Sujith Manoharan [Tue, 20 Aug 2013 04:35:59 +0000 (10:05 +0530)]
ath9k: Enable PLL fix only for AR9340/AR9330
The PLL hang workaround is required only for AR9330 and
AR9340. This issue was first observed on an AP121 and the WAR
is enabled for AR9340 also (DB120 etc.), since it uses a PLL
design identical to AR9330. This is not required for AR9485 and AR9550.
Various bugs have been reported regarding this:
https://bugzilla.redhat.com/show_bug.cgi?id=997217
https://bugzilla.redhat.com/show_bug.cgi?id=994648
Cc: stable@vger.kernel.org
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Helmut Schaa [Fri, 16 Aug 2013 19:39:40 +0000 (21:39 +0200)]
ath9k_htc: Restore skb headroom when returning skb to mac80211
ath9k_htc adds padding between the 802.11 header and the payload during
TX by moving the header. When handing the frame back to mac80211 for TX
status handling the header is not moved back into its original position.
This can result in a too small skb headroom when entering ath9k_htc
again (due to a soft retransmission for example) causing an
skb_under_panic oops.
Fix this by moving the 802.11 header back into its original position
before returning the frame to mac80211 as other drivers like rt2x00
or ath5k do.
Reported-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Tested-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Marc Kleine-Budde <mkl@blackshift.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Wed, 21 Aug 2013 08:18:19 +0000 (10:18 +0200)]
iwl4965: fix rfkill set state regression
My current 3.11 fix:
commit
788f7a56fce1bcb2067b62b851a086fca48a0056
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Thu Aug 1 12:07:55 2013 +0200
iwl4965: reset firmware after rfkill off
broke rfkill notification to user-space . I missed that bug, because
I compiled without CONFIG_RFKILL, sorry about that.
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Thu, 22 Aug 2013 15:35:22 +0000 (11:35 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Simon Wunderlich [Wed, 21 Aug 2013 13:30:25 +0000 (15:30 +0200)]
mac80211: ibss: fix ignored channel parameter
my earlier patch "mac80211: change IBSS channel state to chandef"
created a regression by ignoring the channel parameter in
__ieee80211_sta_join_ibss, which breaks IBSS channel selection. This
patch fixes this situation by using the right channel and adopting the
selected bandwidth mode.
Cc: stable@vger.kernel.org
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Felix Fietkau [Tue, 20 Aug 2013 17:43:54 +0000 (19:43 +0200)]
mac80211: add a flag to indicate CCK support for HT clients
brcm80211 cannot handle sending frames with CCK rates as part of an
A-MPDU session. Other drivers may have issues too. Set the flag in all
drivers that have been tested with CCK rates.
This fixes a reported brcmsmac regression introduced in
commit
ef47a5e4f1aaf1d0e2e6875e34b2c9595897bef6
"mac80211/minstrel_ht: fix cck rate sampling"
Cc: stable@vger.kernel.org # 3.10
Reported-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 20 Aug 2013 09:28:50 +0000 (11:28 +0200)]
mac80211: add missing channel context release
IBSS needs to release the channel context when leaving
but I evidently missed that. Fix it.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
John W. Linville [Thu, 15 Aug 2013 19:36:55 +0000 (15:36 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Johannes Berg [Tue, 13 Aug 2013 07:23:57 +0000 (09:23 +0200)]
cfg80211: don't request disconnect if not connected
Neil Brown reports that with libertas, my recent cfg80211
SME changes in commit
ceca7b7121795ef81bd598a240d53a92566
("cfg80211: separate internal SME implementation") broke
libertas suspend because it we now asked it to disconnect
while already disconnected.
The problematic change is in cfg80211_disconnect() as it
previously checked the SME state and now calls the driver
disconnect operation unconditionally.
Fix this by checking if there's a current_bss indicating
a connection, and do nothing if not.
Reported-and-tested-by: Neil Brown <neilb@suse.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Dan Carpenter [Wed, 14 Aug 2013 11:50:01 +0000 (14:50 +0300)]
nl80211: nl80211hdr_put() doesn't return an ERR_PTR
There are a few places which check nl80211hdr_put() for an ERR_PTR
but actually it returns NULL on error and never error values. In
nl80211_testmode_dump() the return wasn't checked at all so I have
added one.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[some whitespace changes]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Dan Carpenter [Fri, 9 Aug 2013 09:52:31 +0000 (12:52 +0300)]
Hostap: copying wrong data prism2_ioctl_giwaplist()
We want the data stored in "addr" and "qual", but the extra ampersands
mean we are copying stack data instead.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jussi Kivilinna [Tue, 6 Aug 2013 11:28:42 +0000 (14:28 +0300)]
zd1201: do not use stack as URB transfer_buffer
Patch fixes zd1201 not to use stack as URB transfer_buffer. URB buffers need
to be DMA-able, which stack is not.
Patch is only compile tested.
Cc: stable@vger.kernel.org
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Fri, 9 Aug 2013 17:49:10 +0000 (13:49 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes
Johannes Berg [Thu, 25 Jul 2013 16:39:30 +0000 (18:39 +0200)]
iwlwifi: mvm: disconnect if time event scheduling fails
If scheduling an important time event fails, or if we get
an unexpected notification from the firmware, there isn't
much we can do to recover, so just drop the connection and
let higher layers retry it.
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Guy Cohen [Thu, 1 Aug 2013 12:56:23 +0000 (14:56 +0200)]
Revert "iwlwifi: pcie: clear RFKILL interrupt in AMPG"
This reverts commit
a53ee0a308b16e392e0219c585b10f329345766b.
This fix causes a worse HW Error when entering RF-Kill.
Signed-off-by: Guy Cohen <guy.cohen@intel.com>
Signed-off-by: Dor Shaish <dor.shaish@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Solomon Peachy [Fri, 2 Aug 2013 23:57:40 +0000 (19:57 -0400)]
cw1200: Fix spurious BUG_ON() trigger when starting AP mode.
There's an underlying race condition with the unjoin_work() call that is
sometimes triggered depending on scheduling order and the phase of the
moon. This doesn't fix the race condition, but it does remove the
ill-advised BUG_ON() call in an easily-recoverable situation.
Signed-off-by: Solomon Peachy <pizza@shaftnet.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Fri, 2 Aug 2013 18:54:19 +0000 (14:54 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Stanislaw Gruszka [Thu, 1 Aug 2013 10:07:55 +0000 (12:07 +0200)]
iwl4965: reset firmware after rfkill off
Using rfkill switch can make firmware unstable, what cause various
Microcode errors and kernel warnings. Reseting firmware just after
rfkill off (radio on) helped with that.
Resolve:
https://bugzilla.redhat.com/show_bug.cgi?id=977053
Reported-and-tested-by: Justin Pearce <whitefox@guardianfox.net>
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Thu, 1 Aug 2013 10:07:13 +0000 (12:07 +0200)]
iwl4965: set power mode early
If device was put into a sleep and system was restarted or module
reloaded, we have to wake device up before sending other commands.
Otherwise it will fail to start with Microcode error.
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Wed, 31 Jul 2013 18:52:03 +0000 (20:52 +0200)]
mac80211: continue using disabled channels while connected
In case the AP has different regulatory information than we do,
it can happen that we connect to an AP based on e.g. the world
roaming regulatory data, and then update our database with the
AP's country information disables the channel the AP is using.
If this happens on an HT AP, the bandwidth tracking code will
hit the WARN_ON() and disconnect. Since that's not very useful,
ignore the channel-disable flag in bandwidth tracking.
Cc: stable@vger.kernel.org
Reported-by: Chris Wright <chrisw@sous-sol.org>
Tested-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 30 Jul 2013 08:11:25 +0000 (10:11 +0200)]
cfg80211: fix P2P GO interface teardown
When a P2P GO interface goes down, cfg80211 doesn't properly
tear it down, leading to warnings later. Add the GO interface
type to the enumeration to tear it down like AP interfaces.
Otherwise, we leave it pending and mac80211's state can get
very confused, leading to warnings later.
