Re: ath6kl: assure headroom of skbuff is writable in .start_xmit()

[Steve deRosier]

On Wed, Apr 26, 2017 at 12:54 PM, James Hughes
 wrote:
> On 26 April 2017 at 19:03, Arend Van Spriel
>  wrote:
>>
>>
>> On 26-4-2017 17:44, Steve deRosier wrote:
>>> On Wed, Apr 26, 2017 at 1:53 AM, Kalle Valo  wrote:
 Arend Van Spriel  wrote:
> An issue was found brcmfmac driver in which a skbuff in .start_xmit()
> callback was actually cloned. So instead of checking for sufficient
> headroom it should also be writable. Hence use skb_cow_head() to
> check and expand the headroom appropriately.
>
> Signed-off-by: Arend van Spriel 

 Steve, would you have time to run a quick test with this?

 Patch set to Deferred.

>>>
>>> Happy to give it a quick spin on both of my platforms.
>>>

@ Arend and James, thanks for the info. I understand it, but
unfortunately I can't seem to replicate the problems on my platforms
with the limited time I have available to test it. It also may have to
do with my platforms having special custom bridging related code, or
just me having setup too simple of a test.

That said...

@Kalle: I have tested on both my 6004 and 6003 platforms. I didn't
notice any incorrect behavior in my testing. But I don't have a test
setup that would have shown the original problem as reported on the
brcm driver so I can't say that the change actually _fixes_ anything.
Only that in my testing it doesn't seem to break anything.

Tested-by: Steve deRosier 

- Steve

Re: [PATCH v2] NFC: trf7970a: Correct register settings for 27MHz clock

[Mark Greer]

On Wed, Apr 26, 2017 at 09:41:48PM -0400, Geoff Lansberry wrote:

Hi Geoff.

> In prior commits the selected clock frequency does not propagate
> correctly to what is written the the TRF7970A_MODULATOR_SYS_CLK_CTRL
> register.
> 
> Signed-off-by: Geoff Lansberry 
> ---
>  drivers/nfc/trf7970a.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c
> index 5f040e6..c278b0e 100644
> --- a/drivers/nfc/trf7970a.c
> +++ b/drivers/nfc/trf7970a.c
> @@ -2079,6 +2079,13 @@ static int trf7970a_probe(struct spi_device *spi)
>   return -EINVAL;
>   }
>  
> + if (clk_freq == TRF7970A_27MHZ_CLOCK_FREQUENCY) {
> + trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_27MHZ;
> + dev_dbg(trf->dev, "trf7970a configured for 27MHz crystal\n");
> + } else {
> + trf->modulator_sys_clk_ctrl = 0;
> + }
> +
>   if (of_property_read_bool(np, "en2-rf-quirk"))
>   trf->quirks |= TRF7970A_QUIRK_EN2_MUST_STAY_LOW;

Looks fine to me but please rebase it on top of current nfc-next/master
as it doesn't apply to it right now.

Thanks,

Mark
--

[PATCH v2] NFC: trf7970a: Correct register settings for 27MHz clock

[Geoff Lansberry]

In prior commits the selected clock frequency does not propagate
correctly to what is written the the TRF7970A_MODULATOR_SYS_CLK_CTRL
register.

Signed-off-by: Geoff Lansberry 
---
 drivers/nfc/trf7970a.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c
index 5f040e6..c278b0e 100644
--- a/drivers/nfc/trf7970a.c
+++ b/drivers/nfc/trf7970a.c
@@ -2079,6 +2079,13 @@ static int trf7970a_probe(struct spi_device *spi)
return -EINVAL;
}
 
+   if (clk_freq == TRF7970A_27MHZ_CLOCK_FREQUENCY) {
+   trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_27MHZ;
+   dev_dbg(trf->dev, "trf7970a configured for 27MHz crystal\n");
+   } else {
+   trf->modulator_sys_clk_ctrl = 0;
+   }
+
if (of_property_read_bool(np, "en2-rf-quirk"))
trf->quirks |= TRF7970A_QUIRK_EN2_MUST_STAY_LOW;
 
-- 
2.7.4

Re: brcmfmac: don't warn user if requested nvram fails

[Luis R. Rodriguez]

On Fri, Apr 07, 2017 at 11:43:04PM +0200, Arend Van Spriel wrote:
> On 6-4-2017 14:14, Hans de Goede wrote:
> > Luis, do you think it would be a good idea to add
> > .optional_postfix member to driver_data_req_params
> > for this? I believe other sdio based wifi devices
> > may want to do the same, or should this be handled
> > in the driver by doing 2 driver_data_request_async
> > calls (the 2nd when the 1st fails) ?
> 
> I think we briefly touched this subject a while ago. It would be great
> if the driver_data api could be given a list/array of files which can be
> flagged as required or optional. Just not sure how to deal with drivers
> that request a firmware file and fallback to requesting older ones
> repeatedly thus stop processing upon first successful load. Both
> use-cases seem present in drivers.

I've now added chaining request support and it follows the API model
devised by Intel, as it is very sensible and should also work with open
firmware models very well. By default the optional nature is specific to
anything in between, but it will complain if no file is found at all,
unless of course the entire set is optional.

If the series of files do not match a simple API model / revisions,
then yes, I'd be happy to support allowing users to specify a list
of files with their own set of specific requirements (including specifying
if one optional or not). How I'd advise for this to be supported would be
with a flexible array pointer and setting the pointer / num_members later,
for processing. I recently had to demo how to do this so here is a simple
demo using flexible arrays embedded:

http://drvbp1.linux-foundation.org/~mcgrof/demos/demo-flexible-array-subopts.c

I would imagine macros can be added to driver_data.h to make spelling out
file entries easier to read.

Everything must be const on the request though. Oh and we want respective
test cases in the new test driver to ensure we never regress and things
work just as expected.

I'll respin the driver data API once again now addressing hopefully
the last pieces of feedback.

  Luis

Re: brcmfmac: don't warn user if requested nvram fails

[Luis R. Rodriguez]

On Tue, Apr 11, 2017 at 10:53:57AM +0200, Hans de Goede wrote:
> Hi,
> 
> On 10-04-17 23:50, Arend Van Spriel wrote:
> > On 8-4-2017 11:53, Hans de Goede wrote:
> > > Hi,
> > > 
> > > On 07-04-17 23:43, Arend Van Spriel wrote:
> > > > 
> > > > 
> > > > On 6-4-2017 14:14, Hans de Goede wrote:
> > > > > Hi,
> > > > > 
> > > > > I noticed your patch-series on the lwn.net kernel page,
> > > > > and I took a peek :)
> > > > > 
> > > > > I don't think that this patch:
> > > > > 
> > > > > https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/commit/?h=20170329-driver-data-v2-try3=3968dd3031d1ff7e7be4acfb810948c70c2d4490
> > > > > 
> > > > > 
> > > > > 
> > > > > Is a good idea, specifically the "do not warn" part,
> > > > > although the brcmfmac driver will indeed try to continue
> > > > > without a nvram file, in my experience it almost all
> > > > > the time will not work properly without the nvram file.
> > > > 
> > > > Actually, brcmfmac will only continue without nvram for PCIe devices.
> > > > For SDIO it is a different story, which may be the kind of devices you
> > > > have experienced.
> > > 
> > > Ah, no I've experience with both now, and the device I've
> > > with a PCIE which needs nvram:
> > > 
> > > http://www.gpd.hk/gpdwin.asp
> > > 
> > > Will not work without the nvram file, so I really think
> > > we should at least keep a warning msg here.
> > 
> > Nice gadget.
> > 
> > > > > Arend, should we maybe just make the missing nvram file
> > > > > a fatal error ?
> > > > > 
> > > > > ###
> > > > > 
> > > > > While on the subject of nvram file loading, I want to make
> > > > > some changes to how brcmfmac does this, for pcie
> > > > > devices I want it to first try:
> > > > > 
> > > > > brcmfmac-4xxx-sdio--.txt
> > > > > and only if that is not present fallback to
> > > > > brcmfmac-4xxx-sdio.txt, so that we can include the
> > > > > brcmfmac-4xxx-sdio--.txt
> > > > > in the linux-firmware repo and have things just work.
> > > > 
> > > > You got me confused. I suppose the -sdio- should not be in the filename
> > > > examples above.
> > > 
> > > Right, sorry. For the pcie device I'm looking at the
> > > name is brcmfmac4356-pcie.txt and I would like to propose
> > > to first check for "brcmfmac4356--.txt"
> > > 
> > > > So who is going to provide these nvram files. We can not
> > > > maintain that as there are too many variants and they are under control
> > > > of the OEM/ODM.
> > > 
> > > Users / people like me who are interested in using certain
> > > devices with Linux. The idea is to at least make it possible to
> > > have these devices just work. E.g. I would like a user to be
> > > able to insert a USB-stick with a live Fedora 27 and then
> > > have everything just work on the GPD win.
> > > 
> > > To make this happen I will submit the nvram file from the
> > > Windows install on the GPDwin to linux-firmware as
> > > "brcmfmac4356--.txt"
> > > and yes I've checked that there are sensible values in
> > > the subsys ids.
> > 
> > I suppose the "nvram file from the Windows install" than has a
> > redistributable license?
> 
> IANAL but I fail to see how the contents of this file is
> anything but functional and as such not copyright-able.

We take licensing serious on linux-firmware, a IANAL is no excuse for
being sloppy.

> That at least is what I plan to put in the commit msg
> when submitting it to linux-firmware and then we will
> see from there.
> 
> > > So would you be willing to accept a brcmfmac patch
> > > trying such a post-fixed nvram filename first ?
> > 
> > It seems a sensible approach, but the devil is probably in the details.
> 
> Ok, I'll leave this on my todo list then. Expect a patch
> sometime in the future (but not really soon).

Either way I am convinced I can drop that patch then.

  Luis

Re: [PATCH v2 0/8] NFC: fix device allocation and nfcmrvl crashes

[Samuel Ortiz]

Hi Johan,

On Thu, Mar 30, 2017 at 12:15:34PM +0200, Johan Hovold wrote:
> This started out with the observation that the nfcmrvl_uart driver
> unconditionally dereferenced the tty class device despite the fact that
> not every tty has an associated struct device (Unix98 ptys). Some
> further changes were needed in the common nfcmrvl code to fully address
> this, some of which also incidentally fixed a few related bugs (e.g.
> resource leaks in error paths).
> 
> While fixing this I stumbled over a regression in NFC core that lead to
> broken registration error paths and misnamed workqueues.
> 
> Note that this has only been tested by configuring the n_hci line
> discipline for different ttys without any actual NFC hardware connected.
> 
> Johan
> 
> 
> Changes in v2
>  - fix typo in commit message (1/8)
>  - release reset gpio in error paths (3/8)
>  - fix description of patch impact (3/8)
>  - allow gpio 0 to be used for reset signalling (8/8, new)
> 
> 
> Johan Hovold (8):
>   NFC: fix broken device allocation
>   NFC: nfcmrvl_uart: add missing tty-device sanity check
>   NFC: nfcmrvl: do not use device-managed resources
>   NFC: nfcmrvl: use nfc-device for firmware download
>   NFC: nfcmrvl: fix firmware-management initialisation
>   NFC: nfcmrvl_uart: fix device-node leak during probe
>   NFC: nfcmrvl_usb: use interface as phy device
>   NFC: nfcmrvl: allow gpio 0 for reset signalling
Applied, thanks.

Cheers,
Samuel.

Re: [PATCH v5 0/9] NFC: trf7970a: Fixups & convert to desc-based GPIO

[Samuel Ortiz]

Hi Mark,

On Tue, Apr 25, 2017 at 03:43:47PM -0700, Mark Greer wrote:
> These trf7970a driver patches do the following things:
>  - add Mark Greer as the maintainer of the trf7970a driver
>  - some minor fixups
>  - remove support for 'vin-voltage-override' DT property
>  - change the DTS example to indicate that EN and EN2 are active high GPIOs
>  - convert the driver to use the descriptor-based GPIO interface
>  - apply Lindent coding style fixes
> 
> Based on nfc-next/master 4ea206395d3a ("nfc: fix get_unaligned_...() misuses")
> 
> v4->v5:
>  - Fixed whitespace issue in "NFC: trf7970a: Clean up coding style issues"
> 
> v3->v4:
>  - Rebased on nfc-next/master because patches in that branch conflict
>with the v3 version of this patch series.
>  - Removed "NFC: trf7970a: Don't manage EN2 when not specified in DT"
>because a similar patch has already been accepted.
>  - Added "NFC: trf7970a: Clean up coding style issues" because the reason
>I removed it in v3 no longer exists.
>  - Reordered the patches to make more sense (I think)
> 
> v2->v3:
>  - Removed "[PATCH v2 5/7] NFC: trf7970a: Clean up coding style issues"
>because it will make merging patches from Geoff Lansberry and others
>hard to apply.  I will resubmit once those patches have been merged
>or rejected.
>  - Added a patch to remove 'vin-voltage-override' DT property support as
>proper DT regulator set up makes it unnecessary.
> 
> v1->v2:
>  - Commit description fixups only; no functional changes.
> 
> Mark Greer (9):
>   MAINTAINERS: NFC: trf7970a: Add Mark Greer as maintainer
>   NFC: trf7970a: Don't de-assert EN2 unless it was asserted
>   NFC: trf7970a: Fix inaccurate comment in trf7970a_probe()
>   NFC: trf7970a: Only check 'en2-rf-quirk' if EN2 is specified
>   NFC: trf7970a: Remove useless comment
>   NFC: trf7970a: Remove support for 'vin-voltage-override' DT property
>   NFC: trf7970a: Enable pins are active high not active low
>   NFC: trf7970a: Convert to descriptor based GPIO interface
>   NFC: trf7970a: Clean up coding style issues
All patches applied to nfc-next, thanks.

Cheers,
Samuel.

[PATCH 2/2] arm64: dts: apq8016-sbc: Correct WLAN LED default-trigger

[Bjorn Andersson]

The TX status trigger of the wlan interface is named phy0tx, so this
updates the default-trigger for the WLAN LED to use that instead.

Signed-off-by: Bjorn Andersson 
---

Note that without patch 1/2 this trigger does not fire - but there's also no
harm in picking the two patches through separate trees.

 arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi 
b/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi
index 5d83b02b7c4a..21a8f5ce8955 100644
--- a/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi
+++ b/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi
@@ -178,7 +178,7 @@
led@5 {
label = "apq8016-sbc:yellow:wlan";
gpios = <_mpps 2 GPIO_ACTIVE_HIGH>;
-   linux,default-trigger = "wlan";
+   linux,default-trigger = "phy0tx";
default-state = "off";
};
 
-- 
2.12.0

[PATCH 1/2] wcn36xx: Pass used skb to ieee80211_tx_status()

[Bjorn Andersson]

As the tx skbs are collected they should be passed to
ieee80211_tx_status() rather than ieee80211_free_txskb(), as the prior
will take care of monitoring and LED triggers while the latter will
consider the skb dropped.

Signed-off-by: Bjorn Andersson 
---
 drivers/net/wireless/ath/wcn36xx/dxe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/wcn36xx/dxe.c 
b/drivers/net/wireless/ath/wcn36xx/dxe.c
index 87dfdaf9044c..938b7bd733cf 100644
--- a/drivers/net/wireless/ath/wcn36xx/dxe.c
+++ b/drivers/net/wireless/ath/wcn36xx/dxe.c
@@ -371,7 +371,7 @@ static void reap_tx_dxes(struct wcn36xx *wcn, struct 
wcn36xx_dxe_ch *ch)
info = IEEE80211_SKB_CB(ctl->skb);
if (!(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS)) {
/* Keep frame until TX status comes */
-   ieee80211_free_txskb(wcn->hw, ctl->skb);
+   ieee80211_tx_status(wcn->hw, ctl->skb);
}
spin_lock(>skb_lock);
if (wcn->queues_stopped) {
-- 
2.12.0

Re: ath6kl: assure headroom of skbuff is writable in .start_xmit()

[James Hughes]

On 26 April 2017 at 19:03, Arend Van Spriel
 wrote:
>
>
> On 26-4-2017 17:44, Steve deRosier wrote:
>> On Wed, Apr 26, 2017 at 1:53 AM, Kalle Valo  wrote:
>>> Arend Van Spriel  wrote:
 An issue was found brcmfmac driver in which a skbuff in .start_xmit()
 callback was actually cloned. So instead of checking for sufficient
 headroom it should also be writable. Hence use skb_cow_head() to
 check and expand the headroom appropriately.

