mac80211: call rate control only after init
mac80211: do not call rate control .tx_status before .rate_init mwifiex: clear previous security setting during association ath9k: stop on rates with idx -1 in ath9k rate control's .tx_status ath9k_hw: prevent writes to const data on AR9160 rt2x00: fix a possible NULL pointer dereference iwlwifi: fix key removal mac80211: zero initialize count field in ieee80211_tx_rate mac80211: Fix a warning on changing to monitor mode from STA brcm80211: smac: fix endless retry of A-MPDU transmissions brcm80211: smac: only print block-ack timeout message at trace level
This commit is contained in:
parent
15609ef4c4
commit
88b9de105c
|
@ -0,0 +1,39 @@
|
|||
From 2504a6423b9ab4c36df78227055995644de19edb Mon Sep 17 00:00:00 2001
|
||||
From: Pavel Roskin <proski@gnu.org>
|
||||
Date: Sat, 11 Feb 2012 10:01:53 -0500
|
||||
Subject: [PATCH] ath9k: stop on rates with idx -1 in ath9k rate control's
|
||||
.tx_status
|
||||
|
||||
Rate control algorithms are supposed to stop processing when they
|
||||
encounter a rate with the index -1. Checking for rate->count not being
|
||||
zero is not enough.
|
||||
|
||||
Allowing a rate with negative index leads to memory corruption in
|
||||
ath_debug_stat_rc().
|
||||
|
||||
One consequence of the bug is discussed at
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=768639
|
||||
|
||||
Signed-off-by: Pavel Roskin <proski@gnu.org>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
drivers/net/wireless/ath/ath9k/rc.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/ath/ath9k/rc.c b/drivers/net/wireless/ath/ath9k/rc.c
|
||||
index 635b592..a427a16 100644
|
||||
--- a/drivers/net/wireless/ath/ath9k/rc.c
|
||||
+++ b/drivers/net/wireless/ath/ath9k/rc.c
|
||||
@@ -1346,7 +1346,7 @@ static void ath_tx_status(void *priv, struct ieee80211_supported_band *sband,
|
||||
fc = hdr->frame_control;
|
||||
for (i = 0; i < sc->hw->max_rates; i++) {
|
||||
struct ieee80211_tx_rate *rate = &tx_info->status.rates[i];
|
||||
- if (!rate->count)
|
||||
+ if (rate->idx < 0 || !rate->count)
|
||||
break;
|
||||
|
||||
final_ts_idx = i;
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,117 @@
|
|||
From 9bbb8168ed3d8b946f9c1901a63a675012de88f2 Mon Sep 17 00:00:00 2001
|
||||
From: Felix Fietkau <nbd@openwrt.org>
|
||||
Date: Wed, 15 Feb 2012 19:31:20 +0100
|
||||
Subject: [PATCH] ath9k_hw: prevent writes to const data on AR9160
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Duplicate the data for iniAddac early on, to avoid having to do redundant
|
||||
memcpy calls later. While we're at it, make AR5416 < v2.2 use the same
|
||||
codepath. Fixes a reported crash on x86.
|
||||
|
||||
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
||||
Reported-by: Magnus Määttä <magnus.maatta@logica.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
drivers/net/wireless/ath/ath9k/ar5008_phy.c | 25 +------------------------
|
||||
drivers/net/wireless/ath/ath9k/ar9002_hw.c | 19 +++++++++++++++++++
|
||||
drivers/net/wireless/ath/ath9k/hw.h | 1 -
|
||||
3 files changed, 20 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/ath/ath9k/ar5008_phy.c b/drivers/net/wireless/ath/ath9k/ar5008_phy.c
|
||||
index f901a17..86a891f 100644
|
||||
--- a/drivers/net/wireless/ath/ath9k/ar5008_phy.c
|
||||
+++ b/drivers/net/wireless/ath/ath9k/ar5008_phy.c
|
||||
@@ -489,8 +489,6 @@ static int ar5008_hw_rf_alloc_ext_banks(struct ath_hw *ah)
|
||||
ATH_ALLOC_BANK(ah->analogBank6Data, ah->iniBank6.ia_rows);
|
||||
ATH_ALLOC_BANK(ah->analogBank6TPCData, ah->iniBank6TPC.ia_rows);
|
||||
ATH_ALLOC_BANK(ah->analogBank7Data, ah->iniBank7.ia_rows);