Cc: stable@vger.kernel.org
Reported-by: Ilan Peer <ilan.peer@intel.com>
Tested-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 31 Jul 2013 09:23:06 +0000 (11:23 +0200)]
mac80211: ignore HT primary channel while connected
While we're connected, the AP shouldn't change the primary channel
in the HT information. We checked this, and dropped the connection
if it did change it.
Unfortunately, this is causing problems on some APs, e.g. on the
Netgear WRT610NL: the beacons seem to always contain a bad channel
and if we made a connection using a probe response (correct data)
we drop the connection immediately and can basically not connect
properly at all.
Work around this by ignoring the HT primary channel information in
beacons if we're already connected.
Also print out more verbose messages in the other situations to
help diagnose similar bugs quicker in the future.
Cc: stable@vger.kernel.org [3.10]
Acked-by: Andy Isaacson <adi@hexapodia.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 29 Jul 2013 21:07:43 +0000 (23:07 +0200)]
mac80211: don't wait for TX status forever
TX status notification can get lost, or the frames could
get stuck on the queue, so don't wait for the callback
from the driver forever and instead time out after half
a second.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
John W. Linville [Wed, 31 Jul 2013 19:15:50 +0000 (15:15 -0400)]
Merge tag 'nfc-fixes-3.11-2' of git://git./linux/kernel/git/sameo/nfc-fixes
Samuel Ortiz <sameo@linux.intel.com> says:
'This is the second NFC fixes pull request for 3.11.
We have:
- A build failure fix for the NCI SPI transport layer due to a
missing CRC_CCITT Kconfig dependency.
- A netlink command rename: CMD_FW_UPLOAD was merged during the 3.11
merge window but the typical terminology for loading a firmware to a
target is firmware download rather than upload. In order to avoid any
confusion in a file exported to userspace, we rename this command into
CMD_FW_DOWNLOAD."
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Chris Wright [Wed, 31 Jul 2013 19:12:24 +0000 (12:12 -0700)]
mac80211: fix infinite loop in ieee80211_determine_chantype
Commit "
3d9646d mac80211: fix channel selection bug" introduced a possible
infinite loop by moving the out target above the chandef_downgrade
while loop. When we downgrade to NL80211_CHAN_WIDTH_20_NOHT, we jump
back up to re-run the while loop...indefinitely. Replace goto with
break and carry on. This may not be sufficient to connect to the AP,
but will at least keep the cpu from livelocking. Thanks to Derek Atkins
as an extra pair of debugging eyes.
Cc: stable@kernel.org
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
John W. Linville [Wed, 31 Jul 2013 19:11:50 +0000 (15:11 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/bluetooth/bluetooth
Conflicts:
net/bluetooth/hci_core.c
Luciano Coelho [Tue, 30 Jul 2013 17:45:41 +0000 (20:45 +0300)]
MAINTAINERS: change email of TI WiLink drivers' maintainer
Soon the coelho@ti.com email will not be valid anymore, so change it
to my private one.
Cc: Luciano Coelho <luca@coelho.fi>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stone Piao [Mon, 29 Jul 2013 23:32:39 +0000 (16:32 -0700)]
mwifiex: fix command 0x2c timeout during p2p_find or p2p_connect
We missed bss_mode check for P2P client.
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Mon, 29 Jul 2013 23:32:38 +0000 (16:32 -0700)]
mwifiex: fix wrong data rates in P2P client
This patch fixes an issue wherein adhoc rates were being copied
into association request from P2P client.
Cc: <stable@vger.kernel.org> # 3.10.y
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Mon, 29 Jul 2013 23:32:37 +0000 (16:32 -0700)]
mwifiex: check for bss_role instead of bss_mode for STA operations
This patch fixes an issue wherein association would fail on P2P
interfaces. This happened because we are checking priv->mode
against NL80211_IFTYPE_STATION. While this check is correct for
infrastructure stations, it would fail P2P clients for which mode
is NL80211_IFTYPE_P2P_CLIENT.
Better check would be bss_role which has only 2 values: STA/AP.
Cc: <stable@vger.kernel.org> # 3.10.y
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Emmanuel Grumbach [Mon, 29 Jul 2013 20:05:18 +0000 (23:05 +0300)]
iwlwifi: pcie: disable L1 Active after pci_enable_device
As Arjan pointed out, we mustn't do anything related to PCI
configuration until the device is properly enabled with
pci_enable_device().
Cc: stable@vger.kernel.org
Reported-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Stanislaw Gruszka [Fri, 26 Jul 2013 13:29:09 +0000 (15:29 +0200)]
iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULL
If channel switch is pending and we remove interface we can
crash like showed below due to passing NULL vif to mac80211:
BUG: unable to handle kernel paging request at
fffffffffffff8cc
IP: [<
ffffffff8130924d>] strnlen+0xd/0x40
Call Trace:
[<
ffffffff8130ad2e>] string.isra.3+0x3e/0xd0
[<
ffffffff8130bf99>] vsnprintf+0x219/0x640
[<
ffffffff8130c481>] vscnprintf+0x11/0x30
[<
ffffffff81061585>] vprintk_emit+0x115/0x4f0
[<
ffffffff81657bd5>] printk+0x61/0x63
[<
ffffffffa048987f>] ieee80211_chswitch_done+0xaf/0xd0 [mac80211]
[<
ffffffffa04e7b34>] iwl_chswitch_done+0x34/0x40 [iwldvm]
[<
ffffffffa04f83c3>] iwlagn_commit_rxon+0x2a3/0xdc0 [iwldvm]
[<
ffffffffa04ebc50>] ? iwlagn_set_rxon_chain+0x180/0x2c0 [iwldvm]
[<
ffffffffa04e5e76>] iwl_set_mode+0x36/0x40 [iwldvm]
[<
ffffffffa04e5f0d>] iwlagn_mac_remove_interface+0x8d/0x1b0 [iwldvm]
[<
ffffffffa0459b3d>] ieee80211_do_stop+0x29d/0x7f0 [mac80211]
This is because we nulify ctx->vif in iwlagn_mac_remove_interface()
before calling some other functions that teardown interface. To fix
just check ctx->vif on iwl_chswitch_done(). We should not call
ieee80211_chswitch_done() as channel switch works were already canceled
by mac80211 in ieee80211_do_stop() -> ieee80211_mgd_stop().
Resolve:
https://bugzilla.redhat.com/show_bug.cgi?id=979581
Cc: stable@vger.kernel.org
Reported-by: Lukasz Jagiello <jagiello.lukasz@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Samuel Ortiz [Tue, 30 Jul 2013 23:19:43 +0000 (01:19 +0200)]
NFC: netlink: Rename CMD_FW_UPLOAD to CMD_FW_DOWNLOAD
Loading a firmware into a target is typically called firmware
download, not firmware upload. So we rename the netlink API to
NFC_CMD_FW_DOWNLOAD in order to avoid any terminology confusion from
userspace.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Johannes Berg [Tue, 30 Jul 2013 20:34:28 +0000 (22:34 +0200)]
nl80211: fix another nl80211_fam.attrbuf race
This is similar to the race Linus had reported, but in this case
it's an older bug: nl80211_prepare_wdev_dump() uses the wiphy
index in cb->args[0] as it is and thus parses the message over
and over again instead of just once because 0 is the first valid
wiphy index. Similar code in nl80211_testmode_dump() correctly
offsets the wiphy_index by 1, do that here as well.
Cc: stable@vger.kernel.org
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
John W. Linville [Mon, 29 Jul 2013 18:46:51 +0000 (14:46 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
John W. Linville [Mon, 29 Jul 2013 18:43:37 +0000 (14:43 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes
John W. Linville [Mon, 29 Jul 2013 18:40:16 +0000 (14:40 -0400)]
Merge branch 'for-linville-current' of git://github.com/kvalo/ath
Stanislaw Gruszka [Sun, 28 Jul 2013 11:17:22 +0000 (13:17 +0200)]
rt2x00: fix stop queue
Since we clear QUEUE_STARTED in rt2x00queue_stop_queue(), following
call to rt2x00queue_pause_queue() reduce to noop, i.e we do not
stop queue in mac80211.
