- 09 Feb, 2011 1 commit
-
- 07 Feb, 2011 3 commits
-
-
Felix Fietkau authored
Using skb_header_cloned to check if it's safe to write to the skb is not enough - mac80211 also touches the tailroom of the skb. Initially this check was only used to increase a counter, however this commit changed the code to also skip skb data reallocation if no extra head/tailroom was needed: commit 4cd06a34 mac80211: skip unnecessary pskb_expand_head calls It added a regression at least with iwl3945, which is fixed by this patch. Reported-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Tested-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Don Fry authored
With commit 554d1d02 only one RF_KILL interrupt will be seen by the driver when the interface is down. Re-enable the interrupt when it occurs to see all transitions. Signed-off-by: Don Fry <donald.h.fry@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Michael Büsch authored
This fixes parsing of the device invariants (MAC address) for PCMCIA SSB devices. ssb_pcmcia_do_get_invariants expects an iv pointer as data argument. Tested-by: dylan cristiani <d.cristiani@idem-tech.it> Signed-off-by: Michael Buesch <mb@bu3sch.de> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 04 Feb, 2011 2 commits
-
-
Mohammed Shafi Shajakhan authored
This patch reverts the following commit ath9k: remove bfs_paprd_timestamp from struct ath_buf_state Under high interference/noisy environment conditions where PAPRD frames fails heavily introduces a possibility of double freeing skb's and causes kernel panic after some time.This patch reverts back to the original approach of using paprd_timestamp before freeing the PAPRD frame skb's [ 194.193705] Pid: 0, comm: swapper Tainted: G D WC 2.6.35-22-generic #33-Ubuntu [ 194.193712] Call Trace: [ 194.193722] [<c05c6468>] ? printk+0x2d/0x35 [ 194.193732] [<c05c63c3>] panic+0x5a/0xd2 [ 194.193741] [<c05ca3ed>] oops_end+0xcd/0xd0 [ 194.193750] [<c0105f74>] die+0x54/0x80 [ 194.193758] [<c05c9a16>] do_trap+0x96/0xc0 [ 194.193837] [<c0103fb0>] ? do_invalid_op+0x0/0xa0 [ 194.193846] [<c010403b>] do_invalid_op+0x8b/0xa0 [ 194.193856] [<c020bd4c>] ? kfree+0xec/0xf0 [ 194.193866] [<c012ce18>] ? default_spin_lock_flags+0x8/0x10 [ 194.193877] [<c01de47a>] ? free_one_page+0x12a/0x2d0 [ 194.193888] [<c01e04dc>] ? __free_pages+0x1c/0x40 [ 194.193897] [<c05c97a7>] error_code+0x73/0x78 [ 194.193906] [<c020bd4c>] ? kfree+0xec/0xf0 [ 194.193915] [<c04ecdd0>] ? skb_release_data+0x70/0xa0 [ 194.193924] [<c04ecdd0>] skb_release_data+0x70/0xa0 [ 194.193933] [<c04ec997>] __kfree_skb+0x17/0x90 [ 194.193941] [<c04eca31>] consume_skb+0x21/0x40 [ 194.193964] [<f85e0b70>] ieee80211_tx_status+0x760/0x860 [mac80211] [ 194.193979] [<f85caddf>] ath_tx_complete_buf+0x1bf/0x2c0 [ath9k] [ 194.193988] [<c05c8b9f>] ? _raw_spin_lock_irqsave+0x2f/0x50 [ 194.193997] [<c04ec40e>] ? skb_queue_tail+0x3e/0x50 [ 194.194010] [<f85cc803>] ath_tx_complete_aggr+0x823/0x940 [ath9k] [ 194.194021] [<c0108a28>] ? sched_clock+0x8/0x10 [ 194.194030] [<c016bf14>] ? sched_clock_local+0xa4/0x180 [ 194.194040] [<c0139f57>] ? enqueue_sleeper+0x1e7/0x2b0 [ 194.194051] [<c013a194>] ? enqueue_entity+0x174/0x200 [ 194.194064] [<f85ce83d>] ath_tx_edma_tasklet+0x2bd/0x3b0 [ath9k] [ 194.194074] [<c05c8b9f>] ? _raw_spin_lock_irqsave+0x2f/0x50 [ 194.194088] [<f85c7b9f>] ath9k_tasklet+0x9f/0x190 [ath9k] [ 194.194097] [<c01505d7>] tasklet_action+0xa7/0xb0 [ 194.194107] [<c015127c>] __do_softirq+0x9c/0x1b0 [ 194.194117] [<c01a7f64>] ? irq_to_desc+0x14/0x20 [ 194.194126] [<c0124fc4>] ? ack_apic_level+0x64/0x1f0 [ 194.194136] [<c01513d5>] do_softirq+0x45/0x50 [ 194.194145] [<c0151545>] irq_exit+0x65/0x70 [ 194.194153] [<c05cf665>] do_IRQ+0x55/0xc0 [ 194.194162] [<c016a6c7>] ? hrtimer_start+0x27/0x30 [ 194.194171] [<c0103630>] common_interrupt+0x30/0x38 [ 194.194181] [<c012c21a>] ? native_safe_halt+0xa/0x10 [ 194.194268] [<c010a2f9>] default_idle+0x49/0xb0 [ 194.194277] [<c0101fcc>] cpu_idle+0x8c/0xd0 [ 194.194286] [<c05b2431>] rest_init+0x71/0x80 [ 194.194295] [<c081981a>] start_kernel+0x36e/0x374 [ 194.194305] [<c08199dd>] ? pass_all_bootoptions+0x0/0xa [ 194.194314] [<c08190d7>] i386_start_kernel+0xd7/0xdf [ 194.194364] panic occurred, switching back to text console Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Christian Lamparter authored
This patch fixes a off-by-one bug which bugged the driver's PS-POLL capability. Cc: <stable@kernel.org> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 03 Feb, 2011 1 commit
-
-
Jesper Juhl authored
