- 18 12月, 2013 2 次提交
-
-
由 Mathy Vanhoef 提交于
Pick the MAC address of the first virtual interface as the new hardware MAC address. Set BSSID mask according to this MAC address. This fixes CVE-2013-4579. Signed-off-by: NMathy Vanhoef <vanhoefm@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 16 12月, 2013 1 次提交
-
-
由 Johannes Berg 提交于
Evan Huus found (by fuzzing in wireshark) that the radiotap iterator code can access beyond the length of the buffer if the first bitmap claims an extension but then there's no data at all. Fix this. Cc: stable@vger.kernel.org Reported-by: NEvan Huus <eapache@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 10 12月, 2013 1 次提交
-
-
由 Felix Fietkau 提交于
When not aggregating packets, fi->framelen should be passed in as length to calculate the duration. Before the tx path rework, ath_tx_fill_desc was called for either one aggregate, or one single frame, with the length of the packet or the aggregate as a parameter. After the rework, ath_tx_sched_aggr can pass a burst of single frames to ath_tx_fill_desc and sets len=0. Fix broken duration calculation by overriding the length in ath_tx_fill_desc before passing it to ath_buf_set_rate. Cc: stable@vger.kernel.org Reported-by: NSimon Wunderlich <sw@simonwunderlich.de> Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 05 12月, 2013 1 次提交
-
-
由 Ujjal Roy 提交于
cfg80211 allows re-association in managed mode and if a user wants to re-associate to the same AP network after the time period of IEEE80211_SCAN_RESULT_EXPIRE, cfg80211 warns with the following message on receiving the connect result event. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 13984 at net/wireless/sme.c:658 __cfg80211_connect_result+0x3a6/0x3e0 [cfg80211]() Call Trace: [<ffffffff81747a41>] dump_stack+0x46/0x58 [<ffffffff81045847>] warn_slowpath_common+0x87/0xb0 [<ffffffff81045885>] warn_slowpath_null+0x15/0x20 [<ffffffffa05345f6>] __cfg80211_connect_result+0x3a6/0x3e0 [cfg80211] [<ffffffff8107168b>] ? update_rq_clock+0x2b/0x50 [<ffffffff81078c01>] ? update_curr+0x1/0x160 [<ffffffffa05133d2>] cfg80211_process_wdev_events+0xb2/0x1c0 [cfg80211] [<ffffffff81079303>] ? pick_next_task_fair+0x63/0x170 [<ffffffffa0513518>] cfg80211_process_rdev_events+0x38/0x90 [cfg80211] [<ffffffffa050f03d>] cfg80211_event_work+0x1d/0x30 [cfg80211] [<ffffffff8105f21f>] process_one_work+0x17f/0x420 [<ffffffff8105f90a>] worker_thread+0x11a/0x370 [<ffffffff8105f7f0>] ? rescuer_thread+0x2f0/0x2f0 [<ffffffff8106638b>] kthread+0xbb/0xc0 [<ffffffff810662d0>] ? kthread_create_on_node+0x120/0x120 [<ffffffff817574bc>] ret_from_fork+0x7c/0xb0 [<ffffffff810662d0>] ? kthread_create_on_node+0x120/0x120 ---[ end trace 61f3bddc9c4981f7 ]--- The reason is that, in connect result event cfg80211 unholds the BSS to which the device is associated (and was held so far). So, for the event with status successful, when cfg80211 wants to get that BSS from the device's BSS list it gets a NULL BSS because the BSS has been expired and unheld already. Fix it by reshuffling the code. Signed-off-by: NUjjal Roy <royujjal@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 03 12月, 2013 7 次提交
-
-
由 Arend van Spriel 提交于
Building brcmfmac for sparc64 gave the following warning: CC [M] drivers/net/wireless/brcm80211/brcmfmac/bcmsdh_sdmmc.o bcmsdh_sdmmc.c: In function 'brcmf_sdioh_request_byte': bcmsdh_sdmmc.c:89:6: warning: 'err_ret' may be used uninitialized in this function [-Wuninitialized] Inspecting the code it indeed had a path of execution in which the return value was used uninitialized. This patch fixes that code path. Reviewed-by: NHante Meuleman <meuleman@broadcom.com> Reviewed-by: NFranky Lin <frankyl@broadcom.com> Reviewed-by: NPieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: NArend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Michal Nazarewicz 提交于
If kmalloc fails wcn36xx_smd_rsp_process will attempt to dereference a NULL pointer. There might be a better error recovery then just printing an error, but printing an error message is better then the current behaviour. Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Michal Nazarewicz 提交于
Code in ath9k_hw_set_clockrate function indicates that ah->curchan (and thus chan local variable) may be NULL. If that is indeed the case, IS_CHAN_HT40(chan) check has to be performed only in branch where chan is not NULL. Moving the code under already existing if condition fixes this issue. Signed-off-by: NMichal Nazarewicz <mina86@mina86.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Sujith Manoharan 提交于
The EEPROM parameter to determine whether the bias strength values for XLNA have to be applied is part of the miscConfiguration field and not featureEnable. Cc: stable@vger.kernel.org Signed-off-by: NSujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Sujith Manoharan 提交于
Bit 5 in the miscConfiguration field of the base EEPROM header denotes whether QuickDrop is enabled or not. Fix the incorrect usage of BIT(1) and also make sure that this is done only for the required chips. Cc: stable@vger.kernel.org Signed-off-by: NSujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
- 02 12月, 2013 2 次提交
-
-
由 Simon Wunderlich 提交于