 Signed-off-by: Arend van Spriel 
>>>
>>> Steve, would you have time to run a quick test with this?
>>>
>>> Patch set to Deferred.
>>>
>>
>> Happy to give it a quick spin on both of my platforms.
>>
>> @Arend: is there some demonstrable before/after that shows a problem I
>> can detect at runtime?  I understand your thought about putting a
>> skb_clone() in there, but what are the expectations?  And is any
>> problem evident without explicitly modding the code with the clone?
>
> Ok. So the root cause is explained in a email to netdev mailing list,
> but I can not find it. The sender was probably not a member. I will
> forward that email to you and cc: linux-wireless. Basically, you need to
> setup a bridge and run hostapd in bridged mode. Incoming multicast
> traffic will be cloned by bridge and sent all interfaces in the bridge.
> If more than one driver puts additional payload in the headroom they are
> basically mucking about in the same buffer space so packets probably
> never end up in the devices. In case of ath6kl the patch is in area
> where driver/device determines IP checksum if it is supported (if I am
> not mistaken). So not sure how easy it is to replicate without patching
> it for testing.
>
> Regards,
> Arend

That was me. The full mechanism can be seen on the Raspberry Pi github
issue tracker  here

https://github.com/raspberrypi/firmware/issues/673

In brief, when bridging between two devices, if both devices fail to
'unclone' then
header corruption could occur if both the devices made header changes
since they are
both looking at the same data.

The Pi has a smsc9x ethernet device and the Brcm Wireless chip - both
had the fault, so we
were getting corrupted headers, and eventual failure of ethernet.

The same fault appears in a large subset of drivers in my brief examinations.

James

Re: [PATCH V3 4/9] cfg80211: add request id to cfg80211_sched_scan_*() api

[Johannes Berg]

On Wed, 2017-04-26 at 20:18 +0200, Arend Van Spriel wrote:
> 
> I guess it is in you repo as I did not see anything related on the
> mailing list.

Yeah. But that should be up-to-date.

>  So regarding this rework, do you want me to send the
> series again or just this patch?

Just this single patch is fine.

johannes

Re: [RFC] cfg80211: add control port state to struct cfg80211_connect_resp_params

[Arend Van Spriel]

On 26-4-2017 9:20, Johannes Berg wrote:
> On Tue, 2017-04-25 at 20:56 +0200, Arend Van Spriel wrote:
>>
>> You might, but not about this ;-) The other approach I had in mind is
>> to only pass the flag for drivers with 4-way-hs support. In that case
>> wpa_supp also has to check that to determine whether the flag should
>> be taken into account. Assuming the driver supporting 4-way-hs can
>> provide the port state info. Otherwise, a new ext_feature flag would
>> be needed.
> 
> I think it's reasonable to assume 4-way-HS offload drivers can support
> it.

I tested the 4-way-hs (both Personal and 802.1X) with boolean parameter
similar to what is proposed in the patch for roaming "cfg80211/nl80211:
add authorized flag to roaming event" and it works fine. So I can extend
it for use in connect result. Just had one issue regarding the type, ie.
flag vs. u8 because of how things are done in wpa_supplicant supporting
QCA roam+auth vendor-specific event.

Regards,
Arend

Re: [PATCH 5/9] cfg80211/nl80211: add authorized flag to roaming event

[Arend Van Spriel]

+ Jouni

On 26-4-2017 12:05, Arend van Spriel wrote:
> Almost overlooked this one. Thanks for the hint, Johannes.
> 
> On 4/26/2017 9:58 AM, Luca Coelho wrote:
>> From: Avraham Stern 
>>
>> Drivers that initiate roaming while being connected to a network that
>> uses 802.1X authentication need to inform user space if 802.1X
>> authentication is further required after roaming.
>> For example, when using the Fast transition protocol, roaming within
>> the mobility domain does not require new 802.1X authentication, but
>> roaming to another mobility domain does.
> 
> Not sure about the terminology here. Is "mobility domain" the same as
> "ESS" which stands for extended service set as definced in 802.11
> standard. If so, I would prefer use of that term here.
> 
>> In addition, some drivers may not support 802.1X authentication
>> (so it has to be done in user space), while other drivers do.
>>
>> Add a flag to the roaming notification to indicate if user space is
>> required to do 802.1X authentication after the roaming or not.
>> This flag will only be used for networks that use 802.1X
>> authentication. For networks that do not use 802.1X authentication it
>> is assumed that no further action is required from user space after
>> the roaming notification.
>>
>> Signed-off-by: Avraham Stern 
>> Signed-off-by: Luca Coelho 
>> ---
>>   include/net/cfg80211.h   |  4 
>>   include/uapi/linux/nl80211.h | 14 ++
>>   net/wireless/nl80211.c   |  4 +++-
>>   net/wireless/sme.c   |  1 +
>>   4 files changed, 22 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
>> index 115f6fc5a34d..f9f4fde2dc09 100644
>> --- a/include/net/cfg80211.h
>> +++ b/include/net/cfg80211.h
>> @@ -5384,6 +5384,9 @@ cfg80211_connect_timeout(struct net_device *dev,
>> const u8 *bssid,
>>* @req_ie_len: association request IEs length
>>* @resp_ie: association response IEs (may be %NULL)
>>* @resp_ie_len: assoc response IEs length
>> + * @authorized: true if the 802.1X authentication was done by the
>> driver or is
>> + *not needed (e.g., when Fast Transition protocol was used), false
>> + *otherwise. Ignored for networks that don't use 802.1X
>> authentication.
> 
> It is not ignored in this patch so it is expected user-space behavior
> you are describing, which is not really needed here in cfg80211 driver api.
> 
>>*/
>>   struct cfg80211_roam_info {
>>   struct ieee80211_channel *channel;
>> @@ -5393,6 +5396,7 @@ struct cfg80211_roam_info {
>>   size_t req_ie_len;
>>   const u8 *resp_ie;
>>   size_t resp_ie_len;
>> +bool authorized;
>>   };
>> /**
>> diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
>> index 6095a6c4c412..7bdbce7c4147 100644
>> --- a/include/uapi/linux/nl80211.h
>> +++ b/include/uapi/linux/nl80211.h
>> @@ -546,6 +546,12 @@
>>*well to remain backwards compatible.
>>* @NL80211_CMD_ROAM: request that the card roam (currently not
>> implemented),
> 
> Do we want to keep this comment about the request scenario. Is it likely
> implemented soon/ever?
> 
>>*sent as an event when the card/driver roamed by itself.
>> + *When used as an event, and the driver roamed in a network that
>> requires
>> + *802.1X authentication, %NL80211_ATTR_CONNECTION_AUTHORIZED
>> should be set
>> + *if the 802.1X authentication was done by the driver or if
>> roaming was
>> + *done using Fast Transition protocol (in which case 802.1X
>> authentication
>> + *is not needed). If %NL80211_ATTR_CONNECTION_AUTHORIZED is not set,
>> + *user space is responsible for the 802.1X authentication.
> 
> Would you consider using NL80211_ATTR_PORT_AUTHORIZED instead referring
> to the 802.1X port entities.

In wpa_supplicant the function mlme_event_connect() is used to process
NL80211_CMD_CONNECT and NL80211_CMD_ROAM events. The latter is actually
used for processing QCA vendor specific event, which passes a nlattr
called authorized to the function. It is typed as u8:

if (authorized && nla_get_u8(authorized)) {
event.assoc_info.authorized = 1;
wpa_printf(MSG_DEBUG, "nl80211: connection authorized");
}

Not really a good argument, but choosing the same type for the new
attribute would make supporting it relatively easy.

Regards,
Arend

Re: [PATCH V3 4/9] cfg80211: add request id to cfg80211_sched_scan_*() api

[Arend Van Spriel]

On 26-4-2017 9:16, Johannes Berg wrote:
> On Fri, 2017-04-21 at 13:05 +0100, Arend van Spriel wrote:
>> Have proper request id filled in the SCHED_SCAN_RESULTS and
>> SCHED_SCAN_STOPPED notifications toward user-space by having the
>> driver provide it through the api.
>>
>> Reviewed-by: Hante Meuleman 
>> Reviewed-by: Pieter-Paul Giesberts > m>
>> Reviewed-by: Franky Lin 
> 
> All your reviewers aren't paying attention ;-)
> 
>> @@ -1722,6 +1723,7 @@ struct cfg80211_sched_scan_request {
>>  struct cfg80211_bss_select_adjust rssi_adjust;
>>  
>>  /* internal */
>> +struct work_struct results_wk;
>>  struct wiphy *wiphy;
>>  struct net_device *dev;
>>  unsigned long scan_start;
> 
> Superficially, this is fine - but you need to think hard about the
> semantics of when you cancel this work.
> 
>> +++ b/net/wireless/scan.c
>> @@ -369,15 +369,13 @@ void __cfg80211_sched_scan_results(struct
>> work_struct *wk)
>>  struct cfg80211_registered_device *rdev;
>>  struct cfg80211_sched_scan_request *request;
>>  
>> -rdev = container_of(wk, struct cfg80211_registered_device,
>> -sched_scan_results_wk);
>> +request = container_of(wk, struct
>> cfg80211_sched_scan_request, results_wk);
>> +rdev = wiphy_to_rdev(request->wiphy);
>>  
>>  rtnl_lock();
>>  
>> -request = cfg80211_find_sched_scan_req(rdev, 0);
>> -
>>  /* we don't have sched_scan_req anymore if the scan is
>> stopping */
> 
> That comment is kinda wrong now, afaict? Also you return 
> 
>> -if (!IS_ERR(request)) {
>> +if (request) {
> 
> This seems wrong - you do return an ERR_PTR() from find. Not that
> there's all that much point in doing so vs. returning NULL, might be
> worth cleaning it up.

Indeed. Not sure if it was me being sloppy/confused or due to rebasing
the patches. Anyway, I will fix this.

>> -void cfg80211_sched_scan_results(struct wiphy *wiphy)
>> +void cfg80211_sched_scan_results(struct wiphy *wiphy, u64 reqid)
>>  {
>> -struct cfg80211_registered_device *rdev =
>> wiphy_to_rdev(wiphy);
>>  struct cfg80211_sched_scan_request *request;
>>  
>> -trace_cfg80211_sched_scan_results(wiphy);
>> +trace_cfg80211_sched_scan_results(wiphy, reqid);
>>  /* ignore if we're not scanning */
>>  
>>  rtnl_lock();
>> -request = cfg80211_find_sched_scan_req(rdev, 0);
>> +request = cfg80211_find_sched_scan_req(wiphy_to_rdev(wiphy),
>> reqid);
>>  rtnl_unlock();
>>  
>>  if (!IS_ERR(request))
>> -queue_work(cfg80211_wq,
>> -   _to_rdev(wiphy)-
>>> sched_scan_results_wk);
>> +queue_work(cfg80211_wq, >results_wk);
>> +else
>> +wiphy_err(wiphy, "reqid %llu not found\n", reqid);
>>  }
> 
> This seems problematic - you use the request pointer outside the
> locking now. I'd move that rtnl_unlock() to afterwards. The message
> could also mention sched scan, that might be useful. Although I suspect
> that may happen due to races (e.g. netlink socket close vs. firmware
> stop) so maybe it's not all that useful.

When adding the worker in the request I was thinking about what might
happen between the queue_work and the work actually being scheduled.

> Most importantly though, you don't protect against queuing the work
> here, and then deleting the request. In the old case the comment that I
> pointed out above will save us, but in this new case it can't (the
> comment is now wrong), and that's a problem.
> 
> I looked briefly at this and I suspect it will be very hard to fix that
> with a per-request work struct. It might be better to have a per-work
> status flag that you set here, then you schedule the global work, and
> that global work will send all the appropriate result messages after
> clearing the status bit again, similar to what I did with the netlink
> destroy now.

I guess it is in you repo as I did not see anything related on the
mailing list. So regarding this rework, do you want me to send the
series again or just this patch?

Regards,
Arend

Fwd: Question on drivers using skb_unclone

[Arend Van Spriel]

Hi Steve,

Here the email which hopefully provides enough context.

Regards,
Arend

 Forwarded Message 
Subject:Question on drivers using skb_unclone
Date:   Fri, 14 Apr 2017 10:03:01 +0100
From:   James Hughes 
To: net...@vger.kernel.org
CC: unglinuxdri...@microchip.com, brcm80211-dev-list@broadcom.com



Netdevs,

We have recently got to the bottom of an issue which we have been
encountering on a Raspberry Pi being used as an access point, and we
need a bit of advice on the correct way of fixing the issue.

The set up is a Raspberry Pi 3 running hostapd on its inbuilt wireless
adaptor (Brcm43438 ), bridged to the built in ethernet adaptor
(smsc9514). Using the standard drivers for these devices as of 4.9
(looking at 4.11, no changes noted that would affect the issue).

We were encountering an error in the Brcm Wireless driver that after
investigation was a skb_buff being corrupted by an action in the smsc
Ethernet driver. Further digging shows that the bridge was cloning an
incoming skb from the Ethernet, then sending it out to both the Ethernet
and wlan ports. This mean that both the Ethernet driver and the wireless
driver were looking at the same physical data, and one or both were
altering that data in different way (varied headers) , which mean that
headers were corrupted. This was only happening on broadcast packets.

We can fix the issue by, in the drivers, by using skb_unclone in
appropriate places in the driver.

So now to the questions. Is adding the unclone to the drivers the
correct way of dealing with this issue? Examining other drivers shows
that unclone is not particularly common, presumably in many cases, where
the driver does not alter the skb, it doesn't matter. However, in any
case where a driver may add header information to the skb (as is the
case with the Brcm wireless driver), when the incoming skb has been
cloned, the results must surely be undetermined unless an unclone is
performed.

Or, is the bridging code making a mistake by cloning the skb and passing
it to multiple recipients.


Thanks

James Hughes
Raspberry Pi

Re: ath6kl: assure headroom of skbuff is writable in .start_xmit()

[Arend Van Spriel]

On 26-4-2017 17:44, Steve deRosier wrote:
> On Wed, Apr 26, 2017 at 1:53 AM, Kalle Valo  wrote:
>> Arend Van Spriel  wrote:
>>> An issue was found brcmfmac driver in which a skbuff in .start_xmit()
>>> callback was actually cloned. So instead of checking for sufficient
>>> headroom it should also be writable. Hence use skb_cow_head() to
>>> check and expand the headroom appropriately.
>>>
>>> Signed-off-by: Arend van Spriel 
>>
>> Steve, would you have time to run a quick test with this?
>>
>> Patch set to Deferred.
>>
> 
> Happy to give it a quick spin on both of my platforms.
> 
> @Arend: is there some demonstrable before/after that shows a problem I
> can detect at runtime?  I understand your thought about putting a
> skb_clone() in there, but what are the expectations?  And is any
> problem evident without explicitly modding the code with the clone?

Ok. So the root cause is explained in a email to netdev mailing list,
but I can not find it. The sender was probably not a member. I will
forward that email to you and cc: linux-wireless. Basically, you need to
setup a bridge and run hostapd in bridged mode. Incoming multicast
traffic will be cloned by bridge and sent all interfaces in the bridge.
If more than one driver puts additional payload in the headroom they are
basically mucking about in the same buffer space so packets probably
never end up in the devices. In case of ath6kl the patch is in area
where driver/device determines IP checksum if it is supported (if I am
not mistaken). So not sure how easy it is to replicate without patching
it for testing.

Regards,
Arend

Re: [PATCH] NFC: trf7970a: Correct register settings for 27MHz clock

[Mark Greer]

On Wed, Apr 26, 2017 at 09:48:33AM -0400, Geoff Lansberry wrote:
> In prior commits the selected clock frequency does not propagate
> correctly to what is written the the TRF7970A_MODULATOR_SYS_CLK_CTRL
> register.
> Also fixes a bug that causes the device tree property check to always
> pass.
> 
> Signed-off-by: Geoff Lansberry 
> ---
>  drivers/nfc/trf7970a.c | 9 -
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c
> index 2d1c8ca..c278b0e 100644
> --- a/drivers/nfc/trf7970a.c
> +++ b/drivers/nfc/trf7970a.c
> @@ -2071,7 +2071,7 @@ static int trf7970a_probe(struct spi_device *spi)
>   }
>  
>   of_property_read_u32(np, "clock-frequency", _freq);
> - if ((clk_freq != TRF7970A_27MHZ_CLOCK_FREQUENCY) ||
> + if ((clk_freq != TRF7970A_27MHZ_CLOCK_FREQUENCY) &&

There is already a patch submitted to fix this issue so no need to fix
it again.  For the record, it should have been in a separate patch
since it fixes a different issue than what is fixed below.

>   (clk_freq != TRF7970A_13MHZ_CLOCK_FREQUENCY)) {
>   dev_err(trf->dev,
>   "clock-frequency (%u Hz) unsupported\n",
> @@ -2079,6 +2079,13 @@ static int trf7970a_probe(struct spi_device *spi)
>   return -EINVAL;
>   }
>  
> + if (clk_freq == TRF7970A_27MHZ_CLOCK_FREQUENCY) {
> + trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_27MHZ;
> + dev_dbg(trf->dev, "trf7970a configured for 27MHz crystal\n");
> + } else {
> + trf->modulator_sys_clk_ctrl = 0;
> + }
> +
>   if (of_property_read_bool(np, "en2-rf-quirk"))
>   trf->quirks |= TRF7970A_QUIRK_EN2_MUST_STAY_LOW;

This part looks okay to me but I like Walter's suggestion too.

