Adam Lee [Wed, 10 Jul 2013 02:02:12 +0000 (10:02 +0800)]
Bluetooth: fix wrong use of PTR_ERR() in btusb
PTR_ERR() returns a signed long type value which is limited by IS_ERR(),
it must be a negative number whose range is [-MAX_ERRNO, 0).
The bug here returns negative numbers as error codes, then check it by
"if (ret < 0)", but -PTR_ERR() is actually positive. The wrong use here
leads to failure as below, even panic.
[ 12.958920] Bluetooth: hci0 command 0xfc8e tx timeout
[ 14.961765] Bluetooth: hci0 command 0xfc8e tx timeout
[ 16.964688] Bluetooth: hci0 command 0xfc8e tx timeout
[ 20.954501] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 22.957358] Bluetooth: hci0 command 0xfc8e tx timeout
[ 30.948922] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 32.951780] Bluetooth: hci0 command 0xfc8e tx timeout
[ 40.943359] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 42.946219] Bluetooth: hci0 command 0xfc8e tx timeout
[ 50.937812] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 52.940670] Bluetooth: hci0 command 0xfc8e tx timeout
[ 60.932236] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 62.935092] Bluetooth: hci0 command 0xfc8e tx timeout
[ 70.926688] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 72.929545] Bluetooth: hci0 command 0xfc8e tx timeout
[ 80.921111] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 82.923969] Bluetooth: hci0 command 0xfc2f tx timeout
[ 90.915542] Bluetooth: hci0 sending Intel patch command (0xfc2f) failed (-110)
[ 92.918406] Bluetooth: hci0 command 0xfc11 tx timeout
[ 100.909955] Bluetooth: hci0 sending Intel patch command (0xfc11) failed (-110)
[ 102.912858] Bluetooth: hci0 command 0xfc60 tx timeout
[ 110.904394] Bluetooth: hci0 sending Intel patch command (0xfc60) failed (-110)
[ 112.907293] Bluetooth: hci0 command 0xfc11 tx timeout
[ 120.898831] Bluetooth: hci0 exiting Intel manufacturer mode failed (-110)
[ 120.904757] bluetoothd[1030]: segfault at 4 ip
00007f8b2eb55236 sp
00007fff53ff6920 error 4 in bluetoothd[
7f8b2eaff000+cb000]
Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Stanislaw Gruszka [Mon, 8 Jul 2013 08:27:23 +0000 (10:27 +0200)]
Bluetooth: ath3k: don't use stack memory for DMA
Memory allocated by vmalloc (including stack) can not be used for DMA,
i.e. data pointer on usb_control_msg() should not point to stack memory.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=977558
Reported-and-tested-by: Andy Lawrence <dr.diesel@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Thomas Loo [Wed, 3 Jul 2013 00:53:54 +0000 (02:53 +0200)]
Bluetooth: ath3k: Add support for Fujitsu Lifebook UH5x2 [04c5:1330]
The Fujitsu Lifebook UH552/UH572 ships with a Qualcomm AR9462/AR3012
WLAN/BT-Combo card.
Add device ID to the ath3k driver to enable the bluetooth side of things.
Patch against v3.10.
T: Bus=03 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#= 3 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=04c5 ProdID=1330 Rev=00.02
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
Signed-off-by: Thomas Loo <tloo@saltstorm.net>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Jaganath Kanakkassery [Fri, 21 Jun 2013 14:25:11 +0000 (19:55 +0530)]
Bluetooth: Fix invalid length check in l2cap_information_rsp()
The length check is invalid since the length varies with type of
info response.
This was introduced by the commit
cb3b3152b2f5939d67005cff841a1ca748b19888
Because of this, l2cap info rsp is not handled and command reject is sent.
> ACL data: handle 11 flags 0x02 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x00b8
Enhanced Retransmission mode
Streaming mode
FCS Option
Fixed Channels
< ACL data: handle 11 flags 0x00 dlen 10
L2CAP(s): Command rej: reason 0
Command not understood
Cc: stable@vger.kernel.org
Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Chan-Yeol Park <chanyeol.park@samsung.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Sujith Manoharan [Thu, 20 Jun 2013 08:27:07 +0000 (13:57 +0530)]
ath9k_htc: Handle IDLE state transition properly
Make sure that a chip reset is done when IDLE is turned
off - this fixes authentication timeouts.
Cc: stable@vger.kernel.org
Reported-by: Ignacy Gawedzki <i@lri.fr>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Sat, 22 Jun 2013 10:39:26 +0000 (12:39 +0200)]
ath9k: fix an RCU issue in calling ieee80211_get_tx_rates
ath_txq_schedule is called outside of the drv_tx call, so it needs RCU
protection.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Wed, 19 Jun 2013 18:50:44 +0000 (14:50 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Johannes Berg [Wed, 19 Jun 2013 08:09:57 +0000 (10:09 +0200)]
nl80211: fix attrbuf access race by allocating a separate one
Since my commit
3713b4e364 ("nl80211: allow splitting wiphy
information in dumps"), nl80211_dump_wiphy() uses the global
nl80211_fam.attrbuf for parsing the incoming data. This wouldn't
be a problem if it only did so on the first dump iteration which
is locked against other commands in generic netlink, but due to
space constraints in cb->args (the needed state doesn't fit) I
decided to always parse the original message. That's racy though
since nl80211_fam.attrbuf could be used by some other parsing in
generic netlink concurrently.
For now, fix this by allocating a separate parse buffer (it's a
bit too big for the stack, currently 1448 bytes on 64-bit). For
-next, I'll change the code to parse into the global buffer in
the first round only and then allocate a smaller buffer to keep
the data in cb->args.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Arend van Spriel [Fri, 7 Jun 2013 09:03:00 +0000 (11:03 +0200)]
brcmfmac: free primary net_device when brcmf_bus_start() fails
When initialization within brcmf_bus_start() fails on steps
before the brcmf_net_attach() the net_device for the primary
interface needs to be freed.
This patch resolves a panic during kernel boot as reported
by Stephen Warren.
ref.: http://mid.gmane.org/
51AD1F22.2080004@wwwdotorg.org
Tested-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Tue, 11 Jun 2013 19:40:20 +0000 (15:40 -0400)]
Bluetooth: btmrvl: fix thread stopping race
There is currently a race condition in the btmrvl_remove_card() which
is causing hangs on suspend for OLPC. When the race occurs,
kthread_stop() never returns.
The problem is that btmrvl_service_main_thread() calls kthread_should_stop()
and then does a fair number of things before restarting the loop and
sleeping.
If the thread gets stopped after kthread_should_stop() is checked, but
before the sleep happens, the thread will go to sleep and won't necessarily
be woken up.
Move the kthread_should_stop() check into a race-free place.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Thu, 13 Jun 2013 08:01:13 +0000 (11:01 +0300)]
Bluetooth: Fix conditions for HCI_Delete_Stored_Link_Key
Even though the HCI_Delete_Stored_Link_Key command is mandatory for 1.1
and later controllers some controllers do not seem to support it
properly as was witnessed by one Broadcom based controller:
< HCI Command: Delete Stored Link Key (0x03|0x0012) plen 7
bdaddr 00:00:00:00:00:00 all 1
> HCI Event: Command Complete (0x0e) plen 4
Delete Stored Link Key (0x03|0x0012) ncmd 1
status 0x11 deleted 0
Error: Unsupported Feature or Parameter Value
Luckily this same controller also doesn't list the command in its
supported commands bit mask (counting from 0 bit 7 of octet 6):
< HCI Command: Read Local Supported Commands (0x04|0x0002) plen 0
> HCI Event: Command Complete (0x0e) plen 68
Read Local Supported Commands (0x04|0x0002) ncmd 1
status 0x00
Commands:
ffffffffffff1ffffffffffff30fffff3f
Therefore, it makes sense to move sending of HCI_Delete_Stored_Link_Key
to after receiving the supported commands response and to only send it
if its respective bit in the mask is set. The downside of this is that
we no longer send the HCI_Delete_Stored_Link_Key command for Bluetooth
1.1 controllers since HCI_Read_Local_Supported_Command was introduced in
version 1.2, but this is an acceptable penalty as the command in
question shouldn't affect critical behavior.
