Commit Graph

204965 Commits

Author SHA1 Message Date
Juuso Oikarinen
bea39d6a60 wl1271: Optimize scan duration
Currently then dwell times for each channel in scans is set to an overly
long value, and excessive number of probe-requests are transmitted on each
channel (for active scans.)

Based on testing, comparable results can be received with smaller dwell-time,
and, with fever probe-requests - in fact, reducing the number of probe-requests
to 2 seems to increase the number of found results.

Configure more optimal values for per channel dwell times. Comparison for the
different scan configurations (in my current office environment):

dwell-time 60000   3x probe-req == ~60 results
           40000   3x probe-req == ~50 results
           30000   3x probe-req == ~40 results

dwell-time 60000   2x probe-req == ~70 results
           40000   2x probe-req == ~60 results
           30000   2x probe-req == ~58 results

The above are results for a cumulative 3 scan run. For individual scans, the
number of results drop slightly more.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:06 +03:00
Juuso Oikarinen
78abd32074 wl1271: Add handling for failing hardware scan command
Currently, the driver does not handle a failing hardware command to scan in
any way - effectively, the scan machine will jam until the driver is shut down,
and future scan requests will just return -EBUSY to user space, resulting in
a type of busy-loop. The same problem occurs if the firmware fails to deliver
the scan completion event - add timeout for this.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:05 +03:00
Juuso Oikarinen
52b0e7a61f wl1271: Add hardware recovery mechanism
There is some probability of hardware failures, which currently go largely
undetected. Attempt to recover from these failures by shutting down the
hardware, and requesting mac80211 to reconfigure it.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:04 +03:00
Juuso Oikarinen
52a2a37550 wl1271: Separate interface removal to another function
Do this so the interface removal can be triggered from an upcoming hardware
failure recovery mechanism.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:04 +03:00
Juuso Oikarinen
8c7f4f3166 wl1271: Fix work cancelling when shutting down the driver
The work cancelling has had several hazards, ranging from potentially
executing work after the driver is in OFF state, to executing work after
the driver and relevant memory structures are already removed.

Fix these.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:03 +03:00
Juuso Oikarinen
c454f1d9a8 wl1271: Move scan complete invocation into work function
The current scan implementation can jam, if the scan request ends up
containing no work. This can especially happen if there is a scan request
with only 11a band channels for HW that does not support 11a.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:03 +03:00
Juuso Oikarinen
9987a9da3e wl1271: Fix AC/TID default configuration
The WMM queue default configuration was incorrect, and caused uapsd mode
problems (among possible others.)

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:02 +03:00
Juuso Oikarinen
ed484a16b4 wl1271: Fix tid-configuration of TX frames
Incorrect TID was configured for TX frames. This resulted in incorrect
queues to be used for classes in transmission.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:30:01 +03:00
Juuso Oikarinen
11eb54298f wl1271: Enable 11a support always, prevent scanning for unsupporting chips
This patch always enables 11a band towards the mac80211, but prevents scanning
(and hence the usage of) 11a band channels if the chipset does not support it.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:11 +03:00
Juuso Oikarinen
65cddbf135 wl1271: Reduce rate used for last PSM entry attempt
This patch reduces the rate of the null-func used to enter PSM on the last
retry as precaution.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:11 +03:00
Juuso Oikarinen
02fabb0eaf wl1271: Enable/disable 11a support based on INI configuration
Instead of hardcoding 11a support, enable/disable driver support based on
the dual-mode-select parameter in the nvs-file general paramters.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:10 +03:00
Juuso Oikarinen
18c311b718 wl1271: Remove function cmd_read_memory
The function is not used anywhere.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:09 +03:00
Juuso Oikarinen
4e23b11b08 wl1271: Release interrupt *after* releasing the driver context
The current order causes driver releasing to fail in various ways, and causes
possible instability.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:09 +03:00
Juuso Oikarinen
1655309745 wl1271: Remove acx_fw_version function
It's not used anywhere.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:08 +03:00
Juuso Oikarinen
03f06b7efc wl1271: Move setting of wake-up conditions to ps.c from cmd.c
This removes a fixme. Also, it removes a redundant setting of the wake-up
conditions when exiting power save mode, which should improve performance.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:08 +03:00
Juuso Oikarinen
2f63b011b4 wl1271: Remove outdated FIXME's
Remove outdated FIXME's from the code.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:07 +03:00
Juuso Oikarinen
fa21c7a9e4 wl1271: Change supported channel order for a more optimal scan
The mac80211 inserts channels into a scan request in the same order the driver
registers them. Use this fact to optimize scan by ordering the channels so
that adjacent channels don't get scanned consecutively.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:07 +03:00
Luciano Coelho
4f35c0253a wl1271: fix forced passive scan
When we get no SSIDs in the scan request, we should force a passive scan in
all channels.  This patch adds code to force the passive scan flag to be set
in that case.

Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
Reviewed-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
2010-09-28 12:15:06 +03:00
Luciano Coelho
5924f89d65 wl1271: remove useless 11a check when scanning
This code was a leftover of the previous scanning mechanism.  The if is
totally unnecessary, since both branches do the same thing.

Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
Reviewed-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
2010-09-28 12:15:05 +03:00
Juuso Oikarinen
76a029fbfb wl1271: Fix scan race condition
In the scan state machine, the wl1271_mutex is unlocked first then relocked,
and then the scan state variables are modified.

This makes it possible for ieee80211_scan_complete to be called twice in some
scenarios, as the scan completion event from the firmware may be processed
while the mutex is unlocked.

To fix the issue, move the ieee80211_scan_complete call last in the function.
This is generally safer, but there still may be issues is functions calling
the scan state machine rely on states checked before the unlocking of the
global mutex.

(forward ported from 2.6.32 -- this is not strictly needed anymore, because
the mutex doesn't need to be unlocked anymore, but I'm applying this change
anyway, so that the call to ieee80211_scan_complete is in the same place)

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Saravanan Dhanabal <ext-saravanan.dhanabal@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:05 +03:00
Juuso Oikarinen
c2c192ac6c wl1271: Add trigger to net_device oper_state to change BT coex priority
Add a trigger to net_device changes to monitor for oper_state changes in order
to be able to inform the firmware when association is fully complete (including
the EAP negotiation.)

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:04 +03:00
Juuso Oikarinen
be86cbea1e wl1271: Implement CMD_SET_STA_STATE to indicate connection completion to FW
Implement the command function to send CMD_SET_STA_STATE to the firmware. This
is used to indicate that association (and the related EAP negotiation) are
complete.

This is used to tune WLAN-BT coexistense priority towards BT, improving BT
A2DP and SCO performance.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
2010-09-28 12:15:03 +03:00
Luciano Coelho
98d633b64a wl1271: remove deprecated ACX definition
As of Rev. 6.1.0.0.335, the ACX_SET_SMART_REFLEX_DEBUG command is
deprecated.  This patch removes it from the wl1271 driver (it wasn't used
anyway).

Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
Reviewed-by: Saravanan Dhanabal <ext-saravanan.dhanabal@nokia.com>
2010-09-28 12:15:02 +03:00
Rajkumar Manoharan
e2b626248b ath9k_htc: Fix TKIP disconnect failure with HTC drivers
The following commit removed splitmic. But forgot to add
ATH_CRYPT_CAP_MIC_COMBINED flag for HTC drivers which causes
TKIP to fail.

Author: Bruno Randolf <br1@einfach.org>
Date:   Wed Sep 8 16:04:54 2010 +0900

    ath/ath9k: Replace common->splitmic with a flag

    Replace common->splitmic with ATH_CRYPT_CAP_MIC_COMBINED flag.

Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:56 -04:00
Johannes Berg
554891e63a mac80211: move packet flags into packet
commit 8c0c709eea
Author: Johannes Berg <johannes@sipsolutions.net>
Date:   Wed Nov 25 17:46:15 2009 +0100

    mac80211: move cmntr flag out of rx flags

moved the CMNTR flag into the skb RX flags for
some aggregation cleanups, but this was wrong
since the optimisation this flag tried to make
requires that it is kept across the processing
of multiple interfaces -- which isn't true for
flags in the skb. The patch not only broke the
optimisation, it also introduced a bug: under
some (common!) circumstances the flag will be
set on an already freed skb!

However, investigating this in more detail, I
found that most of the flags that we set should
be per packet, _except_ for this one, due to
a-MPDU processing. Additionally, the flags used
for processing (currently just this one) need
to be reset before processing a new packet.

