- 22 Aug, 2013 3 commits
-
-
Helmut Schaa authored
ath9k_htc adds padding between the 802.11 header and the payload during TX by moving the header. When handing the frame back to mac80211 for TX status handling the header is not moved back into its original position. This can result in a too small skb headroom when entering ath9k_htc again (due to a soft retransmission for example) causing an skb_under_panic oops. Fix this by moving the 802.11 header back into its original position before returning the frame to mac80211 as other drivers like rt2x00 or ath5k do. Reported-by: Marc Kleine-Budde <mkl@blackshift.org> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Tested-by: Marc Kleine-Budde <mkl@blackshift.org> Signed-off-by: Marc Kleine-Budde <mkl@blackshift.org> Cc: stable@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
My current 3.11 fix: commit 788f7a56 Author: Stanislaw Gruszka <sgruszka@redhat.com> Date: Thu Aug 1 12:07:55 2013 +0200 iwl4965: reset firmware after rfkill off broke rfkill notification to user-space . I missed that bug, because I compiled without CONFIG_RFKILL, sorry about that. Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
-
- 21 Aug, 2013 3 commits
-
-
Simon Wunderlich authored
my earlier patch "mac80211: change IBSS channel state to chandef" created a regression by ignoring the channel parameter in __ieee80211_sta_join_ibss, which breaks IBSS channel selection. This patch fixes this situation by using the right channel and adopting the selected bandwidth mode. Cc: stable@vger.kernel.org Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Felix Fietkau authored
brcm80211 cannot handle sending frames with CCK rates as part of an A-MPDU session. Other drivers may have issues too. Set the flag in all drivers that have been tested with CCK rates. This fixes a reported brcmsmac regression introduced in commit ef47a5e4 "mac80211/minstrel_ht: fix cck rate sampling" Cc: stable@vger.kernel.org # 3.10 Reported-by: Tom Gundersen <teg@jklm.no> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
IBSS needs to release the channel context when leaving but I evidently missed that. Fix it. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 15 Aug, 2013 1 commit
-
-
- 14 Aug, 2013 2 commits
-
-
Johannes Berg authored
Neil Brown reports that with libertas, my recent cfg80211 SME changes in commit ceca7b71 ("cfg80211: separate internal SME implementation") broke libertas suspend because it we now asked it to disconnect while already disconnected. The problematic change is in cfg80211_disconnect() as it previously checked the SME state and now calls the driver disconnect operation unconditionally. Fix this by checking if there's a current_bss indicating a connection, and do nothing if not. Reported-and-tested-by: Neil Brown <neilb@suse.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Dan Carpenter authored
There are a few places which check nl80211hdr_put() for an ERR_PTR but actually it returns NULL on error and never error values. In nl80211_testmode_dump() the return wasn't checked at all so I have added one. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> [some whitespace changes] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 09 Aug, 2013 3 commits
-
-
Dan Carpenter authored
We want the data stored in "addr" and "qual", but the extra ampersands mean we are copying stack data instead. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jussi Kivilinna authored
Patch fixes zd1201 not to use stack as URB transfer_buffer. URB buffers need to be DMA-able, which stack is not. Patch is only compile tested. Cc: stable@vger.kernel.org Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 06 Aug, 2013 2 commits
-
-
Johannes Berg authored
If scheduling an important time event fails, or if we get an unexpected notification from the firmware, there isn't much we can do to recover, so just drop the connection and let higher layers retry it. Reviewed-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Guy Cohen authored
This reverts commit a53ee0a3. This fix causes a worse HW Error when entering RF-Kill. Signed-off-by: Guy Cohen <guy.cohen@intel.com> Signed-off-by: Dor Shaish <dor.shaish@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 05 Aug, 2013 1 commit
-
-
Solomon Peachy authored
There's an underlying race condition with the unjoin_work() call that is sometimes triggered depending on scheduling order and the phase of the moon. This doesn't fix the race condition, but it does remove the ill-advised BUG_ON() call in an easily-recoverable situation. Signed-off-by: Solomon Peachy <pizza@shaftnet.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 02 Aug, 2013 3 commits
