- 10 Apr, 2013 1 commit
-
-
Johannes Berg authored
If authentication (or association with FT) is requested by userspace, mac80211 currently doesn't tell cfg80211 that it disconnected from the AP. That leaves inconsistent state: cfg80211 thinks it's connected while mac80211 thinks it's not. Typically this won't last long, as soon as mac80211 reports the new association to cfg80211 the old one goes away. If, however, the new authentication or association doesn't succeed, then cfg80211 will forever think the old one still exists and will refuse attempts to authenticate or associate with the AP it thinks it's connected to. Anders reported that this leads to it taking a very long time to reconnect to a network, or never even succeeding. I tested this with an AP hacked to never respond to auth frames, and one that works, and with just those two the system never recovers because one won't work and cfg80211 thinks it's connected to the other so refuses connections to it. To fix this, simply make mac80211 tell cfg80211 when it is no longer connected to the old AP, while authenticating or associating to a new one. Cc: stable@vger.kernel.org Reported-by: Anders Kaseorg <andersk@mit.edu> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 08 Apr, 2013 1 commit
-
-
Johannes Berg authored
feng xiangjun reports that my commit 382a103b Author: Johannes Berg <johannes.berg@intel.com> Date: Fri Mar 22 22:30:09 2013 +0100 mac80211: fix idle handling sequence broke the wireless status LED. The reason is that we now call ieee80211_idle_off() when the channel context is assigned, and that doesn't recalculate the LED state. Fix this by making that function a wrapper around most of idle recalculation while forcing active. Reported-by: feng xiangjun <fengxj325@gmail.com> Tested-by: feng xiangjun <fengxj325@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 30 Mar, 2013 1 commit
-
-
Artem Savkov authored
Introduced in f9f47529 ("cfg80211: always check for scan end on P2P device") cfg80211_conn_scan() which requires sched_scan_mtx to be held can be called from cfg80211_conn_work(). Without this we are hitting multiple warnings like the following: WARNING: at net/wireless/sme.c:88 cfg80211_conn_scan+0x1dc/0x3a0 [cfg80211]() Hardware name: 0578A21 Modules linked in: ... Pid: 620, comm: kworker/3:1 Not tainted 3.9.0-rc4-next-20130328+ #326 Call Trace: [<c1036992>] warn_slowpath_common+0x72/0xa0 [<c10369e2>] warn_slowpath_null+0x22/0x30 [<faa4b0ec>] cfg80211_conn_scan+0x1dc/0x3a0 [cfg80211] [<faa4b344>] cfg80211_conn_do_work+0x94/0x380 [cfg80211] [<faa4c3b2>] cfg80211_conn_work+0xa2/0x130 [cfg80211] [<c1051858>] process_one_work+0x198/0x450 Signed-off-by: Artem Savkov <artem.savkov@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 25 Mar, 2013 2 commits
-
-
Johannes Berg authored
Corey Richardson reported that my idle handling cleanup (commit fd0f979a, "mac80211: simplify idle handling") broke ath9k_htc. The reason appears to be that it wants to go out of idle before switching channels. To fix it, reimplement that sequence. Reported-by: Corey Richardson <corey@octayn.net> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
If a ROC item is canceled just as it expires, the work struct may be scheduled while it is running (and waiting for the mutex). This results in it being run after being freed, which obviously crashes. To fix this don't free it when aborting is requested but instead mark it as "to be freed", which makes the work a no-op and allows freeing it outside. Cc: stable@vger.kernel.org [3.6+] Reported-by: Jouni Malinen <j@w1.fi> Tested-by: Jouni Malinen <j@w1.fi> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 24 Mar, 2013 2 commits
-
-
Ben Greear authored
I found another crash when deleting lots of virtual stations in a congested environment. I think the problem is that the ieee80211_mlme_notify_scan_completed could call ieee80211_restart_sta_timer for a stopped interface that was about to be deleted. With the following patch I am unable to reproduce the crash. Signed-off-by: Ben Greear <greearb@candelatech.com> [move check, also make the same change in mesh] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
If a P2P device wdev is removed while it has a scan, then the scan completion might crash later as it is already freed by that time. To avoid the crash always check the scan completion when the P2P device is being removed for some reason. If the driver already canceled it, don't want and free it, otherwise warn and leak it to avoid later crashes. In order to do this, locking needs to be changed away from the rdev mutex (which can't always be guaranteed). For now, use the sched_scan_mtx instead, I'll rename it to just scan_mtx in a later patch. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 20 Mar, 2013 2 commits
-
-
Johannes Berg authored
The virtual monitor interface has a locking issue, it calls into the channel context code with the iflist mutex held which isn't allowed since it is usually acquired the other way around. The mutex is still required for the interface iteration, but need not be held across the channel calls. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
Arend reported a crash in tracing if the driver returns an ERR_PTR() value from the add_virtual_intf() callback. This is due to the tracing then still attempting to dereference the "pointer", fix this by using IS_ERR_OR_NULL(). Reported-by: Arend van Spriel <arend@broadcom.com> Tested-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 11 Mar, 2013 1 commit
-
-
Johannes Berg authored
