- 06 9月, 2012 19 次提交
-
-
由 Sergei Poselenov 提交于
On our system (ARM Cortex-M3 SOC running linux-2.6.33) frequent crashes were observed in the rt2800usb module because of the invalid length of the received packet (3392, 46920...). This patch adds the sanity check on the packet legth. Also, changed WARNING to ERROR in rt2x00lib_rxdone() so that the bad packet condition would be noticed. The fix was tested on the latest compat-wireless-3.5.1-1-snpc. Cc: stable@vger.kernel.org Signed-off-by: NSergei Poselenov <sposelenov@emcraft.com> Acked-by: NIvo van Doorn <IvDoorn@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Gertjan van Wingerde 提交于
We need to program the rfkill switch GPIO pin direction to input at device initialization time, not only when the interface is brought up. Doing this only when the interface is brought up could lead to rfkill detecting the switch is turned on erroneously and inability to create the interface and bringing it up. Reported-and-tested-by: NAndreas Messer <andi@bastelmap.de> Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com> Cc: <stable@vger.kernel.org> Acked-by: NIvo Van Doorn <ivdoorn@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Gertjan van Wingerde 提交于
The register is 16 bits wide, not 32. Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com> Cc: <stable@vger.kernel.org> Acked-by: NIvo Van Doorn <ivdoorn@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Gertjan van Wingerde 提交于
This is an RT3572 based device. Signed-off-by: NMaximilian Engelhardt <maxi@daemonizer.de> Signed-off-by: NGertjan van Wingerde <gwingerde@gmail.com> Cc: <stable@vger.kernel.org> Acked-by: NIvo Van Doorn <ivdoorn@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Hante Meuleman 提交于
The function brcmf_cfg80211_get_station requests the RSSI from the device. The complete structure used needs to be cleared before sending the request to firmware. Otherwise the request fails filling the logs with "Could not get rssi (-2)" messages. Reviewed-by: NArend Van Spriel <arend@broadcom.com> Reviewed-by: NFranky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: NPieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: NHante Meuleman <meuleman@broadcom.com> Signed-off-by: NArend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Hante Meuleman 提交于
On both rx and tx there is was a race condition on the queueing of usb requests. When for example frame gets submitted it is possible that complete function gets called even before usb_submit_urb() returns. As a result it is possible that usb requests get losts, which was noticed on OMAP4 pandaboard platform. This patch fixes the race condition. Reviewed-by: NArend Van Spriel <arend@broadcom.com> Reviewed-by: NFranky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: NPieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: NHante Meuleman <meuleman@broadcom.com> Signed-off-by: NArend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Hante Meuleman 提交于
URB_ZERO_PACKET should only be set or bulk OUT and this condition is checked with a WARN_ON in usb_submit_urb(). This patch fixes brcmfmac to get rid of this warning filling the logs. Reviewed-by: NFranky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: NPieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: NHante Meuleman <meuleman@broadcom.com> Signed-off-by: NArend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Arend van Spriel 提交于
The USB part of the brcmfmac did a dev_kfree_skb() that resulted in a warning in net/core/skbuff.c: Jul 11 04:53:33 lb-bun-10 kernel: [53282.667745] WARNING: at net/core/skbuff.c:490 skb_release_head_state+0xcc/0xe0() The brcmutil modules provides brcmu_pkt_buf_free_skb() which takes the context into account. This patch makes use of this function instead of dev_kfree_skb(). Reviewed-by: NPieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: NHante Meuleman <meuleman@broadcom.com> Signed-off-by: NArend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Mohammed Shafi Shajakhan 提交于
