Andy Shevchenko [Wed, 28 Sep 2011 09:30:59 +0000 (12:30 +0300)]
wireless: at76c50x: use native hex_pack_byte() method
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: "John W. Linville" <linville@tuxdriver.com> Tested-by: Pavel Roskin <proski@gnu.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Mon, 26 Sep 2011 06:30:40 +0000 (09:30 +0300)]
wl3501_cs: min_t() cast truncates high bits
wrqu->encoding.length comes from the network administrator. It's
size u16. We want to limit "tocopy" to the smallest value of either
"len_keys", "wrqu->encoding.length" or 100. But because .length
gets cast from u16 to u8 we might use a random, smaller value than
the was desired. It's probably not very serious, but we may as well
fix it.
Btw, this is from code auditing and not from testing. I don't know
if this affects anyone in real life.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mac80211: Send the management frame at requested rate
Whenever the scan request or tx_mgmt is requesting not to
use CCK rate for managemet frames through
NL80211_ATTR_TX_NO_CCK_RATE attribute, then mac80211 should
select appropriate least non-CCK rate. This could help to
send P2P probes and P2P action frames at non 11b rates
without diabling 11b rates globally.
Cc: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
nl80211/cfg80211: Add support to disable CCK rate for management frame
Add a new nl80211 attribute to specify whether to send the management
frames in CCK rate or not. As of now the wpa_supplicant is disabling
CCK rate at P2P init itself. So this patch helps to send P2P probe
request/probe response/action frames being sent at non CCK rate in 2GHz
without disabling 11b rates.
This attribute is used with NL80211_CMD_TRIGGER_SCAN and
NL80211_CMD_FRAME commands to disable CCK rate for management frame
transmission.
Cc: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Fri, 23 Sep 2011 06:14:35 +0000 (09:14 +0300)]
NFC: use after free on error
We returned a freed variable on some error paths when the intent was
to return a NULL. Part of the reason this was missed was that the
code was confusing because it had too many gotos so I removed them
and simplified the flow a bit.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Lauro Ramos Venancio <lauro.venancio@openbossa.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 22:15:00 +0000 (15:15 -0700)]
iwlagn: fix scan complete processing
When we cancel a scan, the completion runs
only from the workqueue. This can cause the
remain-on-channel scan to fail when another
one was just canceled, because we're still
aborting it.
To fix this, run the completion inline with
the lock still held before returning from
iwl_scan_cancel_timeout().
Also, to avoid the scan complete work from
completing a new scan prematurely, add a
new STATUS_SCAN_COMPLETE bit.
Reported-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Tested-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 22:14:59 +0000 (15:14 -0700)]
iwlagn: move iwl_process_scan_complete up
To make the next patch easier to read, move
the function up, it'll be needed earlier in
this file in the next patch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 22:14:58 +0000 (15:14 -0700)]
iwlagn: refactor scan complete
We'll need to be able to run scan complete
inline, not from the workqueue, so refactor
it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 22:14:57 +0000 (15:14 -0700)]
iwlagn: make iwl_scan_cancel_timeout void
The return value of iwl_scan_cancel_timeout()
isn't used anywhere, so let's just remove it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 22:14:56 +0000 (15:14 -0700)]
iwlagn: remove Kelvin support
Only 5150 series devices report their temperature
in Kelvin, and for those we already convert it to
Celsius when storing into priv->temperature, so
there's no way priv->temperature will ever be in
Kelvin. Remove support for this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 22:14:55 +0000 (15:14 -0700)]
iwlagn: fix slot programming
When an AP mode interface is added with a DTIM
period of two, the slot programming is wrong.
Fix it by taking into account the DTIM period.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 22:14:54 +0000 (15:14 -0700)]
iwlagn: fix dangling scan request
If iwl_scan_initiate() fails for any reason,
priv->scan_request and priv->scan_vif are left
dangling. This can lead to a crash later when
iwl_bg_scan_completed() tries to run a pending
scan request.
In practice, this seems to be very rare due to
the STATUS_SCANNING check earlier. That check,
however, is wrong -- it should allow a scan to
be queued when a reset/roc scan is going on.
When a normal scan is already going on, a new
one can't be issued by mac80211, so that code
can be removed completely. I introduced this
bug when adding off-channel support in commit 266af4c745952e9bebf687dd68af58df553cb59d.
Cc: stable@kernel.org [3.0] Reported-by: Peng Yan <peng.yan@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwlagn: use kcalloc when possible for array allocation
As everybody knows kcalloc checks the multiplication is safe and
that we don't run into overflow.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
In the current code, the rate scaling isn't fed with
statistics from the BA notifications.