In drivers/net/wireless/wl1251/main.c:wl1251_op_bss_info_changed() we make a call to ieee80211_beacon_get() which may return NULL, but we do not check the return value before dereferencing the pointer. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 02 Feb, 2011 3 commits
-
-
Johannes Berg authored
When the off-channel TX is done with remain-on-channel offloaded to hardware, the reported cookie is wrong as in that case we shouldn't use the SKB as the cookie but need to instead use the corresponding r-o-c cookie (XOR'ed with 2 to prevent API mismatches). Fix this by keeping track of the hw_roc_skb pointer just for the status processing and use the correct cookie to report in this case. We can't use the hw_roc_skb pointer itself because it is NULL'ed when the frame is transmitted to prevent it being used twice. This fixes a bug where the P2P state machine in the supplicant gets stuck because it never gets a correct result for its transmitted frame. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Wey-Yi Guy authored
6250 2x2 devices have 2 tx chain and 2 rx chain. For some reason, the EEPROM contain incorrect information and indicate it only has single tx chain. overwrite it with .cfg parameter to make sure both chain 'A' and chain 'B' can be used for transmit and receive Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Bao Liang authored
This patch fixes a minor issue that two connection responses will be sent for one L2CAP connection request. If the L2CAP connection request is first blocked due to security reason and responded with reason "security block", the state of the connection remains BT_CONNECT2. If a pairing procedure completes successfully before the ACL connection is down, local host will send another connection complete response. See the following packets captured by hcidump. 2010-12-07 22:21:24.928096 < ACL data: handle 12 flags 0x00 dlen 16 0000: 0c 00 01 00 03 19 08 00 41 00 53 00 03 00 00 00 ........A.S..... ... ... 2010-12-07 22:21:35.791747 > HCI Event: Auth Complete (0x06) plen 3 status 0x00 handle 12 ... ... 2010-12-07 22:21:35.872372 > ACL data: handle 12 flags 0x02 dlen 16 L2CAP(s): Connect rsp: dcid 0x0054 scid 0x0040 result 0 status 0 Connection successful Signed-off-by: Liang Bao <tim.bao@gmail.com> Acked-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 01 Feb, 2011 1 commit
-
-
Mohammed Shafi Shajakhan authored
free the skb's when the Tx of PAPRD frames fails and also add a debug message indicating that. Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 31 Jan, 2011 1 commit
-
-
Mathias Krause authored
When DEBUG_SPI is included in the debug log level wl1271_spi_reset() will dump the already freed memory instead of the SPI buffer. This bug was spotted by the semantic patch tool coccinelle using the script found at scripts/coccinelle/free/kfree.cocci. More information about semantic patching is available at http://coccinelle.lip6.fr/Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 28 Jan, 2011 2 commits
-
-
Rajkumar Manoharan authored
While unloading the driver, the ps_usecount is incremented before configuring gpio registers in deinit_device. But it is failed to restore the ps_usecount after that. The problem is that the chip is forcibly moved to FULL SLEEP by radio_disable when mac80211 is reporting as idle though ps_usecount is not zero. This patch retores ps_usecount properly and ensures that the chip is always moved to full sleep only if ps usage count is zero which also helps in debugging deadbeef on multivif case. And also fixes the following warning. ath: DMA failed to stop in 10 ms AR_CR=0xdeadbeef AR_DIAG_SW=0xdeadbeef ath: Could not stop RX, we could be confusing the DMA engine when we start RX up ------------[ cut here ]------------ WARNING: at drivers/net/wireless/ath/ath9k/recv.c:536 ath_stoprecv+0xf4/0x100 [ath9k]() Cc: stable@kernel.org Cc: Paul Stewart <pstew@google.com> Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Rajkumar Manoharan authored
The bit 6 & 7 of AR_WA (0x4004) should be enabled only for the chips that are supporting L0s functionality while resuming back from S3/S4. Enabling these bits for AR9280 is causing system hang within a few S3/S4-resume cycles. Cc: stable@kernel.org Cc: Jack Lee <jlee@atheros.com> Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 27 Jan, 2011 6 commits
-
-
Luciano Coelho authored
Update maintainer's email address, webpage and align with renaming of files. Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
We do not kill any scheduled tasklets when stopping device, that may cause usage of resources after free. Disable interrupts, kill tasklets and then works in correct order. Cc: stable@kernel.org Tested-by: Sujith <m.sujith@gmail.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
