2
0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Commit Graph

40 Commits

Author SHA1 Message Date
Qiujun Huang
abeaa85054 ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
Free wmi later after cmd urb has been killed, as urb cb will access wmi.

the case reported by syzbot:
https://lore.kernel.org/linux-usb/0000000000000002fc05a1d61a68@google.com
BUG: KASAN: use-after-free in ath9k_wmi_ctrl_rx+0x416/0x500
drivers/net/wireless/ath/ath9k/wmi.c:215
Read of size 1 at addr ffff8881cef1417c by task swapper/1/0

Call Trace:
<IRQ>
ath9k_wmi_ctrl_rx+0x416/0x500 drivers/net/wireless/ath/ath9k/wmi.c:215
ath9k_htc_rx_msg+0x2da/0xaf0
drivers/net/wireless/ath/ath9k/htc_hst.c:459
ath9k_hif_usb_reg_in_cb+0x1ba/0x630
drivers/net/wireless/ath/ath9k/hif_usb.c:718
__usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650
usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716
dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
expire_timers kernel/time/timer.c:1449 [inline]
__run_timers kernel/time/timer.c:1773 [inline]
__run_timers kernel/time/timer.c:1740 [inline]
run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786

Reported-and-tested-by: syzbot+5d338854440137ea0fef@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200404041838.10426-3-hqjagain@gmail.com
2020-04-07 07:56:26 +03:00
Qiujun Huang
ced21a4c72 ath9k: Fix use-after-free Read in htc_connect_service
The skb is consumed by htc_send_epid, so it needn't release again.

The case reported by syzbot:

https://lore.kernel.org/linux-usb/000000000000590f6b05a1c05d15@google.com
usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size:
51008
usb 1-1: Service connection timeout for: 256
==================================================================
BUG: KASAN: use-after-free in atomic_read
include/asm-generic/atomic-instrumented.h:26 [inline]
BUG: KASAN: use-after-free in refcount_read include/linux/refcount.h:134
[inline]
BUG: KASAN: use-after-free in skb_unref include/linux/skbuff.h:1042
[inline]
BUG: KASAN: use-after-free in kfree_skb+0x32/0x3d0 net/core/skbuff.c:692
Read of size 4 at addr ffff8881d0957994 by task kworker/1:2/83

Call Trace:
kfree_skb+0x32/0x3d0 net/core/skbuff.c:692
htc_connect_service.cold+0xa9/0x109
drivers/net/wireless/ath/ath9k/htc_hst.c:282
ath9k_wmi_connect+0xd2/0x1a0 drivers/net/wireless/ath/ath9k/wmi.c:265
ath9k_init_htc_services.constprop.0+0xb4/0x650
drivers/net/wireless/ath/ath9k/htc_drv_init.c:146
ath9k_htc_probe_device+0x25a/0x1d80
drivers/net/wireless/ath/ath9k/htc_drv_init.c:959
ath9k_htc_hw_init+0x31/0x60
drivers/net/wireless/ath/ath9k/htc_hst.c:501
ath9k_hif_usb_firmware_cb+0x26b/0x500
drivers/net/wireless/ath/ath9k/hif_usb.c:1187
request_firmware_work_func+0x126/0x242
drivers/base/firmware_loader/main.c:976
process_one_work+0x94b/0x1620 kernel/workqueue.c:2264
worker_thread+0x96/0xe20 kernel/workqueue.c:2410
kthread+0x318/0x420 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Allocated by task 83:
kmem_cache_alloc_node+0xdc/0x330 mm/slub.c:2814
__alloc_skb+0xba/0x5a0 net/core/skbuff.c:198
alloc_skb include/linux/skbuff.h:1081 [inline]
htc_connect_service+0x2cc/0x840
drivers/net/wireless/ath/ath9k/htc_hst.c:257
ath9k_wmi_connect+0xd2/0x1a0 drivers/net/wireless/ath/ath9k/wmi.c:265
ath9k_init_htc_services.constprop.0+0xb4/0x650
drivers/net/wireless/ath/ath9k/htc_drv_init.c:146
ath9k_htc_probe_device+0x25a/0x1d80
drivers/net/wireless/ath/ath9k/htc_drv_init.c:959
ath9k_htc_hw_init+0x31/0x60
drivers/net/wireless/ath/ath9k/htc_hst.c:501
ath9k_hif_usb_firmware_cb+0x26b/0x500
drivers/net/wireless/ath/ath9k/hif_usb.c:1187
request_firmware_work_func+0x126/0x242
drivers/base/firmware_loader/main.c:976
process_one_work+0x94b/0x1620 kernel/workqueue.c:2264
worker_thread+0x96/0xe20 kernel/workqueue.c:2410
kthread+0x318/0x420 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Freed by task 0:
kfree_skb+0x102/0x3d0 net/core/skbuff.c:690
ath9k_htc_txcompletion_cb+0x1f8/0x2b0
drivers/net/wireless/ath/ath9k/htc_hst.c:356
hif_usb_regout_cb+0x10b/0x1b0
drivers/net/wireless/ath/ath9k/hif_usb.c:90
__usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650
usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716
dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
expire_timers kernel/time/timer.c:1449 [inline]
__run_timers kernel/time/timer.c:1773 [inline]
__run_timers kernel/time/timer.c:1740 [inline]
run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786
__do_softirq+0x21e/0x950 kernel/softirq.c:292

