Bug
[В начало]
Ошибка # 113
Показать/спрятать трассу ошибок Error trace
/*Is true unsafe:*/ /*Number of usage points:2*/ /*Number of usages :2*/ /*Two examples:*/ /*_____________________*/ /*Without locks*/ { return ; } { /*_____________________*/ 649 struct sk_buff *ldvarg73; 650 int ldvarg74; 651 void *ldvarg72; 652 int tmp; 653 int tmp___0; 654 int tmp___1; 655 int tmp___2; 656 int tmp___3; 657 int tmp___4; 648 ldv_initialize() { /* Function call is skipped due to function is undefined */} 654 ldv_state_variable_11 = 0; 655 ldv_state_variable_7 = 0; 656 ldv_state_variable_17 = 0; 660 ldv_state_variable_2 = 1; 664 ldv_state_variable_1 = 1; 665 ldv_state_variable_18 = 0; 666 ref_cnt = 0; 667 ldv_state_variable_0 = 1; 668 ldv_state_variable_16 = 0; 669 ldv_state_variable_13 = 0; 670 ldv_state_variable_6 = 0; 674 ldv_state_variable_3 = 1; 675 ldv_state_variable_9 = 0; 676 ldv_state_variable_12 = 0; 677 ldv_state_variable_14 = 0; 678 ldv_state_variable_15 = 0; 679 ldv_state_variable_8 = 0; 680 ldv_state_variable_4 = 0; 681 ldv_state_variable_10 = 0; 682 ldv_state_variable_5 = 0; 683 ldv_53487:; 684 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */} 684 switch (tmp); { 161 struct station_info *ldvarg28; 162 u8 *ldvarg34; 163 unsigned short ldvarg19; 164 u8 *ldvarg22; 165 unsigned char ldvarg25; 166 unsigned char ldvarg21; 167 unsigned char ldvarg33; 168 struct cfg80211_chan_def *ldvarg30; 169 struct cfg80211_connect_params *ldvarg38; 170 u32 *ldvarg35; 171 struct cfg80211_scan_request *ldvarg27; 172 _Bool ldvarg26; 173 _Bool ldvarg24; 174 u8 *ldvarg29; 175 enum nl80211_iftype ldvarg36; 176 struct vif_params *ldvarg37; 177 struct ieee80211_channel *ldvarg23; 178 _Bool ldvarg20; 179 struct key_params *ldvarg31; 180 _Bool ldvarg32; 181 struct cfg80211_ibss_params *ldvarg18; 182 int tmp; 182 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */} 182 switch (tmp); { 2020 struct lbs_private *priv; 2021 void *tmp; 2022 struct cmd_ds_802_11_ad_hoc_stop cmd; 2023 int ret; 2024 int tmp___0; 2025 unsigned short __sz; 2026 int tmp___1; 2027 int tmp___2; { 3324 long tmp; 3324 assume(!(tmp != 0L)); 3325 return (void *)(&(wiphy->priv));; } 2020 priv = (struct lbs_private *)tmp; 2022 ret = 0; 2024 unsigned long __CPAchecker_TMP_0 = (unsigned long)(priv->mesh_dev); 2029 __memset((void *)(&cmd), 0, 8UL) { /* Function call is skipped due to function is undefined */} 2030 cmd.hdr.size = 8U; 2031 __sz = cmd.hdr.size; 2031 cmd.hdr.size = 8U; { 1689 struct cmd_ctrl_node *cmdnode; 1690 unsigned long flags; 1691 int ret; 1692 int tmp; 1693 long tmp___0; 1694 _Bool tmp___1; 1695 struct __wait_queue __wait; 1696 long __ret; 1697 long __int; 1698 long tmp___2; 1699 int tmp___3; 1692 ret = 0; { 1623 struct cmd_ctrl_node *cmdnode; 1624 int tmp; 1625 int tmp___0; 1626 void *tmp___1; 1627 int tmp___2; 1628 void *tmp___3; 1629 int tmp___4; 1630 void *tmp___5; 1631 int tmp___6; 1632 int tmp___7; 1627 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->surpriseremoved); { 1278 struct cmd_ctrl_node *tempnode; 1279 unsigned long flags; 1280 int tmp; 1281 const struct list_head *__mptr; 1282 int tmp___0; 1283 int tmp___1; 1284 int tmp___2; { /*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/ 590 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */} } { 200 union __anonunion___u_20 __u; { 218 switch (size); 219 assume(!(size == 1)); 219 assume(!(size == 2)); 219 assume(!(size == 4)); 219 assume(size == 8); 218 *((__u64 *)res) = *((__u64 *)p); 218 goto ldv_880; 220 return ;; } 200 return ((unsigned long)((const struct list_head *)(__u.__val))) == ((unsigned long)head);; } 1289 __mptr = (const struct list_head *)(priv->cmdfreeq.next); 1289 tempnode = (struct cmd_ctrl_node *)__mptr; { 156 __list_del_entry(entry) { /* Function call is skipped due to function is undefined */} { 27 union __anonunion___u_16___0 __u; 27 __u.__val = list; { 243 switch (size); 244 assume(!(size == 1)); 245 assume(!(size == 2)); 246 assume(!(size == 4)); 247 assume(size == 8); 247 *((__u64 *)p) = *((__u64 *)res); 247 goto ldv_902; 254 return ;; } 28 list->prev = list; 29 return ;; } 158 return ;; } { }/*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/ 537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */} } 1654 cmdnode->callback = callback; 1655 cmdnode->callback_arg = callback_arg; 1658 void *__CPAchecker_TMP_5 = (void *)(cmdnode->cmdbuf); 1658 __memcpy(__CPAchecker_TMP_5, (const void *)in_cmd, (size_t )in_cmd_size) { /* Function call is skipped due to function is undefined */} 1661 cmdnode->cmdbuf->command = command; 1662 cmdnode->cmdbuf->size = (unsigned short)in_cmd_size; 1663 cmdnode->cmdbuf->result = 0U; 1667 cmdnode->cmdwaitqwoken = 0U; { 942 unsigned long flags; 943 int addtail; 944 int tmp; 945 int tmp___0; 946 int tmp___1; 947 struct cmd_ds_802_11_ps_mode *psm; 948 int tmp___2; 949 int tmp___3; 944 addtail = 1; 952 unsigned int __CPAchecker_TMP_2 = (unsigned int)(cmdnode->cmdbuf->size); 956 cmdnode->result = 0; 959 unsigned int __CPAchecker_TMP_4 = (unsigned int)(cmdnode->cmdbuf->command); 960 psm = (struct cmd_ds_802_11_ps_mode *)(&(cmdnode->cmdbuf)); 962 unsigned int __CPAchecker_TMP_5 = (unsigned int)(psm->action); 964 addtail = 0; 968 unsigned int __CPAchecker_TMP_6 = (unsigned int)(cmdnode->cmdbuf->command); { /*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/ 531 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */} } { 63 __list_add(new, head, head->next) { /* Function call is skipped due to function is undefined */} 64 return ;; } { /*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/ 537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */} } 986 done:; } 1669 __wake_up(&(priv->waitq), 3U, 1, (void *)0) { /* Function call is skipped due to function is undefined */} 1670 done:; } { 35 long tmp; 35 return tmp != 0L;; } { 30 return (long)ptr;; } 1699 ret = (int)tmp___0; 1700 goto done; } 2031 ret = tmp___1; { 29 int tmp; 30 int tmp___0; 31 int tmp___1; 39 msleep_interruptible(1000U) { /* Function call is skipped due to function is undefined */} 41 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->wdev->iftype); { 2778 struct netdev_queue *tmp; { 1886 struct netdev_queue *__CPAchecker_TMP_0 = (struct netdev_queue *)(dev->_tx); 1886 return __CPAchecker_TMP_0 + ((unsigned long)index);; } { { 80 Ignored inline assembler code 82 return ;; } 2767 return ;; } 2779 return ;; } 46 netif_carrier_off(priv->dev) { /* Function call is skipped due to function is undefined */} 49 kfree_skb(priv->currenttxskb) { /* Function call is skipped due to function is undefined */} 50 priv->currenttxskb = (struct sk_buff *)0; 51 priv->tx_pending_len = 0; 53 priv->connect_status = 1U; return ;; } return ;; } return ;; } return ;; }/*spin_lock(char *"_driver_lock_of_lbs_private")[1]*/ /*Failure in refinement*/ { return ; } { 649 struct sk_buff *ldvarg73; 650 int ldvarg74; 651 void *ldvarg72; 652 int tmp; 653 int tmp___0; 654 int tmp___1; 655 int tmp___2; 656 int tmp___3; 657 int tmp___4; 648 ldv_initialize() { /* Function call is skipped due to function is undefined */} 654 ldv_state_variable_11 = 0; 655 ldv_state_variable_7 = 0; 656 ldv_state_variable_17 = 0; 660 ldv_state_variable_2 = 1; 664 ldv_state_variable_1 = 1; 665 ldv_state_variable_18 = 0; 666 ref_cnt = 0; 667 ldv_state_variable_0 = 1; 668 ldv_state_variable_16 = 0; 669 ldv_state_variable_13 = 0; 670 ldv_state_variable_6 = 0; 674 ldv_state_variable_3 = 1; 675 ldv_state_variable_9 = 0; 676 ldv_state_variable_12 = 0; 677 ldv_state_variable_14 = 0; 678 ldv_state_variable_15 = 0; 679 ldv_state_variable_8 = 0; 680 ldv_state_variable_4 = 0; 681 ldv_state_variable_10 = 0; 682 ldv_state_variable_5 = 0; 683 ldv_53487:; 684 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */} 684 switch (tmp); { 392 void *ldvarg80; 393 struct sk_buff *ldvarg81; 394 int tmp; 395 int tmp___0; 396 int tmp___1; 397 int tmp___2; 394 tmp = __VERIFIER_nondet_int() { /* Function call is skipped due to function is undefined */} 394 switch (tmp); { 66 unsigned long flags; 67 struct lbs_private *priv; 68 struct txpd *txpd; 69 char *p802x_hdr; 70 unsigned short pkt_len; 71 enum netdev_tx ret; 72 int tmp; 73 int tmp___0; 74 int tmp___1; 75 unsigned int __min1; 76 unsigned int __min2; 77 struct tx_radiotap_hdr *rtap_hdr; 78 int tmp___2; 79 int tmp___3; 67 priv = (struct lbs_private *)(dev->__annonCompField102.ml_priv); 71 ret = 0; { /*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/ 531 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */} } 79 unsigned int __CPAchecker_TMP_1 = (unsigned int)(priv->surpriseremoved); { 2778 struct netdev_queue *tmp; { 1886 struct netdev_queue *__CPAchecker_TMP_0 = (struct netdev_queue *)(dev->_tx); 1886 return __CPAchecker_TMP_0 + ((unsigned long)index);; } { { 80 Ignored inline assembler code 82 return ;; } 2767 return ;; } 2779 return ;; } 94 unsigned long __CPAchecker_TMP_3 = (unsigned long)(priv->mesh_dev); 106 priv->tx_pending_len = -1; { /*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/ 537 ldv_spin_unlock(lock, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */} } 109 __min1 = skb->len; 109 __min2 = 100U; 109 u8 *__CPAchecker_TMP_5 = (u8 *)(skb->data); 109 unsigned int __CPAchecker_TMP_6; 109 __CPAchecker_TMP_6 = __min2; 111 txpd = (struct txpd *)(&(priv->tx_pending_buf)); 112 __memset((void *)txpd, 0, 24UL) { /* Function call is skipped due to function is undefined */} 114 char *__CPAchecker_TMP_7 = (char *)(skb->data); 114 p802x_hdr = __CPAchecker_TMP_7; 115 uint16_t __CPAchecker_TMP_8 = (uint16_t )(skb->len); 115 pkt_len = __CPAchecker_TMP_8; 117 unsigned int __CPAchecker_TMP_9 = (unsigned int)(priv->wdev->iftype); 118 struct tx_radiotap_hdr *__CPAchecker_TMP_10 = (struct tx_radiotap_hdr *)(skb->data); 118 rtap_hdr = __CPAchecker_TMP_10; 121 int __CPAchecker_TMP_11 = (int)(rtap_hdr->rate); 124 p802x_hdr = p802x_hdr + 12UL; 125 pkt_len = ((unsigned int)pkt_len) - 12U; 128 __memcpy((void *)(&(txpd->tx_dest_addr_high)), ((const void *)p802x_hdr) + 4U, 6UL) { /* Function call is skipped due to function is undefined */} 134 txpd->tx_packet_length = pkt_len; 135 txpd->tx_packet_location = 24U; 141 int __CPAchecker_TMP_12 = (int)(txpd->tx_packet_length); 143 size_t __CPAchecker_TMP_13 = (size_t )(txpd->tx_packet_length); 143 __memcpy(((void *)txpd) + 1U, (const void *)p802x_hdr, __CPAchecker_TMP_13) { /* Function call is skipped due to function is undefined */} { /*Change states for locks spin_lock(char *"_driver_lock_of_lbs_private")*/ 543 ldv_spin_lock(ldv_func_arg1, (char *)"_driver_lock_of_lbs_private") { /* Function call is skipped due to function is undefined */} } 146 priv->tx_pending_len = (int)(((unsigned int)pkt_len) + 24U); 150 dev->stats.tx_packets = (dev->stats.tx_packets) + 1UL; 151 unsigned long __CPAchecker_TMP_15 = (unsigned long)(skb->len); 151 dev->stats.tx_bytes = (dev->stats.tx_bytes) + __CPAchecker_TMP_15; 153 unsigned int __CPAchecker_TMP_16 = (unsigned int)(priv->wdev->iftype); { 2295 long tmp; 2295 unsigned long __CPAchecker_TMP_0 = (unsigned long)(skb->destructor); 2295 assume(!(__CPAchecker_TMP_0 != ((unsigned long)((void (*)(struct sk_buff *))0)))); 2300 unsigned long __CPAchecker_TMP_1 = (unsigned long)(skb->sk); 2300 assume(!(tmp != 0L)); 2302 return ;; } 159 priv->currenttxskb = skb; return ;; } return ;; } return ;; } | Source code
1 /*
2 * Implement cfg80211 ("iw") support.
3 *
4 * Copyright (C) 2009 M&N Solutions GmbH, 61191 Rosbach, Germany
5 * Holger Schurig <hs4233@mail.mn-solutions.de>
6 *
7 */
8
9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10
11 #include <linux/hardirq.h>
12 #include <linux/sched.h>
13 #include <linux/wait.h>
14 #include <linux/slab.h>
15 #include <linux/ieee80211.h>
16 #include <net/cfg80211.h>
17 #include <asm/unaligned.h>
18
19 #include "decl.h"
20 #include "cfg.h"
21 #include "cmd.h"
22 #include "mesh.h"
23
24
25 #define CHAN2G(_channel, _freq, _flags) { \
26 .band = IEEE80211_BAND_2GHZ, \
27 .center_freq = (_freq), \
28 .hw_value = (_channel), \
29 .flags = (_flags), \
30 .max_antenna_gain = 0, \
31 .max_power = 30, \
32 }
33
34 static struct ieee80211_channel lbs_2ghz_channels[] = {
35 CHAN2G(1, 2412, 0),
36 CHAN2G(2, 2417, 0),
37 CHAN2G(3, 2422, 0),
38 CHAN2G(4, 2427, 0),
39 CHAN2G(5, 2432, 0),
40 CHAN2G(6, 2437, 0),
41 CHAN2G(7, 2442, 0),
42 CHAN2G(8, 2447, 0),
43 CHAN2G(9, 2452, 0),
44 CHAN2G(10, 2457, 0),
45 CHAN2G(11, 2462, 0),
46 CHAN2G(12, 2467, 0),
47 CHAN2G(13, 2472, 0),
48 CHAN2G(14, 2484, 0),
49 };
50
51 #define RATETAB_ENT(_rate, _hw_value, _flags) { \
52 .bitrate = (_rate), \
53 .hw_value = (_hw_value), \
54 .flags = (_flags), \
55 }
56
57
58 /* Table 6 in section 3.2.1.1 */
59 static struct ieee80211_rate lbs_rates[] = {
60 RATETAB_ENT(10, 0, 0),
61 RATETAB_ENT(20, 1, 0),
62 RATETAB_ENT(55, 2, 0),
63 RATETAB_ENT(110, 3, 0),
64 RATETAB_ENT(60, 9, 0),
65 RATETAB_ENT(90, 6, 0),
66 RATETAB_ENT(120, 7, 0),
67 RATETAB_ENT(180, 8, 0),
68 RATETAB_ENT(240, 9, 0),
69 RATETAB_ENT(360, 10, 0),
70 RATETAB_ENT(480, 11, 0),
71 RATETAB_ENT(540, 12, 0),
72 };
73
74 static struct ieee80211_supported_band lbs_band_2ghz = {
75 .channels = lbs_2ghz_channels,
76 .n_channels = ARRAY_SIZE(lbs_2ghz_channels),
77 .bitrates = lbs_rates,
78 .n_bitrates = ARRAY_SIZE(lbs_rates),
79 };
80
81
82 static const u32 cipher_suites[] = {
83 WLAN_CIPHER_SUITE_WEP40,
84 WLAN_CIPHER_SUITE_WEP104,
85 WLAN_CIPHER_SUITE_TKIP,
86 WLAN_CIPHER_SUITE_CCMP,
87 };
88
89 /* Time to stay on the channel */
90 #define LBS_DWELL_PASSIVE 100
91 #define LBS_DWELL_ACTIVE 40
92
93
94 /***************************************************************************
95 * Misc utility functions
96 *
97 * TLVs are Marvell specific. They are very similar to IEs, they have the
98 * same structure: type, length, data*. The only difference: for IEs, the
99 * type and length are u8, but for TLVs they're __le16.
100 */
101
102 /*
103 * Convert NL80211's auth_type to the one from Libertas, see chapter 5.9.1
104 * in the firmware spec
105 */
106 static int lbs_auth_to_authtype(enum nl80211_auth_type auth_type)
107 {
108 int ret = -ENOTSUPP;
109
110 switch (auth_type) {
111 case NL80211_AUTHTYPE_OPEN_SYSTEM:
112 case NL80211_AUTHTYPE_SHARED_KEY:
113 ret = auth_type;
114 break;
115 case NL80211_AUTHTYPE_AUTOMATIC:
116 ret = NL80211_AUTHTYPE_OPEN_SYSTEM;
117 break;
118 case NL80211_AUTHTYPE_NETWORK_EAP:
119 ret = 0x80;
120 break;
121 default:
122 /* silence compiler */
123 break;
124 }
125 return ret;
126 }
127
128
129 /*
130 * Various firmware commands need the list of supported rates, but with
131 * the hight-bit set for basic rates
132 */
133 static int lbs_add_rates(u8 *rates)
134 {
135 size_t i;
136
137 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) {
138 u8 rate = lbs_rates[i].bitrate / 5;
139 if (rate == 0x02 || rate == 0x04 ||
140 rate == 0x0b || rate == 0x16)
141 rate |= 0x80;
142 rates[i] = rate;
143 }
144 return ARRAY_SIZE(lbs_rates);
145 }
146
147
148 /***************************************************************************
149 * TLV utility functions
150 *
151 * TLVs are Marvell specific. They are very similar to IEs, they have the
152 * same structure: type, length, data*. The only difference: for IEs, the
153 * type and length are u8, but for TLVs they're __le16.
154 */
155
156
157 /*
158 * Add ssid TLV
159 */
160 #define LBS_MAX_SSID_TLV_SIZE \
161 (sizeof(struct mrvl_ie_header) \
162 + IEEE80211_MAX_SSID_LEN)
163
164 static int lbs_add_ssid_tlv(u8 *tlv, const u8 *ssid, int ssid_len)
165 {
166 struct mrvl_ie_ssid_param_set *ssid_tlv = (void *)tlv;
167
168 /*
169 * TLV-ID SSID 00 00
170 * length 06 00
171 * ssid 4d 4e 54 45 53 54
172 */
173 ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID);
174 ssid_tlv->header.len = cpu_to_le16(ssid_len);
175 memcpy(ssid_tlv->ssid, ssid, ssid_len);
176 return sizeof(ssid_tlv->header) + ssid_len;
177 }
178
179
180 /*
181 * Add channel list TLV (section 8.4.2)
182 *
183 * Actual channel data comes from priv->wdev->wiphy->channels.
184 */
185 #define LBS_MAX_CHANNEL_LIST_TLV_SIZE \
186 (sizeof(struct mrvl_ie_header) \
187 + (LBS_SCAN_BEFORE_NAP * sizeof(struct chanscanparamset)))
188
189 static int lbs_add_channel_list_tlv(struct lbs_private *priv, u8 *tlv,
190 int last_channel, int active_scan)
191 {
192 int chanscanparamsize = sizeof(struct chanscanparamset) *
193 (last_channel - priv->scan_channel);
194
195 struct mrvl_ie_header *header = (void *) tlv;
196
197 /*
198 * TLV-ID CHANLIST 01 01
199 * length 0e 00
200 * channel 00 01 00 00 00 64 00
201 * radio type 00
202 * channel 01
203 * scan type 00
204 * min scan time 00 00
205 * max scan time 64 00
206 * channel 2 00 02 00 00 00 64 00
207 *
208 */
209
210 header->type = cpu_to_le16(TLV_TYPE_CHANLIST);
211 header->len = cpu_to_le16(chanscanparamsize);
212 tlv += sizeof(struct mrvl_ie_header);
213
214 /* lbs_deb_scan("scan: channels %d to %d\n", priv->scan_channel,
215 last_channel); */
216 memset(tlv, 0, chanscanparamsize);
217
218 while (priv->scan_channel < last_channel) {
219 struct chanscanparamset *param = (void *) tlv;
220
221 param->radiotype = CMD_SCAN_RADIO_TYPE_BG;
222 param->channumber =
223 priv->scan_req->channels[priv->scan_channel]->hw_value;
224 if (active_scan) {
225 param->maxscantime = cpu_to_le16(LBS_DWELL_ACTIVE);
226 } else {
227 param->chanscanmode.passivescan = 1;
228 param->maxscantime = cpu_to_le16(LBS_DWELL_PASSIVE);
229 }
230 tlv += sizeof(struct chanscanparamset);
231 priv->scan_channel++;
232 }
233 return sizeof(struct mrvl_ie_header) + chanscanparamsize;
234 }
235
236
237 /*
238 * Add rates TLV
239 *
240 * The rates are in lbs_bg_rates[], but for the 802.11b
241 * rates the high bit is set. We add this TLV only because
242 * there's a firmware which otherwise doesn't report all
243 * APs in range.
244 */
245 #define LBS_MAX_RATES_TLV_SIZE \
246 (sizeof(struct mrvl_ie_header) \
247 + (ARRAY_SIZE(lbs_rates)))
248
249 /* Adds a TLV with all rates the hardware supports */
250 static int lbs_add_supported_rates_tlv(u8 *tlv)
251 {
252 size_t i;
253 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv;
254
255 /*
256 * TLV-ID RATES 01 00
257 * length 0e 00
258 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c
259 */
260 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES);
261 tlv += sizeof(rate_tlv->header);
262 i = lbs_add_rates(tlv);
263 tlv += i;
264 rate_tlv->header.len = cpu_to_le16(i);
265 return sizeof(rate_tlv->header) + i;
266 }
267
268 /* Add common rates from a TLV and return the new end of the TLV */
269 static u8 *
270 add_ie_rates(u8 *tlv, const u8 *ie, int *nrates)
271 {
272 int hw, ap, ap_max = ie[1];
273 u8 hw_rate;
274
275 /* Advance past IE header */
276 ie += 2;
277
278 lbs_deb_hex(LBS_DEB_ASSOC, "AP IE Rates", (u8 *) ie, ap_max);
279
280 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) {
281 hw_rate = lbs_rates[hw].bitrate / 5;
282 for (ap = 0; ap < ap_max; ap++) {
283 if (hw_rate == (ie[ap] & 0x7f)) {
284 *tlv++ = ie[ap];
285 *nrates = *nrates + 1;
286 }
287 }
288 }
289 return tlv;
290 }
291
292 /*
293 * Adds a TLV with all rates the hardware *and* BSS supports.
294 */
295 static int lbs_add_common_rates_tlv(u8 *tlv, struct cfg80211_bss *bss)
296 {
297 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv;
298 const u8 *rates_eid, *ext_rates_eid;
299 int n = 0;
300
301 rcu_read_lock();
302 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
303 ext_rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
304
305 /*
306 * 01 00 TLV_TYPE_RATES
307 * 04 00 len
308 * 82 84 8b 96 rates
309 */
310 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES);
311 tlv += sizeof(rate_tlv->header);
312
313 /* Add basic rates */
314 if (rates_eid) {
315 tlv = add_ie_rates(tlv, rates_eid, &n);
316
317 /* Add extended rates, if any */
318 if (ext_rates_eid)
319 tlv = add_ie_rates(tlv, ext_rates_eid, &n);
320 } else {
321 lbs_deb_assoc("assoc: bss had no basic rate IE\n");
322 /* Fallback: add basic 802.11b rates */
323 *tlv++ = 0x82;
324 *tlv++ = 0x84;
325 *tlv++ = 0x8b;
326 *tlv++ = 0x96;
327 n = 4;
328 }
329 rcu_read_unlock();
330
331 rate_tlv->header.len = cpu_to_le16(n);
332 return sizeof(rate_tlv->header) + n;
333 }
334
335
336 /*
337 * Add auth type TLV.
338 *
339 * This is only needed for newer firmware (V9 and up).
340 */
341 #define LBS_MAX_AUTH_TYPE_TLV_SIZE \
342 sizeof(struct mrvl_ie_auth_type)
343
344 static int lbs_add_auth_type_tlv(u8 *tlv, enum nl80211_auth_type auth_type)
345 {
346 struct mrvl_ie_auth_type *auth = (void *) tlv;
347
348 /*
349 * 1f 01 TLV_TYPE_AUTH_TYPE
350 * 01 00 len
351 * 01 auth type
352 */
353 auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE);
354 auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header));
355 auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type));
356 return sizeof(*auth);
357 }
358
359
360 /*
361 * Add channel (phy ds) TLV
362 */
363 #define LBS_MAX_CHANNEL_TLV_SIZE \
364 sizeof(struct mrvl_ie_header)
365
366 static int lbs_add_channel_tlv(u8 *tlv, u8 channel)
367 {
368 struct mrvl_ie_ds_param_set *ds = (void *) tlv;
369
370 /*
371 * 03 00 TLV_TYPE_PHY_DS
372 * 01 00 len
373 * 06 channel
374 */
375 ds->header.type = cpu_to_le16(TLV_TYPE_PHY_DS);
376 ds->header.len = cpu_to_le16(sizeof(*ds)-sizeof(ds->header));
377 ds->channel = channel;
378 return sizeof(*ds);
379 }
380
381
382 /*
383 * Add (empty) CF param TLV of the form:
384 */
385 #define LBS_MAX_CF_PARAM_TLV_SIZE \
386 sizeof(struct mrvl_ie_header)
387
388 static int lbs_add_cf_param_tlv(u8 *tlv)
389 {
390 struct mrvl_ie_cf_param_set *cf = (void *)tlv;
391
392 /*
393 * 04 00 TLV_TYPE_CF
394 * 06 00 len
395 * 00 cfpcnt
396 * 00 cfpperiod
397 * 00 00 cfpmaxduration
398 * 00 00 cfpdurationremaining
399 */
400 cf->header.type = cpu_to_le16(TLV_TYPE_CF);
401 cf->header.len = cpu_to_le16(sizeof(*cf)-sizeof(cf->header));
402 return sizeof(*cf);
403 }
404
405 /*
406 * Add WPA TLV
407 */
408 #define LBS_MAX_WPA_TLV_SIZE \
409 (sizeof(struct mrvl_ie_header) \
410 + 128 /* TODO: I guessed the size */)
411
412 static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len)
413 {
414 size_t tlv_len;
415
416 /*
417 * We need just convert an IE to an TLV. IEs use u8 for the header,
418 * u8 type
419 * u8 len
420 * u8[] data
421 * but TLVs use __le16 instead:
422 * __le16 type
423 * __le16 len
424 * u8[] data
425 */
426 *tlv++ = *ie++;
427 *tlv++ = 0;
428 tlv_len = *tlv++ = *ie++;
429 *tlv++ = 0;
430 while (tlv_len--)
431 *tlv++ = *ie++;
432 /* the TLV is two bytes larger than the IE */
433 return ie_len + 2;
434 }
435
436 /*
437 * Set Channel
438 */
439
440 static int lbs_cfg_set_monitor_channel(struct wiphy *wiphy,
441 struct cfg80211_chan_def *chandef)
442 {
443 struct lbs_private *priv = wiphy_priv(wiphy);
444 int ret = -ENOTSUPP;
445
446 lbs_deb_enter_args(LBS_DEB_CFG80211, "freq %d, type %d",
447 chandef->chan->center_freq,
448 cfg80211_get_chandef_type(chandef));
449
450 if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT)
451 goto out;
452
453 ret = lbs_set_channel(priv, chandef->chan->hw_value);
454
455 out:
456 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
457 return ret;
458 }
459
460 static int lbs_cfg_set_mesh_channel(struct wiphy *wiphy,
461 struct net_device *netdev,
462 struct ieee80211_channel *channel)
463 {
464 struct lbs_private *priv = wiphy_priv(wiphy);
465 int ret = -ENOTSUPP;
466
467 lbs_deb_enter_args(LBS_DEB_CFG80211, "iface %s freq %d",
468 netdev_name(netdev), channel->center_freq);
469
470 if (netdev != priv->mesh_dev)
471 goto out;
472
473 ret = lbs_mesh_set_channel(priv, channel->hw_value);
474
475 out:
476 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
477 return ret;
478 }
479
480
481
482 /*
483 * Scanning
484 */
485
486 /*
487 * When scanning, the firmware doesn't send a nul packet with the power-safe
488 * bit to the AP. So we cannot stay away from our current channel too long,
489 * otherwise we loose data. So take a "nap" while scanning every other
490 * while.
491 */
492 #define LBS_SCAN_BEFORE_NAP 4
493
494
495 /*
496 * When the firmware reports back a scan-result, it gives us an "u8 rssi",
497 * which isn't really an RSSI, as it becomes larger when moving away from
498 * the AP. Anyway, we need to convert that into mBm.
499 */
500 #define LBS_SCAN_RSSI_TO_MBM(rssi) \
501 ((-(int)rssi + 3)*100)
502
503 static int lbs_ret_scan(struct lbs_private *priv, unsigned long dummy,
504 struct cmd_header *resp)
505 {
506 struct cfg80211_bss *bss;
507 struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp;
508 int bsssize;
509 const u8 *pos;
510 const u8 *tsfdesc;
511 int tsfsize;
512 int i;
513 int ret = -EILSEQ;
514
515 lbs_deb_enter(LBS_DEB_CFG80211);
516
517 bsssize = get_unaligned_le16(&scanresp->bssdescriptsize);
518
519 lbs_deb_scan("scan response: %d BSSs (%d bytes); resp size %d bytes\n",
520 scanresp->nr_sets, bsssize, le16_to_cpu(resp->size));
521
522 if (scanresp->nr_sets == 0) {
523 ret = 0;
524 goto done;
525 }
526
527 /*
528 * The general layout of the scan response is described in chapter
529 * 5.7.1. Basically we have a common part, then any number of BSS
530 * descriptor sections. Finally we have section with the same number
531 * of TSFs.
532 *
533 * cmd_ds_802_11_scan_rsp
534 * cmd_header
535 * pos_size
536 * nr_sets
537 * bssdesc 1
538 * bssid
539 * rssi
540 * timestamp
541 * intvl
542 * capa
543 * IEs
544 * bssdesc 2
545 * bssdesc n
546 * MrvlIEtypes_TsfFimestamp_t
547 * TSF for BSS 1
548 * TSF for BSS 2
549 * TSF for BSS n
550 */
551
552 pos = scanresp->bssdesc_and_tlvbuffer;
553
554 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_RSP", scanresp->bssdesc_and_tlvbuffer,
555 scanresp->bssdescriptsize);
556
557 tsfdesc = pos + bsssize;
558 tsfsize = 4 + 8 * scanresp->nr_sets;
559 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TSF", (u8 *) tsfdesc, tsfsize);
560
561 /* Validity check: we expect a Marvell-Local TLV */
562 i = get_unaligned_le16(tsfdesc);
563 tsfdesc += 2;
564 if (i != TLV_TYPE_TSFTIMESTAMP) {
565 lbs_deb_scan("scan response: invalid TSF Timestamp %d\n", i);
566 goto done;
567 }
568
569 /*
570 * Validity check: the TLV holds TSF values with 8 bytes each, so
571 * the size in the TLV must match the nr_sets value
572 */
573 i = get_unaligned_le16(tsfdesc);
574 tsfdesc += 2;
575 if (i / 8 != scanresp->nr_sets) {
576 lbs_deb_scan("scan response: invalid number of TSF timestamp "
577 "sets (expected %d got %d)\n", scanresp->nr_sets,
578 i / 8);
579 goto done;
580 }
581
582 for (i = 0; i < scanresp->nr_sets; i++) {
583 const u8 *bssid;
584 const u8 *ie;
585 int left;
586 int ielen;
587 int rssi;
588 u16 intvl;
589 u16 capa;
590 int chan_no = -1;
591 const u8 *ssid = NULL;
592 u8 ssid_len = 0;
593
594 int len = get_unaligned_le16(pos);
595 pos += 2;
596
597 /* BSSID */
598 bssid = pos;
599 pos += ETH_ALEN;
600 /* RSSI */
601 rssi = *pos++;
602 /* Packet time stamp */
603 pos += 8;
604 /* Beacon interval */
605 intvl = get_unaligned_le16(pos);
606 pos += 2;
607 /* Capabilities */
608 capa = get_unaligned_le16(pos);
609 pos += 2;
610
611 /* To find out the channel, we must parse the IEs */
612 ie = pos;
613 /*
614 * 6+1+8+2+2: size of BSSID, RSSI, time stamp, beacon
615 * interval, capabilities
616 */
617 ielen = left = len - (6 + 1 + 8 + 2 + 2);
618 while (left >= 2) {
619 u8 id, elen;
620 id = *pos++;
621 elen = *pos++;
622 left -= 2;
623 if (elen > left) {
624 lbs_deb_scan("scan response: invalid IE fmt\n");
625 goto done;
626 }
627
628 if (id == WLAN_EID_DS_PARAMS)
629 chan_no = *pos;
630 if (id == WLAN_EID_SSID) {
631 ssid = pos;
632 ssid_len = elen;
633 }
634 left -= elen;
635 pos += elen;
636 }
637
638 /* No channel, no luck */
639 if (chan_no != -1) {
640 struct wiphy *wiphy = priv->wdev->wiphy;
641 int freq = ieee80211_channel_to_frequency(chan_no,
642 IEEE80211_BAND_2GHZ);
643 struct ieee80211_channel *channel =
644 ieee80211_get_channel(wiphy, freq);
645
646 lbs_deb_scan("scan: %pM, capa %04x, chan %2d, %*pE, %d dBm\n",
647 bssid, capa, chan_no, ssid_len, ssid,
648 LBS_SCAN_RSSI_TO_MBM(rssi)/100);
649
650 if (channel &&
651 !(channel->flags & IEEE80211_CHAN_DISABLED)) {
652 bss = cfg80211_inform_bss(wiphy, channel,
653 CFG80211_BSS_FTYPE_UNKNOWN,
654 bssid, get_unaligned_le64(tsfdesc),
655 capa, intvl, ie, ielen,
656 LBS_SCAN_RSSI_TO_MBM(rssi),
657 GFP_KERNEL);
658 cfg80211_put_bss(wiphy, bss);
659 }
660 } else
661 lbs_deb_scan("scan response: missing BSS channel IE\n");
662
663 tsfdesc += 8;
664 }
665 ret = 0;
666
667 done:
668 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
669 return ret;
670 }
671
672
673 /*
674 * Our scan command contains a TLV, consting of a SSID TLV, a channel list
675 * TLV and a rates TLV. Determine the maximum size of them:
676 */
677 #define LBS_SCAN_MAX_CMD_SIZE \
678 (sizeof(struct cmd_ds_802_11_scan) \
679 + LBS_MAX_SSID_TLV_SIZE \
680 + LBS_MAX_CHANNEL_LIST_TLV_SIZE \
681 + LBS_MAX_RATES_TLV_SIZE)
682
683 /*
684 * Assumes priv->scan_req is initialized and valid
685 * Assumes priv->scan_channel is initialized
686 */
687 static void lbs_scan_worker(struct work_struct *work)
688 {
689 struct lbs_private *priv =
690 container_of(work, struct lbs_private, scan_work.work);
691 struct cmd_ds_802_11_scan *scan_cmd;
692 u8 *tlv; /* pointer into our current, growing TLV storage area */
693 int last_channel;
694 int running, carrier;
695
696 lbs_deb_enter(LBS_DEB_SCAN);
697
698 scan_cmd = kzalloc(LBS_SCAN_MAX_CMD_SIZE, GFP_KERNEL);
699 if (scan_cmd == NULL)
700 goto out_no_scan_cmd;
701
702 /* prepare fixed part of scan command */
703 scan_cmd->bsstype = CMD_BSS_TYPE_ANY;
704
705 /* stop network while we're away from our main channel */
706 running = !netif_queue_stopped(priv->dev);
707 carrier = netif_carrier_ok(priv->dev);
708 if (running)
709 netif_stop_queue(priv->dev);
710 if (carrier)
711 netif_carrier_off(priv->dev);
712
713 /* prepare fixed part of scan command */
714 tlv = scan_cmd->tlvbuffer;
715
716 /* add SSID TLV */
717 if (priv->scan_req->n_ssids && priv->scan_req->ssids[0].ssid_len > 0)
718 tlv += lbs_add_ssid_tlv(tlv,
719 priv->scan_req->ssids[0].ssid,
720 priv->scan_req->ssids[0].ssid_len);
721
722 /* add channel TLVs */
723 last_channel = priv->scan_channel + LBS_SCAN_BEFORE_NAP;
724 if (last_channel > priv->scan_req->n_channels)
725 last_channel = priv->scan_req->n_channels;
726 tlv += lbs_add_channel_list_tlv(priv, tlv, last_channel,
727 priv->scan_req->n_ssids);
728
729 /* add rates TLV */
730 tlv += lbs_add_supported_rates_tlv(tlv);
731
732 if (priv->scan_channel < priv->scan_req->n_channels) {
733 cancel_delayed_work(&priv->scan_work);
734 if (netif_running(priv->dev))
735 queue_delayed_work(priv->work_thread, &priv->scan_work,
736 msecs_to_jiffies(300));
737 }
738
739 /* This is the final data we are about to send */
740 scan_cmd->hdr.size = cpu_to_le16(tlv - (u8 *)scan_cmd);
741 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd,
742 sizeof(*scan_cmd));
743 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer,
744 tlv - scan_cmd->tlvbuffer);
745
746 __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr,
747 le16_to_cpu(scan_cmd->hdr.size),
748 lbs_ret_scan, 0);
749
750 if (priv->scan_channel >= priv->scan_req->n_channels) {
751 /* Mark scan done */
752 cancel_delayed_work(&priv->scan_work);
753 lbs_scan_done(priv);
754 }
755
756 /* Restart network */
757 if (carrier)
758 netif_carrier_on(priv->dev);
759 if (running && !priv->tx_pending_len)
760 netif_wake_queue(priv->dev);
761
762 kfree(scan_cmd);
763
764 /* Wake up anything waiting on scan completion */
765 if (priv->scan_req == NULL) {
766 lbs_deb_scan("scan: waking up waiters\n");
767 wake_up_all(&priv->scan_q);
768 }
769
770 out_no_scan_cmd:
771 lbs_deb_leave(LBS_DEB_SCAN);
772 }
773
774 static void _internal_start_scan(struct lbs_private *priv, bool internal,
775 struct cfg80211_scan_request *request)
776 {
777 lbs_deb_enter(LBS_DEB_CFG80211);
778
779 lbs_deb_scan("scan: ssids %d, channels %d, ie_len %zd\n",
780 request->n_ssids, request->n_channels, request->ie_len);
781
782 priv->scan_channel = 0;
783 priv->scan_req = request;
784 priv->internal_scan = internal;
785
786 queue_delayed_work(priv->work_thread, &priv->scan_work,
787 msecs_to_jiffies(50));
788
789 lbs_deb_leave(LBS_DEB_CFG80211);
790 }
791
792 /*
793 * Clean up priv->scan_req. Should be used to handle the allocation details.
794 */
795 void lbs_scan_done(struct lbs_private *priv)
796 {
797 WARN_ON(!priv->scan_req);
798
799 if (priv->internal_scan)
800 kfree(priv->scan_req);
801 else
802 cfg80211_scan_done(priv->scan_req, false);
803
804 priv->scan_req = NULL;
805 }
806
807 static int lbs_cfg_scan(struct wiphy *wiphy,
808 struct cfg80211_scan_request *request)
809 {
810 struct lbs_private *priv = wiphy_priv(wiphy);
811 int ret = 0;
812
813 lbs_deb_enter(LBS_DEB_CFG80211);
814
815 if (priv->scan_req || delayed_work_pending(&priv->scan_work)) {
816 /* old scan request not yet processed */
817 ret = -EAGAIN;
818 goto out;
819 }
820
821 _internal_start_scan(priv, false, request);
822
823 if (priv->surpriseremoved)
824 ret = -EIO;
825
826 out:
827 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
828 return ret;
829 }
830
831
832
833
834 /*
835 * Events
836 */
837
838 void lbs_send_disconnect_notification(struct lbs_private *priv,
839 bool locally_generated)
840 {
841 lbs_deb_enter(LBS_DEB_CFG80211);
842
843 cfg80211_disconnected(priv->dev, 0, NULL, 0, locally_generated,
844 GFP_KERNEL);
845
846 lbs_deb_leave(LBS_DEB_CFG80211);
847 }
848
849 void lbs_send_mic_failureevent(struct lbs_private *priv, u32 event)
850 {
851 lbs_deb_enter(LBS_DEB_CFG80211);
852
853 cfg80211_michael_mic_failure(priv->dev,
854 priv->assoc_bss,
855 event == MACREG_INT_CODE_MIC_ERR_MULTICAST ?
856 NL80211_KEYTYPE_GROUP :
857 NL80211_KEYTYPE_PAIRWISE,
858 -1,
859 NULL,
860 GFP_KERNEL);
861
862 lbs_deb_leave(LBS_DEB_CFG80211);
863 }
864
865
866
867
868 /*
869 * Connect/disconnect
870 */
871
872
873 /*
874 * This removes all WEP keys
875 */
876 static int lbs_remove_wep_keys(struct lbs_private *priv)
877 {
878 struct cmd_ds_802_11_set_wep cmd;
879 int ret;
880
881 lbs_deb_enter(LBS_DEB_CFG80211);
882
883 memset(&cmd, 0, sizeof(cmd));
884 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
885 cmd.keyindex = cpu_to_le16(priv->wep_tx_key);
886 cmd.action = cpu_to_le16(CMD_ACT_REMOVE);
887
888 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd);
889
890 lbs_deb_leave(LBS_DEB_CFG80211);
891 return ret;
892 }
893
894 /*
895 * Set WEP keys
896 */
897 static int lbs_set_wep_keys(struct lbs_private *priv)
898 {
899 struct cmd_ds_802_11_set_wep cmd;
900 int i;
901 int ret;
902
903 lbs_deb_enter(LBS_DEB_CFG80211);
904
905 /*
906 * command 13 00
907 * size 50 00
908 * sequence xx xx
909 * result 00 00
910 * action 02 00 ACT_ADD
911 * transmit key 00 00
912 * type for key 1 01 WEP40
913 * type for key 2 00
914 * type for key 3 00
915 * type for key 4 00
916 * key 1 39 39 39 39 39 00 00 00
917 * 00 00 00 00 00 00 00 00
918 * key 2 00 00 00 00 00 00 00 00
919 * 00 00 00 00 00 00 00 00
920 * key 3 00 00 00 00 00 00 00 00
921 * 00 00 00 00 00 00 00 00
922 * key 4 00 00 00 00 00 00 00 00
923 */
924 if (priv->wep_key_len[0] || priv->wep_key_len[1] ||
925 priv->wep_key_len[2] || priv->wep_key_len[3]) {
926 /* Only set wep keys if we have at least one of them */
927 memset(&cmd, 0, sizeof(cmd));
928 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
929 cmd.keyindex = cpu_to_le16(priv->wep_tx_key);
930 cmd.action = cpu_to_le16(CMD_ACT_ADD);
931
932 for (i = 0; i < 4; i++) {
933 switch (priv->wep_key_len[i]) {
934 case WLAN_KEY_LEN_WEP40:
935 cmd.keytype[i] = CMD_TYPE_WEP_40_BIT;
936 break;
937 case WLAN_KEY_LEN_WEP104:
938 cmd.keytype[i] = CMD_TYPE_WEP_104_BIT;
939 break;
940 default:
941 cmd.keytype[i] = 0;
942 break;
943 }
944 memcpy(cmd.keymaterial[i], priv->wep_key[i],
945 priv->wep_key_len[i]);
946 }
947
948 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd);
949 } else {
950 /* Otherwise remove all wep keys */
951 ret = lbs_remove_wep_keys(priv);
952 }
953
954 lbs_deb_leave(LBS_DEB_CFG80211);
955 return ret;
956 }
957
958
959 /*
960 * Enable/Disable RSN status
961 */
962 static int lbs_enable_rsn(struct lbs_private *priv, int enable)
963 {
964 struct cmd_ds_802_11_enable_rsn cmd;
965 int ret;
966
967 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", enable);
968
969 /*
970 * cmd 2f 00
971 * size 0c 00
972 * sequence xx xx
973 * result 00 00
974 * action 01 00 ACT_SET
975 * enable 01 00
976 */
977 memset(&cmd, 0, sizeof(cmd));
978 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
979 cmd.action = cpu_to_le16(CMD_ACT_SET);
980 cmd.enable = cpu_to_le16(enable);
981
982 ret = lbs_cmd_with_response(priv, CMD_802_11_ENABLE_RSN, &cmd);
983
984 lbs_deb_leave(LBS_DEB_CFG80211);
985 return ret;
986 }
987
988
989 /*
990 * Set WPA/WPA key material
991 */
992
993 /*
994 * like "struct cmd_ds_802_11_key_material", but with cmd_header. Once we
995 * get rid of WEXT, this should go into host.h
996 */
997
998 struct cmd_key_material {
999 struct cmd_header hdr;
1000
1001 __le16 action;
1002 struct MrvlIEtype_keyParamSet param;
1003 } __packed;
1004
1005 static int lbs_set_key_material(struct lbs_private *priv,
1006 int key_type, int key_info,
1007 const u8 *key, u16 key_len)
1008 {
1009 struct cmd_key_material cmd;
1010 int ret;
1011
1012 lbs_deb_enter(LBS_DEB_CFG80211);
1013
1014 /*
1015 * Example for WPA (TKIP):
1016 *
1017 * cmd 5e 00
1018 * size 34 00
1019 * sequence xx xx
1020 * result 00 00
1021 * action 01 00
1022 * TLV type 00 01 key param
1023 * length 00 26
1024 * key type 01 00 TKIP
1025 * key info 06 00 UNICAST | ENABLED
1026 * key len 20 00
1027 * key 32 bytes
1028 */
1029 memset(&cmd, 0, sizeof(cmd));
1030 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1031 cmd.action = cpu_to_le16(CMD_ACT_SET);
1032 cmd.param.type = cpu_to_le16(TLV_TYPE_KEY_MATERIAL);
1033 cmd.param.length = cpu_to_le16(sizeof(cmd.param) - 4);
1034 cmd.param.keytypeid = cpu_to_le16(key_type);
1035 cmd.param.keyinfo = cpu_to_le16(key_info);
1036 cmd.param.keylen = cpu_to_le16(key_len);
1037 if (key && key_len)
1038 memcpy(cmd.param.key, key, key_len);
1039
1040 ret = lbs_cmd_with_response(priv, CMD_802_11_KEY_MATERIAL, &cmd);
1041
1042 lbs_deb_leave(LBS_DEB_CFG80211);
1043 return ret;
1044 }
1045
1046
1047 /*
1048 * Sets the auth type (open, shared, etc) in the firmware. That
1049 * we use CMD_802_11_AUTHENTICATE is misleading, this firmware
1050 * command doesn't send an authentication frame at all, it just
1051 * stores the auth_type.
1052 */
1053 static int lbs_set_authtype(struct lbs_private *priv,
1054 struct cfg80211_connect_params *sme)
1055 {
1056 struct cmd_ds_802_11_authenticate cmd;
1057 int ret;
1058
1059 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", sme->auth_type);
1060
1061 /*
1062 * cmd 11 00
1063 * size 19 00
1064 * sequence xx xx
1065 * result 00 00
1066 * BSS id 00 13 19 80 da 30
1067 * auth type 00
1068 * reserved 00 00 00 00 00 00 00 00 00 00
1069 */
1070 memset(&cmd, 0, sizeof(cmd));
1071 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1072 if (sme->bssid)
1073 memcpy(cmd.bssid, sme->bssid, ETH_ALEN);
1074 /* convert auth_type */
1075 ret = lbs_auth_to_authtype(sme->auth_type);
1076 if (ret < 0)
1077 goto done;
1078
1079 cmd.authtype = ret;
1080 ret = lbs_cmd_with_response(priv, CMD_802_11_AUTHENTICATE, &cmd);
1081
1082 done:
1083 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1084 return ret;
1085 }
1086
1087
1088 /*
1089 * Create association request
1090 */
1091 #define LBS_ASSOC_MAX_CMD_SIZE \
1092 (sizeof(struct cmd_ds_802_11_associate) \
1093 - 512 /* cmd_ds_802_11_associate.iebuf */ \
1094 + LBS_MAX_SSID_TLV_SIZE \
1095 + LBS_MAX_CHANNEL_TLV_SIZE \
1096 + LBS_MAX_CF_PARAM_TLV_SIZE \
1097 + LBS_MAX_AUTH_TYPE_TLV_SIZE \
1098 + LBS_MAX_WPA_TLV_SIZE)
1099
1100 static int lbs_associate(struct lbs_private *priv,
1101 struct cfg80211_bss *bss,
1102 struct cfg80211_connect_params *sme)
1103 {
1104 struct cmd_ds_802_11_associate_response *resp;
1105 struct cmd_ds_802_11_associate *cmd = kzalloc(LBS_ASSOC_MAX_CMD_SIZE,
1106 GFP_KERNEL);
1107 const u8 *ssid_eid;
1108 size_t len, resp_ie_len;
1109 int status;
1110 int ret;
1111 u8 *pos;
1112 u8 *tmp;
1113
1114 lbs_deb_enter(LBS_DEB_CFG80211);
1115
1116 if (!cmd) {
1117 ret = -ENOMEM;
1118 goto done;
1119 }
1120 pos = &cmd->iebuf[0];
1121
1122 /*
1123 * cmd 50 00
1124 * length 34 00
1125 * sequence xx xx
1126 * result 00 00
1127 * BSS id 00 13 19 80 da 30
1128 * capabilities 11 00
1129 * listen interval 0a 00
1130 * beacon interval 00 00
1131 * DTIM period 00
1132 * TLVs xx (up to 512 bytes)
1133 */
1134 cmd->hdr.command = cpu_to_le16(CMD_802_11_ASSOCIATE);
1135
1136 /* Fill in static fields */
1137 memcpy(cmd->bssid, bss->bssid, ETH_ALEN);
1138 cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL);
1139 cmd->capability = cpu_to_le16(bss->capability);
1140
1141 /* add SSID TLV */
1142 rcu_read_lock();
1143 ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID);
1144 if (ssid_eid)
1145 pos += lbs_add_ssid_tlv(pos, ssid_eid + 2, ssid_eid[1]);
1146 else
1147 lbs_deb_assoc("no SSID\n");
1148 rcu_read_unlock();
1149
1150 /* add DS param TLV */
1151 if (bss->channel)
1152 pos += lbs_add_channel_tlv(pos, bss->channel->hw_value);
1153 else
1154 lbs_deb_assoc("no channel\n");
1155
1156 /* add (empty) CF param TLV */
1157 pos += lbs_add_cf_param_tlv(pos);
1158
1159 /* add rates TLV */
1160 tmp = pos + 4; /* skip Marvell IE header */
1161 pos += lbs_add_common_rates_tlv(pos, bss);
1162 lbs_deb_hex(LBS_DEB_ASSOC, "Common Rates", tmp, pos - tmp);
1163
1164 /* add auth type TLV */
1165 if (MRVL_FW_MAJOR_REV(priv->fwrelease) >= 9)
1166 pos += lbs_add_auth_type_tlv(pos, sme->auth_type);
1167
1168 /* add WPA/WPA2 TLV */
1169 if (sme->ie && sme->ie_len)
1170 pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len);
1171
1172 len = (sizeof(*cmd) - sizeof(cmd->iebuf)) +
1173 (u16)(pos - (u8 *) &cmd->iebuf);
1174 cmd->hdr.size = cpu_to_le16(len);
1175
1176 lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd,
1177 le16_to_cpu(cmd->hdr.size));
1178
1179 /* store for later use */
1180 memcpy(priv->assoc_bss, bss->bssid, ETH_ALEN);
1181
1182 ret = lbs_cmd_with_response(priv, CMD_802_11_ASSOCIATE, cmd);
1183 if (ret)
1184 goto done;
1185
1186 /* generate connect message to cfg80211 */
1187
1188 resp = (void *) cmd; /* recast for easier field access */
1189 status = le16_to_cpu(resp->statuscode);
1190
1191 /* Older FW versions map the IEEE 802.11 Status Code in the association
1192 * response to the following values returned in resp->statuscode:
1193 *
1194 * IEEE Status Code Marvell Status Code
1195 * 0 -> 0x0000 ASSOC_RESULT_SUCCESS
1196 * 13 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1197 * 14 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1198 * 15 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1199 * 16 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1200 * others -> 0x0003 ASSOC_RESULT_REFUSED
1201 *
1202 * Other response codes:
1203 * 0x0001 -> ASSOC_RESULT_INVALID_PARAMETERS (unused)
1204 * 0x0002 -> ASSOC_RESULT_TIMEOUT (internal timer expired waiting for
1205 * association response from the AP)
1206 */
1207 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) {
1208 switch (status) {
1209 case 0:
1210 break;
1211 case 1:
1212 lbs_deb_assoc("invalid association parameters\n");
1213 status = WLAN_STATUS_CAPS_UNSUPPORTED;
1214 break;
1215 case 2:
1216 lbs_deb_assoc("timer expired while waiting for AP\n");
1217 status = WLAN_STATUS_AUTH_TIMEOUT;
1218 break;
1219 case 3:
1220 lbs_deb_assoc("association refused by AP\n");
1221 status = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
1222 break;
1223 case 4:
1224 lbs_deb_assoc("authentication refused by AP\n");
1225 status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1226 break;
1227 default:
1228 lbs_deb_assoc("association failure %d\n", status);
1229 /* v5 OLPC firmware does return the AP status code if
1230 * it's not one of the values above. Let that through.
1231 */
1232 break;
1233 }
1234 }
1235
1236 lbs_deb_assoc("status %d, statuscode 0x%04x, capability 0x%04x, "
1237 "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode),
1238 le16_to_cpu(resp->capability), le16_to_cpu(resp->aid));
1239
1240 resp_ie_len = le16_to_cpu(resp->hdr.size)
1241 - sizeof(resp->hdr)
1242 - 6;
1243 cfg80211_connect_result(priv->dev,
1244 priv->assoc_bss,
1245 sme->ie, sme->ie_len,
1246 resp->iebuf, resp_ie_len,
1247 status,
1248 GFP_KERNEL);
1249
1250 if (status == 0) {
1251 /* TODO: get rid of priv->connect_status */
1252 priv->connect_status = LBS_CONNECTED;
1253 netif_carrier_on(priv->dev);
1254 if (!priv->tx_pending_len)
1255 netif_tx_wake_all_queues(priv->dev);
1256 }
1257
1258 kfree(cmd);
1259 done:
1260 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1261 return ret;
1262 }
1263
1264 static struct cfg80211_scan_request *
1265 _new_connect_scan_req(struct wiphy *wiphy, struct cfg80211_connect_params *sme)
1266 {
1267 struct cfg80211_scan_request *creq = NULL;
1268 int i, n_channels = ieee80211_get_num_supported_channels(wiphy);
1269 enum ieee80211_band band;
1270
1271 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
1272 n_channels * sizeof(void *),
1273 GFP_ATOMIC);
1274 if (!creq)
1275 return NULL;
1276
1277 /* SSIDs come after channels */
1278 creq->ssids = (void *)&creq->channels[n_channels];
1279 creq->n_channels = n_channels;
1280 creq->n_ssids = 1;
1281
1282 /* Scan all available channels */
1283 i = 0;
1284 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1285 int j;
1286
1287 if (!wiphy->bands[band])
1288 continue;
1289
1290 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1291 /* ignore disabled channels */
1292 if (wiphy->bands[band]->channels[j].flags &
1293 IEEE80211_CHAN_DISABLED)
1294 continue;
1295
1296 creq->channels[i] = &wiphy->bands[band]->channels[j];
1297 i++;
1298 }
1299 }
1300 if (i) {
1301 /* Set real number of channels specified in creq->channels[] */
1302 creq->n_channels = i;
1303
1304 /* Scan for the SSID we're going to connect to */
1305 memcpy(creq->ssids[0].ssid, sme->ssid, sme->ssid_len);
1306 creq->ssids[0].ssid_len = sme->ssid_len;
1307 } else {
1308 /* No channels found... */
1309 kfree(creq);
1310 creq = NULL;
1311 }
1312
1313 return creq;
1314 }
1315
1316 static int lbs_cfg_connect(struct wiphy *wiphy, struct net_device *dev,
1317 struct cfg80211_connect_params *sme)
1318 {
1319 struct lbs_private *priv = wiphy_priv(wiphy);
1320 struct cfg80211_bss *bss = NULL;
1321 int ret = 0;
1322 u8 preamble = RADIO_PREAMBLE_SHORT;
1323
1324 if (dev == priv->mesh_dev)
1325 return -EOPNOTSUPP;
1326
1327 lbs_deb_enter(LBS_DEB_CFG80211);
1328
1329 if (!sme->bssid) {
1330 struct cfg80211_scan_request *creq;
1331
1332 /*
1333 * Scan for the requested network after waiting for existing
1334 * scans to finish.
1335 */
1336 lbs_deb_assoc("assoc: waiting for existing scans\n");
1337 wait_event_interruptible_timeout(priv->scan_q,
1338 (priv->scan_req == NULL),
1339 (15 * HZ));
1340
1341 creq = _new_connect_scan_req(wiphy, sme);
1342 if (!creq) {
1343 ret = -EINVAL;
1344 goto done;
1345 }
1346
1347 lbs_deb_assoc("assoc: scanning for compatible AP\n");
1348 _internal_start_scan(priv, true, creq);
1349
1350 lbs_deb_assoc("assoc: waiting for scan to complete\n");
1351 wait_event_interruptible_timeout(priv->scan_q,
1352 (priv->scan_req == NULL),
1353 (15 * HZ));
1354 lbs_deb_assoc("assoc: scanning completed\n");
1355 }
1356
1357 /* Find the BSS we want using available scan results */
1358 bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid,
1359 sme->ssid, sme->ssid_len, IEEE80211_BSS_TYPE_ESS,
1360 IEEE80211_PRIVACY_ANY);
1361 if (!bss) {
1362 wiphy_err(wiphy, "assoc: bss %pM not in scan results\n",
1363 sme->bssid);
1364 ret = -ENOENT;
1365 goto done;
1366 }
1367 lbs_deb_assoc("trying %pM\n", bss->bssid);
1368 lbs_deb_assoc("cipher 0x%x, key index %d, key len %d\n",
1369 sme->crypto.cipher_group,
1370 sme->key_idx, sme->key_len);
1371
1372 /* As this is a new connection, clear locally stored WEP keys */
1373 priv->wep_tx_key = 0;
1374 memset(priv->wep_key, 0, sizeof(priv->wep_key));
1375 memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len));
1376
1377 /* set/remove WEP keys */
1378 switch (sme->crypto.cipher_group) {
1379 case WLAN_CIPHER_SUITE_WEP40:
1380 case WLAN_CIPHER_SUITE_WEP104:
1381 /* Store provided WEP keys in priv-> */
1382 priv->wep_tx_key = sme->key_idx;
1383 priv->wep_key_len[sme->key_idx] = sme->key_len;
1384 memcpy(priv->wep_key[sme->key_idx], sme->key, sme->key_len);
1385 /* Set WEP keys and WEP mode */
1386 lbs_set_wep_keys(priv);
1387 priv->mac_control |= CMD_ACT_MAC_WEP_ENABLE;
1388 lbs_set_mac_control(priv);
1389 /* No RSN mode for WEP */
1390 lbs_enable_rsn(priv, 0);
1391 break;
1392 case 0: /* there's no WLAN_CIPHER_SUITE_NONE definition */
1393 /*
1394 * If we don't have no WEP, no WPA and no WPA2,
1395 * we remove all keys like in the WPA/WPA2 setup,
1396 * we just don't set RSN.
1397 *
1398 * Therefore: fall-through
1399 */
1400 case WLAN_CIPHER_SUITE_TKIP:
1401 case WLAN_CIPHER_SUITE_CCMP:
1402 /* Remove WEP keys and WEP mode */
1403 lbs_remove_wep_keys(priv);
1404 priv->mac_control &= ~CMD_ACT_MAC_WEP_ENABLE;
1405 lbs_set_mac_control(priv);
1406
1407 /* clear the WPA/WPA2 keys */
1408 lbs_set_key_material(priv,
1409 KEY_TYPE_ID_WEP, /* doesn't matter */
1410 KEY_INFO_WPA_UNICAST,
1411 NULL, 0);
1412 lbs_set_key_material(priv,
1413 KEY_TYPE_ID_WEP, /* doesn't matter */
1414 KEY_INFO_WPA_MCAST,
1415 NULL, 0);
1416 /* RSN mode for WPA/WPA2 */
1417 lbs_enable_rsn(priv, sme->crypto.cipher_group != 0);
1418 break;
1419 default:
1420 wiphy_err(wiphy, "unsupported cipher group 0x%x\n",
1421 sme->crypto.cipher_group);
1422 ret = -ENOTSUPP;
1423 goto done;
1424 }
1425
1426 ret = lbs_set_authtype(priv, sme);
1427 if (ret == -ENOTSUPP) {
1428 wiphy_err(wiphy, "unsupported authtype 0x%x\n", sme->auth_type);
1429 goto done;
1430 }
1431
1432 lbs_set_radio(priv, preamble, 1);
1433
1434 /* Do the actual association */
1435 ret = lbs_associate(priv, bss, sme);
1436
1437 done:
1438 if (bss)
1439 cfg80211_put_bss(wiphy, bss);
1440 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1441 return ret;
1442 }
1443
1444 int lbs_disconnect(struct lbs_private *priv, u16 reason)
1445 {
1446 struct cmd_ds_802_11_deauthenticate cmd;
1447 int ret;
1448
1449 memset(&cmd, 0, sizeof(cmd));
1450 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1451 /* Mildly ugly to use a locally store my own BSSID ... */
1452 memcpy(cmd.macaddr, &priv->assoc_bss, ETH_ALEN);
1453 cmd.reasoncode = cpu_to_le16(reason);
1454
1455 ret = lbs_cmd_with_response(priv, CMD_802_11_DEAUTHENTICATE, &cmd);
1456 if (ret)
1457 return ret;
1458
1459 cfg80211_disconnected(priv->dev,
1460 reason,
1461 NULL, 0, true,
1462 GFP_KERNEL);
1463 priv->connect_status = LBS_DISCONNECTED;
1464
1465 return 0;
1466 }
1467
1468 static int lbs_cfg_disconnect(struct wiphy *wiphy, struct net_device *dev,
1469 u16 reason_code)
1470 {
1471 struct lbs_private *priv = wiphy_priv(wiphy);
1472
1473 if (dev == priv->mesh_dev)
1474 return -EOPNOTSUPP;
1475
1476 lbs_deb_enter_args(LBS_DEB_CFG80211, "reason_code %d", reason_code);
1477
1478 /* store for lbs_cfg_ret_disconnect() */
1479 priv->disassoc_reason = reason_code;
1480
1481 return lbs_disconnect(priv, reason_code);
1482 }
1483
1484 static int lbs_cfg_set_default_key(struct wiphy *wiphy,
1485 struct net_device *netdev,
1486 u8 key_index, bool unicast,
1487 bool multicast)
1488 {
1489 struct lbs_private *priv = wiphy_priv(wiphy);
1490
1491 if (netdev == priv->mesh_dev)
1492 return -EOPNOTSUPP;
1493
1494 lbs_deb_enter(LBS_DEB_CFG80211);
1495
1496 if (key_index != priv->wep_tx_key) {
1497 lbs_deb_assoc("set_default_key: to %d\n", key_index);
1498 priv->wep_tx_key = key_index;
1499 lbs_set_wep_keys(priv);
1500 }
1501
1502 return 0;
1503 }
1504
1505
1506 static int lbs_cfg_add_key(struct wiphy *wiphy, struct net_device *netdev,
1507 u8 idx, bool pairwise, const u8 *mac_addr,
1508 struct key_params *params)
1509 {
1510 struct lbs_private *priv = wiphy_priv(wiphy);
1511 u16 key_info;
1512 u16 key_type;
1513 int ret = 0;
1514
1515 if (netdev == priv->mesh_dev)
1516 return -EOPNOTSUPP;
1517
1518 lbs_deb_enter(LBS_DEB_CFG80211);
1519
1520 lbs_deb_assoc("add_key: cipher 0x%x, mac_addr %pM\n",
1521 params->cipher, mac_addr);
1522 lbs_deb_assoc("add_key: key index %d, key len %d\n",
1523 idx, params->key_len);
1524 if (params->key_len)
1525 lbs_deb_hex(LBS_DEB_CFG80211, "KEY",
1526 params->key, params->key_len);
1527
1528 lbs_deb_assoc("add_key: seq len %d\n", params->seq_len);
1529 if (params->seq_len)
1530 lbs_deb_hex(LBS_DEB_CFG80211, "SEQ",
1531 params->seq, params->seq_len);
1532
1533 switch (params->cipher) {
1534 case WLAN_CIPHER_SUITE_WEP40:
1535 case WLAN_CIPHER_SUITE_WEP104:
1536 /* actually compare if something has changed ... */
1537 if ((priv->wep_key_len[idx] != params->key_len) ||
1538 memcmp(priv->wep_key[idx],
1539 params->key, params->key_len) != 0) {
1540 priv->wep_key_len[idx] = params->key_len;
1541 memcpy(priv->wep_key[idx],
1542 params->key, params->key_len);
1543 lbs_set_wep_keys(priv);
1544 }
1545 break;
1546 case WLAN_CIPHER_SUITE_TKIP:
1547 case WLAN_CIPHER_SUITE_CCMP:
1548 key_info = KEY_INFO_WPA_ENABLED | ((idx == 0)
1549 ? KEY_INFO_WPA_UNICAST
1550 : KEY_INFO_WPA_MCAST);
1551 key_type = (params->cipher == WLAN_CIPHER_SUITE_TKIP)
1552 ? KEY_TYPE_ID_TKIP
1553 : KEY_TYPE_ID_AES;
1554 lbs_set_key_material(priv,
1555 key_type,
1556 key_info,
1557 params->key, params->key_len);
1558 break;
1559 default:
1560 wiphy_err(wiphy, "unhandled cipher 0x%x\n", params->cipher);
1561 ret = -ENOTSUPP;
1562 break;
1563 }
1564
1565 return ret;
1566 }
1567
1568
1569 static int lbs_cfg_del_key(struct wiphy *wiphy, struct net_device *netdev,
1570 u8 key_index, bool pairwise, const u8 *mac_addr)
1571 {
1572
1573 lbs_deb_enter(LBS_DEB_CFG80211);
1574
1575 lbs_deb_assoc("del_key: key_idx %d, mac_addr %pM\n",
1576 key_index, mac_addr);
1577
1578 #ifdef TODO
1579 struct lbs_private *priv = wiphy_priv(wiphy);
1580 /*
1581 * I think can keep this a NO-OP, because:
1582
1583 * - we clear all keys whenever we do lbs_cfg_connect() anyway
1584 * - neither "iw" nor "wpa_supplicant" won't call this during
1585 * an ongoing connection
1586 * - TODO: but I have to check if this is still true when
1587 * I set the AP to periodic re-keying
1588 * - we've not kzallec() something when we've added a key at
1589 * lbs_cfg_connect() or lbs_cfg_add_key().
1590 *
1591 * This causes lbs_cfg_del_key() only called at disconnect time,
1592 * where we'd just waste time deleting a key that is not going
1593 * to be used anyway.
1594 */
1595 if (key_index < 3 && priv->wep_key_len[key_index]) {
1596 priv->wep_key_len[key_index] = 0;
1597 lbs_set_wep_keys(priv);
1598 }
1599 #endif
1600
1601 return 0;
1602 }
1603
1604
1605 /*
1606 * Get station
1607 */
1608
1609 static int lbs_cfg_get_station(struct wiphy *wiphy, struct net_device *dev,
1610 const u8 *mac, struct station_info *sinfo)
1611 {
1612 struct lbs_private *priv = wiphy_priv(wiphy);
1613 s8 signal, noise;
1614 int ret;
1615 size_t i;
1616
1617 lbs_deb_enter(LBS_DEB_CFG80211);
1618
1619 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BYTES) |
1620 BIT(NL80211_STA_INFO_TX_PACKETS) |
1621 BIT(NL80211_STA_INFO_RX_BYTES) |
1622 BIT(NL80211_STA_INFO_RX_PACKETS);
1623 sinfo->tx_bytes = priv->dev->stats.tx_bytes;
1624 sinfo->tx_packets = priv->dev->stats.tx_packets;
1625 sinfo->rx_bytes = priv->dev->stats.rx_bytes;
1626 sinfo->rx_packets = priv->dev->stats.rx_packets;
1627
1628 /* Get current RSSI */
1629 ret = lbs_get_rssi(priv, &signal, &noise);
1630 if (ret == 0) {
1631 sinfo->signal = signal;
1632 sinfo->filled |= BIT(NL80211_STA_INFO_SIGNAL);
1633 }
1634
1635 /* Convert priv->cur_rate from hw_value to NL80211 value */
1636 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) {
1637 if (priv->cur_rate == lbs_rates[i].hw_value) {
1638 sinfo->txrate.legacy = lbs_rates[i].bitrate;
1639 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BITRATE);
1640 break;
1641 }
1642 }
1643
1644 return 0;
1645 }
1646
1647
1648
1649
1650 /*
1651 * Change interface
1652 */
1653
1654 static int lbs_change_intf(struct wiphy *wiphy, struct net_device *dev,
1655 enum nl80211_iftype type, u32 *flags,
1656 struct vif_params *params)
1657 {
1658 struct lbs_private *priv = wiphy_priv(wiphy);
1659 int ret = 0;
1660
1661 if (dev == priv->mesh_dev)
1662 return -EOPNOTSUPP;
1663
1664 switch (type) {
1665 case NL80211_IFTYPE_MONITOR:
1666 case NL80211_IFTYPE_STATION:
1667 case NL80211_IFTYPE_ADHOC:
1668 break;
1669 default:
1670 return -EOPNOTSUPP;
1671 }
1672
1673 lbs_deb_enter(LBS_DEB_CFG80211);
1674
1675 if (priv->iface_running)
1676 ret = lbs_set_iface_type(priv, type);
1677
1678 if (!ret)
1679 priv->wdev->iftype = type;
1680
1681 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1682 return ret;
1683 }
1684
1685
1686
1687 /*
1688 * IBSS (Ad-Hoc)
1689 */
1690
1691 /*
1692 * The firmware needs the following bits masked out of the beacon-derived
1693 * capability field when associating/joining to a BSS:
1694 * 9 (QoS), 11 (APSD), 12 (unused), 14 (unused), 15 (unused)
1695 */
1696 #define CAPINFO_MASK (~(0xda00))
1697
1698
1699 static void lbs_join_post(struct lbs_private *priv,
1700 struct cfg80211_ibss_params *params,
1701 u8 *bssid, u16 capability)
1702 {
1703 u8 fake_ie[2 + IEEE80211_MAX_SSID_LEN + /* ssid */
1704 2 + 4 + /* basic rates */
1705 2 + 1 + /* DS parameter */
1706 2 + 2 + /* atim */
1707 2 + 8]; /* extended rates */
1708 u8 *fake = fake_ie;
1709 struct cfg80211_bss *bss;
1710
1711 lbs_deb_enter(LBS_DEB_CFG80211);
1712
1713 /*
1714 * For cfg80211_inform_bss, we'll need a fake IE, as we can't get
1715 * the real IE from the firmware. So we fabricate a fake IE based on
1716 * what the firmware actually sends (sniffed with wireshark).
