- 13 Nov, 2013 1 commit
-
-
Marcel Holtmann authored
The commit 94a86df0 seem to have uncovered a long standing bug that did not trigger so far. BUG: unable to handle kernel paging request at 00000009dd503502 IP: [<ffffffff815b1868>] rfcomm_sock_getsockopt+0x128/0x200 PGD 0 Oops: 0000 [#1] SMP Modules linked in: ath5k ath mac80211 cfg80211 CPU: 2 PID: 1459 Comm: bluetoothd Not tainted 3.11.0-133163-gcebd830 #2 Hardware name: System manufacturer System Product Name/P6T DELUXE V2, BIOS 1202 12/22/2010 task: ffff8803304106a0 ti: ffff88033046a000 task.ti: ffff88033046a000 RIP: 0010:[<ffffffff815b1868>] [<ffffffff815b1868>] rfcomm_sock_getsockopt+0x128/0x200 RSP: 0018:ffff88033046bed8 EFLAGS: 00010246 RAX: 00000009dd503502 RBX: 0000000000000003 RCX: 00007fffa2ed5548 RDX: 0000000000000003 RSI: 0000000000000012 RDI: ffff88032fd37480 RBP: ffff88033046bf28 R08: 00007fffa2ed554c R09: ffff88032f5707d8 R10: 00007fffa2ed5548 R11: 0000000000000202 R12: ffff880330bbd000 R13: 00007fffa2ed5548 R14: 0000000000000003 R15: 00007fffa2ed554c FS: 00007fc44cfac700(0000) GS:ffff88033fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000009dd503502 CR3: 00000003304c2000 CR4: 00000000000007e0 Stack: ffff88033046bf28 ffffffff815b0f2f ffff88033046bf18 0002ffff81105ef6 0000000600000000 ffff88032fd37480 0000000000000012 00007fffa2ed5548 0000000000000003 00007fffa2ed554c ffff88033046bf78 ffffffff814c0380 Call Trace: [<ffffffff815b0f2f>] ? rfcomm_sock_setsockopt+0x5f/0x190 [<ffffffff814c0380>] SyS_getsockopt+0x60/0xb0 [<ffffffff815e0852>] system_call_fastpath+0x16/0x1b Code: 02 00 00 00 0f 47 d0 4c 89 ef e8 74 13 cd ff 83 f8 01 19 c9 f7 d1 83 e1 f2 e9 4b ff ff ff 0f 1f 44 00 00 49 8b 84 24 70 02 00 00 <4c> 8b 30 4c 89 c0 e8 2d 19 cd ff 85 c0 49 89 d7 b9 f2 ff ff ff RIP [<ffffffff815b1868>] rfcomm_sock_getsockopt+0x128/0x200 RSP <ffff88033046bed8> CR2: 00000009dd503502 It triggers in the following segment of the code: 0x1313 is in rfcomm_sock_getsockopt (net/bluetooth/rfcomm/sock.c:743). 738 739 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 740 { 741 struct sock *sk = sock->sk; 742 struct rfcomm_conninfo cinfo; 743 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 744 int len, err = 0; 745 u32 opt; 746 747 BT_DBG("sk %p", sk); The l2cap_pi(sk) is wrong here since it should have been rfcomm_pi(sk), but that socket of course does not contain the low-level connection details requested here. Tracking down the actual offending commit, it seems that this has been introduced when doing some L2CAP refactoring: commit 8c1d787b Author: Gustavo F. Padovan <padovan@profusion.mobi> Date: Wed Apr 13 20:23:55 2011 -0300 @@ -743,6 +743,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u struct sock *sk = sock->sk; struct sock *l2cap_sk; struct rfcomm_conninfo cinfo; + struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; int len, err = 0; u32 opt; @@ -787,8 +788,8 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; - cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; - memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); + cinfo.hci_handle = conn->hcon->handle; + memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); The l2cap_sk got accidentally mixed into the sk (which is RFCOMM) and now causing a problem within getsocketopt() system call. To fix this, just re-introduce l2cap_sk and make sure the right socket is used for the low-level connection details. Reported-by: Fabio Rossi <rossi.f@inwind.it> Reported-by: Janusz Dziedzic <janusz.dziedzic@gmail.com> Tested-by: Janusz Dziedzic <janusz.dziedzic@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
- 18 Oct, 2013 8 commits
-
-
Felipe Pena authored
On the ternary expression the 'e' variable could be NULL dereferenced, when b43_nphy_get_rf_ctl_over_rev7 function returns NULL. Signed-off-by: Felipe Pena <felipensp@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
