1. 14 May, 2014 2 commits
    • John W. Linville's avatar
    • Johannes Berg's avatar
      mac80211: fix on-channel remain-on-channel · b4b177a5
      Johannes Berg authored
      Jouni reported that if a remain-on-channel was active on the
      same channel as the current operating channel, then the ROC
      would start, but any frames transmitted using mgmt-tx on the
      same channel would get delayed until after the ROC.
      
      The reason for this is that the ROC starts, but doesn't have
      any handling for "remain on the same channel", so it stops
      the interface queues. The later mgmt-tx then puts the frame
      on the interface queues (since it's on the current operating
      channel) and thus they get delayed until after the ROC.
      
      To fix this, add some logic to handle remaining on the same
      channel specially and not stop the queues etc. in this case.
      This not only fixes the bug but also improves behaviour in
      this case as data frames etc. can continue to flow.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarJouni Malinen <j@w1.fi>
      Tested-by: default avatarJouni Malinen <j@w1.fi>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      b4b177a5
  2. 13 May, 2014 5 commits
  3. 12 May, 2014 2 commits
  4. 11 May, 2014 1 commit
    • Emmanuel Grumbach's avatar
      iwlwifi: mvm: fix setting channel in monitor mode · 1c4abec0
      Emmanuel Grumbach authored
      There was a deadlock in monitor mode when we were setting the
      channel if the channel was not 1.
      
      ======================================================
      [ INFO: possible circular locking dependency detected ]
      3.14.3 #4 Not tainted
      -------------------------------------------------------
      iw/3323 is trying to acquire lock:
       (&local->chanctx_mtx){+.+.+.}, at: [<ffffffffa062e2f2>] ieee80211_vif_release_channel+0x42/0xb0 [mac80211]
      
      but task is already holding lock:
       (&local->iflist_mtx){+.+...}, at: [<ffffffffa0609e0a>] ieee80211_set_monitor_channel+0x5a/0x1b0 [mac80211]
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #2 (&local->iflist_mtx){+.+...}:
             [<ffffffff810d95bb>] __lock_acquire+0xb3b/0x13b0
             [<ffffffff810d9ee0>] lock_acquire+0xb0/0x1f0
             [<ffffffff817eb9c8>] mutex_lock_nested+0x78/0x4f0
             [<ffffffffa06225cf>] ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
             [<ffffffffa0518189>] iwl_mvm_recalc_multicast+0x49/0xa0 [iwlmvm]
             [<ffffffffa051822e>] iwl_mvm_configure_filter+0x4e/0x70 [iwlmvm]
             [<ffffffffa05e6d43>] ieee80211_configure_filter+0x153/0x5f0 [mac80211]
             [<ffffffffa05e71f5>] ieee80211_reconfig_filter+0x15/0x20 [mac80211]
             [snip]
      
      -> #1 (&mvm->mutex){+.+.+.}:
             [<ffffffff810d95bb>] __lock_acquire+0xb3b/0x13b0
             [<ffffffff810d9ee0>] lock_acquire+0xb0/0x1f0
             [<ffffffff817eb9c8>] mutex_lock_nested+0x78/0x4f0
             [<ffffffffa0517246>] iwl_mvm_add_chanctx+0x56/0xe0 [iwlmvm]
             [<ffffffffa062ca1e>] ieee80211_new_chanctx+0x13e/0x410 [mac80211]
             [<ffffffffa062d953>] ieee80211_vif_use_channel+0x1c3/0x5a0 [mac80211]
             [<ffffffffa06035ab>] ieee80211_add_virtual_monitor+0x1ab/0x6b0 [mac80211]
             [<ffffffffa06052ea>] ieee80211_do_open+0xe6a/0x15a0 [mac80211]
             [<ffffffffa0605a79>] ieee80211_open+0x59/0x60 [mac80211]
             [snip]
      
      -> #0 (&local->chanctx_mtx){+.+.+.}:
             [<ffffffff810d6cb7>] check_prevs_add+0x977/0x980
             [<ffffffff810d95bb>] __lock_acquire+0xb3b/0x13b0
             [<ffffffff810d9ee0>] lock_acquire+0xb0/0x1f0
             [<ffffffff817eb9c8>] mutex_lock_nested+0x78/0x4f0
             [<ffffffffa062e2f2>] ieee80211_vif_release_channel+0x42/0xb0 [mac80211]
             [<ffffffffa0609ec3>] ieee80211_set_monitor_channel+0x113/0x1b0 [mac80211]
             [<ffffffffa058fb37>] cfg80211_set_monitor_channel+0x77/0x2b0 [cfg80211]
             [<ffffffffa056e0b2>] __nl80211_set_channel+0x122/0x140 [cfg80211]
             [<ffffffffa0581374>] nl80211_set_wiphy+0x284/0xaf0 [cfg80211]
             [snip]
      
      other info that might help us debug this:
      