1717 */
1718 /* Fake SSID IE */
1719 *fake++ = WLAN_EID_SSID;
1720 *fake++ = params->ssid_len;
1721 memcpy(fake, params->ssid, params->ssid_len);
1722 fake += params->ssid_len;
1723 /* Fake supported basic rates IE */
1724 *fake++ = WLAN_EID_SUPP_RATES;
1725 *fake++ = 4;
1726 *fake++ = 0x82;
1727 *fake++ = 0x84;
1728 *fake++ = 0x8b;
1729 *fake++ = 0x96;
1730 /* Fake DS channel IE */
1731 *fake++ = WLAN_EID_DS_PARAMS;
1732 *fake++ = 1;
1733 *fake++ = params->chandef.chan->hw_value;
1734 /* Fake IBSS params IE */
1735 *fake++ = WLAN_EID_IBSS_PARAMS;
1736 *fake++ = 2;
1737 *fake++ = 0; /* ATIM=0 */
1738 *fake++ = 0;
1739 /* Fake extended rates IE, TODO: don't add this for 802.11b only,
1740 * but I don't know how this could be checked */
1741 *fake++ = WLAN_EID_EXT_SUPP_RATES;
1742 *fake++ = 8;
1743 *fake++ = 0x0c;
1744 *fake++ = 0x12;
1745 *fake++ = 0x18;
1746 *fake++ = 0x24;
1747 *fake++ = 0x30;
1748 *fake++ = 0x48;
1749 *fake++ = 0x60;
1750 *fake++ = 0x6c;
1751 lbs_deb_hex(LBS_DEB_CFG80211, "IE", fake_ie, fake - fake_ie);
1752
1753 bss = cfg80211_inform_bss(priv->wdev->wiphy,
1754 params->chandef.chan,
1755 CFG80211_BSS_FTYPE_UNKNOWN,
1756 bssid,
1757 0,
1758 capability,
1759 params->beacon_interval,
1760 fake_ie, fake - fake_ie,
1761 0, GFP_KERNEL);
1762 cfg80211_put_bss(priv->wdev->wiphy, bss);
1763
1764 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len);
1765 priv->wdev->ssid_len = params->ssid_len;
1766
1767 cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan,
1768 GFP_KERNEL);
1769
1770 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */
1771 priv->connect_status = LBS_CONNECTED;
1772 netif_carrier_on(priv->dev);
1773 if (!priv->tx_pending_len)
1774 netif_wake_queue(priv->dev);
1775
1776 lbs_deb_leave(LBS_DEB_CFG80211);
1777 }
1778
1779 static int lbs_ibss_join_existing(struct lbs_private *priv,
1780 struct cfg80211_ibss_params *params,
1781 struct cfg80211_bss *bss)
1782 {
1783 const u8 *rates_eid;
1784 struct cmd_ds_802_11_ad_hoc_join cmd;
1785 u8 preamble = RADIO_PREAMBLE_SHORT;
1786 int ret = 0;
1787
1788 lbs_deb_enter(LBS_DEB_CFG80211);
1789
1790 /* TODO: set preamble based on scan result */
1791 ret = lbs_set_radio(priv, preamble, 1);
1792 if (ret)
1793 goto out;
1794
1795 /*
1796 * Example CMD_802_11_AD_HOC_JOIN command:
1797 *
1798 * command 2c 00 CMD_802_11_AD_HOC_JOIN
1799 * size 65 00
1800 * sequence xx xx
1801 * result 00 00
1802 * bssid 02 27 27 97 2f 96
1803 * ssid 49 42 53 53 00 00 00 00
1804 * 00 00 00 00 00 00 00 00
1805 * 00 00 00 00 00 00 00 00
1806 * 00 00 00 00 00 00 00 00
1807 * type 02 CMD_BSS_TYPE_IBSS
1808 * beacon period 64 00
1809 * dtim period 00
1810 * timestamp 00 00 00 00 00 00 00 00
1811 * localtime 00 00 00 00 00 00 00 00
1812 * IE DS 03
1813 * IE DS len 01
1814 * IE DS channel 01
1815 * reserveed 00 00 00 00
1816 * IE IBSS 06
1817 * IE IBSS len 02
1818 * IE IBSS atim 00 00
1819 * reserved 00 00 00 00
1820 * capability 02 00
1821 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 00
1822 * fail timeout ff 00
1823 * probe delay 00 00
1824 */
1825 memset(&cmd, 0, sizeof(cmd));
1826 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1827
1828 memcpy(cmd.bss.bssid, bss->bssid, ETH_ALEN);
1829 memcpy(cmd.bss.ssid, params->ssid, params->ssid_len);
1830 cmd.bss.type = CMD_BSS_TYPE_IBSS;
1831 cmd.bss.beaconperiod = cpu_to_le16(params->beacon_interval);
1832 cmd.bss.ds.header.id = WLAN_EID_DS_PARAMS;
1833 cmd.bss.ds.header.len = 1;
1834 cmd.bss.ds.channel = params->chandef.chan->hw_value;
1835 cmd.bss.ibss.header.id = WLAN_EID_IBSS_PARAMS;
1836 cmd.bss.ibss.header.len = 2;
1837 cmd.bss.ibss.atimwindow = 0;
1838 cmd.bss.capability = cpu_to_le16(bss->capability & CAPINFO_MASK);
1839
1840 /* set rates to the intersection of our rates and the rates in the
1841 bss */
1842 rcu_read_lock();
1843 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1844 if (!rates_eid) {
1845 lbs_add_rates(cmd.bss.rates);
1846 } else {
1847 int hw, i;
1848 u8 rates_max = rates_eid[1];
1849 u8 *rates = cmd.bss.rates;
1850 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) {
1851 u8 hw_rate = lbs_rates[hw].bitrate / 5;
1852 for (i = 0; i < rates_max; i++) {
1853 if (hw_rate == (rates_eid[i+2] & 0x7f)) {
1854 u8 rate = rates_eid[i+2];
1855 if (rate == 0x02 || rate == 0x04 ||
1856 rate == 0x0b || rate == 0x16)
1857 rate |= 0x80;
1858 *rates++ = rate;
1859 }
1860 }
1861 }
1862 }
1863 rcu_read_unlock();
1864
1865 /* Only v8 and below support setting this */
1866 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) {
1867 cmd.failtimeout = cpu_to_le16(MRVDRV_ASSOCIATION_TIME_OUT);
1868 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME);
1869 }
1870 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_JOIN, &cmd);
1871 if (ret)
1872 goto out;
1873
1874 /*
1875 * This is a sample response to CMD_802_11_AD_HOC_JOIN:
1876 *
1877 * response 2c 80
1878 * size 09 00
1879 * sequence xx xx
1880 * result 00 00
1881 * reserved 00
1882 */
1883 lbs_join_post(priv, params, bss->bssid, bss->capability);
1884
1885 out:
1886 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1887 return ret;
1888 }
1889
1890
1891
1892 static int lbs_ibss_start_new(struct lbs_private *priv,
1893 struct cfg80211_ibss_params *params)
1894 {
1895 struct cmd_ds_802_11_ad_hoc_start cmd;
1896 struct cmd_ds_802_11_ad_hoc_result *resp =
1897 (struct cmd_ds_802_11_ad_hoc_result *) &cmd;
1898 u8 preamble = RADIO_PREAMBLE_SHORT;
1899 int ret = 0;
1900 u16 capability;
1901
1902 lbs_deb_enter(LBS_DEB_CFG80211);
1903
1904 ret = lbs_set_radio(priv, preamble, 1);
1905 if (ret)
1906 goto out;
1907
1908 /*
1909 * Example CMD_802_11_AD_HOC_START command:
1910 *
1911 * command 2b 00 CMD_802_11_AD_HOC_START
1912 * size b1 00
1913 * sequence xx xx
1914 * result 00 00
1915 * ssid 54 45 53 54 00 00 00 00
1916 * 00 00 00 00 00 00 00 00
1917 * 00 00 00 00 00 00 00 00
1918 * 00 00 00 00 00 00 00 00
1919 * bss type 02
1920 * beacon period 64 00
1921 * dtim period 00
1922 * IE IBSS 06
1923 * IE IBSS len 02
1924 * IE IBSS atim 00 00
1925 * reserved 00 00 00 00
1926 * IE DS 03
1927 * IE DS len 01
1928 * IE DS channel 01
1929 * reserved 00 00 00 00
1930 * probe delay 00 00
1931 * capability 02 00
1932 * rates 82 84 8b 96 (basic rates with have bit 7 set)
1933 * 0c 12 18 24 30 48 60 6c
1934 * padding 100 bytes
1935 */
1936 memset(&cmd, 0, sizeof(cmd));
1937 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1938 memcpy(cmd.ssid, params->ssid, params->ssid_len);
1939 cmd.bsstype = CMD_BSS_TYPE_IBSS;
1940 cmd.beaconperiod = cpu_to_le16(params->beacon_interval);
1941 cmd.ibss.header.id = WLAN_EID_IBSS_PARAMS;
1942 cmd.ibss.header.len = 2;
1943 cmd.ibss.atimwindow = 0;
1944 cmd.ds.header.id = WLAN_EID_DS_PARAMS;
1945 cmd.ds.header.len = 1;
1946 cmd.ds.channel = params->chandef.chan->hw_value;
1947 /* Only v8 and below support setting probe delay */
1948 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8)
1949 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME);
1950 /* TODO: mix in WLAN_CAPABILITY_PRIVACY */
1951 capability = WLAN_CAPABILITY_IBSS;
1952 cmd.capability = cpu_to_le16(capability);
1953 lbs_add_rates(cmd.rates);
1954
1955
1956 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_START, &cmd);
1957 if (ret)
1958 goto out;
1959
1960 /*
1961 * This is a sample response to CMD_802_11_AD_HOC_JOIN:
1962 *
1963 * response 2b 80
1964 * size 14 00
1965 * sequence xx xx
1966 * result 00 00
1967 * reserved 00
1968 * bssid 02 2b 7b 0f 86 0e
1969 */
1970 lbs_join_post(priv, params, resp->bssid, capability);
1971
1972 out:
1973 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1974 return ret;
1975 }
1976
1977
1978 static int lbs_join_ibss(struct wiphy *wiphy, struct net_device *dev,
1979 struct cfg80211_ibss_params *params)
1980 {
1981 struct lbs_private *priv = wiphy_priv(wiphy);
1982 int ret = 0;
1983 struct cfg80211_bss *bss;
1984
1985 if (dev == priv->mesh_dev)
1986 return -EOPNOTSUPP;
1987
1988 lbs_deb_enter(LBS_DEB_CFG80211);
1989
1990 if (!params->chandef.chan) {
1991 ret = -ENOTSUPP;
1992 goto out;
1993 }
1994
1995 ret = lbs_set_channel(priv, params->chandef.chan->hw_value);
1996 if (ret)
1997 goto out;
1998
1999 /* Search if someone is beaconing. This assumes that the
2000 * bss list is populated already */
2001 bss = cfg80211_get_bss(wiphy, params->chandef.chan, params->bssid,
2002 params->ssid, params->ssid_len,
2003 IEEE80211_BSS_TYPE_IBSS, IEEE80211_PRIVACY_ANY);
2004
2005 if (bss) {
2006 ret = lbs_ibss_join_existing(priv, params, bss);
2007 cfg80211_put_bss(wiphy, bss);
2008 } else
2009 ret = lbs_ibss_start_new(priv, params);
2010
2011
2012 out:
2013 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2014 return ret;
2015 }
2016
2017
2018 static int lbs_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
2019 {
2020 struct lbs_private *priv = wiphy_priv(wiphy);
2021 struct cmd_ds_802_11_ad_hoc_stop cmd;
2022 int ret = 0;
2023
2024 if (dev == priv->mesh_dev)
2025 return -EOPNOTSUPP;
2026
2027 lbs_deb_enter(LBS_DEB_CFG80211);
2028
2029 memset(&cmd, 0, sizeof(cmd));
2030 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
2031 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_STOP, &cmd);
2032
2033 /* TODO: consider doing this at MACREG_INT_CODE_ADHOC_BCN_LOST time */
2034 lbs_mac_event_disconnected(priv, true);
2035
2036 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2037 return ret;
2038 }
2039
2040
2041
2042
2043 /*
2044 * Initialization
2045 */
2046
2047 static struct cfg80211_ops lbs_cfg80211_ops = {
2048 .set_monitor_channel = lbs_cfg_set_monitor_channel,
2049 .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel,
2050 .scan = lbs_cfg_scan,
2051 .connect = lbs_cfg_connect,
2052 .disconnect = lbs_cfg_disconnect,
2053 .add_key = lbs_cfg_add_key,
2054 .del_key = lbs_cfg_del_key,
2055 .set_default_key = lbs_cfg_set_default_key,
2056 .get_station = lbs_cfg_get_station,
2057 .change_virtual_intf = lbs_change_intf,
2058 .join_ibss = lbs_join_ibss,
2059 .leave_ibss = lbs_leave_ibss,
2060 };
2061
2062
2063 /*
2064 * At this time lbs_private *priv doesn't even exist, so we just allocate
2065 * memory and don't initialize the wiphy further. This is postponed until we
2066 * can talk to the firmware and happens at registration time in
2067 * lbs_cfg_wiphy_register().
2068 */
2069 struct wireless_dev *lbs_cfg_alloc(struct device *dev)
2070 {
2071 int ret = 0;
2072 struct wireless_dev *wdev;
2073
2074 lbs_deb_enter(LBS_DEB_CFG80211);
2075
2076 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);
2077 if (!wdev)
2078 return ERR_PTR(-ENOMEM);
2079
2080 wdev->wiphy = wiphy_new(&lbs_cfg80211_ops, sizeof(struct lbs_private));
2081 if (!wdev->wiphy) {
2082 dev_err(dev, "cannot allocate wiphy\n");
2083 ret = -ENOMEM;
2084 goto err_wiphy_new;
2085 }
2086
2087 lbs_deb_leave(LBS_DEB_CFG80211);
2088 return wdev;
2089
2090 err_wiphy_new:
2091 kfree(wdev);
2092 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2093 return ERR_PTR(ret);
2094 }
2095
2096
2097 static void lbs_cfg_set_regulatory_hint(struct lbs_private *priv)
2098 {
2099 struct region_code_mapping {
2100 const char *cn;
2101 int code;
2102 };
2103
2104 /* Section 5.17.2 */
2105 static const struct region_code_mapping regmap[] = {
2106 {"US ", 0x10}, /* US FCC */
2107 {"CA ", 0x20}, /* Canada */
2108 {"EU ", 0x30}, /* ETSI */
2109 {"ES ", 0x31}, /* Spain */
2110 {"FR ", 0x32}, /* France */
2111 {"JP ", 0x40}, /* Japan */
2112 };
2113 size_t i;
2114
2115 lbs_deb_enter(LBS_DEB_CFG80211);
2116
2117 for (i = 0; i < ARRAY_SIZE(regmap); i++)
2118 if (regmap[i].code == priv->regioncode) {
2119 regulatory_hint(priv->wdev->wiphy, regmap[i].cn);
2120 break;
2121 }
2122
2123 lbs_deb_leave(LBS_DEB_CFG80211);
2124 }
2125
2126 static void lbs_reg_notifier(struct wiphy *wiphy,
2127 struct regulatory_request *request)
2128 {
2129 struct lbs_private *priv = wiphy_priv(wiphy);
2130
2131 lbs_deb_enter_args(LBS_DEB_CFG80211, "cfg80211 regulatory domain "
2132 "callback for domain %c%c\n", request->alpha2[0],
2133 request->alpha2[1]);
2134
2135 memcpy(priv->country_code, request->alpha2, sizeof(request->alpha2));
2136 if (lbs_iface_active(priv))
2137 lbs_set_11d_domain_info(priv);
2138
2139 lbs_deb_leave(LBS_DEB_CFG80211);
2140 }
2141
2142 /*
2143 * This function get's called after lbs_setup_firmware() determined the
2144 * firmware capabities. So we can setup the wiphy according to our
2145 * hardware/firmware.
2146 */
2147 int lbs_cfg_register(struct lbs_private *priv)
2148 {
2149 struct wireless_dev *wdev = priv->wdev;
2150 int ret;
2151
2152 lbs_deb_enter(LBS_DEB_CFG80211);
2153
2154 wdev->wiphy->max_scan_ssids = 1;
2155 wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
2156
2157 wdev->wiphy->interface_modes =
2158 BIT(NL80211_IFTYPE_STATION) |
2159 BIT(NL80211_IFTYPE_ADHOC);
2160 if (lbs_rtap_supported(priv))
2161 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
2162 if (lbs_mesh_activated(priv))
2163 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MESH_POINT);
2164
2165 wdev->wiphy->bands[IEEE80211_BAND_2GHZ] = &lbs_band_2ghz;
2166
2167 /*
2168 * We could check priv->fwcapinfo && FW_CAPINFO_WPA, but I have
2169 * never seen a firmware without WPA
2170 */
2171 wdev->wiphy->cipher_suites = cipher_suites;
2172 wdev->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);
2173 wdev->wiphy->reg_notifier = lbs_reg_notifier;
2174
2175 ret = wiphy_register(wdev->wiphy);
2176 if (ret < 0)
2177 pr_err("cannot register wiphy device\n");
2178
2179 priv->wiphy_registered = true;
2180
2181 ret = register_netdev(priv->dev);
2182 if (ret)
2183 pr_err("cannot register network device\n");
2184
2185 INIT_DELAYED_WORK(&priv->scan_work, lbs_scan_worker);
2186
2187 lbs_cfg_set_regulatory_hint(priv);
2188
2189 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2190 return ret;
2191 }
2192
2193 void lbs_scan_deinit(struct lbs_private *priv)
2194 {
2195 lbs_deb_enter(LBS_DEB_CFG80211);
2196 cancel_delayed_work_sync(&priv->scan_work);
2197 }
2198
2199
2200 void lbs_cfg_free(struct lbs_private *priv)
2201 {
2202 struct wireless_dev *wdev = priv->wdev;
2203
2204 lbs_deb_enter(LBS_DEB_CFG80211);
2205
2206 if (!wdev)
2207 return;
2208
2209 if (priv->wiphy_registered)
2210 wiphy_unregister(wdev->wiphy);
2211
2212 if (wdev->wiphy)
2213 wiphy_free(wdev->wiphy);
2214
2215 kfree(wdev);
2216 } 1
2 #include <linux/kernel.h>
3 #include <linux/mutex.h>
4 #include <linux/spinlock.h>
5 #include <linux/errno.h>
6 #include <verifier/rcv.h>
7 #include <linux/list.h>
8
9 /* mutexes */
10 extern int mutex_lock_interruptible(struct mutex *lock);
11 extern int mutex_lock_killable(struct mutex *lock);
12 extern void mutex_lock(struct mutex *lock);
13
14 /* mutex model functions */
15 extern void ldv_mutex_lock(struct mutex *lock, char *sign);
16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign);
17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign);
18
19
20 /* Spin locks */
21 extern void __ldv_spin_lock(spinlock_t *lock);
22 extern void __ldv_spin_unlock(spinlock_t *lock);
23 extern int __ldv_spin_trylock(spinlock_t *lock);
24 extern void __ldv_spin_unlock_wait(spinlock_t *lock);
25 extern void __ldv_spin_can_lock(spinlock_t *lock);
26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock);
27
28 /* spin model functions */
29 extern void ldv_spin_lock(spinlock_t *lock, char *sign);
30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign);
31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign);
32
33 /* Support for list binder functions */
34 static inline struct list_head *ldv_list_get_first(struct list_head *head) {
35 return head->next;
36 }
37
38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) {
39 return pos==head;
40 }
41
42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) {
43 return pos->next;
44 }
45
46 #include <linux/mutex.h>
47 #include <linux/slab.h>
48 #include <verifier/rcv.h>
49 #include <linux/timer.h>
50 #include <linux/rtnetlink.h>
51 #include <linux/gfp.h>
52 extern int ldv_state_variable_8;
53 extern int ldv_state_variable_15;
54 extern int ldv_timer_1_3;
55 extern struct timer_list * ldv_timer_list_2_0;
56 extern int ldv_timer_2_1;
57 extern int ldv_state_variable_0;
58 extern int ldv_state_variable_5;
59 extern int ldv_state_variable_13;
60 extern int ldv_state_variable_12;
61 extern struct device_attribute *dev_attr_protocol_id_group1;
62 extern struct timer_list * ldv_timer_list_3_1;
63 extern int ldv_state_variable_14;
64 extern struct device_attribute *dev_attr_capability_group1;
65 extern struct timer_list * ldv_timer_list_3_2;
66 extern int ldv_timer_2_2;
67 extern struct net_device *lbs_ethtool_ops_group0;
68 extern int ldv_timer_3_3;
69 extern int ldv_timer_2_3;
70 extern struct device_attribute *dev_attr_lbs_mesh_group1;
71 extern int ldv_timer_1_0;
72 extern int ldv_state_variable_17;
73 extern struct timer_list * ldv_timer_list_3_3;
74 extern int ldv_state_variable_9;
75 extern int ldv_timer_3_1;
76 extern int ref_cnt;
77 extern int ldv_state_variable_1;
78 extern int ldv_state_variable_7;
79 extern struct device_attribute *dev_attr_metric_id_group1;
80 extern struct net_device *lbs_netdev_ops_group1;
81 extern struct timer_list * ldv_timer_list_1_3;
82 extern struct net_device *lbs_cfg80211_ops_group0;
83 extern int ldv_state_variable_10;
84 extern struct timer_list * ldv_timer_list_1_1;
85 extern struct file *lbs_debug_fops_group2;
86 extern struct timer_list * ldv_timer_list_2_1;
87 extern struct wiphy *lbs_cfg80211_ops_group1;
88 extern struct timer_list * ldv_timer_list_1_0;
89 extern int ldv_state_variable_6;
90 extern int ldv_timer_1_2;
91 extern int ldv_state_variable_16;
92 extern struct device_attribute *dev_attr_channel_group1;
93 extern int ldv_timer_2_0;
94 extern int ldv_timer_1_1;
95 extern int ldv_state_variable_2;
96 extern struct timer_list * ldv_timer_list_1_2;
97 extern struct device_attribute *dev_attr_anycast_mask_group1;
98 extern int ldv_state_variable_11;
99 extern struct device_attribute *dev_attr_bootflag_group1;
100 extern int LDV_IN_INTERRUPT = 1;
101 extern int ldv_state_variable_18;
102 extern struct net_device *mesh_netdev_ops_group1;
103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1;
104 extern struct inode *lbs_debug_fops_group1;
105 extern int ldv_timer_3_2;
106 extern struct mutex fs_mutex;
107 extern int ldv_state_variable_3;
108 extern struct mutex ar_mutex;
109 extern struct timer_list * ldv_timer_list_2_3;
110 extern struct device_attribute *dev_attr_boottime_group1;
111 extern int ldv_timer_3_0;
112 extern struct timer_list * ldv_timer_list_3_0;
113 extern struct device_attribute *dev_attr_mesh_id_group1;
114 extern struct timer_list * ldv_timer_list_2_2;
115 extern int ldv_state_variable_4;
116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1;
117 extern void ldv_initialyze_cfg80211_ops_18(void);
118 extern int evil_hack_15(void);
119 extern void choose_timer_2(void);
120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag);
122 extern void choose_timer_3(void);
123 extern void timer_init_3(void);
124 extern void ldv_net_device_ops_4(void);
125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag);
126 extern void timer_init_2(void);
127 extern void timer_init_1(void);
128 extern void ldv_net_device_ops_15(void);
129 extern void disable_suitable_timer_3(struct timer_list * timer);
130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data);
131 extern int evil_hack_4(void);
132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
133 extern void disable_suitable_timer_2(struct timer_list * timer);
134 extern void disable_suitable_timer_1(struct timer_list * timer);
135 extern int evil_hack_fs_lock(void);
136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data);
137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag);
138 extern int __VERIFIER_nondet_int(void);
139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
140 extern void ldv_file_operations_17(void);
141 extern void ldv_initialyze_ethtool_ops_16(void);
142 extern void choose_timer_1(void);
143 extern void ldv_timer_1(int state, struct timer_list * timer);
144 extern int evil_hack_ar_lock(void);
145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data);
146 extern void ldv_timer_2(int state, struct timer_list * timer);
147 extern void ldv_timer_3(int state, struct timer_list * timer);
148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cfg.c"
149 /*
150 * Implement cfg80211 ("iw") support.
151 *
152 * Copyright (C) 2009 M&N Solutions GmbH, 61191 Rosbach, Germany
153 * Holger Schurig <hs4233@mail.mn-solutions.de>
154 *
155 */
156
157 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
158
159 #include <linux/hardirq.h>
160 #include <linux/sched.h>
161 #include <linux/wait.h>
162 #include <linux/slab.h>
163 #include <linux/ieee80211.h>
164 #include <net/cfg80211.h>
165 #include <asm/unaligned.h>
166
167 #include "decl.h"
168 #include "cfg.h"
169 #include "cmd.h"
170 #include "mesh.h"
171
172
173 #define CHAN2G(_channel, _freq, _flags) { \
174 .band = IEEE80211_BAND_2GHZ, \
175 .center_freq = (_freq), \
176 .hw_value = (_channel), \
177 .flags = (_flags), \
178 .max_antenna_gain = 0, \
179 .max_power = 30, \
180 }
181
182 static struct ieee80211_channel lbs_2ghz_channels[] = {
183 CHAN2G(1, 2412, 0),
184 CHAN2G(2, 2417, 0),
185 CHAN2G(3, 2422, 0),
186 CHAN2G(4, 2427, 0),
187 CHAN2G(5, 2432, 0),
188 CHAN2G(6, 2437, 0),
189 CHAN2G(7, 2442, 0),
190 CHAN2G(8, 2447, 0),
191 CHAN2G(9, 2452, 0),
192 CHAN2G(10, 2457, 0),
193 CHAN2G(11, 2462, 0),
194 CHAN2G(12, 2467, 0),
195 CHAN2G(13, 2472, 0),
196 CHAN2G(14, 2484, 0),
197 };
198
199 #define RATETAB_ENT(_rate, _hw_value, _flags) { \
200 .bitrate = (_rate), \
201 .hw_value = (_hw_value), \
202 .flags = (_flags), \
203 }
204
205
206 /* Table 6 in section 3.2.1.1 */
207 static struct ieee80211_rate lbs_rates[] = {
208 RATETAB_ENT(10, 0, 0),
209 RATETAB_ENT(20, 1, 0),
210 RATETAB_ENT(55, 2, 0),
211 RATETAB_ENT(110, 3, 0),
212 RATETAB_ENT(60, 9, 0),
213 RATETAB_ENT(90, 6, 0),
214 RATETAB_ENT(120, 7, 0),
215 RATETAB_ENT(180, 8, 0),
216 RATETAB_ENT(240, 9, 0),
217 RATETAB_ENT(360, 10, 0),
218 RATETAB_ENT(480, 11, 0),
219 RATETAB_ENT(540, 12, 0),
220 };
221
222 static struct ieee80211_supported_band lbs_band_2ghz = {
223 .channels = lbs_2ghz_channels,
224 .n_channels = ARRAY_SIZE(lbs_2ghz_channels),
225 .bitrates = lbs_rates,
226 .n_bitrates = ARRAY_SIZE(lbs_rates),
227 };
228
229
230 static const u32 cipher_suites[] = {
231 WLAN_CIPHER_SUITE_WEP40,
232 WLAN_CIPHER_SUITE_WEP104,
233 WLAN_CIPHER_SUITE_TKIP,
234 WLAN_CIPHER_SUITE_CCMP,
235 };
236
237 /* Time to stay on the channel */
238 #define LBS_DWELL_PASSIVE 100
239 #define LBS_DWELL_ACTIVE 40
240
241
242 /***************************************************************************
243 * Misc utility functions
244 *
245 * TLVs are Marvell specific. They are very similar to IEs, they have the
246 * same structure: type, length, data*. The only difference: for IEs, the
247 * type and length are u8, but for TLVs they're __le16.
248 */
249
250 /*
251 * Convert NL80211's auth_type to the one from Libertas, see chapter 5.9.1
252 * in the firmware spec
253 */
254 static int lbs_auth_to_authtype(enum nl80211_auth_type auth_type)
255 {
256 int ret = -ENOTSUPP;
257
258 switch (auth_type) {
259 case NL80211_AUTHTYPE_OPEN_SYSTEM:
260 case NL80211_AUTHTYPE_SHARED_KEY:
261 ret = auth_type;
262 break;
263 case NL80211_AUTHTYPE_AUTOMATIC:
264 ret = NL80211_AUTHTYPE_OPEN_SYSTEM;
265 break;
266 case NL80211_AUTHTYPE_NETWORK_EAP:
267 ret = 0x80;
268 break;
269 default:
270 /* silence compiler */
271 break;
272 }
273 return ret;
274 }
275
276
277 /*
278 * Various firmware commands need the list of supported rates, but with
279 * the hight-bit set for basic rates
280 */
281 static int lbs_add_rates(u8 *rates)
282 {
283 size_t i;
284
285 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) {
286 u8 rate = lbs_rates[i].bitrate / 5;
287 if (rate == 0x02 || rate == 0x04 ||
288 rate == 0x0b || rate == 0x16)
289 rate |= 0x80;
290 rates[i] = rate;
291 }
292 return ARRAY_SIZE(lbs_rates);
293 }
294
295
296 /***************************************************************************
297 * TLV utility functions
298 *
299 * TLVs are Marvell specific. They are very similar to IEs, they have the
300 * same structure: type, length, data*. The only difference: for IEs, the
301 * type and length are u8, but for TLVs they're __le16.
302 */
303
304
305 /*
306 * Add ssid TLV
307 */
308 #define LBS_MAX_SSID_TLV_SIZE \
309 (sizeof(struct mrvl_ie_header) \
310 + IEEE80211_MAX_SSID_LEN)
311
312 static int lbs_add_ssid_tlv(u8 *tlv, const u8 *ssid, int ssid_len)
313 {
314 struct mrvl_ie_ssid_param_set *ssid_tlv = (void *)tlv;
315
316 /*
317 * TLV-ID SSID 00 00
318 * length 06 00
319 * ssid 4d 4e 54 45 53 54
320 */
321 ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID);
322 ssid_tlv->header.len = cpu_to_le16(ssid_len);
323 memcpy(ssid_tlv->ssid, ssid, ssid_len);
324 return sizeof(ssid_tlv->header) + ssid_len;
325 }
326
327
328 /*
329 * Add channel list TLV (section 8.4.2)
330 *
331 * Actual channel data comes from priv->wdev->wiphy->channels.
332 */
333 #define LBS_MAX_CHANNEL_LIST_TLV_SIZE \
334 (sizeof(struct mrvl_ie_header) \
335 + (LBS_SCAN_BEFORE_NAP * sizeof(struct chanscanparamset)))
336
337 static int lbs_add_channel_list_tlv(struct lbs_private *priv, u8 *tlv,
338 int last_channel, int active_scan)
339 {
340 int chanscanparamsize = sizeof(struct chanscanparamset) *
341 (last_channel - priv->scan_channel);
342
343 struct mrvl_ie_header *header = (void *) tlv;
344
345 /*
346 * TLV-ID CHANLIST 01 01
347 * length 0e 00
348 * channel 00 01 00 00 00 64 00
349 * radio type 00
350 * channel 01
351 * scan type 00
352 * min scan time 00 00
353 * max scan time 64 00
354 * channel 2 00 02 00 00 00 64 00
355 *
356 */
357
358 header->type = cpu_to_le16(TLV_TYPE_CHANLIST);
359 header->len = cpu_to_le16(chanscanparamsize);
360 tlv += sizeof(struct mrvl_ie_header);
361
362 /* lbs_deb_scan("scan: channels %d to %d\n", priv->scan_channel,
363 last_channel); */
364 memset(tlv, 0, chanscanparamsize);
365
366 while (priv->scan_channel < last_channel) {
367 struct chanscanparamset *param = (void *) tlv;
368
369 param->radiotype = CMD_SCAN_RADIO_TYPE_BG;
370 param->channumber =
371 priv->scan_req->channels[priv->scan_channel]->hw_value;
372 if (active_scan) {
373 param->maxscantime = cpu_to_le16(LBS_DWELL_ACTIVE);
374 } else {
375 param->chanscanmode.passivescan = 1;
376 param->maxscantime = cpu_to_le16(LBS_DWELL_PASSIVE);
377 }
378 tlv += sizeof(struct chanscanparamset);
379 priv->scan_channel++;
380 }
381 return sizeof(struct mrvl_ie_header) + chanscanparamsize;
382 }
383
384
385 /*
386 * Add rates TLV
387 *
388 * The rates are in lbs_bg_rates[], but for the 802.11b
389 * rates the high bit is set. We add this TLV only because
390 * there's a firmware which otherwise doesn't report all
391 * APs in range.
392 */
393 #define LBS_MAX_RATES_TLV_SIZE \
394 (sizeof(struct mrvl_ie_header) \
395 + (ARRAY_SIZE(lbs_rates)))
396
397 /* Adds a TLV with all rates the hardware supports */
398 static int lbs_add_supported_rates_tlv(u8 *tlv)
399 {
400 size_t i;
401 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv;
402
403 /*
404 * TLV-ID RATES 01 00
405 * length 0e 00
406 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c
407 */
408 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES);
409 tlv += sizeof(rate_tlv->header);
410 i = lbs_add_rates(tlv);
411 tlv += i;
412 rate_tlv->header.len = cpu_to_le16(i);
413 return sizeof(rate_tlv->header) + i;
414 }
415
416 /* Add common rates from a TLV and return the new end of the TLV */
417 static u8 *
418 add_ie_rates(u8 *tlv, const u8 *ie, int *nrates)
419 {
420 int hw, ap, ap_max = ie[1];
421 u8 hw_rate;
422
423 /* Advance past IE header */
424 ie += 2;
425
426 lbs_deb_hex(LBS_DEB_ASSOC, "AP IE Rates", (u8 *) ie, ap_max);
427
428 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) {
429 hw_rate = lbs_rates[hw].bitrate / 5;
430 for (ap = 0; ap < ap_max; ap++) {
431 if (hw_rate == (ie[ap] & 0x7f)) {
432 *tlv++ = ie[ap];
433 *nrates = *nrates + 1;
434 }
435 }
436 }
437 return tlv;
438 }
439
440 /*
441 * Adds a TLV with all rates the hardware *and* BSS supports.
442 */
443 static int lbs_add_common_rates_tlv(u8 *tlv, struct cfg80211_bss *bss)
444 {
445 struct mrvl_ie_rates_param_set *rate_tlv = (void *)tlv;
446 const u8 *rates_eid, *ext_rates_eid;
447 int n = 0;
448
449 rcu_read_lock();
450 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
451 ext_rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
452
453 /*
454 * 01 00 TLV_TYPE_RATES
455 * 04 00 len
456 * 82 84 8b 96 rates
457 */
458 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES);
459 tlv += sizeof(rate_tlv->header);
460
461 /* Add basic rates */
462 if (rates_eid) {
463 tlv = add_ie_rates(tlv, rates_eid, &n);
464
465 /* Add extended rates, if any */
466 if (ext_rates_eid)
467 tlv = add_ie_rates(tlv, ext_rates_eid, &n);
468 } else {
469 lbs_deb_assoc("assoc: bss had no basic rate IE\n");
470 /* Fallback: add basic 802.11b rates */
471 *tlv++ = 0x82;
472 *tlv++ = 0x84;
473 *tlv++ = 0x8b;
474 *tlv++ = 0x96;
475 n = 4;
476 }
477 rcu_read_unlock();
478
479 rate_tlv->header.len = cpu_to_le16(n);
480 return sizeof(rate_tlv->header) + n;
481 }
482
483
484 /*
485 * Add auth type TLV.
486 *
487 * This is only needed for newer firmware (V9 and up).
488 */
489 #define LBS_MAX_AUTH_TYPE_TLV_SIZE \
490 sizeof(struct mrvl_ie_auth_type)
491
492 static int lbs_add_auth_type_tlv(u8 *tlv, enum nl80211_auth_type auth_type)
493 {
494 struct mrvl_ie_auth_type *auth = (void *) tlv;
495
496 /*
497 * 1f 01 TLV_TYPE_AUTH_TYPE
498 * 01 00 len
499 * 01 auth type
500 */
501 auth->header.type = cpu_to_le16(TLV_TYPE_AUTH_TYPE);
502 auth->header.len = cpu_to_le16(sizeof(*auth)-sizeof(auth->header));
503 auth->auth = cpu_to_le16(lbs_auth_to_authtype(auth_type));
504 return sizeof(*auth);
505 }
506
507
508 /*
509 * Add channel (phy ds) TLV
510 */
511 #define LBS_MAX_CHANNEL_TLV_SIZE \
512 sizeof(struct mrvl_ie_header)
513
514 static int lbs_add_channel_tlv(u8 *tlv, u8 channel)
515 {
516 struct mrvl_ie_ds_param_set *ds = (void *) tlv;
517
518 /*
519 * 03 00 TLV_TYPE_PHY_DS
520 * 01 00 len
521 * 06 channel
522 */
523 ds->header.type = cpu_to_le16(TLV_TYPE_PHY_DS);
524 ds->header.len = cpu_to_le16(sizeof(*ds)-sizeof(ds->header));
525 ds->channel = channel;
526 return sizeof(*ds);
527 }
528
529
530 /*
531 * Add (empty) CF param TLV of the form:
532 */
533 #define LBS_MAX_CF_PARAM_TLV_SIZE \
534 sizeof(struct mrvl_ie_header)
535
536 static int lbs_add_cf_param_tlv(u8 *tlv)
537 {
538 struct mrvl_ie_cf_param_set *cf = (void *)tlv;
539
540 /*
541 * 04 00 TLV_TYPE_CF
542 * 06 00 len
543 * 00 cfpcnt
544 * 00 cfpperiod
545 * 00 00 cfpmaxduration
546 * 00 00 cfpdurationremaining
547 */
548 cf->header.type = cpu_to_le16(TLV_TYPE_CF);
549 cf->header.len = cpu_to_le16(sizeof(*cf)-sizeof(cf->header));
550 return sizeof(*cf);
551 }
552
553 /*
554 * Add WPA TLV
555 */
556 #define LBS_MAX_WPA_TLV_SIZE \
557 (sizeof(struct mrvl_ie_header) \
558 + 128 /* TODO: I guessed the size */)
559
560 static int lbs_add_wpa_tlv(u8 *tlv, const u8 *ie, u8 ie_len)
561 {
562 size_t tlv_len;
563
564 /*
565 * We need just convert an IE to an TLV. IEs use u8 for the header,
566 * u8 type
567 * u8 len
568 * u8[] data
569 * but TLVs use __le16 instead:
570 * __le16 type
571 * __le16 len
572 * u8[] data
573 */
574 *tlv++ = *ie++;
575 *tlv++ = 0;
576 tlv_len = *tlv++ = *ie++;
577 *tlv++ = 0;
578 while (tlv_len--)
579 *tlv++ = *ie++;
580 /* the TLV is two bytes larger than the IE */
581 return ie_len + 2;
582 }
583
584 /*
585 * Set Channel
586 */
587
588 static int lbs_cfg_set_monitor_channel(struct wiphy *wiphy,
589 struct cfg80211_chan_def *chandef)
590 {
591 struct lbs_private *priv = wiphy_priv(wiphy);
592 int ret = -ENOTSUPP;
593
594 lbs_deb_enter_args(LBS_DEB_CFG80211, "freq %d, type %d",
595 chandef->chan->center_freq,
596 cfg80211_get_chandef_type(chandef));
597
598 if (cfg80211_get_chandef_type(chandef) != NL80211_CHAN_NO_HT)
599 goto out;
600
601 ret = lbs_set_channel(priv, chandef->chan->hw_value);
602
603 out:
604 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
605 return ret;
606 }
607
608 static int lbs_cfg_set_mesh_channel(struct wiphy *wiphy,
609 struct net_device *netdev,
610 struct ieee80211_channel *channel)
611 {
612 struct lbs_private *priv = wiphy_priv(wiphy);
613 int ret = -ENOTSUPP;
614
615 lbs_deb_enter_args(LBS_DEB_CFG80211, "iface %s freq %d",
616 netdev_name(netdev), channel->center_freq);
617
618 if (netdev != priv->mesh_dev)
619 goto out;
620
621 ret = lbs_mesh_set_channel(priv, channel->hw_value);
622
623 out:
624 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
625 return ret;
626 }
627
628
629
630 /*
631 * Scanning
632 */
633
634 /*
635 * When scanning, the firmware doesn't send a nul packet with the power-safe
636 * bit to the AP. So we cannot stay away from our current channel too long,
637 * otherwise we loose data. So take a "nap" while scanning every other
638 * while.
639 */
640 #define LBS_SCAN_BEFORE_NAP 4
641
642
643 /*
644 * When the firmware reports back a scan-result, it gives us an "u8 rssi",
645 * which isn't really an RSSI, as it becomes larger when moving away from
646 * the AP. Anyway, we need to convert that into mBm.
647 */
648 #define LBS_SCAN_RSSI_TO_MBM(rssi) \
649 ((-(int)rssi + 3)*100)
650
651 static int lbs_ret_scan(struct lbs_private *priv, unsigned long dummy,
652 struct cmd_header *resp)
653 {
654 struct cfg80211_bss *bss;
655 struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp;
656 int bsssize;
657 const u8 *pos;
658 const u8 *tsfdesc;
659 int tsfsize;
660 int i;
661 int ret = -EILSEQ;
662
663 lbs_deb_enter(LBS_DEB_CFG80211);
664
665 bsssize = get_unaligned_le16(&scanresp->bssdescriptsize);
666
667 lbs_deb_scan("scan response: %d BSSs (%d bytes); resp size %d bytes\n",
668 scanresp->nr_sets, bsssize, le16_to_cpu(resp->size));
669
670 if (scanresp->nr_sets == 0) {
671 ret = 0;
672 goto done;
673 }
674
675 /*
676 * The general layout of the scan response is described in chapter
677 * 5.7.1. Basically we have a common part, then any number of BSS
678 * descriptor sections. Finally we have section with the same number
679 * of TSFs.
680 *
681 * cmd_ds_802_11_scan_rsp
682 * cmd_header
683 * pos_size
684 * nr_sets
685 * bssdesc 1
686 * bssid
687 * rssi
688 * timestamp
689 * intvl
690 * capa
691 * IEs
692 * bssdesc 2
693 * bssdesc n
694 * MrvlIEtypes_TsfFimestamp_t
695 * TSF for BSS 1
696 * TSF for BSS 2
697 * TSF for BSS n
698 */
699
700 pos = scanresp->bssdesc_and_tlvbuffer;
701
702 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_RSP", scanresp->bssdesc_and_tlvbuffer,
703 scanresp->bssdescriptsize);
704
705 tsfdesc = pos + bsssize;
706 tsfsize = 4 + 8 * scanresp->nr_sets;
707 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TSF", (u8 *) tsfdesc, tsfsize);
708
709 /* Validity check: we expect a Marvell-Local TLV */
710 i = get_unaligned_le16(tsfdesc);
711 tsfdesc += 2;
712 if (i != TLV_TYPE_TSFTIMESTAMP) {
713 lbs_deb_scan("scan response: invalid TSF Timestamp %d\n", i);
714 goto done;
715 }
716
717 /*
718 * Validity check: the TLV holds TSF values with 8 bytes each, so
719 * the size in the TLV must match the nr_sets value
720 */
721 i = get_unaligned_le16(tsfdesc);
722 tsfdesc += 2;
723 if (i / 8 != scanresp->nr_sets) {
724 lbs_deb_scan("scan response: invalid number of TSF timestamp "
725 "sets (expected %d got %d)\n", scanresp->nr_sets,
726 i / 8);
727 goto done;
728 }
729
730 for (i = 0; i < scanresp->nr_sets; i++) {
731 const u8 *bssid;
732 const u8 *ie;
733 int left;
734 int ielen;
735 int rssi;
736 u16 intvl;
737 u16 capa;
738 int chan_no = -1;
739 const u8 *ssid = NULL;
740 u8 ssid_len = 0;
741
742 int len = get_unaligned_le16(pos);
743 pos += 2;
744
745 /* BSSID */
746 bssid = pos;
747 pos += ETH_ALEN;
748 /* RSSI */
749 rssi = *pos++;
750 /* Packet time stamp */
751 pos += 8;
752 /* Beacon interval */
753 intvl = get_unaligned_le16(pos);
754 pos += 2;
755 /* Capabilities */
756 capa = get_unaligned_le16(pos);
757 pos += 2;
758
759 /* To find out the channel, we must parse the IEs */
760 ie = pos;
761 /*
762 * 6+1+8+2+2: size of BSSID, RSSI, time stamp, beacon
763 * interval, capabilities
764 */
765 ielen = left = len - (6 + 1 + 8 + 2 + 2);
766 while (left >= 2) {
767 u8 id, elen;
768 id = *pos++;
769 elen = *pos++;
770 left -= 2;
771 if (elen > left) {
772 lbs_deb_scan("scan response: invalid IE fmt\n");
773 goto done;
774 }
775
776 if (id == WLAN_EID_DS_PARAMS)
777 chan_no = *pos;
778 if (id == WLAN_EID_SSID) {
779 ssid = pos;
780 ssid_len = elen;
781 }
782 left -= elen;
783 pos += elen;
784 }
785
786 /* No channel, no luck */
787 if (chan_no != -1) {
788 struct wiphy *wiphy = priv->wdev->wiphy;
789 int freq = ieee80211_channel_to_frequency(chan_no,
790 IEEE80211_BAND_2GHZ);
791 struct ieee80211_channel *channel =
792 ieee80211_get_channel(wiphy, freq);
793
794 lbs_deb_scan("scan: %pM, capa %04x, chan %2d, %*pE, %d dBm\n",
795 bssid, capa, chan_no, ssid_len, ssid,
796 LBS_SCAN_RSSI_TO_MBM(rssi)/100);
797
798 if (channel &&
799 !(channel->flags & IEEE80211_CHAN_DISABLED)) {
800 bss = cfg80211_inform_bss(wiphy, channel,
801 CFG80211_BSS_FTYPE_UNKNOWN,
802 bssid, get_unaligned_le64(tsfdesc),
803 capa, intvl, ie, ielen,
804 LBS_SCAN_RSSI_TO_MBM(rssi),
805 GFP_KERNEL);
806 cfg80211_put_bss(wiphy, bss);
807 }
808 } else
809 lbs_deb_scan("scan response: missing BSS channel IE\n");
810
811 tsfdesc += 8;
812 }
813 ret = 0;
814
815 done:
816 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
817 return ret;
818 }
819
820
821 /*
822 * Our scan command contains a TLV, consting of a SSID TLV, a channel list
823 * TLV and a rates TLV. Determine the maximum size of them:
824 */
825 #define LBS_SCAN_MAX_CMD_SIZE \
826 (sizeof(struct cmd_ds_802_11_scan) \
827 + LBS_MAX_SSID_TLV_SIZE \
828 + LBS_MAX_CHANNEL_LIST_TLV_SIZE \
829 + LBS_MAX_RATES_TLV_SIZE)
830
831 /*
832 * Assumes priv->scan_req is initialized and valid
833 * Assumes priv->scan_channel is initialized
834 */
835 static void lbs_scan_worker(struct work_struct *work)
836 {
837 struct lbs_private *priv =
838 container_of(work, struct lbs_private, scan_work.work);
839 struct cmd_ds_802_11_scan *scan_cmd;
840 u8 *tlv; /* pointer into our current, growing TLV storage area */
841 int last_channel;
842 int running, carrier;
843
844 lbs_deb_enter(LBS_DEB_SCAN);
845
846 scan_cmd = kzalloc(LBS_SCAN_MAX_CMD_SIZE, GFP_KERNEL);
847 if (scan_cmd == NULL)
848 goto out_no_scan_cmd;
849
850 /* prepare fixed part of scan command */
851 scan_cmd->bsstype = CMD_BSS_TYPE_ANY;
852
853 /* stop network while we're away from our main channel */
854 running = !netif_queue_stopped(priv->dev);
855 carrier = netif_carrier_ok(priv->dev);
856 if (running)
857 netif_stop_queue(priv->dev);
858 if (carrier)
859 netif_carrier_off(priv->dev);
860
861 /* prepare fixed part of scan command */
862 tlv = scan_cmd->tlvbuffer;
863
864 /* add SSID TLV */
865 if (priv->scan_req->n_ssids && priv->scan_req->ssids[0].ssid_len > 0)
866 tlv += lbs_add_ssid_tlv(tlv,
867 priv->scan_req->ssids[0].ssid,
868 priv->scan_req->ssids[0].ssid_len);
869
870 /* add channel TLVs */
871 last_channel = priv->scan_channel + LBS_SCAN_BEFORE_NAP;
872 if (last_channel > priv->scan_req->n_channels)
873 last_channel = priv->scan_req->n_channels;
874 tlv += lbs_add_channel_list_tlv(priv, tlv, last_channel,
875 priv->scan_req->n_ssids);
876
877 /* add rates TLV */
878 tlv += lbs_add_supported_rates_tlv(tlv);
879
880 if (priv->scan_channel < priv->scan_req->n_channels) {
881 cancel_delayed_work(&priv->scan_work);
882 if (netif_running(priv->dev))
883 queue_delayed_work(priv->work_thread, &priv->scan_work,
884 msecs_to_jiffies(300));
885 }
886
887 /* This is the final data we are about to send */
888 scan_cmd->hdr.size = cpu_to_le16(tlv - (u8 *)scan_cmd);
889 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd,
890 sizeof(*scan_cmd));
891 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer,
892 tlv - scan_cmd->tlvbuffer);
893
894 __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr,
895 le16_to_cpu(scan_cmd->hdr.size),
896 lbs_ret_scan, 0);
897
898 if (priv->scan_channel >= priv->scan_req->n_channels) {
899 /* Mark scan done */
900 cancel_delayed_work(&priv->scan_work);
901 lbs_scan_done(priv);
902 }
903
904 /* Restart network */
905 if (carrier)
906 netif_carrier_on(priv->dev);
907 if (running && !priv->tx_pending_len)
908 netif_wake_queue(priv->dev);
909
910 kfree(scan_cmd);
911
912 /* Wake up anything waiting on scan completion */
913 if (priv->scan_req == NULL) {
914 lbs_deb_scan("scan: waking up waiters\n");
915 wake_up_all(&priv->scan_q);
916 }
917
918 out_no_scan_cmd:
919 lbs_deb_leave(LBS_DEB_SCAN);
920 }
921
922 static void _internal_start_scan(struct lbs_private *priv, bool internal,
923 struct cfg80211_scan_request *request)
924 {
925 lbs_deb_enter(LBS_DEB_CFG80211);
926
927 lbs_deb_scan("scan: ssids %d, channels %d, ie_len %zd\n",
928 request->n_ssids, request->n_channels, request->ie_len);
929
930 priv->scan_channel = 0;
931 priv->scan_req = request;
932 priv->internal_scan = internal;
933
934 queue_delayed_work(priv->work_thread, &priv->scan_work,
935 msecs_to_jiffies(50));
936
937 lbs_deb_leave(LBS_DEB_CFG80211);
938 }
939
940 /*
941 * Clean up priv->scan_req. Should be used to handle the allocation details.
942 */
943 void lbs_scan_done(struct lbs_private *priv)
944 {
945 WARN_ON(!priv->scan_req);
946
947 if (priv->internal_scan)
948 kfree(priv->scan_req);
949 else
950 cfg80211_scan_done(priv->scan_req, false);
951
952 priv->scan_req = NULL;
953 }
954
955 static int lbs_cfg_scan(struct wiphy *wiphy,
956 struct cfg80211_scan_request *request)
957 {
958 struct lbs_private *priv = wiphy_priv(wiphy);
959 int ret = 0;
960
961 lbs_deb_enter(LBS_DEB_CFG80211);
962
963 if (priv->scan_req || delayed_work_pending(&priv->scan_work)) {
964 /* old scan request not yet processed */
965 ret = -EAGAIN;
966 goto out;
967 }
968
969 _internal_start_scan(priv, false, request);
970
971 if (priv->surpriseremoved)
972 ret = -EIO;
973
974 out:
975 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
976 return ret;
977 }
978
979
980
981
982 /*
983 * Events
984 */
985
986 void lbs_send_disconnect_notification(struct lbs_private *priv,
987 bool locally_generated)
988 {
989 lbs_deb_enter(LBS_DEB_CFG80211);
990
991 cfg80211_disconnected(priv->dev, 0, NULL, 0, locally_generated,
992 GFP_KERNEL);
993
994 lbs_deb_leave(LBS_DEB_CFG80211);
995 }
996
997 void lbs_send_mic_failureevent(struct lbs_private *priv, u32 event)
998 {
999 lbs_deb_enter(LBS_DEB_CFG80211);
1000
1001 cfg80211_michael_mic_failure(priv->dev,
1002 priv->assoc_bss,
1003 event == MACREG_INT_CODE_MIC_ERR_MULTICAST ?
1004 NL80211_KEYTYPE_GROUP :
1005 NL80211_KEYTYPE_PAIRWISE,
1006 -1,
1007 NULL,
1008 GFP_KERNEL);
1009
1010 lbs_deb_leave(LBS_DEB_CFG80211);
1011 }
1012
1013
1014
1015
1016 /*
1017 * Connect/disconnect
1018 */
1019
1020
1021 /*
1022 * This removes all WEP keys
1023 */
1024 static int lbs_remove_wep_keys(struct lbs_private *priv)
1025 {
1026 struct cmd_ds_802_11_set_wep cmd;
1027 int ret;
1028
1029 lbs_deb_enter(LBS_DEB_CFG80211);
1030
1031 memset(&cmd, 0, sizeof(cmd));
1032 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1033 cmd.keyindex = cpu_to_le16(priv->wep_tx_key);
1034 cmd.action = cpu_to_le16(CMD_ACT_REMOVE);
1035
1036 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd);
1037
1038 lbs_deb_leave(LBS_DEB_CFG80211);
1039 return ret;
1040 }
1041
1042 /*
1043 * Set WEP keys
1044 */
1045 static int lbs_set_wep_keys(struct lbs_private *priv)
1046 {
1047 struct cmd_ds_802_11_set_wep cmd;
1048 int i;
1049 int ret;
1050
1051 lbs_deb_enter(LBS_DEB_CFG80211);
1052
1053 /*
1054 * command 13 00
1055 * size 50 00
1056 * sequence xx xx
1057 * result 00 00
1058 * action 02 00 ACT_ADD
1059 * transmit key 00 00
1060 * type for key 1 01 WEP40
1061 * type for key 2 00
1062 * type for key 3 00
1063 * type for key 4 00
1064 * key 1 39 39 39 39 39 00 00 00
1065 * 00 00 00 00 00 00 00 00
1066 * key 2 00 00 00 00 00 00 00 00
1067 * 00 00 00 00 00 00 00 00
1068 * key 3 00 00 00 00 00 00 00 00
1069 * 00 00 00 00 00 00 00 00
1070 * key 4 00 00 00 00 00 00 00 00
1071 */
1072 if (priv->wep_key_len[0] || priv->wep_key_len[1] ||
1073 priv->wep_key_len[2] || priv->wep_key_len[3]) {
1074 /* Only set wep keys if we have at least one of them */
1075 memset(&cmd, 0, sizeof(cmd));
1076 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1077 cmd.keyindex = cpu_to_le16(priv->wep_tx_key);
1078 cmd.action = cpu_to_le16(CMD_ACT_ADD);
1079
1080 for (i = 0; i < 4; i++) {
1081 switch (priv->wep_key_len[i]) {
1082 case WLAN_KEY_LEN_WEP40:
1083 cmd.keytype[i] = CMD_TYPE_WEP_40_BIT;
1084 break;
1085 case WLAN_KEY_LEN_WEP104:
1086 cmd.keytype[i] = CMD_TYPE_WEP_104_BIT;
1087 break;
1088 default:
1089 cmd.keytype[i] = 0;
1090 break;
1091 }
1092 memcpy(cmd.keymaterial[i], priv->wep_key[i],
1093 priv->wep_key_len[i]);
1094 }
1095
1096 ret = lbs_cmd_with_response(priv, CMD_802_11_SET_WEP, &cmd);
1097 } else {
1098 /* Otherwise remove all wep keys */
1099 ret = lbs_remove_wep_keys(priv);
1100 }
1101
1102 lbs_deb_leave(LBS_DEB_CFG80211);
1103 return ret;
1104 }
1105
1106
1107 /*
1108 * Enable/Disable RSN status
1109 */
1110 static int lbs_enable_rsn(struct lbs_private *priv, int enable)
1111 {
1112 struct cmd_ds_802_11_enable_rsn cmd;
1113 int ret;
1114
1115 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", enable);
1116
1117 /*
1118 * cmd 2f 00
1119 * size 0c 00
1120 * sequence xx xx
1121 * result 00 00
1122 * action 01 00 ACT_SET
1123 * enable 01 00
1124 */
1125 memset(&cmd, 0, sizeof(cmd));
1126 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1127 cmd.action = cpu_to_le16(CMD_ACT_SET);
1128 cmd.enable = cpu_to_le16(enable);
1129
1130 ret = lbs_cmd_with_response(priv, CMD_802_11_ENABLE_RSN, &cmd);
1131
1132 lbs_deb_leave(LBS_DEB_CFG80211);
1133 return ret;
1134 }
1135
1136
1137 /*
1138 * Set WPA/WPA key material
1139 */
1140
1141 /*
1142 * like "struct cmd_ds_802_11_key_material", but with cmd_header. Once we
1143 * get rid of WEXT, this should go into host.h
1144 */
1145
1146 struct cmd_key_material {
1147 struct cmd_header hdr;
1148
1149 __le16 action;
1150 struct MrvlIEtype_keyParamSet param;
1151 } __packed;
1152
1153 static int lbs_set_key_material(struct lbs_private *priv,
1154 int key_type, int key_info,
1155 const u8 *key, u16 key_len)
1156 {
1157 struct cmd_key_material cmd;
1158 int ret;
1159
1160 lbs_deb_enter(LBS_DEB_CFG80211);
1161
1162 /*
1163 * Example for WPA (TKIP):
1164 *
1165 * cmd 5e 00
1166 * size 34 00
1167 * sequence xx xx
1168 * result 00 00
1169 * action 01 00
1170 * TLV type 00 01 key param
1171 * length 00 26
1172 * key type 01 00 TKIP
1173 * key info 06 00 UNICAST | ENABLED
1174 * key len 20 00
1175 * key 32 bytes
1176 */
1177 memset(&cmd, 0, sizeof(cmd));
1178 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1179 cmd.action = cpu_to_le16(CMD_ACT_SET);
1180 cmd.param.type = cpu_to_le16(TLV_TYPE_KEY_MATERIAL);
1181 cmd.param.length = cpu_to_le16(sizeof(cmd.param) - 4);
1182 cmd.param.keytypeid = cpu_to_le16(key_type);
1183 cmd.param.keyinfo = cpu_to_le16(key_info);
1184 cmd.param.keylen = cpu_to_le16(key_len);
1185 if (key && key_len)
1186 memcpy(cmd.param.key, key, key_len);
1187
1188 ret = lbs_cmd_with_response(priv, CMD_802_11_KEY_MATERIAL, &cmd);
1189
1190 lbs_deb_leave(LBS_DEB_CFG80211);
1191 return ret;
1192 }
1193
1194
1195 /*
1196 * Sets the auth type (open, shared, etc) in the firmware. That
1197 * we use CMD_802_11_AUTHENTICATE is misleading, this firmware
1198 * command doesn't send an authentication frame at all, it just
1199 * stores the auth_type.
1200 */
1201 static int lbs_set_authtype(struct lbs_private *priv,
1202 struct cfg80211_connect_params *sme)
1203 {
1204 struct cmd_ds_802_11_authenticate cmd;
1205 int ret;
1206
1207 lbs_deb_enter_args(LBS_DEB_CFG80211, "%d", sme->auth_type);
1208
1209 /*
1210 * cmd 11 00
1211 * size 19 00
1212 * sequence xx xx
1213 * result 00 00
1214 * BSS id 00 13 19 80 da 30
1215 * auth type 00
1216 * reserved 00 00 00 00 00 00 00 00 00 00
1217 */
1218 memset(&cmd, 0, sizeof(cmd));
1219 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1220 if (sme->bssid)
1221 memcpy(cmd.bssid, sme->bssid, ETH_ALEN);
1222 /* convert auth_type */
1223 ret = lbs_auth_to_authtype(sme->auth_type);
1224 if (ret < 0)
1225 goto done;
1226
1227 cmd.authtype = ret;
1228 ret = lbs_cmd_with_response(priv, CMD_802_11_AUTHENTICATE, &cmd);
1229
1230 done:
1231 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1232 return ret;
1233 }
1234
1235
1236 /*
1237 * Create association request
1238 */
1239 #define LBS_ASSOC_MAX_CMD_SIZE \
1240 (sizeof(struct cmd_ds_802_11_associate) \
1241 - 512 /* cmd_ds_802_11_associate.iebuf */ \
1242 + LBS_MAX_SSID_TLV_SIZE \
1243 + LBS_MAX_CHANNEL_TLV_SIZE \
1244 + LBS_MAX_CF_PARAM_TLV_SIZE \
1245 + LBS_MAX_AUTH_TYPE_TLV_SIZE \
1246 + LBS_MAX_WPA_TLV_SIZE)
1247
1248 static int lbs_associate(struct lbs_private *priv,
1249 struct cfg80211_bss *bss,
1250 struct cfg80211_connect_params *sme)
1251 {
1252 struct cmd_ds_802_11_associate_response *resp;
1253 struct cmd_ds_802_11_associate *cmd = kzalloc(LBS_ASSOC_MAX_CMD_SIZE,
1254 GFP_KERNEL);
1255 const u8 *ssid_eid;
1256 size_t len, resp_ie_len;
1257 int status;
1258 int ret;
1259 u8 *pos;
1260 u8 *tmp;
1261
1262 lbs_deb_enter(LBS_DEB_CFG80211);
1263
1264 if (!cmd) {
1265 ret = -ENOMEM;
1266 goto done;
1267 }
1268 pos = &cmd->iebuf[0];
1269
1270 /*
1271 * cmd 50 00
1272 * length 34 00
1273 * sequence xx xx
1274 * result 00 00
1275 * BSS id 00 13 19 80 da 30
1276 * capabilities 11 00
1277 * listen interval 0a 00
1278 * beacon interval 00 00
1279 * DTIM period 00
1280 * TLVs xx (up to 512 bytes)
1281 */
1282 cmd->hdr.command = cpu_to_le16(CMD_802_11_ASSOCIATE);
1283
1284 /* Fill in static fields */
1285 memcpy(cmd->bssid, bss->bssid, ETH_ALEN);
1286 cmd->listeninterval = cpu_to_le16(MRVDRV_DEFAULT_LISTEN_INTERVAL);
1287 cmd->capability = cpu_to_le16(bss->capability);
1288
1289 /* add SSID TLV */
1290 rcu_read_lock();
1291 ssid_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SSID);
1292 if (ssid_eid)
1293 pos += lbs_add_ssid_tlv(pos, ssid_eid + 2, ssid_eid[1]);
1294 else
1295 lbs_deb_assoc("no SSID\n");
1296 rcu_read_unlock();
1297
1298 /* add DS param TLV */
1299 if (bss->channel)
1300 pos += lbs_add_channel_tlv(pos, bss->channel->hw_value);
1301 else
1302 lbs_deb_assoc("no channel\n");
1303
1304 /* add (empty) CF param TLV */
1305 pos += lbs_add_cf_param_tlv(pos);
1306
1307 /* add rates TLV */
1308 tmp = pos + 4; /* skip Marvell IE header */
1309 pos += lbs_add_common_rates_tlv(pos, bss);
1310 lbs_deb_hex(LBS_DEB_ASSOC, "Common Rates", tmp, pos - tmp);
1311
1312 /* add auth type TLV */
1313 if (MRVL_FW_MAJOR_REV(priv->fwrelease) >= 9)
1314 pos += lbs_add_auth_type_tlv(pos, sme->auth_type);
1315
1316 /* add WPA/WPA2 TLV */
1317 if (sme->ie && sme->ie_len)
1318 pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len);
1319
1320 len = (sizeof(*cmd) - sizeof(cmd->iebuf)) +
1321 (u16)(pos - (u8 *) &cmd->iebuf);
1322 cmd->hdr.size = cpu_to_le16(len);
1323
1324 lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd,
1325 le16_to_cpu(cmd->hdr.size));
1326
1327 /* store for later use */
1328 memcpy(priv->assoc_bss, bss->bssid, ETH_ALEN);
1329
1330 ret = lbs_cmd_with_response(priv, CMD_802_11_ASSOCIATE, cmd);
1331 if (ret)
1332 goto done;
1333
1334 /* generate connect message to cfg80211 */
1335
1336 resp = (void *) cmd; /* recast for easier field access */
1337 status = le16_to_cpu(resp->statuscode);
1338
1339 /* Older FW versions map the IEEE 802.11 Status Code in the association
1340 * response to the following values returned in resp->statuscode:
1341 *
1342 * IEEE Status Code Marvell Status Code
1343 * 0 -> 0x0000 ASSOC_RESULT_SUCCESS
1344 * 13 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1345 * 14 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1346 * 15 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1347 * 16 -> 0x0004 ASSOC_RESULT_AUTH_REFUSED
1348 * others -> 0x0003 ASSOC_RESULT_REFUSED
1349 *
1350 * Other response codes:
1351 * 0x0001 -> ASSOC_RESULT_INVALID_PARAMETERS (unused)
1352 * 0x0002 -> ASSOC_RESULT_TIMEOUT (internal timer expired waiting for
1353 * association response from the AP)
1354 */
1355 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) {
1356 switch (status) {
1357 case 0:
1358 break;
1359 case 1:
1360 lbs_deb_assoc("invalid association parameters\n");
1361 status = WLAN_STATUS_CAPS_UNSUPPORTED;
1362 break;
1363 case 2:
1364 lbs_deb_assoc("timer expired while waiting for AP\n");
1365 status = WLAN_STATUS_AUTH_TIMEOUT;
1366 break;
1367 case 3:
1368 lbs_deb_assoc("association refused by AP\n");
1369 status = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
1370 break;
1371 case 4:
1372 lbs_deb_assoc("authentication refused by AP\n");
1373 status = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1374 break;
1375 default:
1376 lbs_deb_assoc("association failure %d\n", status);
1377 /* v5 OLPC firmware does return the AP status code if
1378 * it's not one of the values above. Let that through.
1379 */
1380 break;
1381 }
1382 }
1383
1384 lbs_deb_assoc("status %d, statuscode 0x%04x, capability 0x%04x, "
1385 "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode),
1386 le16_to_cpu(resp->capability), le16_to_cpu(resp->aid));
1387
1388 resp_ie_len = le16_to_cpu(resp->hdr.size)
1389 - sizeof(resp->hdr)
1390 - 6;
1391 cfg80211_connect_result(priv->dev,
1392 priv->assoc_bss,
1393 sme->ie, sme->ie_len,
1394 resp->iebuf, resp_ie_len,
1395 status,
1396 GFP_KERNEL);
1397
1398 if (status == 0) {
1399 /* TODO: get rid of priv->connect_status */
1400 priv->connect_status = LBS_CONNECTED;
1401 netif_carrier_on(priv->dev);
1402 if (!priv->tx_pending_len)
1403 netif_tx_wake_all_queues(priv->dev);
1404 }
1405
1406 kfree(cmd);
1407 done:
1408 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1409 return ret;
1410 }
1411
1412 static struct cfg80211_scan_request *
1413 _new_connect_scan_req(struct wiphy *wiphy, struct cfg80211_connect_params *sme)
1414 {
1415 struct cfg80211_scan_request *creq = NULL;
1416 int i, n_channels = ieee80211_get_num_supported_channels(wiphy);
1417 enum ieee80211_band band;
1418
1419 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) +
1420 n_channels * sizeof(void *),
1421 GFP_ATOMIC);
1422 if (!creq)
1423 return NULL;
1424
1425 /* SSIDs come after channels */
1426 creq->ssids = (void *)&creq->channels[n_channels];
1427 creq->n_channels = n_channels;
1428 creq->n_ssids = 1;
1429
1430 /* Scan all available channels */
1431 i = 0;
1432 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1433 int j;
1434
1435 if (!wiphy->bands[band])
1436 continue;
1437
1438 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
1439 /* ignore disabled channels */
1440 if (wiphy->bands[band]->channels[j].flags &
1441 IEEE80211_CHAN_DISABLED)
1442 continue;
1443
1444 creq->channels[i] = &wiphy->bands[band]->channels[j];
1445 i++;
1446 }
1447 }
1448 if (i) {
1449 /* Set real number of channels specified in creq->channels[] */
1450 creq->n_channels = i;
1451
1452 /* Scan for the SSID we're going to connect to */
1453 memcpy(creq->ssids[0].ssid, sme->ssid, sme->ssid_len);
1454 creq->ssids[0].ssid_len = sme->ssid_len;
1455 } else {
1456 /* No channels found... */
1457 kfree(creq);
1458 creq = NULL;
1459 }
1460
1461 return creq;
1462 }
1463
1464 static int lbs_cfg_connect(struct wiphy *wiphy, struct net_device *dev,
1465 struct cfg80211_connect_params *sme)
1466 {
1467 struct lbs_private *priv = wiphy_priv(wiphy);
1468 struct cfg80211_bss *bss = NULL;
1469 int ret = 0;
1470 u8 preamble = RADIO_PREAMBLE_SHORT;
1471
1472 if (dev == priv->mesh_dev)
1473 return -EOPNOTSUPP;
1474
1475 lbs_deb_enter(LBS_DEB_CFG80211);
1476
1477 if (!sme->bssid) {
1478 struct cfg80211_scan_request *creq;
1479
1480 /*
1481 * Scan for the requested network after waiting for existing
1482 * scans to finish.
1483 */
1484 lbs_deb_assoc("assoc: waiting for existing scans\n");
1485 wait_event_interruptible_timeout(priv->scan_q,
1486 (priv->scan_req == NULL),
1487 (15 * HZ));
1488
1489 creq = _new_connect_scan_req(wiphy, sme);
1490 if (!creq) {
1491 ret = -EINVAL;
1492 goto done;
1493 }
1494
1495 lbs_deb_assoc("assoc: scanning for compatible AP\n");
1496 _internal_start_scan(priv, true, creq);
1497
1498 lbs_deb_assoc("assoc: waiting for scan to complete\n");
1499 wait_event_interruptible_timeout(priv->scan_q,
1500 (priv->scan_req == NULL),
1501 (15 * HZ));
1502 lbs_deb_assoc("assoc: scanning completed\n");
1503 }
1504
1505 /* Find the BSS we want using available scan results */
1506 bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid,
1507 sme->ssid, sme->ssid_len, IEEE80211_BSS_TYPE_ESS,
1508 IEEE80211_PRIVACY_ANY);
1509 if (!bss) {
1510 wiphy_err(wiphy, "assoc: bss %pM not in scan results\n",
1511 sme->bssid);
1512 ret = -ENOENT;
1513 goto done;
1514 }
1515 lbs_deb_assoc("trying %pM\n", bss->bssid);
1516 lbs_deb_assoc("cipher 0x%x, key index %d, key len %d\n",
1517 sme->crypto.cipher_group,
1518 sme->key_idx, sme->key_len);
1519
1520 /* As this is a new connection, clear locally stored WEP keys */
1521 priv->wep_tx_key = 0;
1522 memset(priv->wep_key, 0, sizeof(priv->wep_key));
1523 memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len));
1524
1525 /* set/remove WEP keys */
1526 switch (sme->crypto.cipher_group) {
1527 case WLAN_CIPHER_SUITE_WEP40:
1528 case WLAN_CIPHER_SUITE_WEP104:
1529 /* Store provided WEP keys in priv-> */
1530 priv->wep_tx_key = sme->key_idx;
1531 priv->wep_key_len[sme->key_idx] = sme->key_len;
1532 memcpy(priv->wep_key[sme->key_idx], sme->key, sme->key_len);
1533 /* Set WEP keys and WEP mode */
1534 lbs_set_wep_keys(priv);
1535 priv->mac_control |= CMD_ACT_MAC_WEP_ENABLE;
1536 lbs_set_mac_control(priv);
1537 /* No RSN mode for WEP */
1538 lbs_enable_rsn(priv, 0);
1539 break;
1540 case 0: /* there's no WLAN_CIPHER_SUITE_NONE definition */
1541 /*
1542 * If we don't have no WEP, no WPA and no WPA2,
1543 * we remove all keys like in the WPA/WPA2 setup,
1544 * we just don't set RSN.
1545 *
1546 * Therefore: fall-through
1547 */
1548 case WLAN_CIPHER_SUITE_TKIP:
1549 case WLAN_CIPHER_SUITE_CCMP:
1550 /* Remove WEP keys and WEP mode */
1551 lbs_remove_wep_keys(priv);
1552 priv->mac_control &= ~CMD_ACT_MAC_WEP_ENABLE;
1553 lbs_set_mac_control(priv);
1554
1555 /* clear the WPA/WPA2 keys */
1556 lbs_set_key_material(priv,
1557 KEY_TYPE_ID_WEP, /* doesn't matter */
1558 KEY_INFO_WPA_UNICAST,
1559 NULL, 0);
1560 lbs_set_key_material(priv,
1561 KEY_TYPE_ID_WEP, /* doesn't matter */
1562 KEY_INFO_WPA_MCAST,
1563 NULL, 0);
1564 /* RSN mode for WPA/WPA2 */
1565 lbs_enable_rsn(priv, sme->crypto.cipher_group != 0);
1566 break;
1567 default:
1568 wiphy_err(wiphy, "unsupported cipher group 0x%x\n",
1569 sme->crypto.cipher_group);
1570 ret = -ENOTSUPP;
1571 goto done;
1572 }
1573
1574 ret = lbs_set_authtype(priv, sme);
1575 if (ret == -ENOTSUPP) {
1576 wiphy_err(wiphy, "unsupported authtype 0x%x\n", sme->auth_type);
1577 goto done;
1578 }
1579
1580 lbs_set_radio(priv, preamble, 1);
1581
1582 /* Do the actual association */
1583 ret = lbs_associate(priv, bss, sme);
1584
1585 done:
1586 if (bss)
1587 cfg80211_put_bss(wiphy, bss);
1588 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1589 return ret;
1590 }
1591
1592 int lbs_disconnect(struct lbs_private *priv, u16 reason)
1593 {
1594 struct cmd_ds_802_11_deauthenticate cmd;
1595 int ret;
1596
1597 memset(&cmd, 0, sizeof(cmd));
1598 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1599 /* Mildly ugly to use a locally store my own BSSID ... */
1600 memcpy(cmd.macaddr, &priv->assoc_bss, ETH_ALEN);
1601 cmd.reasoncode = cpu_to_le16(reason);
1602
1603 ret = lbs_cmd_with_response(priv, CMD_802_11_DEAUTHENTICATE, &cmd);
1604 if (ret)
1605 return ret;
1606
1607 cfg80211_disconnected(priv->dev,
1608 reason,
1609 NULL, 0, true,
1610 GFP_KERNEL);
1611 priv->connect_status = LBS_DISCONNECTED;
1612
1613 return 0;
1614 }
1615
1616 static int lbs_cfg_disconnect(struct wiphy *wiphy, struct net_device *dev,
1617 u16 reason_code)
1618 {
1619 struct lbs_private *priv = wiphy_priv(wiphy);
1620
1621 if (dev == priv->mesh_dev)
1622 return -EOPNOTSUPP;
1623
1624 lbs_deb_enter_args(LBS_DEB_CFG80211, "reason_code %d", reason_code);
1625
1626 /* store for lbs_cfg_ret_disconnect() */
1627 priv->disassoc_reason = reason_code;
1628
1629 return lbs_disconnect(priv, reason_code);
1630 }
1631
1632 static int lbs_cfg_set_default_key(struct wiphy *wiphy,
1633 struct net_device *netdev,
1634 u8 key_index, bool unicast,
1635 bool multicast)
1636 {
1637 struct lbs_private *priv = wiphy_priv(wiphy);
1638
1639 if (netdev == priv->mesh_dev)
1640 return -EOPNOTSUPP;
1641
1642 lbs_deb_enter(LBS_DEB_CFG80211);
1643
1644 if (key_index != priv->wep_tx_key) {
1645 lbs_deb_assoc("set_default_key: to %d\n", key_index);
1646 priv->wep_tx_key = key_index;
1647 lbs_set_wep_keys(priv);
1648 }
1649
1650 return 0;
1651 }
1652
1653
1654 static int lbs_cfg_add_key(struct wiphy *wiphy, struct net_device *netdev,
1655 u8 idx, bool pairwise, const u8 *mac_addr,
1656 struct key_params *params)
1657 {
1658 struct lbs_private *priv = wiphy_priv(wiphy);
1659 u16 key_info;
1660 u16 key_type;
1661 int ret = 0;
1662
1663 if (netdev == priv->mesh_dev)
1664 return -EOPNOTSUPP;
1665
1666 lbs_deb_enter(LBS_DEB_CFG80211);
1667
1668 lbs_deb_assoc("add_key: cipher 0x%x, mac_addr %pM\n",
1669 params->cipher, mac_addr);
1670 lbs_deb_assoc("add_key: key index %d, key len %d\n",
1671 idx, params->key_len);
1672 if (params->key_len)
1673 lbs_deb_hex(LBS_DEB_CFG80211, "KEY",
1674 params->key, params->key_len);
1675
1676 lbs_deb_assoc("add_key: seq len %d\n", params->seq_len);
1677 if (params->seq_len)
1678 lbs_deb_hex(LBS_DEB_CFG80211, "SEQ",
1679 params->seq, params->seq_len);
1680
1681 switch (params->cipher) {
1682 case WLAN_CIPHER_SUITE_WEP40:
1683 case WLAN_CIPHER_SUITE_WEP104:
1684 /* actually compare if something has changed ... */
1685 if ((priv->wep_key_len[idx] != params->key_len) ||
1686 memcmp(priv->wep_key[idx],
1687 params->key, params->key_len) != 0) {
1688 priv->wep_key_len[idx] = params->key_len;
1689 memcpy(priv->wep_key[idx],
1690 params->key, params->key_len);
1691 lbs_set_wep_keys(priv);
1692 }
1693 break;
1694 case WLAN_CIPHER_SUITE_TKIP:
1695 case WLAN_CIPHER_SUITE_CCMP:
1696 key_info = KEY_INFO_WPA_ENABLED | ((idx == 0)
1697 ? KEY_INFO_WPA_UNICAST
1698 : KEY_INFO_WPA_MCAST);
1699 key_type = (params->cipher == WLAN_CIPHER_SUITE_TKIP)
1700 ? KEY_TYPE_ID_TKIP
1701 : KEY_TYPE_ID_AES;
1702 lbs_set_key_material(priv,
1703 key_type,
1704 key_info,
1705 params->key, params->key_len);
1706 break;
1707 default:
1708 wiphy_err(wiphy, "unhandled cipher 0x%x\n", params->cipher);
1709 ret = -ENOTSUPP;
1710 break;
1711 }
1712
1713 return ret;
1714 }
1715
1716
1717 static int lbs_cfg_del_key(struct wiphy *wiphy, struct net_device *netdev,
1718 u8 key_index, bool pairwise, const u8 *mac_addr)
1719 {
1720
1721 lbs_deb_enter(LBS_DEB_CFG80211);
1722
1723 lbs_deb_assoc("del_key: key_idx %d, mac_addr %pM\n",
1724 key_index, mac_addr);
1725
1726 #ifdef TODO
1727 struct lbs_private *priv = wiphy_priv(wiphy);
1728 /*
1729 * I think can keep this a NO-OP, because:
1730
1731 * - we clear all keys whenever we do lbs_cfg_connect() anyway
1732 * - neither "iw" nor "wpa_supplicant" won't call this during
1733 * an ongoing connection
1734 * - TODO: but I have to check if this is still true when
1735 * I set the AP to periodic re-keying
1736 * - we've not kzallec() something when we've added a key at
1737 * lbs_cfg_connect() or lbs_cfg_add_key().
