- 13 Dec, 2010 4 commits
-
-
Christian Lamparter authored
This patch adds five more USBIDs to the table. Source: http://www.linuxant.com/pipermail/driverloader/2005q3/002307.html http://wireless.kernel.org/en/users/Drivers/p54/devices (by M. Davis) Cc: <stable@kernel.org> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Tim Harvey authored
dev_open will eventually call ieee80211_ibss_join which sets up the skb used for beacons/probe-responses however it is possible to receive beacons that attempt to merge before this occurs causing a null pointer dereference. Check ssid_len as that is the last thing set in ieee80211_ibss_join. This occurs quite easily in the presence of adhoc nodes with hidden SSID's revised previous patch to check further up based on irc feedback Signed-off-by: Tim Harvey <harvey.tim@gmail.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Sven Neumann authored
The code wants to check if there's a channel and it is not disabled, but it used to check if channel is not NULL and accessed the channel struct if this check failed. Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Acked-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 09 Dec, 2010 2 commits
-
-
Wey-Yi Guy authored
From: Johannes Berg <johannes.berg@intel.com> The current EEPROM reading code has some layout assumptions that now turned out to be false with some newer versions of the EEPROM. Luckily, we can avoid all such assumptions by using data in the EEPROM itself, so implement using that. However, for risk mitigation purposes, keep the old reading code for current hardware for now. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
-
Johannes Berg authored
Some fields we didn't previously use from the enhanced TX power structure will be needed in the next patch, so rename them to their correct names to be able to use them and change code reading them accordingly. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
-
- 08 Dec, 2010 9 commits
-
-
David Kilroy authored
Enable the port when disabling countermeasures, and disable it on enabling countermeasures. This bug causes the response of the system to certain attacks to be ineffective. It also prevents wpa_supplicant from getting scan results, as wpa_supplicant disables countermeasures on startup - preventing the hardware from scanning. wpa_supplicant works with ap_mode=2 despite this bug because the commit handler re-enables the port. The log tends to look like: State: DISCONNECTED -> SCANNING Starting AP scan for wildcard SSID Scan requested (ret=0) - scan timeout 5 seconds EAPOL: disable timer tick EAPOL: Supplicant port status: Unauthorized Scan timeout - try to get results Failed to get scan results Failed to get scan results - try scanning again Setting scan request: 1 sec 0 usec Starting AP scan for wildcard SSID Scan requested (ret=-1) - scan timeout 5 seconds Failed to initiate AP scan. Reported by: Giacomo Comes <comes@naic.edu> Signed-off by: David Kilroy <kilroyd@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
David Kilroy authored
... and interface up. In these situations, you are usually trying to connect to a new AP, so keeping TKIP countermeasures active is confusing. This is already how the driver behaves (inadvertently). However, querying SIOCGIWAUTH may tell userspace that countermeasures are active when they aren't. Clear the setting so that the reporting matches what the driver has done.. Signed-off by: David Kilroy <kilroyd@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Helmut Schaa authored
mac80211 doesn't handle shared skbs correctly at the moment. As a result a possible resize can trigger a BUG in pskb_expand_head. [ 676.030000] Kernel bug detected[#1]: [ 676.030000] Cpu 0 [ 676.030000] $ 0 : 00000000 00000000 819662ff 00000002 [ 676.030000] $ 4 : 81966200 00000020 00000000 00000020 [ 676.030000] $ 8 : 819662e0 800043c0 00000002 00020000 [ 676.030000] $12 : 3b9aca00 00000000 00000000 00470000 [ 676.030000] $16 : 80ea2000 00000000 00000000 00000000 [ 676.030000] $20 : 818aa200 80ea2018 80ea2000 00000008 [ 676.030000] $24 : 00000002 800ace5c [ 676.030000] $28 : 8199a000 8199bd20 81938f88 80f180d4 [ 676.030000] Hi : 0000026e [ 676.030000] Lo : 0000757e [ 676.030000] epc : 801245e4 pskb_expand_head+0x44/0x1d8 [ 676.030000] Not tainted [ 676.030000] ra : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211] [ 676.030000] Status: 1000a403 KERNEL EXL IE [ 676.030000] Cause : 10800024 [ 676.030000] PrId : 0001964c (MIPS 24Kc) [ 676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci] [ 676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000) [ 676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000 [ 676.030000] 818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018 [ 676.030000] 81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48 [ 676.030000] 81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c [ 676.030000] 