We do not kill any scheduled tasklets when stopping device, that may cause usage of resources after free. Moreover we enable interrupts in tasklet function, so we could potentially end with interrupts enabled when driver is not ready to receive them. I think patch should fix Ben's kernel crash from: http://marc.info/?l=linux-wireless&m=129438358921501&w=2 Cc: stable@kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Bob Copeland authored
The ath5k version of ieee80211_generic_frame_duration() returns an __le16 for standard modes but a cpu-endian int for turbo/half/ quarter rates. Make it always return cpu-endian values. Signed-off-by: Bob Copeland <me@bobcopeland.com> Acked-by: Bruno Randolf <br1@einfach.org> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Bob Copeland authored
Review spotted a problem with the error handling in ath5k_hw_dma_stop: a successful return from ath5k_hw_stop_tx_dma will be treated as an error, so we always bail out of the loop after processing a single active queue. As a result, we may not actually stop some queues during reset. Signed-off-by: Bob Copeland <me@bobcopeland.com> Acked-by: Bruno Randolf <br1@einfach.org> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Chaoming Li authored
When the source code from Realtek was prepared for kernel inclusion, some routines were refactored to reduce the level of indentation. This patch repairs errors introduced in that process. Signed-off-by: Chaoming Li <chaoming_li@realsil.com.cn> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 26 Jan, 2011 1 commit
-
-
Cho, Yu-Chen authored
Add the btusb.c blacklist [03f0:311d] for Atheros AR9285 Malbec BT and add to ath3k.c ath3-1.fw (md5:1211fa34c09e10ba48381586b7c3883d) supported this device. Signed-off-by: Cho, Yu-Chen <acho@novell.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 25 Jan, 2011 3 commits
-
-
Reinette Chatre authored
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Greg Kroah-Hartman authored
This patch adds the device id for the windy31 USB device to the rt73usb driver. Thanks to Ralf Flaxa for reporting this and providing testing and a sample device. Reported-by: Ralf Flaxa <rf@suse.de> Tested-by: Ralf Flaxa <rf@suse.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felix Fietkau authored
Some drivers (e.g. ath9k) do not always disable beacons when they're supposed to. When an interface is changed using the change_interface op, the mode specific sdata part is in an undefined state and trying to get a beacon at this point can produce weird crashes. To fix this, add a check for ieee80211_sdata_running before using anything from the sdata. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 21 Jan, 2011 4 commits
-
-
Jesper Juhl authored
In drivers/net/wireless/rtlwifi/pci.c::_rtl_pci_rx_interrupt() we call dev_alloc_skb(), which may fail and return NULL, but we do not check the returned value against NULL before dereferencing the returned pointer. This may lead to a NULL pointer dereference which means we'll crash - not good. In a separate call to dev_alloc_skb(), the debug level is changed so that the failure message will always be logged. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felix Fietkau authored
There are several places where ath_reset() was called without proper calls to ath9k_ps_wakeup/ath9k_ps_restore. To fix this, add those calls directly to ath_reset and drop them from callers where it makes sense. Also add them to the config callback around ath_update_txpow to fix a crash that happens when the tx power changed before any vif is brought up. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Luis R. Rodriguez authored
AR9003's PAPRD was enabled prematurely, and is causing some large discrepancies on throughput and network connectivity. For example downlink (RX) throughput against an AR9280 AP can vary widlely from 43-73 Mbit/s while disabling this gets AR9382 (2x2) up to around 93 Mbit/s in a 2.4 GHz HT20 setup. Cc: stable@kernel.org Cc: Paul Shaw <paul.shaw@atheros.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Wey-Yi Guy authored
For all the new devices, the sku information should read from EEPROM but for legacy devices such as 4965, appearly the EEPROM does not contain the necessary information. so skip the read from EEPROM and go back to use software configuration. Reported-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Tested-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 19 Jan, 2011 9 commits
-
-
Johan Hedberg authored
