mwifiex: fixup error cases in mwifiex_add_virtual_intf() commit 8535107aa4ef92520cbb9a4739563b389c5f8e2c upstream. If we fail to add an interface in mwifiex_add_virtual_intf(), we might hit a BUG_ON() in the networking code, because we didn't tear things down properly. Among the problems: (a) when failing to allocate workqueues, we fail to unregister the netdev before calling free_netdev() (b) even if we do try to unregister the netdev, we're still holding the rtnl lock, so the device never properly unregistered; we'll be at state NETREG_UNREGISTERING, and then hit free_netdev()'s: BUG_ON(dev->reg_state != NETREG_UNREGISTERED); (c) we're allocating some dependent resources (e.g., DFS workqueues) after we've registered the interface; this may or may not cause problems, but it's good practice to allocate these before registering (d) we're not even trying to unwind anything when mwifiex_send_cmd() or mwifiex_sta_init_cmd() fail To fix these issues, let's: * add a stacked set of error handling labels, to keep error handling consistent and properly ordered (resolving (a) and (d)) * move the workqueue allocations before the registration (to resolve (c); also resolves (b) by avoiding error cases where we have to unregister) [Incidentally, it's pretty easy to interrupt the alloc_workqueue() in, e.g., the following: iw phy phy0 interface add mlan0 type station by sending it SIGTERM.] This bugfix covers commits like commit 7d652034d1a0 ("mwifiex: channel switch support for mwifiex"), but parts of this bug exist all the way back to the introduction of dynamic interface handling in commit 93a1df48d224 ("mwifiex: add cfg80211 handlers add/del_virtual_intf"). Signed-off-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> [bwh: Backported to 3.2: - There is no workqueue allocation or cleanup needed here - Add 'ret' variable - Keep logging errors with wiphy_err() - Adjust filename] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
mwifiex: printk() overflow with 32-byte SSIDs commit fcd2042e8d36cf644bd2d69c26378d17158b17df upstream. SSIDs aren't guaranteed to be 0-terminated. Let's cap the max length when we print them out. This can be easily noticed by connecting to a network with a 32-octet SSID: [ 3903.502925] mwifiex_pcie 0000:01:00.0: info: trying to associate to '0123456789abcdef0123456789abcdef <uninitialized mem>' bssid xx:xx:xx:xx:xx:xx Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver") Signed-off-by: Brian Norris <briannorris@chromium.org> Acked-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> [bwh: Backported to 3.2: adjust filename, context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
mwifiex: fix memory leak issue when driver unload commit f16fdc9d2dc1e5b270e9a08377587e831e0d36ac upstream. After unregister_netdevice() call the request is queued and reg_state is changed to NETREG_UNREGISTERING. As we check for NETREG_UNREGISTERED state, free_netdev() never gets executed causing memory leak. Initialize "dev->destructor" to free_netdev() to free device data after unregistration. Reported-by: Daniel Drake <dsd@laptop.org> Tested-by: Daniel Drake <dsd@laptop.org> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> [bwh: Backported to 3.2: s/wdev->netdev/dev/] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
mwifiex: correction in mcs index check commit fe020120cb863ba918c6d603345342a880272c4d upstream. mwifiex driver supports 2x2 chips as well. Hence valid mcs values are 0 to 15. The check for mcs index is corrected in this patch. For example: if 40MHz is enabled and mcs index is 11, "iw link" command would show "tx bitrate: 108.0 MBit/s" without this patch. Now it shows "tx bitrate: 108.0 MBit/s MCS 11 40Mhz" with the patch. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
mwifiex: fix wrong return values in add_virtual_intf() error cases commit 858faa57dd9e2b91f3f870fbb1185982e42f5a2b upstream backported for linux-3.2.y, linux-3.3.y, linux-3.4.y add_virtual_intf() needs to return an ERR_PTR(), instead of NULL, on errors, otherwise cfg80211 will crash. Reported-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
mwifiex: add cfg80211 handlers add/del_virtual_intf Making adding and deleting virtual interfaces dynamic. Adding handlers for creating and deleting virtual interface with given name and dev respectively. Also, creating default interface of type station on insmod of the driver. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: fix Tx data rate display issue "iw dev mlan0 link" shows wrong data rate, because data rate is not sent properly to cfg80211 stack. Also stack is not updated with mcs and Tx data flags information. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: remove unnecessary mwifiex_dump_station_info() call An extra call to mwifiex_dump_station_info() routine in get_station callback function is redundant Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: pass correct band parameter to ieee80211_channel_to_frequency() ieee80211_channel_to_frequency() routine expects band parameter in the form of "enum ieee80211_band band". Currently driver specific band (BAND_A, BAND_AN etc.) is passed to the routine. This patch makes sure that correct parameter is passed. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: update bss band information In recent commit "mwifiex: use cfg80211 dynamic scan..." (7c6fa2a843..) scan table handling in driver is removed to make use of cfg80211 dynamic scan table. Now driver sends beacon buffers found in scanning directly to stack and parse the buffer for requested BSS only during association. Beacon buffer doesn't contain bss band information. Driver gets it from firmware in separate tlv (chan_band_tlv). Currently since we don't inform stack about bss bandinfo, there is an issue with 5GHz association. Use "priv" field of struct cfg80211_bss to store bandinfo. This fixes 5GHz association issue. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: use cfg80211 dynamic scan table and cfg80211_get_bss API Instead of maintaining static scan table in driver, scan list is sent to cfg80211 stack (after parsing each scan command response). In assoc handler (for infra and ibss network) requested BSS information is retrieved using cfg80211_get_bss() API. With the changes above some redundant code are removed. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: remove wireless.h inclusion and fix resulting bugs replace IW_MAX_AP & IW_CUSTOM_MAX with local definitions and remove usage of struct iw_statistics. Cc: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: add cfg80211 handler for set_bitrate_mask Currently, setting only legacy bitrates on 2.4GHz band are supported. Mode 802.11b/g/bg is enabled based on bitrates selection. If only CCK bitrates selected then 802.11b mode is enabled. If only OFDM bitrates are selected then 802.11g mode is enabled. For both: CCK and OFDM rates 802.11bg mixed mode is enabled. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: fix regression in WEP security mode Htcapinfo is unnecessarily sent in assoc request in WEP security due to a regression introduced by commit 2be50b8df53 (mwifiex: remove redundant encryption_mode mapping). The issue is fixed in this patch. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: Fixing NULL pointer dereference Following OOPS was seen when booting with card inserted BUG: unable to handle kernel NULL pointer dereference at 0000004c IP: [<f8b7718c>] cfg80211_get_drvinfo+0x21/0x115 [cfg80211] *pde = 00000000 Oops: 0000 [#1] SMP Modules linked in: iwl3945 iwl_legacy mwifiex_sdio mac80211 11 sdhci_pci sdhci pl2303 'ethtool' on the mwifiex device returned this OOPS as wiphy_dev() returned NULL. Adding missing set_wiphy_dev() call to fix the problem. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: cleanup ioctl.h Some structures and macros in ioctl.h are redundant or no longer used. Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: fix null derefs, mem leaks and trivia This patch: - adds kfree() where necessary - prevents potential null dereferences - makes use of kfree_skb() - replaces -1 for failed kzallocs with -ENOMEM Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com> Reviewed-by: Kiran Divekar <dkiran@marvell.com> Tested-by: Amitkumar Karwar <akarwar@marvell.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: remove unnecessary variable initialization Skip initialization of local variables with some default values if the values are not going to be used further down the code path. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: fix simultaneous assoc and scan issue When scan and assoc (infra/ibss) commands are simultaneously given in two terminals, association response is erroneously served while serving the scan response. mwifiex_cfg80211_results() is the common routine for sending ioctl (scan, assoc etc.) results to cfg80211 stack. In above scenario even if the common routine is called for scan ioctl context, it also tries to send information about assoc ioctl to cfg80211 because "priv->assoc_request/priv->ibss_join_request" flag is on at that time. Fix the issue by updating request variable after assoc handling and modifying the variable check in mwifiex_cfg80211_results. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kiran Divekar <dkiran@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: HT capability information handling 1) Initialise HT capabilities in cfg80211 properly. 2) Cfg80211 stack may modify "sband->ht_cap" to disable 40Mhz operation in 2.4GHz band (after recent patch "cfg80211: module_param to disable HT40 in 2.4GHz band") Therefore read "sband->ht_cap" instead of an adapter variable "hw_dot_11n_dev_cap" to get HT capabilities. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>