To fix that introduce rt2x00queue_pause_queue_nocheck() function,
which will stop queue in mac80211 directly.
Note that rt2x00_start_queue() explicitly set QUEUE_PAUSED bit.
Note also that reordering operations i.e. first call to
rt2x00queue_pause_queue() and then clear QUEUE_STARTED bit, will race
with rt2x00queue_unpause_queue(), so calling ieee80211_stop_queue()
directly is the only available solution to fix the problem without
major rework.
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johan Hedberg [Sat, 27 Jul 2013 19:11:14 +0000 (14:11 -0500)]
Bluetooth: Fix calling request callback more than once
In certain circumstances, such as an HCI driver using __hci_cmd_sync_ev
with HCI_EV_CMD_COMPLETE as the expected completion event there is the
chance that hci_event_packet will call hci_req_cmd_complete twice (once
for the explicitly looked after event and another time in the actual
handler of cmd_complete).
In the case of __hci_cmd_sync_ev this introduces a race where the first
call wakes up the blocking __hci_cmd_sync_ev and lets it complete.
However, by the time that a second __hci_cmd_sync_ev call is already in
progress the second hci_req_cmd_complete call (from the previous
operation) will wake up the blocking function prematurely and cause it
to fail, as witnessed by the following log:
[ 639.232195] hci_rx_work: hci0 Event packet
[ 639.232201] hci_req_cmd_complete: opcode 0xfc8e status 0x00
[ 639.232205] hci_sent_cmd_data: hci0 opcode 0xfc8e
[ 639.232210] hci_req_sync_complete: hci0 result 0x00
[ 639.232220] hci_cmd_complete_evt: hci0 opcode 0xfc8e
[ 639.232225] hci_req_cmd_complete: opcode 0xfc8e status 0x00
[ 639.232228] __hci_cmd_sync_ev: hci0 end: err 0
[ 639.232234] __hci_cmd_sync_ev: hci0
[ 639.232238] hci_req_add_ev: hci0 opcode 0xfc8e plen 250
[ 639.232242] hci_prepare_cmd: skb len 253
[ 639.232246] hci_req_run: length 1
[ 639.232250] hci_sent_cmd_data: hci0 opcode 0xfc8e
[ 639.232255] hci_req_sync_complete: hci0 result 0x00
[ 639.232266] hci_cmd_work: hci0 cmd_cnt 1 cmd queued 1
[ 639.232271] __hci_cmd_sync_ev: hci0 end: err 0
[ 639.232276] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-61)
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Johan Hedberg [Tue, 23 Jul 2013 23:32:46 +0000 (02:32 +0300)]
Bluetooth: Fix HCI init for BlueFRITZ! devices
None of the BlueFRITZ! devices with manufacurer ID 31 (AVM Berlin)
support HCI_Read_Local_Supported_Commands. It is safe to use the
manufacturer ID (instead of e.g. a USB ID specific quirk) because the
company never created any newer controllers.
< HCI Command: Read Local Supported Comm.. (0x04|0x0002) plen 0 [hci0] 0.210014
> HCI Event: Command Status (0x0f) plen 4 [hci0] 0.217361
Read Local Supported Commands (0x04|0x0002) ncmd 1
Status: Unknown HCI Command (0x01)
Reported-by: Jörg Esser <jackfritt@boh.de>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Tested-by: Jörg Esser <jackfritt@boh.de>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Arend van Spriel [Thu, 25 Jul 2013 21:01:34 +0000 (23:01 +0200)]
brcmfmac: inform cfg80211 about disconnect when device is unplugged
When the brcmfmac device is physically removed cfg80211 gives a
warning upon unregistering the net device (see below).
[23052.390197] WARNING: CPU: 0 PID: 30 at net/wireless/core.c:937 cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211]()
[23052.400843] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) pl2303 usbserial binfmt_misc snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event lpc_ich snd_seq snd_timer snd_seq_device snd psmouse mfd_core serio_raw soundcore snd_page_alloc intel_ips dell_laptop dell_wmi sparse_keymap dcdbas nouveau ttm drm_kms_helper drm i2c_algo_bit mxm_wmi ahci libahci sdhci_pci firewire_ohci firewire_core sdhci crc_itu_t mmc_core intel_agp intel_gtt e1000e ptp pps_core agpgart video [last unloaded: brcmfmac]
[23052.452987] CPU: 0 PID: 30 Comm: khubd Tainted: G O
3.11.0-rc1-wl-testing-lockdep-00002-g41cc093-dirty #1
[23052.463480] Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
[23052.470852]
00000000 00000000 f4efdc18 c1522e3d f845bed2 f4efdc48 c103fbe4 c16a9254
[23052.478762]
00000000 0000001e f845bed2 000003a9 f841da44 f841da44 f3790004 f25539c0
[23052.486741]
e2700200 f4efdc58 c103fc22 00000009 00000000 f4efdcc0 f841da44 00000002
[23052.494712] Call Trace:
[23052.497165] [<
c1522e3d>] dump_stack+0x4b/0x66
[23052.501685] [<
c103fbe4>] warn_slowpath_common+0x84/0xa0
[23052.507085] [<
f841da44>] ? cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211]
[23052.514542] [<
f841da44>] ? cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211]
[23052.521981] [<
c103fc22>] warn_slowpath_null+0x22/0x30
[23052.527191] [<
f841da44>] cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211]
[23052.534494] [<
c150abe8>] ? packet_notifier+0xc8/0x1d0
[23052.539703] [<
c150abfc>] ? packet_notifier+0xdc/0x1d0
[23052.544880] [<
c150ab20>] ? packet_seq_stop+0x30/0x30
[23052.550002] [<
c152d655>] notifier_call_chain+0x45/0x60
[23052.555298] [<
c106839f>] raw_notifier_call_chain+0x1f/0x30
[23052.560963] [<
c143c693>] call_netdevice_notifiers_info+0x33/0x70
[23052.567153] [<
c1459869>] ? qdisc_destroy+0x99/0xb0
[23052.572116] [<
c143c6e3>] call_netdevice_notifiers+0x13/0x20
[23052.577861] [<
c143df93>] rollback_registered_many+0xf3/0x1d0
[23052.583687] [<
c1524cfc>] ? mutex_lock_nested+0x25c/0x350
[23052.589150] [<
c143e0f4>] rollback_registered+0x24/0x40
[23052.594445] [<
c143e15f>] unregister_netdevice_queue+0x4f/0xb0
[23052.600344] [<
c143e299>] unregister_netdev+0x19/0x30
[23052.605484] [<
f865b38f>] brcmf_del_if+0xbf/0x160 [brcmfmac]
[23052.611223] [<
f865b7ae>] brcmf_detach+0x5e/0xd0 [brcmfmac]
[23052.616881] [<
f8667413>] brcmf_usb_disconnect+0x63/0xa0 [brcmfmac]
[23052.623217] [<
c13e09aa>] usb_unbind_interface+0x4a/0x180
When the device is physically connected the driver sends a disassoc
command to the device and response triggers the driver to inform cfg80211
about it. However, with the device removed the disassoc command fails.
This patch adds a call to cfg80211_disconnected() when that command fails.
The warning was added by commit below and also cleans up, but better
doing it in the driver if only to get rid of the warning.
commit
f9bef3df52fe61067e4c1c6cfb2037cb6b259a6a
Author: Ben Greear <greearb@candelatech.com>
Date: Wed Jun 19 14:06:26 2013 -0700
wireless: check for dangling wdev->current_bss pointer
Cc: Ben Greear <greearb@candelatech.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tomasz Moń [Tue, 23 Jul 2013 05:42:49 +0000 (07:42 +0200)]
mwifiex: Add missing endian conversion.
Both type and pkt_len variables are in host endian and these should be in
Little Endian in the payload.
Signed-off-by: Tomasz Moń <desowin@gmail.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Emmanuel Grumbach [Thu, 25 Jul 2013 10:14:34 +0000 (13:14 +0300)]
iwlwifi: pcie: clear RFKILL interrupt in AMPG
If we forget to do so, we can't send HCMD to firmware while
the NIC is in RFKILL state.