|
||||
- ATH_ALLOC_BANK(ah->addac5416_21,
|
||||
- ah->iniAddac.ia_rows * ah->iniAddac.ia_columns);
|
||||
ATH_ALLOC_BANK(ah->bank6Temp, ah->iniBank6.ia_rows);
|
||||
|
||||
return 0;
|
||||
@@ -519,7 +517,6 @@ static void ar5008_hw_rf_free_ext_banks(struct ath_hw *ah)
|
||||
ATH_FREE_BANK(ah->analogBank6Data);
|
||||
ATH_FREE_BANK(ah->analogBank6TPCData);
|
||||
ATH_FREE_BANK(ah->analogBank7Data);
|
||||
- ATH_FREE_BANK(ah->addac5416_21);
|
||||
ATH_FREE_BANK(ah->bank6Temp);
|
||||
|
||||
#undef ATH_FREE_BANK
|
||||
@@ -805,27 +802,7 @@ static int ar5008_hw_process_ini(struct ath_hw *ah,
|
||||
if (ah->eep_ops->set_addac)
|
||||
ah->eep_ops->set_addac(ah, chan);
|
||||
|
||||
- if (AR_SREV_5416_22_OR_LATER(ah)) {
|
||||
- REG_WRITE_ARRAY(&ah->iniAddac, 1, regWrites);
|
||||
- } else {
|
||||
- struct ar5416IniArray temp;
|
||||
- u32 addacSize =
|
||||
- sizeof(u32) * ah->iniAddac.ia_rows *
|
||||
- ah->iniAddac.ia_columns;
|
||||
-
|
||||
- /* For AR5416 2.0/2.1 */
|
||||
- memcpy(ah->addac5416_21,
|
||||
- ah->iniAddac.ia_array, addacSize);
|
||||
-
|
||||
- /* override CLKDRV value at [row, column] = [31, 1] */
|
||||
- (ah->addac5416_21)[31 * ah->iniAddac.ia_columns + 1] = 0;
|
||||
-
|
||||
- temp.ia_array = ah->addac5416_21;
|
||||
- temp.ia_columns = ah->iniAddac.ia_columns;
|
||||
- temp.ia_rows = ah->iniAddac.ia_rows;
|
||||
- REG_WRITE_ARRAY(&temp, 1, regWrites);
|
||||
- }
|
||||
-
|
||||
+ REG_WRITE_ARRAY(&ah->iniAddac, 1, regWrites);
|
||||
REG_WRITE(ah, AR_PHY_ADC_SERIAL_CTL, AR_PHY_SEL_INTERNAL_ADDAC);
|
||||
|
||||
ENABLE_REGWRITE_BUFFER(ah);
|
||||
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_hw.c b/drivers/net/wireless/ath/ath9k/ar9002_hw.c
|
||||
index 11f192a..d190411 100644
|
||||
--- a/drivers/net/wireless/ath/ath9k/ar9002_hw.c
|
||||
+++ b/drivers/net/wireless/ath/ath9k/ar9002_hw.c
|
||||
@@ -180,6 +180,25 @@ static void ar9002_hw_init_mode_regs(struct ath_hw *ah)
|
||||
INIT_INI_ARRAY(&ah->iniAddac, ar5416Addac,
|
||||
ARRAY_SIZE(ar5416Addac), 2);
|
||||
}
|
||||
+
|
||||
+ /* iniAddac needs to be modified for these chips */
|
||||
+ if (AR_SREV_9160(ah) || !AR_SREV_5416_22_OR_LATER(ah)) {
|
||||
+ struct ar5416IniArray *addac = &ah->iniAddac;
|
||||
+ u32 size = sizeof(u32) * addac->ia_rows * addac->ia_columns;
|
||||
+ u32 *data;
|
||||
+
|
||||
+ data = kmalloc(size, GFP_KERNEL);
|
||||
+ if (!data)
|
||||
+ return;
|
||||
+
|
||||
+ memcpy(data, addac->ia_array, size);
|
||||
+ addac->ia_array = data;
|
||||
+
|
||||
+ if (!AR_SREV_5416_22_OR_LATER(ah)) {
|
||||
+ /* override CLKDRV value */
|
||||
+ INI_RA(addac, 31,1) = 0;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
/* Support for Japan ch.14 (2484) spread */
|
||||
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
|
||||
index 6a29004..c8261d4 100644
|
||||
--- a/drivers/net/wireless/ath/ath9k/hw.h
|
||||
+++ b/drivers/net/wireless/ath/ath9k/hw.h
|
||||
@@ -940,7 +940,6 @@ struct ath_hw {
|
||||
u32 *analogBank6Data;
|
||||
u32 *analogBank6TPCData;
|
||||
u32 *analogBank7Data;
|
||||
- u32 *addac5416_21;
|
||||
u32 *bank6Temp;
|
||||
|
||||
u8 txpower_limit;
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
From 85091fc0a75653e239dc8379658515e577544927 Mon Sep 17 00:00:00 2001
|
||||
From: Arend van Spriel <arend@broadcom.com>
|
||||
Date: Thu, 23 Feb 2012 18:38:22 +0100
|
||||
Subject: [PATCH] brcm80211: smac: fix endless retry of A-MPDU transmissions
|
||||
|
||||
The A-MPDU code checked against a retry limit, but it was using
|
||||
the wrong variable to do so. This patch fixes this to assure
|
||||
proper retry mechanism.