If a P2P Device interface receives an unhandled action frame, we attempt to return it. This crashes because it doesn't have a channel context. Fix the crash by using status->band and properly mark the return frame as an off-channel frame. Reported-by: Ilan Peer <ilan.peer@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 07 Mar, 2013 2 commits
-
-
Johannes Berg authored
In the odd case that while updating information from a beacon, a BSS was found that is part of a hidden group, we drop the new information. In this case, however, we leak the IE buffer from the update, and erroneously update the entry's timestamp so it will never time out. Fix both these issues. Cc: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Vladimir Kondratiev authored
There is NETDEV_ENTRY that was incorrectly assigned as WIPHY_ASSIGN, fix it. Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 06 Mar, 2013 1 commit
-
-
Johannes Berg authored
If there are keys left during station removal, then a synchronize_net() will be done (for each key, I have a patch to address this for 3.10), otherwise it won't be done at all which causes issues because the station could be used for TX while it's being removed from the driver -- that might confuse the driver. Fix this by always doing synchronize_net() if no key was present any more. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 02 Mar, 2013 1 commit
-
-
Felix Fietkau authored
When setting a monitor interface up or down, the idle state needs to be recalculated, otherwise the hardware will just stay in its previous idle state. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 01 Mar, 2013 3 commits
-
-
Johannes Berg authored
The VHT MCSes we advertise to the AP were supposed to be restricted to the AP, but due to a bug in the logic mac80211 will advertise rates to the AP that aren't even supported by the local device. To fix this skip any adjustment if the NSS isn't supported at all. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Marco Porsch authored
Introduced with de74a1d9 "mac80211: fix WPA with VLAN on AP side with ps-sta". Apparently overwrites the sdata pointer with non-valid data in the case of mesh. Fix this by checking for IFTYPE_AP_VLAN. Signed-off-by: Marco Porsch <marco@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
Given a device with many channels capabilities the wiphy information can still overflow even though its size in 3.9 was reduced to 3.8 levels. For new userspace and kernel 3.10 we're going to implement a new "split dump" protocol that can use multiple messages per wiphy. For now though, add a workaround to be able to send more information to userspace. Since generic netlink doesn't have a way to set the minimum dump size globally, and we wouldn't really want to set it globally anyway, increase the size only when needed, as described in the comments. As userspace might not be prepared for large buffers, we can only use 4k. Also increase the size for the get_wiphy command. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 28 Feb, 2013 1 commit
-
-
Johannes Berg authored
After Felix's patch it was still broken in case you used more than just a single monitor interface. Fix it better now. Reported-by: Sujith Manoharan <sujith@msujith.org> Tested-by: Sujith Manoharan <sujith@msujith.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 27 Feb, 2013 1 commit
-
-
Johannes Berg authored
This is another case of data increasing the size of the wiphy information significantly with a new feature, for now remove this as well. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 26 Feb, 2013 5 commits
-
-
Ben Greear authored
Some mlme work structs are not cancelled on disassociation nor interface deletion, which leads to them running after the memory has been freed There is not a clean way to cancel these in the disassociation logic because they must be canceled outside of the ifmgd->mtx lock, so just cancel them in mgd_stop logic that tears down the station. This fixes the crashes we see in 3.7.9+. The crash stack trace itself isn't so helpful, but this warning gives more useful info: WARNING: at /home/greearb/git/linux-3.7.dev.y/lib/debugobjects.c:261 debug_print_object+0x7c/0x8d() ODEBUG: free active (active state 0) object type: work_struct hint: ieee80211_sta_monitor_work+0x0/0x14 [mac80211] Modules linked in: [...] Pid: 14743, comm: iw Tainted: G C O 3.7.9+ #11 Call Trace: [<ffffffff81087ef8>] warn_slowpath_common+0x80/0x98 [<ffffffff81087fa4>] warn_slowpath_fmt+0x41/0x43 [<ffffffff812a2608>] debug_print_object+0x7c/0x8d [<ffffffff812a2bca>] debug_check_no_obj_freed+0x95/0x1c3 [<ffffffff8114cc69>] slab_free_hook+0x70/0x79 [<ffffffff8114ea3e>] kfree+0x62/0xb7 [<ffffffff8149f465>] netdev_release+0x39/0x3e [<ffffffff8136ad67>] device_release+0x52/0x8a [<ffffffff812937db>] kobject_release+0x121/0x158 [<ffffffff81293612>] kobject_put+0x4c/0x50 [<ffffffff8148f0d7>] netdev_run_todo+0x25c/0x27e Cc: stable@vger.kernel.org Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Ben Greear authored
Re-order the quiesce code so that timers are always stopped before work-items are flushed. This was not the problem I saw, but I think it may still be more correct. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Felix Fietkau authored
When not using channel contexts with only monitor mode interfaces being active, report local->monitor_chandef to userspace. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Felix Fietkau authored
When the driver does not want a monitor mode VIF, no channel context is allocated for it. This causes ieee80211_recalc_idle to put the hardware into idle mode if only a monitor mode is active, breaking injection. Fix this by checking local->monitors in addition to active channel contexts. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Seth Forshee authored
