cfg(struct lbs_private *priv, int enable, int8_t p0, 1599 int8_t p1, int8_t p2) 1600 { 1601 struct cmd_ds_802_11_pa_cfg cmd; 1602 int ret; 1603 1604 memset(&cmd, 0, sizeof(cmd)); 1605 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1606 cmd.action = cpu_to_le16(CMD_ACT_SET); 1607 cmd.enable = !!enable; 1608 cmd.P0 = p0; 1609 cmd.P1 = p1; 1610 cmd.P2 = p2; 1611 1612 ret = lbs_cmd_with_response(priv, CMD_802_11_PA_CFG , &cmd); 1613 1614 return ret; 1615 } 1616 1617 1618 struct cmd_ctrl_node *__lbs_cmd_async(struct lbs_private *priv, 1619 uint16_t command, struct cmd_header *in_cmd, int in_cmd_size, 1620 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1621 unsigned long callback_arg) 1622 { 1623 struct cmd_ctrl_node *cmdnode; 1624 1625 lbs_deb_enter(LBS_DEB_HOST); 1626 1627 if (priv->surpriseremoved) { 1628 lbs_deb_host("PREP_CMD: card removed\n"); 1629 cmdnode = ERR_PTR(-ENOENT); 1630 goto done; 1631 } 1632 1633 /* No commands are allowed in Deep Sleep until we toggle the GPIO 1634 * to wake up the card and it has signaled that it's ready. 1635 */ 1636 if (!priv->is_auto_deep_sleep_enabled) { 1637 if (priv->is_deep_sleep) { 1638 lbs_deb_cmd("command not allowed in deep sleep\n"); 1639 cmdnode = ERR_PTR(-EBUSY); 1640 goto done; 1641 } 1642 } 1643 1644 cmdnode = lbs_get_free_cmd_node(priv); 1645 if (cmdnode == NULL) { 1646 lbs_deb_host("PREP_CMD: cmdnode is NULL\n"); 1647 1648 /* Wake up main thread to execute next command */ 1649 wake_up(&priv->waitq); 1650 cmdnode = ERR_PTR(-ENOBUFS); 1651 goto done; 1652 } 1653 1654 cmdnode->callback = callback; 1655 cmdnode->callback_arg = callback_arg; 1656 1657 /* Copy the incoming command to the buffer */ 1658 memcpy(cmdnode->cmdbuf, in_cmd, in_cmd_size); 1659 1660 /* Set command, clean result, move to buffer */ 1661 cmdnode->cmdbuf->command = cpu_to_le16(command); 1662 cmdnode->cmdbuf->size = cpu_to_le16(in_cmd_size); 1663 cmdnode->cmdbuf->result = 0; 1664 1665 lbs_deb_host("PREP_CMD: command 0x%04x\n", command); 1666 1667 cmdnode->cmdwaitqwoken = 0; 1668 lbs_queue_cmd(priv, cmdnode); 1669 wake_up(&priv->waitq); 1670 1671 done: 1672 lbs_deb_leave_args(LBS_DEB_HOST, "ret %p", cmdnode); 1673 return cmdnode; 1674 } 1675 1676 void lbs_cmd_async(struct lbs_private *priv, uint16_t command, 1677 struct cmd_header *in_cmd, int in_cmd_size) 1678 { 1679 lbs_deb_enter(LBS_DEB_CMD); 1680 __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1681 lbs_cmd_async_callback, 0); 1682 lbs_deb_leave(LBS_DEB_CMD); 1683 } 1684 1685 int __lbs_cmd(struct lbs_private *priv, uint16_t command, 1686 struct cmd_header *in_cmd, int in_cmd_size, 1687 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1688 unsigned long callback_arg) 1689 { 1690 struct cmd_ctrl_node *cmdnode; 1691 unsigned long flags; 1692 int ret = 0; 1693 1694 lbs_deb_enter(LBS_DEB_HOST); 1695 1696 cmdnode = __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1697 callback, callback_arg); 1698 if (IS_ERR(cmdnode)) { 1699 ret = PTR_ERR(cmdnode); 1700 goto done; 1701 } 1702 1703 might_sleep(); 1704 1705 /* 1706 * Be careful with signals here. A signal may be received as the system 1707 * goes into suspend or resume. We do not want this to interrupt the 1708 * command, so we perform an uninterruptible sleep. 1709 */ 1710 wait_event(cmdnode->cmdwait_q, cmdnode->cmdwaitqwoken); 1711 1712 spin_lock_irqsave(&priv->driver_lock, flags); 1713 ret = cmdnode->result; 1714 if (ret) 1715 netdev_info(priv->dev, "PREP_CMD: command 0x%04x failed: %d\n", 1716 command, ret); 1717 1718 __lbs_cleanup_and_insert_cmd(priv, cmdnode); 1719 spin_unlock_irqrestore(&priv->driver_lock, flags); 1720 1721 done: 1722 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1723 return ret; 1724 } 1725 EXPORT_SYMBOL_GPL(__lbs_cmd);
1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 extern int ldv_state_variable_8; 53 extern int ldv_state_variable_15; 54 extern int ldv_timer_1_3; 55 extern struct timer_list * ldv_timer_list_2_0; 56 extern int ldv_timer_2_1; 57 extern int ldv_state_variable_0; 58 extern int ldv_state_variable_5; 59 extern int ldv_state_variable_13; 60 extern int ldv_state_variable_12; 61 extern struct device_attribute *dev_attr_protocol_id_group1; 62 extern struct timer_list * ldv_timer_list_3_1; 63 extern int ldv_state_variable_14; 64 extern struct device_attribute *dev_attr_capability_group1; 65 extern struct timer_list * ldv_timer_list_3_2; 66 extern int ldv_timer_2_2; 67 extern struct net_device *lbs_ethtool_ops_group0; 68 extern int ldv_timer_3_3; 69 extern int ldv_timer_2_3; 70 extern struct device_attribute *dev_attr_lbs_mesh_group1; 71 extern int ldv_timer_1_0; 72 extern int ldv_state_variable_17; 73 extern struct timer_list * ldv_timer_list_3_3; 74 extern int ldv_state_variable_9; 75 extern int ldv_timer_3_1; 76 extern int ref_cnt; 77 extern int ldv_state_variable_1; 78 extern int ldv_state_variable_7; 79 extern struct device_attribute *dev_attr_metric_id_group1; 80 extern struct net_device *lbs_netdev_ops_group1; 81 extern struct timer_list * ldv_timer_list_1_3; 82 extern struct net_device *lbs_cfg80211_ops_group0; 83 extern int ldv_state_variable_10; 84 extern struct timer_list * ldv_timer_list_1_1; 85 extern struct file *lbs_debug_fops_group2; 86 extern struct timer_list * ldv_timer_list_2_1; 87 extern struct wiphy *lbs_cfg80211_ops_group1; 88 extern struct timer_list * ldv_timer_list_1_0; 89 extern int ldv_state_variable_6; 90 extern int ldv_timer_1_2; 91 extern int ldv_state_variable_16; 92 extern struct device_attribute *dev_attr_channel_group1; 93 extern int ldv_timer_2_0; 94 extern int ldv_timer_1_1; 95 extern int ldv_state_variable_2; 96 extern struct timer_list * ldv_timer_list_1_2; 97 extern struct device_attribute *dev_attr_anycast_mask_group1; 98 extern int ldv_state_variable_11; 99 extern struct device_attribute *dev_attr_bootflag_group1; 100 extern int LDV_IN_INTERRUPT = 1; 101 extern int ldv_state_variable_18; 102 extern struct net_device *mesh_netdev_ops_group1; 103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1; 104 extern struct inode *lbs_debug_fops_group1; 105 extern int ldv_timer_3_2; 106 extern struct mutex fs_mutex; 107 extern int ldv_state_variable_3; 108 extern struct mutex ar_mutex; 109 extern struct timer_list * ldv_timer_list_2_3; 110 extern struct device_attribute *dev_attr_boottime_group1; 111 extern int ldv_timer_3_0; 112 extern struct timer_list * ldv_timer_list_3_0; 113 extern struct device_attribute *dev_attr_mesh_id_group1; 114 extern struct timer_list * ldv_timer_list_2_2; 115 extern int ldv_state_variable_4; 116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1; 117 extern void ldv_initialyze_cfg80211_ops_18(void); 118 extern int evil_hack_15(void); 119 extern void choose_timer_2(void); 120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag); 122 extern void choose_timer_3(void); 123 extern void timer_init_3(void); 124 extern void ldv_net_device_ops_4(void); 125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 126 extern void timer_init_2(void); 127 extern void timer_init_1(void); 128 extern void ldv_net_device_ops_15(void); 129 extern void disable_suitable_timer_3(struct timer_list * timer); 130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data); 131 extern int evil_hack_4(void); 132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 133 extern void disable_suitable_timer_2(struct timer_list * timer); 134 extern void disable_suitable_timer_1(struct timer_list * timer); 135 extern int evil_hack_fs_lock(void); 136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag); 138 extern int __VERIFIER_nondet_int(void); 139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 140 extern void ldv_file_operations_17(void); 141 extern void ldv_initialyze_ethtool_ops_16(void); 142 extern void choose_timer_1(void); 143 extern void ldv_timer_1(int state, struct timer_list * timer); 144 extern int evil_hack_ar_lock(void); 145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data); 146 extern void ldv_timer_2(int state, struct timer_list * timer); 147 extern void ldv_timer_3(int state, struct timer_list * timer); 148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cmd.c" 149 /* 150 * This file contains the handling of command. 151 * It prepares command and sends it to firmware when it is ready. 152 */ 153 154 #include <linux/hardirq.h> 155 #include <linux/kfifo.h> 156 #include <linux/sched.h> 157 #include <linux/slab.h> 158 #include <linux/if_arp.h> 159 #include <linux/export.h> 160 161 #include "decl.h" 162 #include "cfg.h" 163 #include "cmd.h" 164 165 #define CAL_NF(nf) ((s32)(-(s32)(nf))) 166 #define CAL_RSSI(snr, nf) ((s32)((s32)(snr) + CAL_NF(nf))) 167 168 /** 169 * lbs_cmd_copyback - Simple callback that copies response back into command 170 * 171 * @priv: A pointer to &struct lbs_private structure 172 * @extra: A pointer to the original command structure for which 173 * 'resp' is a response 174 * @resp: A pointer to the command response 175 * 176 * returns: 0 on success, error on failure 177 */ 178 int lbs_cmd_copyback(struct lbs_private *priv, unsigned long extra, 179 struct cmd_header *resp) 180 { 181 struct cmd_header *buf = (void *)extra; 182 uint16_t copy_len; 183 184 copy_len = min(le16_to_cpu(buf->size), le16_to_cpu(resp->size)); 185 memcpy(buf, resp, copy_len); 186 return 0; 187 } 188 EXPORT_SYMBOL_GPL(lbs_cmd_copyback); 189 190 /** 191 * lbs_cmd_async_callback - Simple callback that ignores the result. 192 * Use this if you just want to send a command to the hardware, but don't 193 * care for the result. 194 * 195 * @priv: ignored 196 * @extra: ignored 197 * @resp: ignored 198 * 199 * returns: 0 for success 200 */ 201 static int lbs_cmd_async_callback(struct lbs_private *priv, unsigned long extra, 202 struct cmd_header *resp) 203 { 204 return 0; 205 } 206 207 208 /** 209 * is_command_allowed_in_ps - tests if a command is allowed in Power Save mode 210 * 211 * @cmd: the command ID 212 * 213 * returns: 1 if allowed, 0 if not allowed 214 */ 215 static u8 is_command_allowed_in_ps(u16 cmd) 216 { 217 switch (cmd) { 218 case CMD_802_11_RSSI: 219 return 1; 220 case CMD_802_11_HOST_SLEEP_CFG: 221 return 1; 222 default: 223 break; 224 } 225 return 0; 226 } 227 228 /** 229 * lbs_update_hw_spec - Updates the hardware details like MAC address 230 * and regulatory region 231 * 232 * @priv: A pointer to &struct lbs_private structure 233 * 234 * returns: 0 on success, error on failure 235 */ 236 int lbs_update_hw_spec(struct lbs_private *priv) 237 { 238 struct cmd_ds_get_hw_spec cmd; 239 int ret = -1; 240 u32 i; 241 242 lbs_deb_enter(LBS_DEB_CMD); 243 244 memset(&cmd, 0, sizeof(cmd)); 245 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 246 memcpy(cmd.permanentaddr, priv->current_addr, ETH_ALEN); 247 ret = lbs_cmd_with_response(priv, CMD_GET_HW_SPEC, &cmd); 248 if (ret) 249 goto out; 250 251 priv->fwcapinfo = le32_to_cpu(cmd.fwcapinfo); 252 253 /* The firmware release is in an interesting format: the patch 254 * level is in the most significant nibble ... so fix that: */ 255 priv->fwrelease = le32_to_cpu(cmd.fwrelease); 256 priv->fwrelease = (priv->fwrelease << 8) | 257 (priv->fwrelease >> 24 & 0xff); 258 259 /* Some firmware capabilities: 260 * CF card firmware 5.0.16p0: cap 0x00000303 261 * USB dongle firmware 5.110.17p2: cap 0x00000303 262 */ 263 netdev_info(priv->dev, "%pM, fw %u.%u.%up%u, cap 0x%08x\n", 264 cmd.permanentaddr, 265 priv->fwrelease >> 24 & 0xff, 266 priv->fwrelease >> 16 & 0xff, 267 priv->fwrelease >> 8 & 0xff, 268 priv->fwrelease & 0xff, 269 priv->fwcapinfo); 270 lbs_deb_cmd("GET_HW_SPEC: hardware interface 0x%x, hardware spec 0x%04x\n", 271 cmd.hwifversion, cmd.version); 272 273 /* Clamp region code to 8-bit since FW spec indicates that it should 274 * only ever be 8-bit, even though the field size is 16-bit. Some firmware 275 * returns non-zero high 8 bits here. 276 * 277 * Firmware version 4.0.102 used in CF8381 has region code shifted. We 278 * need to check for this problem and handle it properly. 279 */ 280 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V4) 281 priv->regioncode = (le16_to_cpu(cmd.regioncode) >> 8) & 0xFF; 282 else 283 priv->regioncode = le16_to_cpu(cmd.regioncode) & 0xFF; 284 285 for (i = 0; i < MRVDRV_MAX_REGION_CODE; i++) { 286 /* use the region code to search for the index */ 287 if (priv->regioncode == lbs_region_code_to_index[i]) 288 break; 289 } 290 291 /* if it's unidentified region code, use the default (USA) */ 292 if (i >= MRVDRV_MAX_REGION_CODE) { 293 priv->regioncode = 0x10; 294 netdev_info(priv->dev, 295 "unidentified region code; using the default (USA)\n"); 296 } 297 298 if (priv->current_addr[0] == 0xff) 299 memmove(priv->current_addr, cmd.permanentaddr, ETH_ALEN); 300 301 if (!priv->copied_hwaddr) { 302 memcpy(priv->dev->dev_addr, priv->current_addr, ETH_ALEN); 303 if (priv->mesh_dev) 304 memcpy(priv->mesh_dev->dev_addr, 305 priv->current_addr, ETH_ALEN); 306 priv->copied_hwaddr = 1; 307 } 308 309 out: 310 lbs_deb_leave(LBS_DEB_CMD); 311 return ret; 312 } 313 314 static int lbs_ret_host_sleep_cfg(struct lbs_private *priv, unsigned long dummy, 315 struct cmd_header *resp) 316 { 317 lbs_deb_enter(LBS_DEB_CMD); 318 if (priv->is_host_sleep_activated) { 319 priv->is_host_sleep_configured = 0; 320 if (priv->psstate == PS_STATE_FULL_POWER) { 321 priv->is_host_sleep_activated = 0; 322 wake_up_interruptible(&priv->host_sleep_q); 323 } 324 } else { 325 priv->is_host_sleep_configured = 1; 326 } 327 lbs_deb_leave(LBS_DEB_CMD); 328 return 0; 329 } 330 331 int lbs_host_sleep_cfg(struct lbs_private *priv, uint32_t criteria, 332 struct wol_config *p_wol_config) 333 { 334 struct cmd_ds_host_sleep cmd_config; 335 int ret; 336 337 /* 338 * Certain firmware versions do not support EHS_REMOVE_WAKEUP command 339 * and the card will return a failure. Since we need to be 340 * able to reset the mask, in those cases we set a 0 mask instead. 341 */ 342 if (criteria == EHS_REMOVE_WAKEUP && !priv->ehs_remove_supported) 343 criteria = 0; 344 345 cmd_config.hdr.size = cpu_to_le16(sizeof(cmd_config)); 346 cmd_config.criteria = cpu_to_le32(criteria); 347 cmd_config.gpio = priv->wol_gpio; 348 cmd_config.gap = priv->wol_gap; 349 350 if (p_wol_config != NULL) 351 memcpy((uint8_t *)&cmd_config.wol_conf, (uint8_t *)p_wol_config, 352 sizeof(struct wol_config)); 353 else 354 cmd_config.wol_conf.action = CMD_ACT_ACTION_NONE; 355 356 ret = __lbs_cmd(priv, CMD_802_11_HOST_SLEEP_CFG, &cmd_config.hdr, 357 le16_to_cpu(cmd_config.hdr.size), 358 lbs_ret_host_sleep_cfg, 0); 359 if (!ret) { 360 if (p_wol_config) 361 memcpy((uint8_t *) p_wol_config, 362 (uint8_t *)&cmd_config.wol_conf, 363 sizeof(struct wol_config)); 364 } else { 365 netdev_info(priv->dev, "HOST_SLEEP_CFG failed %d\n", ret); 366 } 367 368 return ret; 369 } 370 EXPORT_SYMBOL_GPL(lbs_host_sleep_cfg); 371 372 /** 373 * lbs_set_ps_mode - Sets the Power Save mode 374 * 375 * @priv: A pointer to &struct lbs_private structure 376 * @cmd_action: The Power Save operation (PS_MODE_ACTION_ENTER_PS or 377 * PS_MODE_ACTION_EXIT_PS) 378 * @block: Whether to block on a response or not 379 * 380 * returns: 0 on success, error on failure 381 */ 382 int lbs_set_ps_mode(struct lbs_private *priv, u16 cmd_action, bool block) 383 { 384 struct cmd_ds_802_11_ps_mode cmd; 385 int ret = 0; 386 387 lbs_deb_enter(LBS_DEB_CMD); 388 389 memset(&cmd, 0, sizeof(cmd)); 390 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 391 cmd.action = cpu_to_le16(cmd_action); 392 393 if (cmd_action == PS_MODE_ACTION_ENTER_PS) { 394 lbs_deb_cmd("PS_MODE: action ENTER_PS\n"); 395 cmd.multipledtim = cpu_to_le16(1); /* Default DTIM multiple */ 396 } else if (cmd_action == PS_MODE_ACTION_EXIT_PS) { 397 lbs_deb_cmd("PS_MODE: action EXIT_PS\n"); 398 } else { 399 /* We don't handle CONFIRM_SLEEP here because it needs to 400 * be fastpathed to the firmware. 401 */ 402 lbs_deb_cmd("PS_MODE: unknown action 0x%X\n", cmd_action); 403 ret = -EOPNOTSUPP; 404 goto out; 405 } 406 407 if (block) 408 ret = lbs_cmd_with_response(priv, CMD_802_11_PS_MODE, &cmd); 409 else 410 lbs_cmd_async(priv, CMD_802_11_PS_MODE, &cmd.hdr, sizeof (cmd)); 411 412 out: 413 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 414 return ret; 415 } 416 417 int lbs_cmd_802_11_sleep_params(struct lbs_private *priv, uint16_t cmd_action, 418 struct sleep_params *sp) 419 { 420 struct cmd_ds_802_11_sleep_params cmd; 421 int ret; 422 423 lbs_deb_enter(LBS_DEB_CMD); 424 425 if (cmd_action == CMD_ACT_GET) { 426 memset(&cmd, 0, sizeof(cmd)); 427 } else { 428 cmd.error = cpu_to_le16(sp->sp_error); 429 cmd.offset = cpu_to_le16(sp->sp_offset); 430 cmd.stabletime = cpu_to_le16(sp->sp_stabletime); 431 cmd.calcontrol = sp->sp_calcontrol; 432 cmd.externalsleepclk = sp->sp_extsleepclk; 433 cmd.reserved = cpu_to_le16(sp->sp_reserved); 434 } 435 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 436 cmd.action = cpu_to_le16(cmd_action); 437 438 ret = lbs_cmd_with_response(priv, CMD_802_11_SLEEP_PARAMS, &cmd); 439 440 if (!ret) { 441 lbs_deb_cmd("error 0x%x, offset 0x%x, stabletime 0x%x, " 442 "calcontrol 0x%x extsleepclk 0x%x\n", 443 le16_to_cpu(cmd.error), le16_to_cpu(cmd.offset), 444 le16_to_cpu(cmd.stabletime), cmd.calcontrol, 445 cmd.externalsleepclk); 446 447 sp->sp_error = le16_to_cpu(cmd.error); 448 sp->sp_offset = le16_to_cpu(cmd.offset); 449 sp->sp_stabletime = le16_to_cpu(cmd.stabletime); 450 sp->sp_calcontrol = cmd.calcontrol; 451 sp->sp_extsleepclk = cmd.externalsleepclk; 452 sp->sp_reserved = le16_to_cpu(cmd.reserved); 453 } 454 455 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 456 return 0; 457 } 458 459 static int lbs_wait_for_ds_awake(struct lbs_private *priv) 460 { 461 int ret = 0; 462 463 lbs_deb_enter(LBS_DEB_CMD); 464 465 if (priv->is_deep_sleep) { 466 if (!wait_event_interruptible_timeout(priv->ds_awake_q, 467 !priv->is_deep_sleep, (10 * HZ))) { 468 netdev_err(priv->dev, "ds_awake_q: timer expired\n"); 469 ret = -1; 470 } 471 } 472 473 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 474 return ret; 475 } 476 477 int lbs_set_deep_sleep(struct lbs_private *priv, int deep_sleep) 478 { 479 int ret = 0; 480 481 lbs_deb_enter(LBS_DEB_CMD); 482 483 if (deep_sleep) { 484 if (priv->is_deep_sleep != 1) { 485 lbs_deb_cmd("deep sleep: sleep\n"); 486 BUG_ON(!priv->enter_deep_sleep); 487 ret = priv->enter_deep_sleep(priv); 488 if (!ret) { 489 netif_stop_queue(priv->dev); 490 netif_carrier_off(priv->dev); 491 } 492 } else { 493 netdev_err(priv->dev, "deep sleep: already enabled\n"); 494 } 495 } else { 496 if (priv->is_deep_sleep) { 497 lbs_deb_cmd("deep sleep: wakeup\n"); 498 BUG_ON(!priv->exit_deep_sleep); 499 ret = priv->exit_deep_sleep(priv); 500 if (!ret) { 501 ret = lbs_wait_for_ds_awake(priv); 502 if (ret) 503 netdev_err(priv->dev, 504 "deep sleep: wakeup failed\n"); 505 } 506 } 507 } 508 509 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 510 return ret; 511 } 512 513 static int lbs_ret_host_sleep_activate(struct lbs_private *priv, 514 unsigned long dummy, 515 struct cmd_header *cmd) 516 { 517 lbs_deb_enter(LBS_DEB_FW); 518 priv->is_host_sleep_activated = 1; 519 wake_up_interruptible(&priv->host_sleep_q); 520 lbs_deb_leave(LBS_DEB_FW); 521 return 0; 522 } 523 524 int lbs_set_host_sleep(struct lbs_private *priv, int host_sleep) 525 { 526 struct cmd_header cmd; 527 int ret = 0; 528 uint32_t criteria = EHS_REMOVE_WAKEUP; 529 530 lbs_deb_enter(LBS_DEB_CMD); 531 532 if (host_sleep) { 533 if (priv->is_host_sleep_activated != 1) { 534 memset(&cmd, 0, sizeof(cmd)); 535 ret = lbs_host_sleep_cfg(priv, priv->wol_criteria, 536 (struct wol_config *)NULL); 537 if (ret) { 538 netdev_info(priv->dev, 539 "Host sleep configuration failed: %d\n", 540 ret); 541 return ret; 542 } 543 if (priv->psstate == PS_STATE_FULL_POWER) { 544 ret = __lbs_cmd(priv, 545 CMD_802_11_HOST_SLEEP_ACTIVATE, 546 &cmd, 547 sizeof(cmd), 548 lbs_ret_host_sleep_activate, 0); 549 if (ret) 550 netdev_info(priv->dev, 551 "HOST_SLEEP_ACTIVATE failed: %d\n", 552 ret); 553 } 554 555 if (!wait_event_interruptible_timeout( 556 priv->host_sleep_q, 557 priv->is_host_sleep_activated, 558 (10 * HZ))) { 559 netdev_err(priv->dev, 560 "host_sleep_q: timer expired\n"); 561 ret = -1; 562 } 563 } else { 564 netdev_err(priv->dev, "host sleep: already enabled\n"); 565 } 566 } else { 567 if (priv->is_host_sleep_activated) 568 ret = lbs_host_sleep_cfg(priv, criteria, 569 (struct wol_config *)NULL); 570 } 571 572 return ret; 573 } 574 575 /** 576 * lbs_set_snmp_mib - Set an SNMP MIB value 577 * 578 * @priv: A pointer to &struct lbs_private structure 579 * @oid: The OID to set in the firmware 580 * @val: Value to set the OID to 581 * 582 * returns: 0 on success, error on failure 583 */ 584 int lbs_set_snmp_mib(struct lbs_private *priv, u32 oid, u16 val) 585 { 586 struct cmd_ds_802_11_snmp_mib cmd; 587 int ret; 588 589 lbs_deb_enter(LBS_DEB_CMD); 590 591 memset(&cmd, 0, sizeof (cmd)); 592 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 593 cmd.action = cpu_to_le16(CMD_ACT_SET); 594 cmd.oid = cpu_to_le16((u16) oid); 595 596 switch (oid) { 597 case SNMP_MIB_OID_BSS_TYPE: 598 cmd.bufsize = cpu_to_le16(sizeof(u8)); 599 cmd.value[0] = val; 600 break; 601 case SNMP_MIB_OID_11D_ENABLE: 602 case SNMP_MIB_OID_FRAG_THRESHOLD: 603 case SNMP_MIB_OID_RTS_THRESHOLD: 604 case SNMP_MIB_OID_SHORT_RETRY_LIMIT: 605 case SNMP_MIB_OID_LONG_RETRY_LIMIT: 606 cmd.bufsize = cpu_to_le16(sizeof(u16)); 607 *((__le16 *)(&cmd.value)) = cpu_to_le16(val); 608 break; 609 default: 610 lbs_deb_cmd("SNMP_CMD: (set) unhandled OID 0x%x\n", oid); 611 ret = -EINVAL; 612 goto out; 613 } 614 615 lbs_deb_cmd("SNMP_CMD: (set) oid 0x%x, oid size 0x%x, value 0x%x\n", 616 le16_to_cpu(cmd.oid), le16_to_cpu(cmd.bufsize), val); 617 618 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 619 620 out: 621 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 622 return ret; 623 } 624 625 /** 626 * lbs_get_snmp_mib - Get an SNMP MIB value 627 * 628 * @priv: A pointer to &struct lbs_private structure 629 * @oid: The OID to retrieve from the firmware 630 * @out_val: Location for the returned value 631 * 632 * returns: 0 on success, error on failure 633 */ 634 int lbs_get_snmp_mib(struct lbs_private *priv, u32 oid, u16 *out_val) 635 { 636 struct cmd_ds_802_11_snmp_mib cmd; 637 int ret; 638 639 lbs_deb_enter(LBS_DEB_CMD); 640 641 memset(&cmd, 0, sizeof (cmd)); 642 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 643 cmd.action = cpu_to_le16(CMD_ACT_GET); 644 cmd.oid = cpu_to_le16(oid); 645 646 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd); 647 if (ret) 648 goto out; 649 650 switch (le16_to_cpu(cmd.bufsize)) { 651 case sizeof(u8): 652 *out_val = cmd.value[0]; 653 break; 654 case sizeof(u16): 655 *out_val = le16_to_cpu(*((__le16 *)(&cmd.value))); 656 break; 657 default: 658 lbs_deb_cmd("SNMP_CMD: (get) unhandled OID 0x%x size %d\n", 659 oid, le16_to_cpu(cmd.bufsize)); 660 break; 661 } 662 663 out: 664 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 665 return ret; 666 } 667 668 /** 669 * lbs_get_tx_power - Get the min, max, and current TX power 670 * 671 * @priv: A pointer to &struct lbs_private structure 672 * @curlevel: Current power level in dBm 673 * @minlevel: Minimum supported power level in dBm (optional) 674 * @maxlevel: Maximum supported power level in dBm (optional) 675 * 676 * returns: 0 on success, error on failure 677 */ 678 int lbs_get_tx_power(struct lbs_private *priv, s16 *curlevel, s16 *minlevel, 679 s16 *maxlevel) 680 { 681 struct cmd_ds_802_11_rf_tx_power cmd; 682 int ret; 683 684 lbs_deb_enter(LBS_DEB_CMD); 685 686 memset(&cmd, 0, sizeof(cmd)); 687 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 688 cmd.action = cpu_to_le16(CMD_ACT_GET); 689 690 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 691 if (ret == 0) { 692 *curlevel = le16_to_cpu(cmd.curlevel); 693 if (minlevel) 694 *minlevel = cmd.minlevel; 695 if (maxlevel) 696 *maxlevel = cmd.maxlevel; 697 } 698 699 lbs_deb_leave(LBS_DEB_CMD); 700 return ret; 701 } 702 703 /** 704 * lbs_set_tx_power - Set the TX power 705 * 706 * @priv: A pointer to &struct lbs_private structure 707 * @dbm: The desired power level in dBm 708 * 709 * returns: 0 on success, error on failure 710 */ 711 int lbs_set_tx_power(struct lbs_private *priv, s16 dbm) 712 { 713 struct cmd_ds_802_11_rf_tx_power cmd; 714 int ret; 715 716 lbs_deb_enter(LBS_DEB_CMD); 717 718 memset(&cmd, 0, sizeof(cmd)); 719 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 720 cmd.action = cpu_to_le16(CMD_ACT_SET); 721 cmd.curlevel = cpu_to_le16(dbm); 722 723 lbs_deb_cmd("SET_RF_TX_POWER: %d dBm\n", dbm); 724 725 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd); 726 727 lbs_deb_leave(LBS_DEB_CMD); 728 return ret; 729 } 730 731 /** 732 * lbs_set_monitor_mode - Enable or disable monitor mode 733 * (only implemented on OLPC usb8388 FW) 734 * 735 * @priv: A pointer to &struct lbs_private structure 736 * @enable: 1 to enable monitor mode, 0 to disable 737 * 738 * returns: 0 on success, error on failure 739 */ 740 int lbs_set_monitor_mode(struct lbs_private *priv, int enable) 741 { 742 struct cmd_ds_802_11_monitor_mode cmd; 743 int ret; 744 745 memset(&cmd, 0, sizeof(cmd)); 746 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 747 cmd.action = cpu_to_le16(CMD_ACT_SET); 748 if (enable) 749 cmd.mode = cpu_to_le16(0x1); 750 751 lbs_deb_cmd("SET_MONITOR_MODE: %d\n", enable); 752 753 ret = lbs_cmd_with_response(priv, CMD_802_11_MONITOR_MODE, &cmd); 754 if (ret == 0) { 755 priv->dev->type = enable ? ARPHRD_IEEE80211_RADIOTAP : 756 ARPHRD_ETHER; 757 } 758 759 lbs_deb_leave(LBS_DEB_CMD); 760 return ret; 761 } 762 763 /** 764 * lbs_get_channel - Get the radio channel 765 * 766 * @priv: A pointer to &struct lbs_private structure 767 * 768 * returns: The channel on success, error on failure 769 */ 770 static int lbs_get_channel(struct lbs_private *priv) 771 { 772 struct cmd_ds_802_11_rf_channel cmd; 773 int ret = 0; 774 775 lbs_deb_enter(LBS_DEB_CMD); 776 777 memset(&cmd, 0, sizeof(cmd)); 778 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 779 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_GET); 780 781 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 782 if (ret) 783 goto out; 784 785 ret = le16_to_cpu(cmd.channel); 786 lbs_deb_cmd("current radio channel is %d\n", ret); 787 788 out: 789 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 790 return ret; 791 } 792 793 int lbs_update_channel(struct lbs_private *priv) 794 { 795 int ret; 796 797 /* the channel in f/w could be out of sync; get the current channel */ 798 lbs_deb_enter(LBS_DEB_ASSOC); 799 800 ret = lbs_get_channel(priv); 801 if (ret > 0) { 802 priv->channel = ret; 803 ret = 0; 804 } 805 lbs_deb_leave_args(LBS_DEB_ASSOC, "ret %d", ret); 806 return ret; 807 } 808 809 /** 810 * lbs_set_channel - Set the radio channel 811 * 812 * @priv: A pointer to &struct lbs_private structure 813 * @channel: The desired channel, or 0 to clear a locked channel 814 * 815 * returns: 0 on success, error on failure 816 */ 817 int lbs_set_channel(struct lbs_private *priv, u8 channel) 818 { 819 struct cmd_ds_802_11_rf_channel cmd; 820 #ifdef DEBUG 821 u8 old_channel = priv->channel; 822 #endif 823 int ret = 0; 824 825 lbs_deb_enter(LBS_DEB_CMD); 826 827 memset(&cmd, 0, sizeof(cmd)); 828 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 829 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_SET); 830 cmd.channel = cpu_to_le16(channel); 831 832 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd); 833 if (ret) 834 goto out; 835 836 priv->channel = (uint8_t) le16_to_cpu(cmd.channel); 837 lbs_deb_cmd("channel switch from %d to %d\n", old_channel, 838 priv->channel); 839 840 out: 841 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 842 return ret; 843 } 844 845 /** 846 * lbs_get_rssi - Get current RSSI and noise floor 847 * 848 * @priv: A pointer to &struct lbs_private structure 849 * @rssi: On successful return, signal level in mBm 850 * @nf: On successful return, Noise floor 851 * 852 * returns: The channel on success, error on failure 853 */ 854 int lbs_get_rssi(struct lbs_private *priv, s8 *rssi, s8 *nf) 855 { 856 struct cmd_ds_802_11_rssi cmd; 857 int ret = 0; 858 859 lbs_deb_enter(LBS_DEB_CMD); 860 861 BUG_ON(rssi == NULL); 862 BUG_ON(nf == NULL); 863 864 memset(&cmd, 0, sizeof(cmd)); 865 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 866 /* Average SNR over last 8 beacons */ 867 cmd.n_or_snr = cpu_to_le16(8); 868 869 ret = lbs_cmd_with_response(priv, CMD_802_11_RSSI, &cmd); 870 if (ret == 0) { 871 *nf = CAL_NF(le16_to_cpu(cmd.nf)); 872 *rssi = CAL_RSSI(le16_to_cpu(cmd.n_or_snr), le16_to_cpu(cmd.nf)); 873 } 874 875 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 876 return ret; 877 } 878 879 /** 880 * lbs_set_11d_domain_info - Send regulatory and 802.11d domain information 881 * to the firmware 882 * 883 * @priv: pointer to &struct lbs_private 884 * 885 * returns: 0 on success, error code on failure 886 */ 887 int lbs_set_11d_domain_info(struct lbs_private *priv) 888 { 889 struct wiphy *wiphy = priv->wdev->wiphy; 890 struct ieee80211_supported_band **bands = wiphy->bands; 891 struct cmd_ds_802_11d_domain_info cmd; 892 struct mrvl_ie_domain_param_set *domain = &cmd.domain; 893 struct ieee80211_country_ie_triplet *t; 894 enum ieee80211_band band; 895 struct ieee80211_channel *ch; 896 u8 num_triplet = 0; 897 u8 num_parsed_chan = 0; 898 u8 first_channel = 0, next_chan = 0, max_pwr = 0; 899 u8 i, flag = 0; 900 size_t triplet_size; 901 int ret = 0; 902 903 lbs_deb_enter(LBS_DEB_11D); 904 if (!priv->country_code[0]) 905 goto out; 906 907 memset(&cmd, 0, sizeof(cmd)); 908 cmd.action = cpu_to_le16(CMD_ACT_SET); 909 910 lbs_deb_11d("Setting country code '%c%c'\n", 911 priv->country_code[0], priv->country_code[1]); 912 913 domain->header.type = cpu_to_le16(TLV_TYPE_DOMAIN); 914 915 /* Set country code */ 916 domain->country_code[0] = priv->country_code[0]; 917 domain->country_code[1] = priv->country_code[1]; 918 domain->country_code[2] = ' '; 919 920 /* Now set up the channel triplets; firmware is somewhat picky here 921 * and doesn't validate channel numbers and spans; hence it would 922 * interpret a triplet of (36, 4, 20) as channels 36, 37, 38, 39. Since 923 * the last 3 aren't valid channels, the driver is responsible for 924 * splitting that up into 4 triplet pairs of (36, 1, 20) + (40, 1, 20) 925 * etc. 926 */ 927 for (band = 0; 928 (band < IEEE80211_NUM_BANDS) && (num_triplet < MAX_11D_TRIPLETS); 929 band++) { 930 931 if (!bands[band]) 932 continue; 933 934 for (i = 0; 935 (i < bands[band]->n_channels) && (num_triplet < MAX_11D_TRIPLETS); 936 i++) { 937 ch = &bands[band]->channels[i]; 938 if (ch->flags & IEEE80211_CHAN_DISABLED) 939 continue; 940 941 if (!flag) { 942 flag = 1; 943 next_chan = first_channel = (u32) ch->hw_value; 944 max_pwr = ch->max_power; 945 num_parsed_chan = 1; 946 continue; 947 } 948 949 if ((ch->hw_value == next_chan + 1) && 950 (ch->max_power == max_pwr)) { 951 /* Consolidate adjacent channels */ 952 next_chan++; 953 num_parsed_chan++; 954 } else { 955 /* Add this triplet */ 956 lbs_deb_11d("11D triplet (%d, %d, %d)\n", 957 first_channel, num_parsed_chan, 958 max_pwr); 959 t = &domain->triplet[num_triplet]; 960 t->chans.first_channel = first_channel; 961 t->chans.num_channels = num_parsed_chan; 962 t->chans.max_power = max_pwr; 963 num_triplet++; 964 flag = 0; 965 } 966 } 967 968 if (flag) { 969 /* Add last triplet */ 970 lbs_deb_11d("11D triplet (%d, %d, %d)\n", first_channel, 971 num_parsed_chan, max_pwr); 972 t = &domain->triplet[num_triplet]; 973 t->chans.first_channel = first_channel; 974 t->chans.num_channels = num_parsed_chan; 975 t->chans.max_power = max_pwr; 976 num_triplet++; 977 } 978 } 979 980 lbs_deb_11d("# triplets %d\n", num_triplet); 981 982 /* Set command header sizes */ 983 triplet_size = num_triplet * sizeof(struct ieee80211_country_ie_triplet); 984 domain->header.len = cpu_to_le16(sizeof(domain->country_code) + 985 triplet_size); 986 987 lbs_deb_hex(LBS_DEB_11D, "802.11D domain param set", 988 (u8 *) &cmd.domain.country_code, 989 le16_to_cpu(domain->header.len)); 990 991 cmd.hdr.size = cpu_to_le16(sizeof(cmd.hdr) + 992 sizeof(cmd.action) + 993 sizeof(cmd.domain.header) + 994 sizeof(cmd.domain.country_code) + 995 triplet_size); 996 997 ret = lbs_cmd_with_response(priv, CMD_802_11D_DOMAIN_INFO, &cmd); 998 999 out: 1000 lbs_deb_leave_args(LBS_DEB_11D, "ret %d", ret); 1001 return ret; 1002 } 1003 1004 /** 1005 * lbs_get_reg - Read a MAC, Baseband, or RF register 1006 * 1007 * @priv: pointer to &struct lbs_private 1008 * @reg: register command, one of CMD_MAC_REG_ACCESS, 1009 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 1010 * @offset: byte offset of the register to get 1011 * @value: on success, the value of the register at 'offset' 1012 * 1013 * returns: 0 on success, error code on failure 1014 */ 1015 int lbs_get_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 *value) 1016 { 1017 struct cmd_ds_reg_access cmd; 1018 int ret = 0; 1019 1020 lbs_deb_enter(LBS_DEB_CMD); 1021 1022 BUG_ON(value == NULL); 1023 1024 memset(&cmd, 0, sizeof(cmd)); 1025 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1026 cmd.action = cpu_to_le16(CMD_ACT_GET); 1027 cmd.offset = cpu_to_le16(offset); 1028 1029 if (reg != CMD_MAC_REG_ACCESS && 1030 reg != CMD_BBP_REG_ACCESS && 1031 reg != CMD_RF_REG_ACCESS) { 1032 ret = -EINVAL; 1033 goto out; 1034 } 1035 1036 ret = lbs_cmd_with_response(priv, reg, &cmd); 1037 if (!ret) { 1038 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 1039 *value = cmd.value.bbp_rf; 1040 else if (reg == CMD_MAC_REG_ACCESS) 1041 *value = le32_to_cpu(cmd.value.mac); 1042 } 1043 1044 out: 1045 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1046 return ret; 1047 } 1048 1049 /** 1050 * lbs_set_reg - Write a MAC, Baseband, or RF register 1051 * 1052 * @priv: pointer to &struct lbs_private 1053 * @reg: register command, one of CMD_MAC_REG_ACCESS, 1054 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS 1055 * @offset: byte offset of the register to set 1056 * @value: the value to write to the register at 'offset' 1057 * 1058 * returns: 0 on success, error code on failure 1059 */ 1060 int lbs_set_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 value) 1061 { 1062 struct cmd_ds_reg_access cmd; 1063 int ret = 0; 1064 1065 lbs_deb_enter(LBS_DEB_CMD); 1066 1067 memset(&cmd, 0, sizeof(cmd)); 1068 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1069 cmd.action = cpu_to_le16(CMD_ACT_SET); 1070 cmd.offset = cpu_to_le16(offset); 1071 1072 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS) 1073 cmd.value.bbp_rf = (u8) (value & 0xFF); 1074 else if (reg == CMD_MAC_REG_ACCESS) 1075 cmd.value.mac = cpu_to_le32(value); 1076 else { 1077 ret = -EINVAL; 1078 goto out; 1079 } 1080 1081 ret = lbs_cmd_with_response(priv, reg, &cmd); 1082 1083 out: 1084 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1085 return ret; 1086 } 1087 1088 static void lbs_queue_cmd(struct lbs_private *priv, 1089 struct cmd_ctrl_node *cmdnode) 1090 { 1091 unsigned long flags; 1092 int addtail = 1; 1093 1094 lbs_deb_enter(LBS_DEB_HOST); 1095 1096 if (!cmdnode) { 1097 lbs_deb_host("QUEUE_CMD: cmdnode is NULL\n"); 1098 goto done; 1099 } 1100 if (!cmdnode->cmdbuf->size) { 1101 lbs_deb_host("DNLD_CMD: cmd size is zero\n"); 1102 goto done; 1103 } 1104 cmdnode->result = 0; 1105 1106 /* Exit_PS command needs to be queued in the header always. */ 1107 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) { 1108 struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf; 1109 1110 if (psm->action == cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 1111 if (priv->psstate != PS_STATE_FULL_POWER) 1112 addtail = 0; 1113 } 1114 } 1115 1116 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_WAKEUP_CONFIRM) 1117 addtail = 0; 1118 1119 spin_lock_irqsave(&priv->driver_lock, flags); 1120 1121 if (addtail) 1122 list_add_tail(&cmdnode->list, &priv->cmdpendingq); 1123 else 1124 list_add(&cmdnode->list, &priv->cmdpendingq); 1125 1126 spin_unlock_irqrestore(&priv->driver_lock, flags); 1127 1128 lbs_deb_host("QUEUE_CMD: inserted command 0x%04x into cmdpendingq\n", 1129 le16_to_cpu(cmdnode->cmdbuf->command)); 1130 1131 done: 1132 lbs_deb_leave(LBS_DEB_HOST); 1133 } 1134 1135 static void lbs_submit_command(struct lbs_private *priv, 1136 struct cmd_ctrl_node *cmdnode) 1137 { 1138 unsigned long flags; 1139 struct cmd_header *cmd; 1140 uint16_t cmdsize; 1141 uint16_t command; 1142 int timeo = 3 * HZ; 1143 int ret; 1144 1145 lbs_deb_enter(LBS_DEB_HOST); 1146 1147 cmd = cmdnode->cmdbuf; 1148 1149 spin_lock_irqsave(&priv->driver_lock, flags); 1150 priv->seqnum++; 1151 cmd->seqnum = cpu_to_le16(priv->seqnum); 1152 priv->cur_cmd = cmdnode; 1153 spin_unlock_irqrestore(&priv->driver_lock, flags); 1154 1155 cmdsize = le16_to_cpu(cmd->size); 1156 command = le16_to_cpu(cmd->command); 1157 1158 /* These commands take longer */ 1159 if (command == CMD_802_11_SCAN || command == CMD_802_11_ASSOCIATE) 1160 timeo = 5 * HZ; 1161 1162 lbs_deb_cmd("DNLD_CMD: command 0x%04x, seq %d, size %d\n", 1163 command, le16_to_cpu(cmd->seqnum), cmdsize); 1164 lbs_deb_hex(LBS_DEB_CMD, "DNLD_CMD", (void *) cmdnode->cmdbuf, cmdsize); 1165 1166 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) cmd, cmdsize); 1167 1168 if (ret) { 1169 netdev_info(priv->dev, "DNLD_CMD: hw_host_to_card failed: %d\n", 1170 ret); 1171 /* Reset dnld state machine, report failure */ 1172 priv->dnld_sent = DNLD_RES_RECEIVED; 1173 lbs_complete_command(priv, cmdnode, ret); 1174 } 1175 1176 if (command == CMD_802_11_DEEP_SLEEP) { 1177 if (priv->is_auto_deep_sleep_enabled) { 1178 priv->wakeup_dev_required = 1; 1179 priv->dnld_sent = 0; 1180 } 1181 priv->is_deep_sleep = 1; 1182 lbs_complete_command(priv, cmdnode, 0); 1183 } else { 1184 /* Setup the timer after transmit command */ 1185 mod_timer(&priv->command_timer, jiffies + timeo); 1186 } 1187 1188 lbs_deb_leave(LBS_DEB_HOST); 1189 } 1190 1191 /* 1192 * This function inserts command node to cmdfreeq 1193 * after cleans it. Requires priv->driver_lock held. 1194 */ 1195 static void __lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1196 struct cmd_ctrl_node *cmdnode) 1197 { 1198 lbs_deb_enter(LBS_DEB_HOST); 1199 1200 if (!cmdnode) 1201 goto out; 1202 1203 cmdnode->callback = NULL; 1204 cmdnode->callback_arg = 0; 1205 1206 memset(cmdnode->cmdbuf, 0, LBS_CMD_BUFFER_SIZE); 1207 1208 list_add_tail(&cmdnode->list, &priv->cmdfreeq); 1209 out: 1210 lbs_deb_leave(LBS_DEB_HOST); 1211 } 1212 1213 static void lbs_cleanup_and_insert_cmd(struct lbs_private *priv, 1214 struct cmd_ctrl_node *ptempcmd) 1215 { 1216 unsigned long flags; 1217 1218 spin_lock_irqsave(&priv->driver_lock, flags); 1219 __lbs_cleanup_and_insert_cmd(priv, ptempcmd); 1220 spin_unlock_irqrestore(&priv->driver_lock, flags); 1221 } 1222 1223 void __lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1224 int result) 1225 { 1226 /* 1227 * Normally, commands are removed from cmdpendingq before being 1228 * submitted. However, we can arrive here on alternative codepaths 1229 * where the command is still pending. Make sure the command really 1230 * isn't part of a list at this point. 