Polling TX statuses too frequently has two negative effects. First is randomly peek CPU usage, causing overall system functioning delays. Second bad effect is that device is not able to fill TX statuses in H/W register on some workloads and we get lot of timeouts like below: ieee80211 phy4: rt2800usb_entry_txstatus_timeout: Warning - TX status timeout for entry 7 in queue 2 ieee80211 phy4: rt2800usb_entry_txstatus_timeout: Warning - TX status timeout for entry 7 in queue 2 ieee80211 phy4: rt2800usb_txdone: Warning - Got TX status for an empty queue 2, dropping This not only cause flood of messages in dmesg, but also bad throughput, since rate scaling algorithm can not work optimally. In the future, we should probably make polling interval be adjusted automatically, but for now just increase values, this make mentioned problems gone. Resolve: https://bugzilla.kernel.org/show_bug.cgi?id=62781 Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
Fix random kernel panic with below messages when remove dongle. [ 2212.355447] BUG: unable to handle kernel NULL pointer dereference at 0000000000000250 [ 2212.355527] IP: [<ffffffffa02667f2>] rt2x00usb_kick_tx_entry+0x12/0x160 [rt2x00usb] [ 2212.355599] PGD 0 [ 2212.355626] Oops: 0000 [#1] SMP [ 2212.355664] Modules linked in: rt2800usb rt2x00usb rt2800lib crc_ccitt rt2x00lib mac80211 cfg80211 tun arc4 fuse rfcomm bnep snd_hda_codec_realtek snd_hda_intel snd_hda_codec btusb uvcvideo bluetooth snd_hwdep x86_pkg_temp_thermal snd_seq coretemp aesni_intel aes_x86_64 snd_seq_device glue_helper snd_pcm ablk_helper videobuf2_vmalloc sdhci_pci videobuf2_memops videobuf2_core sdhci videodev mmc_core serio_raw snd_page_alloc microcode i2c_i801 snd_timer hid_multitouch thinkpad_acpi lpc_ich mfd_core snd tpm_tis wmi tpm tpm_bios soundcore acpi_cpufreq i915 i2c_algo_bit drm_kms_helper drm i2c_core video [last unloaded: cfg80211] [ 2212.356224] CPU: 0 PID: 34 Comm: khubd Not tainted 3.12.0-rc3-wl+ #3 [ 2212.356268] Hardware name: LENOVO 3444CUU/3444CUU, BIOS G6ET93WW (2.53 ) 02/04/2013 [ 2212.356319] task: ffff880212f687c0 ti: ffff880212f66000 task.ti: ffff880212f66000 [ 2212.356392] RIP: 0010:[<ffffffffa02667f2>] [<ffffffffa02667f2>] rt2x00usb_kick_tx_entry+0x12/0x160 [rt2x00usb] [ 2212.356481] RSP: 0018:ffff880212f67750 EFLAGS: 00010202 [ 2212.356519] RAX: 000000000000000c RBX: 000000000000000c RCX: 0000000000000293 [ 2212.356568] RDX: ffff8801f4dc219a RSI: 0000000000000000 RDI: 0000000000000240 [ 2212.356617] RBP: ffff880212f67778 R08: ffffffffa02667e0 R09: 0000000000000002 [ 2212.356665] R10: 0001f95254ab4b40 R11: ffff880212f675be R12: ffff8801f4dc2150 [ 2212.356712] R13: 0000000000000000 R14: ffffffffa02667e0 R15: 000000000000000d [ 2212.356761] FS: 0000000000000000(0000) GS:ffff88021e200000(0000) knlGS:0000000000000000 [ 2212.356813] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2212.356852] CR2: 0000000000000250 CR3: 0000000001a0c000 CR4: 00000000001407f0 [ 2212.356899] Stack: [ 2212.356917] 000000000000000c ffff8801f4dc2150 0000000000000000 ffffffffa02667e0 [ 2212.356980] 000000000000000d ffff880212f677b8 ffffffffa03a31ad ffff8801f4dc219a [ 2212.357038] ffff8801f4dc2150 0000000000000000 ffff8800b93217a0 ffff8801f49bc800 [ 2212.357099] Call Trace: [ 2212.357122] [<ffffffffa02667e0>] ? rt2x00usb_interrupt_txdone+0x90/0x90 [rt2x00usb] [ 2212.357174] [<ffffffffa03a31ad>] rt2x00queue_for_each_entry+0xed/0x170 [rt2x00lib] [ 2212.357244] [<ffffffffa026701c>] rt2x00usb_kick_queue+0x5c/0x60 [rt2x00usb] [ 2212.357314] [<ffffffffa03a3682>] rt2x00queue_flush_queue+0x62/0xa0 [rt2x00lib] [ 2212.357386] [<ffffffffa03a2930>] rt2x00mac_flush+0x30/0x70 [rt2x00lib] [ 2212.357470] [<ffffffffa04edded>] ieee80211_flush_queues+0xbd/0x140 [mac80211] [ 