From c41d02b68fb0b1299e4e2bc73b6ce409210d725b Mon Sep 17 00:00:00 2001
From: Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com>
Date: Wed, 12 Oct 2011 12:01:37 +0200
Subject: cw1200: Fixing corrupted direct probe requests.

Direct probe used shared SKB buffer after headers were stripped by
mac80211 layer.

Fix reimplements (and significantly simplifies) direct probe handling,
using the same technique as for other "special" frames.

Change-Id: Ibec9b72ccb497ae385d315b68001c5e23ef05701
Signed-off-by: Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com>
Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/33775
Reviewed-by: Philippe LANGLAIS <philippe.langlais@stericsson.com>
---
 drivers/staging/cw1200/scan.c | 32 ++++++++++++++++++--------------
 drivers/staging/cw1200/scan.h |  1 -
 drivers/staging/cw1200/wsm.c  | 12 +-----------
 3 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/drivers/staging/cw1200/scan.c b/drivers/staging/cw1200/scan.c
index 568782eb0c9..d97bc8182b0 100644
--- a/drivers/staging/cw1200/scan.c
+++ b/drivers/staging/cw1200/scan.c
@@ -329,11 +329,12 @@ void cw1200_probe_work(struct work_struct *work)
 {
 	struct cw1200_common *priv =
 		container_of(work, struct cw1200_common, scan.probe_work.work);
-	struct wsm_tx *wsm = (struct wsm_tx *)
-		priv->scan.probe_skb->data;
+	u8 queueId = cw1200_queue_get_queue_id(priv->pending_frame_id);
+	struct cw1200_queue *queue = &priv->tx_queue[queueId];
+	const struct cw1200_txpriv *txpriv;
+	struct wsm_tx *wsm;
 	struct wsm_template_frame frame = {
 		.frame_type = WSM_FRAME_TYPE_PROBE_REQUEST,
-		.skb = priv->scan.probe_skb,
 	};
 	struct wsm_ssid ssids[1] = {{
 		.length = 0,
@@ -344,7 +345,6 @@ void cw1200_probe_work(struct work_struct *work)
 	} };
 	struct wsm_scan scan = {
 		.scanType = WSM_SCAN_TYPE_FOREGROUND,
-		.maxTransmitRate = wsm->maxTxRate,
 		.numOfProbeRequests = 1,
 		.probeDelay = 0,
 		.numOfChannels = 1,
@@ -357,12 +357,8 @@ void cw1200_probe_work(struct work_struct *work)
 
 	wiphy_dbg(priv->hw->wiphy, "[SCAN] Direct probe work.\n");
 
-	if (!priv->channel) {
-		dev_kfree_skb(priv->scan.probe_skb);
-		priv->scan.probe_skb = NULL;
-		wsm_unlock_tx(priv);
-		return;
-	}
+	BUG_ON(queueId >= 4);
+	BUG_ON(!priv->channel);
 
 	mutex_lock(&priv->conf_mutex);
 	if (unlikely(down_trylock(&priv->scan.lock))) {
@@ -374,13 +370,20 @@ void cw1200_probe_work(struct work_struct *work)
 		return;
 	}
 
+	if (cw1200_queue_get_skb(queue,	priv->pending_frame_id,
+			&frame.skb, &txpriv)) {
+		wsm_unlock_tx(priv);
+		return;
+	}
+	wsm = (struct wsm_tx *)frame.skb->data;
+	scan.maxTransmitRate = wsm->maxTxRate;
 	scan.band = (priv->channel->band == IEEE80211_BAND_5GHZ) ?
 		WSM_PHY_BAND_5G : WSM_PHY_BAND_2_4G;
 	if (priv->join_status == CW1200_JOIN_STATUS_STA)
 		scan.scanType = WSM_SCAN_TYPE_BACKGROUND;
 	ch[0].number = priv->channel->hw_value;
 
-	skb_pull(frame.skb, sizeof(struct wsm_tx));
+	skb_pull(frame.skb, txpriv->offset);
 
 	ies = &frame.skb->data[sizeof(struct ieee80211_hdr_3addr)];
 	ies_len = frame.skb->len - sizeof(struct ieee80211_hdr_3addr);
@@ -416,9 +419,10 @@ void cw1200_probe_work(struct work_struct *work)
 	}
 	mutex_unlock(&priv->conf_mutex);
 
-	/* TODO: Report TX status to ieee80211 layer */
-	dev_kfree_skb(priv->scan.probe_skb);
-	priv->scan.probe_skb = NULL;
+	skb_push(frame.skb, txpriv->offset);
+	if (!ret)
+		IEEE80211_SKB_CB(frame.skb)->flags |= IEEE80211_TX_STAT_ACK;
+	BUG_ON(cw1200_queue_remove(queue, priv->pending_frame_id));
 
 	if (ret) {
 		priv->scan.direct_probe = 0;
diff --git a/drivers/staging/cw1200/scan.h b/drivers/staging/cw1200/scan.h
index f2ea372aad7..fd59123e742 100644
--- a/drivers/staging/cw1200/scan.h
+++ b/drivers/staging/cw1200/scan.h
@@ -38,7 +38,6 @@ struct cw1200_scan {
 	atomic_t in_progress;
 	/* Direct probe requests workaround */
 	struct delayed_work probe_work;
-	struct sk_buff *probe_skb;
 	int direct_probe;
 };
 
diff --git a/drivers/staging/cw1200/wsm.c b/drivers/staging/cw1200/wsm.c
index 295b13f5676..a8c49494e49 100644
--- a/drivers/staging/cw1200/wsm.c
+++ b/drivers/staging/cw1200/wsm.c
@@ -1403,17 +1403,7 @@ static bool wsm_handle_tx_data(struct cw1200_common *priv,
 		wsm_printk(KERN_DEBUG \
 			"[WSM] Convert probe request to scan.\n");
 		wsm_lock_tx_async(priv);
-		BUG_ON(priv->scan.probe_skb);
-		BUG_ON(cw1200_queue_get_skb(queue,
-				wsm->packetID,
-				&priv->scan.probe_skb,
-				&txpriv));
-		skb_get(priv->scan.probe_skb);
-		IEEE80211_SKB_CB(priv->scan.probe_skb)->flags |=
-				IEEE80211_TX_STAT_ACK;
-		BUG_ON(cw1200_queue_remove(queue,
-			__le32_to_cpu(wsm->packetID)));
-		/* Release used TX rate policy */
+		priv->pending_frame_id = __le32_to_cpu(wsm->packetID);
 		queue_delayed_work(priv->workqueue,
 				&priv->scan.probe_work, 0);
 		handled = true;
-- 
cgit v1.2.3