Signed-off-by: NVivek Natarajan <vnatarajan@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The find_ie() function uses a size_t for the len parameter, and
directly uses len as a loop variable.  If any received packets
are malformed, it is possible for the decrease of len to overflow,
and since the result is unsigned, the loop will not terminate.
Change it to a signed int so the loop conditional works for
negative values.

This fixes the following soft lockup:

[38573.102007] BUG: soft lockup - CPU#0 stuck for 61s! [phy0:2230]
[38573.102007] Modules linked in: aes_i586 aes_generic fuse af_packet ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state iptable_filter ip_tables x_tables acpi_cpufreq binfmt_misc dm_mirror dm_region_hash dm_log dm_multipath dm_mod kvm_intel kvm uinput i915 arc4 ecb drm snd_hda_codec_idt ath5k snd_hda_intel hid_apple mac80211 usbhid appletouch snd_hda_codec snd_pcm ath cfg80211 snd_timer i2c_algo_bit ohci1394 video snd processor ieee1394 rfkill ehci_hcd sg sky2 backlight snd_page_alloc uhci_hcd joydev output ac thermal button battery sr_mod applesmc cdrom input_polldev evdev unix [last unloaded: scsi_wait_scan]
[38573.102007] irq event stamp: 2547724535
[38573.102007] hardirqs last  enabled at (2547724534): [<c1002ffc>] restore_all_notrace+0x0/0x18
[38573.102007] hardirqs last disabled at (2547724535): [<c10038f4>] apic_timer_interrupt+0x28/0x34
[38573.102007] softirqs last  enabled at (92950144): [<c103ab48>] __do_softirq+0x108/0x210
[38573.102007] softirqs last disabled at (92950274): [<c1348e74>] _spin_lock_bh+0x14/0x80
[38573.102007]
[38573.102007] Pid: 2230, comm: phy0 Tainted: G        W  (2.6.31-rc7-wl #8) MacBook1,1
[38573.102007] EIP: 0060:[<f8ea2d50>] EFLAGS: 00010292 CPU: 0
[38573.102007] EIP is at cmp_ies+0x30/0x180 [cfg80211]
[38573.102007] EAX: 00000082 EBX: 00000000 ECX: ffffffc1 EDX: d8efd014
[38573.102007] ESI: ffffff7c EDI: 0000004d EBP: eee2dc50 ESP: eee2dc3c
[38573.102007]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[38573.102007] CR0: 8005003b CR2: d8efd014 CR3: 01694000 CR4: 000026d0
[38573.102007] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[38573.102007] DR6: ffff0ff0 DR7: 00000400
[38573.102007] Call Trace:
[38573.102007]  [<f8ea2f8d>] cmp_bss+0xed/0x100 [cfg80211]
[38573.102007]  [<f8ea33e4>] cfg80211_bss_update+0x84/0x410 [cfg80211]
[38573.102007]  [<f8ea3884>] cfg80211_inform_bss_frame+0x114/0x180 [cfg80211]
[38573.102007]  [<f97255ff>] ieee80211_bss_info_update+0x4f/0x180 [mac80211]
[38573.102007]  [<f972b118>] ieee80211_rx_bss_info+0x88/0xf0 [mac80211]
[38573.102007]  [<f9739297>] ? ieee802_11_parse_elems+0x27/0x30 [mac80211]
[38573.102007]  [<f972b224>] ieee80211_rx_mgmt_probe_resp+0xa4/0x1c0 [mac80211]
[38573.102007]  [<f972bc59>] ieee80211_sta_rx_queued_mgmt+0x919/0xc50 [mac80211]
[38573.102007]  [<c1009707>] ? sched_clock+0x27/0xa0
[38573.102007]  [<c1009707>] ? sched_clock+0x27/0xa0
[38573.102007]  [<c105ffd0>] ? mark_held_locks+0x60/0x80
[38573.102007]  [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70
[38573.102007]  [<c134baa5>] ? sub_preempt_count+0x85/0xc0
[38573.102007]  [<c1348bce>] ? _spin_unlock_irqrestore+0x3e/0x70
[38573.102007]  [<c12c1c0f>] ? skb_dequeue+0x4f/0x70
[38573.102007]  [<f972c021>] ieee80211_sta_work+0x91/0xb80 [mac80211]
[38573.102007]  [<c1009707>] ? sched_clock+0x27/0xa0
[38573.102007]  [<c134baa5>] ? sub_preempt_count+0x85/0xc0
[38573.102007]  [<c10479af>] worker_thread+0x18f/0x320
[38573.102007]  [<c104794e>] ? worker_thread+0x12e/0x320
[38573.102007]  [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70
[38573.102007]  [<f972bf90>] ? ieee80211_sta_work+0x0/0xb80 [mac80211]
[38573.102007]  [<c104cbb0>] ? autoremove_wake_function+0x0/0x50
[38573.102007]  [<c1047820>] ? worker_thread+0x0/0x320
[38573.102007]  [<c104c854>] kthread+0x84/0x90
[38573.102007]  [<c104c7d0>] ? kthread+0x0/0x90
[38573.102007]  [<c1003ab7>] kernel_thread_helper+0x7/0x10

