- 10 2月, 2012 1 次提交
-
-
由 Mohammed Shafi Shajakhan 提交于
read_lock(&tpt_trig->trig.leddev_list_lock) is accessed via the path ieee80211_open (->) ieee80211_do_open (->) ieee80211_mod_tpt_led_trig (->) ieee80211_start_tpt_led_trig (->) tpt_trig_timer before initializing it. the intilization of this read/write lock happens via the path ieee80211_led_init (->) led_trigger_register, but we are doing 'ieee80211_led_init' after 'ieeee80211_if_add' where we register netdev_ops. so we access leddev_list_lock before initializing it and causes the following bug in chrome laptops with AR928X cards with the following script while true do sudo modprobe -v ath9k sleep 3 sudo modprobe -r ath9k sleep 3 done BUG: rwlock bad magic on CPU#1, wpa_supplicant/358, f5b9eccc Pid: 358, comm: wpa_supplicant Not tainted 3.0.13 #1 Call Trace: [<8137b9df>] rwlock_bug+0x3d/0x47 [<81179830>] do_raw_read_lock+0x19/0x29 [<8137f063>] _raw_read_lock+0xd/0xf [<f9081957>] tpt_trig_timer+0xc3/0x145 [mac80211] [<f9081f3a>] ieee80211_mod_tpt_led_trig+0x152/0x174 [mac80211] [<f9076a3f>] ieee80211_do_open+0x11e/0x42e [mac80211] [<f9075390>] ? ieee80211_check_concurrent_iface+0x26/0x13c [mac80211] [<f9076d97>] ieee80211_open+0x48/0x4c [mac80211] [<812dbed8>] __dev_open+0x82/0xab [<812dc0c9>] __dev_change_flags+0x9c/0x113 [<812dc1ae>] dev_change_flags+0x18/0x44 [<8132144f>] devinet_ioctl+0x243/0x51a [<81321ba9>] inet_ioctl+0x93/0xac [<812cc951>] sock_ioctl+0x1c6/0x1ea [<812cc78b>] ? might_fault+0x20/0x20 [<810b1ebb>] do_vfs_ioctl+0x46e/0x4a2 [<810a6ebb>] ? fget_light+0x2f/0x70 [<812ce549>] ? sys_recvmsg+0x3e/0x48 [<810b1f35>] sys_ioctl+0x46/0x69 [<8137fa77>] sysenter_do_call+0x12/0x2 Cc: <stable@vger.kernel.org> Cc: Gary Morain <gmorain@google.com> Cc: Paul Stewart <pstew@google.com> Cc: Abhijit Pradhan <abhijit@qca.qualcomm.com> Cc: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com> Cc: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Acked-by: NJohannes Berg <johannes.berg@intel.com> Tested-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 02 2月, 2012 1 次提交
-
-
由 Eliad Peller 提交于
The current code checks for stored_mpdu_num > 1, causing the reorder_timer to be triggered indefinitely, but the frame is never timed-out (until the next packet is received) Signed-off-by: NEliad Peller <eliad@wizery.com> Cc: <stable@vger.kernel.org> Acked-by: NJohannes Berg <johannes@sipsolutions.net> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 25 1月, 2012 2 次提交
-
-
由 Eliad Peller 提交于
__ieee80211_recalc_idle() iterates through the vifs, sets bss_conf.idle = true if they are disconnected, and increases "count" if they are not (which later gets evaluated in order to determine whether the device is idle). However, the loop doesn't set bss_conf.idle = false (along with increasing "count"), causing the device idle state and the vif idle state to get out of sync in some cases. Signed-off-by: NEliad Peller <eliad@wizery.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Eliad Peller 提交于
Commit 13c40c54 ("mac80211: Add HT operation modes for IBSS") broke ibss operation by mistakenly removing the local->oper_channel update (causing ibss to start on the wrong channel). fix it. Signed-off-by: NEliad Peller <eliad@wizery.com> Acked-by: NSimon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 19 1月, 2012 3 次提交
-
-
由 Johannes Berg 提交于
When deauth is requested while an auth or assoc work item is in progress, we currently delete it without regard for any state it might need to clean up. Fix it by cleaning up for those items. In the case Pontus found, the problem manifested itself as such: authenticate with 00:23:69:aa:dd:7b (try 1) authenticated failed to insert Dummy STA entry for the AP (error -17) deauthenticating from 00:23:69:aa:dd:7b by local choice (reason=2) It could also happen differently if the driver uses the tx_sync callback. We can't just call the ->done() method of the work items because that will lock up due to the locking in cfg80211. This fix isn't very clean, but that seems acceptable since I have patches pending to remove this code completely. Cc: stable@vger.kernel.org Reported-by: NPontus Fuchs <pontus.fuchs@gmail.com> Tested-by: NPontus Fuchs <pontus.fuchs@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Javier Cardona 提交于
Use local->tx_headroom instad of local->hw.extra_tx_headroom. local->tx_headroom is the max of hw.extra_tx_headroom required by the driver and the headroom required by mac80211 for status reporting. On drivers where hw.extra_tx_headroom is smaller than what mac80211 requires (e.g. ath5k), we would not reserve sufficient buffer space to report tx status. Also, don't reserve local->tx_headroom + local->hw.extra_tx_headroom. Reported-by: NSimon Morgenthaler <s.morgenthaler@students.unibe.ch> Reported-by: NKai Scharwies <kai@scharwies.de> Signed-off-by: NJavier Cardona <javier@cozybit.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
