summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-12-13mac80211: Fix NULL-pointer deference on ibss merge when not readyTim Harvey
dev_open will eventually call ieee80211_ibss_join which sets up the skb used for beacons/probe-responses however it is possible to receive beacons that attempt to merge before this occurs causing a null pointer dereference. Check ssid_len as that is the last thing set in ieee80211_ibss_join. This occurs quite easily in the presence of adhoc nodes with hidden SSID's revised previous patch to check further up based on irc feedback Signed-off-by: Tim Harvey <harvey.tim@gmail.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-13libertas: fix potential NULL-pointer dereferenceSven Neumann
The code wants to check if there's a channel and it is not disabled, but it used to check if channel is not NULL and accessed the channel struct if this check failed. Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Acked-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-13Merge branch 'master' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
2010-12-09iwlagn: implement layout-agnostic EEPROM readingWey-Yi Guy
From: Johannes Berg <johannes.berg@intel.com> The current EEPROM reading code has some layout assumptions that now turned out to be false with some newer versions of the EEPROM. Luckily, we can avoid all such assumptions by using data in the EEPROM itself, so implement using that. However, for risk mitigation purposes, keep the old reading code for current hardware for now. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
2010-12-09iwlagn: rename enhanced txpower fieldsJohannes Berg
Some fields we didn't previously use from the enhanced TX power structure will be needed in the next patch, so rename them to their correct names to be able to use them and change code reading them accordingly. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
2010-12-08orinoco: fix TKIP countermeasure behaviourDavid Kilroy
Enable the port when disabling countermeasures, and disable it on enabling countermeasures. This bug causes the response of the system to certain attacks to be ineffective. It also prevents wpa_supplicant from getting scan results, as wpa_supplicant disables countermeasures on startup - preventing the hardware from scanning. wpa_supplicant works with ap_mode=2 despite this bug because the commit handler re-enables the port. The log tends to look like: State: DISCONNECTED -> SCANNING Starting AP scan for wildcard SSID Scan requested (ret=0) - scan timeout 5 seconds EAPOL: disable timer tick EAPOL: Supplicant port status: Unauthorized Scan timeout - try to get results Failed to get scan results Failed to get scan results - try scanning again Setting scan request: 1 sec 0 usec Starting AP scan for wildcard SSID Scan requested (ret=-1) - scan timeout 5 seconds Failed to initiate AP scan. Reported by: Giacomo Comes <comes@naic.edu> Signed-off by: David Kilroy <kilroyd@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08orinoco: clear countermeasure setting on commitDavid Kilroy
... and interface up. In these situations, you are usually trying to connect to a new AP, so keeping TKIP countermeasures active is confusing. This is already how the driver behaves (inadvertently). However, querying SIOCGIWAUTH may tell userspace that countermeasures are active when they aren't. Clear the setting so that the reporting matches what the driver has done.. Signed-off by: David Kilroy <kilroyd@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08mac80211: Fix BUG in pskb_expand_head when transmitting shared skbsHelmut Schaa
