- 02 Jan, 2012 1 commit
-
-
- 27 Dec, 2011 1 commit
-
-
Gustavo F. Padovan authored
sock and sk were leftover from another change. Signed-off-by:Gustavo F. Padovan <padovan@profusion.mobi>
-
- 23 Dec, 2011 1 commit
-
-
Hemant Gupta authored
This patch fixes incorrect address storage while storing Long Term Key for LE Devices using SMP (Security Manager Protocol). The address stored should be of remote device and not of source device. Signed-off-by:
Hemant Gupta <hemant.gupta@stericsson.com> Acked-by:
Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
-
- 22 Dec, 2011 12 commits
-
-
Gustavo F. Padovan authored
We run everything in process context now. Acked-by:
-
Gustavo F. Padovan authored
They don't need to disable interrupts anymore, we only run in process context now. Acked-by:
-
Gustavo F. Padovan authored
It was never used, so removing it. Acked-by:
-
Gustavo F. Padovan authored
Acked-by:
-
Gustavo F. Padovan authored
RFCOMM needs a proper priority mechanism inside itself and not try to use l2cap priority to fix its own problem. Acked-by:
-
Jesse Sung authored
Add another vendor specific ID for BCM20702A0. output of usb-devices: T: Bus=06 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0a5c ProdID=21e3 Rev=01.12 S: Manufacturer=Broadcom Corp S: Product=BCM20702A0 S: SerialNumber=9439E5CBF66C C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none) Signed-off-by:
Wen-chien Jesse Sung <jesse.sung@canonical.com> Acked-by:
-
Brian Gix authored
Low Energy pairing is performed through the SMP (Security Manager Protocol) mechanism rather than HCI. Signed-off-by:
Brian Gix <bgix@codeaurora.org> Acked-by:
-
Brian Gix authored
To achive Man-In-The-Middle (MITM) level security with Low Energy, we have to enable User Passkey Comparison. This commit modifies the hard-coded JUST-WORKS pairing mechanism to support query via the MGMT interface of Passkey comparison and User Confirmation. Signed-off-by:
-
Ulisses Furquim authored
When cancelling a delayed work (timer) in L2CAP we can not sleep holding the sock mutex otherwise we might deadlock with an L2CAP timer handler. This is possible because RX/TX and L2CAP timers run in different workqueues. The scenario below illustrates the problem. Thus we are now avoiding to sleep on the timers locks. ====================================================== [ INFO: possible circular locking dependency detected ] 3.1.0-05270-ga978dc7-dirty #239 ------------------------------------------------------- kworker/1:1/873 is trying to acquire lock: (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}, at: [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth] but task is already holding lock: ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 ((&(&chan->chan_timer)->work)){+.+...}: [<ffffffff8106b276>] check_prevs_add+0xf6/0x170 [<ffffffff8106b903>] validate_chain+0x613/0x790 [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0 [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0 [<ffffffff81052a6f>] wait_on_work+0x4f/0x160 [<ffffffff81052ca3>] __cancel_work_timer+0x73/0x80 [<ffffffff81052cbd>] cancel_delayed_work_sync+0xd/0x10 [<ffffffffa002f2ed>] l2cap_chan_connect+0x22d/0x470 [bluetooth] [<ffffffffa002fb51>] l2cap_sock_connect+0xb1/0x140 [bluetooth] [<ffffffff8130811b>] kernel_connect+0xb/0x10 [<ffffffffa00cf98a>] rfcomm_session_create+0x12a/0x1c0 [rfcomm] [<ffffffffa00cfbe7>] __rfcomm_dlc_open+0x1c7/0x240 [rfcomm] [<ffffffffa00d07c2>] rfcomm_dlc_open+0x42/0x70 [rfcomm] [<ffffffffa00d3b03>] rfcomm_sock_connect+0x103/0x150 [rfcomm] [<ffffffff8130bd7e>] sys_connect+0xae/0xc0 [<ffffffff813368d2>] compat_sys_socketcall+0xb2/0x220 [<ffffffff813b2089>] sysenter_dispatch+0x7/0x30 -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}: [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0 [<ffffffff8106b276>] check_prevs_add+0xf6/0x170 [<ffffffff8106b903>] validate_chain+0x613/0x790 [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0 [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0 [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0 [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff81051ae4>] process_one_work+0x184/0x450 [<ffffffff8105276e>] worker_thread+0x15e/0x340 [<ffffffff81057bb6>] kthread+0x96/0xa0 [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((&(&chan->chan_timer)->work)); lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); lock((&(&chan->chan_timer)->work)); lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); *** DEADLOCK *** 2 locks held by kworker/1:1/873: #0: (events){.