Commit Graph

222165 Commits

Author SHA1 Message Date
Andrei Emeltchenko
940a9eea80 Bluetooth: timer check sk is not owned before freeing
In timer context we might delete l2cap channel used by krfcommd.
The check makes sure that sk is not owned. If sk is owned we
restart timer for HZ/5.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:36 -02:00
Andrei Emeltchenko
a49184c229 Bluetooth: Check sk is not owned before freeing l2cap_conn
Check that socket sk is not locked in user process before removing
l2cap connection handler.

lock_sock and release_sock do not hold a normal spinlock directly but
instead hold the owner field. This means bh_lock_sock can still execute
even if the socket is "locked". More info can be found here:
http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks

krfcommd kernel thread may be preempted with l2cap tasklet which remove
l2cap_conn structure. If krfcommd is in process of sending of RFCOMM reply
(like "RFCOMM UA" reply to "RFCOMM DISC") then kernel crash happens.

...
[  694.175933] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[  694.184936] pgd = c0004000
[  694.187683] [00000000] *pgd=00000000
[  694.191711] Internal error: Oops: 5 [#1] PREEMPT
[  694.196350] last sysfs file: /sys/devices/platform/hci_h4p/firmware/hci_h4p/loading
[  694.260375] CPU: 0    Not tainted  (2.6.32.10 #1)
[  694.265106] PC is at l2cap_sock_sendmsg+0x43c/0x73c [l2cap]
[  694.270721] LR is at 0xd7017303
...
[  694.525085] Backtrace:
[  694.527587] [<bf266be0>] (l2cap_sock_sendmsg+0x0/0x73c [l2cap]) from [<c02f2cc8>] (sock_sendmsg+0xb8/0xd8)
[  694.537292] [<c02f2c10>] (sock_sendmsg+0x0/0xd8) from [<c02f3044>] (kernel_sendmsg+0x48/0x80)

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:36 -02:00
Vasiliy Kulikov
d31dbf6e59 Bluetooth: hidp: fix information leak to userland
Structure hidp_conninfo is copied to userland with version, product,
vendor and name fields unitialized if both session->input and session->hid
are NULL.  It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:36 -02:00
Vasiliy Kulikov
3185fbd9d7 Bluetooth: cmtp: fix information leak to userland
Structure cmtp_conninfo is copied to userland with some padding fields
unitialized.  It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:35 -02:00
Vasiliy Kulikov
5520d20f68 Bluetooth: bnep: fix information leak to userland
Structure bnep_conninfo is copied to userland with the field "device"
that has the last elements unitialized.  It leads to leaking of
contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:35 -02:00
Johan Hedberg
127178d24c Bluetooth: Automate remote name requests
In Bluetooth there are no automatic updates of remote device names when
they get changed on the remote side. Instead, it is a good idea to do a
manual name request when a new connection gets created (for whatever
reason) since at this point it is very cheap (no costly baseband
connection creation needed just for the sake of the name request).

So far userspace has been responsible for this extra name request but
tighter control is needed in order not to flood Bluetooth controllers
with two many commands during connection creation. It has been shown
that some controllers simply fail to function correctly if they get too
many (almost) simultaneous commands during connection creation. The
simplest way to acheive better control of these commands is to move
their sending completely to the kernel side.

This patch inserts name requests into the sequence of events that the
kernel performs during connection creation. It does this after the
remote features have been successfully requested and before any pending
authentication requests are performed. The code will work sub-optimally
with userspace versions that still do the name requesting themselves (it
shouldn't break anything though) so it is recommended to combine this
with a userspace software version that doesn't have automated name
requests.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:35 -02:00
Johan Hedberg
392599b95d Bluetooth: Create a unified authentication request function
This patch adds a single function that's responsible for requesting
authentication for outgoing connections. This is preparation for the
next patch which will add automated name requests and thereby move the
authentication requests to a different location.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:35 -02:00
Johan Hedberg
ccd556fe33 Bluetooth: Simplify remote features callback function logic
The current remote and remote extended features event callbacks logic
can be made simpler by using a label and goto statements instead of the
current multiple levels of nested if statements.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 21:04:35 -02:00
Gustavo F. Padovan
17f490bced Merge git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6 into test 2010-12-01 21:04:09 -02:00
Bala Shanmugam
be93112acc Bluetooth: Add new PID for Atheros 3011
Atheros 3011 has small sflash firmware and needs to be
blacklisted in transport driver to load actual firmware
in DFU driver.