mac80211 doesn't handle shared skbs correctly at the moment. As a result a possible resize can trigger a BUG in pskb_expand_head. [ 676.030000] Kernel bug detected[#1]: [ 676.030000] Cpu 0 [ 676.030000] $ 0 : 00000000 00000000 819662ff 00000002 [ 676.030000] $ 4 : 81966200 00000020 00000000 00000020 [ 676.030000] $ 8 : 819662e0 800043c0 00000002 00020000 [ 676.030000] $12 : 3b9aca00 00000000 00000000 00470000 [ 676.030000] $16 : 80ea2000 00000000 00000000 00000000 [ 676.030000] $20 : 818aa200 80ea2018 80ea2000 00000008 [ 676.030000] $24 : 00000002 800ace5c [ 676.030000] $28 : 8199a000 8199bd20 81938f88 80f180d4 [ 676.030000] Hi : 0000026e [ 676.030000] Lo : 0000757e [ 676.030000] epc : 801245e4 pskb_expand_head+0x44/0x1d8 [ 676.030000] Not tainted [ 676.030000] ra : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211] [ 676.030000] Status: 1000a403 KERNEL EXL IE [ 676.030000] Cause : 10800024 [ 676.030000] PrId : 0001964c (MIPS 24Kc) [ 676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci] [ 676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000) [ 676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000 [ 676.030000] 818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018 [ 676.030000] 81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48 [ 676.030000] 81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c [ 676.030000] 80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90 [ 676.030000] ... [ 676.030000] Call Trace: [ 676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8 [ 676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211] [ 676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211] [ 676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211] [ 676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8 [ 676.030000] [<8002ebe8>] kthread+0x7c/0x88 [ 676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18 [ 676.030000] [ 676.030000] [ 676.030000] Code: 24020001 10620005 2502001f <0200000d> 0804917a 00000000 2502001f 00441023 00531021 Fix this by making a local copy of shared skbs prior to mangeling them. To avoid copying the skb unnecessarily move the skb_copy call below the checks that don't need write access to the skb. Also, move the assignment of nh_pos and h_pos below the skb_copy to point to the correct skb. It would be possible to avoid another resize of the copied skb by using skb_copy_expand instead of skb_copy but that would make the patch more complex. Also, shared skbs are a corner case right now, so the resize shouldn't matter much. Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08ath9k_htc: Fix suspend/resumeSujith Manoharan
The HW has to be set to FULLSLEEP mode during suspend, when no interface has been brought up. Not doing this would break resume, as the chip won't be powered up at all. Signed-off-by: Sujith Manoharan <Sujith.Manoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08ath5k: Put the right tsf value in mesh beaconsJavier Cardona
Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08ath5k: Prevent mesh interfaces from being counted as ad-hocJavier Cardona
This results in an erroneus num_adhoc_vifs count, as the this counter was incremented but not decremented for mesh interfaces. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08ath5k: Fix beaconing in mesh modeJavier Cardona
This patch fixes the oops below when attempting to bring up a mesh interface on ath5k hardware. [ 128.933099] kernel BUG at drivers/net/wireless/ath/ath5k/base.c:197! [ 128.933099] invalid opcode: 0000 [#1] (...) [ 128.933099] Call Trace: [ 128.933099] [<c83b77fa>] ? ath5k_beacon_update+0x57/0x1f8 [ath5k] [ 128.933099] [<c02d9a40>] ? __sysfs_add_one+0x28/0x76 [ 128.933099] [<c83b830e>] ? ath5k_bss_info_changed+0x13f/0x173 [ath5k] [ 128.933099] [<c82ff629>] ? ieee80211_config_beacon+0xc0/0x17e [mac80211] [ 128.933099] [<c82f073e>] ? ieee80211_bss_info_change_notify+0x182/0x18b [mac80211] [ 128.933099] [<c83b81cf>] ? ath5k_bss_info_changed+0x0/0x173 [ath5k] [ 128.933099] [<c82ff6d6>] ? ieee80211_config_beacon+0x16d/0x17e [mac80211] [ 128.933099] [<c82ff753>] ? ieee80211_add_beacon+0x34/0x39 [mac80211] [ 128.933099] [<c830a4ed>] ? ieee80211s_init+0xf8/0x10f [mac80211] [ 128.933099] [<c830a5df>] ? ieee80211_mesh_init_sdata+0xdb/0x154 [mac80211] Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08orinoco: initialise priv->hw before assigning the interruptDavid Kilroy
The interrupt handler takes a lock - but since commit bcad6e80f3f this lock goes through an indirection specified in the hermes_t structure. We must therefore initialise the structure before setting up the interrupt handler. Fix orinoco_cs and spectrum_cs <https://bugzilla.kernel.org/show_bug.cgi?id=23932> Bisected by: Matt Domsch <Matt_Domsch@dell.com> Signed-off by: David Kilroy <kilroyd@googlemail.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08Bluetooth: add NULL pointer check in HCIJun Nie