Reported-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Tested-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Anderson Lizardo [Sun, 2 Jun 2013 20:30:40 +0000 (16:30 -0400)]
Bluetooth: Fix crash in l2cap_build_cmd() with small MTU
If a too small MTU value is set with ioctl(HCISETACLMTU) or by a bogus
controller, memory corruption happens due to a memcpy() call with
negative length.
Fix this crash on either incoming or outgoing connections with a MTU
smaller than L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE:
[ 46.885433] BUG: unable to handle kernel paging request at
f56ad000
[ 46.888037] IP: [<
c03d94cd>] memcpy+0x1d/0x40
[ 46.888037] *pdpt =
0000000000ac3001 *pde =
00000000373f8067 *pte =
80000000356ad060
[ 46.888037] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
[ 46.888037] Modules linked in: hci_vhci bluetooth virtio_balloon i2c_piix4 uhci_hcd usbcore usb_common
[ 46.888037] CPU: 0 PID: 1044 Comm: kworker/u3:0 Not tainted 3.10.0-rc1+ #12
[ 46.888037] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[ 46.888037] Workqueue: hci0 hci_rx_work [bluetooth]
[ 46.888037] task:
f59b15b0 ti:
f55c4000 task.ti:
f55c4000
[ 46.888037] EIP: 0060:[<
c03d94cd>] EFLAGS:
00010212 CPU: 0
[ 46.888037] EIP is at memcpy+0x1d/0x40
[ 46.888037] EAX:
f56ac1c0 EBX:
fffffff8 ECX:
3ffffc6e EDX:
f55c5cf2
[ 46.888037] ESI:
f55c6b32 EDI:
f56ad000 EBP:
f55c5c68 ESP:
f55c5c5c
[ 46.888037] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 46.888037] CR0:
8005003b CR2:
f56ad000 CR3:
3557d000 CR4:
000006f0
[ 46.888037] DR0:
00000000 DR1:
00000000 DR2:
00000000 DR3:
00000000
[ 46.888037] DR6:
ffff0ff0 DR7:
00000400
[ 46.888037] Stack:
[ 46.888037]
fffffff8 00000010 00000003 f55c5cac f8c6a54c ffffffff f8c69eb2 00000000
[ 46.888037]
f4783cdc f57f0070 f759c590 1001c580 00000003 0200000a 00000000 f5a88560
[ 46.888037]
f5ba2600 f5a88560 00000041 00000000 f55c5d90 f8c6f4c7 00000008 f55c5cf2
[ 46.888037] Call Trace:
[ 46.888037] [<
f8c6a54c>] l2cap_send_cmd+0x1cc/0x230 [bluetooth]
[ 46.888037] [<
f8c69eb2>] ? l2cap_global_chan_by_psm+0x152/0x1a0 [bluetooth]
[ 46.888037] [<
f8c6f4c7>] l2cap_connect+0x3f7/0x540 [bluetooth]
[ 46.888037] [<
c019b37b>] ? trace_hardirqs_off+0xb/0x10
[ 46.888037] [<
c01a0ff8>] ? mark_held_locks+0x68/0x110
[ 46.888037] [<
c064ad20>] ? mutex_lock_nested+0x280/0x360
[ 46.888037] [<
c064b9d9>] ? __mutex_unlock_slowpath+0xa9/0x150
[ 46.888037] [<
c01a118c>] ? trace_hardirqs_on_caller+0xec/0x1b0
[ 46.888037] [<
c064ad08>] ? mutex_lock_nested+0x268/0x360
[ 46.888037] [<
c01a125b>] ? trace_hardirqs_on+0xb/0x10
[ 46.888037] [<
f8c72f8d>] l2cap_recv_frame+0xb2d/0x1d30 [bluetooth]
[ 46.888037] [<
c01a0ff8>] ? mark_held_locks+0x68/0x110
[ 46.888037] [<
c064b9d9>] ? __mutex_unlock_slowpath+0xa9/0x150
[ 46.888037] [<
c01a118c>] ? trace_hardirqs_on_caller+0xec/0x1b0
[ 46.888037] [<
f8c754f1>] l2cap_recv_acldata+0x2a1/0x320 [bluetooth]
[ 46.888037] [<
f8c491d8>] hci_rx_work+0x518/0x810 [bluetooth]
[ 46.888037] [<
f8c48df2>] ? hci_rx_work+0x132/0x810 [bluetooth]
[ 46.888037] [<
c0158979>] process_one_work+0x1a9/0x600
[ 46.888037] [<
c01588fb>] ? process_one_work+0x12b/0x600
[ 46.888037] [<
c015922e>] ? worker_thread+0x19e/0x320
[ 46.888037] [<
c015922e>] ? worker_thread+0x19e/0x320
[ 46.888037] [<
c0159187>] worker_thread+0xf7/0x320
[ 46.888037] [<
c0159090>] ? rescuer_thread+0x290/0x290
[ 46.888037] [<
c01602f8>] kthread+0xa8/0xb0
[ 46.888037] [<
c0656777>] ret_from_kernel_thread+0x1b/0x28
[ 46.888037] [<
c0160250>] ? flush_kthread_worker+0x120/0x120
[ 46.888037] Code: c3 90 8d 74 26 00 e8 63 fc ff ff eb e8 90 55 89 e5 83 ec 0c 89 5d f4 89 75 f8 89 7d fc 3e 8d 74 26 00 89 cb 89 c7 c1 e9 02 89 d6 <f3> a5 89 d9 83 e1 03 74 02 f3 a4 8b 5d f4 8b 75 f8 8b 7d fc 89
[ 46.888037] EIP: [<
c03d94cd>] memcpy+0x1d/0x40 SS:ESP 0068:
f55c5c5c
[ 46.888037] CR2:
00000000f56ad000
[ 46.888037] ---[ end trace
0217c1f4d78714a9 ]---
Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Wed, 12 Jun 2013 18:28:21 +0000 (14:28 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes
John W. Linville [Wed, 12 Jun 2013 18:26:48 +0000 (14:26 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Stanislaw Gruszka [Tue, 11 Jun 2013 16:48:53 +0000 (18:48 +0200)]
rt2800: fix RT5390 & RT3290 TX power settings regression
My change:
commit
cee2c7315f60beeff6137ee59e99acc77d636eeb
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Fri Oct 5 13:44:09 2012 +0200
rt2800: use BBP_R1 for setting tx power
unfortunately does not work well with RT5390 and RT3290 chips as they
require different temperature compensation TX power settings (TSSI
tuning). Since that commit make wireless connection very unstable on
those chips, restore previous behavior to fix regression. Once we
implement proper TSSI tuning on 5390/3290 we can restore back setting
TX power by BBP_R1 register for those chips.
Reported-and-tested-by: Mike Romberg <mike-romberg@comcast.net>
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Thu, 6 Jun 2013 11:29:56 +0000 (13:29 +0200)]
brcmsmac: disable power-save related functions
This patch fixes a regression introduced by:
commit
6da3b6c48d79da96a36c2632053cf4f53bf48fb2
Author: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun Mar 24 01:45:52 2013 +0100
brcmsmac: remove brcms_bss_cfg->associated
The regression behaviour was described on mailing list.
http://mid.gmane.org/
5197DC4F.7030503@broadcom.com:
"On laptop I installed kernel with brcmsmac compiled as
module. It comes up and associates during boot, but after
logging in there is no connectivity. Triggering reassoc
gives connectivity for some time, but after a while (1-2 min)
it stops."
Before the mentioned commit the return value of
the function brcms_c_ps_allowed() was always false,
which is desired behaviour as power-save is not
supported at the moment. Therefor, the function is
changed to just return false instead of simply
reverting the mentioned commit.
Bug: 58471 <https://bugzilla.kernel.org/show_bug.cgi?id=58471>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Tue, 4 Jun 2013 12:19:10 +0000 (14:19 +0200)]
iwlegacy: fix rate control regression
Since driver does not use control.rates[0].count, we have never set that
variable. But currently, after rate control API rewrite, this is required
by mac80211. Otherwise legacy rates control does not work and we transmit
always at 1Mbit/s on pre 11n networks.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Kees Cook [Fri, 10 May 2013 21:48:21 +0000 (14:48 -0700)]
b43: stop format string leaking into error msgs
The module parameter "fwpostfix" is userspace controllable, unfiltered,
and is used to define the firmware filename. b43_do_request_fw() populates
ctx->errors[] on error, containing the firmware filename. b43err()
parses its arguments as a format string. For systems with b43 hardware,
this could lead to a uid-0 to ring-0 escalation.