Generic timers for BTCOEX functionality is applicable only for 3 WIRE BTCOEX (and MCI) chipsets. Hence btcoex->no_stomp_timer is allocated only 3 WIRE btcoex chipsets and in all the other cases its NULL. Make sure we stop the generic timer only if 'btcoex->hw_timer_enabled' is true(only if its up and running) Fixes the following crash [68757.020454] BUG: unable to handle kernel NULL pointer dereference at 0000000c [68757.020916] IP: [<f9b055c3>] ath9k_hw_gen_timer_stop+0x13/0x80 [ath9k_hw] [68757.021251] *pde = 00000000 [68757.024384] EIP: 0060:[<f9b055c3>] EFLAGS: 00010082 CPU: 0 [68757.024384] EIP is at ath9k_hw_gen_timer_stop+0x13/0x80 [ath9k_hw] [68757.024384] EAX: d32d0000 EBX: d32d0000 ECX: 00000000 EDX: 00000000 [68757.024384] ESI: e67c24c0 EDI: 00000296 EBP: e137be2c ESP: e137be20 [68757.024384] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [68757.024384] CR0: 8005003b CR2: 0000000c CR3: 00b99000 CR4: 000407d0 [68757.024384] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [68757.024384] DR6: ffff0ff0 DR7: 00000400 [68757.024384] Process kworker/u:2 (pid: 8917, ti=e137a000 task=ea7a6860 task.ti=e137a000) [68757.024384] Stack: [68757.024384] c06c4676 d32d0000 e67c24c0 e137be38 f81c9590 e67c1ca0 e137be40 f81c95d9 [68757.024384] e137be64 f81cd1c5 00000246 00000002 d32d0000 e67c05e0 e67c1ca0 e67c05e0 [68757.024384] 00000000 e137beac f81cdfa0 e137be84 00000246 00000246 e67c1ca0 e67c1ca0 [68757.024384] Call Trace: [68757.024384] [<c06c4676>] ? _raw_spin_lock_irqsave+0x86/0xa0 [68757.024384] [<f81c9590>] ath9k_gen_timer_stop+0x10/0x40 [ath9k] [68757.024384] [<f81c95d9>] ath9k_btcoex_stop_gen_timer+0x19/0x20 [ath9k] [68757.024384] [<f81cd1c5>] ath9k_ps_restore+0x85/0x110 [ath9k] [68757.024384] [<f81cdfa0>] ath9k_config+0x220/0x520 [ath9k] [68757.024384] [<f81cd47d>] ? ath9k_flush+0x15d/0x1b0 [ath9k] [68757.024384] [<f85c7ca5>] ieee80211_hw_config+0x135/0x2c0 [mac80211] [68757.024384] [<f860e3c8>] ieee80211_dynamic_ps_enable_work+0x198/0x5f0 [mac80211] Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Cc: Bala Shanmugam <bkamatch@qca.qualcomm.com> Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
This feature had been disabled in ath9k because the code to support it was incomplete, but now the code is in sync with the internal QCA codebase, so it's time to enable it. On many newer devices, the calibration is assumed to be done with PA linearization enabled. Tests with a particular AR933x device showed that the signal emitted at full power was highly distorted and unreliable with PA linearization disabled. With this patch, the signal becomes clear and stability is improved. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
Before PAPRD training can run, the card needs to have sent a packet for thermal calibration. Sending a dummy packet with the PAPRD training flag set causes a crash under some circumstance. Fix the code by replacing the dummy tx with a delay that waits for a real packet tx to have occurred. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
Support for it is incomplete Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
Re-train if the calibrated PA linearization curve is out of bounds (affects AR933x and AR9485). Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
That predistortion type is not supported Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
The interrupt is no longer handling it. While it shouldn't fire (wraparound is highly unlikely), the consequences would be fatal (interrupt storm). Disable the interrupt to prevent that from happening. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Marc Kleine-Budde 提交于