If we fail to find a hci device pointer in hci_uart, don't try to deref the NULL one we do have. Signed-off-by: Jun Nie <njun@marvell.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-07ath9k: fix beacon resource related race conditionRajkumar Manoharan
The beacon tasklet is accesssing the bslot info for beacon generation. Meanwhile the same slot can be freed on interface deletion. Current the remove_interface disables the beacon alert after freeing the slot. This may leads to null pointer access. This patch disables SWBA and kills the beacon tasklet to prevent access to the slot to be freed. After releasing the slot, swba will be enabled again upon the availablity of beaconing interfaces. Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-07ath9k: Fix STA disconnect issue due to received MIC failed bcast framesSenthil Balasubramanian
AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying this status for MIC failed frames is buggy. Due to this, MIC failure events for broadcast frames are not sent to supplicant resulted in AP disconnecting the STA. Able to pass Wifi Test case 5.2.18 with this fix. Cc: Stable <stable@kernel.org> (2.6.36+) Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-07ath9k: fix a DMA related race condition on resetFelix Fietkau
When ath_drain_all_txq fails to stop DMA, it issues a hw reset. This reset happens at a very problematic point in time, when the hardware rx path has not been stopped yet. This could lead to memory corruption, hardware hangs or other issues. To fix these issues, simply remove the reset entirely and check the tx DMA stop status to prevent problems with fast channel changes. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-07ath9k: fix bug in tx powerMatteo Croce
The ath9k driver subtracts 3 dBm to the txpower as with two radios the signal power is doubled. The resulting value is assigned in an u16 which overflows and makes the card work at full power. Cc: stable@kernel.org Signed-off-by: Matteo Croce <matteo@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-06Bluetooth: Fix initial RFCOMM DLC security levelJohan Hedberg
Due to commit 63ce0900 connections initiated through TTYs created with "rfcomm bind ..." would have security level BT_SECURITY_SDP instead of BT_SECURITY_LOW. This would cause instant connection failure between any two SSP capable devices due to the L2CAP connect request to RFCOMM being sent before authentication has been performed. This patch fixes the regression by always initializing the DLC security level to BT_SECURITY_LOW. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-02Revert "ath9k: Fix STA disconnect issue due to received MIC failed bcast frames"John W. Linville
This reverts commit 916448e77f6bcaaa7f13c3de0c3851783ae2bfd0. "As far as I can tell, either of these patches breaks multiple VIF scenarios. I'm not sure exactly why, but I had to revert this to get any of my interfaces to associate." -- Ben Greear <greearb@candelatech.com> http://marc.info/?l=linux-wireless&m=129123368719339&w=2 Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-02ath9k_hw: fix more bitfield related endian issuesFelix Fietkau
A few LNA control related flags were also specified as a bitfields, however for some strange reason they were written in big-endian order this time. Fix this by using flags instead. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-02ath9k_hw: fix endian issues with CTLs on AR9003Felix Fietkau
Parsing data using bitfields is messy, because it makes endian handling much harder. AR9002 and earlier got it right, AR9003 got it wrong. This might lead to either using too high or too low tx power values, depending on frequency and eeprom settings. Fix it by getting rid of the CTL related bitfields entirely and use masks instead. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-02ath9k: Fix bug in reading input gpio state for ar9003Vasanthakumar Thiagarajan
The register which gives input gpio state is 0x404c for ar9003, currently 0x4048 is wrongly used. This will disable RF and make it unusable on some of AR9003. Cc:stable@kernel.org Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-02Merge branch 'master' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