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 24 Jul 2013 11:55:51 +0000 (13:55 +0200)]
iwlwifi: mvm: fix flushing not started aggregation sessions
When a not fully started aggregation session is destroyed
and flushed, we get a warning, e.g.
WARNING: at drivers/net/wireless/iwlwifi/pcie/tx.c:1142 iwl_trans_pcie_txq_disable+0x11c/0x160
queue 16 not used
Modules linked in: [...]
Pid: 5135, comm: hostapd Tainted: G W O 3.5.0 #10
Call Trace:
wlan0: driver sets block=0 for sta 00:03:7f:10:44:d3
[<
ffffffff81036492>] warn_slowpath_common+0x72/0xa0
[<
ffffffff81036577>] warn_slowpath_fmt+0x47/0x50
[<
ffffffffa0368d6c>] iwl_trans_pcie_txq_disable+0x11c/0x160 [iwlwifi]
[<
ffffffffa03a2099>] iwl_mvm_sta_tx_agg_flush+0xe9/0x150 [iwlmvm]
[<
ffffffffa0396c43>] iwl_mvm_mac_ampdu_action+0xf3/0x1e0 [iwlmvm]
[<
ffffffffa0293ad3>] ___ieee80211_stop_tx_ba_session+0x193/0x920 [mac80211]
[<
ffffffffa0294ed8>] __ieee80211_stop_tx_ba_session+0x48/0x70 [mac80211]
[<
ffffffffa029159f>] ieee80211_sta_tear_down_BA_sessions+0x4f/0x80 [mac80211]
[<
ffffffffa028a686>] __sta_info_destroy+0x66/0x370 [mac80211]
[<
ffffffffa028abb4>] sta_info_destroy_addr_bss+0x44/0x70 [mac80211]
[<
ffffffffa02a3e26>] ieee80211_del_station+0x26/0x50 [mac80211]
[<
ffffffffa01e6395>] nl80211_del_station+0x85/0x200 [cfg80211]
when a station deauthenticated from us without fully setting
up the aggregation session.
Fix this by checking the aggregation state before removing
the hardware queue.
Cc: stable@vger.kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ilan Peer [Tue, 23 Jul 2013 11:41:53 +0000 (14:41 +0300)]
iwlwifi: mvm: Disable managed PS when GO is added
The managed interface PS was not disabled when a GO interface
was added. As a consequence, when the station VMAC was in PS,
the GO also was not on the medium. Fix this.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Emmanuel Grumbach [Wed, 24 Jul 2013 07:19:06 +0000 (10:19 +0300)]
iwlwifi: pcie: reset the NIC before the bring up
This allows to clean all kinds of bad state it might be in.
This solves situation where HW RFkill was switched while
the NIC was offline.
Until now, we relied on the firmware to do clean the
interrupt, but new firmwares don't do that any more.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
AceLan Kao [Thu, 20 Jun 2013 05:38:45 +0000 (13:38 +0800)]
Bluetooth: Add support for Atheros [0cf3:e003]
Add support for the AR9462 chip
T: Bus=02 Lev=02 Prnt=02 Port=04 Cnt=01 Dev#= 4 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0cf3 ProdID=e003 Rev=00.02
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: AceLan Kao <acelan.kao@canonical.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Gustavo Padovan [Thu, 11 Jul 2013 10:34:28 +0000 (11:34 +0100)]
Bluetooth: Fix race between hci_register_dev() and hci_dev_open()
If hci_dev_open() is called after hci_register_dev() added the device to
the hci_dev_list but before the workqueue are created we could run into a
NULL pointer dereference (see below).
This bug is very unlikely to happen, systems using bluetoothd to
manage their bluetooth devices will never see this happen.
BUG: unable to handle kernel NULL pointer dereference
0100
IP: [<
ffffffff81077502>] __queue_work+0x32/0x3d0
(...)
Call Trace:
[<
ffffffff81077be5>] queue_work_on+0x45/0x50
[<
ffffffffa016e8ff>] hci_req_run+0xbf/0xf0 [bluetooth]
[<
ffffffffa01709b0>] ? hci_init2_req+0x720/0x720 [bluetooth]
[<
ffffffffa016ea06>] __hci_req_sync+0xd6/0x1c0 [bluetooth]
[<
ffffffff8108ee10>] ? try_to_wake_up+0x2b0/0x2b0
[<
ffffffff8150e3f0>] ? usb_autopm_put_interface+0x30/0x40
[<
ffffffffa016fad5>] hci_dev_open+0x275/0x2e0 [bluetooth]
[<
ffffffffa0182752>] hci_sock_ioctl+0x1f2/0x3f0 [bluetooth]
[<
ffffffff815c6050>] sock_do_ioctl+0x30/0x70
[<
ffffffff815c75f9>] sock_ioctl+0x79/0x2f0
[<
ffffffff811a8046>] do_vfs_ioctl+0x96/0x560
[<
ffffffff811a85a1>] SyS_ioctl+0x91/0xb0
[<
ffffffff816d989d>] system_call_fastpath+0x1a/0x1f
Reported-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
AceLan Kao [Wed, 17 Jul 2013 03:27:40 +0000 (11:27 +0800)]
Bluetooth: Add support for Atheros [0cf3:3121]
Add support for the AR3012 chip.
T: Bus=03 Lev=01 Prnt=01 Port=06 Cnt=01 Dev#= 6 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0cf3 ProdID=3121 Rev=00.02
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
Signed-off-by: AceLan Kao <acelan.kao@canonical.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Sujith Manoharan [Mon, 15 Jul 2013 03:59:03 +0000 (09:29 +0530)]
Bluetooth: ath3k: Add support for ID 0x13d3/0x3402
T: Bus=01 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=13d3 ProdID=3402 Rev= 0.02
S: Manufacturer=Atheros Communications
S: Product=Bluetooth USB Host Controller
S: SerialNumber=Alaska Day 2006
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=59701
Signed-off-by: Sujith Manoharan <sujith@msujith.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Adam Lee [Wed, 10 Jul 2013 02:02:12 +0000 (10:02 +0800)]
Bluetooth: fix wrong use of PTR_ERR() in btusb
PTR_ERR() returns a signed long type value which is limited by IS_ERR(),
it must be a negative number whose range is [-MAX_ERRNO, 0).
The bug here returns negative numbers as error codes, then check it by
"if (ret < 0)", but -PTR_ERR() is actually positive. The wrong use here
leads to failure as below, even panic.
[ 12.958920] Bluetooth: hci0 command 0xfc8e tx timeout
[ 14.961765] Bluetooth: hci0 command 0xfc8e tx timeout
[ 16.964688] Bluetooth: hci0 command 0xfc8e tx timeout
[ 20.954501] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 22.957358] Bluetooth: hci0 command 0xfc8e tx timeout
[ 30.948922] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 32.951780] Bluetooth: hci0 command 0xfc8e tx timeout
[ 40.943359] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 42.946219] Bluetooth: hci0 command 0xfc8e tx timeout
[ 50.937812] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 52.940670] Bluetooth: hci0 command 0xfc8e tx timeout
[ 60.932236] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 62.935092] Bluetooth: hci0 command 0xfc8e tx timeout
[ 70.926688] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 72.929545] Bluetooth: hci0 command 0xfc8e tx timeout
[ 80.921111] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-110)
[ 82.923969] Bluetooth: hci0 command 0xfc2f tx timeout
[ 90.915542] Bluetooth: hci0 sending Intel patch command (0xfc2f) failed (-110)
[ 92.918406] Bluetooth: hci0 command 0xfc11 tx timeout
[ 100.909955] Bluetooth: hci0 sending Intel patch command (0xfc11) failed (-110)
[ 102.912858] Bluetooth: hci0 command 0xfc60 tx timeout
[ 110.904394] Bluetooth: hci0 sending Intel patch command (0xfc60) failed (-110)
[ 112.907293] Bluetooth: hci0 command 0xfc11 tx timeout
[ 120.898831] Bluetooth: hci0 exiting Intel manufacturer mode failed (-110)
[ 120.904757] bluetoothd[1030]: segfault at 4 ip
00007f8b2eb55236 sp
00007fff53ff6920 error 4 in bluetoothd[
7f8b2eaff000+cb000]
Signed-off-by: Adam Lee <adam.lee@canonical.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Stanislaw Gruszka [Mon, 8 Jul 2013 08:27:23 +0000 (10:27 +0200)]
Bluetooth: ath3k: don't use stack memory for DMA
Memory allocated by vmalloc (including stack) can not be used for DMA,
i.e. data pointer on usb_control_msg() should not point to stack memory.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=977558
Reported-and-tested-by: Andy Lawrence <dr.diesel@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Thomas Loo [Wed, 3 Jul 2013 00:53:54 +0000 (02:53 +0200)]
Bluetooth: ath3k: Add support for Fujitsu Lifebook UH5x2 [04c5:1330]
The Fujitsu Lifebook UH552/UH572 ships with a Qualcomm AR9462/AR3012
WLAN/BT-Combo card.