CVE-2013-2852
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sujith Manoharan [Thu, 6 Jun 2013 04:36:29 +0000 (10:06 +0530)]
ath9k: Use minstrel rate control by default
The ath9k rate control algorithm has various architectural
issues that make it a poor fit in scenarios like congested
environments etc.
An example: https://bugzilla.redhat.com/show_bug.cgi?id=927191
Change the default to minstrel which is more robust in such cases.
The ath9k RC code is left in the driver for now, maybe it can
be removed altogether later on.
Cc: stable@vger.kernel.org
Cc: Jouni Malinen <jouni@qca.qualcomm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 3 Jun 2013 09:18:57 +0000 (11:18 +0200)]
Revert "ath9k_hw: Update rx gain initval to improve rx sensitivity"
This reverts commit
68d9e1fa24d9c7c2e527f49df8d18fb8cf0ec943
This change reduces rx sensitivity with no apparent extra benefit.
It looks like it was meant for testing in a specific scenario,
but it was never properly validated.
Cc: rmanohar@qca.qualcomm.com
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sujith Manoharan [Sat, 1 Jun 2013 01:38:09 +0000 (07:08 +0530)]
ath9k: Disable PowerSave by default
Almost all the DMA issues which have plagued ath9k (in station mode)
for years are related to PS. Disabling PS usually "fixes" the user's
connection stablility. Reports of DMA problems are still trickling in
and are sitting in the kernel bugzilla. Until the PS code in ath9k is
given a thorough review, disbale it by default. The slight increase
in chip power consumption is a small price to pay for improved link
stability.
Cc: stable@vger.kernel.org
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Yijing Wang [Fri, 31 May 2013 06:05:32 +0000 (14:05 +0800)]
net: wireless: iwlegacy: fix build error for il_pm_ops
Fix build error for il_pm_ops if CONFIG_PM is set
but CONFIG_PM_SLEEP is not set.
ERROR: "il_pm_ops" [drivers/net/wireless/iwlegacy/iwl4965.ko] undefined!
ERROR: "il_pm_ops" [drivers/net/wireless/iwlegacy/iwl3945.ko] undefined!
make[1]: *** [__modpost] Error 1
make: *** [modules] Error 2
Signed-off-by: Yijing Wang <wangyijing@huawei.com>
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Cc: "John W. Linville" <linville@tuxdriver.com>
Cc: netdev@vger.kernel.org
Cc: linux-wireless@vger.kernel.org
Cc: Jingoo Han <jg1.han@samsung.com>
Acked-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Thu, 30 May 2013 21:21:47 +0000 (16:21 -0500)]
rtlwifi: Fix a false leak indication for PCI devices
This false leak indication is avoided with a no-leak annotation to kmemleak.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Eliad Peller [Tue, 7 May 2013 12:41:09 +0000 (15:41 +0300)]
wl12xx/wl18xx: scan all 5ghz channels
Due to a typo, the current code copies only sizeof(cmd->channels_2)
bytes, which is smaller than the correct sizeof(cmd->channels_5)
size, resulting in a partial scan (some channels are skipped).
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Fri, 10 May 2013 07:44:25 +0000 (10:44 +0300)]
wl12xx: increase minimum singlerole firmware version required
The minimum firmware version required for singlerole after recent
driver changes is 6/7.3.10.0.133.
Reported-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Fri, 10 May 2013 07:19:38 +0000 (10:19 +0300)]
wl12xx: fix minimum required firmware version for wl127x multirole
There was a typo in commit 8675f9 (wlcore/wl12xx/wl18xx: verify
multi-role and single-role fw versions), which was causing the
multirole firmware for wl127x (WiLink6) to be rejected. The actual
minimum version needed for wl127x multirole is 6.5.7.0.42.
Reported-by: Levi Pearson <levipearson@gmail.com>
Reported-by: Michael Scott <hashcode0f@gmail.com>
Cc: stable@kernel.org # 3.9+
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Thu, 30 May 2013 23:05:55 +0000 (18:05 -0500)]
rtlwifi: rtl8192cu: Fix problem in connecting to WEP or WPA(1) networks
Driver rtl8192cu can connect to WPA2 networks, but fails for any other
encryption method. The cause is a failure to set the rate control data
blocks. These changes fix https://bugzilla.redhat.com/show_bug.cgi?id=952793
and https://bugzilla.redhat.com/show_bug.cgi?id=761525.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mark A. Greer [Wed, 29 May 2013 19:25:34 +0000 (12:25 -0700)]
mwifiex: debugfs: Fix out of bounds array access
When reading the contents of '/sys/kernel/debug/mwifiex/p2p0/info',
the following panic occurs:
$ cat /sys/kernel/debug/mwifiex/p2p0/info
Unable to handle kernel paging request at virtual address
74706164
pgd =
de530000
[
74706164] *pgd=
00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in: phy_twl4030_usb omap2430 musb_hdrc mwifiex_sdio mwifiex
CPU: 0 PID: 1635 Comm: cat Not tainted 3.10.0-rc1-00010-g1268390 #1
task:
de16b6c0 ti:
de048000 task.ti:
de048000
PC is at strnlen+0xc/0x4c
LR is at string+0x3c/0xf8
pc : [<
c02c123c>] lr : [<
c02c2d1c>] psr:
a0000013
sp :
de049e10 ip :
c06efba0 fp :
de6d2092
r10:
bf01a260 r9 :
ffffffff r8 :
74706164
r7 :
0000ffff r6 :
ffffffff r5 :
de6d209c r4 :
00000000
r3 :
ff0a0004 r2 :
74706164 r1 :
ffffffff r0 :
74706164
Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control:
10c5387d Table:
9e530019 DAC:
00000015
Process cat (pid: 1635, stack limit = 0xde048240)
Stack: (0xde049e10 to 0xde04a000)
9e00:
de6d2092 00000002 bf01a25e de6d209c
9e20:
de049e80 c02c438c 0000000a ff0a0004 ffffffff 00000000 00000000 de049e48
9e40:
00000000 2192df6d ff0a0004 ffffffff 00000000 de6d2092 de049ef8 bef3cc00
9e60:
de6b0000 dc358000 de6d2000 00000000 00000003 c02c45a4 bf01790c bf01a254
9e80:
74706164 bf018698 00000000 de59c3c0 de048000 de049f80 00001000 bef3cc00
9ea0:
00000008 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9ec0:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9ee0:
00000000 00000000 00000000 00000001 00000000 00000000 6669776d 20786569
9f00:
20302e31 2e343128 392e3636 3231702e 00202933 00000000 00000003 c0294898
9f20:
00000000 00000000 00000000 00000000 de59c3c0 c0107c04 de554000 de59c3c0
9f40:
00001000 bef3cc00 de049f80 bef3cc00 de049f80 00000000 00000003 c0108a00
9f60:
de048000 de59c3c0 00000000 00000000 de59c3c0 00001000 bef3cc00 c0108b60
9f80:
00000000 00000000 00001000 bef3cc00 00000003 00000003 c0014128 de048000
9fa0:
00000000 c0013f80 00001000 bef3cc00 00000003 bef3cc00 00001000 00000000
9fc0:
00001000 bef3cc00 00000003 00000003 00000001 00000001 00000001 00000003
9fe0:
00000000 bef3cbdc 00011984 b6f1127c 60000010 00000003 18dbdd2c 7f7bfffd
[<
c02c123c>] (strnlen+0xc/0x4c) from [<
c02c2d1c>] (string+0x3c/0xf8)
[<
c02c2d1c>] (string+0x3c/0xf8) from [<
c02c438c>] (vsnprintf+0x1e8/0x3e8)
[<
c02c438c>] (vsnprintf+0x1e8/0x3e8) from [<
c02c45a4>] (sprintf+0x18/0x24)
[<
c02c45a4>] (sprintf+0x18/0x24) from [<
bf01790c>] (mwifiex_info_read+0xfc/0x3e8 [mwifiex])
[<
bf01790c>] (mwifiex_info_read+0xfc/0x3e8 [mwifiex]) from [<
c0108a00>] (vfs_read+0xb0/0x144)
[<
c0108a00>] (vfs_read+0xb0/0x144) from [<
c0108b60>] (SyS_read+0x44/0x70)
[<
c0108b60>] (SyS_read+0x44/0x70) from [<
c0013f80>] (ret_fast_syscall+0x0/0x30)
Code:
e12fff1e e3510000 e1a02000 0a00000d (
e5d03000)
---[ end trace
ca98273dc605a04f ]---
The panic is caused by the mwifiex_info_read() routine assuming that
there can only be four modes (0-3) which is an invalid assumption.
