1. 30 Jan, 2013 1 commit
    • Bing Zhao's avatar
      mwifiex: fix incomplete scan in case of IE parsing error · 8a7d7cbf
      Bing Zhao authored
      A scan request is split into multiple scan commands queued in
      scan_pending_q. Each scan command will be sent to firmware and
      its response is handlded one after another.
      
      If any error is detected while parsing IE in command response
      buffer the remaining data will be ignored and error is returned.
      
      We should check if there is any more scan commands pending in
      the queue before returning error. This ensures that we will call
      cfg80211_scan_done if this is the last scan command, or send
      next scan command in scan_pending_q to firmware.
      
      Cc: "3.6+" <stable@vger.kernel.org>
      Signed-off-by: default avatarBing Zhao <bzhao@marvell.com>
      Signed-off-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      8a7d7cbf
  2. 28 Jan, 2013 5 commits
  3. 24 Jan, 2013 2 commits
  4. 22 Jan, 2013 8 commits
  5. 16 Jan, 2013 6 commits
    • Bob Copeland's avatar
      mac80211: add encrypt headroom to PERR frames · 8680451f
      Bob Copeland authored
      Mesh PERR action frames are robust and thus may be encrypted, so add
      proper head/tailroom to allow this.  Fixes this warning when operating
      a Mesh STA on ath5k:
      
      WARNING: at net/mac80211/wpa.c:427 ccmp_encrypt_skb.isra.5+0x7b/0x1a0 [mac80211]()
      Call Trace:
       [<c011c5e7>] warn_slowpath_common+0x63/0x78
       [<c011c60b>] warn_slowpath_null+0xf/0x13
       [<e090621d>] ccmp_encrypt_skb.isra.5+0x7b/0x1a0 [mac80211]
       [<e090685c>] ieee80211_crypto_ccmp_encrypt+0x1f/0x37 [mac80211]
       [<e0917113>] invoke_tx_handlers+0xcad/0x10bd [mac80211]
       [<e0917665>] ieee80211_tx+0x87/0xb3 [mac80211]
       [<e0918932>] ieee80211_tx_pending+0xcc/0x170 [mac80211]
       [<c0121c43>] tasklet_action+0x3e/0x65
      Signed-off-by: default avatarBob Copeland <me@bobcopeland.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      8680451f
    • Bob Copeland's avatar
      mac80211: set NEED_TXPROCESSING for PERR frames · 9cbbffe2
      Bob Copeland authored
      A user reported warnings in ath5k due to transmitting frames with no
      rates set up.  The frames were Mesh PERR frames, and some debugging
      showed an empty control block with just the vif pointer:
      
      >  [  562.522682] XXX txinfo: 00000000: 00 00 00 00 00 00 00 00 00 00 00
      >  00 00 00 00 00  ................
      >  [  562.522688] XXX txinfo: 00000010: 00 00 00 00 00 00 00 00 54 b8 f2
      >  db 00 00 00 00  ........T.......
      >  [  562.522693] XXX txinfo: 00000020: 00 00 00 00 00 00 00 00 00 00 00
      >  00 00 00 00 00  ................
      
      Set the IEEE80211_TX_INTFL_NEED_TXPROCESSING flag to ensure that
      rate control gets run before the frame is sent.
      Signed-off-by: default avatarBob Copeland <me@bobcopeland.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      9cbbffe2
    • Felix Fietkau's avatar
      mac80211: fix monitor mode injection · b4a7ff75
      Felix Fietkau authored
      Channel contexts are not always used with monitor interfaces. If no channel
      context is set, use the oper channel, otherwise tx fails.
      Signed-off-by: default avatarFelix Fietkau <nbd@openwrt.org>
      [check local->use_chanctx]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      b4a7ff75
    • Stanislaw Gruszka's avatar
      mac80211: synchronize scan off/on-channel and PS states · aacde9ee
      Stanislaw Gruszka authored
      Since:
      
      commit b23b025f
      Author: Ben Greear <greearb@candelatech.com>
      Date:   Fri Feb 4 11:54:17 2011 -0800
      
          mac80211: Optimize scans on current operating channel.
      
      we do not disable PS while going back to operational channel (on
      ieee80211_scan_state_suspend) and deffer that until scan finish.
      But since we are allowed to send frames, we can send a frame to AP
      without PM bit set, so disable PS on AP side. Then when we switch
      to off-channel (in ieee80211_scan_state_resume) we do not enable PS.
      Hence we are off-channel with PS disabled, frames are not buffered
      by AP.
      
      To fix remove offchannel_ps_disable argument and always enable PS when
      going off-channel and disable it when going on-channel, like it was
      before.
      