Add device ID to the ath3k driver to enable the bluetooth side of things.
Patch against v3.10.
T: Bus=03 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#= 3 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=04c5 ProdID=1330 Rev=00.02
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
Signed-off-by: Thomas Loo <tloo@saltstorm.net>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Jaganath Kanakkassery [Fri, 21 Jun 2013 14:25:11 +0000 (19:55 +0530)]
Bluetooth: Fix invalid length check in l2cap_information_rsp()
The length check is invalid since the length varies with type of
info response.
This was introduced by the commit
cb3b3152b2f5939d67005cff841a1ca748b19888
Because of this, l2cap info rsp is not handled and command reject is sent.
> ACL data: handle 11 flags 0x02 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x00b8
Enhanced Retransmission mode
Streaming mode
FCS Option
Fixed Channels
< ACL data: handle 11 flags 0x00 dlen 10
L2CAP(s): Command rej: reason 0
Command not understood
Cc: stable@vger.kernel.org
Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Chan-Yeol Park <chanyeol.park@samsung.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Arik Nemtsov [Sun, 21 Jul 2013 13:36:48 +0000 (16:36 +0300)]
regulatory: use correct regulatory initiator on wiphy register
The current regdomain was not always set by the core. This causes
cards with a custom regulatory domain to ignore user initiated changes
if done before the card was registered.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Acked-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
David Spinadel [Tue, 23 Jul 2013 11:13:32 +0000 (14:13 +0300)]
iwlwifi: mvm: set SSID bits for passive channels
Set SSID bitmap for direct scan even on passive channels,
for the passive-to-active feature. Without this patch only
the SSID from probe request template is sent on passive
channels, after passive-to-active switching, causing us to
not find all desired networks.
Remove the unused passive scan mask constant.
Cc: stable@vger.kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 22 Jul 2013 16:26:56 +0000 (18:26 +0200)]
iwlwifi: mvm: use only a single GTK in D3
Unfortunately, the firmware only supports replay counters for
a single GTK in D3, so that we should only upload the last
key and use its replay counters. Since mac80211 key iteration
will walk through the keys in order of their addition, simply
use the same HW key index (1) for all GTKs, thus overwriting
previous ones with newer ones. The replay counters for it are
already used.
Reviewed-by: Yaron Vaknin <Yaron.Vaknin@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Stanislaw Gruszka [Tue, 23 Jul 2013 11:56:50 +0000 (13:56 +0200)]
mac80211: fix monitor interface suspend crash regression
My commit:
commit
12e7f517029dad819c45eca9ca01fdb9ba57616b
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Thu Feb 28 10:55:26 2013 +0100
mac80211: cleanup generic suspend/resume procedures
removed check for deleting MONITOR and AP_VLAN when suspend. That can
cause a crash (i.e. in iwlagn_mac_remove_interface()) since we remove
interface in the driver that we did not add before.
Reference:
http://marc.info/?l=linux-kernel&m=
137391815113860&w=2
Bisected-by: Ortwin Glück <odi@odi.ch>
Reported-and-tested-by: Ortwin Glück <odi@odi.ch>
Cc: stable@vger.kernel.org # 3.10
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Arend van Spriel [Mon, 22 Jul 2013 10:46:24 +0000 (12:46 +0200)]
brcmfmac: bail out of brcmf_txflowblock_if() for non-netdev interface
To avoid ending up in a NULL-pointer access, the function
brcmf_txflowblock_if() should only be called for interfaces
that have a netdev associated with it.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Jul 2013 18:31:22 +0000 (20:31 +0200)]
brcmfmac: decrement pending 8021x count upon tx failure
If the transmit fails because there are no hanger slots or
any other reason and the packet was an EAPOL packet the
pending counter should be decreased although it was not
transmitted so the driver does not end up in a dead-lock.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Sun, 21 Jul 2013 02:46:48 +0000 (21:46 -0500)]
ath: wil6210: Fix build error
Building driver wil6210 in 3.10 and 3.11 kernels yields the following errors:
CC [M] drivers/net/wireless/ath/wil6210/debugfs.o
drivers/net/wireless/ath/wil6210/debugfs.c: In function 'wil_print_ring':
drivers/net/wireless/ath/wil6210/debugfs.c:163:11: error: pointer targets in passing argument 5 of 'hex_dump_to_buffer' differ in signedness [-Werror=pointer-sign]
false);
^
In file included from include/linux/kernel.h:13:0,
from include/linux/cache.h:4,
from include/linux/time.h:4,
from include/linux/stat.h:18,
from include/linux/module.h:10,
from drivers/net/wireless/ath/wil6210/debugfs.c:17:
include/linux/printk.h:361:13: note: expected 'char *' but argument is of type 'unsigned char *'
extern void hex_dump_to_buffer(const void *buf, size_t len,
^
drivers/net/wireless/ath/wil6210/debugfs.c: In function 'wil_txdesc_debugfs_show':
drivers/net/wireless/ath/wil6210/debugfs.c:429:10: error: pointer targets in passing argument 5 of 'hex_dump_to_buffer' differ in signedness [-Werror=pointer-sign]
sizeof(printbuf), false);
^
In file included from include/linux/kernel.h:13:0,
from include/linux/cache.h:4,
from include/linux/time.h:4,
from include/linux/stat.h:18,
from include/linux/module.h:10,
from drivers/net/wireless/ath/wil6210/debugfs.c:17:
include/linux/printk.h:361:13: note: expected 'char *' but argument is of type 'unsigned char *'
extern void hex_dump_to_buffer(const void *buf, size_t len,
^
cc1: all warnings being treated as errors
make[5]: *** [drivers/net/wireless/ath/wil6210/debugfs.o] Error 1
make[4]: *** [drivers/net/wireless/ath/wil6210] Error 2
make[3]: *** [drivers/net/wireless/ath] Error 2
make[2]: *** [drivers/net/wireless] Error 2
make[1]: *** [drivers/net] Error 2
make: *** [drivers] Error 2
These errors are fixed by changing the type of the buffer from "unsigned char *" to "char *".
Reported-by: Thomas Fjellstrom <thomas@fjellstrom.ca>
Tested-by: Thomas Fjellstrom <thomas@fjellstrom.ca>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [3.10]
Cc: Thomas Fjellstrom <thomas@fjellstrom.ca>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Solomon Peachy [Sat, 20 Jul 2013 03:31:27 +0000 (23:31 -0400)]
cw1200: Fix OOPS in monitor mode
In monitor mode, priv->vif is NULL, but at one point in the receive path we
blindly attempt to dereference it. Add a test to prevent this.
Signed-off-by: Solomon Peachy <pizza@shaftnet.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Oleksij Rempel [Fri, 19 Jul 2013 18:16:18 +0000 (20:16 +0200)]
ath9k_htc: reboot firmware if it was loaded
Currently ath9k_htc will reboot firmware only if interface was
ever started. Which lead to the problem in case where interface
was never started but module need to be reloaded.
This patch will partially fix bug "ath9k_htc: Target is unresponsive"
https://github.com/qca/open-ath9k-htc-firmware/issues/1
Reproduction case:
- plug adapter
- make sure nothing will touch it. Stop Networkmanager or blacklist mac address of this adapter.