|
||||
|
||||
This problem had a side-effect causing the mac80211 flush callback
|
||||
to remain waiting forever as well. That side effect has been fixed
|
||||
by commit by Stanislaw Gruszka:
|
||||
|
||||
commit f96b08a7e6f69c0f0a576554df3df5b1b519c479
|
||||
Date: Tue Jan 17 12:38:50 2012 +0100
|
||||
|
||||
brcmsmac: fix tx queue flush infinite loop
|
||||
|
||||
Reference:
|
||||
https://bugzilla.kernel.org/show_bug.cgi?id=42576
|
||||
|
||||
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
|
||||
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
|
||||
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
|
||||
Signed-off-by: Arend van Spriel <arend@broadcom.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
drivers/net/wireless/brcm80211/brcmsmac/ampdu.c | 6 +-----
|
||||
1 files changed, 1 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c b/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c
|
||||
index 90911ee..9265226 100644
|
||||
--- a/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c
|
||||
+++ b/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c
|
||||
@@ -1051,17 +1051,13 @@ brcms_c_ampdu_dotxstatus_complete(struct ampdu_info *ampdu, struct scb *scb,
|
||||
}
|
||||
/* either retransmit or send bar if ack not recd */
|
||||
if (!ack_recd) {
|
||||
- struct ieee80211_tx_rate *txrate =
|
||||
- tx_info->status.rates;
|
||||
- if (retry && (txrate[0].count < (int)retry_limit)) {
|
||||
+ if (retry && (ini->txretry[index] < (int)retry_limit)) {
|
||||
ini->txretry[index]++;
|
||||
ini->tx_in_transit--;
|
||||
/*
|
||||
* Use high prededence for retransmit to
|
||||
* give some punch
|
||||
*/
|
||||
- /* brcms_c_txq_enq(wlc, scb, p,
|
||||
- * BRCMS_PRIO_TO_PREC(tid)); */
|
||||
brcms_c_txq_enq(wlc, scb, p,
|
||||
BRCMS_PRIO_TO_HI_PREC(tid));
|
||||
} else {
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
From 2b0a53d51b5f263bb581bbdb40ebb9f7e09609b1 Mon Sep 17 00:00:00 2001
|
||||
From: Arend van Spriel <arend@broadcom.com>
|
||||
Date: Thu, 23 Feb 2012 18:38:23 +0100
|
||||
Subject: [PATCH] brcm80211: smac: only print block-ack timeout message at
|
||||
trace level
|
||||
|
||||
In regular use block-ack timeouts can happen so it does not make
|
||||
sense to fill the log with these messages.
