1. 08 Dec, 2010 6 commits
    • Helmut Schaa's avatar
      mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs · 7e244707
      Helmut Schaa authored
      mac80211 doesn't handle shared skbs correctly at the moment. As a result
      a possible resize can trigger a BUG in pskb_expand_head.
      
      [  676.030000] Kernel bug detected[#1]:
      [  676.030000] Cpu 0
      [  676.030000] $ 0   : 00000000 00000000 819662ff 00000002
      [  676.030000] $ 4   : 81966200 00000020 00000000 00000020
      [  676.030000] $ 8   : 819662e0 800043c0 00000002 00020000
      [  676.030000] $12   : 3b9aca00 00000000 00000000 00470000
      [  676.030000] $16   : 80ea2000 00000000 00000000 00000000
      [  676.030000] $20   : 818aa200 80ea2018 80ea2000 00000008
      [  676.030000] $24   : 00000002 800ace5c
      [  676.030000] $28   : 8199a000 8199bd20 81938f88 80f180d4
      [  676.030000] Hi    : 0000026e
      [  676.030000] Lo    : 0000757e
      [  676.030000] epc   : 801245e4 pskb_expand_head+0x44/0x1d8
      [  676.030000]     Not tainted
      [  676.030000] ra    : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]
      [  676.030000] Status: 1000a403    KERNEL EXL IE
      [  676.030000] Cause : 10800024
      [  676.030000] PrId  : 0001964c (MIPS 24Kc)
      [  676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]
      [  676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000)
      [  676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000
      [  676.030000]         818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018
      [  676.030000]         81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48
      [  676.030000]         81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c
      [  676.030000]         80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90
      [  676.030000]         ...
      [  676.030000] Call Trace:
      [  676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8
      [  676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211]
      [  676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211]
      [  676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]
      [  676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8
      [  676.030000] [<8002ebe8>] kthread+0x7c/0x88
      [  676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18
      [  676.030000]
      [  676.030000]
      [  676.030000] Code: 24020001  10620005  2502001f <0200000d> 0804917a  00000000  2502001f  00441023  00531021
      
      Fix this by making a local copy of shared skbs prior to mangeling them.
      To avoid copying the skb unnecessarily move the skb_copy call below the
      checks that don't need write access to the skb.
      
      Also, move the assignment of nh_pos and h_pos below the skb_copy to point
      to the correct skb.
      
      It would be possible to avoid another resize of the copied skb by using
      skb_copy_expand instead of skb_copy but that would make the patch more
      complex. Also, shared skbs are a corner case right now, so the resize
      shouldn't matter much.
      
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarHelmut Schaa <helmut.schaa@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      7e244707
    • Sujith Manoharan's avatar
      ath9k_htc: Fix suspend/resume · f933ebed
      Sujith Manoharan authored
      The HW has to be set to FULLSLEEP mode during suspend,
      when no interface has been brought up. Not doing this would
      break resume, as the chip won't be powered up at all.
      Signed-off-by: default avatarSujith Manoharan <Sujith.Manoharan@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      f933ebed
    • Javier Cardona's avatar
    • Javier Cardona's avatar
      ath5k: Prevent mesh interfaces from being counted as ad-hoc · c26d5339
      Javier Cardona authored
      This results in an erroneus num_adhoc_vifs count, as the this counter
      was incremented but not decremented for mesh interfaces.
      Signed-off-by: default avatarJavier Cardona <javier@cozybit.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      c26d5339
    • Javier Cardona's avatar
      ath5k: Fix beaconing in mesh mode · d82b577b
      Javier Cardona authored
      This patch fixes the oops below when attempting to bring up a mesh
      interface on ath5k hardware.
      
      [  128.933099] kernel BUG at drivers/net/wireless/ath/ath5k/base.c:197!
      [  128.933099] invalid opcode: 0000 [#1]
      (...)
      [  128.933099] Call Trace:
      [  128.933099]  [<c83b77fa>] ? ath5k_beacon_update+0x57/0x1f8 [ath5k]
      [  128.933099]  [<c02d9a40>] ? __sysfs_add_one+0x28/0x76
      [  128.933099]  [<c83b830e>] ? ath5k_bss_info_changed+0x13f/0x173
      [ath5k]
      [  128.933099]  [<c82ff629>] ? ieee80211_config_beacon+0xc0/0x17e
      [mac80211]
      [  128.933099]  [<c82f073e>] ?
      ieee80211_bss_info_change_notify+0x182/0x18b [mac80211]
      [  128.933099]  [<c83b81cf>] ? ath5k_bss_info_changed+0x0/0x173 [ath5k]
      [  128.933099]  [<c82ff6d6>] ? ieee80211_config_beacon+0x16d/0x17e
      [mac80211]
      [  128.933099]  [<c82ff753>] ? ieee80211_add_beacon+0x34/0x39 [mac80211]
      [  128.933099]  [<c830a4ed>] ? ieee80211s_init+0xf8/0x10f [mac80211]
      [  128.933099]  [<c830a5df>] ? ieee80211_mesh_init_sdata+0xdb/0x154 [mac80211]
      Signed-off-by: default avatarJavier Cardona <javier@cozybit.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      d82b577b
    • David Kilroy's avatar
      orinoco: initialise priv->hw before assigning the interrupt · 229bd792
      David Kilroy authored
      The interrupt handler takes a lock - but since commit bcad6e80 this
      lock goes through an indirection specified in the hermes_t structure.
      We must therefore initialise the structure before setting up the
      interrupt handler.
      