Since we haven't actually seen bugs reported as
a result of the wrong flags handling (which is
not too surprising -- the only real bug case I
can come up with is an a-MSDU contained in an
a-MPDU), I'll make a different fix for rc.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:54 -04:00
Johannes Berg
4080c7cdc2 mac80211: fix release_reorder_timeout in scan
Even if the reorder timeout timer fires while
scanning, the frames weren't received during
scanning and therefore shouldn't be dropped.
To implement this, changes to the passive scan
RX handler simplify understanding it, because
it currently checks HW_SCANNING independently
of a packet's in-scan receive status (which
doesn't make a big difference, since scan_rx()
will only pick up probe responses and beacons,
which can't be aggregated.)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:53 -04:00
Johannes Berg
4b0dd98e70 mac80211: clean up rx handling wrt. found_sta
If a station was found, then we'll have exited
the function already, so it is not necessary to
have a variable keeping track of it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:52 -04:00
Johannes Berg
4406c37689 mac80211: consolidate packet processing
There are now four instances of vaguely the same
code that does packet preparation, checking for
MMIC errors and reporting them, and then invoking
packet processing. Consolidate all of these.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:51 -04:00
Johannes Berg
20b01f80f7 mac80211: remove prepare_for_handlers sdata argument
The first argument to prepare_for_handlers is always
the sdata that can just be stored in rx data directly
(and even already is, in two of four code paths.)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:50 -04:00
John W. Linville
7c1e183186 Revert "mac80211: fix use-after-free"
This reverts commit cd87a2d3a3.

Author reports it conflicts with proper fixes, applied hereafter.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:48 -04:00
Teemu Paasikivi
92e44948b2 nl80211: Fix exit from nl80211_set_power_save
If interface does not existk, when nl80211_set_power_save is called, (eg.
module has been unloaded) it has been causing kernel panic. Added new
goto target to avoid crash if get_rdev_dev_by_info_ifindex does not
return dev and rdev pointers.

Signed-off-by: Teemu Paasikivi <ext-teemu.3.paasikivi@nokia.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:47 -04:00
Ben Greear
56af326830 mac80211: Support receiving data frames on multiple vifs.
When using multiple STA interfaces on the same radio, some
data packets need to be received on all interfaces
(broadcast, for instance).

Make the STA loop look similar to the mgt-data loop.

Also, add logic to check RX_FLAG_MMIC_ERROR for last
interface in mgt-data loop.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:46 -04:00
Ben Greear
686b9cb994 mac80211/ath9k: Support AMPDU with multiple VIFs.
The old ieee80211_find_sta_by_hw method didn't properly
find VIFS when there was more than one per AP.  This caused
AMPDU logic in ath9k to get the wrong VIF when trying to
account for transmitted SKBs.

This patch changes ieee80211_find_sta_by_hw to take a
localaddr argument to distinguish between VIFs with the
same AP but different local addresses.  The method name
is changed to ieee80211_find_sta_by_ifaddr.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:45 -04:00
Ben Greear
295bafb47b mac80211: Support multiple VIFS per AP in debugfs.
Create 'stations' sub-directory under each netdev:[vif-name]
directory to hold all stations for that network device.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:43 -04:00
Felix Fietkau
a42acef0dd ath9k_hw: simplify revision checks for AR9287
Since AR9287 v1.0 was never sold (and the initvals removed), its revision
checks can be simplified similar to AR9280

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:42 -04:00
Felix Fietkau
e17f83eafd ath9k_hw: simplify revision checks for AR9285
Since AR9285 v1.0 and v1.1 were never sold (and the initvals removed),
its revision checks can be simplified similar to AR9280

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:41 -04:00
Felix Fietkau
7a37081e2e ath9k_hw: simplify revision checks for AR9280
Since AR9280 v1.0 was never sold (and the initvals removed), v1.0 specific
revision checks can be removed and the 'v2.0 or later' check can be
simplified to a check for AR9280 or later.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:39 -04:00
Ido Yariv
67e0208ace wl1271: Fix overflow in wl1271_boot_upload_nvs
Due to miscalculation of nvs_len, excessive data was sent to the
firmware.
Fix this by first setting nvs_ptr to point to the first NVS table,
and computing the total size of all NVS tables accordingly.

Signed-off-by: Ido Yariv <ido@wizery.com>
Tested-By: Tuomas Katila <ext-tuomas.2.katila@nokia.com>
Acked-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:38 -04:00
Ben Greear
87fd2e6c90 ath5k: Add bssid mask and rxfilter to debugfs.
Helps with debugging virtual interfaces.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-27 15:57:36 -04:00
Rajkumar Manoharan
9cf13668a5 ath9k_htc: Fix beacon distribution in IBSS mode
This patch ensures fair beacon distribution in IBSS mode
by configuring proper CWmin based on slot time.

Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:54:32 -04:00
Vasanthakumar Thiagarajan
9094537c3a ath9k: Fix tx struck state with paprd
Paprd needs to be done only on active chains(not for all the chains
that hw can support). The paprd training frames which are sent
for inactive chains would be hanging on the hw queue without
getting transmitted and would make the connection so unstable.
This issue happens only with the hw which supports paprd cal(ar9003).

Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:54:31 -04:00
Christian Lamparter
eb7d3066cf mac80211: clear txflags for ps-filtered frames
This patch fixes stale mac80211_tx_control_flags for
filtered / retried frames.

Because ieee80211_handle_filtered_frame feeds skbs back
into the tx path, they have to be stripped of some tx
flags so they won't confuse the stack, driver or device.

Cc: <stable@kernel.org>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:54:30 -04:00
Dan Carpenter
ed627be38a airo: remove "basic_rate" module option
The "basic_rate" module option is not implemented correctly.  If the
rate was set to zero it was supposed to set it to "basic_rate | 0x80".
Unfortunately the check to see if what zero was wrong and it checked
"!ai->config.rates" (which is always false) instead of
"!ai->config.rates[i]".

This option was just used for development and it wasn't documented
anywhere.  Instead of fixing it, we can just remove it.

Reported-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:54:29 -04:00
Jouni Malinen
651b52254f mac80211: Add DS Parameter Set into Probe Request on 2.4 GHz
IEEE Std 802.11k-2008 added DS Parameter Set information element into
Probe Request frames as an optional information on 2.4 GHz band (and
mandatory, if radio measurements are enabled). This allows APs to
filter out Probe Request frames that may be received from neighboring
overlapping channels and by doing so, reduce the number of unnecessary
frames in the air. Make mac80211 add this IE into Probe Request frames
whenever the channel is known (i.e., whenever hwscan is not used).

Signed-off-by: Jouni Malinen <j@w1.fi>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:54:28 -04:00
Jouni Malinen
8dcb20038a mac80211: Filter ProbeReq SuppRates based on TX rate mask
If the TX rate set has been masked, the removed rates can also be
removed from the Supported Rates and Extended Supported Rates IEs in
Probe Request frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:54:27 -04:00
John W. Linville
29ad2facd4 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
Conflicts:
	drivers/net/wireless/ath/ath5k/base.c
	net/mac80211/main.c
2010-09-24 15:52:34 -04:00
Johannes Berg
cd87a2d3a3 mac80211: fix use-after-free
commit 8c0c709eea
Author: Johannes Berg <johannes@sipsolutions.net>
Date:   Wed Nov 25 17:46:15 2009 +0100

    mac80211: move cmntr flag out of rx flags

moved the CMTR flag into the skb's status, and
in doing so introduced a use-after-free -- when
the skb has been handed to cooked monitors the
status setting will touch now invalid memory.

Additionally, moving it there has effectively
discarded the optimisation -- since the bit is
only ever set on freed SKBs, and those were a
copy, it could never be checked.

For the current release, fixing this properly
is a bit too involved, so let's just remove the
problematic code and leave userspace with one
copy of each frame for each virtual interface.

Cc: stable@kernel.org [2.6.33+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-24 15:21:55 -04:00
Felix Fietkau
6e5c2b4e8a ath9k: make the driver specific rate control module optional
ath9k can use minstrel_ht instead, so it makes sense to save some space here.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-21 11:05:35 -04:00
Felix Fietkau
334b06029e ath9k: move ath_tx_aggr_check() to the rate control module
It is not used anywhere else and can be made static

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-21 11:05:34 -04:00
Felix Fietkau
90fa539ca3 ath9k: clean up / fix aggregation session flush
The tid aggregation cleanup is a bit fragile, as it discards failed
subframes in some places, and retransmits them in others. This could
block the cleanup of an existing aggregation session, if a retransmission
for a tid is issued, yet the tid is never scheduled again because of
the cleanup state.

Fix this by getting rid of as many subframes as possible, as early
as possible, and immediately transmitting pending subframes as regular
HT frames instead of waiting for the cleanup to complete.

Drop all pending subframes while keeping track of the Block ACK window
during aggregate tx completion to prevent sending out stale subframes,
which could confuse the receiver side.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-09-21 11:05:33 -04:00