|
||||
|
||||
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
|
||||
Reviewed-by: Alwin Beukers <alwin@broadcom.com>
|
||||
Signed-off-by: Arend van Spriel <arend@broadcom.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
drivers/net/wireless/brcm80211/brcmsmac/ampdu.c | 6 +++---
|
||||
1 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c b/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c
|
||||
index 9265226..30b5887 100644
|
||||
--- a/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c
|
||||
+++ b/drivers/net/wireless/brcm80211/brcmsmac/ampdu.c
|
||||
@@ -1070,9 +1070,9 @@ brcms_c_ampdu_dotxstatus_complete(struct ampdu_info *ampdu, struct scb *scb,
|
||||
IEEE80211_TX_STAT_AMPDU_NO_BACK;
|
||||
skb_pull(p, D11_PHY_HDR_LEN);
|
||||
skb_pull(p, D11_TXH_LEN);
|
||||
- wiphy_err(wiphy, "%s: BA Timeout, seq %d, in_"
|
||||
- "transit %d\n", "AMPDU status", seq,
|
||||
- ini->tx_in_transit);
|
||||
+ BCMMSG(wiphy,
|
||||
+ "BA Timeout, seq %d, in_transit %d\n",
|
||||
+ seq, ini->tx_in_transit);
|
||||
ieee80211_tx_status_irqsafe(wlc->pub->ieee_hw,
|
||||
p);
|
||||
}
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
From 5dcbf480473f6c3f06ad2426b7517038a2a18911 Mon Sep 17 00:00:00 2001
|
||||
From: Johannes Berg <johannes.berg@intel.com>
|
||||
Date: Fri, 17 Feb 2012 09:47:14 -0800
|
||||
Subject: [PATCH] iwlwifi: fix key removal
|
||||
|
||||
When trying to remove a key, we always send key
|
||||
flags just setting the key type, not including
|
||||
the multicast flag and the key ID. As a result,
|
||||
whenever any key was removed, the unicast key 0
|
||||
would be removed, causing a complete connection
|
||||
loss after the second rekey (the first doesn't
|
||||
cause a key removal). Fix the key removal code
|
||||
to include the key ID and multicast flag, thus
|
||||
removing the correct key.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: Alexander Schnaidt <alex.schnaidt@googlemail.com>
|
||||
Tested-by: Alexander Schnaidt <alex.schnaidt@googlemail.com>
|
||||
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||||
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
drivers/net/wireless/iwlwifi/iwl-agn-sta.c | 10 +++++++++-
|
||||
1 files changed, 9 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
|
||||
index 7353826..e483cfa 100644
|
||||
--- a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
|
||||
+++ b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
|
||||
@@ -1187,6 +1187,7 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
|
||||
unsigned long flags;
|
||||
struct iwl_addsta_cmd sta_cmd;
|
||||
u8 sta_id = iwlagn_key_sta_id(priv, ctx->vif, sta);
|
||||
+ __le16 key_flags;
|
||||
|
||||
/* if station isn't there, neither is the key */
|
||||
if (sta_id == IWL_INVALID_STATION)
|
||||
@@ -1212,7 +1213,14 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
|
||||
IWL_ERR(priv, "offset %d not used in uCode key table.\n",
|
||||
keyconf->hw_key_idx);
|
||||
|
||||
- sta_cmd.key.key_flags = STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID;
|
||||
+ key_flags = cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
|
||||
+ key_flags |= STA_KEY_FLG_MAP_KEY_MSK | STA_KEY_FLG_NO_ENC |
|
||||
+ STA_KEY_FLG_INVALID;
|
||||
+
|
||||
+ if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
|
||||
+ key_flags |= STA_KEY_MULTICAST_MSK;
|
||||
+
|
||||
+ sta_cmd.key.key_flags = key_flags;
|
||||
sta_cmd.key.key_offset = WEP_INVALID_OFFSET;
|
||||
sta_cmd.sta.modify_mask = STA_MODIFY_KEY_MASK;
|
||||
sta_cmd.mode = STA_CONTROL_MODIFY_MSK;
|
||||
--
|
||||
1.7.4.4
|
||||
|
35
kernel.spec
35
kernel.spec
|
@ -845,6 +845,17 @@ Patch50121: bcma-don-t-fail-for-bad-SPROM-CRC.patch
|
|||
Patch50122: zd1211rw-firmware-needs-duration_id-set-to-zero-for-.patch
|
||||
Patch50123: mac80211-Fix-a-rwlock-bad-magic-bug.patch
|
||||
Patch50124: rtlwifi-Modify-rtl_pci_init-to-return-0-on-success.patch
|
||||
Patch50125: mac80211-call-rate-control-only-after-init.patch
|
||||
Patch50126: mac80211-do-not-call-rate-control-.tx_status-before-.patch
|
||||
Patch50127: mwifiex-clear-previous-security-setting-during-assoc.patch
|
||||
Patch50128: ath9k-stop-on-rates-with-idx-1-in-ath9k-rate-control.patch
|
||||