2212.357555] [<ffffffffa0502e52>] ieee80211_set_disassoc+0x2d2/0x3d0 [mac80211] [ 2212.357645] [<ffffffffa0506da3>] ieee80211_mgd_deauth+0x1d3/0x240 [mac80211] [ 2212.357718] [<ffffffff8108b17c>] ? try_to_wake_up+0xec/0x290 [ 2212.357788] [<ffffffffa04dbd18>] ieee80211_deauth+0x18/0x20 [mac80211] [ 2212.357872] [<ffffffffa0418ddc>] cfg80211_mlme_deauth+0x9c/0x140 [cfg80211] [ 2212.357913] [<ffffffffa041907c>] cfg80211_mlme_down+0x5c/0x60 [cfg80211] [ 2212.357962] [<ffffffffa041cd18>] cfg80211_disconnect+0x188/0x1a0 [cfg80211] [ 2212.358014] [<ffffffffa04013bc>] ? __cfg80211_stop_sched_scan+0x1c/0x130 [cfg80211] [ 2212.358067] [<ffffffffa03f8954>] cfg80211_leave+0xc4/0xe0 [cfg80211] [ 2212.358124] [<ffffffffa03f8d1b>] cfg80211_netdev_notifier_call+0x3ab/0x5e0 [cfg80211] [ 2212.358177] [<ffffffff815140f8>] ? inetdev_event+0x38/0x510 [ 2212.358217] [<ffffffff81085a94>] ? __wake_up+0x44/0x50 [ 2212.358254] [<ffffffff8155995c>] notifier_call_chain+0x4c/0x70 [ 2212.358293] [<ffffffff81081156>] raw_notifier_call_chain+0x16/0x20 [ 2212.358361] [<ffffffff814b6dd5>] call_netdevice_notifiers_info+0x35/0x60 [ 2212.358429] [<ffffffff814b6ec9>] __dev_close_many+0x49/0xd0 [ 2212.358487] [<ffffffff814b7028>] dev_close_many+0x88/0x100 [ 2212.358546] [<ffffffff814b8150>] rollback_registered_many+0xb0/0x220 [ 2212.358612] [<ffffffff814b8319>] unregister_netdevice_many+0x19/0x60 [ 2212.358694] [<ffffffffa04d8eb2>] ieee80211_remove_interfaces+0x112/0x190 [mac80211] [ 2212.358791] [<ffffffffa04c585f>] ieee80211_unregister_hw+0x4f/0x100 [mac80211] [ 2212.361994] [<ffffffffa03a1221>] rt2x00lib_remove_dev+0x161/0x1a0 [rt2x00lib] [ 2212.365240] [<ffffffffa0266e2e>] rt2x00usb_disconnect+0x2e/0x70 [rt2x00usb] [ 2212.368470] [<ffffffff81419ce4>] usb_unbind_interface+0x64/0x1c0 [ 2212.371734] [<ffffffff813b446f>] __device_release_driver+0x7f/0xf0 [ 2212.374999] [<ffffffff813b4503>] device_release_driver+0x23/0x30 [ 2212.378131] [<ffffffff813b3c98>] bus_remove_device+0x108/0x180 [ 2212.381358] [<ffffffff813b0565>] device_del+0x135/0x1d0 [ 2212.384454] [<ffffffff81417760>] usb_disable_device+0xb0/0x270 [ 2212.387451] [<ffffffff8140d9cd>] usb_disconnect+0xad/0x1d0 [ 2212.390294] [<ffffffff8140f6cd>] hub_thread+0x63d/0x1660 [ 2212.393034] [<ffffffff8107c860>] ? wake_up_atomic_t+0x30/0x30 [ 2212.395728] [<ffffffff8140f090>] ? hub_port_debounce+0x130/0x130 [ 2212.398412] [<ffffffff8107baa0>] kthread+0xc0/0xd0 [ 2212.401058] [<ffffffff8107b9e0>] ? insert_kthread_work+0x40/0x40 [ 2212.403639] [<ffffffff8155de3c>] ret_from_fork+0x7c/0xb0 [ 2212.406193] [<ffffffff8107b9e0>] ? insert_kthread_work+0x40/0x40 [ 2212.408732] Code: 24 58 08 00 00 bf 80 00 00 00 e8 3a c3 e0 e0 5b 41 5c 5d c3 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 <48> 8b 47 10 48 89 fb 4c 8b 6f 28 4c 8b 20 49 8b 04 24 4c 8b 30 [ 2212.414671] RIP [<ffffffffa02667f2>] rt2x00usb_kick_tx_entry+0x12/0x160 [rt2x00usb] [ 2212.417646] RSP <ffff880212f67750> [ 2212.420547] CR2: 0000000000000250 [ 2212.441024] ---[ end trace 5442918f33832bce ]--- Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl> Acked-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
RSSI value is provided on word3 not on word2. Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felix Fietkau authored
The regression was introduced in the following commit: 0967e01e "ath5k: make use of the new rate control API" ath5k_tx_frame_completed saves the intended per-rate retry counts before they are cleared by ieee80211_tx_info_clear_status, however at this point the information in info->status.rates is incomplete. This causes significant throughput degradation and excessive packet loss on links where high bit rates don't work properly. Move the copy from bf->rates a few lines up to ensure that the saved retry counts are updated, and that they are really cleared in info->status.rates after the call to ieee80211_tx_info_clear_status. Cc: stable@vger.kernel.org # 3.10+ Cc: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> Cc: Benjamin Vahl <bvahl@net.t-labs.tu-berlin.de> Reported-by: Ben West <ben@gowasabi.net> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Acked-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