According to the vendor driver v2.6.0.1, during the rf register init the SRAM voltage should be increased to 1.35V and after 1ms decreased back to 1.2V. This patch adds the field setting of LDO_CFG0_LDO_CORE_VLEVEL accordingly. Cc: Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by: NMarc Kleine-Budde <mkl@blackshift.org> Acked-by: NIvo van Doorn <IvDoorn@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Stone Piao 提交于
When we send a command to firmware, we assumed that cmd_size will be always less than or equal to the structure size of host_cmd_ds_command. However, this is no longer true after we added AP support. There are some AP commands that Custom IE TLVs are included in command buffer, hence the cmd_size gets enlarged by the TLV data. We need to increase the skb length for the extra data. Signed-off-by: NStone Piao <piaoyun@marvell.com> Signed-off-by: NAvinash Patil <patila@marvell.com> Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com> Signed-off-by: NBing Zhao <bzhao@marvell.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 05 9月, 2012 2 次提交
-
-
Various small fixes for net/mac80211/cfg.c:mpath_set_pinfo(): Initialize *pinfo before filling members in, handle MESH_PATH_RESOLVED correctly, and remove bogus assignment; result in correct display of FLAGS values and meaningful EXPTIME for expired paths in iw utility. Signed-off-by: NYoichi Shinoda <shinoda@jaist.ac.jp> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Wei Yongjun 提交于
connkeys is malloced in nl80211_parse_connkeys() and should be freed in the error handling case, otherwise it will cause memory leak. spatch with a semantic match is used to found this problem. (http://coccinelle.lip6.fr/) Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 04 9月, 2012 1 次提交
-
-
由 Eliad Peller 提交于
ifmgd->bssid wasn't cleared properly in some auth/assoc failure cases, causing mac80211 and the low-level driver to go out of sync. Clear ifmgd->bssid on failure, and notify the driver. Cc: stable@kernel.org # 3.4+ Signed-off-by: NEliad Peller <eliad@wizery.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 27 8月, 2012 3 次提交
-
-
由 Vinicius Costa Gomes 提交于
In the case that the link is already in the connected state and a Pairing request arrives from the mgmt interface, hci_conn_security() would be called but it was not considering LE links. Reported-by: NJoão Paulo Rechi Vita <jprvita@openbossa.org> Signed-off-by: NVinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
由 Vinicius Costa Gomes 提交于
To make it clear that it may be called from contexts that may not have any knowledge of L2CAP, we change the connection parameter, to receive a hci_conn. This also makes it clear that it is checking the security of the link. Signed-off-by: NVinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
由 Henrik Rydberg 提交于
As pointed out by Gustavo and Marcel, all Apple-specific Broadcom devices seen so far have the same interface class, subclass and protocol numbers. This patch adds an entry which matches all of them, using the new USB_VENDOR_AND_INTERFACE_INFO() macro. In particular, this patch adds support for the MacBook Pro Retina (05ac:8286), which is not in the present list. Signed-off-by: NHenrik Rydberg <rydberg@euromail.se> Tested-by: NShea Levy <shea@shealevy.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 23 8月, 2012 2 次提交
-
-
由 Vladimir Zapolskiy 提交于