This is since my patch:
iwlagn: reclaim the packets in transport layer
Fix that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwlagn: set the sequence control from the transport layer
Since all the queue logic has been moved to the transport layer,
the sequence number is set in the transport layer.
While doing that I forgot that the mac header is copied to the
TB of the TX cmd in the upper layer before the call to the transport
layer. So basically we used the sequence number from mac80211...
This was fine for the first assocation but after the second, mac80211
resets its counters while we don't hence a shift that led to terrible
impact on performance.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwlagn: sparse warning priv->temperature is signed
Since priv->temperature is signed, we cannot use debugfs_create_u32
to refer to it.
Use a regular debugfs file instead.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Thu, 22 Sep 2011 14:04:32 +0000 (08:04 -0600)]
ath9k: fix a regression in ath9k_ps_restore
After 'ath9k: optimize ath9k_ps_restore', it would only send the device to
network sleep and not to full sleep anymore, potentially causing more
battery drain.
Reported-by: Vivek Natarajan <nataraja@qca.qualcomm.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ilan Elias [Thu, 22 Sep 2011 08:36:19 +0000 (11:36 +0300)]
NFC: protect nci_data_exchange transactions
Protect 'cb' and 'cb_context' arguments in nci_data_exchange.
In fact, this implements a queue with max length of 1 data
exchange transactions in parallel.
Signed-off-by: Ilan Elias <ilane@ti.com> Acked-by: Lauro Ramos Venancio <lauro.venancio@openbossa.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ilan Elias [Thu, 22 Sep 2011 08:13:01 +0000 (11:13 +0300)]
NFC: implicitly deactivate in nci_start_poll
When start_poll is called, and a target was implicitly activated,
we need to implicitly deactivate it.
On the other hand, when the target was activated by the user,
we should not deactivate it.
Signed-off-by: Ilan Elias <ilane@ti.com> Acked-by: Lauro Ramos Venancio <lauro.venancio@openbossa.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ilan Elias [Thu, 22 Sep 2011 07:47:52 +0000 (10:47 +0300)]
NFC: improve readability of an 'if' in nci core.c
Signed-off-by: Ilan Elias <ilane@ti.com> Acked-by: Lauro Ramos Venancio <lauro.venancio@openbossa.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: reset skb length before inserting to free queue
After handling command response, cmd skb is inserted into command
free queue(which keeps track of availabile skbs) for reuse purpose.
Skb length is not getting reset to zero here. This patch takes care
of it.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: pass correct band parameter to ieee80211_channel_to_frequency()
ieee80211_channel_to_frequency() routine expects band parameter in
the form of "enum ieee80211_band band". Currently driver specific
band (BAND_A, BAND_AN etc.) is passed to the routine.
This patch makes sure that correct parameter is passed.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
In recent commit "mwifiex: use cfg80211 dynamic scan..."
(7c6fa2a843..) scan table handling in driver is removed to
make use of cfg80211 dynamic scan table. Now driver sends
beacon buffers found in scanning directly to stack and parse
the buffer for requested BSS only during association.
Beacon buffer doesn't contain bss band information. Driver
gets it from firmware in separate tlv (chan_band_tlv).
Currently since we don't inform stack about bss bandinfo,
there is an issue with 5GHz association.
Use "priv" field of struct cfg80211_bss to store bandinfo.
This fixes 5GHz association issue.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sometimes association in 5GHz doesn't work. Dmesg log shows
"Can not find requested SSID xyz" error message. Currently
while preparing scan channel list for firmware Null entries
are created for disabled channels. The routine which retrieves
this list ignores channels after Null entry. Hence sometimes
driver doesn't scan the channel of requested AP and association
fails. The issue is fixed by avoiding those NULL entries.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Daniel Drake [Wed, 21 Sep 2011 17:43:59 +0000 (18:43 +0100)]
libertas: scan behaviour consistency improvements
When scanning for the broadcast SSID, there is no need to add the
SSID TLV (restoring the behaviour of the driver behaviour in the wext
days, confirmed in Marvell specifications).
If bssid is unspecified, the current scan code will usually fire off an
active scan probing for the specific requested SSID. However, if a scan
is ongoing (or has just finished), those scan results will be used
instead (even if that scan is totally different, e.g. a passive scan on
channel 4 for a different SSID). Fix this inconsistency by always
firing off a scan when associating without a bssid.