-
-
-
Stanislaw Gruszka authored
Using rfkill switch can make firmware unstable, what cause various Microcode errors and kernel warnings. Reseting firmware just after rfkill off (radio on) helped with that. Resolve: https://bugzilla.redhat.com/show_bug.cgi?id=977053Reported-and-tested-by: Justin Pearce <whitefox@guardianfox.net> Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
If device was put into a sleep and system was restarted or module reloaded, we have to wake device up before sending other commands. Otherwise it will fail to start with Microcode error. Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 31 Jul, 2013 13 commits
-
-
Johannes Berg authored
In case the AP has different regulatory information than we do, it can happen that we connect to an AP based on e.g. the world roaming regulatory data, and then update our database with the AP's country information disables the channel the AP is using. If this happens on an HT AP, the bandwidth tracking code will hit the WARN_ON() and disconnect. Since that's not very useful, ignore the channel-disable flag in bandwidth tracking. Cc: stable@vger.kernel.org Reported-by: Chris Wright <chrisw@sous-sol.org> Tested-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
When a P2P GO interface goes down, cfg80211 doesn't properly tear it down, leading to warnings later. Add the GO interface type to the enumeration to tear it down like AP interfaces. Otherwise, we leave it pending and mac80211's state can get very confused, leading to warnings later. Cc: stable@vger.kernel.org Reported-by: Ilan Peer <ilan.peer@intel.com> Tested-by: Ilan Peer <ilan.peer@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
While we're connected, the AP shouldn't change the primary channel in the HT information. We checked this, and dropped the connection if it did change it. Unfortunately, this is causing problems on some APs, e.g. on the Netgear WRT610NL: the beacons seem to always contain a bad channel and if we made a connection using a probe response (correct data) we drop the connection immediately and can basically not connect properly at all. Work around this by ignoring the HT primary channel information in beacons if we're already connected. Also print out more verbose messages in the other situations to help diagnose similar bugs quicker in the future. Cc: stable@vger.kernel.org [3.10] Acked-by: Andy Isaacson <adi@hexapodia.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
TX status notification can get lost, or the frames could get stuck on the queue, so don't wait for the callback from the driver forever and instead time out after half a second. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-fixesJohn W. Linville authored
Samuel Ortiz <sameo@linux.intel.com> says: 'This is the second NFC fixes pull request for 3.11. We have: - A build failure fix for the NCI SPI transport layer due to a missing CRC_CCITT Kconfig dependency. - A netlink command rename: CMD_FW_UPLOAD was merged during the 3.11 merge window but the typical terminology for loading a firmware to a target is firmware download rather than upload. In order to avoid any confusion in a file exported to userspace, we rename this command into CMD_FW_DOWNLOAD." Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Chris Wright authored
Commit "3d9646d0 mac80211: fix channel selection bug" introduced a possible infinite loop by moving the out target above the chandef_downgrade while loop. When we downgrade to NL80211_CHAN_WIDTH_20_NOHT, we jump back up to re-run the while loop...indefinitely. Replace goto with break and carry on. This may not be sufficient to connect to the AP, but will at least keep the cpu from livelocking. Thanks to Derek Atkins as an extra pair of debugging eyes. Cc: stable@kernel.org Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetoothJohn W. Linville authored
Conflicts: net/bluetooth/hci_core.c
-
Luciano Coelho authored
Soon the coelho@ti.com email will not be valid anymore, so change it to my private one. Cc: Luciano Coelho <luca@coelho.fi> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stone Piao authored
We missed bss_mode check for P2P client. Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Avinash Patil authored
This patch fixes an issue wherein adhoc rates were being copied into association request from P2P client. Cc: <stable@vger.kernel.org> # 3.10.y Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Avinash Patil authored
