1. 18 Jun, 2010 1 commit
    • Bob Copeland's avatar
      ath5k: initialize ah->ah_current_channel · b6855772
      Bob Copeland authored
      ath5k assumes ah_current_channel is always a valid pointer in
      several places, but a newly created interface may not have a
      channel.  To avoid null pointer dereferences, set it up to point
      to the first available channel until later reconfigured.
      
      This fixes the following oops:
      $ rmmod ath5k
      $ insmod ath5k
      $ iw phy0 set distance 11000
      
      BUG: unable to handle kernel NULL pointer dereference at 00000006
      IP: [<d0a1ff24>] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k]
      *pde = 00000000
      Oops: 0000 [#1]
      last sysfs file: /sys/devices/pci0000:00/0000:00:0e.0/ieee80211/phy0/index
      Modules linked in: usbhid option usb_storage usbserial usblp evdev lm90
      scx200_acb i2c_algo_bit i2c_dev i2c_core via_rhine ohci_hcd ne2k_pci
      8390 leds_alix2 xt_IMQ imq nf_nat_tftp nf_conntrack_tftp nf_nat_irc nf_cc
      
      Pid: 1597, comm: iw Not tainted (2.6.32.14 #8)
      EIP: 0060:[<d0a1ff24>] EFLAGS: 00010296 CPU: 0
      EIP is at ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k]
      EAX: 000000c2 EBX: 00000000 ECX: ffffffff EDX: c12d2080
      ESI: 00000019 EDI: cf8c0000 EBP: d0a30edc ESP: cfa09bf4
        DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
      Process iw (pid: 1597, ti=cfa09000 task=cf88a000 task.ti=cfa09000)
      Stack:
        d0a34f35 d0a353f8 d0a30edc 000000fe cf8c0000 00000000 1900063d cfa8c9e0
      <0> cfa8c9e8 cfa8c0c0 cfa8c000 d0a27f0c 199d84b4 cfa8c200 00000010 d09bfdc7
      <0> 00000000 00000000 ffffffff d08e0d28 cf9263c0 00000001 cfa09cc4 00000000
      Call Trace:
        [<d0a27f0c>] ? ath5k_hw_attach+0xc8c/0x3c10 [ath5k]
        [<d09bfdc7>] ? __ieee80211_request_smps+0x1347/0x1580 [mac80211]
        [<d08e0d28>] ? nl80211_send_scan_start+0x7b8/0x4520 [cfg80211]
        [<c10f5db9>] ? nla_parse+0x59/0xc0
        [<c11ca8d9>] ? genl_rcv_msg+0x169/0x1a0
        [<c11ca770>] ? genl_rcv_msg+0x0/0x1a0
        [<c11c7e68>] ? netlink_rcv_skb+0x38/0x90
        [<c11c9649>] ? genl_rcv+0x19/0x30
        [<c11c7c03>] ? netlink_unicast+0x1b3/0x220
        [<c11c893e>] ? netlink_sendmsg+0x26e/0x290
        [<c11a409e>] ? sock_sendmsg+0xbe/0xf0
        [<c1032780>] ? autoremove_wake_function+0x0/0x50
        [<c104d846>] ? __alloc_pages_nodemask+0x106/0x530
        [<c1074933>] ? do_lookup+0x53/0x1b0
        [<c10766f9>] ? __link_path_walk+0x9b9/0x9e0
        [<c11acab0>] ? verify_iovec+0x50/0x90
        [<c11a42b1>] ? sys_sendmsg+0x1e1/0x270
        [<c1048e50>] ? find_get_page+0x10/0x50
        [<c104a96f>] ? filemap_fault+0x5f/0x370
        [<c1059159>] ? __do_fault+0x319/0x370
        [<c11a55b4>] ? sys_socketcall+0x244/0x290
        [<c101962c>] ? do_page_fault+0x1ec/0x270
        [<c1019440>] ? do_page_fault+0x0/0x270
        [<c1002ae5>] ? syscall_call+0x7/0xb
      Code: 00 b8 fe 00 00 00 b9 f8 53 a3 d0 89 5c 24 14 89 7c 24 10 89 44 24
      0c 89 6c 24 08 89 4c 24 04 c7 04 24 35 4f a3 d0 e8 7c 30 60 f0 <0f> b7
      43 06 ba 06 00 00 00 a8 10 75 0e 83 e0 20 83 f8 01 19 d2
      EIP: [<d0a1ff24>] ath5k_hw_set_coverage_class+0x74/0x1b0 [ath5k] SS:ESP
      0068:cfa09bf4
      CR2: 0000000000000006
      ---[ end trace 54f73d6b10ceb87b ]---
      