1231 */ 1232 list_del_init(&cmd->list); 1233 1234 cmd->result = result; 1235 cmd->cmdwaitqwoken = 1; 1236 wake_up(&cmd->cmdwait_q); 1237 1238 if (!cmd->callback || cmd->callback == lbs_cmd_async_callback) 1239 __lbs_cleanup_and_insert_cmd(priv, cmd); 1240 priv->cur_cmd = NULL; 1241 wake_up(&priv->waitq); 1242 } 1243 1244 void lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd, 1245 int result) 1246 { 1247 unsigned long flags; 1248 spin_lock_irqsave(&priv->driver_lock, flags); 1249 __lbs_complete_command(priv, cmd, result); 1250 spin_unlock_irqrestore(&priv->driver_lock, flags); 1251 } 1252 1253 int lbs_set_radio(struct lbs_private *priv, u8 preamble, u8 radio_on) 1254 { 1255 struct cmd_ds_802_11_radio_control cmd; 1256 int ret = -EINVAL; 1257 1258 lbs_deb_enter(LBS_DEB_CMD); 1259 1260 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1261 cmd.action = cpu_to_le16(CMD_ACT_SET); 1262 cmd.control = 0; 1263 1264 /* Only v8 and below support setting the preamble */ 1265 if (priv->fwrelease < 0x09000000) { 1266 switch (preamble) { 1267 case RADIO_PREAMBLE_SHORT: 1268 case RADIO_PREAMBLE_AUTO: 1269 case RADIO_PREAMBLE_LONG: 1270 cmd.control = cpu_to_le16(preamble); 1271 break; 1272 default: 1273 goto out; 1274 } 1275 } 1276 1277 if (radio_on) 1278 cmd.control |= cpu_to_le16(0x1); 1279 else { 1280 cmd.control &= cpu_to_le16(~0x1); 1281 priv->txpower_cur = 0; 1282 } 1283 1284 lbs_deb_cmd("RADIO_CONTROL: radio %s, preamble %d\n", 1285 radio_on ? "ON" : "OFF", preamble); 1286 1287 priv->radio_on = radio_on; 1288 1289 ret = lbs_cmd_with_response(priv, CMD_802_11_RADIO_CONTROL, &cmd); 1290 1291 out: 1292 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 1293 return ret; 1294 } 1295 1296 void lbs_set_mac_control(struct lbs_private *priv) 1297 { 1298 struct cmd_ds_mac_control cmd; 1299 1300 lbs_deb_enter(LBS_DEB_CMD); 1301 1302 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1303 cmd.action = cpu_to_le16(priv->mac_control); 1304 cmd.reserved = 0; 1305 1306 lbs_cmd_async(priv, CMD_MAC_CONTROL, &cmd.hdr, sizeof(cmd)); 1307 1308 lbs_deb_leave(LBS_DEB_CMD); 1309 } 1310 1311 int lbs_set_mac_control_sync(struct lbs_private *priv) 1312 { 1313 struct cmd_ds_mac_control cmd; 1314 int ret = 0; 1315 1316 lbs_deb_enter(LBS_DEB_CMD); 1317 1318 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1319 cmd.action = cpu_to_le16(priv->mac_control); 1320 cmd.reserved = 0; 1321 ret = lbs_cmd_with_response(priv, CMD_MAC_CONTROL, &cmd); 1322 1323 lbs_deb_leave(LBS_DEB_CMD); 1324 return ret; 1325 } 1326 1327 /** 1328 * lbs_allocate_cmd_buffer - allocates the command buffer and links 1329 * it to command free queue 1330 * 1331 * @priv: A pointer to &struct lbs_private structure 1332 * 1333 * returns: 0 for success or -1 on error 1334 */ 1335 int lbs_allocate_cmd_buffer(struct lbs_private *priv) 1336 { 1337 int ret = 0; 1338 u32 bufsize; 1339 u32 i; 1340 struct cmd_ctrl_node *cmdarray; 1341 1342 lbs_deb_enter(LBS_DEB_HOST); 1343 1344 /* Allocate and initialize the command array */ 1345 bufsize = sizeof(struct cmd_ctrl_node) * LBS_NUM_CMD_BUFFERS; 1346 if (!(cmdarray = kzalloc(bufsize, GFP_KERNEL))) { 1347 lbs_deb_host("ALLOC_CMD_BUF: tempcmd_array is NULL\n"); 1348 ret = -1; 1349 goto done; 1350 } 1351 priv->cmd_array = cmdarray; 1352 1353 /* Allocate and initialize each command buffer in the command array */ 1354 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1355 cmdarray[i].cmdbuf = kzalloc(LBS_CMD_BUFFER_SIZE, GFP_KERNEL); 1356 if (!cmdarray[i].cmdbuf) { 1357 lbs_deb_host("ALLOC_CMD_BUF: ptempvirtualaddr is NULL\n"); 1358 ret = -1; 1359 goto done; 1360 } 1361 } 1362 1363 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1364 init_waitqueue_head(&cmdarray[i].cmdwait_q); 1365 lbs_cleanup_and_insert_cmd(priv, &cmdarray[i]); 1366 } 1367 ret = 0; 1368 1369 done: 1370 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1371 return ret; 1372 } 1373 1374 /** 1375 * lbs_free_cmd_buffer - free the command buffer 1376 * 1377 * @priv: A pointer to &struct lbs_private structure 1378 * 1379 * returns: 0 for success 1380 */ 1381 int lbs_free_cmd_buffer(struct lbs_private *priv) 1382 { 1383 struct cmd_ctrl_node *cmdarray; 1384 unsigned int i; 1385 1386 lbs_deb_enter(LBS_DEB_HOST); 1387 1388 /* need to check if cmd array is allocated or not */ 1389 if (priv->cmd_array == NULL) { 1390 lbs_deb_host("FREE_CMD_BUF: cmd_array is NULL\n"); 1391 goto done; 1392 } 1393 1394 cmdarray = priv->cmd_array; 1395 1396 /* Release shared memory buffers */ 1397 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) { 1398 if (cmdarray[i].cmdbuf) { 1399 kfree(cmdarray[i].cmdbuf); 1400 cmdarray[i].cmdbuf = NULL; 1401 } 1402 } 1403 1404 /* Release cmd_ctrl_node */ 1405 if (priv->cmd_array) { 1406 kfree(priv->cmd_array); 1407 priv->cmd_array = NULL; 1408 } 1409 1410 done: 1411 lbs_deb_leave(LBS_DEB_HOST); 1412 return 0; 1413 } 1414 1415 /** 1416 * lbs_get_free_cmd_node - gets a free command node if available in 1417 * command free queue 1418 * 1419 * @priv: A pointer to &struct lbs_private structure 1420 * 1421 * returns: A pointer to &cmd_ctrl_node structure on success 1422 * or %NULL on error 1423 */ 1424 static struct cmd_ctrl_node *lbs_get_free_cmd_node(struct lbs_private *priv) 1425 { 1426 struct cmd_ctrl_node *tempnode; 1427 unsigned long flags; 1428 1429 lbs_deb_enter(LBS_DEB_HOST); 1430 1431 if (!priv) 1432 return NULL; 1433 1434 spin_lock_irqsave(&priv->driver_lock, flags); 1435 1436 if (!list_empty(&priv->cmdfreeq)) { 1437 tempnode = list_first_entry(&priv->cmdfreeq, 1438 struct cmd_ctrl_node, list); 1439 list_del_init(&tempnode->list); 1440 } else { 1441 lbs_deb_host("GET_CMD_NODE: cmd_ctrl_node is not available\n"); 1442 tempnode = NULL; 1443 } 1444 1445 spin_unlock_irqrestore(&priv->driver_lock, flags); 1446 1447 lbs_deb_leave(LBS_DEB_HOST); 1448 return tempnode; 1449 } 1450 1451 /** 1452 * lbs_execute_next_command - execute next command in command 1453 * pending queue. Will put firmware back to PS mode if applicable. 1454 * 1455 * @priv: A pointer to &struct lbs_private structure 1456 * 1457 * returns: 0 on success or -1 on error 1458 */ 1459 int lbs_execute_next_command(struct lbs_private *priv) 1460 { 1461 struct cmd_ctrl_node *cmdnode = NULL; 1462 struct cmd_header *cmd; 1463 unsigned long flags; 1464 int ret = 0; 1465 1466 /* Debug group is LBS_DEB_THREAD and not LBS_DEB_HOST, because the 1467 * only caller to us is lbs_thread() and we get even when a 1468 * data packet is received */ 1469 lbs_deb_enter(LBS_DEB_THREAD); 1470 1471 spin_lock_irqsave(&priv->driver_lock, flags); 1472 1473 if (priv->cur_cmd) { 1474 netdev_alert(priv->dev, 1475 "EXEC_NEXT_CMD: already processing command!\n"); 1476 spin_unlock_irqrestore(&priv->driver_lock, flags); 1477 ret = -1; 1478 goto done; 1479 } 1480 1481 if (!list_empty(&priv->cmdpendingq)) { 1482 cmdnode = list_first_entry(&priv->cmdpendingq, 1483 struct cmd_ctrl_node, list); 1484 } 1485 1486 spin_unlock_irqrestore(&priv->driver_lock, flags); 1487 1488 if (cmdnode) { 1489 cmd = cmdnode->cmdbuf; 1490 1491 if (is_command_allowed_in_ps(le16_to_cpu(cmd->command))) { 1492 if ((priv->psstate == PS_STATE_SLEEP) || 1493 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1494 lbs_deb_host( 1495 "EXEC_NEXT_CMD: cannot send cmd 0x%04x in psstate %d\n", 1496 le16_to_cpu(cmd->command), 1497 priv->psstate); 1498 ret = -1; 1499 goto done; 1500 } 1501 lbs_deb_host("EXEC_NEXT_CMD: OK to send command " 1502 "0x%04x in psstate %d\n", 1503 le16_to_cpu(cmd->command), priv->psstate); 1504 } else if (priv->psstate != PS_STATE_FULL_POWER) { 1505 /* 1506 * 1. Non-PS command: 1507 * Queue it. set needtowakeup to TRUE if current state 1508 * is SLEEP, otherwise call send EXIT_PS. 1509 * 2. PS command but not EXIT_PS: 1510 * Ignore it. 1511 * 3. PS command EXIT_PS: 1512 * Set needtowakeup to TRUE if current state is SLEEP, 1513 * otherwise send this command down to firmware 1514 * immediately. 1515 */ 1516 if (cmd->command != cpu_to_le16(CMD_802_11_PS_MODE)) { 1517 /* Prepare to send Exit PS, 1518 * this non PS command will be sent later */ 1519 if ((priv->psstate == PS_STATE_SLEEP) 1520 || (priv->psstate == PS_STATE_PRE_SLEEP) 1521 ) { 1522 /* w/ new scheme, it will not reach here. 1523 since it is blocked in main_thread. */ 1524 priv->needtowakeup = 1; 1525 } else { 1526 lbs_set_ps_mode(priv, 1527 PS_MODE_ACTION_EXIT_PS, 1528 false); 1529 } 1530 1531 ret = 0; 1532 goto done; 1533 } else { 1534 /* 1535 * PS command. Ignore it if it is not Exit_PS. 1536 * otherwise send it down immediately. 1537 */ 1538 struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1]; 1539 1540 lbs_deb_host( 1541 "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n", 1542 psm->action); 1543 if (psm->action != 1544 cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) { 1545 lbs_deb_host( 1546 "EXEC_NEXT_CMD: ignore ENTER_PS cmd\n"); 1547 lbs_complete_command(priv, cmdnode, 0); 1548 1549 ret = 0; 1550 goto done; 1551 } 1552 1553 if ((priv->psstate == PS_STATE_SLEEP) || 1554 (priv->psstate == PS_STATE_PRE_SLEEP)) { 1555 lbs_deb_host( 1556 "EXEC_NEXT_CMD: ignore EXIT_PS cmd in sleep\n"); 1557 lbs_complete_command(priv, cmdnode, 0); 1558 priv->needtowakeup = 1; 1559 1560 ret = 0; 1561 goto done; 1562 } 1563 1564 lbs_deb_host( 1565 "EXEC_NEXT_CMD: sending EXIT_PS\n"); 1566 } 1567 } 1568 spin_lock_irqsave(&priv->driver_lock, flags); 1569 list_del_init(&cmdnode->list); 1570 spin_unlock_irqrestore(&priv->driver_lock, flags); 1571 lbs_deb_host("EXEC_NEXT_CMD: sending command 0x%04x\n", 1572 le16_to_cpu(cmd->command)); 1573 lbs_submit_command(priv, cmdnode); 1574 } else { 1575 /* 1576 * check if in power save mode, if yes, put the device back 1577 * to PS mode 1578 */ 1579 #ifdef TODO 1580 /* 1581 * This was the old code for libertas+wext. Someone that 1582 * understands this beast should re-code it in a sane way. 1583 * 1584 * I actually don't understand why this is related to WPA 1585 * and to connection status, shouldn't powering should be 1586 * independ of such things? 1587 */ 1588 if ((priv->psmode != LBS802_11POWERMODECAM) && 1589 (priv->psstate == PS_STATE_FULL_POWER) && 1590 ((priv->connect_status == LBS_CONNECTED) || 1591 lbs_mesh_connected(priv))) { 1592 if (priv->secinfo.WPAenabled || 1593 priv->secinfo.WPA2enabled) { 1594 /* check for valid WPA group keys */ 1595 if (priv->wpa_mcast_key.len || 1596 priv->wpa_unicast_key.len) { 1597 lbs_deb_host( 1598 "EXEC_NEXT_CMD: WPA enabled and GTK_SET" 1599 " go back to PS_SLEEP"); 1600 lbs_set_ps_mode(priv, 1601 PS_MODE_ACTION_ENTER_PS, 1602 false); 1603 } 1604 } else { 1605 lbs_deb_host( 1606 "EXEC_NEXT_CMD: cmdpendingq empty, " 1607 "go back to PS_SLEEP"); 1608 lbs_set_ps_mode(priv, PS_MODE_ACTION_ENTER_PS, 1609 false); 1610 } 1611 } 1612 #endif 1613 } 1614 1615 ret = 0; 1616 done: 1617 lbs_deb_leave(LBS_DEB_THREAD); 1618 return ret; 1619 } 1620 1621 static void lbs_send_confirmsleep(struct lbs_private *priv) 1622 { 1623 unsigned long flags; 1624 int ret; 1625 1626 lbs_deb_enter(LBS_DEB_HOST); 1627 lbs_deb_hex(LBS_DEB_HOST, "sleep confirm", (u8 *) &confirm_sleep, 1628 sizeof(confirm_sleep)); 1629 1630 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) &confirm_sleep, 1631 sizeof(confirm_sleep)); 1632 if (ret) { 1633 netdev_alert(priv->dev, "confirm_sleep failed\n"); 1634 goto out; 1635 } 1636 1637 spin_lock_irqsave(&priv->driver_lock, flags); 1638 1639 /* We don't get a response on the sleep-confirmation */ 1640 priv->dnld_sent = DNLD_RES_RECEIVED; 1641 1642 if (priv->is_host_sleep_configured) { 1643 priv->is_host_sleep_activated = 1; 1644 wake_up_interruptible(&priv->host_sleep_q); 1645 } 1646 1647 /* If nothing to do, go back to sleep (?) */ 1648 if (!kfifo_len(&priv->event_fifo) && !priv->resp_len[priv->resp_idx]) 1649 priv->psstate = PS_STATE_SLEEP; 1650 1651 spin_unlock_irqrestore(&priv->driver_lock, flags); 1652 1653 out: 1654 lbs_deb_leave(LBS_DEB_HOST); 1655 } 1656 1657 /** 1658 * lbs_ps_confirm_sleep - checks condition and prepares to 1659 * send sleep confirm command to firmware if ok 1660 * 1661 * @priv: A pointer to &struct lbs_private structure 1662 * 1663 * returns: n/a 1664 */ 1665 void lbs_ps_confirm_sleep(struct lbs_private *priv) 1666 { 1667 unsigned long flags =0; 1668 int allowed = 1; 1669 1670 lbs_deb_enter(LBS_DEB_HOST); 1671 1672 spin_lock_irqsave(&priv->driver_lock, flags); 1673 if (priv->dnld_sent) { 1674 allowed = 0; 1675 lbs_deb_host("dnld_sent was set\n"); 1676 } 1677 1678 /* In-progress command? */ 1679 if (priv->cur_cmd) { 1680 allowed = 0; 1681 lbs_deb_host("cur_cmd was set\n"); 1682 } 1683 1684 /* Pending events or command responses? */ 1685 if (kfifo_len(&priv->event_fifo) || priv->resp_len[priv->resp_idx]) { 1686 allowed = 0; 1687 lbs_deb_host("pending events or command responses\n"); 1688 } 1689 spin_unlock_irqrestore(&priv->driver_lock, flags); 1690 1691 if (allowed) { 1692 lbs_deb_host("sending lbs_ps_confirm_sleep\n"); 1693 lbs_send_confirmsleep(priv); 1694 } else { 1695 lbs_deb_host("sleep confirm has been delayed\n"); 1696 } 1697 1698 lbs_deb_leave(LBS_DEB_HOST); 1699 } 1700 1701 1702 /** 1703 * lbs_set_tpc_cfg - Configures the transmission power control functionality 1704 * 1705 * @priv: A pointer to &struct lbs_private structure 1706 * @enable: Transmission power control enable 1707 * @p0: Power level when link quality is good (dBm). 1708 * @p1: Power level when link quality is fair (dBm). 1709 * @p2: Power level when link quality is poor (dBm). 1710 * @usesnr: Use Signal to Noise Ratio in TPC 1711 * 1712 * returns: 0 on success 1713 */ 1714 int lbs_set_tpc_cfg(struct lbs_private *priv, int enable, int8_t p0, int8_t p1, 1715 int8_t p2, int usesnr) 1716 { 1717 struct cmd_ds_802_11_tpc_cfg cmd; 1718 int ret; 1719 1720 memset(&cmd, 0, sizeof(cmd)); 1721 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1722 cmd.action = cpu_to_le16(CMD_ACT_SET); 1723 cmd.enable = !!enable; 1724 cmd.usesnr = !!usesnr; 1725 cmd.P0 = p0; 1726 cmd.P1 = p1; 1727 cmd.P2 = p2; 1728 1729 ret = lbs_cmd_with_response(priv, CMD_802_11_TPC_CFG, &cmd); 1730 1731 return ret; 1732 } 1733 1734 /** 1735 * lbs_set_power_adapt_cfg - Configures the power adaptation settings 1736 * 1737 * @priv: A pointer to &struct lbs_private structure 1738 * @enable: Power adaptation enable 1739 * @p0: Power level for 1, 2, 5.5 and 11 Mbps (dBm). 1740 * @p1: Power level for 6, 9, 12, 18, 22, 24 and 36 Mbps (dBm). 1741 * @p2: Power level for 48 and 54 Mbps (dBm). 1742 * 1743 * returns: 0 on Success 1744 */ 1745 1746 int lbs_set_power_adapt_cfg(struct lbs_private *priv, int enable, int8_t p0, 1747 int8_t p1, int8_t p2) 1748 { 1749 struct cmd_ds_802_11_pa_cfg cmd; 1750 int ret; 1751 1752 memset(&cmd, 0, sizeof(cmd)); 1753 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 1754 cmd.action = cpu_to_le16(CMD_ACT_SET); 1755 cmd.enable = !!enable; 1756 cmd.P0 = p0; 1757 cmd.P1 = p1; 1758 cmd.P2 = p2; 1759 1760 ret = lbs_cmd_with_response(priv, CMD_802_11_PA_CFG , &cmd); 1761 1762 return ret; 1763 } 1764 1765 1766 struct cmd_ctrl_node *__lbs_cmd_async(struct lbs_private *priv, 1767 uint16_t command, struct cmd_header *in_cmd, int in_cmd_size, 1768 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1769 unsigned long callback_arg) 1770 { 1771 struct cmd_ctrl_node *cmdnode; 1772 1773 lbs_deb_enter(LBS_DEB_HOST); 1774 1775 if (priv->surpriseremoved) { 1776 lbs_deb_host("PREP_CMD: card removed\n"); 1777 cmdnode = ERR_PTR(-ENOENT); 1778 goto done; 1779 } 1780 1781 /* No commands are allowed in Deep Sleep until we toggle the GPIO 1782 * to wake up the card and it has signaled that it's ready. 1783 */ 1784 if (!priv->is_auto_deep_sleep_enabled) { 1785 if (priv->is_deep_sleep) { 1786 lbs_deb_cmd("command not allowed in deep sleep\n"); 1787 cmdnode = ERR_PTR(-EBUSY); 1788 goto done; 1789 } 1790 } 1791 1792 cmdnode = lbs_get_free_cmd_node(priv); 1793 if (cmdnode == NULL) { 1794 lbs_deb_host("PREP_CMD: cmdnode is NULL\n"); 1795 1796 /* Wake up main thread to execute next command */ 1797 wake_up(&priv->waitq); 1798 cmdnode = ERR_PTR(-ENOBUFS); 1799 goto done; 1800 } 1801 1802 cmdnode->callback = callback; 1803 cmdnode->callback_arg = callback_arg; 1804 1805 /* Copy the incoming command to the buffer */ 1806 memcpy(cmdnode->cmdbuf, in_cmd, in_cmd_size); 1807 1808 /* Set command, clean result, move to buffer */ 1809 cmdnode->cmdbuf->command = cpu_to_le16(command); 1810 cmdnode->cmdbuf->size = cpu_to_le16(in_cmd_size); 1811 cmdnode->cmdbuf->result = 0; 1812 1813 lbs_deb_host("PREP_CMD: command 0x%04x\n", command); 1814 1815 cmdnode->cmdwaitqwoken = 0; 1816 lbs_queue_cmd(priv, cmdnode); 1817 wake_up(&priv->waitq); 1818 1819 done: 1820 lbs_deb_leave_args(LBS_DEB_HOST, "ret %p", cmdnode); 1821 return cmdnode; 1822 } 1823 1824 void lbs_cmd_async(struct lbs_private *priv, uint16_t command, 1825 struct cmd_header *in_cmd, int in_cmd_size) 1826 { 1827 lbs_deb_enter(LBS_DEB_CMD); 1828 __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1829 lbs_cmd_async_callback, 0); 1830 lbs_deb_leave(LBS_DEB_CMD); 1831 } 1832 1833 int __lbs_cmd(struct lbs_private *priv, uint16_t command, 1834 struct cmd_header *in_cmd, int in_cmd_size, 1835 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *), 1836 unsigned long callback_arg) 1837 { 1838 struct cmd_ctrl_node *cmdnode; 1839 unsigned long flags; 1840 int ret = 0; 1841 1842 lbs_deb_enter(LBS_DEB_HOST); 1843 1844 cmdnode = __lbs_cmd_async(priv, command, in_cmd, in_cmd_size, 1845 callback, callback_arg); 1846 if (IS_ERR(cmdnode)) { 1847 ret = PTR_ERR(cmdnode); 1848 goto done; 1849 } 1850 1851 might_sleep(); 1852 1853 /* 1854 * Be careful with signals here. A signal may be received as the system 1855 * goes into suspend or resume. We do not want this to interrupt the 1856 * command, so we perform an uninterruptible sleep. 1857 */ 1858 wait_event(cmdnode->cmdwait_q, cmdnode->cmdwaitqwoken); 1859 1860 spin_lock_irqsave(&priv->driver_lock, flags); 1861 ret = cmdnode->result; 1862 if (ret) 1863 netdev_info(priv->dev, "PREP_CMD: command 0x%04x failed: %d\n", 1864 command, ret); 1865 1866 __lbs_cleanup_and_insert_cmd(priv, cmdnode); 1867 spin_unlock_irqrestore(&priv->driver_lock, flags); 1868 1869 done: 1870 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 1871 return ret; 1872 } 1873 EXPORT_SYMBOL_GPL(__lbs_cmd); 1874 1875 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cmd.o.c.prepared"
1 /* 2 * This file contains the handling of command 3 * responses as well as events generated by firmware. 4 */ 5 6 #include <linux/hardirq.h> 7 #include <linux/slab.h> 8 #include <linux/delay.h> 9 #include <linux/sched.h> 10 #include <asm/unaligned.h> 11 #include <net/cfg80211.h> 12 13 #include "cfg.h" 14 #include "cmd.h" 15 16 /** 17 * lbs_mac_event_disconnected - handles disconnect event. It 18 * reports disconnect to upper layer, clean tx/rx packets, 19 * reset link state etc. 20 * 21 * @priv: A pointer to struct lbs_private structure 22 * @locally_generated: indicates disconnect was requested locally 23 * (usually by userspace) 24 * 25 * returns: n/a 26 */ 27 void lbs_mac_event_disconnected(struct lbs_private *priv, 28 bool locally_generated) 29 { 30 if (priv->connect_status != LBS_CONNECTED) 31 return; 32 33 lbs_deb_enter(LBS_DEB_ASSOC); 34 35 /* 36 * Cisco AP sends EAP failure and de-auth in less than 0.5 ms. 37 * It causes problem in the Supplicant 38 */ 39 msleep_interruptible(1000); 40 41 if (priv->wdev->iftype == NL80211_IFTYPE_STATION) 42 lbs_send_disconnect_notification(priv, locally_generated); 43 44 /* report disconnect to upper layer */ 45 netif_stop_queue(priv->dev); 46 netif_carrier_off(priv->dev); 47 48 /* Free Tx and Rx packets */ 49 kfree_skb(priv->currenttxskb); 50 priv->currenttxskb = NULL; 51 priv->tx_pending_len = 0; 52 53 priv->connect_status = LBS_DISCONNECTED; 54 55 if (priv->psstate != PS_STATE_FULL_POWER) { 56 /* make firmware to exit PS mode */ 57 lbs_deb_cmd("disconnected, so exit PS mode\n"); 58 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, false); 59 } 60 lbs_deb_leave(LBS_DEB_ASSOC); 61 } 62 63 int lbs_process_command_response(struct lbs_private *priv, u8 *data, u32 len) 64 { 65 uint16_t respcmd, curcmd; 66 struct cmd_header *resp; 67 int ret = 0; 68 unsigned long flags; 69 uint16_t result; 70 71 lbs_deb_enter(LBS_DEB_HOST); 72 73 mutex_lock(&priv->lock); 74 spin_lock_irqsave(&priv->driver_lock, flags); 75 76 if (!priv->cur_cmd) { 77 lbs_deb_host("CMD_RESP: cur_cmd is NULL\n"); 78 ret = -1; 79 spin_unlock_irqrestore(&priv->driver_lock, flags); 80 goto done; 81 } 82 83 resp = (void *)data; 84 curcmd = le16_to_cpu(priv->cur_cmd->cmdbuf->command); 85 respcmd = le16_to_cpu(resp->command); 86 result = le16_to_cpu(resp->result); 87 88 lbs_deb_cmd("CMD_RESP: response 0x%04x, seq %d, size %d\n", 89 respcmd, le16_to_cpu(resp->seqnum), len); 90 lbs_deb_hex(LBS_DEB_CMD, "CMD_RESP", (void *) resp, len); 91 92 if (resp->seqnum != priv->cur_cmd->cmdbuf->seqnum) { 93 netdev_info(priv->dev, 94 "Received CMD_RESP with invalid sequence %d (expected %d)\n", 95 le16_to_cpu(resp->seqnum), 96 le16_to_cpu(priv->cur_cmd->cmdbuf->seqnum)); 97 spin_unlock_irqrestore(&priv->driver_lock, flags); 98 ret = -1; 99 goto done; 100 } 101 if (respcmd != CMD_RET(curcmd) && 102 respcmd != CMD_RET_802_11_ASSOCIATE && curcmd != CMD_802_11_ASSOCIATE) { 103 netdev_info(priv->dev, "Invalid CMD_RESP %x to command %x!\n", 104 respcmd, curcmd); 105 spin_unlock_irqrestore(&priv->driver_lock, flags); 106 ret = -1; 107 goto done; 108 } 109 110 if (resp->result == cpu_to_le16(0x0004)) { 111 /* 0x0004 means -EAGAIN. Drop the response, let it time out 112 and be resubmitted */ 113 netdev_info(priv->dev, 114 "Firmware returns DEFER to command %x. Will let it time out...\n", 115 le16_to_cpu(resp->command)); 116 spin_unlock_irqrestore(&priv->driver_lock, flags); 117 ret = -1; 118 goto done; 119 } 120 121 /* Now we got response from FW, cancel the command timer */ 122 del_timer(&priv->command_timer); 123 priv->cmd_timed_out = 0; 124 125 if (respcmd == CMD_RET(CMD_802_11_PS_MODE)) { 126 struct cmd_ds_802_11_ps_mode *psmode = (void *) &resp[1]; 127 u16 action = le16_to_cpu(psmode->action); 128 129 lbs_deb_host( 130 "CMD_RESP: PS_MODE cmd reply result 0x%x, action 0x%x\n", 131 result, action); 132 133 if (result) { 134 lbs_deb_host("CMD_RESP: PS command failed with 0x%x\n", 135 result); 136 /* 137 * We should not re-try enter-ps command in 138 * ad-hoc mode. It takes place in 139 * lbs_execute_next_command(). 140 */ 141 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR && 142 action == PS_MODE_ACTION_ENTER_PS) 143 priv->psmode = LBS802_11POWERMODECAM; 144 } else if (action == PS_MODE_ACTION_ENTER_PS) { 145 priv->needtowakeup = 0; 146 priv->psstate = PS_STATE_AWAKE; 147 148 lbs_deb_host("CMD_RESP: ENTER_PS command response\n"); 149 if (priv->connect_status != LBS_CONNECTED) { 150 /* 151 * When Deauth Event received before Enter_PS command 152 * response, We need to wake up the firmware. 153 */ 154 lbs_deb_host( 155 "disconnected, invoking lbs_ps_wakeup\n"); 156 157 spin_unlock_irqrestore(&priv->driver_lock, flags); 158 mutex_unlock(&priv->lock); 159 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, 160 false); 161 mutex_lock(&priv->lock); 162 spin_lock_irqsave(&priv->driver_lock, flags); 163 } 164 } else if (action == PS_MODE_ACTION_EXIT_PS) { 165 priv->needtowakeup = 0; 166 priv->psstate = PS_STATE_FULL_POWER; 167 lbs_deb_host("CMD_RESP: EXIT_PS command response\n"); 168 } else { 169 lbs_deb_host("CMD_RESP: PS action 0x%X\n", action); 170 } 171 172 __lbs_complete_command(priv, priv->cur_cmd, result); 173 spin_unlock_irqrestore(&priv->driver_lock, flags); 174 175 ret = 0; 176 goto done; 177 } 178 179 /* If the command is not successful, cleanup and return failure */ 180 if ((result != 0 || !(respcmd & 0x8000))) { 181 lbs_deb_host("CMD_RESP: error 0x%04x in command reply 0x%04x\n", 182 result, respcmd); 183 /* 184 * Handling errors here 185 */ 186 switch (respcmd) { 187 case CMD_RET(CMD_GET_HW_SPEC): 188 case CMD_RET(CMD_802_11_RESET): 189 lbs_deb_host("CMD_RESP: reset failed\n"); 190 break; 191 192 } 193 __lbs_complete_command(priv, priv->cur_cmd, result); 194 spin_unlock_irqrestore(&priv->driver_lock, flags); 195 196 ret = -1; 197 goto done; 198 } 199 200 spin_unlock_irqrestore(&priv->driver_lock, flags); 201 202 if (priv->cur_cmd && priv->cur_cmd->callback) { 203 ret = priv->cur_cmd->callback(priv, priv->cur_cmd->callback_arg, 204 resp); 205 } 206 207 spin_lock_irqsave(&priv->driver_lock, flags); 208 209 if (priv->cur_cmd) { 210 /* Clean up and Put current command back to cmdfreeq */ 211 __lbs_complete_command(priv, priv->cur_cmd, result); 212 } 213 spin_unlock_irqrestore(&priv->driver_lock, flags); 214 215 done: 216 mutex_unlock(&priv->lock); 217 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret); 218 return ret; 219 } 220 221 int lbs_process_event(struct lbs_private *priv, u32 event) 222 { 223 int ret = 0; 224 struct cmd_header cmd; 225 226 lbs_deb_enter(LBS_DEB_CMD); 227 228 switch (event) { 229 case MACREG_INT_CODE_LINK_SENSED: 230 lbs_deb_cmd("EVENT: link sensed\n"); 231 break; 232 233 case MACREG_INT_CODE_DEAUTHENTICATED: 234 lbs_deb_cmd("EVENT: deauthenticated\n"); 235 lbs_mac_event_disconnected(priv, false); 236 break; 237 238 case MACREG_INT_CODE_DISASSOCIATED: 239 lbs_deb_cmd("EVENT: disassociated\n"); 240 lbs_mac_event_disconnected(priv, false); 241 break; 242 243 case MACREG_INT_CODE_LINK_LOST_NO_SCAN: 244 lbs_deb_cmd("EVENT: link lost\n"); 245 lbs_mac_event_disconnected(priv, true); 246 break; 247 248 case MACREG_INT_CODE_PS_SLEEP: 249 lbs_deb_cmd("EVENT: ps sleep\n"); 250 251 /* handle unexpected PS SLEEP event */ 252 if (priv->psstate == PS_STATE_FULL_POWER) { 253 lbs_deb_cmd( 254 "EVENT: in FULL POWER mode, ignoring PS_SLEEP\n"); 255 break; 256 } 257 priv->psstate = PS_STATE_PRE_SLEEP; 258 259 lbs_ps_confirm_sleep(priv); 260 261 break; 262 263 case MACREG_INT_CODE_HOST_AWAKE: 264 lbs_deb_cmd("EVENT: host awake\n"); 265 if (priv->reset_deep_sleep_wakeup) 266 priv->reset_deep_sleep_wakeup(priv); 267 priv->is_deep_sleep = 0; 268 lbs_cmd_async(priv, CMD_802_11_WAKEUP_CONFIRM, &cmd, 269 sizeof(cmd)); 270 priv->is_host_sleep_activated = 0; 271 wake_up_interruptible(&priv->host_sleep_q); 272 break; 273 274 case MACREG_INT_CODE_DEEP_SLEEP_AWAKE: 275 if (priv->reset_deep_sleep_wakeup) 276 priv->reset_deep_sleep_wakeup(priv); 277 lbs_deb_cmd("EVENT: ds awake\n"); 278 priv->is_deep_sleep = 0; 279 priv->wakeup_dev_required = 0; 280 wake_up_interruptible(&priv->ds_awake_q); 281 break; 282 283 case MACREG_INT_CODE_PS_AWAKE: 284 lbs_deb_cmd("EVENT: ps awake\n"); 285 /* handle unexpected PS AWAKE event */ 286 if (priv->psstate == PS_STATE_FULL_POWER) { 287 lbs_deb_cmd( 288 "EVENT: In FULL POWER mode - ignore PS AWAKE\n"); 289 break; 290 } 291 292 priv->psstate = PS_STATE_AWAKE; 293 294 if (priv->needtowakeup) { 295 /* 296 * wait for the command processing to finish 297 * before resuming sending 298 * priv->needtowakeup will be set to FALSE 299 * in lbs_ps_wakeup() 300 */ 301 lbs_deb_cmd("waking up ...\n"); 302 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, false); 303 } 304 break; 305 306 case MACREG_INT_CODE_MIC_ERR_UNICAST: 307 lbs_deb_cmd("EVENT: UNICAST MIC ERROR\n"); 308 lbs_send_mic_failureevent(priv, event); 309 break; 310 311 case MACREG_INT_CODE_MIC_ERR_MULTICAST: 312 lbs_deb_cmd("EVENT: MULTICAST MIC ERROR\n"); 313 lbs_send_mic_failureevent(priv, event); 314 break; 315 316 case MACREG_INT_CODE_MIB_CHANGED: 317 lbs_deb_cmd("EVENT: MIB CHANGED\n"); 318 break; 319 case MACREG_INT_CODE_INIT_DONE: 320 lbs_deb_cmd("EVENT: INIT DONE\n"); 321 break; 322 case MACREG_INT_CODE_ADHOC_BCN_LOST: 323 lbs_deb_cmd("EVENT: ADHOC beacon lost\n"); 324 break; 325 case MACREG_INT_CODE_RSSI_LOW: 326 netdev_alert(priv->dev, "EVENT: rssi low\n"); 327 break; 328 case MACREG_INT_CODE_SNR_LOW: 329 netdev_alert(priv->dev, "EVENT: snr low\n"); 330 break; 331 case MACREG_INT_CODE_MAX_FAIL: 332 netdev_alert(priv->dev, "EVENT: max fail\n"); 333 break; 334 case MACREG_INT_CODE_RSSI_HIGH: 335 netdev_alert(priv->dev, "EVENT: rssi high\n"); 336 break; 337 case MACREG_INT_CODE_SNR_HIGH: 338 netdev_alert(priv->dev, "EVENT: snr high\n"); 339 break; 340 341 case MACREG_INT_CODE_MESH_AUTO_STARTED: 342 /* Ignore spurious autostart events */ 343 netdev_info(priv->dev, "EVENT: MESH_AUTO_STARTED (ignoring)\n"); 344 break; 345 346 default: 347 netdev_alert(priv->dev, "EVENT: unknown event id %d\n", event); 348 break; 349 } 350 351 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); 352 return ret; 353 }
