- 10 Oct, 2017 1 commit
-
-
Andrey Konovalov authored
ieee80211_register_hw() in p54_register_common() may fail and leds won't get initialized. Currently p54_unregister_common() doesn't check that and always calls p54_unregister_leds(). The fix is to check priv->registered flag before calling p54_unregister_leds(). Found by syzkaller. INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 1404 Comm: kworker/1:1 Not tainted 4.14.0-rc1-42251-gebb2c243-dirty #205 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:16 dump_stack+0x292/0x395 lib/dump_stack.c:52 register_lock_class+0x6c4/0x1a00 kernel/locking/lockdep.c:769 __lock_acquire+0x27e/0x4550 kernel/locking/lockdep.c:3385 lock_acquire+0x259/0x620 kernel/locking/lockdep.c:4002 flush_work+0xf0/0x8c0 kernel/workqueue.c:2886 __cancel_work_timer+0x51d/0x870 kernel/workqueue.c:2961 cancel_delayed_work_sync+0x1f/0x30 kernel/workqueue.c:3081 p54_unregister_leds+0x6c/0xc0 drivers/net/wireless/intersil/p54/led.c:160 p54_unregister_common+0x3d/0xb0 drivers/net/wireless/intersil/p54/main.c:856 p54u_disconnect+0x86/0x120 drivers/net/wireless/intersil/p54/p54usb.c:1073 usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423 __device_release_driver drivers/base/dd.c:861 device_release_driver_internal+0x4f4/0x5c0 drivers/base/dd.c:893 device_release_driver+0x1e/0x30 drivers/base/dd.c:918 bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565 device_del+0x5c4/0xab0 drivers/base/core.c:1985 usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170 usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124 hub_port_connect drivers/usb/core/hub.c:4754 hub_port_connect_change drivers/usb/core/hub.c:5009 port_event drivers/usb/core/hub.c:5115 hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195 process_one_work+0xc7f/0x1db0 kernel/workqueue.c:2119 process_scheduled_works kernel/workqueue.c:2179 worker_thread+0xb2b/0x1850 kernel/workqueue.c:2255 kthread+0x3a1/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 Cc: stable@vger.kernel.org Signed-off-by:
Andrey Konovalov <andreyknvl@google.com> Acked-by:
Christian Lamparter <chunkeey@googlemail.com> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org>
-
- 02 Oct, 2017 2 commits
-
-
Kevin Cernekee authored
brcmf_fweh_process_event() sets event->datalen to the endian-swapped value of event_packet->msg.datalen, which is the same as emsg.datalen. This length is already validated in brcmf_fweh_process_event(), so there is no need to check it again upon dequeuing the event. Suggested-by:
Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by:
Kevin Cernekee <cernekee@chromium.org> Signed-off-by:
-
Kevin Cernekee authored
In brcmf_p2p_notify_rx_mgmt_p2p_probereq(), chanspec is assigned before the length of rxframe is validated. This could lead to uninitialized data being accessed (but not printed). Since we already have a perfectly good endian-swapped copy of rxframe->chanspec in ch.chspec, and ch.chspec is not modified by decchspec(), avoid the extra assignment and use ch.chspec in the debug print. Suggested-by:
Mattias Nissler <mnissler@chromium.org> Signed-off-by:
-
- 25 Sep, 2017 17 commits
-
-
Colin Ian King authored
Don't populate const arrays on the stack, instead make them static. Makes the object code smaller by over 60 bytes: Before: text data bss dec hex filename 14816 1296 0 16112 3ef0 b43/phy_ht.o After: text data bss dec hex filename 14551 1496 0 16047 3eaf b43/phy_ht.o (gcc 6.3.0, x86-64) Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Colin Ian King authored
Don't populate const array ac_to_fifo on the stack in an inlined function, instead make it static. Makes the object code smaller by over 800 bytes: text data bss dec hex filename 159029 33154 1216 193399 2f377 4965-mac.o text data bss dec hex filename 158122 33250 1216 192588 2f04c 4965-mac.o (gcc version 7.2.0 x86_64) Signed-off-by:
Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by:
-
Igor Mitsyanko authored
Wireless device may send "channel changed" event before driver registered this device with wireless core, which will result in warnings. Once device is registered, higher layer will query channel info manually using .get_channel callback. Signed-off-by:
Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by:
-
Igor Mitsyanko authored
There are no users of this field and it can safely be removed. Signed-off-by:
-
Igor Mitsyanko authored
