1. 15 Sep, 2016 1 commit
    • Beni Lev's avatar
      iwlwifi: mvm: update TX queue before making a copy of the skb · 54c5ef2e
      Beni Lev authored
      Off-channel action frames (such as ANQP frames) must be sent either on
      the AUX queue or on the offchannel queue, otherwise the firmware will
      cause a SYSASSERT.
      
      In the current implementation, the queue to be used is correctly set in
      the original skb, but this is done after it is copied.  Thus the copy
      remains with the original, incorrect queue.
      
      Fix this by setting the queue in the original skb before copying it.
      
      Fixes: commit 5c08b0f5 ("iwlwifi: mvm: don't override the rate with the AMSDU len")
      Cc: stable@vger.kernel.org # v4.6+
      Signed-off-by: default avatarBeni Lev <beni.lev@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      54c5ef2e
  2. 29 Aug, 2016 5 commits
  3. 24 Aug, 2016 2 commits
    • mhiramat@kernel.org's avatar
      brcmfmac: Change vif_event_lock to spinlock · b64abcb7
      mhiramat@kernel.org authored
      Change vif_event_lock to spinlock from mutex, since this lock is
      used in wait_event_timeout() via vif_event_equals(). This caused
      a warning report as below.
      
      As far as I can see, this lock protects regions where updating
      structure members, not function calls. Also, since those
      regions are not called from interrupt handlers (of course, it
      was a mutex), spin_lock is used instead of spin_lock_irqsave.
      