Signed-off-by: Bala Shanmugam <sbalashanmugam@atheros.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 15:51:01 -02:00
Stefan Seyfried
61faddf661 Bluetooth: Fix log spamming in btusb due to autosuspend
If a device is autosuspended an inability to resubmit URBs is
to be expected. Check the error code and only log real errors.
(Now that autosuspend is default enabled for btusb, those log
messages were happening all the time e.g. with a BT mouse)

Signed-off-by: Stefan Seyfried <seife+kernel@b1-systems.com>
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01 15:46:42 -02:00
Stanislaw Gruszka
61790c5f3c iwlagn: fix microcode error on 4965
Commit dbbf1755b0 "iwlwifi: use
antenna information in EEPROM" caused 4965 device breakage with
"Microcode SW error detected.  Restarting 0x82000000." message.
This patch reverts 4965 part of that commit.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:58:18 -05:00
Helmut Schaa
08ca944eb2 mac80211: Minor optimization in ieee80211_rx_h_data
Remove a superfluous ieee80211_is_data check as that was checked a few
lines before already and we wont't get here for non-data frames at all.

Second, the frame was already converted to 802.3 header format and
reading the fc and addr1 fields was only possible because the 802.3
header is short enough and didn't overwrite the relevant parts of the
802.11 header. Make the code more obvious by checking the ethernet
header's h_dest field.

Furthermore reorder the conditions to reduce the number of checks
when dynamic powersave is not needed (AP mode for example).

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:58:07 -05:00
Johannes Stezenbach
20ed3166c8 mac80211/rt2x00: add ieee80211_tx_status_ni()
All rt2x00 drivers except rt2800pci call ieee80211_tx_status() from
a workqueue, which causes "NOHZ: local_softirq_pending 08" messages.

To fix it, add ieee80211_tx_status_ni() similar to ieee80211_rx_ni()
which can be called from process context, and call it from
rt2x00lib_txdone().  For the rt2800pci special case a driver
flag is introduced.

Signed-off-by: Johannes Stezenbach <js@sig21.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:46 -05:00
Nick Kossifidis
4352fab5c2 ath5k: Set turbo bit on rf bank 2
* A diff between rfbuffer settings of turbo and non-turbo
 modes indicates there is a bit on bank 2 related to turbo operation
 (it's set on turbo modes). This bit is present on all radios except
 RF5413 that seems to have a completely different bank 2. Also
 since 2317 has the same rf-registers locations with 2425 and
 since the bit exists on 2317 I assume it also exists on 2425/2417).
 So in case we use turbo mode (40MHz) enable it on bank modification.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:45 -05:00
Nick Kossifidis
8c2b418a07 ath5k: Clean up turbo mode initvals/rfregs
* Clean up what's left of turbo mode, since we handle all
 register modifications (rfbuffer comes next) on code there
 is no need to have duplicated arrays.

 * Rename change_channel to skip_pcu on initvals.c as we did
 on reset.c

 Signed-off-by: Nick Kossifidis <micklfemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:45 -05:00
Nick Kossifidis
acb091d67c ath5k: Cleanup turbo channel flags
* Clean up CHANNEL_T(URBO), use AR5K_BWMODE_40MHZ instead

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:45 -05:00
Nick Kossifidis
73a06a6834 ath5k: Use correct clock when setting ofdm timings
* Use correct clock value when setting OFDM timings on
 non-default bwmodes.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:44 -05:00
Nick Kossifidis
3bb1765460 ath5k: Skip tx power setting on AR5210 for now
* Don't return -EINVAL when trying to set tx power
 on RF5110 because AR5210 reset will fail. We need to
 add support for RF5110 and AR5210 eeprom in the future
 but for now just skip it.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:44 -05:00
Nick Kossifidis
b02f5d1a17 ath5k: Tweak phy activate to rx start delay based on bwmode
* Tweak phy activation -> rx delay for different bwmodes

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:44 -05:00
Nick Kossifidis
c2b0ebef26 ath5k: No need to save/restore staid flags on reset
* Since we set antenna flags on phy init and ack bitrate
 mode on pcu init, there is no need to save/restore sta_id
 flags on ath5k_hw_reset. Also we don't need to re-set our
 mac address because it's not affected by resets.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:43 -05:00
Nick Kossifidis
8aec7af99b ath5k: Support synth-only channel change for AR2413/AR5413
* Add synth-only channel change for AR2413/5413. When we call
 ath5k_reset with a channel ath5k_hw_reset will first try to
 set channel on PHY while PHY is running instead of doing a normal
 full reset. To do this phy_init has to change to implement this
 functionality.