Reported-and-tested-by: syzbot+9505af1ae303dabdc646@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200404041838.10426-2-hqjagain@gmail.com
2020-04-07 07:56:08 +03:00
Navid Emamdoost
728c1e2a05 ath9k: release allocated buffer if timed out
In ath9k_wmi_cmd, the allocated network buffer needs to be released
if timeout happens. Otherwise memory will be leaked.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-09-10 16:31:40 +03:00
Sebastian Andrzej Siewior
84a0d4669c ath9k: use irqsave() in USB's complete callback
The USB completion callback does not disable interrupts while acquiring
the lock. We want to remove the local_irq_disable() invocation from
__usb_hcd_giveback_urb() and therefore it is required for the callback
handler to disable the interrupts while acquiring the lock.
The callback may be invoked either in IRQ or BH context depending on the
USB host controller.
Use the _irqsave() variant of the locking primitives.

Cc: QCA ath9k Development <ath9k-devel@qca.qualcomm.com>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2018-06-29 14:55:36 +03:00
Himanshu Jha
50c8cd44ed ath9k: remove cast to void pointer
casting to void pointer from any pointer type and vice-versa is done
implicitly and therefore casting is not needed in such a case.

Done using Coccinellle.
Semantic Patch used :

@r@
expression x;
void* e;
type T;
identifier f;
@@

(
  *((T *)e)
|
  ((T *)x)[...]
|
  ((T *)x)->f
|
- (T *)
  e
)


Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2017-09-25 10:13:58 +03:00
yuan linyu
b952f4dff2 net: manual clean code which call skb_put_[data:zero]
Signed-off-by: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-20 13:30:15 -04:00
Johannes Berg
d58ff35122 networking: make skb_push & __skb_push return void pointers
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.

Make these functions return void * and remove all the casts across
the tree, adding a (u8 *) cast only where the unsigned char pointer
was used directly, all done with the following spatch:

    @@
    expression SKB, LEN;
    typedef u8;
    identifier fn = { skb_push, __skb_push, skb_push_rcsum };
    @@
    - *(fn(SKB, LEN))
    + *(u8 *)fn(SKB, LEN)

    @@
    expression E, SKB, LEN;
    identifier fn = { skb_push, __skb_push, skb_push_rcsum };
    type T;
    @@
    - E = ((T *)(fn(SKB, LEN)))
    + E = fn(SKB, LEN)

    @@
    expression SKB, LEN;
    identifier fn = { skb_push, __skb_push, skb_push_rcsum };
    @@
    - fn(SKB, LEN)[0]
    + *(u8 *)fn(SKB, LEN)

Note that the last part there converts from push(...)[0] to the
more idiomatic *(u8 *)push(...).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 11:48:40 -04:00
Johannes Berg
59ae1d127a networking: introduce and use skb_put_data()
A common pattern with skb_put() is to just want to memcpy()
some data into the new space, introduce skb_put_data() for
this.

