- 02 Dec, 2013 1 commit
-
-
- 25 Nov, 2013 32 commits
-
-
Luciano Coelho authored
If the next seqno returned by the firmware is 0, we return an error (-16) in the iwl_mvm_get_last_nonqos_seq() function. This is because we return an integer and don't use any casting when calculating the last seqno from the one we received. Fix this by using a cast to u16 when doing the calculation, so we return 0xfff0, as we should. Signed-off-by:
Luciano Coelho <luciano.coelho@intel.com> Signed-off-by:
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-
Luciano Coelho authored
In an open BSS, after suspend/resume, we don't set the last seqno because the iwl_mvm_setup_connection_keep() returns too early. This happens because the check to see if we have any keys was returning immediately, without setting seqno and seqno_valid. Fix this. Signed-off-by:
-
Alexander Bondar authored
If we call ieee80211_hw_restart, it means that the firmware is in bad condition and will be reset soon. Since the firmware will be reset, there is no good reason to keep sending host commands. Signed-off-by:
Alexander Bondar <alexander.bondar@intel.com> Reviewed-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Emmanuel Grumbach authored
A new firmware is coming out soon with new APIs. To make sure that this new firmware won't be loaded on old driver that don't support it, it's API version has been updated to 8. In order to be able to load it, bump the API version to 8. API version 7 is still supported and will be for another year or so. Signed-off-by: -
Emmanuel Grumbach authored
Time event notification can have a failure status even if the time event was scheduled: * in START notification, this can happen if the time event was scheduled later than the requested apply time. * in STOP notification, this can happen if the time event is truncated. Even if both happened, the offchannel packets sent during the remain on channel are very likely to have been sent. Hence, don't WARN when this happens, but rather print a discrete line in the kernel log. Signed-off-by:
-
Emmanuel Grumbach authored
This patch is very similar to a previous fix: 22cba0c0 When we disassociate, mac80211 removes the station and then, it sets the bss it unsets the assoc bool in bss_info. Since the firwmware wants it the opposite (first set the MAC context as unassoc, and only then, remove the STA of the API), we have a small period of time in which the STA in firmware doesn't have a valid ieee80211_sta pointer. During that time, iwl_mvm_vif->ap_sta_id, is still set to the STA in firmware that represent the AP. Signed-off-by:
-
Emmanuel Grumbach authored
This feature isn't supported by the firmware (yet). Note that settingt he values to BT_CFG_CMD is harmless if the validity bit is clear - so keep the configuration values in BT_CFG_CMD, but clear the validity bit until thes feature is enabled in the firmware. Signed-off-by: -
Oren Givon authored
Add new HW IDs and configurations for 7265 series. Signed-off-by:
Oren Givon <oren.givon@intel.com> Signed-off-by:
-
Emmanuel Grumbach authored
We changed the timeout for the interrupt coealescing for calibration, but that wasn't effective since we changed that value back before loading the firmware. Since calibrations are notification from firmware and not Rx packets, this doesn't change anyway - the firmware will fire an interrupt straight away regardless of the interrupt coalescing value. Also, a HW issue has been discovered in 7000 devices series. The work around is to disable the new interrupt coalescing timeout feature - do this by setting bit 31 in CSR_INT_COALESCING. This has been fixed in 7265 which means that we can't rely on the device family and must have a hint in the iwl_cfg structure. Cc: stable@vger.kernel.org [3.10+] Fixes: 99cd4714 ("iwlwifi: add 7000 series device configuration") Reviewed-by:
-
Johannes Berg authored
The station ID must be valid, if it's out of range then the array access may crash. Validate the station ID to the array length, and also validate the drain value even if that doesn't matter all that much. Cc: stable@vger.kernel.org Fixes: 8ca151b5 ("iwlwifi: add the MVM driver") Signed-off-by:
-
-
Ujjal Roy authored
For IBSS join if the requested SSID matches current SSID, it returns without freeing the allocated beacon IE buffer. Cc: <stable@vger.kernel.org> # 3.10+ Signed-off-by:
Ujjal Roy <royujjal@gmail.com> Signed-off-by:
Bing Zhao <bzhao@marvell.com> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Borislav Petkov authored
When building randconfigs with CONFIG_BCMA_DRIVER_GPIO=y, I get drivers/built-in.o: In function `brcms_led_unregister': (.text+0x351aca): undefined reference to `led_classdev_unregister' drivers/built-in.o: In function `brcms_led_register': (.text+0x351c65): undefined reference to `led_classdev_register' during final linking stage because brcmsmac/led.c needs LEDS_CLASS for registering/deregistering the led device. Select the required symbols. Cc: Arend van Spriel <arend@broadcom.com> Cc: "Rafał Miłecki" <zajec5@gmail.com> Cc: <linux-wireless@vger.kernel.org> Signed-off-by:
Borislav Petkov <bp@suse.de> Signed-off-by:
-
Karl Beldan authored
ATM, the first call of ieee80211_do_open will configure the hw as non-idle, even if the interface being brought up is not a monitor, and this leads to inconsistent sequences like: register_hw() do_open(sta) hw_config(non-idle) (.. sta is non-idle ..) scan(sta) hw_config(idle) (after scan finishes) do_stop(sta) do_open(sta) (.. sta is idle ..) Signed-off-by:
Karl Beldan <karl.beldan@rivierawaves.com> Signed-off-by:
-
Karl Beldan authored
Commit 3e8b1eb2 "mac80211/minstrel_ht: improve rate selection stability" introduced a local capped prob in minstrel_ht_calc_tp but omitted to use it to compute the per rate throughput. Signed-off-by:
-
Felix Fietkau authored
Fixes wpa_supplicant p2p_find on 5GHz-only devices Signed-off-by:
Felix Fietkau <nbd@openwrt.org> Signed-off-by:
-
Eliad Peller authored
Commit 392b9ffb ("mac80211: change beacon/connection polling") removed the IEEE80211_STA_BEACON_POLL flag. However, it accidentally removed the setting of IEEE80211_STA_CONNECTION_POLL, making the connection polling completely useless (the flag is always clear, so the result is never being checked). Fix it. Signed-off-by:
Eliad Peller <eliad@wizery.com> Acked-by:
Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by:
-
Jouni Malinen authored
'mac80211_hwsim: Fix tracking of beaconing for multi-vif' introduced an iteration of active interfaces into the bss_info_changed handler. However, it used a wrong type of iteration and could result in a dead lock since iflist_mtx can already be held. Fix this by using the atomic version of the iteration function. Signed-off-by:
Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by:
-
Chun-Yeow Yeoh authored
Mesh STA receiving the mesh CSA action frame is not able to trigger the mesh channel switch due to the incorrect handling and comparison of mesh channel switch parameters element (MCSP)'s TTL. Make sure the MCSP's TTL is updated accordingly before calling the ieee80211_mesh_process_chnswitch. Also, we update the beacon before forwarding the CSA action frame, so MCSP's precedence value and initiator flag need to be updated prior to this. Signed-off-by:
Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by:
-
Johannes Berg authored
Multicast frames can't be transmitted as part of an aggregation session (such a session couldn't even be set up) so don't try to reorder them. Trying to do so would cause the reorder to stop working correctly since multicast QoS frames (as transmitted by the Aruba APs this was found with) would cause sequence number confusion in the buffer. Cc: stable@vger.kernel.org Reported-by:
Blaise Gassend <blaise@suitabletech.com> Signed-off-by:
-
Johannes Berg authored
Due to nl80211 API breakage, 5/10 MHz support is broken for all drivers. Fixing it requires adding new API, but that can't be done as a bugfix commit since that would require either updating all APIs in the trees needing the bugfix or cause different kernels to have incompatible API. Therefore, just disable 5/10 MHz support for all drivers. Cc: stable@vger.kernel.org [3.12] Signed-off-by: -
Karl Beldan authored
When initializing rates selections starting indexes upon stats update, the minstrel_sta->max_* rates should be 'group * MCS_GROUP_RATES + i' not 'i'. This affects settings where one of the peers does not support any of the rates of the group 0 (i.e. when ht_cap.mcs.rx_mask[0] == 0). Signed-off-by:
-
Javier Lopez authored