80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90 [ 676.030000] ... [ 676.030000] Call Trace: [ 676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8 [ 676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211] [ 676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211] [ 676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211] [ 676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8 [ 676.030000] [<8002ebe8>] kthread+0x7c/0x88 [ 676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18 [ 676.030000] [ 676.030000] [ 676.030000] Code: 24020001 10620005 2502001f <0200000d> 0804917a 00000000 2502001f 00441023 00531021 Fix this by making a local copy of shared skbs prior to mangeling them. To avoid copying the skb unnecessarily move the skb_copy call below the checks that don't need write access to the skb. Also, move the assignment of nh_pos and h_pos below the skb_copy to point to the correct skb. It would be possible to avoid another resize of the copied skb by using skb_copy_expand instead of skb_copy but that would make the patch more complex. Also, shared skbs are a corner case right now, so the resize shouldn't matter much. Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Sujith Manoharan authored
The HW has to be set to FULLSLEEP mode during suspend, when no interface has been brought up. Not doing this would break resume, as the chip won't be powered up at all. Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Javier Cardona authored
Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Javier Cardona authored
This results in an erroneus num_adhoc_vifs count, as the this counter was incremented but not decremented for mesh interfaces. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Javier Cardona authored
This patch fixes the oops below when attempting to bring up a mesh interface on ath5k hardware. [ 128.933099] kernel BUG at drivers/net/wireless/ath/ath5k/base.c:197! [ 128.933099] invalid opcode: 0000 [#1] (...) [ 128.933099] Call Trace: [ 128.933099] [<c83b77fa>] ? ath5k_beacon_update+0x57/0x1f8 [ath5k] [ 128.933099] [<c02d9a40>] ? __sysfs_add_one+0x28/0x76 [ 128.933099] [<c83b830e>] ? ath5k_bss_info_changed+0x13f/0x173 [ath5k] [ 128.933099] [<c82ff629>] ? ieee80211_config_beacon+0xc0/0x17e [mac80211] [ 128.933099] [<c82f073e>] ? ieee80211_bss_info_change_notify+0x182/0x18b [mac80211] [ 128.933099] [<c83b81cf>] ? ath5k_bss_info_changed+0x0/0x173 [ath5k] [ 128.933099] [<c82ff6d6>] ? ieee80211_config_beacon+0x16d/0x17e [mac80211] [ 128.933099] [<c82ff753>] ? ieee80211_add_beacon+0x34/0x39 [mac80211] [ 128.933099] [<c830a4ed>] ? ieee80211s_init+0xf8/0x10f [mac80211] [ 128.933099] [<c830a5df>] ? ieee80211_mesh_init_sdata+0xdb/0x154 [mac80211] Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
David Kilroy authored
The interrupt handler takes a lock - but since commit bcad6e80 this lock goes through an indirection specified in the hermes_t structure. We must therefore initialise the structure before setting up the interrupt handler. Fix orinoco_cs and spectrum_cs <https://bugzilla.kernel.org/show_bug.cgi?id=23932> Bisected by: Matt Domsch <Matt_Domsch@dell.com> Signed-off by: David Kilroy <kilroyd@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jun Nie authored
If we fail to find a hci device pointer in hci_uart, don't try to deref the NULL one we do have. Signed-off-by: Jun Nie <njun@marvell.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 07 Dec, 2010 4 commits
-
-
Rajkumar Manoharan authored
The beacon tasklet is accesssing the bslot info for beacon generation. Meanwhile the same slot can be freed on interface deletion. Current the remove_interface disables the beacon alert after freeing the slot. This may leads to null pointer access. This patch disables SWBA and kills the beacon tasklet to prevent access to the slot to be freed. After releasing the slot, swba will be enabled again upon the availablity of beaconing interfaces. Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Senthil Balasubramanian authored
AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying this status for MIC failed frames is buggy. Due to this, MIC failure events for broadcast frames are not sent to supplicant resulted in AP disconnecting the STA. Able to pass Wifi Test case 5.2.18 with this fix. Cc: Stable <stable@kernel.org> (2.6.36+) Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felix Fietkau authored
When ath_drain_all_txq fails to stop DMA, it issues a hw reset. This reset happens at a very problematic point in time, when the hardware rx path has not been stopped yet. This could lead to memory corruption, hardware hangs or other issues. To fix these issues, simply remove the reset entirely and check the tx DMA stop status to prevent problems with fast channel changes. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Matteo Croce authored