1 /* 2 * This file contains the major functions in WLAN 3 * driver. It includes init, exit, open, close and main 4 * thread etc.. 5 */ 6 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 9 #include <linux/module.h> 10 #include <linux/delay.h> 11 #include <linux/etherdevice.h> 12 #include <linux/hardirq.h> 13 #include <linux/netdevice.h> 14 #include <linux/if_arp.h> 15 #include <linux/kthread.h> 16 #include <linux/kfifo.h> 17 #include <linux/slab.h> 18 #include <net/cfg80211.h> 19 20 #include "host.h" 21 #include "decl.h" 22 #include "dev.h" 23 #include "cfg.h" 24 #include "debugfs.h" 25 #include "cmd.h" 26 #include "mesh.h" 27 28 #define DRIVER_RELEASE_VERSION "323.p0" 29 const char lbs_driver_version[] = "COMM-USB8388-" DRIVER_RELEASE_VERSION 30 #ifdef DEBUG 31 "-dbg" 32 #endif 33 ""; 34 35 36 /* Module parameters */ 37 unsigned int lbs_debug; 38 EXPORT_SYMBOL_GPL(lbs_debug); 39 module_param_named(libertas_debug, lbs_debug, int, 0644); 40 41 unsigned int lbs_disablemesh; 42 EXPORT_SYMBOL_GPL(lbs_disablemesh); 43 module_param_named(libertas_disablemesh, lbs_disablemesh, int, 0644); 44 45 46 /* 47 * This global structure is used to send the confirm_sleep command as 48 * fast as possible down to the firmware. 49 */ 50 struct cmd_confirm_sleep confirm_sleep; 51 52 53 /* 54 * the table to keep region code 55 */ 56 u16 lbs_region_code_to_index[MRVDRV_MAX_REGION_CODE] = 57 { 0x10, 0x20, 0x30, 0x31, 0x32, 0x40 }; 58 59 /* 60 * FW rate table. FW refers to rates by their index in this table, not by the 61 * rate value itself. Values of 0x00 are 62 * reserved positions. 63 */ 64 static u8 fw_data_rates[MAX_RATES] = 65 { 0x02, 0x04, 0x0B, 0x16, 0x00, 0x0C, 0x12, 66 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C, 0x00 67 }; 68 69 /** 70 * lbs_fw_index_to_data_rate - use index to get the data rate 71 * 72 * @idx: The index of data rate 73 * returns: data rate or 0 74 */ 75 u32 lbs_fw_index_to_data_rate(u8 idx) 76 { 77 if (idx >= sizeof(fw_data_rates)) 78 idx = 0; 79 return fw_data_rates[idx]; 80 } 81 82 /** 83 * lbs_data_rate_to_fw_index - use rate to get the index 84 * 85 * @rate: data rate 86 * returns: index or 0 87 */ 88 u8 lbs_data_rate_to_fw_index(u32 rate) 89 { 90 u8 i; 91 92 if (!rate) 93 return 0; 94 95 for (i = 0; i < sizeof(fw_data_rates); i++) { 96 if (rate == fw_data_rates[i]) 97 return i; 98 } 99 return 0; 100 } 101 102 int lbs_set_iface_type(struct lbs_private *priv, enum nl80211_iftype type) 103 { 104 int ret = 0; 105 106 switch (type) { 107 case NL80211_IFTYPE_MONITOR: 108 ret = lbs_set_monitor_mode(priv, 1); 109 break; 110 case NL80211_IFTYPE_STATION: 111 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) 112 ret = lbs_set_monitor_mode(priv, 0); 113 if (!ret) 114 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 1); 115 break; 116 case NL80211_IFTYPE_ADHOC: 117 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) 118 ret = lbs_set_monitor_mode(priv, 0); 119 if (!ret) 120 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 2); 121 break; 122 default: 123 ret = -ENOTSUPP; 124 } 125 return ret; 126 } 127 128 int lbs_start_iface(struct lbs_private *priv) 129 { 130 struct cmd_ds_802_11_mac_address cmd; 131 int ret; 132 133 if (priv->power_restore) { 134 ret = priv->power_restore(priv); 135 if (ret) 136 return ret; 137 } 138 139 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 140 cmd.action = cpu_to_le16(CMD_ACT_SET); 141 memcpy(cmd.macadd, priv->current_addr, ETH_ALEN); 142 143 ret = lbs_cmd_with_response(priv, CMD_802_11_MAC_ADDRESS, &cmd); 144 if (ret) { 145 lbs_deb_net("set MAC address failed\n"); 146 goto err; 147 } 148 149 ret = lbs_set_iface_type(priv, priv->wdev->iftype); 150 if (ret) { 151 lbs_deb_net("set iface type failed\n"); 152 goto err; 153 } 154 155 ret = lbs_set_11d_domain_info(priv); 156 if (ret) { 157 lbs_deb_net("set 11d domain info failed\n"); 158 goto err; 159 } 160 161 lbs_update_channel(priv); 162 163 priv->iface_running = true; 164 return 0; 165 166 err: 167 if (priv->power_save) 168 priv->power_save(priv); 169 return ret; 170 } 171 172 /** 173 * lbs_dev_open - open the ethX interface 174 * 175 * @dev: A pointer to &net_device structure 176 * returns: 0 or -EBUSY if monitor mode active 177 */ 178 static int lbs_dev_open(struct net_device *dev) 179 { 180 struct lbs_private *priv = dev->ml_priv; 181 int ret = 0; 182 183 lbs_deb_enter(LBS_DEB_NET); 184 if (!priv->iface_running) { 185 ret = lbs_start_iface(priv); 186 if (ret) 187 goto out; 188 } 189 190 spin_lock_irq(&priv->driver_lock); 191 192 netif_carrier_off(dev); 193 194 if (!priv->tx_pending_len) 195 netif_wake_queue(dev); 196 197 spin_unlock_irq(&priv->driver_lock); 198 199 out: 200 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 201 return ret; 202 } 203 204 static bool lbs_command_queue_empty(struct lbs_private *priv) 205 { 206 unsigned long flags; 207 bool ret; 208 spin_lock_irqsave(&priv->driver_lock, flags); 209 ret = priv->cur_cmd == NULL && list_empty(&priv->cmdpendingq); 210 spin_unlock_irqrestore(&priv->driver_lock, flags); 211 return ret; 212 } 213 214 int lbs_stop_iface(struct lbs_private *priv) 215 { 216 unsigned long flags; 217 int ret = 0; 218 219 lbs_deb_enter(LBS_DEB_MAIN); 220 221 spin_lock_irqsave(&priv->driver_lock, flags); 222 priv->iface_running = false; 223 kfree_skb(priv->currenttxskb); 224 priv->currenttxskb = NULL; 225 priv->tx_pending_len = 0; 226 spin_unlock_irqrestore(&priv->driver_lock, flags); 227 228 cancel_work_sync(&priv->mcast_work); 229 del_timer_sync(&priv->tx_lockup_timer); 230 231 /* Disable command processing, and wait for all commands to complete */ 232 lbs_deb_main("waiting for commands to complete\n"); 233 wait_event(priv->waitq, lbs_command_queue_empty(priv)); 234 lbs_deb_main("all commands completed\n"); 235 236 if (priv->power_save) 237 ret = priv->power_save(priv); 238 239 lbs_deb_leave(LBS_DEB_MAIN); 240 return ret; 241 } 242 243 /** 244 * lbs_eth_stop - close the ethX interface 245 * 246 * @dev: A pointer to &net_device structure 247 * returns: 0 248 */ 249 static int lbs_eth_stop(struct net_device *dev) 250 { 251 struct lbs_private *priv = dev->ml_priv; 252 253 lbs_deb_enter(LBS_DEB_NET); 254 255 if (priv->connect_status == LBS_CONNECTED) 256 lbs_disconnect(priv, WLAN_REASON_DEAUTH_LEAVING); 257 258 spin_lock_irq(&priv->driver_lock); 259 netif_stop_queue(dev); 260 spin_unlock_irq(&priv->driver_lock); 261 262 lbs_update_mcast(priv); 263 cancel_delayed_work_sync(&priv->scan_work); 264 if (priv->scan_req) 265 lbs_scan_done(priv); 266 267 netif_carrier_off(priv->dev); 268 269 if (!lbs_iface_active(priv)) 270 lbs_stop_iface(priv); 271 272 lbs_deb_leave(LBS_DEB_NET); 273 return 0; 274 } 275 276 void lbs_host_to_card_done(struct lbs_private *priv) 277 { 278 unsigned long flags; 279 280 lbs_deb_enter(LBS_DEB_THREAD); 281 282 spin_lock_irqsave(&priv->driver_lock, flags); 283 del_timer(&priv->tx_lockup_timer); 284 285 priv->dnld_sent = DNLD_RES_RECEIVED; 286 287 /* Wake main thread if commands are pending */ 288 if (!priv->cur_cmd || priv->tx_pending_len > 0) { 289 if (!priv->wakeup_dev_required) 290 wake_up(&priv->waitq); 291 } 292 293 spin_unlock_irqrestore(&priv->driver_lock, flags); 294 lbs_deb_leave(LBS_DEB_THREAD); 295 } 296 EXPORT_SYMBOL_GPL(lbs_host_to_card_done); 297 298 int lbs_set_mac_address(struct net_device *dev, void *addr) 299 { 300 int ret = 0; 301 struct lbs_private *priv = dev->ml_priv; 302 struct sockaddr *phwaddr = addr; 303 304 lbs_deb_enter(LBS_DEB_NET); 305 306 /* 307 * Can only set MAC address when all interfaces are down, to be written 308 * to the hardware when one of them is brought up. 309 */ 310 if (lbs_iface_active(priv)) 311 return -EBUSY; 312 313 /* In case it was called from the mesh device */ 314 dev = priv->dev; 315 316 memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN); 317 memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN); 318 if (priv->mesh_dev) 319 memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN); 320 321 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 322 return ret; 323 } 324 325 326 static inline int mac_in_list(unsigned char *list, int list_len, 327 unsigned char *mac) 328 { 329 while (list_len) { 330 if (!memcmp(list, mac, ETH_ALEN)) 331 return 1; 332 list += ETH_ALEN; 333 list_len--; 334 } 335 return 0; 336 } 337 338 339 static int lbs_add_mcast_addrs(struct cmd_ds_mac_multicast_adr *cmd, 340 struct net_device *dev, int nr_addrs) 341 { 342 int i = nr_addrs; 343 struct netdev_hw_addr *ha; 344 int cnt; 345 346 if ((dev->flags & (IFF_UP|IFF_MULTICAST)) != (IFF_UP|IFF_MULTICAST)) 347 return nr_addrs; 348 349 netif_addr_lock_bh(dev); 350 cnt = netdev_mc_count(dev); 351 netdev_for_each_mc_addr(ha, dev) { 352 if (mac_in_list(cmd->maclist, nr_addrs, ha->addr)) { 353 lbs_deb_net("mcast address %s:%pM skipped\n", dev->name, 354 ha->addr); 355 cnt--; 356 continue; 357 } 358 359 if (i == MRVDRV_MAX_MULTICAST_LIST_SIZE) 360 break; 361 memcpy(&cmd->maclist[6*i], ha->addr, ETH_ALEN); 362 lbs_deb_net("mcast address %s:%pM added to filter\n", dev->name, 363 ha->addr); 364 i++; 365 cnt--; 366 } 367 netif_addr_unlock_bh(dev); 368 if (cnt) 369 return -EOVERFLOW; 370 371 return i; 372 } 373 374 void lbs_update_mcast(struct lbs_private *priv) 375 { 376 struct cmd_ds_mac_multicast_adr mcast_cmd; 377 int dev_flags = 0; 378 int nr_addrs; 379 int old_mac_control = priv->mac_control; 380 381 lbs_deb_enter(LBS_DEB_NET); 382 383 if (netif_running(priv->dev)) 384 dev_flags |= priv->dev->flags; 385 if (priv->mesh_dev && netif_running(priv->mesh_dev)) 386 dev_flags |= priv->mesh_dev->flags; 387 388 if (dev_flags & IFF_PROMISC) { 389 priv->mac_control |= CMD_ACT_MAC_PROMISCUOUS_ENABLE; 390 priv->mac_control &= ~(CMD_ACT_MAC_ALL_MULTICAST_ENABLE | 391 CMD_ACT_MAC_MULTICAST_ENABLE); 392 goto out_set_mac_control; 393 } else if (dev_flags & IFF_ALLMULTI) { 394 do_allmulti: 395 priv->mac_control |= CMD_ACT_MAC_ALL_MULTICAST_ENABLE; 396 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE | 397 CMD_ACT_MAC_MULTICAST_ENABLE); 398 goto out_set_mac_control; 399 } 400 401 /* Once for priv->dev, again for priv->mesh_dev if it exists */ 402 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->dev, 0); 403 if (nr_addrs >= 0 && priv->mesh_dev) 404 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->mesh_dev, nr_addrs); 405 if (nr_addrs < 0) 406 goto do_allmulti; 407 408 if (nr_addrs) { 409 int size = offsetof(struct cmd_ds_mac_multicast_adr, 410 maclist[6*nr_addrs]); 411 412 mcast_cmd.action = cpu_to_le16(CMD_ACT_SET); 413 mcast_cmd.hdr.size = cpu_to_le16(size); 414 mcast_cmd.nr_of_adrs = cpu_to_le16(nr_addrs); 415 416 lbs_cmd_async(priv, CMD_MAC_MULTICAST_ADR, &mcast_cmd.hdr, size); 417 418 priv->mac_control |= CMD_ACT_MAC_MULTICAST_ENABLE; 419 } else 420 priv->mac_control &= ~CMD_ACT_MAC_MULTICAST_ENABLE; 421 422 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE | 423 CMD_ACT_MAC_ALL_MULTICAST_ENABLE); 424 out_set_mac_control: 425 if (priv->mac_control != old_mac_control) 426 lbs_set_mac_control(priv); 427 428 lbs_deb_leave(LBS_DEB_NET); 429 } 430 431 static void lbs_set_mcast_worker(struct work_struct *work) 432 { 433 struct lbs_private *priv = container_of(work, struct lbs_private, mcast_work); 434 lbs_update_mcast(priv); 435 } 436 437 void lbs_set_multicast_list(struct net_device *dev) 438 { 439 struct lbs_private *priv = dev->ml_priv; 440 441 schedule_work(&priv->mcast_work); 442 } 443 444 /** 445 * lbs_thread - handles the major jobs in the LBS driver. 446 * It handles all events generated by firmware, RX data received 447 * from firmware and TX data sent from kernel. 448 * 449 * @data: A pointer to &lbs_thread structure 450 * returns: 0 451 */ 452 static int lbs_thread(void *data) 453 { 454 struct net_device *dev = data; 455 struct lbs_private *priv = dev->ml_priv; 456 wait_queue_t wait; 457 458 lbs_deb_enter(LBS_DEB_THREAD); 459 460 init_waitqueue_entry(&wait, current); 461 462 for (;;) { 463 int shouldsleep; 464 u8 resp_idx; 465 466 lbs_deb_thread("1: currenttxskb %p, dnld_sent %d\n", 467 priv->currenttxskb, priv->dnld_sent); 468 469 add_wait_queue(&priv->waitq, &wait); 470 set_current_state(TASK_INTERRUPTIBLE); 471 spin_lock_irq(&priv->driver_lock); 472 473 if (kthread_should_stop()) 474 shouldsleep = 0; /* Bye */ 475 else if (priv->surpriseremoved) 476 shouldsleep = 1; /* We need to wait until we're _told_ to die */ 477 else if (priv->psstate == PS_STATE_SLEEP) 478 shouldsleep = 1; /* Sleep mode. Nothing we can do till it wakes */ 479 else if (priv->cmd_timed_out) 480 shouldsleep = 0; /* Command timed out. Recover */ 481 else if (!priv->fw_ready) 482 shouldsleep = 1; /* Firmware not ready. We're waiting for it */ 483 else if (priv->dnld_sent) 484 shouldsleep = 1; /* Something is en route to the device already */ 485 else if (priv->tx_pending_len > 0) 486 shouldsleep = 0; /* We've a packet to send */ 487 else if (priv->resp_len[priv->resp_idx]) 488 shouldsleep = 0; /* We have a command response */ 489 else if (priv->cur_cmd) 490 shouldsleep = 1; /* Can't send a command; one already running */ 491 else if (!list_empty(&priv->cmdpendingq) && 492 !(priv->wakeup_dev_required)) 493 shouldsleep = 0; /* We have a command to send */ 494 else if (kfifo_len(&priv->event_fifo)) 495 shouldsleep = 0; /* We have an event to process */ 496 else 497 shouldsleep = 1; /* No command */ 498 499 if (shouldsleep) { 500 lbs_deb_thread("sleeping, connect_status %d, " 501 "psmode %d, psstate %d\n", 502 priv->connect_status, 503 priv->psmode, priv->psstate); 504 spin_unlock_irq(&priv->driver_lock); 505 schedule(); 506 } else 507 spin_unlock_irq(&priv->driver_lock); 508 509 lbs_deb_thread("2: currenttxskb %p, dnld_send %d\n", 510 priv->currenttxskb, priv->dnld_sent); 511 512 set_current_state(TASK_RUNNING); 513 remove_wait_queue(&priv->waitq, &wait); 514 515 lbs_deb_thread("3: currenttxskb %p, dnld_sent %d\n", 516 priv->currenttxskb, priv->dnld_sent); 517 518 if (kthread_should_stop()) { 519 lbs_deb_thread("break from main thread\n"); 520 break; 521 } 522 523 if (priv->surpriseremoved) { 524 lbs_deb_thread("adapter removed; waiting to die...\n"); 525 continue; 526 } 527 528 lbs_deb_thread("4: currenttxskb %p, dnld_sent %d\n", 529 priv->currenttxskb, priv->dnld_sent); 530 531 /* Process any pending command response */ 532 spin_lock_irq(&priv->driver_lock); 533 resp_idx = priv->resp_idx; 534 if (priv->resp_len[resp_idx]) { 535 spin_unlock_irq(&priv->driver_lock); 536 lbs_process_command_response(priv, 537 priv->resp_buf[resp_idx], 538 priv->resp_len[resp_idx]); 539 spin_lock_irq(&priv->driver_lock); 540 priv->resp_len[resp_idx] = 0; 541 } 542 spin_unlock_irq(&priv->driver_lock); 543 544 /* Process hardware events, e.g. card removed, link lost */ 545 spin_lock_irq(&priv->driver_lock); 546 while (kfifo_len(&priv->event_fifo)) { 547 u32 event; 548 549 if (kfifo_out(&priv->event_fifo, 550 (unsigned char *) &event, sizeof(event)) != 551 sizeof(event)) 552 break; 553 spin_unlock_irq(&priv->driver_lock); 554 lbs_process_event(priv, event); 555 spin_lock_irq(&priv->driver_lock); 556 } 557 spin_unlock_irq(&priv->driver_lock); 558 559 if (priv->wakeup_dev_required) { 560 lbs_deb_thread("Waking up device...\n"); 561 /* Wake up device */ 562 if (priv->exit_deep_sleep(priv)) 563 lbs_deb_thread("Wakeup device failed\n"); 564 continue; 565 } 566 567 /* command timeout stuff */ 568 if (priv->cmd_timed_out && priv->cur_cmd) { 569 struct cmd_ctrl_node *cmdnode = priv->cur_cmd; 570 571 netdev_info(dev, "Timeout submitting command 0x%04x\n", 572 le16_to_cpu(cmdnode->cmdbuf->command)); 573 lbs_complete_command(priv, cmdnode, -ETIMEDOUT); 574 575 /* Reset card, but only when it isn't in the process 576 * of being shutdown anyway. */ 577 if (!dev->dismantle && priv->reset_card) 578 priv->reset_card(priv); 579 } 580 priv->cmd_timed_out = 0; 581 582 if (!priv->fw_ready) 583 continue; 584 585 /* Check if we need to confirm Sleep Request received previously */ 586 if (priv->psstate == PS_STATE_PRE_SLEEP && 587 !priv->dnld_sent && !priv->cur_cmd) { 588 if (priv->connect_status == LBS_CONNECTED) { 589 lbs_deb_thread("pre-sleep, currenttxskb %p, " 590 "dnld_sent %d, cur_cmd %p\n", 591 priv->currenttxskb, priv->dnld_sent, 592 priv->cur_cmd); 593 594 lbs_ps_confirm_sleep(priv); 595 } else { 596 /* workaround for firmware sending 597 * deauth/linkloss event immediately 598 * after sleep request; remove this 599 * after firmware fixes it 600 */ 601 priv->psstate = PS_STATE_AWAKE; 602 netdev_alert(dev, 603 "ignore PS_SleepConfirm in non-connected state\n"); 604 } 605 } 606 607 /* The PS state is changed during processing of Sleep Request 608 * event above 609 */ 610 if ((priv->psstate == PS_STATE_SLEEP) || 611 (priv->psstate == PS_STATE_PRE_SLEEP)) 612 continue; 613 614 if (priv->is_deep_sleep) 615 continue; 616 617 /* Execute the next command */ 618 if (!priv->dnld_sent && !priv->cur_cmd) 619 lbs_execute_next_command(priv); 620 621 spin_lock_irq(&priv->driver_lock); 622 if (!priv->dnld_sent && priv->tx_pending_len > 0) { 623 int ret = priv->hw_host_to_card(priv, MVMS_DAT, 624 priv->tx_pending_buf, 625 priv->tx_pending_len); 626 if (ret) { 627 lbs_deb_tx("host_to_card failed %d\n", ret); 628 priv->dnld_sent = DNLD_RES_RECEIVED; 629 } else { 630 mod_timer(&priv->tx_lockup_timer, 631 jiffies + (HZ * 5)); 632 } 633 priv->tx_pending_len = 0; 634 if (!priv->currenttxskb) { 635 /* We can wake the queues immediately if we aren't 636 waiting for TX feedback */ 637 if (priv->connect_status == LBS_CONNECTED) 638 netif_wake_queue(priv->dev); 639 if (priv->mesh_dev && 640 netif_running(priv->mesh_dev)) 641 netif_wake_queue(priv->mesh_dev); 642 } 643 } 644 spin_unlock_irq(&priv->driver_lock); 645 } 646 647 del_timer(&priv->command_timer); 648 del_timer(&priv->tx_lockup_timer); 649 del_timer(&priv->auto_deepsleep_timer); 650 651 lbs_deb_leave(LBS_DEB_THREAD); 652 return 0; 653 } 654 655 /** 656 * lbs_setup_firmware - gets the HW spec from the firmware and sets 657 * some basic parameters 658 * 659 * @priv: A pointer to &struct lbs_private structure 660 * returns: 0 or -1 661 */ 662 static int lbs_setup_firmware(struct lbs_private *priv) 663 { 664 int ret = -1; 665 s16 curlevel = 0, minlevel = 0, maxlevel = 0; 666 667 lbs_deb_enter(LBS_DEB_FW); 668 669 /* Read MAC address from firmware */ 670 eth_broadcast_addr(priv->current_addr); 671 ret = lbs_update_hw_spec(priv); 672 if (ret) 673 goto done; 674 675 /* Read power levels if available */ 676 ret = lbs_get_tx_power(priv, &curlevel, &minlevel, &maxlevel); 677 if (ret == 0) { 678 priv->txpower_cur = curlevel; 679 priv->txpower_min = minlevel; 680 priv->txpower_max = maxlevel; 681 } 682 683 /* Send cmd to FW to enable 11D function */ 684 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_11D_ENABLE, 1); 685 if (ret) 686 goto done; 687 688 ret = lbs_set_mac_control_sync(priv); 689 done: 690 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 691 return ret; 692 } 693 694 int lbs_suspend(struct lbs_private *priv) 695 { 696 int ret; 697 698 lbs_deb_enter(LBS_DEB_FW); 699 700 if (priv->is_deep_sleep) { 701 ret = lbs_set_deep_sleep(priv, 0); 702 if (ret) { 703 netdev_err(priv->dev, 704 "deep sleep cancellation failed: %d\n", ret); 705 return ret; 706 } 707 priv->deep_sleep_required = 1; 708 } 709 710 ret = lbs_set_host_sleep(priv, 1); 711 712 netif_device_detach(priv->dev); 713 if (priv->mesh_dev) 714 netif_device_detach(priv->mesh_dev); 715 716 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 717 return ret; 718 } 719 EXPORT_SYMBOL_GPL(lbs_suspend); 720 721 int lbs_resume(struct lbs_private *priv) 722 { 723 int ret; 724 725 lbs_deb_enter(LBS_DEB_FW); 726 727 ret = lbs_set_host_sleep(priv, 0); 728 729 netif_device_attach(priv->dev); 730 if (priv->mesh_dev) 731 netif_device_attach(priv->mesh_dev); 732 733 if (priv->deep_sleep_required) { 734 priv->deep_sleep_required = 0; 735 ret = lbs_set_deep_sleep(priv, 1); 736 if (ret) 737 netdev_err(priv->dev, 738 "deep sleep activation failed: %d\n", ret); 739 } 740 741 if (priv->setup_fw_on_resume) 742 ret = lbs_setup_firmware(priv); 743 744 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 745 return ret; 746 } 747 EXPORT_SYMBOL_GPL(lbs_resume); 748 749 /** 750 * lbs_cmd_timeout_handler - handles the timeout of command sending. 751 * It will re-send the same command again. 752 * 753 * @data: &struct lbs_private pointer 754 */ 755 static void lbs_cmd_timeout_handler(unsigned long data) 756 { 757 struct lbs_private *priv = (struct lbs_private *)data; 758 unsigned long flags; 759 760 lbs_deb_enter(LBS_DEB_CMD); 761 spin_lock_irqsave(&priv->driver_lock, flags); 762 763 if (!priv->cur_cmd) 764 goto out; 765 766 netdev_info(priv->dev, "command 0x%04x timed out\n", 767 le16_to_cpu(priv->cur_cmd->cmdbuf->command)); 768 769 priv->cmd_timed_out = 1; 770 771 /* 772 * If the device didn't even acknowledge the command, reset the state 773 * so that we don't block all future commands due to this one timeout. 774 */ 775 if (priv->dnld_sent == DNLD_CMD_SENT) 776 priv->dnld_sent = DNLD_RES_RECEIVED; 777 778 wake_up(&priv->waitq); 779 out: 780 spin_unlock_irqrestore(&priv->driver_lock, flags); 781 lbs_deb_leave(LBS_DEB_CMD); 782 } 783 784 /** 785 * lbs_tx_lockup_handler - handles the timeout of the passing of TX frames 786 * to the hardware. This is known to frequently happen with SD8686 when 787 * waking up after a Wake-on-WLAN-triggered resume. 788 * 789 * @data: &struct lbs_private pointer 790 */ 791 static void lbs_tx_lockup_handler(unsigned long data) 792 { 793 struct lbs_private *priv = (struct lbs_private *)data; 794 unsigned long flags; 795 796 lbs_deb_enter(LBS_DEB_TX); 797 spin_lock_irqsave(&priv->driver_lock, flags); 798 799 netdev_info(priv->dev, "TX lockup detected\n"); 800 if (priv->reset_card) 801 priv->reset_card(priv); 802 803 priv->dnld_sent = DNLD_RES_RECEIVED; 804 wake_up_interruptible(&priv->waitq); 805 806 spin_unlock_irqrestore(&priv->driver_lock, flags); 807 lbs_deb_leave(LBS_DEB_TX); 808 } 809 810 /** 811 * auto_deepsleep_timer_fn - put the device back to deep sleep mode when 812 * timer expires and no activity (command, event, data etc.) is detected. 813 * @data: &struct lbs_private pointer 814 * returns: N/A 815 */ 816 static void auto_deepsleep_timer_fn(unsigned long data) 817 { 818 struct lbs_private *priv = (struct lbs_private *)data; 819 820 lbs_deb_enter(LBS_DEB_CMD); 821 822 if (priv->is_activity_detected) { 823 priv->is_activity_detected = 0; 824 } else { 825 if (priv->is_auto_deep_sleep_enabled && 826 (!priv->wakeup_dev_required) && 827 (priv->connect_status != LBS_CONNECTED)) { 828 struct cmd_header cmd; 829 830 lbs_deb_main("Entering auto deep sleep mode...\n"); 831 memset(&cmd, 0, sizeof(cmd)); 832 cmd.size = cpu_to_le16(sizeof(cmd)); 833 lbs_cmd_async(priv, CMD_802_11_DEEP_SLEEP, &cmd, 834 sizeof(cmd)); 835 } 836 } 837 mod_timer(&priv->auto_deepsleep_timer , jiffies + 838 (priv->auto_deep_sleep_timeout * HZ)/1000); 839 lbs_deb_leave(LBS_DEB_CMD); 840 } 841 842 int lbs_enter_auto_deep_sleep(struct lbs_private *priv) 843 { 844 lbs_deb_enter(LBS_DEB_SDIO); 845 846 priv->is_auto_deep_sleep_enabled = 1; 847 if (priv->is_deep_sleep) 848 priv->wakeup_dev_required = 1; 849 mod_timer(&priv->auto_deepsleep_timer , 850 jiffies + (priv->auto_deep_sleep_timeout * HZ)/1000); 851 852 lbs_deb_leave(LBS_DEB_SDIO); 853 return 0; 854 } 855 856 int lbs_exit_auto_deep_sleep(struct lbs_private *priv) 857 { 858 lbs_deb_enter(LBS_DEB_SDIO); 859 860 priv->is_auto_deep_sleep_enabled = 0; 861 priv->auto_deep_sleep_timeout = 0; 862 del_timer(&priv->auto_deepsleep_timer); 863 864 lbs_deb_leave(LBS_DEB_SDIO); 865 return 0; 866 } 867 868 static int lbs_init_adapter(struct lbs_private *priv) 869 { 870 int ret; 871 872 lbs_deb_enter(LBS_DEB_MAIN); 873 874 eth_broadcast_addr(priv->current_addr); 875 876 priv->connect_status = LBS_DISCONNECTED; 877 priv->channel = DEFAULT_AD_HOC_CHANNEL; 878 priv->mac_control = CMD_ACT_MAC_RX_ON | CMD_ACT_MAC_TX_ON; 879 priv->radio_on = 1; 880 priv->psmode = LBS802_11POWERMODECAM; 881 priv->psstate = PS_STATE_FULL_POWER; 882 priv->is_deep_sleep = 0; 883 priv->is_auto_deep_sleep_enabled = 0; 884 priv->deep_sleep_required = 0; 885 priv->wakeup_dev_required = 0; 886 init_waitqueue_head(&priv->ds_awake_q); 887 init_waitqueue_head(&priv->scan_q); 888 priv->authtype_auto = 1; 889 priv->is_host_sleep_configured = 0; 890 priv->is_host_sleep_activated = 0; 891 init_waitqueue_head(&priv->host_sleep_q); 892 init_waitqueue_head(&priv->fw_waitq); 893 mutex_init(&priv->lock); 894 895 setup_timer(&priv->command_timer, lbs_cmd_timeout_handler, 896 (unsigned long)priv); 897 setup_timer(&priv->tx_lockup_timer, lbs_tx_lockup_handler, 898 (unsigned long)priv); 899 setup_timer(&priv->auto_deepsleep_timer, auto_deepsleep_timer_fn, 900 (unsigned long)priv); 901 902 INIT_LIST_HEAD(&priv->cmdfreeq); 903 INIT_LIST_HEAD(&priv->cmdpendingq); 904 905 spin_lock_init(&priv->driver_lock); 906 907 /* Allocate the command buffers */ 908 if (lbs_allocate_cmd_buffer(priv)) { 909 pr_err("Out of memory allocating command buffers\n"); 910 ret = -ENOMEM; 911 goto out; 912 } 913 priv->resp_idx = 0; 914 priv->resp_len[0] = priv->resp_len[1] = 0; 915 916 /* Create the event FIFO */ 917 ret = kfifo_alloc(&priv->event_fifo, sizeof(u32) * 16, GFP_KERNEL); 918 if (ret) { 919 pr_err("Out of memory allocating event FIFO buffer\n"); 920 goto out; 921 } 922 923 out: 924 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret); 925 926 return ret; 927 } 928 929 static void lbs_free_adapter(struct lbs_private *priv) 930 { 931 lbs_deb_enter(LBS_DEB_MAIN); 932 933 lbs_free_cmd_buffer(priv); 934 kfifo_free(&priv->event_fifo); 935 del_timer(&priv->command_timer); 936 del_timer(&priv->tx_lockup_timer); 937 del_timer(&priv->auto_deepsleep_timer); 938 939 lbs_deb_leave(LBS_DEB_MAIN); 940 } 941 942 static const struct net_device_ops lbs_netdev_ops = { 943 .ndo_open = lbs_dev_open, 944 .ndo_stop = lbs_eth_stop, 945 .ndo_start_xmit = lbs_hard_start_xmit, 946 .ndo_set_mac_address = lbs_set_mac_address, 947 .ndo_set_rx_mode = lbs_set_multicast_list, 948 .ndo_change_mtu = eth_change_mtu, 949 .ndo_validate_addr = eth_validate_addr, 950 }; 951 952 /** 953 * lbs_add_card - adds the card. It will probe the 954 * card, allocate the lbs_priv and initialize the device. 955 * 956 * @card: A pointer to card 957 * @dmdev: A pointer to &struct device 958 * returns: A pointer to &struct lbs_private structure 959 */ 960 struct lbs_private *lbs_add_card(void *card, struct device *dmdev) 961 { 962 struct net_device *dev; 963 struct wireless_dev *wdev; 964 struct lbs_private *priv = NULL; 965 966 lbs_deb_enter(LBS_DEB_MAIN); 967 968 /* Allocate an Ethernet device and register it */ 969 wdev = lbs_cfg_alloc(dmdev); 970 if (IS_ERR(wdev)) { 971 pr_err("cfg80211 init failed\n"); 972 goto done; 973 } 974 975 wdev->iftype = NL80211_IFTYPE_STATION; 976 priv = wdev_priv(wdev); 977 priv->wdev = wdev; 978 979 if (lbs_init_adapter(priv)) { 980 pr_err("failed to initialize adapter structure\n"); 981 goto err_wdev; 982 } 983 984 dev = alloc_netdev(0, "wlan%d", NET_NAME_UNKNOWN, ether_setup); 985 if (!dev) { 986 dev_err(dmdev, "no memory for network device instance\n"); 987 goto err_adapter; 988 } 989 990 dev->ieee80211_ptr = wdev; 991 dev->ml_priv = priv; 992 SET_NETDEV_DEV(dev, dmdev); 993 wdev->netdev = dev; 994 priv->dev = dev; 995 996 dev->netdev_ops = &lbs_netdev_ops; 997 dev->watchdog_timeo = 5 * HZ; 998 dev->ethtool_ops = &lbs_ethtool_ops; 999 dev->flags |= IFF_BROADCAST | IFF_MULTICAST; 1000 1001 priv->card = card; 1002 1003 strcpy(dev->name, "wlan%d"); 1004 1005 lbs_deb_thread("Starting main thread...\n"); 1006 init_waitqueue_head(&priv->waitq); 1007 priv->main_thread = kthread_run(lbs_thread, dev, "lbs_main"); 1008 if (IS_ERR(priv->main_thread)) { 1009 lbs_deb_thread("Error creating main thread.\n"); 1010 goto err_ndev; 1011 } 1012 1013 priv->work_thread = create_singlethread_workqueue("lbs_worker"); 1014 INIT_WORK(&priv->mcast_work, lbs_set_mcast_worker); 1015 1016 priv->wol_criteria = EHS_REMOVE_WAKEUP; 1017 priv->wol_gpio = 0xff; 1018 priv->wol_gap = 20; 1019 priv->ehs_remove_supported = true; 1020 1021 goto done; 1022 1023 err_ndev: 1024 free_netdev(dev); 1025 1026 err_adapter: 1027 lbs_free_adapter(priv); 1028 1029 err_wdev: 1030 lbs_cfg_free(priv); 1031 1032 priv = NULL; 1033 1034 done: 1035 lbs_deb_leave_args(LBS_DEB_MAIN, "priv %p", priv); 1036 return priv; 1037 } 1038 EXPORT_SYMBOL_GPL(lbs_add_card); 1039 1040 1041 void lbs_remove_card(struct lbs_private *priv) 1042 { 1043 struct net_device *dev = priv->dev; 1044 1045 lbs_deb_enter(LBS_DEB_MAIN); 1046 1047 lbs_remove_mesh(priv); 1048 1049 if (priv->wiphy_registered) 1050 lbs_scan_deinit(priv); 1051 1052 lbs_wait_for_firmware_load(priv); 1053 1054 /* worker thread destruction blocks on the in-flight command which 1055 * should have been cleared already in lbs_stop_card(). 1056 */ 1057 lbs_deb_main("destroying worker thread\n"); 1058 destroy_workqueue(priv->work_thread); 1059 lbs_deb_main("done destroying worker thread\n"); 1060 1061 if (priv->psmode == LBS802_11POWERMODEMAX_PSP) { 1062 priv->psmode = LBS802_11POWERMODECAM; 1063 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, true); 1064 } 1065 1066 if (priv->is_deep_sleep) { 1067 priv->is_deep_sleep = 0; 1068 wake_up_interruptible(&priv->ds_awake_q); 1069 } 1070 1071 priv->is_host_sleep_configured = 0; 1072 priv->is_host_sleep_activated = 0; 1073 wake_up_interruptible(&priv->host_sleep_q); 1074 1075 /* Stop the thread servicing the interrupts */ 1076 priv->surpriseremoved = 1; 1077 kthread_stop(priv->main_thread); 1078 1079 lbs_free_adapter(priv); 1080 lbs_cfg_free(priv); 1081 free_netdev(dev); 1082 1083 lbs_deb_leave(LBS_DEB_MAIN); 1084 } 1085 EXPORT_SYMBOL_GPL(lbs_remove_card); 1086 1087 1088 int lbs_rtap_supported(struct lbs_private *priv) 1089 { 1090 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5) 1091 return 1; 1092 1093 /* newer firmware use a capability mask */ 1094 return ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) && 1095 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK)); 1096 } 1097 1098 1099 int lbs_start_card(struct lbs_private *priv) 1100 { 1101 struct net_device *dev = priv->dev; 1102 int ret = -1; 1103 1104 lbs_deb_enter(LBS_DEB_MAIN); 1105 1106 /* poke the firmware */ 1107 ret = lbs_setup_firmware(priv); 1108 if (ret) 1109 goto done; 1110 1111 if (!lbs_disablemesh) 1112 lbs_init_mesh(priv); 1113 else 1114 pr_info("%s: mesh disabled\n", dev->name); 1115 1116 if (lbs_cfg_register(priv)) { 1117 pr_err("cannot register device\n"); 1118 goto done; 1119 } 1120 1121 if (lbs_mesh_activated(priv)) 1122 lbs_start_mesh(priv); 1123 1124 lbs_debugfs_init_one(priv, dev); 1125 1126 netdev_info(dev, "Marvell WLAN 802.11 adapter\n"); 1127 1128 ret = 0; 1129 1130 done: 1131 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret); 1132 return ret; 1133 } 1134 EXPORT_SYMBOL_GPL(lbs_start_card); 1135 1136 1137 void lbs_stop_card(struct lbs_private *priv) 1138 { 1139 struct net_device *dev; 1140 1141 lbs_deb_enter(LBS_DEB_MAIN); 1142 1143 if (!priv) 1144 goto out; 1145 dev = priv->dev; 1146 1147 /* If the netdev isn't registered, it means that lbs_start_card() was 1148 * never called so we have nothing to do here. */ 1149 if (dev->reg_state != NETREG_REGISTERED) 1150 goto out; 1151 1152 netif_stop_queue(dev); 1153 netif_carrier_off(dev); 1154 1155 lbs_debugfs_remove_one(priv); 1156 lbs_deinit_mesh(priv); 1157 unregister_netdev(dev); 1158 1159 out: 1160 lbs_deb_leave(LBS_DEB_MAIN); 1161 } 1162 EXPORT_SYMBOL_GPL(lbs_stop_card); 1163 1164 1165 void lbs_queue_event(struct lbs_private *priv, u32 event) 1166 { 1167 unsigned long flags; 1168 1169 lbs_deb_enter(LBS_DEB_THREAD); 1170 spin_lock_irqsave(&priv->driver_lock, flags); 1171 1172 if (priv->psstate == PS_STATE_SLEEP) 1173 priv->psstate = PS_STATE_AWAKE; 1174 1175 kfifo_in(&priv->event_fifo, (unsigned char *) &event, sizeof(u32)); 1176 1177 wake_up(&priv->waitq); 1178 1179 spin_unlock_irqrestore(&priv->driver_lock, flags); 1180 lbs_deb_leave(LBS_DEB_THREAD); 1181 } 1182 EXPORT_SYMBOL_GPL(lbs_queue_event); 1183 1184 void lbs_notify_command_response(struct lbs_private *priv, u8 resp_idx) 1185 { 1186 lbs_deb_enter(LBS_DEB_THREAD); 1187 1188 if (priv->psstate == PS_STATE_SLEEP) 1189 priv->psstate = PS_STATE_AWAKE; 1190 1191 /* Swap buffers by flipping the response index */ 1192 BUG_ON(resp_idx > 1); 1193 priv->resp_idx = resp_idx; 1194 1195 wake_up(&priv->waitq); 1196 1197 lbs_deb_leave(LBS_DEB_THREAD); 1198 } 1199 EXPORT_SYMBOL_GPL(lbs_notify_command_response); 1200 1201 static int __init lbs_init_module(void) 1202 { 1203 lbs_deb_enter(LBS_DEB_MAIN); 1204 memset(&confirm_sleep, 0, sizeof(confirm_sleep)); 1205 confirm_sleep.hdr.command = cpu_to_le16(CMD_802_11_PS_MODE); 1206 confirm_sleep.hdr.size = cpu_to_le16(sizeof(confirm_sleep)); 1207 confirm_sleep.action = cpu_to_le16(PS_MODE_ACTION_SLEEP_CONFIRMED); 1208 lbs_debugfs_init(); 1209 lbs_deb_leave(LBS_DEB_MAIN); 1210 return 0; 1211 } 1212 1213 static void __exit lbs_exit_module(void) 1214 { 1215 lbs_deb_enter(LBS_DEB_MAIN); 1216 lbs_debugfs_remove(); 1217 lbs_deb_leave(LBS_DEB_MAIN); 1218 } 1219 1220 module_init(lbs_init_module); 1221 module_exit(lbs_exit_module); 1222 1223 MODULE_DESCRIPTION("Libertas WLAN Driver Library"); 1224 MODULE_AUTHOR("Marvell International Ltd."); 1225 MODULE_LICENSE("GPL");