An spatch similar to the one for skb_put_zero() converts many
of the places using it:

    @@
    identifier p, p2;
    expression len, skb, data;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, len);
    |
    -memcpy(p, data, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb, data;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, sizeof(*p));
    |
    -memcpy(p, data, sizeof(*p));
    )

    @@
    expression skb, len, data;
    @@
    -memcpy(skb_put(skb, len), data, len);
    +skb_put_data(skb, data, len);

(again, manually post-processed to retain some comments)

Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 11:48:37 -04:00
Nicholas Mc Guire
61fc39204b ath9k_htc: wmi: match wait_for_completion_timeout return type
Return type of wait_for_completion_timeout is unsigned long not int.
As time_left is exclusively used for wait_for_completion_timeout here its
type is simply changed to unsigned long.

API conformance testing for completions with coccinelle spatches are being
used to locate API usage inconsistencies:
./drivers/net/wireless/ath/ath9k/wmi.c:331
	int return assigned to unsigned long

Patch was compile tested with x86_64_defconfig + CONFIG_ATH_CARDS=m,
CONFIG_ATH9K_HTC=m

Patch is against 4.1-rc3 (localversion-next is -next-20150514)

Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2015-08-13 15:26:19 +03:00
Fred Chou
00ca18034f ath9k_htc: check seq number instead of cmd id for timeout
As the driver may send multiple wmi commands with identical cmd id,
it is more robust to check seq number for timeout instead.

Signed-off-by: Fred Chou <fred.chou.nd@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2015-04-07 20:07:44 +03:00
Oleksij Rempel
8badb50cfa ath9k_htc: add new WMI_REG_RMW_CMDID command
Since usb bus add extra delay on each request, a command
with read + write requests is too expensive. We can dramtically
reduce usb load by moving this command to firmware.

In my tests, this patch will reduce channel scan time
for about 5-10 seconds.

Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2015-03-30 11:31:18 +03:00
Joe Perches
d2182b69dc ath: Convert ath_dbg(bar, ATH_DBG_<FOO>, to ath_dbg(bar, FOO
Add ATH_DBG_ to macros to shorten the uses and
reduce the line count.

Coalesce ath_dbg formats.
Add missing spaces to coalesced formats.
Add missing newline terminations to ath_dbg formats.
Align ath_dbg arguments where appropriate.
Standardize ath_dbg formats without periods.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-12-19 14:35:31 -05:00
Sujith Manoharan
5b68138e56 ath9k: Drag the driver to the year 2011
The Times They Are a-Changin'.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-19 13:54:05 -04:00
Sujith Manoharan
a55bb94aa3 ath9k_htc: Add a new WMI command to set a rate mask
This patch adds WMI_BITRATE_MASK_CMDID which can be
used by the set_bitrate_mask() handler.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-28 14:53:20 -04:00
Sujith Manoharan
155dcda6f1 ath9k_htc: Remove unused WMI_AGGR_LIMIT_CMD
Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-28 14:53:20 -04:00
Sujith Manoharan
fbc29d6c3d ath9k_htc: Add detailed firmware statistics
New debugfs files:

<debugfs_root>/ath9k_htc/<phy#>/tgt_int_stats
<debugfs_root>/ath9k_htc/<phy#>/tgt_tx_stats
<debugfs_root>/ath9k_htc/<phy#>/tgt_rx_stats

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:24:41 -04:00
Sujith Manoharan
859c3ca1e4 ath9k_htc: Add a timer to cleanup WMI events
Occasionally, a WMI event would arrive ahead of the TX
URB completion handler. Discarding these events would exhaust
the available TX slots, so handle them by running a timer
cleaning up such events. Also, timeout packets for which TX
completion events have not arrived.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:24:30 -04:00
Sujith Manoharan
27876a29de ath9k_htc: Add support for TX completion
Now that the infrastructure is in place, process WMI
TX status events and complete packets.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:24:20 -04:00
Sujith Manoharan
d67ee53393 ath9k_htc: Introduce new HTC API
A new routine that takes an endpoint explicitly is
introduced. The normal htc_send() now retrieves the endpoint
from the packet's private data. This would be useful
in TX completion when the endpoint ID would be required.
While at it, use a helper function to map the queue to endpoint.