      Cc: stable@kernel.org
      Reported-by: default avatarSteve Brown <sbrown@cortland.com>
      Signed-off-by: default avatarBob Copeland <me@bobcopeland.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      b6855772
  2. 16 Jun, 2010 1 commit
  3. 15 Jun, 2010 2 commits
    • Tim Gardner's avatar
      hostap: Protect against initialization interrupt · d6a574ff
      Tim Gardner authored
      Use an irq spinlock to hold off the IRQ handler until
      enough early card init is complete such that the handler
      can run without faulting.
      Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      d6a574ff
    • John W. Linville's avatar
      iwlwifi: cancel scan watchdog in iwl_bg_abort_scan · a69b03e9
      John W. Linville authored
      Avoids this:
      
      WARNING: at net/mac80211/scan.c:312 ieee80211_scan_completed+0x5f/0x1f1
      [mac80211]()
      Hardware name: Latitude E5400
      Modules linked in: aes_x86_64 aes_generic fuse ipt_MASQUERADE iptable_nat
      nf_nat rfcomm sco bridge stp llc bnep l2cap sunrpc cpufreq_ondemand
      acpi_cpufreq freq_table xt_physdev ip6t_REJECT nf_conntrack_ipv6
      ip6table_filter ip6_tables ipv6 kvm_intel kvm uinput arc4 ecb
      snd_hda_codec_intelhdmi snd_hda_codec_idt snd_hda_intel iwlagn snd_hda_codec
      snd_hwdep snd_seq snd_seq_device iwlcore snd_pcm dell_wmi sdhci_pci sdhci
      iTCO_wdt tg3 dell_laptop mmc_core i2c_i801 wmi mac80211 snd_timer
      iTCO_vendor_support btusb joydev dcdbas cfg80211 bluetooth snd soundcore
      microcode rfkill snd_page_alloc firewire_ohci firewire_core crc_itu_t
      yenta_socket rsrc_nonstatic i915 drm_kms_helper drm i2c_algo_bit i2c_core video
      output [last unloaded: scsi_wait_scan]
      Pid: 979, comm: iwlagn Tainted: G        W  2.6.33.3-85.fc13.x86_64 #1
      Call Trace:
      [<ffffffff8104b558>] warn_slowpath_common+0x77/0x8f
      [<ffffffff8104b57f>] warn_slowpath_null+0xf/0x11
      [<ffffffffa01bb7d9>] ieee80211_scan_completed+0x5f/0x1f1 [mac80211]
      [<ffffffffa02a23f0>] iwl_bg_scan_completed+0xbb/0x17a [iwlcore]
      [<ffffffff81060d3d>] worker_thread+0x1a4/0x232
      [<ffffffffa02a2335>] ? iwl_bg_scan_completed+0x0/0x17a [iwlcore]
      [<ffffffff81064817>] ? autoremove_wake_function+0x0/0x34
      [<ffffffff81060b99>] ? worker_thread+0x0/0x232
      [<ffffffff810643c7>] kthread+0x7a/0x82
      [<ffffffff8100a924>] kernel_thread_helper+0x4/0x10
      [<ffffffff8106434d>] ? kthread+0x0/0x82
      [<ffffffff8100a920>] ? kernel_thread_helper+0x0/0x10
      
      Reported here:
      
      	https://bugzilla.redhat.com/show_bug.cgi?id=590436Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Reported-by: default avatarMihai Harpau <mishu@piatafinanciara.ro>
      Cc: stable@kernel.org
      Acked-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      a69b03e9
  4. 14 Jun, 2010 5 commits
  5. 08 Jun, 2010 2 commits
  6. 07 Jun, 2010 5 commits
  7. 06 Jun, 2010 4 commits
    • Emmanuel Grumbach's avatar
      iwlwifi: move sysfs_create_group to post request firmware · 7d47618a
      Emmanuel Grumbach authored
      Move the sysfs_create_group to iwl_ucode_callback after we
      have safely got the firmware.
      
      The motivation to do this comes from a warning from lockdep which detected
      that we request priv->mutex while holding s_active during a sysfs request
      (show_statistics in the example copy pasted). The reverse order exists upon
      request_firmware: request_firmware which is a sysfs operation
      that requires s_active is run under priv->mutex.
      
      This ensures that we don't get sysfs request before we finish to request
      the firmware, avoiding this deadlock.
      