Patch50129: ath9k_hw-prevent-writes-to-const-data-on-AR9160.patch
|
||||
Patch50130: rt2x00-fix-a-possible-NULL-pointer-dereference.patch
|
||||
Patch50131: iwlwifi-fix-key-removal.patch
|
||||
Patch50132: mac80211-zero-initialize-count-field-in-ieee80211_tx.patch
|
||||
Patch50133: mac80211-Fix-a-warning-on-changing-to-monitor-mode-f.patch
|
||||
Patch50134: brcm80211-smac-fix-endless-retry-of-A-MPDU-transmiss.patch
|
||||
Patch50135: brcm80211-smac-only-print-block-ack-timeout-message-.patch
|
||||
|
||||
%endif
|
||||
|
||||
|
@ -1633,6 +1644,17 @@ ApplyPatch bcma-don-t-fail-for-bad-SPROM-CRC.patch
|
|||
ApplyPatch zd1211rw-firmware-needs-duration_id-set-to-zero-for-.patch
|
||||
ApplyPatch mac80211-Fix-a-rwlock-bad-magic-bug.patch
|
||||
ApplyPatch rtlwifi-Modify-rtl_pci_init-to-return-0-on-success.patch
|
||||
ApplyPatch mac80211-call-rate-control-only-after-init.patch
|
||||
ApplyPatch mac80211-do-not-call-rate-control-.tx_status-before-.patch
|
||||
ApplyPatch mwifiex-clear-previous-security-setting-during-assoc.patch
|
||||
ApplyPatch ath9k-stop-on-rates-with-idx-1-in-ath9k-rate-control.patch
|
||||
ApplyPatch ath9k_hw-prevent-writes-to-const-data-on-AR9160.patch
|
||||
ApplyPatch rt2x00-fix-a-possible-NULL-pointer-dereference.patch
|
||||
ApplyPatch iwlwifi-fix-key-removal.patch
|
||||
ApplyPatch mac80211-zero-initialize-count-field-in-ieee80211_tx.patch
|
||||
ApplyPatch mac80211-Fix-a-warning-on-changing-to-monitor-mode-f.patch
|
||||
ApplyPatch brcm80211-smac-fix-endless-retry-of-A-MPDU-transmiss.patch
|
||||
ApplyPatch brcm80211-smac-only-print-block-ack-timeout-message-.patch
|
||||
|
||||
ApplyPatch rt2x00_fix_MCU_request_failures.patch
|
||||
|
||||
|
@ -2346,6 +2368,19 @@ fi
|
|||
# and build.
|
||||
|
||||
%changelog
|
||||
* Fri Feb 24 2012 John W. Linville <linville@redhat.com>
|
||||
- mac80211: call rate control only after init
|
||||
- mac80211: do not call rate control .tx_status before .rate_init
|
||||
- mwifiex: clear previous security setting during association
|
||||
- ath9k: stop on rates with idx -1 in ath9k rate control's .tx_status
|
||||
- ath9k_hw: prevent writes to const data on AR9160
|
||||
- rt2x00: fix a possible NULL pointer dereference
|
||||
- iwlwifi: fix key removal
|
||||
- mac80211: zero initialize count field in ieee80211_tx_rate
|
||||
- mac80211: Fix a warning on changing to monitor mode from STA
|
||||
- brcm80211: smac: fix endless retry of A-MPDU transmissions
|
||||
- brcm80211: smac: only print block-ack timeout message at trace level
|
||||
|
||||
* Mon Feb 20 2012 Dave Jones <davej@redhat.com> 3.2.7-1
|
||||
- Do not call drivers when invalidating partitions for -ENOMEDIUM
|
||||
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
From 0dee00686da88cc32753e02e4e8efdd9e326e4d2 Mon Sep 17 00:00:00 2001
|
||||
From: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
|
||||
Date: Mon, 20 Feb 2012 14:44:01 +0530
|
||||
Subject: [PATCH] mac80211: Fix a warning on changing to monitor mode from STA
|
||||
|
||||
nothing needs to be done for monitor/AP_VLAN mode on calling
|
||||
ieee80211_bss_info_change_notify -> drv_bss_info_changed with the change
|
||||
flag 'BSS_CHANGED_IDLE'. 'wl1271' seems to use BSS_CHANGED_IDLE only for
|
||||
STA and IBSS mode. further the non-idle state of the monitor mode is
|
||||
taken care by the 'count' variable which counts non-idle interfaces.
|
||||
ieee80211_idle_off(local, "in use") will be called.
|
||||
this fixes the following WARNING when we have initially STA mode
|
||||
(network manager running) and not associated, and change it to monitor
|
||||
mode with network manager disabled and bringing up the monitor mode.
|
||||
this changes the idle state from 'true' (STA unassociated) to 'false'
|
||||
(MONITOR mode)
|
||||
exposed by the commit 405385f8ce7a2ed8f82e216d88b5282142e1288b
|
||||
"mac80211: set bss_conf.idle when vif is connected"
|
||||
|
||||
WARNING: net/mac80211/main.c:212
|
||||
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]()
|
||||
Hardware name: 64756D6
|
||||
Pid: 3835, comm: ifconfig Tainted: G O
|
||||
3.3.0-rc3-wl #9
|
||||
Call Trace:
|
||||
[<c0133b02>] warn_slowpath_common+0x72/0xa0
|
||||
[<fc8e8c3f>] ?
|
||||
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
|
||||
[<fc8e8c3f>] ?