For example, when testing P2P, the mode is '8' (P2P_CLIENT) so the
code accesses data beyond the bounds of the bss_modes[] array which
causes the panic. Fix this by updating bss_modes[] to support the
current list of modes and adding a check to prevent the out-of-bounds
access from occuring in the future when more modes are added.
Signed-off-by: Mark A. Greer <mgreer@animalcreek.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Wed, 29 May 2013 06:51:29 +0000 (09:51 +0300)]
Bluetooth: Fix mgmt handling of power on failures
If hci_dev_open fails we need to ensure that the corresponding
mgmt_set_powered command gets an appropriate response. This patch fixes
the missing response by adding a new mgmt_set_powered_failed function
that's used to indicate a power on failure to mgmt. Since a situation
with the device being rfkilled may require special handling in user
space the patch uses a new dedicated mgmt status code for this.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Cc: stable@vger.kernel.org
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Tue, 28 May 2013 10:46:30 +0000 (13:46 +0300)]
Bluetooth: Fix missing length checks for L2CAP signalling PDUs
There has been code in place to check that the L2CAP length header
matches the amount of data received, but many PDU handlers have not been
checking that the data received actually matches that expected by the
specific PDU. This patch adds passing the length header to the specific
handler functions and ensures that those functions fail cleanly in the
case of an incorrect amount of data.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Bing Zhao [Tue, 14 May 2013 01:15:32 +0000 (18:15 -0700)]
Bluetooth: btmrvl: support Marvell Bluetooth device SD8897
The register offsets have been changed in SD8897 and newer chips.
Define a new btmrvl_sdio_card_reg map for SD88xx.
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Frank Huang <frankh@marvell.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Wed, 24 Apr 2013 10:05:32 +0000 (13:05 +0300)]
Bluetooth: Fix checks for LE support on LE-only controllers
LE-only controllers do not support extended features so any kind of host
feature bit checks do not make sense for them. This patch fixes code
used for both single-mode (LE-only) and dual-mode (BR/EDR/LE) to use the
HCI_LE_ENABLED flag instead of the "Host LE supported" feature bit for
LE support tests.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Moshe Benji [Mon, 3 Jun 2013 16:27:16 +0000 (19:27 +0300)]
iwlwifi: fix rate control regression
Since driver does not use control.rates[0].count, we have never set that
variable. But currently, after rate control API rewrite, this is required
by mac80211. Otherwise legacy rates control does not work and we transmit
always at 1Mbit/s on pre 11n networks.
[same fix as for iwlegacy, thanks Stanislaw!]
Signed-off-by: Moshe Benji <Moshe.Benji@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Simon Wunderlich [Tue, 11 Jun 2013 08:44:40 +0000 (10:44 +0200)]
mac80211: Fix rate control mask matching call
The order of parameters was mixed up, introduced in commit
"mac80211: improve the rate control API"
Cc: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Simon Wunderlich [Tue, 11 Jun 2013 08:44:39 +0000 (10:44 +0200)]
mac80211: abort CAC in stop_ap()
When a CAC is running and stop_ap is called (e.g. when hostapd is killed
while performing CAC), the CAC must be aborted immediately.
Otherwise ieee80211_stop_ap() will try to stop it when it's too late -
wdev->channel is already NULL and the abort event can not be generated.
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 28 May 2013 08:54:03 +0000 (10:54 +0200)]
mac80211: work around broken APs not including HT info
There are some APs, notably 2G/3G/4G Wifi routers, specifically the
"Onda PN51T", "Vodafone PocketWiFi 2", "ZTE MF60" and a similar
T-Mobile branded device [1] that erroneously don't include all the
needed information in (re)association response frames. Work around
this by assuming the information is the same as it was in the
beacon or probe response and using the data from there instead.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=58881.
[1] https://bbs.archlinux.org/viewtopic.php?pid=1277305
Note that this requires marking the first ieee802_11_parse_elems()
argument const, otherwise we'd get a compiler warning.
Cc: stable@vger.kernel.org
Reported-and-tested-by: Michal Zajac <manwe@manwe.pl>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Emmanuel Grumbach [Sun, 2 Jun 2013 16:49:15 +0000 (19:49 +0300)]
iwlwifi: mvm: correctly set the flags for BAR
Somehow, the Tx flags for BAR were completely wrong.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Nikolay Martynov [Fri, 31 May 2013 05:29:12 +0000 (01:29 -0400)]
iwlwifi: dvm: fix chain noise calibration
First step of chain noise calibration process had disable flag
check inverted. Chain noise calibration never started because
of this.
Tested on intel 5300 with two antennas attached. The driver
correctly disabled one chain.
Cc: stable@vger.kernel.org
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 28 May 2013 19:32:47 +0000 (21:32 +0200)]
iwlwifi: don't print module loading error if not modular
If the opmode modules aren't modular, there's no point in
printing an error message that request_module() failed.
This will happen because the probe runs during iwlwifi's
init and the opmode is only added during its init.
Reported-by: Jörg Otte <jrg.otte@gmail.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Gabor Juhos [Tue, 28 May 2013 12:52:19 +0000 (14:52 +0200)]
ath9k: use correct OTP register offsets for AR9550
Accessing the OTP memory on AR9950 causes a data bus
like this:
Data bus error, epc ==
801f7774, ra ==
801f7774
Oops[#1]:
CPU: 0 PID: 1 Comm: swapper Not tainted 3.10.0-rc3 #592
task:
87c28000 ti:
87c22000 task.ti:
87c22000
$ 0 :
00000000 00000061 deadc0de 00000000
$ 4 :
b8115f18 00015f18 00000007 00000004
$ 8 :
00000001 7c7c3c7c 7c7c7c7c 7c7c7c7c
$12 :
7c7c3c7c 80320a68 00000000 7c7c7c3c
$16 :
87cd8010 00015f18 00000007 00000000
$20 :
00000064 00000004 87c23c7c 8035210c
$24 :
00000000 801f3674
$28 :
87c22000 87c23b48 00000001 801f7774
Hi :
00000000
Lo :
00000064
epc :
801f7774 ath9k_hw_wait+0x58/0xb0
Not tainted
ra :
801f7774 ath9k_hw_wait+0x58/0xb0
Status:
1000cc03 KERNEL EXL IE
Cause :
4080801c
PrId :
00019750 (MIPS 74Kc)
Modules linked in:
Process swapper (pid: 1, threadinfo=
87c22000, task=
87c28000, ts=
00000000)
Stack :
0000000f 00000061 00002710 8006240c 00000001 87cd8010 87c23bb0 87cd8010
00000000 00000004 00000003 80210c7c 000000b3 67fa8000 0000032a 000006fe
000003e8 00000002 00000028 87c23bf0 000003ff 80210d24 803e5630 80210e28
00000000 00000007 87cd8010 00007044 00000004 00000061 000003ff 000001ff
87c26000 87cd8010 00000220 87cd8bb8 80210000 8020fcf4 87c22000 87c23c08
...
Call Trace:
[<
801f7774>] ath9k_hw_wait+0x58/0xb0
[<
80210c7c>] ar9300_otp_read_word+0x80/0xd4
[<
80210d24>] ar9300_read_otp+0x54/0xb0
[<
8020fcf4>] ar9300_check_eeprom_header+0x1c/0x40
[<
80210fe4>] ath9k_hw_ar9300_fill_eeprom+0x118/0x39c
[<
80206650>] ath9k_hw_eeprom_init+0x74/0xb4
[<
801f96d0>] ath9k_hw_init+0x7ec/0x96c
[<
801e65ec>] ath9k_init_device+0x340/0x758
[<
801f35d0>] ath_ahb_probe+0x21c/0x2c0
[<
801c041c>] driver_probe_device+0xc0/0x1e4
[<
801c05ac>] __driver_attach+0x6c/0xa4
[<
801bea08>] bus_for_each_dev+0x64/0xa8
[<
801bfa40>] bus_add_driver+0xcc/0x24c
[<
801c0954>] driver_register+0xbc/0x17c
[<
803f8fc0>] ath9k_init+0x5c/0x88
[<
800608fc>] do_one_initcall+0xec/0x1a0
[<
803e6a68>] kernel_init_freeable+0x13c/0x200
[<
80309cdc>] kernel_init+0x1c/0xe4
[<
80062450>] ret_from_kernel_thread+0x10/0x18
On the AR9550, the OTP registers are located at
the same address as on the AR9340. Use the correct
values to avoid the error.