Mark
--

[mac80211-next:master 3/12] htmldocs: include/net/cfg80211.h:4063: warning: No description found for parameter 'nl_owner_dead'

[kbuild test robot]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git 
master
head:   3e451b15ec3c6560b81875cb85b19f807258f8d7
commit: 3a565a1318a18fd2b7554b6e0b9846cc3fb68c67 [3/12] cfg80211: simplify 
netlink socket owner interface deletion
reproduce: make htmldocs

All warnings (new ones prefixed by >>):

>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'
>> include/net/cfg80211.h:4063: warning: No description found for parameter 
>> 'nl_owner_dead'

vim +/nl_owner_dead +4063 include/net/cfg80211.h

3d23e349d Johannes Berg 2009-09-29  4047  #ifdef CONFIG_CFG80211_WEXT
d32365537 Johannes Berg 2009-04-20  4048/* wext data */
cbe8fa9c5 Johannes Berg 2009-05-09  4049struct {
cbe8fa9c5 Johannes Berg 2009-05-09  4050struct 
cfg80211_ibss_params ibss;
f21293549 Johannes Berg 2009-07-01  4051struct 
cfg80211_connect_params connect;
fffd0934b Johannes Berg 2009-07-08  4052struct 
cfg80211_cached_keys *keys;
c1e5f4714 Johannes Berg 2014-05-19  4053const u8 *ie;
f21293549 Johannes Berg 2009-07-01  4054size_t ie_len;
f401a6f7e Johannes Berg 2009-08-07  4055u8 bssid[ETH_ALEN], 
prev_bssid[ETH_ALEN];
f21293549 Johannes Berg 2009-07-01  4056u8 
ssid[IEEE80211_MAX_SSID_LEN];
08645126d Johannes Berg 2009-05-11  4057s8 default_key, 
default_mgmt_key;
ffb9eb3d8 Kalle Valo2010-02-17  4058bool prev_bssid_valid;
cbe8fa9c5 Johannes Berg 2009-05-09  4059} wext;
d32365537 Johannes Berg 2009-04-20  4060  #endif
4a4b81695 Andrew Zaborowski 2017-02-10  4061  
4a4b81695 Andrew Zaborowski 2017-02-10  4062struct cfg80211_cqm_config 
*cqm_config;
d32365537 Johannes Berg 2009-04-20 @4063  };
d32365537 Johannes Berg 2009-04-20  4064  
98104fded Johannes Berg 2012-06-16  4065  static inline u8 
*wdev_address(struct wireless_dev *wdev)
98104fded Johannes Berg 2012-06-16  4066  {
98104fded Johannes Berg 2012-06-16  4067if (wdev->netdev)
98104fded Johannes Berg 2012-06-16  4068return 
wdev->netdev->dev_addr;
98104fded Johannes Berg 2012-06-16  4069return wdev->address;
98104fded Johannes Berg 2012-06-16  4070  }
98104fded Johannes Berg 2012-06-16  4071  

:: The code at line 4063 was first introduced by commit
:: d323655372590c533c275b1d798f9d1221efb5c6 cfg80211: clean up includes

:: TO: Johannes Berg 
:: CC: John W. Linville 

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: application/gzip

Re: ath6kl: assure headroom of skbuff is writable in .start_xmit()

[Steve deRosier]

On Wed, Apr 26, 2017 at 1:53 AM, Kalle Valo  wrote:
> Arend Van Spriel  wrote:
>> An issue was found brcmfmac driver in which a skbuff in .start_xmit()
>> callback was actually cloned. So instead of checking for sufficient
>> headroom it should also be writable. Hence use skb_cow_head() to
>> check and expand the headroom appropriately.
>>
>> Signed-off-by: Arend van Spriel 
>
> Steve, would you have time to run a quick test with this?
>
> Patch set to Deferred.
>

Happy to give it a quick spin on both of my platforms.

@Arend: is there some demonstrable before/after that shows a problem I
can detect at runtime?  I understand your thought about putting a
skb_clone() in there, but what are the expectations?  And is any
problem evident without explicitly modding the code with the clone?

- Steve

Re: [PATCH] ath10k : Fix channel survey dump

[Felix Fietkau]

On 2017-04-26 16:41, Venkateswara Rao Naralasetty wrote:
> Channel active/busy time are showing incorrect
> (less than previous or sometimes zero) for
> successive survey dump command.
> 
> example:
> Survey data from wlan0
> frequency:  5180 MHz [in use]
> channel active time:54995 ms
> channel busy time:  432 ms
> channel receive time:   0 ms
> channel transmit time:  59 ms
> Survey data from wlan0
> frequency:  5180 MHz [in use]
> channel active time:32592 ms
> channel busy time:  254 ms
> channel receive time:   0 ms
> channel transmit time:  0 ms
> 
> This patch fix this issue by assigning 'wmi_bss_survey_req_type'
> as 'WMI_BSS_SURVEY_REQ_TYPE_READ'.
> 
> Firmware ver 10.4-3.4-00082
> Hardware QCA4019
> 
> Signed-off-by: Venkateswara Rao Naralasetty 
> ---
>  drivers/net/wireless/ath/ath10k/mac.c |2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/wireless/ath/ath10k/mac.c 
> b/drivers/net/wireless/ath/ath10k/mac.c
> index 9977829..87a9b55 100644
> --- a/drivers/net/wireless/ath/ath10k/mac.c
> +++ b/drivers/net/wireless/ath/ath10k/mac.c
> @@ -6621,7 +6621,7 @@ static void ath10k_reconfig_complete(struct 
> ieee80211_hw *hw,
> struct ieee80211_channel *channel)
>  {
>   int ret;
> - enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ_CLEAR;
> + enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
Does the firmware read the registers directly, or does it accumulate the
results in a way that can't overflow?
If you don't clear the counters on reset, the overflow will be
problematic for the current-channel stats.
I think a better approach would be to use READ_CLEAR for in-use channels
and store the sum inside the driver.

- Felix

[PATCH 1/5] mac80211: make rate control tx status API more extensible

[Felix Fietkau]

Rename .tx_status_noskb to .tx_status_ext and pass a new on-stack
struct ieee80211_tx_status instead of struct ieee80211_tx_info.

This struct can be used to pass extra information, e.g. for dynamic tx
power control

Signed-off-by: Felix Fietkau 
---
 include/net/mac80211.h | 20 +
 net/mac80211/rate.c| 22 +++
 net/mac80211/rate.h| 44 +++---
 net/mac80211/rc80211_minstrel.c|  6 +++---
 net/mac80211/rc80211_minstrel_ht.c | 10 -
 net/mac80211/status.c  | 11 --
 6 files changed, 58 insertions(+), 55 deletions(-)

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index b1ac872dc88a..380700e61d3b 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -949,6 +949,19 @@ struct ieee80211_tx_info {
 };
 
 /**
+ * struct ieee80211_tx_status - extended tx staus info for rate control
+ *
+ * @sta: Station that the packet was transmitted for
+ * @info: Basic tx status information
+ * @skb: Packet skb (can be NULL if not provided by the driver)
+ */
+struct ieee80211_tx_status {
+   struct ieee80211_sta *sta;
+   struct ieee80211_tx_info *info;
+   struct sk_buff *skb;
+};
+
+/**
  * struct ieee80211_scan_ies - descriptors for different blocks of IEs
  *
  * This structure is used to point to different blocks of IEs in HW scan
@@ -5476,10 +5489,9 @@ struct rate_control_ops {
void (*free_sta)(void *priv, struct ieee80211_sta *sta,
 void *priv_sta);
 
-   void (*tx_status_noskb)(void *priv,
-   struct ieee80211_supported_band *sband,
-   struct ieee80211_sta *sta, void *priv_sta,
-   struct ieee80211_tx_info *info);
+   void (*tx_status_ext)(void *priv,
+ struct ieee80211_supported_band *sband,
+ void *priv_sta, struct ieee80211_tx_status *st);
void (*tx_status)(void *priv, struct ieee80211_supported_band *sband,
  struct ieee80211_sta *sta, void *priv_sta,
  struct sk_buff *skb);
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 9d7a1cd949fb..b387c07b8b47 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -62,6 +62,28 @@ void rate_control_rate_init(struct sta_info *sta)
set_sta_flag(sta, WLAN_STA_RATE_CONTROL);
 }
 
+void rate_control_tx_status(struct ieee80211_local *local,
+   struct ieee80211_supported_band *sband,
+   struct ieee80211_tx_status *st)
+{
+   struct rate_control_ref *ref = local->rate_ctrl;
+   struct sta_info *sta = container_of(st->sta, struct sta_info, sta);
+   void *priv_sta = sta->rate_ctrl_priv;
+
+   if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
+   return;
+
+   spin_lock_bh(>rate_ctrl_lock);
+   if (ref->ops->tx_status_ext)
+   ref->ops->tx_status_ext(ref->priv, sband, priv_sta, st);
+   else if (st->skb)
+   ref->ops->tx_status(ref->priv, sband, st->sta, priv_sta, 
st->skb);
+   else
+   WARN_ON_ONCE(1);
+
+   spin_unlock_bh(>rate_ctrl_lock);
+}
+
 void rate_control_rate_update(struct ieee80211_local *local,
struct ieee80211_supported_band *sband,
struct sta_info *sta, u32 changed)
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index f7825ef5f871..8212bfeb71d6 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -28,47 +28,9 @@ void rate_control_get_rate(struct ieee80211_sub_if_data 
*sdata,
   struct sta_info *sta,
   struct ieee80211_tx_rate_control *txrc);
 
-static inline void rate_control_tx_status(struct ieee80211_local *local,
- struct ieee80211_supported_band 
*sband,
- struct sta_info *sta,
- struct sk_buff *skb)
-{
-   struct rate_control_ref *ref = local->rate_ctrl;
-   struct ieee80211_sta *ista = >sta;
-   void *priv_sta = sta->rate_ctrl_priv;
-   struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
-
-   if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
-   return;
-
-   spin_lock_bh(>rate_ctrl_lock);
-   if (ref->ops->tx_status)
-   ref->ops->tx_status(ref->priv, sband, ista, priv_sta, skb);
-   else
-   ref->ops->tx_status_noskb(ref->priv, sband, ista, priv_sta, 
info);
-   spin_unlock_bh(>rate_ctrl_lock);
-}
-
-static inline void
-rate_control_tx_status_noskb(struct ieee80211_local *local,
-struct ieee80211_supported_band *sband,
-struct sta_info *sta,
-struct 

[PATCH 5/5] mac80211: add txpower to the new tx_status_ext

[Felix Fietkau]

From: Thomas Huehn 

To use the per rate information about which txpower level was
used for a successful or unsuccessful transmission, this new
tx power per multi-rate retry rate annotation in the tx status
path is needed.

Signed-off-by: Thomas Huehn 
---
 include/net/mac80211.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index d29702601333..bd28c81bc515 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -959,11 +959,13 @@ struct ieee80211_tx_info {
  * @sta: Station that the packet was transmitted for
  * @info: Basic tx status information
  * @skb: Packet skb (can be NULL if not provided by the driver)
+ * @txpower: Txpower per rate status information
  */
 struct ieee80211_tx_status {
struct ieee80211_sta *sta;
struct ieee80211_tx_info *info;
struct sk_buff *skb;
+   s8 txpower[IEEE80211_TX_MAX_RATES];
 };
 
 /**
-- 
2.11.0

[PATCH 3/5] mac80211: add ieee80211_tx_status_ext

[Felix Fietkau]

This allows the driver to pass in struct ieee80211_tx_status directly.
Make ieee80211_tx_status_noskb a wrapper around it.

As with ieee80211_tx_status_noskb, there is no _ni variant of this call,
because it probably won't be needed.

Even if the driver won't provide any extra status info other than what's
in struct ieee80211_tx_info already, it can optimize status reporting
this way by passing in the station pointer.

Signed-off-by: Felix Fietkau 
---
 include/net/mac80211.h | 30 ++--
 net/mac80211/status.c  | 74 +++---
 2 files changed, 73 insertions(+), 31 deletions(-)

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 380700e61d3b..1b81f0c90068 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -4219,6 +4219,23 @@ void ieee80211_tx_status(struct ieee80211_hw *hw,
 struct sk_buff *skb);
 
 /**
+ * ieee80211_tx_status_ext - extended transmit status callback
+ *
+ * This function can be used as a replacement for ieee80211_tx_status
+ * in drivers that may want to provide extra information that does not
+ * fit into  ieee80211_tx_info.
+ *
+ * Calls to this function for a single hardware must be synchronized
+ * against each other. Calls to this function, ieee80211_tx_status_ni()
+ * and ieee80211_tx_status_irqsafe() may not be mixed for a single hardware.
+ *
+ * @hw: the hardware the frame was transmitted by
+ * @status: tx status information
+ */
+void ieee80211_tx_status_ext(struct ieee80211_hw *hw,
+struct ieee80211_tx_status *status);
+
+/**
  * ieee80211_tx_status_noskb - transmit status callback without skb
  *
  * This function can be used as a replacement for ieee80211_tx_status
@@ -4234,9 +4251,16 @@ void ieee80211_tx_status(struct ieee80211_hw *hw,
  * (NULL for multicast packets)
  * @info: tx status information
  */
-void ieee80211_tx_status_noskb(struct ieee80211_hw *hw,
-  struct ieee80211_sta *sta,
-  struct ieee80211_tx_info *info);
+static inline void ieee80211_tx_status_noskb(struct ieee80211_hw *hw,
+struct ieee80211_sta *sta,
+struct ieee80211_tx_info *info)
+{
+   struct ieee80211_tx_status status = {};
+
+   status.sta = sta;
+   status.info = info;
+   ieee80211_tx_status_ext(hw, );
+}
 
 /**
  * ieee80211_tx_status_ni - transmit status callback (in process context)
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 2b3f02f56db3..35b226ac2fee 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -688,16 +688,16 @@ void ieee80211_tx_monitor(struct ieee80211_local *local, 
struct sk_buff *skb,
dev_kfree_skb(skb);
 }
 
-void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
+static void __ieee80211_tx_status(struct ieee80211_hw *hw,
+ struct ieee80211_tx_status *status)
 {
+   struct sk_buff *skb = status->skb;
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
struct ieee80211_local *local = hw_to_local(hw);
-   struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
-   struct ieee80211_tx_status status = {};
+   struct ieee80211_tx_info *info = status->info;
+   struct sta_info *sta;
__le16 fc;
struct ieee80211_supported_band *sband;
-   struct rhlist_head *tmp;
-   struct sta_info *sta;
int retry_count;
int rates_idx;
bool send_to_cooked;
@@ -708,16 +708,11 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct 
sk_buff *skb)
 
rates_idx = ieee80211_tx_get_rates(hw, info, _count);
 
-   rcu_read_lock();
-
sband = local->hw.wiphy->bands[info->band];
fc = hdr->frame_control;
 
-   for_each_sta_info(local, hdr->addr1, sta, tmp) {
-   /* skip wrong virtual interface */
-   if (!ether_addr_equal(hdr->addr2, sta->sdata->vif.addr))
-   continue;
-
+   if (status->sta) {
+   sta = container_of(status->sta, struct sta_info, sta);
shift = ieee80211_vif_get_shift(>sdata->vif);
 
if (info->flags & IEEE80211_TX_STATUS_EOSP)
@@ -737,7 +732,6 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct 
sk_buff *skb)
 * that this TX packet failed because of that.
 */
ieee80211_handle_filtered_frame(local, sta, skb);
-   rcu_read_unlock();
return;
}
 
@@ -787,7 +781,6 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct 
sk_buff *skb)
 
if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
ieee80211_handle_filtered_frame(local, sta, skb);
-   rcu_read_unlock();
   

[PATCH 2/5] mac80211: move ieee80211_tx_status_noskb below ieee80211_tx_status

[Felix Fietkau]

Makes further cleanups more readable

Signed-off-by: Felix Fietkau 
---
 net/mac80211/status.c | 116 +-
 1 file changed, 58 insertions(+), 58 deletions(-)

diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index e655b3abb84a..2b3f02f56db3 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -631,64 +631,6 @@ static int ieee80211_tx_get_rates(struct ieee80211_hw *hw,
return rates_idx;
 }
 
-void ieee80211_tx_status_noskb(struct ieee80211_hw *hw,
-  struct ieee80211_sta *pubsta,
-  struct ieee80211_tx_info *info)
-{
-   struct ieee80211_local *local = hw_to_local(hw);
-   struct ieee80211_supported_band *sband;
-   struct ieee80211_tx_status status = {};
-   int retry_count;
-   bool acked, noack_success;
-
-   ieee80211_tx_get_rates(hw, info, _count);
-
-   sband = hw->wiphy->bands[info->band];
-
-   acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
-   noack_success = !!(info->flags & IEEE80211_TX_STAT_NOACK_TRANSMITTED);
-
-   if (pubsta) {
-   struct sta_info *sta;
-
-   sta = container_of(pubsta, struct sta_info, sta);
-
-   if (!acked)
-   sta->status_stats.retry_failed++;
-   sta->status_stats.retry_count += retry_count;
-
-   if (acked) {
-   sta->status_stats.last_ack = jiffies;
-
-   if (sta->status_stats.lost_packets)
-   sta->status_stats.lost_packets = 0;
-
-   /* Track when last TDLS packet was ACKed */
-   if (test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH))
-   sta->status_stats.last_tdls_pkt_time = jiffies;
-   } else {
-   ieee80211_lost_packet(sta, info);
-   }
-
-   status.sta = pubsta;
-   status.info = info;
-   rate_control_tx_status(local, sband, );
-   }
-
-   if (acked || noack_success) {
-   I802_DEBUG_INC(local->dot11TransmittedFrameCount);
-   if (!pubsta)
-   
I802_DEBUG_INC(local->dot11MulticastTransmittedFrameCount);
-   if (retry_count > 0)
-   I802_DEBUG_INC(local->dot11RetryCount);
-   if (retry_count > 1)
-   I802_DEBUG_INC(local->dot11MultipleRetryCount);
-   } else {
-   I802_DEBUG_INC(local->dot11FailedCount);
-   }
-}
-EXPORT_SYMBOL(ieee80211_tx_status_noskb);
-
 void ieee80211_tx_monitor(struct ieee80211_local *local, struct sk_buff *skb,
  struct ieee80211_supported_band *sband,
  int retry_count, int shift, bool send_to_cooked)
@@ -959,6 +901,64 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct 
sk_buff *skb)
 }
 EXPORT_SYMBOL(ieee80211_tx_status);
 