|
||||
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
|
||||
[<c0133b52>] warn_slowpath_null+0x22/0x30
|
||||
[<fc8e8c3f>]
|
||||
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
|
||||
[<fc8f9de3>] __ieee80211_recalc_idle+0x113/0x430
|
||||
[mac80211]
|
||||
[<fc8fabc6>] ieee80211_do_open+0x156/0x7e0 [mac80211]
|
||||
[<fc8f8a25>] ?
|
||||
ieee80211_check_concurrent_iface+0x25/0x180 [mac80211]
|
||||
[<c015dd9f>] ? raw_notifier_call_chain+0x1f/0x30
|
||||
[<fc8fb290>] ieee80211_open+0x40/0x80 [mac80211]
|
||||
[<c05894f6>] __dev_open+0x96/0xe0
|
||||
[<c068fba5>] ? _raw_spin_unlock_bh+0x35/0x40
|
||||
[<c05881d9>] __dev_change_flags+0x109/0x170
|
||||
[<c0589423>] dev_change_flags+0x23/0x60
|
||||
[<c05f3770>] devinet_ioctl+0x6a0/0x770
|
||||
|
||||
ieee80211 phy0: device no longer idle - in use
|
||||
|
||||
Cc: Eliad Peller <eliad@wizery.com>
|
||||
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
net/mac80211/iface.c | 3 +++
|
||||
1 files changed, 3 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
|
||||
index 01a21c2..8e2137b 100644
|
||||
--- a/net/mac80211/iface.c
|
||||
+++ b/net/mac80211/iface.c
|
||||
@@ -1332,6 +1332,9 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
|
||||
hw_roc = true;
|
||||
|
||||
list_for_each_entry(sdata, &local->interfaces, list) {
|
||||
+ if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
|
||||
+ sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
|
||||
+ continue;
|
||||
if (sdata->old_idle == sdata->vif.bss_conf.idle)
|
||||
continue;
|
||||
if (!ieee80211_sdata_running(sdata))
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,91 @@
|
|||
From 4b5a433ae5348c23caa0b5f0a2fca7c342acb200 Mon Sep 17 00:00:00 2001
|
||||
From: Johannes Berg <johannes.berg@intel.com>
|
||||
Date: Fri, 20 Jan 2012 13:55:23 +0100
|
||||
Subject: [PATCH] mac80211: call rate control only after init
|
||||
|
||||
There are situations where we don't have the
|
||||
necessary rate control information yet for
|
||||
station entries, e.g. when associating. This
|
||||
currently doesn't really happen due to the
|
||||
dummy station handling; explicitly disabling
|
||||
rate control when it's not initialised will
|
||||
allow us to remove dummy stations.
|
||||
|
||||
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
net/mac80211/debugfs_sta.c | 4 ++--
|
||||
net/mac80211/rate.c | 2 +-
|
||||
net/mac80211/rate.h | 1 +
|
||||
net/mac80211/sta_info.h | 2 ++
|
||||
4 files changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
|
||||
index 2406b3e..d86217d 100644
|
||||
--- a/net/mac80211/debugfs_sta.c
|
||||
+++ b/net/mac80211/debugfs_sta.c
|
||||
@@ -63,14 +63,14 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
|
||||
test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : ""
|
||||
|
||||
int res = scnprintf(buf, sizeof(buf),
|
||||
- "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
|
||||
+ "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
|
||||
TEST(AUTH), TEST(ASSOC), TEST(PS_STA),
|
||||
TEST(PS_DRIVER), TEST(AUTHORIZED),
|
||||
TEST(SHORT_PREAMBLE),
|
||||
TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT),
|
||||
TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL),
|
||||
TEST(UAPSD), TEST(SP), TEST(TDLS_PEER),
|
||||
- TEST(TDLS_PEER_AUTH));
|
||||
+ TEST(TDLS_PEER_AUTH), TEST(RATE_CONTROL));
|
||||
#undef TEST
|
||||
return simple_read_from_buffer(userbuf, count, ppos, buf, res);
|
||||
}
|
||||
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
|
||||
index 5a5a776..ad64f4d 100644
|
||||
--- a/net/mac80211/rate.c
|
||||
+++ b/net/mac80211/rate.c
|
||||
@@ -336,7 +336,7 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
|
||||
int i;
|
||||
u32 mask;
|
||||
|
||||
- if (sta) {
|
||||
+ if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) {
|
||||
ista = &sta->sta;
|
||||
priv_sta = sta->rate_ctrl_priv;
|
||||
}
|
||||
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
|
||||
index 168427b..2b83f32 100644
|
||||
--- a/net/mac80211/rate.h
|
||||
+++ b/net/mac80211/rate.h
|
||||
@@ -62,6 +62,7 @@ static inline void rate_control_rate_init(struct sta_info *sta)
|
||||
sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
|
||||
|
||||
ref->ops->rate_init(ref->priv, sband, ista, priv_sta);
|
||||
+ set_sta_flag(sta, WLAN_STA_RATE_CONTROL);
|
||||
}
|
||||
|
||||
static inline void rate_control_rate_update(struct ieee80211_local *local,
|
||||
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
|
||||
index 6f77f12..bfed851 100644
|
||||
--- a/net/mac80211/sta_info.h
|
||||
+++ b/net/mac80211/sta_info.h
|
||||
@@ -52,6 +52,7 @@
|
||||
* @WLAN_STA_SP: Station is in a service period, so don't try to
|
||||
* reply to other uAPSD trigger frames or PS-Poll.