-
Emmanuel Grumbach authored
Since we set IEEE80211_HW_QUEUE_CONTROL, we can let mac80211 do the queue assignement and don't need to override its decisions. While reassiging the same values is harmless of course, it triggered a WARNING when iwlwifi and mac80211 came to different conclusions. This happened when mac80211 set IEEE80211_TX_CTL_SEND_AFTER_DTIM, but didn't route the packet to the cab_queue because no stations were asleep. iwlwifi should not override mac80211's decicions for offchannel packets and packets to be sent after DTIM, but it should override mac80211's decision for AMPDUs since we have a special queue for them. So for AMPDU, we still override info->hw_queue by the AMPDU queue. This avoids: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 2531 at drivers/net/wireless/iwlwifi/dvm/tx.c:456 iwlagn_tx_skb+0x6c5/0x883() Modules linked in: CPU: 0 PID: 2531 Comm: hostapd Not tainted 3.12.0-rc5+ #1 Hardware name: /D53427RKE, BIOS RKPPT10H.86A.0017.2013.0425.1251 04/25/2013 0000000000000000 0000000000000009 ffffffff8189aa62 0000000000000000 ffffffff8105a4f2 ffff880058339a48 ffffffff815f8a04 0000000000000000 ffff8800560097b0 0000000000000208 0000000000000000 ffff8800561a9e5e Call Trace: [<ffffffff8189aa62>] ? dump_stack+0x41/0x51 [<ffffffff8105a4f2>] ? warn_slowpath_common+0x78/0x90 [<ffffffff815f8a04>] ? iwlagn_tx_skb+0x6c5/0x883 [<ffffffff815f8a04>] ? iwlagn_tx_skb+0x6c5/0x883 [<ffffffff818a0040>] ? put_cred+0x15/0x15 [<ffffffff815f6db4>] ? iwlagn_mac_tx+0x19/0x2f [<ffffffff8186cc45>] ? __ieee80211_tx+0x226/0x29b [<ffffffff8186e6bd>] ? ieee80211_tx+0xa6/0xb5 [<ffffffff8186e98b>] ? ieee80211_monitor_start_xmit+0x1e9/0x204 [<ffffffff8171ce5f>] ? dev_hard_start_xmit+0x271/0x3ec [<ffffffff817351ac>] ? sch_direct_xmit+0x66/0x164 [<ffffffff8171d1bf>] ? dev_queue_xmit+0x1e5/0x3c8 [<ffffffff817fac5a>] ? packet_sendmsg+0xac5/0xb3d [<ffffffff81709a09>] ? sock_sendmsg+0x37/0x52 [<ffffffff810f9e0c>] ? __do_fault+0x338/0x36b [<ffffffff81713820>] ? verify_iovec+0x44/0x94 [<ffffffff81709e63>] ? ___sys_sendmsg+0x1f1/0x283 [<ffffffff81140a73>] ? __inode_wait_for_writeback+0x67/0xae [<ffffffff8111735e>] ? __cache_free.isra.46+0x178/0x187 [<ffffffff811173b1>] ? kmem_cache_free+0x44/0x84 [<ffffffff81132c22>] ? dentry_kill+0x13d/0x149 [<ffffffff81132f6f>] ? dput+0xe5/0xef [<ffffffff81136e04>] ? fget_light+0x2e/0x7c [<ffffffff8170ae62>] ? __sys_sendmsg+0x39/0x57 [<ffffffff818a7e39>] ? system_call_fastpath+0x16/0x1b ---[ end trace 1b3eb79359c1d1e6 ]--- Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 17 Oct, 2013 1 commit
-
-
Johannes Berg authored
Some APs (notably a Sitecom WL-153 v1 with firmware 1.45) are sending invalid WMM parameters setting AIFSN, ECWmin and ECWmax to zero. The spec mandates that the value of AIFSN is at least 2, and some cards (e.g. Intel with the iwldvm driver) can't transmit when the invalid QoS parameters are actually uploaded to the firmware. Since there's little chance of being able to guess the values that the AP actually meant, disable WMM if such an invalid case is found. Since ECWmin/ECWmax are allowed to be zero, only verify AIFSN >= 2 and ECWmin <= ECWmax. Reviewed-by: Eliad Peller <eliad@wizery.com> Reported-by: Antonio Quartulli <antonio@meshcoding.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 15 Oct, 2013 2 commits
-
-
Andrei Otcheretianski authored