Since stations moved into a virtual interface subdirectory, this link has been broken. Fix it. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 17 1月, 2012 3 次提交
-
-
由 Helmut Schaa 提交于
All other code paths in sta_unblock synchronize with the network softirq by using local_bh_disable/enable. Do the same around ieee80211_sta_ps_deliver_wakeup. Signed-off-by: NHelmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Yoni Divinsky 提交于
In function ieee80211_tx_h_encrypt the var info was initialized from tx->skb, since the fucntion is called after the function ieee80211_tx_h_fragment tx->skb is not valid anymore. Signed-off-by: NYoni Divinsky <yoni.divinsky@ti.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Jesper Juhl 提交于
We may leak the 'fwd_skb' we skb_copy() in ieee80211_rx_h_mesh_fwding() if we take the 'else' branch in the 'if' statement just below. If we take that branch we'll end up returning from the function and since we've not assigned 'fwd_skb' to anything at that point, we leak it when the variable goes out of scope. The simple fix seems to be to just kfree_skb(fwd_skb); just before we return. That is what this patch does. Signed-off-by: NJesper Juhl <jj@chaosbits.net> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 14 1月, 2012 1 次提交
-
-
由 Johannes Berg 提交于
When userspace attempts to authorize a station that is already authorized, nothing happens as you'd expect. Similarly, when it unauthorizes a station that is associated, nothing happens. However, when it unauthorizes a station that isn't even associated yet, we erroneously try to move the station to associated. This seems to happen occasionally as a result of a race when wpa_supplicant attempts to unauthorize the port in managed mode. Particularly with my new patches to keep stations, it can then move a station into ASSOCIATED state before we have really associated, which is really confusing. I introduced this bug in "mac80211: refactor station state transitions" Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 13 1月, 2012 1 次提交
-
-
由 Eric Dumazet 提交于
commit a9b3cd7f (rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER) did a lot of incorrect changes, since it did a complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x, y). We miss needed barriers, even on x86, when y is not NULL. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 12 1月, 2012 1 次提交
-
-
由 Stanislaw Gruszka 提交于
Since: commit 816c04fe Author: Christian Lamparter <chunkeey@googlemail.com> Date: Sat Apr 30 15:24:30 2011 +0200 mac80211: consolidate MIC failure report handling is possible to that we dereference rx->key == NULL when driver set RX_FLAG_MMIC_STRIPPED and not RX_FLAG_IV_STRIPPED and we are in promiscuous mode. This happen with rt73usb and rt61pci at least. Before the commit we always check rx->key against NULL, so I assume fix should be done in mac80211 (also mic_fail path has similar check). References: https://bugzilla.redhat.com/show_bug.cgi?id=769766 http://rt2x00.serialmonkey.com/pipermail/users_rt2x00.serialmonkey.com/2012-January/004395.html Cc: stable@vger.kernel.org # 3.0+ Reported-by: NStuart D Gathman <stuart@gathman.org> Reported-by: NKai Wohlfahrt <kai.scorpio@gmail.com> Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 05 1月, 2012 7 次提交
-
-
由 Mohammed Shafi Shajakhan 提交于
ieee80211_offchannel_enable_all_ps function is no longer used and looks like its logic is extensively handled in ieee80211_offchannel_stop_vifs Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Yogesh Ashok Powar 提交于
Ideally, hardware/firmware initialization is complete after the drv_start routine. In mac80211 restart code (ieee80211_reconfig), defer calling the driver commands i.e. setup fragmentation threshold, rts threshold and coverage class till drv_start routine is called. Signed-off-by: NNishant Sarmukadam <nishants@marvell.com> Signed-off-by: NYogesh Ashok Powar <yogeshp@marvell.com> v2: Removed extra blank line added. Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Mohammed Shafi Shajakhan 提交于
this is being recently introduced by the commit a85e1d55 Cc: Paul Stewart <pstew@google.com> Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Mohammed Shafi Shajakhan 提交于