 * Clean up change_channel flag, what it really did was skip PCU
 registers when setting initvals. This is done because on reset
 PCU registers are not affected (except the registers we set
 in pcu init and -due to hw problems- TSF). Use a new skip_pcu
 flag that's not misleading instead. In the future we might use
 that to also skip PCU reset and save us the TSF etc problems
 (needs testing because standard practice is to reset everything).

 * Use fast channel change only when setting channel, and set skip_pcu
 to false only on init. When we reset the card due to DMA or PHY
 problems skip pcu but never do a fast channel change.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:43 -05:00
Nick Kossifidis
4c57581d93 ath5k: Skip powertable setting when we are on the same channel
* Only set power table if we are changing channel/mode
 there is no need to recalculate and reset the power table
 all the time.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:24 -05:00
Nick Kossifidis
f08fbf6cf4 ath5k: Update PLL programming for turbo/half/quarter
* Set correct PLL settings for each bwmode

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:23 -05:00
Nick Kossifidis
a2677fe429 ath5k: Update spur mitigation filter for turbo/half/quarter
* Add spur mitigation filter support for half/quarter and turbo.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:23 -05:00
Nick Kossifidis
b2b4c69f68 ath5k: Tweak power detector delays on RF5111/RF5112
* Tweak power detector delays on AR5111/AR5112 when
 using half/quarter modes.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:23 -05:00
Nick Kossifidis
71ba1c3085 ath5k: Always set IFS intervals on reset
* Make sure we always set IFS timings even if no
 coverage class is set. If we don't we'll miss the
 needed changes for different bwmodes.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:22 -05:00
Nick Kossifidis
473cae2762 ath5k: Use turbo flag on DCU
* Set AR5K_DCU_GBL_IFS_MISC_TURBO_MODE flag on DCU when operating
 on 40MHz

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:22 -05:00
Nick Kossifidis
eeb8832b31 ath5k: Set all IFS intervals, not just slot time
* Replace set_slot_time with set_ifs_intervals that also sets
 the various inter-frame space intervals based on current bwmode.

 * Clean up AR5210 mess from reset_tx_queue, AR5210 only has one
 data queue and we set IFS intervals for that queue on set_ifs_intervals
 so there is nothing left to do for 5210 on reset_tx_queue.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:21 -05:00
Nick Kossifidis
61cde03723 ath5k: Extend rate_duration
* Extend ieee80211_generic_frame_duration to support the various
 bwmodes.

 * Better document what's going on with ack bitrates and update
 write_rate_duration to support the standard ack bitrates (when
 we don't set the high bit).

 * Get rid of set_ack_bitrate_high and introduce a flag on ath5k_hw
 for this (we only called the function on init anyway so there is no
 difference).

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:53:21 -05:00
Nick Kossifidis
3017fcab41 ath5k: Extend get_default_sifs/slot_time
* Extend get_default_sifs/slot_time to include timings for turbo
 half and quarter rate modes.

 * AR5210 code for now uses timings already on core clock units
 instead of usecs so rename them (we 'll clean it up later).

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:35 -05:00
Nick Kossifidis
25ddfa1957 ath5k: Move tx retries setting outside reset_tx_queue
* Move setting of tx retry limits on a separate function
 (we 'll clean up this AR5210 mess later)

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:35 -05:00
Nick Kossifidis
b405086ba4 ath5k: Increase PHY settling parameters for turo mode
* On turbo mode increase PHY settling times, note that
 we only increase switch settling time on AR5212 as indicated
 by initvals.

 * A few cleanups: Move frame control settings for AR5210 from
 reset_tx_queue to tweak_initvals and remove phy_scal settings
 from tweak_initvals (we tweak them alread on set_sleep_clock).