Bitrate mask were not respected in transmissions, causing (for example) P2P GO/client to use CCK rates for auth and assoc frames. Fix it by considering the rate mask in __rate_control_send_low(). Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Andrei Otcheretianski authored
Transmissions with the IEEE80211_TX_CTL_NO_CCK_RATE flag set (which can come from userspace) were no longer guaranteed to be transmitted with allowed rates since commit 2103dec1 ("mac80211: select and adjust bitrates according to channel mode") due to a missing rate_flags check in that commit. The commit also introduced the need to check the 5/10 MHz flags but accidentally didn't. Fix it by adding the missing check. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 14 Oct, 2013 5 commits
-
-
Avinash Patil authored
This patch adds missing cfg80211_disconnected event for P2P client interface upon successful deauthenticate command, deauthenticate event or disassociate event from FW. Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Avinash Patil authored
If device is surprise removed, commands sent to FW including deauthenticate command fail as bus writes fail. We update our media_connected status to false and inform cfg80211 about disconnection only when command is successful. Since cfg80211 assumes device is still connected, it results into following WARN_ON during unload: WARNING: CPU: 0 PID: 18245 at net/wireless/core.c:937 cfg80211_netdev_notifier_call+0x175/0x4d0 [cfg80211]() Avoid this by emitting cfg80211_disconnected event even if the deauthenticate command fails. Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
-
Johannes Berg authored
If a frame's timestamp is calculated, and the bitrate calculation goes wrong and returns zero, the system will attempt to divide by zero and crash. Catch this case and print the rate information that the driver reported when this happens. Cc: stable@vger.kernel.org Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
When parsing an invalid radiotap header, the parser can overrun the buffer that is passed in because it doesn't correctly check 1) the minimum radiotap header size 2) the space for extended bitmaps The first issue doesn't affect any in-kernel user as they all check the minimum size before calling the radiotap function. The second issue could potentially affect the kernel if an skb is passed in that consists only of the radiotap header with a lot of extended bitmaps that extend past the SKB. In that case a read-only buffer overrun by at most 4 bytes is possible. Fix this by adding the appropriate checks to the parser. Cc: stable@vger.kernel.org Reported-by: Evan Huus <eapache@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 11 Oct, 2013 3 commits
-
-
Alexander Bondar authored
This fix is related to a scan request when associated (bgscan). FW expects suspend time parameter in micro seconds while the driver provides a value in time units. This bug leads to a high traffic latency when scan is requested while traffic is in progress. Signed-off-by: Alexander Bondar <alexander.bondar@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Stanislaw Gruszka authored
When we restart firmware and it is marked as not alive, we can still get calls from mac80211. Don't WARN on in this situation as this triggers automatic bug reports with no valuable information. This continuation of: commit 8ca95995 Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Date: Sun Sep 15 11:37:17 2013 +0300 iwlwifi: don't WARN on host commands sent when firmware is dead which remove WARN_ONCE from one place, but those warnings are also triggered from other functions. Patch also adds unlikely() statement. Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