      [  186.678550] ------------[ cut here ]------------
      [  186.678556] WARNING: CPU: 2 PID: 7140 at /home/mhiramat/ksrc/linux/kernel/sched/core.c:7545 __might_sleep+0x7c/0x80
      [  186.678560] do not call blocking ops when !TASK_RUNNING; state=2 set at [<ffffffff980d9090>] prepare_to_wait_event+0x60/0x100
      [  186.678560] Modules linked in: brcmfmac xt_CHECKSUM rfcomm ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_addrtype br_netfilter xt_tcpudp ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_raw ip6table_security ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_raw iptable_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_filter ip_tables x_tables bnep nls_iso8859_1 i2c_designware_platform i2c_designware_core snd_hda_codec_hdmi snd_hda_codec_realtek dcdbas snd_hda_codec_generic snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal intel_powerclamp coretemp
      [  186.678594]  snd_pcm crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 joydev glue_helper snd_hwdep lrw gf128mul uvcvideo ablk_helper snd_seq_midi cryptd snd_seq_midi_event snd_rawmidi videobuf2_vmalloc videobuf2_memops snd_seq input_leds videobuf2_v4l2 cfg80211 videobuf2_core snd_timer videodev serio_raw btusb snd_seq_device media btrtl rtsx_pci_ms snd mei_me memstick hid_multitouch mei soundcore brcmutil idma64 virt_dma intel_lpss_pci processor_thermal_device intel_soc_dts_iosf hci_uart btbcm btqca btintel bluetooth int3403_thermal dell_smo8800 intel_lpss_acpi intel_lpss int3402_thermal int340x_thermal_zone intel_hid mac_hid int3400_thermal shpchp sparse_keymap acpi_pad acpi_thermal_rel acpi_als kfifo_buf industrialio kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq
      [  186.678631]  usbhid nouveau ttm i915 rtsx_pci_sdmmc mxm_wmi i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse drm ahci rtsx_pci nvme nvme_core libahci i2c_hid hid pinctrl_sunrisepoint video wmi pinctrl_intel fjes [last unloaded: brcmfmac]
      [  186.678646] CPU: 2 PID: 7140 Comm: wpa_supplicant Not tainted 4.8.0-rc1+ #8
      [  186.678647] Hardware name: Dell Inc. XPS 15 9550/0N7TVV, BIOS 01.02.00 04/07/2016
      [  186.678648]  0000000000000000 ffff9d8c64b5b900 ffffffff98442f23 ffff9d8c64b5b950
      [  186.678651]  0000000000000000 ffff9d8c64b5b940 ffffffff9808b22b 00001d790000000d
      [  186.678653]  ffffffff98c75e78 000000000000026c 0000000000000000 ffff9d8c2706d058
      [  186.678655] Call Trace:
      [  186.678659]  [<ffffffff98442f23>] dump_stack+0x85/0xc2
      [  186.678666]  [<ffffffff9808b22b>] __warn+0xcb/0xf0
      [  186.678668]  [<ffffffff9808b29f>] warn_slowpath_fmt+0x4f/0x60
      [  186.678671]  [<ffffffff980d9090>] ? prepare_to_wait_event+0x60/0x100
      [  186.678672]  [<ffffffff980d9090>] ? prepare_to_wait_event+0x60/0x100
      [  186.678674]  [<ffffffff980b922c>] __might_sleep+0x7c/0x80
      [  186.678680]  [<ffffffff988b0853>] mutex_lock_nested+0x33/0x3b0
      [  186.678682]  [<ffffffff980e5d8d>] ? trace_hardirqs_on+0xd/0x10
      [  186.678689]  [<ffffffffc0c57d2d>] brcmf_cfg80211_wait_vif_event+0xcd/0x130 [brcmfmac]
      [  186.678691]  [<ffffffff980d9190>] ? wake_atomic_t_function+0x60/0x60
      [  186.678697]  [<ffffffffc0c628e9>] brcmf_p2p_del_vif+0xf9/0x220 [brcmfmac]
      [  186.678702]  [<ffffffffc0c57fab>] brcmf_cfg80211_del_iface+0x21b/0x270 [brcmfmac]
      [  186.678716]  [<ffffffffc0b0539e>] nl80211_del_interface+0xfe/0x3a0 [cfg80211]
      [  186.678718]  [<ffffffff987ca335>] genl_family_rcv_msg+0x1b5/0x370
      [  186.678720]  [<ffffffff980e5d8d>] ? trace_hardirqs_on+0xd/0x10
      [  186.678721]  [<ffffffff987ca56d>] genl_rcv_msg+0x7d/0xb0
      [  186.678722]  [<ffffffff987ca4f0>] ? genl_family_rcv_msg+0x370/0x370
      [  186.678724]  [<ffffffff987c9a47>] netlink_rcv_skb+0x97/0xb0
      [  186.678726]  [<ffffffff987ca168>] genl_rcv+0x28/0x40
      [  186.678727]  [<ffffffff987c93c3>] netlink_unicast+0x1d3/0x2f0
      [  186.678729]  [<ffffffff987c933b>] ? netlink_unicast+0x14b/0x2f0
      [  186.678731]  [<ffffffff987c97cb>] netlink_sendmsg+0x2eb/0x3a0
      [  186.678733]  [<ffffffff9876dad8>] sock_sendmsg+0x38/0x50
      [  186.678734]  [<ffffffff9876e4df>] ___sys_sendmsg+0x27f/0x290
      [  186.678737]  [<ffffffff9828b935>] ? mntput_no_expire+0x5/0x3f0
      [  186.678739]  [<ffffffff9828b9be>] ? mntput_no_expire+0x8e/0x3f0
      [  186.678741]  [<ffffffff9828b935>] ? mntput_no_expire+0x5/0x3f0
      [  186.678743]  [<ffffffff9828bd44>] ? mntput+0x24/0x40
      [  186.678744]  [<ffffffff98267830>] ? __fput+0x190/0x200
      [  186.678746]  [<ffffffff9876f125>] __sys_sendmsg+0x45/0x80
      [  186.678748]  [<ffffffff9876f172>] SyS_sendmsg+0x12/0x20
      [  186.678749]  [<ffffffff988b5680>] entry_SYSCALL_64_fastpath+0x23/0xc1
      [  186.678751]  [<ffffffff980e2b8f>] ? trace_hardirqs_off_caller+0x1f/0xc0
      [  186.678752] ---[ end trace e224d66c5d8408b5 ]---
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Acked-by: default avatarArend van Spriel <arend.vanspriel@broadcom.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      b64abcb7
    • mhiramat@kernel.org's avatar
      brcmfmac: Check rtnl_lock is locked when removing interface · 15dacf88
      mhiramat@kernel.org authored
      Check rtnl_lock is locked in brcmf_p2p_ifp_removed() by passing
      rtnl_locked flag. Actually the caller brcmf_del_if() checks whether
      the rtnl_lock is locked, but doesn't pass it to brcmf_p2p_ifp_removed().
      