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:34 -05:00
Nick Kossifidis
325089ab58 ath5k: Small cleanup on tweak_initvals
* Now that we properly set rx/tx latencies for AR5311 remove
 that old buggy part of code left inside ath5k_hw_tweak_initval_settings
 that was never executed (you can't have an RF5112 radio on a mac older
 than AR5212). Also use a magic value for 5311 PHY_SCAL value.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:34 -05:00
Nick Kossifidis
c297560206 ath5k: Put core clock initialization on a new function
* Handle all usec parameters in one function. It's much cleaner
 this way.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:33 -05:00
Nick Kossifidis
fa3d2feeff ath5k: Add new field on ath5k_hw to track bandwidth modes
* Prepare for half/quarter/turbo support, introduce a new
 ah_bwmode parameter and get rid of ah_turbo. Bwmode stands
 for "bandwidth mode" and can have 4 values, default (20MHz),
 turbo (40MHz), half rate (10MHz), and quarter rate (5MHz).

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:33 -05:00
Nick Kossifidis
14fae2d4b6 ath5k: Use new function to stop beacon queue
* Since we only use ath5k_hw_stop_tx_dma to stop the beacon
 queue, introduce a new function ath5k_hw_stop_beacon_queue so
 that we can use that instead and have better control. In the future
 we can add more beacon queue specific stuff there (maybe tweak
 beacon timers or something), for now just call ath5k_hw_stop_tx_dma.

 * Also since we don't call ath5k_hw_stop_rx/tx_dma from outside
 dma.c, make them static.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:32 -05:00
Nick Kossifidis
e8325ed874 ath5k: Check RXE when setting RXDP
* Make sure we are not trying to set RXDP while RX is active,
 for now ignore the return value.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:32 -05:00
Nick Kossifidis
f7317ba2d6 ath5k: Use DCU early termination correctly
* DCU early termination should be used to quickly flush QCU
 according to docs so don't enable it for all queues, enable
 it only when stopping each queue and disable it when we are
 done.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:32 -05:00
Nick Kossifidis
b3a28e68d5 ath5k: Debug DMA timeouts
* Increase timeouts on ath5k_hw_stop_tx_dma and also wait for
 tx queue to stop before checking for pending frames

 * Add a new debug level to debug dma start/stop

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:31 -05:00
Nick Kossifidis
80dac9eecb ath5k: Use new dma_stop function on base.c
* Since we stop rx/tx dma and pcu durring reset there is no need to
 call ath5k_hw_stop_rx/tx_dma before, also there is no need to call
 them durring stop_locked since we can use ath5k_hw_dma_stop for
 both.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:31 -05:00
Nick Kossifidis
e088f23be1 ath5k: Stop PCU on reset
* Stop PCU receive logic (DRU) durring reset
 We need to be sure pcu is not active when trying to stop rx dma
 right now this is done on ath5k_reset (base.c) but later we are
 going to clean it up.

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:30 -05:00
Nick Kossifidis
d41174fabd ath5k: Add new function to stop rx/tx DMA
* Add a new function to stop rx/tx dma and use in when reset starts

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:30 -05:00
Nick Kossifidis
9320b5c4a7 ath5k: Reset cleanup and generic cleanup
* No functional changes

 * Clean up reset:
 Introduce init functions for each unit and call them instead
 of having everything inside ath5k_hw_reset (it's just c/p for
 now so nothing changes except calling order -I tested it with
 various cards and it's ok-)

 * Further cleanups:
 ofdm_timings belongs to phy.c
 rate_duration belongs to pcu.c
 clock functions are general and belong to reset.c (more to follow)

 * Reorder functions for better organization:
 We start with helpers and other functions follow in categories,
 init functions are last

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:52:29 -05:00
Mohammed Shafi Shajakhan
ea066d5a91 ath9k: Add support for Adaptive Power Management
This feature is to mitigate the problem of certain 3
stream chips that exceed the PCIe power requirements.An EEPROM flag
controls which chips have APM enabled which is basically read from
miscellaneous configuration element of the EEPROM header.

This workaround will reduce power consumption by using 2 Tx chains for
Single and Double stream rates (5 GHz only).All self generated frames
(regardless of rate) are sent on 2 chains when this feature is
enabled(Chip Limitation).

Cc: Paul Shaw <paul.shaw@atheros.com>
Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Tested-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:49:13 -05:00
Senthil Balasubramanian
916448e77f ath9k: Fix STA disconnect issue due to received MIC failed bcast frames
AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying
this status for MIC failed frames is buggy.