- rmmod ath9k_htc; sleep 1; modprobe ath9k_htc
Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Oleksij Rempel [Fri, 19 Jul 2013 18:16:17 +0000 (20:16 +0200)]
ath9k_htc: do some initial hardware configuration
Currently we configure harwdare and clock, only after
interface start. In this case, if we reload module or
reboot PC without configuring adapter, firmware will freeze.
There is no software way to reset adpter.
This patch add initial configuration and set it in
disabled state, to avoid this freeze. Behaviour of this patch
should be similar to: ifconfig wlan0 up; ifconfig wlan0 down.
Bug: https://github.com/qca/open-ath9k-htc-firmware/issues/1
Tested-by: Bo Shi <cnshibo@gmail.com>
Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Sat, 13 Jul 2013 14:57:10 +0000 (10:57 -0400)]
mwifiex: fix IRQ enable/disable
During tear down (e.g. mwifiex_sdio_remove during system suspend),
mwifiex left IRQs enabled for a significant period of time when it was
unable to handle them correctly. This caused interrupt storms and
interfered with the bluetooth interface on the same SDIO card.
Solve this by disabling interrupts at the point when they can no longer
be handled correctly, which is at the start of mwifiex_remove_card().
For cleanliness, we now enable interrupts in the mwifiex_add_card() path,
to be symmetrical with the disabling of interrupts. We also couple the
registration of the sdio IRQ handler with the actual enable/disable of
interrupts at the hardware level.
I also removed a write to this register in mwifiex_init_sdio which seemed
pointless and won't cause any ill effects now that we only register
the SDIO IRQ handler when we are ready to accept interrupts.
Includes some corrections from Amitkumar Karwar.
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Mon, 22 Jul 2013 20:02:10 +0000 (16:02 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes
John W. Linville [Mon, 22 Jul 2013 20:00:49 +0000 (16:00 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Emmanuel Grumbach [Thu, 18 Jul 2013 16:11:26 +0000 (19:11 +0300)]
iwlwifi: add DELL SKU for 5150 HMC
This SKU was missing in the list of supported devices
https://bugzilla.kernel.org/show_bug.cgi?id=60577
Cc: <stable@vger.kernel.org> [all versions]
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Chun-Yeow Yeoh [Fri, 19 Jul 2013 09:37:39 +0000 (17:37 +0800)]
mac80211: prevent the buffering or frame transmission to non-assoc mesh STA
This patch is intended to avoid the buffering to non-assoc mesh STA
and also to avoid the triggering of frame to non-assoc mesh STA which
could cause kernel panic in specific hw.
One of the examples, is kernel panic happens to ath9k if user space
inserts the mesh STA and not proceed with the SAE and AMPE, and later
the same mesh STA is detected again. The sta_state of the mesh STA remains
at IEEE80211_STA_NONE and if the ieee80211_sta_ps_deliver_wakeup is called
and subsequently the ath_tx_aggr_wakeup, the kernel panic due to
ath_tx_node_init is not called before to initialize the require data
structures.
This issue is reported by Cedric Voncken before.
http://www.spinics.net/lists/linux-wireless/msg106342.html
[<
831ea6b4>] ath_tx_aggr_wakeup+0x44/0xcc [ath9k]
[<
83084214>] ieee80211_sta_ps_deliver_wakeup+0xb8/0x208 [mac80211]
[<
830b9824>] ieee80211_mps_sta_status_update+0x94/0x108 [mac80211]
[<
83099398>] ieee80211_sta_ps_transition+0xc94/0x34d8 [mac80211]
[<
8022399c>] nf_iterate+0x98/0x104
[<
8309bb60>] ieee80211_sta_ps_transition+0x345c/0x34d8 [mac80211]
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Kalle Valo [Mon, 22 Jul 2013 09:26:12 +0000 (12:26 +0300)]
MAINTAINERS: update ath6kl git location
The git tree is in github.com nowadays.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Kalle Valo [Mon, 22 Jul 2013 09:22:19 +0000 (12:22 +0300)]
MAINTAINERS: add ath10k
I forgot to add an entry to MAINTAINERS when submitting the driver.
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Geert Uytterhoeven [Wed, 10 Jul 2013 21:03:36 +0000 (23:03 +0200)]
ath10k: ATH10K should depend on HAS_DMA
If NO_DMA=y:
drivers/built-in.o: In function `ath10k_skb_unmap':
drivers/net/wireless/ath/ath10k/core.h:98: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath10k_skb_map':
drivers/net/wireless/ath/ath10k/core.h:83: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath10k/core.h:86: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `ath10k_htt_rx_ring_free':
drivers/net/wireless/ath/ath10k/htt_rx.c:113: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath10k_htt_rx_amsdu_pop':
drivers/net/wireless/ath/ath10k/htt_rx.c:296: undefined reference to `dma_unmap_single'
drivers/net/wireless/ath/ath10k/htt_rx.c:389: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `__ath10k_htt_rx_ring_fill_n':
drivers/net/wireless/ath/ath10k/htt_rx.c:146: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath10k/htt_rx.c:150: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `ath10k_htt_rx_attach':
drivers/net/wireless/ath/ath10k/htt_rx.c:474: undefined reference to `dma_alloc_coherent'
drivers/net/wireless/ath/ath10k/htt_rx.c:509: undefined reference to `dma_free_coherent'
drivers/net/wireless/ath/ath10k/htt_rx.c:514: undefined reference to `dma_free_coherent'
drivers/built-in.o: In function `ath10k_htt_rx_detach':
drivers/net/wireless/ath/ath10k/htt_rx.c:220: undefined reference to `dma_unmap_single'
drivers/net/wireless/ath/ath10k/htt_rx.c:228: undefined reference to `dma_free_coherent'
drivers/built-in.o: In function `ath10k_skb_map':
drivers/net/wireless/ath/ath10k/core.h:83: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath10k/core.h:86: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `ath10k_skb_unmap':
drivers/net/wireless/ath/ath10k/core.h:98: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `ath10k_skb_map':
drivers/net/wireless/ath/ath10k/core.h:83: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath10k/core.h:86: undefined reference to `dma_mapping_error'
drivers/net/wireless/ath/ath10k/core.h:83: undefined reference to `dma_map_single'
drivers/net/wireless/ath/ath10k/core.h:86: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `ath10k_skb_unmap':
drivers/net/wireless/ath/ath10k/core.h:98: undefined reference to `dma_unmap_single'
drivers/net/wireless/ath/ath10k/core.h:98: undefined reference to `dma_unmap_single'
drivers/net/wireless/ath/ath10k/core.h:98: undefined reference to `dma_unmap_single'
drivers/net/wireless/ath/ath10k/core.h:98: undefined reference to `dma_unmap_single'
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Frederic Danis [Thu, 20 Jun 2013 09:11:04 +0000 (11:11 +0200)]
NFC: Fix NCI over SPI build
kbuild test robot found following error:
net/built-in.o: In function `nci_spi_send':
>> spi.c:(.text+0x19a76f): undefined reference to `crc_ccitt'
Add CRC_CCITT module to Kconfig to fix it
Reported-by: kbuild test robot.
Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Sujith Manoharan [Mon, 15 Jul 2013 05:33:57 +0000 (11:03 +0530)]
ath9k_hw: Fix multicast search for AR9002 family
The multicast search bit is disabled for the AR9003
family, but this is required for AR9002 too. Fix this in
the INI override routine.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Fri, 12 Jul 2013 20:32:15 +0000 (15:32 -0500)]
rtlwifi: Fix build errors for unusual cases
The present build configuration for the rtlwifi family of drivers will
fail under two known conditions:
(1) If rtlwifi is selected without selecting any of the dependent drivers,
there are errors in the build.
(2) If the PCI drivers are built into the kernel and the USB drivers are modules,
or vice versa, there are missing globals.
The first condition is fixed by never building rtlwifi unless at least one
of the device drivers is selected. The second failure is fixed by splitting
the PCI and USB codes out of rtlwifi, and creating their own mini drivers.