The ath9k driver subtracts 3 dBm to the txpower as with two radios the signal power is doubled. The resulting value is assigned in an u16 which overflows and makes the card work at full power. Cc: stable@kernel.org Signed-off-by: Matteo Croce <matteo@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 06 Dec, 2010 1 commit
-
-
Johan Hedberg authored
Due to commit 63ce0900 connections initiated through TTYs created with "rfcomm bind ..." would have security level BT_SECURITY_SDP instead of BT_SECURITY_LOW. This would cause instant connection failure between any two SSP capable devices due to the L2CAP connect request to RFCOMM being sent before authentication has been performed. This patch fixes the regression by always initializing the DLC security level to BT_SECURITY_LOW. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 02 Dec, 2010 5 commits
-
-
John W. Linville authored
This reverts commit 916448e7. "As far as I can tell, either of these patches breaks multiple VIF scenarios. I'm not sure exactly why, but I had to revert this to get any of my interfaces to associate." -- Ben Greear <greearb@candelatech.com> http://marc.info/?l=linux-wireless&m=129123368719339&w=2Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felix Fietkau authored
A few LNA control related flags were also specified as a bitfields, however for some strange reason they were written in big-endian order this time. Fix this by using flags instead. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felix Fietkau authored
Parsing data using bitfields is messy, because it makes endian handling much harder. AR9002 and earlier got it right, AR9003 got it wrong. This might lead to either using too high or too low tx power values, depending on frequency and eeprom settings. Fix it by getting rid of the CTL related bitfields entirely and use masks instead. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Vasanthakumar Thiagarajan authored
The register which gives input gpio state is 0x404c for ar9003, currently 0x4048 is wrongly used. This will disable RF and make it unusable on some of AR9003. Cc:stable@kernel.org Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 01 Dec, 2010 2 commits
-
-
Bala Shanmugam authored
Atheros 3011 has small sflash firmware and needs to be blacklisted in transport driver to load actual firmware in DFU driver. Signed-off-by: Bala Shanmugam <sbalashanmugam@atheros.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Stefan Seyfried authored
If a device is autosuspended an inability to resubmit URBs is to be expected. Check the error code and only log real errors. (Now that autosuspend is default enabled for btusb, those log messages were happening all the time e.g. with a BT mouse) Signed-off-by: Stefan Seyfried <seife+kernel@b1-systems.com> Signed-off-by: Oliver Neukum <oneukum@suse.de> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 30 Nov, 2010 4 commits
-
-
Senthil Balasubramanian authored
AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying this status for MIC failed frames is buggy. Due to this, MIC failure events for broadcast frames are not sent to supplicant resulted in AP disconnecting the STA. Able to pass Wifi Test case 5.2.18 with this fix. Cc: Stable <stable@kernel.org> (2.6.36+) Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Senthil Balasubramanian authored
Th commit titled "mac80211: clean up rx handling wrt. found_sta" removed found_sta variable which caused a MIC failure event to be reported twice for a single failure to supplicant resulted in STA disconnect. This should fix WPA specific countermeasures WiFi test case (5.2.17) issues with mac80211 based drivers which report MIC failure events in rx status. Cc: Stable <stable@kernel.org> (2.6.37) Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Christian Lamparter authored
This patch fixes an curious issue due to insufficient rx frame filtering. Saqeb Akhter reported frequent disconnects while streaming videos over samba: <http://marc.info/?m=128600031109136> > [ 1166.512087] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [ 1526.059997] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [ 2125.324356] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [...] The reason is that the device generates frames with slightly bogus SA/TA addresses. e.g.: [ 2314.402316] Ignore 9f:1f:31:f8:64:ff [ 2314.402321] Ignore 9f:1f:31:f8:64:ff [ 2352.453804] Ignore 0d:1f:31:f8:64:ff [ 2352.453808] Ignore 0d:1f:31:f8:64:ff ^^ the group-address flag is set! (the correct SA/TA would be: 00:1f:31:f8:64:ff) Since the AP does not know from where the frames come, it generates a DEAUTH response for the (invalid) mcast address. This mcast deauth frame then passes through all filters and tricks the stack into thinking that the AP brutally kicked us! This patch fixes the problem by simply ignoring non-broadcast, group-addressed deauth/disassoc frames. Cc: Jouni Malinen <j@w1.fi> Cc: Johannes Berg <johannes@sipsolutions.net> Reported-by: Saqeb Akhter <saqeb.akhter@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
