In timer context we might delete l2cap channel used by krfcommd.
The check makes sure that sk is not owned. If sk is owned we
restart timer for HZ/5.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Check that socket sk is not locked in user process before removing
l2cap connection handler.
lock_sock and release_sock do not hold a normal spinlock directly but
instead hold the owner field. This means bh_lock_sock can still execute
even if the socket is "locked". More info can be found here:
http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks
krfcommd kernel thread may be preempted with l2cap tasklet which remove
l2cap_conn structure. If krfcommd is in process of sending of RFCOMM reply
(like "RFCOMM UA" reply to "RFCOMM DISC") then kernel crash happens.
...
[ 694.175933] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 694.184936] pgd = c0004000
[ 694.187683] [00000000] *pgd=00000000
[ 694.191711] Internal error: Oops: 5 [#1] PREEMPT
[ 694.196350] last sysfs file: /sys/devices/platform/hci_h4p/firmware/hci_h4p/loading
[ 694.260375] CPU: 0 Not tainted (2.6.32.10 #1)
[ 694.265106] PC is at l2cap_sock_sendmsg+0x43c/0x73c [l2cap]
[ 694.270721] LR is at 0xd7017303
...
[ 694.525085] Backtrace:
[ 694.527587] [<bf266be0>] (l2cap_sock_sendmsg+0x0/0x73c [l2cap]) from [<c02f2cc8>] (sock_sendmsg+0xb8/0xd8)
[ 694.537292] [<c02f2c10>] (sock_sendmsg+0x0/0xd8) from [<c02f3044>] (kernel_sendmsg+0x48/0x80)
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Structure hidp_conninfo is copied to userland with version, product,
vendor and name fields unitialized if both session->input and session->hid
are NULL. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Structure cmtp_conninfo is copied to userland with some padding fields
unitialized. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Structure bnep_conninfo is copied to userland with the field "device"
that has the last elements unitialized. It leads to leaking of
contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
In Bluetooth there are no automatic updates of remote device names when
they get changed on the remote side. Instead, it is a good idea to do a
manual name request when a new connection gets created (for whatever
reason) since at this point it is very cheap (no costly baseband
connection creation needed just for the sake of the name request).
So far userspace has been responsible for this extra name request but
tighter control is needed in order not to flood Bluetooth controllers
with two many commands during connection creation. It has been shown
that some controllers simply fail to function correctly if they get too
many (almost) simultaneous commands during connection creation. The
simplest way to acheive better control of these commands is to move
their sending completely to the kernel side.
This patch inserts name requests into the sequence of events that the
kernel performs during connection creation. It does this after the
remote features have been successfully requested and before any pending
authentication requests are performed. The code will work sub-optimally
with userspace versions that still do the name requesting themselves (it
shouldn't break anything though) so it is recommended to combine this
with a userspace software version that doesn't have automated name
requests.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This patch adds a single function that's responsible for requesting
authentication for outgoing connections. This is preparation for the
next patch which will add automated name requests and thereby move the
authentication requests to a different location.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
The current remote and remote extended features event callbacks logic
can be made simpler by using a label and goto statements instead of the
current multiple levels of nested if statements.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Atheros 3011 has small sflash firmware and needs to be
blacklisted in transport driver to load actual firmware
in DFU driver.
Signed-off-by: Bala Shanmugam <sbalashanmugam@atheros.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
If a device is autosuspended an inability to resubmit URBs is
to be expected. Check the error code and only log real errors.
(Now that autosuspend is default enabled for btusb, those log
messages were happening all the time e.g. with a BT mouse)
Signed-off-by: Stefan Seyfried <seife+kernel@b1-systems.com>
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Commit dbbf1755b0 "iwlwifi: use
antenna information in EEPROM" caused 4965 device breakage with
"Microcode SW error detected. Restarting 0x82000000." message.
This patch reverts 4965 part of that commit.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Remove a superfluous ieee80211_is_data check as that was checked a few
lines before already and we wont't get here for non-data frames at all.
Second, the frame was already converted to 802.3 header format and
reading the fc and addr1 fields was only possible because the 802.3
header is short enough and didn't overwrite the relevant parts of the
802.11 header. Make the code more obvious by checking the ethernet
header's h_dest field.
Furthermore reorder the conditions to reduce the number of checks
when dynamic powersave is not needed (AP mode for example).
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
All rt2x00 drivers except rt2800pci call ieee80211_tx_status() from
a workqueue, which causes "NOHZ: local_softirq_pending 08" messages.
To fix it, add ieee80211_tx_status_ni() similar to ieee80211_rx_ni()
which can be called from process context, and call it from
rt2x00lib_txdone(). For the rt2800pci special case a driver
flag is introduced.