Signed-off-by: Daniel Drake <dsd@laptop.org> Acked-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
cfg80211: Validate cipher suite against supported ciphers
Instead of using a hardcoded list of cipher suites in nl80211.c, use a
shared function in util.c to verify that the driver advertises support
for the specified cipher. This provides more accurate validation of the
values and allows vendor-specific cipher suites to be added in drivers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
NL80211_ATTR_AKM_SUITES can be used to configure new AKMs, like FT or
the SHA-256 -based AKMs or FT from 802.11r/802.11w. In addition, vendor
specific AKMs could be used. The current validation code for the connect
command prevents cfg80211-based drivers from using these mechanisms even
if the driver would not actually use this AKM value (i.e., it uses
WPA/RSN IE from user space). mac80211-based drivers allow any AKM to be
used since this value is not used there.
Remove the unnecessary validation step in cfg80211 to allow drivers to
decide what AKMs are supported. In theory, we could handle this by
advertising supported AKMs, but that would not be very effective unless
we enforce all drivers (including mac80211) to advertise the set of
supported AKMs. This would require additional changes in many places
whenever a new AKM is introduced even though no actually functionality
changes may be required in most drivers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
this represents the bitmap of block ACK received after the
successful transmission of an aggregate frame. also made few
changes to beautify the display
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
proper dma_unmapping and freeing of skb's has to be done in the rx
cleanup for EDMA chipsets when the device is unloaded and this also
seems to address the following warning which shows up occasionally when
the device is unloaded
Larry Finger [Fri, 23 Sep 2011 03:59:02 +0000 (22:59 -0500)]
rtlwifi: rtl8192cu: Fix unitialized struct
Driver rtl8192cu assigns a new struct rtl_tcb_desc object, but fails to
clear it.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@kernel.org> [2.6.39+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Thu, 22 Sep 2011 21:59:04 +0000 (14:59 -0700)]
iwlagn: fix dangling scan request
If iwl_scan_initiate() fails for any reason,
priv->scan_request and priv->scan_vif are left
dangling. This can lead to a crash later when
iwl_bg_scan_completed() tries to run a pending
scan request.
In practice, this seems to be very rare due to
the STATUS_SCANNING check earlier. That check,
however, is wrong -- it should allow a scan to
be queued when a reset/roc scan is going on.
When a normal scan is already going on, a new
one can't be issued by mac80211, so that code
can be removed completely. I introduced this
bug when adding off-channel support in commit 266af4c745952e9bebf687dd68af58df553cb59d.
Cc: stable@kernel.org [3.0] Reported-by: Peng Yan <peng.yan@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wl12xx: report the stop_ba event to all STAs in AP-mode
Use the AP_MAX_LINKS as the upper boundary for traversing the links array,
thereby guaranteeing BA sessions with all connected STAs are stopped when
the stop_ba event is received.
On roaming, the auth and assoc req are sent with the sta
hlid. This is wrong, as the sta hlid is configured according
to the old ap. Use the dev_hlid instead.
Move the wl1271_tx_update_filters() call into wl1271_tx_get_hlid(),
so wl->dev_hlid will be valid.
wl12xx: send all pending packets on channel change
There is a race condition between wl1271_tx_work() and the
channel switch, so make sure all the pending packets are
being sent before switching channel.
wl12xx uses a single probe response template, regardless of
the probe request.
However, the P2P spec forbids including the p2p ie in some
cases (e.g. the probe request didn't include the p2p ie).
The fw responds only to probe requests that don't
include the p2p ie, and passes up probe requests that
include them (the supplicant will answer them).
Thus, strip the p2p ie from the probe response template.
Shahar Levi [Mon, 12 Sep 2011 07:00:37 +0000 (10:00 +0300)]
wl12xx: fix sdio_test module functionality
Due to some changes in PM in recent kernels, the sdio_test module has
been broken for a while. This patch fixes the code that powers the
card on and off.
Also made some small indentation fixes in the Makefile.
[Rephrased commit log and removed the change in the FW name, since
it's done in another patch. -- Luca]
Signed-off-by: Shahar Levi <shahar_levi@ti.com> Signed-off-by: Luciano Coelho <coelho@ti.com>
We were using incorrect max and min dwell times during forced passive
scans because we were still using the active scan states to scan
(passively) the channels that were not marked as passive.
Instead of doing passive scans in active states, we now skip active
states and scan for all channels in passive states.