      Without this fix, wpa_supplicant goes softlockup with rtnl_lock
      holding (this means all other process using netlink are locked up too)
      
      e.g.
      [ 4495.876627] INFO: task wpa_supplicant:7307 blocked for more than 10 seconds.
      [ 4495.876632]       Tainted: G        W       4.8.0-rc1+ #8
      [ 4495.876635] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
      [ 4495.876638] wpa_supplicant  D ffff974c647b39a0     0  7307      1 0x00000000
      [ 4495.876644]  ffff974c647b39a0 0000000000000000 ffff974c00000000 ffff974c7dc59c58
      [ 4495.876651]  ffff974c6b7417c0 ffff974c645017c0 ffff974c647b4000 ffffffff86f16c08
      [ 4495.876657]  ffff974c645017c0 0000000000000246 00000000ffffffff ffff974c647b39b8
      [ 4495.876664] Call Trace:
      [ 4495.876671]  [<ffffffff868aeccc>] schedule+0x3c/0x90
      [ 4495.876676]  [<ffffffff868af065>] schedule_preempt_disabled+0x15/0x20
      [ 4495.876682]  [<ffffffff868b0996>] mutex_lock_nested+0x176/0x3b0
      [ 4495.876686]  [<ffffffff867a2067>] ? rtnl_lock+0x17/0x20
      [ 4495.876690]  [<ffffffff867a2067>] rtnl_lock+0x17/0x20
      [ 4495.876720]  [<ffffffffc0ae9a5d>] brcmf_p2p_ifp_removed+0x4d/0x70 [brcmfmac]
      [ 4495.876741]  [<ffffffffc0aebde6>] brcmf_remove_interface+0x196/0x1b0 [brcmfmac]
      [ 4495.876760]  [<ffffffffc0ae9901>] brcmf_p2p_del_vif+0x111/0x220 [brcmfmac]
      [ 4495.876777]  [<ffffffffc0adefab>] brcmf_cfg80211_del_iface+0x21b/0x270 [brcmfmac]
      [ 4495.876820]  [<ffffffffc097b39e>] nl80211_del_interface+0xfe/0x3a0 [cfg80211]
      [ 4495.876825]  [<ffffffff867ca335>] genl_family_rcv_msg+0x1b5/0x370
      [ 4495.876832]  [<ffffffff860e5d8d>] ? trace_hardirqs_on+0xd/0x10
      [ 4495.876836]  [<ffffffff867ca56d>] genl_rcv_msg+0x7d/0xb0
      [ 4495.876839]  [<ffffffff867ca4f0>] ? genl_family_rcv_msg+0x370/0x370
      [ 4495.876846]  [<ffffffff867c9a47>] netlink_rcv_skb+0x97/0xb0
      [ 4495.876849]  [<ffffffff867ca168>] genl_rcv+0x28/0x40
      [ 4495.876854]  [<ffffffff867c93c3>] netlink_unicast+0x1d3/0x2f0
      [ 4495.876860]  [<ffffffff867c933b>] ? netlink_unicast+0x14b/0x2f0
      [ 4495.876866]  [<ffffffff867c97cb>] netlink_sendmsg+0x2eb/0x3a0
      [ 4495.876870]  [<ffffffff8676dad8>] sock_sendmsg+0x38/0x50
      [ 4495.876874]  [<ffffffff8676e4df>] ___sys_sendmsg+0x27f/0x290
      [ 4495.876882]  [<ffffffff8628b935>] ? mntput_no_expire+0x5/0x3f0
      [ 4495.876888]  [<ffffffff8628b9be>] ? mntput_no_expire+0x8e/0x3f0
      [ 4495.876894]  [<ffffffff8628b935>] ? mntput_no_expire+0x5/0x3f0
      [ 4495.876899]  [<ffffffff8628bd44>] ? mntput+0x24/0x40
      [ 4495.876904]  [<ffffffff86267830>] ? __fput+0x190/0x200
      [ 4495.876909]  [<ffffffff8676f125>] __sys_sendmsg+0x45/0x80
      [ 4495.876914]  [<ffffffff8676f172>] SyS_sendmsg+0x12/0x20
      [ 4495.876918]  [<ffffffff868b5680>] entry_SYSCALL_64_fastpath+0x23/0xc1
      [ 4495.876924]  [<ffffffff860e2b8f>] ? trace_hardirqs_off_caller+0x1f/0xc0
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Acked-by: default avatarRafał Miłecki <rafal@milecki.pl>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      15dacf88
  4. 22 Aug, 2016 2 commits
    • Felix Fietkau's avatar
      ath9k: fix using sta->drv_priv before initializing it · 7711aaf0
      Felix Fietkau authored
      A station pointer can be passed to the driver on tx, before it has been
      marked as associated. Since ath9k_sta_state was initializing the entry
      too late, it resulted in some spurious crashes.
      