Cc: stable@kernel.org
Signed-off-by: NBob Copeland <me@bobcopeland.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We can just display this upon enabling mac80211 with an
'if MAC80211 != n' check.

Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Refer to the wireless wiki for more information.
Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Change it to a menuconfig to give it some documentation, to
refer users to our wireless wiki for extra resources and
documentation. It seems our wiki is still obscure to some.
Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

In order to check what was the last fw error we got accross resets, we add
this debugfs entry. It displays the complete ASSERT information.
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When UMAC stalls or asserts, we want to reset the device. But when we're
associated, the current reset worker will end up calling
cfg80211_connect_result() with the cfg80211 sme layer knowing that we're
reassociating. That ends up with some ugly warnings.
With this patch we're telling the upper layer that we've roamed if
reassociation succeeds, and that we're disconnected if it fails.
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The LMAC calibration API got broken mostly by having a configuration bitmap
being different than the result one.
This patch tries to address that issue by correctly running calibrations with
the newest firmwares, and keeping a backward compatibility fallback path for
older firmwares, where the configuration and result bitmaps were identical.
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Also mark some functions static.
Signed-off-by: NZhu Yi <yi.zhu@intel.com>
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When the driver receives "connection terminated" event from device,
it could be caused by 2 reasons: the firmware is roaming or the
connection is lost (AP disappears). For the former, an association
complete event is supposed to come within 3 seconds. For the latter,
the driver won't receive any event except the connection terminated.
So we kick a delayed work (5*HZ) when we receive the connection
terminated event. It will be canceled if it turns out to be a roaming
event later. Otherwise we notify SME and userspace the disconnection.
Signed-off-by: NZhu Yi <yi.zhu@intel.com>
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The device sends connection terminated and [re]association success
(or failure) events when roaming occours. The patch uses
cfg80211_roamed instead of cfg80211_connect_result to notify SME
for roaming.
Signed-off-by: NZhu Yi <yi.zhu@intel.com>
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

iwm_cfg80211_get_station() should be static.
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When connect is called with the LEGACY_PSK authentication type set, and a
proper sme->key, we need to set the WEP key straight after setting the
profile otherwise the authentication will never start.
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

If cfg80211 requests to connect when we have already had an active
profile, invalidate the current profile first before sending a new
profile to UMAC.
Signed-off-by: NZhu Yi <yi.zhu@intel.com>
Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Since rndis_wlan is now converted to cfg80211, WIRELESS_EXT isn't
required anymore.
Signed-off-by: NJussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Signed-off-by: NJussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

- remove double newlines between functions
- remove commented out function (rndis_set_config_parameter_u32())
- coding style fix in rndis_set_config_parameter_str()
- add comment banners between function sections
Signed-off-by: NJussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Signed-off-by: NJussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