+void ieee80211_tx_status_noskb(struct ieee80211_hw *hw,
+  struct ieee80211_sta *pubsta,
+  struct ieee80211_tx_info *info)
+{
+   struct ieee80211_local *local = hw_to_local(hw);
+   struct ieee80211_supported_band *sband;
+   struct ieee80211_tx_status status = {};
+   int retry_count;
+   bool acked, noack_success;
+
+   ieee80211_tx_get_rates(hw, info, _count);
+
+   sband = hw->wiphy->bands[info->band];
+
+   acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
+   noack_success = !!(info->flags & IEEE80211_TX_STAT_NOACK_TRANSMITTED);
+
+   if (pubsta) {
+   struct sta_info *sta;
+
+   sta = container_of(pubsta, struct sta_info, sta);
+
+   if (!acked)
+   sta->status_stats.retry_failed++;
+   sta->status_stats.retry_count += retry_count;
+
+   if (acked) {
+   sta->status_stats.last_ack = jiffies;
+
+   if (sta->status_stats.lost_packets)
+   sta->status_stats.lost_packets = 0;
+
+   /* Track when last TDLS packet was ACKed */
+   if (test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH))
+   sta->status_stats.last_tdls_pkt_time = jiffies;
+   } else {
+   ieee80211_lost_packet(sta, info);
+   }
+
+   status.sta = pubsta;
+   status.info = info;
+   rate_control_tx_status(local, sband, );
+   }
+
+   if (acked || noack_success) {
+   I802_DEBUG_INC(local->dot11TransmittedFrameCount);
+   if (!pubsta)
+   
I802_DEBUG_INC(local->dot11MulticastTransmittedFrameCount);
+   if (retry_count > 0)
+   I802_DEBUG_INC(local->dot11RetryCount);
+   if (retry_count > 1)
+   

[PATCH 4/5] mac80211: add per-packet transmit power to rate tables

[Felix Fietkau]

This will be used to allow rate control to control per-packet tx power.
Since cb space is tight and minstrel/minstrel_ht uses
info->control.rates only for the sampling rate, the tx power field in
info->control refers to the first rate attempt entry only.

Transmit power for the selected best rate set is stored in struct
ieee80211_sta_rates.

Signed-off-by: Felix Fietkau 
Signed-off-by: Thomas Huehn 
---
 include/net/mac80211.h | 10 --
 net/mac80211/rate.c|  2 ++
 net/mac80211/rc80211_minstrel.c|  9 +
 net/mac80211/rc80211_minstrel_ht.c |  8 
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 1b81f0c90068..d29702601333 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -901,7 +901,12 @@ struct ieee80211_tx_info {
u8 use_cts_prot:1;
u8 short_preamble:1;
u8 skip_table:1;
-   /* 2 bytes free */
+
+   /* txpower field refers to the first
+* entry of rates only (if present).
+*/
+   s8 txpower;
+   /* 1 byte free */
};
/* only needed before rate control */
unsigned long jiffies;
@@ -1733,13 +1738,14 @@ enum ieee80211_sta_rx_bandwidth {
  * struct ieee80211_sta_rates - station rate selection table
  *
  * @rcu_head: RCU head used for freeing the table on update
- * @rate: transmit rates/flags to be used by default.
+ * @rate: transmit rates/power/flags to be used by default.
  * Overriding entries per-packet is possible by using cb tx control.
  */
 struct ieee80211_sta_rates {
struct rcu_head rcu_head;
struct {
s8 idx;
+   s8 txpower;
u8 count;
u8 count_cts;
u8 count_rts;
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index b387c07b8b47..394e36570047 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -899,6 +899,8 @@ void rate_control_get_rate(struct ieee80211_sub_if_data 
*sdata,
info->control.rates[i].count = 0;
}
 
+   info->control.txpower = sdata->vif.bss_conf.txpower;
+
if (ieee80211_hw_check(>local->hw, HAS_RATE_CONTROL))
return;
 
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 9766c1cc4b0a..8b82a72b1f01 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -52,6 +52,7 @@
 #include 
 #include 
 #include 
+#include "sta_info.h"
 #include "rate.h"
 #include "rc80211_minstrel.h"
 
@@ -125,12 +126,20 @@ static void
 minstrel_update_rates(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
 {
struct ieee80211_sta_rates *ratetbl;
+   struct sta_info *sta;
+   s8 txpower;
int i = 0;
 
+   sta = container_of(mi->sta, struct sta_info, sta);
+   txpower = sta->sdata->vif.bss_conf.txpower;
+
ratetbl = kzalloc(sizeof(*ratetbl), GFP_ATOMIC);
if (!ratetbl)
return;
 
+   for (i = 0; i < ARRAY_SIZE(ratetbl->rate); i++)
+   ratetbl->rate[i].txpower = txpower;
+
/* Start with max_tp_rate */
minstrel_set_rate(mi, ratetbl, i++, mi->max_tp_rate[0]);
 
diff --git a/net/mac80211/rc80211_minstrel_ht.c 
b/net/mac80211/rc80211_minstrel_ht.c
index 4a5bdad9f303..c52c546cce57 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -921,12 +921,20 @@ static void
 minstrel_ht_update_rates(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
 {
struct ieee80211_sta_rates *rates;
+   struct sta_info *sta;
+   s8 txpower;
int i = 0;
 
+   sta = container_of(mi->sta, struct sta_info, sta);
+   txpower = sta->sdata->vif.bss_conf.txpower;
+
rates = kzalloc(sizeof(*rates), GFP_ATOMIC);
if (!rates)
return;
 
+   for (i = 0; i < ARRAY_SIZE(rates->rate); i++)
+   rates->rate[i].txpower = txpower;
+
/* Start with max_tp_rate[0] */
minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate[0]);
 
-- 
2.11.0

[PATCH] ath10k : Fix channel survey dump

[Venkateswara Rao Naralasetty]

Channel active/busy time are showing incorrect
(less than previous or sometimes zero) for
successive survey dump command.

example:
Survey data from wlan0
frequency:  5180 MHz [in use]
channel active time:54995 ms
channel busy time:  432 ms
channel receive time:   0 ms
channel transmit time:  59 ms
Survey data from wlan0
frequency:  5180 MHz [in use]
channel active time:32592 ms
channel busy time:  254 ms
channel receive time:   0 ms
channel transmit time:  0 ms

This patch fix this issue by assigning 'wmi_bss_survey_req_type'
as 'WMI_BSS_SURVEY_REQ_TYPE_READ'.

Firmware ver 10.4-3.4-00082
Hardware QCA4019

Signed-off-by: Venkateswara Rao Naralasetty 
---
 drivers/net/wireless/ath/ath10k/mac.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath10k/mac.c 
b/drivers/net/wireless/ath/ath10k/mac.c
index 9977829..87a9b55 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -6621,7 +6621,7 @@ static void ath10k_reconfig_complete(struct ieee80211_hw 
*hw,
  struct ieee80211_channel *channel)
 {
int ret;
-   enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ_CLEAR;
+   enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
 
lockdep_assert_held(>conf_mutex);
 
-- 
1.7.9.5

Re: [PATCH] NFC: trf7970a: Correct register settings for 27MHz clock

[walter harms]

Am 26.04.2017 15:48, schrieb Geoff Lansberry:
> In prior commits the selected clock frequency does not propagate
> correctly to what is written the the TRF7970A_MODULATOR_SYS_CLK_CTRL
> register.
> Also fixes a bug that causes the device tree property check to always
> pass.
> 
> Signed-off-by: Geoff Lansberry 
> ---
>  drivers/nfc/trf7970a.c | 9 -
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c
> index 2d1c8ca..c278b0e 100644
> --- a/drivers/nfc/trf7970a.c
> +++ b/drivers/nfc/trf7970a.c
> @@ -2071,7 +2071,7 @@ static int trf7970a_probe(struct spi_device *spi)
>   }
>  
>   of_property_read_u32(np, "clock-frequency", _freq);
> - if ((clk_freq != TRF7970A_27MHZ_CLOCK_FREQUENCY) ||
> + if ((clk_freq != TRF7970A_27MHZ_CLOCK_FREQUENCY) &&
>   (clk_freq != TRF7970A_13MHZ_CLOCK_FREQUENCY)) {
>   dev_err(trf->dev,
>   "clock-frequency (%u Hz) unsupported\n",
> @@ -2079,6 +2079,13 @@ static int trf7970a_probe(struct spi_device *spi)
>   return -EINVAL;
>   }
>  
> + if (clk_freq == TRF7970A_27MHZ_CLOCK_FREQUENCY) {
> + trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_27MHZ;
> + dev_dbg(trf->dev, "trf7970a configured for 27MHz crystal\n");
> + } else {
> + trf->modulator_sys_clk_ctrl = 0;
> + }
> +


I am a fan of defensive programming and would move do:
trf->modulator_sys_clk_ctrl = 0;
if (clk_freq == TRF7970A_27MHZ_CLOCK_FREQUENCY) {
trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_27MHZ;
dev_dbg(trf->dev, "trf7970a configured for 27MHz crystal\n");
}

perhaps using a switch/case here is appropriate IMHO a border case for 2 case
but would make the init code more clear.

just my 2 cents,

re,
 wh

>   if (of_property_read_bool(np, "en2-rf-quirk"))
>   trf->quirks |= TRF7970A_QUIRK_EN2_MUST_STAY_LOW;
>  

[PATCH] NFC: trf7970a: Correct register settings for 27MHz clock

[Geoff Lansberry]

In prior commits the selected clock frequency does not propagate
correctly to what is written the the TRF7970A_MODULATOR_SYS_CLK_CTRL
register.
Also fixes a bug that causes the device tree property check to always
pass.

Signed-off-by: Geoff Lansberry 
---
 drivers/nfc/trf7970a.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c
index 2d1c8ca..c278b0e 100644
--- a/drivers/nfc/trf7970a.c
+++ b/drivers/nfc/trf7970a.c
@@ -2071,7 +2071,7 @@ static int trf7970a_probe(struct spi_device *spi)
}
 
of_property_read_u32(np, "clock-frequency", _freq);
-   if ((clk_freq != TRF7970A_27MHZ_CLOCK_FREQUENCY) ||
+   if ((clk_freq != TRF7970A_27MHZ_CLOCK_FREQUENCY) &&
(clk_freq != TRF7970A_13MHZ_CLOCK_FREQUENCY)) {
dev_err(trf->dev,
"clock-frequency (%u Hz) unsupported\n",
@@ -2079,6 +2079,13 @@ static int trf7970a_probe(struct spi_device *spi)
return -EINVAL;
}
 
+   if (clk_freq == TRF7970A_27MHZ_CLOCK_FREQUENCY) {
+   trf->modulator_sys_clk_ctrl = TRF7970A_MODULATOR_27MHZ;
+   dev_dbg(trf->dev, "trf7970a configured for 27MHz crystal\n");
+   } else {
+   trf->modulator_sys_clk_ctrl = 0;
+   }
+
if (of_property_read_bool(np, "en2-rf-quirk"))
trf->quirks |= TRF7970A_QUIRK_EN2_MUST_STAY_LOW;
 
-- 
2.7.4

Re: pull-request: iwlwifi-next 2017-04-26

[Kalle Valo]

Luca Coelho  writes:

> Here's another pull-request intended for v4.12.  This is generic
> development work, nothing really stands out.  More details in the tag
> description.
>
> I have sent this out before, and kbuildbot reported success.
>
> Please let me know if there are any issues.
>
> Cheers,
> Luca.
>
>
> The following changes since commit a0597834dc0e1af68f48f92b31617b360a14dfc8:
>
>   rt2800: fix mt7620 E2 channel registers (2017-04-20 14:00:54 +0300)
>
> are available in the git repository at:
>
>   git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next.git 
> tags/iwlwifi-next-for-kalle-2017-04-26
>
> for you to fetch changes up to 291084951825e1efca081926b10bf3ff7e872476:
>
>   iwlwifi: adjust NVM parsing APIs for new a000 method (2017-04-25 23:08:32 
> +0300)
>
> 
> One more pull-request intended for 4.12.  These are the changes:
>
>  * The firmware for 7265D and 3168 NICs is frozen at version 29;
>  * Sari continues working heavily on support for A000 series;
>  * A bunch of fixes;
>  * Some cleanups here and there;
>
> 

Pulled, thanks.

-- 
Kalle Valo

Re: [RESEND] ath10k: fix out of bounds access to local buffer

[Kalle Valo]

Michael Mera  writes:

> Kalle Valo  writes:
>> I fixed a checkpatch warning in the pending branch:
>>
>> drivers/net/wireless/ath/ath10k/debug.c:636: spaces preferred around
>> that '-' (ctx:VxV)
>
> Hum... but then you will have a line longer than 80 characters (81), so
> another warning.

I have extended the line length in my check script to 90 chars just
because of cases like this:

https://wireless.wiki.kernel.org/en/users/drivers/ath10k/codingstyle#checking_code

> I prefered this version since I feel that splitting this line would hurt
> readability and on the other hand the expression is clearly delimited
> by the spaces around the ',' so I don't think spaces around the operator
> add any value (except for compliance with the coding style that is).

I actually guessed why you did that. But I want to keep the output of my
test script clean, makes review a lot easier. Making exceptions to the
script is more work for me.

Anyway, I already did the change in my pending branch and will apply the
patch in few days. Thanks for the fix.

-- 
Kalle Valo

Re: [PATCH v2 0/8] NFC: fix device allocation and nfcmrvl crashes

[Johan Hovold]

On Wed, Apr 19, 2017 at 01:24:31AM +0200, Samuel Ortiz wrote:

> On Tue, Apr 18, 2017 at 12:09:16PM +0200, Johan Hovold wrote:
> > On Thu, Mar 30, 2017 at 12:15:34PM +0200, Johan Hovold wrote:
> > > This started out with the observation that the nfcmrvl_uart driver
> > > unconditionally dereferenced the tty class device despite the fact that
> > > not every tty has an associated struct device (Unix98 ptys). Some
> > > further changes were needed in the common nfcmrvl code to fully address
> > > this, some of which also incidentally fixed a few related bugs (e.g.
> > > resource leaks in error paths).
> > > 
> > > While fixing this I stumbled over a regression in NFC core that lead to
> > > broken registration error paths and misnamed workqueues.
> > > 
> > > Note that this has only been tested by configuring the n_hci line
> > > discipline for different ttys without any actual NFC hardware connected.
> > 
> > > Johan Hovold (8):
> > >   NFC: fix broken device allocation
> > >   NFC: nfcmrvl_uart: add missing tty-device sanity check
> > >   NFC: nfcmrvl: do not use device-managed resources
> > >   NFC: nfcmrvl: use nfc-device for firmware download
> > >   NFC: nfcmrvl: fix firmware-management initialisation
> > >   NFC: nfcmrvl_uart: fix device-node leak during probe
> > >   NFC: nfcmrvl_usb: use interface as phy device
> > >   NFC: nfcmrvl: allow gpio 0 for reset signalling
> > 
> > Any chance of getting these into 4.12, Samuel?

> I have yours and Mark Greer patchset pending. I'll push them to nfc-next
> and see if I can send another pull request to Dave by the end of this
> week.

Any progress on this now that we got another week?

Thanks,
Johan

[PATCH] mwifiex: p2p client using same data path as station

[Xinming Hu]

From: Xinming Hu 

P2p client act as a station, data will be queued by DA instead
of RA. This patch pass the sanity check, so that p2p client share
the same data path with infrastruction station mode.