Mesh beacon was not being rebuild after user triggered a mesh powersave change. To solve this issue use ieee80211_mbss_info_change_notify instead of ieee80211_bss_info_change_notify. This helper function forces mesh beacon to be rebuild and then notifies the driver about the beacon change. Signed-off-by:
Javier Lopez <jlopex@cozybit.com> Signed-off-by:
-
Felix Fietkau authored
Commit "mac80211: implement SMPS for AP" applies to AP_VLAN as well. It assumes that sta->sdata->vif.bss_conf.bssid is present, which did not get set for AP_VLAN. Initialize it to sdata->vif.addr like for other interface types. Signed-off-by:
-
Johannes Berg authored
Coverity pointed out that we might dereference NULL later if nla_nest_start() returns a failure. This isn't really true since we'd bomb out before, but we should check the return value directly, so do that. Signed-off-by: -
Johannes Berg authored
Coverity pointed out that in the (practically impossible) error case we leak the message - fix this. Signed-off-by: -
Johannes Berg authored
Coverity pointed out that in a few functions we don't check the return value of the nla_put_*() calls. Most of these are fairly harmless because the input isn't very dynamic and controlled by the kernel, but the pattern is simply wrong, so fix this. Signed-off-by: -
Johannes Berg authored
When changing cfg80211 to use RTNL locking, this caused a deadlock in mac80211 as it calls cfg80211_sched_scan_stopped() from a work item that's on a workqueue that is flushed with the RTNL held. Fix this by simply using schedule_work(), the work only needs to finish running before the wiphy is unregistered, no other synchronisation (e.g. with suspend) is really required since for suspend userspace is already blocked anyway when we flush the workqueue so will only pick up the event after resume. Cc: stable@vger.kernel.org Fixes: 5fe231e8 ("cfg80211: vastly simplify locking") Reported-and-tested-by:
Eliad Peller <eliadx.peller@intel.com> Signed-off-by:
-
Janusz Dziedzic authored
Setup chandef for radar event correctly, before we will clear this in ieee80211_dfs_cac_cancel() function. Without this patch mac80211 will report wrong channel width in case we will get radar event during active CAC. Signed-off-by:
Janusz Dziedzic <janusz.dziedzic@tieto.com> Reviewed-by:
Luis R. Rodriguez <mcgrof@do-not-panic.com> Signed-off-by:
-
Simon Wunderlich authored
The wext internal chandefs for ibss should be created using the cfg80211_chandef_create() functions. Initializing fields manually is error-prone. Reported-by:
Dirk Gouders <dirk@gouders.net> Signed-off-by:
Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by:
-
Jouni Malinen authored
The earlier addition of rt_tsft to struct hwsim_radiotap_hdr updated only mac80211_hwsim_monitor_tx() to fill in the new field. mac80211_hwsim_monitor_ack() did not set the rt_tsft field and as such, leaked eight bytes of kernel memory to user space. In addition, the resulting radiotap header is invalid since the field offsets do not match. Fix these issues by defining a separate radiotap header structure for the ACK frame case which does not use all the fields. Signed-off-by:
Jouni Malinen <j@w1.fi> Signed-off-by:
-
Bob Copeland authored
This reverts commit ee1f6681. The aformentioned commit added a check to allow 'iw wlan0 set power_save off' to work for mesh interfaces. However, this is problematic because it also allows 'iw wlan0 set power_save on', which will crash in short order because all of the subsequent code manipulates sdata->u.mgd. The power-saving states for mesh interfaces can be manipulated through the mesh config, e.g: 'iw wlan0 set mesh_param mesh_power_save=active' (which, despite the name, actualy disables power saving since the setting refers to the type of sleep the interface undergoes). Cc: stable@vger.kernel.org Fixes: ee1f6681 ("mac80211: allow disable power save in mesh") Signed-off-by:
Bob Copeland <me@bobcopeland.com> Signed-off-by:
-
- 21 Nov, 2013 7 commits
-
-
Herbert Xu authored
Recently GRO started generating packets with frag_lists of frags. This was not handled by GSO, thus leading to a crash. Thankfully these packets are of a regular form and are easy to handle. This patch handles them in two ways. For completely non-linear frag_list entries, we simply continue to iterate over the frag_list frags once we exhaust the normal frags. For frag_list entries with linear parts, we call pskb_trim on the first part of the frag_list skb, and then process the rest of the frags in the usual way. This patch also kills a chunk of dead frag_list code that has obviously never ever been run since it ends up generating a bogus GSO-segmented packet with a frag_list entry. Future work is planned to split super big packets into TSO ones. Fixes: 8a29111c ("net: gro: allow to build full sized skb") Reported-by:
Christoph Paasch <christoph.paasch@uclouvain.be> Reported-by:
Jerry Chu <hkchu@google.com> Reported-by:
Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
Eric Dumazet <edumazet@google.com> Tested-by:
David S. Miller <davem@davemloft.net>
-
Johannes Berg authored
Fix another really stupid bug - I introduced genl_set_err() precisely to be able to adjust the group and reject invalid ones, but then forgot to do so. Signed-off-by:
-
Johannes Berg authored
Unfortunately, I introduced a tremendously stupid bug into genlmsg_multicast() when doing all those multicast group changes: it adjusts the group number, but then passes it to genlmsg_multicast_netns() which does that again. Somehow, my tests failed to catch this, so add a warning into genlmsg_multicast_netns() and remove the offending group ID adjustment. Also add a warning to the similar code in other functions so people who misuse them are more loudly warned. Signed-off-by:
-
Daniel Borkmann authored
Salam reported a use after free bug in PF_PACKET that occurs when we're sending out frames on a socket bound device and suddenly the net device is being unregistered. It appears that commit 827d9780 introduced a possible race condition between {t,}packet_snd() and packet_notifier(). In the case of a bound socket, packet_notifier() can drop the last reference to the net_device and {t,}packet_snd() might end up suddenly sending a packet over a freed net_device. To avoid reverting 827d9780 and thus introducing a performance regression compared to the current state of things, we decided to hold a cached RCU protected pointer to the net device and maintain it on write side via bind spin_lock protected register_prot_hook() and __unregister_prot_hook() calls. In {t,}packet_snd() path, we access this pointer under rcu_read_lock through packet_cached_dev_get() that holds reference to the device to prevent it from being freed through packet_notifier() while we're in send path. This is okay to do as dev_put()/dev_hold() are per-cpu counters, so this should not be a performance issue. Also, the code simplifies a bit as we don't need need_rls_dev anymore. Fixes: 827d9780 ("af-packet: Use existing netdev reference for bound sockets.") Reported-by:
Salam Noureddine <noureddine@aristanetworks.com> Signed-off-by:
Daniel Borkmann <dborkman@redhat.com> Signed-off-by:
-
David Vrabel authored
If the VIF thread is still running after unbinding the Tx and Rx IRQs in xenvif_disconnect(), the thread may attempt to raise an event which will BUG (as the irq is unbound). Signed-off-by:
David Vrabel <david.vrabel@citrix.com> Acked-by:
Wei Liu <wei.liu2@citrix.com> Signed-off-by:
-
Michael Opdenacker authored
This removes a code line that is between a "return 0;" and an error label. This code line can never be reached. Found by Coverity (CID: 1130529) Signed-off-by:
Michael Opdenacker <michael.opdenacker@free-electrons.com> Acked-by:
Johannes Berg <johannes@sipsolutions.net> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirelessDavid S. Miller authored
John W. Linville says: ==================== pull request: wireless 2013-11-21 Please pull this batch of fixes intended for the 3.13 stream! For the Bluetooth bits, Gustavo says: "A few fixes for 3.13. There is 3 fixes to the RFCOMM protocol. One crash fix to L2CAP. A simple fix to a bad behaviour in the SMP protocol." On top of that... Amitkumar Karwar sends a quintet of mwifiex fixes -- two fixes related to failure handling, two memory leak fixes, and a NULL pointer fix. Felix Fietkau corrects and earlier rt2x00 HT descriptor handling fix to address a crash. Geyslan G. Bem fixes a memory leak in brcmfmac. Larry Finger address more pointer arithmetic errors in rtlwifi. Luis R. Rodriguez provides a regulatory fix in the shared ath code. Sujith Manoharan brings a couple ath9k initialization fixes. Ujjal Roy offers one more mwifiex fix to avoid invalid memory accesses when unloading the USB driver. ==================== Signed-off-by:
-