Dan Carpenter [Wed, 21 Sep 2011 07:13:56 +0000 (10:13 +0300)]
mwifiex: remove unneeded NULL check
We dereference "rate" on the lines before so the checks here are too
late to help. This function is only called from
mwifiex_dump_station_info() and "rate" is always a non-NULL pointer
so the check can be removed.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Wed, 21 Sep 2011 07:13:29 +0000 (10:13 +0300)]
mwifiex: add a kfree() to an error path
We're not likely to hit this small memory leak, but lets fix it
anyway to keep the static checkers happy.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Amit Beka [Tue, 20 Sep 2011 22:37:27 +0000 (15:37 -0700)]
iwlagn: remove duplicate list init
iwl_trans_rx_alloc is only called from iwl_rx_init, so no need
to init the lists twice.
Signed-off-by: Amit Beka <amit.beka@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
iwlagn: pending frames musn't be incremented if agg is on
During my works on the transport layer I removed code that updated
a local variable (is_agg) that is needed to keep the pending_frames
count up to date. Fix this.
Also, there should be no way to have a packet with TX_CTL_AMPDU set
while the internal aggregation state machine is not in AGG_ON state.
Add a WARN_ON to ensure that.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This simplifies both the transport layer and the upper layer.
Kill the union in the device command, which avoids the funny syntax
we had: cmd->cmd.payload.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Before this patch, the upper layer could register a callback for each
host command. This mechanism allowed the upper layer to have
different callbacks for the same command ID. In fact, it wasn't used
and the rx_handlers is enough: same callback for all the command with
a specific command ID.
The iwl_send_add_station needs the access the command that was sent
while handling the response (regardless if the command was sent in
SYNC or ASYNC mode). So now, all the handlers receive the host
command that was sent. This implies a change in the handler signature.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 20 Sep 2011 22:37:22 +0000 (15:37 -0700)]
iwlagn: split remain-on-channel
If we're associated and want to do P2P at the same
time, the scan for remain-on-channel is currently
limited to 80ms because of the way the device will
behave in that case. Instead of doing that, split
up the dwell times into little pieces. It will not
actually be a single big dwell time then, but will
be close enough. This improves robustness of P2P
in such scenarios.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 20 Sep 2011 22:37:21 +0000 (15:37 -0700)]
iwlagn: remove common station priv
Since the driver split there's no more need for
shared/non-shared private station data so remove
struct iwl_station_priv_common entirely.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 20 Sep 2011 22:37:20 +0000 (15:37 -0700)]
iwlagn: move scan code to scan file
Since the driver split there's no longer a need
to have the scan code scattered across multiple
files, so move it all back to iwl-scan.c
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 20 Sep 2011 15:40:51 +0000 (17:40 +0200)]
mac80211: fix AP/VLAN PS buffer race
When an AP interface is removed without the
AP/VLAN interfaces having been removed before
already, the AP-VLAN interface might still
have sleeping stations and buffer multicast
frames which will happen on the AP interface.
Thus, we need to remove AP/VLAN interfaces
before purging buffered broadcast frames.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Incorrect variable was used in validating the akm_suites array from
NL80211_ATTR_AKM_SUITES. In addition, there was no explicit
validation of the array length (we only have room for
NL80211_MAX_NR_AKM_SUITES).
This can result in a buffer write overflow for stack variables with
arbitrary data from user space. The nl80211 commands using the affected
functionality require GENL_ADMIN_PERM, so this is only exposed to admin
users.
Cc: stable@kernel.org Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Since the dawn of its time, iwlwifi has used
interruptible waits to wait for synchronous
commands and firmware loading.
This leads to "interesting" bugs, because it
can't actually handle the interruptions; for
example when a command sending is interrupted
it will assume the command completed fully,
and then leave it pending, which leads to all
kinds of trouble when the command finishes
later.
Since there's no easy way to gracefully deal
with interruptions, fix the driver to not use
interruptible waits.
This at least fixes the error
iwlagn 0000:02:00.0: Error: Response NULL in 'REPLY_SCAN_ABORT_CMD'
I have seen in P2P testing, but it is likely
that there are other errors caused by this.
Cc: stable@kernel.org # 2.6.39+ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
If the command queue is constantly busy,
which can happen in P2P, the hangcheck
timer will frequently find a command in
it and will eventually reset the device
because nothing sets the timestamp for
this queue when commands are processed.
Fix this by setting the timestamp when
a command completes.
iwlegacy does not support P2P, but this patch fix possible
unneeded hardware resets, hence is needed.
Cc: stable@kernel.org # 2.6.39+ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
During the endurance testing, rx frames are not getting DMAd from
MAC whereas pcu rx frame counters are getting updated properly.