      Fixes: df3c6eb3 ("ath9k: Use sta_state() callback")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      7711aaf0
    • Felix Fietkau's avatar
      ath9k: fix client mode beacon configuration · 05860bed
      Felix Fietkau authored
      For pure station mode, iter_data.primary_beacon_vif was used and passed
      to ath_beacon_config, but not set to the station vif.
      This was causing the following warning:
      
      [  100.310919] ------------[ cut here ]------------
      [  100.315683] WARNING: CPU: 0 PID: 7 at compat-wireless-2016-06-20/drivers/net/wireless/ath/ath9k/beacon.c:642 ath9k_calculate_summary_state+0x250/0x60c [ath9k]()
      [  100.402028] CPU: 0 PID: 7 Comm: kworker/u2:1 Tainted: G        W       4.4.15 #5
      [  100.409676] Workqueue: phy0 ieee80211_ibss_leave [mac80211]
      [  100.415351] Stack : 8736e98c 870b4b20 87a25b54 800a6800 8782a080 80400d63 8039b96c 00000007
      [  100.415351]    803c5edc 87875914 80400000 800a47cc 87a25b54 800a6800 803a0fd8 80400000
      [  100.415351]    00000003 87875914 80400000 80094ae0 87a25b54 8787594c 00000000 801ef308
      [  100.415351]    803ffe70 801ef300 87193d58 87b3a400 87b3ad00 70687930 00000000 00000000
      [  100.415351]    00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      [  100.415351]    ...
      [  100.451703] Call Trace:
      [  100.454235] [<800a6800>] vprintk_default+0x24/0x30
      [  100.459110] [<800a47cc>] printk+0x2c/0x38
      [  100.463190] [<800a6800>] vprintk_default+0x24/0x30
      [  100.468072] [<80094ae0>] print_worker_info+0x148/0x174
      [  100.473378] [<801ef308>] serial8250_console_putchar+0x0/0x44
      [  100.479122] [<801ef300>] wait_for_xmitr+0xc4/0xcc
      [  100.484014] [<87193d58>] ieee80211_ibss_leave+0xb90/0x1900 [mac80211]
      [  100.490590] [<80081604>] warn_slowpath_common+0xa0/0xd0
      [  100.495922] [<801a359c>] dump_stack+0x14/0x28
      [  100.500350] [<80071a00>] show_stack+0x50/0x84
      [  100.504784] [<80081604>] warn_slowpath_common+0xa0/0xd0
      [  100.510106] [<87024c60>] ath9k_calculate_summary_state+0x250/0x60c [ath9k]
      [  100.517105] [<800816b8>] warn_slowpath_null+0x18/0x24
      [  100.522256] [<87024c60>] ath9k_calculate_summary_state+0x250/0x60c [ath9k]
      [  100.529273] [<87025418>] ath9k_set_txpower+0x148/0x498 [ath9k]
      [  100.535302] [<871d2c64>] cleanup_module+0xa74/0xd4c [mac80211]
      [  100.541237] [<801ef308>] serial8250_console_putchar+0x0/0x44
      [  100.547042] [<800a5d18>] wake_up_klogd+0x54/0x68
      [  100.551730] [<800a6650>] vprintk_emit+0x404/0x43c
      [  100.556623] [<871b9db8>] ieee80211_sta_rx_notify+0x258/0x32c [mac80211]
      [  100.563475] [<871ba6a4>] ieee80211_sta_rx_queued_mgmt+0x63c/0x734 [mac80211]
      [  100.570693] [<871aa49c>] ieee80211_tx_prepare_skb+0x210/0x230 [mac80211]
      [  100.577609] [<800af5d4>] mod_timer+0x15c/0x190
      [  100.582220] [<871ba8b8>] ieee80211_sta_work+0xfc/0xe1c [mac80211]
      [  100.588539] [<871940b4>] ieee80211_ibss_leave+0xeec/0x1900 [mac80211]
      [  100.595122] [<8009ec84>] dequeue_task_fair+0x44/0x130
      [  100.600281] [<80092a34>] process_one_work+0x1f8/0x334
      [  100.605454] [<80093830>] worker_thread+0x2b4/0x408
      [  100.610317] [<8009357c>] worker_thread+0x0/0x408
      [  100.615019] [<8009357c>] worker_thread+0x0/0x408
      [  100.619705] [<80097b68>] kthread+0xdc/0xe8
      [  100.623886] [<80097a8c>] kthread+0x0/0xe8
      [  100.627961] [<80060878>] ret_from_kernel_thread+0x14/0x1c
      [  100.633448]
      [  100.634956] ---[ end trace aafbe57e9ae6862f ]---
      