|
||||
* @WLAN_STA_4ADDR_EVENT: 4-addr event was already sent for this frame.
|
||||
+ * @WLAN_STA_RATE_CONTROL: rate control was initialized for this station.
|
||||
*/
|
||||
enum ieee80211_sta_info_flags {
|
||||
WLAN_STA_AUTH,
|
||||
@@ -71,6 +72,7 @@ enum ieee80211_sta_info_flags {
|
||||
WLAN_STA_UAPSD,
|
||||
WLAN_STA_SP,
|
||||
WLAN_STA_4ADDR_EVENT,
|
||||
+ WLAN_STA_RATE_CONTROL,
|
||||
};
|
||||
|
||||
enum ieee80211_sta_state {
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
From 216c57b214bd621335ff698b475f6db2802502dc Mon Sep 17 00:00:00 2001
|
||||
From: Felix Fietkau <nbd@openwrt.org>
|
||||
Date: Wed, 8 Feb 2012 19:17:11 +0100
|
||||
Subject: [PATCH] mac80211: do not call rate control .tx_status before
|
||||
.rate_init
|
||||
|
||||
Most rate control implementations assume .get_rate and .tx_status are only
|
||||
called once the per-station data has been fully initialized.
|
||||
minstrel_ht crashes if this assumption is violated.
|
||||
|
||||
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
||||
Tested-by: Arend van Spriel <arend@broadcom.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
net/mac80211/rate.h | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
|
||||
index 2b83f32..80cfc00 100644
|
||||
--- a/net/mac80211/rate.h
|
||||
+++ b/net/mac80211/rate.h
|
||||
@@ -41,7 +41,7 @@ static inline void rate_control_tx_status(struct ieee80211_local *local,
|
||||
struct ieee80211_sta *ista = &sta->sta;
|
||||
void *priv_sta = sta->rate_ctrl_priv;
|
||||
|
||||
- if (!ref)
|
||||
+ if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
|
||||
return;
|
||||
|
||||
ref->ops->tx_status(ref->priv, sband, ista, priv_sta, skb);
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
From 8617b093d0031837a7be9b32bc674580cfb5f6b5 Mon Sep 17 00:00:00 2001
|
||||
From: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
|
||||
Date: Mon, 20 Feb 2012 10:05:31 +0530
|
||||
Subject: [PATCH] mac80211: zero initialize count field in ieee80211_tx_rate
|
||||
|
||||
rate control algorithms concludes the rate as invalid
|
||||
with rate[i].idx < -1 , while they do also check for rate[i].count is
|
||||
non-zero. it would be safer to zero initialize the 'count' field.
|
||||
recently we had a ath9k rate control crash where the ath9k rate control
|
||||
in ath_tx_status assumed to check only for rate[i].count being non-zero
|
||||
in one instance and ended up in using invalid rate index for
|
||||
'connection monitoring NULL func frames' which eventually lead to the crash.
|
||||
thanks to Pavel Roskin for fixing it and finding the root cause.
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=768639
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Cc: Pavel Roskin <proski@gnu.org>
|
||||
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
net/mac80211/rate.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
|
||||
index ad64f4d..f9b8e81 100644
|
||||
--- a/net/mac80211/rate.c
|
||||
+++ b/net/mac80211/rate.c
|
||||
@@ -344,7 +344,7 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
|
||||
for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
|
||||
info->control.rates[i].idx = -1;
|
||||
info->control.rates[i].flags = 0;
|
||||
- info->control.rates[i].count = 1;
|
||||
+ info->control.rates[i].count = 0;
|
||||
}
|
||||
|
||||
if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
From 6670f15b1f6858a43b292d8ab64464e9f085a6aa Mon Sep 17 00:00:00 2001
|
||||
From: Amitkumar Karwar <akarwar@marvell.com>
|
||||
Date: Thu, 9 Feb 2012 18:32:22 -0800
|
||||
Subject: [PATCH] mwifiex: clear previous security setting during association
|
||||
|
||||
Driver maintains different flags for WEP, WPA, WPA2 security modes.