As per systems team input updated the initval to fix rx dma stuck
issue.
Cc: stable@kernel.org Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Andre Guedes [Fri, 9 Sep 2011 21:56:26 +0000 (18:56 -0300)]
Bluetooth: Check 'dev_class' in mgmt_device_found()
The mgmt_device_found event will be used to report LE devices found
during discovery procedure. Since LE advertising reports events
doesn't have class of device information, we need to check if
'dev_class' is not NULL before copying it.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Anderson Briglia [Mon, 19 Sep 2011 18:41:09 +0000 (14:41 -0400)]
Bluetooth: Fix wrong memcpy size on LE start encryption
This patch fixes wrong memcpy size when copying rand value to
HCI_OP_LE_START_ENC command.
The compiler pretends that the array parameter was declared as a pointer
and sizeof reports the size of the pointer. [1]
[1] http://www.c-faq.com/aryptr/aryparmsize.html
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org> Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Remove support for other SMP keys than the LTK
For now, only the LTK is properly supported. We are able to receive
and generate the other types of keys, but we are not able to use
them. So it's better not request them to be distributed.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Use the LTK after receiving a LE Security Request
When receiving a security request from the remote device we should find
if there is already a LTK associated with the remote device, if found
we should use it to encrypt the link.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Antti Julku [Thu, 25 Aug 2011 13:48:02 +0000 (16:48 +0300)]
Bluetooth: Add mgmt events for blacklisting
Add management interface events for blocking/unblocking a device.
Sender of the block device command gets cmd complete and other
mgmt sockets get the event. Event is also sent to mgmt sockets when
blocking is done with ioctl, e.g when blocking a device with
hciconfig. This makes it possible for bluetoothd to track status
of blocked devices when a third party block or unblocks a device.
Event sending is handled in mgmt_device_blocked function which gets
called from hci_blacklist_add in hci_core.c. A pending command is
added in mgmt_block_device, so that it can found when sending the
event - the event is not sent to the socket from which the pending
command came. Locks were moved out from hci_core.c to hci_sock.c
and mgmt.c, because locking is needed also for mgmt_pending_add in
mgmt.c.
Signed-off-by: Antti Julku <antti.julku@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Require authentication if MITM protection is requested
The HIGH security level requires a 16 digit pin code for non-SSP
bondings. Sometimes this requirement is not acceptable and we still
want protection againts MITM attacks (which is something that the
MEDIUM security level doesn't provide), for that we should allow
another way to request authentication without using the HIGH security
level.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Move SMP fields to a separate structure
The objective is to make the core to have as little as possible
information about SMP procedures and logic. Now, all the SMP
specific information is hidden from the core.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
David Herrmann [Fri, 26 Aug 2011 11:27:12 +0000 (13:27 +0200)]
Bluetooth: hidp: Add support for NO_INIT_REPORTS quirk
During setup the host initializes all HID reports. Some devices do not
support this. If this quirk is set, we skip the initialization.
See also usbhid_init_reports() for this quirk.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Add link_type information to the mgmt Connected event
One piece of information that was lost when using the mgmt interface,
was the type of the connection. Using HCI events we used to know
the type of the connection based on the type of the event, e.g.
HCI_LE_Connection_Complete for LE links.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Add support for running SMP without a socket
When doing the pairing procedure we won't have an associated
socket, but we still have to do the SMP negotiation. This
adds support for encrypting the link and exchanging keys.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: Add a flag to indicate that SMP is going on
Add HCI_CONN_LE_SMP_PEND flag to indicate that SMP is pending
for that connection. This allows to have information that an SMP
procedure is going on for that connection.
We use the HCI_CONN_ENCRYPT_PEND to indicate that encryption
(HCI_LE_Start_Encryption) is pending for that connection.
While a SMP procedure is going on we hold an reference to the
connection, to avoid disconnections.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Bluetooth: make use of connection number to optimize the scheduler
This checks if there is any existing connection according to its type
before start iterating in the list and immediately stop iterating when
reaching the number of connections.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Larry Finger [Mon, 19 Sep 2011 19:34:10 +0000 (14:34 -0500)]
rtlwifi: Combine instances of RTL_HAL_IS_CCK_RATE macros.
Three drivers, rtl8192ce, rtl8192cu and rtl8192de, use the same macro
to check if a particular rate is in the CCK set. This common code is
relocated to a common header file. A distinct macro used by rtl8192se
with the same name is renamed.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
projects / linux-beck.git / log