When external CSA IEs are received (beacons or action messages), a channel switch is triggered as well. This should only be allowed on devices which actually support channel switches, otherwise disconnect. (For the corresponding userspace invocation, the wiphy flag is checked in nl80211). Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Simon Wunderlich 提交于
The channel switch announcement code has some major locking problems which can cause a deadlock in worst case. A series of fixes has been proposed, but these are non-trivial and need to be tested first. Therefore disable CSA completely for 3.13. Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 26 11月, 2013 13 次提交
-
-
由 Luciano Coelho 提交于
If the next seqno returned by the firmware is 0, we return an error (-16) in the iwl_mvm_get_last_nonqos_seq() function. This is because we return an integer and don't use any casting when calculating the last seqno from the one we received. Fix this by using a cast to u16 when doing the calculation, so we return 0xfff0, as we should. Signed-off-by: NLuciano Coelho <luciano.coelho@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Luciano Coelho 提交于
In an open BSS, after suspend/resume, we don't set the last seqno because the iwl_mvm_setup_connection_keep() returns too early. This happens because the check to see if we have any keys was returning immediately, without setting seqno and seqno_valid. Fix this. Signed-off-by: NLuciano Coelho <luciano.coelho@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Alexander Bondar 提交于
If we call ieee80211_hw_restart, it means that the firmware is in bad condition and will be reset soon. Since the firmware will be reset, there is no good reason to keep sending host commands. Signed-off-by: NAlexander Bondar <alexander.bondar@intel.com> Reviewed-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Emmanuel Grumbach 提交于
A new firmware is coming out soon with new APIs. To make sure that this new firmware won't be loaded on old driver that don't support it, it's API version has been updated to 8. In order to be able to load it, bump the API version to 8. API version 7 is still supported and will be for another year or so. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Emmanuel Grumbach 提交于
Time event notification can have a failure status even if the time event was scheduled: * in START notification, this can happen if the time event was scheduled later than the requested apply time. * in STOP notification, this can happen if the time event is truncated. Even if both happened, the offchannel packets sent during the remain on channel are very likely to have been sent. Hence, don't WARN when this happens, but rather print a discrete line in the kernel log. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Emmanuel Grumbach 提交于
This patch is very similar to a previous fix: 22cba0c0 When we disassociate, mac80211 removes the station and then, it sets the bss it unsets the assoc bool in bss_info. Since the firwmware wants it the opposite (first set the MAC context as unassoc, and only then, remove the STA of the API), we have a small period of time in which the STA in firmware doesn't have a valid ieee80211_sta pointer. During that time, iwl_mvm_vif->ap_sta_id, is still set to the STA in firmware that represent the AP. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Emmanuel Grumbach 提交于
This feature isn't supported by the firmware (yet). Note that settingt he values to BT_CFG_CMD is harmless if the validity bit is clear - so keep the configuration values in BT_CFG_CMD, but clear the validity bit until thes feature is enabled in the firmware. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Oren Givon 提交于
Add new HW IDs and configurations for 7265 series. Signed-off-by: NOren Givon <oren.givon@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Emmanuel Grumbach 提交于
We changed the timeout for the interrupt coealescing for calibration, but that wasn't effective since we changed that value back before loading the firmware. Since calibrations are notification from firmware and not Rx packets, this doesn't change anyway - the firmware will fire an interrupt straight away regardless of the interrupt coalescing value. Also, a HW issue has been discovered in 7000 devices series. The work around is to disable the new interrupt coalescing timeout feature - do this by setting bit 31 in CSR_INT_COALESCING. This has been fixed in 7265 which means that we can't rely on the device family and must have a hint in the iwl_cfg structure. Cc: stable@vger.kernel.org [3.10+] Fixes: 99cd4714 ("iwlwifi: add 7000 series device configuration") Reviewed-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Johannes Berg 提交于
The station ID must be valid, if it's out of range then the array access may crash. Validate the station ID to the array length, and also validate the drain value even if that doesn't matter all that much. Cc: stable@vger.kernel.org Fixes: 8ca151b5 ("iwlwifi: add the MVM driver") Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
-
由 Ujjal Roy 提交于
For IBSS join if the requested SSID matches current SSID, it returns without freeing the allocated beacon IE buffer. Cc: <stable@vger.kernel.org> # 3.10+ Signed-off-by: NUjjal Roy <royujjal@gmail.com> Signed-off-by: NBing Zhao <bzhao@marvell.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Borislav Petkov 提交于