|
||||
Appropriate flag is set using security information provided in
|
||||
connect request. mwifiex_is_network_compatible() routine uses them
|
||||
to check if driver's setting is compatible with AP. Association is
|
||||
aborted if the routine fails.
|
||||
|
||||
For some corner cases, it is observed that association is failed
|
||||
even for valid security information based on association history.
|
||||
This patch fixes the problem by clearing previous security setting
|
||||
during each association.
|
||||
|
||||
We should set WEP key provided in connect request as default tx key.
|
||||
This missing change is also added here.
|
||||
|
||||
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
|
||||
Signed-off-by: Bing Zhao <bzhao@marvell.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
drivers/net/wireless/mwifiex/cfg80211.c | 8 +++++++-
|
||||
1 files changed, 7 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
|
||||
index c3b6c46..5b2972b 100644
|
||||
--- a/drivers/net/wireless/mwifiex/cfg80211.c
|
||||
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
|
||||
@@ -841,7 +841,12 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, u8 *ssid,
|
||||
ret = mwifiex_set_rf_channel(priv, channel,
|
||||
priv->adapter->channel_type);
|
||||
|
||||
- ret = mwifiex_set_encode(priv, NULL, 0, 0, 1); /* Disable keys */
|
||||
+ /* As this is new association, clear locally stored
|
||||
+ * keys and security related flags */
|
||||
+ priv->sec_info.wpa_enabled = false;
|
||||
+ priv->sec_info.wpa2_enabled = false;
|
||||
+ priv->wep_key_curr_index = 0;
|
||||
+ ret = mwifiex_set_encode(priv, NULL, 0, 0, 1);
|
||||
|
||||
if (mode == NL80211_IFTYPE_ADHOC) {
|
||||
/* "privacy" is set only for ad-hoc mode */
|
||||
@@ -886,6 +891,7 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, u8 *ssid,
|
||||
dev_dbg(priv->adapter->dev,
|
||||
"info: setting wep encryption"
|
||||
" with key len %d\n", sme->key_len);
|
||||
+ priv->wep_key_curr_index = sme->key_idx;
|
||||
ret = mwifiex_set_encode(priv, sme->key, sme->key_len,
|
||||
sme->key_idx, 0);
|
||||
}
|
||||
--
|
||||
1.7.4.4
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
From 7be081539e540517d5e1fcbf96b8080074afbf08 Mon Sep 17 00:00:00 2001
|
||||
From: Gabor Juhos <juhosg@openwrt.org>
|
||||
Date: Thu, 16 Feb 2012 20:44:59 +0100
|
||||
Subject: [PATCH] rt2x00: fix a possible NULL pointer dereference
|
||||
|
||||
The 'rt2x00lib_probe_dev' function tries to
|
||||
allocate the workqueue. If the allocation
|
||||
fails, 'rt2x00_lib_remove_dev' is called on
|
||||
the error path. Because 'rt2x00dev->workqueue'
|
||||
is NULL in this case, the 'destroy_workqueue'
|
||||
call will cause a NULL pointer dereference.
|
||||
|
||||
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
|
||||
Acked-by: Gertjan van Wingerde <gwingerde@gmail.com>
|
||||
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
|
||||
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
||||
---
|
||||
drivers/net/wireless/rt2x00/rt2x00dev.c | 3 ++-
|
||||
1 files changed, 2 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c
|
||||
index c3e1aa7..d2a1ea9 100644
|
||||
--- a/drivers/net/wireless/rt2x00/rt2x00dev.c
|
||||
+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
|
||||
@@ -1220,7 +1220,8 @@ void rt2x00lib_remove_dev(struct rt2x00_dev *rt2x00dev)
|
||||
cancel_work_sync(&rt2x00dev->rxdone_work);
|
||||
cancel_work_sync(&rt2x00dev->txdone_work);
|
||||
}
|
||||
- destroy_workqueue(rt2x00dev->workqueue);
|
||||
+ if (rt2x00dev->workqueue)
|
||||
+ destroy_workqueue(rt2x00dev->workqueue);
|
||||
|
||||
/*
|
||||
* Free the tx status fifo.
|
||||
--
|
||||
1.7.4.4
|
||||
|
Loading…
Reference in New Issue