Signed-off-by: Xinming Hu 
Signed-off-by: Cathy Luo 
---
 drivers/net/wireless/marvell/mwifiex/main.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/marvell/mwifiex/main.h 
b/drivers/net/wireless/marvell/mwifiex/main.h
index f1cb875..72e87bf 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.h
+++ b/drivers/net/wireless/marvell/mwifiex/main.h
@@ -1235,7 +1235,8 @@ int mwifiex_cmd_802_11_bg_scan_config(struct 
mwifiex_private *priv,
 * Currently we assume if we are in Infra, then DA=RA. This might not be
 * true in the future
 */
-   if ((priv->bss_mode == NL80211_IFTYPE_STATION) &&
+   if ((priv->bss_mode == NL80211_IFTYPE_STATION ||
+priv->bss_mode == NL80211_IFTYPE_P2P_CLIENT) &&
(GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA))
return false;
 
-- 
1.9.1

Re: [RESEND] ath10k: fix out of bounds access to local buffer

[Michael Mera]

Kalle Valo  writes:
> I fixed a checkpatch warning in the pending branch:
>
> drivers/net/wireless/ath/ath10k/debug.c:636: spaces preferred around that '-' 
> (ctx:VxV)

Hum... but then you will have a line longer than 80 characters (81), so
another warning.
I prefered this version since I feel that splitting this line would hurt
readability and on the other hand the expression is clearly delimited
by the spaces around the ',' so I don't think spaces around the operator
add any value (except for compliance with the coding style that is).

Thanks,
Michael Mera

Re: [PATCH V3 1/9] nl80211: allow multiple active scheduled scan requests

[Arend van Spriel]

On 4/26/2017 11:08 AM, Johannes Berg wrote:

On Wed, 2017-04-26 at 11:05 +0200, Arend van Spriel wrote:

I guess it could be done, but I'm tending towards doing that less

again, I have no strong preference in this case. If it was
something
that seems likely to get abused, perhaps, but here...


Ok. As long as drivers don't think they can use the list_head to push
it on a private list.


They'll crash immediately and be disabused of that notion :)


The internal use comment does not end up in
kerneldoc. So maybe we can improve that? Would work for me.


It's difficult - though we could replace it with /* private: */ and
remove those things from kernel-doc entirely.


probably won't work:

/* internal */
struct wiphy *wiphy;
struct net_device *dev;
unsigned long scan_start;
struct rcu_head rcu_head;
u32 owner_nlportid;

/* keep last */
struct ieee80211_channel *channels[0];
};

Regards,
Arend

Re: [PATCH 5/9] cfg80211/nl80211: add authorized flag to roaming event

[Arend van Spriel]

Almost overlooked this one. Thanks for the hint, Johannes.

On 4/26/2017 9:58 AM, Luca Coelho wrote:

From: Avraham Stern 

Drivers that initiate roaming while being connected to a network that
uses 802.1X authentication need to inform user space if 802.1X
authentication is further required after roaming.
For example, when using the Fast transition protocol, roaming within
the mobility domain does not require new 802.1X authentication, but
roaming to another mobility domain does.


Not sure about the terminology here. Is "mobility domain" the same as 
"ESS" which stands for extended service set as definced in 802.11 
standard. If so, I would prefer use of that term here.



In addition, some drivers may not support 802.1X authentication
(so it has to be done in user space), while other drivers do.

Add a flag to the roaming notification to indicate if user space is
required to do 802.1X authentication after the roaming or not.
This flag will only be used for networks that use 802.1X
authentication. For networks that do not use 802.1X authentication it
is assumed that no further action is required from user space after
the roaming notification.

>

Signed-off-by: Avraham Stern 
Signed-off-by: Luca Coelho 
---
  include/net/cfg80211.h   |  4 
  include/uapi/linux/nl80211.h | 14 ++
  net/wireless/nl80211.c   |  4 +++-
  net/wireless/sme.c   |  1 +
  4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 115f6fc5a34d..f9f4fde2dc09 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -5384,6 +5384,9 @@ cfg80211_connect_timeout(struct net_device *dev, const u8 
*bssid,
   * @req_ie_len: association request IEs length
   * @resp_ie: association response IEs (may be %NULL)
   * @resp_ie_len: assoc response IEs length
+ * @authorized: true if the 802.1X authentication was done by the driver or is
+ * not needed (e.g., when Fast Transition protocol was used), false
+ * otherwise. Ignored for networks that don't use 802.1X authentication.


It is not ignored in this patch so it is expected user-space behavior 
you are describing, which is not really needed here in cfg80211 driver api.



   */
  struct cfg80211_roam_info {
struct ieee80211_channel *channel;
@@ -5393,6 +5396,7 @@ struct cfg80211_roam_info {
size_t req_ie_len;
const u8 *resp_ie;
size_t resp_ie_len;
+   bool authorized;
  };
  
  /**

diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 6095a6c4c412..7bdbce7c4147 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -546,6 +546,12 @@
   *well to remain backwards compatible.
   * @NL80211_CMD_ROAM: request that the card roam (currently not implemented),


Do we want to keep this comment about the request scenario. Is it likely 
implemented soon/ever?



   *sent as an event when the card/driver roamed by itself.
+ * When used as an event, and the driver roamed in a network that requires
+ * 802.1X authentication, %NL80211_ATTR_CONNECTION_AUTHORIZED should be set
+ * if the 802.1X authentication was done by the driver or if roaming was
+ * done using Fast Transition protocol (in which case 802.1X authentication
+ * is not needed). If %NL80211_ATTR_CONNECTION_AUTHORIZED is not set,
+ * user space is responsible for the 802.1X authentication.


Would you consider using NL80211_ATTR_PORT_AUTHORIZED instead referring 
to the 802.1X port entities.


Regards,
Arend


   * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
   *userspace that a connection was dropped by the AP or due to other
   *reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
@@ -2081,6 +2087,12 @@ enum nl80211_commands {
   * @NL80211_ATTR_PMK: PMK for the PMKSA identified by %NL80211_ATTR_PMKID.
   *This is used with @NL80211_CMD_SET_PMKSA.
   *
+ * @NL80211_ATTR_CONNECTION_AUTHORIZED: A flag attribute used with
+ * %NL80211_CMD_ROAM to indicate that 802.1X authentication was done by the
+ * driver or is not needed (because roaming used the Fast Transition
+ * protocol). Only valid for roaming in networks that require 802.1X
+ * authentication.
+ *

Re: [RESEND] ath10k: fix out of bounds access to local buffer

[Kalle Valo]

Michael Mera  wrote:
> During write to debugfs file simulate_fw_crash, fixed-size local buffer
> 'buf' is accessed and modified at index 'count-1', where 'count' is the
> size of the write (so potentially out of bounds).
> This patch fixes this problem.
> 
> Signed-off-by: Michael Mera 

I fixed a checkpatch warning in the pending branch:

drivers/net/wireless/ath/ath10k/debug.c:636: spaces preferred around that '-' 
(ctx:VxV)

-- 
https://patchwork.kernel.org/patch/9695703/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [1/1] mt7601u: check return value of alloc_skb

[Kalle Valo]

Pan Bian  wrote:
> Function alloc_skb() will return a NULL pointer if there is no enough
> memory. However, in function mt7601u_mcu_msg_alloc(), its return value
> is not validated before it is used. This patch fixes it.
> 
> Signed-off-by: Pan Bian 
> Acked-by: Jakub Kicinski 

Patch applied to wireless-drivers-next.git, thanks.

5fb01e91daf8 mt7601u: check return value of alloc_skb

-- 
https://patchwork.kernel.org/patch/9694549/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [PATCH V3 1/9] nl80211: allow multiple active scheduled scan requests

[Arend van Spriel]

On 4/26/2017 10:49 AM, Johannes Berg wrote:

FWIW:

https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git/commit/?id=978812b3f43dda86e20588cfe0a4a244c4fab141


On Wed, 2017-04-26 at 10:46 +0200, Arend van Spriel wrote:


Sure. In the worker we are already iterating so I guess we could.
The number of internal fields in struct cfg80211_sched_scan_request
with one of them being the list_head. Thinking about hiding those
from the drivers. Is it worth it?


I guess it could be done, but I'm tending towards doing that less
again, I have no strong preference in this case. If it was something
that seems likely to get abused, perhaps, but here...


Ok. As long as drivers don't think they can use the list_head to push it 
on a private list. The internal use comment does not end up in 
kerneldoc. So maybe we can improve that? Would work for me.


Regards,
Arend

Re: [PATCH V3 1/9] nl80211: allow multiple active scheduled scan requests

[Johannes Berg]

On Wed, 2017-04-26 at 11:05 +0200, Arend van Spriel wrote:
> I guess it could be done, but I'm tending towards doing that less
> > again, I have no strong preference in this case. If it was
> > something
> > that seems likely to get abused, perhaps, but here...
> 
> Ok. As long as drivers don't think they can use the list_head to push
> it on a private list.

They'll crash immediately and be disabused of that notion :)

> The internal use comment does not end up in 
> kerneldoc. So maybe we can improve that? Would work for me.

It's difficult - though we could replace it with /* private: */ and
remove those things from kernel-doc entirely.

johannes

Re: [v2] brcmfmac: Ensure pointer correctly set if skb data location changes

[Kalle Valo]

James Hughes  wrote:
> The incoming skb header may be resized if header space is
> insufficient, which might change the data adddress in the skb.
> Ensure that a cached pointer to that data is correctly set by
> moving assignment to after any possible changes.
> 
> Signed-off-by: James Hughes 
> 
> Acked-by: Arend van Spriel 

Patch applied to wireless-drivers-next.git, thanks.

455a1eb4654c brcmfmac: Ensure pointer correctly set if skb data location changes

-- 
https://patchwork.kernel.org/patch/9696045/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [v3] brcmfmac: Make skb header writable before use

[Kalle Valo]

James Hughes  wrote:
> The driver was making changes to the skb_header without
> ensuring it was writable (i.e. uncloned).
> This patch also removes some boiler plate header size
> checking/adjustment code as that is also handled by the
> skb_cow_header function used to make header writable.
> 
> Signed-off-by: James Hughes 
> Acked-by: Arend van Spriel 

Patch applied to wireless-drivers-next.git, thanks.

9cc4b7cb86cb brcmfmac: Make skb header writable before use

-- 
https://patchwork.kernel.org/patch/9697763/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [1/1] rndis_wlan: add return value validation

[Kalle Valo]

Pan Bian  wrote:
> From: Pan Bian 
> 
> Function create_singlethread_workqueue() will return a NULL pointer if
> there is no enough memory, and its return value should be validated
> before using. However, in function rndis_wlan_bind(), its return value
> is not checked. This may cause NULL dereference bugs. This patch fixes
> it.
> 
> Signed-off-by: Pan Bian 

Patch applied to wireless-drivers-next.git, thanks.

9dc7efd3978a rndis_wlan: add return value validation

-- 
https://patchwork.kernel.org/patch/9695387/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [1/1] libertas: check return value of alloc_workqueue

[Kalle Valo]

Pan Bian  wrote:
> From: Pan Bian 
> 
> Function alloc_workqueue() will return a NULL pointer if there is no
> enough memory, and its return value should be validated before using.
> However, in function if_spi_probe(), its return value is not checked.
> This may result in a NULL dereference bug. This patch fixes the bug.
> 
> Signed-off-by: Pan Bian 

Patch applied to wireless-drivers-next.git, thanks.

dc3f89c38a84 libertas: check return value of alloc_workqueue

-- 
https://patchwork.kernel.org/patch/9694827/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: orinoco_usb: Fix buffer on stack

[Kalle Valo]

Maksim Salau  wrote:
> Allocate buffer on HEAP instead of STACK for a local variable
> that is to be sent using usb_control_msg().
> 
> Signed-off-by: Maksim Salau 

Patch applied to wireless-drivers-next.git, thanks.

2f6ae79cb04b orinoco_usb: Fix buffer on stack

-- 
https://patchwork.kernel.org/patch/9694451/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: rtlwifi: rtl8821ae: setup 8812ae RFE according to device type

[Kalle Valo]

Larry Finger  wrote:
> Current channel switch implementation sets 8812ae RFE reg value assuming
> that device always has type 2.
> 
> Extend possible RFE types set and write corresponding reg values.
> 
> Source for new code is
> http://dlcdnet.asus.com/pub/ASUS/wireless/PCE-AC51/DR_PCE_AC51_20232801152016.zip
> 
> Signed-off-by: Maxim Samoylov 
> Signed-off-by: Larry Finger 
> Cc: Stable 
> Cc: Yan-Hsuan Chuang 
> Cc: Pkshih 
> Cc: Birming Chiu 
> Cc: Shaofu 
> Cc: Steven Ting 

Patch applied to wireless-drivers-next.git, thanks.

46cfa2148e73 rtlwifi: rtl8821ae: setup 8812ae RFE according to device type

-- 
https://patchwork.kernel.org/patch/9683395/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: ath6kl: assure headroom of skbuff is writable in .start_xmit()

[Arend van Spriel]

On 4/26/2017 10:53 AM, Kalle Valo wrote:

Arend Van Spriel  wrote:

An issue was found brcmfmac driver in which a skbuff in .start_xmit()
callback was actually cloned. So instead of checking for sufficient
headroom it should also be writable. Hence use skb_cow_head() to
check and expand the headroom appropriately.

Signed-off-by: Arend van Spriel 


Steve, would you have time to run a quick test with this?

Patch set to Deferred.


Just a hint. I tested the equivalent patch in brcmfmac by doing a 
skb_clone() just before the headroom if-statement (and a kfree_skb() 
afterwards obviously ;-) ).


Regards,
Arend

Re: orinoco: fix spelling mistake: "Registerred" -> "Registered"

[Kalle Valo]

Colin Ian King  wrote:
> From: Colin Ian King 
> 
> trivial fix to spelling mistake in dbg_dbg message
> 
> Signed-off-by: Colin Ian King 

Patch applied to wireless-drivers-next.git, thanks.

bea35f90dbb1 orinoco: fix spelling mistake: "Registerred" -> "Registered"

-- 
https://patchwork.kernel.org/patch/9694381/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [PATCH 4/9] cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss()

[Arend van Spriel]

On 4/26/2017 9:58 AM, Luca Coelho wrote:

From: Avraham Stern 

cfg80211_roamed() and cfg80211_roamed_bss() take the same arguments
except that cfg80211_roamed() requires the BSSID and
cfg80211_roamed_bss() requires the bss entry.

Unify the two functions by using a struct for driver initiated
roaming information so that either the BSSID or the bss entry can be
passed as an argument to the unified function.

Signed-off-by: Avraham Stern 
[modified the ath6k, brcm80211, rndis and wlan-ng drivers accordingly]
Signed-off-by: Luca Coelho 
---
  drivers/net/wireless/ath/ath6kl/cfg80211.c | 10 ++-
  .../broadcom/brcm80211/brcmfmac/cfg80211.c | 13 +++-
  drivers/net/wireless/rndis_wlan.c  | 19 +++--
  drivers/staging/wlan-ng/cfg80211.c |  7 +-
  include/net/cfg80211.h | 58 +++---
  net/wireless/core.h| 12 +--
  net/wireless/nl80211.c | 18 +++--
  net/wireless/nl80211.h |  5 +-
  net/wireless/sme.c | 90 +-
  net/wireless/util.c|  4 +-
  10 files changed, 115 insertions(+), 121 deletions(-)



[...]


diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c 
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 8c7f1ef288c6..a36bccbb40e5 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5359,6 +5359,7 @@ brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
struct ieee80211_supported_band *band;
struct brcmf_bss_info_le *bi;
struct brcmu_chan ch;
+   struct cfg80211_roam_info roam_info = {};
u32 freq;
s32 err = 0;
u8 *buf;
@@ -5397,9 +5398,15 @@ brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
  
  done:

kfree(buf);
-   cfg80211_roamed(ndev, notify_channel, (u8 *)profile->bssid,
-   conn_info->req_ie, conn_info->req_ie_len,
-   conn_info->resp_ie, conn_info->resp_ie_len, GFP_KERNEL);
+
+   roam_info.channel = notify_channel;
+   roam_info.bssid = (u8*)profile->bssid;


I know it was there before, but this cast seem useless.

Regards,
Arend


+   roam_info.req_ie = conn_info->req_ie;
+   roam_info.req_ie_len = conn_info->req_ie_len;
+   roam_info.resp_ie = conn_info->resp_ie;
+   roam_info.resp_ie_len = conn_info->resp_ie_len;
+
+   cfg80211_roamed(ndev, _info, GFP_KERNEL);
brcmf_dbg(CONN, "Report roaming result\n");

Re: ath6kl: assure headroom of skbuff is writable in .start_xmit()

[Kalle Valo]

Arend Van Spriel  wrote:
> An issue was found brcmfmac driver in which a skbuff in .start_xmit()
> callback was actually cloned. So instead of checking for sufficient
> headroom it should also be writable. Hence use skb_cow_head() to
> check and expand the headroom appropriately.
> 
> Signed-off-by: Arend van Spriel 

Steve, would you have time to run a quick test with this?

Patch set to Deferred.

-- 
https://patchwork.kernel.org/patch/9697757/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [PATCH V3 1/9] nl80211: allow multiple active scheduled scan requests

[Johannes Berg]

FWIW:

https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git/commit/?id=978812b3f43dda86e20588cfe0a4a244c4fab141


On Wed, 2017-04-26 at 10:46 +0200, Arend van Spriel wrote:

> Sure. In the worker we are already iterating so I guess we could.
> The number of internal fields in struct cfg80211_sched_scan_request
> with one of them being the list_head. Thinking about hiding those
> from the drivers. Is it worth it?