      Chain exists of:
        &local->chanctx_mtx --> &mvm->mutex --> &local->iflist_mtx
      
       Possible unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(&local->iflist_mtx);
                                     lock(&mvm->mutex);
                                     lock(&local->iflist_mtx);
        lock(&local->chanctx_mtx);
      
       *** DEADLOCK ***
      
      This deadlock actually occurs:
      INFO: task iw:3323 blocked for more than 120 seconds.
            Not tainted 3.14.3 #4
      "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
      iw              D ffff8800c8afcd80  4192  3323   3322 0x00000000
       ffff880078fdb7e0 0000000000000046 ffff8800c8afcd80 ffff880078fdbfd8
       00000000001d5540 00000000001d5540 ffff8801141b0000 ffff8800c8afcd80
       ffff880078ff9e38 ffff880078ff9e38 ffff880078ff9e40 0000000000000246
      Call Trace:
       [<ffffffff817ea841>] schedule_preempt_disabled+0x31/0x80
       [<ffffffff817ebaed>] mutex_lock_nested+0x19d/0x4f0
       [<ffffffffa06225cf>] ? ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
       [<ffffffffa06225cf>] ? ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
       [<ffffffffa052a680>] ? iwl_mvm_power_mac_update_mode+0xc0/0xc0 [iwlmvm]
       [<ffffffffa06225cf>] ieee80211_iterate_active_interfaces+0x2f/0x60 [mac80211]
       [<ffffffffa0529357>] _iwl_mvm_power_update_binding+0x27/0x80 [iwlmvm]
       [<ffffffffa0516eb1>] iwl_mvm_unassign_vif_chanctx+0x81/0xc0 [iwlmvm]
       [<ffffffffa062d3ff>] __ieee80211_vif_release_channel+0xdf/0x470 [mac80211]
       [<ffffffffa062e2fa>] ieee80211_vif_release_channel+0x4a/0xb0 [mac80211]
       [<ffffffffa0609ec3>] ieee80211_set_monitor_channel+0x113/0x1b0 [mac80211]
       [<ffffffffa058fb37>] cfg80211_set_monitor_channel+0x77/0x2b0 [cfg80211]
       [<ffffffffa056e0b2>] __nl80211_set_channel+0x122/0x140 [cfg80211]
       [<ffffffffa0581374>] nl80211_set_wiphy+0x284/0xaf0 [cfg80211]
      
      This fixes https://bugzilla.kernel.org/show_bug.cgi?id=75541
      
      Cc: <stable@vger.kernel.org> [3.13+]
      Reviewed-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      1c4abec0
  5. 09 May, 2014 2 commits
    • Eliad Peller's avatar
      mac80211: fix vif name tracing · f9ac71bf
      Eliad Peller authored
      If sdata doesn't have a valid dev (e.g. in case of monitor
      vif), the vif_name field was initialized with (a length of)
      some short string, but later was set to a different,
      potentially larger one.
      
      This resulted in out-of-bounds write, which usually
      appeared as garbage in the trace log.
      
      Simply trace sdata->name, as it should always have the
      correct name for both cases.
      Signed-off-by: default avatarEliad Peller <eliadx.peller@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f9ac71bf
    • Johannes Berg's avatar
      mac80211: allow VHT with peers not capable of 40MHz · 4a817aa7
      Johannes Berg authored
      There are two (related) issues with this.
      
      One case, reported by Michal, is related to hostap: it unsets the
      20/40 capability bit for stations that associate when it's in 20
      MHz mode.
      
      The other case, reported by Eyal, is that some APs like Netgear
      R6300v2 and probably others based on the BCM4360 chipset can be
      configured for doing VHT at 20Mhz. In this case the beacon has
      a VHT IE but the HT cap indicates transmitter only support 20Mhz.
      