The conn->sec_level value is supposed to represent the current level of security that the connection has. However, by assigning to it before requesting authentication it will have the wrong value during the authentication procedure. To fix this a pending_sec_level variable is added which is used to track the desired security level while making sure that sec_level always represents the current level of security. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
When there is an existing connection l2cap_check_security needs to be called to ensure that the security level of the new socket is fulfilled. Normally l2cap_do_start takes care of this, but that function doesn't get called for SOCK_RAW type sockets. This patch adds the necessary l2cap_check_security call to the appropriate branch in l2cap_do_connect. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
The logic for determining the needed auth_type for an L2CAP socket is rather complicated and has so far been duplicated in l2cap_check_security as well as l2cap_do_connect. Additionally the l2cap_check_security code was completely missing the handling of SOCK_RAW type sockets. This patch creates a unified function for the evaluation and makes l2cap_do_connect and l2cap_check_security use that function. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
If an existing connection has a MITM protection requirement (the first bit of the auth_type) then that requirement should not be cleared by new sockets that reuse the ACL but don't have that requirement. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
This reverts commit 04530982. That commit is wrong for two reasons: - The conn->sec_level shouldn't be updated without performing authentication first (as it's supposed to represent the level of security that the existing connection has) - A higher auth_type value doesn't mean "more secure" like the commit seems to assume. E.g. dedicated bonding with MITM protection is 0x03 whereas general bonding without MITM protection is 0x04. hci_conn_auth already takes care of updating conn->auth_type so hci_connect doesn't need to do it. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Lukáš Turek authored
Fix a bug introduced in commit 9cf5b0ea: function rfcomm_recv_ua calls rfcomm_session_put without checking that the session is not referenced by some DLC. If the session is freed, that DLC would refer to deallocated memory, causing an oops later, as shown in this bug report: https://bugzilla.kernel.org/show_bug.cgi?id=15994Signed-off-by: Lukas Turek <8an@praha12.net> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Johan Hedberg authored
The blacklist should be freed before the hci device gets unregistered. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
David Sterba authored
CC: Marcel Holtmann <marcel@holtmann.org> CC: "Gustavo F. Padovan" <padovan@profusion.mobi> CC: João Paulo Rechi Vita <jprvita@profusion.mobi> Signed-off-by: David Sterba <dsterba@suse.cz> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
Alexander Holler authored
There is no need to hold the firmware in memory. Signed-off-by: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-
- 18 Jan, 2011 2 commits
-
-
Wey-Yi Guy authored
When read valid tx/rx chains from EEPROM, there is a bug to use the tx chain value for both tx and rx, the result of this cause low receive throughput on 1x2 devices becuase rx will only utilize single chain instead of two chains Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Bob Copeland authored
ath5k_reset must be called with sc->lock. Since the tx queue watchdog runs in a workqueue and accesses sc, it's appropriate to just take the lock over the whole function. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 17 Jan, 2011 1 commit
-
-
Rajkumar Manoharan authored
The power detector adc offset calibration has to be done on 4 minutes interval (longcal * pa_skip_count). But the commit "ath9k_hw: fix a noise floor calibration related race condition" makes the PA calibration executed more frequently beased on nfcal_pending value. Running PAOffset calibration lesser than longcal interval doesn't help anything and the worse part is that it causes NF load timeouts and RX deaf conditions. In a very noisy environment, where the distance b/w AP & station is ~10 meter and running a downlink udp traffic with frequent background scan causes "Timeout while waiting for nf to load: AR_PHY_AGC_CONTROL=0x40d1a" and moves the chip into deaf state. This issue was originaly reported in Android platform where the network-manager application does bgscan more frequently on AR9271 chips. (AR9285 family usb device). Cc: stable@kernel.org Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com> Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-