Cc: stable@vger.kernel.org # 3.6+
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 27 May 2013 19:09:59 +0000 (21:09 +0200)]
brcmfmac: Disable powersave mode for P2P link.
For p2p client mode powersave mode should be kept disabled. It is
working but inefficient. In general p2p links do no benefit from this
mode, because these links are setup temporarily to transfer data.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 27 May 2013 19:09:58 +0000 (21:09 +0200)]
brcmfmac: Add multi channel support for P2P.
Multi channel support was disabled. This patch will enable it and
configure the P2P GO on the correct frequency when multi channel
is used.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 27 May 2013 19:09:57 +0000 (21:09 +0200)]
brcmfmac: use struct net_device::destructor to remove interfaces
Upon deleting a P2P_CLIENT/GO interface the vif and consequently
the wdev is freed before the net_device is actually being unregistered
but cfg80211 still needs to access the wdev. Using destructor field
to free the net_device and vif.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 27 May 2013 19:09:56 +0000 (21:09 +0200)]
brcmfmac: free net device when registration fails
When registration fails the net device is no longer needed. Free
the net device and remove reference to private data from the
driver.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 27 May 2013 19:09:55 +0000 (21:09 +0200)]
brcmfmac: add additional parameter to brcmf_free_vif()
Pass the struct brcmf_cfg80211_info instance instead of obtaining
through vif itself using vif->wdev. This is needed as the netdev
associated with this vif is already unregistered.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 27 May 2013 19:09:54 +0000 (21:09 +0200)]
brcmfmac: Fix p2p setup when connected to ap on 5G.
The firmware requires that on p2p setup when net interfaces
are created or updated that they start initially with the same
channel as the channel in use for the current connection
(if any). If none exists take default channel 11.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 27 May 2013 19:09:53 +0000 (21:09 +0200)]
brcmfmac: Turn off ARP offloading when configured for AP.
ARP offloading should only be used in STA or P2P client mode. It
is currently configured once at init. When being configured for AP
ARP offloading should be turned off and when AP mode is left it can
be turned back on.
Cc: stable@vger.kernel.org
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Tue, 28 May 2013 17:39:40 +0000 (13:39 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes
John W. Linville [Tue, 28 May 2013 17:38:53 +0000 (13:38 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Emmanuel Grumbach [Wed, 22 May 2013 07:48:10 +0000 (10:48 +0300)]
iwlwifi: dvm: fix zero LQ CMD sending avoidance
In
63b77bf489881747c5118476918cc8c29378ee63
iwlwifi: dvm: don't send zeroed LQ cmd
I tried to avoid to send zeroed LQ cmd, but I made a (very)
stupid mistake in the memcmp.
Since this patch has been ported to stable, the fix should
go to stable too.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=58341
Cc: stable@vger.kernel.org
Reported-by: Hinnerk van Bruinehsen <h.v.bruinehsen@fu-berlin.de>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Helmut Schaa [Mon, 27 May 2013 08:43:09 +0000 (10:43 +0200)]
mac80211: Allow single vif mac address change with addr_mask
When changing the MAC address of a single vif mac80211 will check if
the new address fits into the address mask specified by the driver.
This only needs to be done when using multiple BSSIDs. Hence, check
the new address only against all other vifs.
Also fix the MAC address assignment on new interfaces if the user
changed the address of a vif such that perm_addr is not covered by
addr_mask anymore.
Resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=57371
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Jakub Kicinski <kubakici@wp.pl>
Reported-by: Alessandro Lannocca <alessandro.lannocca@gmail.com>
Cc: Alessandro Lannocca <alessandro.lannocca@gmail.com>
Cc: Bruno Randolf <br1@thinktube.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 23 May 2013 23:06:09 +0000 (01:06 +0200)]
mac80211: close AP_VLAN interfaces before unregistering all
Since Eric's commit
efe117ab8 ("Speedup ieee80211_remove_interfaces")
there's a bug in mac80211 when it unregisters with AP_VLAN interfaces
up. If the AP_VLAN interface was registered after the AP it belongs
to (which is the typical case) and then we get into this code path,
unregister_netdevice_many() will crash because it isn't prepared to
deal with interfaces being closed in the middle of it. Exactly this
happens though, because we iterate the list, find the AP master this
AP_VLAN belongs to and dev_close() the dependent VLANs. After this,
unregister_netdevice_many() won't pick up the fact that the AP_VLAN
is already down and will do it again, causing a crash.
Cc: stable@vger.kernel.org [2.6.33+]
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 23 May 2013 21:09:56 +0000 (23:09 +0200)]
mac80211: assign AP_VLAN hw queues correctly
A lot of code in mac80211 assumes that the hw queues are
set up correctly for all interfaces (except for monitor)
but this isn't true for AP_VLAN interfaces. Fix this by
copying the AP master configuration when an AP VLAN is
brought up, after this the AP interface can't change its
configuration any more and needs to be brought down to
change it, which also forces AP_VLAN interfaces down, so
just copying in open() is sufficient.
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Felix Fietkau [Thu, 23 May 2013 10:20:56 +0000 (12:20 +0200)]
ath9k_hw: improve performance for AR934x v1.3+
AR934x v1.3 no longer needs the DCU backoff reduction workaround for
preventing rx overruns, but in turn needs the number of usable Tx
buffers to be reduced slightly.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Thu, 23 May 2013 10:20:55 +0000 (12:20 +0200)]
ath9k_hw: fix host interface reset on AR934x
If a local bus timeout has been detected, the host interface needs to be
reset to clear the errors. AR934x uses a different synchronous interrupt
bit to indicate this, so the check needs to be fixed.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Thu, 23 May 2013 10:20:54 +0000 (12:20 +0200)]
ath9k_hw: fix spur mitigation issues on AR934x
Do not subtract spur power from noise floor on this chip, as it can lead
to packet loss and other connectivity issues.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Thu, 23 May 2013 13:05:59 +0000 (15:05 +0200)]
cfg80211: fix reporting 64-bit station info tx bytes
Copy & paste mistake - STATION_INFO_TX_BYTES64 is the name of the flag,
not NL80211_STA_INFO_TX_BYTES64.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 23 May 2013 19:04:38 +0000 (21:04 +0200)]
mac80211: fix queue handling crash
The code I added in "mac80211: don't start new netdev queues
if driver stopped" crashes for monitor and AP VLAN interfaces
because while they have a netdev, they don't have queues set
up by the driver.
To fix the crash, exclude these from queue accounting here
and just start their netdev queues unconditionally.
For monitor, this is the best we can do, as we can redirect
frames there to any other interface and don't know which one
that will since it can be different for each frame.
For AP VLAN interfaces, we can do better later and actually
properly track the queue status. Not doing this is really a
separate bug though.
Reported-by: Ilan Peer <ilan.peer@intel.com>
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 23 May 2013 16:10:21 +0000 (18:10 +0200)]
cfg80211: check wdev->netdev in connection work
If a P2P-Device is present and another virtual interface triggers
the connection work, the system crash because it tries to check
if the P2P-Device's netdev (which doesn't exist) is up. Skip any
wdevs that have no netdev to fix this.
Cc: stable@vger.kernel.org
Reported-by: YanBo <dreamfly281@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Dan Carpenter [Tue, 30 Apr 2013 07:57:05 +0000 (10:57 +0300)]
atmel: printing bogus information
There was an extra ';' character added to the end of the if statement
which means that it always prints that the /proc entry wasn't created
even though it was.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Sat, 18 May 2013 19:28:15 +0000 (21:28 +0200)]
ath9k: prevent aggregation session deadlocks
Waiting for all subframes of an existing aggregation session to drain
before allowing mac80211 to start a new one is fragile and deadlocks
caused by this behavior have been observed.
Since mac80211 has proper synchronization for aggregation session
start/stop handling, a better approach to session handling is to simply
allow mac80211 to start a new session at any time. This requires
changing the code to discard any packets outside of the BlockAck window
in the A-MPDU software retry code.
