Fix an unaligned memory access in the zd_mac_rx function of zd1211rw
that causes problems on SPARC64.
Signed-off-by: NPatrick Simmons <linuxrocks123@netscape.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

A regression was added through patch a4ed90d6:

"cfg80211: respect API on orig_flags on channel for beacon hint"

We did indeed respect _orig flags but the intention was not clearly
stated in the commit log. This patch fixes firmware issues picked
up by iwlwifi when we lift passive scan of beaconing restrictions
on channels its EEPROM has been configured to always enable.

By doing so though we also disallowed beacon hints on devices
registering their wiphy with custom world regulatory domains
enabled, this happens to be currently ath5k, ath9k and ar9170.
The passive scan and beacon restrictions on those devices would
never be lifted even if we did find a beacon and the hardware did
support such enhancements when world roaming.

Since Johannes indicates iwlwifi firmware cannot be changed to
allow beacon hinting we set up a flag now to specifically allow
drivers to disable beacon hints for devices which cannot use them.

We enable the flag on iwlwifi to disable beacon hints and by default
enable it for all other drivers. It should be noted beacon hints lift
passive scan flags and beacon restrictions when we receive a beacon from
an AP on any 5 GHz non-DFS channels, and channels 12-14 on the 2.4 GHz
band. We don't bother with channels 1-11 as those channels are allowed
world wide.

This should fix world roaming for ath5k, ath9k and ar9170, thereby
improving scan time when we receive the first beacon from any AP,
and also enabling beaconing operation (AP/IBSS/Mesh) on cards which
would otherwise not be allowed to do so. Drivers not using custom
regulatory stuff (wiphy_apply_custom_regulatory()) were not affected
by this as the orig_flags for the channels would have been cleared
upon wiphy registration.

I tested this with a world roaming ath5k card.

Cc: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Several arrays were read before checking whether the index was within
bounds. ARRAY_SIZE() should be used to determine the size of arrays.

rates->rates has an arraysize of 1, so calling get_common_rates()
with a rates_size of MAX_RATES (14) was causing reads out of bounds.

tmp_size can increment at most to (ARRAY_SIZE(lbs_bg_rates) - 1) *
(*rates_size - 1), so that should be the number of elements of tmp[].

A goto can be eliminated: ret was already set upon its declaration.
Signed-off-by: NRoel Kluin <roel.kluin@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

reads bss->rates[j] before checking bounds of index, and should use
ARRAY_SIZE to determine the size of the array.
Signed-off-by: NRoel Kluin <roel.kluin@gmail.com>
Acked-by: NHolger Schurig <hs4233@mail.mn-solutions.de>
Acked-by: NDan Williams <dcbw@redhat.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

tid is bounded (above) by the size of default_tid_to_tx_fifo (17 elements), but
the size of priv->stations[].tid[] is MAX_TID_COUNT (9) elements.
Signed-off-by: NRoel Kluin <roel.kluin@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Incorrect limits leads to reads outside array bounds.
Signed-off-by: NRoel Kluin <roel.kluin@gmail.com>
Acked-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

SSID_rid has space for only 3 ssids.
txPowerLevels[i] is read before the bounds check for i
Signed-off-by: NRoel Kluin <roel.kluin@gmail.com>
Acked-by: NDan Williams <dcbw@redhat.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

iwm_wdev_alloc() returns an ERR_PTR on failure and not null.  It also
prints its own dev_err() message so I removed that as well.

Compile tested only.  Sorry.
Found by smatch (http://repo.or.cz/w/smatch.git).
Signed-off-by: NDan Carpenter <error27@gmail.com>
Acked-by: NZhu Yi <yi.zhu@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We need to provide a reasonable minimum that will result in a
working setup if used. Set minimum to be 10 to provide for
4 standard TX queues + 1 command queue + 2 (unused) HCCA queues +
4 HT queues (one per AC).

We allow the user to change the number of queues used via a module
parameter and use this minimum value to check if it is valid. Without
this patch a user can select a value for the number of queues that
will result in a failing setup.
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Reviewed-by: NTomas Winkler <tomas.winkler@intel.com>
Acked-by: NTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

I had a problem on 4965 hardware (well, probably other hardware too,
but others don't survive my stress testing right now, unfortunately)
where the driver was sending invalid commands to the device, but no
such thing could be seen from the driver's point of view. I could
reproduce this fairly easily by sending multiple TCP streams with
iperf on different TIDs, though sometimes a single iperf stream was
sufficient. It even happened with a single core, but I have forced
preemption turned on.