      =======================================================
      [ INFO: possible circular locking dependency detected ]
      -------------------------------------------------------
      cat/2595 is trying to acquire lock:
       (&priv->mutex){+.+.+.}, at: [<facfa598>] show_statistics+0x48/0x100 [iwlagn]
      
      but task is already holding lock:
       (s_active){++++.+}, at: [<c0580ebd>] sysfs_get_active_two+0x1d/0x50
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #1 (s_active){++++.+}:
             [<c0489b74>] __lock_acquire+0xc44/0x1230
             [<c048a1ed>] lock_acquire+0x8d/0x110
             [<c0581499>] sysfs_addrm_finish+0xe9/0x180
             [<c057f64a>] sysfs_hash_and_remove+0x4a/0x80
             [<c05829d4>] sysfs_remove_group+0x44/0xd0
             [<c0714b75>] dpm_sysfs_remove+0x15/0x20
             [<c070dac8>] device_del+0x38/0x170
             [<c070dc1e>] device_unregister+0x1e/0x60
             [<c071838d>] _request_firmware+0x29d/0x550
             [<c07186c7>] request_firmware+0x17/0x20
             [<fad01bf1>] iwl_mac_start+0xb1/0x1230 [iwlagn]
             [<fa46ba06>] ieee80211_open+0x436/0x6f0 [mac80211]
             [<c0808cd2>] dev_open+0x92/0xf0
             [<c0808b2b>] dev_change_flags+0x7b/0x190
             [<c08148e8>] do_setlink+0x178/0x3b0
             [<c0815169>] rtnl_setlink+0xf9/0x130
             [<c081453b>] rtnetlink_rcv_msg+0x1bb/0x1f0
             [<c0827ce6>] netlink_rcv_skb+0x86/0xa0
             [<c081436c>] rtnetlink_rcv+0x1c/0x30
             [<c08279c3>] netlink_unicast+0x263/0x290
             [<c0828768>] netlink_sendmsg+0x1c8/0x2a0
             [<c07f85fd>] sock_sendmsg+0xcd/0x100
             [<c07f964d>] sys_sendmsg+0x15d/0x290
             [<c07f9e6b>] sys_socketcall+0xeb/0x2a0
             [<c040ad9f>] sysenter_do_call+0x12/0x38
      
      -> #0 (&priv->mutex){+.+.+.}:
             [<c0489f84>] __lock_acquire+0x1054/0x1230
             [<c048a1ed>] lock_acquire+0x8d/0x110
             [<c08bb358>] __mutex_lock_common+0x58/0x470
             [<c08bb84a>] mutex_lock_nested+0x3a/0x50
             [<facfa598>] show_statistics+0x48/0x100 [iwlagn]
             [<c070d219>] dev_attr_show+0x29/0x50
             [<c057fecd>] sysfs_read_file+0xdd/0x190
             [<c052880f>] vfs_read+0x9f/0x190
             [<c0528d22>] sys_read+0x42/0x70
             [<c040ad9f>] sysenter_do_call+0x12/0x38
      
      other info that might help us debug this:
      
      3 locks held by cat/2595:
       #0:  (&buffer->mutex){+.+.+.}, at: [<c057fe25>] sysfs_read_file+0x35/0x190
       #1:  (s_active){++++.+}, at: [<c0580ecd>] sysfs_get_active_two+0x2d/0x50
       #2:  (s_active){++++.+}, at: [<c0580ebd>] sysfs_get_active_two+0x1d/0x50
      
      stack backtrace:
      Pid: 2595, comm: cat Not tainted 2.6.33-tp-rc4 #2
      Call Trace:
       [<c08b99ab>] ? printk+0x1d/0x22
       [<c0487752>] print_circular_bug+0xc2/0xd0
       [<c0489f84>] __lock_acquire+0x1054/0x1230
       [<c0478d81>] ? sched_clock_cpu+0x121/0x180
       [<c048a1ed>] lock_acquire+0x8d/0x110
       [<facfa598>] ? show_statistics+0x48/0x100 [iwlagn]
       [<c08bb358>] __mutex_lock_common+0x58/0x470
       [<facfa598>] ? show_statistics+0x48/0x100 [iwlagn]
       [<c08bb84a>] mutex_lock_nested+0x3a/0x50
       [<facfa598>] ? show_statistics+0x48/0x100 [iwlagn]
       [<facfa598>] show_statistics+0x48/0x100 [iwlagn]
       [<c0580cf9>] ? sysfs_get_active+0x69/0xb0
       [<facfa550>] ? show_statistics+0x0/0x100 [iwlagn]
       [<c070d219>] dev_attr_show+0x29/0x50
       [<c057fecd>] sysfs_read_file+0xdd/0x190
       [<c05ff314>] ? security_file_permission+0x14/0x20
       [<c0528242>] ? rw_verify_area+0x62/0xd0
       [<c052880f>] vfs_read+0x9f/0x190
       [<c047745b>] ? up_read+0x1b/0x30
       [<c057fdf0>] ? sysfs_read_file+0x0/0x190
       [<c04af3b4>] ? audit_syscall_entry+0x1f4/0x220
       [<c0528d22>] sys_read+0x42/0x70
       [<c040ad9f>] sysenter_do_call+0x12/0x38
      Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      7d47618a
    • Wey-Yi Guy's avatar
      iwlwifi: add name to Maintainers list · 9edc71b7
      Wey-Yi Guy authored
      Add "Wey-Yi Guy" to maintainers list for iwlwifi.
      Signed-off-by: default avatarWey-Yi Guy <wey-yi.w.guy@intel.com>
      Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      9edc71b7
    • Abhijeet Kolekar's avatar
      iwl3945: fix internal scan · 14023641
      Abhijeet Kolekar authored
      Port of internal scan to iwl3945 missed introduction
      of iwl3945_get_single_channel_for_scan.
      