      Fixes: cfda2d8e ("ath9k: Fix beacon configuration for addition/removal of interfaces")
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      05860bed
  5. 18 Aug, 2016 2 commits
    • Cathy Luo's avatar
      mwifiex: fix large amsdu packets causing firmware hang · c81396f3
      Cathy Luo authored
      Sometimes host prepares and downloads a large amsdu packet to firmware
      which leads to a memory corruption in firmware.
      The reason is __dev_alloc_skb() may allocate larger buffer than required
      size. This patch solves the problem by checking "adapter->tx_buf_size"
      instead of relying on skb_tailroom().
      Signed-off-by: default avatarCathy Luo <cluo@marvell.com>
      Signed-off-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      c81396f3
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 184ca823
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Buffers powersave frame test is reversed in cfg80211, fix from Felix
          Fietkau.
      
       2) Remove bogus WARN_ON in openvswitch, from Jarno Rajahalme.
      
       3) Fix some tg3 ethtool logic bugs, and one that would cause no
          interrupts to be generated when rx-coalescing is set to 0.  From
          Satish Baddipadige and Siva Reddy Kallam.
      
       4) QLCNIC mailbox corruption and napi budget handling fix from Manish
          Chopra.
      
       5) Fix fib_trie logic when walking the trie during /proc/net/route
          output than can access a stale node pointer.  From David Forster.
      
       6) Several sctp_diag fixes from Phil Sutter.
      
       7) PAUSE frame handling fixes in mlxsw driver from Ido Schimmel.
      
       8) Checksum fixup fixes in bpf from Daniel Borkmann.
      
       9) Memork leaks in nfnetlink, from Liping Zhang.
      
      10) Use after free in rxrpc, from David Howells.
      
      11) Use after free in new skb_array code of macvtap driver, from Jason
          Wang.
      
      12) Calipso resource leak, from Colin Ian King.
      
      13) mediatek bug fixes (missing stats sync init, etc.) from Sean Wang.
      
      14) Fix bpf non-linear packet write helpers, from Daniel Borkmann.
      
      15) Fix lockdep splats in macsec, from Sabrina Dubroca.
      
      16) hv_netvsc bug fixes from Vitaly Kuznetsov, mostly to do with VF
          handling.
      
      17) Various tc-action bug fixes, from CONG Wang.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (116 commits)
        net_sched: allow flushing tc police actions
        net_sched: unify the init logic for act_police
        net_sched: convert tcf_exts from list to pointer array
        net_sched: move tc offload macros to pkt_cls.h
        net_sched: fix a typo in tc_for_each_action()
        net_sched: remove an unnecessary list_del()
        net_sched: remove the leftover cleanup_a()
        mlxsw: spectrum: Allow packets to be trapped from any PG
        mlxsw: spectrum: Unmap 802.1Q FID before destroying it
        mlxsw: spectrum: Add missing rollbacks in error path
        mlxsw: reg: Fix missing op field fill-up
        mlxsw: spectrum: Trap loop-backed packets
        mlxsw: spectrum: Add missing packet traps
        mlxsw: spectrum: Mark port as active before registering it
        mlxsw: spectrum: Create PVID vPort before registering netdevice
        mlxsw: spectrum: Remove redundant errors from the code
        mlxsw: spectrum: Don't return upon error in removal path
        i40e: check for and deal with non-contiguous TCs
        ixgbe: Re-enable ability to toggle VLAN filtering
        ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths
        ...
      184ca823
  6. 17 Aug, 2016 21 commits
  7. 16 Aug, 2016 7 commits