The culprit was a queue overrun, where we advanced the queue's write
pointer over the read pointer. After careful analysis I've come to
the conclusion that the cause is a race condition between iwlwifi
and mac80211.

mac80211, of course, checks whether the queue is stopped, before
transmitting a frame. This effectively looks like this:

        lock(queues)
        if (stopped(queue)) {
                unlock(queues)
                return busy;
	}
        unlock(queues)
        ...             <-- this place will be important
			    there is some more code here
        drv_tx(frame)

The driver, on the other hand, can stop and start queues, which does

        lock(queues)
        mark_running/stopped(queue)
        unlock(queues)

	[if marked running: wake up tasklet to send pending frames]

Now, however, once the driver starts the queue, mac80211 can see that
and end up at the marked place above, at which point for some reason the
driver seems to stop the queue again (I don't understand that) and then
we end up transmitting while the queue is actually full.

Now, this shouldn't actually matter much, but for some reason I've seen
it happen multiple times in a row and the queue actually overflows, at
which point the queue bites itself in the tail and things go completely
wrong.

This patch fixes this by just dropping the packet should this have
happened, and making the lock in iwlwifi cover everything so iwlwifi
can't race against itself (dropping the lock there might make it more
likely, but it did seem to happen without that too).

Since we can't hold the lock across drv_tx() above, I see no way to fix
this in mac80211, but I also don't understand why I haven't seen this
before -- maybe I just never stress tested it this badly.

With this patch, the device has survived many minutes of simultanously
sending two iperf streams on different TIDs with combined throughput
of about 60 Mbps.
Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Firmware V4 on CF8381 reports region code shifted by 1 byte to left.
The following patch checks for this and handles it properly.
Signed-off-by: NMarek Vasut <marek.vasut@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Two users of ar9170 devices have now reported their cards
have been programmed with a regulatory domain of 0x8000.
This is not a valid regulatory domain as such these users were
unable to use these devices. Since this doesn't seem to be
a device EEPROM corruption we must treat it specially. It
may have been possible the manufacturer intended to use 0x0
as the regulatory domain and that would ultimately yield
to US but since we cannot get confirmationf or this we
default this special case to one of our world regulatory
domains, specifically 0x64.

Reported-by: DavidFreeman on #linux-wireless
Reported-by: NJoerg Albert <jal2@gmx.de>
Cc: Christian Lamparter <chunkeey@web.de>,
Cc: Stephen Chen <stephen.chen@atheros.com>
Cc: David Quan <david.quan@atheros.com>
Cc: Tony Yang <tony.yang@atheros.com>
Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Fix a potential NULL dereference bug during
error handling in p54spi_probe.

This bug was discovered by smatch:
(http://repo.or.cz/w/smatch.git).
Signed-off-by: NDan Carpenter <error27@gmail.com>
Signed-off-by: NChristian Lamparter <chunkeey@web.de>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

For AP mode we must tune ANI specially for 2 GHz and
for 5 GHz. We mask in only the flags we want to toggle
on ath9k_hw_ani_control() through the ah->ani_function
bitmask, this will take care of ignoring changes during
ANI reset which we were disabling before.
Testedy-by: NSteven Luo <steven@steven676.net>
Cc: Bennyam Malavazi <bennyam.malavazi@atheros.com>
Cc: Jouni Malinen <jouni.malinen@Atheros.com>
Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The commit below changed the semantics of rt2x00_check_rev so that it no
longer checked the bottom 4 bits of the rev were non-zero.  During that
conversion this part of the check was not propogated to the rt2500usb
initialisation.

    commit 358623c2
    Author: Ivo van Doorn <ivdoorn@gmail.com>
    Date:   Tue May 5 19:46:08 2009 +0200

        rt2x00: Simplify rt2x00_check_rev

Without this check rt73 devices are miss recognised as rt2500 devices and
two drivers are loaded.  Preventing the device being used.  Reinstate this
check.
Signed-off-by: NAndy Whitcroft <apw@canonical.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When rtl8187 is unloaded and CONFIG_RTL8187_LEDS is set, the kernel
may oops when the module is unloaded as the workqueue for led_on was
not being cancelled.