1738 *
1739 * This causes lbs_cfg_del_key() only called at disconnect time,
1740 * where we'd just waste time deleting a key that is not going
1741 * to be used anyway.
1742 */
1743 if (key_index < 3 && priv->wep_key_len[key_index]) {
1744 priv->wep_key_len[key_index] = 0;
1745 lbs_set_wep_keys(priv);
1746 }
1747 #endif
1748
1749 return 0;
1750 }
1751
1752
1753 /*
1754 * Get station
1755 */
1756
1757 static int lbs_cfg_get_station(struct wiphy *wiphy, struct net_device *dev,
1758 const u8 *mac, struct station_info *sinfo)
1759 {
1760 struct lbs_private *priv = wiphy_priv(wiphy);
1761 s8 signal, noise;
1762 int ret;
1763 size_t i;
1764
1765 lbs_deb_enter(LBS_DEB_CFG80211);
1766
1767 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BYTES) |
1768 BIT(NL80211_STA_INFO_TX_PACKETS) |
1769 BIT(NL80211_STA_INFO_RX_BYTES) |
1770 BIT(NL80211_STA_INFO_RX_PACKETS);
1771 sinfo->tx_bytes = priv->dev->stats.tx_bytes;
1772 sinfo->tx_packets = priv->dev->stats.tx_packets;
1773 sinfo->rx_bytes = priv->dev->stats.rx_bytes;
1774 sinfo->rx_packets = priv->dev->stats.rx_packets;
1775
1776 /* Get current RSSI */
1777 ret = lbs_get_rssi(priv, &signal, &noise);
1778 if (ret == 0) {
1779 sinfo->signal = signal;
1780 sinfo->filled |= BIT(NL80211_STA_INFO_SIGNAL);
1781 }
1782
1783 /* Convert priv->cur_rate from hw_value to NL80211 value */
1784 for (i = 0; i < ARRAY_SIZE(lbs_rates); i++) {
1785 if (priv->cur_rate == lbs_rates[i].hw_value) {
1786 sinfo->txrate.legacy = lbs_rates[i].bitrate;
1787 sinfo->filled |= BIT(NL80211_STA_INFO_TX_BITRATE);
1788 break;
1789 }
1790 }
1791
1792 return 0;
1793 }
1794
1795
1796
1797
1798 /*
1799 * Change interface
1800 */
1801
1802 static int lbs_change_intf(struct wiphy *wiphy, struct net_device *dev,
1803 enum nl80211_iftype type, u32 *flags,
1804 struct vif_params *params)
1805 {
1806 struct lbs_private *priv = wiphy_priv(wiphy);
1807 int ret = 0;
1808
1809 if (dev == priv->mesh_dev)
1810 return -EOPNOTSUPP;
1811
1812 switch (type) {
1813 case NL80211_IFTYPE_MONITOR:
1814 case NL80211_IFTYPE_STATION:
1815 case NL80211_IFTYPE_ADHOC:
1816 break;
1817 default:
1818 return -EOPNOTSUPP;
1819 }
1820
1821 lbs_deb_enter(LBS_DEB_CFG80211);
1822
1823 if (priv->iface_running)
1824 ret = lbs_set_iface_type(priv, type);
1825
1826 if (!ret)
1827 priv->wdev->iftype = type;
1828
1829 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
1830 return ret;
1831 }
1832
1833
1834
1835 /*
1836 * IBSS (Ad-Hoc)
1837 */
1838
1839 /*
1840 * The firmware needs the following bits masked out of the beacon-derived
1841 * capability field when associating/joining to a BSS:
1842 * 9 (QoS), 11 (APSD), 12 (unused), 14 (unused), 15 (unused)
1843 */
1844 #define CAPINFO_MASK (~(0xda00))
1845
1846
1847 static void lbs_join_post(struct lbs_private *priv,
1848 struct cfg80211_ibss_params *params,
1849 u8 *bssid, u16 capability)
1850 {
1851 u8 fake_ie[2 + IEEE80211_MAX_SSID_LEN + /* ssid */
1852 2 + 4 + /* basic rates */
1853 2 + 1 + /* DS parameter */
1854 2 + 2 + /* atim */
1855 2 + 8]; /* extended rates */
1856 u8 *fake = fake_ie;
1857 struct cfg80211_bss *bss;
1858
1859 lbs_deb_enter(LBS_DEB_CFG80211);
1860
1861 /*
1862 * For cfg80211_inform_bss, we'll need a fake IE, as we can't get
1863 * the real IE from the firmware. So we fabricate a fake IE based on
1864 * what the firmware actually sends (sniffed with wireshark).
1865 */
1866 /* Fake SSID IE */
1867 *fake++ = WLAN_EID_SSID;
1868 *fake++ = params->ssid_len;
1869 memcpy(fake, params->ssid, params->ssid_len);
1870 fake += params->ssid_len;
1871 /* Fake supported basic rates IE */
1872 *fake++ = WLAN_EID_SUPP_RATES;
1873 *fake++ = 4;
1874 *fake++ = 0x82;
1875 *fake++ = 0x84;
1876 *fake++ = 0x8b;
1877 *fake++ = 0x96;
1878 /* Fake DS channel IE */
1879 *fake++ = WLAN_EID_DS_PARAMS;
1880 *fake++ = 1;
1881 *fake++ = params->chandef.chan->hw_value;
1882 /* Fake IBSS params IE */
1883 *fake++ = WLAN_EID_IBSS_PARAMS;
1884 *fake++ = 2;
1885 *fake++ = 0; /* ATIM=0 */
1886 *fake++ = 0;
1887 /* Fake extended rates IE, TODO: don't add this for 802.11b only,
1888 * but I don't know how this could be checked */
1889 *fake++ = WLAN_EID_EXT_SUPP_RATES;
1890 *fake++ = 8;
1891 *fake++ = 0x0c;
1892 *fake++ = 0x12;
1893 *fake++ = 0x18;
1894 *fake++ = 0x24;
1895 *fake++ = 0x30;
1896 *fake++ = 0x48;
1897 *fake++ = 0x60;
1898 *fake++ = 0x6c;
1899 lbs_deb_hex(LBS_DEB_CFG80211, "IE", fake_ie, fake - fake_ie);
1900
1901 bss = cfg80211_inform_bss(priv->wdev->wiphy,
1902 params->chandef.chan,
1903 CFG80211_BSS_FTYPE_UNKNOWN,
1904 bssid,
1905 0,
1906 capability,
1907 params->beacon_interval,
1908 fake_ie, fake - fake_ie,
1909 0, GFP_KERNEL);
1910 cfg80211_put_bss(priv->wdev->wiphy, bss);
1911
1912 memcpy(priv->wdev->ssid, params->ssid, params->ssid_len);
1913 priv->wdev->ssid_len = params->ssid_len;
1914
1915 cfg80211_ibss_joined(priv->dev, bssid, params->chandef.chan,
1916 GFP_KERNEL);
1917
1918 /* TODO: consider doing this at MACREG_INT_CODE_LINK_SENSED time */
1919 priv->connect_status = LBS_CONNECTED;
1920 netif_carrier_on(priv->dev);
1921 if (!priv->tx_pending_len)
1922 netif_wake_queue(priv->dev);
1923
1924 lbs_deb_leave(LBS_DEB_CFG80211);
1925 }
1926
1927 static int lbs_ibss_join_existing(struct lbs_private *priv,
1928 struct cfg80211_ibss_params *params,
1929 struct cfg80211_bss *bss)
1930 {
1931 const u8 *rates_eid;
1932 struct cmd_ds_802_11_ad_hoc_join cmd;
1933 u8 preamble = RADIO_PREAMBLE_SHORT;
1934 int ret = 0;
1935
1936 lbs_deb_enter(LBS_DEB_CFG80211);
1937
1938 /* TODO: set preamble based on scan result */
1939 ret = lbs_set_radio(priv, preamble, 1);
1940 if (ret)
1941 goto out;
1942
1943 /*
1944 * Example CMD_802_11_AD_HOC_JOIN command:
1945 *
1946 * command 2c 00 CMD_802_11_AD_HOC_JOIN
1947 * size 65 00
1948 * sequence xx xx
1949 * result 00 00
1950 * bssid 02 27 27 97 2f 96
1951 * ssid 49 42 53 53 00 00 00 00
1952 * 00 00 00 00 00 00 00 00
1953 * 00 00 00 00 00 00 00 00
1954 * 00 00 00 00 00 00 00 00
1955 * type 02 CMD_BSS_TYPE_IBSS
1956 * beacon period 64 00
1957 * dtim period 00
1958 * timestamp 00 00 00 00 00 00 00 00
1959 * localtime 00 00 00 00 00 00 00 00
1960 * IE DS 03
1961 * IE DS len 01
1962 * IE DS channel 01
1963 * reserveed 00 00 00 00
1964 * IE IBSS 06
1965 * IE IBSS len 02
1966 * IE IBSS atim 00 00
1967 * reserved 00 00 00 00
1968 * capability 02 00
1969 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c 00
1970 * fail timeout ff 00
1971 * probe delay 00 00
1972 */
1973 memset(&cmd, 0, sizeof(cmd));
1974 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1975
1976 memcpy(cmd.bss.bssid, bss->bssid, ETH_ALEN);
1977 memcpy(cmd.bss.ssid, params->ssid, params->ssid_len);
1978 cmd.bss.type = CMD_BSS_TYPE_IBSS;
1979 cmd.bss.beaconperiod = cpu_to_le16(params->beacon_interval);
1980 cmd.bss.ds.header.id = WLAN_EID_DS_PARAMS;
1981 cmd.bss.ds.header.len = 1;
1982 cmd.bss.ds.channel = params->chandef.chan->hw_value;
1983 cmd.bss.ibss.header.id = WLAN_EID_IBSS_PARAMS;
1984 cmd.bss.ibss.header.len = 2;
1985 cmd.bss.ibss.atimwindow = 0;
1986 cmd.bss.capability = cpu_to_le16(bss->capability & CAPINFO_MASK);
1987
1988 /* set rates to the intersection of our rates and the rates in the
1989 bss */
1990 rcu_read_lock();
1991 rates_eid = ieee80211_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1992 if (!rates_eid) {
1993 lbs_add_rates(cmd.bss.rates);
1994 } else {
1995 int hw, i;
1996 u8 rates_max = rates_eid[1];
1997 u8 *rates = cmd.bss.rates;
1998 for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) {
1999 u8 hw_rate = lbs_rates[hw].bitrate / 5;
2000 for (i = 0; i < rates_max; i++) {
2001 if (hw_rate == (rates_eid[i+2] & 0x7f)) {
2002 u8 rate = rates_eid[i+2];
2003 if (rate == 0x02 || rate == 0x04 ||
2004 rate == 0x0b || rate == 0x16)
2005 rate |= 0x80;
2006 *rates++ = rate;
2007 }
2008 }
2009 }
2010 }
2011 rcu_read_unlock();
2012
2013 /* Only v8 and below support setting this */
2014 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8) {
2015 cmd.failtimeout = cpu_to_le16(MRVDRV_ASSOCIATION_TIME_OUT);
2016 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME);
2017 }
2018 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_JOIN, &cmd);
2019 if (ret)
2020 goto out;
2021
2022 /*
2023 * This is a sample response to CMD_802_11_AD_HOC_JOIN:
2024 *
2025 * response 2c 80
2026 * size 09 00
2027 * sequence xx xx
2028 * result 00 00
2029 * reserved 00
2030 */
2031 lbs_join_post(priv, params, bss->bssid, bss->capability);
2032
2033 out:
2034 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2035 return ret;
2036 }
2037
2038
2039
2040 static int lbs_ibss_start_new(struct lbs_private *priv,
2041 struct cfg80211_ibss_params *params)
2042 {
2043 struct cmd_ds_802_11_ad_hoc_start cmd;
2044 struct cmd_ds_802_11_ad_hoc_result *resp =
2045 (struct cmd_ds_802_11_ad_hoc_result *) &cmd;
2046 u8 preamble = RADIO_PREAMBLE_SHORT;
2047 int ret = 0;
2048 u16 capability;
2049
2050 lbs_deb_enter(LBS_DEB_CFG80211);
2051
2052 ret = lbs_set_radio(priv, preamble, 1);
2053 if (ret)
2054 goto out;
2055
2056 /*
2057 * Example CMD_802_11_AD_HOC_START command:
2058 *
2059 * command 2b 00 CMD_802_11_AD_HOC_START
2060 * size b1 00
2061 * sequence xx xx
2062 * result 00 00
2063 * ssid 54 45 53 54 00 00 00 00
2064 * 00 00 00 00 00 00 00 00
2065 * 00 00 00 00 00 00 00 00
2066 * 00 00 00 00 00 00 00 00
2067 * bss type 02
2068 * beacon period 64 00
2069 * dtim period 00
2070 * IE IBSS 06
2071 * IE IBSS len 02
2072 * IE IBSS atim 00 00
2073 * reserved 00 00 00 00
2074 * IE DS 03
2075 * IE DS len 01
2076 * IE DS channel 01
2077 * reserved 00 00 00 00
2078 * probe delay 00 00
2079 * capability 02 00
2080 * rates 82 84 8b 96 (basic rates with have bit 7 set)
2081 * 0c 12 18 24 30 48 60 6c
2082 * padding 100 bytes
2083 */
2084 memset(&cmd, 0, sizeof(cmd));
2085 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
2086 memcpy(cmd.ssid, params->ssid, params->ssid_len);
2087 cmd.bsstype = CMD_BSS_TYPE_IBSS;
2088 cmd.beaconperiod = cpu_to_le16(params->beacon_interval);
2089 cmd.ibss.header.id = WLAN_EID_IBSS_PARAMS;
2090 cmd.ibss.header.len = 2;
2091 cmd.ibss.atimwindow = 0;
2092 cmd.ds.header.id = WLAN_EID_DS_PARAMS;
2093 cmd.ds.header.len = 1;
2094 cmd.ds.channel = params->chandef.chan->hw_value;
2095 /* Only v8 and below support setting probe delay */
2096 if (MRVL_FW_MAJOR_REV(priv->fwrelease) <= 8)
2097 cmd.probedelay = cpu_to_le16(CMD_SCAN_PROBE_DELAY_TIME);
2098 /* TODO: mix in WLAN_CAPABILITY_PRIVACY */
2099 capability = WLAN_CAPABILITY_IBSS;
2100 cmd.capability = cpu_to_le16(capability);
2101 lbs_add_rates(cmd.rates);
2102
2103
2104 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_START, &cmd);
2105 if (ret)
2106 goto out;
2107
2108 /*
2109 * This is a sample response to CMD_802_11_AD_HOC_JOIN:
2110 *
2111 * response 2b 80
2112 * size 14 00
2113 * sequence xx xx
2114 * result 00 00
2115 * reserved 00
2116 * bssid 02 2b 7b 0f 86 0e
2117 */
2118 lbs_join_post(priv, params, resp->bssid, capability);
2119
2120 out:
2121 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2122 return ret;
2123 }
2124
2125
2126 static int lbs_join_ibss(struct wiphy *wiphy, struct net_device *dev,
2127 struct cfg80211_ibss_params *params)
2128 {
2129 struct lbs_private *priv = wiphy_priv(wiphy);
2130 int ret = 0;
2131 struct cfg80211_bss *bss;
2132
2133 if (dev == priv->mesh_dev)
2134 return -EOPNOTSUPP;
2135
2136 lbs_deb_enter(LBS_DEB_CFG80211);
2137
2138 if (!params->chandef.chan) {
2139 ret = -ENOTSUPP;
2140 goto out;
2141 }
2142
2143 ret = lbs_set_channel(priv, params->chandef.chan->hw_value);
2144 if (ret)
2145 goto out;
2146
2147 /* Search if someone is beaconing. This assumes that the
2148 * bss list is populated already */
2149 bss = cfg80211_get_bss(wiphy, params->chandef.chan, params->bssid,
2150 params->ssid, params->ssid_len,
2151 IEEE80211_BSS_TYPE_IBSS, IEEE80211_PRIVACY_ANY);
2152
2153 if (bss) {
2154 ret = lbs_ibss_join_existing(priv, params, bss);
2155 cfg80211_put_bss(wiphy, bss);
2156 } else
2157 ret = lbs_ibss_start_new(priv, params);
2158
2159
2160 out:
2161 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2162 return ret;
2163 }
2164
2165
2166 static int lbs_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
2167 {
2168 struct lbs_private *priv = wiphy_priv(wiphy);
2169 struct cmd_ds_802_11_ad_hoc_stop cmd;
2170 int ret = 0;
2171
2172 if (dev == priv->mesh_dev)
2173 return -EOPNOTSUPP;
2174
2175 lbs_deb_enter(LBS_DEB_CFG80211);
2176
2177 memset(&cmd, 0, sizeof(cmd));
2178 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
2179 ret = lbs_cmd_with_response(priv, CMD_802_11_AD_HOC_STOP, &cmd);
2180
2181 /* TODO: consider doing this at MACREG_INT_CODE_ADHOC_BCN_LOST time */
2182 lbs_mac_event_disconnected(priv, true);
2183
2184 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2185 return ret;
2186 }
2187
2188
2189
2190
2191 /*
2192 * Initialization
2193 */
2194
2195 static struct cfg80211_ops lbs_cfg80211_ops = {
2196 .set_monitor_channel = lbs_cfg_set_monitor_channel,
2197 .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel,
2198 .scan = lbs_cfg_scan,
2199 .connect = lbs_cfg_connect,
2200 .disconnect = lbs_cfg_disconnect,
2201 .add_key = lbs_cfg_add_key,
2202 .del_key = lbs_cfg_del_key,
2203 .set_default_key = lbs_cfg_set_default_key,
2204 .get_station = lbs_cfg_get_station,
2205 .change_virtual_intf = lbs_change_intf,
2206 .join_ibss = lbs_join_ibss,
2207 .leave_ibss = lbs_leave_ibss,
2208 };
2209
2210
2211 /*
2212 * At this time lbs_private *priv doesn't even exist, so we just allocate
2213 * memory and don't initialize the wiphy further. This is postponed until we
2214 * can talk to the firmware and happens at registration time in
2215 * lbs_cfg_wiphy_register().
2216 */
2217 struct wireless_dev *lbs_cfg_alloc(struct device *dev)
2218 {
2219 int ret = 0;
2220 struct wireless_dev *wdev;
2221
2222 lbs_deb_enter(LBS_DEB_CFG80211);
2223
2224 wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);
2225 if (!wdev)
2226 return ERR_PTR(-ENOMEM);
2227
2228 wdev->wiphy = wiphy_new(&lbs_cfg80211_ops, sizeof(struct lbs_private));
2229 if (!wdev->wiphy) {
2230 dev_err(dev, "cannot allocate wiphy\n");
2231 ret = -ENOMEM;
2232 goto err_wiphy_new;
2233 }
2234
2235 lbs_deb_leave(LBS_DEB_CFG80211);
2236 return wdev;
2237
2238 err_wiphy_new:
2239 kfree(wdev);
2240 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2241 return ERR_PTR(ret);
2242 }
2243
2244
2245 static void lbs_cfg_set_regulatory_hint(struct lbs_private *priv)
2246 {
2247 struct region_code_mapping {
2248 const char *cn;
2249 int code;
2250 };
2251
2252 /* Section 5.17.2 */
2253 static const struct region_code_mapping regmap[] = {
2254 {"US ", 0x10}, /* US FCC */
2255 {"CA ", 0x20}, /* Canada */
2256 {"EU ", 0x30}, /* ETSI */
2257 {"ES ", 0x31}, /* Spain */
2258 {"FR ", 0x32}, /* France */
2259 {"JP ", 0x40}, /* Japan */
2260 };
2261 size_t i;
2262
2263 lbs_deb_enter(LBS_DEB_CFG80211);
2264
2265 for (i = 0; i < ARRAY_SIZE(regmap); i++)
2266 if (regmap[i].code == priv->regioncode) {
2267 regulatory_hint(priv->wdev->wiphy, regmap[i].cn);
2268 break;
2269 }
2270
2271 lbs_deb_leave(LBS_DEB_CFG80211);
2272 }
2273
2274 static void lbs_reg_notifier(struct wiphy *wiphy,
2275 struct regulatory_request *request)
2276 {
2277 struct lbs_private *priv = wiphy_priv(wiphy);
2278
2279 lbs_deb_enter_args(LBS_DEB_CFG80211, "cfg80211 regulatory domain "
2280 "callback for domain %c%c\n", request->alpha2[0],
2281 request->alpha2[1]);
2282
2283 memcpy(priv->country_code, request->alpha2, sizeof(request->alpha2));
2284 if (lbs_iface_active(priv))
2285 lbs_set_11d_domain_info(priv);
2286
2287 lbs_deb_leave(LBS_DEB_CFG80211);
2288 }
2289
2290 /*
2291 * This function get's called after lbs_setup_firmware() determined the
2292 * firmware capabities. So we can setup the wiphy according to our
2293 * hardware/firmware.
2294 */
2295 int lbs_cfg_register(struct lbs_private *priv)
2296 {
2297 struct wireless_dev *wdev = priv->wdev;
2298 int ret;
2299
2300 lbs_deb_enter(LBS_DEB_CFG80211);
2301
2302 wdev->wiphy->max_scan_ssids = 1;
2303 wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
2304
2305 wdev->wiphy->interface_modes =
2306 BIT(NL80211_IFTYPE_STATION) |
2307 BIT(NL80211_IFTYPE_ADHOC);
2308 if (lbs_rtap_supported(priv))
2309 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
2310 if (lbs_mesh_activated(priv))
2311 wdev->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MESH_POINT);
2312
2313 wdev->wiphy->bands[IEEE80211_BAND_2GHZ] = &lbs_band_2ghz;
2314
2315 /*
2316 * We could check priv->fwcapinfo && FW_CAPINFO_WPA, but I have
2317 * never seen a firmware without WPA
2318 */
2319 wdev->wiphy->cipher_suites = cipher_suites;
2320 wdev->wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);
2321 wdev->wiphy->reg_notifier = lbs_reg_notifier;
2322
2323 ret = wiphy_register(wdev->wiphy);
2324 if (ret < 0)
2325 pr_err("cannot register wiphy device\n");
2326
2327 priv->wiphy_registered = true;
2328
2329 ret = register_netdev(priv->dev);
2330 if (ret)
2331 pr_err("cannot register network device\n");
2332
2333 INIT_DELAYED_WORK(&priv->scan_work, lbs_scan_worker);
2334
2335 lbs_cfg_set_regulatory_hint(priv);
2336
2337 lbs_deb_leave_args(LBS_DEB_CFG80211, "ret %d", ret);
2338 return ret;
2339 }
2340
2341 void lbs_scan_deinit(struct lbs_private *priv)
2342 {
2343 lbs_deb_enter(LBS_DEB_CFG80211);
2344 cancel_delayed_work_sync(&priv->scan_work);
2345 }
2346
2347
2348 void lbs_cfg_free(struct lbs_private *priv)
2349 {
2350 struct wireless_dev *wdev = priv->wdev;
2351
2352 lbs_deb_enter(LBS_DEB_CFG80211);
2353
2354 if (!wdev)
2355 return;
2356
2357 if (priv->wiphy_registered)
2358 wiphy_unregister(wdev->wiphy);
2359
2360 if (wdev->wiphy)
2361 wiphy_free(wdev->wiphy);
2362
2363 kfree(wdev);
2364 }
2365
2366 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cfg.o.c.prepared"
2367
2368 int ldv_bind_18(void);
2369 int ldv_retval_1;
2370 int ldv_release_18(void);
2371
2372
2373 void ldv_initialyze_cfg80211_ops_18(void){
2374 lbs_cfg80211_ops_group0 = ldv_undef_ptr();
2375 lbs_cfg80211_ops_group1 = ldv_undef_ptr();
2376 }
2377
2378 void ldv_main_exported_18(void){
2379 struct station_info *ldvarg28;
2380 u8 const *ldvarg34;
2381 u16 ldvarg19;
2382 u8 const *ldvarg22;
2383 u8 ldvarg25;
2384 u8 ldvarg21;
2385 u8 ldvarg33;
2386 struct cfg80211_chan_def *ldvarg30;
2387 struct cfg80211_connect_params *ldvarg38;
2388 u32 *ldvarg35;
2389 struct cfg80211_scan_request *ldvarg27;
2390 bool ldvarg26;
2391 bool ldvarg24;
2392 u8 const *ldvarg29;
2393 enum nl80211_iftype ldvarg36;
2394 struct vif_params *ldvarg37;
2395 struct ieee80211_channel *ldvarg23;
2396 bool ldvarg20;
2397 struct key_params *ldvarg31;
2398 bool ldvarg32;
2399 struct cfg80211_ibss_params *ldvarg18;
2400 /*DEG-struct: handlers from structure lbs_cfg80211_ops*/
2401 switch(__VERIFIER_nondet_int()){
2402 case 0:{
2403 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2404 if(ldv_state_variable_18 == 2){
2405 /*DEG-CALL: handler connect from lbs_cfg80211_ops*/
2406 ldv_retval_1=(& lbs_cfg_connect)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg38);
2407 /*DEG-postcall: if success*/
2408 if(ldv_retval_1==0){
2409 ldv_state_variable_18 = 3;
2410 }
2411 }
2412 }
2413 break;
2414 case 1:{
2415 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2416 if(ldv_state_variable_18 == 1){
2417 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/
2418 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37);
2419 /*DEG-postcall: default*/
2420 ldv_state_variable_18 = 1;
2421 }
2422 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2423 if(ldv_state_variable_18 == 3){
2424 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/
2425 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37);
2426 /*DEG-postcall: default*/
2427 ldv_state_variable_18 = 3;
2428 }
2429 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2430 if(ldv_state_variable_18 == 2){
2431 /*DEG-CALL: handler change_virtual_intf from lbs_cfg80211_ops*/
2432 (& lbs_change_intf)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg36,ldvarg35,ldvarg37);
2433 /*DEG-postcall: default*/
2434 ldv_state_variable_18 = 2;
2435 }
2436 }
2437 break;
2438 case 2:{
2439 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2440 if(ldv_state_variable_18 == 1){
2441 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/
2442 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31);
2443 /*DEG-postcall: default*/
2444 ldv_state_variable_18 = 1;
2445 }
2446 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2447 if(ldv_state_variable_18 == 3){
2448 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/
2449 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31);
2450 /*DEG-postcall: default*/
2451 ldv_state_variable_18 = 3;
2452 }
2453 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2454 if(ldv_state_variable_18 == 2){
2455 /*DEG-CALL: handler add_key from lbs_cfg80211_ops*/
2456 (& lbs_cfg_add_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg33,ldvarg32,ldvarg34,ldvarg31);
2457 /*DEG-postcall: default*/
2458 ldv_state_variable_18 = 2;
2459 }
2460 }
2461 break;
2462 case 3:{
2463 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2464 if(ldv_state_variable_18 == 1){
2465 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/
2466 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30);
2467 /*DEG-postcall: default*/
2468 ldv_state_variable_18 = 1;
2469 }
2470 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2471 if(ldv_state_variable_18 == 3){
2472 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/
2473 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30);
2474 /*DEG-postcall: default*/
2475 ldv_state_variable_18 = 3;
2476 }
2477 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2478 if(ldv_state_variable_18 == 2){
2479 /*DEG-CALL: handler set_monitor_channel from lbs_cfg80211_ops*/
2480 (& lbs_cfg_set_monitor_channel)(lbs_cfg80211_ops_group1,ldvarg30);
2481 /*DEG-postcall: default*/
2482 ldv_state_variable_18 = 2;
2483 }
2484 }
2485 break;
2486 case 4:{
2487 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2488 if(ldv_state_variable_18 == 1){
2489 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/
2490 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28);
2491 /*DEG-postcall: default*/
2492 ldv_state_variable_18 = 1;
2493 }
2494 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2495 if(ldv_state_variable_18 == 3){
2496 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/
2497 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28);
2498 /*DEG-postcall: default*/
2499 ldv_state_variable_18 = 3;
2500 }
2501 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2502 if(ldv_state_variable_18 == 2){
2503 /*DEG-CALL: handler get_station from lbs_cfg80211_ops*/
2504 (& lbs_cfg_get_station)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg29,ldvarg28);
2505 /*DEG-postcall: default*/
2506 ldv_state_variable_18 = 2;
2507 }
2508 }
2509 break;
2510 case 5:{
2511 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2512 if(ldv_state_variable_18 == 1){
2513 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/
2514 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0);
2515 /*DEG-postcall: default*/
2516 ldv_state_variable_18 = 1;
2517 }
2518 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2519 if(ldv_state_variable_18 == 3){
2520 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/
2521 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0);
2522 /*DEG-postcall: default*/
2523 ldv_state_variable_18 = 3;
2524 }
2525 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2526 if(ldv_state_variable_18 == 2){
2527 /*DEG-CALL: handler leave_ibss from lbs_cfg80211_ops*/
2528 (& lbs_leave_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0);
2529 /*DEG-postcall: default*/
2530 ldv_state_variable_18 = 2;
2531 }
2532 }
2533 break;
2534 case 6:{
2535 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2536 if(ldv_state_variable_18 == 1){
2537 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/
2538 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27);
2539 /*DEG-postcall: default*/
2540 ldv_state_variable_18 = 1;
2541 }
2542 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2543 if(ldv_state_variable_18 == 3){
2544 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/
2545 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27);
2546 /*DEG-postcall: default*/
2547 ldv_state_variable_18 = 3;
2548 }
2549 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2550 if(ldv_state_variable_18 == 2){
2551 /*DEG-CALL: handler scan from lbs_cfg80211_ops*/
2552 (& lbs_cfg_scan)(lbs_cfg80211_ops_group1,ldvarg27);
2553 /*DEG-postcall: default*/
2554 ldv_state_variable_18 = 2;
2555 }
2556 }
2557 break;
2558 case 7:{
2559 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2560 if(ldv_state_variable_18 == 1){
2561 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/
2562 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26);
2563 /*DEG-postcall: default*/
2564 ldv_state_variable_18 = 1;
2565 }
2566 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2567 if(ldv_state_variable_18 == 3){
2568 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/
2569 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26);
2570 /*DEG-postcall: default*/
2571 ldv_state_variable_18 = 3;
2572 }
2573 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2574 if(ldv_state_variable_18 == 2){
2575 /*DEG-CALL: handler set_default_key from lbs_cfg80211_ops*/
2576 (& lbs_cfg_set_default_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg25,ldvarg24,ldvarg26);
2577 /*DEG-postcall: default*/
2578 ldv_state_variable_18 = 2;
2579 }
2580 }
2581 break;
2582 case 8:{
2583 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2584 if(ldv_state_variable_18 == 1){
2585 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/
2586 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23);
2587 /*DEG-postcall: default*/
2588 ldv_state_variable_18 = 1;
2589 }
2590 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2591 if(ldv_state_variable_18 == 3){
2592 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/
2593 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23);
2594 /*DEG-postcall: default*/
2595 ldv_state_variable_18 = 3;
2596 }
2597 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2598 if(ldv_state_variable_18 == 2){
2599 /*DEG-CALL: handler libertas_set_mesh_channel from lbs_cfg80211_ops*/
2600 (& lbs_cfg_set_mesh_channel)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg23);
2601 /*DEG-postcall: default*/
2602 ldv_state_variable_18 = 2;
2603 }
2604 }
2605 break;
2606 case 9:{
2607 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2608 if(ldv_state_variable_18 == 1){
2609 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/
2610 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22);
2611 /*DEG-postcall: default*/
2612 ldv_state_variable_18 = 1;
2613 }
2614 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2615 if(ldv_state_variable_18 == 3){
2616 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/
2617 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22);
2618 /*DEG-postcall: default*/
2619 ldv_state_variable_18 = 3;
2620 }
2621 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2622 if(ldv_state_variable_18 == 2){
2623 /*DEG-CALL: handler del_key from lbs_cfg80211_ops*/
2624 (& lbs_cfg_del_key)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg21,ldvarg20,ldvarg22);
2625 /*DEG-postcall: default*/
2626 ldv_state_variable_18 = 2;
2627 }
2628 }
2629 break;
2630 case 10:{
2631 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2632 if(ldv_state_variable_18 == 3){
2633 /*DEG-CALL: handler disconnect from lbs_cfg80211_ops*/
2634 (& lbs_cfg_disconnect)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg19);
2635 ldv_state_variable_18 = 2;
2636 }
2637 }
2638 break;
2639 case 11:{
2640 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2641 if(ldv_state_variable_18 == 1){
2642 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/
2643 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18);
2644 /*DEG-postcall: default*/
2645 ldv_state_variable_18 = 1;
2646 }
2647 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2648 if(ldv_state_variable_18 == 3){
2649 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/
2650 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18);
2651 /*DEG-postcall: default*/
2652 ldv_state_variable_18 = 3;
2653 }
2654 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2655 if(ldv_state_variable_18 == 2){
2656 /*DEG-CALL: handler join_ibss from lbs_cfg80211_ops*/
2657 (& lbs_join_ibss)(lbs_cfg80211_ops_group1,lbs_cfg80211_ops_group0,ldvarg18);
2658 /*DEG-postcall: default*/
2659 ldv_state_variable_18 = 2;
2660 }
2661 }
2662 break;
2663 case 12:{
2664 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2665 if(ldv_state_variable_18 == 2){
2666 /*DEG-CALL: handler release from lbs_cfg80211_ops*/
2667 ldv_release_18();
2668 ldv_state_variable_18 = 1;
2669 ref_cnt--;
2670 }
2671 }
2672 break;
2673 case 13:{
2674 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2675 if(ldv_state_variable_18 == 1){
2676 /*DEG-CALL: handler bind from lbs_cfg80211_ops*/
2677 ldv_bind_18();
2678 ldv_state_variable_18 = 2;
2679 ref_cnt++;
2680 }
2681 }
2682 break;
2683 default: ldv_assume(0);
2684 }
2685
2686 }; 1 /*
2 * This file contains the handling of command.
3 * It prepares command and sends it to firmware when it is ready.
4 */
5
6 #include <linux/hardirq.h>
7 #include <linux/kfifo.h>
8 #include <linux/sched.h>
9 #include <linux/slab.h>
10 #include <linux/if_arp.h>
11 #include <linux/export.h>
12
13 #include "decl.h"
14 #include "cfg.h"
15 #include "cmd.h"
16
17 #define CAL_NF(nf) ((s32)(-(s32)(nf)))
18 #define CAL_RSSI(snr, nf) ((s32)((s32)(snr) + CAL_NF(nf)))
19
20 /**
21 * lbs_cmd_copyback - Simple callback that copies response back into command
22 *
23 * @priv: A pointer to &struct lbs_private structure
24 * @extra: A pointer to the original command structure for which
25 * 'resp' is a response
26 * @resp: A pointer to the command response
27 *
28 * returns: 0 on success, error on failure
29 */
30 int lbs_cmd_copyback(struct lbs_private *priv, unsigned long extra,
31 struct cmd_header *resp)
32 {
33 struct cmd_header *buf = (void *)extra;
34 uint16_t copy_len;
35
36 copy_len = min(le16_to_cpu(buf->size), le16_to_cpu(resp->size));
37 memcpy(buf, resp, copy_len);
38 return 0;
39 }
40 EXPORT_SYMBOL_GPL(lbs_cmd_copyback);
41
42 /**
43 * lbs_cmd_async_callback - Simple callback that ignores the result.
44 * Use this if you just want to send a command to the hardware, but don't
45 * care for the result.
46 *
47 * @priv: ignored
48 * @extra: ignored
49 * @resp: ignored
50 *
51 * returns: 0 for success
52 */
53 static int lbs_cmd_async_callback(struct lbs_private *priv, unsigned long extra,
54 struct cmd_header *resp)
55 {
56 return 0;
57 }
58
59
60 /**
61 * is_command_allowed_in_ps - tests if a command is allowed in Power Save mode
62 *
63 * @cmd: the command ID
64 *
65 * returns: 1 if allowed, 0 if not allowed
66 */
67 static u8 is_command_allowed_in_ps(u16 cmd)
68 {
69 switch (cmd) {
70 case CMD_802_11_RSSI:
71 return 1;
72 case CMD_802_11_HOST_SLEEP_CFG:
73 return 1;
74 default:
75 break;
76 }
77 return 0;
78 }
79
80 /**
81 * lbs_update_hw_spec - Updates the hardware details like MAC address
82 * and regulatory region
83 *
84 * @priv: A pointer to &struct lbs_private structure
85 *
86 * returns: 0 on success, error on failure
87 */
88 int lbs_update_hw_spec(struct lbs_private *priv)
89 {
90 struct cmd_ds_get_hw_spec cmd;
91 int ret = -1;
92 u32 i;
93
94 lbs_deb_enter(LBS_DEB_CMD);
95
96 memset(&cmd, 0, sizeof(cmd));
97 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
98 memcpy(cmd.permanentaddr, priv->current_addr, ETH_ALEN);
99 ret = lbs_cmd_with_response(priv, CMD_GET_HW_SPEC, &cmd);
100 if (ret)
101 goto out;
102
103 priv->fwcapinfo = le32_to_cpu(cmd.fwcapinfo);
104
105 /* The firmware release is in an interesting format: the patch
106 * level is in the most significant nibble ... so fix that: */
107 priv->fwrelease = le32_to_cpu(cmd.fwrelease);
108 priv->fwrelease = (priv->fwrelease << 8) |
109 (priv->fwrelease >> 24 & 0xff);
110
111 /* Some firmware capabilities:
112 * CF card firmware 5.0.16p0: cap 0x00000303
113 * USB dongle firmware 5.110.17p2: cap 0x00000303
114 */
115 netdev_info(priv->dev, "%pM, fw %u.%u.%up%u, cap 0x%08x\n",
116 cmd.permanentaddr,
117 priv->fwrelease >> 24 & 0xff,
118 priv->fwrelease >> 16 & 0xff,
119 priv->fwrelease >> 8 & 0xff,
120 priv->fwrelease & 0xff,
121 priv->fwcapinfo);
122 lbs_deb_cmd("GET_HW_SPEC: hardware interface 0x%x, hardware spec 0x%04x\n",
123 cmd.hwifversion, cmd.version);
124
125 /* Clamp region code to 8-bit since FW spec indicates that it should
126 * only ever be 8-bit, even though the field size is 16-bit. Some firmware
127 * returns non-zero high 8 bits here.
128 *
129 * Firmware version 4.0.102 used in CF8381 has region code shifted. We
130 * need to check for this problem and handle it properly.
131 */
132 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V4)
133 priv->regioncode = (le16_to_cpu(cmd.regioncode) >> 8) & 0xFF;
134 else
135 priv->regioncode = le16_to_cpu(cmd.regioncode) & 0xFF;
136
137 for (i = 0; i < MRVDRV_MAX_REGION_CODE; i++) {
138 /* use the region code to search for the index */
139 if (priv->regioncode == lbs_region_code_to_index[i])
140 break;
141 }
142
143 /* if it's unidentified region code, use the default (USA) */
144 if (i >= MRVDRV_MAX_REGION_CODE) {
145 priv->regioncode = 0x10;
146 netdev_info(priv->dev,
147 "unidentified region code; using the default (USA)\n");
148 }
149
150 if (priv->current_addr[0] == 0xff)
151 memmove(priv->current_addr, cmd.permanentaddr, ETH_ALEN);
152
153 if (!priv->copied_hwaddr) {
154 memcpy(priv->dev->dev_addr, priv->current_addr, ETH_ALEN);
155 if (priv->mesh_dev)
156 memcpy(priv->mesh_dev->dev_addr,
157 priv->current_addr, ETH_ALEN);
158 priv->copied_hwaddr = 1;
159 }
160
161 out:
162 lbs_deb_leave(LBS_DEB_CMD);
163 return ret;
164 }
165
166 static int lbs_ret_host_sleep_cfg(struct lbs_private *priv, unsigned long dummy,
167 struct cmd_header *resp)
168 {
169 lbs_deb_enter(LBS_DEB_CMD);
170 if (priv->is_host_sleep_activated) {
171 priv->is_host_sleep_configured = 0;
172 if (priv->psstate == PS_STATE_FULL_POWER) {
173 priv->is_host_sleep_activated = 0;
174 wake_up_interruptible(&priv->host_sleep_q);
175 }
176 } else {
177 priv->is_host_sleep_configured = 1;
178 }
179 lbs_deb_leave(LBS_DEB_CMD);
180 return 0;
181 }
182
183 int lbs_host_sleep_cfg(struct lbs_private *priv, uint32_t criteria,
184 struct wol_config *p_wol_config)
185 {
186 struct cmd_ds_host_sleep cmd_config;
187 int ret;
188
189 /*
190 * Certain firmware versions do not support EHS_REMOVE_WAKEUP command
191 * and the card will return a failure. Since we need to be
192 * able to reset the mask, in those cases we set a 0 mask instead.
193 */
194 if (criteria == EHS_REMOVE_WAKEUP && !priv->ehs_remove_supported)
195 criteria = 0;
196
197 cmd_config.hdr.size = cpu_to_le16(sizeof(cmd_config));
198 cmd_config.criteria = cpu_to_le32(criteria);
199 cmd_config.gpio = priv->wol_gpio;
200 cmd_config.gap = priv->wol_gap;
201
202 if (p_wol_config != NULL)
203 memcpy((uint8_t *)&cmd_config.wol_conf, (uint8_t *)p_wol_config,
204 sizeof(struct wol_config));
205 else
206 cmd_config.wol_conf.action = CMD_ACT_ACTION_NONE;
207
208 ret = __lbs_cmd(priv, CMD_802_11_HOST_SLEEP_CFG, &cmd_config.hdr,
209 le16_to_cpu(cmd_config.hdr.size),
210 lbs_ret_host_sleep_cfg, 0);
211 if (!ret) {
212 if (p_wol_config)
213 memcpy((uint8_t *) p_wol_config,
214 (uint8_t *)&cmd_config.wol_conf,
215 sizeof(struct wol_config));
216 } else {
217 netdev_info(priv->dev, "HOST_SLEEP_CFG failed %d\n", ret);
218 }
219
220 return ret;
221 }
222 EXPORT_SYMBOL_GPL(lbs_host_sleep_cfg);
223
224 /**
225 * lbs_set_ps_mode - Sets the Power Save mode
226 *
227 * @priv: A pointer to &struct lbs_private structure
228 * @cmd_action: The Power Save operation (PS_MODE_ACTION_ENTER_PS or
229 * PS_MODE_ACTION_EXIT_PS)
230 * @block: Whether to block on a response or not
231 *
232 * returns: 0 on success, error on failure
233 */
234 int lbs_set_ps_mode(struct lbs_private *priv, u16 cmd_action, bool block)
235 {
236 struct cmd_ds_802_11_ps_mode cmd;
237 int ret = 0;
238
239 lbs_deb_enter(LBS_DEB_CMD);
240
241 memset(&cmd, 0, sizeof(cmd));
242 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
243 cmd.action = cpu_to_le16(cmd_action);
244
245 if (cmd_action == PS_MODE_ACTION_ENTER_PS) {
246 lbs_deb_cmd("PS_MODE: action ENTER_PS\n");
247 cmd.multipledtim = cpu_to_le16(1); /* Default DTIM multiple */
248 } else if (cmd_action == PS_MODE_ACTION_EXIT_PS) {
249 lbs_deb_cmd("PS_MODE: action EXIT_PS\n");
250 } else {
251 /* We don't handle CONFIRM_SLEEP here because it needs to
252 * be fastpathed to the firmware.
253 */
254 lbs_deb_cmd("PS_MODE: unknown action 0x%X\n", cmd_action);
255 ret = -EOPNOTSUPP;
256 goto out;
257 }
258
259 if (block)
260 ret = lbs_cmd_with_response(priv, CMD_802_11_PS_MODE, &cmd);
261 else
262 lbs_cmd_async(priv, CMD_802_11_PS_MODE, &cmd.hdr, sizeof (cmd));
263
264 out:
265 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
266 return ret;
267 }
268
269 int lbs_cmd_802_11_sleep_params(struct lbs_private *priv, uint16_t cmd_action,
270 struct sleep_params *sp)
271 {
272 struct cmd_ds_802_11_sleep_params cmd;
273 int ret;
274
275 lbs_deb_enter(LBS_DEB_CMD);
276
277 if (cmd_action == CMD_ACT_GET) {
278 memset(&cmd, 0, sizeof(cmd));
279 } else {
280 cmd.error = cpu_to_le16(sp->sp_error);
281 cmd.offset = cpu_to_le16(sp->sp_offset);
282 cmd.stabletime = cpu_to_le16(sp->sp_stabletime);
283 cmd.calcontrol = sp->sp_calcontrol;
284 cmd.externalsleepclk = sp->sp_extsleepclk;
285 cmd.reserved = cpu_to_le16(sp->sp_reserved);
286 }
287 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
288 cmd.action = cpu_to_le16(cmd_action);
289
290 ret = lbs_cmd_with_response(priv, CMD_802_11_SLEEP_PARAMS, &cmd);
291
292 if (!ret) {
293 lbs_deb_cmd("error 0x%x, offset 0x%x, stabletime 0x%x, "
294 "calcontrol 0x%x extsleepclk 0x%x\n",
295 le16_to_cpu(cmd.error), le16_to_cpu(cmd.offset),
296 le16_to_cpu(cmd.stabletime), cmd.calcontrol,
297 cmd.externalsleepclk);
298
299 sp->sp_error = le16_to_cpu(cmd.error);
300 sp->sp_offset = le16_to_cpu(cmd.offset);
301 sp->sp_stabletime = le16_to_cpu(cmd.stabletime);
302 sp->sp_calcontrol = cmd.calcontrol;
303 sp->sp_extsleepclk = cmd.externalsleepclk;
304 sp->sp_reserved = le16_to_cpu(cmd.reserved);
305 }
306
307 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
308 return 0;
309 }
310
311 static int lbs_wait_for_ds_awake(struct lbs_private *priv)
312 {
313 int ret = 0;
314
315 lbs_deb_enter(LBS_DEB_CMD);
316
317 if (priv->is_deep_sleep) {
318 if (!wait_event_interruptible_timeout(priv->ds_awake_q,
319 !priv->is_deep_sleep, (10 * HZ))) {
320 netdev_err(priv->dev, "ds_awake_q: timer expired\n");
321 ret = -1;
322 }
323 }
324
325 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
326 return ret;
327 }
328
329 int lbs_set_deep_sleep(struct lbs_private *priv, int deep_sleep)
330 {
331 int ret = 0;
332
333 lbs_deb_enter(LBS_DEB_CMD);
334
335 if (deep_sleep) {
336 if (priv->is_deep_sleep != 1) {
337 lbs_deb_cmd("deep sleep: sleep\n");
338 BUG_ON(!priv->enter_deep_sleep);
339 ret = priv->enter_deep_sleep(priv);
340 if (!ret) {
341 netif_stop_queue(priv->dev);
342 netif_carrier_off(priv->dev);
343 }
344 } else {
345 netdev_err(priv->dev, "deep sleep: already enabled\n");
346 }
347 } else {
348 if (priv->is_deep_sleep) {
349 lbs_deb_cmd("deep sleep: wakeup\n");
350 BUG_ON(!priv->exit_deep_sleep);
351 ret = priv->exit_deep_sleep(priv);
352 if (!ret) {
353 ret = lbs_wait_for_ds_awake(priv);
354 if (ret)
355 netdev_err(priv->dev,
356 "deep sleep: wakeup failed\n");
357 }
358 }
359 }
360
361 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
362 return ret;
363 }
364
365 static int lbs_ret_host_sleep_activate(struct lbs_private *priv,
366 unsigned long dummy,
367 struct cmd_header *cmd)
368 {
369 lbs_deb_enter(LBS_DEB_FW);
370 priv->is_host_sleep_activated = 1;
371 wake_up_interruptible(&priv->host_sleep_q);
372 lbs_deb_leave(LBS_DEB_FW);
373 return 0;
374 }
375
376 int lbs_set_host_sleep(struct lbs_private *priv, int host_sleep)
377 {
378 struct cmd_header cmd;
379 int ret = 0;
380 uint32_t criteria = EHS_REMOVE_WAKEUP;
381
382 lbs_deb_enter(LBS_DEB_CMD);
383
384 if (host_sleep) {
385 if (priv->is_host_sleep_activated != 1) {
386 memset(&cmd, 0, sizeof(cmd));
387 ret = lbs_host_sleep_cfg(priv, priv->wol_criteria,
388 (struct wol_config *)NULL);
389 if (ret) {
390 netdev_info(priv->dev,
391 "Host sleep configuration failed: %d\n",
392 ret);
393 return ret;
394 }
395 if (priv->psstate == PS_STATE_FULL_POWER) {
396 ret = __lbs_cmd(priv,
397 CMD_802_11_HOST_SLEEP_ACTIVATE,
398 &cmd,
399 sizeof(cmd),
400 lbs_ret_host_sleep_activate, 0);
401 if (ret)
402 netdev_info(priv->dev,
403 "HOST_SLEEP_ACTIVATE failed: %d\n",
404 ret);
405 }
406
407 if (!wait_event_interruptible_timeout(
408 priv->host_sleep_q,
409 priv->is_host_sleep_activated,
410 (10 * HZ))) {
411 netdev_err(priv->dev,
412 "host_sleep_q: timer expired\n");
413 ret = -1;
414 }
415 } else {
416 netdev_err(priv->dev, "host sleep: already enabled\n");
417 }
418 } else {
419 if (priv->is_host_sleep_activated)
420 ret = lbs_host_sleep_cfg(priv, criteria,
421 (struct wol_config *)NULL);
422 }
423
424 return ret;
425 }
426
427 /**
428 * lbs_set_snmp_mib - Set an SNMP MIB value
429 *
430 * @priv: A pointer to &struct lbs_private structure
431 * @oid: The OID to set in the firmware
432 * @val: Value to set the OID to
433 *
434 * returns: 0 on success, error on failure
435 */
436 int lbs_set_snmp_mib(struct lbs_private *priv, u32 oid, u16 val)
437 {
438 struct cmd_ds_802_11_snmp_mib cmd;
439 int ret;
440
441 lbs_deb_enter(LBS_DEB_CMD);
442
443 memset(&cmd, 0, sizeof (cmd));
444 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
445 cmd.action = cpu_to_le16(CMD_ACT_SET);
446 cmd.oid = cpu_to_le16((u16) oid);
447
448 switch (oid) {
449 case SNMP_MIB_OID_BSS_TYPE:
450 cmd.bufsize = cpu_to_le16(sizeof(u8));
451 cmd.value[0] = val;
452 break;
453 case SNMP_MIB_OID_11D_ENABLE:
454 case SNMP_MIB_OID_FRAG_THRESHOLD:
455 case SNMP_MIB_OID_RTS_THRESHOLD:
456 case SNMP_MIB_OID_SHORT_RETRY_LIMIT:
457 case SNMP_MIB_OID_LONG_RETRY_LIMIT:
458 cmd.bufsize = cpu_to_le16(sizeof(u16));
459 *((__le16 *)(&cmd.value)) = cpu_to_le16(val);
460 break;
461 default:
462 lbs_deb_cmd("SNMP_CMD: (set) unhandled OID 0x%x\n", oid);
463 ret = -EINVAL;
464 goto out;
465 }
466
467 lbs_deb_cmd("SNMP_CMD: (set) oid 0x%x, oid size 0x%x, value 0x%x\n",
468 le16_to_cpu(cmd.oid), le16_to_cpu(cmd.bufsize), val);
469
470 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd);
471
472 out:
473 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
474 return ret;
475 }
476
477 /**
478 * lbs_get_snmp_mib - Get an SNMP MIB value
479 *
480 * @priv: A pointer to &struct lbs_private structure
481 * @oid: The OID to retrieve from the firmware
482 * @out_val: Location for the returned value
483 *
484 * returns: 0 on success, error on failure
485 */
486 int lbs_get_snmp_mib(struct lbs_private *priv, u32 oid, u16 *out_val)
487 {
488 struct cmd_ds_802_11_snmp_mib cmd;
489 int ret;
490
491 lbs_deb_enter(LBS_DEB_CMD);
492
493 memset(&cmd, 0, sizeof (cmd));
494 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
495 cmd.action = cpu_to_le16(CMD_ACT_GET);
496 cmd.oid = cpu_to_le16(oid);
497
498 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd);
499 if (ret)
500 goto out;
501
502 switch (le16_to_cpu(cmd.bufsize)) {
503 case sizeof(u8):
504 *out_val = cmd.value[0];
505 break;
506 case sizeof(u16):
507 *out_val = le16_to_cpu(*((__le16 *)(&cmd.value)));
508 break;
509 default:
510 lbs_deb_cmd("SNMP_CMD: (get) unhandled OID 0x%x size %d\n",
511 oid, le16_to_cpu(cmd.bufsize));
512 break;
513 }
514
515 out:
516 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
517 return ret;
518 }
519
520 /**
521 * lbs_get_tx_power - Get the min, max, and current TX power
522 *
523 * @priv: A pointer to &struct lbs_private structure
524 * @curlevel: Current power level in dBm
525 * @minlevel: Minimum supported power level in dBm (optional)
526 * @maxlevel: Maximum supported power level in dBm (optional)
527 *
528 * returns: 0 on success, error on failure
529 */
530 int lbs_get_tx_power(struct lbs_private *priv, s16 *curlevel, s16 *minlevel,
531 s16 *maxlevel)
532 {
533 struct cmd_ds_802_11_rf_tx_power cmd;
534 int ret;
535
536 lbs_deb_enter(LBS_DEB_CMD);
537
538 memset(&cmd, 0, sizeof(cmd));
539 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
540 cmd.action = cpu_to_le16(CMD_ACT_GET);
541
542 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd);
543 if (ret == 0) {
544 *curlevel = le16_to_cpu(cmd.curlevel);
545 if (minlevel)
546 *minlevel = cmd.minlevel;
547 if (maxlevel)
548 *maxlevel = cmd.maxlevel;
549 }
550
551 lbs_deb_leave(LBS_DEB_CMD);
552 return ret;
553 }
554
555 /**
556 * lbs_set_tx_power - Set the TX power
557 *
558 * @priv: A pointer to &struct lbs_private structure
559 * @dbm: The desired power level in dBm
560 *
561 * returns: 0 on success, error on failure
562 */
563 int lbs_set_tx_power(struct lbs_private *priv, s16 dbm)
564 {
565 struct cmd_ds_802_11_rf_tx_power cmd;
566 int ret;
567
568 lbs_deb_enter(LBS_DEB_CMD);
569
570 memset(&cmd, 0, sizeof(cmd));
571 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
572 cmd.action = cpu_to_le16(CMD_ACT_SET);
573 cmd.curlevel = cpu_to_le16(dbm);
574
575 lbs_deb_cmd("SET_RF_TX_POWER: %d dBm\n", dbm);
576
577 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd);
578
579 lbs_deb_leave(LBS_DEB_CMD);
580 return ret;
581 }
582
583 /**
584 * lbs_set_monitor_mode - Enable or disable monitor mode
585 * (only implemented on OLPC usb8388 FW)
586 *
587 * @priv: A pointer to &struct lbs_private structure
588 * @enable: 1 to enable monitor mode, 0 to disable
589 *
590 * returns: 0 on success, error on failure
591 */
592 int lbs_set_monitor_mode(struct lbs_private *priv, int enable)
593 {
594 struct cmd_ds_802_11_monitor_mode cmd;
595 int ret;
596
597 memset(&cmd, 0, sizeof(cmd));
598 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
599 cmd.action = cpu_to_le16(CMD_ACT_SET);
600 if (enable)
601 cmd.mode = cpu_to_le16(0x1);
602
603 lbs_deb_cmd("SET_MONITOR_MODE: %d\n", enable);
604
605 ret = lbs_cmd_with_response(priv, CMD_802_11_MONITOR_MODE, &cmd);
606 if (ret == 0) {
607 priv->dev->type = enable ? ARPHRD_IEEE80211_RADIOTAP :
608 ARPHRD_ETHER;
609 }
610
611 lbs_deb_leave(LBS_DEB_CMD);
612 return ret;
613 }
614
615 /**
616 * lbs_get_channel - Get the radio channel
617 *
618 * @priv: A pointer to &struct lbs_private structure
619 *
620 * returns: The channel on success, error on failure
621 */
622 static int lbs_get_channel(struct lbs_private *priv)
623 {
624 struct cmd_ds_802_11_rf_channel cmd;
625 int ret = 0;
626
627 lbs_deb_enter(LBS_DEB_CMD);
628
629 memset(&cmd, 0, sizeof(cmd));
630 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
631 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_GET);
632
633 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd);
634 if (ret)
635 goto out;
636
637 ret = le16_to_cpu(cmd.channel);
638 lbs_deb_cmd("current radio channel is %d\n", ret);
639
640 out:
641 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
642 return ret;
643 }
644
645 int lbs_update_channel(struct lbs_private *priv)
646 {
647 int ret;
648
649 /* the channel in f/w could be out of sync; get the current channel */
650 lbs_deb_enter(LBS_DEB_ASSOC);
651
652 ret = lbs_get_channel(priv);
653 if (ret > 0) {
654 priv->channel = ret;
655 ret = 0;
656 }
657 lbs_deb_leave_args(LBS_DEB_ASSOC, "ret %d", ret);
658 return ret;
659 }
660
661 /**
662 * lbs_set_channel - Set the radio channel
663 *
664 * @priv: A pointer to &struct lbs_private structure
665 * @channel: The desired channel, or 0 to clear a locked channel
666 *
667 * returns: 0 on success, error on failure
668 */
669 int lbs_set_channel(struct lbs_private *priv, u8 channel)
670 {
671 struct cmd_ds_802_11_rf_channel cmd;
672 #ifdef DEBUG
673 u8 old_channel = priv->channel;
674 #endif
675 int ret = 0;
676
677 lbs_deb_enter(LBS_DEB_CMD);
678
679 memset(&cmd, 0, sizeof(cmd));
680 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
681 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_SET);
682 cmd.channel = cpu_to_le16(channel);
683
684 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd);
685 if (ret)
686 goto out;
687
688 priv->channel = (uint8_t) le16_to_cpu(cmd.channel);
689 lbs_deb_cmd("channel switch from %d to %d\n", old_channel,
690 priv->channel);
691
692 out:
693 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
694 return ret;
695 }
696
697 /**
698 * lbs_get_rssi - Get current RSSI and noise floor
699 *
700 * @priv: A pointer to &struct lbs_private structure
701 * @rssi: On successful return, signal level in mBm
702 * @nf: On successful return, Noise floor
703 *
704 * returns: The channel on success, error on failure
705 */
706 int lbs_get_rssi(struct lbs_private *priv, s8 *rssi, s8 *nf)
707 {
708 struct cmd_ds_802_11_rssi cmd;
709 int ret = 0;
710
711 lbs_deb_enter(LBS_DEB_CMD);
712
713 BUG_ON(rssi == NULL);
714 BUG_ON(nf == NULL);
715
716 memset(&cmd, 0, sizeof(cmd));
717 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
718 /* Average SNR over last 8 beacons */
719 cmd.n_or_snr = cpu_to_le16(8);
720
721 ret = lbs_cmd_with_response(priv, CMD_802_11_RSSI, &cmd);
722 if (ret == 0) {
723 *nf = CAL_NF(le16_to_cpu(cmd.nf));
724 *rssi = CAL_RSSI(le16_to_cpu(cmd.n_or_snr), le16_to_cpu(cmd.nf));
725 }
726
727 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
728 return ret;
729 }
730
731 /**
732 * lbs_set_11d_domain_info - Send regulatory and 802.11d domain information
733 * to the firmware
734 *
735 * @priv: pointer to &struct lbs_private
736 *
737 * returns: 0 on success, error code on failure
738 */
739 int lbs_set_11d_domain_info(struct lbs_private *priv)
740 {
741 struct wiphy *wiphy = priv->wdev->wiphy;
742 struct ieee80211_supported_band **bands = wiphy->bands;
743 struct cmd_ds_802_11d_domain_info cmd;
744 struct mrvl_ie_domain_param_set *domain = &cmd.domain;
745 struct ieee80211_country_ie_triplet *t;
746 enum ieee80211_band band;
747 struct ieee80211_channel *ch;
748 u8 num_triplet = 0;
749 u8 num_parsed_chan = 0;
750 u8 first_channel = 0, next_chan = 0, max_pwr = 0;
751 u8 i, flag = 0;
752 size_t triplet_size;
753 int ret = 0;
754
755 lbs_deb_enter(LBS_DEB_11D);
756 if (!priv->country_code[0])
757 goto out;
758
759 memset(&cmd, 0, sizeof(cmd));
760 cmd.action = cpu_to_le16(CMD_ACT_SET);
761
762 lbs_deb_11d("Setting country code '%c%c'\n",
763 priv->country_code[0], priv->country_code[1]);
764
765 domain->header.type = cpu_to_le16(TLV_TYPE_DOMAIN);
766
767 /* Set country code */
768 domain->country_code[0] = priv->country_code[0];
769 domain->country_code[1] = priv->country_code[1];
770 domain->country_code[2] = ' ';
771
772 /* Now set up the channel triplets; firmware is somewhat picky here
773 * and doesn't validate channel numbers and spans; hence it would
774 * interpret a triplet of (36, 4, 20) as channels 36, 37, 38, 39. Since
775 * the last 3 aren't valid channels, the driver is responsible for
776 * splitting that up into 4 triplet pairs of (36, 1, 20) + (40, 1, 20)
777 * etc.
778 */
779 for (band = 0;
780 (band < IEEE80211_NUM_BANDS) && (num_triplet < MAX_11D_TRIPLETS);
781 band++) {
782
783 if (!bands[band])
784 continue;
785
786 for (i = 0;
787 (i < bands[band]->n_channels) && (num_triplet < MAX_11D_TRIPLETS);
788 i++) {
789 ch = &bands[band]->channels[i];
790 if (ch->flags & IEEE80211_CHAN_DISABLED)
791 continue;
792
793 if (!flag) {
794 flag = 1;
795 next_chan = first_channel = (u32) ch->hw_value;
796 max_pwr = ch->max_power;
797 num_parsed_chan = 1;
798 continue;
799 }
800
801 if ((ch->hw_value == next_chan + 1) &&
802 (ch->max_power == max_pwr)) {
803 /* Consolidate adjacent channels */
804 next_chan++;
805 num_parsed_chan++;
806 } else {
807 /* Add this triplet */
808 lbs_deb_11d("11D triplet (%d, %d, %d)\n",
809 first_channel, num_parsed_chan,
810 max_pwr);
811 t = &domain->triplet[num_triplet];
812 t->chans.first_channel = first_channel;
813 t->chans.num_channels = num_parsed_chan;
814 t->chans.max_power = max_pwr;
815 num_triplet++;
816 flag = 0;
817 }
818 }
819
820 if (flag) {
821 /* Add last triplet */
822 lbs_deb_11d("11D triplet (%d, %d, %d)\n", first_channel,
823 num_parsed_chan, max_pwr);
824 t = &domain->triplet[num_triplet];
825 t->chans.first_channel = first_channel;
826 t->chans.num_channels = num_parsed_chan;
827 t->chans.max_power = max_pwr;
828 num_triplet++;
829 }
830 }
831
832 lbs_deb_11d("# triplets %d\n", num_triplet);
833
834 /* Set command header sizes */
835 triplet_size = num_triplet * sizeof(struct ieee80211_country_ie_triplet);
836 domain->header.len = cpu_to_le16(sizeof(domain->country_code) +
837 triplet_size);
838
839 lbs_deb_hex(LBS_DEB_11D, "802.11D domain param set",
840 (u8 *) &cmd.domain.country_code,
841 le16_to_cpu(domain->header.len));
842
843 cmd.hdr.size = cpu_to_le16(sizeof(cmd.hdr) +
844 sizeof(cmd.action) +
845 sizeof(cmd.domain.header) +
846 sizeof(cmd.domain.country_code) +
847 triplet_size);
848
849 ret = lbs_cmd_with_response(priv, CMD_802_11D_DOMAIN_INFO, &cmd);
850
851 out:
852 lbs_deb_leave_args(LBS_DEB_11D, "ret %d", ret);
853 return ret;
854 }
855
856 /**
857 * lbs_get_reg - Read a MAC, Baseband, or RF register
858 *
859 * @priv: pointer to &struct lbs_private
860 * @reg: register command, one of CMD_MAC_REG_ACCESS,
861 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS
862 * @offset: byte offset of the register to get
863 * @value: on success, the value of the register at 'offset'
864 *
865 * returns: 0 on success, error code on failure
866 */
867 int lbs_get_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 *value)
868 {
869 struct cmd_ds_reg_access cmd;
870 int ret = 0;
871
872 lbs_deb_enter(LBS_DEB_CMD);
873
874 BUG_ON(value == NULL);
875
876 memset(&cmd, 0, sizeof(cmd));
877 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
878 cmd.action = cpu_to_le16(CMD_ACT_GET);
879 cmd.offset = cpu_to_le16(offset);
880
881 if (reg != CMD_MAC_REG_ACCESS &&
882 reg != CMD_BBP_REG_ACCESS &&
883 reg != CMD_RF_REG_ACCESS) {
884 ret = -EINVAL;
885 goto out;
886 }
887
888 ret = lbs_cmd_with_response(priv, reg, &cmd);
889 if (!ret) {
890 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS)
891 *value = cmd.value.bbp_rf;
892 else if (reg == CMD_MAC_REG_ACCESS)
893 *value = le32_to_cpu(cmd.value.mac);
894 }
895
896 out:
897 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
898 return ret;
899 }
900
901 /**
902 * lbs_set_reg - Write a MAC, Baseband, or RF register
903 *
904 * @priv: pointer to &struct lbs_private
905 * @reg: register command, one of CMD_MAC_REG_ACCESS,
906 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS
907 * @offset: byte offset of the register to set
908 * @value: the value to write to the register at 'offset'
909 *
910 * returns: 0 on success, error code on failure
911 */
912 int lbs_set_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 value)
913 {
914 struct cmd_ds_reg_access cmd;
915 int ret = 0;
916
917 lbs_deb_enter(LBS_DEB_CMD);
918
919 memset(&cmd, 0, sizeof(cmd));
920 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
921 cmd.action = cpu_to_le16(CMD_ACT_SET);
922 cmd.offset = cpu_to_le16(offset);
923
924 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS)
925 cmd.value.bbp_rf = (u8) (value & 0xFF);
926 else if (reg == CMD_MAC_REG_ACCESS)
927 cmd.value.mac = cpu_to_le32(value);
928 else {
929 ret = -EINVAL;
930 goto out;
931 }
932
933 ret = lbs_cmd_with_response(priv, reg, &cmd);
934
935 out:
936 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
937 return ret;
938 }
939
940 static void lbs_queue_cmd(struct lbs_private *priv,
941 struct cmd_ctrl_node *cmdnode)
942 {
943 unsigned long flags;
944 int addtail = 1;
945
946 lbs_deb_enter(LBS_DEB_HOST);
947
948 if (!cmdnode) {
949 lbs_deb_host("QUEUE_CMD: cmdnode is NULL\n");
950 goto done;
951 }
952 if (!cmdnode->cmdbuf->size) {
953 lbs_deb_host("DNLD_CMD: cmd size is zero\n");
954 goto done;
955 }
956 cmdnode->result = 0;
957
958 /* Exit_PS command needs to be queued in the header always. */
959 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) {
960 struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf;
961
962 if (psm->action == cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) {
963 if (priv->psstate != PS_STATE_FULL_POWER)
964 addtail = 0;
965 }
966 }
967
968 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_WAKEUP_CONFIRM)
969 addtail = 0;
970
971 spin_lock_irqsave(&priv->driver_lock, flags);
972
973 if (addtail)
974 list_add_tail(&cmdnode->list, &priv->cmdpendingq);
975 else
976 list_add(&cmdnode->list, &priv->cmdpendingq);
977
978 spin_unlock_irqrestore(&priv->driver_lock, flags);
979
980 lbs_deb_host("QUEUE_CMD: inserted command 0x%04x into cmdpendingq\n",
981 le16_to_cpu(cmdnode->cmdbuf->command));
982
983 done:
984 lbs_deb_leave(LBS_DEB_HOST);
985 }
986
987 static void lbs_submit_command(struct lbs_private *priv,
988 struct cmd_ctrl_node *cmdnode)
989 {
990 unsigned long flags;
991 struct cmd_header *cmd;
992 uint16_t cmdsize;
993 uint16_t command;
994 int timeo = 3 * HZ;
995 int ret;
996
997 lbs_deb_enter(LBS_DEB_HOST);
998
999 cmd = cmdnode->cmdbuf;
1000
1001 spin_lock_irqsave(&priv->driver_lock, flags);
1002 priv->seqnum++;
1003 cmd->seqnum = cpu_to_le16(priv->seqnum);
1004 priv->cur_cmd = cmdnode;
1005 spin_unlock_irqrestore(&priv->driver_lock, flags);
1006
1007 cmdsize = le16_to_cpu(cmd->size);
1008 command = le16_to_cpu(cmd->command);
1009
1010 /* These commands take longer */
1011 if (command == CMD_802_11_SCAN || command == CMD_802_11_ASSOCIATE)
1012 timeo = 5 * HZ;
1013
1014 lbs_deb_cmd("DNLD_CMD: command 0x%04x, seq %d, size %d\n",
1015 command, le16_to_cpu(cmd->seqnum), cmdsize);
1016 lbs_deb_hex(LBS_DEB_CMD, "DNLD_CMD", (void *) cmdnode->cmdbuf, cmdsize);
1017
1018 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) cmd, cmdsize);
1019
1020 if (ret) {
1021 netdev_info(priv->dev, "DNLD_CMD: hw_host_to_card failed: %d\n",
1022 ret);
1023 /* Reset dnld state machine, report failure */
1024 priv->dnld_sent = DNLD_RES_RECEIVED;
1025 lbs_complete_command(priv, cmdnode, ret);
1026 }
1027
1028 if (command == CMD_802_11_DEEP_SLEEP) {
1029 if (priv->is_auto_deep_sleep_enabled) {
1030 priv->wakeup_dev_required = 1;
1031 priv->dnld_sent = 0;
1032 }
1033 priv->is_deep_sleep = 1;
1034 lbs_complete_command(priv, cmdnode, 0);
1035 } else {
1036 /* Setup the timer after transmit command */
1037 mod_timer(&priv->command_timer, jiffies + timeo);
1038 }
1039
1040 lbs_deb_leave(LBS_DEB_HOST);
1041 }
1042
1043 /*
1044 * This function inserts command node to cmdfreeq
1045 * after cleans it. Requires priv->driver_lock held.
1046 */
1047 static void __lbs_cleanup_and_insert_cmd(struct lbs_private *priv,
1048 struct cmd_ctrl_node *cmdnode)
1049 {
1050 lbs_deb_enter(LBS_DEB_HOST);
1051
1052 if (!cmdnode)
1053 goto out;
1054
1055 cmdnode->callback = NULL;
1056 cmdnode->callback_arg = 0;
1057
1058 memset(cmdnode->cmdbuf, 0, LBS_CMD_BUFFER_SIZE);
1059
1060 list_add_tail(&cmdnode->list, &priv->cmdfreeq);
1061 out:
1062 lbs_deb_leave(LBS_DEB_HOST);
1063 }
1064
1065 static void lbs_cleanup_and_insert_cmd(struct lbs_private *priv,
1066 struct cmd_ctrl_node *ptempcmd)
1067 {
1068 unsigned long flags;
1069
1070 spin_lock_irqsave(&priv->driver_lock, flags);
1071 __lbs_cleanup_and_insert_cmd(priv, ptempcmd);
1072 spin_unlock_irqrestore(&priv->driver_lock, flags);
1073 }
1074
1075 void __lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd,
1076 int result)
1077 {
1078 /*
1079 * Normally, commands are removed from cmdpendingq before being
1080 * submitted. However, we can arrive here on alternative codepaths
1081 * where the command is still pending. Make sure the command really
1082 * isn't part of a list at this point.