This change marks interface as down on reset, otherwise the driver can't reinitialize itself properly. Without the change a transient problem turns out to be critical and leads to inavailability to reset the driver without brcmsmac module unload/load cycle: ieee80211 phy0: wl0: PSM microcode watchdog fired at 5993 (seconds). Resetting. brcms_c_dpc : PSM Watchdog, chipid 0xa8d9, chiprev 0x1 ieee80211 phy0: wl0: fatal error, reinitializing ieee80211 phy0: Hardware restart was requested ieee80211 phy0: brcms_ops_start: brcms_up() returned -19 Signed-off-by: NVladimir Zapolskiy <vz@mleia.com> Cc: Arend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
- 22 8月, 2012 6 次提交
-
-
由 Thomas Pedersen 提交于
The destination address of unicast frames forwarded through a mesh gate was being replaced with the broadcast address. Instead leave the original destination address as the mesh DA. If the nexthop address is not in the mpath table it will be resolved. If that fails, the frame will be forwarded to known mesh gates. Reported-by: NCedric Voncken <cedric.voncken@acksys.fr> Signed-off-by: NThomas Pedersen <thomas@cozybit.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
If the device is not started, we can't read its SRAM and attempting to do so will cause issues. Protect the debugfs read. Cc: stable@vger.kernel.org Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
iwl_dbgfs_fh_reg_read() can cause crashes and/or BUG_ON in slub because the ifdefs are wrong, the code in iwl_dump_fh() should use DEBUGFS, not DEBUG to protect the buffer writing code. Also, while at it, clean up the arguments to the function, some code and make it generally safer. Cc: stable@vger.kernel.org Reported-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Julia Lawall 提交于
The result of one call to a function is tested, and then at the second call to the same function, the previous result, and not the current result, is tested again. Also changed &bssid to bssid, at the suggestion of Stanislav Yakovlev. The semantic match that finds the first problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression ret; identifier f; statement S1,S2; @@ *ret = f(...); if (\(ret != 0\|ret < 0\|ret == NULL\)) S1 ... when any *f(...); if (\(ret != 0\|ret < 0\|ret == NULL\)) S2 // </smpl> Signed-off-by: NJulia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Thomas Huehn 提交于
This patch reduces the per rate target power eeprom reads for AR5K_EEPROM_MODE_11A from 10 to 8, as there are only 8 valid power curve entries on the eeprom. The former 10 reads lead to equal max power limits per rate and this causes an increasing distortion for all rates above 24 MBit and leads to a needless poor performance in 802.11a mode. Signed-off-by: NThomas Huehn <thomas@net.t-labs.tu-berlin.de> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Gustavo Padovan 提交于
Many Broadcom devices has a vendor specific devices class, with this rule we match all existent and future controllers with this behavior. We also remove old rules to that matches product id for Broadcom devices. Tested-by: NJohn Hommel <john.hommel@hp.com> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 15 8月, 2012 2 次提交
-
-
由 Yevgeniy Melnichuk 提交于
Add Sony Vaio T-Series Bluetooth Module( 0x489:0xE036) to the blacklist of btusb module and add it to the ath3k module. output of cat /sys/kernel/debug/usb/devices T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0489 ProdID=e036 Rev= 0.02 S: Manufacturer=Atheros Communications S: Product=Bluetooth USB Host Controller S: SerialNumber=Alaska Day 2006 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms Signed-off-by: NYevgeniy Melnichuk <yevgeniy.melnichuk@googlemail.com> Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
由 Andre Guedes 提交于