Signed-off-by: Johannes Stezenbach <js@sig21.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* A diff between rfbuffer settings of turbo and non-turbo
modes indicates there is a bit on bank 2 related to turbo operation
(it's set on turbo modes). This bit is present on all radios except
RF5413 that seems to have a completely different bank 2. Also
since 2317 has the same rf-registers locations with 2425 and
since the bit exists on 2317 I assume it also exists on 2425/2417).
So in case we use turbo mode (40MHz) enable it on bank modification.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Clean up what's left of turbo mode, since we handle all
register modifications (rfbuffer comes next) on code there
is no need to have duplicated arrays.
* Rename change_channel to skip_pcu on initvals.c as we did
on reset.c
Signed-off-by: Nick Kossifidis <micklfemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Clean up CHANNEL_T(URBO), use AR5K_BWMODE_40MHZ instead
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Use correct clock value when setting OFDM timings on
non-default bwmodes.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Don't return -EINVAL when trying to set tx power
on RF5110 because AR5210 reset will fail. We need to
add support for RF5110 and AR5210 eeprom in the future
but for now just skip it.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Tweak phy activation -> rx delay for different bwmodes
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Since we set antenna flags on phy init and ack bitrate
mode on pcu init, there is no need to save/restore sta_id
flags on ath5k_hw_reset. Also we don't need to re-set our
mac address because it's not affected by resets.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Add synth-only channel change for AR2413/5413. When we call
ath5k_reset with a channel ath5k_hw_reset will first try to
set channel on PHY while PHY is running instead of doing a normal
full reset. To do this phy_init has to change to implement this
functionality.
* Clean up change_channel flag, what it really did was skip PCU
registers when setting initvals. This is done because on reset
PCU registers are not affected (except the registers we set
in pcu init and -due to hw problems- TSF). Use a new skip_pcu
flag that's not misleading instead. In the future we might use
that to also skip PCU reset and save us the TSF etc problems
(needs testing because standard practice is to reset everything).
* Use fast channel change only when setting channel, and set skip_pcu
to false only on init. When we reset the card due to DMA or PHY
problems skip pcu but never do a fast channel change.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Only set power table if we are changing channel/mode
there is no need to recalculate and reset the power table
all the time.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Set correct PLL settings for each bwmode
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Add spur mitigation filter support for half/quarter and turbo.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Tweak power detector delays on AR5111/AR5112 when
using half/quarter modes.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Make sure we always set IFS timings even if no
coverage class is set. If we don't we'll miss the
needed changes for different bwmodes.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Set AR5K_DCU_GBL_IFS_MISC_TURBO_MODE flag on DCU when operating
on 40MHz
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Replace set_slot_time with set_ifs_intervals that also sets
the various inter-frame space intervals based on current bwmode.
* Clean up AR5210 mess from reset_tx_queue, AR5210 only has one
data queue and we set IFS intervals for that queue on set_ifs_intervals
so there is nothing left to do for 5210 on reset_tx_queue.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Extend ieee80211_generic_frame_duration to support the various
bwmodes.
* Better document what's going on with ack bitrates and update
write_rate_duration to support the standard ack bitrates (when
we don't set the high bit).
* Get rid of set_ack_bitrate_high and introduce a flag on ath5k_hw
for this (we only called the function on init anyway so there is no
difference).
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Extend get_default_sifs/slot_time to include timings for turbo
half and quarter rate modes.
* AR5210 code for now uses timings already on core clock units
instead of usecs so rename them (we 'll clean it up later).
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Move setting of tx retry limits on a separate function
(we 'll clean up this AR5210 mess later)
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* On turbo mode increase PHY settling times, note that
we only increase switch settling time on AR5212 as indicated
by initvals.
* A few cleanups: Move frame control settings for AR5210 from
reset_tx_queue to tweak_initvals and remove phy_scal settings
from tweak_initvals (we tweak them alread on set_sleep_clock).
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Now that we properly set rx/tx latencies for AR5311 remove
that old buggy part of code left inside ath5k_hw_tweak_initval_settings
that was never executed (you can't have an RF5112 radio on a mac older
than AR5212). Also use a magic value for 5311 PHY_SCAL value.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Handle all usec parameters in one function. It's much cleaner
this way.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Prepare for half/quarter/turbo support, introduce a new
ah_bwmode parameter and get rid of ah_turbo. Bwmode stands
for "bandwidth mode" and can have 4 values, default (20MHz),
turbo (40MHz), half rate (10MHz), and quarter rate (5MHz).