1083 */
1084 list_del_init(&cmd->list);
1085
1086 cmd->result = result;
1087 cmd->cmdwaitqwoken = 1;
1088 wake_up(&cmd->cmdwait_q);
1089
1090 if (!cmd->callback || cmd->callback == lbs_cmd_async_callback)
1091 __lbs_cleanup_and_insert_cmd(priv, cmd);
1092 priv->cur_cmd = NULL;
1093 wake_up(&priv->waitq);
1094 }
1095
1096 void lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd,
1097 int result)
1098 {
1099 unsigned long flags;
1100 spin_lock_irqsave(&priv->driver_lock, flags);
1101 __lbs_complete_command(priv, cmd, result);
1102 spin_unlock_irqrestore(&priv->driver_lock, flags);
1103 }
1104
1105 int lbs_set_radio(struct lbs_private *priv, u8 preamble, u8 radio_on)
1106 {
1107 struct cmd_ds_802_11_radio_control cmd;
1108 int ret = -EINVAL;
1109
1110 lbs_deb_enter(LBS_DEB_CMD);
1111
1112 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1113 cmd.action = cpu_to_le16(CMD_ACT_SET);
1114 cmd.control = 0;
1115
1116 /* Only v8 and below support setting the preamble */
1117 if (priv->fwrelease < 0x09000000) {
1118 switch (preamble) {
1119 case RADIO_PREAMBLE_SHORT:
1120 case RADIO_PREAMBLE_AUTO:
1121 case RADIO_PREAMBLE_LONG:
1122 cmd.control = cpu_to_le16(preamble);
1123 break;
1124 default:
1125 goto out;
1126 }
1127 }
1128
1129 if (radio_on)
1130 cmd.control |= cpu_to_le16(0x1);
1131 else {
1132 cmd.control &= cpu_to_le16(~0x1);
1133 priv->txpower_cur = 0;
1134 }
1135
1136 lbs_deb_cmd("RADIO_CONTROL: radio %s, preamble %d\n",
1137 radio_on ? "ON" : "OFF", preamble);
1138
1139 priv->radio_on = radio_on;
1140
1141 ret = lbs_cmd_with_response(priv, CMD_802_11_RADIO_CONTROL, &cmd);
1142
1143 out:
1144 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
1145 return ret;
1146 }
1147
1148 void lbs_set_mac_control(struct lbs_private *priv)
1149 {
1150 struct cmd_ds_mac_control cmd;
1151
1152 lbs_deb_enter(LBS_DEB_CMD);
1153
1154 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1155 cmd.action = cpu_to_le16(priv->mac_control);
1156 cmd.reserved = 0;
1157
1158 lbs_cmd_async(priv, CMD_MAC_CONTROL, &cmd.hdr, sizeof(cmd));
1159
1160 lbs_deb_leave(LBS_DEB_CMD);
1161 }
1162
1163 int lbs_set_mac_control_sync(struct lbs_private *priv)
1164 {
1165 struct cmd_ds_mac_control cmd;
1166 int ret = 0;
1167
1168 lbs_deb_enter(LBS_DEB_CMD);
1169
1170 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1171 cmd.action = cpu_to_le16(priv->mac_control);
1172 cmd.reserved = 0;
1173 ret = lbs_cmd_with_response(priv, CMD_MAC_CONTROL, &cmd);
1174
1175 lbs_deb_leave(LBS_DEB_CMD);
1176 return ret;
1177 }
1178
1179 /**
1180 * lbs_allocate_cmd_buffer - allocates the command buffer and links
1181 * it to command free queue
1182 *
1183 * @priv: A pointer to &struct lbs_private structure
1184 *
1185 * returns: 0 for success or -1 on error
1186 */
1187 int lbs_allocate_cmd_buffer(struct lbs_private *priv)
1188 {
1189 int ret = 0;
1190 u32 bufsize;
1191 u32 i;
1192 struct cmd_ctrl_node *cmdarray;
1193
1194 lbs_deb_enter(LBS_DEB_HOST);
1195
1196 /* Allocate and initialize the command array */
1197 bufsize = sizeof(struct cmd_ctrl_node) * LBS_NUM_CMD_BUFFERS;
1198 if (!(cmdarray = kzalloc(bufsize, GFP_KERNEL))) {
1199 lbs_deb_host("ALLOC_CMD_BUF: tempcmd_array is NULL\n");
1200 ret = -1;
1201 goto done;
1202 }
1203 priv->cmd_array = cmdarray;
1204
1205 /* Allocate and initialize each command buffer in the command array */
1206 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) {
1207 cmdarray[i].cmdbuf = kzalloc(LBS_CMD_BUFFER_SIZE, GFP_KERNEL);
1208 if (!cmdarray[i].cmdbuf) {
1209 lbs_deb_host("ALLOC_CMD_BUF: ptempvirtualaddr is NULL\n");
1210 ret = -1;
1211 goto done;
1212 }
1213 }
1214
1215 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) {
1216 init_waitqueue_head(&cmdarray[i].cmdwait_q);
1217 lbs_cleanup_and_insert_cmd(priv, &cmdarray[i]);
1218 }
1219 ret = 0;
1220
1221 done:
1222 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret);
1223 return ret;
1224 }
1225
1226 /**
1227 * lbs_free_cmd_buffer - free the command buffer
1228 *
1229 * @priv: A pointer to &struct lbs_private structure
1230 *
1231 * returns: 0 for success
1232 */
1233 int lbs_free_cmd_buffer(struct lbs_private *priv)
1234 {
1235 struct cmd_ctrl_node *cmdarray;
1236 unsigned int i;
1237
1238 lbs_deb_enter(LBS_DEB_HOST);
1239
1240 /* need to check if cmd array is allocated or not */
1241 if (priv->cmd_array == NULL) {
1242 lbs_deb_host("FREE_CMD_BUF: cmd_array is NULL\n");
1243 goto done;
1244 }
1245
1246 cmdarray = priv->cmd_array;
1247
1248 /* Release shared memory buffers */
1249 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) {
1250 if (cmdarray[i].cmdbuf) {
1251 kfree(cmdarray[i].cmdbuf);
1252 cmdarray[i].cmdbuf = NULL;
1253 }
1254 }
1255
1256 /* Release cmd_ctrl_node */
1257 if (priv->cmd_array) {
1258 kfree(priv->cmd_array);
1259 priv->cmd_array = NULL;
1260 }
1261
1262 done:
1263 lbs_deb_leave(LBS_DEB_HOST);
1264 return 0;
1265 }
1266
1267 /**
1268 * lbs_get_free_cmd_node - gets a free command node if available in
1269 * command free queue
1270 *
1271 * @priv: A pointer to &struct lbs_private structure
1272 *
1273 * returns: A pointer to &cmd_ctrl_node structure on success
1274 * or %NULL on error
1275 */
1276 static struct cmd_ctrl_node *lbs_get_free_cmd_node(struct lbs_private *priv)
1277 {
1278 struct cmd_ctrl_node *tempnode;
1279 unsigned long flags;
1280
1281 lbs_deb_enter(LBS_DEB_HOST);
1282
1283 if (!priv)
1284 return NULL;
1285
1286 spin_lock_irqsave(&priv->driver_lock, flags);
1287
1288 if (!list_empty(&priv->cmdfreeq)) {
1289 tempnode = list_first_entry(&priv->cmdfreeq,
1290 struct cmd_ctrl_node, list);
1291 list_del_init(&tempnode->list);
1292 } else {
1293 lbs_deb_host("GET_CMD_NODE: cmd_ctrl_node is not available\n");
1294 tempnode = NULL;
1295 }
1296
1297 spin_unlock_irqrestore(&priv->driver_lock, flags);
1298
1299 lbs_deb_leave(LBS_DEB_HOST);
1300 return tempnode;
1301 }
1302
1303 /**
1304 * lbs_execute_next_command - execute next command in command
1305 * pending queue. Will put firmware back to PS mode if applicable.
1306 *
1307 * @priv: A pointer to &struct lbs_private structure
1308 *
1309 * returns: 0 on success or -1 on error
1310 */
1311 int lbs_execute_next_command(struct lbs_private *priv)
1312 {
1313 struct cmd_ctrl_node *cmdnode = NULL;
1314 struct cmd_header *cmd;
1315 unsigned long flags;
1316 int ret = 0;
1317
1318 /* Debug group is LBS_DEB_THREAD and not LBS_DEB_HOST, because the
1319 * only caller to us is lbs_thread() and we get even when a
1320 * data packet is received */
1321 lbs_deb_enter(LBS_DEB_THREAD);
1322
1323 spin_lock_irqsave(&priv->driver_lock, flags);
1324
1325 if (priv->cur_cmd) {
1326 netdev_alert(priv->dev,
1327 "EXEC_NEXT_CMD: already processing command!\n");
1328 spin_unlock_irqrestore(&priv->driver_lock, flags);
1329 ret = -1;
1330 goto done;
1331 }
1332
1333 if (!list_empty(&priv->cmdpendingq)) {
1334 cmdnode = list_first_entry(&priv->cmdpendingq,
1335 struct cmd_ctrl_node, list);
1336 }
1337
1338 spin_unlock_irqrestore(&priv->driver_lock, flags);
1339
1340 if (cmdnode) {
1341 cmd = cmdnode->cmdbuf;
1342
1343 if (is_command_allowed_in_ps(le16_to_cpu(cmd->command))) {
1344 if ((priv->psstate == PS_STATE_SLEEP) ||
1345 (priv->psstate == PS_STATE_PRE_SLEEP)) {
1346 lbs_deb_host(
1347 "EXEC_NEXT_CMD: cannot send cmd 0x%04x in psstate %d\n",
1348 le16_to_cpu(cmd->command),
1349 priv->psstate);
1350 ret = -1;
1351 goto done;
1352 }
1353 lbs_deb_host("EXEC_NEXT_CMD: OK to send command "
1354 "0x%04x in psstate %d\n",
1355 le16_to_cpu(cmd->command), priv->psstate);
1356 } else if (priv->psstate != PS_STATE_FULL_POWER) {
1357 /*
1358 * 1. Non-PS command:
1359 * Queue it. set needtowakeup to TRUE if current state
1360 * is SLEEP, otherwise call send EXIT_PS.
1361 * 2. PS command but not EXIT_PS:
1362 * Ignore it.
1363 * 3. PS command EXIT_PS:
1364 * Set needtowakeup to TRUE if current state is SLEEP,
1365 * otherwise send this command down to firmware
1366 * immediately.
1367 */
1368 if (cmd->command != cpu_to_le16(CMD_802_11_PS_MODE)) {
1369 /* Prepare to send Exit PS,
1370 * this non PS command will be sent later */
1371 if ((priv->psstate == PS_STATE_SLEEP)
1372 || (priv->psstate == PS_STATE_PRE_SLEEP)
1373 ) {
1374 /* w/ new scheme, it will not reach here.
1375 since it is blocked in main_thread. */
1376 priv->needtowakeup = 1;
1377 } else {
1378 lbs_set_ps_mode(priv,
1379 PS_MODE_ACTION_EXIT_PS,
1380 false);
1381 }
1382
1383 ret = 0;
1384 goto done;
1385 } else {
1386 /*
1387 * PS command. Ignore it if it is not Exit_PS.
1388 * otherwise send it down immediately.
1389 */
1390 struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1];
1391
1392 lbs_deb_host(
1393 "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n",
1394 psm->action);
1395 if (psm->action !=
1396 cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) {
1397 lbs_deb_host(
1398 "EXEC_NEXT_CMD: ignore ENTER_PS cmd\n");
1399 lbs_complete_command(priv, cmdnode, 0);
1400
1401 ret = 0;
1402 goto done;
1403 }
1404
1405 if ((priv->psstate == PS_STATE_SLEEP) ||
1406 (priv->psstate == PS_STATE_PRE_SLEEP)) {
1407 lbs_deb_host(
1408 "EXEC_NEXT_CMD: ignore EXIT_PS cmd in sleep\n");
1409 lbs_complete_command(priv, cmdnode, 0);
1410 priv->needtowakeup = 1;
1411
1412 ret = 0;
1413 goto done;
1414 }
1415
1416 lbs_deb_host(
1417 "EXEC_NEXT_CMD: sending EXIT_PS\n");
1418 }
1419 }
1420 spin_lock_irqsave(&priv->driver_lock, flags);
1421 list_del_init(&cmdnode->list);
1422 spin_unlock_irqrestore(&priv->driver_lock, flags);
1423 lbs_deb_host("EXEC_NEXT_CMD: sending command 0x%04x\n",
1424 le16_to_cpu(cmd->command));
1425 lbs_submit_command(priv, cmdnode);
1426 } else {
1427 /*
1428 * check if in power save mode, if yes, put the device back
1429 * to PS mode
1430 */
1431 #ifdef TODO
1432 /*
1433 * This was the old code for libertas+wext. Someone that
1434 * understands this beast should re-code it in a sane way.
1435 *
1436 * I actually don't understand why this is related to WPA
1437 * and to connection status, shouldn't powering should be
1438 * independ of such things?
1439 */
1440 if ((priv->psmode != LBS802_11POWERMODECAM) &&
1441 (priv->psstate == PS_STATE_FULL_POWER) &&
1442 ((priv->connect_status == LBS_CONNECTED) ||
1443 lbs_mesh_connected(priv))) {
1444 if (priv->secinfo.WPAenabled ||
1445 priv->secinfo.WPA2enabled) {
1446 /* check for valid WPA group keys */
1447 if (priv->wpa_mcast_key.len ||
1448 priv->wpa_unicast_key.len) {
1449 lbs_deb_host(
1450 "EXEC_NEXT_CMD: WPA enabled and GTK_SET"
1451 " go back to PS_SLEEP");
1452 lbs_set_ps_mode(priv,
1453 PS_MODE_ACTION_ENTER_PS,
1454 false);
1455 }
1456 } else {
1457 lbs_deb_host(
1458 "EXEC_NEXT_CMD: cmdpendingq empty, "
1459 "go back to PS_SLEEP");
1460 lbs_set_ps_mode(priv, PS_MODE_ACTION_ENTER_PS,
1461 false);
1462 }
1463 }
1464 #endif
1465 }
1466
1467 ret = 0;
1468 done:
1469 lbs_deb_leave(LBS_DEB_THREAD);
1470 return ret;
1471 }
1472
1473 static void lbs_send_confirmsleep(struct lbs_private *priv)
1474 {
1475 unsigned long flags;
1476 int ret;
1477
1478 lbs_deb_enter(LBS_DEB_HOST);
1479 lbs_deb_hex(LBS_DEB_HOST, "sleep confirm", (u8 *) &confirm_sleep,
1480 sizeof(confirm_sleep));
1481
1482 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) &confirm_sleep,
1483 sizeof(confirm_sleep));
1484 if (ret) {
1485 netdev_alert(priv->dev, "confirm_sleep failed\n");
1486 goto out;
1487 }
1488
1489 spin_lock_irqsave(&priv->driver_lock, flags);
1490
1491 /* We don't get a response on the sleep-confirmation */
1492 priv->dnld_sent = DNLD_RES_RECEIVED;
1493
1494 if (priv->is_host_sleep_configured) {
1495 priv->is_host_sleep_activated = 1;
1496 wake_up_interruptible(&priv->host_sleep_q);
1497 }
1498
1499 /* If nothing to do, go back to sleep (?) */
1500 if (!kfifo_len(&priv->event_fifo) && !priv->resp_len[priv->resp_idx])
1501 priv->psstate = PS_STATE_SLEEP;
1502
1503 spin_unlock_irqrestore(&priv->driver_lock, flags);
1504
1505 out:
1506 lbs_deb_leave(LBS_DEB_HOST);
1507 }
1508
1509 /**
1510 * lbs_ps_confirm_sleep - checks condition and prepares to
1511 * send sleep confirm command to firmware if ok
1512 *
1513 * @priv: A pointer to &struct lbs_private structure
1514 *
1515 * returns: n/a
1516 */
1517 void lbs_ps_confirm_sleep(struct lbs_private *priv)
1518 {
1519 unsigned long flags =0;
1520 int allowed = 1;
1521
1522 lbs_deb_enter(LBS_DEB_HOST);
1523
1524 spin_lock_irqsave(&priv->driver_lock, flags);
1525 if (priv->dnld_sent) {
1526 allowed = 0;
1527 lbs_deb_host("dnld_sent was set\n");
1528 }
1529
1530 /* In-progress command? */
1531 if (priv->cur_cmd) {
1532 allowed = 0;
1533 lbs_deb_host("cur_cmd was set\n");
1534 }
1535
1536 /* Pending events or command responses? */
1537 if (kfifo_len(&priv->event_fifo) || priv->resp_len[priv->resp_idx]) {
1538 allowed = 0;
1539 lbs_deb_host("pending events or command responses\n");
1540 }
1541 spin_unlock_irqrestore(&priv->driver_lock, flags);
1542
1543 if (allowed) {
1544 lbs_deb_host("sending lbs_ps_confirm_sleep\n");
1545 lbs_send_confirmsleep(priv);
1546 } else {
1547 lbs_deb_host("sleep confirm has been delayed\n");
1548 }
1549
1550 lbs_deb_leave(LBS_DEB_HOST);
1551 }
1552
1553
1554 /**
1555 * lbs_set_tpc_cfg - Configures the transmission power control functionality
1556 *
1557 * @priv: A pointer to &struct lbs_private structure
1558 * @enable: Transmission power control enable
1559 * @p0: Power level when link quality is good (dBm).
1560 * @p1: Power level when link quality is fair (dBm).
1561 * @p2: Power level when link quality is poor (dBm).
1562 * @usesnr: Use Signal to Noise Ratio in TPC
1563 *
1564 * returns: 0 on success
1565 */
1566 int lbs_set_tpc_cfg(struct lbs_private *priv, int enable, int8_t p0, int8_t p1,
1567 int8_t p2, int usesnr)
1568 {
1569 struct cmd_ds_802_11_tpc_cfg cmd;
1570 int ret;
1571
1572 memset(&cmd, 0, sizeof(cmd));
1573 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1574 cmd.action = cpu_to_le16(CMD_ACT_SET);
1575 cmd.enable = !!enable;
1576 cmd.usesnr = !!usesnr;
1577 cmd.P0 = p0;
1578 cmd.P1 = p1;
1579 cmd.P2 = p2;
1580
1581 ret = lbs_cmd_with_response(priv, CMD_802_11_TPC_CFG, &cmd);
1582
1583 return ret;
1584 }
1585
1586 /**
1587 * lbs_set_power_adapt_cfg - Configures the power adaptation settings
1588 *
1589 * @priv: A pointer to &struct lbs_private structure
1590 * @enable: Power adaptation enable
1591 * @p0: Power level for 1, 2, 5.5 and 11 Mbps (dBm).
1592 * @p1: Power level for 6, 9, 12, 18, 22, 24 and 36 Mbps (dBm).
1593 * @p2: Power level for 48 and 54 Mbps (dBm).
1594 *
1595 * returns: 0 on Success
1596 */
1597
1598 int lbs_set_power_adapt_cfg(struct lbs_private *priv, int enable, int8_t p0,
1599 int8_t p1, int8_t p2)
1600 {
1601 struct cmd_ds_802_11_pa_cfg cmd;
1602 int ret;
1603
1604 memset(&cmd, 0, sizeof(cmd));
1605 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1606 cmd.action = cpu_to_le16(CMD_ACT_SET);
1607 cmd.enable = !!enable;
1608 cmd.P0 = p0;
1609 cmd.P1 = p1;
1610 cmd.P2 = p2;
1611
1612 ret = lbs_cmd_with_response(priv, CMD_802_11_PA_CFG , &cmd);
1613
1614 return ret;
1615 }
1616
1617
1618 struct cmd_ctrl_node *__lbs_cmd_async(struct lbs_private *priv,
1619 uint16_t command, struct cmd_header *in_cmd, int in_cmd_size,
1620 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *),
1621 unsigned long callback_arg)
1622 {
1623 struct cmd_ctrl_node *cmdnode;
1624
1625 lbs_deb_enter(LBS_DEB_HOST);
1626
1627 if (priv->surpriseremoved) {
1628 lbs_deb_host("PREP_CMD: card removed\n");
1629 cmdnode = ERR_PTR(-ENOENT);
1630 goto done;
1631 }
1632
1633 /* No commands are allowed in Deep Sleep until we toggle the GPIO
1634 * to wake up the card and it has signaled that it's ready.
1635 */
1636 if (!priv->is_auto_deep_sleep_enabled) {
1637 if (priv->is_deep_sleep) {
1638 lbs_deb_cmd("command not allowed in deep sleep\n");
1639 cmdnode = ERR_PTR(-EBUSY);
1640 goto done;
1641 }
1642 }
1643
1644 cmdnode = lbs_get_free_cmd_node(priv);
1645 if (cmdnode == NULL) {
1646 lbs_deb_host("PREP_CMD: cmdnode is NULL\n");
1647
1648 /* Wake up main thread to execute next command */
1649 wake_up(&priv->waitq);
1650 cmdnode = ERR_PTR(-ENOBUFS);
1651 goto done;
1652 }
1653
1654 cmdnode->callback = callback;
1655 cmdnode->callback_arg = callback_arg;
1656
1657 /* Copy the incoming command to the buffer */
1658 memcpy(cmdnode->cmdbuf, in_cmd, in_cmd_size);
1659
1660 /* Set command, clean result, move to buffer */
1661 cmdnode->cmdbuf->command = cpu_to_le16(command);
1662 cmdnode->cmdbuf->size = cpu_to_le16(in_cmd_size);
1663 cmdnode->cmdbuf->result = 0;
1664
1665 lbs_deb_host("PREP_CMD: command 0x%04x\n", command);
1666
1667 cmdnode->cmdwaitqwoken = 0;
1668 lbs_queue_cmd(priv, cmdnode);
1669 wake_up(&priv->waitq);
1670
1671 done:
1672 lbs_deb_leave_args(LBS_DEB_HOST, "ret %p", cmdnode);
1673 return cmdnode;
1674 }
1675
1676 void lbs_cmd_async(struct lbs_private *priv, uint16_t command,
1677 struct cmd_header *in_cmd, int in_cmd_size)
1678 {
1679 lbs_deb_enter(LBS_DEB_CMD);
1680 __lbs_cmd_async(priv, command, in_cmd, in_cmd_size,
1681 lbs_cmd_async_callback, 0);
1682 lbs_deb_leave(LBS_DEB_CMD);
1683 }
1684
1685 int __lbs_cmd(struct lbs_private *priv, uint16_t command,
1686 struct cmd_header *in_cmd, int in_cmd_size,
1687 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *),
1688 unsigned long callback_arg)
1689 {
1690 struct cmd_ctrl_node *cmdnode;
1691 unsigned long flags;
1692 int ret = 0;
1693
1694 lbs_deb_enter(LBS_DEB_HOST);
1695
1696 cmdnode = __lbs_cmd_async(priv, command, in_cmd, in_cmd_size,
1697 callback, callback_arg);
1698 if (IS_ERR(cmdnode)) {
1699 ret = PTR_ERR(cmdnode);
1700 goto done;
1701 }
1702
1703 might_sleep();
1704
1705 /*
1706 * Be careful with signals here. A signal may be received as the system
1707 * goes into suspend or resume. We do not want this to interrupt the
1708 * command, so we perform an uninterruptible sleep.
1709 */
1710 wait_event(cmdnode->cmdwait_q, cmdnode->cmdwaitqwoken);
1711
1712 spin_lock_irqsave(&priv->driver_lock, flags);
1713 ret = cmdnode->result;
1714 if (ret)
1715 netdev_info(priv->dev, "PREP_CMD: command 0x%04x failed: %d\n",
1716 command, ret);
1717
1718 __lbs_cleanup_and_insert_cmd(priv, cmdnode);
1719 spin_unlock_irqrestore(&priv->driver_lock, flags);
1720
1721 done:
1722 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret);
1723 return ret;
1724 }
1725 EXPORT_SYMBOL_GPL(__lbs_cmd); 1
2 #include <linux/kernel.h>
3 #include <linux/mutex.h>
4 #include <linux/spinlock.h>
5 #include <linux/errno.h>
6 #include <verifier/rcv.h>
7 #include <linux/list.h>
8
9 /* mutexes */
10 extern int mutex_lock_interruptible(struct mutex *lock);
11 extern int mutex_lock_killable(struct mutex *lock);
12 extern void mutex_lock(struct mutex *lock);
13
14 /* mutex model functions */
15 extern void ldv_mutex_lock(struct mutex *lock, char *sign);
16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign);
17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign);
18
19
20 /* Spin locks */
21 extern void __ldv_spin_lock(spinlock_t *lock);
22 extern void __ldv_spin_unlock(spinlock_t *lock);
23 extern int __ldv_spin_trylock(spinlock_t *lock);
24 extern void __ldv_spin_unlock_wait(spinlock_t *lock);
25 extern void __ldv_spin_can_lock(spinlock_t *lock);
26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock);
27
28 /* spin model functions */
29 extern void ldv_spin_lock(spinlock_t *lock, char *sign);
30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign);
31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign);
32
33 /* Support for list binder functions */
34 static inline struct list_head *ldv_list_get_first(struct list_head *head) {
35 return head->next;
36 }
37
38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) {
39 return pos==head;
40 }
41
42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) {
43 return pos->next;
44 }
45
46 #include <linux/mutex.h>
47 #include <linux/slab.h>
48 #include <verifier/rcv.h>
49 #include <linux/timer.h>
50 #include <linux/rtnetlink.h>
51 #include <linux/gfp.h>
52 extern int ldv_state_variable_8;
53 extern int ldv_state_variable_15;
54 extern int ldv_timer_1_3;
55 extern struct timer_list * ldv_timer_list_2_0;
56 extern int ldv_timer_2_1;
57 extern int ldv_state_variable_0;
58 extern int ldv_state_variable_5;
59 extern int ldv_state_variable_13;
60 extern int ldv_state_variable_12;
61 extern struct device_attribute *dev_attr_protocol_id_group1;
62 extern struct timer_list * ldv_timer_list_3_1;
63 extern int ldv_state_variable_14;
64 extern struct device_attribute *dev_attr_capability_group1;
65 extern struct timer_list * ldv_timer_list_3_2;
66 extern int ldv_timer_2_2;
67 extern struct net_device *lbs_ethtool_ops_group0;
68 extern int ldv_timer_3_3;
69 extern int ldv_timer_2_3;
70 extern struct device_attribute *dev_attr_lbs_mesh_group1;
71 extern int ldv_timer_1_0;
72 extern int ldv_state_variable_17;
73 extern struct timer_list * ldv_timer_list_3_3;
74 extern int ldv_state_variable_9;
75 extern int ldv_timer_3_1;
76 extern int ref_cnt;
77 extern int ldv_state_variable_1;
78 extern int ldv_state_variable_7;
79 extern struct device_attribute *dev_attr_metric_id_group1;
80 extern struct net_device *lbs_netdev_ops_group1;
81 extern struct timer_list * ldv_timer_list_1_3;
82 extern struct net_device *lbs_cfg80211_ops_group0;
83 extern int ldv_state_variable_10;
84 extern struct timer_list * ldv_timer_list_1_1;
85 extern struct file *lbs_debug_fops_group2;
86 extern struct timer_list * ldv_timer_list_2_1;
87 extern struct wiphy *lbs_cfg80211_ops_group1;
88 extern struct timer_list * ldv_timer_list_1_0;
89 extern int ldv_state_variable_6;
90 extern int ldv_timer_1_2;
91 extern int ldv_state_variable_16;
92 extern struct device_attribute *dev_attr_channel_group1;
93 extern int ldv_timer_2_0;
94 extern int ldv_timer_1_1;
95 extern int ldv_state_variable_2;
96 extern struct timer_list * ldv_timer_list_1_2;
97 extern struct device_attribute *dev_attr_anycast_mask_group1;
98 extern int ldv_state_variable_11;
99 extern struct device_attribute *dev_attr_bootflag_group1;
100 extern int LDV_IN_INTERRUPT = 1;
101 extern int ldv_state_variable_18;
102 extern struct net_device *mesh_netdev_ops_group1;
103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1;
104 extern struct inode *lbs_debug_fops_group1;
105 extern int ldv_timer_3_2;
106 extern struct mutex fs_mutex;
107 extern int ldv_state_variable_3;
108 extern struct mutex ar_mutex;
109 extern struct timer_list * ldv_timer_list_2_3;
110 extern struct device_attribute *dev_attr_boottime_group1;
111 extern int ldv_timer_3_0;
112 extern struct timer_list * ldv_timer_list_3_0;
113 extern struct device_attribute *dev_attr_mesh_id_group1;
114 extern struct timer_list * ldv_timer_list_2_2;
115 extern int ldv_state_variable_4;
116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1;
117 extern void ldv_initialyze_cfg80211_ops_18(void);
118 extern int evil_hack_15(void);
119 extern void choose_timer_2(void);
120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag);
122 extern void choose_timer_3(void);
123 extern void timer_init_3(void);
124 extern void ldv_net_device_ops_4(void);
125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag);
126 extern void timer_init_2(void);
127 extern void timer_init_1(void);
128 extern void ldv_net_device_ops_15(void);
129 extern void disable_suitable_timer_3(struct timer_list * timer);
130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data);
131 extern int evil_hack_4(void);
132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
133 extern void disable_suitable_timer_2(struct timer_list * timer);
134 extern void disable_suitable_timer_1(struct timer_list * timer);
135 extern int evil_hack_fs_lock(void);
136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data);
137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag);
138 extern int __VERIFIER_nondet_int(void);
139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
140 extern void ldv_file_operations_17(void);
141 extern void ldv_initialyze_ethtool_ops_16(void);
142 extern void choose_timer_1(void);
143 extern void ldv_timer_1(int state, struct timer_list * timer);
144 extern int evil_hack_ar_lock(void);
145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data);
146 extern void ldv_timer_2(int state, struct timer_list * timer);
147 extern void ldv_timer_3(int state, struct timer_list * timer);
148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cmd.c"
149 /*
150 * This file contains the handling of command.
151 * It prepares command and sends it to firmware when it is ready.
152 */
153
154 #include <linux/hardirq.h>
155 #include <linux/kfifo.h>
156 #include <linux/sched.h>
157 #include <linux/slab.h>
158 #include <linux/if_arp.h>
159 #include <linux/export.h>
160
161 #include "decl.h"
162 #include "cfg.h"
163 #include "cmd.h"
164
165 #define CAL_NF(nf) ((s32)(-(s32)(nf)))
166 #define CAL_RSSI(snr, nf) ((s32)((s32)(snr) + CAL_NF(nf)))
167
168 /**
169 * lbs_cmd_copyback - Simple callback that copies response back into command
170 *
171 * @priv: A pointer to &struct lbs_private structure
172 * @extra: A pointer to the original command structure for which
173 * 'resp' is a response
174 * @resp: A pointer to the command response
175 *
176 * returns: 0 on success, error on failure
177 */
178 int lbs_cmd_copyback(struct lbs_private *priv, unsigned long extra,
179 struct cmd_header *resp)
180 {
181 struct cmd_header *buf = (void *)extra;
182 uint16_t copy_len;
183
184 copy_len = min(le16_to_cpu(buf->size), le16_to_cpu(resp->size));
185 memcpy(buf, resp, copy_len);
186 return 0;
187 }
188 EXPORT_SYMBOL_GPL(lbs_cmd_copyback);
189
190 /**
191 * lbs_cmd_async_callback - Simple callback that ignores the result.
192 * Use this if you just want to send a command to the hardware, but don't
193 * care for the result.
194 *
195 * @priv: ignored
196 * @extra: ignored
197 * @resp: ignored
198 *
199 * returns: 0 for success
200 */
201 static int lbs_cmd_async_callback(struct lbs_private *priv, unsigned long extra,
202 struct cmd_header *resp)
203 {
204 return 0;
205 }
206
207
208 /**
209 * is_command_allowed_in_ps - tests if a command is allowed in Power Save mode
210 *
211 * @cmd: the command ID
212 *
213 * returns: 1 if allowed, 0 if not allowed
214 */
215 static u8 is_command_allowed_in_ps(u16 cmd)
216 {
217 switch (cmd) {
218 case CMD_802_11_RSSI:
219 return 1;
220 case CMD_802_11_HOST_SLEEP_CFG:
221 return 1;
222 default:
223 break;
224 }
225 return 0;
226 }
227
228 /**
229 * lbs_update_hw_spec - Updates the hardware details like MAC address
230 * and regulatory region
231 *
232 * @priv: A pointer to &struct lbs_private structure
233 *
234 * returns: 0 on success, error on failure
235 */
236 int lbs_update_hw_spec(struct lbs_private *priv)
237 {
238 struct cmd_ds_get_hw_spec cmd;
239 int ret = -1;
240 u32 i;
241
242 lbs_deb_enter(LBS_DEB_CMD);
243
244 memset(&cmd, 0, sizeof(cmd));
245 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
246 memcpy(cmd.permanentaddr, priv->current_addr, ETH_ALEN);
247 ret = lbs_cmd_with_response(priv, CMD_GET_HW_SPEC, &cmd);
248 if (ret)
249 goto out;
250
251 priv->fwcapinfo = le32_to_cpu(cmd.fwcapinfo);
252
253 /* The firmware release is in an interesting format: the patch
254 * level is in the most significant nibble ... so fix that: */
255 priv->fwrelease = le32_to_cpu(cmd.fwrelease);
256 priv->fwrelease = (priv->fwrelease << 8) |
257 (priv->fwrelease >> 24 & 0xff);
258
259 /* Some firmware capabilities:
260 * CF card firmware 5.0.16p0: cap 0x00000303
261 * USB dongle firmware 5.110.17p2: cap 0x00000303
262 */
263 netdev_info(priv->dev, "%pM, fw %u.%u.%up%u, cap 0x%08x\n",
264 cmd.permanentaddr,
265 priv->fwrelease >> 24 & 0xff,
266 priv->fwrelease >> 16 & 0xff,
267 priv->fwrelease >> 8 & 0xff,
268 priv->fwrelease & 0xff,
269 priv->fwcapinfo);
270 lbs_deb_cmd("GET_HW_SPEC: hardware interface 0x%x, hardware spec 0x%04x\n",
271 cmd.hwifversion, cmd.version);
272
273 /* Clamp region code to 8-bit since FW spec indicates that it should
274 * only ever be 8-bit, even though the field size is 16-bit. Some firmware
275 * returns non-zero high 8 bits here.
276 *
277 * Firmware version 4.0.102 used in CF8381 has region code shifted. We
278 * need to check for this problem and handle it properly.
279 */
280 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V4)
281 priv->regioncode = (le16_to_cpu(cmd.regioncode) >> 8) & 0xFF;
282 else
283 priv->regioncode = le16_to_cpu(cmd.regioncode) & 0xFF;
284
285 for (i = 0; i < MRVDRV_MAX_REGION_CODE; i++) {
286 /* use the region code to search for the index */
287 if (priv->regioncode == lbs_region_code_to_index[i])
288 break;
289 }
290
291 /* if it's unidentified region code, use the default (USA) */
292 if (i >= MRVDRV_MAX_REGION_CODE) {
293 priv->regioncode = 0x10;
294 netdev_info(priv->dev,
295 "unidentified region code; using the default (USA)\n");
296 }
297
298 if (priv->current_addr[0] == 0xff)
299 memmove(priv->current_addr, cmd.permanentaddr, ETH_ALEN);
300
301 if (!priv->copied_hwaddr) {
302 memcpy(priv->dev->dev_addr, priv->current_addr, ETH_ALEN);
303 if (priv->mesh_dev)
304 memcpy(priv->mesh_dev->dev_addr,
305 priv->current_addr, ETH_ALEN);
306 priv->copied_hwaddr = 1;
307 }
308
309 out:
310 lbs_deb_leave(LBS_DEB_CMD);
311 return ret;
312 }
313
314 static int lbs_ret_host_sleep_cfg(struct lbs_private *priv, unsigned long dummy,
315 struct cmd_header *resp)
316 {
317 lbs_deb_enter(LBS_DEB_CMD);
318 if (priv->is_host_sleep_activated) {
319 priv->is_host_sleep_configured = 0;
320 if (priv->psstate == PS_STATE_FULL_POWER) {
321 priv->is_host_sleep_activated = 0;
322 wake_up_interruptible(&priv->host_sleep_q);
323 }
324 } else {
325 priv->is_host_sleep_configured = 1;
326 }
327 lbs_deb_leave(LBS_DEB_CMD);
328 return 0;
329 }
330
331 int lbs_host_sleep_cfg(struct lbs_private *priv, uint32_t criteria,
332 struct wol_config *p_wol_config)
333 {
334 struct cmd_ds_host_sleep cmd_config;
335 int ret;
336
337 /*
338 * Certain firmware versions do not support EHS_REMOVE_WAKEUP command
339 * and the card will return a failure. Since we need to be
340 * able to reset the mask, in those cases we set a 0 mask instead.
341 */
342 if (criteria == EHS_REMOVE_WAKEUP && !priv->ehs_remove_supported)
343 criteria = 0;
344
345 cmd_config.hdr.size = cpu_to_le16(sizeof(cmd_config));
346 cmd_config.criteria = cpu_to_le32(criteria);
347 cmd_config.gpio = priv->wol_gpio;
348 cmd_config.gap = priv->wol_gap;
349
350 if (p_wol_config != NULL)
351 memcpy((uint8_t *)&cmd_config.wol_conf, (uint8_t *)p_wol_config,
352 sizeof(struct wol_config));
353 else
354 cmd_config.wol_conf.action = CMD_ACT_ACTION_NONE;
355
356 ret = __lbs_cmd(priv, CMD_802_11_HOST_SLEEP_CFG, &cmd_config.hdr,
357 le16_to_cpu(cmd_config.hdr.size),
358 lbs_ret_host_sleep_cfg, 0);
359 if (!ret) {
360 if (p_wol_config)
361 memcpy((uint8_t *) p_wol_config,
362 (uint8_t *)&cmd_config.wol_conf,
363 sizeof(struct wol_config));
364 } else {
365 netdev_info(priv->dev, "HOST_SLEEP_CFG failed %d\n", ret);
366 }
367
368 return ret;
369 }
370 EXPORT_SYMBOL_GPL(lbs_host_sleep_cfg);
371
372 /**
373 * lbs_set_ps_mode - Sets the Power Save mode
374 *
375 * @priv: A pointer to &struct lbs_private structure
376 * @cmd_action: The Power Save operation (PS_MODE_ACTION_ENTER_PS or
377 * PS_MODE_ACTION_EXIT_PS)
378 * @block: Whether to block on a response or not
379 *
380 * returns: 0 on success, error on failure
381 */
382 int lbs_set_ps_mode(struct lbs_private *priv, u16 cmd_action, bool block)
383 {
384 struct cmd_ds_802_11_ps_mode cmd;
385 int ret = 0;
386
387 lbs_deb_enter(LBS_DEB_CMD);
388
389 memset(&cmd, 0, sizeof(cmd));
390 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
391 cmd.action = cpu_to_le16(cmd_action);
392
393 if (cmd_action == PS_MODE_ACTION_ENTER_PS) {
394 lbs_deb_cmd("PS_MODE: action ENTER_PS\n");
395 cmd.multipledtim = cpu_to_le16(1); /* Default DTIM multiple */
396 } else if (cmd_action == PS_MODE_ACTION_EXIT_PS) {
397 lbs_deb_cmd("PS_MODE: action EXIT_PS\n");
398 } else {
399 /* We don't handle CONFIRM_SLEEP here because it needs to
400 * be fastpathed to the firmware.
401 */
402 lbs_deb_cmd("PS_MODE: unknown action 0x%X\n", cmd_action);
403 ret = -EOPNOTSUPP;
404 goto out;
405 }
406
407 if (block)
408 ret = lbs_cmd_with_response(priv, CMD_802_11_PS_MODE, &cmd);
409 else
410 lbs_cmd_async(priv, CMD_802_11_PS_MODE, &cmd.hdr, sizeof (cmd));
411
412 out:
413 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
414 return ret;
415 }
416
417 int lbs_cmd_802_11_sleep_params(struct lbs_private *priv, uint16_t cmd_action,
418 struct sleep_params *sp)
419 {
420 struct cmd_ds_802_11_sleep_params cmd;
421 int ret;
422
423 lbs_deb_enter(LBS_DEB_CMD);
424
425 if (cmd_action == CMD_ACT_GET) {
426 memset(&cmd, 0, sizeof(cmd));
427 } else {
428 cmd.error = cpu_to_le16(sp->sp_error);
429 cmd.offset = cpu_to_le16(sp->sp_offset);
430 cmd.stabletime = cpu_to_le16(sp->sp_stabletime);
431 cmd.calcontrol = sp->sp_calcontrol;
432 cmd.externalsleepclk = sp->sp_extsleepclk;
433 cmd.reserved = cpu_to_le16(sp->sp_reserved);
434 }
435 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
436 cmd.action = cpu_to_le16(cmd_action);
437
438 ret = lbs_cmd_with_response(priv, CMD_802_11_SLEEP_PARAMS, &cmd);
439
440 if (!ret) {
441 lbs_deb_cmd("error 0x%x, offset 0x%x, stabletime 0x%x, "
442 "calcontrol 0x%x extsleepclk 0x%x\n",
443 le16_to_cpu(cmd.error), le16_to_cpu(cmd.offset),
444 le16_to_cpu(cmd.stabletime), cmd.calcontrol,
445 cmd.externalsleepclk);
446
447 sp->sp_error = le16_to_cpu(cmd.error);
448 sp->sp_offset = le16_to_cpu(cmd.offset);
449 sp->sp_stabletime = le16_to_cpu(cmd.stabletime);
450 sp->sp_calcontrol = cmd.calcontrol;
451 sp->sp_extsleepclk = cmd.externalsleepclk;
452 sp->sp_reserved = le16_to_cpu(cmd.reserved);
453 }
454
455 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
456 return 0;
457 }
458
459 static int lbs_wait_for_ds_awake(struct lbs_private *priv)
460 {
461 int ret = 0;
462
463 lbs_deb_enter(LBS_DEB_CMD);
464
465 if (priv->is_deep_sleep) {
466 if (!wait_event_interruptible_timeout(priv->ds_awake_q,
467 !priv->is_deep_sleep, (10 * HZ))) {
468 netdev_err(priv->dev, "ds_awake_q: timer expired\n");
469 ret = -1;
470 }
471 }
472
473 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
474 return ret;
475 }
476
477 int lbs_set_deep_sleep(struct lbs_private *priv, int deep_sleep)
478 {
479 int ret = 0;
480
481 lbs_deb_enter(LBS_DEB_CMD);
482
483 if (deep_sleep) {
484 if (priv->is_deep_sleep != 1) {
485 lbs_deb_cmd("deep sleep: sleep\n");
486 BUG_ON(!priv->enter_deep_sleep);
487 ret = priv->enter_deep_sleep(priv);
488 if (!ret) {
489 netif_stop_queue(priv->dev);
490 netif_carrier_off(priv->dev);
491 }
492 } else {
493 netdev_err(priv->dev, "deep sleep: already enabled\n");
494 }
495 } else {
496 if (priv->is_deep_sleep) {
497 lbs_deb_cmd("deep sleep: wakeup\n");
498 BUG_ON(!priv->exit_deep_sleep);
499 ret = priv->exit_deep_sleep(priv);
500 if (!ret) {
501 ret = lbs_wait_for_ds_awake(priv);
502 if (ret)
503 netdev_err(priv->dev,
504 "deep sleep: wakeup failed\n");
505 }
506 }
507 }
508
509 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
510 return ret;
511 }
512
513 static int lbs_ret_host_sleep_activate(struct lbs_private *priv,
514 unsigned long dummy,
515 struct cmd_header *cmd)
516 {
517 lbs_deb_enter(LBS_DEB_FW);
518 priv->is_host_sleep_activated = 1;
519 wake_up_interruptible(&priv->host_sleep_q);
520 lbs_deb_leave(LBS_DEB_FW);
521 return 0;
522 }
523
524 int lbs_set_host_sleep(struct lbs_private *priv, int host_sleep)
525 {
526 struct cmd_header cmd;
527 int ret = 0;
528 uint32_t criteria = EHS_REMOVE_WAKEUP;
529
530 lbs_deb_enter(LBS_DEB_CMD);
531
532 if (host_sleep) {
533 if (priv->is_host_sleep_activated != 1) {
534 memset(&cmd, 0, sizeof(cmd));
535 ret = lbs_host_sleep_cfg(priv, priv->wol_criteria,
536 (struct wol_config *)NULL);
537 if (ret) {
538 netdev_info(priv->dev,
539 "Host sleep configuration failed: %d\n",
540 ret);
541 return ret;
542 }
543 if (priv->psstate == PS_STATE_FULL_POWER) {
544 ret = __lbs_cmd(priv,
545 CMD_802_11_HOST_SLEEP_ACTIVATE,
546 &cmd,
547 sizeof(cmd),
548 lbs_ret_host_sleep_activate, 0);
549 if (ret)
550 netdev_info(priv->dev,
551 "HOST_SLEEP_ACTIVATE failed: %d\n",
552 ret);
553 }
554
555 if (!wait_event_interruptible_timeout(
556 priv->host_sleep_q,
557 priv->is_host_sleep_activated,
558 (10 * HZ))) {
559 netdev_err(priv->dev,
560 "host_sleep_q: timer expired\n");
561 ret = -1;
562 }
563 } else {
564 netdev_err(priv->dev, "host sleep: already enabled\n");
565 }
566 } else {
567 if (priv->is_host_sleep_activated)
568 ret = lbs_host_sleep_cfg(priv, criteria,
569 (struct wol_config *)NULL);
570 }
571
572 return ret;
573 }
574
575 /**
576 * lbs_set_snmp_mib - Set an SNMP MIB value
577 *
578 * @priv: A pointer to &struct lbs_private structure
579 * @oid: The OID to set in the firmware
580 * @val: Value to set the OID to
581 *
582 * returns: 0 on success, error on failure
583 */
584 int lbs_set_snmp_mib(struct lbs_private *priv, u32 oid, u16 val)
585 {
586 struct cmd_ds_802_11_snmp_mib cmd;
587 int ret;
588
589 lbs_deb_enter(LBS_DEB_CMD);
590
591 memset(&cmd, 0, sizeof (cmd));
592 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
593 cmd.action = cpu_to_le16(CMD_ACT_SET);
594 cmd.oid = cpu_to_le16((u16) oid);
595
596 switch (oid) {
597 case SNMP_MIB_OID_BSS_TYPE:
598 cmd.bufsize = cpu_to_le16(sizeof(u8));
599 cmd.value[0] = val;
600 break;
601 case SNMP_MIB_OID_11D_ENABLE:
602 case SNMP_MIB_OID_FRAG_THRESHOLD:
603 case SNMP_MIB_OID_RTS_THRESHOLD:
604 case SNMP_MIB_OID_SHORT_RETRY_LIMIT:
605 case SNMP_MIB_OID_LONG_RETRY_LIMIT:
606 cmd.bufsize = cpu_to_le16(sizeof(u16));
607 *((__le16 *)(&cmd.value)) = cpu_to_le16(val);
608 break;
609 default:
610 lbs_deb_cmd("SNMP_CMD: (set) unhandled OID 0x%x\n", oid);
611 ret = -EINVAL;
612 goto out;
613 }
614
615 lbs_deb_cmd("SNMP_CMD: (set) oid 0x%x, oid size 0x%x, value 0x%x\n",
616 le16_to_cpu(cmd.oid), le16_to_cpu(cmd.bufsize), val);
617
618 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd);
619
620 out:
621 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
622 return ret;
623 }
624
625 /**
626 * lbs_get_snmp_mib - Get an SNMP MIB value
627 *
628 * @priv: A pointer to &struct lbs_private structure
629 * @oid: The OID to retrieve from the firmware
630 * @out_val: Location for the returned value
631 *
632 * returns: 0 on success, error on failure
633 */
634 int lbs_get_snmp_mib(struct lbs_private *priv, u32 oid, u16 *out_val)
635 {
636 struct cmd_ds_802_11_snmp_mib cmd;
637 int ret;
638
639 lbs_deb_enter(LBS_DEB_CMD);
640
641 memset(&cmd, 0, sizeof (cmd));
642 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
643 cmd.action = cpu_to_le16(CMD_ACT_GET);
644 cmd.oid = cpu_to_le16(oid);
645
646 ret = lbs_cmd_with_response(priv, CMD_802_11_SNMP_MIB, &cmd);
647 if (ret)
648 goto out;
649
650 switch (le16_to_cpu(cmd.bufsize)) {
651 case sizeof(u8):
652 *out_val = cmd.value[0];
653 break;
654 case sizeof(u16):
655 *out_val = le16_to_cpu(*((__le16 *)(&cmd.value)));
656 break;
657 default:
658 lbs_deb_cmd("SNMP_CMD: (get) unhandled OID 0x%x size %d\n",
659 oid, le16_to_cpu(cmd.bufsize));
660 break;
661 }
662
663 out:
664 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
665 return ret;
666 }
667
668 /**
669 * lbs_get_tx_power - Get the min, max, and current TX power
670 *
671 * @priv: A pointer to &struct lbs_private structure
672 * @curlevel: Current power level in dBm
673 * @minlevel: Minimum supported power level in dBm (optional)
674 * @maxlevel: Maximum supported power level in dBm (optional)
675 *
676 * returns: 0 on success, error on failure
677 */
678 int lbs_get_tx_power(struct lbs_private *priv, s16 *curlevel, s16 *minlevel,
679 s16 *maxlevel)
680 {
681 struct cmd_ds_802_11_rf_tx_power cmd;
682 int ret;
683
684 lbs_deb_enter(LBS_DEB_CMD);
685
686 memset(&cmd, 0, sizeof(cmd));
687 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
688 cmd.action = cpu_to_le16(CMD_ACT_GET);
689
690 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd);
691 if (ret == 0) {
692 *curlevel = le16_to_cpu(cmd.curlevel);
693 if (minlevel)
694 *minlevel = cmd.minlevel;
695 if (maxlevel)
696 *maxlevel = cmd.maxlevel;
697 }
698
699 lbs_deb_leave(LBS_DEB_CMD);
700 return ret;
701 }
702
703 /**
704 * lbs_set_tx_power - Set the TX power
705 *
706 * @priv: A pointer to &struct lbs_private structure
707 * @dbm: The desired power level in dBm
708 *
709 * returns: 0 on success, error on failure
710 */
711 int lbs_set_tx_power(struct lbs_private *priv, s16 dbm)
712 {
713 struct cmd_ds_802_11_rf_tx_power cmd;
714 int ret;
715
716 lbs_deb_enter(LBS_DEB_CMD);
717
718 memset(&cmd, 0, sizeof(cmd));
719 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
720 cmd.action = cpu_to_le16(CMD_ACT_SET);
721 cmd.curlevel = cpu_to_le16(dbm);
722
723 lbs_deb_cmd("SET_RF_TX_POWER: %d dBm\n", dbm);
724
725 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_TX_POWER, &cmd);
726
727 lbs_deb_leave(LBS_DEB_CMD);
728 return ret;
729 }
730
731 /**
732 * lbs_set_monitor_mode - Enable or disable monitor mode
733 * (only implemented on OLPC usb8388 FW)
734 *
735 * @priv: A pointer to &struct lbs_private structure
736 * @enable: 1 to enable monitor mode, 0 to disable
737 *
738 * returns: 0 on success, error on failure
739 */
740 int lbs_set_monitor_mode(struct lbs_private *priv, int enable)
741 {
742 struct cmd_ds_802_11_monitor_mode cmd;
743 int ret;
744
745 memset(&cmd, 0, sizeof(cmd));
746 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
747 cmd.action = cpu_to_le16(CMD_ACT_SET);
748 if (enable)
749 cmd.mode = cpu_to_le16(0x1);
750
751 lbs_deb_cmd("SET_MONITOR_MODE: %d\n", enable);
752
753 ret = lbs_cmd_with_response(priv, CMD_802_11_MONITOR_MODE, &cmd);
754 if (ret == 0) {
755 priv->dev->type = enable ? ARPHRD_IEEE80211_RADIOTAP :
756 ARPHRD_ETHER;
757 }
758
759 lbs_deb_leave(LBS_DEB_CMD);
760 return ret;
761 }
762
763 /**
764 * lbs_get_channel - Get the radio channel
765 *
766 * @priv: A pointer to &struct lbs_private structure
767 *
768 * returns: The channel on success, error on failure
769 */
770 static int lbs_get_channel(struct lbs_private *priv)
771 {
772 struct cmd_ds_802_11_rf_channel cmd;
773 int ret = 0;
774
775 lbs_deb_enter(LBS_DEB_CMD);
776
777 memset(&cmd, 0, sizeof(cmd));
778 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
779 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_GET);
780
781 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd);
782 if (ret)
783 goto out;
784
785 ret = le16_to_cpu(cmd.channel);
786 lbs_deb_cmd("current radio channel is %d\n", ret);
787
788 out:
789 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
790 return ret;
791 }
792
793 int lbs_update_channel(struct lbs_private *priv)
794 {
795 int ret;
796
797 /* the channel in f/w could be out of sync; get the current channel */
798 lbs_deb_enter(LBS_DEB_ASSOC);
799
800 ret = lbs_get_channel(priv);
801 if (ret > 0) {
802 priv->channel = ret;
803 ret = 0;
804 }
805 lbs_deb_leave_args(LBS_DEB_ASSOC, "ret %d", ret);
806 return ret;
807 }
808
809 /**
810 * lbs_set_channel - Set the radio channel
811 *
812 * @priv: A pointer to &struct lbs_private structure
813 * @channel: The desired channel, or 0 to clear a locked channel
814 *
815 * returns: 0 on success, error on failure
816 */
817 int lbs_set_channel(struct lbs_private *priv, u8 channel)
818 {
819 struct cmd_ds_802_11_rf_channel cmd;
820 #ifdef DEBUG
821 u8 old_channel = priv->channel;
822 #endif
823 int ret = 0;
824
825 lbs_deb_enter(LBS_DEB_CMD);
826
827 memset(&cmd, 0, sizeof(cmd));
828 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
829 cmd.action = cpu_to_le16(CMD_OPT_802_11_RF_CHANNEL_SET);
830 cmd.channel = cpu_to_le16(channel);
831
832 ret = lbs_cmd_with_response(priv, CMD_802_11_RF_CHANNEL, &cmd);
833 if (ret)
834 goto out;
835
836 priv->channel = (uint8_t) le16_to_cpu(cmd.channel);
837 lbs_deb_cmd("channel switch from %d to %d\n", old_channel,
838 priv->channel);
839
840 out:
841 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
842 return ret;
843 }
844
845 /**
846 * lbs_get_rssi - Get current RSSI and noise floor
847 *
848 * @priv: A pointer to &struct lbs_private structure
849 * @rssi: On successful return, signal level in mBm
850 * @nf: On successful return, Noise floor
851 *
852 * returns: The channel on success, error on failure
853 */
854 int lbs_get_rssi(struct lbs_private *priv, s8 *rssi, s8 *nf)
855 {
856 struct cmd_ds_802_11_rssi cmd;
857 int ret = 0;
858
859 lbs_deb_enter(LBS_DEB_CMD);
860
861 BUG_ON(rssi == NULL);
862 BUG_ON(nf == NULL);
863
864 memset(&cmd, 0, sizeof(cmd));
865 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
866 /* Average SNR over last 8 beacons */
867 cmd.n_or_snr = cpu_to_le16(8);
868
869 ret = lbs_cmd_with_response(priv, CMD_802_11_RSSI, &cmd);
870 if (ret == 0) {
871 *nf = CAL_NF(le16_to_cpu(cmd.nf));
872 *rssi = CAL_RSSI(le16_to_cpu(cmd.n_or_snr), le16_to_cpu(cmd.nf));
873 }
874
875 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
876 return ret;
877 }
878
879 /**
880 * lbs_set_11d_domain_info - Send regulatory and 802.11d domain information
881 * to the firmware
882 *
883 * @priv: pointer to &struct lbs_private
884 *
885 * returns: 0 on success, error code on failure
886 */
887 int lbs_set_11d_domain_info(struct lbs_private *priv)
888 {
889 struct wiphy *wiphy = priv->wdev->wiphy;
890 struct ieee80211_supported_band **bands = wiphy->bands;
891 struct cmd_ds_802_11d_domain_info cmd;
892 struct mrvl_ie_domain_param_set *domain = &cmd.domain;
893 struct ieee80211_country_ie_triplet *t;
894 enum ieee80211_band band;
895 struct ieee80211_channel *ch;
896 u8 num_triplet = 0;
897 u8 num_parsed_chan = 0;
898 u8 first_channel = 0, next_chan = 0, max_pwr = 0;
899 u8 i, flag = 0;
900 size_t triplet_size;
901 int ret = 0;
902
903 lbs_deb_enter(LBS_DEB_11D);
904 if (!priv->country_code[0])
905 goto out;
906
907 memset(&cmd, 0, sizeof(cmd));
908 cmd.action = cpu_to_le16(CMD_ACT_SET);
909
910 lbs_deb_11d("Setting country code '%c%c'\n",
911 priv->country_code[0], priv->country_code[1]);
912
913 domain->header.type = cpu_to_le16(TLV_TYPE_DOMAIN);
914
915 /* Set country code */
916 domain->country_code[0] = priv->country_code[0];
917 domain->country_code[1] = priv->country_code[1];
918 domain->country_code[2] = ' ';
919
920 /* Now set up the channel triplets; firmware is somewhat picky here
921 * and doesn't validate channel numbers and spans; hence it would
922 * interpret a triplet of (36, 4, 20) as channels 36, 37, 38, 39. Since
923 * the last 3 aren't valid channels, the driver is responsible for
924 * splitting that up into 4 triplet pairs of (36, 1, 20) + (40, 1, 20)
925 * etc.
926 */
927 for (band = 0;
928 (band < IEEE80211_NUM_BANDS) && (num_triplet < MAX_11D_TRIPLETS);
929 band++) {
930
931 if (!bands[band])
932 continue;
933
934 for (i = 0;
935 (i < bands[band]->n_channels) && (num_triplet < MAX_11D_TRIPLETS);
936 i++) {
937 ch = &bands[band]->channels[i];
938 if (ch->flags & IEEE80211_CHAN_DISABLED)
939 continue;
940
941 if (!flag) {
942 flag = 1;
943 next_chan = first_channel = (u32) ch->hw_value;
944 max_pwr = ch->max_power;
945 num_parsed_chan = 1;
946 continue;
947 }
948
949 if ((ch->hw_value == next_chan + 1) &&
950 (ch->max_power == max_pwr)) {
951 /* Consolidate adjacent channels */
952 next_chan++;
953 num_parsed_chan++;
954 } else {
955 /* Add this triplet */
956 lbs_deb_11d("11D triplet (%d, %d, %d)\n",
957 first_channel, num_parsed_chan,
958 max_pwr);
959 t = &domain->triplet[num_triplet];
960 t->chans.first_channel = first_channel;
961 t->chans.num_channels = num_parsed_chan;
962 t->chans.max_power = max_pwr;
963 num_triplet++;
964 flag = 0;
965 }
966 }
967
968 if (flag) {
969 /* Add last triplet */
970 lbs_deb_11d("11D triplet (%d, %d, %d)\n", first_channel,
971 num_parsed_chan, max_pwr);
972 t = &domain->triplet[num_triplet];
973 t->chans.first_channel = first_channel;
974 t->chans.num_channels = num_parsed_chan;
975 t->chans.max_power = max_pwr;
976 num_triplet++;
977 }
978 }
979
980 lbs_deb_11d("# triplets %d\n", num_triplet);
981
982 /* Set command header sizes */
983 triplet_size = num_triplet * sizeof(struct ieee80211_country_ie_triplet);
984 domain->header.len = cpu_to_le16(sizeof(domain->country_code) +
985 triplet_size);
986
987 lbs_deb_hex(LBS_DEB_11D, "802.11D domain param set",
988 (u8 *) &cmd.domain.country_code,
989 le16_to_cpu(domain->header.len));
990
991 cmd.hdr.size = cpu_to_le16(sizeof(cmd.hdr) +
992 sizeof(cmd.action) +
993 sizeof(cmd.domain.header) +
994 sizeof(cmd.domain.country_code) +
995 triplet_size);
996
997 ret = lbs_cmd_with_response(priv, CMD_802_11D_DOMAIN_INFO, &cmd);
998
999 out:
1000 lbs_deb_leave_args(LBS_DEB_11D, "ret %d", ret);
1001 return ret;
1002 }
1003
1004 /**
1005 * lbs_get_reg - Read a MAC, Baseband, or RF register
1006 *
1007 * @priv: pointer to &struct lbs_private
1008 * @reg: register command, one of CMD_MAC_REG_ACCESS,
1009 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS
1010 * @offset: byte offset of the register to get
1011 * @value: on success, the value of the register at 'offset'
1012 *
1013 * returns: 0 on success, error code on failure
1014 */
1015 int lbs_get_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 *value)
1016 {
1017 struct cmd_ds_reg_access cmd;
1018 int ret = 0;
1019
1020 lbs_deb_enter(LBS_DEB_CMD);
1021
1022 BUG_ON(value == NULL);
1023
1024 memset(&cmd, 0, sizeof(cmd));
1025 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1026 cmd.action = cpu_to_le16(CMD_ACT_GET);
1027 cmd.offset = cpu_to_le16(offset);
1028
1029 if (reg != CMD_MAC_REG_ACCESS &&
1030 reg != CMD_BBP_REG_ACCESS &&
1031 reg != CMD_RF_REG_ACCESS) {
1032 ret = -EINVAL;
1033 goto out;
1034 }
1035
1036 ret = lbs_cmd_with_response(priv, reg, &cmd);
1037 if (!ret) {
1038 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS)
1039 *value = cmd.value.bbp_rf;
1040 else if (reg == CMD_MAC_REG_ACCESS)
1041 *value = le32_to_cpu(cmd.value.mac);
1042 }
1043
1044 out:
1045 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
1046 return ret;
1047 }
1048
1049 /**
1050 * lbs_set_reg - Write a MAC, Baseband, or RF register
1051 *
1052 * @priv: pointer to &struct lbs_private
1053 * @reg: register command, one of CMD_MAC_REG_ACCESS,
1054 * CMD_BBP_REG_ACCESS, or CMD_RF_REG_ACCESS
1055 * @offset: byte offset of the register to set
1056 * @value: the value to write to the register at 'offset'
1057 *
1058 * returns: 0 on success, error code on failure
1059 */
1060 int lbs_set_reg(struct lbs_private *priv, u16 reg, u16 offset, u32 value)
1061 {
1062 struct cmd_ds_reg_access cmd;
1063 int ret = 0;
1064
1065 lbs_deb_enter(LBS_DEB_CMD);
1066
1067 memset(&cmd, 0, sizeof(cmd));
1068 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1069 cmd.action = cpu_to_le16(CMD_ACT_SET);
1070 cmd.offset = cpu_to_le16(offset);
1071
1072 if (reg == CMD_BBP_REG_ACCESS || reg == CMD_RF_REG_ACCESS)
1073 cmd.value.bbp_rf = (u8) (value & 0xFF);
1074 else if (reg == CMD_MAC_REG_ACCESS)
1075 cmd.value.mac = cpu_to_le32(value);
1076 else {
1077 ret = -EINVAL;
1078 goto out;
1079 }
1080
1081 ret = lbs_cmd_with_response(priv, reg, &cmd);
1082
1083 out:
1084 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
1085 return ret;
1086 }
1087
1088 static void lbs_queue_cmd(struct lbs_private *priv,
1089 struct cmd_ctrl_node *cmdnode)
1090 {
1091 unsigned long flags;
1092 int addtail = 1;
1093
1094 lbs_deb_enter(LBS_DEB_HOST);
1095
1096 if (!cmdnode) {
1097 lbs_deb_host("QUEUE_CMD: cmdnode is NULL\n");
1098 goto done;
1099 }
1100 if (!cmdnode->cmdbuf->size) {
1101 lbs_deb_host("DNLD_CMD: cmd size is zero\n");
1102 goto done;
1103 }
1104 cmdnode->result = 0;
1105
1106 /* Exit_PS command needs to be queued in the header always. */
1107 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) {
1108 struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf;
1109
1110 if (psm->action == cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) {
1111 if (priv->psstate != PS_STATE_FULL_POWER)
1112 addtail = 0;
1113 }
1114 }
1115
1116 if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_WAKEUP_CONFIRM)
1117 addtail = 0;
1118
1119 spin_lock_irqsave(&priv->driver_lock, flags);
1120
1121 if (addtail)
1122 list_add_tail(&cmdnode->list, &priv->cmdpendingq);
1123 else
1124 list_add(&cmdnode->list, &priv->cmdpendingq);
1125
1126 spin_unlock_irqrestore(&priv->driver_lock, flags);
1127
1128 lbs_deb_host("QUEUE_CMD: inserted command 0x%04x into cmdpendingq\n",
1129 le16_to_cpu(cmdnode->cmdbuf->command));
1130
1131 done:
1132 lbs_deb_leave(LBS_DEB_HOST);
1133 }
1134
1135 static void lbs_submit_command(struct lbs_private *priv,
1136 struct cmd_ctrl_node *cmdnode)
1137 {
1138 unsigned long flags;
1139 struct cmd_header *cmd;
1140 uint16_t cmdsize;
1141 uint16_t command;
1142 int timeo = 3 * HZ;
1143 int ret;
1144
1145 lbs_deb_enter(LBS_DEB_HOST);
1146
1147 cmd = cmdnode->cmdbuf;
1148
1149 spin_lock_irqsave(&priv->driver_lock, flags);
1150 priv->seqnum++;
1151 cmd->seqnum = cpu_to_le16(priv->seqnum);
1152 priv->cur_cmd = cmdnode;
1153 spin_unlock_irqrestore(&priv->driver_lock, flags);
1154
1155 cmdsize = le16_to_cpu(cmd->size);
1156 command = le16_to_cpu(cmd->command);
1157
1158 /* These commands take longer */
1159 if (command == CMD_802_11_SCAN || command == CMD_802_11_ASSOCIATE)
1160 timeo = 5 * HZ;
1161
1162 lbs_deb_cmd("DNLD_CMD: command 0x%04x, seq %d, size %d\n",
1163 command, le16_to_cpu(cmd->seqnum), cmdsize);
1164 lbs_deb_hex(LBS_DEB_CMD, "DNLD_CMD", (void *) cmdnode->cmdbuf, cmdsize);
1165
1166 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) cmd, cmdsize);
1167
1168 if (ret) {
1169 netdev_info(priv->dev, "DNLD_CMD: hw_host_to_card failed: %d\n",
1170 ret);
1171 /* Reset dnld state machine, report failure */
1172 priv->dnld_sent = DNLD_RES_RECEIVED;
1173 lbs_complete_command(priv, cmdnode, ret);
1174 }
1175
1176 if (command == CMD_802_11_DEEP_SLEEP) {
1177 if (priv->is_auto_deep_sleep_enabled) {
1178 priv->wakeup_dev_required = 1;
1179 priv->dnld_sent = 0;
1180 }
1181 priv->is_deep_sleep = 1;
1182 lbs_complete_command(priv, cmdnode, 0);
1183 } else {
1184 /* Setup the timer after transmit command */
1185 mod_timer(&priv->command_timer, jiffies + timeo);
1186 }
1187
1188 lbs_deb_leave(LBS_DEB_HOST);
1189 }
1190
1191 /*
1192 * This function inserts command node to cmdfreeq
1193 * after cleans it. Requires priv->driver_lock held.
1194 */
1195 static void __lbs_cleanup_and_insert_cmd(struct lbs_private *priv,
1196 struct cmd_ctrl_node *cmdnode)
1197 {
1198 lbs_deb_enter(LBS_DEB_HOST);
1199
1200 if (!cmdnode)
1201 goto out;
1202
1203 cmdnode->callback = NULL;
1204 cmdnode->callback_arg = 0;
1205
1206 memset(cmdnode->cmdbuf, 0, LBS_CMD_BUFFER_SIZE);
1207
1208 list_add_tail(&cmdnode->list, &priv->cmdfreeq);
1209 out:
1210 lbs_deb_leave(LBS_DEB_HOST);
1211 }
1212
1213 static void lbs_cleanup_and_insert_cmd(struct lbs_private *priv,
1214 struct cmd_ctrl_node *ptempcmd)
1215 {
1216 unsigned long flags;
1217
1218 spin_lock_irqsave(&priv->driver_lock, flags);
1219 __lbs_cleanup_and_insert_cmd(priv, ptempcmd);
1220 spin_unlock_irqrestore(&priv->driver_lock, flags);
1221 }
1222
1223 void __lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd,
1224 int result)
1225 {
1226 /*
1227 * Normally, commands are removed from cmdpendingq before being
1228 * submitted. However, we can arrive here on alternative codepaths
1229 * where the command is still pending. Make sure the command really
1230 * isn't part of a list at this point.
1231 */
1232 list_del_init(&cmd->list);
1233
1234 cmd->result = result;
1235 cmd->cmdwaitqwoken = 1;
1236 wake_up(&cmd->cmdwait_q);
1237
1238 if (!cmd->callback || cmd->callback == lbs_cmd_async_callback)
1239 __lbs_cleanup_and_insert_cmd(priv, cmd);
1240 priv->cur_cmd = NULL;
1241 wake_up(&priv->waitq);
1242 }
1243
1244 void lbs_complete_command(struct lbs_private *priv, struct cmd_ctrl_node *cmd,
1245 int result)
1246 {
1247 unsigned long flags;
1248 spin_lock_irqsave(&priv->driver_lock, flags);
1249 __lbs_complete_command(priv, cmd, result);
1250 spin_unlock_irqrestore(&priv->driver_lock, flags);
1251 }
1252
1253 int lbs_set_radio(struct lbs_private *priv, u8 preamble, u8 radio_on)
1254 {
1255 struct cmd_ds_802_11_radio_control cmd;
1256 int ret = -EINVAL;
1257
1258 lbs_deb_enter(LBS_DEB_CMD);
1259
1260 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1261 cmd.action = cpu_to_le16(CMD_ACT_SET);
1262 cmd.control = 0;
1263
1264 /* Only v8 and below support setting the preamble */
1265 if (priv->fwrelease < 0x09000000) {
1266 switch (preamble) {
1267 case RADIO_PREAMBLE_SHORT:
1268 case RADIO_PREAMBLE_AUTO:
1269 case RADIO_PREAMBLE_LONG:
1270 cmd.control = cpu_to_le16(preamble);
1271 break;
1272 default:
1273 goto out;
1274 }
1275 }
1276
1277 if (radio_on)
1278 cmd.control |= cpu_to_le16(0x1);
1279 else {
1280 cmd.control &= cpu_to_le16(~0x1);
1281 priv->txpower_cur = 0;
1282 }
1283
1284 lbs_deb_cmd("RADIO_CONTROL: radio %s, preamble %d\n",
1285 radio_on ? "ON" : "OFF", preamble);
1286
1287 priv->radio_on = radio_on;
1288
1289 ret = lbs_cmd_with_response(priv, CMD_802_11_RADIO_CONTROL, &cmd);
1290
1291 out:
1292 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
1293 return ret;
1294 }
1295
1296 void lbs_set_mac_control(struct lbs_private *priv)
1297 {
1298 struct cmd_ds_mac_control cmd;
1299
1300 lbs_deb_enter(LBS_DEB_CMD);
1301
1302 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1303 cmd.action = cpu_to_le16(priv->mac_control);
1304 cmd.reserved = 0;
1305
1306 lbs_cmd_async(priv, CMD_MAC_CONTROL, &cmd.hdr, sizeof(cmd));
1307
1308 lbs_deb_leave(LBS_DEB_CMD);
1309 }
1310
1311 int lbs_set_mac_control_sync(struct lbs_private *priv)
1312 {
1313 struct cmd_ds_mac_control cmd;
1314 int ret = 0;
1315
1316 lbs_deb_enter(LBS_DEB_CMD);
1317
1318 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1319 cmd.action = cpu_to_le16(priv->mac_control);
1320 cmd.reserved = 0;
1321 ret = lbs_cmd_with_response(priv, CMD_MAC_CONTROL, &cmd);
1322
1323 lbs_deb_leave(LBS_DEB_CMD);
1324 return ret;
1325 }
1326
1327 /**
1328 * lbs_allocate_cmd_buffer - allocates the command buffer and links
1329 * it to command free queue
1330 *
1331 * @priv: A pointer to &struct lbs_private structure
1332 *
1333 * returns: 0 for success or -1 on error
1334 */
1335 int lbs_allocate_cmd_buffer(struct lbs_private *priv)
1336 {
1337 int ret = 0;
1338 u32 bufsize;
1339 u32 i;
1340 struct cmd_ctrl_node *cmdarray;
1341
1342 lbs_deb_enter(LBS_DEB_HOST);
1343
1344 /* Allocate and initialize the command array */
1345 bufsize = sizeof(struct cmd_ctrl_node) * LBS_NUM_CMD_BUFFERS;
1346 if (!(cmdarray = kzalloc(bufsize, GFP_KERNEL))) {
1347 lbs_deb_host("ALLOC_CMD_BUF: tempcmd_array is NULL\n");
1348 ret = -1;
1349 goto done;
1350 }
1351 priv->cmd_array = cmdarray;
1352
1353 /* Allocate and initialize each command buffer in the command array */
1354 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) {
1355 cmdarray[i].cmdbuf = kzalloc(LBS_CMD_BUFFER_SIZE, GFP_KERNEL);
1356 if (!cmdarray[i].cmdbuf) {
1357 lbs_deb_host("ALLOC_CMD_BUF: ptempvirtualaddr is NULL\n");
1358 ret = -1;
1359 goto done;
1360 }
1361 }
1362
1363 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) {
1364 init_waitqueue_head(&cmdarray[i].cmdwait_q);
1365 lbs_cleanup_and_insert_cmd(priv, &cmdarray[i]);
1366 }
1367 ret = 0;
1368
1369 done:
1370 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret);
1371 return ret;
1372 }
1373
1374 /**
1375 * lbs_free_cmd_buffer - free the command buffer
1376 *
1377 * @priv: A pointer to &struct lbs_private structure
1378 *
1379 * returns: 0 for success
1380 */
1381 int lbs_free_cmd_buffer(struct lbs_private *priv)
1382 {
1383 struct cmd_ctrl_node *cmdarray;
1384 unsigned int i;
1385
1386 lbs_deb_enter(LBS_DEB_HOST);
1387
1388 /* need to check if cmd array is allocated or not */
1389 if (priv->cmd_array == NULL) {
1390 lbs_deb_host("FREE_CMD_BUF: cmd_array is NULL\n");
1391 goto done;
1392 }
1393
1394 cmdarray = priv->cmd_array;
1395
1396 /* Release shared memory buffers */
1397 for (i = 0; i < LBS_NUM_CMD_BUFFERS; i++) {
1398 if (cmdarray[i].cmdbuf) {
1399 kfree(cmdarray[i].cmdbuf);
1400 cmdarray[i].cmdbuf = NULL;
1401 }
1402 }
1403
1404 /* Release cmd_ctrl_node */
1405 if (priv->cmd_array) {
1406 kfree(priv->cmd_array);
1407 priv->cmd_array = NULL;
1408 }
1409
1410 done:
1411 lbs_deb_leave(LBS_DEB_HOST);
1412 return 0;
1413 }
1414
1415 /**
1416 * lbs_get_free_cmd_node - gets a free command node if available in
1417 * command free queue
1418 *
1419 * @priv: A pointer to &struct lbs_private structure
1420 *
1421 * returns: A pointer to &cmd_ctrl_node structure on success
1422 * or %NULL on error
1423 */
1424 static struct cmd_ctrl_node *lbs_get_free_cmd_node(struct lbs_private *priv)
1425 {
1426 struct cmd_ctrl_node *tempnode;
1427 unsigned long flags;
1428
1429 lbs_deb_enter(LBS_DEB_HOST);
1430
1431 if (!priv)
1432 return NULL;
1433
1434 spin_lock_irqsave(&priv->driver_lock, flags);
1435
1436 if (!list_empty(&priv->cmdfreeq)) {
1437 tempnode = list_first_entry(&priv->cmdfreeq,
1438 struct cmd_ctrl_node, list);
1439 list_del_init(&tempnode->list);
1440 } else {
1441 lbs_deb_host("GET_CMD_NODE: cmd_ctrl_node is not available\n");
1442 tempnode = NULL;
1443 }
1444
1445 spin_unlock_irqrestore(&priv->driver_lock, flags);
1446
1447 lbs_deb_leave(LBS_DEB_HOST);
1448 return tempnode;
1449 }
1450
1451 /**
1452 * lbs_execute_next_command - execute next command in command
1453 * pending queue. Will put firmware back to PS mode if applicable.