This patch fixes the problem reported in
http://marc.info/?l=linux-wireless&m=124742957615781&w=2.
Reported-by: NGábor Stefanik <netrolller.3d@gmail.com>
Signed-off-by: NLarry Finger <Larry.Finger@lwfinger>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Pavel Roskin reported some issues with using AP mode without
nohwcrypt=1.  Most likely this is similar to the problem fixed
some time ago in ath9k by 3f53dd64,
"ath9k: Fix hw crypto configuration for TKIP in AP mode."

That only affects TKIP but it's easiest to just disable that and
WEP too until we get a proper fix in.
Signed-off-by: NBob Copeland <me@bobcopeland.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Once the "data" pointer is freed, we can't be iterating
to the next item in the list any more so we need to use
list_for_each_entry_safe with a temporary variable.
Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

If you rmmod the module while associated, frames might
be transmitted during unregistration -- which will crash
if the hwsim%d interface is unregistered first, so only
do that after all the virtual wiphys are gone.
Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The byte count table is only used for aggregation. Updating it
in other cases caused fragmented frames to be dropped.

This fixes http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=2004Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This changes the power_level file to adhere to the "one value
per file" sysfs rule. The user will know which power level was
requested as it will be the number just written to this file. It
is thus not necessary to create a new sysfs file for this value.

In addition it fixes a problem where powertop's parsing expects
this value to be the first value in this file without any descriptions.
Signed-off-by: NReinette Chatre <reinette.chatre@intel.com>
cc: stable@kernel.org
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

The driver private data is now based on wiphy. So we should not
touch the private data after wiphy_free() is called. The patch
fixes the potential NULL pointer dereference by making the
iwm_wdev_free() the last one on the interface removal path.
Signed-off-by: NZhu Yi <yi.zhu@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This reverts commit adeab1af.

As Alan Cox explained, the TTY layer changes that went recently
to get rid of the tty->low_latency stuff fixes this already,
and even for -stable it's the ->low_latency changes that should
go in to fix this, rather than this patch.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Guido Trentalancia reports:

I am trying to use the kiss driver in the Linux kernel that is being
shipped with Fedora 10 but unfortunately I get the following oops:

mkiss: AX.25 Multikiss, Hans Albas PE1AYX
mkiss: ax0: crc mode is auto.
ADDRCONF(NETDEV_CHANGE): ax0: link becomes ready
------------[ cut here ]------------
WARNING: at kernel/softirq.c:77 __local_bh_disable+0x2f/0x83() (Not
tainted)
[...]
unloaded: microcode]
Pid: 0, comm: swapper Not tainted 2.6.27.25-170.2.72.fc10.i686 #1
 [<c042ddfb>] warn_on_slowpath+0x65/0x8b
 [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
 [<c04228b4>] ? __enqueue_entity+0xe3/0xeb
 [<c042431e>] ? enqueue_entity+0x203/0x20b
 [<c0424361>] ? enqueue_task_fair+0x3b/0x3f
 [<c041f88c>] ? resched_task+0x3a/0x6e
 [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
 [<c06ab4e2>] ? _spin_lock_bh+0xb/0x16
 [<c043255b>] __local_bh_disable+0x2f/0x83
 [<c04325ba>] local_bh_disable+0xb/0xd
 [<c06ab4e2>] _spin_lock_bh+0xb/0x16
 [<f8b6f600>] mkiss_receive_buf+0x2fb/0x3a6 [mkiss]
 [<c0572a30>] flush_to_ldisc+0xf7/0x198
 [<c0572b12>] tty_flip_buffer_push+0x41/0x51
 [<f89477f2>] ftdi_process_read+0x375/0x4ad [ftdi_sio]
 [<f8947a5a>] ftdi_read_bulk_callback+0x130/0x138 [ftdi_sio]
 [<c05d4bec>] usb_hcd_giveback_urb+0x63/0x93
 [<c05ea290>] uhci_giveback_urb+0xe5/0x15f
 [<c05eaabf>] uhci_scan_schedule+0x52e/0x767
 [<c05f6288>] ? psmouse_handle_byte+0xc/0xe5
 [<c054df78>] ? acpi_ev_gpe_detect+0xd6/0xe1
 [<c05ec5b0>] uhci_irq+0x110/0x125
 [<c05d4834>] usb_hcd_irq+0x40/0xa3
 [<c0465313>] handle_IRQ_event+0x2f/0x64
 [<c046642b>] handle_level_irq+0x74/0xbe
 [<c04663b7>] ? handle_level_irq+0x0/0xbe
 [<c0406e6e>] do_IRQ+0xc7/0xfe
 [<c0405668>] common_interrupt+0x28/0x30
 [<c056821a>] ? acpi_idle_enter_simple+0x162/0x19d
 [<c0617f52>] cpuidle_idle_call+0x60/0x92
 [<c0403c61>] cpu_idle+0x101/0x134
 [<c069b1ba>] rest_init+0x4e/0x50
 =======================
---[ end trace b7cc8076093467ad ]---
------------[ cut here ]------------
WARNING: at kernel/softirq.c:136 _local_bh_enable_ip+0x3d/0xc4()
[...]
Pid: 0, comm: swapper Tainted: G        W 2.6.27.25-170.2.72.fc10.i686
 [<c042ddfb>] warn_on_slowpath+0x65/0x8b
 [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
 [<c04228b4>] ? __enqueue_entity+0xe3/0xeb
 [<c042431e>] ? enqueue_entity+0x203/0x20b
 [<c0424361>] ? enqueue_task_fair+0x3b/0x3f
 [<c041f88c>] ? resched_task+0x3a/0x6e
 [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
 [<c06ab4e2>] ? _spin_lock_bh+0xb/0x16
 [<f8b6f642>] ? mkiss_receive_buf+0x33d/0x3a6 [mkiss]
 [<c04325f9>] _local_bh_enable_ip+0x3d/0xc4
 [<c0432688>] local_bh_enable_ip+0x8/0xa
 [<c06ab54d>] _spin_unlock_bh+0x11/0x13
 [<f8b6f642>] mkiss_receive_buf+0x33d/0x3a6 [mkiss]
 [<c0572a30>] flush_to_ldisc+0xf7/0x198
 [<c0572b12>] tty_flip_buffer_push+0x41/0x51
 [<f89477f2>] ftdi_process_read+0x375/0x4ad [ftdi_sio]
 [<f8947a5a>] ftdi_read_bulk_callback+0x130/0x138 [ftdi_sio]
 [<c05d4bec>] usb_hcd_giveback_urb+0x63/0x93
 [<c05ea290>] uhci_giveback_urb+0xe5/0x15f
 [<c05eaabf>] uhci_scan_schedule+0x52e/0x767
 [<c05f6288>] ? psmouse_handle_byte+0xc/0xe5
 [<c054df78>] ? acpi_ev_gpe_detect+0xd6/0xe1
 [<c05ec5b0>] uhci_irq+0x110/0x125
 [<c05d4834>] usb_hcd_irq+0x40/0xa3
 [<c0465313>] handle_IRQ_event+0x2f/0x64
 [<c046642b>] handle_level_irq+0x74/0xbe
 [<c04663b7>] ? handle_level_irq+0x0/0xbe
 [<c0406e6e>] do_IRQ+0xc7/0xfe
 [<c0405668>] common_interrupt+0x28/0x30
 [<c056821a>] ? acpi_idle_enter_simple+0x162/0x19d
 [<c0617f52>] cpuidle_idle_call+0x60/0x92
 [<c0403c61>] cpu_idle+0x101/0x134
 [<c069b1ba>] rest_init+0x4e/0x50
 =======================
---[ end trace b7cc8076093467ad ]---
mkiss: ax0: Trying crc-smack
mkiss: ax0: Trying crc-flexnet

The issue was, that the locking code in mkiss was assuming it was only
ever being called in process or bh context.  Fixed by converting the
involved locking code to use irq-safe locks.