2010-12-01Bluetooth: Add new PID for Atheros 3011Bala Shanmugam
Atheros 3011 has small sflash firmware and needs to be blacklisted in transport driver to load actual firmware in DFU driver. Signed-off-by: Bala Shanmugam <sbalashanmugam@atheros.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-12-01Bluetooth: Fix log spamming in btusb due to autosuspendStefan Seyfried
If a device is autosuspended an inability to resubmit URBs is to be expected. Check the error code and only log real errors. (Now that autosuspend is default enabled for btusb, those log messages were happening all the time e.g. with a BT mouse) Signed-off-by: Stefan Seyfried <seife+kernel@b1-systems.com> Signed-off-by: Oliver Neukum <oneukum@suse.de> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-11-30ath9k: Fix STA disconnect issue due to received MIC failed bcast framesSenthil Balasubramanian
AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying this status for MIC failed frames is buggy. Due to this, MIC failure events for broadcast frames are not sent to supplicant resulted in AP disconnecting the STA. Able to pass Wifi Test case 5.2.18 with this fix. Cc: Stable <stable@kernel.org> (2.6.36+) Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30mac80211: Fix STA disconnect due to MIC failureSenthil Balasubramanian
Th commit titled "mac80211: clean up rx handling wrt. found_sta" removed found_sta variable which caused a MIC failure event to be reported twice for a single failure to supplicant resulted in STA disconnect. This should fix WPA specific countermeasures WiFi test case (5.2.17) issues with mac80211 based drivers which report MIC failure events in rx status. Cc: Stable <stable@kernel.org> (2.6.37) Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30mac80211: ignore non-bcast mcast deauth/disassoc franesChristian Lamparter
This patch fixes an curious issue due to insufficient rx frame filtering. Saqeb Akhter reported frequent disconnects while streaming videos over samba: <http://marc.info/?m=128600031109136> > [ 1166.512087] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [ 1526.059997] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [ 2125.324356] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [...] The reason is that the device generates frames with slightly bogus SA/TA addresses. e.g.: [ 2314.402316] Ignore 9f:1f:31:f8:64:ff [ 2314.402321] Ignore 9f:1f:31:f8:64:ff [ 2352.453804] Ignore 0d:1f:31:f8:64:ff [ 2352.453808] Ignore 0d:1f:31:f8:64:ff ^^ the group-address flag is set! (the correct SA/TA would be: 00:1f:31:f8:64:ff) Since the AP does not know from where the frames come, it generates a DEAUTH response for the (invalid) mcast address. This mcast deauth frame then passes through all filters and tricks the stack into thinking that the AP brutally kicked us! This patch fixes the problem by simply ignoring non-broadcast, group-addressed deauth/disassoc frames. Cc: Jouni Malinen <j@w1.fi> Cc: Johannes Berg <johannes@sipsolutions.net> Reported-by: Saqeb Akhter <saqeb.akhter@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-30orinoco: abort scan on interface downDavid Kilroy
This fixes the problem causing the following trace: ------------[ cut here ]------------ WARNING: at linux-2.6.34/net/wireless/core.c:633 wdev_cleanup_work+0xb7/0xe0 [cfg80211]() Hardware name: Latitude C840 Pid: 707, comm: cfg80211 Not tainted 2.6.34.7-0.5-desktop #1 Call Trace: [<c02065c3>] try_stack_unwind+0x173/0x190 [<c02051cf>] dump_trace+0x3f/0xe0 [<c020662b>] show_trace_log_lvl+0x4b/0x60 [<c0206658>] show_trace+0x18/0x20 [<c064e0b3>] dump_stack+0x6d/0x72 [<c02443ae>] warn_slowpath_common+0x6e/0xb0 [<c0244403>] warn_slowpath_null+0x13/0x20 [<e2db5497>] wdev_cleanup_work+0xb7/0xe0 [cfg80211] [<c025cfa9>] run_workqueue+0x79/0x170 [<c025d123>] worker_thread+0x83/0xe0 [<c025fef4>] kthread+0x74/0x80 [<c0203826>] kernel_thread_helper+0x6/0x10 ---[ end trace 3f0348b3b0c6f4ff ]--- Reported by: Giacomo Comes <comes@naic.edu> Signed-off-by: David Kilroy <kilroyd@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29carl9170: fix carl9170_tx_prepare typoChristian Lamparter