1454 *
1455 * @priv: A pointer to &struct lbs_private structure
1456 *
1457 * returns: 0 on success or -1 on error
1458 */
1459 int lbs_execute_next_command(struct lbs_private *priv)
1460 {
1461 struct cmd_ctrl_node *cmdnode = NULL;
1462 struct cmd_header *cmd;
1463 unsigned long flags;
1464 int ret = 0;
1465
1466 /* Debug group is LBS_DEB_THREAD and not LBS_DEB_HOST, because the
1467 * only caller to us is lbs_thread() and we get even when a
1468 * data packet is received */
1469 lbs_deb_enter(LBS_DEB_THREAD);
1470
1471 spin_lock_irqsave(&priv->driver_lock, flags);
1472
1473 if (priv->cur_cmd) {
1474 netdev_alert(priv->dev,
1475 "EXEC_NEXT_CMD: already processing command!\n");
1476 spin_unlock_irqrestore(&priv->driver_lock, flags);
1477 ret = -1;
1478 goto done;
1479 }
1480
1481 if (!list_empty(&priv->cmdpendingq)) {
1482 cmdnode = list_first_entry(&priv->cmdpendingq,
1483 struct cmd_ctrl_node, list);
1484 }
1485
1486 spin_unlock_irqrestore(&priv->driver_lock, flags);
1487
1488 if (cmdnode) {
1489 cmd = cmdnode->cmdbuf;
1490
1491 if (is_command_allowed_in_ps(le16_to_cpu(cmd->command))) {
1492 if ((priv->psstate == PS_STATE_SLEEP) ||
1493 (priv->psstate == PS_STATE_PRE_SLEEP)) {
1494 lbs_deb_host(
1495 "EXEC_NEXT_CMD: cannot send cmd 0x%04x in psstate %d\n",
1496 le16_to_cpu(cmd->command),
1497 priv->psstate);
1498 ret = -1;
1499 goto done;
1500 }
1501 lbs_deb_host("EXEC_NEXT_CMD: OK to send command "
1502 "0x%04x in psstate %d\n",
1503 le16_to_cpu(cmd->command), priv->psstate);
1504 } else if (priv->psstate != PS_STATE_FULL_POWER) {
1505 /*
1506 * 1. Non-PS command:
1507 * Queue it. set needtowakeup to TRUE if current state
1508 * is SLEEP, otherwise call send EXIT_PS.
1509 * 2. PS command but not EXIT_PS:
1510 * Ignore it.
1511 * 3. PS command EXIT_PS:
1512 * Set needtowakeup to TRUE if current state is SLEEP,
1513 * otherwise send this command down to firmware
1514 * immediately.
1515 */
1516 if (cmd->command != cpu_to_le16(CMD_802_11_PS_MODE)) {
1517 /* Prepare to send Exit PS,
1518 * this non PS command will be sent later */
1519 if ((priv->psstate == PS_STATE_SLEEP)
1520 || (priv->psstate == PS_STATE_PRE_SLEEP)
1521 ) {
1522 /* w/ new scheme, it will not reach here.
1523 since it is blocked in main_thread. */
1524 priv->needtowakeup = 1;
1525 } else {
1526 lbs_set_ps_mode(priv,
1527 PS_MODE_ACTION_EXIT_PS,
1528 false);
1529 }
1530
1531 ret = 0;
1532 goto done;
1533 } else {
1534 /*
1535 * PS command. Ignore it if it is not Exit_PS.
1536 * otherwise send it down immediately.
1537 */
1538 struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1];
1539
1540 lbs_deb_host(
1541 "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n",
1542 psm->action);
1543 if (psm->action !=
1544 cpu_to_le16(PS_MODE_ACTION_EXIT_PS)) {
1545 lbs_deb_host(
1546 "EXEC_NEXT_CMD: ignore ENTER_PS cmd\n");
1547 lbs_complete_command(priv, cmdnode, 0);
1548
1549 ret = 0;
1550 goto done;
1551 }
1552
1553 if ((priv->psstate == PS_STATE_SLEEP) ||
1554 (priv->psstate == PS_STATE_PRE_SLEEP)) {
1555 lbs_deb_host(
1556 "EXEC_NEXT_CMD: ignore EXIT_PS cmd in sleep\n");
1557 lbs_complete_command(priv, cmdnode, 0);
1558 priv->needtowakeup = 1;
1559
1560 ret = 0;
1561 goto done;
1562 }
1563
1564 lbs_deb_host(
1565 "EXEC_NEXT_CMD: sending EXIT_PS\n");
1566 }
1567 }
1568 spin_lock_irqsave(&priv->driver_lock, flags);
1569 list_del_init(&cmdnode->list);
1570 spin_unlock_irqrestore(&priv->driver_lock, flags);
1571 lbs_deb_host("EXEC_NEXT_CMD: sending command 0x%04x\n",
1572 le16_to_cpu(cmd->command));
1573 lbs_submit_command(priv, cmdnode);
1574 } else {
1575 /*
1576 * check if in power save mode, if yes, put the device back
1577 * to PS mode
1578 */
1579 #ifdef TODO
1580 /*
1581 * This was the old code for libertas+wext. Someone that
1582 * understands this beast should re-code it in a sane way.
1583 *
1584 * I actually don't understand why this is related to WPA
1585 * and to connection status, shouldn't powering should be
1586 * independ of such things?
1587 */
1588 if ((priv->psmode != LBS802_11POWERMODECAM) &&
1589 (priv->psstate == PS_STATE_FULL_POWER) &&
1590 ((priv->connect_status == LBS_CONNECTED) ||
1591 lbs_mesh_connected(priv))) {
1592 if (priv->secinfo.WPAenabled ||
1593 priv->secinfo.WPA2enabled) {
1594 /* check for valid WPA group keys */
1595 if (priv->wpa_mcast_key.len ||
1596 priv->wpa_unicast_key.len) {
1597 lbs_deb_host(
1598 "EXEC_NEXT_CMD: WPA enabled and GTK_SET"
1599 " go back to PS_SLEEP");
1600 lbs_set_ps_mode(priv,
1601 PS_MODE_ACTION_ENTER_PS,
1602 false);
1603 }
1604 } else {
1605 lbs_deb_host(
1606 "EXEC_NEXT_CMD: cmdpendingq empty, "
1607 "go back to PS_SLEEP");
1608 lbs_set_ps_mode(priv, PS_MODE_ACTION_ENTER_PS,
1609 false);
1610 }
1611 }
1612 #endif
1613 }
1614
1615 ret = 0;
1616 done:
1617 lbs_deb_leave(LBS_DEB_THREAD);
1618 return ret;
1619 }
1620
1621 static void lbs_send_confirmsleep(struct lbs_private *priv)
1622 {
1623 unsigned long flags;
1624 int ret;
1625
1626 lbs_deb_enter(LBS_DEB_HOST);
1627 lbs_deb_hex(LBS_DEB_HOST, "sleep confirm", (u8 *) &confirm_sleep,
1628 sizeof(confirm_sleep));
1629
1630 ret = priv->hw_host_to_card(priv, MVMS_CMD, (u8 *) &confirm_sleep,
1631 sizeof(confirm_sleep));
1632 if (ret) {
1633 netdev_alert(priv->dev, "confirm_sleep failed\n");
1634 goto out;
1635 }
1636
1637 spin_lock_irqsave(&priv->driver_lock, flags);
1638
1639 /* We don't get a response on the sleep-confirmation */
1640 priv->dnld_sent = DNLD_RES_RECEIVED;
1641
1642 if (priv->is_host_sleep_configured) {
1643 priv->is_host_sleep_activated = 1;
1644 wake_up_interruptible(&priv->host_sleep_q);
1645 }
1646
1647 /* If nothing to do, go back to sleep (?) */
1648 if (!kfifo_len(&priv->event_fifo) && !priv->resp_len[priv->resp_idx])
1649 priv->psstate = PS_STATE_SLEEP;
1650
1651 spin_unlock_irqrestore(&priv->driver_lock, flags);
1652
1653 out:
1654 lbs_deb_leave(LBS_DEB_HOST);
1655 }
1656
1657 /**
1658 * lbs_ps_confirm_sleep - checks condition and prepares to
1659 * send sleep confirm command to firmware if ok
1660 *
1661 * @priv: A pointer to &struct lbs_private structure
1662 *
1663 * returns: n/a
1664 */
1665 void lbs_ps_confirm_sleep(struct lbs_private *priv)
1666 {
1667 unsigned long flags =0;
1668 int allowed = 1;
1669
1670 lbs_deb_enter(LBS_DEB_HOST);
1671
1672 spin_lock_irqsave(&priv->driver_lock, flags);
1673 if (priv->dnld_sent) {
1674 allowed = 0;
1675 lbs_deb_host("dnld_sent was set\n");
1676 }
1677
1678 /* In-progress command? */
1679 if (priv->cur_cmd) {
1680 allowed = 0;
1681 lbs_deb_host("cur_cmd was set\n");
1682 }
1683
1684 /* Pending events or command responses? */
1685 if (kfifo_len(&priv->event_fifo) || priv->resp_len[priv->resp_idx]) {
1686 allowed = 0;
1687 lbs_deb_host("pending events or command responses\n");
1688 }
1689 spin_unlock_irqrestore(&priv->driver_lock, flags);
1690
1691 if (allowed) {
1692 lbs_deb_host("sending lbs_ps_confirm_sleep\n");
1693 lbs_send_confirmsleep(priv);
1694 } else {
1695 lbs_deb_host("sleep confirm has been delayed\n");
1696 }
1697
1698 lbs_deb_leave(LBS_DEB_HOST);
1699 }
1700
1701
1702 /**
1703 * lbs_set_tpc_cfg - Configures the transmission power control functionality
1704 *
1705 * @priv: A pointer to &struct lbs_private structure
1706 * @enable: Transmission power control enable
1707 * @p0: Power level when link quality is good (dBm).
1708 * @p1: Power level when link quality is fair (dBm).
1709 * @p2: Power level when link quality is poor (dBm).
1710 * @usesnr: Use Signal to Noise Ratio in TPC
1711 *
1712 * returns: 0 on success
1713 */
1714 int lbs_set_tpc_cfg(struct lbs_private *priv, int enable, int8_t p0, int8_t p1,
1715 int8_t p2, int usesnr)
1716 {
1717 struct cmd_ds_802_11_tpc_cfg cmd;
1718 int ret;
1719
1720 memset(&cmd, 0, sizeof(cmd));
1721 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1722 cmd.action = cpu_to_le16(CMD_ACT_SET);
1723 cmd.enable = !!enable;
1724 cmd.usesnr = !!usesnr;
1725 cmd.P0 = p0;
1726 cmd.P1 = p1;
1727 cmd.P2 = p2;
1728
1729 ret = lbs_cmd_with_response(priv, CMD_802_11_TPC_CFG, &cmd);
1730
1731 return ret;
1732 }
1733
1734 /**
1735 * lbs_set_power_adapt_cfg - Configures the power adaptation settings
1736 *
1737 * @priv: A pointer to &struct lbs_private structure
1738 * @enable: Power adaptation enable
1739 * @p0: Power level for 1, 2, 5.5 and 11 Mbps (dBm).
1740 * @p1: Power level for 6, 9, 12, 18, 22, 24 and 36 Mbps (dBm).
1741 * @p2: Power level for 48 and 54 Mbps (dBm).
1742 *
1743 * returns: 0 on Success
1744 */
1745
1746 int lbs_set_power_adapt_cfg(struct lbs_private *priv, int enable, int8_t p0,
1747 int8_t p1, int8_t p2)
1748 {
1749 struct cmd_ds_802_11_pa_cfg cmd;
1750 int ret;
1751
1752 memset(&cmd, 0, sizeof(cmd));
1753 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
1754 cmd.action = cpu_to_le16(CMD_ACT_SET);
1755 cmd.enable = !!enable;
1756 cmd.P0 = p0;
1757 cmd.P1 = p1;
1758 cmd.P2 = p2;
1759
1760 ret = lbs_cmd_with_response(priv, CMD_802_11_PA_CFG , &cmd);
1761
1762 return ret;
1763 }
1764
1765
1766 struct cmd_ctrl_node *__lbs_cmd_async(struct lbs_private *priv,
1767 uint16_t command, struct cmd_header *in_cmd, int in_cmd_size,
1768 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *),
1769 unsigned long callback_arg)
1770 {
1771 struct cmd_ctrl_node *cmdnode;
1772
1773 lbs_deb_enter(LBS_DEB_HOST);
1774
1775 if (priv->surpriseremoved) {
1776 lbs_deb_host("PREP_CMD: card removed\n");
1777 cmdnode = ERR_PTR(-ENOENT);
1778 goto done;
1779 }
1780
1781 /* No commands are allowed in Deep Sleep until we toggle the GPIO
1782 * to wake up the card and it has signaled that it's ready.
1783 */
1784 if (!priv->is_auto_deep_sleep_enabled) {
1785 if (priv->is_deep_sleep) {
1786 lbs_deb_cmd("command not allowed in deep sleep\n");
1787 cmdnode = ERR_PTR(-EBUSY);
1788 goto done;
1789 }
1790 }
1791
1792 cmdnode = lbs_get_free_cmd_node(priv);
1793 if (cmdnode == NULL) {
1794 lbs_deb_host("PREP_CMD: cmdnode is NULL\n");
1795
1796 /* Wake up main thread to execute next command */
1797 wake_up(&priv->waitq);
1798 cmdnode = ERR_PTR(-ENOBUFS);
1799 goto done;
1800 }
1801
1802 cmdnode->callback = callback;
1803 cmdnode->callback_arg = callback_arg;
1804
1805 /* Copy the incoming command to the buffer */
1806 memcpy(cmdnode->cmdbuf, in_cmd, in_cmd_size);
1807
1808 /* Set command, clean result, move to buffer */
1809 cmdnode->cmdbuf->command = cpu_to_le16(command);
1810 cmdnode->cmdbuf->size = cpu_to_le16(in_cmd_size);
1811 cmdnode->cmdbuf->result = 0;
1812
1813 lbs_deb_host("PREP_CMD: command 0x%04x\n", command);
1814
1815 cmdnode->cmdwaitqwoken = 0;
1816 lbs_queue_cmd(priv, cmdnode);
1817 wake_up(&priv->waitq);
1818
1819 done:
1820 lbs_deb_leave_args(LBS_DEB_HOST, "ret %p", cmdnode);
1821 return cmdnode;
1822 }
1823
1824 void lbs_cmd_async(struct lbs_private *priv, uint16_t command,
1825 struct cmd_header *in_cmd, int in_cmd_size)
1826 {
1827 lbs_deb_enter(LBS_DEB_CMD);
1828 __lbs_cmd_async(priv, command, in_cmd, in_cmd_size,
1829 lbs_cmd_async_callback, 0);
1830 lbs_deb_leave(LBS_DEB_CMD);
1831 }
1832
1833 int __lbs_cmd(struct lbs_private *priv, uint16_t command,
1834 struct cmd_header *in_cmd, int in_cmd_size,
1835 int (*callback)(struct lbs_private *, unsigned long, struct cmd_header *),
1836 unsigned long callback_arg)
1837 {
1838 struct cmd_ctrl_node *cmdnode;
1839 unsigned long flags;
1840 int ret = 0;
1841
1842 lbs_deb_enter(LBS_DEB_HOST);
1843
1844 cmdnode = __lbs_cmd_async(priv, command, in_cmd, in_cmd_size,
1845 callback, callback_arg);
1846 if (IS_ERR(cmdnode)) {
1847 ret = PTR_ERR(cmdnode);
1848 goto done;
1849 }
1850
1851 might_sleep();
1852
1853 /*
1854 * Be careful with signals here. A signal may be received as the system
1855 * goes into suspend or resume. We do not want this to interrupt the
1856 * command, so we perform an uninterruptible sleep.
1857 */
1858 wait_event(cmdnode->cmdwait_q, cmdnode->cmdwaitqwoken);
1859
1860 spin_lock_irqsave(&priv->driver_lock, flags);
1861 ret = cmdnode->result;
1862 if (ret)
1863 netdev_info(priv->dev, "PREP_CMD: command 0x%04x failed: %d\n",
1864 command, ret);
1865
1866 __lbs_cleanup_and_insert_cmd(priv, cmdnode);
1867 spin_unlock_irqrestore(&priv->driver_lock, flags);
1868
1869 done:
1870 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret);
1871 return ret;
1872 }
1873 EXPORT_SYMBOL_GPL(__lbs_cmd);
1874
1875 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/cmd.o.c.prepared" 1 /*
2 * This file contains the handling of command
3 * responses as well as events generated by firmware.
4 */
5
6 #include <linux/hardirq.h>
7 #include <linux/slab.h>
8 #include <linux/delay.h>
9 #include <linux/sched.h>
10 #include <asm/unaligned.h>
11 #include <net/cfg80211.h>
12
13 #include "cfg.h"
14 #include "cmd.h"
15
16 /**
17 * lbs_mac_event_disconnected - handles disconnect event. It
18 * reports disconnect to upper layer, clean tx/rx packets,
19 * reset link state etc.
20 *
21 * @priv: A pointer to struct lbs_private structure
22 * @locally_generated: indicates disconnect was requested locally
23 * (usually by userspace)
24 *
25 * returns: n/a
26 */
27 void lbs_mac_event_disconnected(struct lbs_private *priv,
28 bool locally_generated)
29 {
30 if (priv->connect_status != LBS_CONNECTED)
31 return;
32
33 lbs_deb_enter(LBS_DEB_ASSOC);
34
35 /*
36 * Cisco AP sends EAP failure and de-auth in less than 0.5 ms.
37 * It causes problem in the Supplicant
38 */
39 msleep_interruptible(1000);
40
41 if (priv->wdev->iftype == NL80211_IFTYPE_STATION)
42 lbs_send_disconnect_notification(priv, locally_generated);
43
44 /* report disconnect to upper layer */
45 netif_stop_queue(priv->dev);
46 netif_carrier_off(priv->dev);
47
48 /* Free Tx and Rx packets */
49 kfree_skb(priv->currenttxskb);
50 priv->currenttxskb = NULL;
51 priv->tx_pending_len = 0;
52
53 priv->connect_status = LBS_DISCONNECTED;
54
55 if (priv->psstate != PS_STATE_FULL_POWER) {
56 /* make firmware to exit PS mode */
57 lbs_deb_cmd("disconnected, so exit PS mode\n");
58 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, false);
59 }
60 lbs_deb_leave(LBS_DEB_ASSOC);
61 }
62
63 int lbs_process_command_response(struct lbs_private *priv, u8 *data, u32 len)
64 {
65 uint16_t respcmd, curcmd;
66 struct cmd_header *resp;
67 int ret = 0;
68 unsigned long flags;
69 uint16_t result;
70
71 lbs_deb_enter(LBS_DEB_HOST);
72
73 mutex_lock(&priv->lock);
74 spin_lock_irqsave(&priv->driver_lock, flags);
75
76 if (!priv->cur_cmd) {
77 lbs_deb_host("CMD_RESP: cur_cmd is NULL\n");
78 ret = -1;
79 spin_unlock_irqrestore(&priv->driver_lock, flags);
80 goto done;
81 }
82
83 resp = (void *)data;
84 curcmd = le16_to_cpu(priv->cur_cmd->cmdbuf->command);
85 respcmd = le16_to_cpu(resp->command);
86 result = le16_to_cpu(resp->result);
87
88 lbs_deb_cmd("CMD_RESP: response 0x%04x, seq %d, size %d\n",
89 respcmd, le16_to_cpu(resp->seqnum), len);
90 lbs_deb_hex(LBS_DEB_CMD, "CMD_RESP", (void *) resp, len);
91
92 if (resp->seqnum != priv->cur_cmd->cmdbuf->seqnum) {
93 netdev_info(priv->dev,
94 "Received CMD_RESP with invalid sequence %d (expected %d)\n",
95 le16_to_cpu(resp->seqnum),
96 le16_to_cpu(priv->cur_cmd->cmdbuf->seqnum));
97 spin_unlock_irqrestore(&priv->driver_lock, flags);
98 ret = -1;
99 goto done;
100 }
101 if (respcmd != CMD_RET(curcmd) &&
102 respcmd != CMD_RET_802_11_ASSOCIATE && curcmd != CMD_802_11_ASSOCIATE) {
103 netdev_info(priv->dev, "Invalid CMD_RESP %x to command %x!\n",
104 respcmd, curcmd);
105 spin_unlock_irqrestore(&priv->driver_lock, flags);
106 ret = -1;
107 goto done;
108 }
109
110 if (resp->result == cpu_to_le16(0x0004)) {
111 /* 0x0004 means -EAGAIN. Drop the response, let it time out
112 and be resubmitted */
113 netdev_info(priv->dev,
114 "Firmware returns DEFER to command %x. Will let it time out...\n",
115 le16_to_cpu(resp->command));
116 spin_unlock_irqrestore(&priv->driver_lock, flags);
117 ret = -1;
118 goto done;
119 }
120
121 /* Now we got response from FW, cancel the command timer */
122 del_timer(&priv->command_timer);
123 priv->cmd_timed_out = 0;
124
125 if (respcmd == CMD_RET(CMD_802_11_PS_MODE)) {
126 struct cmd_ds_802_11_ps_mode *psmode = (void *) &resp[1];
127 u16 action = le16_to_cpu(psmode->action);
128
129 lbs_deb_host(
130 "CMD_RESP: PS_MODE cmd reply result 0x%x, action 0x%x\n",
131 result, action);
132
133 if (result) {
134 lbs_deb_host("CMD_RESP: PS command failed with 0x%x\n",
135 result);
136 /*
137 * We should not re-try enter-ps command in
138 * ad-hoc mode. It takes place in
139 * lbs_execute_next_command().
140 */
141 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR &&
142 action == PS_MODE_ACTION_ENTER_PS)
143 priv->psmode = LBS802_11POWERMODECAM;
144 } else if (action == PS_MODE_ACTION_ENTER_PS) {
145 priv->needtowakeup = 0;
146 priv->psstate = PS_STATE_AWAKE;
147
148 lbs_deb_host("CMD_RESP: ENTER_PS command response\n");
149 if (priv->connect_status != LBS_CONNECTED) {
150 /*
151 * When Deauth Event received before Enter_PS command
152 * response, We need to wake up the firmware.
153 */
154 lbs_deb_host(
155 "disconnected, invoking lbs_ps_wakeup\n");
156
157 spin_unlock_irqrestore(&priv->driver_lock, flags);
158 mutex_unlock(&priv->lock);
159 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS,
160 false);
161 mutex_lock(&priv->lock);
162 spin_lock_irqsave(&priv->driver_lock, flags);
163 }
164 } else if (action == PS_MODE_ACTION_EXIT_PS) {
165 priv->needtowakeup = 0;
166 priv->psstate = PS_STATE_FULL_POWER;
167 lbs_deb_host("CMD_RESP: EXIT_PS command response\n");
168 } else {
169 lbs_deb_host("CMD_RESP: PS action 0x%X\n", action);
170 }
171
172 __lbs_complete_command(priv, priv->cur_cmd, result);
173 spin_unlock_irqrestore(&priv->driver_lock, flags);
174
175 ret = 0;
176 goto done;
177 }
178
179 /* If the command is not successful, cleanup and return failure */
180 if ((result != 0 || !(respcmd & 0x8000))) {
181 lbs_deb_host("CMD_RESP: error 0x%04x in command reply 0x%04x\n",
182 result, respcmd);
183 /*
184 * Handling errors here
185 */
186 switch (respcmd) {
187 case CMD_RET(CMD_GET_HW_SPEC):
188 case CMD_RET(CMD_802_11_RESET):
189 lbs_deb_host("CMD_RESP: reset failed\n");
190 break;
191
192 }
193 __lbs_complete_command(priv, priv->cur_cmd, result);
194 spin_unlock_irqrestore(&priv->driver_lock, flags);
195
196 ret = -1;
197 goto done;
198 }
199
200 spin_unlock_irqrestore(&priv->driver_lock, flags);
201
202 if (priv->cur_cmd && priv->cur_cmd->callback) {
203 ret = priv->cur_cmd->callback(priv, priv->cur_cmd->callback_arg,
204 resp);
205 }
206
207 spin_lock_irqsave(&priv->driver_lock, flags);
208
209 if (priv->cur_cmd) {
210 /* Clean up and Put current command back to cmdfreeq */
211 __lbs_complete_command(priv, priv->cur_cmd, result);
212 }
213 spin_unlock_irqrestore(&priv->driver_lock, flags);
214
215 done:
216 mutex_unlock(&priv->lock);
217 lbs_deb_leave_args(LBS_DEB_HOST, "ret %d", ret);
218 return ret;
219 }
220
221 int lbs_process_event(struct lbs_private *priv, u32 event)
222 {
223 int ret = 0;
224 struct cmd_header cmd;
225
226 lbs_deb_enter(LBS_DEB_CMD);
227
228 switch (event) {
229 case MACREG_INT_CODE_LINK_SENSED:
230 lbs_deb_cmd("EVENT: link sensed\n");
231 break;
232
233 case MACREG_INT_CODE_DEAUTHENTICATED:
234 lbs_deb_cmd("EVENT: deauthenticated\n");
235 lbs_mac_event_disconnected(priv, false);
236 break;
237
238 case MACREG_INT_CODE_DISASSOCIATED:
239 lbs_deb_cmd("EVENT: disassociated\n");
240 lbs_mac_event_disconnected(priv, false);
241 break;
242
243 case MACREG_INT_CODE_LINK_LOST_NO_SCAN:
244 lbs_deb_cmd("EVENT: link lost\n");
245 lbs_mac_event_disconnected(priv, true);
246 break;
247
248 case MACREG_INT_CODE_PS_SLEEP:
249 lbs_deb_cmd("EVENT: ps sleep\n");
250
251 /* handle unexpected PS SLEEP event */
252 if (priv->psstate == PS_STATE_FULL_POWER) {
253 lbs_deb_cmd(
254 "EVENT: in FULL POWER mode, ignoring PS_SLEEP\n");
255 break;
256 }
257 priv->psstate = PS_STATE_PRE_SLEEP;
258
259 lbs_ps_confirm_sleep(priv);
260
261 break;
262
263 case MACREG_INT_CODE_HOST_AWAKE:
264 lbs_deb_cmd("EVENT: host awake\n");
265 if (priv->reset_deep_sleep_wakeup)
266 priv->reset_deep_sleep_wakeup(priv);
267 priv->is_deep_sleep = 0;
268 lbs_cmd_async(priv, CMD_802_11_WAKEUP_CONFIRM, &cmd,
269 sizeof(cmd));
270 priv->is_host_sleep_activated = 0;
271 wake_up_interruptible(&priv->host_sleep_q);
272 break;
273
274 case MACREG_INT_CODE_DEEP_SLEEP_AWAKE:
275 if (priv->reset_deep_sleep_wakeup)
276 priv->reset_deep_sleep_wakeup(priv);
277 lbs_deb_cmd("EVENT: ds awake\n");
278 priv->is_deep_sleep = 0;
279 priv->wakeup_dev_required = 0;
280 wake_up_interruptible(&priv->ds_awake_q);
281 break;
282
283 case MACREG_INT_CODE_PS_AWAKE:
284 lbs_deb_cmd("EVENT: ps awake\n");
285 /* handle unexpected PS AWAKE event */
286 if (priv->psstate == PS_STATE_FULL_POWER) {
287 lbs_deb_cmd(
288 "EVENT: In FULL POWER mode - ignore PS AWAKE\n");
289 break;
290 }
291
292 priv->psstate = PS_STATE_AWAKE;
293
294 if (priv->needtowakeup) {
295 /*
296 * wait for the command processing to finish
297 * before resuming sending
298 * priv->needtowakeup will be set to FALSE
299 * in lbs_ps_wakeup()
300 */
301 lbs_deb_cmd("waking up ...\n");
302 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, false);
303 }
304 break;
305
306 case MACREG_INT_CODE_MIC_ERR_UNICAST:
307 lbs_deb_cmd("EVENT: UNICAST MIC ERROR\n");
308 lbs_send_mic_failureevent(priv, event);
309 break;
310
311 case MACREG_INT_CODE_MIC_ERR_MULTICAST:
312 lbs_deb_cmd("EVENT: MULTICAST MIC ERROR\n");
313 lbs_send_mic_failureevent(priv, event);
314 break;
315
316 case MACREG_INT_CODE_MIB_CHANGED:
317 lbs_deb_cmd("EVENT: MIB CHANGED\n");
318 break;
319 case MACREG_INT_CODE_INIT_DONE:
320 lbs_deb_cmd("EVENT: INIT DONE\n");
321 break;
322 case MACREG_INT_CODE_ADHOC_BCN_LOST:
323 lbs_deb_cmd("EVENT: ADHOC beacon lost\n");
324 break;
325 case MACREG_INT_CODE_RSSI_LOW:
326 netdev_alert(priv->dev, "EVENT: rssi low\n");
327 break;
328 case MACREG_INT_CODE_SNR_LOW:
329 netdev_alert(priv->dev, "EVENT: snr low\n");
330 break;
331 case MACREG_INT_CODE_MAX_FAIL:
332 netdev_alert(priv->dev, "EVENT: max fail\n");
333 break;
334 case MACREG_INT_CODE_RSSI_HIGH:
335 netdev_alert(priv->dev, "EVENT: rssi high\n");
336 break;
337 case MACREG_INT_CODE_SNR_HIGH:
338 netdev_alert(priv->dev, "EVENT: snr high\n");
339 break;
340
341 case MACREG_INT_CODE_MESH_AUTO_STARTED:
342 /* Ignore spurious autostart events */
343 netdev_info(priv->dev, "EVENT: MESH_AUTO_STARTED (ignoring)\n");
344 break;
345
346 default:
347 netdev_alert(priv->dev, "EVENT: unknown event id %d\n", event);
348 break;
349 }
350
351 lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret);
352 return ret;
353 } 1 /*
2 * This file contains the major functions in WLAN
3 * driver. It includes init, exit, open, close and main
4 * thread etc..
5 */
6
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8
9 #include <linux/module.h>
10 #include <linux/delay.h>
11 #include <linux/etherdevice.h>
12 #include <linux/hardirq.h>
13 #include <linux/netdevice.h>
14 #include <linux/if_arp.h>
15 #include <linux/kthread.h>
16 #include <linux/kfifo.h>
17 #include <linux/slab.h>
18 #include <net/cfg80211.h>
19
20 #include "host.h"
21 #include "decl.h"
22 #include "dev.h"
23 #include "cfg.h"
24 #include "debugfs.h"
25 #include "cmd.h"
26 #include "mesh.h"
27
28 #define DRIVER_RELEASE_VERSION "323.p0"
29 const char lbs_driver_version[] = "COMM-USB8388-" DRIVER_RELEASE_VERSION
30 #ifdef DEBUG
31 "-dbg"
32 #endif
33 "";
34
35
36 /* Module parameters */
37 unsigned int lbs_debug;
38 EXPORT_SYMBOL_GPL(lbs_debug);
39 module_param_named(libertas_debug, lbs_debug, int, 0644);
40
41 unsigned int lbs_disablemesh;
42 EXPORT_SYMBOL_GPL(lbs_disablemesh);
43 module_param_named(libertas_disablemesh, lbs_disablemesh, int, 0644);
44
45
46 /*
47 * This global structure is used to send the confirm_sleep command as
48 * fast as possible down to the firmware.
49 */
50 struct cmd_confirm_sleep confirm_sleep;
51
52
53 /*
54 * the table to keep region code
55 */
56 u16 lbs_region_code_to_index[MRVDRV_MAX_REGION_CODE] =
57 { 0x10, 0x20, 0x30, 0x31, 0x32, 0x40 };
58
59 /*
60 * FW rate table. FW refers to rates by their index in this table, not by the
61 * rate value itself. Values of 0x00 are
62 * reserved positions.
63 */
64 static u8 fw_data_rates[MAX_RATES] =
65 { 0x02, 0x04, 0x0B, 0x16, 0x00, 0x0C, 0x12,
66 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C, 0x00
67 };
68
69 /**
70 * lbs_fw_index_to_data_rate - use index to get the data rate
71 *
72 * @idx: The index of data rate
73 * returns: data rate or 0
74 */
75 u32 lbs_fw_index_to_data_rate(u8 idx)
76 {
77 if (idx >= sizeof(fw_data_rates))
78 idx = 0;
79 return fw_data_rates[idx];
80 }
81
82 /**
83 * lbs_data_rate_to_fw_index - use rate to get the index
84 *
85 * @rate: data rate
86 * returns: index or 0
87 */
88 u8 lbs_data_rate_to_fw_index(u32 rate)
89 {
90 u8 i;
91
92 if (!rate)
93 return 0;
94
95 for (i = 0; i < sizeof(fw_data_rates); i++) {
96 if (rate == fw_data_rates[i])
97 return i;
98 }
99 return 0;
100 }
101
102 int lbs_set_iface_type(struct lbs_private *priv, enum nl80211_iftype type)
103 {
104 int ret = 0;
105
106 switch (type) {
107 case NL80211_IFTYPE_MONITOR:
108 ret = lbs_set_monitor_mode(priv, 1);
109 break;
110 case NL80211_IFTYPE_STATION:
111 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR)
112 ret = lbs_set_monitor_mode(priv, 0);
113 if (!ret)
114 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 1);
115 break;
116 case NL80211_IFTYPE_ADHOC:
117 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR)
118 ret = lbs_set_monitor_mode(priv, 0);
119 if (!ret)
120 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 2);
121 break;
122 default:
123 ret = -ENOTSUPP;
124 }
125 return ret;
126 }
127
128 int lbs_start_iface(struct lbs_private *priv)
129 {
130 struct cmd_ds_802_11_mac_address cmd;
131 int ret;
132
133 if (priv->power_restore) {
134 ret = priv->power_restore(priv);
135 if (ret)
136 return ret;
137 }
138
139 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
140 cmd.action = cpu_to_le16(CMD_ACT_SET);
141 memcpy(cmd.macadd, priv->current_addr, ETH_ALEN);
142
143 ret = lbs_cmd_with_response(priv, CMD_802_11_MAC_ADDRESS, &cmd);
144 if (ret) {
145 lbs_deb_net("set MAC address failed\n");
146 goto err;
147 }
148
149 ret = lbs_set_iface_type(priv, priv->wdev->iftype);
150 if (ret) {
151 lbs_deb_net("set iface type failed\n");
152 goto err;
153 }
154
155 ret = lbs_set_11d_domain_info(priv);
156 if (ret) {
157 lbs_deb_net("set 11d domain info failed\n");
158 goto err;
159 }
160
161 lbs_update_channel(priv);
162
163 priv->iface_running = true;
164 return 0;
165
166 err:
167 if (priv->power_save)
168 priv->power_save(priv);
169 return ret;
170 }
171
172 /**
173 * lbs_dev_open - open the ethX interface
174 *
175 * @dev: A pointer to &net_device structure
176 * returns: 0 or -EBUSY if monitor mode active
177 */
178 static int lbs_dev_open(struct net_device *dev)
179 {
180 struct lbs_private *priv = dev->ml_priv;
181 int ret = 0;
182
183 lbs_deb_enter(LBS_DEB_NET);
184 if (!priv->iface_running) {
185 ret = lbs_start_iface(priv);
186 if (ret)
187 goto out;
188 }
189
190 spin_lock_irq(&priv->driver_lock);
191
192 netif_carrier_off(dev);
193
194 if (!priv->tx_pending_len)
195 netif_wake_queue(dev);
196
197 spin_unlock_irq(&priv->driver_lock);
198
199 out:
200 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret);
201 return ret;
202 }
203
204 static bool lbs_command_queue_empty(struct lbs_private *priv)
205 {
206 unsigned long flags;
207 bool ret;
208 spin_lock_irqsave(&priv->driver_lock, flags);
209 ret = priv->cur_cmd == NULL && list_empty(&priv->cmdpendingq);
210 spin_unlock_irqrestore(&priv->driver_lock, flags);
211 return ret;
212 }
213
214 int lbs_stop_iface(struct lbs_private *priv)
215 {
216 unsigned long flags;
217 int ret = 0;
218
219 lbs_deb_enter(LBS_DEB_MAIN);
220
221 spin_lock_irqsave(&priv->driver_lock, flags);
222 priv->iface_running = false;
223 kfree_skb(priv->currenttxskb);
224 priv->currenttxskb = NULL;
225 priv->tx_pending_len = 0;
226 spin_unlock_irqrestore(&priv->driver_lock, flags);
227
228 cancel_work_sync(&priv->mcast_work);
229 del_timer_sync(&priv->tx_lockup_timer);
230
231 /* Disable command processing, and wait for all commands to complete */
232 lbs_deb_main("waiting for commands to complete\n");
233 wait_event(priv->waitq, lbs_command_queue_empty(priv));
234 lbs_deb_main("all commands completed\n");
235
236 if (priv->power_save)
237 ret = priv->power_save(priv);
238
239 lbs_deb_leave(LBS_DEB_MAIN);
240 return ret;
241 }
242
243 /**
244 * lbs_eth_stop - close the ethX interface
245 *
246 * @dev: A pointer to &net_device structure
247 * returns: 0
248 */
249 static int lbs_eth_stop(struct net_device *dev)
250 {
251 struct lbs_private *priv = dev->ml_priv;
252
253 lbs_deb_enter(LBS_DEB_NET);
254
255 if (priv->connect_status == LBS_CONNECTED)
256 lbs_disconnect(priv, WLAN_REASON_DEAUTH_LEAVING);
257
258 spin_lock_irq(&priv->driver_lock);
259 netif_stop_queue(dev);
260 spin_unlock_irq(&priv->driver_lock);
261
262 lbs_update_mcast(priv);
263 cancel_delayed_work_sync(&priv->scan_work);
264 if (priv->scan_req)
265 lbs_scan_done(priv);
266
267 netif_carrier_off(priv->dev);
268
269 if (!lbs_iface_active(priv))
270 lbs_stop_iface(priv);
271
272 lbs_deb_leave(LBS_DEB_NET);
273 return 0;
274 }
275
276 void lbs_host_to_card_done(struct lbs_private *priv)
277 {
278 unsigned long flags;
279
280 lbs_deb_enter(LBS_DEB_THREAD);
281
282 spin_lock_irqsave(&priv->driver_lock, flags);
283 del_timer(&priv->tx_lockup_timer);
284
285 priv->dnld_sent = DNLD_RES_RECEIVED;
286
287 /* Wake main thread if commands are pending */
288 if (!priv->cur_cmd || priv->tx_pending_len > 0) {
289 if (!priv->wakeup_dev_required)
290 wake_up(&priv->waitq);
291 }
292
293 spin_unlock_irqrestore(&priv->driver_lock, flags);
294 lbs_deb_leave(LBS_DEB_THREAD);
295 }
296 EXPORT_SYMBOL_GPL(lbs_host_to_card_done);
297
298 int lbs_set_mac_address(struct net_device *dev, void *addr)
299 {
300 int ret = 0;
301 struct lbs_private *priv = dev->ml_priv;
302 struct sockaddr *phwaddr = addr;
303
304 lbs_deb_enter(LBS_DEB_NET);
305
306 /*
307 * Can only set MAC address when all interfaces are down, to be written
308 * to the hardware when one of them is brought up.
309 */
310 if (lbs_iface_active(priv))
311 return -EBUSY;
312
313 /* In case it was called from the mesh device */
314 dev = priv->dev;
315
316 memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN);
317 memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
318 if (priv->mesh_dev)
319 memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
320
321 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret);
322 return ret;
323 }
324
325
326 static inline int mac_in_list(unsigned char *list, int list_len,
327 unsigned char *mac)
328 {
329 while (list_len) {
330 if (!memcmp(list, mac, ETH_ALEN))
331 return 1;
332 list += ETH_ALEN;
333 list_len--;
334 }
335 return 0;
336 }
337
338
339 static int lbs_add_mcast_addrs(struct cmd_ds_mac_multicast_adr *cmd,
340 struct net_device *dev, int nr_addrs)
341 {
342 int i = nr_addrs;
343 struct netdev_hw_addr *ha;
344 int cnt;
345
346 if ((dev->flags & (IFF_UP|IFF_MULTICAST)) != (IFF_UP|IFF_MULTICAST))
347 return nr_addrs;
348
349 netif_addr_lock_bh(dev);
350 cnt = netdev_mc_count(dev);
351 netdev_for_each_mc_addr(ha, dev) {
352 if (mac_in_list(cmd->maclist, nr_addrs, ha->addr)) {
353 lbs_deb_net("mcast address %s:%pM skipped\n", dev->name,
354 ha->addr);
355 cnt--;
356 continue;
357 }
358
359 if (i == MRVDRV_MAX_MULTICAST_LIST_SIZE)
360 break;
361 memcpy(&cmd->maclist[6*i], ha->addr, ETH_ALEN);
362 lbs_deb_net("mcast address %s:%pM added to filter\n", dev->name,
363 ha->addr);
364 i++;
365 cnt--;
366 }
367 netif_addr_unlock_bh(dev);
368 if (cnt)
369 return -EOVERFLOW;
370
371 return i;
372 }
373
374 void lbs_update_mcast(struct lbs_private *priv)
375 {
376 struct cmd_ds_mac_multicast_adr mcast_cmd;
377 int dev_flags = 0;
378 int nr_addrs;
379 int old_mac_control = priv->mac_control;
380
381 lbs_deb_enter(LBS_DEB_NET);
382
383 if (netif_running(priv->dev))
384 dev_flags |= priv->dev->flags;
385 if (priv->mesh_dev && netif_running(priv->mesh_dev))
386 dev_flags |= priv->mesh_dev->flags;
387
388 if (dev_flags & IFF_PROMISC) {
389 priv->mac_control |= CMD_ACT_MAC_PROMISCUOUS_ENABLE;
390 priv->mac_control &= ~(CMD_ACT_MAC_ALL_MULTICAST_ENABLE |
391 CMD_ACT_MAC_MULTICAST_ENABLE);
392 goto out_set_mac_control;
393 } else if (dev_flags & IFF_ALLMULTI) {
394 do_allmulti:
395 priv->mac_control |= CMD_ACT_MAC_ALL_MULTICAST_ENABLE;
396 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE |
397 CMD_ACT_MAC_MULTICAST_ENABLE);
398 goto out_set_mac_control;
399 }
400
401 /* Once for priv->dev, again for priv->mesh_dev if it exists */
402 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->dev, 0);
403 if (nr_addrs >= 0 && priv->mesh_dev)
404 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->mesh_dev, nr_addrs);
405 if (nr_addrs < 0)
406 goto do_allmulti;
407
408 if (nr_addrs) {
409 int size = offsetof(struct cmd_ds_mac_multicast_adr,
410 maclist[6*nr_addrs]);
411
412 mcast_cmd.action = cpu_to_le16(CMD_ACT_SET);
413 mcast_cmd.hdr.size = cpu_to_le16(size);
414 mcast_cmd.nr_of_adrs = cpu_to_le16(nr_addrs);
415
416 lbs_cmd_async(priv, CMD_MAC_MULTICAST_ADR, &mcast_cmd.hdr, size);
417
418 priv->mac_control |= CMD_ACT_MAC_MULTICAST_ENABLE;
419 } else
420 priv->mac_control &= ~CMD_ACT_MAC_MULTICAST_ENABLE;
421
422 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE |
423 CMD_ACT_MAC_ALL_MULTICAST_ENABLE);
424 out_set_mac_control:
425 if (priv->mac_control != old_mac_control)
426 lbs_set_mac_control(priv);
427
428 lbs_deb_leave(LBS_DEB_NET);
429 }
430
431 static void lbs_set_mcast_worker(struct work_struct *work)
432 {
433 struct lbs_private *priv = container_of(work, struct lbs_private, mcast_work);
434 lbs_update_mcast(priv);
435 }
436
437 void lbs_set_multicast_list(struct net_device *dev)
438 {
439 struct lbs_private *priv = dev->ml_priv;
440
441 schedule_work(&priv->mcast_work);
442 }
443
444 /**
445 * lbs_thread - handles the major jobs in the LBS driver.
446 * It handles all events generated by firmware, RX data received
447 * from firmware and TX data sent from kernel.
448 *
449 * @data: A pointer to &lbs_thread structure
450 * returns: 0
451 */
452 static int lbs_thread(void *data)
453 {
454 struct net_device *dev = data;
455 struct lbs_private *priv = dev->ml_priv;
456 wait_queue_t wait;
457
458 lbs_deb_enter(LBS_DEB_THREAD);
459
460 init_waitqueue_entry(&wait, current);
461
462 for (;;) {
463 int shouldsleep;
464 u8 resp_idx;
465
466 lbs_deb_thread("1: currenttxskb %p, dnld_sent %d\n",
467 priv->currenttxskb, priv->dnld_sent);
468
469 add_wait_queue(&priv->waitq, &wait);
470 set_current_state(TASK_INTERRUPTIBLE);
471 spin_lock_irq(&priv->driver_lock);
472
473 if (kthread_should_stop())
474 shouldsleep = 0; /* Bye */
475 else if (priv->surpriseremoved)
476 shouldsleep = 1; /* We need to wait until we're _told_ to die */
477 else if (priv->psstate == PS_STATE_SLEEP)
478 shouldsleep = 1; /* Sleep mode. Nothing we can do till it wakes */
479 else if (priv->cmd_timed_out)
480 shouldsleep = 0; /* Command timed out. Recover */
481 else if (!priv->fw_ready)
482 shouldsleep = 1; /* Firmware not ready. We're waiting for it */
483 else if (priv->dnld_sent)
484 shouldsleep = 1; /* Something is en route to the device already */
485 else if (priv->tx_pending_len > 0)
486 shouldsleep = 0; /* We've a packet to send */
487 else if (priv->resp_len[priv->resp_idx])
488 shouldsleep = 0; /* We have a command response */
489 else if (priv->cur_cmd)
490 shouldsleep = 1; /* Can't send a command; one already running */
491 else if (!list_empty(&priv->cmdpendingq) &&
492 !(priv->wakeup_dev_required))
493 shouldsleep = 0; /* We have a command to send */
494 else if (kfifo_len(&priv->event_fifo))
495 shouldsleep = 0; /* We have an event to process */
496 else
497 shouldsleep = 1; /* No command */
498
499 if (shouldsleep) {
500 lbs_deb_thread("sleeping, connect_status %d, "
501 "psmode %d, psstate %d\n",
502 priv->connect_status,
503 priv->psmode, priv->psstate);
504 spin_unlock_irq(&priv->driver_lock);
505 schedule();
506 } else
507 spin_unlock_irq(&priv->driver_lock);
508
509 lbs_deb_thread("2: currenttxskb %p, dnld_send %d\n",
510 priv->currenttxskb, priv->dnld_sent);
511
512 set_current_state(TASK_RUNNING);
513 remove_wait_queue(&priv->waitq, &wait);
514
515 lbs_deb_thread("3: currenttxskb %p, dnld_sent %d\n",
516 priv->currenttxskb, priv->dnld_sent);
517
518 if (kthread_should_stop()) {
519 lbs_deb_thread("break from main thread\n");
520 break;
521 }
522
523 if (priv->surpriseremoved) {
524 lbs_deb_thread("adapter removed; waiting to die...\n");
525 continue;
526 }
527
528 lbs_deb_thread("4: currenttxskb %p, dnld_sent %d\n",
529 priv->currenttxskb, priv->dnld_sent);
530
531 /* Process any pending command response */
532 spin_lock_irq(&priv->driver_lock);
533 resp_idx = priv->resp_idx;
534 if (priv->resp_len[resp_idx]) {
535 spin_unlock_irq(&priv->driver_lock);
536 lbs_process_command_response(priv,
537 priv->resp_buf[resp_idx],
538 priv->resp_len[resp_idx]);
539 spin_lock_irq(&priv->driver_lock);
540 priv->resp_len[resp_idx] = 0;
541 }
542 spin_unlock_irq(&priv->driver_lock);
543
544 /* Process hardware events, e.g. card removed, link lost */
545 spin_lock_irq(&priv->driver_lock);
546 while (kfifo_len(&priv->event_fifo)) {
547 u32 event;
548
549 if (kfifo_out(&priv->event_fifo,
550 (unsigned char *) &event, sizeof(event)) !=
551 sizeof(event))
552 break;
553 spin_unlock_irq(&priv->driver_lock);
554 lbs_process_event(priv, event);
555 spin_lock_irq(&priv->driver_lock);
556 }
557 spin_unlock_irq(&priv->driver_lock);
558
559 if (priv->wakeup_dev_required) {
560 lbs_deb_thread("Waking up device...\n");
561 /* Wake up device */
562 if (priv->exit_deep_sleep(priv))
563 lbs_deb_thread("Wakeup device failed\n");
564 continue;
565 }
566
567 /* command timeout stuff */
568 if (priv->cmd_timed_out && priv->cur_cmd) {
569 struct cmd_ctrl_node *cmdnode = priv->cur_cmd;
570
571 netdev_info(dev, "Timeout submitting command 0x%04x\n",
572 le16_to_cpu(cmdnode->cmdbuf->command));
573 lbs_complete_command(priv, cmdnode, -ETIMEDOUT);
574
575 /* Reset card, but only when it isn't in the process
576 * of being shutdown anyway. */
577 if (!dev->dismantle && priv->reset_card)
578 priv->reset_card(priv);
579 }
580 priv->cmd_timed_out = 0;
581
582 if (!priv->fw_ready)
583 continue;
584
585 /* Check if we need to confirm Sleep Request received previously */
586 if (priv->psstate == PS_STATE_PRE_SLEEP &&
587 !priv->dnld_sent && !priv->cur_cmd) {
588 if (priv->connect_status == LBS_CONNECTED) {
589 lbs_deb_thread("pre-sleep, currenttxskb %p, "
590 "dnld_sent %d, cur_cmd %p\n",
591 priv->currenttxskb, priv->dnld_sent,
592 priv->cur_cmd);
593
594 lbs_ps_confirm_sleep(priv);
595 } else {
596 /* workaround for firmware sending
597 * deauth/linkloss event immediately
598 * after sleep request; remove this
599 * after firmware fixes it
600 */
601 priv->psstate = PS_STATE_AWAKE;
602 netdev_alert(dev,
603 "ignore PS_SleepConfirm in non-connected state\n");
604 }
605 }
606
607 /* The PS state is changed during processing of Sleep Request
608 * event above
609 */
610 if ((priv->psstate == PS_STATE_SLEEP) ||
611 (priv->psstate == PS_STATE_PRE_SLEEP))
612 continue;
613
614 if (priv->is_deep_sleep)
615 continue;
616
617 /* Execute the next command */
618 if (!priv->dnld_sent && !priv->cur_cmd)
619 lbs_execute_next_command(priv);
620
621 spin_lock_irq(&priv->driver_lock);
622 if (!priv->dnld_sent && priv->tx_pending_len > 0) {
623 int ret = priv->hw_host_to_card(priv, MVMS_DAT,
624 priv->tx_pending_buf,
625 priv->tx_pending_len);
626 if (ret) {
627 lbs_deb_tx("host_to_card failed %d\n", ret);
628 priv->dnld_sent = DNLD_RES_RECEIVED;
629 } else {
630 mod_timer(&priv->tx_lockup_timer,
631 jiffies + (HZ * 5));
632 }
633 priv->tx_pending_len = 0;
634 if (!priv->currenttxskb) {
635 /* We can wake the queues immediately if we aren't
636 waiting for TX feedback */
637 if (priv->connect_status == LBS_CONNECTED)
638 netif_wake_queue(priv->dev);
639 if (priv->mesh_dev &&
640 netif_running(priv->mesh_dev))
641 netif_wake_queue(priv->mesh_dev);
642 }
643 }
644 spin_unlock_irq(&priv->driver_lock);
645 }
646
647 del_timer(&priv->command_timer);
648 del_timer(&priv->tx_lockup_timer);
649 del_timer(&priv->auto_deepsleep_timer);
650
651 lbs_deb_leave(LBS_DEB_THREAD);
652 return 0;
653 }
654
655 /**
656 * lbs_setup_firmware - gets the HW spec from the firmware and sets
657 * some basic parameters
658 *
659 * @priv: A pointer to &struct lbs_private structure
660 * returns: 0 or -1
661 */
662 static int lbs_setup_firmware(struct lbs_private *priv)
663 {
664 int ret = -1;
665 s16 curlevel = 0, minlevel = 0, maxlevel = 0;
666
667 lbs_deb_enter(LBS_DEB_FW);
668
669 /* Read MAC address from firmware */
670 eth_broadcast_addr(priv->current_addr);
671 ret = lbs_update_hw_spec(priv);
672 if (ret)
673 goto done;
674
675 /* Read power levels if available */
676 ret = lbs_get_tx_power(priv, &curlevel, &minlevel, &maxlevel);
677 if (ret == 0) {
678 priv->txpower_cur = curlevel;
679 priv->txpower_min = minlevel;
680 priv->txpower_max = maxlevel;
681 }
682
683 /* Send cmd to FW to enable 11D function */
684 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_11D_ENABLE, 1);
685 if (ret)
686 goto done;
687
688 ret = lbs_set_mac_control_sync(priv);
689 done:
690 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret);
691 return ret;
692 }
693
694 int lbs_suspend(struct lbs_private *priv)
695 {
696 int ret;
697
698 lbs_deb_enter(LBS_DEB_FW);
699
700 if (priv->is_deep_sleep) {
701 ret = lbs_set_deep_sleep(priv, 0);
702 if (ret) {
703 netdev_err(priv->dev,
704 "deep sleep cancellation failed: %d\n", ret);
705 return ret;
706 }
707 priv->deep_sleep_required = 1;
708 }
709
710 ret = lbs_set_host_sleep(priv, 1);
711
712 netif_device_detach(priv->dev);
713 if (priv->mesh_dev)
714 netif_device_detach(priv->mesh_dev);
715
716 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret);
717 return ret;
718 }
719 EXPORT_SYMBOL_GPL(lbs_suspend);
720
721 int lbs_resume(struct lbs_private *priv)
722 {
723 int ret;
724
725 lbs_deb_enter(LBS_DEB_FW);
726
727 ret = lbs_set_host_sleep(priv, 0);
728
729 netif_device_attach(priv->dev);
730 if (priv->mesh_dev)
731 netif_device_attach(priv->mesh_dev);
732
733 if (priv->deep_sleep_required) {
734 priv->deep_sleep_required = 0;
735 ret = lbs_set_deep_sleep(priv, 1);
736 if (ret)
737 netdev_err(priv->dev,
738 "deep sleep activation failed: %d\n", ret);
739 }
740
741 if (priv->setup_fw_on_resume)
742 ret = lbs_setup_firmware(priv);
743
744 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret);
745 return ret;
746 }
747 EXPORT_SYMBOL_GPL(lbs_resume);
748
749 /**
750 * lbs_cmd_timeout_handler - handles the timeout of command sending.
751 * It will re-send the same command again.
752 *
753 * @data: &struct lbs_private pointer
754 */
755 static void lbs_cmd_timeout_handler(unsigned long data)
756 {
757 struct lbs_private *priv = (struct lbs_private *)data;
758 unsigned long flags;
759
760 lbs_deb_enter(LBS_DEB_CMD);
761 spin_lock_irqsave(&priv->driver_lock, flags);
762
763 if (!priv->cur_cmd)
764 goto out;
765
766 netdev_info(priv->dev, "command 0x%04x timed out\n",
767 le16_to_cpu(priv->cur_cmd->cmdbuf->command));
768
769 priv->cmd_timed_out = 1;
770
771 /*
772 * If the device didn't even acknowledge the command, reset the state
773 * so that we don't block all future commands due to this one timeout.
774 */
775 if (priv->dnld_sent == DNLD_CMD_SENT)
776 priv->dnld_sent = DNLD_RES_RECEIVED;
777
778 wake_up(&priv->waitq);
779 out:
780 spin_unlock_irqrestore(&priv->driver_lock, flags);
781 lbs_deb_leave(LBS_DEB_CMD);
782 }
783
784 /**
785 * lbs_tx_lockup_handler - handles the timeout of the passing of TX frames
786 * to the hardware. This is known to frequently happen with SD8686 when
787 * waking up after a Wake-on-WLAN-triggered resume.
788 *
789 * @data: &struct lbs_private pointer
790 */
791 static void lbs_tx_lockup_handler(unsigned long data)
792 {
793 struct lbs_private *priv = (struct lbs_private *)data;
794 unsigned long flags;
795
796 lbs_deb_enter(LBS_DEB_TX);
797 spin_lock_irqsave(&priv->driver_lock, flags);
798
799 netdev_info(priv->dev, "TX lockup detected\n");
800 if (priv->reset_card)
801 priv->reset_card(priv);
802
803 priv->dnld_sent = DNLD_RES_RECEIVED;
804 wake_up_interruptible(&priv->waitq);
805
806 spin_unlock_irqrestore(&priv->driver_lock, flags);
807 lbs_deb_leave(LBS_DEB_TX);
808 }
809
810 /**
811 * auto_deepsleep_timer_fn - put the device back to deep sleep mode when
812 * timer expires and no activity (command, event, data etc.) is detected.
813 * @data: &struct lbs_private pointer
814 * returns: N/A
815 */
816 static void auto_deepsleep_timer_fn(unsigned long data)
817 {
818 struct lbs_private *priv = (struct lbs_private *)data;
819
820 lbs_deb_enter(LBS_DEB_CMD);
821
822 if (priv->is_activity_detected) {
823 priv->is_activity_detected = 0;
824 } else {
825 if (priv->is_auto_deep_sleep_enabled &&
826 (!priv->wakeup_dev_required) &&
827 (priv->connect_status != LBS_CONNECTED)) {
828 struct cmd_header cmd;
829
830 lbs_deb_main("Entering auto deep sleep mode...\n");
831 memset(&cmd, 0, sizeof(cmd));
832 cmd.size = cpu_to_le16(sizeof(cmd));
833 lbs_cmd_async(priv, CMD_802_11_DEEP_SLEEP, &cmd,
834 sizeof(cmd));
835 }
836 }
837 mod_timer(&priv->auto_deepsleep_timer , jiffies +
838 (priv->auto_deep_sleep_timeout * HZ)/1000);
839 lbs_deb_leave(LBS_DEB_CMD);
840 }
841
842 int lbs_enter_auto_deep_sleep(struct lbs_private *priv)
843 {
844 lbs_deb_enter(LBS_DEB_SDIO);
845
846 priv->is_auto_deep_sleep_enabled = 1;
847 if (priv->is_deep_sleep)
848 priv->wakeup_dev_required = 1;
849 mod_timer(&priv->auto_deepsleep_timer ,
850 jiffies + (priv->auto_deep_sleep_timeout * HZ)/1000);
851
852 lbs_deb_leave(LBS_DEB_SDIO);
853 return 0;
854 }
855
856 int lbs_exit_auto_deep_sleep(struct lbs_private *priv)
857 {
858 lbs_deb_enter(LBS_DEB_SDIO);
859
860 priv->is_auto_deep_sleep_enabled = 0;
861 priv->auto_deep_sleep_timeout = 0;
862 del_timer(&priv->auto_deepsleep_timer);
863
864 lbs_deb_leave(LBS_DEB_SDIO);
865 return 0;
866 }
867
868 static int lbs_init_adapter(struct lbs_private *priv)
869 {
870 int ret;
871
872 lbs_deb_enter(LBS_DEB_MAIN);
873
874 eth_broadcast_addr(priv->current_addr);
875
876 priv->connect_status = LBS_DISCONNECTED;
877 priv->channel = DEFAULT_AD_HOC_CHANNEL;
878 priv->mac_control = CMD_ACT_MAC_RX_ON | CMD_ACT_MAC_TX_ON;
879 priv->radio_on = 1;
880 priv->psmode = LBS802_11POWERMODECAM;
881 priv->psstate = PS_STATE_FULL_POWER;
882 priv->is_deep_sleep = 0;
883 priv->is_auto_deep_sleep_enabled = 0;
884 priv->deep_sleep_required = 0;
885 priv->wakeup_dev_required = 0;
886 init_waitqueue_head(&priv->ds_awake_q);
887 init_waitqueue_head(&priv->scan_q);
888 priv->authtype_auto = 1;
889 priv->is_host_sleep_configured = 0;
890 priv->is_host_sleep_activated = 0;
891 init_waitqueue_head(&priv->host_sleep_q);
892 init_waitqueue_head(&priv->fw_waitq);
893 mutex_init(&priv->lock);
894
895 setup_timer(&priv->command_timer, lbs_cmd_timeout_handler,
896 (unsigned long)priv);
897 setup_timer(&priv->tx_lockup_timer, lbs_tx_lockup_handler,
898 (unsigned long)priv);
899 setup_timer(&priv->auto_deepsleep_timer, auto_deepsleep_timer_fn,
900 (unsigned long)priv);
901
902 INIT_LIST_HEAD(&priv->cmdfreeq);
903 INIT_LIST_HEAD(&priv->cmdpendingq);
904
905 spin_lock_init(&priv->driver_lock);
906
907 /* Allocate the command buffers */
908 if (lbs_allocate_cmd_buffer(priv)) {
909 pr_err("Out of memory allocating command buffers\n");
910 ret = -ENOMEM;
911 goto out;
912 }
913 priv->resp_idx = 0;
914 priv->resp_len[0] = priv->resp_len[1] = 0;
915
916 /* Create the event FIFO */
917 ret = kfifo_alloc(&priv->event_fifo, sizeof(u32) * 16, GFP_KERNEL);
918 if (ret) {
919 pr_err("Out of memory allocating event FIFO buffer\n");
920 goto out;
921 }
922
923 out:
924 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret);
925
926 return ret;
927 }
928
929 static void lbs_free_adapter(struct lbs_private *priv)
930 {
931 lbs_deb_enter(LBS_DEB_MAIN);
932
933 lbs_free_cmd_buffer(priv);
934 kfifo_free(&priv->event_fifo);
935 del_timer(&priv->command_timer);
936 del_timer(&priv->tx_lockup_timer);
937 del_timer(&priv->auto_deepsleep_timer);
938
939 lbs_deb_leave(LBS_DEB_MAIN);
940 }
941
942 static const struct net_device_ops lbs_netdev_ops = {
943 .ndo_open = lbs_dev_open,
944 .ndo_stop = lbs_eth_stop,
945 .ndo_start_xmit = lbs_hard_start_xmit,
946 .ndo_set_mac_address = lbs_set_mac_address,
947 .ndo_set_rx_mode = lbs_set_multicast_list,
948 .ndo_change_mtu = eth_change_mtu,
949 .ndo_validate_addr = eth_validate_addr,
950 };
951
952 /**
953 * lbs_add_card - adds the card. It will probe the
954 * card, allocate the lbs_priv and initialize the device.
955 *
956 * @card: A pointer to card
957 * @dmdev: A pointer to &struct device
958 * returns: A pointer to &struct lbs_private structure
959 */
960 struct lbs_private *lbs_add_card(void *card, struct device *dmdev)
961 {
962 struct net_device *dev;
963 struct wireless_dev *wdev;
964 struct lbs_private *priv = NULL;
965
966 lbs_deb_enter(LBS_DEB_MAIN);
967
968 /* Allocate an Ethernet device and register it */
969 wdev = lbs_cfg_alloc(dmdev);
970 if (IS_ERR(wdev)) {
971 pr_err("cfg80211 init failed\n");
972 goto done;
973 }
974
975 wdev->iftype = NL80211_IFTYPE_STATION;
976 priv = wdev_priv(wdev);
977 priv->wdev = wdev;
978
979 if (lbs_init_adapter(priv)) {
980 pr_err("failed to initialize adapter structure\n");
981 goto err_wdev;
982 }
983
984 dev = alloc_netdev(0, "wlan%d", NET_NAME_UNKNOWN, ether_setup);
985 if (!dev) {
986 dev_err(dmdev, "no memory for network device instance\n");
987 goto err_adapter;
988 }
989
990 dev->ieee80211_ptr = wdev;
991 dev->ml_priv = priv;
992 SET_NETDEV_DEV(dev, dmdev);
993 wdev->netdev = dev;
994 priv->dev = dev;
995
996 dev->netdev_ops = &lbs_netdev_ops;
997 dev->watchdog_timeo = 5 * HZ;
998 dev->ethtool_ops = &lbs_ethtool_ops;
999 dev->flags |= IFF_BROADCAST | IFF_MULTICAST;
1000
1001 priv->card = card;
1002
1003 strcpy(dev->name, "wlan%d");
1004
1005 lbs_deb_thread("Starting main thread...\n");
1006 init_waitqueue_head(&priv->waitq);
1007 priv->main_thread = kthread_run(lbs_thread, dev, "lbs_main");
1008 if (IS_ERR(priv->main_thread)) {
1009 lbs_deb_thread("Error creating main thread.\n");
1010 goto err_ndev;
1011 }
1012
1013 priv->work_thread = create_singlethread_workqueue("lbs_worker");
1014 INIT_WORK(&priv->mcast_work, lbs_set_mcast_worker);
1015
1016 priv->wol_criteria = EHS_REMOVE_WAKEUP;
1017 priv->wol_gpio = 0xff;
1018 priv->wol_gap = 20;
1019 priv->ehs_remove_supported = true;
1020
1021 goto done;
1022
1023 err_ndev:
1024 free_netdev(dev);
1025
1026 err_adapter:
1027 lbs_free_adapter(priv);
1028
1029 err_wdev:
1030 lbs_cfg_free(priv);
1031
1032 priv = NULL;
1033
1034 done:
1035 lbs_deb_leave_args(LBS_DEB_MAIN, "priv %p", priv);
1036 return priv;
1037 }
1038 EXPORT_SYMBOL_GPL(lbs_add_card);
1039
1040
1041 void lbs_remove_card(struct lbs_private *priv)
1042 {
1043 struct net_device *dev = priv->dev;
1044
1045 lbs_deb_enter(LBS_DEB_MAIN);
1046
1047 lbs_remove_mesh(priv);
1048
1049 if (priv->wiphy_registered)
1050 lbs_scan_deinit(priv);
1051
1052 lbs_wait_for_firmware_load(priv);
1053
1054 /* worker thread destruction blocks on the in-flight command which
1055 * should have been cleared already in lbs_stop_card().
1056 */
1057 lbs_deb_main("destroying worker thread\n");
1058 destroy_workqueue(priv->work_thread);
1059 lbs_deb_main("done destroying worker thread\n");
1060
1061 if (priv->psmode == LBS802_11POWERMODEMAX_PSP) {
1062 priv->psmode = LBS802_11POWERMODECAM;
1063 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, true);
1064 }
1065
1066 if (priv->is_deep_sleep) {
1067 priv->is_deep_sleep = 0;
1068 wake_up_interruptible(&priv->ds_awake_q);
1069 }
1070
1071 priv->is_host_sleep_configured = 0;
1072 priv->is_host_sleep_activated = 0;
1073 wake_up_interruptible(&priv->host_sleep_q);
1074
1075 /* Stop the thread servicing the interrupts */
1076 priv->surpriseremoved = 1;
1077 kthread_stop(priv->main_thread);
1078
1079 lbs_free_adapter(priv);
1080 lbs_cfg_free(priv);
1081 free_netdev(dev);
1082
1083 lbs_deb_leave(LBS_DEB_MAIN);
1084 }
1085 EXPORT_SYMBOL_GPL(lbs_remove_card);
1086
1087
1088 int lbs_rtap_supported(struct lbs_private *priv)
1089 {
1090 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5)
1091 return 1;
1092
1093 /* newer firmware use a capability mask */
1094 return ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) &&
1095 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK));
1096 }
1097
1098
1099 int lbs_start_card(struct lbs_private *priv)
1100 {
1101 struct net_device *dev = priv->dev;
1102 int ret = -1;
1103
1104 lbs_deb_enter(LBS_DEB_MAIN);
1105
1106 /* poke the firmware */
1107 ret = lbs_setup_firmware(priv);
1108 if (ret)
1109 goto done;
1110
1111 if (!lbs_disablemesh)
1112 lbs_init_mesh(priv);
1113 else
1114 pr_info("%s: mesh disabled\n", dev->name);
1115
1116 if (lbs_cfg_register(priv)) {
1117 pr_err("cannot register device\n");
1118 goto done;
1119 }
1120
1121 if (lbs_mesh_activated(priv))
1122 lbs_start_mesh(priv);
1123
1124 lbs_debugfs_init_one(priv, dev);
1125
1126 netdev_info(dev, "Marvell WLAN 802.11 adapter\n");
1127
1128 ret = 0;
1129
1130 done:
1131 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret);
1132 return ret;
1133 }
1134 EXPORT_SYMBOL_GPL(lbs_start_card);
1135
1136
1137 void lbs_stop_card(struct lbs_private *priv)
1138 {
1139 struct net_device *dev;
1140
1141 lbs_deb_enter(LBS_DEB_MAIN);
1142
1143 if (!priv)
1144 goto out;
1145 dev = priv->dev;
1146
1147 /* If the netdev isn't registered, it means that lbs_start_card() was
1148 * never called so we have nothing to do here. */
1149 if (dev->reg_state != NETREG_REGISTERED)
1150 goto out;
1151
1152 netif_stop_queue(dev);
1153 netif_carrier_off(dev);
1154
1155 lbs_debugfs_remove_one(priv);
1156 lbs_deinit_mesh(priv);
1157 unregister_netdev(dev);
1158
1159 out:
1160 lbs_deb_leave(LBS_DEB_MAIN);
1161 }
1162 EXPORT_SYMBOL_GPL(lbs_stop_card);
1163
1164
1165 void lbs_queue_event(struct lbs_private *priv, u32 event)
1166 {
1167 unsigned long flags;
1168
1169 lbs_deb_enter(LBS_DEB_THREAD);
1170 spin_lock_irqsave(&priv->driver_lock, flags);
1171
1172 if (priv->psstate == PS_STATE_SLEEP)
1173 priv->psstate = PS_STATE_AWAKE;
1174
1175 kfifo_in(&priv->event_fifo, (unsigned char *) &event, sizeof(u32));
1176
1177 wake_up(&priv->waitq);
1178
1179 spin_unlock_irqrestore(&priv->driver_lock, flags);
1180 lbs_deb_leave(LBS_DEB_THREAD);
1181 }
1182 EXPORT_SYMBOL_GPL(lbs_queue_event);
1183
1184 void lbs_notify_command_response(struct lbs_private *priv, u8 resp_idx)
1185 {
1186 lbs_deb_enter(LBS_DEB_THREAD);
1187
1188 if (priv->psstate == PS_STATE_SLEEP)
1189 priv->psstate = PS_STATE_AWAKE;
1190
1191 /* Swap buffers by flipping the response index */
1192 BUG_ON(resp_idx > 1);
1193 priv->resp_idx = resp_idx;
1194
1195 wake_up(&priv->waitq);
1196
1197 lbs_deb_leave(LBS_DEB_THREAD);
1198 }
1199 EXPORT_SYMBOL_GPL(lbs_notify_command_response);
1200
1201 static int __init lbs_init_module(void)
1202 {
1203 lbs_deb_enter(LBS_DEB_MAIN);
1204 memset(&confirm_sleep, 0, sizeof(confirm_sleep));
1205 confirm_sleep.hdr.command = cpu_to_le16(CMD_802_11_PS_MODE);
1206 confirm_sleep.hdr.size = cpu_to_le16(sizeof(confirm_sleep));
1207 confirm_sleep.action = cpu_to_le16(PS_MODE_ACTION_SLEEP_CONFIRMED);
1208 lbs_debugfs_init();
1209 lbs_deb_leave(LBS_DEB_MAIN);
1210 return 0;
1211 }
1212
1213 static void __exit lbs_exit_module(void)
1214 {
1215 lbs_deb_enter(LBS_DEB_MAIN);
1216 lbs_debugfs_remove();
1217 lbs_deb_leave(LBS_DEB_MAIN);
1218 }
1219
1220 module_init(lbs_init_module);
1221 module_exit(lbs_exit_module);
1222
1223 MODULE_DESCRIPTION("Libertas WLAN Driver Library");
1224 MODULE_AUTHOR("Marvell International Ltd.");
1225 MODULE_LICENSE("GPL"); 1
2 #include <linux/kernel.h>
3 #include <linux/mutex.h>
4 #include <linux/spinlock.h>
5 #include <linux/errno.h>
6 #include <verifier/rcv.h>
7 #include <linux/list.h>
8
9 /* mutexes */
10 extern int mutex_lock_interruptible(struct mutex *lock);
11 extern int mutex_lock_killable(struct mutex *lock);
12 extern void mutex_lock(struct mutex *lock);
13
14 /* mutex model functions */
15 extern void ldv_mutex_lock(struct mutex *lock, char *sign);
16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign);
17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign);
18
19
20 /* Spin locks */
21 extern void __ldv_spin_lock(spinlock_t *lock);
22 extern void __ldv_spin_unlock(spinlock_t *lock);
23 extern int __ldv_spin_trylock(spinlock_t *lock);
24 extern void __ldv_spin_unlock_wait(spinlock_t *lock);
25 extern void __ldv_spin_can_lock(spinlock_t *lock);
26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock);
27
28 /* spin model functions */
29 extern void ldv_spin_lock(spinlock_t *lock, char *sign);
30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign);
31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign);
32
33 /* Support for list binder functions */
34 static inline struct list_head *ldv_list_get_first(struct list_head *head) {
35 return head->next;
36 }
37
38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) {
39 return pos==head;
40 }
41
42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) {
43 return pos->next;
44 }
45
46 #include <linux/mutex.h>
47 #include <linux/slab.h>
48 #include <verifier/rcv.h>
49 #include <linux/timer.h>
50 #include <linux/rtnetlink.h>
51 #include <linux/gfp.h>
52 int ldv_state_variable_8;
53 int ldv_state_variable_15;
54 int ldv_timer_1_3;
55 struct timer_list * ldv_timer_list_2_0;
56 int ldv_timer_2_1;
57 int ldv_state_variable_0;
58 int ldv_state_variable_5;
59 int ldv_state_variable_13;
60 int ldv_state_variable_12;
61 struct device_attribute *dev_attr_protocol_id_group1;
62 struct timer_list * ldv_timer_list_3_1;
63 int ldv_state_variable_14;
64 struct device_attribute *dev_attr_capability_group1;
65 struct timer_list * ldv_timer_list_3_2;
66 int ldv_timer_2_2;
67 struct net_device *lbs_ethtool_ops_group0;
68 int ldv_timer_3_3;
69 int ldv_timer_2_3;
70 struct device_attribute *dev_attr_lbs_mesh_group1;
71 int ldv_timer_1_0;
72 int ldv_state_variable_17;
73 struct timer_list * ldv_timer_list_3_3;
74 int ldv_state_variable_9;
75 int ldv_timer_3_1;
76 int ref_cnt;
77 int ldv_state_variable_1;
78 int ldv_state_variable_7;
79 struct device_attribute *dev_attr_metric_id_group1;
80 struct net_device *lbs_netdev_ops_group1;
81 struct timer_list * ldv_timer_list_1_3;
82 struct net_device *lbs_cfg80211_ops_group0;
83 int ldv_state_variable_10;
84 struct timer_list * ldv_timer_list_1_1;
85 struct file *lbs_debug_fops_group2;
86 struct timer_list * ldv_timer_list_2_1;
87 struct wiphy *lbs_cfg80211_ops_group1;
88 struct timer_list * ldv_timer_list_1_0;
89 int ldv_state_variable_6;
90 int ldv_timer_1_2;
91 int ldv_state_variable_16;
92 struct device_attribute *dev_attr_channel_group1;
93 int ldv_timer_2_0;
94 int ldv_timer_1_1;
95 int ldv_state_variable_2;
96 struct timer_list * ldv_timer_list_1_2;
97 struct device_attribute *dev_attr_anycast_mask_group1;
98 int ldv_state_variable_11;
99 struct device_attribute *dev_attr_bootflag_group1;
100 int LDV_IN_INTERRUPT = 1;
101 int __VERIFIER_nondet_int(void);
102 int ldv_state_variable_18;
103 struct net_device *mesh_netdev_ops_group1;
104 struct device_attribute *dev_attr_prb_rsp_limit_group1;
105 struct inode *lbs_debug_fops_group1;
106 int ldv_timer_3_2;
107 struct mutex fs_mutex;
108 int ldv_state_variable_3;
109 struct mutex ar_mutex;
110 struct timer_list * ldv_timer_list_2_3;
111 struct device_attribute *dev_attr_boottime_group1;
112 int ldv_timer_3_0;
113 struct timer_list * ldv_timer_list_3_0;
114 struct device_attribute *dev_attr_mesh_id_group1;
115 struct timer_list * ldv_timer_list_2_2;
116 int ldv_state_variable_4;
117 struct ethtool_wolinfo *lbs_ethtool_ops_group1;
118 void ldv_initialyze_cfg80211_ops_18(void);
119 int evil_hack_15(void);
120 void choose_timer_2(void);
121 int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
122 void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag);
123 void choose_timer_3(void);
124 void timer_init_3(void);
125 void ldv_net_device_ops_4(void);
126 void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag);
127 void timer_init_2(void);
128 void timer_init_1(void);
129 void ldv_net_device_ops_15(void);
130 void disable_suitable_timer_3(struct timer_list * timer);
131 void activate_suitable_timer_3(struct timer_list * timer, unsigned long data);
132 int evil_hack_4(void);
133 int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
134 void disable_suitable_timer_2(struct timer_list * timer);
135 void disable_suitable_timer_1(struct timer_list * timer);
136 int evil_hack_fs_lock(void);
137 void activate_suitable_timer_1(struct timer_list * timer, unsigned long data);
138 void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag);
139 int __VERIFIER_nondet_int(void);
140 int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
141 void ldv_file_operations_17(void);
142 void ldv_initialyze_ethtool_ops_16(void);
143 void choose_timer_1(void);
144 void ldv_timer_1(int state, struct timer_list * timer);
145 int evil_hack_ar_lock(void);
146 void activate_suitable_timer_2(struct timer_list * timer, unsigned long data);
147 void ldv_timer_2(int state, struct timer_list * timer);
148 void ldv_timer_3(int state, struct timer_list * timer);
149 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/main.c"
150 /*
151 * This file contains the major functions in WLAN
152 * driver. It includes init, exit, open, close and main
153 * thread etc..