1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 int ldv_state_variable_8; 53 int ldv_state_variable_15; 54 int ldv_timer_1_3; 55 struct timer_list * ldv_timer_list_2_0; 56 int ldv_timer_2_1; 57 int ldv_state_variable_0; 58 int ldv_state_variable_5; 59 int ldv_state_variable_13; 60 int ldv_state_variable_12; 61 struct device_attribute *dev_attr_protocol_id_group1; 62 struct timer_list * ldv_timer_list_3_1; 63 int ldv_state_variable_14; 64 struct device_attribute *dev_attr_capability_group1; 65 struct timer_list * ldv_timer_list_3_2; 66 int ldv_timer_2_2; 67 struct net_device *lbs_ethtool_ops_group0; 68 int ldv_timer_3_3; 69 int ldv_timer_2_3; 70 struct device_attribute *dev_attr_lbs_mesh_group1; 71 int ldv_timer_1_0; 72 int ldv_state_variable_17; 73 struct timer_list * ldv_timer_list_3_3; 74 int ldv_state_variable_9; 75 int ldv_timer_3_1; 76 int ref_cnt; 77 int ldv_state_variable_1; 78 int ldv_state_variable_7; 79 struct device_attribute *dev_attr_metric_id_group1; 80 struct net_device *lbs_netdev_ops_group1; 81 struct timer_list * ldv_timer_list_1_3; 82 struct net_device *lbs_cfg80211_ops_group0; 83 int ldv_state_variable_10; 84 struct timer_list * ldv_timer_list_1_1; 85 struct file *lbs_debug_fops_group2; 86 struct timer_list * ldv_timer_list_2_1; 87 struct wiphy *lbs_cfg80211_ops_group1; 88 struct timer_list * ldv_timer_list_1_0; 89 int ldv_state_variable_6; 90 int ldv_timer_1_2; 91 int ldv_state_variable_16; 92 struct device_attribute *dev_attr_channel_group1; 93 int ldv_timer_2_0; 94 int ldv_timer_1_1; 95 int ldv_state_variable_2; 96 struct timer_list * ldv_timer_list_1_2; 97 struct device_attribute *dev_attr_anycast_mask_group1; 98 int ldv_state_variable_11; 99 struct device_attribute *dev_attr_bootflag_group1; 100 int LDV_IN_INTERRUPT = 1; 101 int __VERIFIER_nondet_int(void); 102 int ldv_state_variable_18; 103 struct net_device *mesh_netdev_ops_group1; 104 struct device_attribute *dev_attr_prb_rsp_limit_group1; 105 struct inode *lbs_debug_fops_group1; 106 int ldv_timer_3_2; 107 struct mutex fs_mutex; 108 int ldv_state_variable_3; 109 struct mutex ar_mutex; 110 struct timer_list * ldv_timer_list_2_3; 111 struct device_attribute *dev_attr_boottime_group1; 112 int ldv_timer_3_0; 113 struct timer_list * ldv_timer_list_3_0; 114 struct device_attribute *dev_attr_mesh_id_group1; 115 struct timer_list * ldv_timer_list_2_2; 116 int ldv_state_variable_4; 117 struct ethtool_wolinfo *lbs_ethtool_ops_group1; 118 void ldv_initialyze_cfg80211_ops_18(void); 119 int evil_hack_15(void); 120 void choose_timer_2(void); 121 int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 122 void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag); 123 void choose_timer_3(void); 124 void timer_init_3(void); 125 void ldv_net_device_ops_4(void); 126 void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 127 void timer_init_2(void); 128 void timer_init_1(void); 129 void ldv_net_device_ops_15(void); 130 void disable_suitable_timer_3(struct timer_list * timer); 131 void activate_suitable_timer_3(struct timer_list * timer, unsigned long data); 132 int evil_hack_4(void); 133 int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 134 void disable_suitable_timer_2(struct timer_list * timer); 135 void disable_suitable_timer_1(struct timer_list * timer); 136 int evil_hack_fs_lock(void); 137 void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 138 void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag); 139 int __VERIFIER_nondet_int(void); 140 int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 141 void ldv_file_operations_17(void); 142 void ldv_initialyze_ethtool_ops_16(void); 143 void choose_timer_1(void); 144 void ldv_timer_1(int state, struct timer_list * timer); 145 int evil_hack_ar_lock(void); 146 void activate_suitable_timer_2(struct timer_list * timer, unsigned long data); 147 void ldv_timer_2(int state, struct timer_list * timer); 148 void ldv_timer_3(int state, struct timer_list * timer); 149 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/main.c" 150 /* 151 * This file contains the major functions in WLAN 152 * driver. It includes init, exit, open, close and main 153 * thread etc.. 154 */ 155 156 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 157 158 #include <linux/module.h> 159 #include <linux/delay.h> 160 #include <linux/etherdevice.h> 161 #include <linux/hardirq.h> 162 #include <linux/netdevice.h> 163 #include <linux/if_arp.h> 164 #include <linux/kthread.h> 165 #include <linux/kfifo.h> 166 #include <linux/slab.h> 167 #include <net/cfg80211.h> 168 169 #include "host.h" 170 #include "decl.h" 171 #include "dev.h" 172 #include "cfg.h" 173 #include "debugfs.h" 174 #include "cmd.h" 175 #include "mesh.h" 176 177 #define DRIVER_RELEASE_VERSION "323.p0" 178 const char lbs_driver_version[] = "COMM-USB8388-" DRIVER_RELEASE_VERSION 179 #ifdef DEBUG 180 "-dbg" 181 #endif 182 ""; 183 184 185 /* Module parameters */ 186 unsigned int lbs_debug; 187 EXPORT_SYMBOL_GPL(lbs_debug); 188 module_param_named(libertas_debug, lbs_debug, int, 0644); 189 190 unsigned int lbs_disablemesh; 191 EXPORT_SYMBOL_GPL(lbs_disablemesh); 192 module_param_named(libertas_disablemesh, lbs_disablemesh, int, 0644); 193 194 195 /* 196 * This global structure is used to send the confirm_sleep command as 197 * fast as possible down to the firmware. 198 */ 199 struct cmd_confirm_sleep confirm_sleep; 200 201 202 /* 203 * the table to keep region code 204 */ 205 u16 lbs_region_code_to_index[MRVDRV_MAX_REGION_CODE] = 206 { 0x10, 0x20, 0x30, 0x31, 0x32, 0x40 }; 207 208 /* 209 * FW rate table. FW refers to rates by their index in this table, not by the 210 * rate value itself. Values of 0x00 are 211 * reserved positions. 212 */ 213 static u8 fw_data_rates[MAX_RATES] = 214 { 0x02, 0x04, 0x0B, 0x16, 0x00, 0x0C, 0x12, 215 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C, 0x00 216 }; 217 218 /** 219 * lbs_fw_index_to_data_rate - use index to get the data rate 220 * 221 * @idx: The index of data rate 222 * returns: data rate or 0 223 */ 224 u32 lbs_fw_index_to_data_rate(u8 idx) 225 { 226 if (idx >= sizeof(fw_data_rates)) 227 idx = 0; 228 return fw_data_rates[idx]; 229 } 230 231 /** 232 * lbs_data_rate_to_fw_index - use rate to get the index 233 * 234 * @rate: data rate 235 * returns: index or 0 236 */ 237 u8 lbs_data_rate_to_fw_index(u32 rate) 238 { 239 u8 i; 240 241 if (!rate) 242 return 0; 243 244 for (i = 0; i < sizeof(fw_data_rates); i++) { 245 if (rate == fw_data_rates[i]) 246 return i; 247 } 248 return 0; 249 } 250 251 int lbs_set_iface_type(struct lbs_private *priv, enum nl80211_iftype type) 252 { 253 int ret = 0; 254 255 switch (type) { 256 case NL80211_IFTYPE_MONITOR: 257 ret = lbs_set_monitor_mode(priv, 1); 258 break; 259 case NL80211_IFTYPE_STATION: 260 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) 261 ret = lbs_set_monitor_mode(priv, 0); 262 if (!ret) 263 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 1); 264 break; 265 case NL80211_IFTYPE_ADHOC: 266 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) 267 ret = lbs_set_monitor_mode(priv, 0); 268 if (!ret) 269 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 2); 270 break; 271 default: 272 ret = -ENOTSUPP; 273 } 274 return ret; 275 } 276 277 int lbs_start_iface(struct lbs_private *priv) 278 { 279 struct cmd_ds_802_11_mac_address cmd; 280 int ret; 281 282 if (priv->power_restore) { 283 ret = priv->power_restore(priv); 284 if (ret) 285 return ret; 286 } 287 288 cmd.hdr.size = cpu_to_le16(sizeof(cmd)); 289 cmd.action = cpu_to_le16(CMD_ACT_SET); 290 memcpy(cmd.macadd, priv->current_addr, ETH_ALEN); 291 292 ret = lbs_cmd_with_response(priv, CMD_802_11_MAC_ADDRESS, &cmd); 293 if (ret) { 294 lbs_deb_net("set MAC address failed\n"); 295 goto err; 296 } 297 298 ret = lbs_set_iface_type(priv, priv->wdev->iftype); 299 if (ret) { 300 lbs_deb_net("set iface type failed\n"); 301 goto err; 302 } 303 304 ret = lbs_set_11d_domain_info(priv); 305 if (ret) { 306 lbs_deb_net("set 11d domain info failed\n"); 307 goto err; 308 } 309 310 lbs_update_channel(priv); 311 312 priv->iface_running = true; 313 return 0; 314 315 err: 316 if (priv->power_save) 317 priv->power_save(priv); 318 return ret; 319 } 320 321 /** 322 * lbs_dev_open - open the ethX interface 323 * 324 * @dev: A pointer to &net_device structure 325 * returns: 0 or -EBUSY if monitor mode active 326 */ 327 static int lbs_dev_open(struct net_device *dev) 328 { 329 struct lbs_private *priv = dev->ml_priv; 330 int ret = 0; 331 332 lbs_deb_enter(LBS_DEB_NET); 333 if (!priv->iface_running) { 334 ret = lbs_start_iface(priv); 335 if (ret) 336 goto out; 337 } 338 339 spin_lock_irq(&priv->driver_lock); 340 341 netif_carrier_off(dev); 342 343 if (!priv->tx_pending_len) 344 netif_wake_queue(dev); 345 346 spin_unlock_irq(&priv->driver_lock); 347 348 out: 349 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 350 return ret; 351 } 352 353 static bool lbs_command_queue_empty(struct lbs_private *priv) 354 { 355 unsigned long flags; 356 bool ret; 357 spin_lock_irqsave(&priv->driver_lock, flags); 358 ret = priv->cur_cmd == NULL && list_empty(&priv->cmdpendingq); 359 spin_unlock_irqrestore(&priv->driver_lock, flags); 360 return ret; 361 } 362 363 int lbs_stop_iface(struct lbs_private *priv) 364 { 365 unsigned long flags; 366 int ret = 0; 367 368 lbs_deb_enter(LBS_DEB_MAIN); 369 370 spin_lock_irqsave(&priv->driver_lock, flags); 371 priv->iface_running = false; 372 kfree_skb(priv->currenttxskb); 373 priv->currenttxskb = NULL; 374 priv->tx_pending_len = 0; 375 spin_unlock_irqrestore(&priv->driver_lock, flags); 376 377 cancel_work_sync(&priv->mcast_work); 378 del_timer_sync(&priv->tx_lockup_timer); 379 380 /* Disable command processing, and wait for all commands to complete */ 381 lbs_deb_main("waiting for commands to complete\n"); 382 wait_event(priv->waitq, lbs_command_queue_empty(priv)); 383 lbs_deb_main("all commands completed\n"); 384 385 if (priv->power_save) 386 ret = priv->power_save(priv); 387 388 lbs_deb_leave(LBS_DEB_MAIN); 389 return ret; 390 } 391 392 /** 393 * lbs_eth_stop - close the ethX interface 394 * 395 * @dev: A pointer to &net_device structure 396 * returns: 0 397 */ 398 static int lbs_eth_stop(struct net_device *dev) 399 { 400 struct lbs_private *priv = dev->ml_priv; 401 402 lbs_deb_enter(LBS_DEB_NET); 403 404 if (priv->connect_status == LBS_CONNECTED) 405 lbs_disconnect(priv, WLAN_REASON_DEAUTH_LEAVING); 406 407 spin_lock_irq(&priv->driver_lock); 408 netif_stop_queue(dev); 409 spin_unlock_irq(&priv->driver_lock); 410 411 lbs_update_mcast(priv); 412 cancel_delayed_work_sync(&priv->scan_work); 413 if (priv->scan_req) 414 lbs_scan_done(priv); 415 416 netif_carrier_off(priv->dev); 417 418 if (!lbs_iface_active(priv)) 419 lbs_stop_iface(priv); 420 421 lbs_deb_leave(LBS_DEB_NET); 422 return 0; 423 } 424 425 void lbs_host_to_card_done(struct lbs_private *priv) 426 { 427 unsigned long flags; 428 429 lbs_deb_enter(LBS_DEB_THREAD); 430 431 spin_lock_irqsave(&priv->driver_lock, flags); 432 del_timer(&priv->tx_lockup_timer); 433 434 priv->dnld_sent = DNLD_RES_RECEIVED; 435 436 /* Wake main thread if commands are pending */ 437 if (!priv->cur_cmd || priv->tx_pending_len > 0) { 438 if (!priv->wakeup_dev_required) 439 wake_up(&priv->waitq); 440 } 441 442 spin_unlock_irqrestore(&priv->driver_lock, flags); 443 lbs_deb_leave(LBS_DEB_THREAD); 444 } 445 EXPORT_SYMBOL_GPL(lbs_host_to_card_done); 446 447 int lbs_set_mac_address(struct net_device *dev, void *addr) 448 { 449 int ret = 0; 450 struct lbs_private *priv = dev->ml_priv; 451 struct sockaddr *phwaddr = addr; 452 453 lbs_deb_enter(LBS_DEB_NET); 454 455 /* 456 * Can only set MAC address when all interfaces are down, to be written 457 * to the hardware when one of them is brought up. 458 */ 459 if (lbs_iface_active(priv)) 460 return -EBUSY; 461 462 /* In case it was called from the mesh device */ 463 dev = priv->dev; 464 465 memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN); 466 memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN); 467 if (priv->mesh_dev) 468 memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN); 469 470 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 471 return ret; 472 } 473 474 475 static inline int mac_in_list(unsigned char *list, int list_len, 476 unsigned char *mac) 477 { 478 while (list_len) { 479 if (!memcmp(list, mac, ETH_ALEN)) 480 return 1; 481 list += ETH_ALEN; 482 list_len--; 483 } 484 return 0; 485 } 486 487 488 static int lbs_add_mcast_addrs(struct cmd_ds_mac_multicast_adr *cmd, 489 struct net_device *dev, int nr_addrs) 490 { 491 int i = nr_addrs; 492 struct netdev_hw_addr *ha; 493 int cnt; 494 495 if ((dev->flags & (IFF_UP|IFF_MULTICAST)) != (IFF_UP|IFF_MULTICAST)) 496 return nr_addrs; 497 498 netif_addr_lock_bh(dev); 499 cnt = netdev_mc_count(dev); 500 netdev_for_each_mc_addr(ha, dev) { 501 if (mac_in_list(cmd->maclist, nr_addrs, ha->addr)) { 502 lbs_deb_net("mcast address %s:%pM skipped\n", dev->name, 503 ha->addr); 504 cnt--; 505 continue; 506 } 507 508 if (i == MRVDRV_MAX_MULTICAST_LIST_SIZE) 509 break; 510 memcpy(&cmd->maclist[6*i], ha->addr, ETH_ALEN); 511 lbs_deb_net("mcast address %s:%pM added to filter\n", dev->name, 512 ha->addr); 513 i++; 514 cnt--; 515 } 516 netif_addr_unlock_bh(dev); 517 if (cnt) 518 return -EOVERFLOW; 519 520 return i; 521 } 522 523 void lbs_update_mcast(struct lbs_private *priv) 524 { 525 struct cmd_ds_mac_multicast_adr mcast_cmd; 526 int dev_flags = 0; 527 int nr_addrs; 528 int old_mac_control = priv->mac_control; 529 530 lbs_deb_enter(LBS_DEB_NET); 531 532 if (netif_running(priv->dev)) 533 dev_flags |= priv->dev->flags; 534 if (priv->mesh_dev && netif_running(priv->mesh_dev)) 535 dev_flags |= priv->mesh_dev->flags; 536 537 if (dev_flags & IFF_PROMISC) { 538 priv->mac_control |= CMD_ACT_MAC_PROMISCUOUS_ENABLE; 539 priv->mac_control &= ~(CMD_ACT_MAC_ALL_MULTICAST_ENABLE | 540 CMD_ACT_MAC_MULTICAST_ENABLE); 541 goto out_set_mac_control; 542 } else if (dev_flags & IFF_ALLMULTI) { 543 do_allmulti: 544 priv->mac_control |= CMD_ACT_MAC_ALL_MULTICAST_ENABLE; 545 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE | 546 CMD_ACT_MAC_MULTICAST_ENABLE); 547 goto out_set_mac_control; 548 } 549 550 /* Once for priv->dev, again for priv->mesh_dev if it exists */ 551 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->dev, 0); 552 if (nr_addrs >= 0 && priv->mesh_dev) 553 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->mesh_dev, nr_addrs); 554 if (nr_addrs < 0) 555 goto do_allmulti; 556 557 if (nr_addrs) { 558 int size = offsetof(struct cmd_ds_mac_multicast_adr, 559 maclist[6*nr_addrs]); 560 561 mcast_cmd.action = cpu_to_le16(CMD_ACT_SET); 562 mcast_cmd.hdr.size = cpu_to_le16(size); 563 mcast_cmd.nr_of_adrs = cpu_to_le16(nr_addrs); 564 565 lbs_cmd_async(priv, CMD_MAC_MULTICAST_ADR, &mcast_cmd.hdr, size); 566 567 priv->mac_control |= CMD_ACT_MAC_MULTICAST_ENABLE; 568 } else 569 priv->mac_control &= ~CMD_ACT_MAC_MULTICAST_ENABLE; 570 571 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE | 572 CMD_ACT_MAC_ALL_MULTICAST_ENABLE); 573 out_set_mac_control: 574 if (priv->mac_control != old_mac_control) 575 lbs_set_mac_control(priv); 576 577 lbs_deb_leave(LBS_DEB_NET); 578 } 579 580 static void lbs_set_mcast_worker(struct work_struct *work) 581 { 582 struct lbs_private *priv = container_of(work, struct lbs_private, mcast_work); 583 lbs_update_mcast(priv); 584 } 585 586 void lbs_set_multicast_list(struct net_device *dev) 587 { 588 struct lbs_private *priv = dev->ml_priv; 589 590 schedule_work(&priv->mcast_work); 591 } 592 593 /** 594 * lbs_thread - handles the major jobs in the LBS driver. 595 * It handles all events generated by firmware, RX data received 596 * from firmware and TX data sent from kernel. 597 * 598 * @data: A pointer to &lbs_thread structure 599 * returns: 0 600 */ 601 static int lbs_thread(void *data) 602 { 603 struct net_device *dev = data; 604 struct lbs_private *priv = dev->ml_priv; 605 wait_queue_t wait; 606 607 lbs_deb_enter(LBS_DEB_THREAD); 608 609 init_waitqueue_entry(&wait, current); 610 611 for (;;) { 612 int shouldsleep; 613 u8 resp_idx; 614 615 lbs_deb_thread("1: currenttxskb %p, dnld_sent %d\n", 616 priv->currenttxskb, priv->dnld_sent); 617 618 add_wait_queue(&priv->waitq, &wait); 619 set_current_state(TASK_INTERRUPTIBLE); 620 spin_lock_irq(&priv->driver_lock); 621 622 if (kthread_should_stop()) 623 shouldsleep = 0; /* Bye */ 624 else if (priv->surpriseremoved) 625 shouldsleep = 1; /* We need to wait until we're _told_ to die */ 626 else if (priv->psstate == PS_STATE_SLEEP) 627 shouldsleep = 1; /* Sleep mode. Nothing we can do till it wakes */ 628 else if (priv->cmd_timed_out) 629 shouldsleep = 0; /* Command timed out. Recover */ 630 else if (!priv->fw_ready) 631 shouldsleep = 1; /* Firmware not ready. We're waiting for it */ 632 else if (priv->dnld_sent) 633 shouldsleep = 1; /* Something is en route to the device already */ 634 else if (priv->tx_pending_len > 0) 635 shouldsleep = 0; /* We've a packet to send */ 636 else if (priv->resp_len[priv->resp_idx]) 637 shouldsleep = 0; /* We have a command response */ 638 else if (priv->cur_cmd) 639 shouldsleep = 1; /* Can't send a command; one already running */ 640 else if (!list_empty(&priv->cmdpendingq) && 641 !(priv->wakeup_dev_required)) 642 shouldsleep = 0; /* We have a command to send */ 643 else if (kfifo_len(&priv->event_fifo)) 644 shouldsleep = 0; /* We have an event to process */ 645 else 646 shouldsleep = 1; /* No command */ 647 648 if (shouldsleep) { 649 lbs_deb_thread("sleeping, connect_status %d, " 650 "psmode %d, psstate %d\n", 651 priv->connect_status, 652 priv->psmode, priv->psstate); 653 spin_unlock_irq(&priv->driver_lock); 654 schedule(); 655 } else 656 spin_unlock_irq(&priv->driver_lock); 657 658 lbs_deb_thread("2: currenttxskb %p, dnld_send %d\n", 659 priv->currenttxskb, priv->dnld_sent); 660 661 set_current_state(TASK_RUNNING); 662 remove_wait_queue(&priv->waitq, &wait); 663 664 lbs_deb_thread("3: currenttxskb %p, dnld_sent %d\n", 665 priv->currenttxskb, priv->dnld_sent); 666 667 if (kthread_should_stop()) { 668 lbs_deb_thread("break from main thread\n"); 669 break; 670 } 671 672 if (priv->surpriseremoved) { 673 lbs_deb_thread("adapter removed; waiting to die...\n"); 674 continue; 675 } 676 677 lbs_deb_thread("4: currenttxskb %p, dnld_sent %d\n", 678 priv->currenttxskb, priv->dnld_sent); 679 680 /* Process any pending command response */ 681 spin_lock_irq(&priv->driver_lock); 682 resp_idx = priv->resp_idx; 683 if (priv->resp_len[resp_idx]) { 684 spin_unlock_irq(&priv->driver_lock); 685 lbs_process_command_response(priv, 686 priv->resp_buf[resp_idx], 687 priv->resp_len[resp_idx]); 688 spin_lock_irq(&priv->driver_lock); 689 priv->resp_len[resp_idx] = 0; 690 } 691 spin_unlock_irq(&priv->driver_lock); 692 693 /* Process hardware events, e.g. card removed, link lost */ 694 spin_lock_irq(&priv->driver_lock); 695 while (kfifo_len(&priv->event_fifo)) { 696 u32 event; 697 698 if (kfifo_out(&priv->event_fifo, 699 (unsigned char *) &event, sizeof(event)) != 700 sizeof(event)) 701 break; 702 spin_unlock_irq(&priv->driver_lock); 703 lbs_process_event(priv, event); 704 spin_lock_irq(&priv->driver_lock); 705 } 706 spin_unlock_irq(&priv->driver_lock); 707 708 if (priv->wakeup_dev_required) { 709 lbs_deb_thread("Waking up device...\n"); 710 /* Wake up device */ 711 if (priv->exit_deep_sleep(priv)) 712 lbs_deb_thread("Wakeup device failed\n"); 713 continue; 714 } 715 716 /* command timeout stuff */ 717 if (priv->cmd_timed_out && priv->cur_cmd) { 718 struct cmd_ctrl_node *cmdnode = priv->cur_cmd; 719 720 netdev_info(dev, "Timeout submitting command 0x%04x\n", 721 le16_to_cpu(cmdnode->cmdbuf->command)); 722 lbs_complete_command(priv, cmdnode, -ETIMEDOUT); 723 724 /* Reset card, but only when it isn't in the process 725 * of being shutdown anyway. */ 726 if (!dev->dismantle && priv->reset_card) 727 priv->reset_card(priv); 728 } 729 priv->cmd_timed_out = 0; 730 731 if (!priv->fw_ready) 732 continue; 733 734 /* Check if we need to confirm Sleep Request received previously */ 735 if (priv->psstate == PS_STATE_PRE_SLEEP && 736 !priv->dnld_sent && !priv->cur_cmd) { 737 if (priv->connect_status == LBS_CONNECTED) { 738 lbs_deb_thread("pre-sleep, currenttxskb %p, " 739 "dnld_sent %d, cur_cmd %p\n", 740 priv->currenttxskb, priv->dnld_sent, 741 priv->cur_cmd); 742 743 lbs_ps_confirm_sleep(priv); 744 } else { 745 /* workaround for firmware sending 746 * deauth/linkloss event immediately 747 * after sleep request; remove this 748 * after firmware fixes it 749 */ 750 priv->psstate = PS_STATE_AWAKE; 751 netdev_alert(dev, 752 "ignore PS_SleepConfirm in non-connected state\n"); 753 } 754 } 755 756 /* The PS state is changed during processing of Sleep Request 757 * event above 758 */ 759 if ((priv->psstate == PS_STATE_SLEEP) || 760 (priv->psstate == PS_STATE_PRE_SLEEP)) 761 continue; 762 763 if (priv->is_deep_sleep) 764 continue; 765 766 /* Execute the next command */ 767 if (!priv->dnld_sent && !priv->cur_cmd) 768 lbs_execute_next_command(priv); 769 770 spin_lock_irq(&priv->driver_lock); 771 if (!priv->dnld_sent && priv->tx_pending_len > 0) { 772 int ret = priv->hw_host_to_card(priv, MVMS_DAT, 773 priv->tx_pending_buf, 774 priv->tx_pending_len); 775 if (ret) { 776 lbs_deb_tx("host_to_card failed %d\n", ret); 777 priv->dnld_sent = DNLD_RES_RECEIVED; 778 } else { 779 mod_timer(&priv->tx_lockup_timer, 780 jiffies + (HZ * 5)); 781 } 782 priv->tx_pending_len = 0; 783 if (!priv->currenttxskb) { 784 /* We can wake the queues immediately if we aren't 785 waiting for TX feedback */ 786 if (priv->connect_status == LBS_CONNECTED) 787 netif_wake_queue(priv->dev); 788 if (priv->mesh_dev && 789 netif_running(priv->mesh_dev)) 790 netif_wake_queue(priv->mesh_dev); 791 } 792 } 793 spin_unlock_irq(&priv->driver_lock); 794 } 795 796 del_timer(&priv->command_timer); 797 del_timer(&priv->tx_lockup_timer); 798 del_timer(&priv->auto_deepsleep_timer); 799 800 lbs_deb_leave(LBS_DEB_THREAD); 801 return 0; 802 } 803 804 /** 805 * lbs_setup_firmware - gets the HW spec from the firmware and sets 806 * some basic parameters 807 * 808 * @priv: A pointer to &struct lbs_private structure 809 * returns: 0 or -1 810 */ 811 static int lbs_setup_firmware(struct lbs_private *priv) 812 { 813 int ret = -1; 814 s16 curlevel = 0, minlevel = 0, maxlevel = 0; 815 816 lbs_deb_enter(LBS_DEB_FW); 817 818 /* Read MAC address from firmware */ 819 eth_broadcast_addr(priv->current_addr); 820 ret = lbs_update_hw_spec(priv); 821 if (ret) 822 goto done; 823 824 /* Read power levels if available */ 825 ret = lbs_get_tx_power(priv, &curlevel, &minlevel, &maxlevel); 826 if (ret == 0) { 827 priv->txpower_cur = curlevel; 828 priv->txpower_min = minlevel; 829 priv->txpower_max = maxlevel; 830 } 831 832 /* Send cmd to FW to enable 11D function */ 833 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_11D_ENABLE, 1); 834 if (ret) 835 goto done; 836 837 ret = lbs_set_mac_control_sync(priv); 838 done: 839 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 840 return ret; 841 } 842 843 int lbs_suspend(struct lbs_private *priv) 844 { 845 int ret; 846 847 lbs_deb_enter(LBS_DEB_FW); 848 849 if (priv->is_deep_sleep) { 850 ret = lbs_set_deep_sleep(priv, 0); 851 if (ret) { 852 netdev_err(priv->dev, 853 "deep sleep cancellation failed: %d\n", ret); 854 return ret; 855 } 856 priv->deep_sleep_required = 1; 857 } 858 859 ret = lbs_set_host_sleep(priv, 1); 860 861 netif_device_detach(priv->dev); 862 if (priv->mesh_dev) 863 netif_device_detach(priv->mesh_dev); 864 865 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 866 return ret; 867 } 868 EXPORT_SYMBOL_GPL(lbs_suspend); 869 870 int lbs_resume(struct lbs_private *priv) 871 { 872 int ret; 873 874 lbs_deb_enter(LBS_DEB_FW); 875 876 ret = lbs_set_host_sleep(priv, 0); 877 878 netif_device_attach(priv->dev); 879 if (priv->mesh_dev) 880 netif_device_attach(priv->mesh_dev); 881 882 if (priv->deep_sleep_required) { 883 priv->deep_sleep_required = 0; 884 ret = lbs_set_deep_sleep(priv, 1); 885 if (ret) 886 netdev_err(priv->dev, 887 "deep sleep activation failed: %d\n", ret); 888 } 889 890 if (priv->setup_fw_on_resume) 891 ret = lbs_setup_firmware(priv); 892 893 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret); 894 return ret; 895 } 896 EXPORT_SYMBOL_GPL(lbs_resume); 897 898 /** 899 * lbs_cmd_timeout_handler - handles the timeout of command sending. 900 * It will re-send the same command again. 901 * 902 * @data: &struct lbs_private pointer 903 */ 904 static void lbs_cmd_timeout_handler(unsigned long data) 905 { 906 struct lbs_private *priv = (struct lbs_private *)data; 907 unsigned long flags; 908 909 lbs_deb_enter(LBS_DEB_CMD); 910 spin_lock_irqsave(&priv->driver_lock, flags); 911 912 if (!priv->cur_cmd) 913 goto out; 914 915 netdev_info(priv->dev, "command 0x%04x timed out\n", 916 le16_to_cpu(priv->cur_cmd->cmdbuf->command)); 917 918 priv->cmd_timed_out = 1; 919 920 /* 921 * If the device didn't even acknowledge the command, reset the state 922 * so that we don't block all future commands due to this one timeout. 923 */ 924 if (priv->dnld_sent == DNLD_CMD_SENT) 925 priv->dnld_sent = DNLD_RES_RECEIVED; 926 927 wake_up(&priv->waitq); 928 out: 929 spin_unlock_irqrestore(&priv->driver_lock, flags); 930 lbs_deb_leave(LBS_DEB_CMD); 931 } 932 933 /** 934 * lbs_tx_lockup_handler - handles the timeout of the passing of TX frames 935 * to the hardware. This is known to frequently happen with SD8686 when 936 * waking up after a Wake-on-WLAN-triggered resume. 937 * 938 * @data: &struct lbs_private pointer 939 */ 940 static void lbs_tx_lockup_handler(unsigned long data) 941 { 942 struct lbs_private *priv = (struct lbs_private *)data; 943 unsigned long flags; 944 945 lbs_deb_enter(LBS_DEB_TX); 946 spin_lock_irqsave(&priv->driver_lock, flags); 947 948 netdev_info(priv->dev, "TX lockup detected\n"); 949 if (priv->reset_card) 950 priv->reset_card(priv); 951 952 priv->dnld_sent = DNLD_RES_RECEIVED; 953 wake_up_interruptible(&priv->waitq); 954 955 spin_unlock_irqrestore(&priv->driver_lock, flags); 956 lbs_deb_leave(LBS_DEB_TX); 957 } 958 959 /** 960 * auto_deepsleep_timer_fn - put the device back to deep sleep mode when 961 * timer expires and no activity (command, event, data etc.) is detected. 962 * @data: &struct lbs_private pointer 963 * returns: N/A 964 */ 965 static void auto_deepsleep_timer_fn(unsigned long data) 966 { 967 struct lbs_private *priv = (struct lbs_private *)data; 968 969 lbs_deb_enter(LBS_DEB_CMD); 970 971 if (priv->is_activity_detected) { 972 priv->is_activity_detected = 0; 973 } else { 974 if (priv->is_auto_deep_sleep_enabled && 975 (!priv->wakeup_dev_required) && 976 (priv->connect_status != LBS_CONNECTED)) { 977 struct cmd_header cmd; 978 979 lbs_deb_main("Entering auto deep sleep mode...\n"); 980 memset(&cmd, 0, sizeof(cmd)); 981 cmd.size = cpu_to_le16(sizeof(cmd)); 982 lbs_cmd_async(priv, CMD_802_11_DEEP_SLEEP, &cmd, 983 sizeof(cmd)); 984 } 985 } 986 mod_timer(&priv->auto_deepsleep_timer , jiffies + 987 (priv->auto_deep_sleep_timeout * HZ)/1000); 988 lbs_deb_leave(LBS_DEB_CMD); 989 } 990 991 int lbs_enter_auto_deep_sleep(struct lbs_private *priv) 992 { 993 lbs_deb_enter(LBS_DEB_SDIO); 994 995 priv->is_auto_deep_sleep_enabled = 1; 996 if (priv->is_deep_sleep) 997 priv->wakeup_dev_required = 1; 998 mod_timer(&priv->auto_deepsleep_timer , 999 jiffies + (priv->auto_deep_sleep_timeout * HZ)/1000); 1000 1001 lbs_deb_leave(LBS_DEB_SDIO); 1002 return 0; 1003 } 1004 1005 int lbs_exit_auto_deep_sleep(struct lbs_private *priv) 1006 { 1007 lbs_deb_enter(LBS_DEB_SDIO); 1008 1009 priv->is_auto_deep_sleep_enabled = 0; 1010 priv->auto_deep_sleep_timeout = 0; 1011 del_timer(&priv->auto_deepsleep_timer); 1012 1013 lbs_deb_leave(LBS_DEB_SDIO); 1014 return 0; 1015 } 1016 1017 static int lbs_init_adapter(struct lbs_private *priv) 1018 { 1019 int ret; 1020 1021 lbs_deb_enter(LBS_DEB_MAIN); 1022 1023 eth_broadcast_addr(priv->current_addr); 1024 1025 priv->connect_status = LBS_DISCONNECTED; 1026 priv->channel = DEFAULT_AD_HOC_CHANNEL; 1027 priv->mac_control = CMD_ACT_MAC_RX_ON | CMD_ACT_MAC_TX_ON; 1028 priv->radio_on = 1; 1029 priv->psmode = LBS802_11POWERMODECAM; 1030 priv->psstate = PS_STATE_FULL_POWER; 1031 priv->is_deep_sleep = 0; 1032 priv->is_auto_deep_sleep_enabled = 0; 1033 priv->deep_sleep_required = 0; 1034 priv->wakeup_dev_required = 0; 1035 init_waitqueue_head(&priv->ds_awake_q); 1036 init_waitqueue_head(&priv->scan_q); 1037 priv->authtype_auto = 1; 1038 priv->is_host_sleep_configured = 0; 1039 priv->is_host_sleep_activated = 0; 1040 init_waitqueue_head(&priv->host_sleep_q); 1041 init_waitqueue_head(&priv->fw_waitq); 1042 mutex_init(&priv->lock); 1043 1044 setup_timer(&priv->command_timer, lbs_cmd_timeout_handler, 1045 (unsigned long)priv); 1046 setup_timer(&priv->tx_lockup_timer, lbs_tx_lockup_handler, 1047 (unsigned long)priv); 1048 setup_timer(&priv->auto_deepsleep_timer, auto_deepsleep_timer_fn, 1049 (unsigned long)priv); 1050 1051 INIT_LIST_HEAD(&priv->cmdfreeq); 1052 INIT_LIST_HEAD(&priv->cmdpendingq); 1053 1054 spin_lock_init(&priv->driver_lock); 1055 1056 /* Allocate the command buffers */ 1057 if (lbs_allocate_cmd_buffer(priv)) { 1058 pr_err("Out of memory allocating command buffers\n"); 1059 ret = -ENOMEM; 1060 goto out; 1061 } 1062 priv->resp_idx = 0; 1063 priv->resp_len[0] = priv->resp_len[1] = 0; 1064 1065 /* Create the event FIFO */ 1066 ret = kfifo_alloc(&priv->event_fifo, sizeof(u32) * 16, GFP_KERNEL); 1067 if (ret) { 1068 pr_err("Out of memory allocating event FIFO buffer\n"); 1069 goto out; 1070 } 1071 1072 out: 1073 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret); 1074 1075 return ret; 1076 } 1077 1078 static void lbs_free_adapter(struct lbs_private *priv) 1079 { 1080 lbs_deb_enter(LBS_DEB_MAIN); 1081 1082 lbs_free_cmd_buffer(priv); 1083 kfifo_free(&priv->event_fifo); 1084 del_timer(&priv->command_timer); 1085 del_timer(&priv->tx_lockup_timer); 1086 del_timer(&priv->auto_deepsleep_timer); 1087 1088 lbs_deb_leave(LBS_DEB_MAIN); 1089 } 1090 1091 static const struct net_device_ops lbs_netdev_ops = { 1092 .ndo_open = lbs_dev_open, 1093 .ndo_stop = lbs_eth_stop, 1094 .ndo_start_xmit = lbs_hard_start_xmit, 1095 .ndo_set_mac_address = lbs_set_mac_address, 1096 .ndo_set_rx_mode = lbs_set_multicast_list, 1097 .ndo_change_mtu = eth_change_mtu, 1098 .ndo_validate_addr = eth_validate_addr, 1099 }; 1100 1101 /** 1102 * lbs_add_card - adds the card. It will probe the 1103 * card, allocate the lbs_priv and initialize the device. 1104 * 1105 * @card: A pointer to card 1106 * @dmdev: A pointer to &struct device 1107 * returns: A pointer to &struct lbs_private structure 1108 */ 1109 struct lbs_private *lbs_add_card(void *card, struct device *dmdev) 1110 { 1111 struct net_device *dev; 1112 struct wireless_dev *wdev; 1113 struct lbs_private *priv = NULL; 1114 1115 lbs_deb_enter(LBS_DEB_MAIN); 1116 1117 /* Allocate an Ethernet device and register it */ 1118 wdev = lbs_cfg_alloc(dmdev); 1119 if (IS_ERR(wdev)) { 1120 pr_err("cfg80211 init failed\n"); 1121 goto done; 1122 } 1123 1124 wdev->iftype = NL80211_IFTYPE_STATION; 1125 priv = wdev_priv(wdev); 1126 priv->wdev = wdev; 1127 1128 if (lbs_init_adapter(priv)) { 1129 pr_err("failed to initialize adapter structure\n"); 1130 goto err_wdev; 1131 } 1132 1133 dev = alloc_netdev(0, "wlan%d", NET_NAME_UNKNOWN, ether_setup); 1134 if (!dev) { 1135 dev_err(dmdev, "no memory for network device instance\n"); 1136 goto err_adapter; 1137 } 1138 1139 dev->ieee80211_ptr = wdev; 1140 dev->ml_priv = priv; 1141 SET_NETDEV_DEV(dev, dmdev); 1142 wdev->netdev = dev; 1143 priv->dev = dev; 1144 1145 dev->netdev_ops = &lbs_netdev_ops; 1146 dev->watchdog_timeo = 5 * HZ; 1147 dev->ethtool_ops = &lbs_ethtool_ops; 1148 dev->flags |= IFF_BROADCAST | IFF_MULTICAST; 1149 1150 priv->card = card; 1151 1152 strcpy(dev->name, "wlan%d"); 1153 1154 lbs_deb_thread("Starting main thread...\n"); 1155 init_waitqueue_head(&priv->waitq); 1156 priv->main_thread = kthread_run(lbs_thread, dev, "lbs_main"); 1157 if (IS_ERR(priv->main_thread)) { 1158 lbs_deb_thread("Error creating main thread.\n"); 1159 goto err_ndev; 1160 } 1161 1162 priv->work_thread = create_singlethread_workqueue("lbs_worker"); 1163 INIT_WORK(&priv->mcast_work, lbs_set_mcast_worker); 1164 1165 priv->wol_criteria = EHS_REMOVE_WAKEUP; 1166 priv->wol_gpio = 0xff; 1167 priv->wol_gap = 20; 1168 priv->ehs_remove_supported = true; 1169 1170 goto done; 1171 1172 err_ndev: 1173 free_netdev(dev); 1174 1175 err_adapter: 1176 lbs_free_adapter(priv); 1177 1178 err_wdev: 1179 lbs_cfg_free(priv); 1180 1181 priv = NULL; 1182 1183 done: 1184 lbs_deb_leave_args(LBS_DEB_MAIN, "priv %p", priv); 1185 return priv; 1186 } 1187 EXPORT_SYMBOL_GPL(lbs_add_card); 1188 1189 1190 void lbs_remove_card(struct lbs_private *priv) 1191 { 1192 struct net_device *dev = priv->dev; 1193 1194 lbs_deb_enter(LBS_DEB_MAIN); 1195 1196 lbs_remove_mesh(priv); 1197 1198 if (priv->wiphy_registered) 1199 lbs_scan_deinit(priv); 1200 1201 lbs_wait_for_firmware_load(priv); 1202 1203 /* worker thread destruction blocks on the in-flight command which 1204 * should have been cleared already in lbs_stop_card(). 1205 */ 1206 lbs_deb_main("destroying worker thread\n"); 1207 destroy_workqueue(priv->work_thread); 1208 lbs_deb_main("done destroying worker thread\n"); 1209 1210 if (priv->psmode == LBS802_11POWERMODEMAX_PSP) { 1211 priv->psmode = LBS802_11POWERMODECAM; 1212 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, true); 1213 } 1214 1215 if (priv->is_deep_sleep) { 1216 priv->is_deep_sleep = 0; 1217 wake_up_interruptible(&priv->ds_awake_q); 1218 } 1219 1220 priv->is_host_sleep_configured = 0; 1221 priv->is_host_sleep_activated = 0; 1222 wake_up_interruptible(&priv->host_sleep_q); 1223 1224 /* Stop the thread servicing the interrupts */ 1225 priv->surpriseremoved = 1; 1226 kthread_stop(priv->main_thread); 1227 1228 lbs_free_adapter(priv); 1229 lbs_cfg_free(priv); 1230 free_netdev(dev); 1231 1232 lbs_deb_leave(LBS_DEB_MAIN); 1233 } 1234 EXPORT_SYMBOL_GPL(lbs_remove_card); 1235 1236 1237 int lbs_rtap_supported(struct lbs_private *priv) 1238 { 1239 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5) 1240 return 1; 1241 1242 /* newer firmware use a capability mask */ 1243 return ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) && 1244 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK)); 1245 } 1246 1247 1248 int lbs_start_card(struct lbs_private *priv) 1249 { 1250 struct net_device *dev = priv->dev; 1251 int ret = -1; 1252 1253 lbs_deb_enter(LBS_DEB_MAIN); 1254 1255 /* poke the firmware */ 1256 ret = lbs_setup_firmware(priv); 1257 if (ret) 1258 goto done; 1259 1260 if (!lbs_disablemesh) 1261 lbs_init_mesh(priv); 1262 else 1263 pr_info("%s: mesh disabled\n", dev->name); 1264 1265 if (lbs_cfg_register(priv)) { 1266 pr_err("cannot register device\n"); 1267 goto done; 1268 } 1269 1270 if (lbs_mesh_activated(priv)) 1271 lbs_start_mesh(priv); 1272 1273 lbs_debugfs_init_one(priv, dev); 1274 1275 netdev_info(dev, "Marvell WLAN 802.11 adapter\n"); 1276 1277 ret = 0; 1278 1279 done: 1280 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret); 1281 return ret; 1282 } 1283 EXPORT_SYMBOL_GPL(lbs_start_card); 1284 1285 1286 void lbs_stop_card(struct lbs_private *priv) 1287 { 1288 struct net_device *dev; 1289 1290 lbs_deb_enter(LBS_DEB_MAIN); 1291 1292 if (!priv) 1293 goto out; 1294 dev = priv->dev; 1295 1296 /* If the netdev isn't registered, it means that lbs_start_card() was 1297 * never called so we have nothing to do here. */ 1298 if (dev->reg_state != NETREG_REGISTERED) 1299 goto out; 1300 1301 netif_stop_queue(dev); 1302 netif_carrier_off(dev); 1303 1304 lbs_debugfs_remove_one(priv); 1305 lbs_deinit_mesh(priv); 1306 unregister_netdev(dev); 1307 1308 out: 1309 lbs_deb_leave(LBS_DEB_MAIN); 1310 } 1311 EXPORT_SYMBOL_GPL(lbs_stop_card); 1312 1313 1314 void lbs_queue_event(struct lbs_private *priv, u32 event) 1315 { 1316 unsigned long flags; 1317 1318 lbs_deb_enter(LBS_DEB_THREAD); 1319 spin_lock_irqsave(&priv->driver_lock, flags); 1320 1321 if (priv->psstate == PS_STATE_SLEEP) 1322 priv->psstate = PS_STATE_AWAKE; 1323 1324 kfifo_in(&priv->event_fifo, (unsigned char *) &event, sizeof(u32)); 1325 1326 wake_up(&priv->waitq); 1327 1328 spin_unlock_irqrestore(&priv->driver_lock, flags); 1329 lbs_deb_leave(LBS_DEB_THREAD); 1330 } 1331 EXPORT_SYMBOL_GPL(lbs_queue_event); 1332 1333 void lbs_notify_command_response(struct lbs_private *priv, u8 resp_idx) 1334 { 1335 lbs_deb_enter(LBS_DEB_THREAD); 1336 1337 if (priv->psstate == PS_STATE_SLEEP) 1338 priv->psstate = PS_STATE_AWAKE; 1339 1340 /* Swap buffers by flipping the response index */ 1341 BUG_ON(resp_idx > 1); 1342 priv->resp_idx = resp_idx; 1343 1344 wake_up(&priv->waitq); 1345 1346 lbs_deb_leave(LBS_DEB_THREAD); 1347 } 1348 EXPORT_SYMBOL_GPL(lbs_notify_command_response); 1349 1350 static int __init lbs_init_module(void) 1351 { 1352 lbs_deb_enter(LBS_DEB_MAIN); 1353 memset(&confirm_sleep, 0, sizeof(confirm_sleep)); 1354 confirm_sleep.hdr.command = cpu_to_le16(CMD_802_11_PS_MODE); 1355 confirm_sleep.hdr.size = cpu_to_le16(sizeof(confirm_sleep)); 1356 confirm_sleep.action = cpu_to_le16(PS_MODE_ACTION_SLEEP_CONFIRMED); 1357 lbs_debugfs_init(); 1358 lbs_deb_leave(LBS_DEB_MAIN); 1359 return 0; 1360 } 1361 1362 static void __exit lbs_exit_module(void) 1363 { 1364 lbs_deb_enter(LBS_DEB_MAIN); 1365 lbs_debugfs_remove(); 1366 lbs_deb_leave(LBS_DEB_MAIN); 1367 } 1368 1369 module_init(lbs_init_module); 1370 module_exit(lbs_exit_module); 1371 1372 MODULE_DESCRIPTION("Libertas WLAN Driver Library"); 1373 MODULE_AUTHOR("Marvell International Ltd."); 1374 MODULE_LICENSE("GPL"); 1375 1376 #line 149 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/main.o.c.prepared" 1377 1378 int ldv_retval_4; 1379 void ldv_initialize(void); 1380 void ldv_check_final_state(void); 1381 int ldv_ndo_init_15(void); 1382 int ldv_retval_3; 1383 int ldv_retval_2; 1384 int ldv_ndo_uninit_15(void); 1385 1386 1387 int evil_hack_15(void){ 1388 rtnl_lock(); 1389 return 1; 1390 } 1391 1392 1393 void choose_timer_2(void){ 1394 switch(__VERIFIER_nondet_int()){ 1395 case 0: { 1396 if(ldv_timer_2_0 == 1){ 1397 ldv_timer_2_0 = 2; 1398 ldv_timer_2(ldv_timer_2_0, ldv_timer_list_2_0); 1399 } 1400 } 1401 break; 1402 case 1: { 1403 if(ldv_timer_2_1 == 1){ 1404 ldv_timer_2_1 = 2; 1405 ldv_timer_2(ldv_timer_2_1, ldv_timer_list_2_1); 1406 } 1407 } 1408 break; 1409 case 2: { 1410 if(ldv_timer_2_2 == 1){ 1411 ldv_timer_2_2 = 2; 1412 ldv_timer_2(ldv_timer_2_2, ldv_timer_list_2_2); 1413 } 1414 } 1415 break; 1416 case 3: { 1417 if(ldv_timer_2_3 == 1){ 1418 ldv_timer_2_3 = 2; 1419 ldv_timer_2(ldv_timer_2_3, ldv_timer_list_2_3); 1420 } 1421 } 1422 break; 1423 default: ldv_assume(0); 1424 } 1425 return; 1426 } 1427 1428 1429 int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data){ 1430 if(function == lbs_tx_lockup_handler){ 1431 activate_suitable_timer_2(timer, data); 1432 } 1433 } 1434 1435 1436 void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag){ 1437 if(ldv_timer_list_2_0 == timer){ 1438 if(ldv_timer_2_0 == 2 || pending_flag){ 1439 ldv_timer_list_2_0 = timer; 1440 ldv_timer_list_2_0->data = data; 1441 ldv_timer_2_0 = 1; 1442 } 1443 return; 1444 } 1445 1446 if(ldv_timer_list_2_1 == timer){ 1447 if(ldv_timer_2_1 == 2 || pending_flag){ 1448 ldv_timer_list_2_1 = timer; 1449 ldv_timer_list_2_1->data = data; 1450 ldv_timer_2_1 = 1; 1451 } 1452 return; 1453 } 1454 1455 if(ldv_timer_list_2_2 == timer){ 1456 if(ldv_timer_2_2 == 2 || pending_flag){ 1457 ldv_timer_list_2_2 = timer; 1458 ldv_timer_list_2_2->data = data; 1459 ldv_timer_2_2= 1; 1460 } 1461 return; 1462 } 1463 1464 if(ldv_timer_list_2_3 == timer){ 1465 if(ldv_timer_2_3 == 2 || pending_flag){ 1466 ldv_timer_list_2_3 = timer; 1467 ldv_timer_list_2_3->data = data; 1468 ldv_timer_2_3 = 1; 1469 } 1470 return; 1471 } 1472 activate_suitable_timer_2(timer, data); 1473 } 1474 1475 1476 void choose_timer_3(void){ 1477 switch(__VERIFIER_nondet_int()){ 1478 case 0: { 1479 if(ldv_timer_3_0 == 1){ 1480 ldv_timer_3_0 = 2; 1481 ldv_timer_3(ldv_timer_3_0, ldv_timer_list_3_0); 1482 } 1483 } 1484 break; 1485 case 1: { 1486 if(ldv_timer_3_1 == 1){ 1487 ldv_timer_3_1 = 2; 1488 ldv_timer_3(ldv_timer_3_1, ldv_timer_list_3_1); 1489 } 1490 } 1491 break; 1492 case 2: { 1493 if(ldv_timer_3_2 == 1){ 1494 ldv_timer_3_2 = 2; 1495 ldv_timer_3(ldv_timer_3_2, ldv_timer_list_3_2); 1496 } 1497 } 1498 break; 1499 case 3: { 1500 if(ldv_timer_3_3 == 1){ 1501 ldv_timer_3_3 = 2; 1502 ldv_timer_3(ldv_timer_3_3, ldv_timer_list_3_3); 1503 } 1504 } 1505 break; 1506 default: ldv_assume(0); 1507 } 1508 return; 1509 } 1510 1511 1512 void timer_init_3(void){ 1513 ldv_timer_3_0 = 0; 1514 ldv_timer_3_1 = 0; 1515 ldv_timer_3_2 = 0; 1516 ldv_timer_3_3 = 0; 1517 } 1518 1519 1520 void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag){ 1521 if(ldv_timer_list_1_0 == timer){ 1522 if(ldv_timer_1_0 == 2 || pending_flag){ 1523 ldv_timer_list_1_0 = timer; 1524 ldv_timer_list_1_0->data = data; 1525 ldv_timer_1_0 = 1; 1526 } 1527 return; 1528 } 1529 1530 if(ldv_timer_list_1_1 == timer){ 1531 if(ldv_timer_1_1 == 2 || pending_flag){ 1532 ldv_timer_list_1_1 = timer; 1533 ldv_timer_list_1_1->data = data; 1534 ldv_timer_1_1 = 1; 1535 } 1536 return; 1537 } 1538 1539 if(ldv_timer_list_1_2 == timer){ 1540 if(ldv_timer_1_2 == 2 || pending_flag){ 1541 ldv_timer_list_1_2 = timer; 1542 ldv_timer_list_1_2->data = data; 1543 ldv_timer_1_2= 1; 1544 } 1545 return; 1546 } 1547 1548 if(ldv_timer_list_1_3 == timer){ 1549 if(ldv_timer_1_3 == 2 || pending_flag){ 1550 ldv_timer_list_1_3 = timer; 1551 ldv_timer_list_1_3->data = data; 1552 ldv_timer_1_3 = 1; 1553 } 1554 return; 1555 } 1556 activate_suitable_timer_1(timer, data); 1557 } 1558 1559 1560 void timer_init_2(void){ 1561 ldv_timer_2_0 = 0; 1562 ldv_timer_2_1 = 0; 1563 ldv_timer_2_2 = 0; 1564 ldv_timer_2_3 = 0; 1565 } 1566 1567 1568 void timer_init_1(void){ 1569 ldv_timer_1_0 = 0; 1570 ldv_timer_1_1 = 0; 1571 ldv_timer_1_2 = 0; 1572 ldv_timer_1_3 = 0; 1573 } 1574 1575 1576 void ldv_net_device_ops_15(void){ 1577 lbs_netdev_ops_group1 = ldv_undef_ptr(); 1578 } 1579 1580 1581 void disable_suitable_timer_3(struct timer_list * timer){ 1582 if(ldv_timer_3_0 != 0 && timer == ldv_timer_list_3_0){ 1583 ldv_timer_3_0 = 0; 1584 return; 1585 } 1586 if(ldv_timer_3_1 != 0 && timer == ldv_timer_list_3_1){ 1587 ldv_timer_3_1 = 0; 1588 return; 1589 } 1590 if(ldv_timer_3_2 != 0 && timer == ldv_timer_list_3_2){ 1591 ldv_timer_3_2 = 0; 1592 return; 1593 } 1594 if(ldv_timer_3_3 != 0 && timer == ldv_timer_list_3_3){ 1595 ldv_timer_3_3 = 0; 1596 return; 1597 } 1598 return; 1599 } 1600 1601 1602 void activate_suitable_timer_3(struct timer_list * timer, unsigned long data){ 1603 if(ldv_timer_3_0 == 0 || ldv_timer_3_0 == 2){ 1604 ldv_timer_list_3_0 = timer; 1605 ldv_timer_list_3_0->data = data; 1606 ldv_timer_3_0 = 1; 1607 return; 1608 } 1609 if(ldv_timer_3_1 == 0 || ldv_timer_3_1 == 2){ 1610 ldv_timer_list_3_1 = timer; 1611 ldv_timer_list_3_1->data = data; 1612 ldv_timer_3_1 = 1; 1613 return; 1614 } 1615 if(ldv_timer_3_2 == 0 || ldv_timer_3_2 == 2){ 1616 ldv_timer_list_3_2 = timer; 1617 ldv_timer_list_3_2->data = data; 1618 ldv_timer_3_2 = 1; 1619 return; 1620 } 1621 if(ldv_timer_3_3 == 0 || ldv_timer_3_3 == 2){ 1622 ldv_timer_list_3_3 = timer; 1623 ldv_timer_list_3_3->data = data; 1624 ldv_timer_3_3 = 1; 1625 return; 1626 } 1627 return; 1628 } 1629 1630 1631 int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data){ 1632 if(function == lbs_cmd_timeout_handler){ 1633 activate_suitable_timer_1(timer, data); 1634 } 1635 } 1636 1637 1638 void disable_suitable_timer_2(struct timer_list * timer){ 1639 if(ldv_timer_2_0 != 0 && timer == ldv_timer_list_2_0){ 1640 ldv_timer_2_0 = 0; 1641 return; 1642 } 1643 if(ldv_timer_2_1 != 0 && timer == ldv_timer_list_2_1){ 1644 ldv_timer_2_1 = 0; 1645 return; 1646 } 1647 if(ldv_timer_2_2 != 0 && timer == ldv_timer_list_2_2){ 1648 ldv_timer_2_2 = 0; 1649 return; 1650 } 1651 if(ldv_timer_2_3 != 0 && timer == ldv_timer_list_2_3){ 1652 ldv_timer_2_3 = 0; 1653 return; 1654 } 1655 return; 1656 } 1657 1658 1659 void disable_suitable_timer_1(struct timer_list * timer){ 1660 if(ldv_timer_1_0 != 0 && timer == ldv_timer_list_1_0){ 1661 ldv_timer_1_0 = 0; 1662 return; 1663 } 1664 if(ldv_timer_1_1 != 0 && timer == ldv_timer_list_1_1){ 1665 ldv_timer_1_1 = 0; 1666 return; 1667 } 1668 if(ldv_timer_1_2 != 0 && timer == ldv_timer_list_1_2){ 1669 ldv_timer_1_2 = 0; 1670 return; 1671 } 1672 if(ldv_timer_1_3 != 0 && timer == ldv_timer_list_1_3){ 1673 ldv_timer_1_3 = 0; 1674 return; 1675 } 1676 return; 1677 } 1678 1679 1680 int evil_hack_fs_lock(void){ 1681 mutex_lock(&fs_mutex); 1682 return 1; 1683 } 1684 1685 1686 void activate_suitable_timer_1(struct timer_list * timer, unsigned long data){ 1687 if(ldv_timer_1_0 == 0 || ldv_timer_1_0 == 2){ 1688 ldv_timer_list_1_0 = timer; 1689 ldv_timer_list_1_0->data = data; 1690 ldv_timer_1_0 = 1; 1691 return; 1692 } 1693 if(ldv_timer_1_1 == 0 || ldv_timer_1_1 == 2){ 1694 ldv_timer_list_1_1 = timer; 1695 ldv_timer_list_1_1->data = data; 1696 ldv_timer_1_1 = 1; 1697 return; 1698 } 1699 if(ldv_timer_1_2 == 0 || ldv_timer_1_2 == 2){ 1700 ldv_timer_list_1_2 = timer; 1701 ldv_timer_list_1_2->data = data; 1702 ldv_timer_1_2 = 1; 1703 return; 1704 } 1705 if(ldv_timer_1_3 == 0 || ldv_timer_1_3 == 2){ 1706 ldv_timer_list_1_3 = timer; 1707 ldv_timer_list_1_3->data = data; 1708 ldv_timer_1_3 = 1; 1709 return; 1710 } 1711 return; 1712 } 1713 1714 1715 void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag){ 1716 if(ldv_timer_list_3_0 == timer){ 1717 if(ldv_timer_3_0 == 2 || pending_flag){ 1718 ldv_timer_list_3_0 = timer; 1719 ldv_timer_list_3_0->data = data; 1720 ldv_timer_3_0 = 1; 1721 } 1722 return; 1723 } 1724 1725 if(ldv_timer_list_3_1 == timer){ 1726 if(ldv_timer_3_1 == 2 || pending_flag){ 1727 ldv_timer_list_3_1 = timer; 1728 ldv_timer_list_3_1->data = data; 1729 ldv_timer_3_1 = 1; 1730 } 1731 return; 1732 } 1733 1734 if(ldv_timer_list_3_2 == timer){ 1735 if(ldv_timer_3_2 == 2 || pending_flag){ 1736 ldv_timer_list_3_2 = timer; 1737 ldv_timer_list_3_2->data = data; 1738 ldv_timer_3_2= 1; 1739 } 1740 return; 1741 } 1742 1743 if(ldv_timer_list_3_3 == timer){ 1744 if(ldv_timer_3_3 == 2 || pending_flag){ 1745 ldv_timer_list_3_3 = timer; 1746 ldv_timer_list_3_3->data = data; 1747 ldv_timer_3_3 = 1; 1748 } 1749 return; 1750 } 1751 activate_suitable_timer_3(timer, data); 1752 } 1753 1754 int __VERIFIER_nondet_int(void); 1755 1756 int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data){ 1757 if(function == auto_deepsleep_timer_fn){ 1758 activate_suitable_timer_3(timer, data); 1759 } 1760 } 1761 1762 1763 void choose_timer_1(void){ 1764 switch(__VERIFIER_nondet_int()){ 1765 case 0: { 1766 if(ldv_timer_1_0 == 1){ 1767 ldv_timer_1_0 = 2; 1768 ldv_timer_1(ldv_timer_1_0, ldv_timer_list_1_0); 1769 } 1770 } 1771 break; 1772 case 1: { 1773 if(ldv_timer_1_1 == 1){ 1774 ldv_timer_1_1 = 2; 1775 ldv_timer_1(ldv_timer_1_1, ldv_timer_list_1_1); 1776 } 1777 } 1778 break; 1779 case 2: { 1780 if(ldv_timer_1_2 == 1){ 1781 ldv_timer_1_2 = 2; 1782 ldv_timer_1(ldv_timer_1_2, ldv_timer_list_1_2); 1783 } 1784 } 1785 break; 1786 case 3: { 1787 if(ldv_timer_1_3 == 1){ 1788 ldv_timer_1_3 = 2; 1789 ldv_timer_1(ldv_timer_1_3, ldv_timer_list_1_3); 1790 } 1791 } 1792 break; 1793 default: ldv_assume(0); 1794 } 1795 return; 1796 } 1797 1798 1799 void ldv_timer_1(int state, struct timer_list * timer){ 1800 LDV_IN_INTERRUPT=2; 1801 (lbs_cmd_timeout_handler)(timer->data); 1802 LDV_IN_INTERRUPT=1; 1803 } 1804 1805 1806 int evil_hack_ar_lock(void){ 1807 mutex_lock(&ar_mutex); 1808 return 1; 1809 } 1810 1811 1812 void activate_suitable_timer_2(struct timer_list * timer, unsigned long data){ 1813 if(ldv_timer_2_0 == 0 || ldv_timer_2_0 == 2){ 1814 ldv_timer_list_2_0 = timer; 1815 ldv_timer_list_2_0->data = data; 1816 ldv_timer_2_0 = 1; 1817 return; 1818 } 1819 if(ldv_timer_2_1 == 0 || ldv_timer_2_1 == 2){ 1820 ldv_timer_list_2_1 = timer; 1821 ldv_timer_list_2_1->data = data; 1822 ldv_timer_2_1 = 1; 1823 return; 1824 } 1825 if(ldv_timer_2_2 == 0 || ldv_timer_2_2 == 2){ 1826 ldv_timer_list_2_2 = timer; 1827 ldv_timer_list_2_2->data = data; 1828 ldv_timer_2_2 = 1; 1829 return; 1830 } 1831 if(ldv_timer_2_3 == 0 || ldv_timer_2_3 == 2){ 1832 ldv_timer_list_2_3 = timer; 1833 ldv_timer_list_2_3->data = data; 1834 ldv_timer_2_3 = 1; 1835 return; 1836 } 1837 return; 1838 } 1839 1840 1841 void ldv_timer_2(int state, struct timer_list * timer){ 1842 LDV_IN_INTERRUPT=2; 1843 (lbs_tx_lockup_handler)(timer->data); 1844 LDV_IN_INTERRUPT=1; 1845 } 1846 1847 1848 void ldv_timer_3(int state, struct timer_list * timer){ 1849 LDV_IN_INTERRUPT=2; 1850 (auto_deepsleep_timer_fn)(timer->data); 1851 LDV_IN_INTERRUPT=1; 1852 } 1853 1854 1855 /* DEG-ENVIRONMENT-BEGIN */ 1856 extern void ldv_main_exported_16(void); 1857 extern void ldv_main_exported_6(void); 1858 extern void ldv_main_exported_11(void); 1859 extern void ldv_main_exported_7(void); 1860 extern void ldv_main_exported_9(void); 1861 extern void ldv_main_exported_12(void); 1862 extern void ldv_main_exported_14(void); 1863 extern void ldv_main_exported_8(void); 1864 extern void ldv_main_exported_4(void); 1865 extern void ldv_main_exported_13(void); 1866 extern void ldv_main_exported_10(void); 1867 extern void ldv_main_exported_5(void); 1868 extern void ldv_main_exported_18(void); 1869 extern void ldv_main_exported_0(void); 1870 extern void ldv_main_exported_15(void); 1871 extern void ldv_main_exported_17(void); 1872 1873 //********************* LDV MAIN ********************* 1874 //main 1875 void entry_point(void){ 1876 ldv_initialize(); 1877 //args for callbacks 1878 struct sk_buff *ldvarg73; 1879 int ldvarg74; 1880 void *ldvarg72; 1881 //initialization of machine states 1882 ldv_state_variable_11=0; 1883 ldv_state_variable_7=0; 1884 ldv_state_variable_17=0; 1885 1886 timer_init_2(); 1887 1888 ldv_state_variable_2=1; 1889 1890 timer_init_1(); 1891 1892 ldv_state_variable_1=1; 1893 ldv_state_variable_18=0; 1894 ref_cnt=0; 1895 ldv_state_variable_0=1; 1896 ldv_state_variable_16=0; 1897 ldv_state_variable_13=0; 1898 ldv_state_variable_6=0; 1899 1900 timer_init_3(); 1901 1902 ldv_state_variable_3=1; 1903 ldv_state_variable_9=0; 1904 ldv_state_variable_12=0; 1905 ldv_state_variable_14=0; 1906 ldv_state_variable_15=0; 1907 ldv_state_variable_8=0; 1908 ldv_state_variable_4=0; 1909 ldv_state_variable_10=0; 1910 ldv_state_variable_5=0; 1911 while(1){ 1912 switch(__VERIFIER_nondet_int()){ 1913 case 0:{ 1914 /*DEG-struct: handlers from structure dev_attr_bootflag*/ 1915 /*DEG-CHECK: checking registration of dev_attr_bootflag structure*/ 1916 if(ldv_state_variable_11 != 0){ 1917 ldv_main_exported_11(); 1918 } 1919 } 1920 break; 1921 case 1:{ 1922 /*DEG-struct: handlers from structure dev_attr_protocol_id*/ 1923 /*DEG-CHECK: checking registration of dev_attr_protocol_id structure*/ 1924 if(ldv_state_variable_7 != 0){ 1925 ldv_main_exported_7(); 1926 } 1927 } 1928 break; 1929 case 2:{ 1930 /*DEG-struct: handlers from structure lbs_debug_fops*/ 1931 /*DEG-CHECK: checking registration of lbs_debug_fops structure*/ 1932 if(ldv_state_variable_17 != 0){ 1933 ldv_main_exported_17(); 1934 } 1935 } 1936 break; 1937 case 3:{ 1938 /*DEG-struct: handlers from structure ldv_setup_timer_1*/ 1939 /*DEG-CHECK: checking registration of ldv_setup_timer_1 structure*/ 1940 if(ldv_state_variable_2 != 0){ 1941 choose_timer_2(); 1942 } 1943 } 1944 break; 1945 case 4:{ 1946 /*DEG-struct: handlers from structure ldv_setup_timer_2*/ 1947 /*DEG-CHECK: checking registration of ldv_setup_timer_2 structure*/ 1948 if(ldv_state_variable_1 != 0){ 1949 choose_timer_1(); 1950 } 1951 } 1952 break; 1953 case 5:{ 1954 /*DEG-struct: handlers from structure lbs_cfg80211_ops*/ 1955 /*DEG-CHECK: checking registration of lbs_cfg80211_ops structure*/ 1956 if(ldv_state_variable_18 != 0){ 1957 ldv_main_exported_18(); 1958 } 1959 } 1960 break; 1961 case 6:{ 1962 /*DEG-struct: handlers from structure module*/ 1963 /*DEG-CHECK: checking registration of module structure*/ 1964 if(ldv_state_variable_0 != 0){ 1965 switch(__VERIFIER_nondet_int()){ 1966 case 0:{ 1967 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1968 if(ldv_state_variable_0 == 2 && ref_cnt==0){ 1969 /*DEG-CALL: handler module_exit from module*/ 1970 lbs_exit_module(); 1971 ldv_state_variable_0 = 3; 1972 goto ldv_final; 1973 } 1974 } 1975 break; 1976 case 1:{ 1977 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1978 if(ldv_state_variable_0 == 1){ 1979 /*DEG-CALL: handler module_init from module*/ 1980 ldv_retval_2=lbs_init_module(); 1981 if(ldv_retval_2!=0){ 1982 ldv_state_variable_0 = 3; 1983 goto ldv_final; 1984 } 1985 /*DEG-postcall: if success*/ 1986 if(ldv_retval_2==0){ 1987 ldv_state_variable_0 = 2; 1988 ldv_state_variable_5 = 1; 1989 ldv_state_variable_10 = 1; 1990 ldv_state_variable_13 = 1; 1991 ldv_state_variable_16 = 1; 1992 ldv_initialyze_ethtool_ops_16(); 1993 ldv_state_variable_18 = 1; 1994 ldv_initialyze_cfg80211_ops_18(); 1995 ldv_state_variable_8 = 1; 1996 ldv_state_variable_14 = 1; 1997 ldv_state_variable_12 = 1; 1998 ldv_state_variable_17 = 1; 1999 ldv_file_operations_17(); 2000 ldv_state_variable_9 = 1; 2001 ldv_state_variable_7 = 1; 2002 ldv_state_variable_11 = 1; 2003 ldv_state_variable_6 = 1; 2004 } 2005 } 2006 } 2007 break; 2008 default: ldv_assume(0); 2009 } 2010 } 2011 } 2012 break; 2013 case 7:{ 2014 /*DEG-struct: handlers from structure lbs_ethtool_ops*/ 2015 /*DEG-CHECK: checking registration of lbs_ethtool_ops structure*/ 2016 if(ldv_state_variable_16 != 0){ 2017 ldv_main_exported_16(); 2018 } 2019 } 2020 break; 2021 case 8:{ 2022 /*DEG-struct: handlers from structure dev_attr_anycast_mask*/ 2023 /*DEG-CHECK: checking registration of dev_attr_anycast_mask structure*/ 2024 if(ldv_state_variable_13 != 0){ 2025 ldv_main_exported_13(); 2026 } 2027 } 2028 break; 2029 case 9:{ 2030 /*DEG-struct: handlers from structure dev_attr_metric_id*/ 2031 /*DEG-CHECK: checking registration of dev_attr_metric_id structure*/ 2032 if(ldv_state_variable_6 != 0){ 2033 ldv_main_exported_6(); 2034 } 2035 } 2036 break; 2037 case 10:{ 2038 /*DEG-struct: handlers from structure ldv_setup_timer_0*/ 2039 /*DEG-CHECK: checking registration of ldv_setup_timer_0 structure*/ 2040 if(ldv_state_variable_3 != 0){ 2041 choose_timer_3(); 2042 } 2043 } 2044 break; 2045 case 11:{ 2046 /*DEG-struct: handlers from structure dev_attr_channel*/ 2047 /*DEG-CHECK: checking registration of dev_attr_channel structure*/ 2048 if(ldv_state_variable_9 != 0){ 2049 ldv_main_exported_9(); 2050 } 2051 } 2052 break; 2053 case 12:{ 2054 /*DEG-struct: handlers from structure dev_attr_prb_rsp_limit*/ 2055 /*DEG-CHECK: checking registration of dev_attr_prb_rsp_limit structure*/ 2056 if(ldv_state_variable_12 != 0){ 2057 ldv_main_exported_12(); 2058 } 2059 } 2060 break; 2061 case 13:{ 2062 /*DEG-struct: handlers from structure dev_attr_lbs_mesh*/ 2063 /*DEG-CHECK: checking registration of dev_attr_lbs_mesh structure*/ 2064 if(ldv_state_variable_14 != 0){ 2065 ldv_main_exported_14(); 2066 } 2067 } 2068 break; 2069 case 14:{ 2070 /*DEG-struct: handlers from structure lbs_netdev_ops*/ 2071 /*DEG-CHECK: checking registration of lbs_netdev_ops structure*/ 2072 if(ldv_state_variable_15 != 0){ 2073 switch(__VERIFIER_nondet_int()){ 2074 case 0:{ 2075 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2076 if(ldv_state_variable_15 == 1){ 2077 /*DEG-CALL: handler ndo_validate_addr from lbs_netdev_ops*/ 2078 (& eth_validate_addr)(lbs_netdev_ops_group1); 2079 /*DEG-postcall: default*/ 2080 ldv_state_variable_15 = 1; 2081 } 2082 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2083 if(ldv_state_variable_15 == 3){ 2084 /*DEG-CALL: handler ndo_validate_addr from lbs_netdev_ops*/ 2085 (& eth_validate_addr)(lbs_netdev_ops_group1); 2086 /*DEG-postcall: default*/ 2087 ldv_state_variable_15 = 3; 2088 } 2089 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2090 if(ldv_state_variable_15 == 2){ 2091 /*DEG-CALL: handler ndo_validate_addr from lbs_netdev_ops*/ 2092 (& eth_validate_addr)(lbs_netdev_ops_group1); 2093 /*DEG-postcall: default*/ 2094 ldv_state_variable_15 = 2; 2095 } 2096 } 2097 break; 2098 case 1:{ 2099 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2100 if(ldv_state_variable_15 == 1){ 2101 /*DEG-CALL: handler ndo_set_rx_mode from lbs_netdev_ops*/ 2102 (& lbs_set_multicast_list)(lbs_netdev_ops_group1); 2103 /*DEG-postcall: default*/ 2104 ldv_state_variable_15 = 1; 2105 } 2106 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2107 if(ldv_state_variable_15 == 3){ 2108 /*DEG-CALL: handler ndo_set_rx_mode from lbs_netdev_ops*/ 2109 (& lbs_set_multicast_list)(lbs_netdev_ops_group1); 2110 /*DEG-postcall: default*/ 2111 ldv_state_variable_15 = 3; 2112 } 2113 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2114 if(ldv_state_variable_15 == 2){ 2115 /*DEG-CALL: handler ndo_set_rx_mode from lbs_netdev_ops*/ 2116 (& lbs_set_multicast_list)(lbs_netdev_ops_group1); 2117 /*DEG-postcall: default*/ 2118 ldv_state_variable_15 = 2; 2119 } 2120 } 2121 break; 2122 case 2:{ 2123 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2124 if(ldv_state_variable_15 == 3 && evil_hack_15()){ 2125 /*DEG-CALL: handler ndo_stop from lbs_netdev_ops*/ 2126 (& lbs_eth_stop)(lbs_netdev_ops_group1); 2127 ldv_state_variable_15 = 2; 2128 rtnl_unlock(); 2129 } 2130 } 2131 break; 2132 case 3:{ 2133 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2134 if(ldv_state_variable_15 == 3){ 2135 /*DEG-CALL: handler ndo_change_mtu from lbs_netdev_ops*/ 2136 (& eth_change_mtu)(lbs_netdev_ops_group1,ldvarg74); 2137 /*DEG-postcall: default*/ 2138 ldv_state_variable_15 = 3; 2139 } 2140 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2141 if(ldv_state_variable_15 == 2){ 2142 /*DEG-CALL: handler ndo_change_mtu from lbs_netdev_ops*/ 2143 (& eth_change_mtu)(lbs_netdev_ops_group1,ldvarg74); 2144 /*DEG-postcall: default*/ 2145 ldv_state_variable_15 = 2; 2146 } 2147 } 2148 break; 2149 case 4:{ 2150 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2151 if(ldv_state_variable_15 == 2 && evil_hack_15()){ 2152 /*DEG-CALL: handler ndo_open from lbs_netdev_ops*/ 2153 ldv_retval_4=(& lbs_dev_open)(lbs_netdev_ops_group1); 2154 if(ldv_retval_4==0){ 2155 ldv_state_variable_15 = 3; 2156 } 2157 } 2158 } 2159 break; 2160 case 5:{ 2161 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2162 if(ldv_state_variable_15 == 3){ 2163 /*DEG-CALL: handler ndo_start_xmit from lbs_netdev_ops*/ 2164 (& lbs_hard_start_xmit)(ldvarg73,lbs_netdev_ops_group1); 2165 /*DEG-postcall: default*/ 2166 ldv_state_variable_15 = 3; 2167 } 2168 } 2169 break; 2170 case 6:{ 2171 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2172 if(ldv_state_variable_15 == 1){ 2173 /*DEG-CALL: handler ndo_set_mac_address from lbs_netdev_ops*/ 2174 (& lbs_set_mac_address)(lbs_netdev_ops_group1,ldvarg72); 2175 /*DEG-postcall: default*/ 2176 ldv_state_variable_15 = 1; 2177 } 2178 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 2179 if(ldv_state_variable_15 == 3){ 2180 /*DEG-CALL: handler ndo_set_mac_address from lbs_netdev_ops*/ 2181 (& lbs_set_mac_address)(lbs_netdev_ops_group1,ldvarg72); 2182 /*DEG-postcall: default*/ 2183 ldv_state_variable_15 = 3; 2184 } 2185 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2186 if(ldv_state_variable_15 == 2){ 2187 /*DEG-CALL: handler ndo_set_mac_address from lbs_netdev_ops*/ 2188 (& lbs_set_mac_address)(lbs_netdev_ops_group1,ldvarg72); 2189 /*DEG-postcall: default*/ 2190 ldv_state_variable_15 = 2; 2191 } 2192 } 2193 break; 2194 case 7:{ 2195 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 2196 if(ldv_state_variable_15 == 1){ 2197 /*DEG-CALL: handler ndo_init from lbs_netdev_ops*/ 2198 ldv_retval_3=ldv_ndo_init_15(); 2199 if(ldv_retval_3==0){ 2200 ldv_state_variable_15 = 2; 2201 ref_cnt++; 2202 } 2203 } 2204 } 2205 break; 2206 case 8:{ 2207 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 2208 if(ldv_state_variable_15 == 2 && evil_hack_15()){ 2209 /*DEG-CALL: handler ndo_uninit from lbs_netdev_ops*/ 2210 ldv_ndo_uninit_15(); 2211 ldv_state_variable_15 = 1; 2212 ref_cnt--; 2213 rtnl_unlock(); 2214 } 2215 } 2216 break; 2217 default: ldv_assume(0); 2218 } 2219 } 2220 } 2221 break; 2222 case 15:{ 2223 /*DEG-struct: handlers from structure dev_attr_mesh_id*/ 2224 /*DEG-CHECK: checking registration of dev_attr_mesh_id structure*/ 2225 if(ldv_state_variable_8 != 0){ 2226 ldv_main_exported_8(); 2227 } 2228 } 2229 break; 2230 case 16:{ 2231 /*DEG-struct: handlers from structure mesh_netdev_ops*/ 2232 /*DEG-CHECK: checking registration of mesh_netdev_ops structure*/ 2233 if(ldv_state_variable_4 != 0){ 2234 ldv_main_exported_4(); 2235 } 2236 } 2237 break; 2238 case 17:{ 2239 /*DEG-struct: handlers from structure dev_attr_boottime*/ 2240 /*DEG-CHECK: checking registration of dev_attr_boottime structure*/ 2241 if(ldv_state_variable_10 != 0){ 2242 ldv_main_exported_10(); 2243 } 2244 } 2245 break; 2246 case 18:{ 2247 /*DEG-struct: handlers from structure dev_attr_capability*/ 2248 /*DEG-CHECK: checking registration of dev_attr_capability structure*/ 2249 if(ldv_state_variable_5 != 0){ 2250 ldv_main_exported_5(); 2251 } 2252 } 2253 break; 2254 default: ldv_assume(0); 2255 } 2256 } 2257 ldv_final: 2258 ldv_check_final_state(); 2259 return; 2260 } 2261 /* DEG-ENVIRONMENT-END */
1 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 2 3 #include <linux/delay.h> 4 #include <linux/etherdevice.h> 5 #include <linux/hardirq.h> 6 #include <linux/netdevice.h> 7 #include <linux/if_ether.h> 8 #include <linux/if_arp.h> 9 #include <linux/kthread.h> 10 #include <linux/kfifo.h> 11 #include <net/cfg80211.h> 12 13 #include "mesh.h" 14 #include "decl.h" 15 #include "cmd.h" 16 17 18 static int lbs_add_mesh(struct lbs_private *priv); 19 20 /*************************************************************************** 21 * Mesh command handling 22 */ 23 24 static int lbs_mesh_access(struct lbs_private *priv, uint16_t cmd_action, 25 struct cmd_ds_mesh_access *cmd) 26 { 27 int ret; 28 29 lbs_deb_enter_args(LBS_DEB_CMD, "action %d", cmd_action); 30 31 cmd->hdr.command = cpu_to_le16(CMD_MESH_ACCESS); 32 cmd->hdr.size = cpu_to_le16(sizeof(*cmd)); 33 cmd->hdr.result = 0; 34 35 cmd->action = cpu_to_le16(cmd_action); 36 37 ret = lbs_cmd_with_response(priv, CMD_MESH_ACCESS, cmd); 38 39 lbs_deb_leave(LBS_DEB_CMD); 40 return ret; 41 } 42 43 static int __lbs_mesh_config_send(struct lbs_private *priv, 44 struct cmd_ds_mesh_config *cmd, 45 uint16_t action, uint16_t type) 46 { 47 int ret; 48 u16 command = CMD_MESH_CONFIG_OLD; 49 50 lbs_deb_enter(LBS_DEB_CMD); 51 52 /* 53 * Command id is 0xac for v10 FW along with mesh interface 54 * id in bits 14-13-12. 55 */ 56 if (priv->mesh_tlv == TLV_TYPE_MESH_ID) 57 command = CMD_MESH_CONFIG | 58 (MESH_IFACE_ID << MESH_IFACE_BIT_OFFSET); 59 60 cmd->hdr.command = cpu_to_le16(command); 61 cmd->hdr.size = cpu_to_le16(sizeof(struct cmd_ds_mesh_config)); 62 cmd->hdr.result = 0; 63 64 cmd->type = cpu_to_le16(type); 65 cmd->action = cpu_to_le16(action); 66 67 ret = lbs_cmd_with_response(priv, command, cmd); 68 69 lbs_deb_leave(LBS_DEB_CMD); 70 return ret; 71 } 72 73 static int lbs_mesh_config_send(struct lbs_private *priv, 74 struct cmd_ds_mesh_config *cmd, 75 uint16_t action, uint16_t type) 76 { 77 int ret; 78 79 if (!(priv->fwcapinfo & FW_CAPINFO_PERSISTENT_CONFIG)) 80 return -EOPNOTSUPP; 81 82 ret = __lbs_mesh_config_send(priv, cmd, action, type); 83 return ret; 84 } 85 86 /* This function is the CMD_MESH_CONFIG legacy function. It only handles the 87 * START and STOP actions. The extended actions supported by CMD_MESH_CONFIG 88 * are all handled by preparing a struct cmd_ds_mesh_config and passing it to 89 * lbs_mesh_config_send. 90 */ 91 static int lbs_mesh_config(struct lbs_private *priv, uint16_t action, 92 uint16_t chan) 93 { 94 struct cmd_ds_mesh_config cmd; 95 struct mrvl_meshie *ie; 96 97 memset(&cmd, 0, sizeof(cmd)); 98 cmd.channel = cpu_to_le16(chan); 99 ie = (struct mrvl_meshie *)cmd.data; 100 101 switch (action) { 102 case CMD_ACT_MESH_CONFIG_START: 103 ie->id = WLAN_EID_VENDOR_SPECIFIC; 104 ie->val.oui[0] = 0x00; 105 ie->val.oui[1] = 0x50; 106 ie->val.oui[2] = 0x43; 107 ie->val.type = MARVELL_MESH_IE_TYPE; 108 ie->val.subtype = MARVELL_MESH_IE_SUBTYPE; 109 ie->val.version = MARVELL_MESH_IE_VERSION; 110 ie->val.active_protocol_id = MARVELL_MESH_PROTO_ID_HWMP; 111 ie->val.active_metric_id = MARVELL_MESH_METRIC_ID; 112 ie->val.mesh_capability = MARVELL_MESH_CAPABILITY; 113 ie->val.mesh_id_len = priv->mesh_ssid_len; 114 memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len); 115 ie->len = sizeof(struct mrvl_meshie_val) - 116 IEEE80211_MAX_SSID_LEN + priv->mesh_ssid_len; 117 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val)); 118 break; 119 case CMD_ACT_MESH_CONFIG_STOP: 120 break; 121 default: 122 return -1; 123 } 124 lbs_deb_cmd("mesh config action %d type %x channel %d SSID %*pE\n", 125 action, priv->mesh_tlv, chan, priv->mesh_ssid_len, 126 priv->mesh_ssid); 127 128 return __lbs_mesh_config_send(priv, &cmd, action, priv->mesh_tlv); 129 } 130 131 int lbs_mesh_set_channel(struct lbs_private *priv, u8 channel) 132 { 133 priv->mesh_channel = channel; 134 return lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, channel); 135 } 136 137 static uint16_t lbs_mesh_get_channel(struct lbs_private *priv) 138 { 139 return priv->mesh_channel ?: 1; 140 } 141 142 /*************************************************************************** 143 * Mesh sysfs support 144 */ 145 146 /* 147 * Attributes exported through sysfs 148 */ 149 150 /** 151 * lbs_anycast_get - Get function for sysfs attribute anycast_mask 152 * @dev: the &struct device 153 * @attr: device attributes 154 * @buf: buffer where data will be returned 155 */ 156 static ssize_t lbs_anycast_get(struct device *dev, 157 struct device_attribute *attr, char * buf) 158 { 159 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 160 struct cmd_ds_mesh_access mesh_access; 161 int ret; 162 163 memset(&mesh_access, 0, sizeof(mesh_access)); 164 165 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_ANYCAST, &mesh_access); 166 if (ret) 167 return ret; 168 169 return snprintf(buf, 12, "0x%X\n", le32_to_cpu(mesh_access.data[0])); 170 } 171 172 /** 173 * lbs_anycast_set - Set function for sysfs attribute anycast_mask 174 * @dev: the &struct device 175 * @attr: device attributes 176 * @buf: buffer that contains new attribute value 177 * @count: size of buffer 178 */ 179 static ssize_t lbs_anycast_set(struct device *dev, 180 struct device_attribute *attr, const char * buf, size_t count) 181 { 182 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 183 struct cmd_ds_mesh_access mesh_access; 184 uint32_t datum; 185 int ret; 186 187 memset(&mesh_access, 0, sizeof(mesh_access)); 188 sscanf(buf, "%x", &datum); 189 mesh_access.data[0] = cpu_to_le32(datum); 190 191 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_ANYCAST, &mesh_access); 192 if (ret) 193 return ret; 194 195 return strlen(buf); 196 } 197 198 /** 199 * lbs_prb_rsp_limit_get - Get function for sysfs attribute prb_rsp_limit 200 * @dev: the &struct device 201 * @attr: device attributes 202 * @buf: buffer where data will be returned 203 */ 204 static ssize_t lbs_prb_rsp_limit_get(struct device *dev, 205 struct device_attribute *attr, char *buf) 206 { 207 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 208 struct cmd_ds_mesh_access mesh_access; 209 int ret; 210 u32 retry_limit; 211 212 memset(&mesh_access, 0, sizeof(mesh_access)); 213 mesh_access.data[0] = cpu_to_le32(CMD_ACT_GET); 214 215 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT, 216 &mesh_access); 217 if (ret) 218 return ret; 219 220 retry_limit = le32_to_cpu(mesh_access.data[1]); 221 return snprintf(buf, 10, "%d\n", retry_limit); 222 } 223 224 /** 225 * lbs_prb_rsp_limit_set - Set function for sysfs attribute prb_rsp_limit 226 * @dev: the &struct device 227 * @attr: device attributes 228 * @buf: buffer that contains new attribute value 229 * @count: size of buffer 230 */ 231 static ssize_t lbs_prb_rsp_limit_set(struct device *dev, 232 struct device_attribute *attr, const char *buf, size_t count) 233 { 234 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 235 struct cmd_ds_mesh_access mesh_access; 236 int ret; 237 unsigned long retry_limit; 238 239 memset(&mesh_access, 0, sizeof(mesh_access)); 240 mesh_access.data[0] = cpu_to_le32(CMD_ACT_SET); 241 242 if (!kstrtoul(buf, 10, &retry_limit)) 243 return -ENOTSUPP; 244 if (retry_limit > 15) 245 return -ENOTSUPP; 246 247 mesh_access.data[1] = cpu_to_le32(retry_limit); 248 249 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT, 250 &mesh_access); 251 if (ret) 252 return ret; 253 254 return strlen(buf); 255 } 256 257 /** 258 * lbs_mesh_get - Get function for sysfs attribute mesh 259 * @dev: the &struct device 260 * @attr: device attributes 261 * @buf: buffer where data will be returned 262 */ 263 static ssize_t lbs_mesh_get(struct device *dev, 264 struct device_attribute *attr, char * buf) 265 { 266 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 267 return snprintf(buf, 5, "0x%X\n", !!priv->mesh_dev); 268 } 269 270 /** 271 * lbs_mesh_set - Set function for sysfs attribute mesh 272 * @dev: the &struct device 273 * @attr: device attributes 274 * @buf: buffer that contains new attribute value 275 * @count: size of buffer 276 */ 277 static ssize_t lbs_mesh_set(struct device *dev, 278 struct device_attribute *attr, const char * buf, size_t count) 279 { 280 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 281 int enable; 282 283 sscanf(buf, "%x", &enable); 284 enable = !!enable; 285 if (enable == !!priv->mesh_dev) 286 return count; 287 288 if (enable) 289 lbs_add_mesh(priv); 290 else 291 lbs_remove_mesh(priv); 292 293 return count; 294 } 295 296 /* 297 * lbs_mesh attribute to be exported per ethX interface 298 * through sysfs (/sys/class/net/ethX/lbs_mesh) 299 */ 300 static DEVICE_ATTR(lbs_mesh, 0644, lbs_mesh_get, lbs_mesh_set); 301 302 /* 303 * anycast_mask attribute to be exported per mshX interface 304 * through sysfs (/sys/class/net/mshX/anycast_mask) 305 */ 306 static DEVICE_ATTR(anycast_mask, 0644, lbs_anycast_get, lbs_anycast_set); 307 308 /* 309 * prb_rsp_limit attribute to be exported per mshX interface 310 * through sysfs (/sys/class/net/mshX/prb_rsp_limit) 311 */ 312 static DEVICE_ATTR(prb_rsp_limit, 0644, lbs_prb_rsp_limit_get, 313 lbs_prb_rsp_limit_set); 314 315 static struct attribute *lbs_mesh_sysfs_entries[] = { 316 &dev_attr_anycast_mask.attr, 317 &dev_attr_prb_rsp_limit.attr, 318 NULL, 319 }; 320 321 static const struct attribute_group lbs_mesh_attr_group = { 322 .attrs = lbs_mesh_sysfs_entries, 323 }; 324 325 326 /*************************************************************************** 327 * Persistent configuration support 328 */ 329 330 static int mesh_get_default_parameters(struct device *dev, 331 struct mrvl_mesh_defaults *defs) 332 { 333 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 334 struct cmd_ds_mesh_config cmd; 335 int ret; 336 337 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config)); 338 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_GET, 339 CMD_TYPE_MESH_GET_DEFAULTS); 340 341 if (ret) 342 return -EOPNOTSUPP; 343 344 memcpy(defs, &cmd.data[0], sizeof(struct mrvl_mesh_defaults)); 345 346 return 0; 347 } 348 349 /** 350 * bootflag_get - Get function for sysfs attribute bootflag 351 * @dev: the &struct device 352 * @attr: device attributes 353 * @buf: buffer where data will be returned 354 */ 355 static ssize_t bootflag_get(struct device *dev, 356 struct device_attribute *attr, char *buf) 357 { 358 struct mrvl_mesh_defaults defs; 359 int ret; 360 361 ret = mesh_get_default_parameters(dev, &defs); 362 363 if (ret) 364 return ret; 365 366 return snprintf(buf, 12, "%d\n", le32_to_cpu(defs.bootflag)); 367 } 368 369 /** 370 * bootflag_set - Set function for sysfs attribute bootflag 371 * @dev: the &struct device 372 * @attr: device attributes 373 * @buf: buffer that contains new attribute value 374 * @count: size of buffer 375 */ 376 static ssize_t bootflag_set(struct device *dev, struct device_attribute *attr, 377 const char *buf, size_t count) 378 { 379 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 380 struct cmd_ds_mesh_config cmd; 381 uint32_t datum; 382 int ret; 383 384 memset(&cmd, 0, sizeof(cmd)); 385 ret = sscanf(buf, "%d", &datum); 386 if ((ret != 1) || (datum > 1)) 387 return -EINVAL; 388 389 *((__le32 *)&cmd.data[0]) = cpu_to_le32(!!datum); 390 cmd.length = cpu_to_le16(sizeof(uint32_t)); 391 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 392 CMD_TYPE_MESH_SET_BOOTFLAG); 393 if (ret) 394 return ret; 395 396 return strlen(buf); 397 } 398 399 /** 400 * boottime_get - Get function for sysfs attribute boottime 401 * @dev: the &struct device 402 * @attr: device attributes 403 * @buf: buffer where data will be returned 404 */ 405 static ssize_t boottime_get(struct device *dev, 406 struct device_attribute *attr, char *buf) 407 { 408 struct mrvl_mesh_defaults defs; 409 int ret; 410 411 ret = mesh_get_default_parameters(dev, &defs); 412 413 if (ret) 414 return ret; 415 416 return snprintf(buf, 12, "%d\n", defs.boottime); 417 } 418 419 /** 420 * boottime_set - Set function for sysfs attribute boottime 421 * @dev: the &struct device 422 * @attr: device attributes 423 * @buf: buffer that contains new attribute value 424 * @count: size of buffer 425 */ 426 static ssize_t boottime_set(struct device *dev, 427 struct device_attribute *attr, const char *buf, size_t count) 428 { 429 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 430 struct cmd_ds_mesh_config cmd; 431 uint32_t datum; 432 int ret; 433 434 memset(&cmd, 0, sizeof(cmd)); 435 ret = sscanf(buf, "%d", &datum); 436 if ((ret != 1) || (datum > 255)) 437 return -EINVAL; 438 439 /* A too small boot time will result in the device booting into 440 * standalone (no-host) mode before the host can take control of it, 441 * so the change will be hard to revert. This may be a desired 442 * feature (e.g to configure a very fast boot time for devices that 443 * will not be attached to a host), but dangerous. So I'm enforcing a 444 * lower limit of 20 seconds: remove and recompile the driver if this 445 * does not work for you. 446 */ 447 datum = (datum < 20) ? 