If SMP fails, we should always cancel security_timer delayed work. Otherwise, security_timer function may run after l2cap_conn object has been freed. This patch fixes the following warning reported by ODEBUG: WARNING: at lib/debugobjects.c:261 debug_print_object+0x7c/0x8d() Hardware name: Bochs ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x27 Modules linked in: btusb bluetooth Pid: 440, comm: kworker/u:2 Not tainted 3.5.0-rc1+ #4 Call Trace: [<ffffffff81174600>] ? free_obj_work+0x4a/0x7f [<ffffffff81023eb8>] warn_slowpath_common+0x7e/0x97 [<ffffffff81023f65>] warn_slowpath_fmt+0x41/0x43 [<ffffffff811746b1>] debug_print_object+0x7c/0x8d [<ffffffff810394f0>] ? __queue_work+0x241/0x241 [<ffffffff81174fdd>] debug_check_no_obj_freed+0x92/0x159 [<ffffffff810ac08e>] slab_free_hook+0x6f/0x77 [<ffffffffa0019145>] ? l2cap_conn_del+0x148/0x157 [bluetooth] [<ffffffff810ae408>] kfree+0x59/0xac [<ffffffffa0019145>] l2cap_conn_del+0x148/0x157 [bluetooth] [<ffffffffa001b9a2>] l2cap_recv_frame+0xa77/0xfa4 [bluetooth] [<ffffffff810592f9>] ? trace_hardirqs_on_caller+0x112/0x1ad [<ffffffffa001c86c>] l2cap_recv_acldata+0xe2/0x264 [bluetooth] [<ffffffffa0002b2f>] hci_rx_work+0x235/0x33c [bluetooth] [<ffffffff81038dc3>] ? process_one_work+0x126/0x2fe [<ffffffff81038e22>] process_one_work+0x185/0x2fe [<ffffffff81038dc3>] ? process_one_work+0x126/0x2fe [<ffffffff81059f2e>] ? lock_acquired+0x1b5/0x1cf [<ffffffffa00028fa>] ? le_scan_work+0x11d/0x11d [bluetooth] [<ffffffff81036fb6>] ? spin_lock_irq+0x9/0xb [<ffffffff81039209>] worker_thread+0xcf/0x175 [<ffffffff8103913a>] ? rescuer_thread+0x175/0x175 [<ffffffff8103cfe0>] kthread+0x95/0x9d [<ffffffff812c5054>] kernel_threadi_helper+0x4/0x10 [<ffffffff812c36b0>] ? retint_restore_args+0x13/0x13 [<ffffffff8103cf4b>] ? flush_kthread_worker+0xdb/0xdb [<ffffffff812c5050>] ? gs_change+0x13/0x13 This bug can be reproduced using hctool lecc or l2test tools and bluetoothd not running. Signed-off-by: NAndre Guedes <andre.guedes@openbossa.org> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 14 8月, 2012 2 次提交
-
-
由 Bob Copeland 提交于
Lockdep found an inconsistent lock state when joining a mesh with ath5k. The problem is that ath5k takes the lock for its beacon state, ah->block, with spin_lock_irqsave(), while mesh internally takes the sync_offset_lock with spin_lock_bh() in mesh_sync_offset_adjust_tbtt(), which in turn is called under ah->block. This could deadlock if the beacon tasklet was run on the processor that held the beacon lock during the do_softirq() in spin_unlock_bh(). We probably shouldn't hold the lock around the callbacks, but the easiest fix is to switch to spin_lock_bh for ah->block: it doesn't need interrupts disabled anyway as the data in question is only accessed in softirq or process context. Fixes the following lockdep warning: [ 446.892304] WARNING: at kernel/softirq.c:159 _local_bh_enable_ip+0x38/0xa6() [ 446.892306] Hardware name: MacBook1,1 [ 446.892309] Modules linked in: tcp_lp fuse sunrpc cpufreq_ondemand acpi_cpufreq mperf ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 ip6table_filter nf_defrag_ipv4 xt_state nf_conntrack ip6_tables ext2 arc4 btusb bluetooth snd_hda_codec_idt snd_hda_intel carl9170 snd_hda_codec coretemp joydev ath5k snd_hwdep snd_seq isight_firmware ath snd_seq_device snd_pcm applesmc appletouch mac80211 input_polldev snd_timer microcode cfg80211 snd lpc_ich pcspkr i2c_i801 mfd_core soundcore rfkill snd_page_alloc sky2 tpm_infineon virtio_net kvm_intel kvm i915 drm_kms_helper drm i2c_algo_bit i2c_core video [ 446.892385] Pid: 1892, comm: iw Not tainted 3.6.0-rc1-wl+ #296 [ 446.892387] Call Trace: [ 446.892394] [<c0432958>] warn_slowpath_common+0x7c/0x91 [ 446.892398] [<c04399d7>] ? _local_bh_enable_ip+0x38/0xa6 [ 446.892403] [<c04399d7>] ? _local_bh_enable_ip+0x38/0xa6 [ 446.892459] [<f7f9ae3b>] ? mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211] [ 446.892464] [<c043298f>] warn_slowpath_null+0x22/0x24 [ 446.892468] [<c04399d7>] _local_bh_enable_ip+0x38/0xa6 [ 446.892473] [<c0439a52>] local_bh_enable_ip+0xd/0xf [ 446.892479] [<c088004f>] _raw_spin_unlock_bh+0x34/0x37 [ 446.892527] [<f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211] [ 446.892569] [<f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211] [ 446.892575] [<c047ceeb>] ? trace_hardirqs_on_caller+0x10e/0x13f [ 446.892591] [<f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k] [ 446.892597] [<c047ad67>] ? lock_acquired+0x1f5/0x21e [ 446.892612] [<f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k] [ 446.892617] [<c087f9ea>] ? _raw_spin_lock_irqsave+0x78/0x82 [ 446.892632] [<f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k] [ 446.892647] [<f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k] [ 446.892651] [<c0479dd4>] ? lock_is_held+0x73/0x7b [ 446.892662] [<c0458fd5>] ? __might_sleep+0xa7/0x17a [ 446.892698] [<f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211] [ 446.892703] [<c0449875>] ? queue_work+0x24/0x32 [ 446.892718] [<f7fdf894>] ? ath5k_configure_filter+0x163/0x163 [ath5k] [ 446.892766] [<f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211] [ 446.892806] [<f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211] [ 446.892834] [<f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211] [ 446.892855] [<f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211] [ 446.892875] [<f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211] [ 446.892908] [<f7a8db99>] ? nl80211_set_wiphy+0x4cf/0x4cf [cfg80211] [ 446.892919] [<c07cfa36>] genl_rcv_msg+0x1d5/0x1f3 [ 446.892940] [<c07cf861>] ? genl_rcv+0x25/0x25 [ 446.892946] [<c07cf009>] netlink_rcv_skb+0x37/0x78 [ 446.892950] [<c07cf85a>] genl_rcv+0x1e/0x25 [ 446.892955] [<c07cebf3>] netlink_unicast+0xc3/0x12d [ 446.892959] [<c07cee46>] netlink_sendmsg+0x1e9/0x213 [ 446.892966] [<c079f282>] sock_sendmsg+0x79/0x96 [ 446.892972] [<c04eb90d>] ? might_fault+0x9d/0xa3 [ 446.892978] [<c07a81d8>] ? copy_from_user+0x8/0xa [ 446.892983] [<c07a852c>] ? verify_iovec+0x43/0x77 [ 446.892987] [<c079f4d8>] __sys_sendmsg+0x180/0x215 [ 446.892993] [<c045f107>] ? sched_clock_cpu+0x134/0x144 [ 446.892997] [<c047992f>] ? trace_hardirqs_off+0xb/0xd [ 446.893002] [<c047bf88>] ? __lock_acquire+0x46b/0xb6e [ 446.893006] [<c047992f>] ? trace_hardirqs_off+0xb/0xd [ 446.893010] [<c045f149>] ? local_clock+0x32/0x49 [ 446.893015] [<c0479ec1>] ? lock_release_holdtime.part.9+0x4b/0x51 [ 446.893020] [<c0479dd4>] ? lock_is_held+0x73/0x7b [ 446.893025] [<c050d127>] ? fcheck_files+0x97/0xcd [ 446.893029] [<c050d4df>] ? fget_light+0x2d/0x81 [ 446.893034] [<c07a01f3>] sys_sendmsg+0x3b/0x52 [ 446.893038] [<c07a07b4>] sys_socketcall+0x238/0x2a2 [ 446.893044] [<c0885edf>] sysenter_do_call+0x12/0x38 [ 446.893047] ---[ end trace a9af5998f929270f ]--- [ 447.627222] [ 447.627232] ================================= [ 447.627237] [ INFO: inconsistent lock state ] [ 447.627244] 3.6.0-rc1-wl+ #296 Tainted: G W [ 447.627248] --------------------------------- [ 447.627253] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 447.627260] swapper/0/0 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 447.627264] (&(&ah->block)->rlock){+.?...}, at: [<f7fdd2d1>] ath5k_tasklet_beacon+0x91/0xa7 [ath5k] [ 447.627299] {SOFTIRQ-ON-W} state was registered at: [ 447.627304] [<c047cdbf>] mark_held_locks+0x59/0x77 [ 447.627316] [<c047ceeb>] trace_hardirqs_on_caller+0x10e/0x13f [ 447.627324] [<c047cf27>] trace_hardirqs_on+0xb/0xd [ 447.627332] [<c0439a3d>] _local_bh_enable_ip+0x9e/0xa6 [ 447.627342] [<c0439a52>] local_bh_enable_ip+0xd/0xf [ 447.627349] [<c088004f>] _raw_spin_unlock_bh+0x34/0x37 [ 447.627359] [<f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211] [ 447.627451] [<f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211] [ 447.627526] [<f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k] [ 