This patch implements the above and also simplifies the code.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Wed, 22 May 2013 18:23:05 +0000 (14:23 -0400)]
Samuel Ortiz <sameo@linux.intel.com> says:
"Merge tag 'nfc-fixes-3.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-fixes
This is the first batch of NFC fixes for 3.10, and it contains:
- 3 fixes for the NFC MEI support:
* We now depend on the correct Kconfig symbol.
* We register an MEI event callback whenever we enable an NFC device,
otherwise we fail to read anything after an enable/disable cycle.
* We only disable an MEI device from its disable mey_phy_ops,
preventing useless consecutive disable calls.
- An NFC Makefile cleanup, as I forgot to remove a commented out line when
moving the LLCP code to the NFC top level directory."
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Samuel Ortiz [Tue, 30 Apr 2013 21:50:29 +0000 (23:50 +0200)]
NFC: mei: Do not disable MEI devices from their remove routine
Enabling and disabling device is exclusively handled by the mei_phy_ops.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Samuel Ortiz [Tue, 30 Apr 2013 21:48:50 +0000 (23:48 +0200)]
NFC: mei_phy: Register event callback when enabling the device
The callback registration starts a waiting read, so it needs to be fired
everytime the device is enabled. Otherwise following writes will never get
an answer back.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Samuel Ortiz [Tue, 30 Apr 2013 21:22:34 +0000 (23:22 +0200)]
NFC: mei_phy depends on INTEL_MEI
INTEL_MEI_BUS_NFC never made it upstream, so make it depend on INTEL_MEI.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Paul Bolle [Sun, 12 May 2013 21:21:24 +0000 (23:21 +0200)]
NFC: Remove commented out LLCP related Makefile line
The Kconfig symbol NFC_LLCP was removed in commit
30cc458765 ("NFC: Move
LLCP code to the NFC top level diirectory"). But the reference to its
macro in this Makefile was only commented out. Remove it now.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Felix Fietkau [Fri, 17 May 2013 10:58:26 +0000 (12:58 +0200)]
ath9k: fix draining aggregation tid buffers
After a tx attempt, an A-MPDU subframe can still have fi->retries at 0
(if the retry count wasn't incremented due to powersave).
In that case it is still tracked as part of the block ack window, so
when draining the tid queue, its sequence number needs to be cleared
from the pending frame bitmap.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Fri, 17 May 2013 10:58:25 +0000 (12:58 +0200)]
ath9k: fix rate handling/reporting
This patch fixes some issues introduced in the rate control API rework.
When not running aggregation, copy bf->rates into info->control.rates
before applying the rate control status to it.
In ath_lookup_rate, the rates need to be pulled from bf->rates, not the
tx info.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Fri, 17 May 2013 10:58:24 +0000 (12:58 +0200)]
ath9k: fix aggregation stop/flush handling
When aggregation stop is requested, don't run the mac80211 aggregation
stop callback yet, while the session is still blocked.
Also, when aggregation flush is requested, don't run the callback at all.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sujith Manoharan [Thu, 16 May 2013 17:17:34 +0000 (22:47 +0530)]
ath9k_hw: Enable manual peak calibration for AR9485
Manual peak calibration is currently enabled only for
AR9462 and AR9565. This is also required for AR9485.
The initvals are also modified to disable HW peak calibration.
Cc: <stable@vger.kernel.org>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Albert Pool [Wed, 15 May 2013 15:03:16 +0000 (10:03 -0500)]
rtlwifi: rtl8192cu: Add new USB ID
This adds the USB ID of the On Networks N300MA, clone of Netgear WNA3100M.
Signed-off-by: Albert Pool <albertpool@solcon.nl>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Ana Rey <Anazul77@hotmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Tue, 14 May 2013 18:52:36 +0000 (20:52 +0200)]
brcmfmac: announce P2P_DEVICE support in wiphy structure
P2P_DEVICE support was removed from brcmfmac for v3.9 kernel with
the commit below:
commit
1527c343c12f3a2aae532aa881d12c6fbf8749f4
Author: Arend van Spriel <arend@broadcom.com>
Date: Thu Apr 4 12:10:11 2013 +0200
brcmfmac: remove advertising P2P device support
However, it got merged into wireless-next. But for 3.10 brcmfmac does
support P2P device. Putting it back with this commit.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Mon, 13 May 2013 02:43:46 +0000 (21:43 -0500)]
rtlwifi: rtl8188ee: Fix warning when building on big-endian systems
In http://lkml.indiana.edu/hypermail/linux/kernel/1305.1/index.html,
Geert Uytterhoeven reports a new warning when building 3.10-rc1 in
this driver. This is caused by using a "#if" test to see if __LITTLE_ENDIAN
is set, which fails for all big-endian systems. Change to "ifdef".
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sujith Manoharan [Fri, 10 May 2013 13:11:06 +0000 (18:41 +0530)]
ath9k: Fix crash on module unload
Make sure that any open relayfs files are closed before
unregistering with mac80211, otherwise this crash is seen:
[ 1331.097846] BUG: unable to handle kernel paging request at
6b6b6b8b
[ 1331.098170] IP: [<
c063d0d6>] debugfs_remove+0x26/0x80
[ 1331.098170] *pdpt =
000000002f9aa001 *pde =
0000000000000000
[ 1331.098170] Oops: 0000 [#1] PREEMPT SMP
[ 1331.098170] Modules linked in: iptable_raw xt_CT nf_conntrack_ipv4 nf_defrag]
[ 1331.098170] Pid: 4794, comm: rmmod Tainted: G WC 3.9.1+ #5 To Be Fi.
[ 1331.098170] EIP: 0060:[<
c063d0d6>] EFLAGS:
00010202 CPU: 0
[ 1331.098170] EIP is at debugfs_remove+0x26/0x80
[ 1331.098170] EAX:
f2f3acd0 EBX:
f2f3acd0 ECX:
00000006 EDX:
f8622348
[ 1331.098170] ESI:
6b6b6b6b EDI:
00000001 EBP:
ee251e14 ESP:
ee251e0c
[ 1331.098170] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 1331.098170] CR0:
8005003b CR2:
6b6b6b8b CR3:
2e7b7000 CR4:
000007e0
[ 1331.098170] DR0:
00000000 DR1:
00000000 DR2:
00000000 DR3:
00000000
[ 1331.098170] DR6:
ffff0ff0 DR7:
00000400
[ 1331.098170] Process rmmod (pid: 4794, ti=
ee250000 task=
efaa2560 task.ti=ee25)
[ 1331.098170] Stack:
[ 1331.098170]
f241e170 0000000a ee251e1c f861394d ee251e28 c04e3088 f241e170 4
[ 1331.098170]
c04e30fe f45482b0 ee251e54 c04e3187 f25e86b0 ee251e54 f8618748 0
[ 1331.098170]
0000000a 00000001 ee251e68 f860065b f2509e20 f25085a0 f5b6e8a4 8
[ 1331.098170] Call Trace:
[ 1331.098170] [<
f861394d>] remove_buf_file_handler+0xd/0x20 [ath9k]
[ 1331.098170] [<
c04e3088>] relay_remove_buf+0x18/0x30
[ 1331.098170] [<
c04e30fe>] relay_close_buf+0x2e/0x40
[ 1331.098170] [<
c04e3187>] relay_close+0x77/0xf0
[ 1331.098170] [<
f8618748>] ? dpd_exit+0x38/0x40 [ath9k]
[ 1331.098170] [<
f860065b>] ath9k_deinit_softc+0x8b/0xa0 [ath9k]
[ 1331.098170] [<
f86006b8>] ath9k_deinit_device+0x48/0x60 [ath9k]
[ 1331.098170] [<
f86107f1>] ath_pci_remove+0x31/0x50 [ath9k]
[ 1331.098170] [<
c06dbff8>] pci_device_remove+0x38/0xc0
[ 1331.098170] [<
c079daa4>] __device_release_driver+0x64/0xc0
[ 1331.098170] [<
c079db97>] driver_detach+0x97/0xa0
[ 1331.098170] [<
c079cacc>] bus_remove_driver+0x6c/0xe0
[ 1331.098170] [<
c079c197>] ? bus_put+0x17/0x20
[ 1331.098170] [<
c079cae3>] ? bus_remove_driver+0x83/0xe0
[ 1331.098170] [<
c079e709>] driver_unregister+0x49/0x80
[ 1331.098170] [<
c06dc138>] pci_unregister_driver+0x18/0x80
[ 1331.098170] [<
f8610602>] ath_pci_exit+0x12/0x20 [ath9k]
[ 1331.098170] [<
f8619ce0>] ath9k_exit+0x17/0x337 [ath9k]
[ 1331.098170] [<
c09e537d>] ? mutex_unlock+0xd/0x10
[ 1331.098170] [<