As generic hw timer interrupt handler is moved to tasklet,
we no more need to call spin_lock_irqsave().
Signed-off-by: NVasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

There is no point handling this in hard irq, move it to
tasklet.
Signed-off-by: NVasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This header file is copied into userspace tools that
need not be GPLv2 licensed, make that easier.
Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
Acked-by: NAlan Jenkins <alan-jenkins@tuffmail.co.uk>
Acked-by: NHenrique de Moraes Holschuh <hmh@hmh.eng.br>
Acked-by: NIñaky Pérez-González <inaky@linux.intel.com>
Acked-by: NIvo van Doorn <IvDoorn@gmail.com>
Acked-by: NJaswinder Singh Rajput <jaswinderrajput@gmail.com>
Acked-by: NMichael Buesch <mb@bu3sch.de>
Acked-by: NTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Doing an RTC reset when DMA is active may corrupt memory,
make sure no DMA is active at this moment by doing an
AHB reset.
Signed-off-by: NVasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Fix kconfig dependencies for ipw2x00 drivers, fixes build errors:

ERROR: "wiphy_free" [drivers/net/wireless/ipw2x00/libipw.ko] undefined!
ERROR: "wiphy_unregister" [drivers/net/wireless/ipw2x00/libipw.ko] undefined!
ERROR: "wiphy_new" [drivers/net/wireless/ipw2x00/libipw.ko] undefined!
ERROR: "cfg80211_wext_giwname" [drivers/net/wireless/ipw2x00/ipw2200.ko] undefined!
ERROR: "wiphy_register" [drivers/net/wireless/ipw2x00/ipw2200.ko] undefined!
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The old function rt2x00queue_payload_align() handled
both adding and removing L2 padding and some basic
frame alignment. The entire function was being abused
because it had multiple functions and the header length
argument was somtimes used to align the header instead
of the payload.

Additionally there was a bug when inserting L2 padding
that only the payload was aligned but not the header. This
happens when the header wasn't aligned properly by mac80211,
but rt2x00lib only moves the payload.

A secondary problem was that when removing L2 padding during
TXdone or RX the skb wasn't resized to the proper size.

Split the function into seperate functions each handling
its task as it should.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Not all values of the TX status enumeration were
covered during updating of the TX statistics. This
could lead to wrong bitrate tuning but also wrong
behavior in tools like hostapd.
Signed-off-by: NIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The rev1 2GHz and rev2 5GHz gain tables were incorrectly documented
on the specs originally. Update these gaintables to match the cor-
rected specs.
Signed-off-by: NGábor Stefanik <netroller.3d@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Signed-off-by: NGábor Stefanik <netrolller.3d@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Also mark the LP-PHY driver "802.11a/g" instead of "802.11g",
as LP-PHY is capable of both 2GHz and 5GHz operation.
Signed-off-by: NGábor Stefanik <netrolller.3d@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

-Make use of the b43_phy_set/mask/maskset helpers.
-Fix a few errors in the code.
-Make the code more readable.
Signed-off-by: NGábor Stefanik <netrolller.3d@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Significant literature suggests users use debug flags 0x43fff - this causes
the debug flags to be set that causes information to be printed for every
received frame - including beacons. In the best case it fills up the logs,
at worst it slows driver down and causes failures due to timeouts.

In the RX handler, print debugging only if user requested RX debugging.
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

3945 does not have update_chain_flags defined and because if this we always
see the debug message that does not apply to it. Add a check to be specific
about what is actually happening.
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Some concerns were raised about the automatic adjustment
of sleep intervals to all the same, potentially high,
value, and I can imagine the hardware behaving better
when we don't ask too much of it.

So let's convert to use a succession of sleep levels
when requesting to go to deeper sleeps (which can only
happen with large DTIM intervals), using the succession
values from power level three, which have the benefit of
also having been tested extensively already.

