Sony Xperia Wireless backport test

This page documents an experiment running the mainline broadcom wireless driver backported to 3.4 for use on 2 different Sony phones. (For reference, Sony employees can find this information on the Sony Androiki site on the page "Kanstrup".) These tests were done in May and June of 2015. Some information is redacted as it is internal.

Status
Functional
 * BCM4339 chipset working
 * Wi-Fi can be enabled / disabled from UI
 * STA connections works

Non-functional
 * Wi-Fi direct / Wi-Fi display
 * hangs on rmmod

Scratchpad info on running Xperia XXXX phones with brcmfmac driver
Apply these changes (the last patch in the set must be changed if you are not building for YYYY): 

Build fullbuild and flash a phone with the above patches

Download latest backports from http://drvbp1.linux-foundation.org/~mcgrof/rel-html/backports/ (NOTE though that 3.19-rc1 version crashes when unloading wifi module)

Or use bleeding edge backports: Clone linux-next git Clone backports git ./gentree.py --verbose --clean --git-revision next-20150424 ../linux-next/ ../backports-brcm80211

Building drivers make -j11 KLIB=$ANDROID_BUILD_TOP/out/target/product/$TARGET_PRODUCT/obj/KERNEL_OBJ KLIB_BUILD=$ANDROID_BUILD_TOP/out/target/product/$TARGET_PRODUCT/obj/KERNEL_OBJ ARCH=arm CROSS_COMPILE=$ANDROID_BUILD_TOP/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi- defconfig-brcmfmac

make -j11 KLIB=$ANDROID_BUILD_TOP/out/target/product/$TARGET_PRODUCT/obj/KERNEL_OBJ KLIB_BUILD=$ANDROID_BUILD_TOP/out/target/product/$TARGET_PRODUCT/obj/KERNEL_OBJ ARCH=arm CROSS_COMPILE=$ANDROID_BUILD_TOP/prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi-

If you get build errors try applying shinano-backports.patch on top of backports

Then push the built drivers to your newly flashed phone

adb push ./compat/compat.ko /system/lib/modules/ adb push ./net/wireless/cfg80211.ko /system/lib/modules/ adb push ./drivers/net/wireless/brcm80211/brcmfmac/brcmfmac.ko /system/lib/modules/ adb push ./drivers/net/wireless/brcm80211/brcmutil/brcmutil.ko /system/lib/modules/

Now reboot and you should be able to use wifi as usual.

Misc stuff

Easy command to build your new kernel, boot image and flash it with: make -j12 out/target/product/${TARGET_PRODUCT}/boot.img &amp;&amp; adb wait-for-device reboot bootloader &amp;&amp; sleep 2 &amp;&amp;  fastboot flash boot out/target/product/${TARGET_PRODUCT}/boot.img &amp;&amp; fastboot reboot

Commands for symlink to original xxxxx firmware and nv files adb shell mkdir /etc/firmware/brcm adb shell ln -s /etc/firmware/wlan/bcmdhd/fw_bcmdhd.bin /etc/firmware/brcm/brcmfmac4339-sdio.bin adb shell ln -s /etc/firmware/wlan/bcmdhd/bcmdhd.cal /etc/firmware/brcm/brcmfmac4339-sdio.txt

Loading modules

adb shell insmod /system/lib/modules/compat.ko adb shell insmod /system/lib/modules/cfg80211.ko adb shell insmod /system/lib/modules/brcmutil.ko  adb shell insmod /system/lib/modules/brcmfmac.ko p2pon=1

To unload - rmmod brcmfmac rmmod brcmutil rmmod cfg80211 rmmod compat

Disable wifi from command line --- sqlite3 /data/data/com.android.providers.settings/databases/settings.db "update global set value='0' where name='wifi_scan_always_enabled'" svc wifi disable

issues on other phones and wireless chipsets
For some unknown reason brcmf_chip_sr_capable need to be hard coded to return true otherwise data communication stops during insmod. Patch like this in backports tree:

diff --git a/drivers/net/wireless/brcm80211/brcmfmac/chip.c b/drivers/net/wireless/brcm80211/brcmfmac/chip.c index 288f831..dad97ee 100644 --- a/drivers/net/wireless/brcm80211/brcmfmac/chip.c +++ b/drivers/net/wireless/brcm80211/brcmfmac/chip.c @@ -1182,6 +1182,8 @@ bool brcmf_chip_sr_capable(struct brcmf_chip *pub) brcmf_dbg(TRACE, "Enter\n"); +      return true; +       /* old chips with PMU version less than 17 don't support save restore */ if (pub->pmurev < 17) return false;

If you get build errors about stack protection not supported then edit the .config file and remove these lines: CPTCFG_HAVE_CC_STACKPROTECTOR=y CPTCFG_CC_STACKPROTECTOR_NONE=y

Build wireshark debian packages
Download, build and install backports.

Now copy nl80211.h from backports/include/uapi/linux folder to /usr/include/linux

Download wireshark from here

Unpack wireshark source archive and from a command prompt run:

dpkg-buildpackage -rfakeroot -d -us -uc -b -j11

For all dependencies that fail install corresponding packages with apt-get install and re-run the dpkg-buildpackage command.

Run wpa_supplicant with valgrind
First build valgrind and push to your device. Do this by going to external/valgrind folder and run: mm -j11 Then run from a terminal to push the needed files: adb shell "mkdir /system/lib/valgrind" adb push $OUT/system/lib/valgrind /system/lib/valgrind adb push $OUT/system/bin/valgrind /system/bin Now open init.qcom.rc in a text editor and modify the p2p_supplicant and wpa_supplicant services. Change from:

service p2p_supplicant /system/bin/wpa_supplicant \

To:

service p2p_supplicant /system/bin/logwrapper /system/bin/valgrind --leak-check=full /system/bin/wpa_supplicant \

And:

service wpa_supplicant /system/bin/wpa_supplicant \

To:

service wpa_supplicant /system/bin/logwrapper /system/bin/valgrind --leak-check=full /system/bin/wpa_supplicant \

Then re-build boot image. Can be done by building kernel.sin: make -j11 out/target/product/tianchi/kernel.sin Then flash kernel.sin and reboot device. Now logcat log should contain valgrind outputs under tag "valgrind".

Printouts in adblog will look like this: I/valgrind(28531): ==28532== Command: /system/bin/wpa_supplicant -ip2p0 -Dnl80211 -c/data/misc/wifi/p2p_supplicant.conf To get valgrind error summary run your tests and explicitly kill valgrind process with: kill -TERM &lt;pid&gt; Where &lt;pid&gt; is the number between ==&lt;pid&gt;==. In above example: 28532

Build prima_wlan.ko module
To be able to build prima_wlan.ko module, push it and start wifi you need to match kernel version with the one used on your device. If you run with an official build on the phone this can easily be done by the following steps:

Get SHA1 for kernel git for a certain version (example for 10.3.A.0.356): wget -qO- | grep kernel/msm Now go to kernel directory and run: git reset &lt;sha1&gt; Then go to vendor/qcom/opensource/wlan/prima directory and run: mm -B -j7

Realtime packet logging
In a terminal run the following (phone needs to be eng or userdebug or you'll have to install tcpdump and nc on the phone manually): adb shell "tcpdump -U -i wlan0 -n -s 1500 -w - | nc -l 12345" &amp; adb forward tcp:12345 tcp:12345  nc 127.0.0.1 12345 | wireshark -k -S -i - To abort the sniffer, close down wireshark and in a terminal write fg then press CTRL+C