c04bd36c>] sys_delete_module+0x17c/0x250
[ 1331.098170] [<
c0540dc4>] ? do_munmap+0x244/0x2d0
[ 1331.098170] [<
c0540e96>] ? vm_munmap+0x46/0x60
[ 1331.098170] [<
c09e8dc4>] ? restore_all+0xf/0xf
[ 1331.098170] [<
c09ebf50>] ? __do_page_fault+0x4c0/0x4c0
[ 1331.098170] [<
c04b18e4>] ? trace_hardirqs_on_caller+0xf4/0x180
[ 1331.098170] [<
c09ef28d>] sysenter_do_call+0x12/0x38
[ 1331.098170] Code: 90 8d 74 26 00 55 89 e5 83 ec 08 89 1c 24 89 74 24 04 3e 82
[ 1331.098170] EIP: [<
c063d0d6>] debugfs_remove+0x26/0x80 SS:ESP 0068:
ee251e0c
[ 1331.098170] CR2:
000000006b6b6b8b
[ 1331.727971] ---[ end trace
b5bb9f2066cef7f9 ]---
Cc: <stable@vger.kernel.org>
Acked-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Geert Uytterhoeven [Thu, 9 May 2013 21:04:47 +0000 (23:04 +0200)]
net/wireless: ATH9K should depend on HAS_DMA
If NO_DMA=y:
drivers/built-in.o: In function `ath9k_beacon_generate':
drivers/net/wireless/ath/ath9k/beacon.c:146: undefined reference to `dma_unmap_single'
drivers/net/wireless/ath/ath9k/beacon.c:174: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath9k/beacon.c:176: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `ath9k_beacon_remove_slot':
drivers/net/wireless/ath/ath9k/beacon.c:252: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath_descdma_setup':
drivers/net/wireless/ath/ath9k/init.c:382: undefined reference to `dmam_alloc_coherent'
drivers/built-in.o: In function `ath_edma_get_buffers':
drivers/net/wireless/ath/ath9k/recv.c:616: undefined reference to `dma_sync_single_for_cpu'
drivers/built-in.o: In function `ath_get_next_rx_buf':
drivers/net/wireless/ath/ath9k/recv.c:740: undefined reference to `dma_sync_single_for_cpu'
drivers/built-in.o: In function `ath_rx_edma_cleanup':
drivers/net/wireless/ath/ath9k/recv.c:176: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath_rx_cleanup':
drivers/net/wireless/ath/ath9k/recv.c:340: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath_rx_edma_buf_link':
drivers/net/wireless/ath/ath9k/recv.c:122: undefined reference to `dma_sync_single_for_cpu'
drivers/built-in.o: In function `ath_rx_tasklet':
drivers/net/wireless/ath/ath9k/recv.c:1275: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath9k/recv.c:1277: undefined reference to `dma_mapping_error'
drivers/net/wireless/ath/ath9k/recv.c:1283: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath_rx_edma_init':
drivers/net/wireless/ath/ath9k/recv.c:226: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath9k/recv.c:229: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `ath_rx_init':
drivers/net/wireless/ath/ath9k/recv.c:303: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath9k/recv.c:306: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `ath_tx_complete_buf':
drivers/net/wireless/ath/ath9k/xmit.c:2088: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath_txstatus_setup':
drivers/net/wireless/ath/ath9k/xmit.c:2344: undefined reference to `dmam_alloc_coherent'
drivers/built-in.o: In function `ath_tx_set_retry':
drivers/net/wireless/ath/ath9k/xmit.c:307: undefined reference to `dma_sync_single_for_cpu'
drivers/built-in.o: In function `ath_tx_setup_buffer':
drivers/net/wireless/ath/ath9k/xmit.c:1887: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath9k/xmit.c:1889: undefined reference to `dma_mapping_error'
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Luis R. Rodriguez <mcgrof@qca.qualcomm.com>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Thu, 9 May 2013 19:24:24 +0000 (21:24 +0200)]
bcma: add more core IDs
PCIe and ARM CR4 cores were found on 14e4:43b1 AKA BCM4352.
Reported-by: Gabriel Thörnblad <gabriel@thornblad.com>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Denis Efremov [Thu, 9 May 2013 09:19:39 +0000 (13:19 +0400)]
iwlegacy: remove inline marking of EXPORT_SYMBOL functions
EXPORT_SYMBOL and inline directives are contradictory to each other.
The patch fixes this inconsistency.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Denis Efremov <yefremov.denis@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Fri, 17 May 2013 18:22:17 +0000 (14:22 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes
Stanislaw Gruszka [Fri, 17 May 2013 11:43:04 +0000 (13:43 +0200)]
mac80211: fix direct probe auth
We send direct probe to broadcast address, as some APs do not respond to
unicast PROBE frames when unassociated. Broadcast frames are not acked,
so we can not use that for trigger MLME state machine, but we need to
use old timeout mechanism.
This fixes authentication timed out like below:
[ 1024.671974] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 1024.694125] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 1024.695450] wlan6: direct probe to 54:e6:fc:98:63:fe (try 2/3)
[ 1024.700586] wlan6: send auth to 54:e6:fc:98:63:fe (try 3/3)
[ 1024.701441] wlan6: authentication with 54:e6:fc:98:63:fe timed out
With fix, we have:
[ 4524.198978] wlan6: authenticate with 54:e6:fc:98:63:fe
[ 4524.220692] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
[ 4524.421784] wlan6: send auth to 54:e6:fc:98:63:fe (try 2/3)
[ 4524.423272] wlan6: authenticated
[ 4524.423811] wlan6: associate with 54:e6:fc:98:63:fe (try 1/3)
[ 4524.427492] wlan6: RX AssocResp from 54:e6:fc:98:63:fe (capab=0x431 status=0 aid=1)
Cc: stable@vger.kernel.org # 3.9
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Emmanuel Grumbach [Tue, 7 May 2013 11:08:24 +0000 (14:08 +0300)]
iwlwifi: mvm: fix aggregation drain flow
Move the counter for non-AMPDU frames to mvm. It is needed
for the drain flow which happens once the ieee80211_sta has
been freed, so keeping it in iwl_mvm_sta which is embed into
ieee80211_sta is not a good idea.
Also, since its purpose it to remove the STA in the fw only
after all the frames for this station have exited the shared
Tx queues, we need to decrement it in the reclaim flow. This
flow can happen after ieee80211_sta has been removed, which
means that we have no iwl_mvm_sta there. So we can't know
what is the vif type. Hence, we know audit these frames for
all the vif types.
In order to avoid spawning sta_drained_wk all the time, we
now check that we are in a flow in which draining might
happen - only when mvmsta is NULL. This is better than
previous code that would spawn sta_drained_wk all the time
in AP mode.
Cc: stable@vger.kernel.org [3.9]
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Alexander Bondar [Thu, 2 May 2013 13:34:48 +0000 (16:34 +0300)]
iwlwifi: mvm: Prevent setting assoc flag in MAC_CONTEXT_CMD
In the normal flow first MAC_CONTEXT_CMD for particular interface is
never sent while associated. The exception is fw restart flow when
resuming from suspend when WoWLAN is enabled. In this case successive
"add" and "modify" MAC_CONTEXT_CMD commands may be sent with assoc flag
set what cause FW mal functioning. To prevent this never set assoc flag
in MAC_CONTEXT_CMD with action "add".
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Emmanuel Grumbach [Thu, 2 May 2013 12:01:24 +0000 (15:01 +0300)]
iwlwifi: mvm: tell firmware to let multicast frames in
Without this command, the firmware will filter out all the
multicast frames. Let them all in as for now. Later we will
want to optimize this to save power.
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ilan Peer [Sun, 28 Apr 2013 05:18:28 +0000 (08:18 +0300)]
iwlwifi: mvm: Always use SCAN_TYPE_FORCED
The FW AUX framework does not handle well cases where time events
fail to be scheduled (and as a result issues assert 0x3330). Until
a proper fix is in place, WA this by always setting the scan type to
SCAN_TYPE_FORCED.