      Fix orinoco_cs and spectrum_cs
      
      <https://bugzilla.kernel.org/show_bug.cgi?id=23932>
      
      Bisected by: Matt Domsch <Matt_Domsch@dell.com>
      Signed-off by: David Kilroy <kilroyd@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      229bd792
  2. 07 Dec, 2010 4 commits
  3. 02 Dec, 2010 5 commits
  4. 01 Dec, 2010 2 commits
  5. 30 Nov, 2010 4 commits
    • Senthil Balasubramanian's avatar
      ath9k: Fix STA disconnect issue due to received MIC failed bcast frames · 916448e7
      Senthil Balasubramanian authored
      AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying
      this status for MIC failed frames is buggy.
      
      Due to this, MIC failure events for broadcast frames are not sent to
      supplicant resulted in AP disconnecting the STA.
      
      Able to pass Wifi Test case 5.2.18 with this fix.
      
      Cc: Stable <stable@kernel.org> (2.6.36+)
      Signed-off-by: default avatarSenthil Balasubramanian <senthilkumar@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      916448e7
    • Senthil Balasubramanian's avatar
      mac80211: Fix STA disconnect due to MIC failure · 8e26d5ad
      Senthil Balasubramanian authored
      Th commit titled "mac80211: clean up rx handling wrt. found_sta"
      removed found_sta variable which caused a MIC failure event
      to be reported twice for a single failure to supplicant resulted
      in STA disconnect.
      
      This should fix WPA specific countermeasures WiFi test case (5.2.17)
      issues with mac80211 based drivers which report MIC failure events in
      rx status.
      
      Cc: Stable <stable@kernel.org> (2.6.37)
      Signed-off-by: default avatarSenthil Balasubramanian <senthilkumar@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      8e26d5ad
    • Christian Lamparter's avatar
      mac80211: ignore non-bcast mcast deauth/disassoc franes · 2c31333a
      Christian Lamparter authored
      This patch fixes an curious issue due to insufficient
      rx frame filtering.
      
      Saqeb Akhter reported frequent disconnects while streaming
      videos over samba: <http://marc.info/?m=128600031109136>
      > [ 1166.512087] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
      > [ 1526.059997] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
      > [ 2125.324356] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
      > [...]
      
      The reason is that the device generates frames with slightly
      bogus SA/TA addresses.
      
      e.g.:
       [ 2314.402316] Ignore 9f:1f:31:f8:64:ff
       [ 2314.402321] Ignore 9f:1f:31:f8:64:ff
       [ 2352.453804] Ignore 0d:1f:31:f8:64:ff
       [ 2352.453808] Ignore 0d:1f:31:f8:64:ff
       					   ^^ the group-address flag is set!
       (the correct SA/TA would be: 00:1f:31:f8:64:ff)
      
      Since the AP does not know from where the frames come, it
      generates a DEAUTH response for the (invalid) mcast address.
      This mcast deauth frame then passes through all filters and
      tricks the stack into thinking that the AP brutally kicked
      us!
      
      This patch fixes the problem by simply ignoring
      non-broadcast, group-addressed deauth/disassoc frames.
      
      Cc: Jouni Malinen <j@w1.fi>
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Reported-by: default avatarSaqeb Akhter <saqeb.akhter@gmail.com>
      Signed-off-by: default avatarChristian Lamparter <chunkeey@googlemail.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      2c31333a
    • David Kilroy's avatar
      orinoco: abort scan on interface down · cf63495d
      David Kilroy authored
      This fixes the problem causing the following trace:
      
      ------------[ cut here ]------------
      WARNING: at linux-2.6.34/net/wireless/core.c:633 wdev_cleanup_work+0xb7/0xe0 [cfg80211]()
      Hardware name: Latitude C840
      Pid: 707, comm: cfg80211 Not tainted 2.6.34.7-0.5-desktop #1
      Call Trace:
       [<c02065c3>] try_stack_unwind+0x173/0x190
       [<c02051cf>] dump_trace+0x3f/0xe0
       [<c020662b>] show_trace_log_lvl+0x4b/0x60
       [<c0206658>] show_trace+0x18/0x20
       [<c064e0b3>] dump_stack+0x6d/0x72
       [<c02443ae>] warn_slowpath_common+0x6e/0xb0
       [<c0244403>] warn_slowpath_null+0x13/0x20
       [<e2db5497>] wdev_cleanup_work+0xb7/0xe0 [cfg80211]
       [<c025cfa9>] run_workqueue+0x79/0x170
       [<c025d123>] worker_thread+0x83/0xe0
       [<c025fef4>] kthread+0x74/0x80
       [<c0203826>] kernel_thread_helper+0x6/0x10
      ---[ end trace 3f0348b3b0c6f4ff ]---
      
      Reported by: Giacomo Comes <comes@naic.edu>
      Signed-off-by: default avatarDavid Kilroy <kilroyd@googlemail.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      cf63495d
  6. 29 Nov, 2010 7 commits
  7. 23 Nov, 2010 1 commit
  8. 22 Nov, 2010 4 commits
  9. 18 Nov, 2010 2 commits
  10. 16 Nov, 2010 5 commits