      Cc: stable@vger.kernel.org # 2.6.39+
      Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
      Tested-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      aacde9ee
    • Johannes Berg's avatar
      mac80211: fix FT roaming · 1626e0fa
      Johannes Berg authored
      During FT roaming, wpa_supplicant attempts to set the
      key before association. This used to be rejected, but
      as a side effect of my commit 66e67e41
      ("mac80211: redesign auth/assoc") the key was accepted
      causing hardware crypto to not be used for it as the
      station isn't added to the driver yet.
      
      It would be possible to accept the key and then add it
      to the driver when the station has been added. However,
      this may run into issues with drivers using the state-
      based station adding if they accept the key only after
      association like it used to be.
      
      For now, revert to the behaviour from before the auth
      and assoc change.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarCédric Debarge <cedric.debarge@acksys.fr>
      Tested-by: default avatarCédric Debarge <cedric.debarge@acksys.fr>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      1626e0fa
    • Emmanuel Grumbach's avatar
      iwlwifi: audit single frames from AGG queue in RS · c3e5d718
      Emmanuel Grumbach authored
      The rate scaling won't treat the information in a frame
      with IEEE80211_TX_CTL_AMPDU set if IEEE80211_TX_STAT_AMPDU
      is cleared. But all the frames coming from an AGG tx queue
      have IEEE80211_TX_CTL_AMPDU set, and IEEE80211_TX_STAT_AMPDU
      is set only if the frame was sent in an AMPDU.
      This means that all the data in frames in AGG tx queues that
      aren't sent as an AMPDU is thrown away.
      This is even more harmful when in bad link conditions, the
      frames are sent in an AMPDU and then finally sent as single
      frame. So a lot of failures weren't reported and the rate
      scaling got stuck in high rates leading to very poor
      connectivity.
      
      Fix that by clearing IEEE80211_TX_CTL_AMPDU when the frame
      isn't part of an AMPDU.
      
      This bug was introduced by
      
      2eb81a40
      iwlwifi: don't clear CTL_AMPDU on frame status
      
      This fix basically reverts the aforementioned commit.
      Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      c3e5d718
  6. 14 Jan, 2013 2 commits
  7. 11 Jan, 2013 9 commits
  8. 10 Jan, 2013 3 commits
    • Gustavo Padovan's avatar
      Bluetooth: Check if the hci connection exists in SCO shutdown · b7e98b51
      Gustavo Padovan authored
      Checking only for sco_conn seems to not be enough and lead to NULL
      dereferences in the code, check for hcon instead.
      
      <1>[11340.226404] BUG: unable to handle kernel NULL pointer dereference at
      0000000
      8
      <4>[11340.226619] EIP is at __sco_sock_close+0xe8/0x1a0
      <4>[11340.226629] EAX: f063a740 EBX: 00000000 ECX: f58f4544 EDX: 00000000
      <4>[11340.226640] ESI: dec83e00 EDI: 5f9a081f EBP: e0fdff38 ESP: e0fdff1c
      <0>[11340.226674] Stack:
      <4>[11340.226682]  c184db87 c1251028 dec83e00 e0fdff38 c1754aef dec83e00
      00000000
      e0fdff5c
      <4>[11340.226718]  c184f587 e0fdff64 e0fdff68 5f9a081f e0fdff5c c1751852
      d7813800
      62262f10
      <4>[11340.226752]  e0fdff70 c1753c00 00000000 00000001 0000000d e0fdffac
      c175425c
      00000041
      <0>[11340.226793] Call Trace:
      <4>[11340.226813]  [<c184db87>] ? sco_sock_clear_timer+0x27/0x60
      <4>[11340.226831]  [<c1251028>] ? local_bh_enable+0x68/0xd0
      <4>[11340.226846]  [<c1754aef>] ? lock_sock_nested+0x4f/0x60
      <4>[11340.226862]  [<c184f587>] sco_sock_shutdown+0x67/0xb0
      <4>[11340.226879]  [<c1751852>] ? sockfd_lookup_light+0x22/0x80
      <4>[11340.226897]  [<c1753c00>] sys_shutdown+0x30/0x60
      <4>[11340.226912]  [<c175425c>] sys_socketcall+0x1dc/0x2a0
      <4>[11340.226929]  [<c149ba78>] ? trace_hardirqs_on_thunk+0xc/0x10
      <4>[11340.226944]  [<c18860f1>] syscall_call+0x7/0xb
      <4>[11340.226960]  [<c1880000>] ? restore_cur+0x5e/0xd7
      <0>[11340.226969] Code: <f0> ff 4b 08 0f 94 c0 84 c0 74 20 80 7b 19 01 74
      2f b8 0a 00 00
      Reported-by: default avatarChuansheng Liu <chuansheng.liu@intel.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      b7e98b51
    • Jaganath Kanakkassery's avatar
      Bluetooth: Fix authentication if acl data comes before remote feature evt · 7b064eda
      Jaganath Kanakkassery authored
      If remote device sends l2cap info request before read_remote_ext_feature
      completes then mgmt_connected will be sent in hci_acldata_packet() and
      remote name request wont be sent and eventually authentication wont happen
      