Cc: stable@vger.kernel.org
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 16 May 2013 08:24:28 +0000 (10:24 +0200)]
cfg80211: fix sending WoWLAN TCP wakeup settings
The code sending the current WoWLAN TCP wakeup settings in
nl80211_send_wowlan_tcp() is not closing the nested attribute,
thus causing the parser to get confused on the receiver side
in userspace (iw). Fix this.
Cc: stable@vger.kernel.org [3.9]
Reported-by: Deepak Arora <deepakx.arora@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 14 May 2013 07:39:02 +0000 (09:39 +0200)]
mac80211: report deauth to cfg80211 for local state change
Even if the frame isn't transmitted to the AP, we need to
report it to cfg80211 so the state there can be updated
correctly.
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 14 May 2013 07:19:53 +0000 (09:19 +0200)]
cfg80211: fix interface down/disconnect state handling
When the interface goes down, there's no need to call
cfg80211_mlme_down() after __cfg80211_disconnect() as
the latter will call the former (if appropriate.)
Also, in __cfg80211_disconnect(), if the cfg80211 SME
isn't used, __cfg80211_disconnected() may still need
to be called (depending on the current state) so that
the SME state gets cleared.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 13 May 2013 14:42:40 +0000 (16:42 +0200)]
mac80211: fix AP-mode frame matching
In AP mode, ignore frames with mis-matched BSSID that aren't
multicast or sent to the correct destination. This fixes
reporting public action frames to userspace multiple times
on multiple virtual AP interfaces.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ilan Peer [Wed, 8 May 2013 13:35:55 +0000 (16:35 +0300)]
nl80211: Add wdev identifier to some nl80211 notifications
Adding the attributes fixes an issue with P2P Device not
working properly for management frame TX.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 6 May 2013 13:54:58 +0000 (15:54 +0200)]
mac80211: use just spin_lock() in ieee80211_get_tkip_p2k()
ieee80211_get_tkip_p2k() may be called with interrupts
disabled, so spin_unlock_bh() isn't safe and leads to
warnings. Since it's always called with BHs disabled
already, just use spin_lock().
Cc: stable@vger.kernel.org
Reported-by: Milan Kocian <milon@wq.cz>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Felix Fietkau [Fri, 3 May 2013 08:01:03 +0000 (10:01 +0200)]
mac80211: fix spurious RCU warning and update documentation
Document rx vs tx status concurrency requirements.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 3 May 2013 07:35:35 +0000 (09:35 +0200)]
mac80211: fix HT beacon-based channel switch handling
When an HT AP is advertising channel switch in a beacon, it
doesn't (and shouldn't, according to 802.11-2012 Table 8-20)
include a secondary channel offset element. The only possible
interpretation is that the previous secondary channel offset
remains valid, so use that when switching channel based only
on beacon information.
VHT requires the Wide Bandwidth Channel Switch subelement to
be present in the Channel Switch Wrapper element, so the code
for that is probably ok (see 802.11ac Draft 4, 8.4.2.165.)
Reported-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 29 Apr 2013 12:57:44 +0000 (14:57 +0200)]
mac80211: fix IEEE80211_SDATA_DISCONNECT_RESUME
Since commit
12e7f517029dad819c45eca9ca01fdb9ba57616b,
IEEE80211_SDATA_DISCONNECT_RESUME no longer worked as
it would simply never be tested. Restore a bit of the
code removed there and in
9b7d72c1041ec5b20b24af487a9
to make it work again.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 29 Apr 2013 10:09:14 +0000 (12:09 +0200)]
cfg80211: fix WoWLAN wakeup tracing
If the device reports a non-wireless wakeup reason, the
tracing code crashes trying to dereference a NULL pointer.
Fix this by checking the pointer on all accesses and also
add a non_wireless tag to the event.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Sasha Levin [Wed, 24 Apr 2013 04:40:05 +0000 (00:40 -0400)]
mac80211_hwsim: correctly register the platform driver
Not registering a platform_driver would make us access garbage
when the platform callbacks under driver_register() kicks in.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Tested-By: Martin Pitt <martin.pitt@ubuntu.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 10 May 2013 17:23:40 +0000 (19:23 +0200)]
cfg80211: fix wiphy_register error path
If rfkill_register() fails in wiphy_register() the struct device
is unregistered but everything else isn't (regulatory, debugfs)
and we even leave the wiphy instance on all internal lists even
though it will likely be freed soon, which is clearly a problem.
Fix this by cleaning up properly.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
David S. Miller [Fri, 10 May 2013 16:44:05 +0000 (09:44 -0700)]
Merge branch 'wireless'
John W. Linville says:
====================
Here is a batch of fixes intended for the 3.10 stream.
Amitkumar Karwar provides an mwifiex fix to plug a memory leak when
the driver is unloaded.
Bing Zhao brings an mwifiex fix for some flag handling that leads to
log spam and an unusable interface.
Daniel Drake offers an mwifiex fix for multicast filter setup, to
correctly implement wakeup behaviour for multicast WOL.
Felix Fietkau fixes an ath9k problem that produces logspam and keycache
errors due to a bad return code.
Stanislaw Gruszka produces an fix for a WARNING from ath5k, and an
iwl4965 workaround to stop advertising a feature that doesn't work with
the current mac80211 implementation.
Sujith Manoharan gives us an ath9k fix to reprogram the HW beacon timers
after a TSF update, and an initvals fix for the AR9565 device.
Thommy Jakobsson fixes an rx descriptor underrun on b43.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Fri, 10 May 2013 14:29:24 +0000 (10:29 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless into for-davem
Linus Torvalds [Thu, 9 May 2013 23:42:10 +0000 (16:42 -0700)]
Merge tag 'please-pull-pstore' of git://git./linux/kernel/git/aegl/linux
Pull trivial pstore update from Tony Luck:
"Couple of pstore cleanups"
It turns out that the kmemdup() conversion ends up being undone by the
fact that the memory block also needed the ecc information (see commit
bd08ec33b5c2: "pstore/ram: Restore ecc information block"), so all that
remains after merging is the error return code change.
* tag 'please-pull-pstore' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
pstore/ram: fix error return code in ramoops_probe()
fs: pstore: Replaced calls to kmalloc and memcpy with kmemdup
Linus Torvalds [Thu, 9 May 2013 23:35:00 +0000 (16:35 -0700)]
Merge git://git.infradead.org/users/willy/linux-nvme
Pull NVMe driver update from Matthew Wilcox:
"Lots of exciting new features in the NVM Express driver this time,
including support for emulating SCSI commands, discard support and the
ability to submit per-sector metadata with I/Os.
It's still mostly bugfixes though!"
* git://git.infradead.org/users/willy/linux-nvme: (27 commits)
NVMe: Use user defined admin ioctl timeout
NVMe: Simplify Firmware Activate code slightly
NVMe: Only clear the enable bit when disabling controller
NVMe: Wait for device to acknowledge shutdown
NVMe: Schedule timeout for sync commands
NVMe: Meta-data support in NVME_IOCTL_SUBMIT_IO
NVMe: Device specific stripe size handling
NVMe: Split non-mergeable bio requests
NVMe: Remove dead code in nvme_dev_add
NVMe: Check for NULL memory in nvme_dev_add
NVMe: Fix error clean-up on nvme_alloc_queue
NVMe: Free admin queue on request_irq error
NVMe: Add scsi unmap to SG_IO
NVMe: queue usage fixes in nvme-scsi
NVMe: Set TASK_INTERRUPTIBLE before processing queues
NVMe: Add a character device for each nvme device
NVMe: Fix endian-related problems in user I/O submission path
NVMe: Fix I/O cancellation status on big-endian machines
NVMe: Fix sparse warnings in scsi emulation
NVMe: Don't fail initialisation unnecessarily
...
Linus Torvalds [Thu, 9 May 2013 23:33:42 +0000 (16:33 -0700)]
Merge tag 'acpi-fixes-3.10-rc1' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPICA fixes from Rafael Wysocki:
- _INI regression fix from Tomasz Nowicki.
- Fix for a possible memory leak in _OSI support routine from Jung-uk
Kim.
- Fix for a possible buffer overflow during field unit read operation
from Bob Moore.
* tag 'acpi-fixes-3.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPICA: ACPICA: Fix for _INI regression
ACPICA: _OSI support: Fix possible memory leak
ACPICA: Fix possible buffer overflow during a field unit read operation