+.+.+}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450 #1: ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450 stack backtrace: Pid: 873, comm: kworker/1:1 Not tainted 3.1.0-05270-ga978dc7-dirty #239 Call Trace: [<ffffffff813a0f6e>] print_circular_bug+0xd2/0xe3 [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0 [<ffffffff8106b276>] check_prevs_add+0xf6/0x170 [<ffffffff8106b903>] validate_chain+0x613/0x790 [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0 [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0 [<ffffffff8106ea30>] ? lock_release_nested+0x100/0x110 [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0 [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0 [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0 [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff81051a86>] ? process_one_work+0x126/0x450 [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff81051ae4>] process_one_work+0x184/0x450 [<ffffffff81051a86>] ? process_one_work+0x126/0x450 [<ffffffffa002ce70>] ? l2cap_security_cfm+0x4e0/0x4e0 [bluetooth] [<ffffffff8105276e>] worker_thread+0x15e/0x340 [<ffffffff81052610>] ? manage_workers+0x110/0x110 [<ffffffff81057bb6>] kthread+0x96/0xa0 [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10 [<ffffffff813af69d>] ? retint_restore_args+0xe/0xe [<ffffffff81057b20>] ? __init_kthread_worker+0x70/0x70 [<ffffffff813b1ef0>] ? gs_change+0xb/0xb Signed-off-by:Ulisses Furquim <ulisses@profusion.mobi> Acked-by:
-
Ulisses Furquim authored
The struct hci_proto and all related register/unregister and dispatching code was removed. HCI core code now call directly the SCO and L2CAP event functions. Signed-off-by:
-
Andrei Emeltchenko authored
Make code readable by removing magic numbers. Signed-off-by:
Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by:
-
Gustavo F. Padovan authored
No local_bh_disable is needed there once we run everything in process context. The same goes for the replacement of bh_lock_sock() by lock_sock(). Acked-by:
-
- 21 Dec, 2011 16 commits
-
-
Helmut Schaa authored
When mac80211 relays a frame from STA1 to STA2 in AP mode it will get re-classified in the tx path. Unfortunately the frame protocol field is always set to ETH_P_8023 while the classification only kicks in for ETH_P_IP. Hence, a high priority frame from STA1 will be send to STA2 as best effort. Instead of running classification on the frame just use the same priority as STA1 did. Do this by adding 256 to the skb->priority to allow cfg80211_classify8021d to shortcut frame classification. Signed-off-by:
Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
Currently due to following issues in the code even if device is configured in B only, G only or BG mode using iw bitrates command, ibss is getting created in BGN mode. 1) mwifiex_channels_to_cfg80211_channel_type() routine gives channel type as NL80211_CHAN_HT20 for non-HT channel as well, because driver doesn't store HT information provided by stack for the channel. This issue is fixed by maintaining channel type information in 'adapter->channel_type'. 2) Band configuration is unnecessarily overwritten with BGN/AN while setting channel. This patch makes sure that "adapter->config_bands" correctly gets modified while setting channel. Signed-off-by:
Amitkumar Karwar <akarwar@marvell.com> Signed-off-by:
Bing Zhao <bzhao@marvell.com> Signed-off-by:
-
Amitkumar Karwar authored
Replace driver specific macros with the corresponding IEEE80211_HT_PARAM_CHA_SEC_* macros defined in ieee80211.h. Also, rename 'adapter->chan_offset' to 'adapter->sec_chan_offset' for consistency. Signed-off-by:
-
Amitkumar Karwar authored