This patch fixes an issue wherein association would fail on P2P interfaces. This happened because we are checking priv->mode against NL80211_IFTYPE_STATION. While this check is correct for infrastructure stations, it would fail P2P clients for which mode is NL80211_IFTYPE_P2P_CLIENT. Better check would be bss_role which has only 2 values: STA/AP. Cc: <stable@vger.kernel.org> # 3.10.y Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Emmanuel Grumbach authored
As Arjan pointed out, we mustn't do anything related to PCI configuration until the device is properly enabled with pci_enable_device(). Cc: stable@vger.kernel.org Reported-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Stanislaw Gruszka authored
If channel switch is pending and we remove interface we can crash like showed below due to passing NULL vif to mac80211: BUG: unable to handle kernel paging request at fffffffffffff8cc IP: [<ffffffff8130924d>] strnlen+0xd/0x40 Call Trace: [<ffffffff8130ad2e>] string.isra.3+0x3e/0xd0 [<ffffffff8130bf99>] vsnprintf+0x219/0x640 [<ffffffff8130c481>] vscnprintf+0x11/0x30 [<ffffffff81061585>] vprintk_emit+0x115/0x4f0 [<ffffffff81657bd5>] printk+0x61/0x63 [<ffffffffa048987f>] ieee80211_chswitch_done+0xaf/0xd0 [mac80211] [<ffffffffa04e7b34>] iwl_chswitch_done+0x34/0x40 [iwldvm] [<ffffffffa04f83c3>] iwlagn_commit_rxon+0x2a3/0xdc0 [iwldvm] [<ffffffffa04ebc50>] ? iwlagn_set_rxon_chain+0x180/0x2c0 [iwldvm] [<ffffffffa04e5e76>] iwl_set_mode+0x36/0x40 [iwldvm] [<ffffffffa04e5f0d>] iwlagn_mac_remove_interface+0x8d/0x1b0 [iwldvm] [<ffffffffa0459b3d>] ieee80211_do_stop+0x29d/0x7f0 [mac80211] This is because we nulify ctx->vif in iwlagn_mac_remove_interface() before calling some other functions that teardown interface. To fix just check ctx->vif on iwl_chswitch_done(). We should not call ieee80211_chswitch_done() as channel switch works were already canceled by mac80211 in ieee80211_do_stop() -> ieee80211_mgd_stop(). Resolve: https://bugzilla.redhat.com/show_bug.cgi?id=979581 Cc: stable@vger.kernel.org Reported-by: Lukasz Jagiello <jagiello.lukasz@gmail.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 30 Jul, 2013 2 commits
-
-
Samuel Ortiz authored
Loading a firmware into a target is typically called firmware download, not firmware upload. So we rename the netlink API to NFC_CMD_FW_DOWNLOAD in order to avoid any terminology confusion from userspace. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
-
Johannes Berg authored
This is similar to the race Linus had reported, but in this case it's an older bug: nl80211_prepare_wdev_dump() uses the wiphy index in cb->args[0] as it is and thus parses the message over and over again instead of just once because 0 is the first valid wiphy index. Similar code in nl80211_testmode_dump() correctly offsets the wiphy_index by 1, do that here as well. Cc: stable@vger.kernel.org Reported-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 29 Jul, 2013 6 commits
-
-
-
-
Stanislaw Gruszka authored
Since we clear QUEUE_STARTED in rt2x00queue_stop_queue(), following call to rt2x00queue_pause_queue() reduce to noop, i.e we do not stop queue in mac80211. To fix that introduce rt2x00queue_pause_queue_nocheck() function, which will stop queue in mac80211 directly. Note that rt2x00_start_queue() explicitly set QUEUE_PAUSED bit. Note also that reordering operations i.e. first call to rt2x00queue_pause_queue() and then clear QUEUE_STARTED bit, will race with rt2x00queue_unpause_queue(), so calling ieee80211_stop_queue() directly is the only available solution to fix the problem without major rework. Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johan Hedberg authored
In certain circumstances, such as an HCI driver using __hci_cmd_sync_ev with HCI_EV_CMD_COMPLETE as the expected completion event there is the chance that hci_event_packet will call hci_req_cmd_complete twice (once for the explicitly looked after event and another time in the actual handler of cmd_complete). In the case of __hci_cmd_sync_ev this introduces a race where the first call wakes up the blocking __hci_cmd_sync_ev and lets it complete. However, by the time that a second __hci_cmd_sync_ev call is already in progress the second hci_req_cmd_complete call (from the previous operation) will wake up the blocking function prematurely and cause it to fail, as witnessed by the following log: [ 639.232195] hci_rx_work: hci0 Event packet [ 639.232201] hci_req_cmd_complete: opcode 0xfc8e status 0x00 [ 639.232205] hci_sent_cmd_data: hci0 opcode 0xfc8e [ 639.232210] hci_req_sync_complete: hci0 result 0x00 [ 639.232220] hci_cmd_complete_evt: hci0 opcode 0xfc8e [ 639.232225] hci_req_cmd_complete: opcode 0xfc8e status 0x00 [ 639.232228] __hci_cmd_sync_ev: hci0 end: err 0 [ 639.232234] __hci_cmd_sync_ev: hci0 [ 639.232238] hci_req_add_ev: hci0 opcode 0xfc8e plen 250 [ 639.232242] hci_prepare_cmd: skb len 253 [ 639.232246] hci_req_run: length 1 [ 639.232250] hci_sent_cmd_data: hci0 opcode 0xfc8e [ 639.232255] hci_req_sync_complete: hci0 result 0x00 [ 639.232266] hci_cmd_work: hci0 cmd_cnt 1 cmd queued 1 [ 639.232271] __hci_cmd_sync_ev: hci0 end: err 0 [ 639.232276] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-61) Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