In certain corner cases in the firmware implementation, powersave transitions can cause the firmware to miss the fact that commands were added to the queue/FIFO and thus never processes them. Since the commands really are in the queue, try to poke the firmware in such cases (by grabbing NIC access, which wakes up the NIC) so it notices the new command and processes it. Reviewed-by: Alexander Bondar <alexander.bondar@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 10 Oct, 2013 3 commits
-
-
Solomon Peachy authored
This fixes "lost interrupt" problems that occurred on SPI-based systems. cw1200_irq_handler() expects the hwbus to be locked, but on the SPI-path, that lock wasn't taken (unlike in the SDIO-path, where the generic SDIO-code takes care of acquiring the lock). Cc: stable@vger.kernel.org Signed-off-by: David Mosberger <davidm@egauge.net> Signed-off-by: Solomon Peachy <pizza@shaftnet.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Mark Cave-Ayland authored
An error in calculating the offset in an skb causes the driver to read essential device info from the wrong locations. The main effect is that automatic gain calculations are nonsense. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> [2.6.39+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
-
- 09 Oct, 2013 2 commits
-
-
Emmanuel Grumbach authored
Since P2P device doesn't have a netdev associated to it, we cannot prevent the user to start it when in RFKILL. So refuse to even add it when in RFKILL. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Emmanuel Grumbach authored
__ieee80211_scan_completed is called from a worker. This means that the following flow is possible. * driver calls ieee80211_scan_completed * mac80211 cancels the scan (that is already complete) * __ieee80211_scan_completed runs When scan_work will finally run, it will see that the scan hasn't been aborted and might even trigger another scan on another band. This leads to a situation where cfg80211's scan is not done and no further scan can be issued. Fix this by setting a new flag when a HW scan is being cancelled so that no other scan will be triggered. Cc: stable@vger.kernel.org Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 07 Oct, 2013 3 commits
-
-
Johannes Berg authored
The merge b35c8097 seems to have lost commit eabc4ac5, put the code back. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Felix Fietkau authored
Otherwise, if queues are full during a scan, tx scheduling does not resume after switching back to the home channel. Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 02 Oct, 2013 6 commits
-
-
Emmanuel Grumbach authored
When RFKill cuts short a scan, mac80211 cancels the scan. This is done by sending a host command to the firmware, but this command was dropped because of RFKill. Flag this command as "SEND_IN_RFKILL" to make sure it is sent to the firmware. The firmware will send SCAN_COMPLETE_NOTIFICATION which will trigger a call to ieee80211_scan_completed. If the scan cannot be aborted, it is because the firmware already finished the scan but we hadn't notified mac80211 at the time mac80211 decided to cancel the scan. By the time we see the scan could not be aborted, mac80211 has been notified already. This patch fixes situations in which we didn't notify mac80211 upon completion of the scan that was cut short by RFkill. Cc: stable@vger.kernel.org [3.10+] Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Emmanuel Grumbach authored
Add some new PCI IDs to the table for 6000, 6005 and 6235 series. Cc: stable@vger.kernel.org Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Emmanuel Grumbach authored
This triggers automatic bug reports and add no valuable information. Print a simple error instead and drop the host command. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Matti Gottlieb authored
Add some new PCI IDs to the table for 7000 & 3160 series Cc: stable@vger.kernel.org Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Emmanuel Grumbach authored