struct mwifiex_ds_band_cfg and mwifiex_set_radio_band_cfg() routine are unnecessary. It can be done with simple equivalant code. Signed-off-by:
-
Luis R. Rodriguez authored
Please NACK nasty patches. Cc: Kalle Valo <kvalo@qca.qualcomm.com> Signed-off-by:
Luis R. Rodriguez <mcgrof@qca.qualcomm.com> Signed-off-by:
-
Marek Lindner authored
The IBSS merge code calls ieee80211_sta_expire() with a relatively short expire timeout that purges other clients prematurely. The expire function has to check that only the clients belonging to the vif in question are purged. Signed-off-by:
Marek Lindner <lindner_marek@yahoo.de> Signed-off-by:
-
Yogesh Ashok Powar authored
When stack calls ampdu_action with action = IEEE80211_AMPDU_TX_STOP for a stream that has already been removed from the driver, call ieee80211_tx_ba_stop_irqsafe to clear the stream in the stack. Signed-off-by:
Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by:
Nishant Sarmukadam <nishants@marvell.com> Signed-off-by:
-
Luis R. Rodriguez authored
Joe changed ath_dbg() to simpify code but while his patch was being merged dfs.c was born and as such did not get the change Joe envisioned. This fixes that. Test compiled with: make allmodconfig Cc: Joe Perches <joe@perches.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: John W. Linville <linville@tuxdriver.com> Reported-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
-
Johannes Berg authored
The ICT code erroneously uses PAGE_SIZE. The bug is that PAGE_SIZE isn't necessarily 4096, so on such platforms this code will not work correctly as we'll try to attempt to read an index in the table that the device never wrote, it always has 4096-byte pages. Additionally, the manual alignment code here is unnecessary -- Documentation/DMA-API-HOWTO.txt states: The cpu return address and the DMA bus master address are both guaranteed to be aligned to the smallest PAGE_SIZE order which is greater than or equal to the requested size. This invariant exists (for example) to guarantee that if you allocate a chunk which is smaller than or equal to 64 kilobytes, the extent of the buffer you receive will not cross a 64K boundary. Just use appropriate new constants and get rid of the alignment code. Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Cc: stable@vger.kernel.org Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by:
-
Alan Cox authored
Just another USB identifier. Signed-off-by:
Alan Cox <alan@linux.intel.com> Acked-by:
Gertjan van Wingerde <gwingerde@gmail.com> Signed-off-by:
-
Andres Salomon authored
The libertas scan thread expects priv->scan_req to be non-NULL. In theory, it should always be set. In practice, we've seen the following oops: [ 8363.067444] Unable to handle kernel NULL pointer dereference at virtual address 00000004 [ 8363.067490] pgd = c0004000 [ 8363.078393] [00000004] *pgd=00000000 [ 8363.086711] Internal error: Oops: 17 [#1] PREEMPT [ 8363.091375] Modules linked in: fuse libertas_sdio libertas psmouse mousedev ov7670 mmp_camera joydev videobuf2_core videobuf2_dma_sg videobuf2_memops [last unloaded: scsi_wait_scan] [ 8363.107490] CPU: 0 Not tainted (3.0.0-gf7ccc69 #671) [ 8363.112799] PC is at lbs_scan_worker+0x108/0x5a4 [libertas] [ 8363.118326] LR is at 0x0 [ 8363.120836] pc : [<bf03a854>] lr : [<00000000>] psr: 60000113 [ 8363.120845] sp : ee66bf48 ip : 00000000 fp : 00000000 [ 8363.120845] r10: ee2c2088 r9 : c04e2efc r8 : eef97005 [ 8363.132231] r7 : eee0716f r6 : ee2c02c0 r5 : ee2c2088 r4 : eee07160 [ 8363.137419] r3 : 00000000 r2 : a0000113 r1 : 00000001 r0 : eee07160 [ 8363.143896] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel [ 8363.157630] Control: 10c5387d Table: 2e754019 DAC: 00000015 [ 8363.163334] Process kworker/u:1 (pid: 25, stack limit = 0xee66a2f8) While I've not found a smoking gun, there are two places that raised red flags for me. The first is in _internal_start_scan, when we queue up a scan; we first queue the worker, and then set priv->scan_req. There's theoretically a 50mS delay which should be plenty, but doing things that way just seems racy (and not in the good way). The second is in the scan worker thread itself. Depending on the state of priv->scan_channel, we cancel pending scan runs and then requeue a run in 300mS. We then send the scan command down to the hardware, sleep, and if we get scan results for all the desired channels, we set priv->scan_req to NULL. However, it that's happened in less than 300mS, what happens with the pending scan run? This patch addresses both of those concerns. With the patch applied, we have not seen the oops in the past two weeks. Signed-off-by:
Andres Salomon <dilinger@queued.net> Cc: stable@kernel.org Signed-off-by:
-
Luis R. Rodriguez authored
DFS_DEBUG_H is very generic, instead use something more specific to ath9k such as ATH9K_DFS_DEBUG_H. Reported-by:
Julian Calaby <julian.calaby@gmail.com> Signed-off-by:
-
-
Ulisses Furquim authored
The handling of SCO audio links and the L2CAP protocol are essential to any system with Bluetooth thus are always compiled in from now on. Signed-off-by:
-
Ulisses Furquim authored
The hci_task_lock mutex (previously a lock) was supposed to protect the register/unregister of HCI protocols against RX/TX tasks. This will not be needed anymore because SCO and L2CAP will always be compiled. Moreover, with the recent move of RX/TX to workqueues per device the global hci_task_lock was causing starvation between different HCI devices. Signed-off-by:
-
Bing Zhao authored
For high-speed/super-speed isochronous endpoints, the bInterval value is used as exponent, 2^(bInterval-1). Luckily we have usb_fill_int_urb() function that handles it correctly. So we just call this function to fill in the RX URB. Cc: Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
-
- 20 Dec, 2011 9 commits
-
-
Eyal Shapira authored
stop sched scan isn't an immediate operation and we need to wait for PERIODIC_SCAN_COMPLETE_EVENT_ID after sending a stop before changing internal state and notifying upper layers. Not doing this caused problems when canceling an existing sched scan and immediately requesting to start a new one with a different configuration as the FW was still in the middle of the previous sched scan. Signed-off-by:
Eyal Shapira <eyal@wizery.com> Signed-off-by:
Luciano Coelho <coelho@ti.com>
-
Eyal Shapira authored
DFS channels weren't scanned properly because min/max_duration weren't set for these channels even though they're required by the FW. The change sets passive_duration and min/max_duration for all channels as the FW uses the correct parameters according to the channel type. Signed-off-by:
-
Luciano Coelho authored
The wl12xx_platform_data.c file did not have a proper copyright notice. Signed-off-by: -
Eliad Peller authored
The current wl1271_dev_notify implementation sets the new operstate to all associated stations (while only a specific vif was changed). Until we'll have a method to get the actual vif from the given dev, check the current operstate of each vif. Signed-off-by:
Eliad Peller <eliad@wizery.com> Signed-off-by:
-
Eliad Peller authored
When removing a sta/ibss role, the device role has to stopped (and disabled) as well. Signed-off-by:
-
Eliad Peller authored
dev_role_id only indicates whether the dev role is enabled, not started (e.g. on IBSS merge, the device role is enabled, but not started). Checking for any role in ROC (in order to determine whether dev role was started) is wrong as well, especially in multi-vif env. Check for started dev role only by checking the dev_hlid. Signed-off-by:
-
Eliad Peller authored
During sta disconnection, a deauth packet is being queued to the dev role queue. However, the dev role is being stopped before the packet was sent. Flush the tx queue before stopping the dev role. Signed-off-by:
-
Eliad Peller authored
This flag should be set per-vif, rather than globally. Rename the flag to indicate IN_USE (rather than IDLE), as in the default configuration (i.e. flag is clear) the vif should be idle. Change all the bit operations (and elp conditions) appropriately. Signed-off-by:
-
Eliad Peller authored
Since the conf_tx callback passes the vif as param, we must have been added first (and mac80211 verifies it). Remove the handling of such case. Signed-off-by:
-