When building randconfigs with CONFIG_BCMA_DRIVER_GPIO=y, I get drivers/built-in.o: In function `brcms_led_unregister': (.text+0x351aca): undefined reference to `led_classdev_unregister' drivers/built-in.o: In function `brcms_led_register': (.text+0x351c65): undefined reference to `led_classdev_register' during final linking stage because brcmsmac/led.c needs LEDS_CLASS for registering/deregistering the led device. Select the required symbols. Cc: Arend van Spriel <arend@broadcom.com> Cc: "Rafał Miłecki" <zajec5@gmail.com> Cc: <linux-wireless@vger.kernel.org> Signed-off-by: NBorislav Petkov <bp@suse.de> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 25 11月, 2013 13 次提交
-
-
由 Karl Beldan 提交于
ATM, the first call of ieee80211_do_open will configure the hw as non-idle, even if the interface being brought up is not a monitor, and this leads to inconsistent sequences like: register_hw() do_open(sta) hw_config(non-idle) (.. sta is non-idle ..) scan(sta) hw_config(idle) (after scan finishes) do_stop(sta) do_open(sta) (.. sta is idle ..) Signed-off-by: NKarl Beldan <karl.beldan@rivierawaves.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Karl Beldan 提交于
Commit 3e8b1eb2 "mac80211/minstrel_ht: improve rate selection stability" introduced a local capped prob in minstrel_ht_calc_tp but omitted to use it to compute the per rate throughput. Signed-off-by: NKarl Beldan <karl.beldan@rivierawaves.com> Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Felix Fietkau 提交于
Fixes wpa_supplicant p2p_find on 5GHz-only devices Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Eliad Peller 提交于
Commit 392b9ffb ("mac80211: change beacon/connection polling") removed the IEEE80211_STA_BEACON_POLL flag. However, it accidentally removed the setting of IEEE80211_STA_CONNECTION_POLL, making the connection polling completely useless (the flag is always clear, so the result is never being checked). Fix it. Signed-off-by: NEliad Peller <eliad@wizery.com> Acked-by: NStanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Jouni Malinen 提交于
'mac80211_hwsim: Fix tracking of beaconing for multi-vif' introduced an iteration of active interfaces into the bss_info_changed handler. However, it used a wrong type of iteration and could result in a dead lock since iflist_mtx can already be held. Fix this by using the atomic version of the iteration function. Signed-off-by: NJouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Chun-Yeow Yeoh 提交于
Mesh STA receiving the mesh CSA action frame is not able to trigger the mesh channel switch due to the incorrect handling and comparison of mesh channel switch parameters element (MCSP)'s TTL. Make sure the MCSP's TTL is updated accordingly before calling the ieee80211_mesh_process_chnswitch. Also, we update the beacon before forwarding the CSA action frame, so MCSP's precedence value and initiator flag need to be updated prior to this. Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Multicast frames can't be transmitted as part of an aggregation session (such a session couldn't even be set up) so don't try to reorder them. Trying to do so would cause the reorder to stop working correctly since multicast QoS frames (as transmitted by the Aruba APs this was found with) would cause sequence number confusion in the buffer. Cc: stable@vger.kernel.org Reported-by: NBlaise Gassend <blaise@suitabletech.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Due to nl80211 API breakage, 5/10 MHz support is broken for all drivers. Fixing it requires adding new API, but that can't be done as a bugfix commit since that would require either updating all APIs in the trees needing the bugfix or cause different kernels to have incompatible API. Therefore, just disable 5/10 MHz support for all drivers. Cc: stable@vger.kernel.org [3.12] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Karl Beldan 提交于
When initializing rates selections starting indexes upon stats update, the minstrel_sta->max_* rates should be 'group * MCS_GROUP_RATES + i' not 'i'. This affects settings where one of the peers does not support any of the rates of the group 0 (i.e. when ht_cap.mcs.rx_mask[0] == 0). Signed-off-by: NKarl Beldan <karl.beldan@rivierawaves.com> Acked-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Javier Lopez 提交于
Mesh beacon was not being rebuild after user triggered a mesh powersave change. To solve this issue use ieee80211_mbss_info_change_notify instead of ieee80211_bss_info_change_notify. This helper function forces mesh beacon to be rebuild and then notifies the driver about the beacon change. Signed-off-by: NJavier Lopez <jlopex@cozybit.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Felix Fietkau 提交于
Commit "mac80211: implement SMPS for AP" applies to AP_VLAN as well. It assumes that sta->sdata->vif.bss_conf.bssid is present, which did not get set for AP_VLAN. Initialize it to sdata->vif.addr like for other interface types. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Coverity pointed out that we might dereference NULL later if nla_nest_start() returns a failure. This isn't really true since we'd bomb out before, but we should check the return value directly, so do that. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Coverity pointed out that in the (practically impossible) error case we leak the message - fix this. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-