-
Johan Hedberg authored
None of the BlueFRITZ! devices with manufacurer ID 31 (AVM Berlin) support HCI_Read_Local_Supported_Commands. It is safe to use the manufacturer ID (instead of e.g. a USB ID specific quirk) because the company never created any newer controllers. < HCI Command: Read Local Supported Comm.. (0x04|0x0002) plen 0 [hci0] 0.210014 > HCI Event: Command Status (0x0f) plen 4 [hci0] 0.217361 Read Local Supported Commands (0x04|0x0002) ncmd 1 Status: Unknown HCI Command (0x01) Reported-by: Jörg Esser <jackfritt@boh.de> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Tested-by: Jörg Esser <jackfritt@boh.de> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 26 Jul, 2013 1 commit
-
-
Arend van Spriel authored
When the brcmfmac device is physically removed cfg80211 gives a warning upon unregistering the net device (see below). [23052.390197] WARNING: CPU: 0 PID: 30 at net/wireless/core.c:937 cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211]() [23052.400843] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) pl2303 usbserial binfmt_misc snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event lpc_ich snd_seq snd_timer snd_seq_device snd psmouse mfd_core serio_raw soundcore snd_page_alloc intel_ips dell_laptop dell_wmi sparse_keymap dcdbas nouveau ttm drm_kms_helper drm i2c_algo_bit mxm_wmi ahci libahci sdhci_pci firewire_ohci firewire_core sdhci crc_itu_t mmc_core intel_agp intel_gtt e1000e ptp pps_core agpgart video [last unloaded: brcmfmac] [23052.452987] CPU: 0 PID: 30 Comm: khubd Tainted: G O 3.11.0-rc1-wl-testing-lockdep-00002-g41cc093-dirty #1 [23052.463480] Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011 [23052.470852] 00000000 00000000 f4efdc18 c1522e3d f845bed2 f4efdc48 c103fbe4 c16a9254 [23052.478762] 00000000 0000001e f845bed2 000003a9 f841da44 f841da44 f3790004 f25539c0 [23052.486741] e2700200 f4efdc58 c103fc22 00000009 00000000 f4efdcc0 f841da44 00000002 [23052.494712] Call Trace: [23052.497165] [<c1522e3d>] dump_stack+0x4b/0x66 [23052.501685] [<c103fbe4>] warn_slowpath_common+0x84/0xa0 [23052.507085] [<f841da44>] ? cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211] [23052.514542] [<f841da44>] ? cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211] [23052.521981] [<c103fc22>] warn_slowpath_null+0x22/0x30 [23052.527191] [<f841da44>] cfg80211_netdev_notifier_call+0x164/0x600 [cfg80211] [23052.534494] [<c150abe8>] ? packet_notifier+0xc8/0x1d0 [23052.539703] [<c150abfc>] ? packet_notifier+0xdc/0x1d0 [23052.544880] [<c150ab20>] ? packet_seq_stop+0x30/0x30 [23052.550002] [<c152d655>] notifier_call_chain+0x45/0x60 [23052.555298] [<c106839f>] raw_notifier_call_chain+0x1f/0x30 [23052.560963] [<c143c693>] call_netdevice_notifiers_info+0x33/0x70 [23052.567153] [<c1459869>] ? qdisc_destroy+0x99/0xb0 [23052.572116] [<c143c6e3>] call_netdevice_notifiers+0x13/0x20 [23052.577861] [<c143df93>] rollback_registered_many+0xf3/0x1d0 [23052.583687] [<c1524cfc>] ? mutex_lock_nested+0x25c/0x350 [23052.589150] [<c143e0f4>] rollback_registered+0x24/0x40 [23052.594445] [<c143e15f>] unregister_netdevice_queue+0x4f/0xb0 [23052.600344] [<c143e299>] unregister_netdev+0x19/0x30 [23052.605484] [<f865b38f>] brcmf_del_if+0xbf/0x160 [brcmfmac] [23052.611223] [<f865b7ae>] brcmf_detach+0x5e/0xd0 [brcmfmac] [23052.616881] [<f8667413>] brcmf_usb_disconnect+0x63/0xa0 [brcmfmac] [23052.623217] [<c13e09aa>] usb_unbind_interface+0x4a/0x180 When the device is physically connected the driver sends a disassoc command to the device and response triggers the driver to inform cfg80211 about it. However, with the device removed the disassoc command fails. This patch adds a call to cfg80211_disconnected() when that command fails. The warning was added by commit below and also cleans up, but better doing it in the driver if only to get rid of the warning. commit f9bef3df Author: Ben Greear <greearb@candelatech.com> Date: Wed Jun 19 14:06:26 2013 -0700 wireless: check for dangling wdev->current_bss pointer Cc: Ben Greear <greearb@candelatech.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-