As a result, the automatic sleep level adjustment will
now be mostly equivalent to power level three, except
for the RX/TX timeouts and possibly using smaller sleep
vectors to account for networking latency.
Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

For HT packets, mac80211 expects the rate_idx to be an MCS number, which is the
lower byte of rate_n_flags.  However, iwl_hwrate_to_plcp_idx takes the MCS
number and reduces it down to the range 0-8 (6 to 60 Mbps), removing the bits
that signify multiply streams, HT40 Duplicate mode, or unequal modulation.
This version is used for various internal purposes through the driver.

Add the function iwl_hwrate_get_mac80211_idx, an alternate version which takes
the rate and the band and returns the mac80211 index (MCS, for HT packets, and
PLCP rate, for legacy packets).
Signed-off-by: NDaniel C Halperin <daniel.c.halperin@intel.com>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Refactor and correct rate selection for outgoing transmitted
packets.

First, note that HT rates in the mac80211 rate table do not provide valid
indices when ieee80211_get_tx_rate is called; the check to see if we could to
abort a transmission early in iwl_tx_skb() would thus occasionally read invalid
memory and occasionally stall transmission (if the erroneous byte was 0xff).
We remove that code; the check wasn't valid anyway.

Second, iwl_tx_cmd_build_rate() also called ieee80211_get_tx_rate to be used
for sending management packets, which do not use the uCode station table.  This
patch refactors that function and adds comments to enhance legibility, replaces
the call to ieee80211_get_tx_rate() with a direct lookup, and adds error
handling in case the table entry is invalid.
Signed-off-by: NDaniel C Halperin <daniel.c.halperin@intel.com>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

ieee80211_supported_band is supposed to only contain legacy rates in the
bitrates table (HT rates go in the ieee80211_sta_ht_cap substruct).  Make
iwlwifi driver obey this restriction by removing the 60 Mbps rate. Also, clean
up a few pieces of other code that formerly relied on 60 Mbps being in
sband->bitrates.
Signed-off-by: NDaniel C Halperin <daniel.c.halperin@intel.com>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Single line log messages should be emitted by a single call
where possible.

Converted multiple calls to DBG_PRINT to single call form.
Removed "s2io:" preface from DBG_PRINTs.

The DBG_PRINT macro now emits a log level and is surrounded by
a do {...} while (0)

All s2io log output is now prefaced with KBUILD_MODNAME ": "
via pr_fmt.

The DBG_PRINT macro should probably be converted to use the
dev_<level> form eventually.
Signed-off-by: NJoe Perches <joe@perches.com>
Acked-by: NSreenivasa Honnur <sreenivasa.honnur@neterion.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Missed doing the conversion in earlier patch.
Signed-off-by: NJoe Perches <joe@perches.com>
Acked-by: NSreenivasa Honnur <sreenivasa.honnur@neterion.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Regularize the declaration and uses of
	struct config_param *config = &sp->config;
	struct mac_info *mac_control = &sp->mac_control;
and use
	struct stat_block *stats = mac_control->stats_info;
	struct swStat *swstats = &stats->sw_stat;
	struct xpakStat *xstats = &stats->xpak_stat;
and convert the longish uses like
	nic->mac_control.stats_info->sw_stat.<foo>
to
	swstats-><foo>
etc.

This also makes the statistics code marginally smaller
and presumably faster.

Old:
$ size s2io.o
   text	   data	    bss	    dec	    hex	filename
 114289	    516	  33360	 148165	  242c5	s2io.o
New:
$ size s2io.o
   text	   data	    bss	    dec	    hex	filename
 114097	    516	  33360	 147973	  24205	s2io.o
Signed-off-by: NJoe Perches <joe@perches.com>
Acked-by: NSreenivasa Honnur <sreenivasa.honnur@neterion.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NJoe Perches <joe@perches.com>
Acked-by: NSreenivasa Honnur <sreenivasa.honnur@neterion.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Fixed trivial typo as well
Signed-off-by: NJoe Perches <joe@perches.com>
Acked-by: NSreenivasa Honnur <sreenivasa.honnur@neterion.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>