I guess it could be done, but I'm tending towards doing that less
again, I have no strong preference in this case. If it was something
that seems likely to get abused, perhaps, but here...

johannes

Re: [PATCH V3 1/9] nl80211: allow multiple active scheduled scan requests

[Arend van Spriel]

On 4/25/2017 9:49 PM, Johannes Berg wrote:



if (schedule_destroy_work) {
-   struct cfg80211_iface_destroy *destroy;
+   struct cfg80211_nlport_release *destroy;
  
  			destroy = kzalloc(sizeof(*destroy),

GFP_ATOMIC);


I was never really happy with this allocation and really want to get
rid of it ...


Agree. I don't like the allocation overhead either for deferred 
processing in another context.



+   if (schedule_sched_stop_work) {
+   struct cfg80211_nlport_release *destroy;
+
+   destroy = kzalloc(sizeof(*destroy),
GFP_ATOMIC);
+   if (destroy) {
+   destroy->nlportid = notify->portid;
+   spin_lock(

sched_stop_list_lock);

+   list_add(>list, 

sched_stop_list);

+   spin_unlock(

sched_stop_list_lock);

+   schedule_work(

sched_scan_stop_wk);

+   }
+   }


Can't we set some kind of flag in the struct
cfg80211_sched_scan_request and iterate through them later again,
checking which need to be destroyed?


Sure. In the worker we are already iterating so I guess we could. The 
number of internal fields in struct cfg80211_sched_scan_request with one 
of them being the list_head. Thinking about hiding those from the 
drivers. Is it worth it?


Regards,
Arend

Re: [PATCH 0/9] cfg80211/mac80211 patches from our internal tree 2017-04-26

[Johannes Berg]

On Wed, 2017-04-26 at 11:11 +0300, Luca Coelho wrote:
> On Wed, 2017-04-26 at 10:08 +0200, Johannes Berg wrote:
> > > Avraham Stern (3):
> > >   mac80211: Add support for BSS max idle period element
> > >   cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss()
> > >   cfg80211/nl80211: add authorized flag to roaming event
> > 
> > I'm going to let these get a bit more time on the list.
> > 
> > Arend, it'd be nice if you could take a look as well.
> 
> Yes, especially for the changes I made in the other drivers.  They
> look kind of ugly, IMHO.

I actually think they're a structural improvement since then we don't
have to touch everything for any kind of extension, and don't get so
many arguments ...

In fact, I'll probably apply that patch before I send the last pull
request, so we have it in during the merge window.

johannes

Re: [PATCH RFC] staging: wilc1000: Refactor handling of HT caps fields

[Dan Carpenter]

This seems nice, yes.

regards,
dan carpenter

pull-request: iwlwifi-next 2017-04-26

[Luca Coelho]

Hi Kalle,

Here's another pull-request intended for v4.12.  This is generic
development work, nothing really stands out.  More details in the tag
description.

I have sent this out before, and kbuildbot reported success.

Please let me know if there are any issues.

Cheers,
Luca.


The following changes since commit a0597834dc0e1af68f48f92b31617b360a14dfc8:

  rt2800: fix mt7620 E2 channel registers (2017-04-20 14:00:54 +0300)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next.git 
tags/iwlwifi-next-for-kalle-2017-04-26

for you to fetch changes up to 291084951825e1efca081926b10bf3ff7e872476:

  iwlwifi: adjust NVM parsing APIs for new a000 method (2017-04-25 23:08:32 
+0300)


One more pull-request intended for 4.12.  These are the changes:

 * The firmware for 7265D and 3168 NICs is frozen at version 29;
 * Sari continues working heavily on support for A000 series;
 * A bunch of fixes;
 * Some cleanups here and there;


Dor Shaish (1):
  iwlwifi: mvm: freeze 7265D and 3168 on API version 29

Haim Dreyfuss (1):
  iwlwifi: mvm: Ignore wifi mcc update in the driver while associated

Johannes Berg (6):
  iwlwifi: mvm: make iwl_run_unified_mvm_ucode() static
  iwlwifi: mvm: avoid variable shadowing
  iwlwifi: pcie: remove superfluous trans->dev assignment
  iwlwifi: don't leak memory on allocation failure
  iwlwifi: remove module loading failure message
  iwlwifi: pcie: apply no-reclaim logic only to group 0

Liad Kaufman (2):
  iwlwifi: pcie: support debug applying on a000 hw
  iwlwifi: gen2: support nmi triggering from host

Mordechai Goodstein (1):
  iwlwifi: mvm: scan: avoid "big" prints

Sara Sharon (12):
  iwlwifi: mvm: support new rate flags
  iwlwifi: mvm: don't reserve queue in TVQM mode
  iwlwifi: mvm: map cab_queue to different txq_id
  iwlwifi: mvm: move internally to use bigger INVALID_TXQ
  iwlwifi: mvm: remove color definition
  iwlwifi: mvm: use defines instead of variables for shared dwell times
  iwlwifi: mvm: remove references to queue_info in new TX path
  iwlwifi: mvm: support station type API
  iwlwifi: move to 512 queues
  iwlwifi: rename wait_for_tx_queues_empty
  iwlwifi: mvm: memset binding before setting values
  iwlwifi: adjust NVM parsing APIs for new a000 method

Sharon Dvir (2):
  iwlwifi: mvm: check if returned value is NULL
  iwlwifi: mvm: handle possible BIOS bug

 drivers/net/wireless/intel/iwlwifi/dvm/lib.c|   2 +-
 drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c   |   2 +-
 drivers/net/wireless/intel/iwlwifi/iwl-7000.c   |   4 +-
 drivers/net/wireless/intel/iwlwifi/iwl-a000.c   |   2 +-
 drivers/net/wireless/intel/iwlwifi/iwl-config.h |   2 +-
 drivers/net/wireless/intel/iwlwifi/iwl-drv.c|  15 ++---
 drivers/net/wireless/intel/iwlwifi/iwl-fw-file.h|   2 +
 drivers/net/wireless/intel/iwlwifi/iwl-io.c |   3 +
 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c  |  32 +--
 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.h  |  16 +-
 drivers/net/wireless/intel/iwlwifi/iwl-prph.h   |   1 +
 drivers/net/wireless/intel/iwlwifi/iwl-trans.h  |  10 ++--
 drivers/net/wireless/intel/iwlwifi/mvm/binding.c|   4 +-
 drivers/net/wireless/intel/iwlwifi/mvm/fw-api-mac.h |   5 +-
 drivers/net/wireless/intel/iwlwifi/mvm/fw-api-rs.h  |  28 --
 drivers/net/wireless/intel/iwlwifi/mvm/fw-api-sta.h |  38 +++--
 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 161 
-
 drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c   |  11 +++-
 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c   |  37 
 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h|  10 +++-
 drivers/net/wireless/intel/iwlwifi/mvm/nvm.c|   9 ++-
 drivers/net/wireless/intel/iwlwifi/mvm/ops.c|   9 +--
 drivers/net/wireless/intel/iwlwifi/mvm/rs.c |  11 ++--
 drivers/net/wireless/intel/iwlwifi/mvm/rx.c |   4 +-
 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c   |   4 +-
 drivers/net/wireless/intel/iwlwifi/mvm/scan.c   |  86 

 drivers/net/wireless/intel/iwlwifi/mvm/sta.c| 229 
+++
 drivers/net/wireless/intel/iwlwifi/mvm/sta.h|   7 ++-
 drivers/net/wireless/intel/iwlwifi/mvm/tx.c |  13 +++--
 drivers/net/wireless/intel/iwlwifi/mvm/utils.c  |  96 
++--
 drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info.c |   4 ++
 drivers/net/wireless/intel/iwlwifi/pcie/internal.h  |   7 ++-
 drivers/net/wireless/intel/iwlwifi/pcie/rx.c|   2 +-
 drivers/net/wireless/intel/iwlwifi/pcie/trans.c |   5 +-
 34 files changed, 521 

Re: [PATCH 0/9] cfg80211/mac80211 patches from our internal tree 2017-04-26

[Johannes Berg]

> Avraham Stern (3):
>   mac80211: Add support for BSS max idle period element
>   cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss()
>   cfg80211/nl80211: add authorized flag to roaming event

I'm going to let these get a bit more time on the list.

Arend, it'd be nice if you could take a look as well.

> Emmanuel Grumbach (1):
>   mac80211: don't parse encrypted management frames in
> ieee80211_frame_acked
> 
> Johannes Berg (2):
>   ieee80211: fix kernel-doc parsing errors
>   mac80211: disentangle iflist_mtx and chanctx_mtx
> 
> Luca Coelho (3):
>   ieee80211: add SUITE_B AKM selectors
>   ieee80211: add FT-802.1X AKM suite selector
>   mac80211: make multicast variable a bool in
> ieee80211_accept_frame()

But these seem uncontroversial, so applied.

johannes

Re: [PATCH 0/9] cfg80211/mac80211 patches from our internal tree 2017-04-26

[Luca Coelho]

On Wed, 2017-04-26 at 10:08 +0200, Johannes Berg wrote:
> > Avraham Stern (3):
> >   mac80211: Add support for BSS max idle period element
> >   cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss()
> >   cfg80211/nl80211: add authorized flag to roaming event
> 
> I'm going to let these get a bit more time on the list.
> 
> Arend, it'd be nice if you could take a look as well.

Yes, especially for the changes I made in the other drivers.  They look
kind of ugly, IMHO.

--
Luca.

[PATCH 7/9] ieee80211: fix kernel-doc parsing errors

[Luca Coelho]

From: Johannes Berg 

Some of the enum definitions are unnamed but there's still
an attempt at documenting them - that doesn't work. Name
them to make that work.

Signed-off-by: Johannes Berg 
---
 include/linux/ieee80211.h | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 13f23036dc05..69033353d0d1 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2177,37 +2177,37 @@ enum ieee80211_tdls_actioncode {
 #define WLAN_BSS_COEX_INFORMATION_REQUEST  BIT(0)
 
 /**
- * enum - mesh synchronization method identifier
+ * enum ieee80211_mesh_sync_method - mesh synchronization method identifier
  *
  * @IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET: the default synchronization method
  * @IEEE80211_SYNC_METHOD_VENDOR: a vendor specific synchronization method
  * that will be specified in a vendor specific information element
  */
-enum {
+enum ieee80211_mesh_sync_method {
IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET = 1,
IEEE80211_SYNC_METHOD_VENDOR = 255,
 };
 
 /**
- * enum - mesh path selection protocol identifier
+ * enum ieee80211_mesh_path_protocol - mesh path selection protocol identifier
  *
  * @IEEE80211_PATH_PROTOCOL_HWMP: the default path selection protocol
  * @IEEE80211_PATH_PROTOCOL_VENDOR: a vendor specific protocol that will
  * be specified in a vendor specific information element
  */
-enum {
+enum ieee80211_mesh_path_protocol {
IEEE80211_PATH_PROTOCOL_HWMP = 1,
IEEE80211_PATH_PROTOCOL_VENDOR = 255,
 };
 
 /**
- * enum - mesh path selection metric identifier
+ * enum ieee80211_mesh_path_metric - mesh path selection metric identifier
  *
  * @IEEE80211_PATH_METRIC_AIRTIME: the default path selection metric
  * @IEEE80211_PATH_METRIC_VENDOR: a vendor specific metric that will be
  * specified in a vendor specific information element
  */
-enum {
+enum ieee80211_mesh_path_metric {
IEEE80211_PATH_METRIC_AIRTIME = 1,
IEEE80211_PATH_METRIC_VENDOR = 255,
 };
-- 
2.11.0

[PATCH 9/9] mac80211: make multicast variable a bool in ieee80211_accept_frame()

[Luca Coelho]

From: Luca Coelho 

The multicast variable in the ieee80211_accept_frame() function is
treated as a boolean, but defined as int.  Fix that.

Signed-off-by: Luca Coelho 
---
 net/mac80211/rx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0094f3c0af64..fe6a760aa1ee 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3574,7 +3574,7 @@ static bool ieee80211_accept_frame(struct 
ieee80211_rx_data *rx)
struct ieee80211_hdr *hdr = (void *)skb->data;
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
-   int multicast = is_multicast_ether_addr(hdr->addr1);
+   bool multicast = is_multicast_ether_addr(hdr->addr1);
 
switch (sdata->vif.type) {
case NL80211_IFTYPE_STATION:
-- 
2.11.0

[PATCH 8/9] mac80211: disentangle iflist_mtx and chanctx_mtx

[Luca Coelho]

From: Johannes Berg 

At least on iwlwifi, sometimes lockdep complains that we can
lock
 chanctx_mtx -> mvm.mutex -> iflist_mtx
 (due to iterate_interfaces)
and
 iflist_mtx -> chanctx_mtx

Remove the latter dependency in mac80211 by using the RTNL
that we already hold in one case, and can relatively easily
achieve in the other case.

Signed-off-by: Johannes Berg 
---
 net/mac80211/cfg.c  | 6 +-
 net/mac80211/main.c | 2 ++
 net/mac80211/util.c | 9 ++---
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index d041f78ecee6..bdcb82c2ab74 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -739,11 +739,8 @@ static int ieee80211_set_monitor_channel(struct wiphy 
*wiphy,
return 0;
 
mutex_lock(>mtx);
-   mutex_lock(>iflist_mtx);
if (local->use_chanctx) {
-   sdata = rcu_dereference_protected(
-   local->monitor_sdata,
-   lockdep_is_held(>iflist_mtx));
+   sdata = rtnl_dereference(local->monitor_sdata);
if (sdata) {
ieee80211_vif_release_channel(sdata);
ret = ieee80211_vif_use_channel(sdata, chandef,
@@ -756,7 +753,6 @@ static int ieee80211_set_monitor_channel(struct wiphy 
*wiphy,
 
if (ret == 0)
local->monitor_chandef = *chandef;
-   mutex_unlock(>iflist_mtx);
mutex_unlock(>mtx);
 
return ret;
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index ae408a96c407..8aa1f5b6a051 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -253,6 +253,7 @@ static void ieee80211_restart_work(struct work_struct *work)
WARN(test_bit(SCAN_HW_SCANNING, >scanning),
 "%s called with hardware scan in progress\n", __func__);
 
+   flush_work(>radar_detected_work);
rtnl_lock();
list_for_each_entry(sdata, >interfaces, list)
flush_delayed_work(>dec_tailroom_needed_wk);
@@ -1187,6 +1188,7 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
cancel_work_sync(>reconfig_filter);
cancel_work_sync(>tdls_chsw_work);
flush_work(>sched_scan_stopped_work);
+   flush_work(>radar_detected_work);
 
ieee80211_clear_tx_pending(local);
rate_control_deinitialize(local);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 1b8e5c36..27a27070a751 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -2800,8 +2800,10 @@ void ieee80211_dfs_cac_cancel(struct ieee80211_local 
*local)
struct ieee80211_sub_if_data *sdata;
struct cfg80211_chan_def chandef;
 
+   /* for interface list, to avoid linking iflist_mtx and chanctx_mtx */
+   ASSERT_RTNL();
+
mutex_lock(>mtx);
-   mutex_lock(>iflist_mtx);
list_for_each_entry(sdata, >interfaces, list) {
/* it might be waiting for the local->mtx, but then
 * by the time it gets it, sdata->wdev.cac_started
@@ -2818,7 +2820,6 @@ void ieee80211_dfs_cac_cancel(struct ieee80211_local 
*local)
   GFP_KERNEL);
}
}
-   mutex_unlock(>iflist_mtx);
mutex_unlock(>mtx);
 }
 
@@ -2840,7 +2841,9 @@ void ieee80211_dfs_radar_detected_work(struct work_struct 
*work)
}
mutex_unlock(>chanctx_mtx);
 
+   rtnl_lock();
ieee80211_dfs_cac_cancel(local);
+   rtnl_unlock();
 
if (num_chanctx > 1)
/* XXX: multi-channel is not supported yet */
@@ -2855,7 +2858,7 @@ void ieee80211_radar_detected(struct ieee80211_hw *hw)
 
trace_api_radar_detected(local);
 
-   ieee80211_queue_work(hw, >radar_detected_work);
+   schedule_work(>radar_detected_work);
 }
 EXPORT_SYMBOL(ieee80211_radar_detected);
 
-- 
2.11.0

[PATCH 5/9] cfg80211/nl80211: add authorized flag to roaming event

[Luca Coelho]

From: Avraham Stern 

Drivers that initiate roaming while being connected to a network that
uses 802.1X authentication need to inform user space if 802.1X
authentication is further required after roaming.
For example, when using the Fast transition protocol, roaming within
the mobility domain does not require new 802.1X authentication, but
roaming to another mobility domain does.
In addition, some drivers may not support 802.1X authentication
(so it has to be done in user space), while other drivers do.

Add a flag to the roaming notification to indicate if user space is
required to do 802.1X authentication after the roaming or not.
This flag will only be used for networks that use 802.1X
authentication. For networks that do not use 802.1X authentication it
is assumed that no further action is required from user space after
the roaming notification.