447.627547] [<f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k] [ 447.627569] [<f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211] [ 447.627628] [<f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211] [ 447.627712] [<f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211] [ 447.627782] [<f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211] [ 447.627816] [<f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211] [ 447.627845] [<f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211] [ 447.627872] [<c07cfa36>] genl_rcv_msg+0x1d5/0x1f3 [ 447.627881] [<c07cf009>] netlink_rcv_skb+0x37/0x78 [ 447.627891] [<c07cf85a>] genl_rcv+0x1e/0x25 [ 447.627898] [<c07cebf3>] netlink_unicast+0xc3/0x12d [ 447.627907] [<c07cee46>] netlink_sendmsg+0x1e9/0x213 [ 447.627915] [<c079f282>] sock_sendmsg+0x79/0x96 [ 447.627926] [<c079f4d8>] __sys_sendmsg+0x180/0x215 [ 447.627934] [<c07a01f3>] sys_sendmsg+0x3b/0x52 [ 447.627941] [<c07a07b4>] sys_socketcall+0x238/0x2a2 [ 447.627949] [<c0885edf>] sysenter_do_call+0x12/0x38 [ 447.627959] irq event stamp: 1929200 [ 447.627963] hardirqs last enabled at (1929200): [<c043a0e9>] tasklet_hi_action+0x3e/0xbf [ 447.627972] hardirqs last disabled at (1929199): [<c043a0c0>] tasklet_hi_action+0x15/0xbf [ 447.627981] softirqs last enabled at (1929196): [<c043999d>] _local_bh_enable+0x12/0x14 [ 447.627989] softirqs last disabled at (1929197): [<c040443b>] do_softirq+0x63/0xb8 [ 447.627999] [ 447.627999] other info that might help us debug this: [ 447.628004] Possible unsafe locking scenario: [ 447.628004] [ 447.628009] CPU0 [ 447.628012] ---- [ 447.628016] lock(&(&ah->block)->rlock); [ 447.628023] <Interrupt> [ 447.628027] lock(&(&ah->block)->rlock); [ 447.628034] [ 447.628034] *** DEADLOCK *** Signed-off-by: NBob Copeland <me@bobcopeland.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Lorenzo Bianconi 提交于
ath_rx_tasklet() calls ath9k_rx_skb_preprocess() and ath9k_rx_skb_postprocess() in a loop over the received frames. The decrypt_error flag is initialized to false just outside ath_rx_tasklet() loop. ath9k_rx_accept(), called by ath9k_rx_skb_preprocess(), only sets decrypt_error to true and never to false. Then ath_rx_tasklet() calls ath9k_rx_skb_postprocess() and passes decrypt_error to it. So, after a decryption error, in ath9k_rx_skb_postprocess(), we can have a leftover value from another processed frame. In that case, the frame will not be marked with RX_FLAG_DECRYPTED even if it is decrypted correctly. When using CCMP encryption this issue can lead to connection stuck because of CCMP PN corruption and a waste of CPU time since mac80211 tries to decrypt an already deciphered frame with ieee80211_aes_ccm_decrypt. Fix the issue initializing decrypt_error flag at the begging of the ath_rx_tasklet() loop. Signed-off-by: NLorenzo Bianconi <lorenzo.bianconi83@gmail.com> Cc: <stable@kernel.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 11 8月, 2012 3 次提交
-
-
由 Rajkumar Manoharan 提交于
During suspend, the device will be moved to FULLSLEEP state. As btcoex is never been stopped, the btcoex timer is running and tries to access hw on fullsleep state. Fix that. Cc: stable@vger.kernel.org Signed-off-by: NRajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Dan Carpenter 提交于
This return holds the number of bytes transfered (1 byte) or a negative error code. The type should be int instead of u8. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Acked-by: NPavel Roskin <proski@gnu.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Alexey Khoroshilov 提交于
Do not leak memory by updating pointer with potentially NULL realloc return value. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru> Acked-by: NJussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-