20 : datum; 448 cmd.data[0] = datum; 449 cmd.length = cpu_to_le16(sizeof(uint8_t)); 450 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 451 CMD_TYPE_MESH_SET_BOOTTIME); 452 if (ret) 453 return ret; 454 455 return strlen(buf); 456 } 457 458 /** 459 * channel_get - Get function for sysfs attribute channel 460 * @dev: the &struct device 461 * @attr: device attributes 462 * @buf: buffer where data will be returned 463 */ 464 static ssize_t channel_get(struct device *dev, 465 struct device_attribute *attr, char *buf) 466 { 467 struct mrvl_mesh_defaults defs; 468 int ret; 469 470 ret = mesh_get_default_parameters(dev, &defs); 471 472 if (ret) 473 return ret; 474 475 return snprintf(buf, 12, "%d\n", le16_to_cpu(defs.channel)); 476 } 477 478 /** 479 * channel_set - Set function for sysfs attribute channel 480 * @dev: the &struct device 481 * @attr: device attributes 482 * @buf: buffer that contains new attribute value 483 * @count: size of buffer 484 */ 485 static ssize_t channel_set(struct device *dev, struct device_attribute *attr, 486 const char *buf, size_t count) 487 { 488 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 489 struct cmd_ds_mesh_config cmd; 490 uint32_t datum; 491 int ret; 492 493 memset(&cmd, 0, sizeof(cmd)); 494 ret = sscanf(buf, "%d", &datum); 495 if (ret != 1 || datum < 1 || datum > 11) 496 return -EINVAL; 497 498 *((__le16 *)&cmd.data[0]) = cpu_to_le16(datum); 499 cmd.length = cpu_to_le16(sizeof(uint16_t)); 500 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 501 CMD_TYPE_MESH_SET_DEF_CHANNEL); 502 if (ret) 503 return ret; 504 505 return strlen(buf); 506 } 507 508 /** 509 * mesh_id_get - Get function for sysfs attribute mesh_id 510 * @dev: the &struct device 511 * @attr: device attributes 512 * @buf: buffer where data will be returned 513 */ 514 static ssize_t mesh_id_get(struct device *dev, struct device_attribute *attr, 515 char *buf) 516 { 517 struct mrvl_mesh_defaults defs; 518 int ret; 519 520 ret = mesh_get_default_parameters(dev, &defs); 521 522 if (ret) 523 return ret; 524 525 if (defs.meshie.val.mesh_id_len > IEEE80211_MAX_SSID_LEN) { 526 dev_err(dev, "inconsistent mesh ID length\n"); 527 defs.meshie.val.mesh_id_len = IEEE80211_MAX_SSID_LEN; 528 } 529 530 memcpy(buf, defs.meshie.val.mesh_id, defs.meshie.val.mesh_id_len); 531 buf[defs.meshie.val.mesh_id_len] = '\n'; 532 buf[defs.meshie.val.mesh_id_len + 1] = '\0'; 533 534 return defs.meshie.val.mesh_id_len + 1; 535 } 536 537 /** 538 * mesh_id_set - Set function for sysfs attribute mesh_id 539 * @dev: the &struct device 540 * @attr: device attributes 541 * @buf: buffer that contains new attribute value 542 * @count: size of buffer 543 */ 544 static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr, 545 const char *buf, size_t count) 546 { 547 struct cmd_ds_mesh_config cmd; 548 struct mrvl_mesh_defaults defs; 549 struct mrvl_meshie *ie; 550 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 551 int len; 552 int ret; 553 554 if (count < 2 || count > IEEE80211_MAX_SSID_LEN + 1) 555 return -EINVAL; 556 557 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config)); 558 ie = (struct mrvl_meshie *) &cmd.data[0]; 559 560 /* fetch all other Information Element parameters */ 561 ret = mesh_get_default_parameters(dev, &defs); 562 563 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 564 565 /* transfer IE elements */ 566 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 567 568 len = count - 1; 569 memcpy(ie->val.mesh_id, buf, len); 570 /* SSID len */ 571 ie->val.mesh_id_len = len; 572 /* IE len */ 573 ie->len = sizeof(struct mrvl_meshie_val) - IEEE80211_MAX_SSID_LEN + len; 574 575 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 576 CMD_TYPE_MESH_SET_MESH_IE); 577 if (ret) 578 return ret; 579 580 return strlen(buf); 581 } 582 583 /** 584 * protocol_id_get - Get function for sysfs attribute protocol_id 585 * @dev: the &struct device 586 * @attr: device attributes 587 * @buf: buffer where data will be returned 588 */ 589 static ssize_t protocol_id_get(struct device *dev, 590 struct device_attribute *attr, char *buf) 591 { 592 struct mrvl_mesh_defaults defs; 593 int ret; 594 595 ret = mesh_get_default_parameters(dev, &defs); 596 597 if (ret) 598 return ret; 599 600 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_protocol_id); 601 } 602 603 /** 604 * protocol_id_set - Set function for sysfs attribute protocol_id 605 * @dev: the &struct device 606 * @attr: device attributes 607 * @buf: buffer that contains new attribute value 608 * @count: size of buffer 609 */ 610 static ssize_t protocol_id_set(struct device *dev, 611 struct device_attribute *attr, const char *buf, size_t count) 612 { 613 struct cmd_ds_mesh_config cmd; 614 struct mrvl_mesh_defaults defs; 615 struct mrvl_meshie *ie; 616 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 617 uint32_t datum; 618 int ret; 619 620 memset(&cmd, 0, sizeof(cmd)); 621 ret = sscanf(buf, "%d", &datum); 622 if ((ret != 1) || (datum > 255)) 623 return -EINVAL; 624 625 /* fetch all other Information Element parameters */ 626 ret = mesh_get_default_parameters(dev, &defs); 627 628 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 629 630 /* transfer IE elements */ 631 ie = (struct mrvl_meshie *) &cmd.data[0]; 632 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 633 /* update protocol id */ 634 ie->val.active_protocol_id = datum; 635 636 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 637 CMD_TYPE_MESH_SET_MESH_IE); 638 if (ret) 639 return ret; 640 641 return strlen(buf); 642 } 643 644 /** 645 * metric_id_get - Get function for sysfs attribute metric_id 646 * @dev: the &struct device 647 * @attr: device attributes 648 * @buf: buffer where data will be returned 649 */ 650 static ssize_t metric_id_get(struct device *dev, 651 struct device_attribute *attr, char *buf) 652 { 653 struct mrvl_mesh_defaults defs; 654 int ret; 655 656 ret = mesh_get_default_parameters(dev, &defs); 657 658 if (ret) 659 return ret; 660 661 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_metric_id); 662 } 663 664 /** 665 * metric_id_set - Set function for sysfs attribute metric_id 666 * @dev: the &struct device 667 * @attr: device attributes 668 * @buf: buffer that contains new attribute value 669 * @count: size of buffer 670 */ 671 static ssize_t metric_id_set(struct device *dev, struct device_attribute *attr, 672 const char *buf, size_t count) 673 { 674 struct cmd_ds_mesh_config cmd; 675 struct mrvl_mesh_defaults defs; 676 struct mrvl_meshie *ie; 677 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 678 uint32_t datum; 679 int ret; 680 681 memset(&cmd, 0, sizeof(cmd)); 682 ret = sscanf(buf, "%d", &datum); 683 if ((ret != 1) || (datum > 255)) 684 return -EINVAL; 685 686 /* fetch all other Information Element parameters */ 687 ret = mesh_get_default_parameters(dev, &defs); 688 689 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 690 691 /* transfer IE elements */ 692 ie = (struct mrvl_meshie *) &cmd.data[0]; 693 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 694 /* update metric id */ 695 ie->val.active_metric_id = datum; 696 697 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 698 CMD_TYPE_MESH_SET_MESH_IE); 699 if (ret) 700 return ret; 701 702 return strlen(buf); 703 } 704 705 /** 706 * capability_get - Get function for sysfs attribute capability 707 * @dev: the &struct device 708 * @attr: device attributes 709 * @buf: buffer where data will be returned 710 */ 711 static ssize_t capability_get(struct device *dev, 712 struct device_attribute *attr, char *buf) 713 { 714 struct mrvl_mesh_defaults defs; 715 int ret; 716 717 ret = mesh_get_default_parameters(dev, &defs); 718 719 if (ret) 720 return ret; 721 722 return snprintf(buf, 5, "%d\n", defs.meshie.val.mesh_capability); 723 } 724 725 /** 726 * capability_set - Set function for sysfs attribute capability 727 * @dev: the &struct device 728 * @attr: device attributes 729 * @buf: buffer that contains new attribute value 730 * @count: size of buffer 731 */ 732 static ssize_t capability_set(struct device *dev, struct device_attribute *attr, 733 const char *buf, size_t count) 734 { 735 struct cmd_ds_mesh_config cmd; 736 struct mrvl_mesh_defaults defs; 737 struct mrvl_meshie *ie; 738 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 739 uint32_t datum; 740 int ret; 741 742 memset(&cmd, 0, sizeof(cmd)); 743 ret = sscanf(buf, "%d", &datum); 744 if ((ret != 1) || (datum > 255)) 745 return -EINVAL; 746 747 /* fetch all other Information Element parameters */ 748 ret = mesh_get_default_parameters(dev, &defs); 749 750 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 751 752 /* transfer IE elements */ 753 ie = (struct mrvl_meshie *) &cmd.data[0]; 754 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 755 /* update value */ 756 ie->val.mesh_capability = datum; 757 758 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 759 CMD_TYPE_MESH_SET_MESH_IE); 760 if (ret) 761 return ret; 762 763 return strlen(buf); 764 } 765 766 767 static DEVICE_ATTR(bootflag, 0644, bootflag_get, bootflag_set); 768 static DEVICE_ATTR(boottime, 0644, boottime_get, boottime_set); 769 static DEVICE_ATTR(channel, 0644, channel_get, channel_set); 770 static DEVICE_ATTR(mesh_id, 0644, mesh_id_get, mesh_id_set); 771 static DEVICE_ATTR(protocol_id, 0644, protocol_id_get, protocol_id_set); 772 static DEVICE_ATTR(metric_id, 0644, metric_id_get, metric_id_set); 773 static DEVICE_ATTR(capability, 0644, capability_get, capability_set); 774 775 static struct attribute *boot_opts_attrs[] = { 776 &dev_attr_bootflag.attr, 777 &dev_attr_boottime.attr, 778 &dev_attr_channel.attr, 779 NULL 780 }; 781 782 static const struct attribute_group boot_opts_group = { 783 .name = "boot_options", 784 .attrs = boot_opts_attrs, 785 }; 786 787 static struct attribute *mesh_ie_attrs[] = { 788 &dev_attr_mesh_id.attr, 789 &dev_attr_protocol_id.attr, 790 &dev_attr_metric_id.attr, 791 &dev_attr_capability.attr, 792 NULL 793 }; 794 795 static const struct attribute_group mesh_ie_group = { 796 .name = "mesh_ie", 797 .attrs = mesh_ie_attrs, 798 }; 799 800 static void lbs_persist_config_init(struct net_device *dev) 801 { 802 int ret; 803 ret = sysfs_create_group(&(dev->dev.kobj), &boot_opts_group); 804 ret = sysfs_create_group(&(dev->dev.kobj), &mesh_ie_group); 805 } 806 807 static void lbs_persist_config_remove(struct net_device *dev) 808 { 809 sysfs_remove_group(&(dev->dev.kobj), &boot_opts_group); 810 sysfs_remove_group(&(dev->dev.kobj), &mesh_ie_group); 811 } 812 813 814 /*************************************************************************** 815 * Initializing and starting, stopping mesh 816 */ 817 818 /* 819 * Check mesh FW version and appropriately send the mesh start 820 * command 821 */ 822 int lbs_init_mesh(struct lbs_private *priv) 823 { 824 int ret = 0; 825 826 lbs_deb_enter(LBS_DEB_MESH); 827 828 /* Determine mesh_fw_ver from fwrelease and fwcapinfo */ 829 /* 5.0.16p0 9.0.0.p0 is known to NOT support any mesh */ 830 /* 5.110.22 have mesh command with 0xa3 command id */ 831 /* 10.0.0.p0 FW brings in mesh config command with different id */ 832 /* Check FW version MSB and initialize mesh_fw_ver */ 833 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5) { 834 /* Enable mesh, if supported, and work out which TLV it uses. 835 0x100 + 291 is an unofficial value used in 5.110.20.pXX 836 0x100 + 37 is the official value used in 5.110.21.pXX 837 but we check them in that order because 20.pXX doesn't 838 give an error -- it just silently fails. */ 839 840 /* 5.110.20.pXX firmware will fail the command if the channel 841 doesn't match the existing channel. But only if the TLV 842 is correct. If the channel is wrong, _BOTH_ versions will 843 give an error to 0x100+291, and allow 0x100+37 to succeed. 844 It's just that 5.110.20.pXX will not have done anything 845 useful */ 846 847 priv->mesh_tlv = TLV_TYPE_OLD_MESH_ID; 848 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) { 849 priv->mesh_tlv = TLV_TYPE_MESH_ID; 850 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) 851 priv->mesh_tlv = 0; 852 } 853 } else 854 if ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) && 855 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK)) { 856 /* 10.0.0.pXX new firmwares should succeed with TLV 857 * 0x100+37; Do not invoke command with old TLV. 858 */ 859 priv->mesh_tlv = TLV_TYPE_MESH_ID; 860 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) 861 priv->mesh_tlv = 0; 862 } 863 864 /* Stop meshing until interface is brought up */ 865 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP, 1); 866 867 if (priv->mesh_tlv) { 868 sprintf(priv->mesh_ssid, "mesh"); 869 priv->mesh_ssid_len = 4; 870 ret = 1; 871 } 872 873 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret); 874 return ret; 875 } 876 877 void lbs_start_mesh(struct lbs_private *priv) 878 { 879 lbs_add_mesh(priv); 880 881 if (device_create_file(&priv->dev->dev, &dev_attr_lbs_mesh)) 882 netdev_err(priv->dev, "cannot register lbs_mesh attribute\n"); 883 } 884 885 int lbs_deinit_mesh(struct lbs_private *priv) 886 { 887 struct net_device *dev = priv->dev; 888 int ret = 0; 889 890 lbs_deb_enter(LBS_DEB_MESH); 891 892 if (priv->mesh_tlv) { 893 device_remove_file(&dev->dev, &dev_attr_lbs_mesh); 894 ret = 1; 895 } 896 897 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret); 898 return ret; 899 } 900 901 902 /** 903 * lbs_mesh_stop - close the mshX interface 904 * 905 * @dev: A pointer to &net_device structure 906 * returns: 0 907 */ 908 static int lbs_mesh_stop(struct net_device *dev) 909 { 910 struct lbs_private *priv = dev->ml_priv; 911 912 lbs_deb_enter(LBS_DEB_MESH); 913 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP, 914 lbs_mesh_get_channel(priv)); 915 916 spin_lock_irq(&priv->driver_lock); 917 918 netif_stop_queue(dev); 919 netif_carrier_off(dev); 920 921 spin_unlock_irq(&priv->driver_lock); 922 923 lbs_update_mcast(priv); 924 if (!lbs_iface_active(priv)) 925 lbs_stop_iface(priv); 926 927 lbs_deb_leave(LBS_DEB_MESH); 928 return 0; 929 } 930 931 /** 932 * lbs_mesh_dev_open - open the mshX interface 933 * 934 * @dev: A pointer to &net_device structure 935 * returns: 0 or -EBUSY if monitor mode active 936 */ 937 static int lbs_mesh_dev_open(struct net_device *dev) 938 { 939 struct lbs_private *priv = dev->ml_priv; 940 int ret = 0; 941 942 lbs_deb_enter(LBS_DEB_NET); 943 if (!priv->iface_running) { 944 ret = lbs_start_iface(priv); 945 if (ret) 946 goto out; 947 } 948 949 spin_lock_irq(&priv->driver_lock); 950 951 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) { 952 ret = -EBUSY; 953 spin_unlock_irq(&priv->driver_lock); 954 goto out; 955 } 956 957 netif_carrier_on(dev); 958 959 if (!priv->tx_pending_len) 960 netif_wake_queue(dev); 961 962 spin_unlock_irq(&priv->driver_lock); 963 964 ret = lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 965 lbs_mesh_get_channel(priv)); 966 967 out: 968 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 969 return ret; 970 } 971 972 static const struct net_device_ops mesh_netdev_ops = { 973 .ndo_open = lbs_mesh_dev_open, 974 .ndo_stop = lbs_mesh_stop, 975 .ndo_start_xmit = lbs_hard_start_xmit, 976 .ndo_set_mac_address = lbs_set_mac_address, 977 .ndo_set_rx_mode = lbs_set_multicast_list, 978 }; 979 980 /** 981 * lbs_add_mesh - add mshX interface 982 * 983 * @priv: A pointer to the &struct lbs_private structure 984 * returns: 0 if successful, -X otherwise 985 */ 986 static int lbs_add_mesh(struct lbs_private *priv) 987 { 988 struct net_device *mesh_dev = NULL; 989 struct wireless_dev *mesh_wdev; 990 int ret = 0; 991 992 lbs_deb_enter(LBS_DEB_MESH); 993 994 /* Allocate a virtual mesh device */ 995 mesh_wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 996 if (!mesh_wdev) { 997 lbs_deb_mesh("init mshX wireless device failed\n"); 998 ret = -ENOMEM; 999 goto done; 1000 } 1001 1002 mesh_dev = alloc_netdev(0, "msh%d", NET_NAME_UNKNOWN, ether_setup); 1003 if (!mesh_dev) { 1004 lbs_deb_mesh("init mshX device failed\n"); 1005 ret = -ENOMEM; 1006 goto err_free_wdev; 1007 } 1008 1009 mesh_wdev->iftype = NL80211_IFTYPE_MESH_POINT; 1010 mesh_wdev->wiphy = priv->wdev->wiphy; 1011 mesh_wdev->netdev = mesh_dev; 1012 1013 mesh_dev->ml_priv = priv; 1014 mesh_dev->ieee80211_ptr = mesh_wdev; 1015 priv->mesh_dev = mesh_dev; 1016 1017 mesh_dev->netdev_ops = &mesh_netdev_ops; 1018 mesh_dev->ethtool_ops = &lbs_ethtool_ops; 1019 eth_hw_addr_inherit(mesh_dev, priv->dev); 1020 1021 SET_NETDEV_DEV(priv->mesh_dev, priv->dev->dev.parent); 1022 1023 mesh_dev->flags |= IFF_BROADCAST | IFF_MULTICAST; 1024 /* Register virtual mesh interface */ 1025 ret = register_netdev(mesh_dev); 1026 if (ret) { 1027 pr_err("cannot register mshX virtual interface\n"); 1028 goto err_free_netdev; 1029 } 1030 1031 ret = sysfs_create_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group); 1032 if (ret) 1033 goto err_unregister; 1034 1035 lbs_persist_config_init(mesh_dev); 1036 1037 /* Everything successful */ 1038 ret = 0; 1039 goto done; 1040 1041 err_unregister: 1042 unregister_netdev(mesh_dev); 1043 1044 err_free_netdev: 1045 free_netdev(mesh_dev); 1046 1047 err_free_wdev: 1048 kfree(mesh_wdev); 1049 1050 done: 1051 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret); 1052 return ret; 1053 } 1054 1055 void lbs_remove_mesh(struct lbs_private *priv) 1056 { 1057 struct net_device *mesh_dev; 1058 1059 mesh_dev = priv->mesh_dev; 1060 if (!mesh_dev) 1061 return; 1062 1063 lbs_deb_enter(LBS_DEB_MESH); 1064 netif_stop_queue(mesh_dev); 1065 netif_carrier_off(mesh_dev); 1066 sysfs_remove_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group); 1067 lbs_persist_config_remove(mesh_dev); 1068 unregister_netdev(mesh_dev); 1069 priv->mesh_dev = NULL; 1070 kfree(mesh_dev->ieee80211_ptr); 1071 free_netdev(mesh_dev); 1072 lbs_deb_leave(LBS_DEB_MESH); 1073 } 1074 1075 1076 /*************************************************************************** 1077 * Sending and receiving 1078 */ 1079 struct net_device *lbs_mesh_set_dev(struct lbs_private *priv, 1080 struct net_device *dev, struct rxpd *rxpd) 1081 { 1082 if (priv->mesh_dev) { 1083 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID) { 1084 if (rxpd->rx_control & RxPD_MESH_FRAME) 1085 dev = priv->mesh_dev; 1086 } else if (priv->mesh_tlv == TLV_TYPE_MESH_ID) { 1087 if (rxpd->u.bss.bss_num == MESH_IFACE_ID) 1088 dev = priv->mesh_dev; 1089 } 1090 } 1091 return dev; 1092 } 1093 1094 1095 void lbs_mesh_set_txpd(struct lbs_private *priv, 1096 struct net_device *dev, struct txpd *txpd) 1097 { 1098 if (dev == priv->mesh_dev) { 1099 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID) 1100 txpd->tx_control |= cpu_to_le32(TxPD_MESH_FRAME); 1101 else if (priv->mesh_tlv == TLV_TYPE_MESH_ID) 1102 txpd->u.bss.bss_num = MESH_IFACE_ID; 1103 } 1104 } 1105 1106 1107 /*************************************************************************** 1108 * Ethtool related 1109 */ 1110 1111 static const char * const mesh_stat_strings[] = { 1112 "drop_duplicate_bcast", 1113 "drop_ttl_zero", 1114 "drop_no_fwd_route", 1115 "drop_no_buffers", 1116 "fwded_unicast_cnt", 1117 "fwded_bcast_cnt", 1118 "drop_blind_table", 1119 "tx_failed_cnt" 1120 }; 1121 1122 void lbs_mesh_ethtool_get_stats(struct net_device *dev, 1123 struct ethtool_stats *stats, uint64_t *data) 1124 { 1125 struct lbs_private *priv = dev->ml_priv; 1126 struct cmd_ds_mesh_access mesh_access; 1127 int ret; 1128 1129 lbs_deb_enter(LBS_DEB_ETHTOOL); 1130 1131 /* Get Mesh Statistics */ 1132 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_STATS, &mesh_access); 1133 1134 if (ret) { 1135 memset(data, 0, MESH_STATS_NUM*(sizeof(uint64_t))); 1136 return; 1137 } 1138 1139 priv->mstats.fwd_drop_rbt = le32_to_cpu(mesh_access.data[0]); 1140 priv->mstats.fwd_drop_ttl = le32_to_cpu(mesh_access.data[1]); 1141 priv->mstats.fwd_drop_noroute = le32_to_cpu(mesh_access.data[2]); 1142 priv->mstats.fwd_drop_nobuf = le32_to_cpu(mesh_access.data[3]); 1143 priv->mstats.fwd_unicast_cnt = le32_to_cpu(mesh_access.data[4]); 1144 priv->mstats.fwd_bcast_cnt = le32_to_cpu(mesh_access.data[5]); 1145 priv->mstats.drop_blind = le32_to_cpu(mesh_access.data[6]); 1146 priv->mstats.tx_failed_cnt = le32_to_cpu(mesh_access.data[7]); 1147 1148 data[0] = priv->mstats.fwd_drop_rbt; 1149 data[1] = priv->mstats.fwd_drop_ttl; 1150 data[2] = priv->mstats.fwd_drop_noroute; 1151 data[3] = priv->mstats.fwd_drop_nobuf; 1152 data[4] = priv->mstats.fwd_unicast_cnt; 1153 data[5] = priv->mstats.fwd_bcast_cnt; 1154 data[6] = priv->mstats.drop_blind; 1155 data[7] = priv->mstats.tx_failed_cnt; 1156 1157 lbs_deb_enter(LBS_DEB_ETHTOOL); 1158 } 1159 1160 int lbs_mesh_ethtool_get_sset_count(struct net_device *dev, int sset) 1161 { 1162 struct lbs_private *priv = dev->ml_priv; 1163 1164 if (sset == ETH_SS_STATS && dev == priv->mesh_dev) 1165 return MESH_STATS_NUM; 1166 1167 return -EOPNOTSUPP; 1168 } 1169 1170 void lbs_mesh_ethtool_get_strings(struct net_device *dev, 1171 uint32_t stringset, uint8_t *s) 1172 { 1173 int i; 1174 1175 lbs_deb_enter(LBS_DEB_ETHTOOL); 1176 1177 switch (stringset) { 1178 case ETH_SS_STATS: 1179 for (i = 0; i < MESH_STATS_NUM; i++) { 1180 memcpy(s + i * ETH_GSTRING_LEN, 1181 mesh_stat_strings[i], 1182 ETH_GSTRING_LEN); 1183 } 1184 break; 1185 } 1186 lbs_deb_enter(LBS_DEB_ETHTOOL); 1187 }
1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 extern int ldv_state_variable_8; 53 extern int ldv_state_variable_15; 54 extern int ldv_timer_1_3; 55 extern struct timer_list * ldv_timer_list_2_0; 56 extern int ldv_timer_2_1; 57 extern int ldv_state_variable_0; 58 extern int ldv_state_variable_5; 59 extern int ldv_state_variable_13; 60 extern int ldv_state_variable_12; 61 extern struct device_attribute *dev_attr_protocol_id_group1; 62 extern struct timer_list * ldv_timer_list_3_1; 63 extern int ldv_state_variable_14; 64 extern struct device_attribute *dev_attr_capability_group1; 65 extern struct timer_list * ldv_timer_list_3_2; 66 extern int ldv_timer_2_2; 67 extern struct net_device *lbs_ethtool_ops_group0; 68 extern int ldv_timer_3_3; 69 extern int ldv_timer_2_3; 70 extern struct device_attribute *dev_attr_lbs_mesh_group1; 71 extern int ldv_timer_1_0; 72 extern int ldv_state_variable_17; 73 extern struct timer_list * ldv_timer_list_3_3; 74 extern int ldv_state_variable_9; 75 extern int ldv_timer_3_1; 76 extern int ref_cnt; 77 extern int ldv_state_variable_1; 78 extern int ldv_state_variable_7; 79 extern struct device_attribute *dev_attr_metric_id_group1; 80 extern struct net_device *lbs_netdev_ops_group1; 81 extern struct timer_list * ldv_timer_list_1_3; 82 extern struct net_device *lbs_cfg80211_ops_group0; 83 extern int ldv_state_variable_10; 84 extern struct timer_list * ldv_timer_list_1_1; 85 extern struct file *lbs_debug_fops_group2; 86 extern struct timer_list * ldv_timer_list_2_1; 87 extern struct wiphy *lbs_cfg80211_ops_group1; 88 extern struct timer_list * ldv_timer_list_1_0; 89 extern int ldv_state_variable_6; 90 extern int ldv_timer_1_2; 91 extern int ldv_state_variable_16; 92 extern struct device_attribute *dev_attr_channel_group1; 93 extern int ldv_timer_2_0; 94 extern int ldv_timer_1_1; 95 extern int ldv_state_variable_2; 96 extern struct timer_list * ldv_timer_list_1_2; 97 extern struct device_attribute *dev_attr_anycast_mask_group1; 98 extern int ldv_state_variable_11; 99 extern struct device_attribute *dev_attr_bootflag_group1; 100 extern int LDV_IN_INTERRUPT = 1; 101 extern int ldv_state_variable_18; 102 extern struct net_device *mesh_netdev_ops_group1; 103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1; 104 extern struct inode *lbs_debug_fops_group1; 105 extern int ldv_timer_3_2; 106 extern struct mutex fs_mutex; 107 extern int ldv_state_variable_3; 108 extern struct mutex ar_mutex; 109 extern struct timer_list * ldv_timer_list_2_3; 110 extern struct device_attribute *dev_attr_boottime_group1; 111 extern int ldv_timer_3_0; 112 extern struct timer_list * ldv_timer_list_3_0; 113 extern struct device_attribute *dev_attr_mesh_id_group1; 114 extern struct timer_list * ldv_timer_list_2_2; 115 extern int ldv_state_variable_4; 116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1; 117 extern void ldv_initialyze_cfg80211_ops_18(void); 118 extern int evil_hack_15(void); 119 extern void choose_timer_2(void); 120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag); 122 extern void choose_timer_3(void); 123 extern void timer_init_3(void); 124 extern void ldv_net_device_ops_4(void); 125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 126 extern void timer_init_2(void); 127 extern void timer_init_1(void); 128 extern void ldv_net_device_ops_15(void); 129 extern void disable_suitable_timer_3(struct timer_list * timer); 130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data); 131 extern int evil_hack_4(void); 132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 133 extern void disable_suitable_timer_2(struct timer_list * timer); 134 extern void disable_suitable_timer_1(struct timer_list * timer); 135 extern int evil_hack_fs_lock(void); 136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag); 138 extern int __VERIFIER_nondet_int(void); 139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 140 extern void ldv_file_operations_17(void); 141 extern void ldv_initialyze_ethtool_ops_16(void); 142 extern void choose_timer_1(void); 143 extern void ldv_timer_1(int state, struct timer_list * timer); 144 extern int evil_hack_ar_lock(void); 145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data); 146 extern void ldv_timer_2(int state, struct timer_list * timer); 147 extern void ldv_timer_3(int state, struct timer_list * timer); 148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/mesh.c" 149 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 150 151 #include <linux/delay.h> 152 #include <linux/etherdevice.h> 153 #include <linux/hardirq.h> 154 #include <linux/netdevice.h> 155 #include <linux/if_ether.h> 156 #include <linux/if_arp.h> 157 #include <linux/kthread.h> 158 #include <linux/kfifo.h> 159 #include <net/cfg80211.h> 160 161 #include "mesh.h" 162 #include "decl.h" 163 #include "cmd.h" 164 165 166 static int lbs_add_mesh(struct lbs_private *priv); 167 168 /*************************************************************************** 169 * Mesh command handling 170 */ 171 172 static int lbs_mesh_access(struct lbs_private *priv, uint16_t cmd_action, 173 struct cmd_ds_mesh_access *cmd) 174 { 175 int ret; 176 177 lbs_deb_enter_args(LBS_DEB_CMD, "action %d", cmd_action); 178 179 cmd->hdr.command = cpu_to_le16(CMD_MESH_ACCESS); 180 cmd->hdr.size = cpu_to_le16(sizeof(*cmd)); 181 cmd->hdr.result = 0; 182 183 cmd->action = cpu_to_le16(cmd_action); 184 185 ret = lbs_cmd_with_response(priv, CMD_MESH_ACCESS, cmd); 186 187 lbs_deb_leave(LBS_DEB_CMD); 188 return ret; 189 } 190 191 static int __lbs_mesh_config_send(struct lbs_private *priv, 192 struct cmd_ds_mesh_config *cmd, 193 uint16_t action, uint16_t type) 194 { 195 int ret; 196 u16 command = CMD_MESH_CONFIG_OLD; 197 198 lbs_deb_enter(LBS_DEB_CMD); 199 200 /* 201 * Command id is 0xac for v10 FW along with mesh interface 202 * id in bits 14-13-12. 203 */ 204 if (priv->mesh_tlv == TLV_TYPE_MESH_ID) 205 command = CMD_MESH_CONFIG | 206 (MESH_IFACE_ID << MESH_IFACE_BIT_OFFSET); 207 208 cmd->hdr.command = cpu_to_le16(command); 209 cmd->hdr.size = cpu_to_le16(sizeof(struct cmd_ds_mesh_config)); 210 cmd->hdr.result = 0; 211 212 cmd->type = cpu_to_le16(type); 213 cmd->action = cpu_to_le16(action); 214 215 ret = lbs_cmd_with_response(priv, command, cmd); 216 217 lbs_deb_leave(LBS_DEB_CMD); 218 return ret; 219 } 220 221 static int lbs_mesh_config_send(struct lbs_private *priv, 222 struct cmd_ds_mesh_config *cmd, 223 uint16_t action, uint16_t type) 224 { 225 int ret; 226 227 if (!(priv->fwcapinfo & FW_CAPINFO_PERSISTENT_CONFIG)) 228 return -EOPNOTSUPP; 229 230 ret = __lbs_mesh_config_send(priv, cmd, action, type); 231 return ret; 232 } 233 234 /* This function is the CMD_MESH_CONFIG legacy function. It only handles the 235 * START and STOP actions. The extended actions supported by CMD_MESH_CONFIG 236 * are all handled by preparing a struct cmd_ds_mesh_config and passing it to 237 * lbs_mesh_config_send. 238 */ 239 static int lbs_mesh_config(struct lbs_private *priv, uint16_t action, 240 uint16_t chan) 241 { 242 struct cmd_ds_mesh_config cmd; 243 struct mrvl_meshie *ie; 244 245 memset(&cmd, 0, sizeof(cmd)); 246 cmd.channel = cpu_to_le16(chan); 247 ie = (struct mrvl_meshie *)cmd.data; 248 249 switch (action) { 250 case CMD_ACT_MESH_CONFIG_START: 251 ie->id = WLAN_EID_VENDOR_SPECIFIC; 252 ie->val.oui[0] = 0x00; 253 ie->val.oui[1] = 0x50; 254 ie->val.oui[2] = 0x43; 255 ie->val.type = MARVELL_MESH_IE_TYPE; 256 ie->val.subtype = MARVELL_MESH_IE_SUBTYPE; 257 ie->val.version = MARVELL_MESH_IE_VERSION; 258 ie->val.active_protocol_id = MARVELL_MESH_PROTO_ID_HWMP; 259 ie->val.active_metric_id = MARVELL_MESH_METRIC_ID; 260 ie->val.mesh_capability = MARVELL_MESH_CAPABILITY; 261 ie->val.mesh_id_len = priv->mesh_ssid_len; 262 memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len); 263 ie->len = sizeof(struct mrvl_meshie_val) - 264 IEEE80211_MAX_SSID_LEN + priv->mesh_ssid_len; 265 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val)); 266 break; 267 case CMD_ACT_MESH_CONFIG_STOP: 268 break; 269 default: 270 return -1; 271 } 272 lbs_deb_cmd("mesh config action %d type %x channel %d SSID %*pE\n", 273 action, priv->mesh_tlv, chan, priv->mesh_ssid_len, 274 priv->mesh_ssid); 275 276 return __lbs_mesh_config_send(priv, &cmd, action, priv->mesh_tlv); 277 } 278 279 int lbs_mesh_set_channel(struct lbs_private *priv, u8 channel) 280 { 281 priv->mesh_channel = channel; 282 return lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, channel); 283 } 284 285 static uint16_t lbs_mesh_get_channel(struct lbs_private *priv) 286 { 287 return priv->mesh_channel ?: 1; 288 } 289 290 /*************************************************************************** 291 * Mesh sysfs support 292 */ 293 294 /* 295 * Attributes exported through sysfs 296 */ 297 298 /** 299 * lbs_anycast_get - Get function for sysfs attribute anycast_mask 300 * @dev: the &struct device 301 * @attr: device attributes 302 * @buf: buffer where data will be returned 303 */ 304 static ssize_t lbs_anycast_get(struct device *dev, 305 struct device_attribute *attr, char * buf) 306 { 307 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 308 struct cmd_ds_mesh_access mesh_access; 309 int ret; 310 311 memset(&mesh_access, 0, sizeof(mesh_access)); 312 313 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_ANYCAST, &mesh_access); 314 if (ret) 315 return ret; 316 317 return snprintf(buf, 12, "0x%X\n", le32_to_cpu(mesh_access.data[0])); 318 } 319 320 /** 321 * lbs_anycast_set - Set function for sysfs attribute anycast_mask 322 * @dev: the &struct device 323 * @attr: device attributes 324 * @buf: buffer that contains new attribute value 325 * @count: size of buffer 326 */ 327 static ssize_t lbs_anycast_set(struct device *dev, 328 struct device_attribute *attr, const char * buf, size_t count) 329 { 330 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 331 struct cmd_ds_mesh_access mesh_access; 332 uint32_t datum; 333 int ret; 334 335 memset(&mesh_access, 0, sizeof(mesh_access)); 336 sscanf(buf, "%x", &datum); 337 mesh_access.data[0] = cpu_to_le32(datum); 338 339 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_ANYCAST, &mesh_access); 340 if (ret) 341 return ret; 342 343 return strlen(buf); 344 } 345 346 /** 347 * lbs_prb_rsp_limit_get - Get function for sysfs attribute prb_rsp_limit 348 * @dev: the &struct device 349 * @attr: device attributes 350 * @buf: buffer where data will be returned 351 */ 352 static ssize_t lbs_prb_rsp_limit_get(struct device *dev, 353 struct device_attribute *attr, char *buf) 354 { 355 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 356 struct cmd_ds_mesh_access mesh_access; 357 int ret; 358 u32 retry_limit; 359 360 memset(&mesh_access, 0, sizeof(mesh_access)); 361 mesh_access.data[0] = cpu_to_le32(CMD_ACT_GET); 362 363 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT, 364 &mesh_access); 365 if (ret) 366 return ret; 367 368 retry_limit = le32_to_cpu(mesh_access.data[1]); 369 return snprintf(buf, 10, "%d\n", retry_limit); 370 } 371 372 /** 373 * lbs_prb_rsp_limit_set - Set function for sysfs attribute prb_rsp_limit 374 * @dev: the &struct device 375 * @attr: device attributes 376 * @buf: buffer that contains new attribute value 377 * @count: size of buffer 378 */ 379 static ssize_t lbs_prb_rsp_limit_set(struct device *dev, 380 struct device_attribute *attr, const char *buf, size_t count) 381 { 382 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 383 struct cmd_ds_mesh_access mesh_access; 384 int ret; 385 unsigned long retry_limit; 386 387 memset(&mesh_access, 0, sizeof(mesh_access)); 388 mesh_access.data[0] = cpu_to_le32(CMD_ACT_SET); 389 390 if (!kstrtoul(buf, 10, &retry_limit)) 391 return -ENOTSUPP; 392 if (retry_limit > 15) 393 return -ENOTSUPP; 394 395 mesh_access.data[1] = cpu_to_le32(retry_limit); 396 397 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT, 398 &mesh_access); 399 if (ret) 400 return ret; 401 402 return strlen(buf); 403 } 404 405 /** 406 * lbs_mesh_get - Get function for sysfs attribute mesh 407 * @dev: the &struct device 408 * @attr: device attributes 409 * @buf: buffer where data will be returned 410 */ 411 static ssize_t lbs_mesh_get(struct device *dev, 412 struct device_attribute *attr, char * buf) 413 { 414 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 415 return snprintf(buf, 5, "0x%X\n", !!priv->mesh_dev); 416 } 417 418 /** 419 * lbs_mesh_set - Set function for sysfs attribute mesh 420 * @dev: the &struct device 421 * @attr: device attributes 422 * @buf: buffer that contains new attribute value 423 * @count: size of buffer 424 */ 425 static ssize_t lbs_mesh_set(struct device *dev, 426 struct device_attribute *attr, const char * buf, size_t count) 427 { 428 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 429 int enable; 430 431 sscanf(buf, "%x", &enable); 432 enable = !!enable; 433 if (enable == !!priv->mesh_dev) 434 return count; 435 436 if (enable) 437 lbs_add_mesh(priv); 438 else 439 lbs_remove_mesh(priv); 440 441 return count; 442 } 443 444 /* 445 * lbs_mesh attribute to be exported per ethX interface 446 * through sysfs (/sys/class/net/ethX/lbs_mesh) 447 */ 448 static DEVICE_ATTR(lbs_mesh, 0644, lbs_mesh_get, lbs_mesh_set); 449 450 /* 451 * anycast_mask attribute to be exported per mshX interface 452 * through sysfs (/sys/class/net/mshX/anycast_mask) 453 */ 454 static DEVICE_ATTR(anycast_mask, 0644, lbs_anycast_get, lbs_anycast_set); 455 456 /* 457 * prb_rsp_limit attribute to be exported per mshX interface 458 * through sysfs (/sys/class/net/mshX/prb_rsp_limit) 459 */ 460 static DEVICE_ATTR(prb_rsp_limit, 0644, lbs_prb_rsp_limit_get, 461 lbs_prb_rsp_limit_set); 462 463 static struct attribute *lbs_mesh_sysfs_entries[] = { 464 &dev_attr_anycast_mask.attr, 465 &dev_attr_prb_rsp_limit.attr, 466 NULL, 467 }; 468 469 static const struct attribute_group lbs_mesh_attr_group = { 470 .attrs = lbs_mesh_sysfs_entries, 471 }; 472 473 474 /*************************************************************************** 475 * Persistent configuration support 476 */ 477 478 static int mesh_get_default_parameters(struct device *dev, 479 struct mrvl_mesh_defaults *defs) 480 { 481 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 482 struct cmd_ds_mesh_config cmd; 483 int ret; 484 485 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config)); 486 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_GET, 487 CMD_TYPE_MESH_GET_DEFAULTS); 488 489 if (ret) 490 return -EOPNOTSUPP; 491 492 memcpy(defs, &cmd.data[0], sizeof(struct mrvl_mesh_defaults)); 493 494 return 0; 495 } 496 497 /** 498 * bootflag_get - Get function for sysfs attribute bootflag 499 * @dev: the &struct device 500 * @attr: device attributes 501 * @buf: buffer where data will be returned 502 */ 503 static ssize_t bootflag_get(struct device *dev, 504 struct device_attribute *attr, char *buf) 505 { 506 struct mrvl_mesh_defaults defs; 507 int ret; 508 509 ret = mesh_get_default_parameters(dev, &defs); 510 511 if (ret) 512 return ret; 513 514 return snprintf(buf, 12, "%d\n", le32_to_cpu(defs.bootflag)); 515 } 516 517 /** 518 * bootflag_set - Set function for sysfs attribute bootflag 519 * @dev: the &struct device 520 * @attr: device attributes 521 * @buf: buffer that contains new attribute value 522 * @count: size of buffer 523 */ 524 static ssize_t bootflag_set(struct device *dev, struct device_attribute *attr, 525 const char *buf, size_t count) 526 { 527 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 528 struct cmd_ds_mesh_config cmd; 529 uint32_t datum; 530 int ret; 531 532 memset(&cmd, 0, sizeof(cmd)); 533 ret = sscanf(buf, "%d", &datum); 534 if ((ret != 1) || (datum > 1)) 535 return -EINVAL; 536 537 *((__le32 *)&cmd.data[0]) = cpu_to_le32(!!datum); 538 cmd.length = cpu_to_le16(sizeof(uint32_t)); 539 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 540 CMD_TYPE_MESH_SET_BOOTFLAG); 541 if (ret) 542 return ret; 543 544 return strlen(buf); 545 } 546 547 /** 548 * boottime_get - Get function for sysfs attribute boottime 549 * @dev: the &struct device 550 * @attr: device attributes 551 * @buf: buffer where data will be returned 552 */ 553 static ssize_t boottime_get(struct device *dev, 554 struct device_attribute *attr, char *buf) 555 { 556 struct mrvl_mesh_defaults defs; 557 int ret; 558 559 ret = mesh_get_default_parameters(dev, &defs); 560 561 if (ret) 562 return ret; 563 564 return snprintf(buf, 12, "%d\n", defs.boottime); 565 } 566 567 /** 568 * boottime_set - Set function for sysfs attribute boottime 569 * @dev: the &struct device 570 * @attr: device attributes 571 * @buf: buffer that contains new attribute value 572 * @count: size of buffer 573 */ 574 static ssize_t boottime_set(struct device *dev, 575 struct device_attribute *attr, const char *buf, size_t count) 576 { 577 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 578 struct cmd_ds_mesh_config cmd; 579 uint32_t datum; 580 int ret; 581 582 memset(&cmd, 0, sizeof(cmd)); 583 ret = sscanf(buf, "%d", &datum); 584 if ((ret != 1) || (datum > 255)) 585 return -EINVAL; 586 587 /* A too small boot time will result in the device booting into 588 * standalone (no-host) mode before the host can take control of it, 589 * so the change will be hard to revert. This may be a desired 590 * feature (e.g to configure a very fast boot time for devices that 591 * will not be attached to a host), but dangerous. So I'm enforcing a 592 * lower limit of 20 seconds: remove and recompile the driver if this 593 * does not work for you. 594 */ 595 datum = (datum < 20) ? 