kernel panic occurs when we create an IBSS mode and leave it for sometime without any joiner and this is introduced by the commit ec2b774e where we don't put proper braces for 'list_for_each_entry_safe' and we pass an invalid 'sta' pointer to __sta_info_destroy EIP is at __list_add+0xe/0xa0 EAX: f3b63db4 EBX: 00000000 ECX: eab88c1c EDX: 00000000 ESI: 00000000 EDI: 00000246 EBP: f3b63d80 ESP: f3b63d58 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process kworker/u:2 (pid: 198, ti=f3b62000 task=f3afbea0 task.ti=f3b62000) Stack: 00000000 00000000 f9ef9821 00000000 00000000 eab88c30 f3b63d80 c017f623 eab88bf0 eab88bf0 f3b63dd0 c066f925 00000000 00000002 00000000 f9ef9821 f3b63da0 c0180a2b eab88c1c eab88c30 00000002 f3afbea0 eab88bf4 f3b63db4 Call Trace: [<f9ef9821>] ? __ieee80211_stop_tx_ba_session+0x31/0x60 [mac80211] [<c017f623>] ? debug_mutex_add_waiter+0x23/0x60 [<c066f925>] __mutex_lock_common+0xd5/0x390 [<f9ef9821>] ? __ieee80211_stop_tx_ba_session+0x31/0x60 [mac80211] [<c0180a2b>] ? trace_hardirqs_off+0xb/0x10 [<c066fd37>] mutex_lock_nested+0x47/0x60 [<f9ef9821>] ? __ieee80211_stop_tx_ba_session+0x31/0x60 [mac80211] [<f9ef9821>] __ieee80211_stop_tx_ba_session+0x31/0x60 [mac80211] [<f9ef8989>] ieee80211_sta_tear_down_BA_sessions+0x39/0x60 [mac80211] [<f9ef1a67>] __sta_info_destroy+0x57/0x780 [mac80211] [<f9ef2223>] ieee80211_sta_expire+0x93/0xb0 [mac80211] [<f9efc8f6>] ieee80211_ibss_work+0x2d6/0x530 [mac80211] Cc: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Mohammed Shafi Shajakhan 提交于
when we run high bandwidth UDP traffic and we trigger a scan, the scan state machine seems to be looping in SUSPEND->RESUME->DECISION->SUSPEND and SET_CHANNEL seems to be never called as 'tx_empty' is never true while running UDP traffic. fix this by settting SET_CHANNEL state when we get into RESUME state. Cc: Leela Kella <leela@qca.qualcomm.com> Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Eliad Peller 提交于
If the vif is stopped while it is offchannel (e.g. right after p2p negotiation) the SDATA_STATE_OFFCHANNEL flag is never get cleared, resulting in various bad effects (e.g. GO can't start beaconing). Fix it by clearing the SDATA_STATE_OFFCHANNEL flag even if the vif is stopped. Signed-off-by: NEliad Peller <eliad@wizery.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Helmut Schaa 提交于
This seems to not serve any purpose anymore, at least all frame processing afterwards seems to be able to deal with QoS frames. So, let's save the expensive memmove and just leave the QoS header in the 802.11 frame for further processing. Signed-off-by: NHelmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 22 12月, 2011 2 次提交
-
-
由 Helmut Schaa 提交于
When mac80211 relays a frame from STA1 to STA2 in AP mode it will get re-classified in the tx path. Unfortunately the frame protocol field is always set to ETH_P_8023 while the classification only kicks in for ETH_P_IP. Hence, a high priority frame from STA1 will be send to STA2 as best effort. Instead of running classification on the frame just use the same priority as STA1 did. Do this by adding 256 to the skb->priority to allow cfg80211_classify8021d to shortcut frame classification. Signed-off-by: NHelmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Marek Lindner 提交于
The IBSS merge code calls ieee80211_sta_expire() with a relatively short expire timeout that purges other clients prematurely. The expire function has to check that only the clients belonging to the vif in question are purged. Signed-off-by: NMarek Lindner <lindner_marek@yahoo.de> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 20 12月, 2011 5 次提交
-
-
由 Rusty Russell 提交于
DaveM said: Please, this kind of stuff rots forever and not using bool properly drives me crazy. Joe Perches <joe@perches.com> gave me the spatch script: @@ bool b; @@ -b = 0 +b = false @@ bool b; @@ -b = 1 +b = true I merely installed coccinelle, read the documentation and took credit. Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yogesh Ashok Powar 提交于
The commit 42624d49 created following sparse warning >net/mac80211/sta_info.c:965:24: warning: incorrect type in assignment (different address spaces) >net/mac80211/sta_info.c:965:24: expected struct tid_ampdu_tx *tid_tx >net/mac80211/sta_info.c:965:24: got struct tid_ampdu_tx [noderef] <asn:4>*<noident> Making use of rcu_dereference_protected to fix the problem. V2: - Replacing rcu_dereference with rcu_dereference_protected as suggested by Johannes. - Adding mutex_lock/unlock to satisfy the condition at rcu_dereference_protected Cc: Nishant Sarmukadam <nishants@marvell.com> Reported-by: NJohannes Berg <johannes@sipsolutions.net> Signed-off-by: NYogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
When a peer changes SMPS state we should update rate control so it doesn't have to detect it by itself. It can't detect "dynamic" mode anyway since that just requires rts-cts handshaking. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Paul Stewart 提交于
If station info contains a beacon loss count, return it to userspace. Signed-off-by: NPaul Stewart <pstew@chromium.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Nikolay Martynov 提交于