If the drivers that use them are modules, they will also be modules.
Although a number of files are touched by this patch, only Makefile and Kconfig
have undergone significant changes. The only modifications to the other files
were to export entry points needed by the new rtl_pci and rtl_usb units, or to
rename two variables that had names that were likely to cause namespace collisions.
Reported-by: Fengguang Wu <fengguang.wu@intel.com> [Condition 1]
Reported-by: Ben Hutchings <bhutchings@solarflare.com> [Condition 2]
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Cc: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Bob Copeland [Thu, 11 Jul 2013 13:19:13 +0000 (09:19 -0400)]
ath5k: fix extra set bit in multicast mask
Bit 32 was always set which looks to have been accidental,
according to git history.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Geert Uytterhoeven [Wed, 10 Jul 2013 21:03:35 +0000 (23:03 +0200)]
rt2x00: RT2X00 should depend on HAS_DMA
If NO_DMA=y:
drivers/built-in.o: In function `rt2x00queue_unmap_skb':
drivers/net/wireless/rt2x00/rt2x00queue.c:129: undefined reference to `dma_unmap_single'
drivers/net/wireless/rt2x00/rt2x00queue.c:133: undefined reference to `dma_unmap_single'
drivers/built-in.o: In function `rt2x00queue_map_txskb':
drivers/net/wireless/rt2x00/rt2x00queue.c:112: undefined reference to `dma_map_single'
drivers/net/wireless/rt2x00/rt2x00queue.c:115: undefined reference to `dma_mapping_error'
drivers/built-in.o: In function `rt2x00queue_alloc_rxskb':
drivers/net/wireless/rt2x00/rt2x00queue.c:93: undefined reference to `dma_map_single'
drivers/net/wireless/rt2x00/rt2x00queue.c:95: undefined reference to `dma_mapping_error'
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arnd Bergmann [Fri, 5 Jul 2013 15:43:56 +0000 (17:43 +0200)]
ssb: fix alignment of struct bcma_device_id
The ARM OABI and EABI disagree on the alignment of structures
with small members, so module init tools may interpret the
ssb device table incorrectly, as shown by this warning when
building the b43 device driver in an OABI kernel:
FATAL: drivers/net/wireless/b43/b43: sizeof(struct ssb_device_id)=6 is
not a modulo of the size of section __mod_ssb_device_table=88.
Forcing the default (EABI) alignment on the structure makes this
problem go away. Since the ssb_device_id may have the same problem,
better fix both structures.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Alexey Khoroshilov [Mon, 1 Jul 2013 20:43:42 +0000 (00:43 +0400)]
ath9k_htc: fix data race between request_firmware_nowait() callback and suspend()
ath9k_hif_usb_probe() requests firmware asynchronically and
there is some initialization postponed till firmware is ready.
In particular, ath9k_hif_usb_firmware_cb() callback initializes
hif_dev->tx.tx_buf and hif_dev->tx.tx_pending lists.
At the same time, ath9k_hif_usb_suspend() iterates that lists through
ath9k_hif_usb_dealloc_urbs(). If suspend happens before request_firmware_nowait()
callback is called, it can lead to oops.
Similar issue could be in ath9k_hif_usb_disconnect(), but it is prevented
using hif_dev->fw_done completion and HIF_USB_READY flag. The patch extends
this approach to suspend() as well.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Sun, 30 Jun 2013 10:02:13 +0000 (12:02 +0200)]
ath9k: fix tx pending frames accounting for dropped packets
When dropping packets that have gone far enough into the tx path, the
pending frame counter needs to be decreased.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Fri, 28 Jun 2013 14:12:53 +0000 (09:12 -0500)]
rtlwifi: Initialize power-setting callback for USB devices
Commit
a269913c5 entitled "rtlwifi: Rework rtl_lps_leave() and
rtl_lps_enter() to use work queue" has two bugs for USB drivers.
Firstly, the work queue in question was not initialized. Secondly,
the callback routine used by this queue is contained within the
file used for PCI devices. As a result, it is not available for
architectures without PCI hardware.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Richard Genoud <richard.genoud@gmail.com>
Tested-by: Richard Genoud <richard.genoud@gmail.com>
Cc: Richard Genoud <richard.genoud@gmail.com>
Cc: Stable <stable@vger.kernel.org> [3.10]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 15 Jul 2013 12:35:06 +0000 (14:35 +0200)]
mac80211/minstrel: fix NULL pointer dereference issue
When priv_sta == NULL, mi->prev_sample is dereferenced too early. Move
the assignment further down, after the rate_control_send_low call.
Reported-by: Krzysztof Mazur <krzysiek@podlesie.net>
Cc: stable@vger.kernel.org # 3.10
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
David Spinadel [Thu, 4 Jul 2013 12:22:26 +0000 (15:22 +0300)]
iwlwifi: mvm: remove extra SSID from probe request
Bits 1-21 in this channel type attributes are indication for which
SSID is going to be sent on this channel. Since the first SSID is
sent implicitly in the probe request, we don't need to toggle its
bit here.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
David Spinadel [Thu, 4 Jul 2013 12:17:48 +0000 (15:17 +0300)]
iwlwifi: mvm: fix bug in scan ssid
Increment index in each iteration. Without this increment we are
overriding the added SSIDs and we will send only the last SSId
and (n_ssids - 1) broadcast probes.
Cc: <stable@vger.kernel.org> [3.9+]
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 4 Jul 2013 13:55:29 +0000 (15:55 +0200)]
iwlwifi: mvm: refuse connection to APs with BI < 16
Due to a firmware bug, it crashes when the beacon interval
is smaller than 16. Avoid this by refusing the station state
change creating the AP station, causing mac80211 to abandon
the attempt to connect to the AP, and eventually wpa_s to
blacklist it.
Cc: stable@vger.kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Emmanuel Grumbach [Tue, 2 Jul 2013 11:16:38 +0000 (14:16 +0300)]
iwlwifi: mvm: track the number of Rx BA sessions
The firmware / HW can't support more than 16 Rx BA sessions.
Deny any attemps to open more sessions than that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Emmanuel Grumbach [Tue, 2 Jul 2013 10:35:35 +0000 (13:35 +0300)]
iwlwifi: mvm: fix L2P BA ressources leak
We didn't release the Rx AMPDU ressources properly.
This bug led to firmware assert after 16 BA sessions.
Cc: <stable@vger.kernel.org> [3.9+]
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Alexander Bondar [Sun, 23 Jun 2013 17:31:07 +0000 (20:31 +0300)]
iwlwifi: mvm: Fix VIF specific debugfs directory creation
Avoid creating VIF specific debugfs directory if already exist.
This may happen when, for example, resetting hw, suspend-resume.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Johannes Berg [Fri, 3 May 2013 16:58:16 +0000 (18:58 +0200)]
iwlwifi: dvm: don't send BT_CONFIG on devices w/o Bluetooth
The BT_CONFIG command that is sent to the device during
startup will enable BT coex unless the module parameter
turns it off, but on devices without Bluetooth this may
cause problems, as reported in Redhat BZ 885407.
Fix this by sending the BT_CONFIG command only when the
device has Bluetooth.
Cc: stable@vger.kernel.org
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Emmanuel Grumbach [Mon, 24 Jun 2013 12:44:03 +0000 (15:44 +0300)]
iwlwifi: mvm: unregister leds when registration failed
This was missing and prevented any further attempts
to load the module.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Johannes Berg [Thu, 11 Jul 2013 20:33:26 +0000 (22:33 +0200)]
mac80211: fix duplicate retransmission detection
The duplicate retransmission detection code in mac80211
erroneously attempts to do the check for every frame,
even frames that don't have a sequence control field or
that don't use it (QoS-Null frames.)
This is problematic because it causes the code to access
data beyond the end of the SKB and depending on the data
there will drop packets erroneously.
Correct the code to not do duplicate detection for such
frames.
I found this error while testing AP powersave, it lead
to retransmitted PS-Poll frames being dropped entirely
as the data beyond the end of the SKB was always zero.