Data/mgmt/beacon packets use htc_send(), while WMI comamnds
pass the endpoint to HTC.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:23:46 -04:00
Sujith Manoharan
40dc9e4b86 ath9k_htc: Use SKB's private area for TX parameters
For all packets sent through the USB_WLAN_TX_PIPE endpoint,
the private area of the SKB's tx_info can be used to store
driver-specific information. For packets sent through USB_REG_OUT_PIPE,
this will not make a difference since they are routed through a
separate routine that doesn't access the private region.

This would help in situations where TX information is required
in the URB callback.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:22:53 -04:00
Sujith Manoharan
e723f3900c ath9k_htc: Remove unused WMI commands
WMI_TGT_TXQ_ENABLE_CMDID
WMI_HOST_ATTACH
WMI_DEBUG_INFO_CMDID
WMI_BEACON_UPDATE_CMDID
WMI_RESET_CMDID
WMI_RX_LINK_CMDID
WMI_STOP_DMA_RECV_CMDID

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:22:48 -04:00
Sujith Manoharan
f4c88991f5 ath9k_htc: Queue WMI events
Use a queue to handle WMI events and schedule a tasklet
to process the events. This fixes the race between the
WMI event ISR and the SWBA tasklet when the arrival of
WMI events in quick succession could overwrite the SWBA
data before the tasklet from a previous iteration could
have been scheduled. Also, drain the WMI queue properly.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:22:33 -04:00
Sujith Manoharan
832f6a18fc ath9k_htc: Add beacon slots
Beacon transmission is now handled through a slot mechanism.
This allows multiple beaconing interfaces to be be present.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:22:14 -04:00
Sujith Manoharan
1c165c972b ath9k_htc: Fix WMI and beacon header
Match the beacon header with that of the firmware.
Also, the firmware reports the TSF for an SWBA, so
store it.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:22:11 -04:00
Sujith Manoharan
29bbfb2491 ath9k_htc: Add a WMI command to get the firmware version
Also, update the wiphy information and use the correct
device pointer when registering. This would fix ethtool.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:22:07 -04:00
Sujith Manoharan
a5fae37d11 ath9k_htc: Configure beacon timers in AP mode
Handle multi-interface situations by checking if
AP interfaces are already present.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-02-23 16:25:28 -05:00
Sujith Manoharan
73908674c6 ath9k_htc: Handle FATAL events
The device has to be reset when a FATAL event is received.
Not doing so would leave the card in a non-working state.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-01-04 14:43:00 -05:00
Sujith Manoharan
97dcec5715 ath9k_htc: Fix warning on device removal
The commit "ath9k_hw: warn if we cannot change the power to the chip"
introduced a new warning to indicate chip powerup failures, but this
is not required for devices that have been removed. Handle USB device
removal properly by checking for unplugged status.

For PCI devices, this warning will still be seen when the card is pulled
out, not sure how to check for card removal.

Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-22 15:43:25 -05:00
Joe Perches
226afe68fd ath: Convert ath_print to ath_dbg
Remove ath/debug.h and the includes of these files.
Coalesce long formats.
Correct a few misspellings and missing "\n"s from these logging messages.
Remove unnecessary trailing space before a newline.
Remove ARRAY_SIZE casts, use printf type %zu

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-07 16:34:48 -05:00
Rajkumar Manoharan
cc0de6536e ath9k_htc: Fix memory leak on WMI event handler
ath9k_wmi_ctrl_rx is racy with ath9k_wmi_tasklet on event notification
due to which the wmi_skb may be overwritten which leads to memory leak.

Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-14 16:14:26 -04:00
Vivek Natarajan
21cb987914 ath9k_htc: Add support for bluetooth coexistence.
Signed-off-by: Vivek Natarajan <vnatarajan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-08-24 16:32:05 -04:00
Dan Carpenter
43163f0f8a ath9k: cleanup: remove unneeded null check
We dereference "wmi" on the line before and also when we initialize "ah".
This check has always been after a dereference since the first commit a
couple months ago.  Looking through the code, it looks like "wmi" can't
actually be null here so I just removed the check.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-06-02 16:13:33 -04:00
Sujith
0d36d71da2 ath9k_htc: Fix WMI command race
My patch "ath9k_htc: Handle WMI timeouts properly" introduced
a race condition in WMI command processing. The last issued command
should be stored _before_ issuing a WMI command. Not doing this
would result in the WMI event IRQ dropping correct command responses
as invalid.

Fix this race by storing the command id correctly.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-04-26 14:21:21 -04:00
Sujith
a3be14b76d ath9k_htc: Handle device unplug properly
When the USB device has been unplugged, there is
no point in trying to send commands to the target.
Fix this by denying all WMI commands in such a case.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-04-26 14:21:16 -04:00
Sujith
7f1f5a0060 ath9k_htc: Fix sparse endian warnings
This patch fixes a bunch of endian issues that
were exposed by sparse. It's a miracle that the driver
worked at all till now.

The Lord be praised.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-04-16 15:47:13 -04:00
Sujith
6ce34ec11c ath9k_htc: Handle WMI timeouts properly
If a WMI command has timed out for some reason,
a late WMI response would end up updating the
response region of a new WMI request that has been
issued in the meantime.

Fix this race condition by dropping a WMI response
if a new WMI command has been issued.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-04-16 15:47:12 -04:00
Sujith
4a22fe108e ath9k_htc: Implement multiple register write support
This patch adds support for writing multiple registers
in a single USB command.

Specific calls from the HW code that performs multiple
register writes would be modified to make use of this
in subsequent patches.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-04-16 15:47:05 -04:00
Ming Lei
0fa35a5836 ath9k-htc:respect usb buffer cacheline alignment in reg out path
In ath9k-htc register out path, ath9k-htc will pass skb->data into
usb hcd and usb hcd will do dma mapping and unmapping to the buffer
pointed by skb->data, so we should pass a cache-line aligned address.

This patch replace __dev_alloc_skb with alloc_skb to make skb->data
pointed to a cacheline aligned address simply since ath9k-htc does not
skb_push on the skb and pass it to mac80211, also use kfree_skb to free
the skb allocated by alloc_skb(we can use kfree_skb safely in hardirq
context since skb->destructor is NULL always in the path).

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-04-14 14:52:43 -04:00
Ming Lei
e6c6d33cb7 ath9k-htc:respect usb buffer cacheline alignment in reg in path
In ath9k-htc register in path, ath9k-htc will pass skb->data into
usb hcd and usb hcd will do dma mapping and unmapping to the buffer
pointed by skb->data, so we should pass a cache-line aligned address.

This patch replace __dev_alloc_skb with alloc_skb to make skb->data
pointed to a cacheline aligned address simply since ath9k-htc does not
skb_push on the skb and pass it to mac80211, also use kfree_skb to free
the skb allocated by alloc_skb(we can use kfree_skb safely in hardirq
context since skb->destructor is NULL always in the path).

Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-04-14 14:52:43 -04:00
Sujith
fb9987d0f7 ath9k_htc: Support for AR9271 chipset.
Features:

 * Station mode
 * IBSS mode
 * Monitor mode
 * Legacy support
 * HT support
 * TX/RX 11n Aggregation
 * HW encryption
 * LED
 * Suspend/Resume

For more information: http://wireless.kernel.org/en/users/Drivers/ath9k_htc

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-03-23 16:50:17 -04:00