Commit 6c17b77b (mac80211: Fix tx queue handling during scans) contains a bug that causes off-channel frames to get queued when they should be handed down to the driver for transmit. Prevent this from happening. Reported-by: Fabio Rossi <rossi.f@inwind.it> Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 25 Feb, 2013 4 commits
-
-
Chun-Yeow Yeoh authored
Unicast frame with unknown forwarding information always trigger the path discovery assuming destination is always located inside the MBSS. This patch allows the forwarding to look for mesh gate if path discovery inside the MBSS has failed. Reported-by: Cedric Voncken <cedric.voncken@acksys.fr> Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
Just like the radar information, the TCP WoWLAN capability data can increase the wiphy information and make it too big. Remove the TCP WoWLAN information; no driver supports it and new userspace tools will be required as well. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
The wiphy information is getting very close to being too much for a typical netlink dump message and adding the radar attributes to channels and interface combinations can push it over the limit, which means userspace gets no information whatsoever. Therefore, remove these again for now, no driver actually supports radar detection anyway and a modified userspace is required as well. We're working on a solution that will allow userspace to request splitting the information across multiple netlink messages, which will allow us to add this back. Cc: Simon Wunderlich <simon.wunderlich@s2003.tu-chemnitz.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
The ieee80211_beacon_add_tim() function might be called by drivers with BHs enabled, which causes a potential deadlock if TX happens at the same time and attempts to lock the tim_lock as well. Use spin_lock_bh to fix it. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 22 Feb, 2013 3 commits
-
-
Wei Yongjun authored
Add the missing unlock before return from function brcmf_notify_vif_event() in the error handling case. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Avinash Patil authored
Unload sequence for mwifiex PCIE driver is as follows: 1. Invoking cleanup module from kernel results into pci_unregister_driver 2. Kernel invokes PCIE remove() handler which disconnects all interfaces. 3. One step during disconnect is to clean PCIE TX rings. During this we read txbd_rdptr from FW. While loading driver next time, we see pci_enable_device() results into system freeze. This may have happened because we accessed PCI device after unregistering from bus driver. Removing this ioread() operation resolves this bug. Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Daniel Drake authored
If the system suspends with mwifiex wifi powered on, and is then woken by an ICMP ping packet, the ping response is discarded by the kernel because the kernel incorrectly thinks there is no carrier. I can't see any valid reason to want to report loss of carrier here, so remove the offending code. Fixes http://dev.laptop.org/ticket/12554Signed-off-by: Daniel Drake <dsd@laptop.org> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 18 Feb, 2013 9 commits
-
-
Kumar Amit Mehta authored
When memory allocation using, kmalloc() fails, report appropriate error value. Signed-off-by: Kumar Amit Mehta <gmate.amit@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Kumar Amit Mehta authored
This patch fixes an instance of DMA buffer on stack(being passed to usb_control_msg) for the wireless USB version of the Agere Orinoco card driver. It also fixes the missing audit for the return value of firmware download routine. Found using smatch. Signed-off-by: Kumar Amit Mehta <gmate.amit@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jussi Kivilinna authored
rtlwifi allocates both setup_packet and data buffer of control message urb, using shared kmalloc in _usbctrl_vendorreq_async_write. Structure used for allocating is: struct { u8 data[254]; struct usb_ctrlrequest dr; }; Because 'struct usb_ctrlrequest' is __packed, setup packet is unaligned and DMA mapping of both 'data' and 'dr' confuses ARM/sunxi, leading to memory corruptions and freezes. Patch changes setup packet to be allocated separately. [v2]: - Use WARN_ON_ONCE instead of WARN_ON Cc: <stable@vger.kernel.org> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Yogesh Ashok Powar authored
For STA mode, collect VHT realated IEs from the Beacons or Probe Responses and append similar VHT related IEs to association requests. For AP mode, get VHT related capability information and share it with cfg80211 at the time of wiphy register. This information is further used by cfg80211 and hostapd to start an AP with 802.11AC support. Currently only 8897 supports 802.11AC. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Nishant Sarmukadam <nishants@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Frank Huang <frankh@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Yogesh Ashok Powar authored
They all can make one line. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Avinash Patil authored
While unloading driver, we free all pending TX packets by flushing TX ring. There is unhandled case for PCIE8897 while checking for ring empty condition. This patch adds the handling by calling mwifiex_pcie_txbd_empty(). Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Emmanuel Grumbach authored
I removed a bit too much info last time. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Eytan Lifshitz authored
Theoretically, the card may not enter CTKILL: In case the timer that iwl_prepare_ct_kill_task is setting, will expire before tt->state revert to its previous state. Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-