It is never used for anything useful, and all logic is handled by either WiFi card or higher layers. Signed-off-by:
-
Igor Mitsyanko authored
Do not assume whether wireless device can or can not handle switching several interfaces on a single radio to different channels. Device will handle it itself and will return appropriate error code. Signed-off-by:
-
Igor Mitsyanko authored
No reason to verify channel switch request in driver, it can simply be forwarded to wireless device. Device can perform required checks and return appropriate error code, and driver may not even have information on current operational channel. Signed-off-by:
-
Igor Mitsyanko authored
This makes no sense because real operational channel is choosen based on AP operation, not on what STA is configured to. Signed-off-by:
-
Igor Mitsyanko authored
Do not try to cache current operational channel info in driver, this is a potential source of synchronization issues + driver does not really need that info. Introduce GET_CHANNEL command and process it appropriately. Signed-off-by:
-
Igor Mitsyanko authored
Specifically, it has to report center frequency, secondary center frequency (for 80+80) and BW. Introduce channel definition structure to qlink and modify channel change event processing function accordingly. Signed-off-by:
-
Igor Mitsyanko authored
This will allow to use qlink channel width values to specify BW setting corresponding to enum nl80211_chan_width. Current user is converted to apply BIT() macro manually to each individual qlink_channel_width enumeration value. Signed-off-by:
-
Karun Eagalapati authored
SDIO suspend and resume handlers are implemented and verified that device works after suspend/resume cycle. Signed-off-by:
Karun Eagalapati <karun256@gmail.com> Signed-off-by:
Amitkumar Karwar <amit.karwar@redpinesignals.com> Signed-off-by:
-
Pavani Muthyala authored
We will dump information about firmware version, firmware file name and operating mode during initialization. Signed-off-by:
Pavani Muthyala <pavani.muthyala@redpinesignals.com> Signed-off-by:
-
Colin Ian King authored
Don't populate the read-only const array tos_to_ac on the stack, instead make it static. Makes the object code smaller by 250 bytes: Before: text data bss dec hex filename 26104 2720 128 28952 7118 wmm.o After: text data bss dec hex filename 25758 2816 128 28702 701e wmm.o Signed-off-by:
-
Adam Borowski authored
I assume that a blank efuse comes with all ones, thus I did not bother recognizing other possible junk values. This matches 100% of dongles I've seen (a single Gembird 8192eu). Signed-off-by:
Adam Borowski <kilobyte@angband.pl> Signed-off-by:
-
Colin Ian King authored
Don't populate const array ucode_ofdm_rates on the stack, instead make it static. Makes the object code smaller by 100 bytes: Before: text data bss dec hex filename 39482 564 0 40046 9c6e phy_cmn.o After text data bss dec hex filename 39326 620 0 39946 9c0a phy_cmn.o (gcc 6.3.0, x86-64) Signed-off-by:
-
Allen Pais authored
Use setup_timer function instead of initializing timer with the function and data fields. Signed-off-by:
Allen Pais <allen.lkml@gmail.com> Signed-off-by:
-
- 20 Sep, 2017 19 commits
-
-
Ganapathi Bhat authored
Avoid calculating random MAC address in driver. Instead make use of 'get_random_mask_addr()' function. Signed-off-by:
Ganapathi Bhat <gbhat@marvell.com> Reviewed-by:
Brian Norris <briannorris@chromium.org> Signed-off-by:
-
Ganapathi Bhat authored
Application will keep track of whether MAC address randomization is enabled or not during scan. But at present driver is storing 'random_mac' in mwifiex_private which implies even after scan is done driver has some reference to the earlier 'scan request'. To avoid this, make use of 'mac_addr' variable in 'scan_request' to store 'random_mac'. This structure will be freed by cfg80211 once scan is done. Signed-off-by:
-
Colin Ian King authored
Don't populate const arrays on the stack, instead make them static Makes the object code smaller by nearly 300 bytes: Before: text data bss dec hex filename 69260 16149 576 85985 14fe1 cfg80211.o After: text data bss dec hex filename 68385 16725 576 85686 14eb6 cfg80211.o Signed-off-by:
-
Himanshu Jha authored
call to memset to assign 0 value immediately after allocating memory with kzalloc is unnecesaary as kzalloc allocates the memory filled with 0 value. Semantic patch used to resolve this issue: @@ expression e,e2; constant c; statement S; @@ e = kzalloc(e2, c); if(e == NULL) S - memset(e, 0, e2); Signed-off-by:
Himanshu Jha <himanshujha199640@gmail.com> Signed-off-by:
-
Ganapathi Bhat authored
If driver is loaded with 'mfg_mode' enabled, then the sending commands are not allowed. So, skip sending commands, to firmware in mwifiex_add_virtual_intf if 'mfg_mode' is enabled. Fixes: 7311ea85 ("mwifiex: fix AP start problem for newly added interface") Signed-off-by:
-
Ganapathi Bhat authored
Driver sends a series of scan commands to firmware to serve a user scan request. If an intermediate scan command fails, driver aborts the scan but it is not being informed to cfg80211. This will cause issues in applications performing periodic scans. Fix this by informing scan abort. Signed-off-by:
Cathy Luo <cluo@marvell.com> Signed-off-by:
-
Larry Finger authored
In routine rtl92ee_set_fw_rsvdpagepkt(), the driver allocates an skb, but never calls rtl_cmd_send_packet(), which will free the buffer. All other rtlwifi drivers perform this operation correctly. This problem has been in the driver since it was included in the kernel. Fortunately, each firmware load only leaks 4 buffers, which likely explains why it has not previously been detected. Cc: Stable <stable@vger.kernel.org> # 3.18+ Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
-
Larry Finger authored
A typo led to this issue, which was detected with the help of Coccinelle. In addition to fixing the error, the code is refactored to eliminate an if statement. Addresses-Coverity-ID: 1226788 Reported-by:
Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by:
-
Colin Ian King authored
The u8 char array ret is not being initialized and elements outside the range start to end contain just garbage values from the stack. This results in a later scan of the array to read potentially uninitialized values. Fix this by initializing the array to zero. This seems to have been an issue since the very first commit. Detected by CoverityScan CID#139653 ("Uninitialized scalar variable") Signed-off-by:Michael Buesch <m@bues.ch> Signed-off-by:
-
Colin Ian King authored
The u8 char array ret is not being initialized and elements outside the range start to end contain just garbage values from the stack. This results in a later scan of the array to read potentially uninitialized values. Fix this by initializing the array to zero. This seems to have been an issue since the very first commit. Detected by CoverityScan CID#139652 ("Uninitialized scalar variable") Signed-off-by: -
Colin Ian King authored
The assignment of dev is dereferencing adapter before adapter has been null checked, potentially leading to a null pointer dereference. Fix this by simply moving the assignment of dev to a later point after the sanity null check of adapter. Detected by CoverityScan CID#1398383 ("Dereference before null check") Fixes: dad0d04f ("rsi: Add RS9113 wireless driver") Signed-off-by: -
Prameela Rani Garnepudi authored
Add P2P_GO condition as well when handling BEACON_ENABLE from mac80211. Also passing 'vif' for auto rate request. Signed-off-by:
Prameela Rani Garnepudi <prameela.j04cs@gmail.com> Signed-off-by:
-
Prameela Rani Garnepudi authored
P2P Go condition is added wherever AP mode is there in aggregation path. Signed-off-by:
-
Prameela Rani Garnepudi authored
When AP or P2P GO VAP is running, power save configuration should be disallowed. To check interface type in power save configuration 'vif' parameters is passed. Signed-off-by:
-
Prameela Rani Garnepudi authored
Data descriptor is updated to include vap_id. TX command frame key config also updated to include vap_id. Signed-off-by:
-
Prameela Rani Garnepudi authored
Parameter 'vif' is passed to inform_bss_status function to check the type of vif and to get vap_id. Signed-off-by:
-
Prameela Rani Garnepudi authored
Remain-on-channel and cancel-remain-on-channel are implemented to support p2p listen phase. Signed-off-by:
-
Prameela Rani Garnepudi authored
STA_OPMODE and AP_OPMODE macros are renamed to RSI_OPMODE_STA and RSI_OPMODE_AP. New opmodes are added to this list for P2P support. Mapping of mac80211 interface types to rsi interface types are added. Add and remove interface callbacks are handled for P2P mode. Signed-off-by:
-
Prameela Rani Garnepudi authored
This patch adds p2p supported parameters to mac80211 hw and wiphy structures during mac80211 registration. Signed-off-by:
-
- 16 Sep, 2017 1 commit
-
-
Linus Torvalds authored
-