Signed-off-by: Avraham Stern 
Signed-off-by: Luca Coelho 
---
 include/net/cfg80211.h   |  4 
 include/uapi/linux/nl80211.h | 14 ++
 net/wireless/nl80211.c   |  4 +++-
 net/wireless/sme.c   |  1 +
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 115f6fc5a34d..f9f4fde2dc09 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -5384,6 +5384,9 @@ cfg80211_connect_timeout(struct net_device *dev, const u8 
*bssid,
  * @req_ie_len: association request IEs length
  * @resp_ie: association response IEs (may be %NULL)
  * @resp_ie_len: assoc response IEs length
+ * @authorized: true if the 802.1X authentication was done by the driver or is
+ * not needed (e.g., when Fast Transition protocol was used), false
+ * otherwise. Ignored for networks that don't use 802.1X authentication.
  */
 struct cfg80211_roam_info {
struct ieee80211_channel *channel;
@@ -5393,6 +5396,7 @@ struct cfg80211_roam_info {
size_t req_ie_len;
const u8 *resp_ie;
size_t resp_ie_len;
+   bool authorized;
 };
 
 /**
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 6095a6c4c412..7bdbce7c4147 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -546,6 +546,12 @@
  * well to remain backwards compatible.
  * @NL80211_CMD_ROAM: request that the card roam (currently not implemented),
  * sent as an event when the card/driver roamed by itself.
+ * When used as an event, and the driver roamed in a network that requires
+ * 802.1X authentication, %NL80211_ATTR_CONNECTION_AUTHORIZED should be set
+ * if the 802.1X authentication was done by the driver or if roaming was
+ * done using Fast Transition protocol (in which case 802.1X authentication
+ * is not needed). If %NL80211_ATTR_CONNECTION_AUTHORIZED is not set,
+ * user space is responsible for the 802.1X authentication.
  * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
  * userspace that a connection was dropped by the AP or due to other
  * reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
@@ -2081,6 +2087,12 @@ enum nl80211_commands {
  * @NL80211_ATTR_PMK: PMK for the PMKSA identified by %NL80211_ATTR_PMKID.
  * This is used with @NL80211_CMD_SET_PMKSA.
  *
+ * @NL80211_ATTR_CONNECTION_AUTHORIZED: A flag attribute used with
+ * %NL80211_CMD_ROAM to indicate that 802.1X authentication was done by the
+ * driver or is not needed (because roaming used the Fast Transition
+ * protocol). Only valid for roaming in networks that require 802.1X
+ * authentication.
+ *
  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
  * @NL80211_ATTR_MAX: highest attribute number currently defined
  * @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2500,6 +2512,8 @@ enum nl80211_attrs {
 
NL80211_ATTR_PMK,
 
+   NL80211_ATTR_CONNECTION_AUTHORIZED,
+
/* add attributes here, update the policy in nl80211.c */
 
__NL80211_ATTR_AFTER_LAST,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index ab9036e2d622..f3bf20584222 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -13621,7 +13621,9 @@ void nl80211_send_roamed(struct 
cfg80211_registered_device *rdev,
 info->req_ie)) ||
(info->resp_ie &&
 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
-info->resp_ie)))
+info->resp_ie)) ||
+   (info->authorized &&
+nla_put_flag(msg, NL80211_ATTR_CONNECTION_AUTHORIZED)))
goto nla_put_failure;
 
genlmsg_end(msg, hdr);
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 532a0007ce82..0a49b88070d0 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -960,6 +960,7 @@ void cfg80211_roamed(struct net_device *dev, struct 
cfg80211_roam_info *info,
ev->rm.resp_ie_len = info->resp_ie_len;

[PATCH 2/9] mac80211: Add support for BSS max idle period element

[Luca Coelho]

From: Avraham Stern 

Parse the BSS max idle period element and set the BSS configuration
accordingly so the driver can use this information to configure the
max idle period and to use protected management frames for keep alive
when required.

The BSS max idle period element is defined in IEEE802.11-2016,
section 9.4.2.79

Signed-off-by: Avraham Stern 
Signed-off-by: Luca Coelho 
---
 include/linux/ieee80211.h  | 28 +++-
 include/net/mac80211.h | 14 +-
 net/mac80211/ieee80211_i.h |  1 +
 net/mac80211/mlme.c| 14 +-
 net/mac80211/util.c|  9 +
 5 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 23e095fa6701..c916ba4a22d4 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -7,7 +7,7 @@
  * Copyright (c) 2005, Devicescape Software, Inc.
  * Copyright (c) 2006, Michael Wu 
  * Copyright (c) 2013 - 2014 Intel Mobile Communications GmbH
- * Copyright (c) 2016 Intel Deutschland GmbH
+ * Copyright (c) 2016 - 2017 Intel Deutschland GmbH
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -2316,6 +2316,32 @@ struct ieee80211_timeout_interval_ie {
__le32 value;
 } __packed;
 
+/**
+ * enum ieee80211_idle_options - BSS idle options
+ * @WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE: the station should send an RSN
+ * protected frame to the AP to reset the idle timer at the AP for
+ * the station.
+ */
+enum ieee80211_idle_options {
+   WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE = BIT(0),
+};
+
+/**
+ * struct ieee80211_bss_max_idle_period_ie
+ *
+ * This structure refers to "BSS Max idle period element"
+ *
+ * @max_idle_period: indicates the time period during which a station can
+ * refrain from transmitting frames to its associated AP without being
+ * disassociated. In units of 1000 TUs.
+ * @idle_options: indicates the options associated with the BSS idle capability
+ * as specified in  ieee80211_idle_options.
+ */
+struct ieee80211_bss_max_idle_period_ie {
+   __le16 max_idle_period;
+   u8 idle_options;
+} __packed;
+
 /* BACK action code */
 enum ieee80211_back_actioncode {
WLAN_ACTION_ADDBA_REQ = 0,
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index b1ac872dc88a..66e602d501e5 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -5,7 +5,7 @@
  * Copyright 2006-2007 Jiri Benc 
  * Copyright 2007-2010 Johannes Berg 
  * Copyright 2013-2014  Intel Mobile Communications GmbH
- * Copyright (C) 2015 - 2016 Intel Deutschland GmbH
+ * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -299,6 +299,8 @@ struct ieee80211_vif_chanctx_switch {
  * context had been assigned.
  * @BSS_CHANGED_OCB: OCB join status changed
  * @BSS_CHANGED_MU_GROUPS: VHT MU-MIMO group id or user position changed
+ * @BSS_CHANGED_KEEP_ALIVE: keep alive options (idle period or protected
+ * keep alive) changed.
  */
 enum ieee80211_bss_change {
BSS_CHANGED_ASSOC   = 1<<0,
@@ -325,6 +327,7 @@ enum ieee80211_bss_change {
BSS_CHANGED_BANDWIDTH   = 1<<21,
BSS_CHANGED_OCB = 1<<22,
BSS_CHANGED_MU_GROUPS   = 1<<23,
+   BSS_CHANGED_KEEP_ALIVE  = 1<<24,
 
/* when adding here, make sure to change ieee80211_reconfig */
 };
@@ -533,6 +536,13 @@ struct ieee80211_mu_group_data {
  * @allow_p2p_go_ps: indication for AP or P2P GO interface, whether it's 
allowed
  * to use P2P PS mechanism or not. AP/P2P GO is not allowed to use P2P PS
  * if it has associated clients without P2P PS support.
+ * @max_idle_period: the time period during which the station can refrain from
+ * transmitting frames to its associated AP without being disassociated.
+ * In units of 1000 TUs. Zero value indicates that the AP did not include
+ * a (valid) BSS Max Idle Period Element.
+ * @protected_keep_alive: if set, indicates that the station should send an RSN
+ * protected frame to the AP to reset the idle timer at the AP for the
+ * station.
  */
 struct ieee80211_bss_conf {
const u8 *bssid;
@@ -573,6 +583,8 @@ struct ieee80211_bss_conf {
enum nl80211_tx_power_setting txpower_type;
struct ieee80211_p2p_noa_attr p2p_noa_attr;
bool allow_p2p_go_ps;
+   u16 max_idle_period;
+   bool protected_keep_alive;
 };
 
 /**
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index cf6d5abb65a3..476570175a12 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1477,6 

[PATCH 4/9] cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss()

[Luca Coelho]

From: Avraham Stern 

cfg80211_roamed() and cfg80211_roamed_bss() take the same arguments
except that cfg80211_roamed() requires the BSSID and
cfg80211_roamed_bss() requires the bss entry.

Unify the two functions by using a struct for driver initiated
roaming information so that either the BSSID or the bss entry can be
passed as an argument to the unified function.

Signed-off-by: Avraham Stern 
[modified the ath6k, brcm80211, rndis and wlan-ng drivers accordingly]
Signed-off-by: Luca Coelho 
---
 drivers/net/wireless/ath/ath6kl/cfg80211.c | 10 ++-
 .../broadcom/brcm80211/brcmfmac/cfg80211.c | 13 +++-
 drivers/net/wireless/rndis_wlan.c  | 19 +++--
 drivers/staging/wlan-ng/cfg80211.c |  7 +-
 include/net/cfg80211.h | 58 +++---
 net/wireless/core.h| 12 +--
 net/wireless/nl80211.c | 18 +++--
 net/wireless/nl80211.h |  5 +-
 net/wireless/sme.c | 90 +-
 net/wireless/util.c|  4 +-
 10 files changed, 115 insertions(+), 121 deletions(-)

diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c 
b/drivers/net/wireless/ath/ath6kl/cfg80211.c
index 0c118b7c362c..e1567a530274 100644
--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
+++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
@@ -806,9 +806,15 @@ void ath6kl_cfg80211_connect_event(struct ath6kl_vif *vif, 
u16 channel,
WLAN_STATUS_SUCCESS, GFP_KERNEL);
cfg80211_put_bss(ar->wiphy, bss);
} else if (vif->sme_state == SME_CONNECTED) {
+   struct cfg80211_roam_info roam_info = {
+   .bss = bss,
+   .req_ie = assoc_req_ie,
+   .req_ie_len = assoc_req_len,
+   .resp_ie = assoc_resp_ie,
+   .resp_ie_len = assoc_resp_len,
+   };
/* inform roam event to cfg80211 */
-   cfg80211_roamed_bss(vif->ndev, bss, assoc_req_ie, assoc_req_len,
-   assoc_resp_ie, assoc_resp_len, GFP_KERNEL);
+   cfg80211_roamed(vif->ndev, _info, GFP_KERNEL);
}
 }
 
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c 
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 8c7f1ef288c6..a36bccbb40e5 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5359,6 +5359,7 @@ brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
struct ieee80211_supported_band *band;
struct brcmf_bss_info_le *bi;
struct brcmu_chan ch;
+   struct cfg80211_roam_info roam_info = {};
u32 freq;
s32 err = 0;
u8 *buf;
@@ -5397,9 +5398,15 @@ brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
 
 done:
kfree(buf);
-   cfg80211_roamed(ndev, notify_channel, (u8 *)profile->bssid,
-   conn_info->req_ie, conn_info->req_ie_len,
-   conn_info->resp_ie, conn_info->resp_ie_len, GFP_KERNEL);
+
+   roam_info.channel = notify_channel;
+   roam_info.bssid = (u8*)profile->bssid;
+   roam_info.req_ie = conn_info->req_ie;
+   roam_info.req_ie_len = conn_info->req_ie_len;
+   roam_info.resp_ie = conn_info->resp_ie;
+   roam_info.resp_ie_len = conn_info->resp_ie_len;
+
+   cfg80211_roamed(ndev, _info, GFP_KERNEL);
brcmf_dbg(CONN, "Report roaming result\n");
 
set_bit(BRCMF_VIF_STATUS_CONNECTED, >vif->sme_state);
diff --git a/drivers/net/wireless/rndis_wlan.c 
b/drivers/net/wireless/rndis_wlan.c
index eb513628d801..37ae24cbf00e 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -2830,15 +2830,22 @@ static void rndis_wlan_do_link_up_work(struct usbnet 
*usbdev)
}
 
if (priv->infra_mode == NDIS_80211_INFRA_INFRA) {
-   if (!roamed)
+   if (!roamed) {
cfg80211_connect_result(usbdev->net, bssid, req_ie,
req_ie_len, resp_ie,
resp_ie_len, 0, GFP_KERNEL);
-   else
-   cfg80211_roamed(usbdev->net,
-   get_current_channel(usbdev, NULL),
-   bssid, req_ie, req_ie_len,
-   resp_ie, resp_ie_len, GFP_KERNEL);
+   } else {
+   struct cfg80211_roam_info roam_info = {
+   .channel = get_current_channel(usbdev, NULL),
+   .bssid = bssid,
+   .req_ie = req_ie,
+   

[PATCH 1/9] ieee80211: add SUITE_B AKM selectors

[Luca Coelho]

From: Luca Coelho 

Add the definitions for SUITE_B and SUITE_B_192 AKM selectors as
defined in IEEE802.11REVmc_D5.0, table 9-132.

Signed-off-by: Luca Coelho 
---
 include/linux/ieee80211.h | 26 ++
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 294fa6273a62..23e095fa6701 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2356,18 +2356,20 @@ enum ieee80211_sa_query_action {
 #define WLAN_CIPHER_SUITE_SMS4 SUITE(0x001472, 1)
 
 /* AKM suite selectors */
-#define WLAN_AKM_SUITE_8021X   SUITE(0x000FAC, 1)
-#define WLAN_AKM_SUITE_PSK SUITE(0x000FAC, 2)
-#define WLAN_AKM_SUITE_FT_PSK  SUITE(0x000FAC, 4)
-#define WLAN_AKM_SUITE_8021X_SHA256SUITE(0x000FAC, 5)
-#define WLAN_AKM_SUITE_PSK_SHA256  SUITE(0x000FAC, 6)
-#define WLAN_AKM_SUITE_TDLSSUITE(0x000FAC, 7)
-#define WLAN_AKM_SUITE_SAE SUITE(0x000FAC, 8)
-#define WLAN_AKM_SUITE_FT_OVER_SAE SUITE(0x000FAC, 9)
-#define WLAN_AKM_SUITE_FILS_SHA256 SUITE(0x000FAC, 14)
-#define WLAN_AKM_SUITE_FILS_SHA384 SUITE(0x000FAC, 15)
-#define WLAN_AKM_SUITE_FT_FILS_SHA256  SUITE(0x000FAC, 16)
-#define WLAN_AKM_SUITE_FT_FILS_SHA384  SUITE(0x000FAC, 17)
+#define WLAN_AKM_SUITE_8021X   SUITE(0x000FAC, 1)
+#define WLAN_AKM_SUITE_PSK SUITE(0x000FAC, 2)
+#define WLAN_AKM_SUITE_FT_PSK  SUITE(0x000FAC, 4)
+#define WLAN_AKM_SUITE_8021X_SHA256SUITE(0x000FAC, 5)
+#define WLAN_AKM_SUITE_PSK_SHA256  SUITE(0x000FAC, 6)
+#define WLAN_AKM_SUITE_TDLSSUITE(0x000FAC, 7)
+#define WLAN_AKM_SUITE_SAE SUITE(0x000FAC, 8)
+#define WLAN_AKM_SUITE_FT_OVER_SAE SUITE(0x000FAC, 9)
+#define WLAN_AKM_SUITE_8021X_SUITE_B   SUITE(0x000FAC, 11)
+#define WLAN_AKM_SUITE_8021X_SUITE_B_192   SUITE(0x000FAC, 12)
+#define WLAN_AKM_SUITE_FILS_SHA256 SUITE(0x000FAC, 14)
+#define WLAN_AKM_SUITE_FILS_SHA384 SUITE(0x000FAC, 15)
+#define WLAN_AKM_SUITE_FT_FILS_SHA256  SUITE(0x000FAC, 16)
+#define WLAN_AKM_SUITE_FT_FILS_SHA384  SUITE(0x000FAC, 17)
 
 #define WLAN_MAX_KEY_LEN   32
 
-- 
2.11.0

[PATCH 3/9] ieee80211: add FT-802.1X AKM suite selector

[Luca Coelho]

From: Luca Coelho 

Add the definition for FT-8021.1X AKM selector as defined in
IEEE Std 802.11-2016, table 9-133.

Signed-off-by: Luca Coelho 
---
 include/linux/ieee80211.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index c916ba4a22d4..13f23036dc05 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2384,6 +2384,7 @@ enum ieee80211_sa_query_action {
 /* AKM suite selectors */
 #define WLAN_AKM_SUITE_8021X   SUITE(0x000FAC, 1)
 #define WLAN_AKM_SUITE_PSK SUITE(0x000FAC, 2)
+#define WLAN_AKM_SUITE_FT_8021XSUITE(0x000FAC, 3)
 #define WLAN_AKM_SUITE_FT_PSK  SUITE(0x000FAC, 4)
 #define WLAN_AKM_SUITE_8021X_SHA256SUITE(0x000FAC, 5)
 #define WLAN_AKM_SUITE_PSK_SHA256  SUITE(0x000FAC, 6)
-- 
2.11.0

[PATCH 6/9] mac80211: don't parse encrypted management frames in ieee80211_frame_acked

[Luca Coelho]

From: Emmanuel Grumbach 

ieee80211_frame_acked is called when a frame is acked by
the peer. In case this is a management frame, we check
if this an SMPS frame, in which case we can update our
antenna configuration.

When we parse the management frame we look at the category
in case it is an action frame. That byte sits after the IV
in case the frame was encrypted. This means that if the
frame was encrypted, we basically look at the IV instead
of looking at the category. It is then theorically
possible that we think that an SMPS action frame was acked
where really we had another frame that was encrypted.