Currently code allows three (HT_AGG_MAX_RETRIES) unanswered addba requests. When this limit is reached aggregation is turned off for given TID permanently. This doesn't seem right: three requests is not that much, some 'blackout' can happen, but effect of it affects whole connection indefinitely. This patch increases number of retries to 15. Also, when there have been 3 or more retries it splits further retries apart by 15 seconds instead of sending them in very short period of time. Signed-off-by: NNikolay Martynov <mar.kolya@gmail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 16 12月, 2011 11 次提交
-
-
由 Mohammed Shafi Shajakhan 提交于
we found that power save is not getting enabled when we do change interface in this order STA->IBSS->STA. this is because ieee80211_setup_sdata clears type-dependent union Reported-by: NLeela Kella <leela@qca.qualcomm.com> Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Mohammed Shafi Shajakhan 提交于
Signed-off-by: NMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Helmut Schaa 提交于
Currently BAR, ADDBA and DELBA frames are always sent using AC_VO. If the TID for which a BA session is established is assigned to a different queue BAR, ADDBA and DELBA frames can "overtake" frames of the according BA session. Hence, always put BA session related frames into the same queue as the BA sessions data frames. Signed-off-by: NHelmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
Now that IBSS no longer needs to insert stations from atomic context, we can get rid of all the special cases for that, and even get rid of the sta_lock (though it needs to stay as tim_lock.) This makes the station management code much more straight-forward. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
In order to notify drivers and simplify the station management code, defer IBSS station insertion to a work item and don't do it directly while receiving a frame. This increases the complexity in IBSS a little bit, but it's pretty straight forward and it allows us to reduce the station management complexity (next patch) considerably. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
No real changes, just note that they are const. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
Currently, each AP interface will send multicast traffic if any interface has a station entry even if that station entry is allocated only. With the new station state management we can easily fix it by adding a counter that counts each authorized station only and send multicast traffic only when the correct interface has at least one authorized station. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
Station entries can have various states, the most important ones being auth, assoc and authorized. This patch prepares us for telling the driver about these states, we don't want to confuse drivers with strange transitions, so with this we enforce that they move in the right order between them (back and forth); some transitions might happen before the driver even knows about the station, but at least runtime transitions will be ordered correctly. As a consequence, IBSS and MESH stations will now have the ASSOC flag set (so they can transition to AUTHORIZED), and we can get rid of a special case in TX processing. When freeing a station, unwind the state so that other parts of the code (or drivers later) can rely on the transitions. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
There's no need to use RCU here, we can just lock the station mutex instead. This allows the code to sleep, which is necessary for later patches. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
This is already checked in cfg80211, so no need to repeat the checks here. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Johannes Berg 提交于
The nl80211 station handling code is a bit messy and doesn't do a lot of validation. It seems like this could be an issue for drivers that don't use mac80211 to validate everything. As cfg80211 doesn't keep station state, move the validation of allowing supported_rates to change for TDLS only in station mode to mac80211. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 15 12月, 2011 1 次提交
-
-
由 Simon Wunderlich 提交于
Our new return also created a memleak. The skb should be freed before returning an error. Signed-off-by: NSimon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 14 12月, 2011 1 次提交
-
-
由 Eliad Peller 提交于
The ip address of the vif can be set even before the vif is up. requiring the vif to be up in the vif notifier makes the notifer ignore this event, which causes wrong arp filter configuration later on. Reported-by: NEyal Shapira <eyal@wizery.com> Signed-off-by: NEliad Peller <eliad@wizery.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-