commit: "carl9170: revamp carl9170_tx_prepare" introduced a peculiar bug that would only show up if the the module parameter noht is set to 1. Then all outbound voice, video and background frames would each invoke a (bogus) RTS/CTS handshake. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29mac80211: Fix frame injection using non-AP vifJouni Malinen
In order for frame injection to work properly for some use cases (e.g., finding the station entry and keys for encryption), mac80211 needs to find the correct sdata entry. This works when the main vif is in AP mode, but commit a2c1e3dad516618cb0fbfb1a62c36d0b0744573a broke this particular use case for station main vif. While this type of injection is quite unusual operation, it has some uses and we should fix it. Do this by changing the monitor vif sdata selection to allow station vif to be selected instead of limiting it to just AP vifs. We still need to skip some iftypes to avoid selecting unsuitable vif for injection. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29ath9k: Disable SWBA interrupt on remove_interfaceRajkumar Manoharan
while removing beaconing mode interface, SWBA interrupt was never disabled when there are no other beaconing interfaces. Cc: stable@kernel.org Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29ath9k/carl9170: advertise P2PJohannes Berg
With some upcoming changes we'd like to use the interface types for P2P capability tests. Enable them now so that when we add those tests in wpa_supplicant, nothing will break. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29ath9k: use per-device struct for pm_qos_* operationsGabor Juhos
The ath9k driver uses a shared pm_qos_request_list structure for all devices. This causes the following warning if more than one device is present in the system: WARNING: at kernel/pm_qos_params.c:234 ath9k_init_device+0x5e8/0x6b0() pm_qos_add_request() called for already added request Modules linked in: Call Trace: [<802b1cdc>] dump_stack+0x8/0x34 [<8007dd90>] warn_slowpath_common+0x78/0xa4 [<8007de44>] warn_slowpath_fmt+0x2c/0x38 [<801b0828>] ath9k_init_device+0x5e8/0x6b0 [<801bc508>] ath_pci_probe+0x2dc/0x39c [<80176254>] pci_device_probe+0x64/0xa4 [<8019471c>] driver_probe_device+0xbc/0x188 [<80194854>] __driver_attach+0x6c/0xa4 [<80193e20>] bus_for_each_dev+0x60/0xb0 [<80193580>] bus_add_driver+0xcc/0x268 [<80194c08>] driver_register+0xe0/0x198 [<801764e0>] __pci_register_driver+0x50/0xe0 [<80365f48>] ath9k_init+0x3c/0x6c [<8006050c>] do_one_initcall+0xfc/0x1d8 [<80355340>] kernel_init+0xd4/0x174 [<800639a4>] kernel_thread_helper+0x10/0x18 ---[ end trace 5345fc6f870564a6 ]--- This patch fixes that warning by using a separate pm_qos_request_list sructure for each device. Signed-off-by: Gabor Juhos <juhosg@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29libertas: fix invalid accessSven Neumann
card->priv must not be accessed after lbs_remove_card() was called as lbs_remove_card() frees card->priv via free_netdev(). For libertas_sdio this is a regression introduced by 23b149c1890f9. The correct fix to the issue described there is simply to remove the assignment. This flag is set at the appropriate time inside lbs_remove_card anyway. Reported-by: Daniel Drake <dsd@laptop.org> Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Signed-off-by: Daniel Drake <dsd@laptop.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-29libertas: fix memory corruption in lbs_remove_card()Daniel Drake
"priv" is stored at the end of the wiphy structure, which is freed during the call to lbs_cfg_free(). It must not be touched afterwards. Remove the unnecessary NULL assignment causing this memory corruption. Signed-off-by: Daniel Drake <dsd@laptop.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-23wireless: b43: fix error path in SDIOGuennadi Liakhovetski
Fix unbalanced call to sdio_release_host() on the error path. Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-22Bluetooth: Fix not returning proper error in SCOGustavo F. Padovan
Return 0 in that situation could lead to errors in the caller. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2010-11-22carl9170: fix virtual interface setup crashChristian Lamparter