154 */
155
156 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
157
158 #include <linux/module.h>
159 #include <linux/delay.h>
160 #include <linux/etherdevice.h>
161 #include <linux/hardirq.h>
162 #include <linux/netdevice.h>
163 #include <linux/if_arp.h>
164 #include <linux/kthread.h>
165 #include <linux/kfifo.h>
166 #include <linux/slab.h>
167 #include <net/cfg80211.h>
168
169 #include "host.h"
170 #include "decl.h"
171 #include "dev.h"
172 #include "cfg.h"
173 #include "debugfs.h"
174 #include "cmd.h"
175 #include "mesh.h"
176
177 #define DRIVER_RELEASE_VERSION "323.p0"
178 const char lbs_driver_version[] = "COMM-USB8388-" DRIVER_RELEASE_VERSION
179 #ifdef DEBUG
180 "-dbg"
181 #endif
182 "";
183
184
185 /* Module parameters */
186 unsigned int lbs_debug;
187 EXPORT_SYMBOL_GPL(lbs_debug);
188 module_param_named(libertas_debug, lbs_debug, int, 0644);
189
190 unsigned int lbs_disablemesh;
191 EXPORT_SYMBOL_GPL(lbs_disablemesh);
192 module_param_named(libertas_disablemesh, lbs_disablemesh, int, 0644);
193
194
195 /*
196 * This global structure is used to send the confirm_sleep command as
197 * fast as possible down to the firmware.
198 */
199 struct cmd_confirm_sleep confirm_sleep;
200
201
202 /*
203 * the table to keep region code
204 */
205 u16 lbs_region_code_to_index[MRVDRV_MAX_REGION_CODE] =
206 { 0x10, 0x20, 0x30, 0x31, 0x32, 0x40 };
207
208 /*
209 * FW rate table. FW refers to rates by their index in this table, not by the
210 * rate value itself. Values of 0x00 are
211 * reserved positions.
212 */
213 static u8 fw_data_rates[MAX_RATES] =
214 { 0x02, 0x04, 0x0B, 0x16, 0x00, 0x0C, 0x12,
215 0x18, 0x24, 0x30, 0x48, 0x60, 0x6C, 0x00
216 };
217
218 /**
219 * lbs_fw_index_to_data_rate - use index to get the data rate
220 *
221 * @idx: The index of data rate
222 * returns: data rate or 0
223 */
224 u32 lbs_fw_index_to_data_rate(u8 idx)
225 {
226 if (idx >= sizeof(fw_data_rates))
227 idx = 0;
228 return fw_data_rates[idx];
229 }
230
231 /**
232 * lbs_data_rate_to_fw_index - use rate to get the index
233 *
234 * @rate: data rate
235 * returns: index or 0
236 */
237 u8 lbs_data_rate_to_fw_index(u32 rate)
238 {
239 u8 i;
240
241 if (!rate)
242 return 0;
243
244 for (i = 0; i < sizeof(fw_data_rates); i++) {
245 if (rate == fw_data_rates[i])
246 return i;
247 }
248 return 0;
249 }
250
251 int lbs_set_iface_type(struct lbs_private *priv, enum nl80211_iftype type)
252 {
253 int ret = 0;
254
255 switch (type) {
256 case NL80211_IFTYPE_MONITOR:
257 ret = lbs_set_monitor_mode(priv, 1);
258 break;
259 case NL80211_IFTYPE_STATION:
260 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR)
261 ret = lbs_set_monitor_mode(priv, 0);
262 if (!ret)
263 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 1);
264 break;
265 case NL80211_IFTYPE_ADHOC:
266 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR)
267 ret = lbs_set_monitor_mode(priv, 0);
268 if (!ret)
269 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_BSS_TYPE, 2);
270 break;
271 default:
272 ret = -ENOTSUPP;
273 }
274 return ret;
275 }
276
277 int lbs_start_iface(struct lbs_private *priv)
278 {
279 struct cmd_ds_802_11_mac_address cmd;
280 int ret;
281
282 if (priv->power_restore) {
283 ret = priv->power_restore(priv);
284 if (ret)
285 return ret;
286 }
287
288 cmd.hdr.size = cpu_to_le16(sizeof(cmd));
289 cmd.action = cpu_to_le16(CMD_ACT_SET);
290 memcpy(cmd.macadd, priv->current_addr, ETH_ALEN);
291
292 ret = lbs_cmd_with_response(priv, CMD_802_11_MAC_ADDRESS, &cmd);
293 if (ret) {
294 lbs_deb_net("set MAC address failed\n");
295 goto err;
296 }
297
298 ret = lbs_set_iface_type(priv, priv->wdev->iftype);
299 if (ret) {
300 lbs_deb_net("set iface type failed\n");
301 goto err;
302 }
303
304 ret = lbs_set_11d_domain_info(priv);
305 if (ret) {
306 lbs_deb_net("set 11d domain info failed\n");
307 goto err;
308 }
309
310 lbs_update_channel(priv);
311
312 priv->iface_running = true;
313 return 0;
314
315 err:
316 if (priv->power_save)
317 priv->power_save(priv);
318 return ret;
319 }
320
321 /**
322 * lbs_dev_open - open the ethX interface
323 *
324 * @dev: A pointer to &net_device structure
325 * returns: 0 or -EBUSY if monitor mode active
326 */
327 static int lbs_dev_open(struct net_device *dev)
328 {
329 struct lbs_private *priv = dev->ml_priv;
330 int ret = 0;
331
332 lbs_deb_enter(LBS_DEB_NET);
333 if (!priv->iface_running) {
334 ret = lbs_start_iface(priv);
335 if (ret)
336 goto out;
337 }
338
339 spin_lock_irq(&priv->driver_lock);
340
341 netif_carrier_off(dev);
342
343 if (!priv->tx_pending_len)
344 netif_wake_queue(dev);
345
346 spin_unlock_irq(&priv->driver_lock);
347
348 out:
349 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret);
350 return ret;
351 }
352
353 static bool lbs_command_queue_empty(struct lbs_private *priv)
354 {
355 unsigned long flags;
356 bool ret;
357 spin_lock_irqsave(&priv->driver_lock, flags);
358 ret = priv->cur_cmd == NULL && list_empty(&priv->cmdpendingq);
359 spin_unlock_irqrestore(&priv->driver_lock, flags);
360 return ret;
361 }
362
363 int lbs_stop_iface(struct lbs_private *priv)
364 {
365 unsigned long flags;
366 int ret = 0;
367
368 lbs_deb_enter(LBS_DEB_MAIN);
369
370 spin_lock_irqsave(&priv->driver_lock, flags);
371 priv->iface_running = false;
372 kfree_skb(priv->currenttxskb);
373 priv->currenttxskb = NULL;
374 priv->tx_pending_len = 0;
375 spin_unlock_irqrestore(&priv->driver_lock, flags);
376
377 cancel_work_sync(&priv->mcast_work);
378 del_timer_sync(&priv->tx_lockup_timer);
379
380 /* Disable command processing, and wait for all commands to complete */
381 lbs_deb_main("waiting for commands to complete\n");
382 wait_event(priv->waitq, lbs_command_queue_empty(priv));
383 lbs_deb_main("all commands completed\n");
384
385 if (priv->power_save)
386 ret = priv->power_save(priv);
387
388 lbs_deb_leave(LBS_DEB_MAIN);
389 return ret;
390 }
391
392 /**
393 * lbs_eth_stop - close the ethX interface
394 *
395 * @dev: A pointer to &net_device structure
396 * returns: 0
397 */
398 static int lbs_eth_stop(struct net_device *dev)
399 {
400 struct lbs_private *priv = dev->ml_priv;
401
402 lbs_deb_enter(LBS_DEB_NET);
403
404 if (priv->connect_status == LBS_CONNECTED)
405 lbs_disconnect(priv, WLAN_REASON_DEAUTH_LEAVING);
406
407 spin_lock_irq(&priv->driver_lock);
408 netif_stop_queue(dev);
409 spin_unlock_irq(&priv->driver_lock);
410
411 lbs_update_mcast(priv);
412 cancel_delayed_work_sync(&priv->scan_work);
413 if (priv->scan_req)
414 lbs_scan_done(priv);
415
416 netif_carrier_off(priv->dev);
417
418 if (!lbs_iface_active(priv))
419 lbs_stop_iface(priv);
420
421 lbs_deb_leave(LBS_DEB_NET);
422 return 0;
423 }
424
425 void lbs_host_to_card_done(struct lbs_private *priv)
426 {
427 unsigned long flags;
428
429 lbs_deb_enter(LBS_DEB_THREAD);
430
431 spin_lock_irqsave(&priv->driver_lock, flags);
432 del_timer(&priv->tx_lockup_timer);
433
434 priv->dnld_sent = DNLD_RES_RECEIVED;
435
436 /* Wake main thread if commands are pending */
437 if (!priv->cur_cmd || priv->tx_pending_len > 0) {
438 if (!priv->wakeup_dev_required)
439 wake_up(&priv->waitq);
440 }
441
442 spin_unlock_irqrestore(&priv->driver_lock, flags);
443 lbs_deb_leave(LBS_DEB_THREAD);
444 }
445 EXPORT_SYMBOL_GPL(lbs_host_to_card_done);
446
447 int lbs_set_mac_address(struct net_device *dev, void *addr)
448 {
449 int ret = 0;
450 struct lbs_private *priv = dev->ml_priv;
451 struct sockaddr *phwaddr = addr;
452
453 lbs_deb_enter(LBS_DEB_NET);
454
455 /*
456 * Can only set MAC address when all interfaces are down, to be written
457 * to the hardware when one of them is brought up.
458 */
459 if (lbs_iface_active(priv))
460 return -EBUSY;
461
462 /* In case it was called from the mesh device */
463 dev = priv->dev;
464
465 memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN);
466 memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
467 if (priv->mesh_dev)
468 memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
469
470 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret);
471 return ret;
472 }
473
474
475 static inline int mac_in_list(unsigned char *list, int list_len,
476 unsigned char *mac)
477 {
478 while (list_len) {
479 if (!memcmp(list, mac, ETH_ALEN))
480 return 1;
481 list += ETH_ALEN;
482 list_len--;
483 }
484 return 0;
485 }
486
487
488 static int lbs_add_mcast_addrs(struct cmd_ds_mac_multicast_adr *cmd,
489 struct net_device *dev, int nr_addrs)
490 {
491 int i = nr_addrs;
492 struct netdev_hw_addr *ha;
493 int cnt;
494
495 if ((dev->flags & (IFF_UP|IFF_MULTICAST)) != (IFF_UP|IFF_MULTICAST))
496 return nr_addrs;
497
498 netif_addr_lock_bh(dev);
499 cnt = netdev_mc_count(dev);
500 netdev_for_each_mc_addr(ha, dev) {
501 if (mac_in_list(cmd->maclist, nr_addrs, ha->addr)) {
502 lbs_deb_net("mcast address %s:%pM skipped\n", dev->name,
503 ha->addr);
504 cnt--;
505 continue;
506 }
507
508 if (i == MRVDRV_MAX_MULTICAST_LIST_SIZE)
509 break;
510 memcpy(&cmd->maclist[6*i], ha->addr, ETH_ALEN);
511 lbs_deb_net("mcast address %s:%pM added to filter\n", dev->name,
512 ha->addr);
513 i++;
514 cnt--;
515 }
516 netif_addr_unlock_bh(dev);
517 if (cnt)
518 return -EOVERFLOW;
519
520 return i;
521 }
522
523 void lbs_update_mcast(struct lbs_private *priv)
524 {
525 struct cmd_ds_mac_multicast_adr mcast_cmd;
526 int dev_flags = 0;
527 int nr_addrs;
528 int old_mac_control = priv->mac_control;
529
530 lbs_deb_enter(LBS_DEB_NET);
531
532 if (netif_running(priv->dev))
533 dev_flags |= priv->dev->flags;
534 if (priv->mesh_dev && netif_running(priv->mesh_dev))
535 dev_flags |= priv->mesh_dev->flags;
536
537 if (dev_flags & IFF_PROMISC) {
538 priv->mac_control |= CMD_ACT_MAC_PROMISCUOUS_ENABLE;
539 priv->mac_control &= ~(CMD_ACT_MAC_ALL_MULTICAST_ENABLE |
540 CMD_ACT_MAC_MULTICAST_ENABLE);
541 goto out_set_mac_control;
542 } else if (dev_flags & IFF_ALLMULTI) {
543 do_allmulti:
544 priv->mac_control |= CMD_ACT_MAC_ALL_MULTICAST_ENABLE;
545 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE |
546 CMD_ACT_MAC_MULTICAST_ENABLE);
547 goto out_set_mac_control;
548 }
549
550 /* Once for priv->dev, again for priv->mesh_dev if it exists */
551 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->dev, 0);
552 if (nr_addrs >= 0 && priv->mesh_dev)
553 nr_addrs = lbs_add_mcast_addrs(&mcast_cmd, priv->mesh_dev, nr_addrs);
554 if (nr_addrs < 0)
555 goto do_allmulti;
556
557 if (nr_addrs) {
558 int size = offsetof(struct cmd_ds_mac_multicast_adr,
559 maclist[6*nr_addrs]);
560
561 mcast_cmd.action = cpu_to_le16(CMD_ACT_SET);
562 mcast_cmd.hdr.size = cpu_to_le16(size);
563 mcast_cmd.nr_of_adrs = cpu_to_le16(nr_addrs);
564
565 lbs_cmd_async(priv, CMD_MAC_MULTICAST_ADR, &mcast_cmd.hdr, size);
566
567 priv->mac_control |= CMD_ACT_MAC_MULTICAST_ENABLE;
568 } else
569 priv->mac_control &= ~CMD_ACT_MAC_MULTICAST_ENABLE;
570
571 priv->mac_control &= ~(CMD_ACT_MAC_PROMISCUOUS_ENABLE |
572 CMD_ACT_MAC_ALL_MULTICAST_ENABLE);
573 out_set_mac_control:
574 if (priv->mac_control != old_mac_control)
575 lbs_set_mac_control(priv);
576
577 lbs_deb_leave(LBS_DEB_NET);
578 }
579
580 static void lbs_set_mcast_worker(struct work_struct *work)
581 {
582 struct lbs_private *priv = container_of(work, struct lbs_private, mcast_work);
583 lbs_update_mcast(priv);
584 }
585
586 void lbs_set_multicast_list(struct net_device *dev)
587 {
588 struct lbs_private *priv = dev->ml_priv;
589
590 schedule_work(&priv->mcast_work);
591 }
592
593 /**
594 * lbs_thread - handles the major jobs in the LBS driver.
595 * It handles all events generated by firmware, RX data received
596 * from firmware and TX data sent from kernel.
597 *
598 * @data: A pointer to &lbs_thread structure
599 * returns: 0
600 */
601 static int lbs_thread(void *data)
602 {
603 struct net_device *dev = data;
604 struct lbs_private *priv = dev->ml_priv;
605 wait_queue_t wait;
606
607 lbs_deb_enter(LBS_DEB_THREAD);
608
609 init_waitqueue_entry(&wait, current);
610
611 for (;;) {
612 int shouldsleep;
613 u8 resp_idx;
614
615 lbs_deb_thread("1: currenttxskb %p, dnld_sent %d\n",
616 priv->currenttxskb, priv->dnld_sent);
617
618 add_wait_queue(&priv->waitq, &wait);
619 set_current_state(TASK_INTERRUPTIBLE);
620 spin_lock_irq(&priv->driver_lock);
621
622 if (kthread_should_stop())
623 shouldsleep = 0; /* Bye */
624 else if (priv->surpriseremoved)
625 shouldsleep = 1; /* We need to wait until we're _told_ to die */
626 else if (priv->psstate == PS_STATE_SLEEP)
627 shouldsleep = 1; /* Sleep mode. Nothing we can do till it wakes */
628 else if (priv->cmd_timed_out)
629 shouldsleep = 0; /* Command timed out. Recover */
630 else if (!priv->fw_ready)
631 shouldsleep = 1; /* Firmware not ready. We're waiting for it */
632 else if (priv->dnld_sent)
633 shouldsleep = 1; /* Something is en route to the device already */
634 else if (priv->tx_pending_len > 0)
635 shouldsleep = 0; /* We've a packet to send */
636 else if (priv->resp_len[priv->resp_idx])
637 shouldsleep = 0; /* We have a command response */
638 else if (priv->cur_cmd)
639 shouldsleep = 1; /* Can't send a command; one already running */
640 else if (!list_empty(&priv->cmdpendingq) &&
641 !(priv->wakeup_dev_required))
642 shouldsleep = 0; /* We have a command to send */
643 else if (kfifo_len(&priv->event_fifo))
644 shouldsleep = 0; /* We have an event to process */
645 else
646 shouldsleep = 1; /* No command */
647
648 if (shouldsleep) {
649 lbs_deb_thread("sleeping, connect_status %d, "
650 "psmode %d, psstate %d\n",
651 priv->connect_status,
652 priv->psmode, priv->psstate);
653 spin_unlock_irq(&priv->driver_lock);
654 schedule();
655 } else
656 spin_unlock_irq(&priv->driver_lock);
657
658 lbs_deb_thread("2: currenttxskb %p, dnld_send %d\n",
659 priv->currenttxskb, priv->dnld_sent);
660
661 set_current_state(TASK_RUNNING);
662 remove_wait_queue(&priv->waitq, &wait);
663
664 lbs_deb_thread("3: currenttxskb %p, dnld_sent %d\n",
665 priv->currenttxskb, priv->dnld_sent);
666
667 if (kthread_should_stop()) {
668 lbs_deb_thread("break from main thread\n");
669 break;
670 }
671
672 if (priv->surpriseremoved) {
673 lbs_deb_thread("adapter removed; waiting to die...\n");
674 continue;
675 }
676
677 lbs_deb_thread("4: currenttxskb %p, dnld_sent %d\n",
678 priv->currenttxskb, priv->dnld_sent);
679
680 /* Process any pending command response */
681 spin_lock_irq(&priv->driver_lock);
682 resp_idx = priv->resp_idx;
683 if (priv->resp_len[resp_idx]) {
684 spin_unlock_irq(&priv->driver_lock);
685 lbs_process_command_response(priv,
686 priv->resp_buf[resp_idx],
687 priv->resp_len[resp_idx]);
688 spin_lock_irq(&priv->driver_lock);
689 priv->resp_len[resp_idx] = 0;
690 }
691 spin_unlock_irq(&priv->driver_lock);
692
693 /* Process hardware events, e.g. card removed, link lost */
694 spin_lock_irq(&priv->driver_lock);
695 while (kfifo_len(&priv->event_fifo)) {
696 u32 event;
697
698 if (kfifo_out(&priv->event_fifo,
699 (unsigned char *) &event, sizeof(event)) !=
700 sizeof(event))
701 break;
702 spin_unlock_irq(&priv->driver_lock);
703 lbs_process_event(priv, event);
704 spin_lock_irq(&priv->driver_lock);
705 }
706 spin_unlock_irq(&priv->driver_lock);
707
708 if (priv->wakeup_dev_required) {
709 lbs_deb_thread("Waking up device...\n");
710 /* Wake up device */
711 if (priv->exit_deep_sleep(priv))
712 lbs_deb_thread("Wakeup device failed\n");
713 continue;
714 }
715
716 /* command timeout stuff */
717 if (priv->cmd_timed_out && priv->cur_cmd) {
718 struct cmd_ctrl_node *cmdnode = priv->cur_cmd;
719
720 netdev_info(dev, "Timeout submitting command 0x%04x\n",
721 le16_to_cpu(cmdnode->cmdbuf->command));
722 lbs_complete_command(priv, cmdnode, -ETIMEDOUT);
723
724 /* Reset card, but only when it isn't in the process
725 * of being shutdown anyway. */
726 if (!dev->dismantle && priv->reset_card)
727 priv->reset_card(priv);
728 }
729 priv->cmd_timed_out = 0;
730
731 if (!priv->fw_ready)
732 continue;
733
734 /* Check if we need to confirm Sleep Request received previously */
735 if (priv->psstate == PS_STATE_PRE_SLEEP &&
736 !priv->dnld_sent && !priv->cur_cmd) {
737 if (priv->connect_status == LBS_CONNECTED) {
738 lbs_deb_thread("pre-sleep, currenttxskb %p, "
739 "dnld_sent %d, cur_cmd %p\n",
740 priv->currenttxskb, priv->dnld_sent,
741 priv->cur_cmd);
742
743 lbs_ps_confirm_sleep(priv);
744 } else {
745 /* workaround for firmware sending
746 * deauth/linkloss event immediately
747 * after sleep request; remove this
748 * after firmware fixes it
749 */
750 priv->psstate = PS_STATE_AWAKE;
751 netdev_alert(dev,
752 "ignore PS_SleepConfirm in non-connected state\n");
753 }
754 }
755
756 /* The PS state is changed during processing of Sleep Request
757 * event above
758 */
759 if ((priv->psstate == PS_STATE_SLEEP) ||
760 (priv->psstate == PS_STATE_PRE_SLEEP))
761 continue;
762
763 if (priv->is_deep_sleep)
764 continue;
765
766 /* Execute the next command */
767 if (!priv->dnld_sent && !priv->cur_cmd)
768 lbs_execute_next_command(priv);
769
770 spin_lock_irq(&priv->driver_lock);
771 if (!priv->dnld_sent && priv->tx_pending_len > 0) {
772 int ret = priv->hw_host_to_card(priv, MVMS_DAT,
773 priv->tx_pending_buf,
774 priv->tx_pending_len);
775 if (ret) {
776 lbs_deb_tx("host_to_card failed %d\n", ret);
777 priv->dnld_sent = DNLD_RES_RECEIVED;
778 } else {
779 mod_timer(&priv->tx_lockup_timer,
780 jiffies + (HZ * 5));
781 }
782 priv->tx_pending_len = 0;
783 if (!priv->currenttxskb) {
784 /* We can wake the queues immediately if we aren't
785 waiting for TX feedback */
786 if (priv->connect_status == LBS_CONNECTED)
787 netif_wake_queue(priv->dev);
788 if (priv->mesh_dev &&
789 netif_running(priv->mesh_dev))
790 netif_wake_queue(priv->mesh_dev);
791 }
792 }
793 spin_unlock_irq(&priv->driver_lock);
794 }
795
796 del_timer(&priv->command_timer);
797 del_timer(&priv->tx_lockup_timer);
798 del_timer(&priv->auto_deepsleep_timer);
799
800 lbs_deb_leave(LBS_DEB_THREAD);
801 return 0;
802 }
803
804 /**
805 * lbs_setup_firmware - gets the HW spec from the firmware and sets
806 * some basic parameters
807 *
808 * @priv: A pointer to &struct lbs_private structure
809 * returns: 0 or -1
810 */
811 static int lbs_setup_firmware(struct lbs_private *priv)
812 {
813 int ret = -1;
814 s16 curlevel = 0, minlevel = 0, maxlevel = 0;
815
816 lbs_deb_enter(LBS_DEB_FW);
817
818 /* Read MAC address from firmware */
819 eth_broadcast_addr(priv->current_addr);
820 ret = lbs_update_hw_spec(priv);
821 if (ret)
822 goto done;
823
824 /* Read power levels if available */
825 ret = lbs_get_tx_power(priv, &curlevel, &minlevel, &maxlevel);
826 if (ret == 0) {
827 priv->txpower_cur = curlevel;
828 priv->txpower_min = minlevel;
829 priv->txpower_max = maxlevel;
830 }
831
832 /* Send cmd to FW to enable 11D function */
833 ret = lbs_set_snmp_mib(priv, SNMP_MIB_OID_11D_ENABLE, 1);
834 if (ret)
835 goto done;
836
837 ret = lbs_set_mac_control_sync(priv);
838 done:
839 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret);
840 return ret;
841 }
842
843 int lbs_suspend(struct lbs_private *priv)
844 {
845 int ret;
846
847 lbs_deb_enter(LBS_DEB_FW);
848
849 if (priv->is_deep_sleep) {
850 ret = lbs_set_deep_sleep(priv, 0);
851 if (ret) {
852 netdev_err(priv->dev,
853 "deep sleep cancellation failed: %d\n", ret);
854 return ret;
855 }
856 priv->deep_sleep_required = 1;
857 }
858
859 ret = lbs_set_host_sleep(priv, 1);
860
861 netif_device_detach(priv->dev);
862 if (priv->mesh_dev)
863 netif_device_detach(priv->mesh_dev);
864
865 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret);
866 return ret;
867 }
868 EXPORT_SYMBOL_GPL(lbs_suspend);
869
870 int lbs_resume(struct lbs_private *priv)
871 {
872 int ret;
873
874 lbs_deb_enter(LBS_DEB_FW);
875
876 ret = lbs_set_host_sleep(priv, 0);
877
878 netif_device_attach(priv->dev);
879 if (priv->mesh_dev)
880 netif_device_attach(priv->mesh_dev);
881
882 if (priv->deep_sleep_required) {
883 priv->deep_sleep_required = 0;
884 ret = lbs_set_deep_sleep(priv, 1);
885 if (ret)
886 netdev_err(priv->dev,
887 "deep sleep activation failed: %d\n", ret);
888 }
889
890 if (priv->setup_fw_on_resume)
891 ret = lbs_setup_firmware(priv);
892
893 lbs_deb_leave_args(LBS_DEB_FW, "ret %d", ret);
894 return ret;
895 }
896 EXPORT_SYMBOL_GPL(lbs_resume);
897
898 /**
899 * lbs_cmd_timeout_handler - handles the timeout of command sending.
900 * It will re-send the same command again.
901 *
902 * @data: &struct lbs_private pointer
903 */
904 static void lbs_cmd_timeout_handler(unsigned long data)
905 {
906 struct lbs_private *priv = (struct lbs_private *)data;
907 unsigned long flags;
908
909 lbs_deb_enter(LBS_DEB_CMD);
910 spin_lock_irqsave(&priv->driver_lock, flags);
911
912 if (!priv->cur_cmd)
913 goto out;
914
915 netdev_info(priv->dev, "command 0x%04x timed out\n",
916 le16_to_cpu(priv->cur_cmd->cmdbuf->command));
917
918 priv->cmd_timed_out = 1;
919
920 /*
921 * If the device didn't even acknowledge the command, reset the state
922 * so that we don't block all future commands due to this one timeout.
923 */
924 if (priv->dnld_sent == DNLD_CMD_SENT)
925 priv->dnld_sent = DNLD_RES_RECEIVED;
926
927 wake_up(&priv->waitq);
928 out:
929 spin_unlock_irqrestore(&priv->driver_lock, flags);
930 lbs_deb_leave(LBS_DEB_CMD);
931 }
932
933 /**
934 * lbs_tx_lockup_handler - handles the timeout of the passing of TX frames
935 * to the hardware. This is known to frequently happen with SD8686 when
936 * waking up after a Wake-on-WLAN-triggered resume.
937 *
938 * @data: &struct lbs_private pointer
939 */
940 static void lbs_tx_lockup_handler(unsigned long data)
941 {
942 struct lbs_private *priv = (struct lbs_private *)data;
943 unsigned long flags;
944
945 lbs_deb_enter(LBS_DEB_TX);
946 spin_lock_irqsave(&priv->driver_lock, flags);
947
948 netdev_info(priv->dev, "TX lockup detected\n");
949 if (priv->reset_card)
950 priv->reset_card(priv);
951
952 priv->dnld_sent = DNLD_RES_RECEIVED;
953 wake_up_interruptible(&priv->waitq);
954
955 spin_unlock_irqrestore(&priv->driver_lock, flags);
956 lbs_deb_leave(LBS_DEB_TX);
957 }
958
959 /**
960 * auto_deepsleep_timer_fn - put the device back to deep sleep mode when
961 * timer expires and no activity (command, event, data etc.) is detected.
962 * @data: &struct lbs_private pointer
963 * returns: N/A
964 */
965 static void auto_deepsleep_timer_fn(unsigned long data)
966 {
967 struct lbs_private *priv = (struct lbs_private *)data;
968
969 lbs_deb_enter(LBS_DEB_CMD);
970
971 if (priv->is_activity_detected) {
972 priv->is_activity_detected = 0;
973 } else {
974 if (priv->is_auto_deep_sleep_enabled &&
975 (!priv->wakeup_dev_required) &&
976 (priv->connect_status != LBS_CONNECTED)) {
977 struct cmd_header cmd;
978
979 lbs_deb_main("Entering auto deep sleep mode...\n");
980 memset(&cmd, 0, sizeof(cmd));
981 cmd.size = cpu_to_le16(sizeof(cmd));
982 lbs_cmd_async(priv, CMD_802_11_DEEP_SLEEP, &cmd,
983 sizeof(cmd));
984 }
985 }
986 mod_timer(&priv->auto_deepsleep_timer , jiffies +
987 (priv->auto_deep_sleep_timeout * HZ)/1000);
988 lbs_deb_leave(LBS_DEB_CMD);
989 }
990
991 int lbs_enter_auto_deep_sleep(struct lbs_private *priv)
992 {
993 lbs_deb_enter(LBS_DEB_SDIO);
994
995 priv->is_auto_deep_sleep_enabled = 1;
996 if (priv->is_deep_sleep)
997 priv->wakeup_dev_required = 1;
998 mod_timer(&priv->auto_deepsleep_timer ,
999 jiffies + (priv->auto_deep_sleep_timeout * HZ)/1000);
1000
1001 lbs_deb_leave(LBS_DEB_SDIO);
1002 return 0;
1003 }
1004
1005 int lbs_exit_auto_deep_sleep(struct lbs_private *priv)
1006 {
1007 lbs_deb_enter(LBS_DEB_SDIO);
1008
1009 priv->is_auto_deep_sleep_enabled = 0;
1010 priv->auto_deep_sleep_timeout = 0;
1011 del_timer(&priv->auto_deepsleep_timer);
1012
1013 lbs_deb_leave(LBS_DEB_SDIO);
1014 return 0;
1015 }
1016
1017 static int lbs_init_adapter(struct lbs_private *priv)
1018 {
1019 int ret;
1020
1021 lbs_deb_enter(LBS_DEB_MAIN);
1022
1023 eth_broadcast_addr(priv->current_addr);
1024
1025 priv->connect_status = LBS_DISCONNECTED;
1026 priv->channel = DEFAULT_AD_HOC_CHANNEL;
1027 priv->mac_control = CMD_ACT_MAC_RX_ON | CMD_ACT_MAC_TX_ON;
1028 priv->radio_on = 1;
1029 priv->psmode = LBS802_11POWERMODECAM;
1030 priv->psstate = PS_STATE_FULL_POWER;
1031 priv->is_deep_sleep = 0;
1032 priv->is_auto_deep_sleep_enabled = 0;
1033 priv->deep_sleep_required = 0;
1034 priv->wakeup_dev_required = 0;
1035 init_waitqueue_head(&priv->ds_awake_q);
1036 init_waitqueue_head(&priv->scan_q);
1037 priv->authtype_auto = 1;
1038 priv->is_host_sleep_configured = 0;
1039 priv->is_host_sleep_activated = 0;
1040 init_waitqueue_head(&priv->host_sleep_q);
1041 init_waitqueue_head(&priv->fw_waitq);
1042 mutex_init(&priv->lock);
1043
1044 setup_timer(&priv->command_timer, lbs_cmd_timeout_handler,
1045 (unsigned long)priv);
1046 setup_timer(&priv->tx_lockup_timer, lbs_tx_lockup_handler,
1047 (unsigned long)priv);
1048 setup_timer(&priv->auto_deepsleep_timer, auto_deepsleep_timer_fn,
1049 (unsigned long)priv);
1050
1051 INIT_LIST_HEAD(&priv->cmdfreeq);
1052 INIT_LIST_HEAD(&priv->cmdpendingq);
1053
1054 spin_lock_init(&priv->driver_lock);
1055
1056 /* Allocate the command buffers */
1057 if (lbs_allocate_cmd_buffer(priv)) {
1058 pr_err("Out of memory allocating command buffers\n");
1059 ret = -ENOMEM;
1060 goto out;
1061 }
1062 priv->resp_idx = 0;
1063 priv->resp_len[0] = priv->resp_len[1] = 0;
1064
1065 /* Create the event FIFO */
1066 ret = kfifo_alloc(&priv->event_fifo, sizeof(u32) * 16, GFP_KERNEL);
1067 if (ret) {
1068 pr_err("Out of memory allocating event FIFO buffer\n");
1069 goto out;
1070 }
1071
1072 out:
1073 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret);
1074
1075 return ret;
1076 }
1077
1078 static void lbs_free_adapter(struct lbs_private *priv)
1079 {
1080 lbs_deb_enter(LBS_DEB_MAIN);
1081
1082 lbs_free_cmd_buffer(priv);
1083 kfifo_free(&priv->event_fifo);
1084 del_timer(&priv->command_timer);
1085 del_timer(&priv->tx_lockup_timer);
1086 del_timer(&priv->auto_deepsleep_timer);
1087
1088 lbs_deb_leave(LBS_DEB_MAIN);
1089 }
1090
1091 static const struct net_device_ops lbs_netdev_ops = {
1092 .ndo_open = lbs_dev_open,
1093 .ndo_stop = lbs_eth_stop,
1094 .ndo_start_xmit = lbs_hard_start_xmit,
1095 .ndo_set_mac_address = lbs_set_mac_address,
1096 .ndo_set_rx_mode = lbs_set_multicast_list,
1097 .ndo_change_mtu = eth_change_mtu,
1098 .ndo_validate_addr = eth_validate_addr,
1099 };
1100
1101 /**
1102 * lbs_add_card - adds the card. It will probe the
1103 * card, allocate the lbs_priv and initialize the device.
1104 *
1105 * @card: A pointer to card
1106 * @dmdev: A pointer to &struct device
1107 * returns: A pointer to &struct lbs_private structure
1108 */
1109 struct lbs_private *lbs_add_card(void *card, struct device *dmdev)
1110 {
1111 struct net_device *dev;
1112 struct wireless_dev *wdev;
1113 struct lbs_private *priv = NULL;
1114
1115 lbs_deb_enter(LBS_DEB_MAIN);
1116
1117 /* Allocate an Ethernet device and register it */
1118 wdev = lbs_cfg_alloc(dmdev);
1119 if (IS_ERR(wdev)) {
1120 pr_err("cfg80211 init failed\n");
1121 goto done;
1122 }
1123
1124 wdev->iftype = NL80211_IFTYPE_STATION;
1125 priv = wdev_priv(wdev);
1126 priv->wdev = wdev;
1127
1128 if (lbs_init_adapter(priv)) {
1129 pr_err("failed to initialize adapter structure\n");
1130 goto err_wdev;
1131 }
1132
1133 dev = alloc_netdev(0, "wlan%d", NET_NAME_UNKNOWN, ether_setup);
1134 if (!dev) {
1135 dev_err(dmdev, "no memory for network device instance\n");
1136 goto err_adapter;
1137 }
1138
1139 dev->ieee80211_ptr = wdev;
1140 dev->ml_priv = priv;
1141 SET_NETDEV_DEV(dev, dmdev);
1142 wdev->netdev = dev;
1143 priv->dev = dev;
1144
1145 dev->netdev_ops = &lbs_netdev_ops;
1146 dev->watchdog_timeo = 5 * HZ;
1147 dev->ethtool_ops = &lbs_ethtool_ops;
1148 dev->flags |= IFF_BROADCAST | IFF_MULTICAST;
1149
1150 priv->card = card;
1151
1152 strcpy(dev->name, "wlan%d");
1153
1154 lbs_deb_thread("Starting main thread...\n");
1155 init_waitqueue_head(&priv->waitq);
1156 priv->main_thread = kthread_run(lbs_thread, dev, "lbs_main");
1157 if (IS_ERR(priv->main_thread)) {
1158 lbs_deb_thread("Error creating main thread.\n");
1159 goto err_ndev;
1160 }
1161
1162 priv->work_thread = create_singlethread_workqueue("lbs_worker");
1163 INIT_WORK(&priv->mcast_work, lbs_set_mcast_worker);
1164
1165 priv->wol_criteria = EHS_REMOVE_WAKEUP;
1166 priv->wol_gpio = 0xff;
1167 priv->wol_gap = 20;
1168 priv->ehs_remove_supported = true;
1169
1170 goto done;
1171
1172 err_ndev:
1173 free_netdev(dev);
1174
1175 err_adapter:
1176 lbs_free_adapter(priv);
1177
1178 err_wdev:
1179 lbs_cfg_free(priv);
1180
1181 priv = NULL;
1182
1183 done:
1184 lbs_deb_leave_args(LBS_DEB_MAIN, "priv %p", priv);
1185 return priv;
1186 }
1187 EXPORT_SYMBOL_GPL(lbs_add_card);
1188
1189
1190 void lbs_remove_card(struct lbs_private *priv)
1191 {
1192 struct net_device *dev = priv->dev;
1193
1194 lbs_deb_enter(LBS_DEB_MAIN);
1195
1196 lbs_remove_mesh(priv);
1197
1198 if (priv->wiphy_registered)
1199 lbs_scan_deinit(priv);
1200
1201 lbs_wait_for_firmware_load(priv);
1202
1203 /* worker thread destruction blocks on the in-flight command which
1204 * should have been cleared already in lbs_stop_card().
1205 */
1206 lbs_deb_main("destroying worker thread\n");
1207 destroy_workqueue(priv->work_thread);
1208 lbs_deb_main("done destroying worker thread\n");
1209
1210 if (priv->psmode == LBS802_11POWERMODEMAX_PSP) {
1211 priv->psmode = LBS802_11POWERMODECAM;
1212 lbs_set_ps_mode(priv, PS_MODE_ACTION_EXIT_PS, true);
1213 }
1214
1215 if (priv->is_deep_sleep) {
1216 priv->is_deep_sleep = 0;
1217 wake_up_interruptible(&priv->ds_awake_q);
1218 }
1219
1220 priv->is_host_sleep_configured = 0;
1221 priv->is_host_sleep_activated = 0;
1222 wake_up_interruptible(&priv->host_sleep_q);
1223
1224 /* Stop the thread servicing the interrupts */
1225 priv->surpriseremoved = 1;
1226 kthread_stop(priv->main_thread);
1227
1228 lbs_free_adapter(priv);
1229 lbs_cfg_free(priv);
1230 free_netdev(dev);
1231
1232 lbs_deb_leave(LBS_DEB_MAIN);
1233 }
1234 EXPORT_SYMBOL_GPL(lbs_remove_card);
1235
1236
1237 int lbs_rtap_supported(struct lbs_private *priv)
1238 {
1239 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5)
1240 return 1;
1241
1242 /* newer firmware use a capability mask */
1243 return ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) &&
1244 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK));
1245 }
1246
1247
1248 int lbs_start_card(struct lbs_private *priv)
1249 {
1250 struct net_device *dev = priv->dev;
1251 int ret = -1;
1252
1253 lbs_deb_enter(LBS_DEB_MAIN);
1254
1255 /* poke the firmware */
1256 ret = lbs_setup_firmware(priv);
1257 if (ret)
1258 goto done;
1259
1260 if (!lbs_disablemesh)
1261 lbs_init_mesh(priv);
1262 else
1263 pr_info("%s: mesh disabled\n", dev->name);
1264
1265 if (lbs_cfg_register(priv)) {
1266 pr_err("cannot register device\n");
1267 goto done;
1268 }
1269
1270 if (lbs_mesh_activated(priv))
1271 lbs_start_mesh(priv);
1272
1273 lbs_debugfs_init_one(priv, dev);
1274
1275 netdev_info(dev, "Marvell WLAN 802.11 adapter\n");
1276
1277 ret = 0;
1278
1279 done:
1280 lbs_deb_leave_args(LBS_DEB_MAIN, "ret %d", ret);
1281 return ret;
1282 }
1283 EXPORT_SYMBOL_GPL(lbs_start_card);
1284
1285
1286 void lbs_stop_card(struct lbs_private *priv)
1287 {
1288 struct net_device *dev;
1289
1290 lbs_deb_enter(LBS_DEB_MAIN);
1291
1292 if (!priv)
1293 goto out;
1294 dev = priv->dev;
1295
1296 /* If the netdev isn't registered, it means that lbs_start_card() was
1297 * never called so we have nothing to do here. */
1298 if (dev->reg_state != NETREG_REGISTERED)
1299 goto out;
1300
1301 netif_stop_queue(dev);
1302 netif_carrier_off(dev);
1303
1304 lbs_debugfs_remove_one(priv);
1305 lbs_deinit_mesh(priv);
1306 unregister_netdev(dev);
1307
1308 out:
1309 lbs_deb_leave(LBS_DEB_MAIN);
1310 }
1311 EXPORT_SYMBOL_GPL(lbs_stop_card);
1312
1313
1314 void lbs_queue_event(struct lbs_private *priv, u32 event)
1315 {
1316 unsigned long flags;
1317
1318 lbs_deb_enter(LBS_DEB_THREAD);
1319 spin_lock_irqsave(&priv->driver_lock, flags);
1320
1321 if (priv->psstate == PS_STATE_SLEEP)
1322 priv->psstate = PS_STATE_AWAKE;
1323
1324 kfifo_in(&priv->event_fifo, (unsigned char *) &event, sizeof(u32));
1325
1326 wake_up(&priv->waitq);
1327
1328 spin_unlock_irqrestore(&priv->driver_lock, flags);
1329 lbs_deb_leave(LBS_DEB_THREAD);
1330 }
1331 EXPORT_SYMBOL_GPL(lbs_queue_event);
1332
1333 void lbs_notify_command_response(struct lbs_private *priv, u8 resp_idx)
1334 {
1335 lbs_deb_enter(LBS_DEB_THREAD);
1336
1337 if (priv->psstate == PS_STATE_SLEEP)
1338 priv->psstate = PS_STATE_AWAKE;
1339
1340 /* Swap buffers by flipping the response index */
1341 BUG_ON(resp_idx > 1);
1342 priv->resp_idx = resp_idx;
1343
1344 wake_up(&priv->waitq);
1345
1346 lbs_deb_leave(LBS_DEB_THREAD);
1347 }
1348 EXPORT_SYMBOL_GPL(lbs_notify_command_response);
1349
1350 static int __init lbs_init_module(void)
1351 {
1352 lbs_deb_enter(LBS_DEB_MAIN);
1353 memset(&confirm_sleep, 0, sizeof(confirm_sleep));
1354 confirm_sleep.hdr.command = cpu_to_le16(CMD_802_11_PS_MODE);
1355 confirm_sleep.hdr.size = cpu_to_le16(sizeof(confirm_sleep));
1356 confirm_sleep.action = cpu_to_le16(PS_MODE_ACTION_SLEEP_CONFIRMED);
1357 lbs_debugfs_init();
1358 lbs_deb_leave(LBS_DEB_MAIN);
1359 return 0;
1360 }
1361
1362 static void __exit lbs_exit_module(void)
1363 {
1364 lbs_deb_enter(LBS_DEB_MAIN);
1365 lbs_debugfs_remove();
1366 lbs_deb_leave(LBS_DEB_MAIN);
1367 }
1368
1369 module_init(lbs_init_module);
1370 module_exit(lbs_exit_module);
1371
1372 MODULE_DESCRIPTION("Libertas WLAN Driver Library");
1373 MODULE_AUTHOR("Marvell International Ltd.");
1374 MODULE_LICENSE("GPL");
1375
1376 #line 149 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/main.o.c.prepared"
1377
1378 int ldv_retval_4;
1379 void ldv_initialize(void);
1380 void ldv_check_final_state(void);
1381 int ldv_ndo_init_15(void);
1382 int ldv_retval_3;
1383 int ldv_retval_2;
1384 int ldv_ndo_uninit_15(void);
1385
1386
1387 int evil_hack_15(void){
1388 rtnl_lock();
1389 return 1;
1390 }
1391
1392
1393 void choose_timer_2(void){
1394 switch(__VERIFIER_nondet_int()){
1395 case 0: {
1396 if(ldv_timer_2_0 == 1){
1397 ldv_timer_2_0 = 2;
1398 ldv_timer_2(ldv_timer_2_0, ldv_timer_list_2_0);
1399 }
1400 }
1401 break;
1402 case 1: {
1403 if(ldv_timer_2_1 == 1){
1404 ldv_timer_2_1 = 2;
1405 ldv_timer_2(ldv_timer_2_1, ldv_timer_list_2_1);
1406 }
1407 }
1408 break;
1409 case 2: {
1410 if(ldv_timer_2_2 == 1){
1411 ldv_timer_2_2 = 2;
1412 ldv_timer_2(ldv_timer_2_2, ldv_timer_list_2_2);
1413 }
1414 }
1415 break;
1416 case 3: {
1417 if(ldv_timer_2_3 == 1){
1418 ldv_timer_2_3 = 2;
1419 ldv_timer_2(ldv_timer_2_3, ldv_timer_list_2_3);
1420 }
1421 }
1422 break;
1423 default: ldv_assume(0);
1424 }
1425 return;
1426 }
1427
1428
1429 int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data){
1430 if(function == lbs_tx_lockup_handler){
1431 activate_suitable_timer_2(timer, data);
1432 }
1433 }
1434
1435
1436 void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag){
1437 if(ldv_timer_list_2_0 == timer){
1438 if(ldv_timer_2_0 == 2 || pending_flag){
1439 ldv_timer_list_2_0 = timer;
1440 ldv_timer_list_2_0->data = data;
1441 ldv_timer_2_0 = 1;
1442 }
1443 return;
1444 }
1445
1446 if(ldv_timer_list_2_1 == timer){
1447 if(ldv_timer_2_1 == 2 || pending_flag){
1448 ldv_timer_list_2_1 = timer;
1449 ldv_timer_list_2_1->data = data;
1450 ldv_timer_2_1 = 1;
1451 }
1452 return;
1453 }
1454
1455 if(ldv_timer_list_2_2 == timer){
1456 if(ldv_timer_2_2 == 2 || pending_flag){
1457 ldv_timer_list_2_2 = timer;
1458 ldv_timer_list_2_2->data = data;
1459 ldv_timer_2_2= 1;
1460 }
1461 return;
1462 }
1463
1464 if(ldv_timer_list_2_3 == timer){
1465 if(ldv_timer_2_3 == 2 || pending_flag){
1466 ldv_timer_list_2_3 = timer;
1467 ldv_timer_list_2_3->data = data;
1468 ldv_timer_2_3 = 1;
1469 }
1470 return;
1471 }
1472 activate_suitable_timer_2(timer, data);
1473 }
1474
1475
1476 void choose_timer_3(void){
1477 switch(__VERIFIER_nondet_int()){
1478 case 0: {
1479 if(ldv_timer_3_0 == 1){
1480 ldv_timer_3_0 = 2;
1481 ldv_timer_3(ldv_timer_3_0, ldv_timer_list_3_0);
1482 }
1483 }
1484 break;
1485 case 1: {
1486 if(ldv_timer_3_1 == 1){
1487 ldv_timer_3_1 = 2;
1488 ldv_timer_3(ldv_timer_3_1, ldv_timer_list_3_1);
1489 }
1490 }
1491 break;
1492 case 2: {
1493 if(ldv_timer_3_2 == 1){
1494 ldv_timer_3_2 = 2;
1495 ldv_timer_3(ldv_timer_3_2, ldv_timer_list_3_2);
1496 }
1497 }
1498 break;
1499 case 3: {
1500 if(ldv_timer_3_3 == 1){
1501 ldv_timer_3_3 = 2;
1502 ldv_timer_3(ldv_timer_3_3, ldv_timer_list_3_3);
1503 }
1504 }
1505 break;
1506 default: ldv_assume(0);
1507 }
1508 return;
1509 }
1510
1511
1512 void timer_init_3(void){
1513 ldv_timer_3_0 = 0;
1514 ldv_timer_3_1 = 0;
1515 ldv_timer_3_2 = 0;
1516 ldv_timer_3_3 = 0;
1517 }
1518
1519
1520 void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag){
1521 if(ldv_timer_list_1_0 == timer){
1522 if(ldv_timer_1_0 == 2 || pending_flag){
1523 ldv_timer_list_1_0 = timer;
1524 ldv_timer_list_1_0->data = data;
1525 ldv_timer_1_0 = 1;
1526 }
1527 return;
1528 }
1529
1530 if(ldv_timer_list_1_1 == timer){
1531 if(ldv_timer_1_1 == 2 || pending_flag){
1532 ldv_timer_list_1_1 = timer;
1533 ldv_timer_list_1_1->data = data;
1534 ldv_timer_1_1 = 1;
1535 }
1536 return;
1537 }
1538
1539 if(ldv_timer_list_1_2 == timer){
1540 if(ldv_timer_1_2 == 2 || pending_flag){
1541 ldv_timer_list_1_2 = timer;
1542 ldv_timer_list_1_2->data = data;
1543 ldv_timer_1_2= 1;
1544 }
1545 return;
1546 }
1547
1548 if(ldv_timer_list_1_3 == timer){
1549 if(ldv_timer_1_3 == 2 || pending_flag){
1550 ldv_timer_list_1_3 = timer;
1551 ldv_timer_list_1_3->data = data;
1552 ldv_timer_1_3 = 1;
1553 }
1554 return;
1555 }
1556 activate_suitable_timer_1(timer, data);
1557 }
1558
1559
1560 void timer_init_2(void){
1561 ldv_timer_2_0 = 0;
1562 ldv_timer_2_1 = 0;
1563 ldv_timer_2_2 = 0;
1564 ldv_timer_2_3 = 0;
1565 }
1566
1567
1568 void timer_init_1(void){
1569 ldv_timer_1_0 = 0;
1570 ldv_timer_1_1 = 0;
1571 ldv_timer_1_2 = 0;
1572 ldv_timer_1_3 = 0;
1573 }
1574
1575
1576 void ldv_net_device_ops_15(void){
1577 lbs_netdev_ops_group1 = ldv_undef_ptr();
1578 }
1579
1580
1581 void disable_suitable_timer_3(struct timer_list * timer){
1582 if(ldv_timer_3_0 != 0 && timer == ldv_timer_list_3_0){
1583 ldv_timer_3_0 = 0;
1584 return;
1585 }
1586 if(ldv_timer_3_1 != 0 && timer == ldv_timer_list_3_1){
1587 ldv_timer_3_1 = 0;
1588 return;
1589 }
1590 if(ldv_timer_3_2 != 0 && timer == ldv_timer_list_3_2){
1591 ldv_timer_3_2 = 0;
1592 return;
1593 }
1594 if(ldv_timer_3_3 != 0 && timer == ldv_timer_list_3_3){
1595 ldv_timer_3_3 = 0;
1596 return;
1597 }
1598 return;
1599 }
1600
1601
1602 void activate_suitable_timer_3(struct timer_list * timer, unsigned long data){
1603 if(ldv_timer_3_0 == 0 || ldv_timer_3_0 == 2){
1604 ldv_timer_list_3_0 = timer;
1605 ldv_timer_list_3_0->data = data;
1606 ldv_timer_3_0 = 1;
1607 return;
1608 }
1609 if(ldv_timer_3_1 == 0 || ldv_timer_3_1 == 2){
1610 ldv_timer_list_3_1 = timer;
1611 ldv_timer_list_3_1->data = data;
1612 ldv_timer_3_1 = 1;
1613 return;
1614 }
1615 if(ldv_timer_3_2 == 0 || ldv_timer_3_2 == 2){
1616 ldv_timer_list_3_2 = timer;
1617 ldv_timer_list_3_2->data = data;
1618 ldv_timer_3_2 = 1;
1619 return;
1620 }
1621 if(ldv_timer_3_3 == 0 || ldv_timer_3_3 == 2){
1622 ldv_timer_list_3_3 = timer;
1623 ldv_timer_list_3_3->data = data;
1624 ldv_timer_3_3 = 1;
1625 return;
1626 }
1627 return;
1628 }
1629
1630
1631 int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data){
1632 if(function == lbs_cmd_timeout_handler){
1633 activate_suitable_timer_1(timer, data);
1634 }
1635 }
1636
1637
1638 void disable_suitable_timer_2(struct timer_list * timer){
1639 if(ldv_timer_2_0 != 0 && timer == ldv_timer_list_2_0){
1640 ldv_timer_2_0 = 0;
1641 return;
1642 }
1643 if(ldv_timer_2_1 != 0 && timer == ldv_timer_list_2_1){
1644 ldv_timer_2_1 = 0;
1645 return;
1646 }
1647 if(ldv_timer_2_2 != 0 && timer == ldv_timer_list_2_2){
1648 ldv_timer_2_2 = 0;
1649 return;
1650 }
1651 if(ldv_timer_2_3 != 0 && timer == ldv_timer_list_2_3){
1652 ldv_timer_2_3 = 0;
1653 return;
1654 }
1655 return;
1656 }
1657
1658
1659 void disable_suitable_timer_1(struct timer_list * timer){
1660 if(ldv_timer_1_0 != 0 && timer == ldv_timer_list_1_0){
1661 ldv_timer_1_0 = 0;
1662 return;
1663 }
1664 if(ldv_timer_1_1 != 0 && timer == ldv_timer_list_1_1){
1665 ldv_timer_1_1 = 0;
1666 return;
1667 }
1668 if(ldv_timer_1_2 != 0 && timer == ldv_timer_list_1_2){
1669 ldv_timer_1_2 = 0;
1670 return;
1671 }
1672 if(ldv_timer_1_3 != 0 && timer == ldv_timer_list_1_3){
1673 ldv_timer_1_3 = 0;
1674 return;
1675 }
1676 return;
1677 }
1678
1679
1680 int evil_hack_fs_lock(void){
1681 mutex_lock(&fs_mutex);
1682 return 1;
1683 }
1684
1685
1686 void activate_suitable_timer_1(struct timer_list * timer, unsigned long data){
1687 if(ldv_timer_1_0 == 0 || ldv_timer_1_0 == 2){
1688 ldv_timer_list_1_0 = timer;
1689 ldv_timer_list_1_0->data = data;
1690 ldv_timer_1_0 = 1;
1691 return;
1692 }
1693 if(ldv_timer_1_1 == 0 || ldv_timer_1_1 == 2){
1694 ldv_timer_list_1_1 = timer;
1695 ldv_timer_list_1_1->data = data;
1696 ldv_timer_1_1 = 1;
1697 return;
1698 }
1699 if(ldv_timer_1_2 == 0 || ldv_timer_1_2 == 2){
1700 ldv_timer_list_1_2 = timer;
1701 ldv_timer_list_1_2->data = data;
1702 ldv_timer_1_2 = 1;
1703 return;
1704 }
1705 if(ldv_timer_1_3 == 0 || ldv_timer_1_3 == 2){
1706 ldv_timer_list_1_3 = timer;
1707 ldv_timer_list_1_3->data = data;
1708 ldv_timer_1_3 = 1;
1709 return;
1710 }
1711 return;
1712 }
1713
1714
1715 void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag){
1716 if(ldv_timer_list_3_0 == timer){
1717 if(ldv_timer_3_0 == 2 || pending_flag){
1718 ldv_timer_list_3_0 = timer;
1719 ldv_timer_list_3_0->data = data;
1720 ldv_timer_3_0 = 1;
1721 }
1722 return;
1723 }
1724
1725 if(ldv_timer_list_3_1 == timer){
1726 if(ldv_timer_3_1 == 2 || pending_flag){
1727 ldv_timer_list_3_1 = timer;
1728 ldv_timer_list_3_1->data = data;
1729 ldv_timer_3_1 = 1;
1730 }
1731 return;
1732 }
1733
1734 if(ldv_timer_list_3_2 == timer){
1735 if(ldv_timer_3_2 == 2 || pending_flag){
1736 ldv_timer_list_3_2 = timer;
1737 ldv_timer_list_3_2->data = data;
1738 ldv_timer_3_2= 1;
1739 }
1740 return;
1741 }
1742
1743 if(ldv_timer_list_3_3 == timer){
1744 if(ldv_timer_3_3 == 2 || pending_flag){
1745 ldv_timer_list_3_3 = timer;
1746 ldv_timer_list_3_3->data = data;
1747 ldv_timer_3_3 = 1;
1748 }
1749 return;
1750 }
1751 activate_suitable_timer_3(timer, data);
1752 }
1753
1754 int __VERIFIER_nondet_int(void);
1755
1756 int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data){
1757 if(function == auto_deepsleep_timer_fn){
1758 activate_suitable_timer_3(timer, data);
1759 }
1760 }
1761
1762
1763 void choose_timer_1(void){
1764 switch(__VERIFIER_nondet_int()){
1765 case 0: {
1766 if(ldv_timer_1_0 == 1){
1767 ldv_timer_1_0 = 2;
1768 ldv_timer_1(ldv_timer_1_0, ldv_timer_list_1_0);
1769 }
1770 }
1771 break;
1772 case 1: {
1773 if(ldv_timer_1_1 == 1){
1774 ldv_timer_1_1 = 2;
1775 ldv_timer_1(ldv_timer_1_1, ldv_timer_list_1_1);
1776 }
1777 }
1778 break;
1779 case 2: {
1780 if(ldv_timer_1_2 == 1){
1781 ldv_timer_1_2 = 2;
1782 ldv_timer_1(ldv_timer_1_2, ldv_timer_list_1_2);
1783 }
1784 }
1785 break;
1786 case 3: {
1787 if(ldv_timer_1_3 == 1){
1788 ldv_timer_1_3 = 2;
1789 ldv_timer_1(ldv_timer_1_3, ldv_timer_list_1_3);
1790 }
1791 }
1792 break;
1793 default: ldv_assume(0);
1794 }
1795 return;
1796 }
1797
1798
1799 void ldv_timer_1(int state, struct timer_list * timer){
1800 LDV_IN_INTERRUPT=2;
1801 (lbs_cmd_timeout_handler)(timer->data);
1802 LDV_IN_INTERRUPT=1;
1803 }
1804
1805
1806 int evil_hack_ar_lock(void){
1807 mutex_lock(&ar_mutex);
1808 return 1;
1809 }
1810
1811
1812 void activate_suitable_timer_2(struct timer_list * timer, unsigned long data){
1813 if(ldv_timer_2_0 == 0 || ldv_timer_2_0 == 2){
1814 ldv_timer_list_2_0 = timer;
1815 ldv_timer_list_2_0->data = data;
1816 ldv_timer_2_0 = 1;
1817 return;
1818 }
1819 if(ldv_timer_2_1 == 0 || ldv_timer_2_1 == 2){
1820 ldv_timer_list_2_1 = timer;
1821 ldv_timer_list_2_1->data = data;
1822 ldv_timer_2_1 = 1;
1823 return;
1824 }
1825 if(ldv_timer_2_2 == 0 || ldv_timer_2_2 == 2){
1826 ldv_timer_list_2_2 = timer;
1827 ldv_timer_list_2_2->data = data;
1828 ldv_timer_2_2 = 1;
1829 return;
1830 }
1831 if(ldv_timer_2_3 == 0 || ldv_timer_2_3 == 2){
1832 ldv_timer_list_2_3 = timer;
1833 ldv_timer_list_2_3->data = data;
1834 ldv_timer_2_3 = 1;
1835 return;
1836 }
1837 return;
1838 }
1839
1840
1841 void ldv_timer_2(int state, struct timer_list * timer){
1842 LDV_IN_INTERRUPT=2;
1843 (lbs_tx_lockup_handler)(timer->data);
1844 LDV_IN_INTERRUPT=1;
1845 }
1846
1847
1848 void ldv_timer_3(int state, struct timer_list * timer){
1849 LDV_IN_INTERRUPT=2;
1850 (auto_deepsleep_timer_fn)(timer->data);
1851 LDV_IN_INTERRUPT=1;
1852 }
1853
1854
1855 /* DEG-ENVIRONMENT-BEGIN */
1856 extern void ldv_main_exported_16(void);
1857 extern void ldv_main_exported_6(void);
1858 extern void ldv_main_exported_11(void);
1859 extern void ldv_main_exported_7(void);
1860 extern void ldv_main_exported_9(void);
1861 extern void ldv_main_exported_12(void);
1862 extern void ldv_main_exported_14(void);
1863 extern void ldv_main_exported_8(void);
1864 extern void ldv_main_exported_4(void);
1865 extern void ldv_main_exported_13(void);
1866 extern void ldv_main_exported_10(void);
1867 extern void ldv_main_exported_5(void);
1868 extern void ldv_main_exported_18(void);
1869 extern void ldv_main_exported_0(void);
1870 extern void ldv_main_exported_15(void);
1871 extern void ldv_main_exported_17(void);
1872
1873 //********************* LDV MAIN *********************
1874 //main
1875 void entry_point(void){
1876 ldv_initialize();
1877 //args for callbacks
1878 struct sk_buff *ldvarg73;
1879 int ldvarg74;
1880 void *ldvarg72;
1881 //initialization of machine states
1882 ldv_state_variable_11=0;
1883 ldv_state_variable_7=0;
1884 ldv_state_variable_17=0;
1885
1886 timer_init_2();
1887
1888 ldv_state_variable_2=1;
1889
1890 timer_init_1();
1891
1892 ldv_state_variable_1=1;
1893 ldv_state_variable_18=0;
1894 ref_cnt=0;
1895 ldv_state_variable_0=1;
1896 ldv_state_variable_16=0;
1897 ldv_state_variable_13=0;
1898 ldv_state_variable_6=0;
1899
1900 timer_init_3();
1901
1902 ldv_state_variable_3=1;
1903 ldv_state_variable_9=0;
1904 ldv_state_variable_12=0;
1905 ldv_state_variable_14=0;
1906 ldv_state_variable_15=0;
1907 ldv_state_variable_8=0;
1908 ldv_state_variable_4=0;
1909 ldv_state_variable_10=0;
1910 ldv_state_variable_5=0;
1911 while(1){
1912 switch(__VERIFIER_nondet_int()){
1913 case 0:{
1914 /*DEG-struct: handlers from structure dev_attr_bootflag*/
1915 /*DEG-CHECK: checking registration of dev_attr_bootflag structure*/
1916 if(ldv_state_variable_11 != 0){
1917 ldv_main_exported_11();
1918 }
1919 }
1920 break;
1921 case 1:{
1922 /*DEG-struct: handlers from structure dev_attr_protocol_id*/
1923 /*DEG-CHECK: checking registration of dev_attr_protocol_id structure*/
1924 if(ldv_state_variable_7 != 0){
1925 ldv_main_exported_7();
1926 }
1927 }
1928 break;
1929 case 2:{
1930 /*DEG-struct: handlers from structure lbs_debug_fops*/
1931 /*DEG-CHECK: checking registration of lbs_debug_fops structure*/
1932 if(ldv_state_variable_17 != 0){
1933 ldv_main_exported_17();
1934 }
1935 }
1936 break;
1937 case 3:{
1938 /*DEG-struct: handlers from structure ldv_setup_timer_1*/
1939 /*DEG-CHECK: checking registration of ldv_setup_timer_1 structure*/
1940 if(ldv_state_variable_2 != 0){
1941 choose_timer_2();
1942 }
1943 }
1944 break;
1945 case 4:{
1946 /*DEG-struct: handlers from structure ldv_setup_timer_2*/
1947 /*DEG-CHECK: checking registration of ldv_setup_timer_2 structure*/
1948 if(ldv_state_variable_1 != 0){
1949 choose_timer_1();
1950 }
1951 }
1952 break;
1953 case 5:{
1954 /*DEG-struct: handlers from structure lbs_cfg80211_ops*/
1955 /*DEG-CHECK: checking registration of lbs_cfg80211_ops structure*/
1956 if(ldv_state_variable_18 != 0){
1957 ldv_main_exported_18();
1958 }
1959 }
1960 break;
1961 case 6:{
1962 /*DEG-struct: handlers from structure module*/
1963 /*DEG-CHECK: checking registration of module structure*/
1964 if(ldv_state_variable_0 != 0){
1965 switch(__VERIFIER_nondet_int()){
1966 case 0:{
1967 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
1968 if(ldv_state_variable_0 == 2 && ref_cnt==0){
1969 /*DEG-CALL: handler module_exit from module*/
1970 lbs_exit_module();
1971 ldv_state_variable_0 = 3;
1972 goto ldv_final;
1973 }
1974 }
1975 break;
1976 case 1:{
1977 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1978 if(ldv_state_variable_0 == 1){
1979 /*DEG-CALL: handler module_init from module*/
1980 ldv_retval_2=lbs_init_module();
1981 if(ldv_retval_2!=0){
1982 ldv_state_variable_0 = 3;
1983 goto ldv_final;
1984 }
1985 /*DEG-postcall: if success*/
1986 if(ldv_retval_2==0){
1987 ldv_state_variable_0 = 2;
1988 ldv_state_variable_5 = 1;
1989 ldv_state_variable_10 = 1;
1990 ldv_state_variable_13 = 1;
1991 ldv_state_variable_16 = 1;
1992 ldv_initialyze_ethtool_ops_16();
1993 ldv_state_variable_18 = 1;
1994 ldv_initialyze_cfg80211_ops_18();
1995 ldv_state_variable_8 = 1;
1996 ldv_state_variable_14 = 1;
1997 ldv_state_variable_12 = 1;
1998 ldv_state_variable_17 = 1;
1999 ldv_file_operations_17();
2000 ldv_state_variable_9 = 1;
2001 ldv_state_variable_7 = 1;
2002 ldv_state_variable_11 = 1;
2003 ldv_state_variable_6 = 1;
2004 }
2005 }
2006 }
2007 break;
2008 default: ldv_assume(0);
2009 }
2010 }
2011 }
2012 break;
2013 case 7:{
2014 /*DEG-struct: handlers from structure lbs_ethtool_ops*/
2015 /*DEG-CHECK: checking registration of lbs_ethtool_ops structure*/
2016 if(ldv_state_variable_16 != 0){
2017 ldv_main_exported_16();
2018 }
2019 }
2020 break;
2021 case 8:{
2022 /*DEG-struct: handlers from structure dev_attr_anycast_mask*/
2023 /*DEG-CHECK: checking registration of dev_attr_anycast_mask structure*/
2024 if(ldv_state_variable_13 != 0){
2025 ldv_main_exported_13();
2026 }
2027 }
2028 break;
2029 case 9:{
2030 /*DEG-struct: handlers from structure dev_attr_metric_id*/
2031 /*DEG-CHECK: checking registration of dev_attr_metric_id structure*/
2032 if(ldv_state_variable_6 != 0){
2033 ldv_main_exported_6();
2034 }
2035 }
2036 break;
2037 case 10:{
2038 /*DEG-struct: handlers from structure ldv_setup_timer_0*/
2039 /*DEG-CHECK: checking registration of ldv_setup_timer_0 structure*/
2040 if(ldv_state_variable_3 != 0){
2041 choose_timer_3();
2042 }
2043 }
2044 break;
2045 case 11:{
2046 /*DEG-struct: handlers from structure dev_attr_channel*/
2047 /*DEG-CHECK: checking registration of dev_attr_channel structure*/
2048 if(ldv_state_variable_9 != 0){
2049 ldv_main_exported_9();
2050 }
2051 }
2052 break;
2053 case 12:{
2054 /*DEG-struct: handlers from structure dev_attr_prb_rsp_limit*/
2055 /*DEG-CHECK: checking registration of dev_attr_prb_rsp_limit structure*/
2056 if(ldv_state_variable_12 != 0){
2057 ldv_main_exported_12();
2058 }
2059 }
2060 break;
2061 case 13:{
2062 /*DEG-struct: handlers from structure dev_attr_lbs_mesh*/
2063 /*DEG-CHECK: checking registration of dev_attr_lbs_mesh structure*/
2064 if(ldv_state_variable_14 != 0){
2065 ldv_main_exported_14();
2066 }
2067 }
2068 break;
2069 case 14:{
2070 /*DEG-struct: handlers from structure lbs_netdev_ops*/
2071 /*DEG-CHECK: checking registration of lbs_netdev_ops structure*/
2072 if(ldv_state_variable_15 != 0){
2073 switch(__VERIFIER_nondet_int()){
2074 case 0:{
2075 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2076 if(ldv_state_variable_15 == 1){
2077 /*DEG-CALL: handler ndo_validate_addr from lbs_netdev_ops*/
2078 (& eth_validate_addr)(lbs_netdev_ops_group1);
2079 /*DEG-postcall: default*/
2080 ldv_state_variable_15 = 1;
2081 }
2082 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2083 if(ldv_state_variable_15 == 3){
2084 /*DEG-CALL: handler ndo_validate_addr from lbs_netdev_ops*/
2085 (& eth_validate_addr)(lbs_netdev_ops_group1);
2086 /*DEG-postcall: default*/
2087 ldv_state_variable_15 = 3;
2088 }
2089 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2090 if(ldv_state_variable_15 == 2){
2091 /*DEG-CALL: handler ndo_validate_addr from lbs_netdev_ops*/
2092 (& eth_validate_addr)(lbs_netdev_ops_group1);
2093 /*DEG-postcall: default*/
2094 ldv_state_variable_15 = 2;
2095 }
2096 }
2097 break;
2098 case 1:{
2099 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2100 if(ldv_state_variable_15 == 1){
2101 /*DEG-CALL: handler ndo_set_rx_mode from lbs_netdev_ops*/
2102 (& lbs_set_multicast_list)(lbs_netdev_ops_group1);
2103 /*DEG-postcall: default*/
2104 ldv_state_variable_15 = 1;
2105 }
2106 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2107 if(ldv_state_variable_15 == 3){
2108 /*DEG-CALL: handler ndo_set_rx_mode from lbs_netdev_ops*/
2109 (& lbs_set_multicast_list)(lbs_netdev_ops_group1);
2110 /*DEG-postcall: default*/
2111 ldv_state_variable_15 = 3;
2112 }
2113 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2114 if(ldv_state_variable_15 == 2){
2115 /*DEG-CALL: handler ndo_set_rx_mode from lbs_netdev_ops*/
2116 (& lbs_set_multicast_list)(lbs_netdev_ops_group1);
2117 /*DEG-postcall: default*/
2118 ldv_state_variable_15 = 2;
2119 }
2120 }
2121 break;
2122 case 2:{
2123 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2124 if(ldv_state_variable_15 == 3 && evil_hack_15()){
2125 /*DEG-CALL: handler ndo_stop from lbs_netdev_ops*/
2126 (& lbs_eth_stop)(lbs_netdev_ops_group1);
2127 ldv_state_variable_15 = 2;
2128 rtnl_unlock();
2129 }
2130 }
2131 break;
2132 case 3:{
2133 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2134 if(ldv_state_variable_15 == 3){
2135 /*DEG-CALL: handler ndo_change_mtu from lbs_netdev_ops*/
2136 (& eth_change_mtu)(lbs_netdev_ops_group1,ldvarg74);
2137 /*DEG-postcall: default*/
2138 ldv_state_variable_15 = 3;
2139 }
2140 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2141 if(ldv_state_variable_15 == 2){
2142 /*DEG-CALL: handler ndo_change_mtu from lbs_netdev_ops*/
2143 (& eth_change_mtu)(lbs_netdev_ops_group1,ldvarg74);
2144 /*DEG-postcall: default*/
2145 ldv_state_variable_15 = 2;
2146 }
2147 }
2148 break;
2149 case 4:{
2150 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2151 if(ldv_state_variable_15 == 2 && evil_hack_15()){
2152 /*DEG-CALL: handler ndo_open from lbs_netdev_ops*/
2153 ldv_retval_4=(& lbs_dev_open)(lbs_netdev_ops_group1);
2154 if(ldv_retval_4==0){
2155 ldv_state_variable_15 = 3;
2156 }
2157 }
2158 }
2159 break;
2160 case 5:{
2161 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2162 if(ldv_state_variable_15 == 3){
2163 /*DEG-CALL: handler ndo_start_xmit from lbs_netdev_ops*/
2164 (& lbs_hard_start_xmit)(ldvarg73,lbs_netdev_ops_group1);
2165 /*DEG-postcall: default*/
2166 ldv_state_variable_15 = 3;
2167 }
2168 }
2169 break;
2170 case 6:{
2171 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2172 if(ldv_state_variable_15 == 1){
2173 /*DEG-CALL: handler ndo_set_mac_address from lbs_netdev_ops*/
2174 (& lbs_set_mac_address)(lbs_netdev_ops_group1,ldvarg72);
2175 /*DEG-postcall: default*/
2176 ldv_state_variable_15 = 1;
2177 }
2178 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
2179 if(ldv_state_variable_15 == 3){
2180 /*DEG-CALL: handler ndo_set_mac_address from lbs_netdev_ops*/
2181 (& lbs_set_mac_address)(lbs_netdev_ops_group1,ldvarg72);
2182 /*DEG-postcall: default*/
2183 ldv_state_variable_15 = 3;
2184 }
2185 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2186 if(ldv_state_variable_15 == 2){
2187 /*DEG-CALL: handler ndo_set_mac_address from lbs_netdev_ops*/
2188 (& lbs_set_mac_address)(lbs_netdev_ops_group1,ldvarg72);
2189 /*DEG-postcall: default*/
2190 ldv_state_variable_15 = 2;
2191 }
2192 }
2193 break;
2194 case 7:{
2195 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
2196 if(ldv_state_variable_15 == 1){
2197 /*DEG-CALL: handler ndo_init from lbs_netdev_ops*/
2198 ldv_retval_3=ldv_ndo_init_15();
2199 if(ldv_retval_3==0){
2200 ldv_state_variable_15 = 2;
2201 ref_cnt++;
2202 }
2203 }
2204 }
2205 break;
2206 case 8:{
2207 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
2208 if(ldv_state_variable_15 == 2 && evil_hack_15()){
2209 /*DEG-CALL: handler ndo_uninit from lbs_netdev_ops*/
2210 ldv_ndo_uninit_15();
2211 ldv_state_variable_15 = 1;
2212 ref_cnt--;
2213 rtnl_unlock();
2214 }
2215 }
2216 break;
2217 default: ldv_assume(0);
2218 }
2219 }
2220 }
2221 break;
2222 case 15:{
2223 /*DEG-struct: handlers from structure dev_attr_mesh_id*/
2224 /*DEG-CHECK: checking registration of dev_attr_mesh_id structure*/
2225 if(ldv_state_variable_8 != 0){
2226 ldv_main_exported_8();
2227 }
2228 }
2229 break;
2230 case 16:{
2231 /*DEG-struct: handlers from structure mesh_netdev_ops*/
2232 /*DEG-CHECK: checking registration of mesh_netdev_ops structure*/
2233 if(ldv_state_variable_4 != 0){
2234 ldv_main_exported_4();
2235 }
2236 }
2237 break;
2238 case 17:{
2239 /*DEG-struct: handlers from structure dev_attr_boottime*/
2240 /*DEG-CHECK: checking registration of dev_attr_boottime structure*/
2241 if(ldv_state_variable_10 != 0){
2242 ldv_main_exported_10();
2243 }
2244 }
2245 break;
2246 case 18:{
2247 /*DEG-struct: handlers from structure dev_attr_capability*/
2248 /*DEG-CHECK: checking registration of dev_attr_capability structure*/
2249 if(ldv_state_variable_5 != 0){
2250 ldv_main_exported_5();
2251 }
2252 }
2253 break;
2254 default: ldv_assume(0);
2255 }
2256 }
2257 ldv_final:
2258 ldv_check_final_state();
2259 return;
2260 }
2261 /* DEG-ENVIRONMENT-END */ 1 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
2
3 #include <linux/delay.h>
4 #include <linux/etherdevice.h>
5 #include <linux/hardirq.h>
6 #include <linux/netdevice.h>
7 #include <linux/if_ether.h>
8 #include <linux/if_arp.h>
9 #include <linux/kthread.h>
10 #include <linux/kfifo.h>
11 #include <net/cfg80211.h>
12
13 #include "mesh.h"
14 #include "decl.h"
15 #include "cmd.h"
16
17
18 static int lbs_add_mesh(struct lbs_private *priv);
19
20 /***************************************************************************
21 * Mesh command handling
22 */
23
24 static int lbs_mesh_access(struct lbs_private *priv, uint16_t cmd_action,
25 struct cmd_ds_mesh_access *cmd)
26 {
27 int ret;
28
29 lbs_deb_enter_args(LBS_DEB_CMD, "action %d", cmd_action);
30
31 cmd->hdr.command = cpu_to_le16(CMD_MESH_ACCESS);
32 cmd->hdr.size = cpu_to_le16(sizeof(*cmd));
33 cmd->hdr.result = 0;
34
35 cmd->action = cpu_to_le16(cmd_action);
36
37 ret = lbs_cmd_with_response(priv, CMD_MESH_ACCESS, cmd);
38
39 lbs_deb_leave(LBS_DEB_CMD);
40 return ret;
41 }
42
43 static int __lbs_mesh_config_send(struct lbs_private *priv,
44 struct cmd_ds_mesh_config *cmd,
45 uint16_t action, uint16_t type)
46 {
47 int ret;
48 u16 command = CMD_MESH_CONFIG_OLD;
49
50 lbs_deb_enter(LBS_DEB_CMD);
51
52 /*
53 * Command id is 0xac for v10 FW along with mesh interface
54 * id in bits 14-13-12.