David Kilroy authored
This fixes the problem causing the following trace: ------------[ cut here ]------------ WARNING: at linux-2.6.34/net/wireless/core.c:633 wdev_cleanup_work+0xb7/0xe0 [cfg80211]() Hardware name: Latitude C840 Pid: 707, comm: cfg80211 Not tainted 2.6.34.7-0.5-desktop #1 Call Trace: [<c02065c3>] try_stack_unwind+0x173/0x190 [<c02051cf>] dump_trace+0x3f/0xe0 [<c020662b>] show_trace_log_lvl+0x4b/0x60 [<c0206658>] show_trace+0x18/0x20 [<c064e0b3>] dump_stack+0x6d/0x72 [<c02443ae>] warn_slowpath_common+0x6e/0xb0 [<c0244403>] warn_slowpath_null+0x13/0x20 [<e2db5497>] wdev_cleanup_work+0xb7/0xe0 [cfg80211] [<c025cfa9>] run_workqueue+0x79/0x170 [<c025d123>] worker_thread+0x83/0xe0 [<c025fef4>] kthread+0x74/0x80 [<c0203826>] kernel_thread_helper+0x6/0x10 ---[ end trace 3f0348b3b0c6f4ff ]--- Reported by: Giacomo Comes <comes@naic.edu> Signed-off-by: David Kilroy <kilroyd@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 29 Nov, 2010 7 commits
-
-
Christian Lamparter authored
commit: "carl9170: revamp carl9170_tx_prepare" introduced a peculiar bug that would only show up if the the module parameter noht is set to 1. Then all outbound voice, video and background frames would each invoke a (bogus) RTS/CTS handshake. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jouni Malinen authored
In order for frame injection to work properly for some use cases (e.g., finding the station entry and keys for encryption), mac80211 needs to find the correct sdata entry. This works when the main vif is in AP mode, but commit a2c1e3da broke this particular use case for station main vif. While this type of injection is quite unusual operation, it has some uses and we should fix it. Do this by changing the monitor vif sdata selection to allow station vif to be selected instead of limiting it to just AP vifs. We still need to skip some iftypes to avoid selecting unsuitable vif for injection. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Rajkumar Manoharan authored
while removing beaconing mode interface, SWBA interrupt was never disabled when there are no other beaconing interfaces. Cc: stable@kernel.org Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
With some upcoming changes we'd like to use the interface types for P2P capability tests. Enable them now so that when we add those tests in wpa_supplicant, nothing will break. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Gabor Juhos authored
The ath9k driver uses a shared pm_qos_request_list structure for all devices. This causes the following warning if more than one device is present in the system: WARNING: at kernel/pm_qos_params.c:234 ath9k_init_device+0x5e8/0x6b0() pm_qos_add_request() called for already added request Modules linked in: Call Trace: [<802b1cdc>] dump_stack+0x8/0x34 [<8007dd90>] warn_slowpath_common+0x78/0xa4 [<8007de44>] warn_slowpath_fmt+0x2c/0x38 [<801b0828>] ath9k_init_device+0x5e8/0x6b0 [<801bc508>] ath_pci_probe+0x2dc/0x39c [<80176254>] pci_device_probe+0x64/0xa4 [<8019471c>] driver_probe_device+0xbc/0x188 [<80194854>] __driver_attach+0x6c/0xa4 [<80193e20>] bus_for_each_dev+0x60/0xb0 [<80193580>] bus_add_driver+0xcc/0x268 [<80194c08>] driver_register+0xe0/0x198 [<801764e0>] __pci_register_driver+0x50/0xe0 [<80365f48>] ath9k_init+0x3c/0x6c [<8006050c>] do_one_initcall+0xfc/0x1d8 [<80355340>] kernel_init+0xd4/0x174 [<800639a4>] kernel_thread_helper+0x10/0x18 ---[ end trace 5345fc6f870564a6 ]--- This patch fixes that warning by using a separate pm_qos_request_list sructure for each device. Signed-off-by: Gabor Juhos <juhosg@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Sven Neumann authored
card->priv must not be accessed after lbs_remove_card() was called as lbs_remove_card() frees card->priv via free_netdev(). For libertas_sdio this is a regression introduced by 23b149c1. The correct fix to the issue described there is simply to remove the assignment. This flag is set at the appropriate time inside lbs_remove_card anyway. Reported-by: Daniel Drake <dsd@laptop.org> Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Signed-off-by: Daniel Drake <dsd@laptop.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Daniel Drake authored
"priv" is stored at the end of the wiphy structure, which is freed during the call to lbs_cfg_free(). It must not be touched afterwards. Remove the unnecessary NULL assignment causing this memory corruption. Signed-off-by: Daniel Drake <dsd@laptop.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 23 Nov, 2010 1 commit
-
-
Guennadi Liakhovetski authored
Fix unbalanced call to sdio_release_host() on the error path. Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 22 Nov, 2010 1 commit
-
-
Gustavo F. Padovan authored
Return 0 in that situation could lead to errors in the caller. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-