20 : datum; 596 cmd.data[0] = datum; 597 cmd.length = cpu_to_le16(sizeof(uint8_t)); 598 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 599 CMD_TYPE_MESH_SET_BOOTTIME); 600 if (ret) 601 return ret; 602 603 return strlen(buf); 604 } 605 606 /** 607 * channel_get - Get function for sysfs attribute channel 608 * @dev: the &struct device 609 * @attr: device attributes 610 * @buf: buffer where data will be returned 611 */ 612 static ssize_t channel_get(struct device *dev, 613 struct device_attribute *attr, char *buf) 614 { 615 struct mrvl_mesh_defaults defs; 616 int ret; 617 618 ret = mesh_get_default_parameters(dev, &defs); 619 620 if (ret) 621 return ret; 622 623 return snprintf(buf, 12, "%d\n", le16_to_cpu(defs.channel)); 624 } 625 626 /** 627 * channel_set - Set function for sysfs attribute channel 628 * @dev: the &struct device 629 * @attr: device attributes 630 * @buf: buffer that contains new attribute value 631 * @count: size of buffer 632 */ 633 static ssize_t channel_set(struct device *dev, struct device_attribute *attr, 634 const char *buf, size_t count) 635 { 636 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 637 struct cmd_ds_mesh_config cmd; 638 uint32_t datum; 639 int ret; 640 641 memset(&cmd, 0, sizeof(cmd)); 642 ret = sscanf(buf, "%d", &datum); 643 if (ret != 1 || datum < 1 || datum > 11) 644 return -EINVAL; 645 646 *((__le16 *)&cmd.data[0]) = cpu_to_le16(datum); 647 cmd.length = cpu_to_le16(sizeof(uint16_t)); 648 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 649 CMD_TYPE_MESH_SET_DEF_CHANNEL); 650 if (ret) 651 return ret; 652 653 return strlen(buf); 654 } 655 656 /** 657 * mesh_id_get - Get function for sysfs attribute mesh_id 658 * @dev: the &struct device 659 * @attr: device attributes 660 * @buf: buffer where data will be returned 661 */ 662 static ssize_t mesh_id_get(struct device *dev, struct device_attribute *attr, 663 char *buf) 664 { 665 struct mrvl_mesh_defaults defs; 666 int ret; 667 668 ret = mesh_get_default_parameters(dev, &defs); 669 670 if (ret) 671 return ret; 672 673 if (defs.meshie.val.mesh_id_len > IEEE80211_MAX_SSID_LEN) { 674 dev_err(dev, "inconsistent mesh ID length\n"); 675 defs.meshie.val.mesh_id_len = IEEE80211_MAX_SSID_LEN; 676 } 677 678 memcpy(buf, defs.meshie.val.mesh_id, defs.meshie.val.mesh_id_len); 679 buf[defs.meshie.val.mesh_id_len] = '\n'; 680 buf[defs.meshie.val.mesh_id_len + 1] = '\0'; 681 682 return defs.meshie.val.mesh_id_len + 1; 683 } 684 685 /** 686 * mesh_id_set - Set function for sysfs attribute mesh_id 687 * @dev: the &struct device 688 * @attr: device attributes 689 * @buf: buffer that contains new attribute value 690 * @count: size of buffer 691 */ 692 static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr, 693 const char *buf, size_t count) 694 { 695 struct cmd_ds_mesh_config cmd; 696 struct mrvl_mesh_defaults defs; 697 struct mrvl_meshie *ie; 698 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 699 int len; 700 int ret; 701 702 if (count < 2 || count > IEEE80211_MAX_SSID_LEN + 1) 703 return -EINVAL; 704 705 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config)); 706 ie = (struct mrvl_meshie *) &cmd.data[0]; 707 708 /* fetch all other Information Element parameters */ 709 ret = mesh_get_default_parameters(dev, &defs); 710 711 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 712 713 /* transfer IE elements */ 714 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 715 716 len = count - 1; 717 memcpy(ie->val.mesh_id, buf, len); 718 /* SSID len */ 719 ie->val.mesh_id_len = len; 720 /* IE len */ 721 ie->len = sizeof(struct mrvl_meshie_val) - IEEE80211_MAX_SSID_LEN + len; 722 723 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 724 CMD_TYPE_MESH_SET_MESH_IE); 725 if (ret) 726 return ret; 727 728 return strlen(buf); 729 } 730 731 /** 732 * protocol_id_get - Get function for sysfs attribute protocol_id 733 * @dev: the &struct device 734 * @attr: device attributes 735 * @buf: buffer where data will be returned 736 */ 737 static ssize_t protocol_id_get(struct device *dev, 738 struct device_attribute *attr, char *buf) 739 { 740 struct mrvl_mesh_defaults defs; 741 int ret; 742 743 ret = mesh_get_default_parameters(dev, &defs); 744 745 if (ret) 746 return ret; 747 748 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_protocol_id); 749 } 750 751 /** 752 * protocol_id_set - Set function for sysfs attribute protocol_id 753 * @dev: the &struct device 754 * @attr: device attributes 755 * @buf: buffer that contains new attribute value 756 * @count: size of buffer 757 */ 758 static ssize_t protocol_id_set(struct device *dev, 759 struct device_attribute *attr, const char *buf, size_t count) 760 { 761 struct cmd_ds_mesh_config cmd; 762 struct mrvl_mesh_defaults defs; 763 struct mrvl_meshie *ie; 764 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 765 uint32_t datum; 766 int ret; 767 768 memset(&cmd, 0, sizeof(cmd)); 769 ret = sscanf(buf, "%d", &datum); 770 if ((ret != 1) || (datum > 255)) 771 return -EINVAL; 772 773 /* fetch all other Information Element parameters */ 774 ret = mesh_get_default_parameters(dev, &defs); 775 776 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 777 778 /* transfer IE elements */ 779 ie = (struct mrvl_meshie *) &cmd.data[0]; 780 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 781 /* update protocol id */ 782 ie->val.active_protocol_id = datum; 783 784 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 785 CMD_TYPE_MESH_SET_MESH_IE); 786 if (ret) 787 return ret; 788 789 return strlen(buf); 790 } 791 792 /** 793 * metric_id_get - Get function for sysfs attribute metric_id 794 * @dev: the &struct device 795 * @attr: device attributes 796 * @buf: buffer where data will be returned 797 */ 798 static ssize_t metric_id_get(struct device *dev, 799 struct device_attribute *attr, char *buf) 800 { 801 struct mrvl_mesh_defaults defs; 802 int ret; 803 804 ret = mesh_get_default_parameters(dev, &defs); 805 806 if (ret) 807 return ret; 808 809 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_metric_id); 810 } 811 812 /** 813 * metric_id_set - Set function for sysfs attribute metric_id 814 * @dev: the &struct device 815 * @attr: device attributes 816 * @buf: buffer that contains new attribute value 817 * @count: size of buffer 818 */ 819 static ssize_t metric_id_set(struct device *dev, struct device_attribute *attr, 820 const char *buf, size_t count) 821 { 822 struct cmd_ds_mesh_config cmd; 823 struct mrvl_mesh_defaults defs; 824 struct mrvl_meshie *ie; 825 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 826 uint32_t datum; 827 int ret; 828 829 memset(&cmd, 0, sizeof(cmd)); 830 ret = sscanf(buf, "%d", &datum); 831 if ((ret != 1) || (datum > 255)) 832 return -EINVAL; 833 834 /* fetch all other Information Element parameters */ 835 ret = mesh_get_default_parameters(dev, &defs); 836 837 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 838 839 /* transfer IE elements */ 840 ie = (struct mrvl_meshie *) &cmd.data[0]; 841 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 842 /* update metric id */ 843 ie->val.active_metric_id = datum; 844 845 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 846 CMD_TYPE_MESH_SET_MESH_IE); 847 if (ret) 848 return ret; 849 850 return strlen(buf); 851 } 852 853 /** 854 * capability_get - Get function for sysfs attribute capability 855 * @dev: the &struct device 856 * @attr: device attributes 857 * @buf: buffer where data will be returned 858 */ 859 static ssize_t capability_get(struct device *dev, 860 struct device_attribute *attr, char *buf) 861 { 862 struct mrvl_mesh_defaults defs; 863 int ret; 864 865 ret = mesh_get_default_parameters(dev, &defs); 866 867 if (ret) 868 return ret; 869 870 return snprintf(buf, 5, "%d\n", defs.meshie.val.mesh_capability); 871 } 872 873 /** 874 * capability_set - Set function for sysfs attribute capability 875 * @dev: the &struct device 876 * @attr: device attributes 877 * @buf: buffer that contains new attribute value 878 * @count: size of buffer 879 */ 880 static ssize_t capability_set(struct device *dev, struct device_attribute *attr, 881 const char *buf, size_t count) 882 { 883 struct cmd_ds_mesh_config cmd; 884 struct mrvl_mesh_defaults defs; 885 struct mrvl_meshie *ie; 886 struct lbs_private *priv = to_net_dev(dev)->ml_priv; 887 uint32_t datum; 888 int ret; 889 890 memset(&cmd, 0, sizeof(cmd)); 891 ret = sscanf(buf, "%d", &datum); 892 if ((ret != 1) || (datum > 255)) 893 return -EINVAL; 894 895 /* fetch all other Information Element parameters */ 896 ret = mesh_get_default_parameters(dev, &defs); 897 898 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie)); 899 900 /* transfer IE elements */ 901 ie = (struct mrvl_meshie *) &cmd.data[0]; 902 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie)); 903 /* update value */ 904 ie->val.mesh_capability = datum; 905 906 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET, 907 CMD_TYPE_MESH_SET_MESH_IE); 908 if (ret) 909 return ret; 910 911 return strlen(buf); 912 } 913 914 915 static DEVICE_ATTR(bootflag, 0644, bootflag_get, bootflag_set); 916 static DEVICE_ATTR(boottime, 0644, boottime_get, boottime_set); 917 static DEVICE_ATTR(channel, 0644, channel_get, channel_set); 918 static DEVICE_ATTR(mesh_id, 0644, mesh_id_get, mesh_id_set); 919 static DEVICE_ATTR(protocol_id, 0644, protocol_id_get, protocol_id_set); 920 static DEVICE_ATTR(metric_id, 0644, metric_id_get, metric_id_set); 921 static DEVICE_ATTR(capability, 0644, capability_get, capability_set); 922 923 static struct attribute *boot_opts_attrs[] = { 924 &dev_attr_bootflag.attr, 925 &dev_attr_boottime.attr, 926 &dev_attr_channel.attr, 927 NULL 928 }; 929 930 static const struct attribute_group boot_opts_group = { 931 .name = "boot_options", 932 .attrs = boot_opts_attrs, 933 }; 934 935 static struct attribute *mesh_ie_attrs[] = { 936 &dev_attr_mesh_id.attr, 937 &dev_attr_protocol_id.attr, 938 &dev_attr_metric_id.attr, 939 &dev_attr_capability.attr, 940 NULL 941 }; 942 943 static const struct attribute_group mesh_ie_group = { 944 .name = "mesh_ie", 945 .attrs = mesh_ie_attrs, 946 }; 947 948 static void lbs_persist_config_init(struct net_device *dev) 949 { 950 int ret; 951 ret = sysfs_create_group(&(dev->dev.kobj), &boot_opts_group); 952 ret = sysfs_create_group(&(dev->dev.kobj), &mesh_ie_group); 953 } 954 955 static void lbs_persist_config_remove(struct net_device *dev) 956 { 957 sysfs_remove_group(&(dev->dev.kobj), &boot_opts_group); 958 sysfs_remove_group(&(dev->dev.kobj), &mesh_ie_group); 959 } 960 961 962 /*************************************************************************** 963 * Initializing and starting, stopping mesh 964 */ 965 966 /* 967 * Check mesh FW version and appropriately send the mesh start 968 * command 969 */ 970 int lbs_init_mesh(struct lbs_private *priv) 971 { 972 int ret = 0; 973 974 lbs_deb_enter(LBS_DEB_MESH); 975 976 /* Determine mesh_fw_ver from fwrelease and fwcapinfo */ 977 /* 5.0.16p0 9.0.0.p0 is known to NOT support any mesh */ 978 /* 5.110.22 have mesh command with 0xa3 command id */ 979 /* 10.0.0.p0 FW brings in mesh config command with different id */ 980 /* Check FW version MSB and initialize mesh_fw_ver */ 981 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5) { 982 /* Enable mesh, if supported, and work out which TLV it uses. 983 0x100 + 291 is an unofficial value used in 5.110.20.pXX 984 0x100 + 37 is the official value used in 5.110.21.pXX 985 but we check them in that order because 20.pXX doesn't 986 give an error -- it just silently fails. */ 987 988 /* 5.110.20.pXX firmware will fail the command if the channel 989 doesn't match the existing channel. But only if the TLV 990 is correct. If the channel is wrong, _BOTH_ versions will 991 give an error to 0x100+291, and allow 0x100+37 to succeed. 992 It's just that 5.110.20.pXX will not have done anything 993 useful */ 994 995 priv->mesh_tlv = TLV_TYPE_OLD_MESH_ID; 996 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) { 997 priv->mesh_tlv = TLV_TYPE_MESH_ID; 998 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) 999 priv->mesh_tlv = 0; 1000 } 1001 } else 1002 if ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) && 1003 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK)) { 1004 /* 10.0.0.pXX new firmwares should succeed with TLV 1005 * 0x100+37; Do not invoke command with old TLV. 1006 */ 1007 priv->mesh_tlv = TLV_TYPE_MESH_ID; 1008 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) 1009 priv->mesh_tlv = 0; 1010 } 1011 1012 /* Stop meshing until interface is brought up */ 1013 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP, 1); 1014 1015 if (priv->mesh_tlv) { 1016 sprintf(priv->mesh_ssid, "mesh"); 1017 priv->mesh_ssid_len = 4; 1018 ret = 1; 1019 } 1020 1021 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret); 1022 return ret; 1023 } 1024 1025 void lbs_start_mesh(struct lbs_private *priv) 1026 { 1027 lbs_add_mesh(priv); 1028 1029 if (device_create_file(&priv->dev->dev, &dev_attr_lbs_mesh)) 1030 netdev_err(priv->dev, "cannot register lbs_mesh attribute\n"); 1031 } 1032 1033 int lbs_deinit_mesh(struct lbs_private *priv) 1034 { 1035 struct net_device *dev = priv->dev; 1036 int ret = 0; 1037 1038 lbs_deb_enter(LBS_DEB_MESH); 1039 1040 if (priv->mesh_tlv) { 1041 device_remove_file(&dev->dev, &dev_attr_lbs_mesh); 1042 ret = 1; 1043 } 1044 1045 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret); 1046 return ret; 1047 } 1048 1049 1050 /** 1051 * lbs_mesh_stop - close the mshX interface 1052 * 1053 * @dev: A pointer to &net_device structure 1054 * returns: 0 1055 */ 1056 static int lbs_mesh_stop(struct net_device *dev) 1057 { 1058 struct lbs_private *priv = dev->ml_priv; 1059 1060 lbs_deb_enter(LBS_DEB_MESH); 1061 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP, 1062 lbs_mesh_get_channel(priv)); 1063 1064 spin_lock_irq(&priv->driver_lock); 1065 1066 netif_stop_queue(dev); 1067 netif_carrier_off(dev); 1068 1069 spin_unlock_irq(&priv->driver_lock); 1070 1071 lbs_update_mcast(priv); 1072 if (!lbs_iface_active(priv)) 1073 lbs_stop_iface(priv); 1074 1075 lbs_deb_leave(LBS_DEB_MESH); 1076 return 0; 1077 } 1078 1079 /** 1080 * lbs_mesh_dev_open - open the mshX interface 1081 * 1082 * @dev: A pointer to &net_device structure 1083 * returns: 0 or -EBUSY if monitor mode active 1084 */ 1085 static int lbs_mesh_dev_open(struct net_device *dev) 1086 { 1087 struct lbs_private *priv = dev->ml_priv; 1088 int ret = 0; 1089 1090 lbs_deb_enter(LBS_DEB_NET); 1091 if (!priv->iface_running) { 1092 ret = lbs_start_iface(priv); 1093 if (ret) 1094 goto out; 1095 } 1096 1097 spin_lock_irq(&priv->driver_lock); 1098 1099 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) { 1100 ret = -EBUSY; 1101 spin_unlock_irq(&priv->driver_lock); 1102 goto out; 1103 } 1104 1105 netif_carrier_on(dev); 1106 1107 if (!priv->tx_pending_len) 1108 netif_wake_queue(dev); 1109 1110 spin_unlock_irq(&priv->driver_lock); 1111 1112 ret = lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1113 lbs_mesh_get_channel(priv)); 1114 1115 out: 1116 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret); 1117 return ret; 1118 } 1119 1120 static const struct net_device_ops mesh_netdev_ops = { 1121 .ndo_open = lbs_mesh_dev_open, 1122 .ndo_stop = lbs_mesh_stop, 1123 .ndo_start_xmit = lbs_hard_start_xmit, 1124 .ndo_set_mac_address = lbs_set_mac_address, 1125 .ndo_set_rx_mode = lbs_set_multicast_list, 1126 }; 1127 1128 /** 1129 * lbs_add_mesh - add mshX interface 1130 * 1131 * @priv: A pointer to the &struct lbs_private structure 1132 * returns: 0 if successful, -X otherwise 1133 */ 1134 static int lbs_add_mesh(struct lbs_private *priv) 1135 { 1136 struct net_device *mesh_dev = NULL; 1137 struct wireless_dev *mesh_wdev; 1138 int ret = 0; 1139 1140 lbs_deb_enter(LBS_DEB_MESH); 1141 1142 /* Allocate a virtual mesh device */ 1143 mesh_wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL); 1144 if (!mesh_wdev) { 1145 lbs_deb_mesh("init mshX wireless device failed\n"); 1146 ret = -ENOMEM; 1147 goto done; 1148 } 1149 1150 mesh_dev = alloc_netdev(0, "msh%d", NET_NAME_UNKNOWN, ether_setup); 1151 if (!mesh_dev) { 1152 lbs_deb_mesh("init mshX device failed\n"); 1153 ret = -ENOMEM; 1154 goto err_free_wdev; 1155 } 1156 1157 mesh_wdev->iftype = NL80211_IFTYPE_MESH_POINT; 1158 mesh_wdev->wiphy = priv->wdev->wiphy; 1159 mesh_wdev->netdev = mesh_dev; 1160 1161 mesh_dev->ml_priv = priv; 1162 mesh_dev->ieee80211_ptr = mesh_wdev; 1163 priv->mesh_dev = mesh_dev; 1164 1165 mesh_dev->netdev_ops = &mesh_netdev_ops; 1166 mesh_dev->ethtool_ops = &lbs_ethtool_ops; 1167 eth_hw_addr_inherit(mesh_dev, priv->dev); 1168 1169 SET_NETDEV_DEV(priv->mesh_dev, priv->dev->dev.parent); 1170 1171 mesh_dev->flags |= IFF_BROADCAST | IFF_MULTICAST; 1172 /* Register virtual mesh interface */ 1173 ret = register_netdev(mesh_dev); 1174 if (ret) { 1175 pr_err("cannot register mshX virtual interface\n"); 1176 goto err_free_netdev; 1177 } 1178 1179 ret = sysfs_create_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group); 1180 if (ret) 1181 goto err_unregister; 1182 1183 lbs_persist_config_init(mesh_dev); 1184 1185 /* Everything successful */ 1186 ret = 0; 1187 goto done; 1188 1189 err_unregister: 1190 unregister_netdev(mesh_dev); 1191 1192 err_free_netdev: 1193 free_netdev(mesh_dev); 1194 1195 err_free_wdev: 1196 kfree(mesh_wdev); 1197 1198 done: 1199 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret); 1200 return ret; 1201 } 1202 1203 void lbs_remove_mesh(struct lbs_private *priv) 1204 { 1205 struct net_device *mesh_dev; 1206 1207 mesh_dev = priv->mesh_dev; 1208 if (!mesh_dev) 1209 return; 1210 1211 lbs_deb_enter(LBS_DEB_MESH); 1212 netif_stop_queue(mesh_dev); 1213 netif_carrier_off(mesh_dev); 1214 sysfs_remove_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group); 1215 lbs_persist_config_remove(mesh_dev); 1216 unregister_netdev(mesh_dev); 1217 priv->mesh_dev = NULL; 1218 kfree(mesh_dev->ieee80211_ptr); 1219 free_netdev(mesh_dev); 1220 lbs_deb_leave(LBS_DEB_MESH); 1221 } 1222 1223 1224 /*************************************************************************** 1225 * Sending and receiving 1226 */ 1227 struct net_device *lbs_mesh_set_dev(struct lbs_private *priv, 1228 struct net_device *dev, struct rxpd *rxpd) 1229 { 1230 if (priv->mesh_dev) { 1231 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID) { 1232 if (rxpd->rx_control & RxPD_MESH_FRAME) 1233 dev = priv->mesh_dev; 1234 } else if (priv->mesh_tlv == TLV_TYPE_MESH_ID) { 1235 if (rxpd->u.bss.bss_num == MESH_IFACE_ID) 1236 dev = priv->mesh_dev; 1237 } 1238 } 1239 return dev; 1240 } 1241 1242 1243 void lbs_mesh_set_txpd(struct lbs_private *priv, 1244 struct net_device *dev, struct txpd *txpd) 1245 { 1246 if (dev == priv->mesh_dev) { 1247 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID) 1248 txpd->tx_control |= cpu_to_le32(TxPD_MESH_FRAME); 1249 else if (priv->mesh_tlv == TLV_TYPE_MESH_ID) 1250 txpd->u.bss.bss_num = MESH_IFACE_ID; 1251 } 1252 } 1253 1254 1255 /*************************************************************************** 1256 * Ethtool related 1257 */ 1258 1259 static const char * const mesh_stat_strings[] = { 1260 "drop_duplicate_bcast", 1261 "drop_ttl_zero", 1262 "drop_no_fwd_route", 1263 "drop_no_buffers", 1264 "fwded_unicast_cnt", 1265 "fwded_bcast_cnt", 1266 "drop_blind_table", 1267 "tx_failed_cnt" 1268 }; 1269 1270 void lbs_mesh_ethtool_get_stats(struct net_device *dev, 1271 struct ethtool_stats *stats, uint64_t *data) 1272 { 1273 struct lbs_private *priv = dev->ml_priv; 1274 struct cmd_ds_mesh_access mesh_access; 1275 int ret; 1276 1277 lbs_deb_enter(LBS_DEB_ETHTOOL); 1278 1279 /* Get Mesh Statistics */ 1280 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_STATS, &mesh_access); 1281 1282 if (ret) { 1283 memset(data, 0, MESH_STATS_NUM*(sizeof(uint64_t))); 1284 return; 1285 } 1286 1287 priv->mstats.fwd_drop_rbt = le32_to_cpu(mesh_access.data[0]); 1288 priv->mstats.fwd_drop_ttl = le32_to_cpu(mesh_access.data[1]); 1289 priv->mstats.fwd_drop_noroute = le32_to_cpu(mesh_access.data[2]); 1290 priv->mstats.fwd_drop_nobuf = le32_to_cpu(mesh_access.data[3]); 1291 priv->mstats.fwd_unicast_cnt = le32_to_cpu(mesh_access.data[4]); 1292 priv->mstats.fwd_bcast_cnt = le32_to_cpu(mesh_access.data[5]); 1293 priv->mstats.drop_blind = le32_to_cpu(mesh_access.data[6]); 1294 priv->mstats.tx_failed_cnt = le32_to_cpu(mesh_access.data[7]); 1295 1296 data[0] = priv->mstats.fwd_drop_rbt; 1297 data[1] = priv->mstats.fwd_drop_ttl; 1298 data[2] = priv->mstats.fwd_drop_noroute; 1299 data[3] = priv->mstats.fwd_drop_nobuf; 1300 data[4] = priv->mstats.fwd_unicast_cnt; 1301 data[5] = priv->mstats.fwd_bcast_cnt; 1302 data[6] = priv->mstats.drop_blind; 1303 data[7] = priv->mstats.tx_failed_cnt; 1304 1305 lbs_deb_enter(LBS_DEB_ETHTOOL); 1306 } 1307 1308 int lbs_mesh_ethtool_get_sset_count(struct net_device *dev, int sset) 1309 { 1310 struct lbs_private *priv = dev->ml_priv; 1311 1312 if (sset == ETH_SS_STATS && dev == priv->mesh_dev) 1313 return MESH_STATS_NUM; 1314 1315 return -EOPNOTSUPP; 1316 } 1317 1318 void lbs_mesh_ethtool_get_strings(struct net_device *dev, 1319 uint32_t stringset, uint8_t *s) 1320 { 1321 int i; 1322 1323 lbs_deb_enter(LBS_DEB_ETHTOOL); 1324 1325 switch (stringset) { 1326 case ETH_SS_STATS: 1327 for (i = 0; i < MESH_STATS_NUM; i++) { 1328 memcpy(s + i * ETH_GSTRING_LEN, 1329 mesh_stat_strings[i], 1330 ETH_GSTRING_LEN); 1331 } 1332 break; 1333 } 1334 lbs_deb_enter(LBS_DEB_ETHTOOL); 1335 } 1336 1337 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/mesh.o.c.prepared" 1338 1339 int ldv_retval_5; 1340 int ldv_retval_6; 1341 int ldv_ndo_init_4(void); 1342 int ldv_ndo_uninit_4(void); 1343 1344 1345 void ldv_net_device_ops_4(void){ 1346 mesh_netdev_ops_group1 = ldv_undef_ptr(); 1347 } 1348 1349 1350 int evil_hack_4(void){ 1351 rtnl_lock(); 1352 return 1; 1353 } 1354 1355 1356 void ldv_main_exported_6(void){ 1357 struct device *ldvarg52; 1358 char const *ldvarg56; 1359 struct device *ldvarg55; 1360 char *ldvarg53; 1361 size_t ldvarg54; 1362 /*DEG-struct: handlers from structure dev_attr_metric_id*/ 1363 switch(__VERIFIER_nondet_int()){ 1364 case 0:{ 1365 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1366 if(ldv_state_variable_6 == 1){ 1367 /*DEG-CALL: handler store from dev_attr_metric_id*/ 1368 (& metric_id_set)(ldvarg55,dev_attr_metric_id_group1,ldvarg56,ldvarg54); 1369 ldv_state_variable_6 = 1; 1370 } 1371 } 1372 break; 1373 case 1:{ 1374 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1375 if(ldv_state_variable_6 == 1){ 1376 /*DEG-CALL: handler show from dev_attr_metric_id*/ 1377 (& metric_id_get)(ldvarg52,dev_attr_metric_id_group1,ldvarg53); 1378 ldv_state_variable_6 = 1; 1379 } 1380 } 1381 break; 1382 default: ldv_assume(0); 1383 } 1384 1385 }; 1386 1387 1388 void ldv_main_exported_11(void){ 1389 size_t ldvarg2; 1390 struct device *ldvarg0; 1391 struct device *ldvarg3; 1392 char const *ldvarg4; 1393 char *ldvarg1; 1394 /*DEG-struct: handlers from structure dev_attr_bootflag*/ 1395 switch(__VERIFIER_nondet_int()){ 1396 case 0:{ 1397 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1398 if(ldv_state_variable_11 == 1){ 1399 /*DEG-CALL: handler store from dev_attr_bootflag*/ 1400 (& bootflag_set)(ldvarg3,dev_attr_bootflag_group1,ldvarg4,ldvarg2); 1401 ldv_state_variable_11 = 1; 1402 } 1403 } 1404 break; 1405 case 1:{ 1406 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1407 if(ldv_state_variable_11 == 1){ 1408 /*DEG-CALL: handler show from dev_attr_bootflag*/ 1409 (& bootflag_get)(ldvarg0,dev_attr_bootflag_group1,ldvarg1); 1410 ldv_state_variable_11 = 1; 1411 } 1412 } 1413 break; 1414 default: ldv_assume(0); 1415 } 1416 1417 }; 1418 1419 1420 void ldv_main_exported_7(void){ 1421 char *ldvarg6; 1422 struct device *ldvarg5; 1423 char const *ldvarg9; 1424 size_t ldvarg7; 1425 struct device *ldvarg8; 1426 /*DEG-struct: handlers from structure dev_attr_protocol_id*/ 1427 switch(__VERIFIER_nondet_int()){ 1428 case 0:{ 1429 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1430 if(ldv_state_variable_7 == 1){ 1431 /*DEG-CALL: handler store from dev_attr_protocol_id*/ 1432 (& protocol_id_set)(ldvarg8,dev_attr_protocol_id_group1,ldvarg9,ldvarg7); 1433 ldv_state_variable_7 = 1; 1434 } 1435 } 1436 break; 1437 case 1:{ 1438 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1439 if(ldv_state_variable_7 == 1){ 1440 /*DEG-CALL: handler show from dev_attr_protocol_id*/ 1441 (& protocol_id_get)(ldvarg5,dev_attr_protocol_id_group1,ldvarg6); 1442 ldv_state_variable_7 = 1; 1443 } 1444 } 1445 break; 1446 default: ldv_assume(0); 1447 } 1448 1449 }; 1450 1451 1452 void ldv_main_exported_9(void){ 1453 size_t ldvarg59; 1454 struct device *ldvarg60; 1455 char const *ldvarg61; 1456 char *ldvarg58; 1457 struct device *ldvarg57; 1458 /*DEG-struct: handlers from structure dev_attr_channel*/ 1459 switch(__VERIFIER_nondet_int()){ 1460 case 0:{ 1461 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1462 if(ldv_state_variable_9 == 1){ 1463 /*DEG-CALL: handler store from dev_attr_channel*/ 1464 (& channel_set)(ldvarg60,dev_attr_channel_group1,ldvarg61,ldvarg59); 1465 ldv_state_variable_9 = 1; 1466 } 1467 } 1468 break; 1469 case 1:{ 1470 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1471 if(ldv_state_variable_9 == 1){ 1472 /*DEG-CALL: handler show from dev_attr_channel*/ 1473 (& channel_get)(ldvarg57,dev_attr_channel_group1,ldvarg58); 1474 ldv_state_variable_9 = 1; 1475 } 1476 } 1477 break; 1478 default: ldv_assume(0); 1479 } 1480 1481 }; 1482 1483 1484 void ldv_main_exported_12(void){ 1485 struct device *ldvarg62; 1486 size_t ldvarg64; 1487 char const *ldvarg66; 1488 char *ldvarg63; 1489 struct device *ldvarg65; 1490 /*DEG-struct: handlers from structure dev_attr_prb_rsp_limit*/ 1491 switch(__VERIFIER_nondet_int()){ 1492 case 0:{ 1493 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1494 if(ldv_state_variable_12 == 1){ 1495 /*DEG-CALL: handler store from dev_attr_prb_rsp_limit*/ 1496 (& lbs_prb_rsp_limit_set)(ldvarg65,dev_attr_prb_rsp_limit_group1,ldvarg66,ldvarg64); 1497 ldv_state_variable_12 = 1; 1498 } 1499 } 1500 break; 1501 case 1:{ 1502 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1503 if(ldv_state_variable_12 == 1){ 1504 /*DEG-CALL: handler show from dev_attr_prb_rsp_limit*/ 1505 (& lbs_prb_rsp_limit_get)(ldvarg62,dev_attr_prb_rsp_limit_group1,ldvarg63); 1506 ldv_state_variable_12 = 1; 1507 } 1508 } 1509 break; 1510 default: ldv_assume(0); 1511 } 1512 1513 }; 1514 1515 1516 void ldv_main_exported_14(void){ 1517 size_t ldvarg69; 1518 char *ldvarg68; 1519 char const *ldvarg71; 1520 struct device *ldvarg67; 1521 struct device *ldvarg70; 1522 /*DEG-struct: handlers from structure dev_attr_lbs_mesh*/ 1523 switch(__VERIFIER_nondet_int()){ 1524 case 0:{ 1525 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1526 if(ldv_state_variable_14 == 1){ 1527 /*DEG-CALL: handler store from dev_attr_lbs_mesh*/ 1528 (& lbs_mesh_set)(ldvarg70,dev_attr_lbs_mesh_group1,ldvarg71,ldvarg69); 1529 ldv_state_variable_14 = 1; 1530 } 1531 } 1532 break; 1533 case 1:{ 1534 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1535 if(ldv_state_variable_14 == 1){ 1536 /*DEG-CALL: handler show from dev_attr_lbs_mesh*/ 1537 (& lbs_mesh_get)(ldvarg67,dev_attr_lbs_mesh_group1,ldvarg68); 1538 ldv_state_variable_14 = 1; 1539 } 1540 } 1541 break; 1542 default: ldv_assume(0); 1543 } 1544 1545 }; 1546 1547 1548 void ldv_main_exported_8(void){ 1549 struct device *ldvarg75; 1550 char *ldvarg76; 1551 struct device *ldvarg78; 1552 char const *ldvarg79; 1553 size_t ldvarg77; 1554 /*DEG-struct: handlers from structure dev_attr_mesh_id*/ 1555 switch(__VERIFIER_nondet_int()){ 1556 case 0:{ 1557 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1558 if(ldv_state_variable_8 == 1){ 1559 /*DEG-CALL: handler store from dev_attr_mesh_id*/ 1560 (& mesh_id_set)(ldvarg78,dev_attr_mesh_id_group1,ldvarg79,ldvarg77); 1561 ldv_state_variable_8 = 1; 1562 } 1563 } 1564 break; 1565 case 1:{ 1566 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1567 if(ldv_state_variable_8 == 1){ 1568 /*DEG-CALL: handler show from dev_attr_mesh_id*/ 1569 (& mesh_id_get)(ldvarg75,dev_attr_mesh_id_group1,ldvarg76); 1570 ldv_state_variable_8 = 1; 1571 } 1572 } 1573 break; 1574 default: ldv_assume(0); 1575 } 1576 1577 }; 1578 1579 1580 void ldv_main_exported_4(void){ 1581 void *ldvarg80; 1582 struct sk_buff *ldvarg81; 1583 /*DEG-struct: handlers from structure mesh_netdev_ops*/ 1584 switch(__VERIFIER_nondet_int()){ 1585 case 0:{ 1586 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1587 if(ldv_state_variable_4 == 1){ 1588 /*DEG-CALL: handler ndo_set_rx_mode from mesh_netdev_ops*/ 1589 (& lbs_set_multicast_list)(mesh_netdev_ops_group1); 1590 /*DEG-postcall: default*/ 1591 ldv_state_variable_4 = 1; 1592 } 1593 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 1594 if(ldv_state_variable_4 == 3){ 1595 /*DEG-CALL: handler ndo_set_rx_mode from mesh_netdev_ops*/ 1596 (& lbs_set_multicast_list)(mesh_netdev_ops_group1); 1597 /*DEG-postcall: default*/ 1598 ldv_state_variable_4 = 3; 1599 } 1600 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1601 if(ldv_state_variable_4 == 2){ 1602 /*DEG-CALL: handler ndo_set_rx_mode from mesh_netdev_ops*/ 1603 (& lbs_set_multicast_list)(mesh_netdev_ops_group1); 1604 /*DEG-postcall: default*/ 1605 ldv_state_variable_4 = 2; 1606 } 1607 } 1608 break; 1609 case 1:{ 1610 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 1611 if(ldv_state_variable_4 == 3 && evil_hack_4()){ 1612 /*DEG-CALL: handler ndo_stop from mesh_netdev_ops*/ 1613 (& lbs_mesh_stop)(mesh_netdev_ops_group1); 1614 ldv_state_variable_4 = 2; 1615 rtnl_unlock(); 1616 } 1617 } 1618 break; 1619 case 2:{ 1620 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1621 if(ldv_state_variable_4 == 2 && evil_hack_4()){ 1622 /*DEG-CALL: handler ndo_open from mesh_netdev_ops*/ 1623 ldv_retval_6=(& lbs_mesh_dev_open)(mesh_netdev_ops_group1); 1624 if(ldv_retval_6==0){ 1625 ldv_state_variable_4 = 3; 1626 } 1627 } 1628 } 1629 break; 1630 case 3:{ 1631 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 1632 if(ldv_state_variable_4 == 3){ 1633 /*DEG-CALL: handler ndo_start_xmit from mesh_netdev_ops*/ 1634 (& lbs_hard_start_xmit)(ldvarg81,mesh_netdev_ops_group1); 1635 /*DEG-postcall: default*/ 1636 ldv_state_variable_4 = 3; 1637 } 1638 } 1639 break; 1640 case 4:{ 1641 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1642 if(ldv_state_variable_4 == 1){ 1643 /*DEG-CALL: handler ndo_set_mac_address from mesh_netdev_ops*/ 1644 (& lbs_set_mac_address)(mesh_netdev_ops_group1,ldvarg80); 1645 /*DEG-postcall: default*/ 1646 ldv_state_variable_4 = 1; 1647 } 1648 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 1649 if(ldv_state_variable_4 == 3){ 1650 /*DEG-CALL: handler ndo_set_mac_address from mesh_netdev_ops*/ 1651 (& lbs_set_mac_address)(mesh_netdev_ops_group1,ldvarg80); 1652 /*DEG-postcall: default*/ 1653 ldv_state_variable_4 = 3; 1654 } 1655 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1656 if(ldv_state_variable_4 == 2){ 1657 /*DEG-CALL: handler ndo_set_mac_address from mesh_netdev_ops*/ 1658 (& lbs_set_mac_address)(mesh_netdev_ops_group1,ldvarg80); 1659 /*DEG-postcall: default*/ 1660 ldv_state_variable_4 = 2; 1661 } 1662 } 1663 break; 1664 case 5:{ 1665 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1666 if(ldv_state_variable_4 == 1){ 1667 /*DEG-CALL: handler ndo_init from mesh_netdev_ops*/ 1668 ldv_retval_5=ldv_ndo_init_4(); 1669 if(ldv_retval_5==0){ 1670 ldv_state_variable_4 = 2; 1671 ref_cnt++; 1672 } 1673 } 1674 } 1675 break; 1676 case 6:{ 1677 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1678 if(ldv_state_variable_4 == 2 && evil_hack_4()){ 1679 /*DEG-CALL: handler ndo_uninit from mesh_netdev_ops*/ 1680 ldv_ndo_uninit_4(); 1681 ldv_state_variable_4 = 1; 1682 ref_cnt--; 1683 rtnl_unlock(); 1684 } 1685 } 1686 break; 1687 default: ldv_assume(0); 1688 } 1689 1690 }; 1691 1692 1693 void ldv_main_exported_13(void){ 1694 struct device *ldvarg47; 1695 struct device *ldvarg50; 1696 size_t ldvarg49; 1697 char const *ldvarg51; 1698 char *ldvarg48; 1699 /*DEG-struct: handlers from structure dev_attr_anycast_mask*/ 1700 switch(__VERIFIER_nondet_int()){ 1701 case 0:{ 1702 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1703 if(ldv_state_variable_13 == 1){ 1704 /*DEG-CALL: handler store from dev_attr_anycast_mask*/ 1705 (& lbs_anycast_set)(ldvarg50,dev_attr_anycast_mask_group1,ldvarg51,ldvarg49); 1706 ldv_state_variable_13 = 1; 1707 } 1708 } 1709 break; 1710 case 1:{ 1711 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1712 if(ldv_state_variable_13 == 1){ 1713 /*DEG-CALL: handler show from dev_attr_anycast_mask*/ 1714 (& lbs_anycast_get)(ldvarg47,dev_attr_anycast_mask_group1,ldvarg48); 1715 ldv_state_variable_13 = 1; 1716 } 1717 } 1718 break; 1719 default: ldv_assume(0); 1720 } 1721 1722 }; 1723 1724 1725 void ldv_main_exported_10(void){ 1726 char *ldvarg83; 1727 char const *ldvarg86; 1728 struct device *ldvarg82; 1729 size_t ldvarg84; 1730 struct device *ldvarg85; 1731 /*DEG-struct: handlers from structure dev_attr_boottime*/ 1732 switch(__VERIFIER_nondet_int()){ 1733 case 0:{ 1734 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1735 if(ldv_state_variable_10 == 1){ 1736 /*DEG-CALL: handler store from dev_attr_boottime*/ 1737 (& boottime_set)(ldvarg85,dev_attr_boottime_group1,ldvarg86,ldvarg84); 1738 ldv_state_variable_10 = 1; 1739 } 1740 } 1741 break; 1742 case 1:{ 1743 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1744 if(ldv_state_variable_10 == 1){ 1745 /*DEG-CALL: handler show from dev_attr_boottime*/ 1746 (& boottime_get)(ldvarg82,dev_attr_boottime_group1,ldvarg83); 1747 ldv_state_variable_10 = 1; 1748 } 1749 } 1750 break; 1751 default: ldv_assume(0); 1752 } 1753 1754 }; 1755 1756 1757 void ldv_main_exported_5(void){ 1758 struct device *ldvarg87; 1759 struct device *ldvarg90; 1760 size_t ldvarg89; 1761 char *ldvarg88; 1762 char const *ldvarg91; 1763 /*DEG-struct: handlers from structure dev_attr_capability*/ 1764 switch(__VERIFIER_nondet_int()){ 1765 case 0:{ 1766 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1767 if(ldv_state_variable_5 == 1){ 1768 /*DEG-CALL: handler store from dev_attr_capability*/ 1769 (& capability_set)(ldvarg90,dev_attr_capability_group1,ldvarg91,ldvarg89); 1770 ldv_state_variable_5 = 1; 1771 } 1772 } 1773 break; 1774 case 1:{ 1775 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1776 if(ldv_state_variable_5 == 1){ 1777 /*DEG-CALL: handler show from dev_attr_capability*/ 1778 (& capability_get)(ldvarg87,dev_attr_capability_group1,ldvarg88); 1779 ldv_state_variable_5 = 1; 1780 } 1781 } 1782 break; 1783 default: ldv_assume(0); 1784 } 1785 1786 };