55 */
56 if (priv->mesh_tlv == TLV_TYPE_MESH_ID)
57 command = CMD_MESH_CONFIG |
58 (MESH_IFACE_ID << MESH_IFACE_BIT_OFFSET);
59
60 cmd->hdr.command = cpu_to_le16(command);
61 cmd->hdr.size = cpu_to_le16(sizeof(struct cmd_ds_mesh_config));
62 cmd->hdr.result = 0;
63
64 cmd->type = cpu_to_le16(type);
65 cmd->action = cpu_to_le16(action);
66
67 ret = lbs_cmd_with_response(priv, command, cmd);
68
69 lbs_deb_leave(LBS_DEB_CMD);
70 return ret;
71 }
72
73 static int lbs_mesh_config_send(struct lbs_private *priv,
74 struct cmd_ds_mesh_config *cmd,
75 uint16_t action, uint16_t type)
76 {
77 int ret;
78
79 if (!(priv->fwcapinfo & FW_CAPINFO_PERSISTENT_CONFIG))
80 return -EOPNOTSUPP;
81
82 ret = __lbs_mesh_config_send(priv, cmd, action, type);
83 return ret;
84 }
85
86 /* This function is the CMD_MESH_CONFIG legacy function. It only handles the
87 * START and STOP actions. The extended actions supported by CMD_MESH_CONFIG
88 * are all handled by preparing a struct cmd_ds_mesh_config and passing it to
89 * lbs_mesh_config_send.
90 */
91 static int lbs_mesh_config(struct lbs_private *priv, uint16_t action,
92 uint16_t chan)
93 {
94 struct cmd_ds_mesh_config cmd;
95 struct mrvl_meshie *ie;
96
97 memset(&cmd, 0, sizeof(cmd));
98 cmd.channel = cpu_to_le16(chan);
99 ie = (struct mrvl_meshie *)cmd.data;
100
101 switch (action) {
102 case CMD_ACT_MESH_CONFIG_START:
103 ie->id = WLAN_EID_VENDOR_SPECIFIC;
104 ie->val.oui[0] = 0x00;
105 ie->val.oui[1] = 0x50;
106 ie->val.oui[2] = 0x43;
107 ie->val.type = MARVELL_MESH_IE_TYPE;
108 ie->val.subtype = MARVELL_MESH_IE_SUBTYPE;
109 ie->val.version = MARVELL_MESH_IE_VERSION;
110 ie->val.active_protocol_id = MARVELL_MESH_PROTO_ID_HWMP;
111 ie->val.active_metric_id = MARVELL_MESH_METRIC_ID;
112 ie->val.mesh_capability = MARVELL_MESH_CAPABILITY;
113 ie->val.mesh_id_len = priv->mesh_ssid_len;
114 memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len);
115 ie->len = sizeof(struct mrvl_meshie_val) -
116 IEEE80211_MAX_SSID_LEN + priv->mesh_ssid_len;
117 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val));
118 break;
119 case CMD_ACT_MESH_CONFIG_STOP:
120 break;
121 default:
122 return -1;
123 }
124 lbs_deb_cmd("mesh config action %d type %x channel %d SSID %*pE\n",
125 action, priv->mesh_tlv, chan, priv->mesh_ssid_len,
126 priv->mesh_ssid);
127
128 return __lbs_mesh_config_send(priv, &cmd, action, priv->mesh_tlv);
129 }
130
131 int lbs_mesh_set_channel(struct lbs_private *priv, u8 channel)
132 {
133 priv->mesh_channel = channel;
134 return lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, channel);
135 }
136
137 static uint16_t lbs_mesh_get_channel(struct lbs_private *priv)
138 {
139 return priv->mesh_channel ?: 1;
140 }
141
142 /***************************************************************************
143 * Mesh sysfs support
144 */
145
146 /*
147 * Attributes exported through sysfs
148 */
149
150 /**
151 * lbs_anycast_get - Get function for sysfs attribute anycast_mask
152 * @dev: the &struct device
153 * @attr: device attributes
154 * @buf: buffer where data will be returned
155 */
156 static ssize_t lbs_anycast_get(struct device *dev,
157 struct device_attribute *attr, char * buf)
158 {
159 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
160 struct cmd_ds_mesh_access mesh_access;
161 int ret;
162
163 memset(&mesh_access, 0, sizeof(mesh_access));
164
165 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_ANYCAST, &mesh_access);
166 if (ret)
167 return ret;
168
169 return snprintf(buf, 12, "0x%X\n", le32_to_cpu(mesh_access.data[0]));
170 }
171
172 /**
173 * lbs_anycast_set - Set function for sysfs attribute anycast_mask
174 * @dev: the &struct device
175 * @attr: device attributes
176 * @buf: buffer that contains new attribute value
177 * @count: size of buffer
178 */
179 static ssize_t lbs_anycast_set(struct device *dev,
180 struct device_attribute *attr, const char * buf, size_t count)
181 {
182 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
183 struct cmd_ds_mesh_access mesh_access;
184 uint32_t datum;
185 int ret;
186
187 memset(&mesh_access, 0, sizeof(mesh_access));
188 sscanf(buf, "%x", &datum);
189 mesh_access.data[0] = cpu_to_le32(datum);
190
191 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_ANYCAST, &mesh_access);
192 if (ret)
193 return ret;
194
195 return strlen(buf);
196 }
197
198 /**
199 * lbs_prb_rsp_limit_get - Get function for sysfs attribute prb_rsp_limit
200 * @dev: the &struct device
201 * @attr: device attributes
202 * @buf: buffer where data will be returned
203 */
204 static ssize_t lbs_prb_rsp_limit_get(struct device *dev,
205 struct device_attribute *attr, char *buf)
206 {
207 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
208 struct cmd_ds_mesh_access mesh_access;
209 int ret;
210 u32 retry_limit;
211
212 memset(&mesh_access, 0, sizeof(mesh_access));
213 mesh_access.data[0] = cpu_to_le32(CMD_ACT_GET);
214
215 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT,
216 &mesh_access);
217 if (ret)
218 return ret;
219
220 retry_limit = le32_to_cpu(mesh_access.data[1]);
221 return snprintf(buf, 10, "%d\n", retry_limit);
222 }
223
224 /**
225 * lbs_prb_rsp_limit_set - Set function for sysfs attribute prb_rsp_limit
226 * @dev: the &struct device
227 * @attr: device attributes
228 * @buf: buffer that contains new attribute value
229 * @count: size of buffer
230 */
231 static ssize_t lbs_prb_rsp_limit_set(struct device *dev,
232 struct device_attribute *attr, const char *buf, size_t count)
233 {
234 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
235 struct cmd_ds_mesh_access mesh_access;
236 int ret;
237 unsigned long retry_limit;
238
239 memset(&mesh_access, 0, sizeof(mesh_access));
240 mesh_access.data[0] = cpu_to_le32(CMD_ACT_SET);
241
242 if (!kstrtoul(buf, 10, &retry_limit))
243 return -ENOTSUPP;
244 if (retry_limit > 15)
245 return -ENOTSUPP;
246
247 mesh_access.data[1] = cpu_to_le32(retry_limit);
248
249 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT,
250 &mesh_access);
251 if (ret)
252 return ret;
253
254 return strlen(buf);
255 }
256
257 /**
258 * lbs_mesh_get - Get function for sysfs attribute mesh
259 * @dev: the &struct device
260 * @attr: device attributes
261 * @buf: buffer where data will be returned
262 */
263 static ssize_t lbs_mesh_get(struct device *dev,
264 struct device_attribute *attr, char * buf)
265 {
266 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
267 return snprintf(buf, 5, "0x%X\n", !!priv->mesh_dev);
268 }
269
270 /**
271 * lbs_mesh_set - Set function for sysfs attribute mesh
272 * @dev: the &struct device
273 * @attr: device attributes
274 * @buf: buffer that contains new attribute value
275 * @count: size of buffer
276 */
277 static ssize_t lbs_mesh_set(struct device *dev,
278 struct device_attribute *attr, const char * buf, size_t count)
279 {
280 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
281 int enable;
282
283 sscanf(buf, "%x", &enable);
284 enable = !!enable;
285 if (enable == !!priv->mesh_dev)
286 return count;
287
288 if (enable)
289 lbs_add_mesh(priv);
290 else
291 lbs_remove_mesh(priv);
292
293 return count;
294 }
295
296 /*
297 * lbs_mesh attribute to be exported per ethX interface
298 * through sysfs (/sys/class/net/ethX/lbs_mesh)
299 */
300 static DEVICE_ATTR(lbs_mesh, 0644, lbs_mesh_get, lbs_mesh_set);
301
302 /*
303 * anycast_mask attribute to be exported per mshX interface
304 * through sysfs (/sys/class/net/mshX/anycast_mask)
305 */
306 static DEVICE_ATTR(anycast_mask, 0644, lbs_anycast_get, lbs_anycast_set);
307
308 /*
309 * prb_rsp_limit attribute to be exported per mshX interface
310 * through sysfs (/sys/class/net/mshX/prb_rsp_limit)
311 */
312 static DEVICE_ATTR(prb_rsp_limit, 0644, lbs_prb_rsp_limit_get,
313 lbs_prb_rsp_limit_set);
314
315 static struct attribute *lbs_mesh_sysfs_entries[] = {
316 &dev_attr_anycast_mask.attr,
317 &dev_attr_prb_rsp_limit.attr,
318 NULL,
319 };
320
321 static const struct attribute_group lbs_mesh_attr_group = {
322 .attrs = lbs_mesh_sysfs_entries,
323 };
324
325
326 /***************************************************************************
327 * Persistent configuration support
328 */
329
330 static int mesh_get_default_parameters(struct device *dev,
331 struct mrvl_mesh_defaults *defs)
332 {
333 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
334 struct cmd_ds_mesh_config cmd;
335 int ret;
336
337 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config));
338 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_GET,
339 CMD_TYPE_MESH_GET_DEFAULTS);
340
341 if (ret)
342 return -EOPNOTSUPP;
343
344 memcpy(defs, &cmd.data[0], sizeof(struct mrvl_mesh_defaults));
345
346 return 0;
347 }
348
349 /**
350 * bootflag_get - Get function for sysfs attribute bootflag
351 * @dev: the &struct device
352 * @attr: device attributes
353 * @buf: buffer where data will be returned
354 */
355 static ssize_t bootflag_get(struct device *dev,
356 struct device_attribute *attr, char *buf)
357 {
358 struct mrvl_mesh_defaults defs;
359 int ret;
360
361 ret = mesh_get_default_parameters(dev, &defs);
362
363 if (ret)
364 return ret;
365
366 return snprintf(buf, 12, "%d\n", le32_to_cpu(defs.bootflag));
367 }
368
369 /**
370 * bootflag_set - Set function for sysfs attribute bootflag
371 * @dev: the &struct device
372 * @attr: device attributes
373 * @buf: buffer that contains new attribute value
374 * @count: size of buffer
375 */
376 static ssize_t bootflag_set(struct device *dev, struct device_attribute *attr,
377 const char *buf, size_t count)
378 {
379 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
380 struct cmd_ds_mesh_config cmd;
381 uint32_t datum;
382 int ret;
383
384 memset(&cmd, 0, sizeof(cmd));
385 ret = sscanf(buf, "%d", &datum);
386 if ((ret != 1) || (datum > 1))
387 return -EINVAL;
388
389 *((__le32 *)&cmd.data[0]) = cpu_to_le32(!!datum);
390 cmd.length = cpu_to_le16(sizeof(uint32_t));
391 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
392 CMD_TYPE_MESH_SET_BOOTFLAG);
393 if (ret)
394 return ret;
395
396 return strlen(buf);
397 }
398
399 /**
400 * boottime_get - Get function for sysfs attribute boottime
401 * @dev: the &struct device
402 * @attr: device attributes
403 * @buf: buffer where data will be returned
404 */
405 static ssize_t boottime_get(struct device *dev,
406 struct device_attribute *attr, char *buf)
407 {
408 struct mrvl_mesh_defaults defs;
409 int ret;
410
411 ret = mesh_get_default_parameters(dev, &defs);
412
413 if (ret)
414 return ret;
415
416 return snprintf(buf, 12, "%d\n", defs.boottime);
417 }
418
419 /**
420 * boottime_set - Set function for sysfs attribute boottime
421 * @dev: the &struct device
422 * @attr: device attributes
423 * @buf: buffer that contains new attribute value
424 * @count: size of buffer
425 */
426 static ssize_t boottime_set(struct device *dev,
427 struct device_attribute *attr, const char *buf, size_t count)
428 {
429 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
430 struct cmd_ds_mesh_config cmd;
431 uint32_t datum;
432 int ret;
433
434 memset(&cmd, 0, sizeof(cmd));
435 ret = sscanf(buf, "%d", &datum);
436 if ((ret != 1) || (datum > 255))
437 return -EINVAL;
438
439 /* A too small boot time will result in the device booting into
440 * standalone (no-host) mode before the host can take control of it,
441 * so the change will be hard to revert. This may be a desired
442 * feature (e.g to configure a very fast boot time for devices that
443 * will not be attached to a host), but dangerous. So I'm enforcing a
444 * lower limit of 20 seconds: remove and recompile the driver if this
445 * does not work for you.
446 */
447 datum = (datum < 20) ? 20 : datum;
448 cmd.data[0] = datum;
449 cmd.length = cpu_to_le16(sizeof(uint8_t));
450 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
451 CMD_TYPE_MESH_SET_BOOTTIME);
452 if (ret)
453 return ret;
454
455 return strlen(buf);
456 }
457
458 /**
459 * channel_get - Get function for sysfs attribute channel
460 * @dev: the &struct device
461 * @attr: device attributes
462 * @buf: buffer where data will be returned
463 */
464 static ssize_t channel_get(struct device *dev,
465 struct device_attribute *attr, char *buf)
466 {
467 struct mrvl_mesh_defaults defs;
468 int ret;
469
470 ret = mesh_get_default_parameters(dev, &defs);
471
472 if (ret)
473 return ret;
474
475 return snprintf(buf, 12, "%d\n", le16_to_cpu(defs.channel));
476 }
477
478 /**
479 * channel_set - Set function for sysfs attribute channel
480 * @dev: the &struct device
481 * @attr: device attributes
482 * @buf: buffer that contains new attribute value
483 * @count: size of buffer
484 */
485 static ssize_t channel_set(struct device *dev, struct device_attribute *attr,
486 const char *buf, size_t count)
487 {
488 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
489 struct cmd_ds_mesh_config cmd;
490 uint32_t datum;
491 int ret;
492
493 memset(&cmd, 0, sizeof(cmd));
494 ret = sscanf(buf, "%d", &datum);
495 if (ret != 1 || datum < 1 || datum > 11)
496 return -EINVAL;
497
498 *((__le16 *)&cmd.data[0]) = cpu_to_le16(datum);
499 cmd.length = cpu_to_le16(sizeof(uint16_t));
500 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
501 CMD_TYPE_MESH_SET_DEF_CHANNEL);
502 if (ret)
503 return ret;
504
505 return strlen(buf);
506 }
507
508 /**
509 * mesh_id_get - Get function for sysfs attribute mesh_id
510 * @dev: the &struct device
511 * @attr: device attributes
512 * @buf: buffer where data will be returned
513 */
514 static ssize_t mesh_id_get(struct device *dev, struct device_attribute *attr,
515 char *buf)
516 {
517 struct mrvl_mesh_defaults defs;
518 int ret;
519
520 ret = mesh_get_default_parameters(dev, &defs);
521
522 if (ret)
523 return ret;
524
525 if (defs.meshie.val.mesh_id_len > IEEE80211_MAX_SSID_LEN) {
526 dev_err(dev, "inconsistent mesh ID length\n");
527 defs.meshie.val.mesh_id_len = IEEE80211_MAX_SSID_LEN;
528 }
529
530 memcpy(buf, defs.meshie.val.mesh_id, defs.meshie.val.mesh_id_len);
531 buf[defs.meshie.val.mesh_id_len] = '\n';
532 buf[defs.meshie.val.mesh_id_len + 1] = '\0';
533
534 return defs.meshie.val.mesh_id_len + 1;
535 }
536
537 /**
538 * mesh_id_set - Set function for sysfs attribute mesh_id
539 * @dev: the &struct device
540 * @attr: device attributes
541 * @buf: buffer that contains new attribute value
542 * @count: size of buffer
543 */
544 static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr,
545 const char *buf, size_t count)
546 {
547 struct cmd_ds_mesh_config cmd;
548 struct mrvl_mesh_defaults defs;
549 struct mrvl_meshie *ie;
550 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
551 int len;
552 int ret;
553
554 if (count < 2 || count > IEEE80211_MAX_SSID_LEN + 1)
555 return -EINVAL;
556
557 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config));
558 ie = (struct mrvl_meshie *) &cmd.data[0];
559
560 /* fetch all other Information Element parameters */
561 ret = mesh_get_default_parameters(dev, &defs);
562
563 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
564
565 /* transfer IE elements */
566 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
567
568 len = count - 1;
569 memcpy(ie->val.mesh_id, buf, len);
570 /* SSID len */
571 ie->val.mesh_id_len = len;
572 /* IE len */
573 ie->len = sizeof(struct mrvl_meshie_val) - IEEE80211_MAX_SSID_LEN + len;
574
575 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
576 CMD_TYPE_MESH_SET_MESH_IE);
577 if (ret)
578 return ret;
579
580 return strlen(buf);
581 }
582
583 /**
584 * protocol_id_get - Get function for sysfs attribute protocol_id
585 * @dev: the &struct device
586 * @attr: device attributes
587 * @buf: buffer where data will be returned
588 */
589 static ssize_t protocol_id_get(struct device *dev,
590 struct device_attribute *attr, char *buf)
591 {
592 struct mrvl_mesh_defaults defs;
593 int ret;
594
595 ret = mesh_get_default_parameters(dev, &defs);
596
597 if (ret)
598 return ret;
599
600 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_protocol_id);
601 }
602
603 /**
604 * protocol_id_set - Set function for sysfs attribute protocol_id
605 * @dev: the &struct device
606 * @attr: device attributes
607 * @buf: buffer that contains new attribute value
608 * @count: size of buffer
609 */
610 static ssize_t protocol_id_set(struct device *dev,
611 struct device_attribute *attr, const char *buf, size_t count)
612 {
613 struct cmd_ds_mesh_config cmd;
614 struct mrvl_mesh_defaults defs;
615 struct mrvl_meshie *ie;
616 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
617 uint32_t datum;
618 int ret;
619
620 memset(&cmd, 0, sizeof(cmd));
621 ret = sscanf(buf, "%d", &datum);
622 if ((ret != 1) || (datum > 255))
623 return -EINVAL;
624
625 /* fetch all other Information Element parameters */
626 ret = mesh_get_default_parameters(dev, &defs);
627
628 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
629
630 /* transfer IE elements */
631 ie = (struct mrvl_meshie *) &cmd.data[0];
632 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
633 /* update protocol id */
634 ie->val.active_protocol_id = datum;
635
636 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
637 CMD_TYPE_MESH_SET_MESH_IE);
638 if (ret)
639 return ret;
640
641 return strlen(buf);
642 }
643
644 /**
645 * metric_id_get - Get function for sysfs attribute metric_id
646 * @dev: the &struct device
647 * @attr: device attributes
648 * @buf: buffer where data will be returned
649 */
650 static ssize_t metric_id_get(struct device *dev,
651 struct device_attribute *attr, char *buf)
652 {
653 struct mrvl_mesh_defaults defs;
654 int ret;
655
656 ret = mesh_get_default_parameters(dev, &defs);
657
658 if (ret)
659 return ret;
660
661 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_metric_id);
662 }
663
664 /**
665 * metric_id_set - Set function for sysfs attribute metric_id
666 * @dev: the &struct device
667 * @attr: device attributes
668 * @buf: buffer that contains new attribute value
669 * @count: size of buffer
670 */
671 static ssize_t metric_id_set(struct device *dev, struct device_attribute *attr,
672 const char *buf, size_t count)
673 {
674 struct cmd_ds_mesh_config cmd;
675 struct mrvl_mesh_defaults defs;
676 struct mrvl_meshie *ie;
677 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
678 uint32_t datum;
679 int ret;
680
681 memset(&cmd, 0, sizeof(cmd));
682 ret = sscanf(buf, "%d", &datum);
683 if ((ret != 1) || (datum > 255))
684 return -EINVAL;
685
686 /* fetch all other Information Element parameters */
687 ret = mesh_get_default_parameters(dev, &defs);
688
689 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
690
691 /* transfer IE elements */
692 ie = (struct mrvl_meshie *) &cmd.data[0];
693 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
694 /* update metric id */
695 ie->val.active_metric_id = datum;
696
697 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
698 CMD_TYPE_MESH_SET_MESH_IE);
699 if (ret)
700 return ret;
701
702 return strlen(buf);
703 }
704
705 /**
706 * capability_get - Get function for sysfs attribute capability
707 * @dev: the &struct device
708 * @attr: device attributes
709 * @buf: buffer where data will be returned
710 */
711 static ssize_t capability_get(struct device *dev,
712 struct device_attribute *attr, char *buf)
713 {
714 struct mrvl_mesh_defaults defs;
715 int ret;
716
717 ret = mesh_get_default_parameters(dev, &defs);
718
719 if (ret)
720 return ret;
721
722 return snprintf(buf, 5, "%d\n", defs.meshie.val.mesh_capability);
723 }
724
725 /**
726 * capability_set - Set function for sysfs attribute capability
727 * @dev: the &struct device
728 * @attr: device attributes
729 * @buf: buffer that contains new attribute value
730 * @count: size of buffer
731 */
732 static ssize_t capability_set(struct device *dev, struct device_attribute *attr,
733 const char *buf, size_t count)
734 {
735 struct cmd_ds_mesh_config cmd;
736 struct mrvl_mesh_defaults defs;
737 struct mrvl_meshie *ie;
738 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
739 uint32_t datum;
740 int ret;
741
742 memset(&cmd, 0, sizeof(cmd));
743 ret = sscanf(buf, "%d", &datum);
744 if ((ret != 1) || (datum > 255))
745 return -EINVAL;
746
747 /* fetch all other Information Element parameters */
748 ret = mesh_get_default_parameters(dev, &defs);
749
750 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
751
752 /* transfer IE elements */
753 ie = (struct mrvl_meshie *) &cmd.data[0];
754 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
755 /* update value */
756 ie->val.mesh_capability = datum;
757
758 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
759 CMD_TYPE_MESH_SET_MESH_IE);
760 if (ret)
761 return ret;
762
763 return strlen(buf);
764 }
765
766
767 static DEVICE_ATTR(bootflag, 0644, bootflag_get, bootflag_set);
768 static DEVICE_ATTR(boottime, 0644, boottime_get, boottime_set);
769 static DEVICE_ATTR(channel, 0644, channel_get, channel_set);
770 static DEVICE_ATTR(mesh_id, 0644, mesh_id_get, mesh_id_set);
771 static DEVICE_ATTR(protocol_id, 0644, protocol_id_get, protocol_id_set);
772 static DEVICE_ATTR(metric_id, 0644, metric_id_get, metric_id_set);
773 static DEVICE_ATTR(capability, 0644, capability_get, capability_set);
774
775 static struct attribute *boot_opts_attrs[] = {
776 &dev_attr_bootflag.attr,
777 &dev_attr_boottime.attr,
778 &dev_attr_channel.attr,
779 NULL
780 };
781
782 static const struct attribute_group boot_opts_group = {
783 .name = "boot_options",
784 .attrs = boot_opts_attrs,
785 };
786
787 static struct attribute *mesh_ie_attrs[] = {
788 &dev_attr_mesh_id.attr,
789 &dev_attr_protocol_id.attr,
790 &dev_attr_metric_id.attr,
791 &dev_attr_capability.attr,
792 NULL
793 };
794
795 static const struct attribute_group mesh_ie_group = {
796 .name = "mesh_ie",
797 .attrs = mesh_ie_attrs,
798 };
799
800 static void lbs_persist_config_init(struct net_device *dev)
801 {
802 int ret;
803 ret = sysfs_create_group(&(dev->dev.kobj), &boot_opts_group);
804 ret = sysfs_create_group(&(dev->dev.kobj), &mesh_ie_group);
805 }
806
807 static void lbs_persist_config_remove(struct net_device *dev)
808 {
809 sysfs_remove_group(&(dev->dev.kobj), &boot_opts_group);
810 sysfs_remove_group(&(dev->dev.kobj), &mesh_ie_group);
811 }
812
813
814 /***************************************************************************
815 * Initializing and starting, stopping mesh
816 */
817
818 /*
819 * Check mesh FW version and appropriately send the mesh start
820 * command
821 */
822 int lbs_init_mesh(struct lbs_private *priv)
823 {
824 int ret = 0;
825
826 lbs_deb_enter(LBS_DEB_MESH);
827
828 /* Determine mesh_fw_ver from fwrelease and fwcapinfo */
829 /* 5.0.16p0 9.0.0.p0 is known to NOT support any mesh */
830 /* 5.110.22 have mesh command with 0xa3 command id */
831 /* 10.0.0.p0 FW brings in mesh config command with different id */
832 /* Check FW version MSB and initialize mesh_fw_ver */
833 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5) {
834 /* Enable mesh, if supported, and work out which TLV it uses.
835 0x100 + 291 is an unofficial value used in 5.110.20.pXX
836 0x100 + 37 is the official value used in 5.110.21.pXX
837 but we check them in that order because 20.pXX doesn't
838 give an error -- it just silently fails. */
839
840 /* 5.110.20.pXX firmware will fail the command if the channel
841 doesn't match the existing channel. But only if the TLV
842 is correct. If the channel is wrong, _BOTH_ versions will
843 give an error to 0x100+291, and allow 0x100+37 to succeed.
844 It's just that 5.110.20.pXX will not have done anything
845 useful */
846
847 priv->mesh_tlv = TLV_TYPE_OLD_MESH_ID;
848 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) {
849 priv->mesh_tlv = TLV_TYPE_MESH_ID;
850 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1))
851 priv->mesh_tlv = 0;
852 }
853 } else
854 if ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) &&
855 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK)) {
856 /* 10.0.0.pXX new firmwares should succeed with TLV
857 * 0x100+37; Do not invoke command with old TLV.
858 */
859 priv->mesh_tlv = TLV_TYPE_MESH_ID;
860 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1))
861 priv->mesh_tlv = 0;
862 }
863
864 /* Stop meshing until interface is brought up */
865 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP, 1);
866
867 if (priv->mesh_tlv) {
868 sprintf(priv->mesh_ssid, "mesh");
869 priv->mesh_ssid_len = 4;
870 ret = 1;
871 }
872
873 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret);
874 return ret;
875 }
876
877 void lbs_start_mesh(struct lbs_private *priv)
878 {
879 lbs_add_mesh(priv);
880
881 if (device_create_file(&priv->dev->dev, &dev_attr_lbs_mesh))
882 netdev_err(priv->dev, "cannot register lbs_mesh attribute\n");
883 }
884
885 int lbs_deinit_mesh(struct lbs_private *priv)
886 {
887 struct net_device *dev = priv->dev;
888 int ret = 0;
889
890 lbs_deb_enter(LBS_DEB_MESH);
891
892 if (priv->mesh_tlv) {
893 device_remove_file(&dev->dev, &dev_attr_lbs_mesh);
894 ret = 1;
895 }
896
897 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret);
898 return ret;
899 }
900
901
902 /**
903 * lbs_mesh_stop - close the mshX interface
904 *
905 * @dev: A pointer to &net_device structure
906 * returns: 0
907 */
908 static int lbs_mesh_stop(struct net_device *dev)
909 {
910 struct lbs_private *priv = dev->ml_priv;
911
912 lbs_deb_enter(LBS_DEB_MESH);
913 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP,
914 lbs_mesh_get_channel(priv));
915
916 spin_lock_irq(&priv->driver_lock);
917
918 netif_stop_queue(dev);
919 netif_carrier_off(dev);
920
921 spin_unlock_irq(&priv->driver_lock);
922
923 lbs_update_mcast(priv);
924 if (!lbs_iface_active(priv))
925 lbs_stop_iface(priv);
926
927 lbs_deb_leave(LBS_DEB_MESH);
928 return 0;
929 }
930
931 /**
932 * lbs_mesh_dev_open - open the mshX interface
933 *
934 * @dev: A pointer to &net_device structure
935 * returns: 0 or -EBUSY if monitor mode active
936 */
937 static int lbs_mesh_dev_open(struct net_device *dev)
938 {
939 struct lbs_private *priv = dev->ml_priv;
940 int ret = 0;
941
942 lbs_deb_enter(LBS_DEB_NET);
943 if (!priv->iface_running) {
944 ret = lbs_start_iface(priv);
945 if (ret)
946 goto out;
947 }
948
949 spin_lock_irq(&priv->driver_lock);
950
951 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) {
952 ret = -EBUSY;
953 spin_unlock_irq(&priv->driver_lock);
954 goto out;
955 }
956
957 netif_carrier_on(dev);
958
959 if (!priv->tx_pending_len)
960 netif_wake_queue(dev);
961
962 spin_unlock_irq(&priv->driver_lock);
963
964 ret = lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START,
965 lbs_mesh_get_channel(priv));
966
967 out:
968 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret);
969 return ret;
970 }
971
972 static const struct net_device_ops mesh_netdev_ops = {
973 .ndo_open = lbs_mesh_dev_open,
974 .ndo_stop = lbs_mesh_stop,
975 .ndo_start_xmit = lbs_hard_start_xmit,
976 .ndo_set_mac_address = lbs_set_mac_address,
977 .ndo_set_rx_mode = lbs_set_multicast_list,
978 };
979
980 /**
981 * lbs_add_mesh - add mshX interface
982 *
983 * @priv: A pointer to the &struct lbs_private structure
984 * returns: 0 if successful, -X otherwise
985 */
986 static int lbs_add_mesh(struct lbs_private *priv)
987 {
988 struct net_device *mesh_dev = NULL;
989 struct wireless_dev *mesh_wdev;
990 int ret = 0;
991
992 lbs_deb_enter(LBS_DEB_MESH);
993
994 /* Allocate a virtual mesh device */
995 mesh_wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);
996 if (!mesh_wdev) {
997 lbs_deb_mesh("init mshX wireless device failed\n");
998 ret = -ENOMEM;
999 goto done;
1000 }
1001
1002 mesh_dev = alloc_netdev(0, "msh%d", NET_NAME_UNKNOWN, ether_setup);
1003 if (!mesh_dev) {
1004 lbs_deb_mesh("init mshX device failed\n");
1005 ret = -ENOMEM;
1006 goto err_free_wdev;
1007 }
1008
1009 mesh_wdev->iftype = NL80211_IFTYPE_MESH_POINT;
1010 mesh_wdev->wiphy = priv->wdev->wiphy;
1011 mesh_wdev->netdev = mesh_dev;
1012
1013 mesh_dev->ml_priv = priv;
1014 mesh_dev->ieee80211_ptr = mesh_wdev;
1015 priv->mesh_dev = mesh_dev;
1016
1017 mesh_dev->netdev_ops = &mesh_netdev_ops;
1018 mesh_dev->ethtool_ops = &lbs_ethtool_ops;
1019 eth_hw_addr_inherit(mesh_dev, priv->dev);
1020
1021 SET_NETDEV_DEV(priv->mesh_dev, priv->dev->dev.parent);
1022
1023 mesh_dev->flags |= IFF_BROADCAST | IFF_MULTICAST;
1024 /* Register virtual mesh interface */
1025 ret = register_netdev(mesh_dev);
1026 if (ret) {
1027 pr_err("cannot register mshX virtual interface\n");
1028 goto err_free_netdev;
1029 }
1030
1031 ret = sysfs_create_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group);
1032 if (ret)
1033 goto err_unregister;
1034
1035 lbs_persist_config_init(mesh_dev);
1036
1037 /* Everything successful */
1038 ret = 0;
1039 goto done;
1040
1041 err_unregister:
1042 unregister_netdev(mesh_dev);
1043
1044 err_free_netdev:
1045 free_netdev(mesh_dev);
1046
1047 err_free_wdev:
1048 kfree(mesh_wdev);
1049
1050 done:
1051 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret);
1052 return ret;
1053 }
1054
1055 void lbs_remove_mesh(struct lbs_private *priv)
1056 {
1057 struct net_device *mesh_dev;
1058
1059 mesh_dev = priv->mesh_dev;
1060 if (!mesh_dev)
1061 return;
1062
1063 lbs_deb_enter(LBS_DEB_MESH);
1064 netif_stop_queue(mesh_dev);
1065 netif_carrier_off(mesh_dev);
1066 sysfs_remove_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group);
1067 lbs_persist_config_remove(mesh_dev);
1068 unregister_netdev(mesh_dev);
1069 priv->mesh_dev = NULL;
1070 kfree(mesh_dev->ieee80211_ptr);
1071 free_netdev(mesh_dev);
1072 lbs_deb_leave(LBS_DEB_MESH);
1073 }
1074
1075
1076 /***************************************************************************
1077 * Sending and receiving
1078 */
1079 struct net_device *lbs_mesh_set_dev(struct lbs_private *priv,
1080 struct net_device *dev, struct rxpd *rxpd)
1081 {
1082 if (priv->mesh_dev) {
1083 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID) {
1084 if (rxpd->rx_control & RxPD_MESH_FRAME)
1085 dev = priv->mesh_dev;
1086 } else if (priv->mesh_tlv == TLV_TYPE_MESH_ID) {
1087 if (rxpd->u.bss.bss_num == MESH_IFACE_ID)
1088 dev = priv->mesh_dev;
1089 }
1090 }
1091 return dev;
1092 }
1093
1094
1095 void lbs_mesh_set_txpd(struct lbs_private *priv,
1096 struct net_device *dev, struct txpd *txpd)
1097 {
1098 if (dev == priv->mesh_dev) {
1099 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID)
1100 txpd->tx_control |= cpu_to_le32(TxPD_MESH_FRAME);
1101 else if (priv->mesh_tlv == TLV_TYPE_MESH_ID)
1102 txpd->u.bss.bss_num = MESH_IFACE_ID;
1103 }
1104 }
1105
1106
1107 /***************************************************************************
1108 * Ethtool related
1109 */
1110
1111 static const char * const mesh_stat_strings[] = {
1112 "drop_duplicate_bcast",
1113 "drop_ttl_zero",
1114 "drop_no_fwd_route",
1115 "drop_no_buffers",
1116 "fwded_unicast_cnt",
1117 "fwded_bcast_cnt",
1118 "drop_blind_table",
1119 "tx_failed_cnt"
1120 };
1121
1122 void lbs_mesh_ethtool_get_stats(struct net_device *dev,
1123 struct ethtool_stats *stats, uint64_t *data)
1124 {
1125 struct lbs_private *priv = dev->ml_priv;
1126 struct cmd_ds_mesh_access mesh_access;
1127 int ret;
1128
1129 lbs_deb_enter(LBS_DEB_ETHTOOL);
1130
1131 /* Get Mesh Statistics */
1132 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_STATS, &mesh_access);
1133
1134 if (ret) {
1135 memset(data, 0, MESH_STATS_NUM*(sizeof(uint64_t)));
1136 return;
1137 }
1138
1139 priv->mstats.fwd_drop_rbt = le32_to_cpu(mesh_access.data[0]);
1140 priv->mstats.fwd_drop_ttl = le32_to_cpu(mesh_access.data[1]);
1141 priv->mstats.fwd_drop_noroute = le32_to_cpu(mesh_access.data[2]);
1142 priv->mstats.fwd_drop_nobuf = le32_to_cpu(mesh_access.data[3]);
1143 priv->mstats.fwd_unicast_cnt = le32_to_cpu(mesh_access.data[4]);
1144 priv->mstats.fwd_bcast_cnt = le32_to_cpu(mesh_access.data[5]);
1145 priv->mstats.drop_blind = le32_to_cpu(mesh_access.data[6]);
1146 priv->mstats.tx_failed_cnt = le32_to_cpu(mesh_access.data[7]);
1147
1148 data[0] = priv->mstats.fwd_drop_rbt;
1149 data[1] = priv->mstats.fwd_drop_ttl;
1150 data[2] = priv->mstats.fwd_drop_noroute;
1151 data[3] = priv->mstats.fwd_drop_nobuf;
1152 data[4] = priv->mstats.fwd_unicast_cnt;
1153 data[5] = priv->mstats.fwd_bcast_cnt;
1154 data[6] = priv->mstats.drop_blind;
1155 data[7] = priv->mstats.tx_failed_cnt;
1156
1157 lbs_deb_enter(LBS_DEB_ETHTOOL);
1158 }
1159
1160 int lbs_mesh_ethtool_get_sset_count(struct net_device *dev, int sset)
1161 {
1162 struct lbs_private *priv = dev->ml_priv;
1163
1164 if (sset == ETH_SS_STATS && dev == priv->mesh_dev)
1165 return MESH_STATS_NUM;
1166
1167 return -EOPNOTSUPP;
1168 }
1169
1170 void lbs_mesh_ethtool_get_strings(struct net_device *dev,
1171 uint32_t stringset, uint8_t *s)
1172 {
1173 int i;
1174
1175 lbs_deb_enter(LBS_DEB_ETHTOOL);
1176
1177 switch (stringset) {
1178 case ETH_SS_STATS:
1179 for (i = 0; i < MESH_STATS_NUM; i++) {
1180 memcpy(s + i * ETH_GSTRING_LEN,
1181 mesh_stat_strings[i],
1182 ETH_GSTRING_LEN);
1183 }
1184 break;
1185 }
1186 lbs_deb_enter(LBS_DEB_ETHTOOL);
1187 } 1
2 #include <linux/kernel.h>
3 #include <linux/mutex.h>
4 #include <linux/spinlock.h>
5 #include <linux/errno.h>
6 #include <verifier/rcv.h>
7 #include <linux/list.h>
8
9 /* mutexes */
10 extern int mutex_lock_interruptible(struct mutex *lock);
11 extern int mutex_lock_killable(struct mutex *lock);
12 extern void mutex_lock(struct mutex *lock);
13
14 /* mutex model functions */
15 extern void ldv_mutex_lock(struct mutex *lock, char *sign);
16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign);
17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign);
18
19
20 /* Spin locks */
21 extern void __ldv_spin_lock(spinlock_t *lock);
22 extern void __ldv_spin_unlock(spinlock_t *lock);
23 extern int __ldv_spin_trylock(spinlock_t *lock);
24 extern void __ldv_spin_unlock_wait(spinlock_t *lock);
25 extern void __ldv_spin_can_lock(spinlock_t *lock);
26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock);
27
28 /* spin model functions */
29 extern void ldv_spin_lock(spinlock_t *lock, char *sign);
30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign);
31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign);
32
33 /* Support for list binder functions */
34 static inline struct list_head *ldv_list_get_first(struct list_head *head) {
35 return head->next;
36 }
37
38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) {
39 return pos==head;
40 }
41
42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) {
43 return pos->next;
44 }
45
46 #include <linux/mutex.h>
47 #include <linux/slab.h>
48 #include <verifier/rcv.h>
49 #include <linux/timer.h>
50 #include <linux/rtnetlink.h>
51 #include <linux/gfp.h>
52 extern int ldv_state_variable_8;
53 extern int ldv_state_variable_15;
54 extern int ldv_timer_1_3;
55 extern struct timer_list * ldv_timer_list_2_0;
56 extern int ldv_timer_2_1;
57 extern int ldv_state_variable_0;
58 extern int ldv_state_variable_5;
59 extern int ldv_state_variable_13;
60 extern int ldv_state_variable_12;
61 extern struct device_attribute *dev_attr_protocol_id_group1;
62 extern struct timer_list * ldv_timer_list_3_1;
63 extern int ldv_state_variable_14;
64 extern struct device_attribute *dev_attr_capability_group1;
65 extern struct timer_list * ldv_timer_list_3_2;
66 extern int ldv_timer_2_2;
67 extern struct net_device *lbs_ethtool_ops_group0;
68 extern int ldv_timer_3_3;
69 extern int ldv_timer_2_3;
70 extern struct device_attribute *dev_attr_lbs_mesh_group1;
71 extern int ldv_timer_1_0;
72 extern int ldv_state_variable_17;
73 extern struct timer_list * ldv_timer_list_3_3;
74 extern int ldv_state_variable_9;
75 extern int ldv_timer_3_1;
76 extern int ref_cnt;
77 extern int ldv_state_variable_1;
78 extern int ldv_state_variable_7;
79 extern struct device_attribute *dev_attr_metric_id_group1;
80 extern struct net_device *lbs_netdev_ops_group1;
81 extern struct timer_list * ldv_timer_list_1_3;
82 extern struct net_device *lbs_cfg80211_ops_group0;
83 extern int ldv_state_variable_10;
84 extern struct timer_list * ldv_timer_list_1_1;
85 extern struct file *lbs_debug_fops_group2;
86 extern struct timer_list * ldv_timer_list_2_1;
87 extern struct wiphy *lbs_cfg80211_ops_group1;
88 extern struct timer_list * ldv_timer_list_1_0;
89 extern int ldv_state_variable_6;
90 extern int ldv_timer_1_2;
91 extern int ldv_state_variable_16;
92 extern struct device_attribute *dev_attr_channel_group1;
93 extern int ldv_timer_2_0;
94 extern int ldv_timer_1_1;
95 extern int ldv_state_variable_2;
96 extern struct timer_list * ldv_timer_list_1_2;
97 extern struct device_attribute *dev_attr_anycast_mask_group1;
98 extern int ldv_state_variable_11;
99 extern struct device_attribute *dev_attr_bootflag_group1;
100 extern int LDV_IN_INTERRUPT = 1;
101 extern int ldv_state_variable_18;
102 extern struct net_device *mesh_netdev_ops_group1;
103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1;
104 extern struct inode *lbs_debug_fops_group1;
105 extern int ldv_timer_3_2;
106 extern struct mutex fs_mutex;
107 extern int ldv_state_variable_3;
108 extern struct mutex ar_mutex;
109 extern struct timer_list * ldv_timer_list_2_3;
110 extern struct device_attribute *dev_attr_boottime_group1;
111 extern int ldv_timer_3_0;
112 extern struct timer_list * ldv_timer_list_3_0;
113 extern struct device_attribute *dev_attr_mesh_id_group1;
114 extern struct timer_list * ldv_timer_list_2_2;
115 extern int ldv_state_variable_4;
116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1;
117 extern void ldv_initialyze_cfg80211_ops_18(void);
118 extern int evil_hack_15(void);
119 extern void choose_timer_2(void);
120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag);
122 extern void choose_timer_3(void);
123 extern void timer_init_3(void);
124 extern void ldv_net_device_ops_4(void);
125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag);
126 extern void timer_init_2(void);
127 extern void timer_init_1(void);
128 extern void ldv_net_device_ops_15(void);
129 extern void disable_suitable_timer_3(struct timer_list * timer);
130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data);
131 extern int evil_hack_4(void);
132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
133 extern void disable_suitable_timer_2(struct timer_list * timer);
134 extern void disable_suitable_timer_1(struct timer_list * timer);
135 extern int evil_hack_fs_lock(void);
136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data);
137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag);
138 extern int __VERIFIER_nondet_int(void);
139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
140 extern void ldv_file_operations_17(void);
141 extern void ldv_initialyze_ethtool_ops_16(void);
142 extern void choose_timer_1(void);
143 extern void ldv_timer_1(int state, struct timer_list * timer);
144 extern int evil_hack_ar_lock(void);
145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data);
146 extern void ldv_timer_2(int state, struct timer_list * timer);
147 extern void ldv_timer_3(int state, struct timer_list * timer);
148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/mesh.c"
149 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
150
151 #include <linux/delay.h>
152 #include <linux/etherdevice.h>
153 #include <linux/hardirq.h>
154 #include <linux/netdevice.h>
155 #include <linux/if_ether.h>
156 #include <linux/if_arp.h>
157 #include <linux/kthread.h>
158 #include <linux/kfifo.h>
159 #include <net/cfg80211.h>
160
161 #include "mesh.h"
162 #include "decl.h"
163 #include "cmd.h"
164
165
166 static int lbs_add_mesh(struct lbs_private *priv);
167
168 /***************************************************************************
169 * Mesh command handling
170 */
171
172 static int lbs_mesh_access(struct lbs_private *priv, uint16_t cmd_action,
173 struct cmd_ds_mesh_access *cmd)
174 {
175 int ret;
176
177 lbs_deb_enter_args(LBS_DEB_CMD, "action %d", cmd_action);
178
179 cmd->hdr.command = cpu_to_le16(CMD_MESH_ACCESS);
180 cmd->hdr.size = cpu_to_le16(sizeof(*cmd));
181 cmd->hdr.result = 0;
182
183 cmd->action = cpu_to_le16(cmd_action);
184
185 ret = lbs_cmd_with_response(priv, CMD_MESH_ACCESS, cmd);
186
187 lbs_deb_leave(LBS_DEB_CMD);
188 return ret;
189 }
190
191 static int __lbs_mesh_config_send(struct lbs_private *priv,
192 struct cmd_ds_mesh_config *cmd,
193 uint16_t action, uint16_t type)
194 {
195 int ret;
196 u16 command = CMD_MESH_CONFIG_OLD;
197
198 lbs_deb_enter(LBS_DEB_CMD);
199
200 /*
201 * Command id is 0xac for v10 FW along with mesh interface
202 * id in bits 14-13-12.
203 */
204 if (priv->mesh_tlv == TLV_TYPE_MESH_ID)
205 command = CMD_MESH_CONFIG |
206 (MESH_IFACE_ID << MESH_IFACE_BIT_OFFSET);
207
208 cmd->hdr.command = cpu_to_le16(command);
209 cmd->hdr.size = cpu_to_le16(sizeof(struct cmd_ds_mesh_config));
210 cmd->hdr.result = 0;
211
212 cmd->type = cpu_to_le16(type);
213 cmd->action = cpu_to_le16(action);
214
215 ret = lbs_cmd_with_response(priv, command, cmd);
216
217 lbs_deb_leave(LBS_DEB_CMD);
218 return ret;
219 }
220
221 static int lbs_mesh_config_send(struct lbs_private *priv,
222 struct cmd_ds_mesh_config *cmd,
223 uint16_t action, uint16_t type)
224 {
225 int ret;
226
227 if (!(priv->fwcapinfo & FW_CAPINFO_PERSISTENT_CONFIG))
228 return -EOPNOTSUPP;
229
230 ret = __lbs_mesh_config_send(priv, cmd, action, type);
231 return ret;
232 }
233
234 /* This function is the CMD_MESH_CONFIG legacy function. It only handles the
235 * START and STOP actions. The extended actions supported by CMD_MESH_CONFIG
236 * are all handled by preparing a struct cmd_ds_mesh_config and passing it to
237 * lbs_mesh_config_send.
238 */
239 static int lbs_mesh_config(struct lbs_private *priv, uint16_t action,
240 uint16_t chan)
241 {
242 struct cmd_ds_mesh_config cmd;
243 struct mrvl_meshie *ie;
244
245 memset(&cmd, 0, sizeof(cmd));
246 cmd.channel = cpu_to_le16(chan);
247 ie = (struct mrvl_meshie *)cmd.data;
248
249 switch (action) {
250 case CMD_ACT_MESH_CONFIG_START:
251 ie->id = WLAN_EID_VENDOR_SPECIFIC;
252 ie->val.oui[0] = 0x00;
253 ie->val.oui[1] = 0x50;
254 ie->val.oui[2] = 0x43;
255 ie->val.type = MARVELL_MESH_IE_TYPE;
256 ie->val.subtype = MARVELL_MESH_IE_SUBTYPE;
257 ie->val.version = MARVELL_MESH_IE_VERSION;
258 ie->val.active_protocol_id = MARVELL_MESH_PROTO_ID_HWMP;
259 ie->val.active_metric_id = MARVELL_MESH_METRIC_ID;
260 ie->val.mesh_capability = MARVELL_MESH_CAPABILITY;
261 ie->val.mesh_id_len = priv->mesh_ssid_len;
262 memcpy(ie->val.mesh_id, priv->mesh_ssid, priv->mesh_ssid_len);
263 ie->len = sizeof(struct mrvl_meshie_val) -
264 IEEE80211_MAX_SSID_LEN + priv->mesh_ssid_len;
265 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie_val));
266 break;
267 case CMD_ACT_MESH_CONFIG_STOP:
268 break;
269 default:
270 return -1;
271 }
272 lbs_deb_cmd("mesh config action %d type %x channel %d SSID %*pE\n",
273 action, priv->mesh_tlv, chan, priv->mesh_ssid_len,
274 priv->mesh_ssid);
275
276 return __lbs_mesh_config_send(priv, &cmd, action, priv->mesh_tlv);
277 }
278
279 int lbs_mesh_set_channel(struct lbs_private *priv, u8 channel)
280 {
281 priv->mesh_channel = channel;
282 return lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, channel);
283 }
284
285 static uint16_t lbs_mesh_get_channel(struct lbs_private *priv)
286 {
287 return priv->mesh_channel ?: 1;
288 }
289
290 /***************************************************************************
291 * Mesh sysfs support
292 */
293
294 /*
295 * Attributes exported through sysfs
296 */
297
298 /**
299 * lbs_anycast_get - Get function for sysfs attribute anycast_mask
300 * @dev: the &struct device
301 * @attr: device attributes
302 * @buf: buffer where data will be returned
303 */
304 static ssize_t lbs_anycast_get(struct device *dev,
305 struct device_attribute *attr, char * buf)
306 {
307 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
308 struct cmd_ds_mesh_access mesh_access;
309 int ret;
310
311 memset(&mesh_access, 0, sizeof(mesh_access));
312
313 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_ANYCAST, &mesh_access);
314 if (ret)
315 return ret;
316
317 return snprintf(buf, 12, "0x%X\n", le32_to_cpu(mesh_access.data[0]));
318 }
319
320 /**
321 * lbs_anycast_set - Set function for sysfs attribute anycast_mask
322 * @dev: the &struct device
323 * @attr: device attributes
324 * @buf: buffer that contains new attribute value
325 * @count: size of buffer
326 */
327 static ssize_t lbs_anycast_set(struct device *dev,
328 struct device_attribute *attr, const char * buf, size_t count)
329 {
330 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
331 struct cmd_ds_mesh_access mesh_access;
332 uint32_t datum;
333 int ret;
334
335 memset(&mesh_access, 0, sizeof(mesh_access));
336 sscanf(buf, "%x", &datum);
337 mesh_access.data[0] = cpu_to_le32(datum);
338
339 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_ANYCAST, &mesh_access);
340 if (ret)
341 return ret;
342
343 return strlen(buf);
344 }
345
346 /**
347 * lbs_prb_rsp_limit_get - Get function for sysfs attribute prb_rsp_limit
348 * @dev: the &struct device
349 * @attr: device attributes
350 * @buf: buffer where data will be returned
351 */
352 static ssize_t lbs_prb_rsp_limit_get(struct device *dev,
353 struct device_attribute *attr, char *buf)
354 {
355 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
356 struct cmd_ds_mesh_access mesh_access;
357 int ret;
358 u32 retry_limit;
359
360 memset(&mesh_access, 0, sizeof(mesh_access));
361 mesh_access.data[0] = cpu_to_le32(CMD_ACT_GET);
362
363 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT,
364 &mesh_access);
365 if (ret)
366 return ret;
367
368 retry_limit = le32_to_cpu(mesh_access.data[1]);
369 return snprintf(buf, 10, "%d\n", retry_limit);
370 }
371
372 /**
373 * lbs_prb_rsp_limit_set - Set function for sysfs attribute prb_rsp_limit
374 * @dev: the &struct device
375 * @attr: device attributes
376 * @buf: buffer that contains new attribute value
377 * @count: size of buffer
378 */
379 static ssize_t lbs_prb_rsp_limit_set(struct device *dev,
380 struct device_attribute *attr, const char *buf, size_t count)
381 {
382 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
383 struct cmd_ds_mesh_access mesh_access;
384 int ret;
385 unsigned long retry_limit;
386
387 memset(&mesh_access, 0, sizeof(mesh_access));
388 mesh_access.data[0] = cpu_to_le32(CMD_ACT_SET);
389
390 if (!kstrtoul(buf, 10, &retry_limit))
391 return -ENOTSUPP;
392 if (retry_limit > 15)
393 return -ENOTSUPP;
394
395 mesh_access.data[1] = cpu_to_le32(retry_limit);
396
397 ret = lbs_mesh_access(priv, CMD_ACT_MESH_SET_GET_PRB_RSP_LIMIT,
398 &mesh_access);
399 if (ret)
400 return ret;
401
402 return strlen(buf);
403 }
404
405 /**
406 * lbs_mesh_get - Get function for sysfs attribute mesh
407 * @dev: the &struct device
408 * @attr: device attributes
409 * @buf: buffer where data will be returned
410 */
411 static ssize_t lbs_mesh_get(struct device *dev,
412 struct device_attribute *attr, char * buf)
413 {
414 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
415 return snprintf(buf, 5, "0x%X\n", !!priv->mesh_dev);
416 }
417
418 /**
419 * lbs_mesh_set - Set function for sysfs attribute mesh
420 * @dev: the &struct device
421 * @attr: device attributes
422 * @buf: buffer that contains new attribute value
423 * @count: size of buffer
424 */
425 static ssize_t lbs_mesh_set(struct device *dev,
426 struct device_attribute *attr, const char * buf, size_t count)
427 {
428 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
429 int enable;
430
431 sscanf(buf, "%x", &enable);
432 enable = !!enable;
433 if (enable == !!priv->mesh_dev)
434 return count;
435
436 if (enable)
437 lbs_add_mesh(priv);
438 else
439 lbs_remove_mesh(priv);
440
441 return count;
442 }
443
444 /*
445 * lbs_mesh attribute to be exported per ethX interface
446 * through sysfs (/sys/class/net/ethX/lbs_mesh)
447 */
448 static DEVICE_ATTR(lbs_mesh, 0644, lbs_mesh_get, lbs_mesh_set);
449
450 /*
451 * anycast_mask attribute to be exported per mshX interface
452 * through sysfs (/sys/class/net/mshX/anycast_mask)
453 */
454 static DEVICE_ATTR(anycast_mask, 0644, lbs_anycast_get, lbs_anycast_set);
455
456 /*
457 * prb_rsp_limit attribute to be exported per mshX interface
458 * through sysfs (/sys/class/net/mshX/prb_rsp_limit)
459 */
460 static DEVICE_ATTR(prb_rsp_limit, 0644, lbs_prb_rsp_limit_get,
461 lbs_prb_rsp_limit_set);
462
463 static struct attribute *lbs_mesh_sysfs_entries[] = {
464 &dev_attr_anycast_mask.attr,
465 &dev_attr_prb_rsp_limit.attr,
466 NULL,
467 };
468
469 static const struct attribute_group lbs_mesh_attr_group = {
470 .attrs = lbs_mesh_sysfs_entries,
471 };
472
473
474 /***************************************************************************
475 * Persistent configuration support
476 */
477
478 static int mesh_get_default_parameters(struct device *dev,
479 struct mrvl_mesh_defaults *defs)
480 {
481 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
482 struct cmd_ds_mesh_config cmd;
483 int ret;
484
485 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config));
486 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_GET,
487 CMD_TYPE_MESH_GET_DEFAULTS);
488
489 if (ret)
490 return -EOPNOTSUPP;
491
492 memcpy(defs, &cmd.data[0], sizeof(struct mrvl_mesh_defaults));
493
494 return 0;
495 }
496
497 /**
498 * bootflag_get - Get function for sysfs attribute bootflag
499 * @dev: the &struct device
500 * @attr: device attributes
501 * @buf: buffer where data will be returned
502 */
503 static ssize_t bootflag_get(struct device *dev,
504 struct device_attribute *attr, char *buf)
505 {
506 struct mrvl_mesh_defaults defs;
507 int ret;
508
509 ret = mesh_get_default_parameters(dev, &defs);
510
511 if (ret)
512 return ret;
513
514 return snprintf(buf, 12, "%d\n", le32_to_cpu(defs.bootflag));
515 }
516
517 /**
518 * bootflag_set - Set function for sysfs attribute bootflag
519 * @dev: the &struct device
520 * @attr: device attributes
521 * @buf: buffer that contains new attribute value
522 * @count: size of buffer
523 */
524 static ssize_t bootflag_set(struct device *dev, struct device_attribute *attr,
525 const char *buf, size_t count)
526 {
527 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
528 struct cmd_ds_mesh_config cmd;
529 uint32_t datum;
530 int ret;
531
532 memset(&cmd, 0, sizeof(cmd));
533 ret = sscanf(buf, "%d", &datum);
534 if ((ret != 1) || (datum > 1))
535 return -EINVAL;
536
537 *((__le32 *)&cmd.data[0]) = cpu_to_le32(!!datum);
538 cmd.length = cpu_to_le16(sizeof(uint32_t));
539 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
540 CMD_TYPE_MESH_SET_BOOTFLAG);
541 if (ret)
542 return ret;
543
544 return strlen(buf);
545 }
546
547 /**
548 * boottime_get - Get function for sysfs attribute boottime
549 * @dev: the &struct device
550 * @attr: device attributes
551 * @buf: buffer where data will be returned
552 */
553 static ssize_t boottime_get(struct device *dev,
554 struct device_attribute *attr, char *buf)
555 {
556 struct mrvl_mesh_defaults defs;
557 int ret;
558
559 ret = mesh_get_default_parameters(dev, &defs);
560
561 if (ret)
562 return ret;
563
564 return snprintf(buf, 12, "%d\n", defs.boottime);
565 }
566
567 /**
568 * boottime_set - Set function for sysfs attribute boottime
569 * @dev: the &struct device
570 * @attr: device attributes
571 * @buf: buffer that contains new attribute value
572 * @count: size of buffer
573 */
574 static ssize_t boottime_set(struct device *dev,
575 struct device_attribute *attr, const char *buf, size_t count)
576 {
577 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
578 struct cmd_ds_mesh_config cmd;
579 uint32_t datum;
580 int ret;
581
582 memset(&cmd, 0, sizeof(cmd));
583 ret = sscanf(buf, "%d", &datum);
584 if ((ret != 1) || (datum > 255))
585 return -EINVAL;
586
587 /* A too small boot time will result in the device booting into
588 * standalone (no-host) mode before the host can take control of it,
589 * so the change will be hard to revert. This may be a desired
590 * feature (e.g to configure a very fast boot time for devices that
591 * will not be attached to a host), but dangerous. So I'm enforcing a
592 * lower limit of 20 seconds: remove and recompile the driver if this
593 * does not work for you.
594 */
595 datum = (datum < 20) ? 20 : datum;
596 cmd.data[0] = datum;
597 cmd.length = cpu_to_le16(sizeof(uint8_t));
598 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
599 CMD_TYPE_MESH_SET_BOOTTIME);
600 if (ret)
601 return ret;
602
603 return strlen(buf);
604 }
605
606 /**
607 * channel_get - Get function for sysfs attribute channel
608 * @dev: the &struct device
609 * @attr: device attributes
610 * @buf: buffer where data will be returned
611 */
612 static ssize_t channel_get(struct device *dev,
613 struct device_attribute *attr, char *buf)
614 {
615 struct mrvl_mesh_defaults defs;
616 int ret;
617
618 ret = mesh_get_default_parameters(dev, &defs);
619
620 if (ret)
621 return ret;
622
623 return snprintf(buf, 12, "%d\n", le16_to_cpu(defs.channel));
624 }
625
626 /**
627 * channel_set - Set function for sysfs attribute channel
628 * @dev: the &struct device
629 * @attr: device attributes
630 * @buf: buffer that contains new attribute value
631 * @count: size of buffer
632 */
633 static ssize_t channel_set(struct device *dev, struct device_attribute *attr,
634 const char *buf, size_t count)
635 {
636 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
637 struct cmd_ds_mesh_config cmd;
638 uint32_t datum;
639 int ret;
640
641 memset(&cmd, 0, sizeof(cmd));
642 ret = sscanf(buf, "%d", &datum);
643 if (ret != 1 || datum < 1 || datum > 11)
644 return -EINVAL;
645
646 *((__le16 *)&cmd.data[0]) = cpu_to_le16(datum);
647 cmd.length = cpu_to_le16(sizeof(uint16_t));
648 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
649 CMD_TYPE_MESH_SET_DEF_CHANNEL);
650 if (ret)
651 return ret;
652
653 return strlen(buf);
654 }
655
656 /**
657 * mesh_id_get - Get function for sysfs attribute mesh_id
658 * @dev: the &struct device
659 * @attr: device attributes
660 * @buf: buffer where data will be returned
661 */
662 static ssize_t mesh_id_get(struct device *dev, struct device_attribute *attr,
663 char *buf)
664 {
665 struct mrvl_mesh_defaults defs;
666 int ret;
667
668 ret = mesh_get_default_parameters(dev, &defs);
669
670 if (ret)
671 return ret;
672
673 if (defs.meshie.val.mesh_id_len > IEEE80211_MAX_SSID_LEN) {
674 dev_err(dev, "inconsistent mesh ID length\n");
675 defs.meshie.val.mesh_id_len = IEEE80211_MAX_SSID_LEN;
676 }
677
678 memcpy(buf, defs.meshie.val.mesh_id, defs.meshie.val.mesh_id_len);
679 buf[defs.meshie.val.mesh_id_len] = '\n';
680 buf[defs.meshie.val.mesh_id_len + 1] = '\0';
681
682 return defs.meshie.val.mesh_id_len + 1;
683 }
684
685 /**
686 * mesh_id_set - Set function for sysfs attribute mesh_id
687 * @dev: the &struct device
688 * @attr: device attributes
689 * @buf: buffer that contains new attribute value
690 * @count: size of buffer
691 */
692 static ssize_t mesh_id_set(struct device *dev, struct device_attribute *attr,
693 const char *buf, size_t count)
694 {
695 struct cmd_ds_mesh_config cmd;
696 struct mrvl_mesh_defaults defs;
697 struct mrvl_meshie *ie;
698 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
699 int len;
700 int ret;
701
702 if (count < 2 || count > IEEE80211_MAX_SSID_LEN + 1)
703 return -EINVAL;
704
705 memset(&cmd, 0, sizeof(struct cmd_ds_mesh_config));
706 ie = (struct mrvl_meshie *) &cmd.data[0];
707
708 /* fetch all other Information Element parameters */
709 ret = mesh_get_default_parameters(dev, &defs);
710
711 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
712
713 /* transfer IE elements */
714 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
715
716 len = count - 1;
717 memcpy(ie->val.mesh_id, buf, len);
718 /* SSID len */
719 ie->val.mesh_id_len = len;
720 /* IE len */
721 ie->len = sizeof(struct mrvl_meshie_val) - IEEE80211_MAX_SSID_LEN + len;
722
723 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
724 CMD_TYPE_MESH_SET_MESH_IE);
725 if (ret)
726 return ret;
727
728 return strlen(buf);
729 }
730
731 /**
732 * protocol_id_get - Get function for sysfs attribute protocol_id
733 * @dev: the &struct device
734 * @attr: device attributes
735 * @buf: buffer where data will be returned
736 */
737 static ssize_t protocol_id_get(struct device *dev,
738 struct device_attribute *attr, char *buf)
739 {
740 struct mrvl_mesh_defaults defs;
741 int ret;
742
743 ret = mesh_get_default_parameters(dev, &defs);
744
745 if (ret)
746 return ret;
747
748 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_protocol_id);
749 }
750
751 /**
752 * protocol_id_set - Set function for sysfs attribute protocol_id
753 * @dev: the &struct device
754 * @attr: device attributes
755 * @buf: buffer that contains new attribute value
756 * @count: size of buffer
757 */
758 static ssize_t protocol_id_set(struct device *dev,
759 struct device_attribute *attr, const char *buf, size_t count)
760 {
761 struct cmd_ds_mesh_config cmd;
762 struct mrvl_mesh_defaults defs;
763 struct mrvl_meshie *ie;
764 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
765 uint32_t datum;
766 int ret;
767
768 memset(&cmd, 0, sizeof(cmd));
769 ret = sscanf(buf, "%d", &datum);
770 if ((ret != 1) || (datum > 255))
771 return -EINVAL;
772
773 /* fetch all other Information Element parameters */
774 ret = mesh_get_default_parameters(dev, &defs);
775
776 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
777
778 /* transfer IE elements */
779 ie = (struct mrvl_meshie *) &cmd.data[0];
780 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
781 /* update protocol id */
782 ie->val.active_protocol_id = datum;
783
784 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
785 CMD_TYPE_MESH_SET_MESH_IE);
786 if (ret)
787 return ret;
788
789 return strlen(buf);
790 }
791
792 /**
793 * metric_id_get - Get function for sysfs attribute metric_id
794 * @dev: the &struct device
795 * @attr: device attributes
796 * @buf: buffer where data will be returned
797 */
798 static ssize_t metric_id_get(struct device *dev,
799 struct device_attribute *attr, char *buf)
800 {
801 struct mrvl_mesh_defaults defs;
802 int ret;
803
804 ret = mesh_get_default_parameters(dev, &defs);
805
806 if (ret)
807 return ret;
808
809 return snprintf(buf, 5, "%d\n", defs.meshie.val.active_metric_id);
810 }
811
812 /**
813 * metric_id_set - Set function for sysfs attribute metric_id
814 * @dev: the &struct device
815 * @attr: device attributes
816 * @buf: buffer that contains new attribute value
817 * @count: size of buffer
818 */
819 static ssize_t metric_id_set(struct device *dev, struct device_attribute *attr,
820 const char *buf, size_t count)
821 {
822 struct cmd_ds_mesh_config cmd;
823 struct mrvl_mesh_defaults defs;
824 struct mrvl_meshie *ie;
825 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
826 uint32_t datum;
827 int ret;
828
829 memset(&cmd, 0, sizeof(cmd));
830 ret = sscanf(buf, "%d", &datum);
831 if ((ret != 1) || (datum > 255))
832 return -EINVAL;
833
834 /* fetch all other Information Element parameters */
835 ret = mesh_get_default_parameters(dev, &defs);
836
837 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
838
839 /* transfer IE elements */
840 ie = (struct mrvl_meshie *) &cmd.data[0];
841 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
842 /* update metric id */
843 ie->val.active_metric_id = datum;
844
845 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
846 CMD_TYPE_MESH_SET_MESH_IE);
847 if (ret)
848 return ret;
849
850 return strlen(buf);
851 }
852
853 /**
854 * capability_get - Get function for sysfs attribute capability
855 * @dev: the &struct device
856 * @attr: device attributes
857 * @buf: buffer where data will be returned
858 */
859 static ssize_t capability_get(struct device *dev,
860 struct device_attribute *attr, char *buf)
861 {
862 struct mrvl_mesh_defaults defs;
863 int ret;
864
865 ret = mesh_get_default_parameters(dev, &defs);
866
867 if (ret)
868 return ret;
869
870 return snprintf(buf, 5, "%d\n", defs.meshie.val.mesh_capability);
871 }
872
873 /**
874 * capability_set - Set function for sysfs attribute capability
875 * @dev: the &struct device
876 * @attr: device attributes
877 * @buf: buffer that contains new attribute value
878 * @count: size of buffer
879 */
880 static ssize_t capability_set(struct device *dev, struct device_attribute *attr,
881 const char *buf, size_t count)
882 {
883 struct cmd_ds_mesh_config cmd;
884 struct mrvl_mesh_defaults defs;
885 struct mrvl_meshie *ie;
886 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
887 uint32_t datum;
888 int ret;
889
890 memset(&cmd, 0, sizeof(cmd));
891 ret = sscanf(buf, "%d", &datum);
892 if ((ret != 1) || (datum > 255))
893 return -EINVAL;
894
895 /* fetch all other Information Element parameters */
896 ret = mesh_get_default_parameters(dev, &defs);
897
898 cmd.length = cpu_to_le16(sizeof(struct mrvl_meshie));
899
900 /* transfer IE elements */
901 ie = (struct mrvl_meshie *) &cmd.data[0];
902 memcpy(ie, &defs.meshie, sizeof(struct mrvl_meshie));
903 /* update value */
904 ie->val.mesh_capability = datum;
905
906 ret = lbs_mesh_config_send(priv, &cmd, CMD_ACT_MESH_CONFIG_SET,
907 CMD_TYPE_MESH_SET_MESH_IE);
908 if (ret)
909 return ret;
910
911 return strlen(buf);
912 }
913
914
915 static DEVICE_ATTR(bootflag, 0644, bootflag_get, bootflag_set);
916 static DEVICE_ATTR(boottime, 0644, boottime_get, boottime_set);
917 static DEVICE_ATTR(channel, 0644, channel_get, channel_set);
918 static DEVICE_ATTR(mesh_id, 0644, mesh_id_get, mesh_id_set);
919 static DEVICE_ATTR(protocol_id, 0644, protocol_id_get, protocol_id_set);
920 static DEVICE_ATTR(metric_id, 0644, metric_id_get, metric_id_set);
921 static DEVICE_ATTR(capability, 0644, capability_get, capability_set);
922
923 static struct attribute *boot_opts_attrs[] = {
924 &dev_attr_bootflag.attr,
925 &dev_attr_boottime.attr,
926 &dev_attr_channel.attr,
927 NULL
928 };
929
930 static const struct attribute_group boot_opts_group = {
931 .name = "boot_options",
932 .attrs = boot_opts_attrs,
933 };
934
935 static struct attribute *mesh_ie_attrs[] = {
936 &dev_attr_mesh_id.attr,
937 &dev_attr_protocol_id.attr,
938 &dev_attr_metric_id.attr,
939 &dev_attr_capability.attr,
940 NULL
941 };
942
943 static const struct attribute_group mesh_ie_group = {
944 .name = "mesh_ie",
945 .attrs = mesh_ie_attrs,
946 };
947
948 static void lbs_persist_config_init(struct net_device *dev)
949 {
950 int ret;
951 ret = sysfs_create_group(&(dev->dev.kobj), &boot_opts_group);
952 ret = sysfs_create_group(&(dev->dev.kobj), &mesh_ie_group);
953 }
954
955 static void lbs_persist_config_remove(struct net_device *dev)
956 {
957 sysfs_remove_group(&(dev->dev.kobj), &boot_opts_group);
958 sysfs_remove_group(&(dev->dev.kobj), &mesh_ie_group);
959 }
960
961
962 /***************************************************************************
963 * Initializing and starting, stopping mesh
964 */
965
966 /*
967 * Check mesh FW version and appropriately send the mesh start
968 * command
969 */
970 int lbs_init_mesh(struct lbs_private *priv)
971 {
972 int ret = 0;
973
974 lbs_deb_enter(LBS_DEB_MESH);
975
976 /* Determine mesh_fw_ver from fwrelease and fwcapinfo */
977 /* 5.0.16p0 9.0.0.p0 is known to NOT support any mesh */
978 /* 5.110.22 have mesh command with 0xa3 command id */
979 /* 10.0.0.p0 FW brings in mesh config command with different id */
980 /* Check FW version MSB and initialize mesh_fw_ver */
981 if (MRVL_FW_MAJOR_REV(priv->fwrelease) == MRVL_FW_V5) {
982 /* Enable mesh, if supported, and work out which TLV it uses.