      Hcidump log of the issue
      
      < HCI Command: Create Connection (0x01|0x0005) plen 13
          bdaddr BC:85:1F:74:7F:29 ptype 0xcc18 rswitch 0x01 clkoffset 0x4bf7 (valid)
          Packet type: DM1 DM3 DM5 DH1 DH3 DH5
      > HCI Event: Command Status (0x0f) plen 4
          Create Connection (0x01|0x0005) status 0x00 ncmd 1
      > HCI Event: Connect Complete (0x03) plen 11
          status 0x00 handle 12 bdaddr BC:85:1F:74:7F:29 type ACL encrypt 0x00
      < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
          handle 12
      > HCI Event: Command Status (0x0f) plen 4
          Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
      > HCI Event: Read Remote Supported Features (0x0b) plen 11
          status 0x00 handle 12
          Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
      > HCI Event: Max Slots Change (0x1b) plen 3
          handle 12 slots 5
      < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
          handle 12 page 1
      > HCI Event: Command Status (0x0f) plen 4
          Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
      > ACL data: handle 12 flags 0x02 dlen 10
          L2CAP(s): Info req: type 2
      < ACL data: handle 12 flags 0x00 dlen 16
          L2CAP(s): Info rsp: type 2 result 0
            Extended feature mask 0x00b8
              Enhanced Retransmission mode
              Streaming mode
              FCS Option
              Fixed Channels
      > HCI Event: Read Remote Extended Features (0x23) plen 13
          status 0x00 handle 12 page 1 max 1
          Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
      > ACL data: handle 12 flags 0x02 dlen 10
          L2CAP(s): Info req: type 3
      < ACL data: handle 12 flags 0x00 dlen 20
          L2CAP(s): Info rsp: type 3 result 0
            Fixed channel list 0x00000002
              L2CAP Signalling Channel
      > HCI Event: Number of Completed Packets (0x13) plen 5
          handle 12 packets 2
      
      This patch moves sending mgmt_connected from hci_acldata_packet() to
      l2cap_connect_req() since this code is to handle the scenario remote
      device sends l2cap connect req too fast
      Signed-off-by: default avatarJaganath Kanakkassery <jaganath.k@samsung.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      7b064eda
    • Sergio Cambra's avatar
      Bluetooth device 04ca:3008 should use ath3k · f4d6f7dc
      Sergio Cambra authored
      Output of /sys/kernel/debug/usb/devices
      T:  Bus=03 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#=  6 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=04ca ProdID=3008 Rev= 0.02
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarSergio Cambra <sergio@programatica.es>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      f4d6f7dc
  9. 09 Jan, 2013 4 commits
    • Anderson Lizardo's avatar
      Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() · 0a9ab9bd
      Anderson Lizardo authored
      The length parameter should be sizeof(req->name) - 1 because there is no
      guarantee that string provided by userspace will contain the trailing
      '\0'.
      
      Can be easily reproduced by manually setting req->name to 128 non-zero
      bytes prior to ioctl(HIDPCONNADD) and checking the device name setup on
      input subsystem:
      
      $ cat /sys/devices/pnp0/00\:04/tty/ttyS0/hci0/hci0\:1/input8/name
      AAAAAA[...]AAAAAAAAf0:af:f0:af:f0:af
      
      ("f0:af:f0:af:f0:af" is the device bluetooth address, taken from "phys"
      field in struct hid_device due to overflow.)
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarAnderson Lizardo <anderson.lizardo@openbossa.org>
      Acked-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      0a9ab9bd
    • AceLan Kao's avatar
      Bluetooth: Add support for Foxconn / Hon Hai [0489:e056] · 2582d529
      AceLan Kao authored
      Add support for the AR9462 chip
      
      T: Bus=01 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#= 4 Spd=12 MxCh= 0
      D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
      P: Vendor=0489 ProdID=e056 Rev=00.01
      C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      Signed-off-by: default avatarAceLan Kao <acelan.kao@canonical.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      2582d529
    • AceLan Kao's avatar
      Bluetooth: Add support for Foxconn / Hon Hai [0489:e04e] · 3a61eda8
      AceLan Kao authored
      Add support for the AR9462 chip
      
      T:  Bus=01 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#=  5 Spd=12  MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0489 ProdID=e04e Rev=00.02
      C:  #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:  If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      I:  If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      Signed-off-by: default avatarAceLan Kao <acelan.kao@canonical.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      3a61eda8
    • Daniel Schaal's avatar
      Bluetooth: Add support for GC-WB300D PCIe [04ca:3006] to ath3k. · 2c262b2a
      Daniel Schaal authored
      T:  Bus=02 Lev=02 Prnt=02 Port=06 Cnt=01 Dev#=  4 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=04ca ProdID=3006 Rev= 0.02
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarDaniel Schaal <farbing@web.de>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      2c262b2a