1 /* 2 * This file contains the handling of TX in wlan driver. 3 */ 4 #include <linux/hardirq.h> 5 #include <linux/netdevice.h> 6 #include <linux/etherdevice.h> 7 #include <linux/sched.h> 8 #include <linux/export.h> 9 #include <net/cfg80211.h> 10 11 #include "host.h" 12 #include "radiotap.h" 13 #include "decl.h" 14 #include "defs.h" 15 #include "dev.h" 16 #include "mesh.h" 17 18 /** 19 * convert_radiotap_rate_to_mv - converts Tx/Rx rates from IEEE80211_RADIOTAP_RATE 20 * units (500 Kb/s) into Marvell WLAN format (see Table 8 in Section 3.2.1) 21 * 22 * @rate: Input rate 23 * returns: Output Rate (0 if invalid) 24 */ 25 static u32 convert_radiotap_rate_to_mv(u8 rate) 26 { 27 switch (rate) { 28 case 2: /* 1 Mbps */ 29 return 0 | (1 << 4); 30 case 4: /* 2 Mbps */ 31 return 1 | (1 << 4); 32 case 11: /* 5.5 Mbps */ 33 return 2 | (1 << 4); 34 case 22: /* 11 Mbps */ 35 return 3 | (1 << 4); 36 case 12: /* 6 Mbps */ 37 return 4 | (1 << 4); 38 case 18: /* 9 Mbps */ 39 return 5 | (1 << 4); 40 case 24: /* 12 Mbps */ 41 return 6 | (1 << 4); 42 case 36: /* 18 Mbps */ 43 return 7 | (1 << 4); 44 case 48: /* 24 Mbps */ 45 return 8 | (1 << 4); 46 case 72: /* 36 Mbps */ 47 return 9 | (1 << 4); 48 case 96: /* 48 Mbps */ 49 return 10 | (1 << 4); 50 case 108: /* 54 Mbps */ 51 return 11 | (1 << 4); 52 } 53 return 0; 54 } 55 56 /** 57 * lbs_hard_start_xmit - checks the conditions and sends packet to IF 58 * layer if everything is ok 59 * 60 * @skb: A pointer to skb which includes TX packet 61 * @dev: A pointer to the &struct net_device 62 * returns: 0 or -1 63 */ 64 netdev_tx_t lbs_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) 65 { 66 unsigned long flags; 67 struct lbs_private *priv = dev->ml_priv; 68 struct txpd *txpd; 69 char *p802x_hdr; 70 uint16_t pkt_len; 71 netdev_tx_t ret = NETDEV_TX_OK; 72 73 lbs_deb_enter(LBS_DEB_TX); 74 75 /* We need to protect against the queues being restarted before 76 we get round to stopping them */ 77 spin_lock_irqsave(&priv->driver_lock, flags); 78 79 if (priv->surpriseremoved) 80 goto free; 81 82 if (!skb->len || (skb->len > MRVDRV_ETH_TX_PACKET_BUFFER_SIZE)) { 83 lbs_deb_tx("tx err: skb length %d 0 or > %zd\n", 84 skb->len, MRVDRV_ETH_TX_PACKET_BUFFER_SIZE); 85 /* We'll never manage to send this one; drop it and return 'OK' */ 86 87 dev->stats.tx_dropped++; 88 dev->stats.tx_errors++; 89 goto free; 90 } 91 92 93 netif_stop_queue(priv->dev); 94 if (priv->mesh_dev) 95 netif_stop_queue(priv->mesh_dev); 96 97 if (priv->tx_pending_len) { 98 /* This can happen if packets come in on the mesh and eth 99 device simultaneously -- there's no mutual exclusion on 100 hard_start_xmit() calls between devices. */ 101 lbs_deb_tx("Packet on %s while busy\n", dev->name); 102 ret = NETDEV_TX_BUSY; 103 goto unlock; 104 } 105 106 priv->tx_pending_len = -1; 107 spin_unlock_irqrestore(&priv->driver_lock, flags); 108 109 lbs_deb_hex(LBS_DEB_TX, "TX Data", skb->data, min_t(unsigned int, skb->len, 100)); 110 111 txpd = (void *)priv->tx_pending_buf; 112 memset(txpd, 0, sizeof(struct txpd)); 113 114 p802x_hdr = skb->data; 115 pkt_len = skb->len; 116 117 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) { 118 struct tx_radiotap_hdr *rtap_hdr = (void *)skb->data; 119 120 /* set txpd fields from the radiotap header */ 121 txpd->tx_control = cpu_to_le32(convert_radiotap_rate_to_mv(rtap_hdr->rate)); 122 123 /* skip the radiotap header */ 124 p802x_hdr += sizeof(*rtap_hdr); 125 pkt_len -= sizeof(*rtap_hdr); 126 127 /* copy destination address from 802.11 header */ 128 memcpy(txpd->tx_dest_addr_high, p802x_hdr + 4, ETH_ALEN); 129 } else { 130 /* copy destination address from 802.3 header */ 131 memcpy(txpd->tx_dest_addr_high, p802x_hdr, ETH_ALEN); 132 } 133 134 txpd->tx_packet_length = cpu_to_le16(pkt_len); 135 txpd->tx_packet_location = cpu_to_le32(sizeof(struct txpd)); 136 137 lbs_mesh_set_txpd(priv, dev, txpd); 138 139 lbs_deb_hex(LBS_DEB_TX, "txpd", (u8 *) &txpd, sizeof(struct txpd)); 140 141 lbs_deb_hex(LBS_DEB_TX, "Tx Data", (u8 *) p802x_hdr, le16_to_cpu(txpd->tx_packet_length)); 142 143 memcpy(&txpd[1], p802x_hdr, le16_to_cpu(txpd->tx_packet_length)); 144 145 spin_lock_irqsave(&priv->driver_lock, flags); 146 priv->tx_pending_len = pkt_len + sizeof(struct txpd); 147 148 lbs_deb_tx("%s lined up packet\n", __func__); 149 150 dev->stats.tx_packets++; 151 dev->stats.tx_bytes += skb->len; 152 153 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) { 154 /* Keep the skb to echo it back once Tx feedback is 155 received from FW */ 156 skb_orphan(skb); 157 158 /* Keep the skb around for when we get feedback */ 159 priv->currenttxskb = skb; 160 } else { 161 free: 162 dev_kfree_skb_any(skb); 163 } 164 165 unlock: 166 spin_unlock_irqrestore(&priv->driver_lock, flags); 167 wake_up(&priv->waitq); 168 169 lbs_deb_leave_args(LBS_DEB_TX, "ret %d", ret); 170 return ret; 171 } 172 173 /** 174 * lbs_send_tx_feedback - sends to the host the last transmitted packet, 175 * filling the radiotap headers with transmission information. 176 * 177 * @priv: A pointer to &struct lbs_private structure 178 * @try_count: A 32-bit value containing transmission retry status. 179 * 180 * returns: void 181 */ 182 void lbs_send_tx_feedback(struct lbs_private *priv, u32 try_count) 183 { 184 struct tx_radiotap_hdr *radiotap_hdr; 185 186 if (priv->wdev->iftype != NL80211_IFTYPE_MONITOR || 187 priv->currenttxskb == NULL) 188 return; 189 190 radiotap_hdr = (struct tx_radiotap_hdr *)priv->currenttxskb->data; 191 192 radiotap_hdr->data_retries = try_count ? 193 (1 + priv->txretrycount - try_count) : 0; 194 195 priv->currenttxskb->protocol = eth_type_trans(priv->currenttxskb, 196 priv->dev); 197 netif_rx(priv->currenttxskb); 198 199 priv->currenttxskb = NULL; 200 201 if (priv->connect_status == LBS_CONNECTED) 202 netif_wake_queue(priv->dev); 203 204 if (priv->mesh_dev && netif_running(priv->mesh_dev)) 205 netif_wake_queue(priv->mesh_dev); 206 } 207 EXPORT_SYMBOL_GPL(lbs_send_tx_feedback);
1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 extern int ldv_state_variable_8; 53 extern int ldv_state_variable_15; 54 extern int ldv_timer_1_3; 55 extern struct timer_list * ldv_timer_list_2_0; 56 extern int ldv_timer_2_1; 57 extern int ldv_state_variable_0; 58 extern int ldv_state_variable_5; 59 extern int ldv_state_variable_13; 60 extern int ldv_state_variable_12; 61 extern struct device_attribute *dev_attr_protocol_id_group1; 62 extern struct timer_list * ldv_timer_list_3_1; 63 extern int ldv_state_variable_14; 64 extern struct device_attribute *dev_attr_capability_group1; 65 extern struct timer_list * ldv_timer_list_3_2; 66 extern int ldv_timer_2_2; 67 extern struct net_device *lbs_ethtool_ops_group0; 68 extern int ldv_timer_3_3; 69 extern int ldv_timer_2_3; 70 extern struct device_attribute *dev_attr_lbs_mesh_group1; 71 extern int ldv_timer_1_0; 72 extern int ldv_state_variable_17; 73 extern struct timer_list * ldv_timer_list_3_3; 74 extern int ldv_state_variable_9; 75 extern int ldv_timer_3_1; 76 extern int ref_cnt; 77 extern int ldv_state_variable_1; 78 extern int ldv_state_variable_7; 79 extern struct device_attribute *dev_attr_metric_id_group1; 80 extern struct net_device *lbs_netdev_ops_group1; 81 extern struct timer_list * ldv_timer_list_1_3; 82 extern struct net_device *lbs_cfg80211_ops_group0; 83 extern int ldv_state_variable_10; 84 extern struct timer_list * ldv_timer_list_1_1; 85 extern struct file *lbs_debug_fops_group2; 86 extern struct timer_list * ldv_timer_list_2_1; 87 extern struct wiphy *lbs_cfg80211_ops_group1; 88 extern struct timer_list * ldv_timer_list_1_0; 89 extern int ldv_state_variable_6; 90 extern int ldv_timer_1_2; 91 extern int ldv_state_variable_16; 92 extern struct device_attribute *dev_attr_channel_group1; 93 extern int ldv_timer_2_0; 94 extern int ldv_timer_1_1; 95 extern int ldv_state_variable_2; 96 extern struct timer_list * ldv_timer_list_1_2; 97 extern struct device_attribute *dev_attr_anycast_mask_group1; 98 extern int ldv_state_variable_11; 99 extern struct device_attribute *dev_attr_bootflag_group1; 100 extern int LDV_IN_INTERRUPT = 1; 101 extern int ldv_state_variable_18; 102 extern struct net_device *mesh_netdev_ops_group1; 103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1; 104 extern struct inode *lbs_debug_fops_group1; 105 extern int ldv_timer_3_2; 106 extern struct mutex fs_mutex; 107 extern int ldv_state_variable_3; 108 extern struct mutex ar_mutex; 109 extern struct timer_list * ldv_timer_list_2_3; 110 extern struct device_attribute *dev_attr_boottime_group1; 111 extern int ldv_timer_3_0; 112 extern struct timer_list * ldv_timer_list_3_0; 113 extern struct device_attribute *dev_attr_mesh_id_group1; 114 extern struct timer_list * ldv_timer_list_2_2; 115 extern int ldv_state_variable_4; 116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1; 117 extern void ldv_initialyze_cfg80211_ops_18(void); 118 extern int evil_hack_15(void); 119 extern void choose_timer_2(void); 120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag); 122 extern void choose_timer_3(void); 123 extern void timer_init_3(void); 124 extern void ldv_net_device_ops_4(void); 125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 126 extern void timer_init_2(void); 127 extern void timer_init_1(void); 128 extern void ldv_net_device_ops_15(void); 129 extern void disable_suitable_timer_3(struct timer_list * timer); 130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data); 131 extern int evil_hack_4(void); 132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 133 extern void disable_suitable_timer_2(struct timer_list * timer); 134 extern void disable_suitable_timer_1(struct timer_list * timer); 135 extern int evil_hack_fs_lock(void); 136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag); 138 extern int __VERIFIER_nondet_int(void); 139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 140 extern void ldv_file_operations_17(void); 141 extern void ldv_initialyze_ethtool_ops_16(void); 142 extern void choose_timer_1(void); 143 extern void ldv_timer_1(int state, struct timer_list * timer); 144 extern int evil_hack_ar_lock(void); 145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data); 146 extern void ldv_timer_2(int state, struct timer_list * timer); 147 extern void ldv_timer_3(int state, struct timer_list * timer); 148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/tx.c" 149 /* 150 * This file contains the handling of TX in wlan driver. 151 */ 152 #include <linux/hardirq.h> 153 #include <linux/netdevice.h> 154 #include <linux/etherdevice.h> 155 #include <linux/sched.h> 156 #include <linux/export.h> 157 #include <net/cfg80211.h> 158 159 #include "host.h" 160 #include "radiotap.h" 161 #include "decl.h" 162 #include "defs.h" 163 #include "dev.h" 164 #include "mesh.h" 165 166 /** 167 * convert_radiotap_rate_to_mv - converts Tx/Rx rates from IEEE80211_RADIOTAP_RATE 168 * units (500 Kb/s) into Marvell WLAN format (see Table 8 in Section 3.2.1) 169 * 170 * @rate: Input rate 171 * returns: Output Rate (0 if invalid) 172 */ 173 static u32 convert_radiotap_rate_to_mv(u8 rate) 174 { 175 switch (rate) { 176 case 2: /* 1 Mbps */ 177 return 0 | (1 << 4); 178 case 4: /* 2 Mbps */ 179 return 1 | (1 << 4); 180 case 11: /* 5.5 Mbps */ 181 return 2 | (1 << 4); 182 case 22: /* 11 Mbps */ 183 return 3 | (1 << 4); 184 case 12: /* 6 Mbps */ 185 return 4 | (1 << 4); 186 case 18: /* 9 Mbps */ 187 return 5 | (1 << 4); 188 case 24: /* 12 Mbps */ 189 return 6 | (1 << 4); 190 case 36: /* 18 Mbps */ 191 return 7 | (1 << 4); 192 case 48: /* 24 Mbps */ 193 return 8 | (1 << 4); 194 case 72: /* 36 Mbps */ 195 return 9 | (1 << 4); 196 case 96: /* 48 Mbps */ 197 return 10 | (1 << 4); 198 case 108: /* 54 Mbps */ 199 return 11 | (1 << 4); 200 } 201 return 0; 202 } 203 204 /** 205 * lbs_hard_start_xmit - checks the conditions and sends packet to IF 206 * layer if everything is ok 207 * 208 * @skb: A pointer to skb which includes TX packet 209 * @dev: A pointer to the &struct net_device 210 * returns: 0 or -1 211 */ 212 netdev_tx_t lbs_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) 213 { 214 unsigned long flags; 215 struct lbs_private *priv = dev->ml_priv; 216 struct txpd *txpd; 217 char *p802x_hdr; 218 uint16_t pkt_len; 219 netdev_tx_t ret = NETDEV_TX_OK; 220 221 lbs_deb_enter(LBS_DEB_TX); 222 223 /* We need to protect against the queues being restarted before 224 we get round to stopping them */ 225 spin_lock_irqsave(&priv->driver_lock, flags); 226 227 if (priv->surpriseremoved) 228 goto free; 229 230 if (!skb->len || (skb->len > MRVDRV_ETH_TX_PACKET_BUFFER_SIZE)) { 231 lbs_deb_tx("tx err: skb length %d 0 or > %zd\n", 232 skb->len, MRVDRV_ETH_TX_PACKET_BUFFER_SIZE); 233 /* We'll never manage to send this one; drop it and return 'OK' */ 234 235 dev->stats.tx_dropped++; 236 dev->stats.tx_errors++; 237 goto free; 238 } 239 240 241 netif_stop_queue(priv->dev); 242 if (priv->mesh_dev) 243 netif_stop_queue(priv->mesh_dev); 244 245 if (priv->tx_pending_len) { 246 /* This can happen if packets come in on the mesh and eth 247 device simultaneously -- there's no mutual exclusion on 248 hard_start_xmit() calls between devices. */ 249 lbs_deb_tx("Packet on %s while busy\n", dev->name); 250 ret = NETDEV_TX_BUSY; 251 goto unlock; 252 } 253 254 priv->tx_pending_len = -1; 255 spin_unlock_irqrestore(&priv->driver_lock, flags); 256 257 lbs_deb_hex(LBS_DEB_TX, "TX Data", skb->data, min_t(unsigned int, skb->len, 100)); 258 259 txpd = (void *)priv->tx_pending_buf; 260 memset(txpd, 0, sizeof(struct txpd)); 261 262 p802x_hdr = skb->data; 263 pkt_len = skb->len; 264 265 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) { 266 struct tx_radiotap_hdr *rtap_hdr = (void *)skb->data; 267 268 /* set txpd fields from the radiotap header */ 269 txpd->tx_control = cpu_to_le32(convert_radiotap_rate_to_mv(rtap_hdr->rate)); 270 271 /* skip the radiotap header */ 272 p802x_hdr += sizeof(*rtap_hdr); 273 pkt_len -= sizeof(*rtap_hdr); 274 275 /* copy destination address from 802.11 header */ 276 memcpy(txpd->tx_dest_addr_high, p802x_hdr + 4, ETH_ALEN); 277 } else { 278 /* copy destination address from 802.3 header */ 279 memcpy(txpd->tx_dest_addr_high, p802x_hdr, ETH_ALEN); 280 } 281 282 txpd->tx_packet_length = cpu_to_le16(pkt_len); 283 txpd->tx_packet_location = cpu_to_le32(sizeof(struct txpd)); 284 285 lbs_mesh_set_txpd(priv, dev, txpd); 286 287 lbs_deb_hex(LBS_DEB_TX, "txpd", (u8 *) &txpd, sizeof(struct txpd)); 288 289 lbs_deb_hex(LBS_DEB_TX, "Tx Data", (u8 *) p802x_hdr, le16_to_cpu(txpd->tx_packet_length)); 290 291 memcpy(&txpd[1], p802x_hdr, le16_to_cpu(txpd->tx_packet_length)); 292 293 spin_lock_irqsave(&priv->driver_lock, flags); 294 priv->tx_pending_len = pkt_len + sizeof(struct txpd); 295 296 lbs_deb_tx("%s lined up packet\n", __func__); 297 298 dev->stats.tx_packets++; 299 dev->stats.tx_bytes += skb->len; 300 301 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) { 302 /* Keep the skb to echo it back once Tx feedback is 303 received from FW */ 304 skb_orphan(skb); 305 306 /* Keep the skb around for when we get feedback */ 307 priv->currenttxskb = skb; 308 } else { 309 free: 310 dev_kfree_skb_any(skb); 311 } 312 313 unlock: 314 spin_unlock_irqrestore(&priv->driver_lock, flags); 315 wake_up(&priv->waitq); 316 317 lbs_deb_leave_args(LBS_DEB_TX, "ret %d", ret); 318 return ret; 319 } 320 321 /** 322 * lbs_send_tx_feedback - sends to the host the last transmitted packet, 323 * filling the radiotap headers with transmission information. 324 * 325 * @priv: A pointer to &struct lbs_private structure 326 * @try_count: A 32-bit value containing transmission retry status. 327 * 328 * returns: void 329 */ 330 void lbs_send_tx_feedback(struct lbs_private *priv, u32 try_count) 331 { 332 struct tx_radiotap_hdr *radiotap_hdr; 333 334 if (priv->wdev->iftype != NL80211_IFTYPE_MONITOR || 335 priv->currenttxskb == NULL) 336 return; 337 338 radiotap_hdr = (struct tx_radiotap_hdr *)priv->currenttxskb->data; 339 340 radiotap_hdr->data_retries = try_count ? 341 (1 + priv->txretrycount - try_count) : 0; 342 343 priv->currenttxskb->protocol = eth_type_trans(priv->currenttxskb, 344 priv->dev); 345 netif_rx(priv->currenttxskb); 346 347 priv->currenttxskb = NULL; 348 349 if (priv->connect_status == LBS_CONNECTED) 350 netif_wake_queue(priv->dev); 351 352 if (priv->mesh_dev && netif_running(priv->mesh_dev)) 353 netif_wake_queue(priv->mesh_dev); 354 } 355 EXPORT_SYMBOL_GPL(lbs_send_tx_feedback); 356 357 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/tx.o.c.prepared"
1 /* 2 * This header file contains global constant/enum definitions, 3 * global variable declaration. 4 */ 5 #ifndef _LBS_DEFS_H_ 6 #define _LBS_DEFS_H_ 7 8 #include <linux/spinlock.h> 9 10 #ifdef CONFIG_LIBERTAS_DEBUG 11 #define DEBUG 12 #define PROC_DEBUG 13 #endif 14 15 #ifndef DRV_NAME 16 #define DRV_NAME "libertas" 17 #endif 18 19 20 #define LBS_DEB_ENTER 0x00000001 21 #define LBS_DEB_LEAVE 0x00000002 22 #define LBS_DEB_MAIN 0x00000004 23 #define LBS_DEB_NET 0x00000008 24 #define LBS_DEB_MESH 0x00000010 25 #define LBS_DEB_WEXT 0x00000020 26 #define LBS_DEB_IOCTL 0x00000040 27 #define LBS_DEB_SCAN 0x00000080 28 #define LBS_DEB_ASSOC 0x00000100 29 #define LBS_DEB_JOIN 0x00000200 30 #define LBS_DEB_11D 0x00000400 31 #define LBS_DEB_DEBUGFS 0x00000800 32 #define LBS_DEB_ETHTOOL 0x00001000 33 #define LBS_DEB_HOST 0x00002000 34 #define LBS_DEB_CMD 0x00004000 35 #define LBS_DEB_RX 0x00008000 36 #define LBS_DEB_TX 0x00010000 37 #define LBS_DEB_USB 0x00020000 38 #define LBS_DEB_CS 0x00040000 39 #define LBS_DEB_FW 0x00080000 40 #define LBS_DEB_THREAD 0x00100000 41 #define LBS_DEB_HEX 0x00200000 42 #define LBS_DEB_SDIO 0x00400000 43 #define LBS_DEB_SYSFS 0x00800000 44 #define LBS_DEB_SPI 0x01000000 45 #define LBS_DEB_CFG80211 0x02000000 46 47 extern unsigned int lbs_debug; 48 49 #ifdef DEBUG 50 #define LBS_DEB_LL(grp, grpnam, fmt, args...) \ 51 do { if ((lbs_debug & (grp)) == (grp)) \ 52 printk(KERN_DEBUG DRV_NAME grpnam "%s: " fmt, \ 53 in_interrupt() ? " (INT)" : "", ## args); } while (0) 54 #else 55 #define LBS_DEB_LL(grp, grpnam, fmt, args...) do {} while (0) 56 #endif 57 58 #define lbs_deb_enter(grp) \ 59 LBS_DEB_LL(grp | LBS_DEB_ENTER, " enter", "%s()\n", __func__); 60 #define lbs_deb_enter_args(grp, fmt, args...) \ 61 LBS_DEB_LL(grp | LBS_DEB_ENTER, " enter", "%s(" fmt ")\n", __func__, ## args); 62 #define lbs_deb_leave(grp) \ 63 LBS_DEB_LL(grp | LBS_DEB_LEAVE, " leave", "%s()\n", __func__); 64 #define lbs_deb_leave_args(grp, fmt, args...) \ 65 LBS_DEB_LL(grp | LBS_DEB_LEAVE, " leave", "%s(), " fmt "\n", \ 66 __func__, ##args); 67 #define lbs_deb_main(fmt, args...) LBS_DEB_LL(LBS_DEB_MAIN, " main", fmt, ##args) 68 #define lbs_deb_net(fmt, args...) LBS_DEB_LL(LBS_DEB_NET, " net", fmt, ##args) 69 #define lbs_deb_mesh(fmt, args...) LBS_DEB_LL(LBS_DEB_MESH, " mesh", fmt, ##args) 70 #define lbs_deb_wext(fmt, args...) LBS_DEB_LL(LBS_DEB_WEXT, " wext", fmt, ##args) 71 #define lbs_deb_ioctl(fmt, args...) LBS_DEB_LL(LBS_DEB_IOCTL, " ioctl", fmt, ##args) 72 #define lbs_deb_scan(fmt, args...) LBS_DEB_LL(LBS_DEB_SCAN, " scan", fmt, ##args) 73 #define lbs_deb_assoc(fmt, args...) LBS_DEB_LL(LBS_DEB_ASSOC, " assoc", fmt, ##args) 74 #define lbs_deb_join(fmt, args...) LBS_DEB_LL(LBS_DEB_JOIN, " join", fmt, ##args) 75 #define lbs_deb_11d(fmt, args...) LBS_DEB_LL(LBS_DEB_11D, " 11d", fmt, ##args) 76 #define lbs_deb_debugfs(fmt, args...) LBS_DEB_LL(LBS_DEB_DEBUGFS, " debugfs", fmt, ##args) 77 #define lbs_deb_ethtool(fmt, args...) LBS_DEB_LL(LBS_DEB_ETHTOOL, " ethtool", fmt, ##args) 78 #define lbs_deb_host(fmt, args...) LBS_DEB_LL(LBS_DEB_HOST, " host", fmt, ##args) 79 #define lbs_deb_cmd(fmt, args...) LBS_DEB_LL(LBS_DEB_CMD, " cmd", fmt, ##args) 80 #define lbs_deb_rx(fmt, args...) LBS_DEB_LL(LBS_DEB_RX, " rx", fmt, ##args) 81 #define lbs_deb_tx(fmt, args...) LBS_DEB_LL(LBS_DEB_TX, " tx", fmt, ##args) 82 #define lbs_deb_fw(fmt, args...) LBS_DEB_LL(LBS_DEB_FW, " fw", fmt, ##args) 83 #define lbs_deb_usb(fmt, args...) LBS_DEB_LL(LBS_DEB_USB, " usb", fmt, ##args) 84 #define lbs_deb_usbd(dev, fmt, args...) LBS_DEB_LL(LBS_DEB_USB, " usbd", "%s:" fmt, dev_name(dev), ##args) 85 #define lbs_deb_cs(fmt, args...) LBS_DEB_LL(LBS_DEB_CS, " cs", fmt, ##args) 86 #define lbs_deb_thread(fmt, args...) LBS_DEB_LL(LBS_DEB_THREAD, " thread", fmt, ##args) 87 #define lbs_deb_sdio(fmt, args...) LBS_DEB_LL(LBS_DEB_SDIO, " sdio", fmt, ##args) 88 #define lbs_deb_sysfs(fmt, args...) LBS_DEB_LL(LBS_DEB_SYSFS, " sysfs", fmt, ##args) 89 #define lbs_deb_spi(fmt, args...) LBS_DEB_LL(LBS_DEB_SPI, " spi", fmt, ##args) 90 #define lbs_deb_cfg80211(fmt, args...) LBS_DEB_LL(LBS_DEB_CFG80211, " cfg80211", fmt, ##args) 91 92 #ifdef DEBUG 93 static inline void lbs_deb_hex(unsigned int grp, const char *prompt, 94 const u8 *buf, int len) 95 { 96 int i = 0; 97 98 if (len && 99 (lbs_debug & LBS_DEB_HEX) && 100 (lbs_debug & grp)) 101 { 102 for (i = 1; i <= len; i++) { 103 if ((i & 0xf) == 1) { 104 if (i != 1) 105 printk("\n"); 106 printk(DRV_NAME " %s: ", prompt); 107 } 108 printk("%02x ", (u8) * buf); 109 buf++; 110 } 111 printk("\n"); 112 } 113 } 114 #else 115 #define lbs_deb_hex(grp,prompt,buf,len) do {} while (0) 116 #endif 117 118 119 120 /* Buffer Constants */ 121 122 /* The size of SQ memory PPA, DPA are 8 DWORDs, that keep the physical 123 * addresses of TxPD buffers. Station has only 8 TxPD available, Whereas 124 * driver has more local TxPDs. Each TxPD on the host memory is associated 125 * with a Tx control node. The driver maintains 8 RxPD descriptors for 126 * station firmware to store Rx packet information. 127 * 128 * Current version of MAC has a 32x6 multicast address buffer. 129 * 130 * 802.11b can have up to 14 channels, the driver keeps the 131 * BSSID(MAC address) of each APs or Ad hoc stations it has sensed. 132 */ 133 134 #define MRVDRV_MAX_MULTICAST_LIST_SIZE 32 135 #define LBS_NUM_CMD_BUFFERS 10 136 #define LBS_CMD_BUFFER_SIZE (2 * 1024) 137 #define MRVDRV_MAX_CHANNEL_SIZE 14 138 #define MRVDRV_ASSOCIATION_TIME_OUT 255 139 #define MRVDRV_SNAP_HEADER_LEN 8 140 141 #define LBS_UPLD_SIZE 2312 142 #define DEV_NAME_LEN 32 143 144 /* Wake criteria for HOST_SLEEP_CFG command */ 145 #define EHS_WAKE_ON_BROADCAST_DATA 0x0001 146 #define EHS_WAKE_ON_UNICAST_DATA 0x0002 147 #define EHS_WAKE_ON_MAC_EVENT 0x0004 148 #define EHS_WAKE_ON_MULTICAST_DATA 0x0008 149 #define EHS_REMOVE_WAKEUP 0xFFFFFFFF 150 /* Wake rules for Host_Sleep_CFG command */ 151 #define WOL_RULE_NET_TYPE_INFRA_OR_IBSS 0x00 152 #define WOL_RULE_NET_TYPE_MESH 0x10 153 #define WOL_RULE_ADDR_TYPE_BCAST 0x01 154 #define WOL_RULE_ADDR_TYPE_MCAST 0x08 155 #define WOL_RULE_ADDR_TYPE_UCAST 0x02 156 #define WOL_RULE_OP_AND 0x01 157 #define WOL_RULE_OP_OR 0x02 158 #define WOL_RULE_OP_INVALID 0xFF 159 #define WOL_RESULT_VALID_CMD 0 160 #define WOL_RESULT_NOSPC_ERR 1 161 #define WOL_RESULT_EEXIST_ERR 2 162 163 /* Misc constants */ 164 /* This section defines 802.11 specific contants */ 165 166 #define MRVDRV_MAX_BSS_DESCRIPTS 16 167 #define MRVDRV_MAX_REGION_CODE 6 168 169 #define MRVDRV_DEFAULT_LISTEN_INTERVAL 10 170 171 #define MRVDRV_CHANNELS_PER_SCAN 4 172 #define MRVDRV_MAX_CHANNELS_PER_SCAN 14 173 174 #define MRVDRV_MIN_BEACON_INTERVAL 20 175 #define MRVDRV_MAX_BEACON_INTERVAL 1000 176 #define MRVDRV_BEACON_INTERVAL 100 177 178 #define MARVELL_MESH_IE_LENGTH 9 179 180 /* 181 * Values used to populate the struct mrvl_mesh_ie. The only time you need this 182 * is when enabling the mesh using CMD_MESH_CONFIG. 183 */ 184 #define MARVELL_MESH_IE_TYPE 4 185 #define MARVELL_MESH_IE_SUBTYPE 0 186 #define MARVELL_MESH_IE_VERSION 0 187 #define MARVELL_MESH_PROTO_ID_HWMP 0 188 #define MARVELL_MESH_METRIC_ID 0 189 #define MARVELL_MESH_CAPABILITY 0 190 191 /* INT status Bit Definition */ 192 #define MRVDRV_TX_DNLD_RDY 0x0001 193 #define MRVDRV_RX_UPLD_RDY 0x0002 194 #define MRVDRV_CMD_DNLD_RDY 0x0004 195 #define MRVDRV_CMD_UPLD_RDY 0x0008 196 #define MRVDRV_CARDEVENT 0x0010 197 198 /* Automatic TX control default levels */ 199 #define POW_ADAPT_DEFAULT_P0 13 200 #define POW_ADAPT_DEFAULT_P1 15 201 #define POW_ADAPT_DEFAULT_P2 18 202 #define TPC_DEFAULT_P0 5 203 #define TPC_DEFAULT_P1 10 204 #define TPC_DEFAULT_P2 13 205 206 /* TxPD status */ 207 208 /* 209 * Station firmware use TxPD status field to report final Tx transmit 210 * result, Bit masks are used to present combined situations. 211 */ 212 213 #define MRVDRV_TxPD_POWER_MGMT_NULL_PACKET 0x01 214 #define MRVDRV_TxPD_POWER_MGMT_LAST_PACKET 0x08 215 216 /* Tx mesh flag */ 217 /* 218 * Currently we are using normal WDS flag as mesh flag. 219 * TODO: change to proper mesh flag when MAC understands it. 220 */ 221 #define TxPD_CONTROL_WDS_FRAME (1<<17) 222 #define TxPD_MESH_FRAME TxPD_CONTROL_WDS_FRAME 223 224 /* Mesh interface ID */ 225 #define MESH_IFACE_ID 0x0001 226 /* Mesh id should be in bits 14-13-12 */ 227 #define MESH_IFACE_BIT_OFFSET 0x000c 228 /* Mesh enable bit in FW capability */ 229 #define MESH_CAPINFO_ENABLE_MASK (1<<16) 230 231 /* FW definition from Marvell v4 */ 232 #define MRVL_FW_V4 (0x04) 233 /* FW definition from Marvell v5 */ 234 #define MRVL_FW_V5 (0x05) 235 /* FW definition from Marvell v10 */ 236 #define MRVL_FW_V10 (0x0a) 237 /* FW major revision definition */ 238 #define MRVL_FW_MAJOR_REV(x) ((x)>>24) 239 240 /* RxPD status */ 241 242 #define MRVDRV_RXPD_STATUS_OK 0x0001 243 244 /* RxPD status - Received packet types */ 245 /* Rx mesh flag */ 246 /* 247 * Currently we are using normal WDS flag as mesh flag. 248 * TODO: change to proper mesh flag when MAC understands it. 249 */ 250 #define RxPD_CONTROL_WDS_FRAME (0x40) 251 #define RxPD_MESH_FRAME RxPD_CONTROL_WDS_FRAME 252 253 /* RSSI-related defines */ 254 /* 255 * RSSI constants are used to implement 802.11 RSSI threshold 256 * indication. if the Rx packet signal got too weak for 5 consecutive 257 * times, miniport driver (driver) will report this event to wrapper 258 */ 259 260 #define MRVDRV_NF_DEFAULT_SCAN_VALUE (-96) 261 262 /* RTS/FRAG related defines */ 263 #define MRVDRV_RTS_MIN_VALUE 0 264 #define MRVDRV_RTS_MAX_VALUE 2347 265 #define MRVDRV_FRAG_MIN_VALUE 256 266 #define MRVDRV_FRAG_MAX_VALUE 2346 267 268 /* This is for firmware specific length */ 269 #define EXTRA_LEN 36 270 271 #define MRVDRV_ETH_TX_PACKET_BUFFER_SIZE \ 272 (ETH_FRAME_LEN + sizeof(struct txpd) + EXTRA_LEN) 273 274 #define MRVDRV_ETH_RX_PACKET_BUFFER_SIZE \ 275 (ETH_FRAME_LEN + sizeof(struct rxpd) \ 276 + MRVDRV_SNAP_HEADER_LEN + EXTRA_LEN) 277 278 #define CMD_F_HOSTCMD (1 << 0) 279 #define FW_CAPINFO_WPA (1 << 0) 280 #define FW_CAPINFO_PS (1 << 1) 281 #define FW_CAPINFO_FIRMWARE_UPGRADE (1 << 13) 282 #define FW_CAPINFO_BOOT2_UPGRADE (1<<14) 283 #define FW_CAPINFO_PERSISTENT_CONFIG (1<<15) 284 285 #define KEY_LEN_WPA_AES 16 286 #define KEY_LEN_WPA_TKIP 32 287 #define KEY_LEN_WEP_104 13 288 #define KEY_LEN_WEP_40 5 289 290 #define RF_ANTENNA_1 0x1 291 #define RF_ANTENNA_2 0x2 292 #define RF_ANTENNA_AUTO 0xFFFF 293 294 #define BAND_B (0x01) 295 #define BAND_G (0x02) 296 #define ALL_802_11_BANDS (BAND_B | BAND_G) 297 298 #define MAX_RATES 14 299 300 #define MAX_LEDS 8 301 302 /* Global Variable Declaration */ 303 extern const char lbs_driver_version[]; 304 extern u16 lbs_region_code_to_index[MRVDRV_MAX_REGION_CODE]; 305 306 307 /* ENUM definition */ 308 /* SNRNF_TYPE */ 309 enum SNRNF_TYPE { 310 TYPE_BEACON = 0, 311 TYPE_RXPD, 312 MAX_TYPE_B 313 }; 314 315 /* SNRNF_DATA */ 316 enum SNRNF_DATA { 317 TYPE_NOAVG = 0, 318 TYPE_AVG, 319 MAX_TYPE_AVG 320 }; 321 322 /* LBS_802_11_POWER_MODE */ 323 enum LBS_802_11_POWER_MODE { 324 LBS802_11POWERMODECAM, 325 LBS802_11POWERMODEMAX_PSP, 326 LBS802_11POWERMODEFAST_PSP, 327 /* not a real mode, defined as an upper bound */ 328 LBS802_11POWEMODEMAX 329 }; 330 331 /* PS_STATE */ 332 enum PS_STATE { 333 PS_STATE_FULL_POWER, 334 PS_STATE_AWAKE, 335 PS_STATE_PRE_SLEEP, 336 PS_STATE_SLEEP 337 }; 338 339 /* DNLD_STATE */ 340 enum DNLD_STATE { 341 DNLD_RES_RECEIVED, 342 DNLD_DATA_SENT, 343 DNLD_CMD_SENT, 344 DNLD_BOOTCMD_SENT, 345 }; 346 347 /* LBS_MEDIA_STATE */ 348 enum LBS_MEDIA_STATE { 349 LBS_CONNECTED, 350 LBS_DISCONNECTED 351 }; 352 353 /* LBS_802_11_PRIVACY_FILTER */ 354 enum LBS_802_11_PRIVACY_FILTER { 355 LBS802_11PRIVFILTERACCEPTALL, 356 LBS802_11PRIVFILTER8021XWEP 357 }; 358 359 /* mv_ms_type */ 360 enum mv_ms_type { 361 MVMS_DAT = 0, 362 MVMS_CMD = 1, 363 MVMS_TXDONE = 2, 364 MVMS_EVENT 365 }; 366 367 /* KEY_TYPE_ID */ 368 enum KEY_TYPE_ID { 369 KEY_TYPE_ID_WEP = 0, 370 KEY_TYPE_ID_TKIP, 371 KEY_TYPE_ID_AES 372 }; 373 374 /* KEY_INFO_WPA (applies to both TKIP and AES/CCMP) */ 375 enum KEY_INFO_WPA { 376 KEY_INFO_WPA_MCAST = 0x01, 377 KEY_INFO_WPA_UNICAST = 0x02, 378 KEY_INFO_WPA_ENABLED = 0x04 379 }; 380 381 /* Default values for fwt commands. */ 382 #define FWT_DEFAULT_METRIC 0 383 #define FWT_DEFAULT_DIR 1 384 /* Default Rate, 11Mbps */ 385 #define FWT_DEFAULT_RATE 3 386 #define FWT_DEFAULT_SSN 0xffffffff 387 #define FWT_DEFAULT_DSN 0 388 #define FWT_DEFAULT_HOPCOUNT 0 389 #define FWT_DEFAULT_TTL 0 390 #define FWT_DEFAULT_EXPIRATION 0 391 #define FWT_DEFAULT_SLEEPMODE 0 392 #define FWT_DEFAULT_SNR 0 393 394 #endif
1 #ifndef _LDV_RCV_H_ 2 #define _LDV_RCV_H_ 3 4 /* If expr evaluates to zero, ldv_assert() causes a program to reach the error 5 label like the standard assert(). */ 6 #define ldv_assert(expr) ((expr) ? 0 : ldv_error()) 7 8 /* The error label wrapper. It is used because of some static verifiers (like 9 BLAST) don't accept multiple error labels through a program. */ 10 static inline void ldv_error(void) 11 { 12 LDV_ERROR: goto LDV_ERROR; 13 } 14 15 /* If expr evaluates to zero, ldv_assume() causes an infinite loop that is 16 avoided by verifiers. */ 17 #define ldv_assume(expr) ((expr) ? 0 : ldv_stop()) 18 19 /* Infinite loop, that causes verifiers to skip such paths. */ 20 static inline void ldv_stop(void) { 21 LDV_STOP: goto LDV_STOP; 22 } 23 24 /* Special nondeterministic functions. */ 25 int ldv_undef_int(void); 26 void *ldv_undef_ptr(void); 27 unsigned long ldv_undef_ulong(void); 28 long ldv_undef_long(void); 29 /* Return nondeterministic negative integer number. */ 30 static inline int ldv_undef_int_negative(void) 31 { 32 int ret = ldv_undef_int(); 33 34 ldv_assume(ret < 0); 35 36 return ret; 37 } 38 /* Return nondeterministic nonpositive integer number. */ 39 static inline int ldv_undef_int_nonpositive(void) 40 { 41 int ret = ldv_undef_int(); 42 43 ldv_assume(ret <= 0); 44 45 return ret; 46 } 47 48 /* Add explicit model for __builin_expect GCC function. Without the model a 49 return value will be treated as nondetermined by verifiers. */ 50 static inline long __builtin_expect(long exp, long c) 51 { 52 return exp; 53 } 54 55 /* This function causes the program to exit abnormally. GCC implements this 56 function by using a target-dependent mechanism (such as intentionally executing 57 an illegal instruction) or by calling abort. The mechanism used may vary from 58 release to release so you should not rely on any particular implementation. 59 http://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html */ 60 static inline void __builtin_trap(void) 61 { 62 ldv_assert(0); 63 } 64 65 /* The constant is for simulating an error of ldv_undef_ptr() function. */ 66 #define LDV_PTR_MAX 2012 67 68 #endif /* _LDV_RCV_H_ */

Here is an explanation of a rule violation arisen while checking your driver against a corresponding kernel.

Note that it may be false positive, i.e. there isn't a real error indeed. Please analyze a given error trace and related source code to understand whether there is an error in your driver.

Error trace column contains a path on which the given rule is violated. You can expand/collapse some entity classes by clicking on corresponding checkboxes in a main menu or in an advanced Others menu. Also you can expand/collapse each particular entity by clicking on +/-. In hovering on some entities you can see some tips. Also the error trace is bound with related source code. Line numbers may be shown as links on the left. You can click on them to open corresponding lines in source code.

Source code column contains a content of files related with the error trace. There is source code of your driver (note that there are some LDV modifications at the end), kernel headers and rule model. Tabs show a currently opened file and other available files. In hovering on them you can see full file names. On clicking a corresponding file content will be shown.

Kernel Module Rule Verifier Verdict Status Timestamp Bug report
linux-4.5-rc7 drivers/net/wireless/marvell/libertas/libertas.ko races CPAchecker Bug Fixed 2016-03-14 16:37:07 L0230

Comment

Is it possible dev->ml_priv = wiphy->priv? In this case the simultanious access to the same memory takes place.

[Home]