Due to this, MIC failure events for broadcast frames are not sent to
supplicant resulted in AP disconnecting the STA.

Able to pass Wifi Test case 5.2.18 with this fix.

Cc: Stable <stable@kernel.org> (2.6.36+)
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:45:02 -05:00
Senthil Balasubramanian
8e26d5ad2f mac80211: Fix STA disconnect due to MIC failure
Th commit titled "mac80211: clean up rx handling wrt. found_sta"
removed found_sta variable which caused a MIC failure event
to be reported twice for a single failure to supplicant resulted
in STA disconnect.

This should fix WPA specific countermeasures WiFi test case (5.2.17)
issues with mac80211 based drivers which report MIC failure events in
rx status.

Cc: Stable <stable@kernel.org> (2.6.37)
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:45:02 -05:00
Christian Lamparter
2c31333a8f mac80211: ignore non-bcast mcast deauth/disassoc franes
This patch fixes an curious issue due to insufficient
rx frame filtering.

Saqeb Akhter reported frequent disconnects while streaming
videos over samba: <http://marc.info/?m=128600031109136>
> [ 1166.512087] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
> [ 1526.059997] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
> [ 2125.324356] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
> [...]

The reason is that the device generates frames with slightly
bogus SA/TA addresses.

e.g.:
 [ 2314.402316] Ignore 9f:1f:31:f8:64:ff
 [ 2314.402321] Ignore 9f:1f:31:f8:64:ff
 [ 2352.453804] Ignore 0d:1f:31:f8:64:ff
 [ 2352.453808] Ignore 0d:1f:31:f8:64:ff
 					   ^^ the group-address flag is set!
 (the correct SA/TA would be: 00:1f:31:f8:64:ff)

Since the AP does not know from where the frames come, it
generates a DEAUTH response for the (invalid) mcast address.
This mcast deauth frame then passes through all filters and
tricks the stack into thinking that the AP brutally kicked
us!

This patch fixes the problem by simply ignoring
non-broadcast, group-addressed deauth/disassoc frames.

Cc: Jouni Malinen <j@w1.fi>
Cc: Johannes Berg <johannes@sipsolutions.net>
Reported-by: Saqeb Akhter <saqeb.akhter@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:23:06 -05:00
David Kilroy
cf63495d0d orinoco: abort scan on interface down
This fixes the problem causing the following trace:

------------[ cut here ]------------
WARNING: at linux-2.6.34/net/wireless/core.c:633 wdev_cleanup_work+0xb7/0xe0 [cfg80211]()
Hardware name: Latitude C840
Pid: 707, comm: cfg80211 Not tainted 2.6.34.7-0.5-desktop #1
Call Trace:
 [<c02065c3>] try_stack_unwind+0x173/0x190
 [<c02051cf>] dump_trace+0x3f/0xe0
 [<c020662b>] show_trace_log_lvl+0x4b/0x60
 [<c0206658>] show_trace+0x18/0x20
 [<c064e0b3>] dump_stack+0x6d/0x72
 [<c02443ae>] warn_slowpath_common+0x6e/0xb0
 [<c0244403>] warn_slowpath_null+0x13/0x20
 [<e2db5497>] wdev_cleanup_work+0xb7/0xe0 [cfg80211]
 [<c025cfa9>] run_workqueue+0x79/0x170
 [<c025d123>] worker_thread+0x83/0xe0
 [<c025fef4>] kthread+0x74/0x80
 [<c0203826>] kernel_thread_helper+0x6/0x10
---[ end trace 3f0348b3b0c6f4ff ]---

Reported by: Giacomo Comes <comes@naic.edu>
Signed-off-by: David Kilroy <kilroyd@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30 13:23:05 -05:00
Johannes Berg
dd318575ff mac80211: fix RX aggregation locking
The RX aggregation locking documentation was
wrong, which led Christian to also code the
timer timeout handling for it somewhat wrongly.

Fix the documentation, the two places that
need to hold the reorder lock across accesses
to the structure, and the debugfs code that
should just use RCU.

Also, remove acquiring the sta->lock across
reorder timeouts since it isn't necessary, and
change a few places to GFP_KERNEL because the
code path here doesn't need atomic allocations
as I noticed when reviewing all this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29 15:30:30 -05:00