      In both of these cases, we currently avoid VHT and use only HT
      this means we can't use the highest rates (MCS8), so fixing this
      leads to throughput improvements.
      Reported-by: default avatarMichal Kazior <michal.kazior@tieto.com>
      Reported-by: default avatarEyal Shapira <eyal@wizery.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      4a817aa7
  6. 08 May, 2014 1 commit
  7. 07 May, 2014 1 commit
  8. 06 May, 2014 4 commits
  9. 05 May, 2014 4 commits
  10. 30 Apr, 2014 4 commits
  11. 25 Apr, 2014 7 commits
    • John W. Linville's avatar
    • Mohammed Habibulla's avatar
      Bluetooth: Add support for Lite-on [04ca:3007] · 1fb4e09a
      Mohammed Habibulla authored
      Add support for the AR9462 chip
      
      T:  Bus=01 Lev=01 Prnt=01 Port=03 Cnt=03 Dev#=  3 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=04ca ProdID=3007 Rev= 0.01
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarMohammed Habibulla <moch@chromium.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      1fb4e09a
    • Johan Hedberg's avatar
      Bluetooth: Fix redundant encryption request for reauthentication · 09da1f34
      Johan Hedberg authored
      When we're performing reauthentication (in order to elevate the
      security level from an unauthenticated key to an authenticated one) we
      do not need to issue any encryption command once authentication
      completes. Since the trigger for the encryption HCI command is the
      ENCRYPT_PEND flag this flag should not be set in this scenario.
      Instead, the REAUTH_PEND flag takes care of all necessary steps for
      reauthentication.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Cc: stable@vger.kernel.org
      09da1f34
    • Johan Hedberg's avatar
      Bluetooth: Fix triggering BR/EDR L2CAP Connect too early · 9eb1fbfa
      Johan Hedberg authored
      Commit 1c2e0041 introduced an event handler for the encryption key
      refresh complete event with the intent of fixing some LE/SMP cases.
      However, this event is shared with BR/EDR and there we actually want to
      act only on the auth_complete event (which comes after the key refresh).
      
      If we do not do this we may trigger an L2CAP Connect Request too early
      and cause the remote side to return a security block error.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Cc: stable@vger.kernel.org
      9eb1fbfa
    • Marcel Holtmann's avatar
      Revert "Bluetooth: Enable autosuspend for Intel Bluetooth device" · 3c49aa85
      Marcel Holtmann authored
      This reverts commit d2bee8fb.
      
      Enabling autosuspend for Intel Bluetooth devices has been shown to not
      work reliable. It does work for some people with certain combinations
      of USB host controllers, but for others it puts the device to sleep and
      it will not wake up for any event.
      
      These events can be important ones like HCI Inquiry Complete or HCI
      Connection Request. The events will arrive as soon as you poke the
      device with a new command, but that is not something we can do in
      these cases.
      
      Initially there were patches to the xHCI USB controller that fixed
      this for some people, but not for all. This could be well a problem
      somewhere in the USB subsystem or in the USB host controllers or
      just plain a hardware issue somewhere. At this moment we just do
      not know and the only safe action is to revert this patch.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Cc: Tedd Ho-Jeong An <tedd.an@intel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      3c49aa85
    • Hans de Goede's avatar
      brcmfmac: Fix brcmf_chip_ai_coredisable not applying reset bits to BCMA_IOCTL · ffa216bb
      Hans de Goede authored
      brcmfmac has been broken on my cubietruck with a BCM43362:
      
      brcmfmac: brcmf_chip_recognition: found AXI chip: BCM43362, rev=1
      brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0:
              Apr 22 2013 14:50:00 version 5.90.195.89.6 FWID 01-b30a427d
      
      since commit 53036261: "brcmfmac: update core reset and disable routines".
      
      The problem is that since this commit brcmf_chip_ai_resetcore no longer sets
      BCMA_IOCTL itself before bringing the core out of reset, instead relying on
      brcmf_chip_ai_coredisable to do so. But brcmf_chip_ai_coredisable is a nop
      of the chip is already in reset. This patch modifies brcmf_chip_ai_coredisable
      to always set BCMA_IOCTL even if the core is already in reset.
      
      This fixes brcmfmac hanging in firmware loading on my board.
      
      Cc: stable@vger.kernel.org # v3.14
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Acked-by: default avatarArend van Spriel <arend@broadcom.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      ffa216bb
    • Rajkumar Manoharan's avatar
      ath9k: fix race in setting ATH_OP_INVALID · 8c7ae357
      Rajkumar Manoharan authored
      The commit "ath9k: move sc_flags to ath_common" moved setting
      ATH_OP_INVALID flag below ieee80211_register_hw. This is causing
      the flag never being cleared randomly as the drv_start is called
      prior to setting flag. Fix this by setting the flag prior to
      register_hw.
      Signed-off-by: default avatarRajkumar Manoharan <rmanohar@qti.qualcomm.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      8c7ae357
  12. 22 Apr, 2014 7 commits