Review of other networking line disciplines shows that 6pack, both sync
and async PPP and STRIP have similar issues.  The ppp_async one is the
most interesting one as it sorts out half of the issue as far back as
2004 in commit http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2996d8deaeddd01820691a872550dc0cfba0c37dSigned-off-by: NRalf Baechle <ralf@linux-mips.org>
Reported-by: NGuido Trentalancia <guido@trentalancia.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

alloc_etherdev() used to install default implementations of these
operations, but they must now be explicitly installed in struct
net_device_ops.
Signed-off-by: NBen Hutchings <ben@decadent.org.uk>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

In the mainline kernel, p54usb will fail because the TX queue length can
become < 0. This problem has been reported as Bugzilla #13725. The failure
is expressed by the following message in the logs:

WARNING: at net/mac80211/tx.c:1325 ieee80211_tx+0x23c/0x298 [mac80211]()
Hardware name: HP Pavilion dv2700 Notebook PC
tx refused but queue active

This problem has been recently observed in the wireless-testing tree, where
a full solution is being tested. That fix is too invasive for 2.6.31-rcX,
but the simple change supplied here will prevent the failure.
Signed-off-by: NLarry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Atheros top level menu needs a "depends WLAN_80211" to properly indent
within menuconfig and xconfig interfaces.

This is purely a visual issue but it effects all subsequent drivers.
The issue is the top level menu does not include a dependency on
WLAN_80211 so within the tree structure, Atheros is at the same level as
WLAN_80211 but when WLAN_80211 collapsed, the menu disappears along with
all subsequent drives, so it is really a subordinate.
Signed-off-by: NJay Sternberg <jay.e.sternberg@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

There's a race condition -- started can be set to true
before channel is set due to the way mac80211 callbacks
currently work (->start should probably pass the channel
we would like to have initially). For now simply add a
check to hwsim to avoid dereferencing the NULL channel
pointer.
Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Added support for the Broadcom 4318E chipset on PCMCIA/CF cards. The
4318E can do 802.11A/B/G, only B and G mode are supported in b43.
Signed-off-by: NClyde McPherson <ccmcphe@verizon.net>
Signed-off-by: NLarry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Yevgen Kotikov reported success on the sourceforge zd1211-devs list
with the following details:

Brand/retail: SONY IFU-WLM2
USB-IDs: Vendor: 0x054C Device: 0x0257
chip ID: zd1211b chip 054c:0257 v4802 high 00-0b-6b AL2230_RF pa0 -----
FCC ID: unknown
Signed-off-by: NHin-Tak Leung <htl10@users.sourceforge.net>
Tested-by: NYevgen Kotikov <yevgen.kotikov@gmail.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

On a shuttle machine here we got 07b8:6001 device, handled by zd1211rw, which does not work.
Scanning is OK but association does not work, we get "direct probe to AP xxx timed out"

It appears that this simple patch makes the device work perfectly.

This id was already there in initial import of the driver so I don't know if it has ever been
working as ZD1211 (which would mean they changed it and kept the id :( ).
Signed-off-by: NPascal Terjan <pterjan@mandriva.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We're missing a Kconfig help for the iwmc3200wifi driver.
Signed-off-by: NSamuel Ortiz <samuel.ortiz@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

When we reclaim the tx desc, we always assume that the
last desc is a holding desc, which is not true, and skip it.
If the tx queue is drained during channel change, internal
reset and etc, the last descriptor may not be the holding
descriptor and we fail to reclaim them. This results in the
following two issues.

1. Tx stuck - We drop all the frames coming from upper layer
due to shortage in tx desc.

2. Crash - If we fail to reclaim a tx descriptor, we miss to
update the tx BA window with the seq number of the frame
associated to that desc, which, at some point, result in
the following crash due to an assert failure in ath_tx_addto_baw().

This patch fixes these two issues.