This patch fixes a faulty bound check which caused a crash when too many virtual interface were brought up. BUG: unable to handle kernel NULL pointer dereference at 00000004 IP: [<f8125f67>] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170] *pde = 00000000 Oops: 0002 [#1] PREEMPT Modules linked in: carl9170 [...] Pid: 4720, comm: wpa_supplicant Not tainted 2.6.37-rc2-wl+ EIP: 0060:[<f8125f67>] EFLAGS: 00210206 CPU: 0 EIP is at carl9170_op_add_interface+0x1d7/0x2c0 [carl9170] EAX: 00000000 ... Process wpa_supplicant Stack: f4f88f34 fffffff4 .. Call Trace: [<f8f4e666>] ? ieee80211_do_open+0x406/0x5c0 [mac80211] [...] Code: <89> 42 04 ... EIP: [<f8125f67>] carl9170_op_add_interface+0x1d7/0x2c0 [carl9170] CR2: 0000000000000004 Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-22ssb: b43-pci-bridge: Add new vendor for BCM4318Daniel Klaffenbach
Add new vendor for Broadcom 4318. Signed-off-by: Daniel Klaffenbach <danielklaffenbach@gmail.com> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-22ath9k: fix timeout on stopping rx dmaFelix Fietkau
It seems that using ath9k_hw_stoppcurecv to stop rx dma is not enough. When it's time to stop DMA, the PCU is still busy, so the rx enable bit never clears. Using ath9k_hw_abortpcurecv helps with getting rx stopped much faster, with this change, I cannot reproduce the rx stop related WARN_ON anymore. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-18ath9k_htc: Avoid setting QoS control for non-QoS framesRajkumar Manoharan
Setting tid information in the TX header is required only for QoS frames. Not handling this case causes severe data loss with some APs. Cc: stable@kernel.org Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-18cfg80211: fix can_beacon_sec_chan, reenable HT40Mark Mentovai
This follows wireless-testing 9236d838c920e90708570d9bbd7bb82d30a38130 ("cfg80211: fix extension channel checks to initiate communication") and fixes accidental case fall-through. Without this fix, HT40 is entirely blocked. Signed-off-by: Mark Mentovai <mark@moxienet.com> Cc: stable@kernel.org Acked-by: Luis R. Rodriguez <lrodriguez@atheros.com Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-16cfg80211: fix extension channel checks to initiate communicationLuis R. Rodriguez
When operating in a mode that initiates communication and using HT40 we should fail if we cannot use both primary and secondary channels to initiate communication. Our current ht40 allowmap only covers STA mode of operation, for beaconing modes we need a check on the fly as the mode of operation is dynamic and there other flags other than disable which we should read to check if we can initiate communication. Do not allow for initiating communication if our secondary HT40 channel has is either disabled, has a passive scan flag, a no-ibss flag or is a radar channel. Userspace now has similar checks but this is also needed in-kernel. Reported-by: Jouni Malinen <jouni.malinen@atheros.com> Cc: stable@kernel.org Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-16ath9k_hw: Set proper eeprom offset for AR9287 HTC devicesRajkumar Manoharan
AR9287 based PCI & USB devices are differed in eeprom start offset. So set proper the offset for HTC devices to read nvram correctly. Cc: stable@kernel.org Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-16ath9k_htc: Add new devices into AR7010Rajkumar Manoharan
Treat new PIDs (0xA704, 0x1200) as AR7010 devices. Cc: stable@kernel.org Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-16ath9k_htc: Update usb device ID listRajkumar Manoharan
Added new VID/PIDs into supported devices list Cc: stable@kernel.org Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-16ath9k: Remove pm_qos request after hw unregister.Vivek Natarajan
Update pm_qos before removing it in deinit_device to prevent this warning: pm_qos_update_request() called for unknown object. Signed-off-by: Vivek Natarajan <vnatarajan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-11-15carl9170: fix usb anchor wait timeoutChristian Lamparter
usb_wait_anchor_empty_timeout's @timeout wants milliseconds and not jiffies. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>