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Since we only use ath5k_hw_stop_tx_dma to stop the beacon
queue, introduce a new function ath5k_hw_stop_beacon_queue so
that we can use that instead and have better control. In the future
we can add more beacon queue specific stuff there (maybe tweak
beacon timers or something), for now just call ath5k_hw_stop_tx_dma.
* Also since we don't call ath5k_hw_stop_rx/tx_dma from outside
dma.c, make them static.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Make sure we are not trying to set RXDP while RX is active,
for now ignore the return value.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* DCU early termination should be used to quickly flush QCU
according to docs so don't enable it for all queues, enable
it only when stopping each queue and disable it when we are
done.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Increase timeouts on ath5k_hw_stop_tx_dma and also wait for
tx queue to stop before checking for pending frames
* Add a new debug level to debug dma start/stop
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Since we stop rx/tx dma and pcu durring reset there is no need to
call ath5k_hw_stop_rx/tx_dma before, also there is no need to call
them durring stop_locked since we can use ath5k_hw_dma_stop for
both.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Stop PCU receive logic (DRU) durring reset
We need to be sure pcu is not active when trying to stop rx dma
right now this is done on ath5k_reset (base.c) but later we are
going to clean it up.
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Add a new function to stop rx/tx dma and use in when reset starts
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* No functional changes
* Clean up reset:
Introduce init functions for each unit and call them instead
of having everything inside ath5k_hw_reset (it's just c/p for
now so nothing changes except calling order -I tested it with
various cards and it's ok-)
* Further cleanups:
ofdm_timings belongs to phy.c
rate_duration belongs to pcu.c
clock functions are general and belong to reset.c (more to follow)
* Reorder functions for better organization:
We start with helpers and other functions follow in categories,
init functions are last
Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This feature is to mitigate the problem of certain 3
stream chips that exceed the PCIe power requirements.An EEPROM flag
controls which chips have APM enabled which is basically read from
miscellaneous configuration element of the EEPROM header.
This workaround will reduce power consumption by using 2 Tx chains for
Single and Double stream rates (5 GHz only).All self generated frames
(regardless of rate) are sent on 2 chains when this feature is
enabled(Chip Limitation).
Cc: Paul Shaw <paul.shaw@atheros.com>
Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Tested-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying
this status for MIC failed frames is buggy.
Due to this, MIC failure events for broadcast frames are not sent to
supplicant resulted in AP disconnecting the STA.
Able to pass Wifi Test case 5.2.18 with this fix.
Cc: Stable <stable@kernel.org> (2.6.36+)
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Th commit titled "mac80211: clean up rx handling wrt. found_sta"
removed found_sta variable which caused a MIC failure event
to be reported twice for a single failure to supplicant resulted
in STA disconnect.
This should fix WPA specific countermeasures WiFi test case (5.2.17)
issues with mac80211 based drivers which report MIC failure events in
rx status.
Cc: Stable <stable@kernel.org> (2.6.37)
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fixes an curious issue due to insufficient
rx frame filtering.
Saqeb Akhter reported frequent disconnects while streaming
videos over samba: <http://marc.info/?m=128600031109136>
> [ 1166.512087] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
> [ 1526.059997] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
> [ 2125.324356] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)
> [...]
The reason is that the device generates frames with slightly
bogus SA/TA addresses.
e.g.:
[ 2314.402316] Ignore 9f:1f:31:f8:64:ff
[ 2314.402321] Ignore 9f:1f:31:f8:64:ff
[ 2352.453804] Ignore 0d:1f:31:f8:64:ff
[ 2352.453808] Ignore 0d:1f:31:f8:64:ff
^^ the group-address flag is set!
(the correct SA/TA would be: 00:1f:31:f8:64:ff)
Since the AP does not know from where the frames come, it
generates a DEAUTH response for the (invalid) mcast address.
This mcast deauth frame then passes through all filters and
tricks the stack into thinking that the AP brutally kicked
us!
This patch fixes the problem by simply ignoring
non-broadcast, group-addressed deauth/disassoc frames.
Cc: Jouni Malinen <j@w1.fi>
Cc: Johannes Berg <johannes@sipsolutions.net>
Reported-by: Saqeb Akhter <saqeb.akhter@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The RX aggregation locking documentation was
wrong, which led Christian to also code the
timer timeout handling for it somewhat wrongly.
Fix the documentation, the two places that
need to hold the reorder lock across accesses
to the structure, and the debugfs code that
should just use RCU.
Also, remove acquiring the sta->lock across
reorder timeouts since it isn't necessary, and
change a few places to GFP_KERNEL because the
code path here doesn't need atomic allocations
as I noticed when reviewing all this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>