Cc: stable@vger.kernel.org [all versions]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Chun-Yeow Yeoh [Thu, 11 Jul 2013 10:24:03 +0000 (18:24 +0800)]
nl80211: fix the setting of RSSI threshold value for mesh
RSSI threshold value used for mesh peering should be in
negative value. After range checks to mesh parameters is
introduced, this is not allowed. Fix this.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Johannes Berg [Mon, 8 Jul 2013 08:43:31 +0000 (10:43 +0200)]
mac80211: fix ethtool stats for non-station interfaces
As reported in https://bugzilla.kernel.org/show_bug.cgi?id=60514,
the station loop never initialises 'sinfo' and therefore adds up
a stack values, leaking stack information (the number of times it
adds values is easily obtained another way.)
Fix this by initialising the sinfo for each station to add.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Felix Fietkau [Fri, 28 Jun 2013 19:04:35 +0000 (21:04 +0200)]
mac80211/minstrel_ht: fix cck rate sampling
The CCK group needs special treatment to set the right flags and rate
index. Add this missing check to prevent setting broken rates for tx
packets.
Cc: stable@vger.kernel.org # 3.10
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Johannes Berg [Mon, 24 Jun 2013 13:43:38 +0000 (15:43 +0200)]
regulatory: add missing rtnl locking
restore_regulatory_settings() requires the RTNL to be held,
add the missing locking in reg_timeout_work().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 28 Jun 2013 09:38:54 +0000 (11:38 +0200)]
cfg80211: fix bugs in new SME implementation
When splitting the SME implementation from the MLME code,
I introduced a few bugs:
* association failures no longer sent a connect-failure event
* getting disassociated from the AP caused deauth to be sent
but state wasn't cleaned up, leading to warnings
* authentication failures weren't cleaned up properly, causing
new connection attempts to warn and fail
Fix these bugs.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Michal Kazior [Tue, 25 Jun 2013 07:17:17 +0000 (09:17 +0200)]
nl80211: fix mgmt tx status and testmode reporting for netns
These two events were sent to the default network
namespace.
This caused AP mode in a non-default netns to not
work correctly. Mgmt tx status was multicasted to
a different (default) netns instead of the one the
AP was in.
Cc: stable@vger.kernel.org
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Linus Torvalds [Sun, 14 Jul 2013 22:18:27 +0000 (15:18 -0700)]
Linux 3.11-rc1
Linus Torvalds [Sun, 14 Jul 2013 22:14:29 +0000 (15:14 -0700)]
Merge branch 'slab/for-linus' of git://git./linux/kernel/git/penberg/linux
Pull slab update from Pekka Enberg:
"Highlights:
- Fix for boot-time problems on some architectures due to
init_lock_keys() not respecting kmalloc_caches boundaries
(Christoph Lameter)
- CONFIG_SLUB_CPU_PARTIAL requested by RT folks (Joonsoo Kim)
- Fix for excessive slab freelist draining (Wanpeng Li)
- SLUB and SLOB cleanups and fixes (various people)"
I ended up editing the branch, and this avoids two commits at the end
that were immediately reverted, and I instead just applied the oneliner
fix in between myself.
* 'slab/for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/linux
slub: Check for page NULL before doing the node_match check
mm/slab: Give s_next and s_stop slab-specific names
slob: Check for NULL pointer before calling ctor()
slub: Make cpu partial slab support configurable
slab: add kmalloc() to kernel API documentation
slab: fix init_lock_keys
slob: use DIV_ROUND_UP where possible
slub: do not put a slab to cpu partial list when cpu_partial is 0
mm/slub: Use node_nr_slabs and node_nr_objs in get_slabinfo
mm/slub: Drop unnecessary nr_partials
mm/slab: Fix /proc/slabinfo unwriteable for slab
mm/slab: Sharing s_next and s_stop between slab and slub
mm/slab: Fix drain freelist excessively
slob: Rework #ifdeffery in slab.h
mm, slab: moved kmem_cache_alloc_node comment to correct place
Steven Rostedt [Thu, 17 Jan 2013 18:10:58 +0000 (13:10 -0500)]
slub: Check for page NULL before doing the node_match check
In the -rt kernel (mrg), we hit the following dump:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<
ffffffff811573f1>] kmem_cache_alloc_node+0x51/0x180
PGD
a2d39067 PUD
b1641067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: sunrpc cpufreq_ondemand ipv6 tg3 joydev sg serio_raw pcspkr k8temp amd64_edac_mod edac_core i2c_piix4 e100 mii shpchp ext4 mbcache jbd2 sd_mod crc_t10dif sr_mod cdrom sata_svw ata_generic pata_acpi pata_serverworks radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod
CPU 3
Pid: 20878, comm: hackbench Not tainted 3.6.11-rt25.14.el6rt.x86_64 #1 empty empty/Tyan Transport GT24-B3992
RIP: 0010:[<
ffffffff811573f1>] [<
ffffffff811573f1>] kmem_cache_alloc_node+0x51/0x180
RSP: 0018:
ffff8800a9b17d70 EFLAGS:
00010213
RAX:
0000000000000000 RBX:
0000000001200011 RCX:
ffff8800a06d8000
RDX:
0000000004d92a03 RSI:
00000000000000d0 RDI:
ffff88013b805500
RBP:
ffff8800a9b17dc0 R08:
ffff88023fd14d10 R09:
ffffffff81041cbd
R10:
00007f4e3f06e9d0 R11:
0000000000000246 R12:
ffff88013b805500
R13:
ffff8801ff46af40 R14:
0000000000000001 R15:
0000000000000000
FS:
00007f4e3f06e700(0000) GS:
ffff88023fd00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
0000000000000000 CR3:
00000000a2d3a000 CR4:
00000000000007e0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process hackbench (pid: 20878, threadinfo
ffff8800a9b16000, task
ffff8800a06d8000)
Stack:
ffff8800a9b17da0 ffffffff81202e08 ffff8800a9b17de0 000000d001200011
0000000001200011 0000000001200011 0000000000000000 0000000000000000
00007f4e3f06e9d0 0000000000000000 ffff8800a9b17e60 ffffffff81041cbd
Call Trace:
[<
ffffffff81202e08>] ? current_has_perm+0x68/0x80
[<
ffffffff81041cbd>] copy_process+0xdd/0x15b0
[<
ffffffff810a2125>] ? rt_up_read+0x25/0x30
[<
ffffffff8104369a>] do_fork+0x5a/0x360
[<
ffffffff8107c66b>] ? migrate_enable+0xeb/0x220
[<
ffffffff8100b068>] sys_clone+0x28/0x30
[<
ffffffff81527423>] stub_clone+0x13/0x20
[<
ffffffff81527152>] ? system_call_fastpath+0x16/0x1b
Code: 89 fc 89 75 cc 41 89 d6 4d 8b 04 24 65 4c 03 04 25 48 ae 00 00 49 8b 50 08 4d 8b 28 49 8b 40 10 4d 85 ed 74 12 41 83 fe ff 74 27 <48> 8b 00 48 c1 e8 3a 41 39 c6 74 1b 8b 75 cc 4c 89 c9 44 89 f2
RIP [<
ffffffff811573f1>] kmem_cache_alloc_node+0x51/0x180
RSP <
ffff8800a9b17d70>
CR2:
0000000000000000
---[ end trace
0000000000000002 ]---
Now, this uses SLUB pretty much unmodified, but as it is the -rt kernel
with CONFIG_PREEMPT_RT set, spinlocks are mutexes, although they do
disable migration. But the SLUB code is relatively lockless, and the
spin_locks there are raw_spin_locks (not converted to mutexes), thus I
believe this bug can happen in mainline without -rt features. The -rt
patch is just good at triggering mainline bugs ;-)
Anyway, looking at where this crashed, it seems that the page variable
can be NULL when passed to the node_match() function (which does not
check if it is NULL). When this happens we get the above panic.
As page is only used in slab_alloc() to check if the node matches, if
it's NULL I'm assuming that we can say it doesn't and call the
__slab_alloc() code. Is this a correct assumption?
Acked-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>