 kernel BUG at ../drivers/net/wireless/ath/ath9k/xmit.c:180!
[155064.304164] invalid opcode: 0000 [#1] SMP
 Call Trace:
  [<fbc6d83b>] ? ath9k_tx+0xeb/0x160 [ath9k]
  [<fbbc9591>]  ipv6? __ieee80211_tx+0x41/0x120 [mac80211]
  [<fbbcb5ae>] ?  aes_i586ieee80211_master_start_xmit+0x28e/0x560 [mac80211]
  [<c037e501>]  aes_generic? _spin_lock_irqsave+0x31/0x40
  [<c02f347b>] ? dev_hard_start_xmit+0x16b/0x1c0
  [<c03058b5>] ? __qdisc_run+0x1b5/0x200
  [<fbbcda5a>] ?  af_packetieee80211_select_queue+0xa/0x100 [mac80211]
  [<c02f53b7>] ?  i915dev_queue_xmit+0x2e7/0x3f0
  [<fbbc9b49>] ? ieee80211_subif_start_xmit+0x369/0x7a0 [mac80211]
  [<c031bc35>] ? ip_output+0x55/0xb0
  [<c02e0188>] ? show_memcpy_count+0x18/0x60
  [<c02eb186>] ? __kfree_skb+0x36/0x90
  [<c02f2202>] ?  binfmt_miscdev_queue_xmit_nit+0xd2/0x110
  [<c02f347b>] ? dev_hard_start_xmit+0x16b/0x1c0
  [<c03058b5>] ? __qdisc_run+0x1b5/0x200
  [<c033bca7>] ?  scoarp_create+0x57/0x2a0
  [<c02f53b7>] ?  bridgedev_queue_xmit+0x2e7/0x3f0
  [<c03034a0>] ? eth_header+0x0/0xc0
  [<c033b95f>]  stp? arp_xmit+0x5f/0x70
  [<c033bf4f>] ? arp_send+0x5f/0x70
  [<c033c8f5>]  bnep? arp_solicit+0x105/0x210
  [<c02fa5aa>] ? neigh_timer_handler+0x19a/0x390
  [<c013bf88>] ? run_timer_softirq+0x138/0x210
  [<c02fa410>] ?  ppdevneigh_timer_handler+0x0/0x390
  [<c02fa410>] ? neigh_timer_handler+0x0/0x390
Signed-off-by: NVasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Fix condition in which radio LED did not initialize correctly, and remove
4 compilation warnings.

After the recent changes in rfkill, the radio LED used by b43/b43legacy
did not always initialize correctly.

Both b43 and b43legacy used the deprecated variable radio_enabled in
struct ieee80211_conf.
Signed-off-by: NLarry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This reverts commit a1091aae.

73ca5203
(ath5k: remove conf->beacon_int usage)
removed bintval setting from ath5k_config. We need to init the
interval earlier and don't touch it in add_interface anymore.

Otherwise it will be set only once by upper layer through
bss_info_changed but not on second and further hostap executions.

We ended up having bintval 1000 which rendered the AP useless on
many clients.
Signed-off-by: NJiri Slaby <jirislaby@gmail.com>
Cc: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <lrodriguez@atheros.com>
Cc: Bob Copeland <me@bobcopeland.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We want to put the chip into FULL SLEEP state, when we are disabling the
radio, but the the current code always change it to AWAKE/NETWORK SLEEP.

Changes-licensed-under: ISC
Signed-off-by: NGabor Juhos <juhosg@openwrt.org>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

Changes-licensed-under: ISC
Signed-off-by: NGabor Juhos <juhosg@openwrt.org>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

This reverts 'ath5k: remove dummy PCI "retry timeout" fix' on the
same theory as in 'ath9k: Fix PCI FATAL interrupts by restoring
RETRY_TIMEOUT disabling'.
Reported-by: NBob Copeland <me@bobcopeland.com>
Cc: stable@kernel.org
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

An earlier commit, 'ath9k: remove dummy PCI "retry timeout" fix', removed
code that was documented to disable RETRY_TIMEOUT register (PCI reg
0x41) since it was claimed to be a no-op. However, it turns out that
there are some combinations of hosts and ath9k-supported cards for
which this is not a no-op (reg 0x41 has value 0x80, not 0) and this
code (or something similar) is needed. In such cases, the driver may
be next to unusable due to very frequent PCI FATAL interrupts from the
card.

Reverting the earlier commit, i.e., restoring the RETRY_TIMEOUT
disabling, seems to resolve the issue. Since the removal of this code
was not based on any known issue and was purely a cleanup change, the
safest option here is to just revert that commit. Should there be
desire to clean this up in the future, the change will need to be
tested with a more complete coverage of cards and host systems.

http://bugzilla.kernel.org/show_bug.cgi?id=13483

Cc: stable@kernel.org
Signed-off-by: NJouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>