A few NICs can get into trouble if we reset the TX queue counters in certain very rare situation. To be on the safe side, simply avoid to reset the TX queue counter. This is relevant for non-AMPDU queues only since on AMPDU we have no choice - we must start the TX queue at the right index. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Alexander Bondar authored
The D3 firmware image doesn't support uAPSD, so disable it. Signed-off-by: Alexander Bondar <alexander.bondar@intel.com> Reviewed-by: Guy Cohen <guy.cohen@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 30 Sep, 2013 6 commits
-
-
Felix Fietkau authored
When a packet is passed from mac80211 to the driver with the IEEE80211_TX_CTL_PS_RESPONSE flag set, it bypasses the normal driver internal queueing and goes directly to the UAPSD queue. When that happens, packets that are part of a BlockAck session still need to be tracked as such inside the driver, otherwise it will create discrepancies in the receiver BA reorder window, causing traffic stalls. This only happens in AP mode with powersave-enabled clients. This patch fixes the regression introduced in the commit "ath9k: use software queues for un-aggregated data packets" Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
601216e1 "mwifiex: process RX packets in SDIO IRQ thread directly" introduced a command timeout issue which can be reproduced easily on an AM33xx platform using a test application written by Daniel Mack: https://gist.github.com/zonque/6579314 mwifiex_main_process() is called from both the SDIO handler and the workqueue. In case an interrupt occurs right after the int_status check, but before updating the mwifiex_processing flag, this interrupt gets lost, resulting in a command timeout and consequently a card reset. Let main_proc_lock protect both int_status and mwifiex_processing flag. This fixes the interrupt lost issue. Cc: <stable@vger.kernel.org> # 3.7+ Reported-by: Sven Neumann <s.neumann@raumfeld.com> Reported-by: Andreas Fenkart <andreas.fenkart@streamunlimited.com> Tested-by: Daniel Mack <zonque@gmail.com> Reviewed-by: Dylan Reid <dgreid@chromium.org> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Paul Stewart <pstew@chromium.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Stanislaw Gruszka authored
This reverts commit 9483f40d. Some devices stop to connect with above commit, see: https://bugzilla.kernel.org/show_bug.cgi?id=61621 Since there is no clear benefit of having MSI enabled, just revert change to fix the problem. Cc: stable@vger.kernel.org # 3.11+ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Jakub Kicinski <kubakici@wp.pl> Acked-by: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
-
Jouni Malinen authored
mac80211 scan processing could get stuck if roc work for pending, but not started when a scan request was deferred due to such roc item. Normally the deferred scan would be started from ieee80211_start_next_roc(), but ieee80211_sw_roc_work() calls that only if the finished ROC was started. Fix this by calling ieee80211_run_deferred_scan() in the case the last ROC was not actually started. This issue was hit relatively easily in P2P find operations where Listen state (remain-on-channel) and Search state (scan) are repeated in a loop. Signed-off-by: Jouni Malinen <j@w1.fi> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Felix Fietkau authored
When clients are idle for too long, hostapd sends nullfunc frames for probing. When those are acked by the client, the idle time needs to be updated. To make this work (and to avoid unnecessary probing), update sta->last_rx whenever an ACK was received for a tx packet. Only do this if the flag IEEE80211_HW_REPORTS_TX_ACK_STATUS is set. Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-