983 0x100 + 291 is an unofficial value used in 5.110.20.pXX
984 0x100 + 37 is the official value used in 5.110.21.pXX
985 but we check them in that order because 20.pXX doesn't
986 give an error -- it just silently fails. */
987
988 /* 5.110.20.pXX firmware will fail the command if the channel
989 doesn't match the existing channel. But only if the TLV
990 is correct. If the channel is wrong, _BOTH_ versions will
991 give an error to 0x100+291, and allow 0x100+37 to succeed.
992 It's just that 5.110.20.pXX will not have done anything
993 useful */
994
995 priv->mesh_tlv = TLV_TYPE_OLD_MESH_ID;
996 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1)) {
997 priv->mesh_tlv = TLV_TYPE_MESH_ID;
998 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1))
999 priv->mesh_tlv = 0;
1000 }
1001 } else
1002 if ((MRVL_FW_MAJOR_REV(priv->fwrelease) >= MRVL_FW_V10) &&
1003 (priv->fwcapinfo & MESH_CAPINFO_ENABLE_MASK)) {
1004 /* 10.0.0.pXX new firmwares should succeed with TLV
1005 * 0x100+37; Do not invoke command with old TLV.
1006 */
1007 priv->mesh_tlv = TLV_TYPE_MESH_ID;
1008 if (lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START, 1))
1009 priv->mesh_tlv = 0;
1010 }
1011
1012 /* Stop meshing until interface is brought up */
1013 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP, 1);
1014
1015 if (priv->mesh_tlv) {
1016 sprintf(priv->mesh_ssid, "mesh");
1017 priv->mesh_ssid_len = 4;
1018 ret = 1;
1019 }
1020
1021 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret);
1022 return ret;
1023 }
1024
1025 void lbs_start_mesh(struct lbs_private *priv)
1026 {
1027 lbs_add_mesh(priv);
1028
1029 if (device_create_file(&priv->dev->dev, &dev_attr_lbs_mesh))
1030 netdev_err(priv->dev, "cannot register lbs_mesh attribute\n");
1031 }
1032
1033 int lbs_deinit_mesh(struct lbs_private *priv)
1034 {
1035 struct net_device *dev = priv->dev;
1036 int ret = 0;
1037
1038 lbs_deb_enter(LBS_DEB_MESH);
1039
1040 if (priv->mesh_tlv) {
1041 device_remove_file(&dev->dev, &dev_attr_lbs_mesh);
1042 ret = 1;
1043 }
1044
1045 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret);
1046 return ret;
1047 }
1048
1049
1050 /**
1051 * lbs_mesh_stop - close the mshX interface
1052 *
1053 * @dev: A pointer to &net_device structure
1054 * returns: 0
1055 */
1056 static int lbs_mesh_stop(struct net_device *dev)
1057 {
1058 struct lbs_private *priv = dev->ml_priv;
1059
1060 lbs_deb_enter(LBS_DEB_MESH);
1061 lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_STOP,
1062 lbs_mesh_get_channel(priv));
1063
1064 spin_lock_irq(&priv->driver_lock);
1065
1066 netif_stop_queue(dev);
1067 netif_carrier_off(dev);
1068
1069 spin_unlock_irq(&priv->driver_lock);
1070
1071 lbs_update_mcast(priv);
1072 if (!lbs_iface_active(priv))
1073 lbs_stop_iface(priv);
1074
1075 lbs_deb_leave(LBS_DEB_MESH);
1076 return 0;
1077 }
1078
1079 /**
1080 * lbs_mesh_dev_open - open the mshX interface
1081 *
1082 * @dev: A pointer to &net_device structure
1083 * returns: 0 or -EBUSY if monitor mode active
1084 */
1085 static int lbs_mesh_dev_open(struct net_device *dev)
1086 {
1087 struct lbs_private *priv = dev->ml_priv;
1088 int ret = 0;
1089
1090 lbs_deb_enter(LBS_DEB_NET);
1091 if (!priv->iface_running) {
1092 ret = lbs_start_iface(priv);
1093 if (ret)
1094 goto out;
1095 }
1096
1097 spin_lock_irq(&priv->driver_lock);
1098
1099 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) {
1100 ret = -EBUSY;
1101 spin_unlock_irq(&priv->driver_lock);
1102 goto out;
1103 }
1104
1105 netif_carrier_on(dev);
1106
1107 if (!priv->tx_pending_len)
1108 netif_wake_queue(dev);
1109
1110 spin_unlock_irq(&priv->driver_lock);
1111
1112 ret = lbs_mesh_config(priv, CMD_ACT_MESH_CONFIG_START,
1113 lbs_mesh_get_channel(priv));
1114
1115 out:
1116 lbs_deb_leave_args(LBS_DEB_NET, "ret %d", ret);
1117 return ret;
1118 }
1119
1120 static const struct net_device_ops mesh_netdev_ops = {
1121 .ndo_open = lbs_mesh_dev_open,
1122 .ndo_stop = lbs_mesh_stop,
1123 .ndo_start_xmit = lbs_hard_start_xmit,
1124 .ndo_set_mac_address = lbs_set_mac_address,
1125 .ndo_set_rx_mode = lbs_set_multicast_list,
1126 };
1127
1128 /**
1129 * lbs_add_mesh - add mshX interface
1130 *
1131 * @priv: A pointer to the &struct lbs_private structure
1132 * returns: 0 if successful, -X otherwise
1133 */
1134 static int lbs_add_mesh(struct lbs_private *priv)
1135 {
1136 struct net_device *mesh_dev = NULL;
1137 struct wireless_dev *mesh_wdev;
1138 int ret = 0;
1139
1140 lbs_deb_enter(LBS_DEB_MESH);
1141
1142 /* Allocate a virtual mesh device */
1143 mesh_wdev = kzalloc(sizeof(struct wireless_dev), GFP_KERNEL);
1144 if (!mesh_wdev) {
1145 lbs_deb_mesh("init mshX wireless device failed\n");
1146 ret = -ENOMEM;
1147 goto done;
1148 }
1149
1150 mesh_dev = alloc_netdev(0, "msh%d", NET_NAME_UNKNOWN, ether_setup);
1151 if (!mesh_dev) {
1152 lbs_deb_mesh("init mshX device failed\n");
1153 ret = -ENOMEM;
1154 goto err_free_wdev;
1155 }
1156
1157 mesh_wdev->iftype = NL80211_IFTYPE_MESH_POINT;
1158 mesh_wdev->wiphy = priv->wdev->wiphy;
1159 mesh_wdev->netdev = mesh_dev;
1160
1161 mesh_dev->ml_priv = priv;
1162 mesh_dev->ieee80211_ptr = mesh_wdev;
1163 priv->mesh_dev = mesh_dev;
1164
1165 mesh_dev->netdev_ops = &mesh_netdev_ops;
1166 mesh_dev->ethtool_ops = &lbs_ethtool_ops;
1167 eth_hw_addr_inherit(mesh_dev, priv->dev);
1168
1169 SET_NETDEV_DEV(priv->mesh_dev, priv->dev->dev.parent);
1170
1171 mesh_dev->flags |= IFF_BROADCAST | IFF_MULTICAST;
1172 /* Register virtual mesh interface */
1173 ret = register_netdev(mesh_dev);
1174 if (ret) {
1175 pr_err("cannot register mshX virtual interface\n");
1176 goto err_free_netdev;
1177 }
1178
1179 ret = sysfs_create_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group);
1180 if (ret)
1181 goto err_unregister;
1182
1183 lbs_persist_config_init(mesh_dev);
1184
1185 /* Everything successful */
1186 ret = 0;
1187 goto done;
1188
1189 err_unregister:
1190 unregister_netdev(mesh_dev);
1191
1192 err_free_netdev:
1193 free_netdev(mesh_dev);
1194
1195 err_free_wdev:
1196 kfree(mesh_wdev);
1197
1198 done:
1199 lbs_deb_leave_args(LBS_DEB_MESH, "ret %d", ret);
1200 return ret;
1201 }
1202
1203 void lbs_remove_mesh(struct lbs_private *priv)
1204 {
1205 struct net_device *mesh_dev;
1206
1207 mesh_dev = priv->mesh_dev;
1208 if (!mesh_dev)
1209 return;
1210
1211 lbs_deb_enter(LBS_DEB_MESH);
1212 netif_stop_queue(mesh_dev);
1213 netif_carrier_off(mesh_dev);
1214 sysfs_remove_group(&(mesh_dev->dev.kobj), &lbs_mesh_attr_group);
1215 lbs_persist_config_remove(mesh_dev);
1216 unregister_netdev(mesh_dev);
1217 priv->mesh_dev = NULL;
1218 kfree(mesh_dev->ieee80211_ptr);
1219 free_netdev(mesh_dev);
1220 lbs_deb_leave(LBS_DEB_MESH);
1221 }
1222
1223
1224 /***************************************************************************
1225 * Sending and receiving
1226 */
1227 struct net_device *lbs_mesh_set_dev(struct lbs_private *priv,
1228 struct net_device *dev, struct rxpd *rxpd)
1229 {
1230 if (priv->mesh_dev) {
1231 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID) {
1232 if (rxpd->rx_control & RxPD_MESH_FRAME)
1233 dev = priv->mesh_dev;
1234 } else if (priv->mesh_tlv == TLV_TYPE_MESH_ID) {
1235 if (rxpd->u.bss.bss_num == MESH_IFACE_ID)
1236 dev = priv->mesh_dev;
1237 }
1238 }
1239 return dev;
1240 }
1241
1242
1243 void lbs_mesh_set_txpd(struct lbs_private *priv,
1244 struct net_device *dev, struct txpd *txpd)
1245 {
1246 if (dev == priv->mesh_dev) {
1247 if (priv->mesh_tlv == TLV_TYPE_OLD_MESH_ID)
1248 txpd->tx_control |= cpu_to_le32(TxPD_MESH_FRAME);
1249 else if (priv->mesh_tlv == TLV_TYPE_MESH_ID)
1250 txpd->u.bss.bss_num = MESH_IFACE_ID;
1251 }
1252 }
1253
1254
1255 /***************************************************************************
1256 * Ethtool related
1257 */
1258
1259 static const char * const mesh_stat_strings[] = {
1260 "drop_duplicate_bcast",
1261 "drop_ttl_zero",
1262 "drop_no_fwd_route",
1263 "drop_no_buffers",
1264 "fwded_unicast_cnt",
1265 "fwded_bcast_cnt",
1266 "drop_blind_table",
1267 "tx_failed_cnt"
1268 };
1269
1270 void lbs_mesh_ethtool_get_stats(struct net_device *dev,
1271 struct ethtool_stats *stats, uint64_t *data)
1272 {
1273 struct lbs_private *priv = dev->ml_priv;
1274 struct cmd_ds_mesh_access mesh_access;
1275 int ret;
1276
1277 lbs_deb_enter(LBS_DEB_ETHTOOL);
1278
1279 /* Get Mesh Statistics */
1280 ret = lbs_mesh_access(priv, CMD_ACT_MESH_GET_STATS, &mesh_access);
1281
1282 if (ret) {
1283 memset(data, 0, MESH_STATS_NUM*(sizeof(uint64_t)));
1284 return;
1285 }
1286
1287 priv->mstats.fwd_drop_rbt = le32_to_cpu(mesh_access.data[0]);
1288 priv->mstats.fwd_drop_ttl = le32_to_cpu(mesh_access.data[1]);
1289 priv->mstats.fwd_drop_noroute = le32_to_cpu(mesh_access.data[2]);
1290 priv->mstats.fwd_drop_nobuf = le32_to_cpu(mesh_access.data[3]);
1291 priv->mstats.fwd_unicast_cnt = le32_to_cpu(mesh_access.data[4]);
1292 priv->mstats.fwd_bcast_cnt = le32_to_cpu(mesh_access.data[5]);
1293 priv->mstats.drop_blind = le32_to_cpu(mesh_access.data[6]);
1294 priv->mstats.tx_failed_cnt = le32_to_cpu(mesh_access.data[7]);
1295
1296 data[0] = priv->mstats.fwd_drop_rbt;
1297 data[1] = priv->mstats.fwd_drop_ttl;
1298 data[2] = priv->mstats.fwd_drop_noroute;
1299 data[3] = priv->mstats.fwd_drop_nobuf;
1300 data[4] = priv->mstats.fwd_unicast_cnt;
1301 data[5] = priv->mstats.fwd_bcast_cnt;
1302 data[6] = priv->mstats.drop_blind;
1303 data[7] = priv->mstats.tx_failed_cnt;
1304
1305 lbs_deb_enter(LBS_DEB_ETHTOOL);
1306 }
1307
1308 int lbs_mesh_ethtool_get_sset_count(struct net_device *dev, int sset)
1309 {
1310 struct lbs_private *priv = dev->ml_priv;
1311
1312 if (sset == ETH_SS_STATS && dev == priv->mesh_dev)
1313 return MESH_STATS_NUM;
1314
1315 return -EOPNOTSUPP;
1316 }
1317
1318 void lbs_mesh_ethtool_get_strings(struct net_device *dev,
1319 uint32_t stringset, uint8_t *s)
1320 {
1321 int i;
1322
1323 lbs_deb_enter(LBS_DEB_ETHTOOL);
1324
1325 switch (stringset) {
1326 case ETH_SS_STATS:
1327 for (i = 0; i < MESH_STATS_NUM; i++) {
1328 memcpy(s + i * ETH_GSTRING_LEN,
1329 mesh_stat_strings[i],
1330 ETH_GSTRING_LEN);
1331 }
1332 break;
1333 }
1334 lbs_deb_enter(LBS_DEB_ETHTOOL);
1335 }
1336
1337 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/mesh.o.c.prepared"
1338
1339 int ldv_retval_5;
1340 int ldv_retval_6;
1341 int ldv_ndo_init_4(void);
1342 int ldv_ndo_uninit_4(void);
1343
1344
1345 void ldv_net_device_ops_4(void){
1346 mesh_netdev_ops_group1 = ldv_undef_ptr();
1347 }
1348
1349
1350 int evil_hack_4(void){
1351 rtnl_lock();
1352 return 1;
1353 }
1354
1355
1356 void ldv_main_exported_6(void){
1357 struct device *ldvarg52;
1358 char const *ldvarg56;
1359 struct device *ldvarg55;
1360 char *ldvarg53;
1361 size_t ldvarg54;
1362 /*DEG-struct: handlers from structure dev_attr_metric_id*/
1363 switch(__VERIFIER_nondet_int()){
1364 case 0:{
1365 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1366 if(ldv_state_variable_6 == 1){
1367 /*DEG-CALL: handler store from dev_attr_metric_id*/
1368 (& metric_id_set)(ldvarg55,dev_attr_metric_id_group1,ldvarg56,ldvarg54);
1369 ldv_state_variable_6 = 1;
1370 }
1371 }
1372 break;
1373 case 1:{
1374 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1375 if(ldv_state_variable_6 == 1){
1376 /*DEG-CALL: handler show from dev_attr_metric_id*/
1377 (& metric_id_get)(ldvarg52,dev_attr_metric_id_group1,ldvarg53);
1378 ldv_state_variable_6 = 1;
1379 }
1380 }
1381 break;
1382 default: ldv_assume(0);
1383 }
1384
1385 };
1386
1387
1388 void ldv_main_exported_11(void){
1389 size_t ldvarg2;
1390 struct device *ldvarg0;
1391 struct device *ldvarg3;
1392 char const *ldvarg4;
1393 char *ldvarg1;
1394 /*DEG-struct: handlers from structure dev_attr_bootflag*/
1395 switch(__VERIFIER_nondet_int()){
1396 case 0:{
1397 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1398 if(ldv_state_variable_11 == 1){
1399 /*DEG-CALL: handler store from dev_attr_bootflag*/
1400 (& bootflag_set)(ldvarg3,dev_attr_bootflag_group1,ldvarg4,ldvarg2);
1401 ldv_state_variable_11 = 1;
1402 }
1403 }
1404 break;
1405 case 1:{
1406 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1407 if(ldv_state_variable_11 == 1){
1408 /*DEG-CALL: handler show from dev_attr_bootflag*/
1409 (& bootflag_get)(ldvarg0,dev_attr_bootflag_group1,ldvarg1);
1410 ldv_state_variable_11 = 1;
1411 }
1412 }
1413 break;
1414 default: ldv_assume(0);
1415 }
1416
1417 };
1418
1419
1420 void ldv_main_exported_7(void){
1421 char *ldvarg6;
1422 struct device *ldvarg5;
1423 char const *ldvarg9;
1424 size_t ldvarg7;
1425 struct device *ldvarg8;
1426 /*DEG-struct: handlers from structure dev_attr_protocol_id*/
1427 switch(__VERIFIER_nondet_int()){
1428 case 0:{
1429 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1430 if(ldv_state_variable_7 == 1){
1431 /*DEG-CALL: handler store from dev_attr_protocol_id*/
1432 (& protocol_id_set)(ldvarg8,dev_attr_protocol_id_group1,ldvarg9,ldvarg7);
1433 ldv_state_variable_7 = 1;
1434 }
1435 }
1436 break;
1437 case 1:{
1438 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1439 if(ldv_state_variable_7 == 1){
1440 /*DEG-CALL: handler show from dev_attr_protocol_id*/
1441 (& protocol_id_get)(ldvarg5,dev_attr_protocol_id_group1,ldvarg6);
1442 ldv_state_variable_7 = 1;
1443 }
1444 }
1445 break;
1446 default: ldv_assume(0);
1447 }
1448
1449 };
1450
1451
1452 void ldv_main_exported_9(void){
1453 size_t ldvarg59;
1454 struct device *ldvarg60;
1455 char const *ldvarg61;
1456 char *ldvarg58;
1457 struct device *ldvarg57;
1458 /*DEG-struct: handlers from structure dev_attr_channel*/
1459 switch(__VERIFIER_nondet_int()){
1460 case 0:{
1461 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1462 if(ldv_state_variable_9 == 1){
1463 /*DEG-CALL: handler store from dev_attr_channel*/
1464 (& channel_set)(ldvarg60,dev_attr_channel_group1,ldvarg61,ldvarg59);
1465 ldv_state_variable_9 = 1;
1466 }
1467 }
1468 break;
1469 case 1:{
1470 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1471 if(ldv_state_variable_9 == 1){
1472 /*DEG-CALL: handler show from dev_attr_channel*/
1473 (& channel_get)(ldvarg57,dev_attr_channel_group1,ldvarg58);
1474 ldv_state_variable_9 = 1;
1475 }
1476 }
1477 break;
1478 default: ldv_assume(0);
1479 }
1480
1481 };
1482
1483
1484 void ldv_main_exported_12(void){
1485 struct device *ldvarg62;
1486 size_t ldvarg64;
1487 char const *ldvarg66;
1488 char *ldvarg63;
1489 struct device *ldvarg65;
1490 /*DEG-struct: handlers from structure dev_attr_prb_rsp_limit*/
1491 switch(__VERIFIER_nondet_int()){
1492 case 0:{
1493 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1494 if(ldv_state_variable_12 == 1){
1495 /*DEG-CALL: handler store from dev_attr_prb_rsp_limit*/
1496 (& lbs_prb_rsp_limit_set)(ldvarg65,dev_attr_prb_rsp_limit_group1,ldvarg66,ldvarg64);
1497 ldv_state_variable_12 = 1;
1498 }
1499 }
1500 break;
1501 case 1:{
1502 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1503 if(ldv_state_variable_12 == 1){
1504 /*DEG-CALL: handler show from dev_attr_prb_rsp_limit*/
1505 (& lbs_prb_rsp_limit_get)(ldvarg62,dev_attr_prb_rsp_limit_group1,ldvarg63);
1506 ldv_state_variable_12 = 1;
1507 }
1508 }
1509 break;
1510 default: ldv_assume(0);
1511 }
1512
1513 };
1514
1515
1516 void ldv_main_exported_14(void){
1517 size_t ldvarg69;
1518 char *ldvarg68;
1519 char const *ldvarg71;
1520 struct device *ldvarg67;
1521 struct device *ldvarg70;
1522 /*DEG-struct: handlers from structure dev_attr_lbs_mesh*/
1523 switch(__VERIFIER_nondet_int()){
1524 case 0:{
1525 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1526 if(ldv_state_variable_14 == 1){
1527 /*DEG-CALL: handler store from dev_attr_lbs_mesh*/
1528 (& lbs_mesh_set)(ldvarg70,dev_attr_lbs_mesh_group1,ldvarg71,ldvarg69);
1529 ldv_state_variable_14 = 1;
1530 }
1531 }
1532 break;
1533 case 1:{
1534 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1535 if(ldv_state_variable_14 == 1){
1536 /*DEG-CALL: handler show from dev_attr_lbs_mesh*/
1537 (& lbs_mesh_get)(ldvarg67,dev_attr_lbs_mesh_group1,ldvarg68);
1538 ldv_state_variable_14 = 1;
1539 }
1540 }
1541 break;
1542 default: ldv_assume(0);
1543 }
1544
1545 };
1546
1547
1548 void ldv_main_exported_8(void){
1549 struct device *ldvarg75;
1550 char *ldvarg76;
1551 struct device *ldvarg78;
1552 char const *ldvarg79;
1553 size_t ldvarg77;
1554 /*DEG-struct: handlers from structure dev_attr_mesh_id*/
1555 switch(__VERIFIER_nondet_int()){
1556 case 0:{
1557 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1558 if(ldv_state_variable_8 == 1){
1559 /*DEG-CALL: handler store from dev_attr_mesh_id*/
1560 (& mesh_id_set)(ldvarg78,dev_attr_mesh_id_group1,ldvarg79,ldvarg77);
1561 ldv_state_variable_8 = 1;
1562 }
1563 }
1564 break;
1565 case 1:{
1566 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1567 if(ldv_state_variable_8 == 1){
1568 /*DEG-CALL: handler show from dev_attr_mesh_id*/
1569 (& mesh_id_get)(ldvarg75,dev_attr_mesh_id_group1,ldvarg76);
1570 ldv_state_variable_8 = 1;
1571 }
1572 }
1573 break;
1574 default: ldv_assume(0);
1575 }
1576
1577 };
1578
1579
1580 void ldv_main_exported_4(void){
1581 void *ldvarg80;
1582 struct sk_buff *ldvarg81;
1583 /*DEG-struct: handlers from structure mesh_netdev_ops*/
1584 switch(__VERIFIER_nondet_int()){
1585 case 0:{
1586 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1587 if(ldv_state_variable_4 == 1){
1588 /*DEG-CALL: handler ndo_set_rx_mode from mesh_netdev_ops*/
1589 (& lbs_set_multicast_list)(mesh_netdev_ops_group1);
1590 /*DEG-postcall: default*/
1591 ldv_state_variable_4 = 1;
1592 }
1593 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
1594 if(ldv_state_variable_4 == 3){
1595 /*DEG-CALL: handler ndo_set_rx_mode from mesh_netdev_ops*/
1596 (& lbs_set_multicast_list)(mesh_netdev_ops_group1);
1597 /*DEG-postcall: default*/
1598 ldv_state_variable_4 = 3;
1599 }
1600 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
1601 if(ldv_state_variable_4 == 2){
1602 /*DEG-CALL: handler ndo_set_rx_mode from mesh_netdev_ops*/
1603 (& lbs_set_multicast_list)(mesh_netdev_ops_group1);
1604 /*DEG-postcall: default*/
1605 ldv_state_variable_4 = 2;
1606 }
1607 }
1608 break;
1609 case 1:{
1610 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
1611 if(ldv_state_variable_4 == 3 && evil_hack_4()){
1612 /*DEG-CALL: handler ndo_stop from mesh_netdev_ops*/
1613 (& lbs_mesh_stop)(mesh_netdev_ops_group1);
1614 ldv_state_variable_4 = 2;
1615 rtnl_unlock();
1616 }
1617 }
1618 break;
1619 case 2:{
1620 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
1621 if(ldv_state_variable_4 == 2 && evil_hack_4()){
1622 /*DEG-CALL: handler ndo_open from mesh_netdev_ops*/
1623 ldv_retval_6=(& lbs_mesh_dev_open)(mesh_netdev_ops_group1);
1624 if(ldv_retval_6==0){
1625 ldv_state_variable_4 = 3;
1626 }
1627 }
1628 }
1629 break;
1630 case 3:{
1631 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
1632 if(ldv_state_variable_4 == 3){
1633 /*DEG-CALL: handler ndo_start_xmit from mesh_netdev_ops*/
1634 (& lbs_hard_start_xmit)(ldvarg81,mesh_netdev_ops_group1);
1635 /*DEG-postcall: default*/
1636 ldv_state_variable_4 = 3;
1637 }
1638 }
1639 break;
1640 case 4:{
1641 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1642 if(ldv_state_variable_4 == 1){
1643 /*DEG-CALL: handler ndo_set_mac_address from mesh_netdev_ops*/
1644 (& lbs_set_mac_address)(mesh_netdev_ops_group1,ldvarg80);
1645 /*DEG-postcall: default*/
1646 ldv_state_variable_4 = 1;
1647 }
1648 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/
1649 if(ldv_state_variable_4 == 3){
1650 /*DEG-CALL: handler ndo_set_mac_address from mesh_netdev_ops*/
1651 (& lbs_set_mac_address)(mesh_netdev_ops_group1,ldvarg80);
1652 /*DEG-postcall: default*/
1653 ldv_state_variable_4 = 3;
1654 }
1655 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
1656 if(ldv_state_variable_4 == 2){
1657 /*DEG-CALL: handler ndo_set_mac_address from mesh_netdev_ops*/
1658 (& lbs_set_mac_address)(mesh_netdev_ops_group1,ldvarg80);
1659 /*DEG-postcall: default*/
1660 ldv_state_variable_4 = 2;
1661 }
1662 }
1663 break;
1664 case 5:{
1665 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1666 if(ldv_state_variable_4 == 1){
1667 /*DEG-CALL: handler ndo_init from mesh_netdev_ops*/
1668 ldv_retval_5=ldv_ndo_init_4();
1669 if(ldv_retval_5==0){
1670 ldv_state_variable_4 = 2;
1671 ref_cnt++;
1672 }
1673 }
1674 }
1675 break;
1676 case 6:{
1677 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/
1678 if(ldv_state_variable_4 == 2 && evil_hack_4()){
1679 /*DEG-CALL: handler ndo_uninit from mesh_netdev_ops*/
1680 ldv_ndo_uninit_4();
1681 ldv_state_variable_4 = 1;
1682 ref_cnt--;
1683 rtnl_unlock();
1684 }
1685 }
1686 break;
1687 default: ldv_assume(0);
1688 }
1689
1690 };
1691
1692
1693 void ldv_main_exported_13(void){
1694 struct device *ldvarg47;
1695 struct device *ldvarg50;
1696 size_t ldvarg49;
1697 char const *ldvarg51;
1698 char *ldvarg48;
1699 /*DEG-struct: handlers from structure dev_attr_anycast_mask*/
1700 switch(__VERIFIER_nondet_int()){
1701 case 0:{
1702 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1703 if(ldv_state_variable_13 == 1){
1704 /*DEG-CALL: handler store from dev_attr_anycast_mask*/
1705 (& lbs_anycast_set)(ldvarg50,dev_attr_anycast_mask_group1,ldvarg51,ldvarg49);
1706 ldv_state_variable_13 = 1;
1707 }
1708 }
1709 break;
1710 case 1:{
1711 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1712 if(ldv_state_variable_13 == 1){
1713 /*DEG-CALL: handler show from dev_attr_anycast_mask*/
1714 (& lbs_anycast_get)(ldvarg47,dev_attr_anycast_mask_group1,ldvarg48);
1715 ldv_state_variable_13 = 1;
1716 }
1717 }
1718 break;
1719 default: ldv_assume(0);
1720 }
1721
1722 };
1723
1724
1725 void ldv_main_exported_10(void){
1726 char *ldvarg83;
1727 char const *ldvarg86;
1728 struct device *ldvarg82;
1729 size_t ldvarg84;
1730 struct device *ldvarg85;
1731 /*DEG-struct: handlers from structure dev_attr_boottime*/
1732 switch(__VERIFIER_nondet_int()){
1733 case 0:{
1734 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1735 if(ldv_state_variable_10 == 1){
1736 /*DEG-CALL: handler store from dev_attr_boottime*/
1737 (& boottime_set)(ldvarg85,dev_attr_boottime_group1,ldvarg86,ldvarg84);
1738 ldv_state_variable_10 = 1;
1739 }
1740 }
1741 break;
1742 case 1:{
1743 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1744 if(ldv_state_variable_10 == 1){
1745 /*DEG-CALL: handler show from dev_attr_boottime*/
1746 (& boottime_get)(ldvarg82,dev_attr_boottime_group1,ldvarg83);
1747 ldv_state_variable_10 = 1;
1748 }
1749 }
1750 break;
1751 default: ldv_assume(0);
1752 }
1753
1754 };
1755
1756
1757 void ldv_main_exported_5(void){
1758 struct device *ldvarg87;
1759 struct device *ldvarg90;
1760 size_t ldvarg89;
1761 char *ldvarg88;
1762 char const *ldvarg91;
1763 /*DEG-struct: handlers from structure dev_attr_capability*/
1764 switch(__VERIFIER_nondet_int()){
1765 case 0:{
1766 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1767 if(ldv_state_variable_5 == 1){
1768 /*DEG-CALL: handler store from dev_attr_capability*/
1769 (& capability_set)(ldvarg90,dev_attr_capability_group1,ldvarg91,ldvarg89);
1770 ldv_state_variable_5 = 1;
1771 }
1772 }
1773 break;
1774 case 1:{
1775 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/
1776 if(ldv_state_variable_5 == 1){
1777 /*DEG-CALL: handler show from dev_attr_capability*/
1778 (& capability_get)(ldvarg87,dev_attr_capability_group1,ldvarg88);
1779 ldv_state_variable_5 = 1;
1780 }
1781 }
1782 break;
1783 default: ldv_assume(0);
1784 }
1785
1786 }; 1 /*
2 * This file contains the handling of TX in wlan driver.
3 */
4 #include <linux/hardirq.h>
5 #include <linux/netdevice.h>
6 #include <linux/etherdevice.h>
7 #include <linux/sched.h>
8 #include <linux/export.h>
9 #include <net/cfg80211.h>
10
11 #include "host.h"
12 #include "radiotap.h"
13 #include "decl.h"
14 #include "defs.h"
15 #include "dev.h"
16 #include "mesh.h"
17
18 /**
19 * convert_radiotap_rate_to_mv - converts Tx/Rx rates from IEEE80211_RADIOTAP_RATE
20 * units (500 Kb/s) into Marvell WLAN format (see Table 8 in Section 3.2.1)
21 *
22 * @rate: Input rate
23 * returns: Output Rate (0 if invalid)
24 */
25 static u32 convert_radiotap_rate_to_mv(u8 rate)
26 {
27 switch (rate) {
28 case 2: /* 1 Mbps */
29 return 0 | (1 << 4);
30 case 4: /* 2 Mbps */
31 return 1 | (1 << 4);
32 case 11: /* 5.5 Mbps */
33 return 2 | (1 << 4);
34 case 22: /* 11 Mbps */
35 return 3 | (1 << 4);
36 case 12: /* 6 Mbps */
37 return 4 | (1 << 4);
38 case 18: /* 9 Mbps */
39 return 5 | (1 << 4);
40 case 24: /* 12 Mbps */
41 return 6 | (1 << 4);
42 case 36: /* 18 Mbps */
43 return 7 | (1 << 4);
44 case 48: /* 24 Mbps */
45 return 8 | (1 << 4);
46 case 72: /* 36 Mbps */
47 return 9 | (1 << 4);
48 case 96: /* 48 Mbps */
49 return 10 | (1 << 4);
50 case 108: /* 54 Mbps */
51 return 11 | (1 << 4);
52 }
53 return 0;
54 }
55
56 /**
57 * lbs_hard_start_xmit - checks the conditions and sends packet to IF
58 * layer if everything is ok
59 *
60 * @skb: A pointer to skb which includes TX packet
61 * @dev: A pointer to the &struct net_device
62 * returns: 0 or -1
63 */
64 netdev_tx_t lbs_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
65 {
66 unsigned long flags;
67 struct lbs_private *priv = dev->ml_priv;
68 struct txpd *txpd;
69 char *p802x_hdr;
70 uint16_t pkt_len;
71 netdev_tx_t ret = NETDEV_TX_OK;
72
73 lbs_deb_enter(LBS_DEB_TX);
74
75 /* We need to protect against the queues being restarted before
76 we get round to stopping them */
77 spin_lock_irqsave(&priv->driver_lock, flags);
78
79 if (priv->surpriseremoved)
80 goto free;
81
82 if (!skb->len || (skb->len > MRVDRV_ETH_TX_PACKET_BUFFER_SIZE)) {
83 lbs_deb_tx("tx err: skb length %d 0 or > %zd\n",
84 skb->len, MRVDRV_ETH_TX_PACKET_BUFFER_SIZE);
85 /* We'll never manage to send this one; drop it and return 'OK' */
86
87 dev->stats.tx_dropped++;
88 dev->stats.tx_errors++;
89 goto free;
90 }
91
92
93 netif_stop_queue(priv->dev);
94 if (priv->mesh_dev)
95 netif_stop_queue(priv->mesh_dev);
96
97 if (priv->tx_pending_len) {
98 /* This can happen if packets come in on the mesh and eth
99 device simultaneously -- there's no mutual exclusion on
100 hard_start_xmit() calls between devices. */
101 lbs_deb_tx("Packet on %s while busy\n", dev->name);
102 ret = NETDEV_TX_BUSY;
103 goto unlock;
104 }
105
106 priv->tx_pending_len = -1;
107 spin_unlock_irqrestore(&priv->driver_lock, flags);
108
109 lbs_deb_hex(LBS_DEB_TX, "TX Data", skb->data, min_t(unsigned int, skb->len, 100));
110
111 txpd = (void *)priv->tx_pending_buf;
112 memset(txpd, 0, sizeof(struct txpd));
113
114 p802x_hdr = skb->data;
115 pkt_len = skb->len;
116
117 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) {
118 struct tx_radiotap_hdr *rtap_hdr = (void *)skb->data;
119
120 /* set txpd fields from the radiotap header */
121 txpd->tx_control = cpu_to_le32(convert_radiotap_rate_to_mv(rtap_hdr->rate));
122
123 /* skip the radiotap header */
124 p802x_hdr += sizeof(*rtap_hdr);
125 pkt_len -= sizeof(*rtap_hdr);
126
127 /* copy destination address from 802.11 header */
128 memcpy(txpd->tx_dest_addr_high, p802x_hdr + 4, ETH_ALEN);
129 } else {
130 /* copy destination address from 802.3 header */
131 memcpy(txpd->tx_dest_addr_high, p802x_hdr, ETH_ALEN);
132 }
133
134 txpd->tx_packet_length = cpu_to_le16(pkt_len);
135 txpd->tx_packet_location = cpu_to_le32(sizeof(struct txpd));
136
137 lbs_mesh_set_txpd(priv, dev, txpd);
138
139 lbs_deb_hex(LBS_DEB_TX, "txpd", (u8 *) &txpd, sizeof(struct txpd));
140
141 lbs_deb_hex(LBS_DEB_TX, "Tx Data", (u8 *) p802x_hdr, le16_to_cpu(txpd->tx_packet_length));
142
143 memcpy(&txpd[1], p802x_hdr, le16_to_cpu(txpd->tx_packet_length));
144
145 spin_lock_irqsave(&priv->driver_lock, flags);
146 priv->tx_pending_len = pkt_len + sizeof(struct txpd);
147
148 lbs_deb_tx("%s lined up packet\n", __func__);
149
150 dev->stats.tx_packets++;
151 dev->stats.tx_bytes += skb->len;
152
153 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) {
154 /* Keep the skb to echo it back once Tx feedback is
155 received from FW */
156 skb_orphan(skb);
157
158 /* Keep the skb around for when we get feedback */
159 priv->currenttxskb = skb;
160 } else {
161 free:
162 dev_kfree_skb_any(skb);
163 }
164
165 unlock:
166 spin_unlock_irqrestore(&priv->driver_lock, flags);
167 wake_up(&priv->waitq);
168
169 lbs_deb_leave_args(LBS_DEB_TX, "ret %d", ret);
170 return ret;
171 }
172
173 /**
174 * lbs_send_tx_feedback - sends to the host the last transmitted packet,
175 * filling the radiotap headers with transmission information.
176 *
177 * @priv: A pointer to &struct lbs_private structure
178 * @try_count: A 32-bit value containing transmission retry status.
179 *
180 * returns: void
181 */
182 void lbs_send_tx_feedback(struct lbs_private *priv, u32 try_count)
183 {
184 struct tx_radiotap_hdr *radiotap_hdr;
185
186 if (priv->wdev->iftype != NL80211_IFTYPE_MONITOR ||
187 priv->currenttxskb == NULL)
188 return;
189
190 radiotap_hdr = (struct tx_radiotap_hdr *)priv->currenttxskb->data;
191
192 radiotap_hdr->data_retries = try_count ?
193 (1 + priv->txretrycount - try_count) : 0;
194
195 priv->currenttxskb->protocol = eth_type_trans(priv->currenttxskb,
196 priv->dev);
197 netif_rx(priv->currenttxskb);
198
199 priv->currenttxskb = NULL;
200
201 if (priv->connect_status == LBS_CONNECTED)
202 netif_wake_queue(priv->dev);
203
204 if (priv->mesh_dev && netif_running(priv->mesh_dev))
205 netif_wake_queue(priv->mesh_dev);
206 }
207 EXPORT_SYMBOL_GPL(lbs_send_tx_feedback); 1
2 #include <linux/kernel.h>
3 #include <linux/mutex.h>
4 #include <linux/spinlock.h>
5 #include <linux/errno.h>
6 #include <verifier/rcv.h>
7 #include <linux/list.h>
8
9 /* mutexes */
10 extern int mutex_lock_interruptible(struct mutex *lock);
11 extern int mutex_lock_killable(struct mutex *lock);
12 extern void mutex_lock(struct mutex *lock);
13
14 /* mutex model functions */
15 extern void ldv_mutex_lock(struct mutex *lock, char *sign);
16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign);
17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign);
18
19
20 /* Spin locks */
21 extern void __ldv_spin_lock(spinlock_t *lock);
22 extern void __ldv_spin_unlock(spinlock_t *lock);
23 extern int __ldv_spin_trylock(spinlock_t *lock);
24 extern void __ldv_spin_unlock_wait(spinlock_t *lock);
25 extern void __ldv_spin_can_lock(spinlock_t *lock);
26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock);
27
28 /* spin model functions */
29 extern void ldv_spin_lock(spinlock_t *lock, char *sign);
30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign);
31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign);
32
33 /* Support for list binder functions */
34 static inline struct list_head *ldv_list_get_first(struct list_head *head) {
35 return head->next;
36 }
37
38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) {
39 return pos==head;
40 }
41
42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) {
43 return pos->next;
44 }
45
46 #include <linux/mutex.h>
47 #include <linux/slab.h>
48 #include <verifier/rcv.h>
49 #include <linux/timer.h>
50 #include <linux/rtnetlink.h>
51 #include <linux/gfp.h>
52 extern int ldv_state_variable_8;
53 extern int ldv_state_variable_15;
54 extern int ldv_timer_1_3;
55 extern struct timer_list * ldv_timer_list_2_0;
56 extern int ldv_timer_2_1;
57 extern int ldv_state_variable_0;
58 extern int ldv_state_variable_5;
59 extern int ldv_state_variable_13;
60 extern int ldv_state_variable_12;
61 extern struct device_attribute *dev_attr_protocol_id_group1;
62 extern struct timer_list * ldv_timer_list_3_1;
63 extern int ldv_state_variable_14;
64 extern struct device_attribute *dev_attr_capability_group1;
65 extern struct timer_list * ldv_timer_list_3_2;
66 extern int ldv_timer_2_2;
67 extern struct net_device *lbs_ethtool_ops_group0;
68 extern int ldv_timer_3_3;
69 extern int ldv_timer_2_3;
70 extern struct device_attribute *dev_attr_lbs_mesh_group1;
71 extern int ldv_timer_1_0;
72 extern int ldv_state_variable_17;
73 extern struct timer_list * ldv_timer_list_3_3;
74 extern int ldv_state_variable_9;
75 extern int ldv_timer_3_1;
76 extern int ref_cnt;
77 extern int ldv_state_variable_1;
78 extern int ldv_state_variable_7;
79 extern struct device_attribute *dev_attr_metric_id_group1;
80 extern struct net_device *lbs_netdev_ops_group1;
81 extern struct timer_list * ldv_timer_list_1_3;
82 extern struct net_device *lbs_cfg80211_ops_group0;
83 extern int ldv_state_variable_10;
84 extern struct timer_list * ldv_timer_list_1_1;
85 extern struct file *lbs_debug_fops_group2;
86 extern struct timer_list * ldv_timer_list_2_1;
87 extern struct wiphy *lbs_cfg80211_ops_group1;
88 extern struct timer_list * ldv_timer_list_1_0;
89 extern int ldv_state_variable_6;
90 extern int ldv_timer_1_2;
91 extern int ldv_state_variable_16;
92 extern struct device_attribute *dev_attr_channel_group1;
93 extern int ldv_timer_2_0;
94 extern int ldv_timer_1_1;
95 extern int ldv_state_variable_2;
96 extern struct timer_list * ldv_timer_list_1_2;
97 extern struct device_attribute *dev_attr_anycast_mask_group1;
98 extern int ldv_state_variable_11;
99 extern struct device_attribute *dev_attr_bootflag_group1;
100 extern int LDV_IN_INTERRUPT = 1;
101 extern int ldv_state_variable_18;
102 extern struct net_device *mesh_netdev_ops_group1;
103 extern struct device_attribute *dev_attr_prb_rsp_limit_group1;
104 extern struct inode *lbs_debug_fops_group1;
105 extern int ldv_timer_3_2;
106 extern struct mutex fs_mutex;
107 extern int ldv_state_variable_3;
108 extern struct mutex ar_mutex;
109 extern struct timer_list * ldv_timer_list_2_3;
110 extern struct device_attribute *dev_attr_boottime_group1;
111 extern int ldv_timer_3_0;
112 extern struct timer_list * ldv_timer_list_3_0;
113 extern struct device_attribute *dev_attr_mesh_id_group1;
114 extern struct timer_list * ldv_timer_list_2_2;
115 extern int ldv_state_variable_4;
116 extern struct ethtool_wolinfo *lbs_ethtool_ops_group1;
117 extern void ldv_initialyze_cfg80211_ops_18(void);
118 extern int evil_hack_15(void);
119 extern void choose_timer_2(void);
120 extern int reg_timer_2(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
121 extern void activate_pending_timer_2(struct timer_list * timer, unsigned long data, int pending_flag);
122 extern void choose_timer_3(void);
123 extern void timer_init_3(void);
124 extern void ldv_net_device_ops_4(void);
125 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag);
126 extern void timer_init_2(void);
127 extern void timer_init_1(void);
128 extern void ldv_net_device_ops_15(void);
129 extern void disable_suitable_timer_3(struct timer_list * timer);
130 extern void activate_suitable_timer_3(struct timer_list * timer, unsigned long data);
131 extern int evil_hack_4(void);
132 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
133 extern void disable_suitable_timer_2(struct timer_list * timer);
134 extern void disable_suitable_timer_1(struct timer_list * timer);
135 extern int evil_hack_fs_lock(void);
136 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data);
137 extern void activate_pending_timer_3(struct timer_list * timer, unsigned long data, int pending_flag);
138 extern int __VERIFIER_nondet_int(void);
139 extern int reg_timer_3(struct timer_list * timer, void (*function)(unsigned long), unsigned long data);
140 extern void ldv_file_operations_17(void);
141 extern void ldv_initialyze_ethtool_ops_16(void);
142 extern void choose_timer_1(void);
143 extern void ldv_timer_1(int state, struct timer_list * timer);
144 extern int evil_hack_ar_lock(void);
145 extern void activate_suitable_timer_2(struct timer_list * timer, unsigned long data);
146 extern void ldv_timer_2(int state, struct timer_list * timer);
147 extern void ldv_timer_3(int state, struct timer_list * timer);
148 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/tx.c"
149 /*
150 * This file contains the handling of TX in wlan driver.
151 */
152 #include <linux/hardirq.h>
153 #include <linux/netdevice.h>
154 #include <linux/etherdevice.h>
155 #include <linux/sched.h>
156 #include <linux/export.h>
157 #include <net/cfg80211.h>
158
159 #include "host.h"
160 #include "radiotap.h"
161 #include "decl.h"
162 #include "defs.h"
163 #include "dev.h"
164 #include "mesh.h"
165
166 /**
167 * convert_radiotap_rate_to_mv - converts Tx/Rx rates from IEEE80211_RADIOTAP_RATE
168 * units (500 Kb/s) into Marvell WLAN format (see Table 8 in Section 3.2.1)
169 *
170 * @rate: Input rate
171 * returns: Output Rate (0 if invalid)
172 */
173 static u32 convert_radiotap_rate_to_mv(u8 rate)
174 {
175 switch (rate) {
176 case 2: /* 1 Mbps */
177 return 0 | (1 << 4);
178 case 4: /* 2 Mbps */
179 return 1 | (1 << 4);
180 case 11: /* 5.5 Mbps */
181 return 2 | (1 << 4);
182 case 22: /* 11 Mbps */
183 return 3 | (1 << 4);
184 case 12: /* 6 Mbps */
185 return 4 | (1 << 4);
186 case 18: /* 9 Mbps */
187 return 5 | (1 << 4);
188 case 24: /* 12 Mbps */
189 return 6 | (1 << 4);
190 case 36: /* 18 Mbps */
191 return 7 | (1 << 4);
192 case 48: /* 24 Mbps */
193 return 8 | (1 << 4);
194 case 72: /* 36 Mbps */
195 return 9 | (1 << 4);
196 case 96: /* 48 Mbps */
197 return 10 | (1 << 4);
198 case 108: /* 54 Mbps */
199 return 11 | (1 << 4);
200 }
201 return 0;
202 }
203
204 /**
205 * lbs_hard_start_xmit - checks the conditions and sends packet to IF
206 * layer if everything is ok
207 *
208 * @skb: A pointer to skb which includes TX packet
209 * @dev: A pointer to the &struct net_device
210 * returns: 0 or -1
211 */
212 netdev_tx_t lbs_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
213 {
214 unsigned long flags;
215 struct lbs_private *priv = dev->ml_priv;
216 struct txpd *txpd;
217 char *p802x_hdr;
218 uint16_t pkt_len;
219 netdev_tx_t ret = NETDEV_TX_OK;
220
221 lbs_deb_enter(LBS_DEB_TX);
222
223 /* We need to protect against the queues being restarted before
224 we get round to stopping them */
225 spin_lock_irqsave(&priv->driver_lock, flags);
226
227 if (priv->surpriseremoved)
228 goto free;
229
230 if (!skb->len || (skb->len > MRVDRV_ETH_TX_PACKET_BUFFER_SIZE)) {
231 lbs_deb_tx("tx err: skb length %d 0 or > %zd\n",
232 skb->len, MRVDRV_ETH_TX_PACKET_BUFFER_SIZE);
233 /* We'll never manage to send this one; drop it and return 'OK' */
234
235 dev->stats.tx_dropped++;
236 dev->stats.tx_errors++;
237 goto free;
238 }
239
240
241 netif_stop_queue(priv->dev);
242 if (priv->mesh_dev)
243 netif_stop_queue(priv->mesh_dev);
244
245 if (priv->tx_pending_len) {
246 /* This can happen if packets come in on the mesh and eth
247 device simultaneously -- there's no mutual exclusion on
248 hard_start_xmit() calls between devices. */
249 lbs_deb_tx("Packet on %s while busy\n", dev->name);
250 ret = NETDEV_TX_BUSY;
251 goto unlock;
252 }
253
254 priv->tx_pending_len = -1;
255 spin_unlock_irqrestore(&priv->driver_lock, flags);
256
257 lbs_deb_hex(LBS_DEB_TX, "TX Data", skb->data, min_t(unsigned int, skb->len, 100));
258
259 txpd = (void *)priv->tx_pending_buf;
260 memset(txpd, 0, sizeof(struct txpd));
261
262 p802x_hdr = skb->data;
263 pkt_len = skb->len;
264
265 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) {
266 struct tx_radiotap_hdr *rtap_hdr = (void *)skb->data;
267
268 /* set txpd fields from the radiotap header */
269 txpd->tx_control = cpu_to_le32(convert_radiotap_rate_to_mv(rtap_hdr->rate));
270
271 /* skip the radiotap header */
272 p802x_hdr += sizeof(*rtap_hdr);
273 pkt_len -= sizeof(*rtap_hdr);
274
275 /* copy destination address from 802.11 header */
276 memcpy(txpd->tx_dest_addr_high, p802x_hdr + 4, ETH_ALEN);
277 } else {
278 /* copy destination address from 802.3 header */
279 memcpy(txpd->tx_dest_addr_high, p802x_hdr, ETH_ALEN);
280 }
281
282 txpd->tx_packet_length = cpu_to_le16(pkt_len);
283 txpd->tx_packet_location = cpu_to_le32(sizeof(struct txpd));
284
285 lbs_mesh_set_txpd(priv, dev, txpd);
286
287 lbs_deb_hex(LBS_DEB_TX, "txpd", (u8 *) &txpd, sizeof(struct txpd));
288
289 lbs_deb_hex(LBS_DEB_TX, "Tx Data", (u8 *) p802x_hdr, le16_to_cpu(txpd->tx_packet_length));
290
291 memcpy(&txpd[1], p802x_hdr, le16_to_cpu(txpd->tx_packet_length));
292
293 spin_lock_irqsave(&priv->driver_lock, flags);
294 priv->tx_pending_len = pkt_len + sizeof(struct txpd);
295
296 lbs_deb_tx("%s lined up packet\n", __func__);
297
298 dev->stats.tx_packets++;
299 dev->stats.tx_bytes += skb->len;
300
301 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR) {
302 /* Keep the skb to echo it back once Tx feedback is
303 received from FW */
304 skb_orphan(skb);
305
306 /* Keep the skb around for when we get feedback */
307 priv->currenttxskb = skb;
308 } else {
309 free:
310 dev_kfree_skb_any(skb);
311 }
312
313 unlock:
314 spin_unlock_irqrestore(&priv->driver_lock, flags);
315 wake_up(&priv->waitq);
316
317 lbs_deb_leave_args(LBS_DEB_TX, "ret %d", ret);
318 return ret;
319 }
320
321 /**
322 * lbs_send_tx_feedback - sends to the host the last transmitted packet,
323 * filling the radiotap headers with transmission information.
324 *
325 * @priv: A pointer to &struct lbs_private structure
326 * @try_count: A 32-bit value containing transmission retry status.
327 *
328 * returns: void
329 */
330 void lbs_send_tx_feedback(struct lbs_private *priv, u32 try_count)
331 {
332 struct tx_radiotap_hdr *radiotap_hdr;
333
334 if (priv->wdev->iftype != NL80211_IFTYPE_MONITOR ||
335 priv->currenttxskb == NULL)
336 return;
337
338 radiotap_hdr = (struct tx_radiotap_hdr *)priv->currenttxskb->data;
339
340 radiotap_hdr->data_retries = try_count ?
341 (1 + priv->txretrycount - try_count) : 0;
342
343 priv->currenttxskb->protocol = eth_type_trans(priv->currenttxskb,
344 priv->dev);
345 netif_rx(priv->currenttxskb);
346
347 priv->currenttxskb = NULL;
348
349 if (priv->connect_status == LBS_CONNECTED)
350 netif_wake_queue(priv->dev);
351
352 if (priv->mesh_dev && netif_running(priv->mesh_dev))
353 netif_wake_queue(priv->mesh_dev);
354 }
355 EXPORT_SYMBOL_GPL(lbs_send_tx_feedback);
356
357 #line 148 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/820/dscv_tempdir/dscv/ri/races/drivers/net/wireless/marvell/libertas/tx.o.c.prepared" 1 /*
2 * This header file contains global constant/enum definitions,
3 * global variable declaration.
4 */
5 #ifndef _LBS_DEFS_H_
6 #define _LBS_DEFS_H_
7
8 #include <linux/spinlock.h>
9
10 #ifdef CONFIG_LIBERTAS_DEBUG
11 #define DEBUG
12 #define PROC_DEBUG
13 #endif
14
15 #ifndef DRV_NAME
16 #define DRV_NAME "libertas"
17 #endif
18
19
20 #define LBS_DEB_ENTER 0x00000001
21 #define LBS_DEB_LEAVE 0x00000002
22 #define LBS_DEB_MAIN 0x00000004
23 #define LBS_DEB_NET 0x00000008
24 #define LBS_DEB_MESH 0x00000010
25 #define LBS_DEB_WEXT 0x00000020
26 #define LBS_DEB_IOCTL 0x00000040
27 #define LBS_DEB_SCAN 0x00000080
28 #define LBS_DEB_ASSOC 0x00000100
29 #define LBS_DEB_JOIN 0x00000200
30 #define LBS_DEB_11D 0x00000400
31 #define LBS_DEB_DEBUGFS 0x00000800
32 #define LBS_DEB_ETHTOOL 0x00001000
33 #define LBS_DEB_HOST 0x00002000
34 #define LBS_DEB_CMD 0x00004000
35 #define LBS_DEB_RX 0x00008000
36 #define LBS_DEB_TX 0x00010000
37 #define LBS_DEB_USB 0x00020000
38 #define LBS_DEB_CS 0x00040000
39 #define LBS_DEB_FW 0x00080000
40 #define LBS_DEB_THREAD 0x00100000
41 #define LBS_DEB_HEX 0x00200000
42 #define LBS_DEB_SDIO 0x00400000
43 #define LBS_DEB_SYSFS 0x00800000
44 #define LBS_DEB_SPI 0x01000000
45 #define LBS_DEB_CFG80211 0x02000000
46
47 extern unsigned int lbs_debug;
48
49 #ifdef DEBUG
50 #define LBS_DEB_LL(grp, grpnam, fmt, args...) \
51 do { if ((lbs_debug & (grp)) == (grp)) \
52 printk(KERN_DEBUG DRV_NAME grpnam "%s: " fmt, \
53 in_interrupt() ? " (INT)" : "", ## args); } while (0)
54 #else
55 #define LBS_DEB_LL(grp, grpnam, fmt, args...) do {} while (0)
56 #endif
57
58 #define lbs_deb_enter(grp) \
59 LBS_DEB_LL(grp | LBS_DEB_ENTER, " enter", "%s()\n", __func__);
60 #define lbs_deb_enter_args(grp, fmt, args...) \
61 LBS_DEB_LL(grp | LBS_DEB_ENTER, " enter", "%s(" fmt ")\n", __func__, ## args);
62 #define lbs_deb_leave(grp) \
63 LBS_DEB_LL(grp | LBS_DEB_LEAVE, " leave", "%s()\n", __func__);
64 #define lbs_deb_leave_args(grp, fmt, args...) \
65 LBS_DEB_LL(grp | LBS_DEB_LEAVE, " leave", "%s(), " fmt "\n", \
66 __func__, ##args);
67 #define lbs_deb_main(fmt, args...) LBS_DEB_LL(LBS_DEB_MAIN, " main", fmt, ##args)
68 #define lbs_deb_net(fmt, args...) LBS_DEB_LL(LBS_DEB_NET, " net", fmt, ##args)
69 #define lbs_deb_mesh(fmt, args...) LBS_DEB_LL(LBS_DEB_MESH, " mesh", fmt, ##args)
70 #define lbs_deb_wext(fmt, args...) LBS_DEB_LL(LBS_DEB_WEXT, " wext", fmt, ##args)
71 #define lbs_deb_ioctl(fmt, args...) LBS_DEB_LL(LBS_DEB_IOCTL, " ioctl", fmt, ##args)
72 #define lbs_deb_scan(fmt, args...) LBS_DEB_LL(LBS_DEB_SCAN, " scan", fmt, ##args)
73 #define lbs_deb_assoc(fmt, args...) LBS_DEB_LL(LBS_DEB_ASSOC, " assoc", fmt, ##args)
74 #define lbs_deb_join(fmt, args...) LBS_DEB_LL(LBS_DEB_JOIN, " join", fmt, ##args)
75 #define lbs_deb_11d(fmt, args...) LBS_DEB_LL(LBS_DEB_11D, " 11d", fmt, ##args)
76 #define lbs_deb_debugfs(fmt, args...) LBS_DEB_LL(LBS_DEB_DEBUGFS, " debugfs", fmt, ##args)
77 #define lbs_deb_ethtool(fmt, args...) LBS_DEB_LL(LBS_DEB_ETHTOOL, " ethtool", fmt, ##args)
78 #define lbs_deb_host(fmt, args...) LBS_DEB_LL(LBS_DEB_HOST, " host", fmt, ##args)
79 #define lbs_deb_cmd(fmt, args...) LBS_DEB_LL(LBS_DEB_CMD, " cmd", fmt, ##args)
80 #define lbs_deb_rx(fmt, args...) LBS_DEB_LL(LBS_DEB_RX, " rx", fmt, ##args)
81 #define lbs_deb_tx(fmt, args...) LBS_DEB_LL(LBS_DEB_TX, " tx", fmt, ##args)
82 #define lbs_deb_fw(fmt, args...) LBS_DEB_LL(LBS_DEB_FW, " fw", fmt, ##args)
83 #define lbs_deb_usb(fmt, args...) LBS_DEB_LL(LBS_DEB_USB, " usb", fmt, ##args)
84 #define lbs_deb_usbd(dev, fmt, args...) LBS_DEB_LL(LBS_DEB_USB, " usbd", "%s:" fmt, dev_name(dev), ##args)
85 #define lbs_deb_cs(fmt, args...) LBS_DEB_LL(LBS_DEB_CS, " cs", fmt, ##args)
86 #define lbs_deb_thread(fmt, args...) LBS_DEB_LL(LBS_DEB_THREAD, " thread", fmt, ##args)
87 #define lbs_deb_sdio(fmt, args...) LBS_DEB_LL(LBS_DEB_SDIO, " sdio", fmt, ##args)
88 #define lbs_deb_sysfs(fmt, args...) LBS_DEB_LL(LBS_DEB_SYSFS, " sysfs", fmt, ##args)
89 #define lbs_deb_spi(fmt, args...) LBS_DEB_LL(LBS_DEB_SPI, " spi", fmt, ##args)
90 #define lbs_deb_cfg80211(fmt, args...) LBS_DEB_LL(LBS_DEB_CFG80211, " cfg80211", fmt, ##args)
91
92 #ifdef DEBUG
93 static inline void lbs_deb_hex(unsigned int grp, const char *prompt,
94 const u8 *buf, int len)
95 {
96 int i = 0;
97
98 if (len &&
99 (lbs_debug & LBS_DEB_HEX) &&
100 (lbs_debug & grp))
101 {
102 for (i = 1; i <= len; i++) {
103 if ((i & 0xf) == 1) {
104 if (i != 1)
105 printk("\n");
106 printk(DRV_NAME " %s: ", prompt);
107 }
108 printk("%02x ", (u8) * buf);
109 buf++;
110 }
111 printk("\n");
112 }
113 }
114 #else
115 #define lbs_deb_hex(grp,prompt,buf,len) do {} while (0)
116 #endif
117
118
119
120 /* Buffer Constants */
121
122 /* The size of SQ memory PPA, DPA are 8 DWORDs, that keep the physical
123 * addresses of TxPD buffers. Station has only 8 TxPD available, Whereas
124 * driver has more local TxPDs. Each TxPD on the host memory is associated
125 * with a Tx control node. The driver maintains 8 RxPD descriptors for
126 * station firmware to store Rx packet information.
127 *
128 * Current version of MAC has a 32x6 multicast address buffer.
129 *
130 * 802.11b can have up to 14 channels, the driver keeps the
131 * BSSID(MAC address) of each APs or Ad hoc stations it has sensed.
132 */
133
134 #define MRVDRV_MAX_MULTICAST_LIST_SIZE 32
135 #define LBS_NUM_CMD_BUFFERS 10
136 #define LBS_CMD_BUFFER_SIZE (2 * 1024)
137 #define MRVDRV_MAX_CHANNEL_SIZE 14
138 #define MRVDRV_ASSOCIATION_TIME_OUT 255
139 #define MRVDRV_SNAP_HEADER_LEN 8
140
141 #define LBS_UPLD_SIZE 2312
142 #define DEV_NAME_LEN 32
143
144 /* Wake criteria for HOST_SLEEP_CFG command */
145 #define EHS_WAKE_ON_BROADCAST_DATA 0x0001
146 #define EHS_WAKE_ON_UNICAST_DATA 0x0002
147 #define EHS_WAKE_ON_MAC_EVENT 0x0004
148 #define EHS_WAKE_ON_MULTICAST_DATA 0x0008
149 #define EHS_REMOVE_WAKEUP 0xFFFFFFFF
150 /* Wake rules for Host_Sleep_CFG command */
151 #define WOL_RULE_NET_TYPE_INFRA_OR_IBSS 0x00
152 #define WOL_RULE_NET_TYPE_MESH 0x10
153 #define WOL_RULE_ADDR_TYPE_BCAST 0x01
154 #define WOL_RULE_ADDR_TYPE_MCAST 0x08
155 #define WOL_RULE_ADDR_TYPE_UCAST 0x02
156 #define WOL_RULE_OP_AND 0x01
157 #define WOL_RULE_OP_OR 0x02
158 #define WOL_RULE_OP_INVALID 0xFF
159 #define WOL_RESULT_VALID_CMD 0
160 #define WOL_RESULT_NOSPC_ERR 1
161 #define WOL_RESULT_EEXIST_ERR 2
162
163 /* Misc constants */
164 /* This section defines 802.11 specific contants */
165
166 #define MRVDRV_MAX_BSS_DESCRIPTS 16
167 #define MRVDRV_MAX_REGION_CODE 6
168
169 #define MRVDRV_DEFAULT_LISTEN_INTERVAL 10
170
171 #define MRVDRV_CHANNELS_PER_SCAN 4
172 #define MRVDRV_MAX_CHANNELS_PER_SCAN 14
173
174 #define MRVDRV_MIN_BEACON_INTERVAL 20
175 #define MRVDRV_MAX_BEACON_INTERVAL 1000
176 #define MRVDRV_BEACON_INTERVAL 100
177
178 #define MARVELL_MESH_IE_LENGTH 9
179
180 /*
181 * Values used to populate the struct mrvl_mesh_ie. The only time you need this
182 * is when enabling the mesh using CMD_MESH_CONFIG.
183 */
184 #define MARVELL_MESH_IE_TYPE 4
185 #define MARVELL_MESH_IE_SUBTYPE 0
186 #define MARVELL_MESH_IE_VERSION 0
187 #define MARVELL_MESH_PROTO_ID_HWMP 0
188 #define MARVELL_MESH_METRIC_ID 0
189 #define MARVELL_MESH_CAPABILITY 0
190
191 /* INT status Bit Definition */
192 #define MRVDRV_TX_DNLD_RDY 0x0001
193 #define MRVDRV_RX_UPLD_RDY 0x0002
194 #define MRVDRV_CMD_DNLD_RDY 0x0004
195 #define MRVDRV_CMD_UPLD_RDY 0x0008
196 #define MRVDRV_CARDEVENT 0x0010
197
198 /* Automatic TX control default levels */
199 #define POW_ADAPT_DEFAULT_P0 13
200 #define POW_ADAPT_DEFAULT_P1 15
201 #define POW_ADAPT_DEFAULT_P2 18
202 #define TPC_DEFAULT_P0 5
203 #define TPC_DEFAULT_P1 10
204 #define TPC_DEFAULT_P2 13
205
206 /* TxPD status */
207
208 /*
209 * Station firmware use TxPD status field to report final Tx transmit
210 * result, Bit masks are used to present combined situations.
211 */
212
213 #define MRVDRV_TxPD_POWER_MGMT_NULL_PACKET 0x01
214 #define MRVDRV_TxPD_POWER_MGMT_LAST_PACKET 0x08
215
216 /* Tx mesh flag */
217 /*
218 * Currently we are using normal WDS flag as mesh flag.
219 * TODO: change to proper mesh flag when MAC understands it.
220 */
221 #define TxPD_CONTROL_WDS_FRAME (1<<17)
222 #define TxPD_MESH_FRAME TxPD_CONTROL_WDS_FRAME
223
224 /* Mesh interface ID */
225 #define MESH_IFACE_ID 0x0001
226 /* Mesh id should be in bits 14-13-12 */
227 #define MESH_IFACE_BIT_OFFSET 0x000c
228 /* Mesh enable bit in FW capability */
229 #define MESH_CAPINFO_ENABLE_MASK (1<<16)
230
231 /* FW definition from Marvell v4 */
232 #define MRVL_FW_V4 (0x04)
233 /* FW definition from Marvell v5 */
234 #define MRVL_FW_V5 (0x05)
235 /* FW definition from Marvell v10 */
236 #define MRVL_FW_V10 (0x0a)
237 /* FW major revision definition */
238 #define MRVL_FW_MAJOR_REV(x) ((x)>>24)
239
240 /* RxPD status */
241
242 #define MRVDRV_RXPD_STATUS_OK 0x0001
243
244 /* RxPD status - Received packet types */
245 /* Rx mesh flag */
246 /*
247 * Currently we are using normal WDS flag as mesh flag.
248 * TODO: change to proper mesh flag when MAC understands it.
249 */
250 #define RxPD_CONTROL_WDS_FRAME (0x40)
251 #define RxPD_MESH_FRAME RxPD_CONTROL_WDS_FRAME
252
253 /* RSSI-related defines */
254 /*
255 * RSSI constants are used to implement 802.11 RSSI threshold
256 * indication. if the Rx packet signal got too weak for 5 consecutive
257 * times, miniport driver (driver) will report this event to wrapper
258 */
259
260 #define MRVDRV_NF_DEFAULT_SCAN_VALUE (-96)
261
262 /* RTS/FRAG related defines */
263 #define MRVDRV_RTS_MIN_VALUE 0
264 #define MRVDRV_RTS_MAX_VALUE 2347
265 #define MRVDRV_FRAG_MIN_VALUE 256
266 #define MRVDRV_FRAG_MAX_VALUE 2346
267
268 /* This is for firmware specific length */
269 #define EXTRA_LEN 36
270
271 #define MRVDRV_ETH_TX_PACKET_BUFFER_SIZE \
272 (ETH_FRAME_LEN + sizeof(struct txpd) + EXTRA_LEN)
273
274 #define MRVDRV_ETH_RX_PACKET_BUFFER_SIZE \
275 (ETH_FRAME_LEN + sizeof(struct rxpd) \
276 + MRVDRV_SNAP_HEADER_LEN + EXTRA_LEN)
277
278 #define CMD_F_HOSTCMD (1 << 0)
279 #define FW_CAPINFO_WPA (1 << 0)
280 #define FW_CAPINFO_PS (1 << 1)
281 #define FW_CAPINFO_FIRMWARE_UPGRADE (1 << 13)
282 #define FW_CAPINFO_BOOT2_UPGRADE (1<<14)
283 #define FW_CAPINFO_PERSISTENT_CONFIG (1<<15)
284
285 #define KEY_LEN_WPA_AES 16
286 #define KEY_LEN_WPA_TKIP 32
287 #define KEY_LEN_WEP_104 13
288 #define KEY_LEN_WEP_40 5
289
290 #define RF_ANTENNA_1 0x1
291 #define RF_ANTENNA_2 0x2
292 #define RF_ANTENNA_AUTO 0xFFFF
293
294 #define BAND_B (0x01)
295 #define BAND_G (0x02)
296 #define ALL_802_11_BANDS (BAND_B | BAND_G)
297
298 #define MAX_RATES 14
299
300 #define MAX_LEDS 8
301
302 /* Global Variable Declaration */
303 extern const char lbs_driver_version[];
304 extern u16 lbs_region_code_to_index[MRVDRV_MAX_REGION_CODE];
305
306
307 /* ENUM definition */
308 /* SNRNF_TYPE */
309 enum SNRNF_TYPE {
310 TYPE_BEACON = 0,
311 TYPE_RXPD,
312 MAX_TYPE_B
313 };
314
315 /* SNRNF_DATA */
316 enum SNRNF_DATA {
317 TYPE_NOAVG = 0,
318 TYPE_AVG,
319 MAX_TYPE_AVG
320 };
321
322 /* LBS_802_11_POWER_MODE */
323 enum LBS_802_11_POWER_MODE {
324 LBS802_11POWERMODECAM,
325 LBS802_11POWERMODEMAX_PSP,
326 LBS802_11POWERMODEFAST_PSP,
327 /* not a real mode, defined as an upper bound */
328 LBS802_11POWEMODEMAX
329 };
330
331 /* PS_STATE */
332 enum PS_STATE {
333 PS_STATE_FULL_POWER,
334 PS_STATE_AWAKE,
335 PS_STATE_PRE_SLEEP,
336 PS_STATE_SLEEP
337 };
338
339 /* DNLD_STATE */
340 enum DNLD_STATE {
341 DNLD_RES_RECEIVED,
342 DNLD_DATA_SENT,
343 DNLD_CMD_SENT,
344 DNLD_BOOTCMD_SENT,
345 };
346
347 /* LBS_MEDIA_STATE */
348 enum LBS_MEDIA_STATE {
349 LBS_CONNECTED,
350 LBS_DISCONNECTED
351 };
352
353 /* LBS_802_11_PRIVACY_FILTER */
354 enum LBS_802_11_PRIVACY_FILTER {
355 LBS802_11PRIVFILTERACCEPTALL,
356 LBS802_11PRIVFILTER8021XWEP
357 };
358
359 /* mv_ms_type */
360 enum mv_ms_type {
361 MVMS_DAT = 0,
362 MVMS_CMD = 1,
363 MVMS_TXDONE = 2,
364 MVMS_EVENT
365 };
366
367 /* KEY_TYPE_ID */
368 enum KEY_TYPE_ID {
369 KEY_TYPE_ID_WEP = 0,
370 KEY_TYPE_ID_TKIP,
371 KEY_TYPE_ID_AES
372 };
373
374 /* KEY_INFO_WPA (applies to both TKIP and AES/CCMP) */
375 enum KEY_INFO_WPA {
376 KEY_INFO_WPA_MCAST = 0x01,
377 KEY_INFO_WPA_UNICAST = 0x02,
378 KEY_INFO_WPA_ENABLED = 0x04
379 };
380
381 /* Default values for fwt commands. */
382 #define FWT_DEFAULT_METRIC 0
383 #define FWT_DEFAULT_DIR 1
384 /* Default Rate, 11Mbps */
385 #define FWT_DEFAULT_RATE 3
386 #define FWT_DEFAULT_SSN 0xffffffff
387 #define FWT_DEFAULT_DSN 0
388 #define FWT_DEFAULT_HOPCOUNT 0
389 #define FWT_DEFAULT_TTL 0
390 #define FWT_DEFAULT_EXPIRATION 0
391 #define FWT_DEFAULT_SLEEPMODE 0
392 #define FWT_DEFAULT_SNR 0
393
394 #endif 1 #ifndef _LDV_RCV_H_
2 #define _LDV_RCV_H_
3
4 /* If expr evaluates to zero, ldv_assert() causes a program to reach the error
5 label like the standard assert(). */
6 #define ldv_assert(expr) ((expr) ? 0 : ldv_error())
7
8 /* The error label wrapper. It is used because of some static verifiers (like
9 BLAST) don't accept multiple error labels through a program. */
10 static inline void ldv_error(void)
11 {
12 LDV_ERROR: goto LDV_ERROR;
13 }
14
15 /* If expr evaluates to zero, ldv_assume() causes an infinite loop that is
16 avoided by verifiers. */
17 #define ldv_assume(expr) ((expr) ? 0 : ldv_stop())
18
19 /* Infinite loop, that causes verifiers to skip such paths. */
20 static inline void ldv_stop(void) {
21 LDV_STOP: goto LDV_STOP;
22 }
23
24 /* Special nondeterministic functions. */
25 int ldv_undef_int(void);
26 void *ldv_undef_ptr(void);
27 unsigned long ldv_undef_ulong(void);
28 long ldv_undef_long(void);
29 /* Return nondeterministic negative integer number. */
30 static inline int ldv_undef_int_negative(void)
31 {
32 int ret = ldv_undef_int();
33
34 ldv_assume(ret < 0);
35
36 return ret;
37 }
38 /* Return nondeterministic nonpositive integer number. */
39 static inline int ldv_undef_int_nonpositive(void)
40 {
41 int ret = ldv_undef_int();
42
43 ldv_assume(ret <= 0);
44
45 return ret;
46 }
47
48 /* Add explicit model for __builin_expect GCC function. Without the model a
49 return value will be treated as nondetermined by verifiers. */
50 static inline long __builtin_expect(long exp, long c)
51 {
52 return exp;
53 }
54
55 /* This function causes the program to exit abnormally. GCC implements this
56 function by using a target-dependent mechanism (such as intentionally executing
57 an illegal instruction) or by calling abort. The mechanism used may vary from
58 release to release so you should not rely on any particular implementation.
59 http://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html */
60 static inline void __builtin_trap(void)
61 {
62 ldv_assert(0);
63 }
64
65 /* The constant is for simulating an error of ldv_undef_ptr() function. */
66 #define LDV_PTR_MAX 2012
67
68 #endif /* _LDV_RCV_H_ */ |
Here is an explanation of a rule violation arisen while checking your driver against a corresponding kernel.
Note that it may be false positive, i.e. there isn't a real error indeed. Please analyze a given error trace and related source code to understand whether there is an error in your driver.
Error trace column contains a path on which the given rule is violated. You can expand/collapse some entity classes by clicking on corresponding checkboxes in a main menu or in an advanced Others menu. Also you can expand/collapse each particular entity by clicking on +/-. In hovering on some entities you can see some tips. Also the error trace is bound with related source code. Line numbers may be shown as links on the left. You can click on them to open corresponding lines in source code.
Source code column contains a content of files related with the error trace. There is source code of your driver (note that there are some LDV modifications at the end), kernel headers and rule model. Tabs show a currently opened file and other available files. In hovering on them you can see full file names. On clicking a corresponding file content will be shown.
Ядро | Модуль | Правило | Верификатор | Вердикт | Статус | Время создания | Описание проблемы |
linux-4.5-rc7 | drivers/net/wireless/marvell/libertas/libertas.ko | races | CPAchecker | Bug | Fixed | 2016-03-14 16:37:07 | L0230 |
Комментарий
Is it possible dev->ml_priv = wiphy->priv? In this case the simultanious access to the same memory takes place.
[В начало]