Since the only management frame whose ack needs to be
tracked is the SMPS action frame, and that frame is not
a robust management frame, it will never be encrypted.
The easiest way to fix this problem is then to not look
at frames that were encrypted.

Signed-off-by: Emmanuel Grumbach 
Signed-off-by: Luca Coelho 
---
 net/mac80211/status.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 83b8b11f24ea..fac191d6dcb7 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -200,6 +200,7 @@ static void ieee80211_frame_acked(struct sta_info *sta, 
struct sk_buff *skb)
}
 
if (ieee80211_is_action(mgmt->frame_control) &&
+   !ieee80211_has_protected(mgmt->frame_control) &&
mgmt->u.action.category == WLAN_CATEGORY_HT &&
mgmt->u.action.u.ht_smps.action == WLAN_HT_ACTION_SMPS &&
ieee80211_sdata_running(sdata)) {
-- 
2.11.0

[PATCH 0/9] cfg80211/mac80211 patches from our internal tree 2017-04-26

[Luca Coelho]

From: Luca Coelho 

Hi,

Here are some mac80211 and cfg80211 patches from our internal tree.

 * New AKM suite selectors in the ieee80211 header;
 * Some improvements in the roaming API in cfg80211;
 * Support for max BSS idle period in mac80211;
 * Some cleanups and an optimization;
 
Please review.

Cheers,
Luca.


Avraham Stern (3):
  mac80211: Add support for BSS max idle period element
  cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss()
  cfg80211/nl80211: add authorized flag to roaming event

Emmanuel Grumbach (1):
  mac80211: don't parse encrypted management frames in
ieee80211_frame_acked

Johannes Berg (2):
  ieee80211: fix kernel-doc parsing errors
  mac80211: disentangle iflist_mtx and chanctx_mtx

Luca Coelho (3):
  ieee80211: add SUITE_B AKM selectors
  ieee80211: add FT-802.1X AKM suite selector
  mac80211: make multicast variable a bool in ieee80211_accept_frame()

 drivers/net/wireless/ath/ath6kl/cfg80211.c | 10 ++-
 .../broadcom/brcm80211/brcmfmac/cfg80211.c | 13 +++-
 drivers/net/wireless/rndis_wlan.c  | 19 +++--
 drivers/staging/wlan-ng/cfg80211.c |  7 +-
 include/linux/ieee80211.h  | 67 +++-
 include/net/cfg80211.h | 62 +++
 include/net/mac80211.h | 14 +++-
 include/uapi/linux/nl80211.h   | 14 
 net/mac80211/cfg.c |  6 +-
 net/mac80211/ieee80211_i.h |  1 +
 net/mac80211/main.c|  2 +
 net/mac80211/mlme.c| 14 +++-
 net/mac80211/rx.c  |  2 +-
 net/mac80211/status.c  |  1 +
 net/mac80211/util.c| 18 -
 net/wireless/core.h| 12 +--
 net/wireless/nl80211.c | 20 +++--
 net/wireless/nl80211.h |  5 +-
 net/wireless/sme.c | 91 ++
 net/wireless/util.c|  4 +-
 20 files changed, 231 insertions(+), 151 deletions(-)

-- 
2.11.0

Re: [RFC] cfg80211: add control port state to struct cfg80211_connect_resp_params

[Johannes Berg]

On Tue, 2017-04-25 at 20:56 +0200, Arend Van Spriel wrote:
> 
> You might, but not about this ;-) The other approach I had in mind is
> to only pass the flag for drivers with 4-way-hs support. In that case
> wpa_supp also has to check that to determine whether the flag should
> be taken into account. Assuming the driver supporting 4-way-hs can
> provide the port state info. Otherwise, a new ext_feature flag would
> be needed.

I think it's reasonable to assume 4-way-HS offload drivers can support
it.

johannes

Re: [PATCH V3 4/9] cfg80211: add request id to cfg80211_sched_scan_*() api

[Johannes Berg]

On Fri, 2017-04-21 at 13:05 +0100, Arend van Spriel wrote:
> Have proper request id filled in the SCHED_SCAN_RESULTS and
> SCHED_SCAN_STOPPED notifications toward user-space by having the
> driver provide it through the api.
> 
> Reviewed-by: Hante Meuleman 
> Reviewed-by: Pieter-Paul Giesberts  m>
> Reviewed-by: Franky Lin 

All your reviewers aren't paying attention ;-)

> @@ -1722,6 +1723,7 @@ struct cfg80211_sched_scan_request {
>   struct cfg80211_bss_select_adjust rssi_adjust;
>  
>   /* internal */
> + struct work_struct results_wk;
>   struct wiphy *wiphy;
>   struct net_device *dev;
>   unsigned long scan_start;

Superficially, this is fine - but you need to think hard about the
semantics of when you cancel this work.

> +++ b/net/wireless/scan.c
> @@ -369,15 +369,13 @@ void __cfg80211_sched_scan_results(struct
> work_struct *wk)
>   struct cfg80211_registered_device *rdev;
>   struct cfg80211_sched_scan_request *request;
>  
> - rdev = container_of(wk, struct cfg80211_registered_device,
> - sched_scan_results_wk);
> + request = container_of(wk, struct
> cfg80211_sched_scan_request, results_wk);
> + rdev = wiphy_to_rdev(request->wiphy);
>  
>   rtnl_lock();
>  
> - request = cfg80211_find_sched_scan_req(rdev, 0);
> -
>   /* we don't have sched_scan_req anymore if the scan is
> stopping */

That comment is kinda wrong now, afaict? Also you return 

> - if (!IS_ERR(request)) {
> + if (request) {

This seems wrong - you do return an ERR_PTR() from find. Not that
there's all that much point in doing so vs. returning NULL, might be
worth cleaning it up.

> -void cfg80211_sched_scan_results(struct wiphy *wiphy)
> +void cfg80211_sched_scan_results(struct wiphy *wiphy, u64 reqid)
>  {
> - struct cfg80211_registered_device *rdev =
> wiphy_to_rdev(wiphy);
>   struct cfg80211_sched_scan_request *request;
>  
> - trace_cfg80211_sched_scan_results(wiphy);
> + trace_cfg80211_sched_scan_results(wiphy, reqid);
>   /* ignore if we're not scanning */
>  
>   rtnl_lock();
> - request = cfg80211_find_sched_scan_req(rdev, 0);
> + request = cfg80211_find_sched_scan_req(wiphy_to_rdev(wiphy),
> reqid);
>   rtnl_unlock();
>  
>   if (!IS_ERR(request))
> - queue_work(cfg80211_wq,
> -    _to_rdev(wiphy)-
> >sched_scan_results_wk);
> + queue_work(cfg80211_wq, >results_wk);
> + else
> + wiphy_err(wiphy, "reqid %llu not found\n", reqid);
>  }

This seems problematic - you use the request pointer outside the
locking now. I'd move that rtnl_unlock() to afterwards. The message
could also mention sched scan, that might be useful. Although I suspect
that may happen due to races (e.g. netlink socket close vs. firmware
stop) so maybe it's not all that useful.


Most importantly though, you don't protect against queuing the work
here, and then deleting the request. In the old case the comment that I
pointed out above will save us, but in this new case it can't (the
comment is now wrong), and that's a problem.

I looked briefly at this and I suspect it will be very hard to fix that
with a per-request work struct. It might be better to have a per-work
status flag that you set here, then you schedule the global work, and
that global work will send all the appropriate result messages after
clearing the status bit again, similar to what I did with the netlink
destroy now.

johannes

Re: [PATCH V3 0/9] cfg80211: support multiple scheduled scans

[Johannes Berg]

>   nl80211: allow multiple active scheduled scan requests
>   nl80211: add support for BSSIDs in scheduled scan matchsets
>   cfg80211: add request id parameter to .sched_scan_stop() signature

I applied these.

>   cfg80211: add request id to cfg80211_sched_scan_*() api

Will comment here separately.

johannes

Re: [PATCH V3 1/9] nl80211: allow multiple active scheduled scan requests

[Johannes Berg]

On Tue, 2017-04-25 at 21:49 +0200, Johannes Berg wrote:
> >     if (schedule_destroy_work) {
> > -   struct cfg80211_iface_destroy *destroy;
> > +   struct cfg80211_nlport_release *destroy;
> >  
> >     destroy = kzalloc(sizeof(*destroy),
> > GFP_ATOMIC);
> 
> I was never really happy with this allocation and really want to get
> rid of it ...

Done :)

> > +   if (schedule_sched_stop_work) {
> > +   struct cfg80211_nlport_release *destroy;
> > +
> > +   destroy = kzalloc(sizeof(*destroy),
> > GFP_ATOMIC);
> > +   if (destroy) {
> > +   destroy->nlportid = notify-
> > >portid;
> > +   spin_lock(
> > > sched_stop_list_lock);
> > 
> > +   list_add(>list, 
> > > sched_stop_list);
> > 
> > +   spin_unlock(
> > > sched_stop_list_lock);
> > 
> > +   schedule_work(
> > > sched_scan_stop_wk);
> > 
> > +   }
> > +   }
> 
> Can't we set some kind of flag in the struct
> cfg80211_sched_scan_request and iterate through them later again,
> checking which need to be destroyed?

Easy enough - I'll also do that.

johannes

[PATCH] cfg80211: simplify netlink socket owner interface deletion

[Johannes Berg]

From: Johannes Berg 

There's no need to allocate a portid structure and then, for
each of those, walk the interfaces - we can just add a flag
to each interface and walk those directly. Due to padding in
the struct, we can even do it without any memory cost, and
it even simplifies the code.

Signed-off-by: Johannes Berg 
---
 include/net/cfg80211.h |  5 +++--
 net/wireless/core.c| 26 --
 net/wireless/core.h|  8 
 net/wireless/nl80211.c | 22 +-
 4 files changed, 12 insertions(+), 49 deletions(-)

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 2a200b964b7a..999ec24afbe7 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -4037,12 +4037,13 @@ struct wireless_dev {
 
u32 ap_unexpected_nlportid;
 
+   u32 owner_nlportid;
+   bool nl_owner_dead;
+
bool cac_started;
unsigned long cac_start_time;
unsigned int cac_time_ms;
 
-   u32 owner_nlportid;
-
 #ifdef CONFIG_CFG80211_WEXT
/* wext data */
struct {
diff --git a/net/wireless/core.c b/net/wireless/core.c
index b0d6761f0cdd..4ea28de3a636 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -305,30 +305,14 @@ static void cfg80211_event_work(struct work_struct *work)
 
 void cfg80211_destroy_ifaces(struct cfg80211_registered_device *rdev)
 {
-   struct cfg80211_iface_destroy *item;
+   struct wireless_dev *wdev, *tmp;
 
ASSERT_RTNL();
 
-   spin_lock_irq(>destroy_list_lock);
-   while ((item = list_first_entry_or_null(>destroy_list,
-   struct cfg80211_iface_destroy,
-   list))) {
-   struct wireless_dev *wdev, *tmp;
-   u32 nlportid = item->nlportid;
-
-   list_del(>list);
-   kfree(item);
-   spin_unlock_irq(>destroy_list_lock);
-
-   list_for_each_entry_safe(wdev, tmp,
->wiphy.wdev_list, list) {
-   if (nlportid == wdev->owner_nlportid)
-   rdev_del_virtual_intf(rdev, wdev);
-   }
-
-   spin_lock_irq(>destroy_list_lock);
+   list_for_each_entry_safe(wdev, tmp, >wiphy.wdev_list, list) {
+   if (wdev->nl_owner_dead)
+   rdev_del_virtual_intf(rdev, wdev);
}
-   spin_unlock_irq(>destroy_list_lock);
 }
 
 static void cfg80211_destroy_iface_wk(struct work_struct *work)
@@ -484,8 +468,6 @@ struct wiphy *wiphy_new_nm(const struct cfg80211_ops *ops, 
int sizeof_priv,
rdev->wiphy.dev.platform_data = rdev;
device_enable_async_suspend(>wiphy.dev);
 
-   INIT_LIST_HEAD(>destroy_list);
-   spin_lock_init(>destroy_list_lock);
INIT_WORK(>destroy_work, cfg80211_destroy_iface_wk);
INIT_WORK(>sched_scan_stop_wk, cfg80211_sched_scan_stop_wk);
INIT_WORK(>propagate_radar_detect_wk,
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 5d27eca57d3b..f9b748e3425a 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -91,10 +91,7 @@ struct cfg80211_registered_device {
 
struct cfg80211_coalesce *coalesce;
 
-   spinlock_t destroy_list_lock;
-   struct list_head destroy_list;
struct work_struct destroy_work;
-
struct work_struct sched_scan_stop_wk;
 
struct cfg80211_chan_def radar_chandef;
@@ -264,11 +261,6 @@ struct cfg80211_beacon_registration {
u32 nlportid;
 };
 
-struct cfg80211_iface_destroy {
-   struct list_head list;
-   u32 nlportid;
-};
-
 struct cfg80211_cqm_config {
u32 rssi_hyst;
s32 last_rssi_event_value;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 50c35affccad..45f5f418e562 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -14883,7 +14883,6 @@ static int nl80211_netlink_notify(struct notifier_block 
* nb,
rcu_read_lock();
 
list_for_each_entry_rcu(rdev, _rdev_list, list) {
-   bool schedule_destroy_work = false;
struct cfg80211_sched_scan_request *sched_scan_req =
rcu_dereference(rdev->sched_scan_req);
 
@@ -14899,10 +14898,12 @@ static int nl80211_netlink_notify(struct 
notifier_block * nb,
list_for_each_entry_rcu(wdev, >wiphy.wdev_list, list) {
cfg80211_mlme_unregister_socket(wdev, notify->portid);
 
-   if (wdev->owner_nlportid == notify->portid)
-   schedule_destroy_work = true;
-   else if (wdev->conn_owner_nlportid == notify->portid)
+   if (wdev->owner_nlportid == notify->portid) {
+   wdev->nl_owner_dead = true;
+   schedule_work(>destroy_work);
+   } else if 

Re: 4.11-rc* iwlwifi instable

[Luca Coelho]

On Wed, 2017-04-26 at 09:10 +0300, Kalle Valo wrote:
> Luca Coelho  writes:
> 
> > > > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/iwlwifi-7265D-27.ucode
> > > > 
> > > > We have loads of fixes and improvements in this new version.  And
> > > > hopefully it will make your problems go away. ;)
> > > > 
> > > > Please try it and let me know how it goes.
> > > 
> > > This is -27, but the driver looks for -28
> > > 
> > > [12382.760671] iwlwifi :03:00.0: Direct firmware load for
> > > iwlwifi-7265D-28.ucode failed with error -2
> > > 
> > > Where is version -28?
> > 
> > TL;DR: this error message is harmless and the driver tries to load -27
> > if -28 is not available.
> > 
> > Long story: We upstream driver patches from our internal tree constantly
> > and, at that point, we don't know which FW version will pass all the
> > quality gates to be released officially.  The driver in 4.11 supports up
> > to version -28.  We haven't release -28 yet, though (and maybe won't),
> > so you get this error message when we try to load it.  But if it fails
> > to load, we try to load the one immediately below it and so on, until we
> > reach the minimum API version we support.
> > 
> > These errors are definitely annoying and confusing, but I don't know how
> > to work around them.  Luckily Luis is working on the firmware class[1]
> > and part of his work will make these messages go away.
> 
> FWIW, we got frustrated with the same problem in ath10k and switched to
> request_firmware_direct() to get rid of the warning:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f5bcfe93315d75da4cc46bd30b536966559359a

Thanks for pointing this out! I hope Luis' series goes in at some point
soon so we can use the new fallback function and get rid of this logic
in the driver.

--
Cheers,
Luca.

Re: 4.11-rc* iwlwifi instable

[Kalle Valo]

Luca Coelho  writes:

>> > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/iwlwifi-7265D-27.ucode
>> > 
>> > We have loads of fixes and improvements in this new version.  And
>> > hopefully it will make your problems go away. ;)
>> > 
>> > Please try it and let me know how it goes.
>> 
>> This is -27, but the driver looks for -28
>> 
>> [12382.760671] iwlwifi :03:00.0: Direct firmware load for
>> iwlwifi-7265D-28.ucode failed with error -2
>> 
>> Where is version -28?
>
> TL;DR: this error message is harmless and the driver tries to load -27
> if -28 is not available.
>
> Long story: We upstream driver patches from our internal tree constantly
> and, at that point, we don't know which FW version will pass all the
> quality gates to be released officially.  The driver in 4.11 supports up
> to version -28.  We haven't release -28 yet, though (and maybe won't),
> so you get this error message when we try to load it.  But if it fails
> to load, we try to load the one immediately below it and so on, until we
> reach the minimum API version we support.
>
> These errors are definitely annoying and confusing, but I don't know how
> to work around them.  Luckily Luis is working on the firmware class[1]
> and part of his work will make these messages go away.

FWIW, we got frustrated with the same problem in ath10k and switched to
request_firmware_direct() to get rid of the warning:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f5bcfe93315d75da4cc46bd30b536966559359a

-- 
Kalle Valo