      Fix the following bug by introducing the iwl3945_get_single_channel_for_scan
      http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2208Signed-off-by: default avatarAbhijeet Kolekar <abhijeet.kolekar@intel.com>
      Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      14023641
    • Reinette Chatre's avatar
      iwl3945: enable stuck queue detection on 3945 · a6866ac9
      Reinette Chatre authored
      We learn from
      http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=1834 and
      https://bugzilla.redhat.com/show_bug.cgi?id=589777
      that 3945 can also suffer from a stuck command queue. Enable stuck queue
      detection for iwl3945 to enable recovery in this case.
      Signed-off-by: default avatarReinette Chatre <reinette.chatre@intel.com>
      a6866ac9
  8. 04 Jun, 2010 4 commits
  9. 01 Jun, 2010 3 commits
  10. 28 May, 2010 5 commits
  11. 26 May, 2010 2 commits
    • Christian Lamparter's avatar
      ar9170usb: fix read from freed driver context · 50019600
      Christian Lamparter authored
      Commit "ar9170: wait for asynchronous firmware loading"
      introduced a bug, which is triggered by fatal errors
      while the driver is initializing the device.
      
      BUG: unable to handle kernel paging request at 6b6b6bf7
      IP: [<c117b567>] kobject_put+0x7/0x70
      *pde = 00000000
      Oops: 0000 [#1] PREEMPT
      last sysfs file: /sys/devices/platform/hdaps/position
      Modules linked in: ar9170usb [...]
      
      Pid: 6246, comm: firmware/ar9170 Not tainted 2.6.34-wl #54
      EIP: 0060:[<c117b567>] EFLAGS: 00010206 CPU: 0
      EIP is at kobject_put+0x7/0x70
      EAX: 6b6b6bd7 EBX: f4d3d0e0 ECX: f5ba9124 EDX: f6af2a7c
      ESI: 00000000 EDI: f4d3d0e0 EBP: 00000000 ESP: f5e98f9c
       DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
      Process firmware/ar9170 (pid: 6246)
      Stack:
       c12532ed 00000246 f5bfaa70 f8487353 f4d3d0e0
      Call Trace:
       [<c12532ed>] ? device_release_driver+0x1d/0x30
       [<f8487353>] ? ar9170_usb_firmware_failed+0x43/0x70 [ar9170usb]
       [<c125983c>] ? request_firmware_work_func+0x2c/0x70
       [<c1259810>] ? request_firmware_work_func+0x0/0x70
       [<c10413f4>] ? kthread+0x74/0x80
       [<c1041380>] ? kthread+0x0/0x80
       [<c1003136>] ? kernel_thread_helper+0x6/0x10
      Code: 40 d3 f2 ff 85 c0 89 c3 74 0a ba 44 86 4c c1 e8 [...]
      EIP: [<c117b567>] kobject_put+0x7/0x70 SS:ESP 0068:f5e98f9c
      CR2: 000000006b6b6bf7
      ---[ end trace e81abb992434b410 ]---
      Signed-off-by: default avatarChristian Lamparter <chunkeey@googlemail.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      50019600
    • John W. Linville's avatar
      Revert "rt2x00: Fix rt2800usb TX descriptor writing." · b578bb49
      John W. Linville authored
      This reverts commit 663cb47c.
      
      This patch was merged out of the proper order, so instead of fixing a
      problem with a prior (unmerged) patch, it creates one.  Ooops!
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      b578bb49
  12. 25 May, 2010 2 commits
  13. 24 May, 2010 4 commits